我尝试使用portainer设置traefik,以便我可以在*.vps.ahri.net上创建应用,并通过来自letsencrypt的https提供。
我使用cloudflare作为我的DNS并拥有A vps.ahri.net条记录,CNAME *.vps指向A记录。
我正在使用Docker version 17.12.1-ce, build 7390fc6和docker-compose version 1.19.0, build 9e633ef。
我的配置文件如下:
traefik /搬运工-compose.yml:
version: '2'
services:
traefik:
image: traefik:1.3.5
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
traefik / traefik.toml:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "vps.ahri.net"
watch = true
exposedbydefault = false
[acme]
email = "adam@ahri.net"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
最后,portainer / docker-compose.yml:
version: "2.1"
services:
app:
image: portainer/portainer
restart: always
networks:
- web
- default
expose:
- "9000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/data
labels:
- "traefik.backend=my-awesome-app-app"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:docker.vps.ahri.net"
- "traefik.enable=true"
- "traefik.port=9000"
- "traefik.default.protocol=https"
networks:
web:
external: true
正如您在上面所看到的,我已经开启调试,因为ACME的东西似乎无法正常工作:
traefik | time="2018-02-28T07:36:27Z" level=info msg="Traefik version v1.3.5 built on 2017-08-01_04:18:59PM"
traefik | time="2018-02-28T07:36:27Z" level=info msg="Using TOML configuration file //traefik.toml"
traefik | time="2018-02-28T07:36:27Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":true,"CheckNewVersion":true,"AccessLogsFile":"","TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":{"EntryPoint":"https","Regex":"","Replacement":""},"Auth":null,"Compress":false},"https":{"Network":"","Address":":443","TLS":{"MinVersion":"","CipherSuites":null,"Certificates":null,"ClientCAFiles":null},"Redirect":null,"Auth":null,"Compress":false}},"Cluster":null,"Constraints":[],"ACME":{"Email":"adam@ahri.net","Domains":null,"Storage":"acme.json","StorageFile":"","OnDemand":false,"OnHostRule":true,"CAServer":"","EntryPoint":"https","DNSProvider":"","DelayDontCheckDNS":0,"ACMELogging":false,"TLSConfig":null},"DefaultEntryPoints":["https","http"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":180000000000,"InsecureSkipVerify":false,"Retry":{"Attempts":0},"HealthCheck":{"Interval":30000000000},"Docker":{"Watch":true,"Filename":"","Constraints":null,"Endpoint":"unix:///var/run/docker.sock","Domain":"vps.ahri.net","TLS":null,"ExposedByDefault":false,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":null,"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
traefik | time="2018-02-28T07:36:27Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:0xc4203195c0 Auth:<nil> Compress:false}"
traefik | time="2018-02-28T07:36:27Z" level=info msg="Preparing server https &{Network: Address::443 TLS:0xc4204fd140 Redirect:<nil> Auth:<nil> Compress:false}"
traefik | time="2018-02-28T07:36:27Z" level=info msg="Starting server on :80"
traefik | time="2018-02-28T07:36:27Z" level=info msg="Loading ACME Account..."
traefik | time="2018-02-28T07:36:27Z" level=info msg="Loaded ACME config from store acme.json"
traefik | time="2018-02-28T07:36:27Z" level=debug msg="Building ACME client..."
traefik | time="2018-02-28T07:36:28Z" level=debug msg=AgreeToTOS...
traefik | time="2018-02-28T07:36:28Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Endpoint":"unix:///var/run/docker.sock","Domain":"vps.ahri.net","TLS":null,"ExposedByDefault":false,"UseBindPortIP":false,"SwarmMode":false}"
traefik | time="2018-02-28T07:36:28Z" level=info msg="Retrieving ACME certificates..."
traefik | time="2018-02-28T07:36:28Z" level=info msg="Retrieved ACME certificates"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Testing certificate renew..."
traefik | time="2018-02-28T07:36:28Z" level=info msg="Starting server on :443"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Provider connection established with docker 17.12.1-ce (API 1.35)"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Filtering disabled container /traefik"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Validation of load balancer method for backend backend-my-awesome-app-app-default failed: invalid load-balancing method ''. Using default method wrr."
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-my-awesome-app-app-default":{"servers":{"service":{"url":"https://172.18.0.3:9000","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-my-awesome-app-app-default":{"entryPoints":["https","http"],"backend":"backend-my-awesome-app-app-default","routes":{"service-default":{"rule":"Host:docker.vps.ahri.net"}},"passHostHeader":true,"priority":0,"basicAuth":[]}}}"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Last docker config received more than 2s, OK"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating frontend frontend-my-awesome-app-app-default"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Wiring frontend frontend-my-awesome-app-app-default to entryPoint https"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating route service-default Host:docker.vps.ahri.net"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating backend backend-my-awesome-app-app-default"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating load-balancer wrr"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating server service at https://172.18.0.3:9000 with weight 0"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating retries max attempts 1"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Wiring frontend frontend-my-awesome-app-app-default to entryPoint http"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating route service-default Host:docker.vps.ahri.net"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating entryPoint redirect http -> https : ^(?:https?:\/\/)?([\w\._-]+)(?::\d+)?(.*)$ -> https://$1:443$2"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating backend backend-my-awesome-app-app-default"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating load-balancer wrr"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating server service at https://172.18.0.3:9000 with weight 0"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Creating retries max attempts 1"
traefik | time="2018-02-28T07:36:28Z" level=info msg="Server configuration reloaded on :443"
traefik | time="2018-02-28T07:36:28Z" level=info msg="Server configuration reloaded on :80"
traefik | time="2018-02-28T07:36:28Z" level=debug msg="LoadCertificateForDomains [docker.vps.ahri.net]..."
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Look for provided certificate to validate [docker.vps.ahri.net]..."
traefik | time="2018-02-28T07:36:28Z" level=debug msg="No provided certificate found for domains [docker.vps.ahri.net], get ACME certificate."
traefik | time="2018-02-28T07:36:28Z" level=debug msg="Loading ACME certificates [docker.vps.ahri.net]..."
traefik | time="2018-02-28T07:36:29Z" level=error msg="map[docker.vps.ahri.net:[docker.vps.ahri.net] acme: Could not determine solvers]"
traefik | time="2018-02-28T07:36:29Z" level=error msg="Error getting ACME certificates [docker.vps.ahri.net] : Cannot obtain certificates map[docker.vps.ahri.net:[docker.vps.ahri.net] acme: Could not determine solvers]+v"
traefik | time="2018-02-28T07:36:29Z" level=warning msg="A new release has been found: 1.5.3. Please consider updating."
traefik | time="2018-02-28T07:38:12Z" level=debug msg="Look for provided certificate to validate [docker.vps.ahri.net]..."
traefik | time="2018-02-28T07:38:12Z" level=debug msg="No provided certificate found for domains [docker.vps.ahri.net], get ACME certificate."
traefik | time="2018-02-28T07:38:12Z" level=debug msg="Challenge GetCertificate docker.vps.ahri.net"
traefik | time="2018-02-28T07:38:12Z" level=debug msg="ACME got nothing docker.vps.ahri.net"
traefik | time="2018-02-28T07:38:15Z" level=debug msg="Look for provided certificate to validate [docker.vps.ahri.net]..."
traefik | time="2018-02-28T07:38:15Z" level=debug msg="No provided certificate found for domains [docker.vps.ahri.net], get ACME certificate."
traefik | time="2018-02-28T07:38:15Z" level=debug msg="Challenge GetCertificate docker.vps.ahri.net"
traefik | time="2018-02-28T07:38:15Z" level=debug msg="ACME got nothing docker.vps.ahri.net"
traefik | time="2018-02-28T07:38:15Z" level=warning msg="Error forwarding to https://172.18.0.3:9000, err: tls: oversized record received with length 20527"
traefik | time="2018-02-28T07:38:15Z" level=warning msg="Error forwarding to https://172.18.0.3:9000, err: tls: oversized record received with length 20527"
由于我不熟悉traefik或letsencrypt及其ACME协议,因此我不确定如何进行调试。谁能发现我的错误?
或许值得注意的是,由于未能通过ACME获得证书,所使用的证书是Traefik默认证书。我最后两行是尝试使用Chrome访问https://docker.vps.ahri.net。