如何在traefik中解决dsen查找letsencrypts的问题?

时间:2018-06-11 00:58:37

标签: traefik

我在码头群中工作了几天。我为后端服务创建了一个网络代理和一个内部代理。 为了执行traefik,执行:

  docker service create \
        --name traefik \
        --constraint=node.role==manager \
        --publish 80:80 --publish 8080:8080 --publish 443:443\
        --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
        --mount type=bind,source=/data/traefik/,target=/etc/traefik/ \
        --network proxy \
        traefik \
        --docker \
        --docker.swarmMode \
        --docker.domain=traefik \
        --docker.watch \
        --api

并执行网络应用程序我执行:

docker service create     --name whoami2     --label traefik.port=80  --label  traefik.basic.frontend.rule=Host:example.com   --label traefik.docker.network=proxy  --label traefik.admin.frontend.rule=Host:example.com  \
--network proxy    --label traefik.admin.protocol=https --label traefik.admin.port=443  --label traefik.acme.domains=example.com --label "traefik.acme.sans=admin.example.com"  emilevauge/whoami 

配置文件是

logLevel = "DEBUG"  
defaultEntryPoints = ["http", "https"]

[web]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
[file]
watch = true 

[acme]
  email = "sysadmin@example.com"
  storage = "acme.json"
  entryPoint = "https"
  OnHostRule = true

[acme.httpChallenge]
  entryPoint = "http"

[docker]
  domain = "traefik"
  watch = true
  swarmmode = true

[traefikLog]
  format   = "common"

[accessLog]
  format = "common"

我在生成letsencrypts证书时遇到错误

raefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Creating backend backend-whoami2-whoami2-basic"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Creating load-balancer wrr"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Creating server server-basic-whoami2-1-0 at http://172.50.0.28:80 with weight 1"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Wiring frontend frontend-whoami2-whoami2-basic to entryPoint https"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Creating route route-frontend-whoami2-whoami2-basic Host:example.com"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Creating backend backend-whoami2-whoami2-basic"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Creating load-balancer wrr"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Creating server server-basic-whoami2-1-0 at http://172.50.0.28:80 with weight 1"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=info msg="Server configuration reloaded on :80"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=info msg="Server configuration reloaded on :443"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=info msg="Server configuration reloaded on :8080"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Try to challenge certificate for domain [example.com] founded in Host rule"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Try to challenge certificate for domain [admin.example.com] founded in Host rule"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Try to challenge certificate for domain [example.com] founded in Host rule"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Looking for provided certificate(s) to validate [\"example.com\"]..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Domains [\"example.com\"] need ACME certificates generation for domains \"example.com\"."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Loading ACME certificates [example.com]..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Building ACME client..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Looking for provided certificate(s) to validate [\"example.com\"]..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Domains [\"example.com\"] need ACME certificates generation for domains \"example.com\"."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Loading ACME certificates [example.com]..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Looking for provided certificate(s) to validate [\"admin.example.com\"]..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Domains [\"admin.example.com\"] need ACME certificates generation for domains \"admin.example.com\"."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:38Z" level=debug msg="Loading ACME certificates [admin.example.com]..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:48Z" level=error msg="Unable to obtain ACME certificate for domains \"example.com\" detected thanks to rule \"Host:example.com\" : cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': failed to get json \"https://acme-v02.api.letsencrypt.org/directory\": Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:58948->127.0.0.11:53: i/o timeout"
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:48Z" level=debug msg="Building ACME client..."
traefik.1.jb0p9q8iy3kj@master    | time="2018-06-10T17:54:48Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"

我尝试从主机ping域,但它已解决。 我认为问题是因为s​​warm dns在不同的网络中,而不是代理/内部网络,但我不确定。也许我应该使用额外的服务作为领事?或者问题不同?

0 个答案:

没有答案