我正在尝试使用traefik创建一个简单的应用程序来处理路由和SSL,但是当我想使用“ example.com”而不是“ subdomain.example.com”时遇到了问题
如果我尝试包含仅具有“ example.com”前端规则的服务,则唯一有效的规则是“ monitor.example.com”。 “ api.example.com”将不起作用并返回404。如果我注释掉了“ example.com”的前端规则,则“ api.example.com”将再次起作用。但是,无论如何,“ monitor.example.com”都可以正常工作。此外,无论如何,“ example.com”始终会返回404。
这是我的docker-compose文件:
version: '3'
services:
reverse-proxy:
image: traefik
restart: always
command: --docker
ports:
- 80:80
- 443:443
networks:
- web
labels:
- "traefik.frontend.rule=Host:monitor.example.com"
- "traefik.port=8080"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.backend=traefik"
environment:
- CLOUDFLARE_EMAIL=###
- CLOUDFLARE_API_KEY=###
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/project/traefik/traefik.toml:/traefik.toml
- /home/project/traefik/acme.json:/acme.json
container_name: traefik
api:
image: api
expose:
- 5080
restart: always
networks:
- web
container_name: api
labels:
- "traefik.frontend.rule=Host:api.example.com"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.port=5080"
- "traefik.backend=api"
app:
image: app
restart: always
networks:
- web
container_name: app
labels:
- "traefik.frontend.rule=Host:example.com"
- "traefik.enable=true"
- "traefik.docker.network=web"
- "traefik.backend=app"
- "traefik.port=80"
networks:
web:
external: true
这是我的traefik配置:
defaultEntryPoints = ["https", "http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.trdash]
address = ":8080"
[entryPoints.trdash.auth]
[entryPoints.trdash.auth.basic]
users = [
"admin:###",
]
[api]
entryPoint = "trdash"
[acme]
email = "###"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
[[acme.domains]]
main = "example.com"
[[acme.domains]]
main = "*.example.com"
[acme.dnsChallenge]
provider = "cloudflare"
任何帮助将不胜感激,谢谢!
编辑: 好的,我似乎通过在Cloudflare上使用的域上禁用“橙色云”解决了自己的问题。此外,我还必须删除traefik.toml文件中的http到https重定向规则。我不明白为什么这是一个问题,所以我将把这个问题保留。这似乎确实抵消了Cloudflare提供的许多价值。
答案 0 :(得分:0)
事实证明,问题在于启用Cloudflare代理(橙色云)而未启用后端SSL。只要我在服务器上具有SSL证书(我通过“加密”完成),我就可以将Cloudflare SSL设置为“完全(严格)”,并且看来路由现在可以正常工作。
感谢Traefik Slack上的Daniel Tomcej帮助我找到了这个答案。