我在docker-compose环境中使用traefik,以将流量路由到Rancher服务器容器和Kubernetes主机。除了Helm之外,其他一切都正常。运行helm init可以正常工作,但是当我尝试使用Helm安装某些东西时,我总是收到以下错误消息:Error: forwarding ports: error upgrading connection: Upgrade request required。
这是与Rancher服务器相关的traefik配置:
version: '3'
services:
traefik:
image: traefik:1.7
environment:
API_KEY: "asdfadsf"
API_SECRET: "asdfasdf"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik-conf:/etc/traefik
- ./acme.json:/acme.json
restart: "always"
rancher-server:
image: rancher/rancher:v2.0.8
container_name: rancher-server
restart: on-failure
command: --no-cacerts
volumes:
- ./rancher-data:/var/lib/rancher
labels:
- traefik.backend=rancher
- traefik.port=80
- traefik.frontend.rule=Host:rancher2.example.com
- traefik.frontend.entryPoints=https
在另一种设置中,我还测试了Rancher服务器之前的nginx。在那里,Helm按预期工作。这是我使用的Nginx配置:
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
upstream rancher {
server rancher-server:80;
}
server {
listen 443 ssl http2;
server_name rancher2.example.com;
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;
ssl_dhparam /config/nginx/dhparams.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rancher;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
proxy_read_timeout 900s;
}
}
我不知道是否还需要在traefik配置中设置“ Upgrade”和“ Connection”标头。我尝试过,但没有设法使它起作用。
有人知道我需要如何配置traefik才能使此设置有效吗?这似乎是traefik的问题,而不是Rancher / Helm问题,因为nginx可以使用相同的设置。我想使用traefik,因为它可以自动注册letencrypt通配符证书。