我正在尝试制作traefik的POC。使用http可以完美运行,但不能使用https。
让traefik生成的加密证书不好,我也不知道为什么。 希望您能帮助我,在此先感谢。
我也希望它能帮助社区拥有一个完整的简单示例,并且能发挥作用
root@ubuntu:~/traefik# ls -lt | more
total 8
-rw------- 1 root root 0 Nov 23 06:08 acme.json
-rw-r--r-- 1 root root 698 Nov 23 05:57 traefik.toml
-rw-r--r-- 1 root root 399 Nov 23 05:56 docker-compose.yml
traefik.toml配置文件。
root@ubuntu:~/traefik# cat traefik.toml
logLevel = "DEBUG"
[traefikLog]
filePath = "./traefik.log"
format = "json"
[accessLog]
filePath = "./access.log"
format = "json"
[web]
# Port for the status page
address = ":8080"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "xpoveda@gmail.com"
storage = "acme.json"
onHostRule = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[[acme.domains]]
main = "escalamas.com"
sans = ["test.escalamas.com"]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = false
然后由docker-compose创建traefik服务...
root@ubuntu:~/traefik# cat docker-compose.yml
version: '2'
services:
traefik:
image: traefik
command: --docker
ports:
- "80:80"
- "443:443"
- "8080:8080"
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
- "./traefik.log:/traefik.log"
- "./access.log:/access.log"
networks:
- default
另一方面,我在python,Dockerfile和Docker compose中有一个简单的dockerized应用程序“ hello world”。
root@ubuntu:~/apps# more start.py
from flask import Flask, request
app = Flask(__name__)
@app.route("/")
def hello():
return "Hello " + request.host
if __name__ == "__main__":
app.run(debug=False,host='0.0.0.0')
root@ubuntu:~/apps# more Dockerfile
FROM python:2.7
WORKDIR /app
COPY . /app
RUN pip install flask
ENTRYPOINT ["python"]
CMD ["start.py"]
root@ubuntu:~/apps# more docker-compose.yml
version: '2'
services:
test:
build: .
labels:
- "traefik.enabled=true"
- "traefik.backend=test"
- "traefik.frontend.rule=Host:test.escalamas.com"
- "traefik.port=5000"
networks:
- "traefik_default"
restart: always
networks:
traefik_default:
external:
name: traefik_default
当我运行所有内容时...
cat /dev/null > /root/traefik/acme.json
cd /root/traefik
docker-compose up -d
Creating traefik_traefik_1 ...
Creating traefik_traefik_1 ... done
cd /root/apps
docker-compose up -d
Creating apps_test_1 ...
Creating apps_test_1 ... done
当我用http执行时一切正常
root@ubuntu:~/traefik# curl --resolve test.escalamas.com:80:127.0.0.1 http://test.escalamas.com/
Hello test.escalamas.com
但是证书中的https错误:通用名称:TRAEFIK DEFAULT CERT(与“ test.escalamas.com”不匹配)和页面中的404错误
root@ubuntu:~/traefik# curl -v --resolve test.escalamas.com:443:127.0.0.1 https://test.escalamas.com/ --insecure
* Added test.escalamas.com:443:127.0.0.1 to DNS cache
* Hostname test.escalamas.com was found in DNS cache
* Trying 127.0.0.1...
* Connected to test.escalamas.com (127.0.0.1) port 443 (#0)
* found 149 certificates in /etc/ssl/certs/ca-certificates.crt
* found 593 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: TRAEFIK DEFAULT CERT (does not match 'test.escalamas.com')
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: CN=TRAEFIK DEFAULT CERT
* start date: Fri, 23 Nov 2018 14:16:22 GMT
* expire date: Sat, 23 Nov 2019 14:16:22 GMT
* issuer: CN=TRAEFIK DEFAULT CERT
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: test.escalamas.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Fri, 23 Nov 2018 14:19:03 GMT
< Content-Length: 19
<
404 page not found
* Connection #0 to host test.escalamas.com left intact
acme.json不为空,但是证书无效
root@ubuntu:~/traefik# cat acme.json
{
"Account": {
"Email": "xpoveda@gmail.com",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:xpoveda@gmail.com"
]
},
"uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/7415315"
},
"PrivateKey": "MIIJKQIBAAKCAgEA9uZaB5VJtoFj++cu3Z90GSKMI4NiLGBFLkYUQKYpQe57XxagF+e84t/rIXqmnYGc4RlnVWaApcKBgBB7j52rrAgrjD17lZa7Kh2N153WBeDw/RaDb2inB3BnOC7PU5BfzCoOicbD8rMuIH2zug/xAdQDwbAIWZSB7ljHlgLPP7uEKjih2fjjXi6p1Ld1sCvhHY3myw4frlY4L01AYdCiBvyn+izpQszJsISjQtN/JKFy7CZqFjUtCg9TA2j6RmM/hs6YOwkEcFU2P66jU+e4MYaTT2mtiK0mVq0mV3S1sFmOygAPEQGNUp0IgN0CaDbOlvTJ0GjibcfGBkJfaN/TWaauuXI0Y3GVWy5yIQu37rzXabHOQCBQXn8wISzoUO2VeljilMzM+3lH6Zk+QSjrEn3EFw+5kjUemqjbN1qI/CdMVFcWUGUP6Dus51pYY1nuBIj+9Zft5+AGCDRl4nxbC6WIlZK2ydIM5/DnGMWCcicGrhjm5Zzv9YGiMTqzXArARJJlOMYiQuYsmCbdoEJW/nFoBuLXhDKfrWV0CKAmfsE62dWgzKcK72QglwzLQS/RiwbI0NapjtuWvtrFi0q9NhzrKdOddineoikzG3Uc+b+fFksv5+N7tRN21kEDshDXoYH+jJWfJ+3JNqPgGCU4RFKnQjghrpEF9fw3N24rtVMCAwEAAQKCAgBb0j1HNrEMS8CYbVjTmTp/IocFqhX3tPHljLB5fpI3b+635V0ypr9rjKUQdWHDj/F9EYqJiy5q9xRcQUUCmzu+Jee0JyVv83e16PnYZ12yH/7f0OCerUf5D0eD8Hywci/+aOGxQZecCiEsejM+DjGuYV/oR4RDdGSB9Mh9NJxI8n7riNZAjzxXyXjloDkHhLoa2Kwtdho4Jt6MUOmRtxqbCJmcA9nYOvsDR8DD2I4fXF+2DW9ExQ/z/tD7oq35QW3dv7WDtw3MjRQ4yMT7LmElIgxk60NbYjGw6IIq4j+zzwq4ex8fTvl08Ou5qPf9M+zO3Ui01lznQPWXXFXJVfxuTvhbZEyVwP1bqju3Qd2hT26qRq8M+KHNhaMNlUZAxRx5hmpif7utTO05uYeSoqaWgTs+Zn8FWHvucmo3pNNXHV6noSqt2dCoaRlHarR9Hq2yPFkmI+ovstERUIUNIadTGDoKIklmql7PvZ+bDIm1EkVS3BuUz6PxAo+baPbR7Y9nnGe5r2Gvxbv8SNOINep5YgKl3uqatyKU+hjOS2lqmJhGc6w0ja3YWW3uRGFGyNNszVibCLqHRWIALmGclhdpghrKFKjwNf3l6bpReruouTG8XFOXlnhyntQo4S6pNdKYlR0TH4LtSJpNhBweFbkJJTWG/5IRnE6V/O6DH9jDaQKCAQEA/qX1i21DDOUUdU+ySRNVyPBEgF9rzwyT/R0fmJUgSAPEQZAftMbcUBwfAAqktJwVzrNPGNKdfP/uUjsxHaPTZOyIOFg6UgpJlX5ugecNufhkiWTQia3GkEKon3ENBKCrksBBdfoC2YmA106Dj3A8+BEBGC6YkMYu5TcW0hTEa5aa07xHt0r8rYQ5PbbqKEqkYFv7W84Lf4y4wuCTi0uxx2yqlGVtfPuVuf3Yyt2H8FajL1wevZkofiQTb1AjzrPWeZNq5vC6QKhXl8a6uBDNpx0s7Chks5ssaUm99vRVgTiGfMRa2yR2lFKXLCFTFnSYDkQbCiqs7GLM2tX8VufMDwKCAQEA+DXc91ztA9iHbbdFhIxCWfGm2q6D6BNLjG9hqUqhF7UUhJ8ngPjodpC2RDG6s6xhwp11Faw7og9JUaZmOm1Q1ThDMFUgFDFn+IrKsDcwePOhV6inxSdbSls7A2VkaXL3E0kIpEdMAnHMPk/3MjgLkbAOxlD1Z5O88UzyuIGSi2mt/Xo2AFef4ngYyAZ8hxvPSk0H7exu8c7Rlqgqfo2/Wk0+eY4NZXaRLs0yK4pD1D+YwMvCGgOTP0IbOYcKMjqjjDtqhlb0MxePK3w0UaYIOmL+g5I+GvbiWcD0ZT9pHjfSNAYQMgH6owXw4B8gSseXkqQqxUwqki5Gg3dO9afOfQKCAQEA3L0r7qLWHpVteIuPNn1GPZrZJpaQs7hpiF34h6Gti/+H3nV6ppBDZkYaMUUIpW8wEC+q/w+DaVnJUwrwdosOsku/gWgplfhI9QfV71FEutKxA9CaXN6AY4kE9sFe0YYddGan2AbS9ZOWVg0/SdW3ZCoJUtcBdW32NMfeRlmuMr0olSZ+3EpqYldd7ztiG28oskbJyzj/CqAHgRZ/j54cC40NCPorQM4taj678I68SgAwENu/4gaj7USEfFdx0rpdzqGVZ3+BVI8Y7v5b2TbnrldCG6ygLnjytIox26LNg+hl3D2xrIkdKVG2rZBtn+eN77/l2JhJsderUH9x8DuazQKCAQEAtUTxCR4uYl6iGTh9Zp3gXzuiNZa58qUUyY0Wb8J2/49ZWrm46fHeI6jv08HVrh44jx7bQWa1bldnnl+9zPHE1NLwDr48XULvwY3rFOJZXhvfOtuLGurxOs6BvKsxt+kkFEuEKiV/l1FwbhmMWHqhyFYhlCfP8ULt+/PMV38ZfQNC9BlqkrlrpMM8pehGzY07x/GV1uaS57m5SyOpVR9EHjjHZZKeqfj7coidGTsy6jE/551nNgRiZxJqO4spoSE+C83gsBeU5DNSddmRhAeTfsCJS6FkBeFD0XSfh8nVhSITO7cp4LudRa2zCprwxGwbgBawvcIwXO26xYw+eB2DKQKCAQAvBGGo8Dk7U9pIEZ0MWWQ7OKpZyLXcL6AzHOaJef1JTdLwBXXWS0fgxAphBUE/fBeIaXhOC3IPL9xL/83eOHIkK/aCljSrj12c8f9oDchgzBZEFQFsB38RtvCU0kcvwHdE8o1/+VSae6Wz4pm9i46aVtnHktcTuctEBR4zuoMtnmzquEWsXeWkUB350QPT5cz+YD0anXefB2N0Uaz30M8x9WD7CL9S1COc2yzcDRqcMRcHoYyc0E0wg0dfX6bPFOI3CEs5HqTGLBuAS7x/qQpmf24+wNFld/xRbQ7pX8OUnx0e8DQklti7xZqCOW7/8dbWda88N58nNZAhcwYrjxBR",
"KeyType": "4096"
},
"Certificates": null,
"HTTPChallenges": null,
"TLSChallenges": null
此外,日志文件创建为文件夹,而不是文件,并且我不知道如何查看traefik.log,因为经典的docker run -sssh不适用于此映像。
root@ubuntu:~/traefik# ls -lt | more
total 20
-rw------- 1 root root 3534 Nov 23 06:16 acme.json
drwxr-xr-x 2 root root 4096 Nov 23 06:16 access.log
drwxr-xr-x 2 root root 4096 Nov 23 06:16 traefik.log
-rw-r--r-- 1 root root 698 Nov 23 05:57 traefik.toml
-rw-r--r-- 1 root root 399 Nov 23 05:56 docker-compose.yml
非常感谢!
泽维尔。
答案 0 :(得分:0)
很可能是因为您的 traefik.toml 文件中的这一行。
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
您正在使用临时服务器来获取您的证书。如果删除此行,您将与 Let's Encrypt 协商生产就绪证书。