为什么traefik重定向到apache2 php容器子目录上的docker后端端口?

时间:2019-01-19 00:00:31

标签: apache traefik

我正在使用支持PHP 7.0的库,该库支持apache的docker容器将我的应用程序托管在traefik后面。
该apache配置为服务端口1025而不是端口80,因为openshift不允许您使用端口1024以下的任何内容。 br /> 为了避免人员进入,我在前端使用docker-compose标签配置了基本身份验证。

以下行为令我感到困惑:
使用浏览器(Chrome)时,http://dev.domain.com/admin将要求提供凭据,并将我重定向到https://dev.domain.com
在上一步中输入凭据后,重新访问http://dev.domain.com/admin将导致重定向到dev.domain.com:1025/admin
不确定此信息是否有帮助,但是直接通过https://浏览每个页面时不会发生这种情况。

我尝试了curl来查看发生了什么。
似乎有一个http 301重定向将我的浏览器发送到了内部端口上。您可以在下面看到输出。

为什么会这样?我该怎么做才能防止这种情况?

使用curl对服务的响应:

curl -v 'https://some:basicauth@dev.domain.com/admin'
*   Trying 1.1.1.1...
* Connected to dev.domain.com (1.1.1.1) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: dev.domain.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=dev.domain.com
*        start date: Sat, 24 Nov 2018 17:51:49 GMT
*        expire date: Fri, 22 Feb 2019 17:51:49 GMT
*        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*        compression: NULL
* ALPN, server accepted to use http/1.1
* Server auth using Basic with user 'some'
> GET /admin HTTP/1.1
> Host: dev.domain.com
> Authorization: Basic dhfkjasdhf==
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Content-Length: 325
< Content-Type: text/html; charset=iso-8859-1
< Date: Fri, 18 Jan 2019 18:02:06 GMT
< Location: http://dev.domain.com:1025/admin/
< Server: Apache/2.4.25 (Debian)
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://dev.domain.com:1025/admin/">here</a>.</p>
<hr>
<address>Apache/2.4.25 (Debian) Server at dev.domain.com Port 1025</address>
</body></html>
* Connection #0 to host dev.domain.com left intact

我的traefik.toml配置是:

defaultEntryPoints = ["http","https"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
   [entryPoints.https.tls]
[accessLog]

[retry]

[api]
  entryPoint = "traefik"
  dashboard = true
  debug = true
[docker]
  endpoint = "unix:///var/run/docker.sock"
  domain = "domain.com"
  watch = true
  exposedbydefault = false
[acme]
  email = "some@email.com"
  storageFile = "acme.json"
  entryPoint = "https"
  onHostRule = true
[acme.httpChallenge]
  entryPoint = "http"

我的docker-compose.yml

version: '2.4'
networks:
  web:
    external: true
services:
  php:
    image: php:7.0.31-apache-stretch
    restart: always
    networks:
      - web
    labels:
     traefik.frontend.auth.basic: some:basicauth
     traefik.docker.network: web
     traefik.enable: true
     traefik.frontend.rule: Host:dev.domain.com
     traefik.port: 1025

0 个答案:

没有答案
相关问题
最新问题