我的后端服务在Azure Service Fabric中托管的Docker容器中。服务是有状态的。因此,我们使用Traefik将有状态请求转换为无状态请求。为此,Traefik将请求从前端转发到我们的后端。使用HTTP时可以正常工作。现在我们必须在前端启用HTTPS。
我已经为Azure Service Fabric配置了HTTPS。登录群集节点时,可以通过专用IP访问后端服务。但是我无法从配置的域访问我的服务。 Traefik日志显示“未找到后端”。 我正在使用自签名证书。这是我的配置:
[traefikLog]
filePath = "log/traefik.log"
format = "json"
logLevel = "DEBUG"
# Enable debug mode
#
# Optional
# Default: false
#
debug = true
# Traefik logs file
# If not defined, logs to stdout
#
# Optional
#
#traefikLogsFile = "log/traefik.log"
# Log level
#
# Optional
# Default: "ERROR"
#logLevel = "DEBUG"
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "abc@abc.com"
storage = "acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "domain1.azure.com"
[[acme.domains]]
main = "domain2.azure.com"
[entryPoints.traefik]
address = ":8080"
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
[accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
filePath = "log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
################################################################
# API definition
################################################################
[api]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
entryPoint = "traefik"
# Enabled Dashboard
#
# Optional
# Default: true
#
dashboard = true
# Enable debug mode.
# This will install HTTP handlers to expose Go expvars under /debug/vars and
# pprof profiling data under /debug/pprof.
# Additionally, the log level will be set to DEBUG.
#
# Optional
# Default: false
#
debug = true
################################################################
# Service Fabric provider
################################################################
# Enable Service Fabric configuration backend
[servicefabric]
filename = "custom_config_template.tmpl"
debugLogGeneratedTemplate = true
# Service Fabric Management Endpoint
clustermanagementurl = "https://localhost:19080"
# Note: use "https://localhost:19080" if you're using a secure cluster
# Service Fabric Management Endpoint API Version
apiversion = "3.0"
refreshSeconds = 10
# Enable TLS connection.
#
# Optional
#
[serviceFabric.tls]
cert = "certs/servicefabric.crt"
key = "certs/servicefabric.key"
insecureskipverify = true
# Enable REST Provider.
[rest]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
entryPoint = "traefik"
以下是我不明白的一些问题:
为什么我不能从域https://domain1.azure.com访问我的服务?
是否还必须为后端服务启用https?现在,我已经这样做了,但是我认为这可能是不必要的,因为后端服务的https或http仅在Traefik呼叫后端时才重要。但是我们只需要在调用Traefik前端时启用https。我说的对吗?
无论如何,由于我也为后端服务启用了https,因此是否必须将后端服务绑定到在[entryPoints.https.tls]中配置的同一证书?
答案 0 :(得分:1)
问题是由我的部署引起的。更新配置后,我仅重新部署了Traefik服务。