我试图了解为什么我收到404错误。我已将其简化为docker-compose网络,但仍然无法确定Traefik。
此docker compose返回404错误。
version: '3'
networks:
# keycloak_network:
# driver: bridge
web:
external: true
internal-network:
internal: true
volumes:
keycloak_data:
driver: local
services:
keycloak_postgres:
image: postgres
volumes:
- keycloak_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
restart: always
networks:
# keycloak_network:
web:
keycloak:
image: jboss/keycloak
#build: ./server
environment:
DB_VENDOR: ${DB_VENDOR}
DB_ADDR: ${DB_ADDR}
POSTGRES_DB: ${POSTGRES_DB}
DB_USER: ${DB_USER}
DB_SCHEMA: ${DB_SCHEMA}
DB_PASSWORD: ${DB_PASSWORD}
KEYCLOAK_USER: ${KEYCLOAK_USER}
KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
#PROXY_ADDRESS_FORWARDING: "true"
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
depends_on:
- keycloak_postgres
volumes:
- ./themes:/opt/jboss/keycloak/themes/custom_theme
- ./disable_ssl.sh:/opt/jboss/keycloak/disable_ssl.sh
- ./themes/base/account/account.ftl:/opt/jboss/keycloak/themes/base/account/account.ftl
#- ./nginx/ssl:/etc/x509/https
restart: always
networks:
#keycloak_network:
web:
# aliases:
# - "api.adwin.usa.northeast.dn"
ports:
- "8444:8080"
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
labels:
- traefik.port=8080
- traefik.frontend.rule=Path:/keycloak
- traefik.docker.network=web
#- traefik.frontend.rule=Host:api.adwin.usa.northeast.dn
#- traefik.frontend.rule=Path:/keycloak
omgwtfssl:
image: paulczar/omgwtfssl
volumes:
- "./certs:/certs"
environment:
- SSL_SUBJECT=*
keycloak_graphql:
image: hasura/graphql-engine:v1.0.0-alpha40
# ports:
# - "9091:8080"
depends_on:
- "keycloak_postgres"
- "keycloak_auth"
restart: always
environment:
HASURA_GRAPHQL_DATABASE_URL: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DB_ADDR}:5432/${POSTGRES_DB}
HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" # https://docs.hasura.io/1.0/graphql/manual/guides/telemetry.html
HASURA_GRAPHQL_ENABLE_CONSOLE: "true" # set to "false" to disable console
HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
HASURA_GRAPHQL_AUTH_HOOK: ${HASURA_GRAPHQL_AUTH_HOOK}
networks:
#keycloak_network:
web:
labels:
- traefik.port=8080
- traefik.frontend.rule=Path:/keycloak-graphql
- traefik.docker.network=web
#- traefik.frontend.rule=Host:api.adwin.usa.northeast.dn
keycloak_auth:
image: httpsomkar/keycloak-hasura-connector:latest
environment:
KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID}
KEYCLOAK_SERVER_URL: ${KEYCLOAK_SERVER_URL}
KEYCLOAK_REALM: ${KEYCLOAK_REALM}
KEYCLOAK_SECRET: ${KEYCLOAK_SECRET}
AUTH_MODE: ${AUTH_MODE} # SINGLE USER, ORGANIZATION
networks:
#keycloak_network:
web:
此docker-compose会将whoami容器映像代理到localhost / whoami,并且按我的预期工作。在这里,我将whoami容器公开到公共网络。但是,Traefik的目的(如果我错了,请纠正我)是为了限制安全漏洞。我只想公开80/443。
我正在尝试使用Keycloak与Traefik配合使用,但出现404错误。我可以通过切换到内部网络来获得网关超时,我可以通过点击localhost:8443(公开端口)来验证keycloak cointainer是否正在运行。 我想念什么?我已经尝试了子域keycloak.adwin.usa.northeast.dn和adwin.usa.northeast.dn / keycloak。使用/ keycloak的运气要比使用子域的运气好。没有dns结构,这可能吗?
version: '3'
networks:
web:
external: true
internal-network:
internal: true
services:
reverse-proxy:
image: traefik # The official Traefik docker image
command: --api --docker --docker.watch --logLevel=DEBUG
# depends_on:
# - omgwtfssl
networks:
- web
ports:
- "80:80"
- "443:443"
- "5000:8080"
volumes:
- ./traefik.toml:/traefik.toml
- ./certs/:/certs/
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
#labels:
#- traefik.port=8080
#- traefik.frontend.rule=Path:/monitor
#- traefik.protocol=http
# - traefik.docker.network=web
# We only need to run this one time to generate our ./cert directory.
# omgwtfssl:
# image: paulczar/omgwtfssl
# volumes:
# - "./certs:/certs"
# environment:
# - SSL_SUBJECT=api.adwin.usa.northeast.dn
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- traefik.port=80
#- traefik.protocol=http
- traefik.frontend.rule=Path:/whoami
#- traefik.frontend.rule=Host:whoami.adwin.usa.northeast.dn
- traefik.docker.network=web
networks:
- web
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/cert.pem"
keyFile = "/certs/key.pem"
[docker]
domain = "adwin.usa.northeast.dn"
watch = true
#usebindportip = true