我有两个docker-compose.*.yml文件,一个用于测试阶段,一个用于生产。测试阶段文件使用docker compose执行,生产使用docker swarm执行。
泊坞窗撰写设置工作正常。如果是生产docker群设置,则在访问Rabbitmq管理端点时会收到超时504 http状态代码。
由于两个容器的日志,traefik以及rabbitmq均未显示任何错误,我不知道该如何调试。
这是两个文件:
docker-compose.testing-stage.yml (工作示例,使用docker compose执行)
version: '3.7'
services:
traefik:
image: traefik:v2.2
hostname: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/acme.json:/root/acme.json
- /root/credentials.txt:/root/credentials.txt
ports:
- 80:80
- 443:443
command:
- --api=true
- --log.level=WARN
- --providers.docker=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker.exposedByDefault=false
- --certificatesresolvers.secure.acme.httpchallenge=true
- --certificatesresolvers.secure.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.secure.acme.email=${MAIL_ADDRESS}
- --certificatesresolvers.secure.acme.storage=/root/acme.json
labels:
- traefik.enable=true
# dashboard
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.rule=Host(`monitor.example.org`)
- traefik.http.routers.traefik.tls.certresolver=secure
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.services.traefik.loadbalancer.server.port=8080
- traefik.http.middlewares.auth.basicauth.usersfile=/root/credentials.txt
# https redirect
- traefik.http.routers.detour.rule=hostregexp(`{host:[a-z-.]+}`)
- traefik.http.routers.detour.entrypoints=web
- traefik.http.routers.detour.middlewares=redirect-to-https
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
rabbitmq:
image: registry.exampe.com/root/blicc/rabbitmq:test
hostname: rabbitmq
environment:
- RABBITMQ_ERLANG_COOKIE=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_USER=admin
ports:
- 15672:15672
labels:
- traefik.enable=true
- traefik.http.routers.rabbitmq.rule=Host(`messaging.example.org`)
- traefik.http.routers.rabbitmq.tls.certresolver=secure
- traefik.http.services.rabbitmq.loadbalancer.server.port=15672
docker-compose.prod.yml (示例,该示例在messages.prod-example.org上超时,使用docker swarm执行)
version: '3.7'
services:
traefik:
image: traefik:v2.2
hostname: traefik
ports:
- 80:80
- 443:443
command:
# entry points
- --api=true
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
# tls certificates
- --certificatesresolvers.secure.acme.httpchallenge=true
- --certificatesresolvers.secure.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.secure.acme.email=${MAIL_ADDRESS}
- --certificatesresolvers.secure.acme.storage=/root/acme.json
# metrics
- --metrics=true
- --metrics.prometheus=true
# docker
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --providers.docker.swarmMode=true
- --providers.docker.network=traefik-public
- --providers.docker.endpoint=unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /root/acme.json:/root/acme.json
- /root/credentials.txt:/root/credentials.txt
deploy:
replicas: 1
update_config:
parallelism: 1
order: start-first
failure_action: rollback
delay: 10s
rollback_config:
parallelism: 0
order: stop-first
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
# dashboard
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.rule=Host(`monitor.prod-example.org`)
- traefik.http.routers.traefik.tls.certresolver=secure
- traefik.http.routers.traefik.middlewares=auth
- traefik.http.middlewares.auth.basicauth.usersfile=/root/credentials.txt
- traefik.http.services.traefik.loadbalancer.server.port=8080
# https redirect
- traefik.http.routers.detour.rule=hostregexp(`{host:[a-z-.]+}`)
- traefik.http.routers.detour.entrypoints=web
- traefik.http.routers.detour.middlewares=redirect-to-https
- traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https
- traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https
- traefik.http.services.dummy-svc.loadbalancer.server.port=9999
rabbitmq:
image: registry.exampe.com/root/blicc/rabbitmq:latest
hostname: rabbitmq
environment:
- RABBITMQ_ERLANG_COOKIE=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD}
- RABBITMQ_DEFAULT_USER=admin
ports:
- 15672:15672
deploy:
replicas: 1
update_config:
parallelism: 1
order: start-first
failure_action: rollback
delay: 10s
rollback_config:
parallelism: 0
order: stop-first
restart_policy:
condition: any
delay: 5s
max_attempts: 3
window: 120s
placement:
constraints:
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.routers.rabbitmq.rule=Host(`messaging.prod-example.org`)
- traefik.http.routers.rabbitmq.tls.certresolver=secure
- traefik.http.services.rabbitmq.loadbalancer.server.port=15672
两台服务器都使用相同的防火墙和相同的端口运行ubuntu 18.04。我猜想我在traefik的docker swarm设置上犯了一些错误,但我不知道是什么。我基本上改变的唯一一件事就是将标签放在
deploy下。rabbitmq容器在端口15672上公开了ui,我正在使用负载均衡器将其映射到messages.prod-example.org上的端口443。但是,此端点使我超时。
有人看到我在这里配置错误吗?
答案 0 :(得分:0)
也许您忘记了在Rabbitmq标签中设置“入口点”,如下所示:
traefik.http.routers.rabbitmq.entrypoints=XXX