时间戳

首页 > 解决方案 > bitwarden_rs 在 traefik v2.2(坏网关)后面不工作

docker - bitwarden_rs 在 traefik v2.2(坏网关)后面不工作

问题描述

所以我正在尝试将 bitwarden_rs 添加到我的 docker 网络中,但似乎失败了。

我还有一个在 traefik (nextcloud.mydomain.com) 后面运行的 nextcloud docker 容器,它运行良好。但是将带有他自己的子域 (bitwarden.mydomain.com) 的 bitwarden 添加到 traefik 并不想开始工作。我总是收到 Bad Gateway 错误。

Traefik docker-compose

version: "3"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    command:
      - --log.level=DEBUG
      - --api.insecure
      - --api.dashboard
      - --providers.file.directory=/FileProvider/
      - --providers.file.watch=true
      - --providers.docker
      - --providers.docker.exposedbydefault=false
      - --providers.docker.endpoint=unix:///var/run/docker.sock 
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencryptresolver.acme.email=my@email.com
      - --certificatesresolvers.letsencryptresolver.acme.storage=./letsencrypt/acme.json
      - --certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web
      - --certificatesresolvers.letsencryptresolver.acme.httpchallenge=true
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - ...
    networks:
      - local-lan
    labels:
      - --traefik.http.middlewares.https.redirectscheme.scheme=https
      - --traefik.http.routers.https_redirect.middlewares=https
      - --traefik.http.routers.https_redirect.rule=(Host(`bitwarden.mydomain.com`) || Host(`nextcloud.mydomain.com`))
      - --traefik.http.routers.https_redirect.entrypoints=web
      - --traefik.docker.network=local-lan

networks:
  local-lan:
      external: true

traefik 动态配置

middlewares:
  ncHeader:
    headers:
      customResponseHeaders:
        stsPreload: true
        stsSeconds: 15552000
  redirect:
    redirectScheme:
      scheme: https

bitwarden_rs 码头工人撰写

version: '3'

services:
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: bitwarden
    restart: always
    volumes:
      - /home/reggi/bitwarden/data:/data
    environment:
      - WEBSOCKET_ENABLED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - ADMIN_TOKEN=xxxxxxxxxxx
    ports:
      - 3012:3012
      - 4500:80
    networks:
      - local-lan
    labels:
      - traefik.enable=true
      - traefik.docker.network=local-lan
      - traefik.http.services.bitwarden-ui.loadbalancer.server.port=4500
      - traefik.http.services.bitwarden-ui.loadbalancer.server.scheme=http

      - traefik.http.routers.bitwarden-ui-https.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-ui-http.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=web
      - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-websocket-https.tls=true
      - traefik.http.routers.bitwarden-websocket-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
      - traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
      - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
      - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
      
networks:
 local-lan:
    external: true

使用此配置,两个容器都运行良好,但由于某种原因,当我导航到 http(s)://bitwarden.mydomain.com 时,我得到了一个错误的网关。

当我导航到我的服务器 IP:4500 时,bitwarden 打开,这意味着 docker 容器运行良好。在我的 traefik 日志中,我可以找到这个错误: time="2021-03-10T21:06:35Z" level=debug msg="'502 Bad Gateway' caused by: dial tcp 17.32.0.8:4500: connect: connection refused"

当我从 traefik 容器对 bitwarden 容器进行简单的 curl 操作时,我得到了同样的错误: curl --verbose http://17.32.0.8:4500 在此处输入图像描述

例如, curl 到我的 nextcloud 容器确实有效: 在此处输入图像描述

我已经尝试了很多东西,但似乎无法弄清楚。对于 nextcloud,我可以添加一个受信任的代理域,但如果我没记错的话,这对于 bitwarden_rs 似乎是不可能的。

有人知道我错过了什么或做错了什么吗?

标签: dockertraefik

解决方案

经过一番调查,我发现了我的错误。

我不需要在你的 docker 网络之外映射端口 80,我只需要公开它。所以这现在有效:

version: '3'

services:
  bitwarden:
    image: bitwardenrs/server:latest
    container_name: bitwarden
    restart: always
    volumes:
      - /home/reggi/bitwarden/data:/data
    environment:
      - WEBSOCKET_ENABLED=true
      - WEB_VAULT_ENABLED=true
      - SIGNUPS_ALLOWED=true
      - ADMIN_TOKEN=xxxxxxxxxxx
    expose:
      - 3012
      - 80
    networks:
      - local-lan
    labels:
      - traefik.enable=true
      - traefik.docker.network=local-lan
      - traefik.http.services.bitwarden-ui.loadbalancer.server.port=4500
      - traefik.http.services.bitwarden-ui.loadbalancer.server.scheme=http

      - traefik.http.routers.bitwarden-ui-https.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-ui-https.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-ui-http.rule=Host(`bitwarden.mydomain.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=web
      - traefik.http.routers.bitwarden-ui-http.service=bitwarden-ui@docker

      - traefik.http.routers.bitwarden-websocket-https.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-https.entrypoints=websecure
      - traefik.http.routers.bitwarden-websocket-https.tls=true
      - traefik.http.routers.bitwarden-websocket-https.tls.certresolver=letsencryptresolver
      - traefik.http.routers.bitwarden-websocket-https.service=bitwarden-websocket
      - traefik.http.routers.bitwarden-websocket-http.rule=Host(`bitwarden.mydomain.com`) && Path(`/notifications/hub`)
      - traefik.http.routers.bitwarden-websocket-http.entrypoints=web
      - traefik.http.routers.bitwarden-websocket-http.service=bitwarden-websocket
      - traefik.http.services.bitwarden-websocket.loadbalancer.server.port=3012
      
networks:
 local-lan:
    external: true

推荐阅读