时间戳

首页 > 解决方案 > 访问 Traefik UI 网页

docker - 访问 Traefik UI 网页

问题描述

我正在尝试使用我在https://dockerswarm.rocks/traefik/上找到的这个 .yml 文件在 docker swarm 上部署 traefik :

> version: '3.3'
> 
> services:
> 
>   traefik:
>     # Use the latest v2.2.x Traefik image available
>     image: traefik:v2.2
>     ports:
>       # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
>       - 80:80
>       # Listen on port 443, default for HTTPS
>       - 443:443
>     deploy:
>       placement:
>         constraints:
>           # Make the traefik service run only on the node with this label
>           # as the node with it has the volume for the certificates
>           - node.labels.traefik-public.traefik-public-certificates == true
>       labels:
>         # Enable Traefik for this service, to make it available in the public network
>         - traefik.enable=true
>         # Use the traefik-public network (declared below)
>         - traefik.docker.network=traefik-public
>         # Use the custom label "traefik.constraint-label=traefik-public"
>         # This public Traefik will only use services with this label
>         # That way you can add other internal Traefik instances per stack if needed
>         - traefik.constraint-label=traefik-public
>         # admin-auth middleware with HTTP Basic auth
>         # Using the environment variables USERNAME and HASHED_PASSWORD
>         - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable
> not set}:${HASHED_PASSWORD?Variable not set}
>         # https-redirect middleware to redirect HTTP to HTTPS
>         # It can be re-used by other stacks in other Docker Compose files
>         - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
>         - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
>         # traefik-http set up only to use the middleware to redirect to https
>         # Uses the environment variable DOMAIN
>         - traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable
> not set}`)
>         - traefik.http.routers.traefik-public-http.entrypoints=http
>         - traefik.http.routers.traefik-public-http.middlewares=https-redirect
>         # traefik-https the actual router using HTTPS
>         # Uses the environment variable DOMAIN
>         - traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable
> not set}`)
>         - traefik.http.routers.traefik-public-https.entrypoints=https
>         - traefik.http.routers.traefik-public-https.tls=true
>         # Use the special Traefik service api@internal with the web UI/Dashboard
>         - traefik.http.routers.traefik-public-https.service=api@internal
>         # Use the "le" (Let's Encrypt) resolver created below
>         - traefik.http.routers.traefik-public-https.tls.certresolver=le
>         # Enable HTTP Basic auth, using the middleware created above
>         - traefik.http.routers.traefik-public-https.middlewares=admin-auth
>         # Define the port inside of the Docker service to use
>         - traefik.http.services.traefik-public.loadbalancer.server.port=8080
>     volumes:
>       # Add Docker as a mounted volume, so that Traefik can read the labels of other services
>       - /var/run/docker.sock:/var/run/docker.sock:ro
>       # Mount the volume to store the certificates
>       - traefik-public-certificates:/certificates
>     command:
>       # Enable Docker in Traefik, so that it reads labels from Docker services
>       - --providers.docker
>       # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
>       - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
>       # Do not expose all Docker services, only the ones explicitly exposed
>       - --providers.docker.exposedbydefault=false
>       # Enable Docker Swarm mode
>       - --providers.docker.swarmmode
>       # Create an entrypoint "http" listening on port 80
>       - --entrypoints.http.address=:80
>       # Create an entrypoint "https" listening on port 443
>       - --entrypoints.https.address=:443
>       # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
>       - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
>       # Store the Let's Encrypt certificates in the mounted volume
>       - --certificatesresolvers.le.acme.storage=/certificates/acme.json
>       # Use the TLS Challenge for Let's Encrypt
>       - --certificatesresolvers.le.acme.tlschallenge=true
>       # Enable the access log, with HTTP requests
>       - --accesslog
>       # Enable the Traefik log, for configurations and errors
>       - --log
>       # Enable the Dashboard and API
>       - --api
>     networks:
>       # Use the public network created to be shared between Traefik and
>       # any other service that needs to be publicly available with HTTPS
>       - traefik-public
> 
> volumes:   # Create a volume to store the certificates, there is a
> constraint to make sure   # Traefik is always deployed to the same
> Docker node with the same volume containing   # the HTTPS certificates
> traefik-public-certificates:
> 
> networks:   # Use the previously created public network
> "traefik-public", shared with other   # services that need to be
> publicly available via this Traefik   traefik-public:
>     external: true

我已经尝试了我的虚拟机的外部 IP 地址,但我得到一个 404 错误页面未找到。检查日志,我发现有一个DNS错误

msg="无法获取域“traefik.domain.com”的 ACME 证书:无法为域 [traefik.domain.com] 生成证书:错误:一个或多个域有问题:\n[traefik.domain .com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS 问题:NXDOMAIN 查找 A 以查找 traefik.domain.com - 检查该域是否存在 DNS 记录,url: \ n" providerName=le.acme routerName=traefik-public-https@docker rule="Host( traefik.domain.com)"

谢谢 !

标签: dockerproxydnsdocker-swarmtraefik

解决方案

LetsEncrypt 是一种免费向网站颁发证书的公共云服务。

它使用 DNS 质询协议来确保不会向中间站点中的人颁发证书——服务器需要能够通过回答 DNS 质询来证明它们对域的所有权。这是通过 LetEncrypt 对传递令牌的域进行回调(用于网络质询)来完成的。显然,这意味着 LetsEncrypt 只能用于您拥有的真实公共 DNS 条目,这些条目指向您的集群,以便 Traefik 可以处理挑战。

如果您尝试使用带有私有域的本地设置来执行此操作,那么您可以使用 Step-CA 之类的东西 - 它提供了一个可以在本地安装的符合 ACME 的 CA。

推荐阅读