访问Traefik UI网页
访问Traefik UI网页
提问于 2021-07-04 22:00:08
我试图使用我在.yml上找到的这个https://dockerswarm.rocks/traefik/文件在码头群上部署traefik
> version: '3.3'
>
> services:
>
> traefik:
> # Use the latest v2.2.x Traefik image available
> image: traefik:v2.2
> ports:
> # Listen on port 80, default for HTTP, necessary to redirect to HTTPS
> - 80:80
> # Listen on port 443, default for HTTPS
> - 443:443
> deploy:
> placement:
> constraints:
> # Make the traefik service run only on the node with this label
> # as the node with it has the volume for the certificates
> - node.labels.traefik-public.traefik-public-certificates == true
> labels:
> # Enable Traefik for this service, to make it available in the public network
> - traefik.enable=true
> # Use the traefik-public network (declared below)
> - traefik.docker.network=traefik-public
> # Use the custom label "traefik.constraint-label=traefik-public"
> # This public Traefik will only use services with this label
> # That way you can add other internal Traefik instances per stack if needed
> - traefik.constraint-label=traefik-public
> # admin-auth middleware with HTTP Basic auth
> # Using the environment variables USERNAME and HASHED_PASSWORD
> - traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable
> not set}:${HASHED_PASSWORD?Variable not set}
> # https-redirect middleware to redirect HTTP to HTTPS
> # It can be re-used by other stacks in other Docker Compose files
> - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
> - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
> # traefik-http set up only to use the middleware to redirect to https
> # Uses the environment variable DOMAIN
> - traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable
> not set}`)
> - traefik.http.routers.traefik-public-http.entrypoints=http
> - traefik.http.routers.traefik-public-http.middlewares=https-redirect
> # traefik-https the actual router using HTTPS
> # Uses the environment variable DOMAIN
> - traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable
> not set}`)
> - traefik.http.routers.traefik-public-https.entrypoints=https
> - traefik.http.routers.traefik-public-https.tls=true
> # Use the special Traefik service api@internal with the web UI/Dashboard
> - traefik.http.routers.traefik-public-https.service=api@internal
> # Use the "le" (Let's Encrypt) resolver created below
> - traefik.http.routers.traefik-public-https.tls.certresolver=le
> # Enable HTTP Basic auth, using the middleware created above
> - traefik.http.routers.traefik-public-https.middlewares=admin-auth
> # Define the port inside of the Docker service to use
> - traefik.http.services.traefik-public.loadbalancer.server.port=8080
> volumes:
> # Add Docker as a mounted volume, so that Traefik can read the labels of other services
> - /var/run/docker.sock:/var/run/docker.sock:ro
> # Mount the volume to store the certificates
> - traefik-public-certificates:/certificates
> command:
> # Enable Docker in Traefik, so that it reads labels from Docker services
> - --providers.docker
> # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
> - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
> # Do not expose all Docker services, only the ones explicitly exposed
> - --providers.docker.exposedbydefault=false
> # Enable Docker Swarm mode
> - --providers.docker.swarmmode
> # Create an entrypoint "http" listening on port 80
> - --entrypoints.http.address=:80
> # Create an entrypoint "https" listening on port 443
> - --entrypoints.https.address=:443
> # Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
> - --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
> # Store the Let's Encrypt certificates in the mounted volume
> - --certificatesresolvers.le.acme.storage=/certificates/acme.json
> # Use the TLS Challenge for Let's Encrypt
> - --certificatesresolvers.le.acme.tlschallenge=true
> # Enable the access log, with HTTP requests
> - --accesslog
> # Enable the Traefik log, for configurations and errors
> - --log
> # Enable the Dashboard and API
> - --api
> networks:
> # Use the public network created to be shared between Traefik and
> # any other service that needs to be publicly available with HTTPS
> - traefik-public
>
> volumes: # Create a volume to store the certificates, there is a
> constraint to make sure # Traefik is always deployed to the same
> Docker node with the same volume containing # the HTTPS certificates
> traefik-public-certificates:
>
> networks: # Use the previously created public network
> "traefik-public", shared with other # services that need to be
> publicly available via this Traefik traefik-public:
> external: true我尝试过vm的外部ip地址,但没有找到404错误页。检查日志,我发现有一个DNS错误。
msg=“无法为域获得ACME证书”traefik.domain.com:无法为域traefik.domain.com :traefik.domain.com生成证书:错误:错误: 400 :urn:ietf:params: acme: url: DNS ::DNS问题: NXDOMAIN查找A for traefik.domain.com-检查该域是否存在DNS记录,url:\n“providerName=le.acme routerName=traefik-public-https@docker rule=”Host(
traefik.domain.com)
谢谢!
回答 2
Stack Overflow用户
发布于 2021-07-05 09:22:50
LetsEncrypt是一种免费向网站颁发证书的公共云服务。
它使用DNS挑战协议来确保不向中间站点中的man颁发证书--服务器需要能够通过回答DNS挑战来证明自己对域的所有权。这是通过LetEncrypt对域执行回调来完成的,传递一个令牌(用于web挑战)。显然,这意味着LetsEncrypt只能用于您拥有的真正的公共DNS条目,这些条目指向您的群,以便Traefik能够处理这个挑战。
如果您试图使用带有私有域的on安装程序来完成此操作,那么您可以使用类似步骤- CA -它提供了一个符合ACME标准的CA,可以安装在-prem上。
Stack Overflow用户
发布于 2022-02-04 05:24:43
我通过在我的traefik.yml文件中定义著名的internet DNS服务器来解决这个问题。
certificatesResolvers:
letsencrypt:
acme:
email: email@domain.com
storage: acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
- "9.9.9.9:53"页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/68249100
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号