[英]502 Proxy Error ( docker + traefik + apache )
I'm trying to setup traefik for SSL termination on my local development instance. 我正在尝试为本地开发实例上的SSL终止设置traefik。 Following up this guide I have the following configuration.
遵循本指南,我有以下配置。
docker-compose.yml 泊坞窗,compose.yml
version: '2.1'
services:
mariadb:
image: wodby/mariadb:10.2-3.0.2
healthcheck:
test: "/usr/bin/mysql --user=dummyuser --password=dummypasswd --execute \"SHOW DATABASES;\" | grep database"
interval: 3s
timeout: 1s
retries: 5
restart: always
environment:
MYSQL_ROOT_PASSWORD: dummy
MYSQL_DATABASE: database
volumes:
- ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
- mysql:/var/lib/mysql # I want to manage volumes manually.
php:
depends_on:
mariadb:
condition: service_healthy
ports:
- "25:25"
- "587:587"
environment:
PHP_FPM_CLEAR_ENV: "no"
DB_HOST: mariadb
#DB_USER: dummy
DB_PASSWORD: dummypasswd
DB_NAME: database
DB_DRIVER: mysql
PHP_POST_MAX_SIZE: "256M"
PHP_UPLOAD_MAX_FILESIZE: "256M"
PHP_MAX_EXECUTION_TIME: 300
volumes:
- codebase:/var/www/html/
- private:/var/www/html/private
solr:
image: mxr576/apachesolr-4.x-drupal-docker
ports:
- "8983:8983"
labels:
- 'traefik.backend=solr'
- 'traefik.port=8983'
# - 'traefik.frontend.rule=Host:192.168.33.10'
volumes:
- solr:/opt/solr/example/solr/collection1/data
restart: always
portainer:
image: portainer/portainer
command: --no-auth -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- 'traefik.backend=portainer'
- 'traefik.port=9000'
restart: always
apache:
image: wodby/php-apache:2.4-2.0.2
# ports:
# - "80:80"
depends_on:
- php
environment:
APACHE_LOG_LEVEL: warn
APACHE_BACKEND_HOST: php
APACHE_SERVER_ROOT: /var/www/html/drupal
volumes:
- codebase:/var/www/html/
- private:/var/www/html/private
labels:
- 'traefik.backend=apache'
- 'traefik.docker.network=proxy'
- "traefik.frontend.rule=Host:127.0.0.1"
- "traefik.enable=true"
- "traefik.port=80"
- "traefik.default.protocol=http"
restart: always
networks:
- proxy
traefik:
image: traefik
command: -c /traefik.toml --web --docker --logLevel=INFO
ports:
- '80:80'
- '443:443'
- '8888:8080' # Dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /codebase/traefik.toml:/traefik.toml
- /codebase/certs/cert.crt:/cert.crt
- /codebase/certs/cert.key:/cert.key
volumes:
solr:
external: true
mysql:
external: true
codebase:
external: true
private:
external: true
networks:
proxy:
external: true
traefik.toml traefik.toml
logLevel = "DEBUG" # <---
defaultEntryPoints = ["https", "http"] # <---
[accessLog]
[traefikLog]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/cert.crt"
keyFile = "/cert.key"
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = false
When trying to verify the instance, I get a 502 Bad Gateway 尝试验证实例时,我收到502错误网关
curl -i -k https://127.0.0.1
HTTP/1.1 502 Bad Gateway
Content-Length: 392
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 14 Sep 2018 16:34:36 GMT
Server: Apache/2.4.29 (Unix) LibreSSL/2.5.5
X-Content-Type-Options: nosniff
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>502 Proxy Error</title>
</head><body>
<h1>Proxy Error</h1>
<p>The proxy server received an invalid
response from an upstream server.<br />
The proxy server could not handle the request <em><a href="/index.php">GET /index.php</a></em>.<p>
Reason: <strong>DNS lookup failure for: php</strong></p></p>
</body></html>
A reset for docker-compose and the docker network didn't help. 重置docker-compose和docker网络无济于事。 I've checked the issue on their repo and it seems like nobody got a definitive solution.
我已经在他们的仓库中检查了这个问题 ,似乎没人能找到确定的解决方案。 Anybody has an idea on how to solve this?
有人对如何解决这个问题有想法吗?
Edit:Update for full docker-compose file. 编辑:更新完整的docker-compose文件。
You are trying to connect to php
container from apache service using service discovery. 您正在尝试使用服务发现从apache服务连接到
php
容器。 But php
container is not attached to the network proxy
, Because you haven't declared network for it. 但是
php
容器未附加到网络proxy
,因为尚未为其声明网络。 The same case is with mariabd
as well. mariabd
也是如此。 So, When you connect to apache/traefik
they look for host php
which is not attached to the network proxy
and throw error 502 . 因此,当您连接到
apache/traefik
它们会查找未附加到网络proxy
主机php
并抛出错误502 。
Unless and until you specify external network, Docker containers will not be connected to them. 除非且直到您指定外部网络,否则Docker容器将不会连接到它们。
Hence, You have to specify the network as follows for all the services in order to make docker service discovery work properly. 因此,您必须为所有服务指定以下网络,以使docker服务发现正常工作。
networks:
- proxy
Since you have done port mapping. 既然您已经完成了端口映射。 You can also use public Ip of your host machine followed by the port to connect to services from docker container and from outside containers as well.
您还可以使用主机的公共Ip,然后使用端口,以连接来自docker容器和外部容器的服务。
Example:
例:
Let us assume your ip is
192.168.0.123
then you can connect tophp
from any services in docker container and even from outside docker as192.168.0.123:25
and192.168.0.123:587
.让我们假设您的IP为
192.168.0.123
那么您可以从docker容器中的任何服务甚至从外部docker以192.168.0.123:25
和192.168.0.123:587
连接到php
。 This is because you have exposed ports 25,587 by mapping them to host ports 25,587 .这是因为您已通过将端口25,587映射到主机端口25,587来暴露它们。
Some references: 一些参考:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.