[英]Vaultwarden behind traefik
对于“演示”,我使用带有 nginx 代理的“一体化”文件
version: "3.9"
services:
proxy:
image: nginx:latest
container_name: proxy
restart: always
ports:
- "80:80"
environment:
- TZ=Europe/Brussels
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/conf.d:/etc/nginx/conf.d:ro
networks:
- proxy
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
- LOG_LEVEL=debug
volumes:
- "data:/data/"
networks:
- proxy
volumes:
data:
networks:
proxy:
name: proxy_network
和
server {
listen 80;
server_name 127.0.0.1;
resolver 127.0.0.11;
set $vaultwarden_upstream vaultwarden;
location /vaultwarden/ {
rewrite ^/vaultwarden/(.*) /$1 break;
proxy_pass http://$vaultwarden_upstream;
}
}
它工作正常。 在我的浏览器中,我可以从 go 到http://127.0.0.1/vaultwarden 并查看登录页面。 在日志中我可以看到
172.28.0.1 - - [08/Jan/2023:18:15:42 +0100] "127.0.0.1" "GET /vaultwarden/ HTTP/1.1" 200 628 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
172.28.0.1 - - [08/Jan/2023:18:15:42 +0100] "127.0.0.1" "GET /vaultwarden/theme_head.5f24ba8d7aa944e6f52b.js HTTP/1.1" 200 474 "http://127.0.0.1/vaultwarden/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" "-"
...
和
[2023-01-08 17:15:42.693][request][INFO] GET /
[2023-01-08 17:15:42.693][response][INFO] (web_index) GET / => 200 OK
[2023-01-08 17:15:42.706][request][INFO] GET /theme_head.5f24ba8d7aa944e6f52b.js
...
现在我正在尝试迁移到 traefik
version: "3.9"
services:
proxy:
image: traefik:v2.9
container_name: proxy
restart: unless-stopped
command:
- "--accesslog=true"
- "--log.level=INFO"
- "--api.insecure=true"
- "--entrypoints.web.address=:80"
- "--providers.docker=true"
- "--providers.docker.network=proxy_network"
- "--providers.docker.exposedbydefault=false"
ports:
- 80:80
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- proxy
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
- LOG_LEVEL=debug
labels:
- "traefik.enable=true"
- "traefik.http.services.vaultwarden-service.loadbalancer.server.port=80"
- "traefik.http.middlewares.vaultwarden-strip-prefix.stripprefix.prefixes=/vaultwarden"
- "traefik.http.routers.vaultwarden.entrypoints=web"
- "traefik.http.routers.vaultwarden.rule=PathPrefix(`/vaultwarden`)"
- "traefik.http.routers.vaultwarden.middlewares=vaultwarden-strip-prefix@docker"
- "traefik.http.routers.vaultwarden.service=vaultwarden-service"
volumes:
- "data:/data/"
networks:
- proxy
volumes:
data:
networks:
proxy:
name: proxy_network
但它不再起作用了。
在日志中
172.30.0.1 - - [08/Jan/2023:17:36:01 +0000] "GET /vaultwarden HTTP/1.1" 200 1240 "-" "-" 105 "vaultwarden@docker" "http://172.30.0.2:80" 1ms
172.30.0.1 - - [08/Jan/2023:17:36:01 +0000] "GET /theme_head.5f24ba8d7aa944e6f52b.js HTTP/1.1" 404 19 "-" "-" 106 "-" "-" 0ms
...
和
[2023-01-08 17:36:01.836][request][INFO] GET /
[2023-01-08 17:36:01.836][response][INFO] (web_index) GET / => 200 OK
...
当然 traefik 日志中没有更多内容,因为 /theme_head.5f24ba8d7aa944e6f52b.js 上的 GET 没有重定向到容器。
为什么会有这样的差异? 为什么 /vaultwarden 似乎从第二个(以及所有后续)GET 中删除?
我不明白。 我错过了什么?
编辑
使用http://127.0.0.1/vaultwarden
它不工作,使用http://127.0.0.1/vaultwarden/
我还尝试用其他图像替换 vaultwarden 图像
image: containous/whoami
或者
image: portainer/portainer-ce
它总是在工作。 两者都有http://127.0.0.1/vaultwarden
和http://127.0.0.1/vaultwarden/
但是,如果 vaultwarden 正在使用 nginx,为什么不添加尾随 / 就不能使用 traefik?
解决此问题的最简单方法是通过/vaultwarden
/vaultwarden 的请求重定向到/vaultwarden/
来添加尾部斜杠。 我们可以使用redirectregex
中间件来做到这一点。
具体的规则集是这样的:
- "traefik.http.routers.vaultwarden.middlewares=vaultwarden-add-slash,vaultwarden-strip-prefix"
- "traefik.http.middlewares.vaultwarden-add-slash.redirectregex.regex=/vaultwarden$$"
- "traefik.http.middlewares.vaultwarden-add-slash.redirectregex.replacement=/vaultwarden/"
- "traefik.http.middlewares.vaultwarden-strip-prefix.stripprefix.prefixes=/vaultwarden"
这是我用于测试的完整配置:
services:
proxy:
image: traefik:v2.9
container_name: proxy
restart: unless-stopped
command:
- "--accesslog=true"
- "--log.level=INFO"
- "--api.insecure=true"
- "--entrypoints.web.address=:80"
- "--providers.docker=true"
- "--providers.docker.network=proxy_network"
- "--providers.docker.exposedbydefault=false"
ports:
- 80:80
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- proxy
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: unless-stopped
environment:
- LOG_LEVEL=debug
labels:
- "traefik.enable=true"
- "traefik.http.routers.vaultwarden.entrypoints=web"
- "traefik.http.routers.vaultwarden.rule=PathPrefix(`/vaultwarden`)"
- "traefik.http.routers.vaultwarden.middlewares=vaultwarden-add-slash,vaultwarden-strip-prefix"
- "traefik.http.middlewares.vaultwarden-add-slash.redirectregex.regex=/vaultwarden$$"
- "traefik.http.middlewares.vaultwarden-add-slash.redirectregex.replacement=/vaultwarden/"
- "traefik.http.middlewares.vaultwarden-strip-prefix.stripprefix.prefixes=/vaultwarden"
volumes:
- "data:/data/"
networks:
- proxy
volumes:
data:
networks:
proxy:
name: proxy_network
你可能已经意识到这一点,但它让我感到惊讶:在 vaultwarden 图像上设置了健康检查,所以它需要一分钟左右才能变得“健康”。 在容器健康之前,Traefik 不会将流量转发到容器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.