堆棧內存溢出
  簡體   English   中英

Traefik錯誤轉發EOF /錯誤的網關(讓我們加密相關)

[英]Traefik Error forwarding EOF / Bad Gateway (Let's Encrypt Related)

 原文  2018-01-10 17:29:16       ssl/ docker/ reverse-proxy/ lets-encrypt/ traefik

問題描述

我正在嘗試通過Docker(可通過Traefik訪問)在公共服務器上設置Cryptpad。 我已經設置了Traefik以及Cryptpad,但是到目前為止,導航到http://cryptpad.myserver.com (重定向到https(按照特定配置)后)后,我在瀏覽器中收到了錯誤的網關錯誤,並且在treafik容器的日志: 

level=warning msg="Error forwarding to https://172.19.0.2:3000, err: EOF"

此外,另一個可能相關的問題是,Let's Encrypt似乎無法為cryptpad.myserver.commonitor.myserver.com都發行證書(我已按照此處https:// www的說明進行配置。 digitalocean.com/community/tutorials/how-to-to-use-traefik-as-a-reverse-proxy-for-docker-containers-on-ubuntu-16-04 )。

編輯:錯誤的網關問題似乎確實是由於未能創建有效的證書而引起的,因為我可以通過Traefik在普通的HTTP上通過Traefik很好地到達Cryptpad(當然,在關閉相關的HTTPS配置之后)。 已對該問題的標題進行了相應的編輯以反映這種關系。

例如,當嘗試訪問https://monitor.myserver.com ,我在traefik容器的日志中得到以下錯誤: 

time="2018-01-10T13:53:37Z" level=info msg="Server configuration reloaded on :9080" 
time="2018-01-10T13:53:37Z" level=info msg="Server configuration reloaded on :9443" 
time="2018-01-10T13:53:37Z" level=debug msg="LoadCertificateForDomains [monitor.myserver.com]..." 
time="2018-01-10T13:53:37Z" level=debug msg="Look for provided certificate to validate [monitor.myserver.com]..." 
time="2018-01-10T13:53:37Z" level=debug msg="No provided certificate found for domains [monitor.myserver.com], get ACME certificate." 
time="2018-01-10T13:53:37Z" level=debug msg="Loading ACME certificates [monitor.myserver.com]..." 
time="2018-01-10T13:53:37Z" level=warning msg="A new release has been found: 1.4.6. Please consider updating." 
time="2018-01-10T13:53:37Z" level=error msg="map[monitor.myserver.com:[monitor.myserver.com] acme: Could not determine solvers]" 
time="2018-01-10T13:53:37Z" level=error msg="Error getting ACME certificates [monitor.myserver.com] : Cannot obtain certificates map[monitor.myserver.com:[monitor.myserver.com] acme: Could not determine solvers]+v"

同樣,嘗試訪問http://cryptpad.myserver.com ,將記錄以下ssl錯誤(以上面提到的EOF / Bad Gatewway錯誤結尾): 

time="2018-01-10T11:59:18Z" level=info msg="Server configuration reloaded on :9443" 
time="2018-01-10T11:59:18Z" level=info msg="Server configuration reloaded on :9080" 
time="2018-01-10T11:59:18Z" level=debug msg="LoadCertificateForDomains [cryptpad.myserver.com]..." 
time="2018-01-10T11:59:18Z" level=debug msg="Look for provided certificate to validate [cryptpad.myserver.com]..." 
time="2018-01-10T11:59:18Z" level=debug msg="No provided certificate found for domains [cryptpad.myserver.com], get ACME certificate." 
time="2018-01-10T11:59:18Z" level=debug msg="Loading ACME certificates [cryptpad.myserver.com]..." 
time="2018-01-10T11:59:18Z" level=error msg="map[cryptpad.myserver.com:[cryptpad.myserver.com] acme: Could not determine solvers]" 
time="2018-01-10T11:59:18Z" level=error msg="Error getting ACME certificates [cryptpad.myserver.com] : Cannot obtain certificates map[cryptpad.myserver.com:[cryptpad.myserver.com] acme: Could not determine solvers]+v" 
time="2018-01-10T11:59:52Z" level=debug msg="Look for provided certificate to validate [cryptpad.myserver.com]..." 
time="2018-01-10T11:59:52Z" level=debug msg="No provided certificate found for domains [cryptpad.myserver.com], get ACME certificate." 
time="2018-01-10T11:59:52Z" level=debug msg="Challenge GetCertificate cryptpad.myserver.com" 
time="2018-01-10T11:59:52Z" level=debug msg="ACME got nothing cryptpad.myserver.com" 
time="2018-01-10T11:59:52Z" level=debug msg="Look for provided certificate to validate [cryptpad.myserver.com]..." 
time="2018-01-10T11:59:52Z" level=debug msg="No provided certificate found for domains [cryptpad.myserver.com], get ACME certificate." 
time="2018-01-10T11:59:52Z" level=debug msg="Challenge GetCertificate cryptpad.myserver.com" 
time="2018-01-10T11:59:52Z" level=debug msg="ACME got nothing cryptpad.myserver.com" 
time="2018-01-10T11:59:52Z" level=warning msg="Error forwarding to https://172.19.0.2:3000, err: EOF"

以下是docker-compose.yml的docker docker-compose.yml文件及其traefik.toml文件(均通過參考上述參考指南[通過Digital Ocean]和Traefik自己的文檔進行配置, 網址為https://docs.traefik.io/user-guide / docker-and-lets-encrypt / ): 

version: '2'

services:
  traefik:
    image: traefik
    networks:
      - proxy
    ports:
      - "9080:9080"
      - "9443:9443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    labels:
      - "traefik.frontend.rule=Host:monitor.myserver.com"
      - "traefik.port=8080"
    container_name: traefik

networks:
  proxy:
    external: true

traefik.toml: 

checkNewVersion = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]

[entryPoints]
    [entryPoints.http]
    address = ":9080"
        [entryPoints.http.redirect]
            entryPoint = "https"
    [entryPoints.https]
    address = ":9443"
        [entryPoints.https.tls]

[retry]

[acme]
email = "example@myserver.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false

[web]

address = ":8080"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "myserver.com"
watch = true
exposedbydefault = false

這是.env.env docker-compose.yml文件,我根據https://github.com/xwiki-labs/cryptpad/blob/master/docs/cryptpad-docker.md和先前提到的指南: 

VERSION=latest
USE_SSL=true
STORAGE='./storage/file'
LOG_TO_STDOUT=true

docker-compose.yml 

version: '2'
services:

  cryptpad:
    build:
      context: .
      args:
        - VERSION=${VERSION}
    image: "xwiki/cryptpad:${VERSION}"
    hostname: cryptpad

    labels:
      - "traefik.backend=cryptpad"
      - "traefik.docker.network=proxy"
      - "traefik.frontend.rule=Host:cryptpad.myserver.com"
      - "traefik.enable=true"
      - "traefik.port=3000"
      - "traefik.frontend.passHostHeader=true"
      - "traefik.default.protocol=https"
    environment:
      - USE_SSL=${USE_SSL}
      - STORAGE=${STORAGE}
      - LOG_TO_STDOUT=${LOG_TO_STDOUT}
    restart: always
    volumes:
      - ./data/files:/cryptpad/datastore:rw
      - ./data/customize:/cryptpad/customize:rw
    networks:
      - proxy
      - default
    expose:
      - "3000"

networks:
  proxy:
    external: true

任何幫助將不勝感激。 &當然,如有必要,我可以提供更多詳細信息。

1 個解決方案

解決方案1
 2 已采納  2018-01-10 21:15:50

我認為您遇到了這個問題:

https://community.letsencrypt.org/t/solution-client-with-the-current-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/ 49983

顯然,由於安全問題,letsencrypt已禁用TLS-SNI-01。 這是問題的鏈接: https : //community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996

看起來letencrypt需要幾天時間,然后他們才能再次啟用它。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 讓我們在GKE上加密Kubernetes和Traefik Traefik SSL,無需加密 Azure Let的加密錯誤 讓我們加密自動續訂時出錯(Nginx) 使用Traefik成功生成了讓我們在端口443和8080上加密證書嗎? 讓我們在Tomcat中加密 讓我們用uWSGI加密 ERR_SSL_PROTOCOL_ERROR,讓我們在特定設備上加密 讓我們使用NO SNI加密證書 讓我們用 Docker 加密證書
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM