Traefik with docker-compose，LetsEncrypt和多個域

Question

我試圖通過使用traefik作為反向代理的docker docker-compose來運行鬼影像。

我有兩個域， sub.foo.com和bar.com 。 在調用sub.foo.com:2386 docker-compose up -d之后，可以通過sub.foo.com:2386訪問容器，但不能訪問bar.com 。 我知道沒有必要在ghost.service使用ports選項，但是要在那里證明容器出現了。

這是我的配置：

---

traefik.toml

debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https","http"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"

[entryPoints.https]
address = ":443"
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "sub.foo.com"
watch = true
exposedbydefault = false

[acme]
email = "john.doe@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

泊塢窗，compose.yml

version: "3.3"

services:
  db:
    image: mysql:5.7
    volumes:
      - db_data:/var/lib/mysql
    restart: always
    networks:
      - ghost
    environment:
      MYSQL_ROOT_PASSWORD: testing
      MYSQL_DATABASE: ghost
      MYSQL_USER: ghost
      MYSQL_PASSWORD: ghost
  ghost:
    depends_on:
      - db
    image: ghost:2.1.2-alpine
    ports:
      - "2368:2368"
    networks:
      - traefik
      - ghost
    volumes:
      - ghost_data:/var/lib/ghost/content
    environment:
      database__client: mysql
      database__connection__host: db
      database__connection__user: ghost
      database__connection__password: ghost
      database__connection__database: ghost
    labels:
      - "traefik.backend=ghost"
      - "traefik.docker.network=traefik"
      - "traefik.enable=true"
      - "traefik.frontend.rule=Host:bar.com"
      - "traefik.port=2368"
      - "traefik.protocol=http"

volumes:
  db_data: {}
  ghost_data: {}

networks:
  ghost: {}
  traefik:
    external: true

我有什么想法我做錯了嗎？ 我的DNS記錄在sub.foo.com和bar.com上sub.foo.com相同的sub.foo.com bar.com 。 當我導航到bar.com我最終得到：

<!DOCTYPE html>
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Access Denied</title>
<style type="text/css">body {margin:0;font-family:verdana,sans-serif;} h1 {margin:0;padding:12px 25px;background-color:#343434;color:#ddd} p {margin:12px 25px;} strong {color:#E0042D;}</style>
</head>
<body>
<h1>Access Denied</h1>
<p>
<strong>You are attempting to access a forbidden site.</strong><br/><br/>
Consult your system administrator for details.
</p>
</body>
</html>

這不是你的標准traefik錯誤。 是不是有約束力？

Answer 1

也許它被切斷但你的toml還需要以下內容：

...
[acme]
email = "john.doe@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[[acme.domains]]
  main = "bar.com"
[acme.httpChallenge]
  entryPoint = "http"

您的docker-compose可能缺少以下內容：

labels:
  ....
  - "traefik.frontend.entryPoints=http,https"

然而，錯誤看起來像是treafik相關的不同之處。 treafik是否暴露在服務器上的端口80和443上？