堆棧內存溢出
  簡體   English   中英

Traefik V2.2.1 - 除 Traefik 服務外的所有服務返回 .NET:: ERR_CERT_AUTHORITY_INVALID] 並使用 [TRAEFIK DEFAULT CERT]

[英]Traefik V2.2.1 - All services except Traefik service returns [NET :: ERR_CERT_AUTHORITY_INVALID] and uses [TRAEFIK DEFAULT CERT]

 原文  2020-05-15 22:20:13       docker/ ssl/ traefik

問題描述

我決定將 traefik 的版本從 1.7.x 升級到 2.2.1。 所以我遵循了上面解決方案的指導方針( https://gist.github.com/fatihyildizhan/8f124039a9bd3801f0caf3c01c3601fb ),這樣 2.2.1 版的 traefik 就可以工作了。 Traefik v2.2.1 工作並正確地將 http 端口重定向到 https。但是,whoami 服務從 http 端口重定向到 https 但顯示以下消息:

WHOAMI return

NET :: ERR_CERT_AUTHORITY_INVALID
TRAEFIK DEFAULT CERT

############################################
Problem
############################################
Returns - Whoami Address / Service

C: \ Windows \ system32> curl http://whoami.ehpop.com.br/
Moved Permanently


C: \ Windows \ system32> curl https://whoami.ehpop.com.br/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you would like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

C: \ Windows \ system32> curl https://whoami.ehpop.com.br/ -k
Hostname: 420fd35c2aff
IP: 127.0.0.1
IP: 172.23.0.2
RemoteAddr: 172.23.0.5:48334
GET / HTTP / 1.1
Host: whoami.ehpop.com.br
User-Agent: curl / 7.39.0
Accept: * / *
Accept-Encoding: gzip
X-Forwarded-For: 177.223.109.184
X-Forwarded-Host: whoami.ehpop.com.br
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: ffb0f2160d14
X-Real-Ip: 177.223.109.184

############################################
OK
############################################
Returns for access to the traefik monitor

C: \ Windows \ system32> curl http://traefik.ehpop.com.br --user admin
Enter host password for user 'admin':
Moved Permanently

C: \ Windows \ system32> curl https://traefik.ehpop.com.br --user admin
Enter host password for user 'admin':
<a href="/dashboard/"> Found </a>.

############################################
Files and settings I'm using:
############################################

############################################
[Traefik v2.] - docker-compose.yml with httpChallenge
############################################

version: '3.7'

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/traefik.yml:ro
      - ./acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$password"

      - "traefik.http.routers.traefik.rule=Host(`traefik.ehpop.com.br`)"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"

      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.ehpop.com.br`)"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.tls=true"

      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.permanent=true"

      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"

networks:
  proxy:
    external: true



############################################
[Traefik v2.] - traefik.yml with httpChallenge
############################################

api:
  dashboard: true

# Writing Logs to a File, in JSON
log:
  level: DEBUG
  filePath: "log-file.log"
  format: json

# Configuring a buffer of 100 lines
accessLog:
  filePath: "log-access.log"
  bufferingSize: 100  

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  http:
    acme:
      email: naugustijr@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: http    



############################################
[Traefik v2.] - whoami - docker-compose.yml
############################################

version: '3.7'

services:
    whoami:
      image: containous/whoami
      container_name: whoami
      restart: unless-stopped
      security_opt:
        - no-new-privileges:true
      networks:
        - proxy
      volumes:
        - /etc/localtime:/etc/localtime:ro
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./data:/data
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.entrypoints=http"
        - "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
        - "traefik.http.middlewares.whoami-https-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.whoami-https-redirect.redirectscheme.permanent=true"

        - "traefik.http.routers.whoami.middlewares=whoami-https-redirect"
        - "traefik.http.routers.whoami-secure.entrypoints=https"
        - "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
        - "traefik.http.routers.whoami-secure.tls=true"
        - "traefik.http.routers.whoami-secure.tls.certresolver=http"
        - "traefik.http.routers.whoami-secure.service=whoami"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"
        - "traefik.docker.network=proxy"

networks:
  proxy:
    external: true

我想知道如何解決這個問題。 我查看了 traefik 文檔,但沒有發現任何錯誤。

1 個解決方案

解決方案1
 1 已采納  2020-05-19 17:55:59

我改變了這個部分

- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"

對於這個

- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`)"

它奏效了!

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 使用Traefik反向代理的Docker設置-盡管一個域的設置和配置相同,但另一個域上的NET:ERR_CERT_AUTHORITY_INVALID仍然有效 在瀏覽器中顯示為net :: ERR_CERT_AUTHORITY_INVALID的StartSSL SSL證書 Traefik v2 和無效的 Lets Encrypt 證書 traefik 自定義服務創建 Traefik 和 Deluge 返回 No such Resource 使用Traefik路由Traefik UI Traefik 看不到 Docker Swarm 服務 Traefik v2 監聽端口 Traefik v2 和帶路徑的路由 Traefik V2 的主機和路徑
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM