![](/img/trans.png)
[英]Docker setup with Traefik reverse proxy - NET:ERR_CERT_AUTHORITY_INVALID on one domain despite identical setup and config of another domain that works
[英]Traefik V2.2.1 - All services except Traefik service returns [NET :: ERR_CERT_AUTHORITY_INVALID] and uses [TRAEFIK DEFAULT CERT]
我決定將 traefik 的版本從 1.7.x 升級到 2.2.1。 所以我遵循了上面解決方案的指導方針( https://gist.github.com/fatihyildizhan/8f124039a9bd3801f0caf3c01c3601fb ),這樣 2.2.1 版的 traefik 就可以工作了。 Traefik v2.2.1 工作並正確地將 http 端口重定向到 https。但是,whoami 服務從 http 端口重定向到 https 但顯示以下消息:
WHOAMI return
NET :: ERR_CERT_AUTHORITY_INVALID
TRAEFIK DEFAULT CERT
############################################
Problem
############################################
Returns - Whoami Address / Service
C: \ Windows \ system32> curl http://whoami.ehpop.com.br/
Moved Permanently
C: \ Windows \ system32> curl https://whoami.ehpop.com.br/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you would like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
C: \ Windows \ system32> curl https://whoami.ehpop.com.br/ -k
Hostname: 420fd35c2aff
IP: 127.0.0.1
IP: 172.23.0.2
RemoteAddr: 172.23.0.5:48334
GET / HTTP / 1.1
Host: whoami.ehpop.com.br
User-Agent: curl / 7.39.0
Accept: * / *
Accept-Encoding: gzip
X-Forwarded-For: 177.223.109.184
X-Forwarded-Host: whoami.ehpop.com.br
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: ffb0f2160d14
X-Real-Ip: 177.223.109.184
############################################
OK
############################################
Returns for access to the traefik monitor
C: \ Windows \ system32> curl http://traefik.ehpop.com.br --user admin
Enter host password for user 'admin':
Moved Permanently
C: \ Windows \ system32> curl https://traefik.ehpop.com.br --user admin
Enter host password for user 'admin':
<a href="/dashboard/"> Found </a>.
############################################
Files and settings I'm using:
############################################
############################################
[Traefik v2.] - docker-compose.yml with httpChallenge
############################################
version: '3.7'
services:
traefik:
image: traefik:v2.2
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.yml:/traefik.yml:ro
- ./acme.json:/acme.json
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$password"
- "traefik.http.routers.traefik.rule=Host(`traefik.ehpop.com.br`)"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.ehpop.com.br`)"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.permanent=true"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
networks:
proxy:
external: true
############################################
[Traefik v2.] - traefik.yml with httpChallenge
############################################
api:
dashboard: true
# Writing Logs to a File, in JSON
log:
level: DEBUG
filePath: "log-file.log"
format: json
# Configuring a buffer of 100 lines
accessLog:
filePath: "log-access.log"
bufferingSize: 100
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
http:
acme:
email: naugustijr@gmail.com
storage: acme.json
httpChallenge:
entryPoint: http
############################################
[Traefik v2.] - whoami - docker-compose.yml
############################################
version: '3.7'
services:
whoami:
image: containous/whoami
container_name: whoami
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data:/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.entrypoints=http"
- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
- "traefik.http.middlewares.whoami-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.whoami-https-redirect.redirectscheme.permanent=true"
- "traefik.http.routers.whoami.middlewares=whoami-https-redirect"
- "traefik.http.routers.whoami-secure.entrypoints=https"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.tls=true"
- "traefik.http.routers.whoami-secure.tls.certresolver=http"
- "traefik.http.routers.whoami-secure.service=whoami"
- "traefik.http.services.whoami.loadbalancer.server.port=80"
- "traefik.docker.network=proxy"
networks:
proxy:
external: true
我想知道如何解決這個問題。 我查看了 traefik 文檔,但沒有發現任何錯誤。
我改變了這個部分
- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
對於這個
- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`)"
它奏效了!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.