![](/img/trans.png)
[英]Traefik https backend communication causes x509: certificate is valid for 127.0.0.1 not <Container IP>
[英]Traefik ssl containers - '500 Internal Server Error' caused by: x509: certificate is valid for 127.0.0.1, ::1, not 172.x.x.x
我正在使用traefik:v2.8.2和在端口 80 和 443 上運行 apache 的容器。Apache 將端口 80 請求重定向到端口 443。
下面是我的 traefik.yml 文件 -
# configure logs
log:
level: DEBUG # Set to 'DEBUG' for troubleshooting
# configure entry points
entryPoints:
web:
address: ":80"
http:
redirections: # http to https redirection
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
postgres:
address: ":5432"
# configure providers
providers:
docker:
endpoint: "unix:///var/run/docker.sock" # connection to the docker daemon
exposedByDefault: false # ignore containers without label 'traefik.enable=true'
file:
directory: "/etc/traefik/conf" # directory for dynamic traefik configuration files
watch: true # changes are processed immediately
# configure api service
api:
dashboard: true # enable the traefik dashboard
下面是我的 tls 配置
tls:
certificates:
- certFile: "/etc/traefik/certs/knandan-cert.pem"
keyFile: "/etc/traefik/certs/knandan-key.pem"
下面是我的 docker-compose.yml 文件
version: "3.8"
services:
traefik:
networks:
- d_local
image: traefik:v2.8.2
container_name: "d_traefik"
restart: unless-stopped
security_opt:
- no-new-privileges:true
command:
- --serverstransport.insecureskipverify=true
ports:
- "80:80"
- "443:443"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./certs/:/etc/traefik/certs/:ro
- ./static_conf.yml:/traefik.yml:ro
- ./conf/:/etc/traefik/conf/:ro
labels:
- traefik.enable=true
- traefik.docker.network=d_local
- traefik.http.routers.traefik.entrypoints=websecure
- traefik.http.routers.traefik.rule=Host(`knandan.app`)
- traefik.http.routers.traefik.tls=true
- traefik.http.routers.traefik.service=api@internal
- traefik.http.services.traefik.loadbalancer.server.port=8080
d_apiapp:
build:
context: apiapp
dockerfile: .docker/Dockerfile
container_name: apiapp
restart: unless-stopped
image: apiapp
domainname: api.knandan.app
ports:
- "8080:80"
networks:
- d_local
volumes:
- "./apiapp:/srv/app"
- "./certs:/etc/ssl/crt"
labels:
- traefik.enable=true
- traefik.http.routers.apiapp.entrypoints=websecure
- traefik.http.routers.apiapp.rule=Host(`api.knandan.app`)
- traefik.http.routers.apiapp.tls=true
- traefik.http.services.apiapp.loadbalancer.server.port=443
- traefik.http.services.apiapp.loadbalancer.server.scheme=https
networks:
d_local:
external: true
當我運行docker-compose 時,我可以看到 traefik 儀表板。 但是當我打開api.knandan.app我得到內部服務器錯誤
檢查日志后,我知道有些 ssl 驗證失敗,以下是錯誤 -
time="2022-08-18T07:04:09Z" level=debug msg="'500 Internal Server Error' caused by: x509: certificate is valid for 127.0.0.1, ::1, not 172.18.0.2"
我注意到 traefik 正在容器 ip 上而不是在主機名上運行我的容器
level=debug msg="Creating server 0 https://172.18.0.2:443" routerName=apiapp@docker serverName=0 serviceName=apiapp entryPointName=websecure
有人可以幫我解決這個問題嗎? 謝謝是提前。
下面是我的 apache 配置 - 在 traefik 后面運行以運行 Laravel 應用程序
Traefik 可能正在使用默認的自動簽名證書,我猜想使用自定義證書不支持通配符證書。
所以嘗試在配置文件中添加默認證書:
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certs/knandan-cert.pem
keyFile: /etc/traefik/certs/knandan-cert.key
這是一個有用的鏈接
您還應該檢查 apiapp 卷中指示的目錄是否正確,如果 apiapp 是基於 ubuntu 的映像,則它應該是/etc/ssl/certs
而不是/etc/ssl/crt
。
不要在容器名稱中使用下划線。 然后容器名稱將用作無效的主機名。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.