<p>I have just begun looking at traefik as a reverse proxy for my nodejs application I am running in docker.</p>
<p>Now I am looking into how to get letsencrypt to work with traefik. I have never tried something like this before, and I am therefore looking for a more or less step by step guide.</p>
<p>ATM I have these different files to spin it all up with docker-compose:</p>
<p>Dockerfile:</p>
<pre><code>FROM node:6.3.0
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
RUN npm install -g nodemon
COPY package.json /usr/src/app
RUN npm install
COPY . /usr/src/app
EXPOSE 3000
CMD ["npm", "start"]
</code></pre>
<p>docker-compose.yml:</p>
<pre><code>version: "2"
services:
web:
build: .
volumes:
- .:/app
ports:
- "3000:3000"
links:
- database
labels:
- "traefik.port=3000"
- "traefik.backend=web"
- "traefik.protocol=http"
- "traefik.frontend.entryPoints=http"
- "traefik.frontend.rule=Host:hostname.com"
database:
image: mongo
container_name: mongo
ports:
- "27017:27017"
volumes_from:
- mongodata
command: --smallfiles --noprealloc
mongodata:
image: tianon/true
volumes:
- ./data/db:/data/db
traefik:
image: traefik:v1.1.1
command: --web.readonly --docker --docker.watch --docker.domain=docker.localhost --logLevel=DEBUG --entryPoints="Name:http Address::80"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/traefik/traefik.toml:/etc/traefik/traefik.toml
- /etc/traefik/acme.json:/etc/traefik/acme.json
</code></pre>
<p>traefik.toml:</p>
<pre><code>defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "my@email.com"
storageFile = "acme.json"
entryPoint = "https"
onDemand = true
onHostRule = true
</code></pre>
<p>Some of the things I am speculating is how the certificate is generated. Do I do this elsewhere or is this taken care of from traefik. When I read different guides it seems like this is taken care from by traefik, but I cannot access my site with https</p>
<p>I hope this is the correct place to ask. Otherwise let me know. I am only here to learn :)</p>
<hr/>**评论:**<br/><br/>wwader: <pre><p>I think the problem could be that you set traefik.frontend.entryPoints=http for the web service which i think means the site should only be accessible via non-tls-http.</p>
<p>If you want more debug you can add debug = true in the config file. Then you will also see let's encrypt challenges etc.</p></pre>lidttilvenstre: <pre><p>Does not seem to work. The containers are running but i get a 404 on the webpage. Can see the dashboard for traefik though. Don't I need to get the certificates and put them somewhere? This is what confuses me the most. How are the certificates created?</p></pre>wwader: <pre><p>All certificate information for all domains are stored inside acme.json. Do you see anything interesting when enabling debug?</p>
<p>Here is a similar setup that i use <a href="https://gist.github.com/wader/fd6aa0c5cc2e67da0c3c846573a8afc1" rel="nofollow">https://gist.github.com/wader/fd6aa0c5cc2e67da0c3c846573a8afc1</a></p></pre>lidttilvenstre: <pre><p>So the thing that I think I am lacking is how to get the acme.json file with the certificate information. Because I read it as something that traefik would take completely care of.</p>
<p>EDIT: I have posted an update on my configurations. I have looked more at the example on traefik and tried to take it from there.</p></pre>lidttilvenstre: <pre><p>I have tried to change my configurations and now they look like this:</p>
<p>Dockerfile:</p>
<pre><code>FROM node:6.3.0
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
RUN npm install -g nodemon
COPY package.json /usr/src/app
RUN npm install
COPY . /usr/src/app
EXPOSE 3000
CMD ["npm", "start"]
</code></pre>
<p>docker-compose.yml:</p>
<pre><code>version: "2"
services:
web:
build: .
volumes:
- .:/app
ports:
- "3000:3000"
links:
- database
labels:
- "traefik.port=3000"
- "traefik.backend=web"
- "traefik.protocol=https"
- "traefik.frontend.entryPoints=https"
- "traefik.frontend.rule=Host:brobet.dk, www.brobet.dk"
database:
image: mongo
container_name: mongo
ports:
- "27017:27017"
volumes_from:
- mongodata
command: --smallfiles --noprealloc
mongodata:
image: tianon/true
volumes:
- ./data/db:/data/db
traefik:
image: traefik:v1.1.1
command: --web.readonly --docker --docker.watch --docker.domain=docker.localhost --logLevel=DEBUG --entryPoints="Name:http Address::80"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /etc/traefik/traefik.toml:/etc/traefik/traefik.toml
- /etc/traefik/acme.json:/etc/traefik/acme.json
</code></pre>
<p>traefik.toml</p>
<pre><code>debug = true
[web]
address = ":8080"
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "nicklas_just2@hotmail.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
onDemand = true
OnHostRule = true
</code></pre>
<p>With this I get the following from docker logs traefik (changed domain name to [domain]) (Further info. I get a msg stating: level=debug msg="Global configuration loaded[.......] So I think that I don't get the custom toml used....):</p>
<pre><code>time="2017-05-22T08:01:00Z" level=debug msg="Last docker config received less than 2s, waiting..."
time="2017-05-22T08:01:02Z" level=debug msg="Waited for docker config, OK"
time="2017-05-22T08:01:02Z" level=debug msg="Creating frontend frontend-Host-brobet-dk-www-[domain]-dk"
time="2017-05-22T08:01:02Z" level=debug msg="Wiring frontend frontend-Host-brobet-dk-www-[domain]-dk to entryPoint https"
time="2017-05-22T08:01:02Z" level=error msg="Undefined entrypoint 'https' for frontend frontend-Host-brobet-dk-www-brobet-dk"
time="2017-05-22T08:01:02Z" level=error msg="Skipping frontend frontend-Host-[domain]-dk-www-[domain]-dk..."
time="2017-05-22T08:01:02Z" level=debug msg="Creating frontend frontend-Host-mongo-docker-localhost"
time="2017-05-22T08:01:02Z" level=error msg="No entrypoint defined for frontend frontend-Host-mongo-docker-localhost, defaultEntryPoints:[]"
time="2017-05-22T08:01:02Z" level=error msg="Skipping frontend frontend-Host-mongo-docker-localhost..."
time="2017-05-22T08:01:02Z" level=debug msg="Creating frontend frontend-Host-skovejr-traefik-1-docker-localhost"
time="2017-05-22T08:01:02Z" level=error msg="No entrypoint defined for frontend frontend-Host-skovejr-traefik-1-docker-localhost, defaultEntryPoints:[]"
time="2017-05-22T08:01:02Z" level=error msg="Skipping frontend frontend-Host-skovejr-traefik-1-docker-localhost..."
time="2017-05-22T08:01:02Z" level=info msg="Server configuration reloaded on :80"
</code></pre>
<p>EDIT:</p>
<p>So I have been successful in getting the certificates from Letsencrypt but I now get the following error in traefik when trying to access the webpage:</p>
<pre><code>time="2017-05-22T10:11:39Z" level=warning msg="Error forwarding to https://172.18.0.2:3000, err: EOF"
time="2017-05-22T10:11:39Z" level=warning msg="Error forwarding to https://172.18.0.2:3000, err: EOF"
2017/05/22 10:13:00 server.go:2317: http: TLS handshake error from 192.38.33.17:51390: EOF
</code></pre>
<p>Full log from docker logs <traefik_container_name>: <a href="https://pastebin.com/7NtHxVVu%5D" rel="nofollow">pastebin</a></p></pre>
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889
0 回复
- 请尽量让自己的回复能够对别人有帮助
- 支持 Markdown 格式, **粗体**、~~删除线~~、
`单行代码`
- 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
- 图片支持拖拽、截图粘贴等方式上传