9

我有几个使用 LetsEncrypt 凭据在 docker 中运行并通过 traefik 路由的网站。我想使用 LetsEncrypt 和 traefik 在 docker 中运行本地 gitlab-ce。

所以我将它添加到我的 traefik.toml 文件中:

[[acme.domains]]
  main = "gitlab.mydomain.com"

这对 config/gitlab.rb:

external_url "http://gitlab.mydomain.com"

我开始 gitlab:

docker run -d --restart=always \
     --hostname gitlab.mydomain.com \
     --expose 80 \
     --volume /srv/gitlab/config:/etc/gitlab \
     --volume /srv/gitlab/data:/var/opt/gitlab \
     --volume /var/log/gitlab:/var/log/gitlab \
     --label traefik.frontend.rule=Host:gitlab.mydomain.com \
     --name gitlab gitlab/gitlab-ce:latest

转到https://gitlab.mydomain.com/我得到了一个带有 LetsEncrypt 生成证书的安全站点,但该站点没有加载:

内部服务器错误

当我重新加载页面时,我在docker logs gitlab -f

==> /var/log/gitlab/sshd/current <==
2017-02-12_16:51:31.00446 Bad protocol version identification 'GET / HTTP/1.1' from 172.17.0.8 port 41138
2017-02-12_16:51:31.26238 Bad protocol version identification 'GET /favicon.ico HTTP/1.1' from 172.17.0.8 port 41140

在日志中搜索/error/i时,我看到一些可能是问题的东西(zruby/gems/2.3.0/gems/redis-3.2.2z 中报告了很多错误),但没有“确凿证据”AFAICT。

最疯狂的是,我运行该网站的大约每十次(随机)次docker restart gitlab就会完美地出现。我一直很想把它搁置一旁,但其中隐藏着疯狂......

我怎样才能让它可靠地出现?或者我怎样才能更完整地调试它?

4

2 回答 2

29

This answer probably comes way too late for you, but I ran into the same issue and was able to solve it.

The important clue is that the log errors are by the sshd daemon!

Traefik will, by default, pick the first port exposed by the container (by the Dockerfile, not the ports you manually expose!). In case of the Gitlab container, this is the ssh port 22.

So Traefik will direct the web requests to Gitlab's SSH daemon.

To fix this, you need to set the port for Traefik explicitly, with a label:

Traefik 1.x:

labels:
    ...
    - traefik.port=80

Traefik 2.x:

labels:
    - traefik.http.services.<your-service-name>.loadbalancer.server.port=80
于 2017-05-23T18:57:07.067 回答
1

我使用了 sameersbn 的 docker-compose,并在同一目录中添加了以下 docker-compose.override.yml。

version: "2"

services:
    gitlab:
      labels:
        - "traefik.frontend.rule=Host:git.schulz.codes"
        - "traefik.port=80"
        - "traefik.enable=true"
        - "traefik.frontend.entryPoints=http,https"

使用以下 traefik docker-compose 可以很好地保持安静

version: "2"

services:
  proxy:
    restart: always
    image: traefik
    container_name: traefik
    command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
    ports:
      - "8080:8080"
      - "80:80"
      - "443:443"
    volumes:
      - ./traefik.toml:/etc/traefik/traefik.toml
      - /var/run/docker.sock:/var/run/docker.sock
      - ./data:/etc/traefik/acme:rw

还有这个 traefik.toml

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
defaultEntryPoints = ["http", "https"]
[acme]
email = "yourmail@domain.com"
storageFile = "/etc/traefik/acme/acme.json"
entryPoint = "https"
OnHostRule = true
[[acme.domains]]
  main = "domain.com"
  sans = ["gitlab.domain.com"]
[web]
address = ":8080"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true
exposedbydefault = true
于 2017-02-25T18:15:08.300 回答