3

你做了什么?

我们在一个包含 3 个管理器的 docker swarm 中托管 traefik。一切正常,但大约一周后,我们开始不断收到以下错误: http: TLS handshake error from 10.255.0.2:56437: tls: no cipher suite supported by both client and server 2017/07/28 06:18:17 server.go:2753: http: TLS handshake error from 10.255.0.2:44674: tls: unsupported SSLv2 handshake received 2017/07/28 06:18:26 server.go:2753: http: TLS handshake error from 10.255.0.2:48083: tls: client using inappropriate protocol fallback 2017/07/28 06:11:12 server.go:2753: http: TLS handshake error from 10.255.0.2:54382: tls: client offered an unsupported, maximum protocol version of 300

你期待看到什么?

一旦我点击服务端点,我应该会看到我们的应用程序 JSON 响应。

你看到了什么?

一旦这个错误开始显示,我们的服务前端就会开始给出 502 bad gateway。但并非总是如此,10 次中有 3 次出现 502 错误网关。

输出traefik version:(您使用的是什么版本的 Traefik?

Traefik Version: Version: v1.3.4 Codename: raclette Go version: go1.8.3 Built: 2017-07-27_03:52:53PM OS/Arch: linux/amd64

您的环境和配置是什么(参数、toml、提供者、平台……)?

``` Docker 版本:客户端:版本:17.06.0-ce API 版本:1.30 Go 版本:go1.8.3 Git 提交:02c1d87 内置:2017 年 6 月 23 日星期五 21:20:36 OS/Arch:linux/amd64

服务器:版本:17.06.0-ce API 版本:1.30(最低版本 1.12) Go 版本:go1.8.3 Git 提交:02c1d87 构建:2017 年 6 月 23 日星期五 21:21:56 OS/Arch:linux/amd64 实验性:false ` ``

traefik.toml:

  toml

# traefik.toml
accessLogsFile = "log/access.log"
traefikLogsFile = "log/traefik.log"
logLevel = "INFO"

defaultEntryPoints = ["https"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      CertFile = "/etc/traefik/traefik.cert"
      KeyFile = "/etc/traefik/traefik.key"

[web]
address = ":8080"
ReadOnly = true

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true
exposedbydefault = true
swarmmode = true

我可以看到 10.255.0.2 作为入口的入口端点。复制入口的细节:奇怪的是,它正在工作。没有任何更改突然失败,然后出现此错误。

码头工人网络检查入口。

json
[
{
    "Name": "ingress",
    "Id": "g91vlveu6s2u9c4tvzqdn2e8y",
    "Created": "2017-07-27T10:01:09.111025266Z",
    "Scope": "swarm",
    "Driver": "overlay",
    "EnableIPv6": false,
    "IPAM": {
        "Driver": "default",
        "Options": null,
        "Config": [
            {
                "Subnet": "10.255.0.0/16",
                "Gateway": "10.255.0.1"
            }
        ]
    },
    "Internal": false,
    "Attachable": false,
    "Ingress": true,
    "ConfigFrom": {
        "Network": ""
    },
    "ConfigOnly": false,
    "Containers": {
        "bfdee6bece2b0750796d39533793286f599ad3f38855f4518ac545cf02048473": {
            "Name": "traefik.qml805v1p6e35ewm3e6f1qko8.zbyxdt4vawobelqp8pz7lxdp5",
            "EndpointID": "6e0e5f3d4c6bede800d6948aaa6da6f6b4df0e51d4e9b43c3fc9be88385e966e",
            "MacAddress": "02:42:0a:ff:00:07",
            "IPv4Address": "10.255.0.7/16",
            "IPv6Address": ""
        },
        "ingress-sbox": {
            "Name": "ingress-endpoint",
            "EndpointID": "10adf1878e093da50c7bfe7dcda2c0c1cdb5271db9b31c49553e4a031b20244b",
            "MacAddress": "02:42:0a:ff:00:02",
            "IPv4Address": "10.255.0.2/16",
            "IPv6Address": ""
        }
    },
    "Options": {
        "com.docker.network.driver.overlay.vxlanid_list": "4096"
    },
    "Labels": {}
}

]

大多数情况下,我们会在重新启动机器时看到此问题。

4

0 回答 0