docker - 无法在 Docker 中使用 Traefik 访问站点

Question

我是 Docker 的新手，也是 Traefik 的新手，但我尝试阅读有关此的文档、示例和问题 - 但它仍然不起作用。

我有一个运行 Linux 4.19.118-v7 的 Raspberry Pi，我在上面安装了 Docker。我还安装了OctoPrint作为处于工作状态的服务。使用 HAProxy 设置时，我可以完全访问它。

我尝试使用 Docker 安装 Traefik，禁用 HAProxy，并让 Traefik 处理连接。Traefik 有效，我可以看到它的仪表板，但是我路由所有内容的方式给了我一个Bad Gateway(502) 响应。

我可以curl http://127.0.0.1:5000在 Pi 上做一个返回我想要的页面的操作，所以那里有一些东西，只是 Traefik 无法访问。

我负责三个文件：

Docker-compose.yml

version: '3.4'

services:
  traefik:
    # The official v2 Traefik docker image
    image: traefik:v2.2.7
    # Enables the web UI and tells Traefik to listen to docker
    command: --providers.docker
    container_name: "traefik"
    ports:
      # The HTTP port
      - "80:80"
      # The Web UI (enabled by --api.insecure=true)
      - "8088:8080"
      # The HTTPS port
      - "443:443"
    volumes:
      # So that Traefik can listen to the Docker events
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./traefik.yml:/traefik.yml:ro"
      - "./acme.json:/acme.json"
      - "./conf/traefik_dynamic.yml:/conf/traefik_dynamic.yml"
    labels:
      - "traefik.enable=true"
      - "traefik.port=80"
    networks:
      - traefik-network

networks:
  traefik-network:
    external:
      name: traefik_default

我用docker -f ./docker-compose.yml up -d.

它获取静态配置文件traefik.yml：

## STATIC CONFIGURATION
log:
  level: DEBUG

api:
  insecure: true
  dashboard: true

entryPoints:

  web:
    address: ":80"

  webSecure:
    address: ":443"

providers:
  file:
    directory: /conf
    watch: true

certificatesResolvers:
  lets-encr:
    acme:
      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      storage: acme.json
      email: myActual@emailNotShown.io
      httpChallenge:
        entryPoint: web

以及conf/trafik_dynamic.yml的动态配置：

http:

  routers:
    to-octoprint:
      rule: "Host(`3d.myWebsite.io`)"
      service: octoprint
      entryPoints:
        - web

  services:

    octoprint:
      loadBalancer:
        servers:
          - url: "http://127.0.0.1:5000"

  providers:
    docker: {}

这一切都导致Bad Gateway我尝试点击http://3d.myWebsite.io（不是我的真实站点，请注意），所以我以调试模式进入日志。每个请求两次吐出 4 行：

msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request" Request="..." 

msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" Request="..." ForwardURL="http://127.0.0.1:5000"

msg="'502 Bad Gateway' caused by: dial tcp 127.0.0.1:5000: connect: connection refused"

msg="vulcand/oxy/roundrobin/rr: completed ServeHttp on request" Request="..." 

请求如下所示：

{
  "Method": "GET",
  "URL": {
    "Scheme": "",
    "Opaque": "",
    "User": null,
    "Host": "",
    "Path": "/",
    "RawPath": "",
    "ForceQuery": false,
    "RawQuery": "",
    "Fragment": ""
  },
  "Proto": "HTTP/1.1",
  "ProtoMajor": 1,
  "ProtoMinor": 1,
  "Header": {
    "Accept": [
      "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
    ],
    "Accept-Encoding": [
      "gzip, deflate"
    ],
    "Accept-Language": [
      "en-US,en;q=0.9,da;q=0.8,jv;q=0.7,sv;q=0.6,nb;q=0.5,nl;q=0.4"
    ],
    "Cache-Control": [
      "max-age=0"
    ],
    "Connection": [
      "keep-alive"
    ],
    "Upgrade-Insecure-Requests": [
      "1"
    ],
    "User-Agent": [
      "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
    ],
    "X-Forwarded-Host": [
      "3d.myWebsite.io"
    ],
    "X-Forwarded-Port": [
      "80"
    ],
    "X-Forwarded-Proto": [
      "http"
    ],
    "X-Forwarded-Server": [
      "db3b41941e8c"
    ],
    "X-Real-Ip": [
      "192.168.1.1"
    ]
  },
  "ContentLength": 0,
  "TransferEncoding": null,
  "Host": "3d.myWebsite.io",
  "Form": null,
  "PostForm": null,
  "MultipartForm": null,
  "Trailer": null,
  "RemoteAddr": "192.168.1.1:56060",
  "RequestURI": "/",
  "TLS": null
}

/etc/haproxy/haproxy.cfg允许它工作的现在看起来像这样：

global
        maxconn 4096
        user haproxy
        group haproxy
        log 127.0.0.1 local1 debug

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option redispatch
        option http-server-close
        option forwardfor
        maxconn 2000
        timeout connect 5s
        timeout client  15min
        timeout server  15min

#frontend public
#        bind :::80 v4v6
#        bind :::443 v4v6 ssl crt /etc/ssl/snakeoil.pem
#        option forwardfor except 127.0.0.1
#        use_backend webcam if { path_beg /webcam/ }
#        default_backend octoprint

#backend octoprint
#        acl needs_scheme req.hdr_cnt(X-Scheme) eq 0

#        reqrep ^([^\ :]*)\ /(.*) \1\ /\2
#        reqadd X-Scheme:\ https if needs_scheme { ssl_fc }
#        reqadd X-Scheme:\ http if needs_scheme !{ ssl_fc }
#        option forwardfor
#        server octoprint1 127.0.0.1:5000
#        errorfile 503 /etc/haproxy/errors/503-no-octoprint.http

#backend webcam
#        reqrep ^([^\ :]*)\ /webcam/(.*)     \1\ /\2
#        server webcam1  127.0.0.1:8080
#        errorfile 503 /etc/haproxy/errors/503-no-webcam.http

我能做些什么？

Answer 1

您正在尝试将请求重定向到127.0.0.1traefik 的 docker 容器，但该服务在不同的容器中运行或直接在主机中运行。

您可以：

• 在同一个 docker compose 文件中链接两个容器，并按名称访问它
• 或者您可以运行 traefik 容器，--net=host以防您的服务直接在主机中运行