0

我在使用 Traefik 后面的传送时遇到了一些问题。我认为这是因为从 Traefik 到 Teleport 的连接不支持 SSL 证书。有没有人有解决方案如何工作?

传送 Docker 文件:

version: '3'
services:
  teleport:
    image: quay.io/gravitational/teleport:4.3
    container_name: teleport
    entrypoint: /bin/sh
    hostname: dev.domain.com
    command: -c "sleep 1 && /bin/dumb-init teleport start -c /etc/teleport/teleport.yaml"
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.teleport.entrypoints=https-entrypoint"
      - "traefik.http.routers.teleport.rule=Host(`dev.domain.com`)"
      - "traefik.http.routers.teleport.tls.certresolver=certres"
      - "traefik.http.routers.teleport.service=teleport-port"
      - "traefik.http.services.teleport-port.loadbalancer.server.port=3080"

      - "traefik.tcp.routers.teleportlisten.entrypoints=teleport-listen-entrypoint"
      - "traefik.tcp.routers.teleportlisten.rule=HostSNI(`dev.domain.com`)"
      - "traefik.tcp.routers.teleportlisten.tls.passthrough=true"
      - "traefik.tcp.routers.teleportlisten.tls.certresolver=certres"
      - "traefik.tcp.routers.teleportlisten.service=teleportlisten-port"
      - "traefik.tcp.services.teleportlisten-port.loadbalancer.server.port=3023"

      - "traefik.tcp.routers.teleport-tunnellisten.entrypoints=teleport-tunnel-entrypoint"
      - "traefik.tcp.routers.teleport-tunnellisten.rule=HostSNI(`dev.domain.com`)"
      - "traefik.tcp.routers.teleport-tunnellisten.tls.passthrough=true"
      - "traefik.tcp.routers.teleport-tunnellisten.tls.certresolver=certres"
      - "traefik.tcp.routers.teleport-tunnellisten.service=teleport-tunnellisten-port"
      - "traefik.tcp.services.teleport-tunnellisten-port.loadbalancer.server.port=3024"

      - "traefik.tcp.routers.teleport-auth.entrypoints=teleport-auth-entrypoint"
      - "traefik.tcp.routers.teleport-auth.rule=HostSNI(`dev.domain.com`)"
      - "traefik.tcp.routers.teleport-auth.tls.passthrough=true"
      - "traefik.tcp.routers.teleport-auth.tls.certresolver=certres"
      - "traefik.tcp.routers.teleport-auth.service=teleport-auth-port"
      - "traefik.tcp.services.teleport-auth-port.loadbalancer.server.port=3025"
    volumes:
      - ./config:/etc/teleport
      - ./data:/var/lib/teleport

networks:
  proxy:
    external: true 


```

One option is by Passing the command --insecure-no-tls to the container but I´m not shure if this is secure.

Thanks for the help
4

1 回答 1

0

不看内容很难判断/etc/teleport/teleport.yaml。如果你使用--insecure-no-tls,Teleport 将运行,期望 TLS 将发生在负载均衡器上,或者在本例中是 Traefik。

另一个注意事项:此示例使用的是 EOL 的 Teleport 4.3,我建议尝试使用 Teleport 8。image: quay.io/gravitational/teleport:8.0

于 2022-02-16T00:04:55.667 回答