当我尝试将 HTTPS 协议用于 traefik 后端时出现内部服务器错误

【问题标题】:Internal Server Error when I try to use HTTPS protocol for traefik backend当我尝试将 HTTPS 协议用于 traefik 后端时出现内部服务器错误
【发布时间】:2018-09-18 06:59:12
【问题描述】:

我的设置是ELB --https--> traefik --https--> 服务

每次请求时,我都会从 traefik 返回 500 Internal Server Error。似乎该请求从未将其发送到服务。该服务正在运行带有访问日志记录的 Apache,我看到没有记录任何传入请求。我能够直接卷曲服务并收到预期的响应。 traefik 和服务都在 Docker 容器中运行。我还能够成功使用端口 80,并且我可以使用 https 到 traefik 和端口 80 到服务。我从 apache 收到一个错误,但它确实一直通过。

traefik.toml

logLevel = "DEBUG"
RootCAs = [ "/etc/certs/ca.pem" ]
#InsecureSkipVerify = true
defaultEntryPoints = ["https"]

[entryPoints]
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      certFile = "/etc/certs/cert.pem"
      keyFile = "/etc/certs/key.pem"
  [entryPoints.http]
  address = ":80"

[web]
address = ":8080"

[traefikLog]

[accessLog]

[consulCatalog]
endpoint = "127.0.0.1:8500"
domain = "consul.localhost"
exposedByDefault = false
prefix = "traefik"

consul服务使用的标签:

"traefik.enable=true",
"traefik.protocol=https",
"traefik.frontend.passHostHeader=true",
"traefik.frontend.redirect.entryPoint=https",
"traefik.frontend.entryPoints=https",
"traefik.frontend.rule=Host:hostname"

每个请求的 traefik 调试输出:

time="2018-04-08T02:46:36Z"
level=debug
msg="vulcand/oxy/roundrobin/rr: begin ServeHttp on request"
Request="{"Method":"GET","URL":{"Scheme":"","Opaque":"","User":null,"Host":"","Path":"/","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"Proto":"HTTP/1.1","ProtoMajor":1,"ProtoMinor":1,"Header":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["max-age=0"],"Cookie":["__utmc=80117009; PHPSESSID=64c928bgf265fgqdqqbgdbuqso; _ga=GA1.2.573328135.1514428072; messagesUtk=d353002175524322ac26ff221d1e80a6; __hstc=27968611.cbdd9ce39324304b461d515d0a8f4cb0.1523037648547.1523037648547.1523037648547.1; __hssrc=1; hubspotutk=cbdd9ce39324304b461d515d0a8f4cb0; __utmz=80117009.1523037658.5.2.utmcsr=|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=80117009.573328135.1514428072.1523037658.1523128344.6"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.81 Safari/537.36"],"X-Amzn-Trace-Id":["Root=1-5ac982a8-b9615451a35258e3fd2a825d"],"X-Forwarded-For":["76.105.255.147"],"X-Forwarded-Port":["443"],"X-Forwarded-Proto":["https"]},"ContentLength":0,"TransferEncoding":null,"Host”:”hostname”,”Form":null,"PostForm":null,"MultipartForm":null,"Trailer":null,"RemoteAddr":"10.200.20.130:4880","RequestURI":"/","TLS":null}"

time="2018-04-08T02:46:36Z" level=debug 
msg="vulcand/oxy/roundrobin/rr: Forwarding this request to URL" 
Request="{"Method":"GET","URL":{"Scheme":"","Opaque":"","User":null,"Host":"","Path":"/","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"Proto":"HTTP/1.1","ProtoMajor":1,"ProtoMinor":1,"Header":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["max-age=0"],"Cookie":["__utmc=80117009; PHPSESSID=64c928bgf265fgqdqqbgdbuqso; _ga=GA1.2.573328135.1514428072; messagesUtk=d353002175524322ac26ff221d1e80a6; __hstc=27968611.cbdd9ce39324304b461d515d0a8f4cb0.1523037648547.1523037648547.1523037648547.1; __hssrc=1; hubspotutk=cbdd9ce39324304b461d515d0a8f4cb0; __utmz=80117009.1523037658.5.2.utmcsr=|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=80117009.573328135.1514428072.1523037658.1523128344.6"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.81 Safari/537.36"],"X-Amzn-Trace-Id":["Root=1-5ac982a8-b9615451a35258e3fd2a825d"],"X-Forwarded-For":["76.105.255.147"],"X-Forwarded-Port":["443"],"X-Forwarded-Proto":["https"]},"ContentLength":0,"TransferEncoding":null,"Host”:”hostname”,”Form":null,"PostForm":null,"MultipartForm":null,"Trailer":null,"RemoteAddr":"10.200.20.130:4880","RequestURI":"/","TLS":null}" ForwardURL="https://10.200.115.53:443"

假设“主机名”是正确的主机名。任何帮助表示赞赏。

【问题讨论】:

  • 看来这是某种证书问题。在 Apache 中打开调试级别日志记录后,我看到此错误 ACCEPT_SR_KEY_EXCH:sslv3 alert bad certificate (SSL alert number 42)

标签: amazon-web-services https consul traefik


【解决方案1】:

我认为您的问题来自"traefik.protocol=https",请删除此标签。

您也可以删除traefik.frontend.entryPoints=https,因为它没用:此标记创建到https 入口点的重定向,但您的前端已经在https 入口点("traefik.frontend.entryPoints=https"

【讨论】:

  • 当我删除“traefik.protocol=https”时,traefik 开始向后端服务发出 http 请求。这确实与服务连接,但 apache 抛出错误,因为它期望端口 443 上的 https
  • 我不知道为什么我是唯一一个遇到这个问题的人,考虑到有很多文档建议使用"traefik.protocol=https",但我非常感谢这一点,它解决了我的“内部服务器错误”/500 问题。
猜你喜欢
  • 2018-08-30
  • 1970-01-01
  • 2014-11-04
  • 2022-12-09
  • 2019-06-22
  • 1970-01-01
  • 2018-07-21
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode