Traefik 不会在内部将传入的 443 映射到端口 80答案

【问题标题】：Traeffik does not map incoming 443 to port 80 internallyTraefik 不会在内部将传入的 443 映射到端口 80
【发布时间】：2018-04-27 15:38:05
【问题描述】：

我们的问题是来自 https 入口点的流量（可能）被转发到使用错误端口的后端。访问 http 入口点按预期工作：流量在服务器 1 2 3 之间进行负载平衡。使用 https 入口点时，我们得到一个 404 页面未找到。 TLS 一切都很好，连接是安全的，但看起来 traefik 没有将后端服务器的端口更改为：80。

我们确实让我们通过 traefik 进行加密，这看起来不错。

这是我们开始流量的方式：

docker run -d -p 443:443 -p 80:80 -v /home/pi/lbtest/traefik/traefik.toml:/traefik.toml -v /home/pi/lbtest/traefik/acme.json:/acme.json traefik

这是我们的 traefik.toml

debug = true

[file]

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[frontends]
  [frontends.lbtest]
  backend = "lbtest"
    [frontends.lbtest.routes.route0]
    rule = "Host:xxx.gotdns.ch"

[backends]
  [backends.lbtest]
    [backends.lbtest.servers.server1]
    url = "http://192.168.178.81:80"
    [backends.lbtest.servers.server2]
    url = "http://192.168.178.49:80"
    [backends.lbtest.servers.server3]
    url= "http://192.168.178.64:80"


[acme]
email = "xxx@xxx.eu.com"
storageFile = "acme.json"
acmeLogging = true
entryPoint = "https"
onHostRule = true

[acme.httpChallenge]
entryPoint = "http"

[[acme.domains]]
main = "xxx.gotdns.ch"

为什么http://xxx.gotdns.ch 工作 - 它在服务器 1 2 3 之间进行负载平衡 - 但不适用于 https://xxx.gotdns.ch。有什么想法吗？

【问题讨论】：

标签： traefik

【解决方案1】：

这是您配置中的字段defaultEntryPoints 的问题：

debug = true

defaultEntryPoints = ["http", "https"] # <-- move the field here

[file]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[frontends]
  [frontends.lbtest]
  backend = "lbtest"
    [frontends.lbtest.routes.route0]
    rule = "Host:xxx.gotdns.ch"

[backends]
  [backends.lbtest]
    [backends.lbtest.servers.server1]
    url = "http://192.168.178.81:80"
    [backends.lbtest.servers.server2]
    url = "http://192.168.178.49:80"
    [backends.lbtest.servers.server3]
    url= "http://192.168.178.64:80"


[acme]
email = "xxx@xxx.eu.com"
storageFile = "acme.json"
acmeLogging = true
entryPoint = "https"
onHostRule = true

[acme.httpChallenge]
entryPoint = "http"

[[acme.domains]]
main = "xxx.gotdns.ch"

我建议您这样编写配置：

debug = true

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[acme]
email = "xxx@xxx.eu.com"
storageFile = "acme.json"
acmeLogging = true
entryPoint = "https"
onHostRule = true

[acme.httpChallenge]
entryPoint = "http"

[[acme.domains]]
main = "xxx.gotdns.ch"

[file]
[frontends]
  [frontends.lbtest]
  backend = "lbtest"
    [frontends.lbtest.routes.route0]
    rule = "Host:xxx.gotdns.ch"

[backends]
  [backends.lbtest]
    [backends.lbtest.servers.server1]
    url = "http://192.168.178.81:80"
    [backends.lbtest.servers.server2]
    url = "http://192.168.178.49:80"
    [backends.lbtest.servers.server3]
    url= "http://192.168.178.64:80"

【讨论】：

我也有同样的情况。如何使用容器标签设置相同的配置？我使用 docker-compose 来处理我的所有服务。我们的一个容器必须使用 url 链接另一个容器：example.com 这是另一个容器。但是我会得到错误的端口，因为链接已更改为我无法使用的 172.17.0.x:443 端口。它应该是 172.17.0.x:80。有什么想法吗？