我在配置 Traefik 以将流量路由到 Docker Compose 设置中的
wallet-service
容器时遇到问题。虽然我可以通过主机上的 curl http://localhost:3000
直接访问该服务,但 Traefik 无法连接,尝试访问内部 Docker IP (192.168.64.4:3000
) 而不是映射的主机端口。
使用正确的标签配置 Traefik:
已验证的服务可访问性:
curl
请求 localhost:3000
返回正确的响应。wallet-service
监听所有接口 (0.0.0.0
)。检查Traefik日志:
192.168.64.4:3000
。尽管有这些配置,Traefik 仍无法将流量路由到我的
wallet-service
。
version: '3.8'
services:
wallet-service:
ports:
- '3000:3000'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.wallet-service.rule=Host(`${DOMAIN}`)'
- 'traefik.http.routers.wallet-service.entrypoints=websecure'
- 'traefik.http.routers.wallet-service.tls.certresolver=myresolver'
- 'traefik.http.services.wallet-service.loadbalancer.server.port=3000'
networks:
- internal-network
- traefik-public
caller-service:
ports:
- '3001:3001'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.caller-service.rule=Host(`caller.${DOMAIN}`)'
- 'traefik.http.routers.caller-service.entrypoints=websecure'
- 'traefik.http.routers.caller-service.tls.certresolver=myresolver'
networks:
- internal-network
- traefik-public
postgres:
image: postgres:13
ports:
- '5432:5432'
networks:
- internal-network
rabbitmq:
image: rabbitmq:3-management
ports:
- '5672:5672'
- '15672:15672'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.rabbitmq.rule=Host(`rabbitmq.${DOMAIN}`)'
- 'traefik.http.routers.rabbitmq.entrypoints=websecure'
- 'traefik.http.routers.rabbitmq.tls.certresolver=myresolver'
networks:
- internal-network
- traefik-public
volumes:
postgres-data:
name: wallet-postgres-data
networks:
internal-network:
driver: bridge
traefik-public:
external: true
services:
traefik:
image: traefik:v2.9
command:
- "--api=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "[email protected]"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
- "--log.level=DEBUG" # Increase log verbosity
- "--accesslog=true" # Enable access logs
- "--accesslog.filepath=/var/log/traefik/access.log"
- "--log.filepath=/var/log/traefik/traefik.log"
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
- "./logs:/var/log/traefik" # Mount a volume for logs
networks:
- traefik-public
networks:
traefik-public:
external: true
name: traefik-public
访问公共域时,Traefik 尝试连接到
192.168.64.4:3000
,该连接与主机的端口映射不对应。但是,直接在主机上访问 http://localhost:3000
会返回预期的响应:
curl http://localhost:3000
Service is running!
我相信您需要
traefik.http.routers.wallet-service.tls=true
才能通过 websecure
获得服务,如下所示:
services:
traefik:
image: docker.io/traefik:v2.9
command:
- "--api=true"
- "--api.insecure=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--log.level=DEBUG"
- "--accesslog=true"
ports:
- "7080:80"
- "7443:443"
volumes:
- "/run/docker.sock:/run/docker.sock:ro"
networks:
- traefik-public
wallet-service:
image: docker.io/traefik/whoami:latest
environment:
WHOAMI_PORT_NUMBER: 3000
WHOAMI_NAME: wallet-service
ports:
- '3000:3000'
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.wallet-service.rule=Host(`wallet.example.com`)'
- 'traefik.http.routers.wallet-service.entrypoints=websecure'
- 'traefik.http.routers.wallet-service.tls=true'
- 'traefik.http.services.wallet-service.loadbalancer.server.port=3000'
networks:
- traefik-public
networks:
traefik-public:
external: true
鉴于上述配置,如果我运行以下命令:
curl --resolve wallet.example.com:7443:127.0.0.1 -k https://wallet.example.com:7443
已成功连接钱包服务。
请注意,我已在此处启用了仪表板,可以通过
http://<container_ip>:8080
访问该仪表板。在尝试调试 Traefik 配置时,访问仪表板至关重要。您可以将其保持启用状态,并且不暴露 api 端口。