traefik 不会将 http 重定向到 https

问题描述 投票:0回答:2

我是 traefik 的新手,不明白为什么它不重定向。 我看到了很多如何进行重定向的方法,而这个方法非常适合我,因为我希望该重定向适用于所有路由器。 特别是我不想将重定向写入每个路由器的标签

docker-compose.yml

services:
  traefik:
    image: traefik:v2.5
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443 
      - 8082:8082
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/custom/:/custom/:ro
      - ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=letsEncrypt"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.services.traefik-traefik.loadbalancer.server.port=888"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$apr1$$yTyey7a2$$CDmIjg/aratMfqENIHcQW1"
      - "traefik.http.routers.traefik.middlewares=traefik-auth"

traefik.yml

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true
  https:
    address: ":443"
  metrics:
    address: ":8082"

metrics:
  prometheus:
    entryPoint: metrics

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /custom
    watch: true

certificatesResolvers:
  letsEncrypt:
    acme:
      email: [email protected]
      storage: acme.json
      #caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: http
http ssl https traefik
2个回答
0
投票

几个月前,我用 Traefik 配置了一个反向代理,基本上,我有一个身份验证服务器和一个 API。如果请求 url 具有 

auth
路径前缀,Traefik 会将流量重定向到身份验证服务器;如果请求 url 具有 
api
路径前缀,则 Traefik 会将流量重定向到 API。这是我使用 docker-compose.yaml 进行的所有配置:

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.5
    container_name: selling-point-reverse-proxy
    ports:
      - 80:80
      - 8080:8080
    volumes:
      # Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
    command:
      # Enables the web UI
      - --api.insecure=true
      # Tells Traefik to listen to docker
      - --providers.docker
      # Creates a new entrypoint called web
      - --entrypoints.web.address=:80
      # Disable container exposition
      - --providers.docker.exposedByDefault=false
      # Traefik matches against the container's labels to determine whether to create any route for that container
      - --providers.docker.constraints=Label(`traefik.scope`,`selling-point`)
    networks:
      - selling-point
  api:
    image: selling-point-api
    container_name: selling-point-api
    build: 
      context: ./selling-point-api
    labels:
      # Tells Traefik where to redirect the request if the url has the specified prefix
      - traefik.http.routers.api.rule=PathPrefix(`/api`)
      # Attaches a middleware for forwarding the authentication
      - traefik.http.routers.api.middlewares=forward-auth,latency-check
      # Attaches entrypoints
      - traefik.http.routers.api.entrypoints=web
      # Exposes container
      - traefik.enable=true
      # Matcher for creating a route
      - traefik.scope=selling-point
      # Creates a service called selling-point-api
      - traefik.http.services.selling-point-api.loadbalancer.server.port=3000
      # Attach the container to a service
      - traefik.http.routers.api.service=selling-point-api
      # Creates circuit breaker middleware
      - traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100
    volumes:
      - ./selling-point-api/src:/app/src
    networks:
      - selling-point
    environment:
      WAIT_HOSTS: mysql:3306
      DATABASE_URL: mysql://root:huachinango@mysql:3306/selling_point
      NODE_ENV: development
  auth:
    image: selling-point-auth
    container_name: selling-point-auth
    build: 
      context: ./selling-point-auth
    labels:
      # Tells Traefik where to redirect the request if the url has the specified prefix
      - traefik.http.routers.auth.rule=PathPrefix(`/auth`)
      # Creates a forward auth middleware
      - traefik.http.middlewares.forward-auth.forwardauth.address=http://auth:3000/auth/authorize
      # Attaches entrypoints
      - traefik.http.routers.auth.entrypoints=web
      # Exposes container
      - traefik.enable=true
      # Matcher for creating a route
      - traefik.scope=selling-point
      # Creates a service called selling-point-auth
      - traefik.http.services.selling-point-auth.loadbalancer.server.port=3000
      # Attach the container to a service
      - traefik.http.routers.auth.service=selling-point-auth
      # Attaches a circuit breaker middleware
      - traefik.http.routers.auth.middlewares=latency-check
    environment:
      WAIT_HOSTS: mysql:3306
      IGNORE_ENV_FILE: 'true'
      DATABASE_URL: mysql://root:huachinango@mysql:3306/selling_point
      PASSWORD_SALT: $$2b$$10$$g0OI8KtIE3j6OQqt1ZUDte
      NODE_ENV: development
    volumes:
      - ./selling-point-auth/src:/app/src
    networks:
      - selling-point
  mysql:
    image: mysql:5
    environment:
      MYSQL_ROOT_PASSWORD: huachinango
      MYSQL_DATABASE: selling_point
    networks:
      - selling-point
    volumes:
      - mysql-db:/var/lib/mysql

volumes:
  mysql-db:

networks:
  selling-point:
    name: selling-point
    driver: bridge
0
投票

答案大概是这样的: https://community.traefik.io/t/http-to-https-redirection-through-middlewares-does-not-work-unless-globally-enforced/6755/2

您需要为同一服务(应用程序)指定不同的(第二个)http 路由器 那是 not tls 并重定向到 https。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.