使用 Docker Compose 和 Active Cloudflare 代理进行 Traefik 配置

问题描述 投票:0回答:1

我正在尝试使用 Docker Compose 配置 Traefik,以便通过 Cloudflare 进行本地和外部访问(启用代理)。

此配置运行良好,但为 HTTP 提供多个入口点(创建两个入口点)似乎是多余的。我尝试简化此设置,但每当我进行更改时,DNS 访问就会停止工作,我只能在本地访问它。

有人可以帮我完成这个配置吗?

提前谢谢您!

这是我当前的配置:

services:
  traefik:
    user: root
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    cap_add:
      - NET_BIND_SERVICE
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./acme.json:/acme.json
    labels:
      - 'traefik.enable=true'

      - 'traefik.http.routers.traefik-http.entrypoints=http'
      - 'traefik.http.routers.traefik-http.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-http.middlewares=redirect-to-https'

      - 'traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https'

      - 'traefik.http.routers.traefik-https.entrypoints=https'
      - 'traefik.http.routers.traefik-https.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-https.tls=true'
      - 'traefik.http.routers.traefik-https.tls.certresolver=cloudflare'
      - 'traefik.http.routers.traefik-https.service=api@internal'
      - 'traefik.http.routers.traefik-https.middlewares=traefik-auth'

      - 'traefik.http.middlewares.traefik-auth.basicauth.users=user:password'

      - 'traefik.http.routers.traefik-additional.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-additional.entrypoints=http'
      - 'traefik.http.routers.traefik-additional.service=api@internal'
      - 'traefik.http.routers.traefik-additional.middlewares=traefik-auth'

networks:
  proxy:
    external: true

我调整成这样:

services:
  traefik:
    user: root
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    cap_add:
      - NET_BIND_SERVICE
    networks:
      - proxy
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - CF_API_EMAIL=${CF_API_EMAIL}
      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/etc/traefik/traefik.yml:ro
      - ./acme.json:/acme.json
    labels:
      - 'traefik.enable=true'
      
      - 'traefik.http.routers.traefik-http.entrypoints=http'
      - 'traefik.http.routers.traefik-http.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-http.middlewares=http-to-https-redirect'

      - 'traefik.http.middlewares.http-to-https-redirect.redirectscheme.scheme=https'
      - 'traefik.http.middlewares.http-to-https-redirect.redirectscheme.permanent=true'

      - 'traefik.http.routers.traefik-https.entrypoints=https'
      - 'traefik.http.routers.traefik-https.rule=Host(`traefik.mydomain`)'
      - 'traefik.http.routers.traefik-https.tls=true'
      - 'traefik.http.routers.traefik-https.tls.certresolver=cloudflare'
      - 'traefik.http.routers.traefik-https.service=api@internal'
      - 'traefik.http.routers.traefik-https.middlewares=dashboard-auth'

      - 'traefik.http.middlewares.dashboard-auth.basicauth.users=user:password'

networks:
  proxy:
    external: true

这是我的 traefik.yml 文件:

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

api:
  dashboard: true
  debug: true
  insecure: true

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  cloudflare:
    acme:
      email: "myemail"
      storage: "/acme.json"
      dnsChallenge:
        provider: "cloudflare"

如有任何意见或建议,我们将不胜感激traefik dashboard

docker cloudflare traefik
1个回答
0
投票

我已经有几年没有使用 Cloudflare 了,但是您是否尝试过在没有证书验证的情况下通过 HTTPS 设置源连接?

据我记得,连接 Origin 有 4 种模式:

  1. HTTP
  2. 带证书验证的HTTPS
  3. HTTPS 无证书验证
  4. 带有“自签名”证书的HTTPS

CF 始终默认为 HTTP。因此,您必须探索 Origin 连接设置来解决此问题。

注意:很确定最后一个选项仅限企业使用,因为它需要设置 CA 并提供证书来建立信任,并且您仍然可以在 Origin 上使用 Let's Encrypt,但它有点麻烦 - 您必须设置DNS 验证。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.