私网ip如何路由

问题描述 投票:0回答:1

使用 traefik 3 我想将 

wg.my-domain.com
路由到 wg-easy UI,该 UI 正在监听 wg-easy 服务的端口 
51821
。但我只想在专用网络上允许这样做
10.0.0.0/24

现在我将 

wg.my-domain.com
指向我的 
10.0.0.4
中的 
/etc/hosts
。我确实控制
my-domain.com
并且证书已创建且有效。 
A
没有 
wg.my-domain.com
记录。

当我使用 docker 

ports
将端口映射到私有 IP 上时(请参阅配置中的注释),我可以访问 
http://10.0.0.4:51821
上的 ui,但我只想允许通过域访问并使用 ssl (
https://wg.my-domain.com
) .

我的问题是,当我转到

https://wg.my-domain.com
时,我只看到
404 page not found
。我希望它在我设置 
traefik.http.routers.wg_easy.loadbalancer.server.port=51821
告诉 traefik 路由器将域路由到容器的特定端口后起作用。

这是我的 docker-compose.yml:

services:
  traefik:
    image: traefik:3.0
    command:
      # - "--log.level=DEBUG"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--api.dashboard=false"
      - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32"
      # use DNS challenge because we issue certs for services not having A records in public DNS
      - "--certificatesresolvers.leresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.leresolver.acme.dnschallenge.provider=hetzner"
      - "--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json"
    environment:
      - "HETZNER_API_KEY=${HETZNER_DNS_API_KEY}"
    ports:
      - ${PRIVATE_IPV4}:80:80     # traefik
      - 443:443
    volumes:
      - ./traefik/certs:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped

  wg-easy:
    image: ghcr.io/wg-easy/wg-easy:13
    environment:
      # ⚠️ Required:
      - WG_HOST=<my-public-ip>
      # Optional:
      # - WEBUI_HOST=10.0.0.4
      - PORT=51821 # web ui port
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    volumes:
      - ./wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
        # I don't want to expose the UI port, but only allow accessing it via the domain via traefik on 10.0.0.0/24
        # When mapping the port on the private ip, I can access the ui on http://<ip>:51821 but I want to only allow access via the domain and use ssl.
        #      - "${PRIVATE_IPV4}:51821:51821/tcp"
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.wg_easy.rule=Host(`wg.my-domain.com`)"
      - "traefik.http.routers.wg_easy.entrypoints=websecure"
      - "traefik.http.routers.wg_easy.loadbalancer.server.port=51821"
      - "traefik.http.routers.wg_easy.tls=true"
      - "traefik.http.routers.wg_easy.tls.certresolver=leresolver"
docker docker-compose traefik
1个回答
0
投票

负载均衡器是服务的一部分,而不是路由的一部分,因此端口必须像这样设置:

-traefik.http.routers.wg_easy.loadbalancer.server.port=51821
+traefik.http.services.wg_easy.loadbalancer.server.port=51821
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.