我在 docker swarm 中工作了几天。我创建了一个网络代理和一个用于后端服务的内部代理。为了执行 traefik,我执行:
docker service create \
--name traefik \
--constraint=node.role==manager \
--publish 80:80 --publish 8080:8080 --publish 443:443\
--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
--mount type=bind,source=/data/traefik/,target=/etc/traefik/ \
--network proxy \
traefik \
--docker \
--docker.swarmMode \
--docker.domain=traefik \
--docker.watch \
--api
为了执行 Web 应用程序,我执行:
docker service create --name whoami2 --label traefik.port=80 --label traefik.basic.frontend.rule=Host:example.com --label traefik.docker.network=proxy --label traefik.admin.frontend.rule=Host:example.com \
--network proxy --label traefik.admin.protocol=https --label traefik.admin.port=443 --label traefik.acme.domains=example.com --label "traefik.acme.sans=admin.example.com" emilevauge/whoami
配置文件是
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[web]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[file]
watch = true
[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "traefik"
watch = true
swarmmode = true
[traefikLog]
format = "common"
[accessLog]
format = "common"
我在生成 letsencrypts 证书时出错
raefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Creating backend backend-whoami2-whoami2-basic"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Creating load-balancer wrr"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Creating server server-basic-whoami2-1-0 at http://172.50.0.28:80 with weight 1"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Wiring frontend frontend-whoami2-whoami2-basic to entryPoint https"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Creating route route-frontend-whoami2-whoami2-basic Host:example.com"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Creating backend backend-whoami2-whoami2-basic"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Creating load-balancer wrr"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Creating server server-basic-whoami2-1-0 at http://172.50.0.28:80 with weight 1"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=info msg="Server configuration reloaded on :80"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=info msg="Server configuration reloaded on :443"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=info msg="Server configuration reloaded on :8080"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Try to challenge certificate for domain [example.com] founded in Host rule"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Try to challenge certificate for domain [admin.example.com] founded in Host rule"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Try to challenge certificate for domain [example.com] founded in Host rule"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Looking for provided certificate(s) to validate [\"example.com\"]..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Domains [\"example.com\"] need ACME certificates generation for domains \"example.com\"."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Loading ACME certificates [example.com]..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Building ACME client..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Looking for provided certificate(s) to validate [\"example.com\"]..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Domains [\"example.com\"] need ACME certificates generation for domains \"example.com\"."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Loading ACME certificates [example.com]..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Looking for provided certificate(s) to validate [\"admin.example.com\"]..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Domains [\"admin.example.com\"] need ACME certificates generation for domains \"admin.example.com\"."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:38Z" level=debug msg="Loading ACME certificates [admin.example.com]..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:48Z" level=error msg="Unable to obtain ACME certificate for domains \"example.com\" detected thanks to rule \"Host:example.com\" : cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': failed to get json \"https://acme-v02.api.letsencrypt.org/directory\": Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:58948->127.0.0.11:53: i/o timeout"
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:48Z" level=debug msg="Building ACME client..."
traefik.1.jb0p9q8iy3kj@master | time="2018-06-10T17:54:48Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
我尝试从主机 ping 域,但问题已解决。我认为问题是因为 swarm dns 位于不同的网络中,而不是代理/内部网络中,但我不确定。也许我应该使用额外的服务交付作为 consul?或者问题不同?