Traefik 仪表板返回 404 页面未找到 + TLS 握手错误:远程错误:tls:错误证书(traefik + bind9 + CloudFlare + Let's Encrypt)

tag-icon tag-icon ssl docker bind wildcard traefik
Traefik 仪表板返回 404 页面未找到 + TLS 握手错误:远程错误:tls:错误证书(traefik + bind9 + CloudFlare + Let's Encrypt)

我使用指南在 docker 中配置了 Traefik:将通配符证书和 SSL 放在所有内容上 - Traefik 教程

但当我尝试访问仪表板时,我看到一个错误:404 页面未找到 在此处输入图片描述

我曾在多个论坛上问过这个问题:

  1. Docker 论坛
  2. Traefik 论坛
  3. AskUbuntu 论坛
  4. StackOverFlow 论坛
  5. ServerFault 论坛

我已经尝试了一切:

  1. 禁用 Ubuntu 和路由器中的防火墙
  2. 尝试从本地 ip 和本地机器 ip 登录:localhost 和 192.168.88.253
  3. 我配置了 docker compose 文件,以便 Traefik 和 bind9 都位于同一网络中,甚至在 bind 9 中配置了一个子域,向其中添加了 Traefik-dashboard 条目。我无法从域访问 Traefik 仪表板,现在仍然无法访问。但是,我无法通过本地 ip 和 localhost 进入它。

下面我将提供我的所有技巧,包括 docker-compose 文件,错误日志等。如果您能指出我的缺陷并帮助我解决这个问题,我将不胜感激。

让我们从 traefik docker-compose.yml 开始:

version: '3.8'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      proxy1:
      dns-server_dns-network:
        ipv4_address: 10.20.3.5
    ports:
      - 80:80
      - 443:443
    environment:
      - CF_API_EMAIL=****@protonmail.com
      - CF_DNS_API_TOKEN=mdc3Xlhxpuidm***
      # - CF_API_KEY=YOUR_API_KEY
      # be sure to use the correct one depending on if you are using a token or key
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /root/traefik/data/traefik.yml:/traefik.yml:ro
      - /root/traefik/data/acme.json:/acme.json
      - /root/traefik/data/config.yml:/config.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.****.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.****.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=local.****.com"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.****.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  dns-server_dns-network:
    external: true
  proxy1:
    external: true

我来简单解释一下:dns-server_dns-network 是 dns-server (bind9) 的网络,它也位于 docker 容器内,但不同。在这种情况下,需要分配一个本地子域,这样一切才能正常工作。proxy1 - Traefik 本身的网络。

Traefik config.yml:

http:
 #region routers 
  routers:
    bind9:
      entryPoints:
        - "https"
      rule: "Host(`bind9.local.*****.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: bind9
    pterodactyl:
      entryPoints:
        - "https"
      rule: "Host(`pterodactyl.local.*****.com`)"
      middlewares:
        - default-headers
        - https-redirectscheme
      tls: {}
      service: pterodactyl
#endregion
#region services
  services:
    bind9:
      loadBalancer:
        servers:
          - url: "https://10.20.3.2:53"  
        passHostHeader: true
    pterodactyl:
      loadBalancer:
        servers:
          - url: "http://10.20.3.6:8082"
        passHostHeader: true
#endregion
  middlewares:
    addprefix-pihole:
      addPrefix:
prefix: "/admin"
    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true
    redirectregex-pihole:
      redirectRegex:
        regex: /admin/$
        replacement: /

    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    idrac:
      headers:
        frameDeny: true
        browserXssFilter: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN
        customRequestHeaders:
          X-Forwarded-Proto: https

    default-whitelist:
      ipWhiteList:
        sourceRange:
        - "10.0.0.0/8"
        - "192.168.88.0/24"
        - "172.16.0.0/12"

    secured:
      chain:
        middlewares:
        - default-whitelist
        - default-headers

Traefik.yml:

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml
certificatesResolvers:
  cloudflare:
    acme:
      email: ****@protonmail.com
      storage: acme.json
      dnsChallenge:
        delayBeforeCheck: 5
        provider: cloudflare
       #disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables>
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

acme.json 文件:

{
  "cloudflare": {
    "Account": {
      "Email": "*****@protonmail.com",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:****@protonmail.com"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1308****76"
      },
      "PrivateKey": "MIIJKQ**********fhYGyV2xowwa/O9WSHf+3GU>
      "KeyType": "4096"
    },
    "Certificates": [
      {
        "domain": {
          "main": "local.*****.com",
          "sans": [
            "*.local.*****.com"
          ]
        },
        "certificate": "LS0tLS1C***********N3VUEKTURJ>
        "key": "LS0tLS1CRUdJTiBS*******Bejk4bzdCeTBtCnhLVFFC>
        "Store": "default"
      }
    ]
  }
}

如果您使用容器运行 Traefik,则日志中没有任何内容:

root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"

但是,如果你写入重新启动,日志中就会出现错误:

root@riven:~/traefik/data# docker restart traefik
traefik
root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:36+03:00" level=info msg="Configuration loaded from file: /traefik.yml"

为了以防万一,这里是所有容器的列表:

root@riven:~/dns-server/config# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                  CREATED        STATUS          PORTS                                                                           NAMES
78296a683271   traefik:latest        "/entrypoint.sh trae…"   11 hours ago   Up 25 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp        traefik
5c3081b0c7df   ubuntu/bind9:latest   "docker-entrypoint.sh"   12 hours ago   Up 8 minutes    0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp   dns-server

现在让我们转到也在容器中运行的 dns 服务器 bind9:

bind9 docker-compose.yml:

version: '3'

networks:
  dns-network:
    driver: bridge
    ipam:
      config:
        - subnet: 10.20.0.0/16

services:
  bind9:
    container_name: dns-server
    image: ubuntu/bind9:latest
    environment:
      - BIND9_USER=root
      - TZ=Europe/Moscow
    networks:
      dns-network:
        ipv4_address: 10.20.3.2
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - ./config:/etc/bind
      - ./cache:/var/cache/bind
      - ./records:/var/lib/bind
    restart: unless-stopped

named.conf 文件:

acl internal {
    10.10.0.0/16;
    10.11.0.0/16;
    10.20.0.0/16;
    10.50.0.0/16;
    192.168.88.0/24;
};

options {
    forwarders {
        1.1.1.1;
        1.0.0.1;
    };
    allow-query { internal; };
};

zone "local.*****.com" IN {
    type master;
    file "/etc/bind/local-*****-com.zone";
};

local-*****-com.zone 文件:

$TTL 2D

$ORIGIN local.*****.com.

@       IN      SOA     ns.local.*****.com.  admin.*****.com. (
                        2023083100      ; serial
                        12h             ; refresh
                        15m             ; retry
                        3w              ; expire
                        2h              ; minimum ttl
)

        IN      NS      ns.local.*****.com.

ns      IN      A       10.20.3.2

; -- add dns records below

servers IN      A       10.20.3.4
*.servers IN    A       10.20.3.4
traefik-dashboard IN A 10.20.3.5

Bind9 日志:

root@riven:~/dns-server/config# docker logs --tail=200 dns-server
Starting named....
exec /usr/sbin/named -u "root" "-g" ""
14-Sep-2023 14:54:56.133 starting BIND 9.18.12-1ubuntu1.1-Ubuntu (Extended Support Version) <id:>
14-Sep-2023 14:54:56.133 running on Linux x86_64 6.2.0-32-generic #32~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 18 10:40:13 UTC 2
14-Sep-2023 14:54:56.133 built with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=/usr/src/bind9-1:9.18.12-1ubuntu1.1 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
14-Sep-2023 14:54:56.133 running as: named -u root -g
14-Sep-2023 14:54:56.133 compiled by GCC 12.2.0
14-Sep-2023 14:54:56.133 compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 compiled with libxml2 version: 2.9.14
14-Sep-2023 14:54:56.133 linked to libxml2 version: 20914
14-Sep-2023 14:54:56.133 compiled with json-c version: 0.16
14-Sep-2023 14:54:56.133 linked to json-c version: 0.16
14-Sep-2023 14:54:56.133 compiled with zlib version: 1.2.13
14-Sep-2023 14:54:56.133 linked to zlib version: 1.2.13
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 BIND 9 is maintained by Internet Systems Consortium,
14-Sep-2023 14:54:56.133 Inc. (ISC), a non-profit 501(c)(3) public-benefit 
14-Sep-2023 14:54:56.133 corporation.  Support and training for BIND 9 are 
14-Sep-2023 14:54:56.133 available at https://www.isc.org/support
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 found 8 CPUs, using 8 worker threads
14-Sep-2023 14:54:56.133 using 8 UDP listeners per interface
14-Sep-2023 14:54:56.133 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
14-Sep-2023 14:54:56.133 DS algorithms: SHA-1 SHA-256 SHA-384
14-Sep-2023 14:54:56.133 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
14-Sep-2023 14:54:56.133 TKEY mode 2 support (Diffie-Hellman): yes
14-Sep-2023 14:54:56.133 TKEY mode 3 support (GSS-API): yes
14-Sep-2023 14:54:56.137 config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
14-Sep-2023 14:54:56.137 loading configuration from '/etc/bind/named.conf'
14-Sep-2023 14:54:56.137 unable to open '/etc/bind/bind.keys'; using built-in keys instead
14-Sep-2023 14:54:56.137 looking for GeoIP2 databases in '/usr/share/GeoIP'
14-Sep-2023 14:54:56.137 using default UDP/IPv4 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 using default UDP/IPv6 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 listening on IPv4 interface lo, 127.0.0.1#53
14-Sep-2023 14:54:56.141 listening on IPv4 interface eth0, 10.20.3.2#53
14-Sep-2023 14:54:56.141 Could not open '//run/named/named.pid'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/named.pid': Permission denied
14-Sep-2023 14:54:56.141 generating session key for dynamic DNS
14-Sep-2023 14:54:56.141 Could not open '//run/named/session.key'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/session.key': Permission denied
14-Sep-2023 14:54:56.141 could not create //run/named/session.key
14-Sep-2023 14:54:56.141 failed to generate session key for dynamic DNS: permission denied
14-Sep-2023 14:54:56.141 sizing zone task pool based on 1 zones
14-Sep-2023 14:54:56.141 none:99: 'max-cache-size 90%' - setting to 57829MB (out of 64255MB)
14-Sep-2023 14:54:56.141 using built-in root key for view _default
14-Sep-2023 14:54:56.141 set up managed keys zone for view _default, file 'managed-keys.bind'
14-Sep-2023 14:54:56.141 automatic empty zone: 10.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 16.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 17.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 18.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 19.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 20.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 21.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 22.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 23.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 24.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 25.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 26.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 27.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 28.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 29.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 30.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 31.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 168.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 64.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 65.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 66.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 67.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 68.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 69.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 70.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 71.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 72.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 73.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 74.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 75.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 76.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 77.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 78.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 79.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 80.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 81.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 82.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 83.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 84.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 85.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 86.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 87.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 88.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 89.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 90.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 91.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 92.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 93.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 94.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 95.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 96.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 97.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 98.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 99.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 101.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 102.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 103.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 104.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 105.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 106.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 107.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 108.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 109.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 110.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 111.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 112.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 113.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 114.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 115.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 116.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 117.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 118.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 119.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 120.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 121.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 122.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 123.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 124.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 125.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 126.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 0.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 254.169.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 2.0.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.51.198.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 113.0.203.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: D.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 9.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: A.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: B.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: EMPTY.AS112.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: HOME.ARPA
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on 127.0.0.1#953
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on ::1#953
14-Sep-2023 14:54:56.145 not using config file logging statement for logging due to -g option
14-Sep-2023 14:54:56.145 managed-keys-zone: loaded serial 2
14-Sep-2023 14:54:56.149 zone local.*****.com/IN: loaded serial 2023083100
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:1::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:dc3::35#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:ba3e::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fe::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:12::d0d#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2::c#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2f::f#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:a8::e#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:9f::42#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fd::1#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:c27::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:200::b#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2d::d#53
14-Sep-2023 14:54:56.153 all zones loaded
14-Sep-2023 14:54:56.153 running
14-Sep-2023 14:54:56.173 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
14-Sep-2023 14:54:56.177 resolver priming query complete: success

我的所有网络:

root@riven:~/dns-server/config# docker network ls
NETWORK ID     NAME                     DRIVER    SCOPE
bed0ea1726ee   bridge                   bridge    local
37f54b168f7e   dns-server_dns-network   bridge    local
8db2a758902a   host                     host      local
d5d2a3a56006   none                     null      local
44f6196d71d9   proxy1                   bridge    local

检查容器的IP地址:

root@riven:~/dns-server/config# docker ps -a
CONTAINER ID   IMAGE                 COMMAND                  CREATED        STATUS          PORTS                                                                           NAMES
78296a683271   traefik:latest        "/entrypoint.sh trae…"   11 hours ago   Up 25 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp        traefik
5c3081b0c7df   ubuntu/bind9:latest   "docker-entrypoint.sh"   12 hours ago   Up 8 minutes    0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp   dns-server
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 78296a683271
10.20.3.5172.18.0.2
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 5c3081b0c7df
10.20.3.2

但正如您所看到的,DNS服务器工作正常,您可以从nslookup查询中看到它:

root@riven:~/dns-server/config# nslookup local.*****.com
Server:         192.168.88.1
Address:        192.168.88.1#53

Non-authoritative answer:
Name:   local.*****.com
Address: 91.***.***.1*4

root@riven:~/dns-server/config# nslookup servers.local.*****.com 10.20.3.2
Server:         10.20.3.2
Address:        10.20.3.2#53

Name:   servers.local.*****.com
Address: 10.20.3.4

root@riven:~/dns-server/config# nslookup traefik-dashboard.local.*****.com 10.20.3.2
Server:         10.20.3.2
Address:        10.20.3.2#53

Name:   traefik-dashboard.local.*****.com
Address: 10.20.3.5

另外,如果我访问本地域(local.*****.com),我将看到我的 microtik 路由器页面 在此处输入图片描述

但是如果我进入 traefik 面板,我会发现什么都没有起作用:

在此处输入图片描述

卷曲:

在此处输入图片描述 在此处输入图片描述

请注意,我是在本地主机上执行上述所有操作,并且完全禁用 ubuntu 防火墙 (UFW),并且还禁用 mikrotik 防火墙!!!

我不知道我做错了什么,也不知道如何让一切正常。至少不知道如何让 Traefik 面板正常工作。我将非常感激您的帮助和建议。

相关内容