Traefik 404使用内部网络docker时出错_Docker_Https_Keycloak_Traefik

Traefik 404使用内部网络docker时出错

docker https keycloak

Traefik 404使用内部网络docker时出错,docker,https,keycloak,traefik,Docker,Https,Keycloak,Traefik,我试图理解为什么我会出现404错误。我把它简化为docker compose networks，但仍然无法理解Traefik 此docker compose返回404错误 version: '3' networks: # keycloak_network: # driver: bridge web: external: true internal-network: internal: true volumes: keycloak_data:

我试图理解为什么我会出现404错误。我把它简化为docker compose networks，但仍然无法理解Traefik

此docker compose返回404错误

version: '3'

networks:
  # keycloak_network:
  #   driver: bridge
  web:
    external: true 
  internal-network:
    internal: true

volumes:
  keycloak_data:
      driver: local

services:
  keycloak_postgres:
      image: postgres
      volumes:
        - keycloak_data:/var/lib/postgresql/data
      environment:
        POSTGRES_DB: ${POSTGRES_DB}
        POSTGRES_USER: ${POSTGRES_USER}
        POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      restart: always
      networks:
      # keycloak_network:
        web:
  keycloak:
      image: jboss/keycloak
      #build: ./server 
      environment:
        DB_VENDOR: ${DB_VENDOR}
        DB_ADDR: ${DB_ADDR}
        POSTGRES_DB: ${POSTGRES_DB}
        DB_USER: ${DB_USER}
        DB_SCHEMA: ${DB_SCHEMA}
        DB_PASSWORD: ${DB_PASSWORD}
        KEYCLOAK_USER: ${KEYCLOAK_USER}
        KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
        #PROXY_ADDRESS_FORWARDING: "true"
        # Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
        #JDBC_PARAMS: "ssl=true"
      depends_on:
        - keycloak_postgres
      volumes:
        - ./themes:/opt/jboss/keycloak/themes/custom_theme
        - ./disable_ssl.sh:/opt/jboss/keycloak/disable_ssl.sh
        - ./themes/base/account/account.ftl:/opt/jboss/keycloak/themes/base/account/account.ftl
        #- ./nginx/ssl:/etc/x509/https
      restart: always
      networks:
        #keycloak_network:
        web:
          # aliases:
          #  - "api.adwin.usa.northeast.dn"
      ports:
        - "8444:8080"
      logging:
        driver: "json-file"
        options:
         max-size: "200k"
         max-file: "10"
      labels:
        - traefik.port=8080
        - traefik.frontend.rule=Path:/keycloak
        - traefik.docker.network=web
        #- traefik.frontend.rule=Host:api.adwin.usa.northeast.dn
        #- traefik.frontend.rule=Path:/keycloak




  omgwtfssl:
   image: paulczar/omgwtfssl
   volumes:
    - "./certs:/certs"
   environment:
    - SSL_SUBJECT=*



  keycloak_graphql:
    image: hasura/graphql-engine:v1.0.0-alpha40
    # ports:
    #   - "9091:8080"
    depends_on:
      - "keycloak_postgres"
      - "keycloak_auth"
    restart: always
    environment:
      HASURA_GRAPHQL_DATABASE_URL: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DB_ADDR}:5432/${POSTGRES_DB}
      HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" # https://docs.hasura.io/1.0/graphql/manual/guides/telemetry.html
      HASURA_GRAPHQL_ENABLE_CONSOLE: "true" # set to "false" to disable console
      HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
      HASURA_GRAPHQL_AUTH_HOOK: ${HASURA_GRAPHQL_AUTH_HOOK}
    networks:
      #keycloak_network:
      web:
    labels:
      - traefik.port=8080
      - traefik.frontend.rule=Path:/keycloak-graphql
      - traefik.docker.network=web
      #- traefik.frontend.rule=Host:api.adwin.usa.northeast.dn
  keycloak_auth:
    image: httpsomkar/keycloak-hasura-connector:latest
    environment:
      KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID}
      KEYCLOAK_SERVER_URL: ${KEYCLOAK_SERVER_URL}
      KEYCLOAK_REALM: ${KEYCLOAK_REALM}
      KEYCLOAK_SECRET: ${KEYCLOAK_SECRET}
      AUTH_MODE: ${AUTH_MODE} # SINGLE USER, ORGANIZATION
    networks:
     #keycloak_network:
     web:

这个docker compose将把whoami容器映像代理给localhost/whoami，并按照我的预期工作。在这里，我向公共网络公开whoami容器。然而，Traefik的要点（如果我错了，请纠正我）是限制安全漏洞。我只想曝光80/443

我正试图让KeyClope与Traefik一起工作，但出现了404错误。我可以通过切换到内部网络来获得网关超时，我可以通过点击localhost:8443（暴露端口）来验证KeyClope cointainer是否正在运行。我错过了什么？我已经尝试了keydeave.adwin.usa.northeast.dn和adwin.usa.northeast.dn/keydeave子域。与子域相比，我使用/keydape的运气更好。如果没有dns结构，这可能吗

version: '3'

networks: 
  web: 
    external: true 
  internal-network:
    internal: true

services:
  reverse-proxy:
    image: traefik # The official Traefik docker image
    command: --api --docker --docker.watch --logLevel=DEBUG
    # depends_on:
    #   - omgwtfssl
    networks:
      - web
    ports:
      - "80:80"
      - "443:443"
      - "5000:8080"
    volumes:
      - ./traefik.toml:/traefik.toml
      - ./certs/:/certs/
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
    #labels:
      #- traefik.port=8080
      #- traefik.frontend.rule=Path:/monitor
      #- traefik.protocol=http
      # - traefik.docker.network=web
      # We only need to run this one time to generate our ./cert directory.   
  # omgwtfssl:
  #   image: paulczar/omgwtfssl
  #   volumes:
  #     - "./certs:/certs"
  #   environment:
  #     - SSL_SUBJECT=api.adwin.usa.northeast.dn

  whoami:
     image: containous/whoami # A container that exposes an API to show its IP address
     labels:
       - traefik.port=80
       #- traefik.protocol=http
       - traefik.frontend.rule=Path:/whoami
       #- traefik.frontend.rule=Host:whoami.adwin.usa.northeast.dn
       - traefik.docker.network=web
     networks:
      - web

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
        certFile = "/certs/cert.pem"
        keyFile = "/certs/key.pem"

[docker]
domain = "adwin.usa.northeast.dn"
watch = true
#usebindportip = true