Traefik 404使用内部网络docker时出错
我试图理解为什么我会出现404错误。我把它简化为docker compose networks,但仍然无法理解Traefik 此docker compose返回404错误Traefik 404使用内部网络docker时出错,docker,https,keycloak,traefik,Docker,Https,Keycloak,Traefik,我试图理解为什么我会出现404错误。我把它简化为docker compose networks,但仍然无法理解Traefik 此docker compose返回404错误 version: '3' networks: # keycloak_network: # driver: bridge web: external: true internal-network: internal: true volumes: keycloak_data:
version: '3'
networks:
# keycloak_network:
# driver: bridge
web:
external: true
internal-network:
internal: true
volumes:
keycloak_data:
driver: local
services:
keycloak_postgres:
image: postgres
volumes:
- keycloak_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: ${POSTGRES_DB}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
restart: always
networks:
# keycloak_network:
web:
keycloak:
image: jboss/keycloak
#build: ./server
environment:
DB_VENDOR: ${DB_VENDOR}
DB_ADDR: ${DB_ADDR}
POSTGRES_DB: ${POSTGRES_DB}
DB_USER: ${DB_USER}
DB_SCHEMA: ${DB_SCHEMA}
DB_PASSWORD: ${DB_PASSWORD}
KEYCLOAK_USER: ${KEYCLOAK_USER}
KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
#PROXY_ADDRESS_FORWARDING: "true"
# Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it.
#JDBC_PARAMS: "ssl=true"
depends_on:
- keycloak_postgres
volumes:
- ./themes:/opt/jboss/keycloak/themes/custom_theme
- ./disable_ssl.sh:/opt/jboss/keycloak/disable_ssl.sh
- ./themes/base/account/account.ftl:/opt/jboss/keycloak/themes/base/account/account.ftl
#- ./nginx/ssl:/etc/x509/https
restart: always
networks:
#keycloak_network:
web:
# aliases:
# - "api.adwin.usa.northeast.dn"
ports:
- "8444:8080"
logging:
driver: "json-file"
options:
max-size: "200k"
max-file: "10"
labels:
- traefik.port=8080
- traefik.frontend.rule=Path:/keycloak
- traefik.docker.network=web
#- traefik.frontend.rule=Host:api.adwin.usa.northeast.dn
#- traefik.frontend.rule=Path:/keycloak
omgwtfssl:
image: paulczar/omgwtfssl
volumes:
- "./certs:/certs"
environment:
- SSL_SUBJECT=*
keycloak_graphql:
image: hasura/graphql-engine:v1.0.0-alpha40
# ports:
# - "9091:8080"
depends_on:
- "keycloak_postgres"
- "keycloak_auth"
restart: always
environment:
HASURA_GRAPHQL_DATABASE_URL: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DB_ADDR}:5432/${POSTGRES_DB}
HASURA_GRAPHQL_ENABLE_TELEMETRY: "false" # https://docs.hasura.io/1.0/graphql/manual/guides/telemetry.html
HASURA_GRAPHQL_ENABLE_CONSOLE: "true" # set to "false" to disable console
HASURA_GRAPHQL_ADMIN_SECRET: ${HASURA_GRAPHQL_ADMIN_SECRET}
HASURA_GRAPHQL_AUTH_HOOK: ${HASURA_GRAPHQL_AUTH_HOOK}
networks:
#keycloak_network:
web:
labels:
- traefik.port=8080
- traefik.frontend.rule=Path:/keycloak-graphql
- traefik.docker.network=web
#- traefik.frontend.rule=Host:api.adwin.usa.northeast.dn
keycloak_auth:
image: httpsomkar/keycloak-hasura-connector:latest
environment:
KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID}
KEYCLOAK_SERVER_URL: ${KEYCLOAK_SERVER_URL}
KEYCLOAK_REALM: ${KEYCLOAK_REALM}
KEYCLOAK_SECRET: ${KEYCLOAK_SECRET}
AUTH_MODE: ${AUTH_MODE} # SINGLE USER, ORGANIZATION
networks:
#keycloak_network:
web:
这个docker compose将把whoami容器映像代理给localhost/whoami,并按照我的预期工作。在这里,我向公共网络公开whoami容器。然而,Traefik的要点(如果我错了,请纠正我)是限制安全漏洞。我只想曝光80/443
我正试图让KeyClope与Traefik一起工作,但出现了404错误。我可以通过切换到内部网络来获得网关超时,我可以通过点击localhost:8443(暴露端口)来验证KeyClope cointainer是否正在运行。
我错过了什么?我已经尝试了keydeave.adwin.usa.northeast.dn和adwin.usa.northeast.dn/keydeave子域。与子域相比,我使用/keydape的运气更好。如果没有dns结构,这可能吗
version: '3'
networks:
web:
external: true
internal-network:
internal: true
services:
reverse-proxy:
image: traefik # The official Traefik docker image
command: --api --docker --docker.watch --logLevel=DEBUG
# depends_on:
# - omgwtfssl
networks:
- web
ports:
- "80:80"
- "443:443"
- "5000:8080"
volumes:
- ./traefik.toml:/traefik.toml
- ./certs/:/certs/
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
#labels:
#- traefik.port=8080
#- traefik.frontend.rule=Path:/monitor
#- traefik.protocol=http
# - traefik.docker.network=web
# We only need to run this one time to generate our ./cert directory.
# omgwtfssl:
# image: paulczar/omgwtfssl
# volumes:
# - "./certs:/certs"
# environment:
# - SSL_SUBJECT=api.adwin.usa.northeast.dn
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
labels:
- traefik.port=80
#- traefik.protocol=http
- traefik.frontend.rule=Path:/whoami
#- traefik.frontend.rule=Host:whoami.adwin.usa.northeast.dn
- traefik.docker.network=web
networks:
- web
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/cert.pem"
keyFile = "/certs/key.pem"
[docker]
domain = "adwin.usa.northeast.dn"
watch = true
#usebindportip = true