Docker 矩阵（synapse）主服务器，带有Traefik和Let'；s加密

我真的很想让矩阵服务器（synapse）运行起来，使用traefik for LetsEncrypt。我还认为，如果网络中有一个在2020年中期实际存在的完整示例：-），则有必要让其他人更容易建立这个模型

不幸的是，我在这个话题上度过了绝望的日子。如果有人能帮忙，我会非常感激的

我想做什么（每个要点一个docker容器）：

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

• Traefik（作为反向代理，用于不将单个服务直接提供给外部端口；用于处理Let's Encrypt）
• Synapse（作为安装的第一个目标，用于启动基本服务；如果可能，作为一个docker与SQL server组合）
• 后来：暴动作为本地安装

我的问题之一似乎是，容器（Traefik、Synapse？）的配置方式在过去12个月发生了变化，因此net中的模板目前似乎可用。当我在网络中使用模板时，特别是对于Traefik/docker，我会纠结于语法错误

我所做的：

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

Traefik的目录结构：

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

为Traefik编写Docker:

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

Traefik的配置：

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

Docker合成für突触：

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

DNS:

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

matrix.myhost.de和traefik.myhost.de指向我的服务器的ip地址。对于矩阵，有一个额外的srv条目（我希望是正确的？）

我所期望的：

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

在matrix和traefik目录中的“docker compose up”之后，traefik在Let's Encrypt自动注册站点，我在traefik.myhost.de/matrix.myhost.de上看到了一些网页，并且能够进行配置

发生了什么：

matrix.myhost.de:/var/docker_data/traefik# ls -l
-rw-r--r-- 1 root root    0 Jun 11 18:26 acme.json
-rw-r--r-- 1 root root 1552 Jun 13 13:24 docker-compose.yml
-rw-r--r-- 1 root root  563 Jun 13 13:22 traefik.toml

matrix.myhost.de:/var/docker_data/traefik# cat docker-compose.yml 
version: '3'

services:

    traefik:
        image: traefik:latest
        container_name: traefik

    ports:
        - "80:80"
        - "8080:8080"
        - "443:443"

    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /var/docker_data/traefik:/etc/traefik

    labels:
        - traefik.frontend.rule=Host:traefik.myhost.de
        - traefik.frontend.entryPoints=https
        - traefik.port=8080
        - traefik.frontend.auth.basic=admin:somePW
        - traefik.backend=traefik

matrix.myhost.de:/var/docker_data/traefik# cat traefik.toml 
logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]

[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint="https"
[entryPoints.https]
address = ":443"
#  [entryPoints.https.tls]

[api]
dashboard = true
insecure = true

[certificateResolvers.http.acme]
email = "post@myaddress.de"
storage = "/etc/traefik/acme.json"
entryPoint = "http"
onHostRule = true
acmeLogging =true

[acme.httpChallenge]
entryPoint = "http"

[providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

matrix.myhost.de:/var/docker_data/matrix# cat docker-compose.yml 
version: '3.3'

services:
    app:
        image: matrixdotorg/synapse
        restart: always
        volumes:
            - /var/docker_data/matrix:/data
    labels:
        - "traefik.frontend.entryPoints=http,https"
        - "traefik.port=8008"
        - "traefik.backend=matrix"
        - "traefik.frontend.rule=Host:matrix.myhost.de"

    container_name: matrix

在matrix-and-traefik目录中“docker compose up”之后，我没有收到来自这两个目录的任何错误消息

但是：

仪表板上的问题解答

我没有得到答案

我被问到“404找不到”

询问时，我收到一个证书错误，并且在确认后，收到一个“404未找到”

在我看来，我已经对Traefik或与矩阵容器的链接存在问题。但我不明白，这一点

---

有人有2cents吗？

看起来您正在使用traefik v1.7的配置语法，这在traefik:latest映像上不起作用。 v2的主机头规则如下所示： traefik.http.routers.routername.rule=Host（

example.com

）

也不要使用：

[空气污染指数] 不安全=正确

---

对于任何公开可用的内容。

看起来您正在使用traefik v1.7的配置语法，该语法在traefik:latest映像上不起作用。 v2的主机头规则如下所示： traefik.http.routers.routername.rule=Host（

example.com

）

也不要使用：

[空气污染指数] 不安全=正确

任何可以公开获取的信息