我正在尝试使用基于Docker的Traefik和Nginx构建堆栈 . 没有HTTPS一切都很好,但是一旦我进行HTTPS配置,我就会收到错误 .
我在 example.com
上从Nginx收到此错误: 400 Bad Request / The plain HTTP request was sent to HTTPS port. 在地址栏中我可以看到绿色锁表示连接是安全的 .
Certbot工作正常,所以我在正确的文件夹中有真正的SSL证书 .
当我访问 traefik.example.com
时,我可以访问Traefik dasboard但是我必须接受没有SSL浏览器警告,并且dasboard也可以在没有HTTPS的情况下工作 .
泊坞窗,compose.yml
version: '3.4'
services:
traefik:
image: traefik:latest
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
- ../letsencrypt:/etc/letsencrypt
labels:
- traefik.backend=traefik
- traefik.frontend.rule=Host:traefik.example.com
- traefik.port=8080
networks:
- traefik
nginx:
image: nginx:latest
volumes:
- ../www:/var/www
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ../letsencrypt:/etc/letsencrypt
labels:
- traefik.backend=nginx
- traefik.frontend.rule=Host:example.com
- traefik.port=80
- traefik.port=443
networks:
- traefik
networks:
traefik:
driver: overlay
external: true
attachable: true
traefik.toml
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[docker]
domain="example.com"
watch = true
exposedByDefault = true
swarmMode = false
nginx.conf
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /var/www/public;
index index.html;
}
谢谢你的帮助 .
1 回答
首先,不需要在Traefik和Nginx中配置SSL重定向 . 此外,Traefik前端仅匹配
non www
变体,但后端应用程序需要www
. 最后,Traefikweb
提供程序已弃用,因此应该有更新的api
提供程序 .