HTTPS-Redirect,AWS Loadbalancer后面有Traefik [英] HTTPS-Redirect with Traefik behind Aws Loadbalancer
问题描述
我正在尝试将所有传入的Traefik从http重定向到https,用于Web应用程序,该Web应用程序通过自定义端口从docker容器中提供.
I'm trying to redirect all incoming Traefik from http to https, for a web application which gets served out of a docker container with a custom port.
如果我构建此docker compose文件,并缩放应用程序,一切将按预期工作.我可以请求应用程序的http和https,但是我尝试实现仅提供https并将http重定向到https的功能.
If I build this docker compose file, and scale the application everything works as expected. I'm able to request http and https of the application, but I try to accomplish that only https get served and http gets redirected to https.
由于我使用的是Docker-Compose文件,所以我没有Traefik.toml,并尝试在没有一个文件的情况下完成此操作.
Since I use a Docker-Compose file, I don't have a Traefik.toml, and try to accomplish this without one.
Docker Compose:
traefik:
image: traefik:latest
command:
- "--api"
- "--docker"
- "--docker.domain=example.com"
- "--logLevel=DEBUG"
- "--docker.watch"
labels:
- "traefik.enable=true"
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /dev/null:/traefik.toml
application:
image: application
command: web
tty: false
stdin_open: true
restart: always
expose:
- "8081"
labels:
- "traefik.backend=application"
- "traefik.frontend.rule=HostRegexp:{subdomain:[a-z]+}.example.com"
- "traefik.frontend.priority=1"
- "traefik.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
我尝试在应用程序容器上使用不同的变体,例如:
I try'd different variations on the application container, such as:
- "traefik.frontend.entryPoints=http,https"
- "traefik.frontend.redirect.entryPoint=https"
- "traefik.frontend.headers.SSLRedirect=true"
但是我能完成的最大任务是使用SSLRedirect标签进行多次重定向响应,并且没有从traefik获得以下内容,并且http或https请求都无法正确转发.
But the maximum I could accomplish was a to many redirects response, with the SSLRedirect label, and without I get the following from traefik and neither http or https requests get forwarded correctly.
level=error msg="Recovered from panic in http handler: runtime error: invalid memory address or nil pointer dereference"
任何人都可以将我推向正确的方向吗?
Can anyone push me in the right direction?
预先感谢;)
我在以下设置下运行
user:~$ docker --version
Docker version 1.13.1, build 092cba3
user:~$ docker-compose --version
docker-compose version 1.8.0
Docker PS响应
IMAGE COMMAND ... PORTS NAMES
application "dotnet Web..." ... 8081/tcp components_application_1
traefik:latest "/traefik --api --..." ... 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp components_traefik_1
基础架构设置
aws-elb => vpc => ec2...ecn
traefik per instance,
n applications per instance
推荐答案
这仅适用于traefik v1.7,在v2之后.*您需要另一个配置设置,我还没有弄清 >
经过更深入的研究,我自己找到了解决方案.
After a deeper research, i found the solution myself.
问题是应用程序容器上缺少标签, 在我添加
The problem was a missing label on the application Container, after i added
- "traefik.frontend.headers.SSLProxyHeaders=X-Forwarded-Proto: https"
- "traefik.frontend.headers.SSLRedirect=true"
在我的应用程序容器上,它像带有清晰的301重定向的超级按钮一样工作.
on my application containers it worked like a charm with a clear 301 redirect.
为什么需要头,默认情况下,aws-elb接受一个https请求,并通过HTTP(80)将其转发到连接的实例,在此过程中,elb将X-Forwarded-Proto: https
头添加到请求中.
Why the need of the header, in default the aws-elb takes a https request and forwards it with a HTTP(80) to the connected Instance, during this process the elb adds the X-Forwarded-Proto: https
Header to the request.
由于traefik不知道它在肘部后面运行,因此会一遍又一遍地进行重定向.但是页眉停止了此行为.
Since traefik doesn't know that it is running behind an elb it does the redirect over and over again. But the Header stops this behavior.
这篇关于HTTPS-Redirect,AWS Loadbalancer后面有Traefik的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!