Traefik:应用程序之间的HTTPS访问不起作用 [英] Traefik: HTTPS access between applications does not work

问题描述

在我们的设置中，我们使用最新的traefik作为反向代理，它具有到演示合流和密钥斗篷服务器的路由.

in our setup we use the latest traefik as reverse-proxy which has routes to a demo confluence and a keycloak server.

         traefik 
         |     |
confluence     keycloak

每个应用程序都有自己的docker-compose文件，并分别启动.

Each application has it's own docker-compose file and is started separately.

Traefik定义了一个虚拟网络，该网络中也有融合和密钥斗篷.使用正确的DNS设置，用户可以访问traefik，合流和密钥斗篷.它按预期工作.

Traefik defines a virtual network, confluence and keycloak are also in this network. With the correct DNS settings it is possible for a user to access traefik, confluence and keycloak. It works as expected.

要使用keycloak Web SSO系统，必须使融合系统能够使用traefik使用FQDN和HTTPS访问keycloak，反之亦然.这不起作用.

To use the keycloak web SSO system it is necessary the confluence system is able to access keycloak and vice versa using the FQDN and HTTPS using traefik. This does not work.

可以直接连接到服务(我们假设这是由于共享网络)，但是如果我们即连接到keycloak容器并执行类似的操作

It is possible to connect to the services directly (we suppose that's due to the shared network), but if we i.e. connect to the keycloak container and do something like

curl -k https://confluence.our.domain -v

我们可以看到与docker-host的连接已经完成(IP匹配)，但是traefik似乎没有进行任何路由.

we can see a connection to the docker-host is done (the IP matches) but traefik seems not to do any routing.

如果我们连接到keycloak容器并执行

If we connect to the keycloak container and do

curl -k -v -H 'Host: confluence.our.domain' https://traefik

路由完成.

有什么建议，我们做错了什么或应该检查什么?

Any suggestions, what we are doing wrong or what we should check out?

感谢您的帮助，克里斯多夫(Christoph)

Any help is appreciated, Christoph

推荐答案

对于适用于所有与traefik通信的容器的基于DNS的配置，请在compose.yml文件中使用以下网络别名"部分::

For DNS based configuration that will work with all the containers talking to traefik, use the following network "alias" section in your compose.yml file::

version: '3.3'

networks:
  proxy:
    external:
      name: proxy

services:
  traefik:
    image: traefik:1.4
    networks:
    - proxy:
        aliases:
        - confluence.our.domain

在上面的示例中，别名可以是列表，并且将应用于代理"网络上所有内容的DNS.

The aliases can be a list and will apply to the DNS for everything on the "proxy" network in the above example.

这篇关于Traefik:应用程序之间的HTTPS访问不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！