HTTPS 重定向与 Traefik 背后的 Aws 负载均衡器 [英] HTTPS-Redirect with Traefik behind Aws Loadbalancer
问题描述
我正在尝试将所有传入的 Traefik 从 http 重定向到 https,用于从具有自定义端口的 docker 容器提供服务的 Web 应用程序.
I'm trying to redirect all incoming Traefik from http to https, for a web application which gets served out of a docker container with a custom port.
如果我构建这个 docker compose 文件,并扩展应用程序,一切都会按预期进行.我能够请求应用程序的 http 和 https,但我尝试实现只提供 https 并且 http 被重定向到 https.
If I build this docker compose file, and scale the application everything works as expected. I'm able to request http and https of the application, but I try to accomplish that only https get served and http gets redirected to https.
由于我使用了 Docker-Compose 文件,所以我没有 Traefik.toml,因此尝试在没有 Traefik.toml 的情况下完成此操作.
Since I use a Docker-Compose file, I don't have a Traefik.toml, and try to accomplish this without one.
Docker Compose:
traefik:
image: traefik:latest
command:
- "--api"
- "--docker"
- "--docker.domain=example.com"
- "--logLevel=DEBUG"
- "--docker.watch"
labels:
- "traefik.enable=true"
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /dev/null:/traefik.toml
application:
image: application
command: web
tty: false
stdin_open: true
restart: always
expose:
- "8081"
labels:
- "traefik.backend=application"
- "traefik.frontend.rule=HostRegexp:{subdomain:[a-z]+}.example.com"
- "traefik.frontend.priority=1"
- "traefik.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
我尝试了应用程序容器的不同变体,例如:
I try'd different variations on the application container, such as:
- "traefik.frontend.entryPoints=http,https"
- "traefik.frontend.redirect.entryPoint=https"
- "traefik.frontend.headers.SSLRedirect=true"
但我能完成的最大任务是多次重定向响应,带有 SSLRedirect 标签,如果没有我从 traefik 获得以下内容,http 或 https 请求都无法正确转发.
But the maximum I could accomplish was a to many redirects response, with the SSLRedirect label, and without I get the following from traefik and neither http or https requests get forwarded correctly.
level=error msg="Recovered from panic in http handler: runtime error: invalid memory address or nil pointer dereference"
谁能把我推向正确的方向?
Can anyone push me in the right direction?
提前致谢;)
我在以下设置下运行
user:~$ docker --version
Docker version 1.13.1, build 092cba3
user:~$ docker-compose --version
docker-compose version 1.8.0
Docker PS 响应
IMAGE COMMAND ... PORTS NAMES
application "dotnet Web..." ... 8081/tcp components_application_1
traefik:latest "/traefik --api --..." ... 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:8080->8080/tcp components_traefik_1
基础设施设置
aws-elb => vpc => ec2...ecn
traefik per instance,
n applications per instance
推荐答案
这只在 traefik v1.7 之前有效,在 v2.* 之后你需要另一个配置设置,我还没有弄清楚
经过深入研究,我自己找到了解决方案.
After a deeper research, i found the solution myself.
问题是应用程序容器上缺少标签,在我添加
The problem was a missing label on the application Container, after i added
- "traefik.frontend.headers.SSLProxyHeaders=X-Forwarded-Proto: https"
- "traefik.frontend.headers.SSLRedirect=true"
在我的应用程序容器上,它就像一个带有明确 301 重定向的魅力.
on my application containers it worked like a charm with a clear 301 redirect.
为什么需要标头,默认情况下,aws-elb 接受一个 https 请求并使用 HTTP(80) 将其转发到连接的实例,在此过程中 elb 添加 X-Forwarded-Proto:https 请求的标头.
Why the need of the header, in default the aws-elb takes a https request and forwards it with a HTTP(80) to the connected Instance, during this process the elb adds the X-Forwarded-Proto: https Header to the request.
由于 traefik 不知道它在 elb 后面运行,所以它一遍又一遍地进行重定向.但是 Header 阻止了这种行为.
Since traefik doesn't know that it is running behind an elb it does the redirect over and over again. But the Header stops this behavior.
这篇关于HTTPS 重定向与 Traefik 背后的 Aws 负载均衡器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
