Traefik and Let's Encrypt on non default http port 80?

隐身守侯 提交于 2020-01-06 08:01:17

问题


I tried setting up test container to work with traefik and lets encrypt.

Traefik is not running on default ports 80 and 443.

The server already has apache, reverse proxy ngnix and tomcat locally installed so ports: 80, 443 and 8080 are not available.

As far as I can understand the log, there is a misconfiguration concerning the ACME ports. The test container seems to get correctly wired to the entrypoint.

How do I get lets encrypt and traefik to work in this scenario or did I do something wrong?

My traefik.toml:

debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
  [entryPoints.http]
  address = ":50500"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":50501"
   [entryPoints.https.tls]
 [accessLog]
[retry]
[web]
address = ":50502"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
[acme]
email = "me@example.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"

the docker-compose.yml:

version: '2'

services:
  traefik:
    image: traefik:1.5.0
    restart: always
    ports:
      - 50500:50500
      - 50501:50501
      - 50502:50502
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/someuser/traefik/traefik.toml:/traefik.toml
      - /home/someuser/traefik/acme.json:/acme.json
    container_name: traefik

networks:
  web:
    external: true

running docker logs traefik returns:

time="2018-01-25T16:10:09Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-neo4jtestcontainer":{"servers":{"server-neo4jtestcontainer":{"url":"http://172.19.0.3:7474","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-neo4jtestcont-example-com-0":{"entryPoints":["http","https"],"backend":"backend-neo4jtestcontainer","routes":{"route-frontend-Host-neo4jtestcont-example-com-0":{"rule":"Host:neo4jtestcont.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[]}}}"
time="2018-01-25T16:10:09Z" level=debug msg="Creating frontend frontend-Host-neo4jtestcont-example-com-0"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint http"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating entryPoint redirect http -> https : ^(?:https?:\/\/)?([\w\._-]+)(?::\d+)?(.*)$ -> https://$1:50501$2"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint https"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50500"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50501"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50502"
time="2018-01-25T16:10:09Z" level=debug msg="LoadCertificateForDomains [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="Looking for provided certificate to validate [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="No provided certificate found for domains [neo4jtestcont.example.com], get ACME certificate."
time="2018-01-25T16:10:09Z" level=debug msg="Loading ACME certificates [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:11Z" level=debug msg="Challenge Present neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=debug msg="Challenge CleanUp neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=error msg="map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/34234isdj0asdjf02302302930239: "<!DOCTYPE html>
<html lang="de">
<head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta na"
Error Detail:
        Validation for neo4jtestcont.example.com:80
        Resolved to:
                12.123.12.12
        Used: 12.123.12.12

]"
time="2018-01-25T16:10:14Z" level=error msg="Error getting ACME certificates [neo4jtestcont.example.com] : cannot obtain certificates map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/gG9oE2XqNe1wIRoGOseLuesOlEMlWprH61keoAEwsQA: "<!DOCTYPE html>
<html lang="de">
<head>
        <meta charset="utf-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta na"
Error Detail:
        Validation for neo4jtestcont.example.com:80
        Resolved to:
                12.123.12.12
        Used: 12.123.12.12

回答1:


Let's Encrypt required the port 80 or 443 see https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72



来源:https://stackoverflow.com/questions/48450723/traefik-and-lets-encrypt-on-non-default-http-port-80

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!