问题
I tried setting up test container to work with traefik and lets encrypt.
Traefik is not running on default ports 80 and 443.
The server already has apache, reverse proxy ngnix and tomcat locally installed so ports: 80, 443 and 8080 are not available.
As far as I can understand the log, there is a misconfiguration concerning the ACME ports. The test container seems to get correctly wired to the entrypoint.
How do I get lets encrypt and traefik to work in this scenario or did I do something wrong?
My traefik.toml:
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":50500"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":50501"
[entryPoints.https.tls]
[accessLog]
[retry]
[web]
address = ":50502"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
[acme]
email = "me@example.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
the docker-compose.yml:
version: '2'
services:
traefik:
image: traefik:1.5.0
restart: always
ports:
- 50500:50500
- 50501:50501
- 50502:50502
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /home/someuser/traefik/traefik.toml:/traefik.toml
- /home/someuser/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
running docker logs traefik returns:
time="2018-01-25T16:10:09Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-neo4jtestcontainer":{"servers":{"server-neo4jtestcontainer":{"url":"http://172.19.0.3:7474","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-neo4jtestcont-example-com-0":{"entryPoints":["http","https"],"backend":"backend-neo4jtestcontainer","routes":{"route-frontend-Host-neo4jtestcont-example-com-0":{"rule":"Host:neo4jtestcont.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[]}}}"
time="2018-01-25T16:10:09Z" level=debug msg="Creating frontend frontend-Host-neo4jtestcont-example-com-0"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint http"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating entryPoint redirect http -> https : ^(?:https?:\/\/)?([\w\._-]+)(?::\d+)?(.*)$ -> https://$1:50501$2"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=debug msg="Wiring frontend frontend-Host-neo4jtestcont-example-com-0 to entryPoint https"
time="2018-01-25T16:10:09Z" level=debug msg="Creating route route-frontend-Host-neo4jtestcont-example-com-0 Host:neo4jtestcont.example.com"
time="2018-01-25T16:10:09Z" level=debug msg="Creating backend backend-neo4jtestcontainer"
time="2018-01-25T16:10:09Z" level=debug msg="Creating load-balancer wrr"
time="2018-01-25T16:10:09Z" level=debug msg="Creating server server-neo4jtestcontainer at http://172.19.0.3:7474 with weight 0"
time="2018-01-25T16:10:09Z" level=debug msg="Creating retries max attempts 1"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50500"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50501"
time="2018-01-25T16:10:09Z" level=info msg="Server configuration reloaded on :50502"
time="2018-01-25T16:10:09Z" level=debug msg="LoadCertificateForDomains [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="Looking for provided certificate to validate [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:09Z" level=debug msg="No provided certificate found for domains [neo4jtestcont.example.com], get ACME certificate."
time="2018-01-25T16:10:09Z" level=debug msg="Loading ACME certificates [neo4jtestcont.example.com]..."
time="2018-01-25T16:10:11Z" level=debug msg="Challenge Present neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=debug msg="Challenge CleanUp neo4jtestcont.example.com"
time="2018-01-25T16:10:14Z" level=error msg="map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/34234isdj0asdjf02302302930239: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
]"
time="2018-01-25T16:10:14Z" level=error msg="Error getting ACME certificates [neo4jtestcont.example.com] : cannot obtain certificates map[neo4jtestcont.example.com:acme: Error 403 - urn:acme:error:unauthorized - Invalid response from http://neo4jtestcont.example.com/.well-known/acme-challenge/gG9oE2XqNe1wIRoGOseLuesOlEMlWprH61keoAEwsQA: "<!DOCTYPE html>
<html lang="de">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta na"
Error Detail:
Validation for neo4jtestcont.example.com:80
Resolved to:
12.123.12.12
Used: 12.123.12.12
回答1:
Let's Encrypt required the port 80 or 443 see https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72
来源:https://stackoverflow.com/questions/48450723/traefik-and-lets-encrypt-on-non-default-http-port-80