apache - 502 代理错误(docker + traefik + apache)

Question

我正尝试在我的本地开发实例上为 SSL 终止设置 traefik。跟进this指导我有以下配置。

docker-compose.yml

version: '2.1'
services:
  mariadb:
    image: wodby/mariadb:10.2-3.0.2
    healthcheck:
        test: "/usr/bin/mysql --user=dummyuser --password=dummypasswd --execute \"SHOW DATABASES;\" | grep database"
        interval: 3s
        timeout: 1s
        retries: 5
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: dummy
      MYSQL_DATABASE: database
    volumes:
      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
      - mysql:/var/lib/mysql # I want to manage volumes manually.

  php:
    depends_on:
      mariadb:
        condition: service_healthy
    ports:
        - "25:25"
        - "587:587"
    environment:
      PHP_FPM_CLEAR_ENV: "no"
      DB_HOST: mariadb
      #DB_USER: dummy
      DB_PASSWORD: dummypasswd
      DB_NAME: database
      DB_DRIVER: mysql
      PHP_POST_MAX_SIZE: "256M"
      PHP_UPLOAD_MAX_FILESIZE: "256M"
      PHP_MAX_EXECUTION_TIME: 300
    volumes:
      - codebase:/var/www/html/
      - private:/var/www/html/private
  solr:
    image: mxr576/apachesolr-4.x-drupal-docker
    ports:
      - "8983:8983"
    labels:
      - 'traefik.backend=solr'
      - 'traefik.port=8983'
     # - 'traefik.frontend.rule=Host:192.168.33.10'
    volumes:
      - solr:/opt/solr/example/solr/collection1/data
    restart: always
  portainer:
    image: portainer/portainer
    command: --no-auth -H unix:///var/run/docker.sock
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - 'traefik.backend=portainer'
      - 'traefik.port=9000'
    restart: always
      apache:
        image: wodby/php-apache:2.4-2.0.2
    #    ports:
    #      - "80:80"
        depends_on:
          - php
        environment:
          APACHE_LOG_LEVEL: warn
          APACHE_BACKEND_HOST: php
          APACHE_SERVER_ROOT: /var/www/html/drupal
        volumes:
          - codebase:/var/www/html/
          - private:/var/www/html/private
        labels:
          - 'traefik.backend=apache'
          - 'traefik.docker.network=proxy'
          - "traefik.frontend.rule=Host:127.0.0.1"
          - "traefik.enable=true"
          - "traefik.port=80"
          - "traefik.default.protocol=http"
        restart: always
        networks:
          - proxy
      traefik:
        image: traefik
        command: -c /traefik.toml --web --docker --logLevel=INFO
        ports:
          - '80:80'
          - '443:443'
          - '8888:8080' # Dashboard
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
          - /codebase/traefik.toml:/traefik.toml
          - /codebase/certs/cert.crt:/cert.crt
          - /codebase/certs/cert.key:/cert.key
    volumes:
      solr:
        external: true
      mysql:
        external: true
      codebase:
        external: true
      private:
        external: true

    networks:
      proxy:
        external: true

traefik.toml

logLevel = "DEBUG" # <---
defaultEntryPoints = ["https", "http"] # <---

[accessLog]
[traefikLog]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
      certFile = "/cert.crt"
      keyFile = "/cert.key"

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = false

尝试验证实例时，我收到 502 Bad Gateway

 curl -i -k https://127.0.0.1
        HTTP/1.1 502 Bad Gateway
        Content-Length: 392
        Content-Type: text/html; charset=iso-8859-1
        Date: Fri, 14 Sep 2018 16:34:36 GMT
        Server: Apache/2.4.29 (Unix) LibreSSL/2.5.5
        X-Content-Type-Options: nosniff
        <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
        <html><head>
        <title>502 Proxy Error</title>
        </head><body>
        <h1>Proxy Error</h1>
        <p>The proxy server received an invalid
        response from an upstream server.<br />
        The proxy server could not handle the request <em><a href="/index.php">GET&nbsp;/index.php</a></em>.<p>
        Reason: <strong>DNS lookup failure for: php</strong></p></p>
        </body></html>

docker-compose 和 docker 网络的重置没有帮助。 我检查了 issue在他们的 repo 协议(protocol)上，似乎没有人得到明确的解决方案。有人知道如何解决这个问题吗？

编辑:更新完整的 docker-compose 文件。

Answer 1

您正在尝试使用服务发现从 apache 服务连接到 php 容器。但是 php 容器没有连接到网络 proxy，因为 你还没有为它声明网络。 也是同样的情况mariabd 也是。因此，当您连接到 apache/traefik 时，他们会寻找未连接到网络 proxy 的主机 php 并抛出错误 502 .

除非您指定外部网络，否则 Docker 容器不会连接到它们。

因此，为了使docker服务发现正常工作，您必须为所有服务指定如下网络。

networks:
      - proxy

奖励:

既然你做了端口映射。 您还可以使用主机的公共(public) IP 后跟端口来连接到来自 docker 容器和外部容器的服务。

Example:

Let us assume your ip is 192.168.0.123 then you can connect to php from any services in docker container and even from outside docker as 192.168.0.123:25 and 192.168.0.123:587. This is because you have exposed ports 25,587 by mapping them to host ports 25,587.

一些引用资料:

1. > Docker networking
2. > Networking using the host network
3. > Connect a container to a user-defined bridge
4. > Networking with standalone containers
5. > Service discovery
6. > Networking in Compose (选中“指定自定义网络”部分)