我正在尝试使用基于Docker的Traefik和Nginx构建堆栈。没有HTTPS的话一切都很好,但是一旦我进行HTTPS配置,就会出现错误。
我在example.com
上从Nginx收到此错误: 400错误的请求/普通的HTTP请求已发送到HTTPS端口。 在地址栏中,我可以看到绿色的锁,表明连接是安全的。
Certbot可以正常工作,因此我在正确的文件夹中具有真实的SSL证书。
当我访问traefik.example.com
时,我可以进入Traefik仪表板,但是我不必接受SSL浏览器警告,并且即使没有HTTPS,仪表板也可以正常工作。
docker-compose.yml
version: '3.4'
services:
traefik:
image: traefik:latest
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
- ../letsencrypt:/etc/letsencrypt
labels:
- traefik.backend=traefik
- traefik.frontend.rule=Host:traefik.example.com
- traefik.port=8080
networks:
- traefik
nginx:
image: nginx:latest
volumes:
- ../www:/var/www
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
- ../letsencrypt:/etc/letsencrypt
labels:
- traefik.backend=nginx
- traefik.frontend.rule=Host:example.com
- traefik.port=80
- traefik.port=443
networks:
- traefik
networks:
traefik:
driver: overlay
external: true
attachable: true
traefik.toml
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[docker]
domain="example.com"
watch = true
exposedByDefault = true
swarmMode = false
nginx.conf
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /var/www/public;
index index.html;
}
谢谢你的帮助。
最佳答案
首先,不需要在Traefik和Nginx中都配置SSL重定向。此外,Traefik前端仅匹配non www
变体,但后端应用程序需要www
。最后,不推荐Traefik web
提供程序,因此应该有较新的api
提供程序。
关于docker - Traefik和Nginx在Docker上使用HTTPS/400错误请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50938241/