docker - Traefik和Nginx在Docker上使用HTTPS/400错误请求

Question

我正在尝试使用基于Docker的Traefik和Nginx构建堆栈。没有HTTPS的话一切都很好，但是一旦我进行HTTPS配置，就会出现错误。

我在example.com上从Nginx收到此错误: 400错误的请求/普通的HTTP请求已发送到HTTPS端口。 在地址栏中，我可以看到绿色的锁，表明连接是安全的。

Certbot可以正常工作，因此我在正确的文件夹中具有真实的SSL证书。

当我访问traefik.example.com时，我可以进入Traefik仪表板，但是我不必接受SSL浏览器警告，并且即使没有HTTPS，仪表板也可以正常工作。

docker-compose.yml

version: '3.4'
services:
    traefik:
        image: traefik:latest
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080"
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik/traefik.toml:/etc/traefik/traefik.toml
            - ../letsencrypt:/etc/letsencrypt
        labels:
            - traefik.backend=traefik
            - traefik.frontend.rule=Host:traefik.example.com
            - traefik.port=8080
        networks:
           - traefik
    nginx:
        image: nginx:latest
        volumes:
            - ../www:/var/www
            - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf
            - ../letsencrypt:/etc/letsencrypt
        labels:
            - traefik.backend=nginx
            - traefik.frontend.rule=Host:example.com
            - traefik.port=80
            - traefik.port=443
        networks:
            - traefik
networks:
    traefik:
        driver: overlay
        external: true
        attachable: true

traefik.toml

defaultEntryPoints = ["http", "https"]

[web]
    address = ":8080"

[entryPoints]
    [entryPoints.http]
        address = ":80"
        [entryPoints.http.redirect]
            entryPoint = "https"
    [entryPoints.https]
        address = ":443"
        [entryPoints.https.tls]
            [[entryPoints.https.tls.certificates]]
                certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
                keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"

[docker]
    domain="example.com"
    watch = true
    exposedByDefault = true
    swarmMode = false

nginx.conf

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl http2;

    server_name www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    root /var/www/public;
    index index.html;
}

谢谢你的帮助。

Answer 1

首先，不需要在Traefik和Nginx中都配置SSL重定向。此外，Traefik前端仅匹配non www变体，但后端应用程序需要www。最后，不推荐Traefik web提供程序，因此应该有较新的api提供程序。