我希望traefik仪表板仅通过https连接,但同时提供身份验证。我还希望 traefik 在我访问 http 地址时自动重定向到 https。
我尝试通过将 traefik 仪表板 http 重定向添加到 https 并添加 htpasswd 身份验证来配置自己。但遗憾的是,它不起作用。
debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https", "traefik", "traefik-https"]
[entryPoints]
[entryPoints.traefik]
address = ":8080"
compress = true
[entryPoints.traefik.redirect]
entryPoint = "traefik-https"
[entryPoints.traefik-https.tls]
[entryPoints.traefik-https.auth]
[entryPoints.traefik-https.auth.basic]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.traefik-https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.traefik-https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[api]
entryPoint = "traefik"
dashboard = true
debug = true
[file]
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Host: example.com,www.example.com"
[frontends.frontend2]
backend = "backend2"
[frontends.frontend2.routes.test_1]
rule = "Host: duplicati.example.com,www.duplicati.example.com"
[frontends.frontend3]
entryPoints = ["traefik"]
backend = "backend3"
[frontends.frontend3.routes.test_1]
rule = "Host: traefik.example.com"
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://127.0.0.1:56000"
weight = 1
[backends.backend2]
[backends.backend2.servers.server1]
url = "http://127.0.0.1:57000"
weight = 1
[backends.backend3]
[backends.backend3.servers.server1]
url = "http://127.0.0.1:8080"
weight = 1
我希望它在我访问 https 时自动重定向到 httpshttp://example.com:8080.像这样http://example.com:8080-->https://example.com:8080.但是当我访问https://example.com:8080时,它给了我一个错误Client sent an HTTP request to an HTTPS server.
我做错了什么?
我成功地解决了这个问题。我不知道我是怎么做到的,但我从零开始,参考 Traefik 文档,测试我的代码,尝试,尝试,再试一次,直到我的代码正常工作!
这是代码,以防万一有人需要它作为将来的参考
debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https", "traefik", "traefik-https"]
[entryPoints]
[entryPoints.foo]
address=":58080"
compress = true
[entryPoints.foo.redirect]
entrypoint="traefik-https"
[entryPoints.traefik-https]
address = ":58443"
compress = true
[entryPoints.traefik-https.tls]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.traefik-https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.traefik-https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[entryPoints.traefik-https.auth]
[entryPoints.traefik-https.auth.basic]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[entryPoints.https.tls.defaultCertificate]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[[entryPoints.https.tls.certificates]]
certFile = "/etc/letsencrypt/live/example.com/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.com/privkey.pem"
[api]
entryPoint = "traefik-https"
dashboard = true
debug = true
[file]
[frontends]
[frontends.frontend1]
backend = "backend1"
[frontends.frontend1.routes.test_1]
rule = "Host: example.com,www.example.com"
[frontends.frontend2]
backend = "backend2"
[frontends.frontend2.routes.test_1]
rule = "Host: duplicati.example.com,www.duplicati.example.com"
# [frontends.frontend3]
# entryPoints = ["traefik"]
# backend = "backend3"
# [frontends.frontend3.routes.test_1]
# rule = "Host: traefik.example.com"
[backends]
[backends.backend1]
[backends.backend1.servers.server1]
url = "http://127.0.0.1:56000"
weight = 1
[backends.backend2]
[backends.backend2.servers.server1]
url = "http://127.0.0.1:57000"
weight = 1
# [backends.backend3]
# [backends.backend3.servers.server1]
# url = "http://127.0.0.1:8080"
# weight = 1
我引用的 Traefik 文档:
- https://docs.traefik.io/configuration/backends/web/
- https://docs.traefik.io/configuration/entrypoints/