我正在尝试使用Traefik提供phantombot的Dockerized版本,并让Traefik处理SSL的证书。由于Phantombot使用Websocket,因此仅在外部连接时通过WSS访问WebSocket本身,但在内部网络上,它被列为WS,因为Phantombot以HTTP模式运行。
。我尝试在port 82上为WSS创建一个入门点,该入门点在toml中看起来像这样:
[entryPoints.panel]
adress = ":82"
[entryPoints.panel.tls]
[[entryPoints.panel.tls.certificates]]
certFile = "/cert.pem"
keyFile = "/privkey.pem"
和机器人码头组合中的相应标签:
- traefik.panel.frontend.rule=Host:my.domain.com
- traefik.panel.frontend.entryPoints=panel
- traefik.panel.frontend.protocol=ws
- traefik.panel.port=82
bot的容器上裸露的端口:
expose:
- 80
- 81
- 82
我尝试更改协议,制作一个Catchall,但似乎没有任何作用。每当我尝试连接时,我都会在浏览器中获得一个错误消息,说明WSS://my.domain.com:82/没有回答,HTTP(500(:机器人接口中的管道损坏。我不知道该怎么做。如果有人可以帮助我,那就太好了:(
编辑:docker-compose traefik
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
ports:
- "80:80"
- "443:443"
- "8080:8080"
- "81:81"
- "82:82"
networks:
- web
volumes:
- ./traefik.toml:/etc/traefik/traefik.toml
- ./traefik.log:/etc/traefik/traefik.log
- /var/run/docker.sock:/var/run/docker.sock:ro
- /etc/letsencrypt/live/my.domain.com/cert.pem:/cert.pem
- /etc/letsencrypt/live/my.domain.com/privkey.pem:/privkey.pem
labels:
- traefik.frontend.rule=Host:monitor.my.domain.com
- traefik.port=8080
- traefik.docker.network=web
- traefik.enable=true
- traefik.frontend.auth.basic.users=user:pass
networks:
web:
external: true
traefik toml:
# uncomment this line to get debug info with "docker logs":
#debug = true
defaultEntryPoints = ["https","http"]
[traefikLog]
filePath = "/etc/traefik/traefik.log"
format = "json"
# The syntax is somewhat esoteric so this is mostly copy-paste
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/cert.pem"
keyFile = "/privkey.pem"
[entryPoints.ytplayer]
adress = ":81"
[entryPoints.ytplayer.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
]
sniStrict = true
OSCPMustStaple = true
[[entryPoints.ytplayer.tls.certificates]]
certFile = "/cert.pem"
keyFile = "/privkey.pem"
[entryPoints.panel]
adress = ":82"
[entryPoints.panel.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
]
sniStrict = true
OSCPMustStaple = true
[[entryPoints.panel.tls.certificates]]
certFile = "/cert.pem"
keyFile = "/privkey.pem"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "morellenoir.de"
watch = true
exposedbydefault = false
# enable web configuration backend.
[web]
# Web administration port, proxied in docker-compose.yml
address = ":8080"
#traefik configuration
defaultEntryPoints = ["https","http"]
[api]
entryPoint = "traefik"
dashboard = true
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true