我想在docker环境中尝试一下Caddy,但它似乎无法连接到其他容器。我创建了一个网络“球童”,并想在它旁边运行一个 portainer。如果我进入球童卷,我可以看到生成了证书,所以这似乎有效。portainer 也正在运行并可通过服务器 IP ( http://65.21.139.246:1000/ ) 进行访问。但是当我通过网址访问时: https: //smallhetzi.fading-flame.com/我收到 502 并且在 caddy 的日志中我可以看到以下消息:
{
"level": "error",
"ts": 1629873106.715402,
"logger": "http.log.error",
"msg": "dial tcp 172.20.0.2:1000: connect: connection refused",
"request": {
"remote_addr": "89.247.255.231:15146",
"proto": "HTTP/2.0",
"method": "GET",
"host": "smallhetzi.fading-flame.com",
"uri": "/",
"headers": {
"Accept-Encoding": [
"gzip, deflate, br"
],
"Accept-Language": [
"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"
],
"Cache-Control": [
"max-age=0"
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36"
],
"Sec-Fetch-Site": [
"none"
],
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
],
"Sec-Fetch-Mode": [
"navigate"
],
"Sec-Fetch-User": [
"?1"
],
"Sec-Fetch-Dest": [
"document"
],
"Sec-Ch-Ua": [
"\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\""
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Upgrade-Insecure-Requests": [
"1"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4865,
"proto": "h2",
"proto_mutual": true,
"server_name": "smallhetzi.fading-flame.com"
}
},
"duration": 0.000580828,
"status": 502,
"err_id": "pq78d9hen",
"err_trace": "reverseproxy.statusError (reverseproxy.go:857)"
}
但有两个撰写文件:
球童:
version: '3.9'
services:
caddy:
image: caddy:2-alpine
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- certs-volume:/data
- caddy_config:/config
volumes:
certs-volume:
caddy_config:
networks:
default:
external:
name: caddy
球童文件:
{
email simonheiss87@gmail.com
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
smallhetzi.fading-flame.com {
reverse_proxy portainer:1000
}
和我的 portainer 文件:
version: '3.9'
services:
portainer:
image: portainer/portainer-ce
container_name: portainer
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- portainer_data:/data portainer/portainer
entrypoint: /portainer -p :80
ports:
- "1000:80"
volumes:
portainer_data:
networks:
default:
external:
name: caddy
我认为发生的情况是,这两个容器不知何故不在同一个网络中,但我不明白为什么。
现在的解决方法是,当我对 Caddyfile 进行此更改时:
smallhetzi.fading-flame.com {
reverse_proxy 65.21.139.246:1000
}
然后我得到一个有效的证书和 portainer ui。但我不想将 IP 传播到我的 Caddyfile 上。我需要配置其他东西才能让 caddy 在 docker 中运行吗?
Sim*_*s0n 22
我刚刚从论坛获得帮助,事实证明,球童重定向到容器内的端口,而不是公共端口。就我而言,portainer 在 80 内部运行,因此将 Caddyfile 更改为:
smallhetzi.fading-flame.com {
reverse_proxy portainer:80
}
或这个
smallhetzi.fading-flame.com {
reverse_proxy http://portainer
}
完成工作。这也意味着,我可以摆脱直接通过端口 1000 公开 portainer。现在我只能通过代理访问它。
希望有人能从中得到一些帮助:)
| 归档时间: |
|
| 查看次数: |
13244 次 |
| 最近记录: |