Traefik: HTTPS access between applications does no

2019-07-25 14:42发布

问题:

in our setup we use the latest traefik as reverse-proxy which has routes to a demo confluence and a keycloak server.

         traefik 
         |     |
confluence     keycloak

Each application has it's own docker-compose file and is started separately.

Traefik defines a virtual network, confluence and keycloak are also in this network. With the correct DNS settings it is possible for a user to access traefik, confluence and keycloak. It works as expected.

To use the keycloak web SSO system it is necessary the confluence system is able to access keycloak and vice versa using the FQDN and HTTPS using traefik. This does not work.

It is possible to connect to the services directly (we suppose that's due to the shared network), but if we i.e. connect to the keycloak container and do something like

curl -k https://confluence.our.domain -v

we can see a connection to the docker-host is done (the IP matches) but traefik seems not to do any routing.

If we connect to the keycloak container and do

curl -k -v -H 'Host: confluence.our.domain' https://traefik

the routing is done.

Any suggestions, what we are doing wrong or what we should check out?

Any help is appreciated, Christoph

回答1:

For DNS based configuration that will work with all the containers talking to traefik, use the following network "alias" section in your compose.yml file::

version: '3.3'

networks:
  proxy:
    external:
      name: proxy

services:
  traefik:
    image: traefik:1.4
    networks:
    - proxy:
        aliases:
        - confluence.our.domain

The aliases can be a list and will apply to the DNS for everything on the "proxy" network in the above example.



回答2:

You should insert a host entry in the containers using extra_host key in your compose file. You want to create the FQDN pointing to your traefik reverse-proxy

This will make sure you use correct host name for the https to be valid and the routing to work

version: '3'
service:
  xyz:
    extra_host:
      - "confluence.our.domain:<traefikip>"
  ...