我已按照TLS challenge的说明进行操作,并通读了grpc guide进行traefik的操作,但是我不知道如何将它们组合在一起。
当前,我的域中有traefik仪表板,我可以使用http服务器,但无法使用grpc服务。它显示在仪表板的HTTP Services下,但是当我尝试通过请求访问端点时,它只是超时,表明它无法访问。
我的docker-compose(我没有TOML文件):
traefik:
image: "traefik:v2.0.0"
container_name: traefik
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entrypoints.grpc.address=:8090
- --providers.docker
- --api
# Lets Encrypt Resolvers
- --certificatesresolvers.leresolver.acme.email=${EMAIL}
- --certificatesresolvers.leresolver.acme.storage=/etc/acme/cert.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/acme/:/etc/acme/"
labels:
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.tls.certresolver=leresolver"
- "traefik.http.routers.traefik.entrypoints=websecure"
# Auth
- "traefik.http.routers.traefik.middlewares=authtraefik"
- "traefik.http.middlewares.authtraefik.basicauth.users=admin:xxx"
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- internal
- proxied
grpc_server:
image: xxx
container_name: grpc_server
labels:
- "traefik.http.routers.grpc_server.rule=Host(`grpc.${DOMAIN}`)"
- "traefik.http.routers.grpc_server.entrypoints=grpc"
- "traefik.http.routers.grpc_server.tls=true"
- "traefik.http.routers.grpc_server.tls.certresolver=leresolver"
expose:
- 8090 # grpc server
我不需要加密从traefik到grpc的层,这就是为什么我没有按照grpc的示例设置自签名证书的原因。我的grpc服务在不安全的模式下运行,并且没有出现在traefik后面的情况。
我明显错过了什么?