Traefik: прямая аутентификация не работает

Я пытаюсь адаптировать учебник, доступный здесь, с конфигурацией аутентификации, подробно описанной в официальной документации Trafik.

Я создал простой сервис, который всегда отвечает 200 OK при получении запроса GET на этот адрес: http://172.27.10.56:9999/verify

Затем я изменил свой traefik.toml и включил это:

[entrypoints.http.auth.forward]
address = "http://172.27.10.56:9999/verify"

Но мой сервис аутентификации никогда не вызывается. На самом деле, с этим конфигом traefik перестает перенаправлять все запросы.

Вот мой Dockerfile:

FROM traefik:v1.4.1-alpine
ADD traefik.toml /traefik.toml

Вот мой трафик.томль

debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entrypoints.http.auth.forward]
    address = "http://172.27.10.56:9999/verify"

[web]
address = ":8080"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true

а вот мой докер-compose.yaml

traefik:
  image: dsp/traefik
  ports:
    - "80:80"
    - "8080:8080"
    - "443:443"
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock

machine:
  image: katacoda/docker-http-server
  labels:
    - "traefik.backend=machine-echo"
    - "traefik.frontend.rule=Host:machine-echo.example.com"

echo:
  image: katacoda/docker-http-server:v2
  labels:
    - "traefik.backend=echo"
    - "traefik.frontend.rule=Host:echo-echo.example.com"

и вот вывод запуска traefik:

time="2017-10-26T15:00:17Z" level=info msg="Using TOML configuration file //traefik.toml" 
time="2017-10-26T15:00:17Z" level=info msg="Traefik version v1.4.1 built on 2017-10-24_05:25:28PM" 
time="2017-10-26T15:00:17Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":true,"CheckNewVersion":true,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":"","TLS":null,"Redirect":null,"Auth":{"Basic":null,"Digest":null,"Forward":{"Address":"http://172.27.10.56:9999/verify","TLS":null,"TrustForwardHeader":false},"HeaderField":""},"WhitelistSourceRange":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":["http"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"Docker":{"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":null,"Stats":null,"StatsRecorder":null},"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}" 
time="2017-10-26T15:00:17Z" level=info msg="Preparing server http &{Network: Address: TLS:<nil> Redirect:<nil> Auth:0xc4204da780 WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4202a07c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" 
time="2017-10-26T15:00:17Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}" 
time="2017-10-26T15:00:17Z" level=info msg="Starting server on " 
time="2017-10-26T15:00:17Z" level=info msg="Starting provider *web.Provider {"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":true,"CurrentConfigurations":{},"Stats":{"Uptime":"2017-10-26T15:00:17.777369487Z","Pid":1,"ResponseCounts":{},"TotalResponseCounts":{},"TotalResponseTime":"0001-01-01T00:00:00Z"},"StatsRecorder":null}" 
time="2017-10-26T15:00:17Z" level=debug msg="Provider connection established with docker 17.10.0-ce-rc1 (API 1.33)" 
time="2017-10-26T15:00:17Z" level=debug msg="Validation of load balancer method for backend backend-echo failed: invalid load-balancing method ''. Using default method wrr." 
time="2017-10-26T15:00:17Z" level=debug msg="Validation of load balancer method for backend backend-machine-echo failed: invalid load-balancing method ''. Using default method wrr." 
time="2017-10-26T15:00:17Z" level=debug msg="Validation of load balancer method for backend backend-traefik-traefik failed: invalid load-balancing method ''. Using default method wrr." 
time="2017-10-26T15:00:17Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-echo":{"servers":{"server-traefik_echo_1":{"url":"http://172.17.0.2:80","weight":0}},"loadBalancer":{"method":"wrr"}},"backend-machine-echo":{"servers":{"server-traefik_machine_1":{"url":"http://172.17.0.3:80","weight":0}},"loadBalancer":{"method":"wrr"}},"backend-traefik-traefik":{"servers":{"server-traefik_traefik_1":{"url":"http://172.17.0.4:80","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-echo-echo-example-com":{"entryPoints":["http"],"backend":"backend-echo","routes":{"route-frontend-Host-echo-echo-example-com":{"rule":"Host:echo-echo.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}},"frontend-Host-machine-echo-example-com":{"entryPoints":["http"],"backend":"backend-machine-echo","routes":{"route-frontend-Host-machine-echo-example-com":{"rule":"Host:machine-echo.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}},"frontend-Host-traefik-traefik-docker-localhost":{"entryPoints":["http"],"backend":"backend-traefik-traefik","routes":{"route-frontend-Host-traefik-traefik-docker-localhost":{"rule":"Host:traefik.traefik.docker.localhost"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}}}}" 
time="2017-10-26T15:00:17Z" level=debug msg="Last docker config received more than 2s, OK" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating frontend frontend-Host-echo-echo-example-com" 
time="2017-10-26T15:00:17Z" level=debug msg="Wiring frontend frontend-Host-echo-echo-example-com to entryPoint http" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating route route-frontend-Host-echo-echo-example-com Host:echo-echo.example.com" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating backend backend-echo" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating load-balancer wrr" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating server server-traefik_echo_1 at http://172.17.0.2:80 with weight 0" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating frontend frontend-Host-machine-echo-example-com" 
time="2017-10-26T15:00:17Z" level=debug msg="Wiring frontend frontend-Host-machine-echo-example-com to entryPoint http" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating route route-frontend-Host-machine-echo-example-com Host:machine-echo.example.com" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating backend backend-machine-echo" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating load-balancer wrr" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating server server-traefik_machine_1 at http://172.17.0.3:80 with weight 0" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating frontend frontend-Host-traefik-traefik-docker-localhost" 
time="2017-10-26T15:00:17Z" level=debug msg="Wiring frontend frontend-Host-traefik-traefik-docker-localhost to entryPoint http" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating route route-frontend-Host-traefik-traefik-docker-localhost Host:traefik.traefik.docker.localhost" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating backend backend-traefik-traefik" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating load-balancer wrr" 
time="2017-10-26T15:00:17Z" level=debug msg="Creating server server-traefik_traefik_1 at http://172.17.0.4:80 with weight 0" 
time="2017-10-26T15:00:17Z" level=info msg="Server configuration reloaded on " 

Когда я тестирую Traefik, вот вывод:

curl -H Host:machine-echo.example.com http://127.0.0.1
curl: (56) Recv failure: Connection reset by peer

Но когда я удалил конфигурацию прямой аутентификации из traefik.toml, запрос был успешно перенаправлен в контейнер докера:

curl -H Host:machine-echo.example.com http://127.0.0.1
<h1>This request was processed by host: 2a291e3bb05f</h1>

Что может быть не так?

1 ответ

Решение

Похоже, в документах есть опечатка. Мне понадобилось время, чтобы понять это:

[entrypoints.http.auth.forward]

должно быть:

[entryPoints.http.auth.forward]

Заглавная "P" в "entryPoints"

Другие вопросы по тегам