Traefik: прямая аутентификация не работает
Я пытаюсь адаптировать учебник, доступный здесь, с конфигурацией аутентификации, подробно описанной в официальной документации Trafik.
Я создал простой сервис, который всегда отвечает 200 OK при получении запроса GET на этот адрес: http://172.27.10.56:9999/verify
Затем я изменил свой traefik.toml и включил это:
[entrypoints.http.auth.forward]
address = "http://172.27.10.56:9999/verify"
Но мой сервис аутентификации никогда не вызывается. На самом деле, с этим конфигом traefik перестает перенаправлять все запросы.
Вот мой Dockerfile:
FROM traefik:v1.4.1-alpine
ADD traefik.toml /traefik.toml
Вот мой трафик.томль
debug = true
logLevel = "DEBUG"
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entrypoints.http.auth.forward]
address = "http://172.27.10.56:9999/verify"
[web]
address = ":8080"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.localhost"
watch = true
а вот мой докер-compose.yaml
traefik:
image: dsp/traefik
ports:
- "80:80"
- "8080:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
machine:
image: katacoda/docker-http-server
labels:
- "traefik.backend=machine-echo"
- "traefik.frontend.rule=Host:machine-echo.example.com"
echo:
image: katacoda/docker-http-server:v2
labels:
- "traefik.backend=echo"
- "traefik.frontend.rule=Host:echo-echo.example.com"
и вот вывод запуска traefik:
time="2017-10-26T15:00:17Z" level=info msg="Using TOML configuration file //traefik.toml"
time="2017-10-26T15:00:17Z" level=info msg="Traefik version v1.4.1 built on 2017-10-24_05:25:28PM"
time="2017-10-26T15:00:17Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":true,"CheckNewVersion":true,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":"","TLS":null,"Redirect":null,"Auth":{"Basic":null,"Digest":null,"Forward":{"Address":"http://172.27.10.56:9999/verify","TLS":null,"TrustForwardHeader":false},"HeaderField":""},"WhitelistSourceRange":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":["http"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"Docker":{"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":false,"CurrentConfigurations":null,"Stats":null,"StatsRecorder":null},"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
time="2017-10-26T15:00:17Z" level=info msg="Preparing server http &{Network: Address: TLS:<nil> Redirect:<nil> Auth:0xc4204da780 WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4202a07c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2017-10-26T15:00:17Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.localhost","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false}"
time="2017-10-26T15:00:17Z" level=info msg="Starting server on "
time="2017-10-26T15:00:17Z" level=info msg="Starting provider *web.Provider {"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"/","Auth":null,"Debug":true,"CurrentConfigurations":{},"Stats":{"Uptime":"2017-10-26T15:00:17.777369487Z","Pid":1,"ResponseCounts":{},"TotalResponseCounts":{},"TotalResponseTime":"0001-01-01T00:00:00Z"},"StatsRecorder":null}"
time="2017-10-26T15:00:17Z" level=debug msg="Provider connection established with docker 17.10.0-ce-rc1 (API 1.33)"
time="2017-10-26T15:00:17Z" level=debug msg="Validation of load balancer method for backend backend-echo failed: invalid load-balancing method ''. Using default method wrr."
time="2017-10-26T15:00:17Z" level=debug msg="Validation of load balancer method for backend backend-machine-echo failed: invalid load-balancing method ''. Using default method wrr."
time="2017-10-26T15:00:17Z" level=debug msg="Validation of load balancer method for backend backend-traefik-traefik failed: invalid load-balancing method ''. Using default method wrr."
time="2017-10-26T15:00:17Z" level=debug msg="Configuration received from provider docker: {"backends":{"backend-echo":{"servers":{"server-traefik_echo_1":{"url":"http://172.17.0.2:80","weight":0}},"loadBalancer":{"method":"wrr"}},"backend-machine-echo":{"servers":{"server-traefik_machine_1":{"url":"http://172.17.0.3:80","weight":0}},"loadBalancer":{"method":"wrr"}},"backend-traefik-traefik":{"servers":{"server-traefik_traefik_1":{"url":"http://172.17.0.4:80","weight":0}},"loadBalancer":{"method":"wrr"}}},"frontends":{"frontend-Host-echo-echo-example-com":{"entryPoints":["http"],"backend":"backend-echo","routes":{"route-frontend-Host-echo-echo-example-com":{"rule":"Host:echo-echo.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}},"frontend-Host-machine-echo-example-com":{"entryPoints":["http"],"backend":"backend-machine-echo","routes":{"route-frontend-Host-machine-echo-example-com":{"rule":"Host:machine-echo.example.com"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}},"frontend-Host-traefik-traefik-docker-localhost":{"entryPoints":["http"],"backend":"backend-traefik-traefik","routes":{"route-frontend-Host-traefik-traefik-docker-localhost":{"rule":"Host:traefik.traefik.docker.localhost"}},"passHostHeader":true,"priority":0,"basicAuth":[],"headers":{}}}}"
time="2017-10-26T15:00:17Z" level=debug msg="Last docker config received more than 2s, OK"
time="2017-10-26T15:00:17Z" level=debug msg="Creating frontend frontend-Host-echo-echo-example-com"
time="2017-10-26T15:00:17Z" level=debug msg="Wiring frontend frontend-Host-echo-echo-example-com to entryPoint http"
time="2017-10-26T15:00:17Z" level=debug msg="Creating route route-frontend-Host-echo-echo-example-com Host:echo-echo.example.com"
time="2017-10-26T15:00:17Z" level=debug msg="Creating backend backend-echo"
time="2017-10-26T15:00:17Z" level=debug msg="Creating load-balancer wrr"
time="2017-10-26T15:00:17Z" level=debug msg="Creating server server-traefik_echo_1 at http://172.17.0.2:80 with weight 0"
time="2017-10-26T15:00:17Z" level=debug msg="Creating frontend frontend-Host-machine-echo-example-com"
time="2017-10-26T15:00:17Z" level=debug msg="Wiring frontend frontend-Host-machine-echo-example-com to entryPoint http"
time="2017-10-26T15:00:17Z" level=debug msg="Creating route route-frontend-Host-machine-echo-example-com Host:machine-echo.example.com"
time="2017-10-26T15:00:17Z" level=debug msg="Creating backend backend-machine-echo"
time="2017-10-26T15:00:17Z" level=debug msg="Creating load-balancer wrr"
time="2017-10-26T15:00:17Z" level=debug msg="Creating server server-traefik_machine_1 at http://172.17.0.3:80 with weight 0"
time="2017-10-26T15:00:17Z" level=debug msg="Creating frontend frontend-Host-traefik-traefik-docker-localhost"
time="2017-10-26T15:00:17Z" level=debug msg="Wiring frontend frontend-Host-traefik-traefik-docker-localhost to entryPoint http"
time="2017-10-26T15:00:17Z" level=debug msg="Creating route route-frontend-Host-traefik-traefik-docker-localhost Host:traefik.traefik.docker.localhost"
time="2017-10-26T15:00:17Z" level=debug msg="Creating backend backend-traefik-traefik"
time="2017-10-26T15:00:17Z" level=debug msg="Creating load-balancer wrr"
time="2017-10-26T15:00:17Z" level=debug msg="Creating server server-traefik_traefik_1 at http://172.17.0.4:80 with weight 0"
time="2017-10-26T15:00:17Z" level=info msg="Server configuration reloaded on "
Когда я тестирую Traefik, вот вывод:
curl -H Host:machine-echo.example.com http://127.0.0.1
curl: (56) Recv failure: Connection reset by peer
Но когда я удалил конфигурацию прямой аутентификации из traefik.toml, запрос был успешно перенаправлен в контейнер докера:
curl -H Host:machine-echo.example.com http://127.0.0.1
<h1>This request was processed by host: 2a291e3bb05f</h1>
Что может быть не так?
1 ответ
Похоже, в документах есть опечатка. Мне понадобилось время, чтобы понять это:
[entrypoints.http.auth.forward]
должно быть:
[entryPoints.http.auth.forward]
Заглавная "P" в "entryPoints"