Traefik работает в докере на QNAP NAS. Я могу получить доступ к веб-сервисам QNAP из Traefik, так как это тот же хост, что и в докере, однако я не могу получить доступ к внутреннему серверу iRedMail в той же локальной сети (то есть в другом хосте, не в доке).
Я попробовал NGINX и Apache на сервере iRedMail, но безуспешно. (Настройка безопасности?). Я использую те же самые сертификаты для докера Traefik (в QNAP), QNAP и сервера iRedMail.
файл Traefik.toml
debug = true
logLevel = "ERROR" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
[traefikLog]
filePath = "/etc/traefik/logs/traefik.log"
format = "json"
[accessLog]
filePath = "/etc/traefik/logs/access.log"
format = "json"
# Web interface
[api]
address = ":8080"
# Traefik will listen for traffic on both HTTP and HTTPS.
defaultEntryPoints = ["http", "https"]
# Network traffic will be entering our Docker network on the usual web ports
# (ie, 80 and 443), where Traefik will be listening.
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
keyFile = "/certs/my.key"
certFile = "/certs/my.pem"
# These options are for Traefik's integration with Docker.
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
[file]
[frontends]
[frontends.frontend1]
entrypoints = ["http", "https"]
backend = "backend1"
passHostHeader = true
[frontends.frontend1.routes.rule1]
rule = "Host:myhost.ca,PathPrefix:/path1,PathPrefix:/path2"
[frontends.frontend2]
entrypoints = ["https", "https"]
backend = "backend2"
passHostHeader = true
[frontends.frontend2.routes.rule1]
rule = "Host:myhost.ca;PathPrefix:/mail,PathPrefix:/iredadmin"
[backends]
[backends.backend1]
[backends.backend1.servers.server]
url = "http://<QNAPIP>"
[backends.backend2]
[backends.backend2.servers.server]
url = "http://<iRedMailserverIP>"
Это лог-файл, созданный Traefik при попытке подключиться к iRedMail:
{"BackendAddr":"192.168.1.179","BackendName":"backend2","BackendURL":{"Scheme":"http","Opaque":"","User":null,"Host":"192.168.1.179","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"ClientAddr":"10.0.3.1:59075","ClientHost":"10.0.3.1","ClientPort":"59075","ClientUsername":"-","DownstreamContentSize":178,"DownstreamStatus":301,"DownstreamStatusLine":"301 Moved Permanently","Duration":2980223,"FrontendName":"frontend2","OriginContentSize":178,"OriginDuration":2854082,"OriginStatus":301,"OriginStatusLine":"301 Moved Permanently","Overhead":126141,"RequestAddr":"example.com","RequestContentSize":0,"RequestCount":2,"RequestHost":"example.com","RequestLine":"GET /mail/ HTTP/1.1","RequestMethod":"GET","RequestPath":"/mail/","RequestPort":"-","RequestProtocol":"HTTP/1.1","RetryAttempts":0,"StartLocal":"2019-01-14T00:31:44.680864862Z","StartUTC":"2019-01-14T00:31:44.680864862Z","downstream_Content-Length":"178","downstream_Content-Security-Policy":"default-src https: data: 'unsafe-inline' 'unsafe-eval'","downstream_Content-Type":"text/html","downstream_Date":"Mon, 14 Jan 2019 00:31:43 GMT","downstream_Location":"https://example.com/mail/","downstream_Referrer-Policy":"strict-origin","downstream_Server":"nginx","downstream_X-Content-Type-Options":"nosniff","downstream_X-Download-Options":"noopen","downstream_X-Frame-Options":"sameorigin","downstream_X-Permitted-Cross-Domain-Policies":"none","downstream_X-Xss-Protection":"1; mode=block","level":"info","msg":"","origin_Content-Length":"178","origin_Content-Security-Policy":"default-src https: data: 'unsafe-inline' 'unsafe-eval'","origin_Content-Type":"text/html","origin_Date":"Mon, 14 Jan 2019 00:31:43 GMT","origin_Location":"https://example.com/mail/","origin_Referrer-Policy":"strict-origin","origin_Server":"nginx","origin_X-Content-Type-Options":"nosniff","origin_X-Download-Options":"noopen","origin_X-Frame-Options":"sameorigin","origin_X-Permitted-Cross-Domain-Policies":"none","origin_X-Xss-Protection":"1; mode=block","request_Accept":"text/html, application/xhtml+xml, image/jxr, */*","request_Accept-Encoding":"gzip, deflate","request_Accept-Language":"en-US","request_Connection":"Keep-Alive","request_User-Agent":"Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko","time":"2019-01-14T00:31:44Z"}
{"BackendAddr":"192.168.1.55","BackendName":"backend1","BackendURL":{"Scheme":"http","Opaque":"","User":null,"Host":"192.168.1.55","Path":"","RawPath":"","ForceQuery":false,"RawQuery":"","Fragment":""},"ClientAddr":"10.0.3.1:59137","ClientHost":"10.0.3.1","ClientPort":"59137","ClientUsername":"-","DownstreamContentSize":25286,"DownstreamStatus":200,"DownstreamStatusLine":"200 OK","Duration":2340292,"FrontendName":"frontend1","OriginContentSize":25286,"OriginDuration":2141412,"OriginStatus":200,"OriginStatusLine":"200 OK","Overhead":198880,"RequestAddr":"example.com","RequestContentSize":0,"RequestCount":129,"RequestHost":"example.com","RequestLine":"GET /path1/images/path1.jpg HTTP/1.1","RequestMethod":"GET","RequestPath":"/path1/images/path1.jpg","RequestPort":"-","RequestProtocol":"HTTP/1.1","RetryAttempts":0,"StartLocal":"2019-01-14T00:32:00.800094111Z","StartUTC":"2019-01-14T00:32:00.800094111Z","downstream_Accept-Ranges":"bytes","downstream_Content-Length":"25286","downstream_Content-Type":"image/jpeg","downstream_Date":"Mon, 14 Jan 2019 00:32:00 GMT","downstream_Etag":"\"62c6-5531b33cf4f80\"","downstream_Last-Modified":"Thu, 29 Jun 2017 15:46:22 GMT","downstream_Server":"Apache","downstream_X-Frame-Options":"SAMEORIGIN","level":"info","msg":"","origin_Accept-Ranges":"bytes","origin_Content-Length":"25286","origin_Content-Type":"image/jpeg","origin_Date":"Mon, 14 Jan 2019 00:32:00 GMT","origin_Etag":"\"62c6-5531b33cf4f80\"","origin_Last-Modified":"Thu, 29 Jun 2017 15:46:22 GMT","origin_Server":"Apache","origin_X-Frame-Options":"SAMEORIGIN","request_Accept":"*/*","request_Accept-Encoding":"gzip, deflate","request_Connection":"Keep-Alive","request_Cookie":"NAS_SID=4se5idi0","request_Dnt":"1","request_Ua-Cpu":"AMD64","request_User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko","time":"2019-01-14T00:32:00Z"}
В основном, если я иду на example.com/, он идет в QNAP и работает нормально. Если я захожу на example.com/mail или example.com/iredadmin, я бы хотел, чтобы он пошел на этот другой хост в локальной сети, но я получаю ошибку 404. Я заменил example.com на google.com и добавил команду PathPrefixStrip, чтобы посмотреть, может ли он подключиться за пределами докера, и может, так как я также получаю 404, не найденный, но, по крайней мере, сообщение приходит от Google, хотя, кажется, что оно портится путь.
Есть идеи? (Да, я исследовал это онлайн в течение прошлой недели и играл с другими настройками. Я, вероятно, упускаю что-то простое - помогите, добро пожаловать.)