如何解决traefik https 重定向不适用于带有 Shinyproxy
我正在关注这个伟大的 tutorial,使用 traefik (v.2.2) 和 keycloak 在 docker-swarm 上设置了一个 Shinyproxy,以便在 ubuntu 20.04 LTS 服务器上进行身份验证。出于某种原因,我无法使用 Shinyproxy 的 https 重定向。我在使用和不使用 keycloak 身份验证的情况下都尝试过。
https 重定向适用于 keycloak.app.example.com 并在登录后在浏览器中手动添加 https 到我的 url 中(例如在地址栏中用 https 替换 http:https:/ /shinyproxy.example.com)。不幸的是,从 http 到 https 的自动重定向不起作用(http://shinyproxy.example.com -> https://shinyproxy.example.com)。知道为什么这不起作用以及我如何解决这个问题吗?
在此先感谢您!
这是我的 application.yml:
version: '3'
services:
shinyproxy:
image: mydocker/shinyproxy
# The labels section is where you specify configuration values for Traefik.
# Docker labels don’t do anything by themselves,but Traefik reads these so
# it knows how to treat containers.
ports:
- 8090:8090
networks:
- traefik-public
- sp-net
deploy:
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.role==manager
labels:
- "traefik.enable=true" # enable traefik
- "traefik.docker.network=traefik-public" # put it in the same network as traefik
- "traefik.constraint-label=traefik-public" # assign the same label as traefik so it can be discovered
- "traefik.http.routers.shinyproxy.rule=Host(`shinyproxy.example.com`)" # listen to port 80 for request to APP_DOMAIN (use together with the line below)
- "traefik.http.routers.shinyproxy.entrypoints=http"
- "traefik.http.middlewares.shinyproxy-https-redirect.redirectscheme.scheme=https" # redirect traffic to https
- "traefik.http.middlewares.shinyproxy-https-redirect.redirectscheme.permanent=true" # redirect traffic to https
- "traefik.http.routers.shinyproxy-secured.rule=Host(`shinyproxy.example.com`)" # listen to port 443 for request to APP_DOMAIN (use together with the line below)
- "traefik.http.routers.shinyproxy-secured.entrypoints=https"
- "traefik.http.routers.shinyproxy-secured.tls.certresolver=le" # use the Let's Encrypt certificate we set up earlier
- "traefik.http.services.shinyproxy-secured.loadbalancer.server.port=8090" # ask Traefik to search for port 8090 of the shinyproxy service container
volumes:
- ./application/application_keycloak.yml:/opt/shinyproxy/application.yml
- /var/run/docker.sock:/var/run/docker.sock
networks:
traefik-public:
external: true
sp-net:
external: true
这是 traefik.yml:
version: '3.3'
services:
traefik:
# Use the latest v2.2.x Traefik image available
image: traefik:v2.2
ports:
# Listen on port 80,default for HTTP,necessary to redirect to HTTPS
- 80:80
# Listen on port 443,default for HTTPS
- 443:443
deploy:
placement:
constraints:
# Make the traefik service run only on the node with this label
# as the node with it has the volume for the certificates
- node.labels.traefik-public.traefik-public-certificates == true
labels:
# Enable Traefik for this service,to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=traefik-public
# Use the custom label "traefik.constraint-label=traefik-public"
# This public Traefik will only use services with this label
# That way you can add other internal Traefik instances per stack if needed
- traefik.constraint-label=traefik-public
# admin-auth middleware with HTTP Basic auth
# Using the environment variables USERNAME and HASHED_PASSWORD
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable not set}:${HASHED_PASSWORD?Variable not set}
# https-redirect middleware to redirect HTTP to HTTPS
# It can be re-used by other stacks in other Docker Compose files
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# traefik-http set up only to use the middleware to redirect to https
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-http.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
# traefik-https the actual router using HTTPS
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable not set}`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-public-https.tls.certresolver=le
# Enable HTTP Basic auth,using the middleware created above
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
# Define the port inside of the Docker service to use
- traefik.http.services.traefik-public.loadbalancer.server.port=8090
volumes:
# Add Docker as a mounted volume,so that Traefik can read the labels of other services
- /var/run/docker.sock:/var/run/docker.sock:ro
# Mount the volume to store the certificates
- traefik-public-certificates:/certificates
command:
# Enable Docker in Traefik,so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
- --providers.docker.constraints=Label(`traefik.constraint-label`,`traefik-public`)
# Do not expose all Docker services,only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Create an entrypoint "http" listening on port 80
- --entrypoints.http.address=:80
# Create an entrypoint "https" listening on port 443
- --entrypoints.https.address=:443
# Create the certificate resolver "le" for Let's Encrypt,uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email=${EMAIL?Variable not set}
# Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log,with HTTP requests
- --accesslog
# Enable the Traefik log,for configurations and errors
- --log
# Enable the Dashboard and API
- --api
networks:
# Use the public network created to be shared between Traefik and
# any other service that needs to be publicly available with HTTPS
- traefik-public
volumes:
# Create a volume to store the certificates,there is a constraint to make sure
# Traefik is always deployed to the same Docker node with the same volume containing
# the HTTPS certificates
traefik-public-certificates:
networks:
# Use the previously created public network "traefik-public",shared with other
# services that need to be publicly available via this Traefik
traefik-public:
external: true
这是 Shinyproxy 的 applcation.yml:
proxy:
title: My title
port: 8090
container-wait-time: 30000
heartbeat-rate: 10000
heartbeat-timeout: 60000
landing-page: /app/myapp
authentication: keycloak
admin-groups: admins
keycloak:
realm: master
auth-server-url: https://keycloak.app.example.com/auth
resource: shinyproxy
credentials-secret: ************** # the Keycloak secret for your "client application"
# Set the container backend: The container-backend can be one of docker (default),docker-swarm or kubernetes
container-backend: docker-swarm
docker:
internal-networking: true
# Below is a list of Shiny apps and their config
specs:
- id: ecrf
display-name: myapp
description: my app
container-image: myappimg
container-network: sp-net
access-groups: user
server:
useForwardHeaders: true
logging:
file:
shinyproxy.log
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。