如何使用 traefik 和 docker compose 设置 mongodb?
我有一个 docker swarm 集群,我正在尝试使用 traefik 设置 mongodb。 Traefik 正在与我的其他服务配合使用,但我在使用 mongo 时遇到了问题。我尝试连接 mongo compass,通常会收到“connect ECONNREFUSED”错误。我不确定我缺少什么来让它工作。
Traefik docker 组成:
"--entrypoints.mongo.address=:27017"
Mongo docker 组成:
version: '3.8'
networks:
default:
external: true
name: proxy
services:
mongo:
image: mongo:5.0.6
volumes:
- /data/mongo:/data/db
deploy:
labels:
- 'traefik.enable=true'
- 'traefik.tcp.routers.mongo.rule=HostSNI(`example.com`)'
- 'traefik.tcp.routers.mongo.entrypoints=mongo'
- 'traefik.tcp.routers.mongo.tls=true'
- 'traefik.tcp.services.mongo.loadbalancer.server.port=27017'
I have a docker swarm cluster where I'm trying to setup mongodb using traefik. Traefik is working with my other services, but I'm having trouble with mongo. I try to connect with mongo compass and I usually get a "connect ECONNREFUSED" error. I'm not sure what I'm missing to get this working.
Traefik docker compose:
"--entrypoints.mongo.address=:27017"
Mongo docker compose:
version: '3.8'
networks:
default:
external: true
name: proxy
services:
mongo:
image: mongo:5.0.6
volumes:
- /data/mongo:/data/db
deploy:
labels:
- 'traefik.enable=true'
- 'traefik.tcp.routers.mongo.rule=HostSNI(`example.com`)'
- 'traefik.tcp.routers.mongo.entrypoints=mongo'
- 'traefik.tcp.routers.mongo.tls=true'
- 'traefik.tcp.services.mongo.loadbalancer.server.port=27017'
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
似乎在未启用 tls 的情况下使用带有 TCP 的特定 SNI 存在一些问题,如果您为 SNI 使用通配符,则它可以工作,如下所示:
traefik.tcp.routers.mongo.rule=HostSNI('*')但是,如果您有
traefik.tcp.routers.mongo.tls=true这似乎是您的情况,您还需要在 mongodb 容器上启用 SSL 功能并拥有它使用它自己的证书进行设置,您需要在 compass / robo3t 中使用该证书才能成功连接。我不确定如何绕过 tls 的删除和通配符的使用来使其正常工作。
Seems like there are some issues with using a specific SNI with TCP without having tls enabled and it works if you use a wildcard for the SNI like this:
traefik.tcp.routers.mongo.rule=HostSNI('*')However if you have
traefik.tcp.routers.mongo.tls=truewhich seems to be your case you also need to enable the SSL capability on the mongodb container and have it setup with it's own certificates that you need to use in compass / robo3t for a succesful conection.I'm not sure how to bypass the drop of tls and the use of the wildcard in order to get this working.