.png)
가이드를 사용하여 docker에서 Traefik을 구성했습니다.모든 것에 와일드카드 인증서와 SSL을 적용하세요 - Traefik Tutorial
하지만 대시보드에 액세스하려고 하면 404 페이지를 찾을 수 없다는 오류가 표시됩니다.
나는 여러 포럼에서 이 질문을 했습니다.
나는 모든 것을 시도했습니다:
- Ubuntu 및 라우터에서 방화벽을 비활성화했습니다.
- 로컬 IP와 로컬 컴퓨터 IP 모두에서 로그인을 시도했습니다: localhost 및 192.168.88.253
- Traefik과 Bind9가 모두 동일한 네트워크에 있도록 docker compose 파일을 구성하고 Traefik-dashboard 항목을 추가하여 Bind 9에 하위 도메인을 구성했습니다. 도메인에서 Traefik 대시보드에 액세스할 수 없었고 여전히 액세스할 수 없습니다. 그런데 로컬 ip로도, localhost로도 입력이 안되네요.
아래에서는 docker-compose 파일, 오류 로그 등을 포함한 모든 팁을 제공하겠습니다. 제 결함을 지적하고 이 문제를 해결하는 데 도움을 주시면 매우 감사하겠습니다.
traefik docker-compose.yml부터 시작해 보겠습니다.
version: '3.8'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
proxy1:
dns-server_dns-network:
ipv4_address: 10.20.3.5
ports:
- 80:80
- 443:443
environment:
- CF_API_EMAIL=****@protonmail.com
- CF_DNS_API_TOKEN=mdc3Xlhxpuidm***
# - CF_API_KEY=YOUR_API_KEY
# be sure to use the correct one depending on if you are using a token or key
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/traefik/data/traefik.yml:/traefik.yml:ro
- /root/traefik/data/acme.json:/acme.json
- /root/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.****.com`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:BASIC_AUTH_PASSWORD"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.****.com`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.****.com"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.****.com"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
dns-server_dns-network:
external: true
proxy1:
external: true
조금 설명하겠습니다. dns-server_dns-network는 dns-server(bind9)의 네트워크입니다. 이 역시 docker 컨테이너 내부에 있지만 다른 것입니다. 이 경우 로컬 하위 도메인을 할당해야 하며 모든 것이 올바르게 작동합니다..proxy1 - Traefik 자체의 네트워크입니다.
Traefik config.yml:
http:
#region routers
routers:
bind9:
entryPoints:
- "https"
rule: "Host(`bind9.local.*****.com`)"
middlewares:
- default-headers
- https-redirectscheme
tls: {}
service: bind9
pterodactyl:
entryPoints:
- "https"
rule: "Host(`pterodactyl.local.*****.com`)"
middlewares:
- default-headers
- https-redirectscheme
tls: {}
service: pterodactyl
#endregion
#region services
services:
bind9:
loadBalancer:
servers:
- url: "https://10.20.3.2:53"
passHostHeader: true
pterodactyl:
loadBalancer:
servers:
- url: "http://10.20.3.6:8082"
passHostHeader: true
#endregion
middlewares:
addprefix-pihole:
addPrefix:
prefix: "/admin"
https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
redirectregex-pihole:
redirectRegex:
regex: /admin/$
replacement: /
default-headers:
headers:
frameDeny: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
idrac:
headers:
frameDeny: true
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 15552000
customFrameOptionsValue: SAMEORIGIN
customRequestHeaders:
X-Forwarded-Proto: https
default-whitelist:
ipWhiteList:
sourceRange:
- "10.0.0.0/8"
- "192.168.88.0/24"
- "172.16.0.0/12"
secured:
chain:
middlewares:
- default-whitelist
- default-headers
Traefik.yml:
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
cloudflare:
acme:
email: ****@protonmail.com
storage: acme.json
dnsChallenge:
delayBeforeCheck: 5
provider: cloudflare
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables>
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
acme.json 파일:
{
"cloudflare": {
"Account": {
"Email": "*****@protonmail.com",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:****@protonmail.com"
]
},
"uri": "https://acme-v02.api.letsencrypt.org/acme/acct/1308****76"
},
"PrivateKey": "MIIJKQ**********fhYGyV2xowwa/O9WSHf+3GU>
"KeyType": "4096"
},
"Certificates": [
{
"domain": {
"main": "local.*****.com",
"sans": [
"*.local.*****.com"
]
},
"certificate": "LS0tLS1C***********N3VUEKTURJ>
"key": "LS0tLS1CRUdJTiBS*******Bejk4bzdCeTBtCnhLVFFC>
"Store": "default"
}
]
}
}
컨테이너와 함께 Traefik을 실행하면 로그에 아무것도 없습니다.
root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
그러나 restart를 작성하면 로그에 오류가 표시됩니다.
root@riven:~/traefik/data# docker restart traefik
traefik
root@riven:~/traefik/data# docker logs --tail=100 traefik
time="2023-09-14T03:47:43+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=http
time="2023-09-14T14:37:35+03:00" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=https
time="2023-09-14T14:37:36+03:00" level=info msg="Configuration loaded from file: /traefik.yml"
혹시라도 모든 컨테이너 목록은 다음과 같습니다.
root@riven:~/dns-server/config# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78296a683271 traefik:latest "/entrypoint.sh trae…" 11 hours ago Up 25 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp traefik
5c3081b0c7df ubuntu/bind9:latest "docker-entrypoint.sh" 12 hours ago Up 8 minutes 0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp dns-server
이제 역시 컨테이너에서 실행되는 DNS 서버 바인딩9로 이동해 보겠습니다.
바인드9 docker-compose.yml:
version: '3'
networks:
dns-network:
driver: bridge
ipam:
config:
- subnet: 10.20.0.0/16
services:
bind9:
container_name: dns-server
image: ubuntu/bind9:latest
environment:
- BIND9_USER=root
- TZ=Europe/Moscow
networks:
dns-network:
ipv4_address: 10.20.3.2
ports:
- "53:53/tcp"
- "53:53/udp"
volumes:
- ./config:/etc/bind
- ./cache:/var/cache/bind
- ./records:/var/lib/bind
restart: unless-stopped
명명된.conf 파일:
acl internal {
10.10.0.0/16;
10.11.0.0/16;
10.20.0.0/16;
10.50.0.0/16;
192.168.88.0/24;
};
options {
forwarders {
1.1.1.1;
1.0.0.1;
};
allow-query { internal; };
};
zone "local.*****.com" IN {
type master;
file "/etc/bind/local-*****-com.zone";
};
local-*****-com.zone 파일:
$TTL 2D
$ORIGIN local.*****.com.
@ IN SOA ns.local.*****.com. admin.*****.com. (
2023083100 ; serial
12h ; refresh
15m ; retry
3w ; expire
2h ; minimum ttl
)
IN NS ns.local.*****.com.
ns IN A 10.20.3.2
; -- add dns records below
servers IN A 10.20.3.4
*.servers IN A 10.20.3.4
traefik-dashboard IN A 10.20.3.5
Bind9 로그:
root@riven:~/dns-server/config# docker logs --tail=200 dns-server
Starting named....
exec /usr/sbin/named -u "root" "-g" ""
14-Sep-2023 14:54:56.133 starting BIND 9.18.12-1ubuntu1.1-Ubuntu (Extended Support Version) <id:>
14-Sep-2023 14:54:56.133 running on Linux x86_64 6.2.0-32-generic #32~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 18 10:40:13 UTC 2
14-Sep-2023 14:54:56.133 built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/build/bind9-2zwQl8/bind9-9.18.12=/usr/src/bind9-1:9.18.12-1ubuntu1.1 -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
14-Sep-2023 14:54:56.133 running as: named -u root -g
14-Sep-2023 14:54:56.133 compiled by GCC 12.2.0
14-Sep-2023 14:54:56.133 compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
14-Sep-2023 14:54:56.133 compiled with libxml2 version: 2.9.14
14-Sep-2023 14:54:56.133 linked to libxml2 version: 20914
14-Sep-2023 14:54:56.133 compiled with json-c version: 0.16
14-Sep-2023 14:54:56.133 linked to json-c version: 0.16
14-Sep-2023 14:54:56.133 compiled with zlib version: 1.2.13
14-Sep-2023 14:54:56.133 linked to zlib version: 1.2.13
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 BIND 9 is maintained by Internet Systems Consortium,
14-Sep-2023 14:54:56.133 Inc. (ISC), a non-profit 501(c)(3) public-benefit
14-Sep-2023 14:54:56.133 corporation. Support and training for BIND 9 are
14-Sep-2023 14:54:56.133 available at https://www.isc.org/support
14-Sep-2023 14:54:56.133 ----------------------------------------------------
14-Sep-2023 14:54:56.133 found 8 CPUs, using 8 worker threads
14-Sep-2023 14:54:56.133 using 8 UDP listeners per interface
14-Sep-2023 14:54:56.133 DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
14-Sep-2023 14:54:56.133 DS algorithms: SHA-1 SHA-256 SHA-384
14-Sep-2023 14:54:56.133 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
14-Sep-2023 14:54:56.133 TKEY mode 2 support (Diffie-Hellman): yes
14-Sep-2023 14:54:56.133 TKEY mode 3 support (GSS-API): yes
14-Sep-2023 14:54:56.137 config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
14-Sep-2023 14:54:56.137 loading configuration from '/etc/bind/named.conf'
14-Sep-2023 14:54:56.137 unable to open '/etc/bind/bind.keys'; using built-in keys instead
14-Sep-2023 14:54:56.137 looking for GeoIP2 databases in '/usr/share/GeoIP'
14-Sep-2023 14:54:56.137 using default UDP/IPv4 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 using default UDP/IPv6 port range: [32768, 60999]
14-Sep-2023 14:54:56.137 listening on IPv4 interface lo, 127.0.0.1#53
14-Sep-2023 14:54:56.141 listening on IPv4 interface eth0, 10.20.3.2#53
14-Sep-2023 14:54:56.141 Could not open '//run/named/named.pid'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/named.pid': Permission denied
14-Sep-2023 14:54:56.141 generating session key for dynamic DNS
14-Sep-2023 14:54:56.141 Could not open '//run/named/session.key'.
14-Sep-2023 14:54:56.141 Please check file and directory permissions or reconfigure the filename.
14-Sep-2023 14:54:56.141 could not open file '//run/named/session.key': Permission denied
14-Sep-2023 14:54:56.141 could not create //run/named/session.key
14-Sep-2023 14:54:56.141 failed to generate session key for dynamic DNS: permission denied
14-Sep-2023 14:54:56.141 sizing zone task pool based on 1 zones
14-Sep-2023 14:54:56.141 none:99: 'max-cache-size 90%' - setting to 57829MB (out of 64255MB)
14-Sep-2023 14:54:56.141 using built-in root key for view _default
14-Sep-2023 14:54:56.141 set up managed keys zone for view _default, file 'managed-keys.bind'
14-Sep-2023 14:54:56.141 automatic empty zone: 10.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 16.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 17.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 18.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 19.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 20.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 21.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 22.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 23.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 24.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 25.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 26.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 27.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 28.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 29.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 30.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 31.172.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 168.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 64.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 65.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 66.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 67.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 68.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 69.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 70.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 71.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 72.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 73.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 74.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 75.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 76.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 77.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 78.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 79.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 80.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 81.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 82.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 83.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 84.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 85.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 86.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 87.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 88.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 89.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 90.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 91.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 92.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 93.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 94.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 95.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 96.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 97.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 98.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 99.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 101.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 102.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 103.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 104.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 105.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 106.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 107.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 108.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 109.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 110.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 111.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 112.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 113.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 114.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 115.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 116.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 117.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 118.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 119.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 120.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 121.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 122.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 123.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 124.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 125.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 126.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.100.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 0.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 127.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 254.169.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 2.0.192.IN-ADDR.ARPA
14-Sep-2023 14:54:56.141 automatic empty zone: 100.51.198.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 113.0.203.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: D.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 9.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: A.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: B.E.F.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: EMPTY.AS112.ARPA
14-Sep-2023 14:54:56.145 automatic empty zone: HOME.ARPA
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on 127.0.0.1#953
14-Sep-2023 14:54:56.145 configuring command channel from '/etc/bind/rndc.key'
14-Sep-2023 14:54:56.145 command channel listening on ::1#953
14-Sep-2023 14:54:56.145 not using config file logging statement for logging due to -g option
14-Sep-2023 14:54:56.145 managed-keys-zone: loaded serial 2
14-Sep-2023 14:54:56.149 zone local.*****.com/IN: loaded serial 2023083100
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:1::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:dc3::35#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:ba3e::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fe::53#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:12::d0d#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2::c#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2f::f#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:a8::e#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:9f::42#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:7fd::1#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:503:c27::2:30#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:200::b#53
14-Sep-2023 14:54:56.149 address not available resolving './NS/IN': 2001:500:2d::d#53
14-Sep-2023 14:54:56.153 all zones loaded
14-Sep-2023 14:54:56.153 running
14-Sep-2023 14:54:56.173 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
14-Sep-2023 14:54:56.177 resolver priming query complete: success
내 모든 네트워크:
root@riven:~/dns-server/config# docker network ls
NETWORK ID NAME DRIVER SCOPE
bed0ea1726ee bridge bridge local
37f54b168f7e dns-server_dns-network bridge local
8db2a758902a host host local
d5d2a3a56006 none null local
44f6196d71d9 proxy1 bridge local
컨테이너의 IP 주소 확인:
root@riven:~/dns-server/config# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78296a683271 traefik:latest "/entrypoint.sh trae…" 11 hours ago Up 25 minutes 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp traefik
5c3081b0c7df ubuntu/bind9:latest "docker-entrypoint.sh" 12 hours ago Up 8 minutes 0.0.0.0:53->53/tcp, 0.0.0.0:53->53/udp, :::53->53/tcp, :::53->53/udp, 953/tcp dns-server
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 78296a683271
10.20.3.5172.18.0.2
root@riven:~/dns-server/config# docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' 5c3081b0c7df
10.20.3.2
그러나 DNS 서버가 제대로 작동하는 것을 볼 수 있듯이 nslookup 쿼리에서 볼 수 있습니다.
root@riven:~/dns-server/config# nslookup local.*****.com
Server: 192.168.88.1
Address: 192.168.88.1#53
Non-authoritative answer:
Name: local.*****.com
Address: 91.***.***.1*4
root@riven:~/dns-server/config# nslookup servers.local.*****.com 10.20.3.2
Server: 10.20.3.2
Address: 10.20.3.2#53
Name: servers.local.*****.com
Address: 10.20.3.4
root@riven:~/dns-server/config# nslookup traefik-dashboard.local.*****.com 10.20.3.2
Server: 10.20.3.2
Address: 10.20.3.2#53
Name: traefik-dashboard.local.*****.com
Address: 10.20.3.5
또한 로컬 도메인(local.*****.com)으로 이동하면 내 microtik 라우터 페이지가 표시됩니다.
하지만 traefik 패널에 들어가면 아무것도 작동하지 않는 것을 볼 수 있습니다.
곱슬 곱슬하다:
위의 모든 작업은 로컬 호스트 시스템에서 UFW(Ubuntu Firewall)가 완전히 비활성화된 상태에서 수행되고 있으며 mikrotik 방화벽도 비활성화되어 있습니다!!!
나는 내가 무엇을 잘못했는지, 어떻게 모든 것을 작동시킬 수 있는지 전혀 모릅니다. 적어도 Traefik 패널을 작동시키는 방법. 도움과 조언을 주시면 감사하겠습니다.