昨天我們成功在 http://ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com:8080/api/rawdata
成功看到 API 原始資料,那今天首先就先去 http://ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com:3000
看看
因為昨天有 --build 的關係,所以會跑出這個需要我們建 db 是預料中的。到這邊為止目前看起來都沒有異常,但我們一開始使用 traefik 是因為我們需要將網址從 http 變成 https ,所以我們將網址改為 https://ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com:3000
再試一次
去看看 log
HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
可以猜測這應該是一個無效的 http 請求,為甚麼會無效呢?我重新看一下 官網 的圖片
可以看到交警伯伯 traefik ,當我們訪問網址時,會找到交警伯伯,但是我們好像還沒有將我們這個網址的服務 app 跟他做連結,所以我需要先將我的 app 服務與 traefik 做個連結
我找到一篇蒼時弦也的 Rails 部署實踐 - 使用 HTTPS 協定加密連線 與我要達成的目標相近,所以參考這篇文章並將其改為符合我專案的樣子,目前 docker-compose.yml 長成如下:
version: "3.9"
services:
app:
image: krystallll/docker_test:1.0
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: password
POSTGRES_HOST: db
POSTGRES_PORT: 5432
restart: on-failure
# ports:
# - 80:3000
labels:
- "traefik.enable=true"
- "traefik.http.services.app.loadbalancer.server.port=3000"
- "traefik.http.routers.app.rule=Host(`ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com`)"
- "traefik.http.routers.app.entrypoints=web"
- "traefik.http.routers.app.tls=true"
- "traefik.http.routers.app.tls.certresolver=letsencrypt"
db:
image: postgres:14-alpine
restart: on-failure
environment:
POSTGRES_PASSWORD: password
traefik:
image: traefik:v2.10
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencrypt.acme.email=krystal@5xcampus.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- /var/run/docker.sock:/var/run/docker.sock
這邊將原本 middlewares 有關的都先拿掉,一方面是因為我在下方的錯誤訊息裡撞牆了好久
ec2-user-traefik-1 | time="2023-10-10T17:54:19Z" level=error msg="middleware "https-redirect@docker" does not exist" entryPointName=web routerName=app-http@docker
另外也因為,希望是先用最簡化的方式教大家部署,一種先求有再求好的心態,所以我這邊就先移除 middlewares。
當我重新 docker-compose up
時,終於脫離上述的錯誤泥沼中,看到新的錯誤
ec2-user-traefik-1 | time="2023-10-10T18:40:38Z" level=error msg="Unable to obtain ACME certificate for domains "ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com": unable to generate a certificate for the domains [ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=app@docker rule="Host(
ec2-52-199-213-167.ap-northeast-1.compute.amazonaws.com
)" providerName=letsencrypt.acme
看起來像是他無法發給我證書的錯誤訊息,那我們明天繼續來找找為何會無法發放吧!