我正在尝试使用 Docker 和 Traefik v2 反向代理设置 Matrix Synapse 服务器。
如果我在 docker-compose 文件中定义一个网络并且 Traefik、Synapse 和 postgres 都使用该网络,我的设置就可以工作。
但是,根据我目前对 Docker 的了解,我应该将 postgres 放在一个单独的网络上(backed
)而不是 Traefik(web
)。然后 Synapse 将在两个网络上。但是,当我这样做时,我不再能够连接到 Synapse。它超时最终说Gateway Timeout
。
就好像 Synapse 只在backend
网络上监听一样。
version: '3.2'
services:
synapse:
container_name: synapse
hostname: ${MATRIX_HOSTNAME}
image: docker.io/matrixdotorg/synapse:latest
restart: unless-stopped
environment:
- SYNAPSE_SERVER_NAME=${MATRIX_HOSTNAME}
- SYNAPSE_REPORT_STATS=yes
- SYNAPSE_NO_TLS=1
- SYNAPSE_ENABLE_REGISTRATION=no
- SYNAPSE_LOG_LEVEL=DEBUG
- SYNAPSE_REGISTRATION_SHARED_SECRET=${REG_SHARED_SECRET}
- POSTGRES_DB=synapse
- POSTGRES_HOST=db
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
# expose:
# - "8008"
volumes:
- type: bind
source: /opt/services/synapse
target: /data
depends_on:
- db
networks:
- web
- backend
labels:
- "traefik.enable=true"
- "traefik.http.routers.synapse.rule=Host(`${MATRIX_HOSTNAME}`)"
- "traefik.http.services.synapse.loadbalancer.server.port=8008"
- "traefik.http.routers.synapse.entrypoints=websecure"
- "traefik.http.routers.synapse.tls.certresolver=myresolver"
- "traefik.docker.network=web"
db:
image: docker.io/postgres:10-alpine
container_name: "synapse_db"
restart: unless-stopped
environment:
- POSTGRES_DB=synapse
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
volumes:
- /opt/services/synapse_db:/var/lib/postgresql/data
networks:
- backend
labels:
- "traefik.enable=false"
traefik:
image: traefik:v2.5
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=web"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=${CERTBOT_EMAIL}"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
# Router forwards 443 on WAN to 8443 on host so we don't need root permissions
- "8443:443"
- "8080:8080"
networks:
- web
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./letsencrypt:/letsencrypt"
restart:
unless-stopped
networks:
web:
backend:
在 Synapse 的homeserver.yaml
文件中,有一个部分可以让我绑定到特定接口,但我没有进行任何更改,因此它应该默认监听所有接口:
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
# - names: [client, federation]
- names: [client]
compress: false
如果我进入单个网络设置,它就可以工作。两个网络设置我做错了什么?