如何正确设置基本的traefik反向代理？

假设我当前的公共 IP 是101.15.14.71，我有一个名为的域example.com，我使用 cloudflare 配置了该域，并且我创建了多个指向我的公共 ip 的 DNS 条目。

例如：

1) new1.example.com - 101.15.14.71
2) new2.example.com - 101.15.14.71
3) new3.example.com - 101.15.14.71

现在，这是我的示例项目结构，

??? myapp
?   ??? app
?   ?   ??? main.py
?   ??? docker-compose.yml
?   ??? Dockerfile
??? myapp1
?   ??? app
?   ?   ??? main.py
?   ??? docker-compose.yml
?   ??? Dockerfile
??? traefik
    ??? acme.json
    ??? docker-compose.yml
    ??? traefik_dynamic.toml
    ??? traefik.toml

这里我有两个 fastAPI（即 myapp、myapp1）

这是我在myapp 和 myapp1中的main.py中的示例代码，它完全相同，但返回 staement 不同，仅此而已

from fastapi import FastAPI
app = FastAPI()
@app.get("/")
def read_main():
    return {"message": "Hello world for my project myapp"}

这里是我的Dockerfile对于MYAPP和myapp1，这里太两者都完全相同，但唯一不同的是我上部署MYAPP7777并myapp17778在不同的容器

FROM ubuntu:latest

ARG DEBIAN_FRONTEND=noninteractive
RUN apt update && apt upgrade -y
RUN apt install -y -q build-essential python3-pip python3-dev

# python dependencies
RUN pip3 install -U pip setuptools wheel
RUN pip3 install gunicorn fastapi uvloop httptools "uvicorn[standard]"

# copy required files
RUN bash -c 'mkdir -p /app'
COPY ./app /app


ENTRYPOINT /usr/local/bin/gunicorn 
    -b 0.0.0.0:7777  # this line I use for myapp dockerfile
    -b 0.0.0.0:7778  # this line I change for myapp1 dockerfile
    -w 1 
    -k uvicorn.workers.UvicornWorker app.main:app 
    --chdir /app

这是我的 myapp 和 myapp1 的 docker -compose.yml文件，这里我也有完全相同但唯一的区别是我更改了端口，

services:
  myapp:  # I use this line for myapp docker-compose file
  myapp1: # I use this line for myapp1 docker-compose file
    build: .
    restart: always
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik_public"

      - "traefik.backend=myapp" # I use this line for myapp docker-compose file
      - "traefik.backend=myapp1" # I use this line for myapp1 docker-compose file


      - "traefik.frontend.rule=Host:new2.example.com" # I use this for myapp compose file
      - "traefik.frontend.rule=Host:new3.example.com" # I use this for myapp1 compose file

      - "traefik.port=7777" # I use this line for myapp docker-compose file
      - "traefik.port=7778" # I use this line for myapp1 docker-compose file
    networks:
      - traefik_public

networks:
  traefik_public:
    external: true

现在来到traefik文件夹，

1. acme.json # 我使用nano acme.json没有任何内容的命令创建了它，但这样做是chmod 600 acme.json为了获得适当的权限。

2. traefik_dynamic.toml

[http]
  [http.routers]
    [http.routers.route0]
      entryPoints = ["web"]
      middlewares = ["my-basic-auth"]
      service = "api@internal"
      rule = "Host(`new1.example.com`)"
      [http.routers.route0.tls]
        certResolver = "myresolver"

[http.middlewares.test-auth.basicAuth]
  users = [
    ["admin:your_encrypted_password"]
  ]

3. traefik.toml

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[api]
  dashboard = true

[certificatesResolvers.myresolver.acme]
  email = "reallygoodtraefik@gmail.com"
  storage= "acme.json"
  [certificatesResolvers.myresolver.acme.httpChallenge]
    entryPoint = "web"

[providers]
  [providers.docker]
    watch = true
    network = "web"
  [providers.file]
    filename = "traefik_dynamic.toml"

4. docker-compose.yml

services:
  traefik:
    image: traefik:latest
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json
      - ./traefik_dynamic.toml:/traefik_dynamic.toml
    networks:
      - web

networks:
  web:

这些是有关我的文件的详细信息，我在这里尝试实现的是，

我想使用基本身份验证设置 traefik 和 traefik 仪表板，并且我部署了两个 fastapi 服务，

• myapp 7777，我需要通过new2.example.com
• myapp1 7778，我需要通过new3.example.com
• traefik 仪表板，我需要通过 new1.example.com

所有这些都应该是 https 并且还启用了认证自动更新。

我从最新版本的 traefik 的在线文章中获得了所有这些。但问题是这不起作用。我使用 docker-compose 来构建和部署 traefik 并打开 api 仪表板。它要求输入密码和用户 ( basic auth I setup) 我输入了我设置的用户详细信息，traefik_dynamic.toml但它不起作用。

我哪里做错了？请帮助我纠正配置中的错误。我真的很想了解更多关于这方面的信息。

错误更新：

traefik_1  | time="2021-06-16T01:51:16Z" level=error msg="Unable to obtain ACME certificate for domains "new1.example.com": unable to generate a certificate for the domains [new1.example.com]: error: one or more domains had a problem:n[new1.example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://new1.example.com/.well-known/acme-challenge/mu85LkYEjlvnbDI-wM2xMaRFO1QsPDNjepTDb47dWF0 [2606:4700:3032::6815:55c4]: 404n" rule="Host(`new1.example.com`)" routerName=api@docker providerName=myresolver.acme

traefik_1  | time="2021-06-16T01:51:19Z" level=error msg="Unable to obtain ACME certificate for domains "new2.example.com": unable to generate a certificate for the domains [new2.example.com]: error: one or more domains had a problem:n[new2.example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://new2.example.com/.well-known/acme-challenge/ykiCAEpJeQ1qgVdeFtSRo3q-ATTwgKdRdGHUs2kgIsY [2606:4700:3031::ac43:d1e9]: 404n" providerName=myresolver.acme routerName=myapp1@docker rule="Host(`new2.example.com`)"

traefik_1  | time="2021-06-16T01:51:20Z" level=error msg="Unable to obtain ACME certificate for domains "new3.example.com": unable to generate a certificate for the domains [new3.example.com]: error: one or more domains had a problem:n[new3.example.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from http://new3.example.com/.well-known/acme-challenge/BUZWuWdNd2XAXwXCwkeqe5-PHb8cGV8V6UtzeLaKryE [2606:4700:3031::ac43:d1e9]: 404n" providerName=myresolver.acme routerName=myapp@docker rule="Host(`new3.example.com`)"