Traefik v2.0 新人指南

老年組折騰 Treafik 真的是腦花都燒完了。
好久沒寫學(xué)習(xí)筆記了,都以為自己可能沒腦子寫了呢。[Sigh]

本文為學(xué)習(xí)記錄,僅供參考。

Key:基于 Docker Compose,用 Traefik 實(shí)現(xiàn)本地自定義域名端口轉(zhuǎn)發(fā)。

上圖:


Traefik

先貼文件結(jié)構(gòu)

.
├── config
│   ├── default.toml
│   ├── your.domain.toml
│   └── tsl.toml
├── ssl
│   ├── your.domain.conf
│   ├── your.domain.crt
│   └── your.domain.key
├── traefik.toml
└── traefik.yml

Docker Compose 配置文件:

version: '3.7'

services:

  traefik:
    container_name: traefik
    image: traefik:v2.1.3
    restart: always
    ports:
      - 80:80
      - 443:443
    networks:
      - traefik
    command: traefik --configFile /etc/traefik.toml
    labels:
      - "traefik.enable=false"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./ssl/:/data/ssl/:ro
      - ./traefik.toml:/etc/traefik.toml:ro
      - ./config/:/etc/traefik/config/:ro
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy off localhost:4398/ping || exit 1"]

# 先創(chuàng)建外部網(wǎng)卡
# docker network create traefik
networks:
  traefik:
    external: true

Traefik核心配置文件:

traefik.toml

# traefik.toml

[global]
  checkNewVersion = false
  sendAnonymousUsage = false

[log]
  level = "WARN"
  format = "common"

[api]
  dashboard = true
  insecure = true

[ping]

[accessLog]

[providers]
  [providers.docker]
    watch = true
    exposedByDefault = false
    endpoint = "unix:///var/run/docker.sock"
    swarmMode = false
    useBindPortIP = false
    network = "traefik"
  [providers.file]
    watch = true
    directory = "/etc/traefik/config"
    debugLogGeneratedTemplate = true

[entryPoints]
  [entryPoints.http]
    address = ":80"
  [entryPoints.https]
    address = ":443"

config 文件

default.toml (名字隨便?。?/p>

  • 公共中間件實(shí)現(xiàn) http 自動跳轉(zhuǎn) https
# default.toml

[http.middlewares.https-redirect.redirectScheme]
  scheme = "https"
[http.middlewares.content-compress.compress]

# tricks
# https://github.com/containous/traefik/issues/4863#issuecomment-491093096
[http.services]
  [http.services.noop.LoadBalancer]
     [[http.services.noop.LoadBalancer.servers]]
        url = "" # or url = "localhost"

[http.routers]
  [http.routers.https-redirect]
    entryPoints = ["http"]
    rule = "HostRegexp(`{any:.*}`)"
    middlewares = ["https-redirect"]
    service = "noop"

tls.toml (名字隨便取)

  • SSL證書管理
# tls.toml 

[tls]
  [tls.options]
    [tls.options.default]
      minVersion = "VersionTLS12"
      maxVersion = "VersionTLS12"
    [tls.options.test-tls13]
      minVersion = "VersionTLS13"
      cipherSuites = [
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      ]

  [[tls.certificates]]
    certFile = "/data/ssl/kx.me.crt"
    keyFile = "/data/ssl/kx.me.key"

your.domain.toml (名字隨便?。?/p>

  • 自定義規(guī)則配置

!??!注意:要轉(zhuǎn)發(fā)端口的地址盡量用IP地址(如果是本地,盡量用局域網(wǎng)地址)

# your.domain.toml

[http.middlewares.dash-compress.compress]
[http.middlewares.dash-auth.basicAuth]
  users = [
    "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
    "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
  ]

[http.routers.dashboard-redirect-https]
  rule = "Host(`your.domain`,`md.your.domain`)"
  entryPoints = ["http"]
  service = "noop"
  middlewares = ["https-redirect"]
  priority = 100

[http.routers.dashboard]
  rule = "Host(`your.domain`)"
  entrypoints = ["https"]
  service = "dashboard@internal"
  middlewares = ["dash-auth", "dash-compress"]
  [http.routers.dashboard.tls]

[http.routers.api]
  rule = "Host(`your.domain`) && PathPrefix(`/api`)"
  entrypoints = ["https"]
  service = "api@internal"
  middlewares = ["dash-auth", "dash-compress"]
  [http.routers.api.tls]

[http.routers.ping]
  rule = "Host(`your.domain`) && PathPrefix(`/ping`)"
  entrypoints = ["https"]
  service = "ping@internal"
  middlewares = ["dash-auth", "dash-compress"]
  [http.routers.ping.tls]

[http.routers.md]
  rule = "Host(`md.your.domain`)"
  entrypoints = ["https"]
  service = "md"
  middlewares = ["dash-auth", "dash-compress"]
  [http.routers.md.tls]

[http.services.md]
  [[http.services.md.LoadBalancer.servers]]
    url = "http://ip.ip.ip.ip:port" # 要轉(zhuǎn)發(fā)端口的地址盡量用IP地址(如果是本地,盡量用局域網(wǎng)地址)

參考:

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容