Traefik
反向代理服务器,Docker 的好搭档,https://docs.traefik.io/ 。
有它了就可以自动发现 docker 中的各服务,不用自己搞 nginx 然后哼哧哼哧手动生成配置了。
这里使用 yaml 格式的配置文件举例,功能包括:
配置举例,注意这里用了两个 compose,通过 networks 联通起来,traefik 应当有所有服务的网络联通能力,不然它发现了服务也会 Gateway timeout 错误。
使用 dnspod 做 challenge, 需要为 traefik 配置环境变量 DNSPOD_API_KEY。
version: '3'
networks:
n1:
external:
name: t_n1
t_n2:
external: true
services:
traefik:
image: traefik
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- ./certs/acme.json:/acme.json
- ./traefik:/etc/traefik
ports:
- 80:80
- 443:443
environment:
DNSPOD_API_KEY: 49794,a259c8cdfc221e320xxxxxxxxxxxxxxx
networks:
- default
- n1
- t_n2
gotty:
image: lwzm/gotty
tty: true # required
volumes:
- /etc/localtime:/etc/localtime:ro
- /:/mnt/
labels:
traefik.enable: true
traefik.http.routers.gotty.rule: Host(`gotty.${DN}`)
traefik.http.routers.gotty.middlewares: gz@file
traefik.http.routers.gotty.tls: true
stream:
image: lwzm/stream
labels:
traefik.enable: true
traefik.http.routers.s.rule: Host(`s.${DN}`)
traefik.http.routers.s.middlewares: gz@file
traefik.http.routers.s.tls: true
portainer:
image: portainer/portainer
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- ./portainer:/data
labels:
traefik.enable: true
traefik.http.routers.p.rule: HostRegexp(`portainer.{_:.+}`)
traefik.http.routers.p.middlewares: gz@file
traefik.http.routers.p.tls: true
配置的开头展示了定义外部网络的两种方法。
routers.FOOBAR.rule 展示了域名的几种配置方法:
compose environment 参考:https://docs.docker.com/compose/environment-variables/
.env 文件位于当前目录,参考:
DN=fufu.fun
version: '3'
networks:
n1: {}
n2: {}
services:
s1:
image: nginx:alpine
networks:
- n1
s2:
image: nginx:alpine
networks:
- n2
s3:
image: nginx:alpine
networks:
- n1
- n2
entryPoints:
http:
address: ":80"
https:
address: ":443"
api:
dashboard: true
providers:
file:
filename: /etc/traefik/dynamic.yaml
watch: true
docker:
defaultRule: HostRegexp(`{{ normalize .Name }}.{_:.+}`)
exposedByDefault: false
swarmMode: false
certificatesResolvers:
mydnschallenge:
acme:
email: lwzm@qq.com
dnsChallenge:
provider: dnspod
ping:
manualRouting: true
http:
middlewares:
redirect-https:
redirectScheme:
scheme: https
gz:
compress: {}
routers:
api:
#rule: Host(`traefik.fufu.fun`)
rule: HostRegexp(`traefik.{_:.+}`)
service: api@internal
tls:
certResolver: mydnschallenge
domains:
- main: "fufu.fun"
sans:
- "*.fufu.fun"
- "*.0.fufu.fun"
- "git.tyio.net"
middlewares:
- gz
https-force:
#rule: HostRegexp(`{_:.+}`)
rule: PathPrefix(`/`)
entryPoints:
- http
service: ping@internal
middlewares:
- redirect-https