一、概念
traefik 是一个开源的反向代理服务器,用go语言编写,原生支持Docker、Kubernets、File等,协议支持http、https、tcp、grpc等
下面是我使用traefik在docker中的一些实践,traefik 2.1 && docker 18.06.3-ce
二、部署
1、简单例子
version: '3' services: traefik: image: traefik:v2.1 container_name: traefik # 启用Web UI并监听docker command: --api.insecure=true --providers.docker ports: # HTTP 端口 - "80:80" # Web UI 端口 - "8080:8080" volumes: # 这样Traefik可以监听Docker事件 - /var/run/docker.sock:/var/run/docker.sock whoami: # 公开API以显示其IP地址的容器 image: containous/whoami container_name: whoami
# traefik 通过labels 来生成配置文件,这里的“whoami”可以是自定义名称,“whoami.fanxp.com” 是你域名 labels: - "traefik.http.routers.whoami.rule=Host(`whoami.fanxp.com`)"
执行:docker-compose -f ./traefik-compose.yml up -d
如果是局域网测试 需要修改host
192.168.1.221 whoami.fanxp.com
访问:http://whoami.fanxp.com:8080/
访问:http://whoami.fanxp.com/
这个简单的例子就完成了。
进入traefike web ui 中的http 可以看到请求过程
Entrypoints -> 入口
HTTP Router -> 路由规则
Service -> 可以理解为部署在docker中的容器、这里也可以是在配置文件中自定义的service
TLS -> https
Middlewares - > 中间件(1.x中的很多功能都移到了这里面)
2、toml手动配置、https、自定义Router,Service
traefik.toml
# 全局配置 [global] checkNewVersion = false sendAnonymousUsage = false # 入口 [entryPoints] # http [entryPoints.web] address = ":80" # https "websecure"这个名字是自己定义的 [entryPoints.websecure] address = ":443" # traefik web ui [entryPoints.traefik] address = ":8080" # 免费Let's Encrypt 证书(注意:必须域名解析到的主机中才有效,traefik会把秘钥写入acme.json中) [certificatesResolvers.bxtlschallenge.acme] # 自己的邮箱地址 email = "604694379@qq.com" # 秘钥写入地址,根据自己文件映射来配置 storage = "/letsencrypt/acme.json" [certificatesResolvers.bxtlschallenge.acme.httpChallenge] entryPoint = "web" # 自定义Router、Services(貌似必须定义在外部文件里面,坑了好久) [providers.file] directory = "/etc/traefik/conf" # traefik 需要开启的功能 [api] insecure = true dashboard = true [ping] [providers.docker] endpoint = "unix:///var/run/docker.sock" exposedByDefault = true # 传输配置 [serversTransport] # 如果后端需要代理https自定义证书,可以使用这种方式就可以跳过验证,不然会报x509证书错误 insecureSkipVerify = true
file.toml
[http] # 自定义 routers [http.routers] # http 方式 [http.routers.routers-cnblogs] entryPoints = ["web"] rule = "Host(`cnblogs.fanxp.com`)" service = "cnblogs" # https 方式 [http.routers.routers-cnblogs1] entryPoints = ["websecure"] rule = "Host(`cnblogs.fanxp.com`)" service = "cnblogs" [http.routers.routers-cnblogs1.tls] certResolver = "bxtlschallenge" # 自定义 services [http.services] [http.services.cnblogs] # 可以设置多个url traefik 根据算法做负载均衡 [http.services.cnblogs.loadBalancer] [[http.services.cnblogs.loadBalancer.servers]] url = "https://www.cnblogs.com/fanxp/" [[http.services.cnblogs.loadBalancer.servers]] url = "https://github.com/fanxiaoping/grpc-test"
traefik-compose.yml
version: '3' services: traefik: image: traefik:v2.1 container_name: traefik ports: # HTTP 端口 - "80:80" # HTTPS 端口 - "443:443" # Web UI 端口 - "8080:8080" volumes: # 这样Traefik可以监听Docker事件 - /var/run/docker.sock:/var/run/docker.sock:ro # 启动配置文件 - ./traefik.toml:/etc/traefik/traefik.toml # 自定义routers、services - ./conf:/etc/traefik/conf # 存储证书秘钥 - ./letsencrypt:/letsencrypt whoami: # 公开API以显示其IP地址的容器 image: containous/whoami container_name: whoami labels: # 地址:whoami.fanxp.com - "traefik.http.routers.whoami.rule=Host(`whoami.fanxp.com`)" # 入口方式,这里采用https - "traefik.http.routers.whoami.entrypoints=websecure" # 指定证书 - "traefik.http.routers.whoami.tls.certresolver=bxtlschallenge" whoami2: # 公开API以显示其IP地址的容器 image: containous/whoami container_name: whoami2 labels: # 地址:whoami.fanxp.com/v2 - "traefik.http.routers.whoami2.rule=Host(`whoami.fanxp.com`) && PathPrefix(`/v2`)" # 默认代理使用http://172.0.0.4 配置方式用https://172.0.0.4 # - "traefik.http.services.bx_resource_library.loadbalancer.server.scheme=https" # 定义中间件 规则 - "traefik.http.routers.whoami2.middlewares=whoami2-stripprefix" # 代理:172.0.0.4/v2访问,这肯定不是我们想要的 写上规则后 代理:172.0.0.4 - "traefik.http.middlewares.whoami2-stripprefix.stripprefix.prefixes=/v2" # 如果容器有多个端口 可以指定当前service暴露哪一个端口,默认第一个 - "traefik.http.services.whoami2.loadbalancer.server.port=80" # 入口方式,这里采用https - "traefik.http.routers.whoami2.entrypoints=websecure" # 指定证书 - "traefik.http.routers.whoami2.tls.certresolver=bxtlschallenge"
执行以后访问:
https://whoami.fanxp.com
https://whoami.fanxp.com/v2
http://cnblogs.fanxp.com
https://cnblogs.fanxp.com