介绍Treafik
Traefik 是一个开源的 边缘路由器,它可以让你的服务发布成为一种有趣而轻松的体验。它代表您的系统接收请求,并找出哪些组件负责处理它们。
Traefik 的不同之处在于,除了它的众多功能外,它还可以自动为您的服务发现正确的配置。当 Traefik 检查您的基础设施时,它会在其中找到相关信息并发现哪个服务服务于哪个请求。
Traefik 原生兼容所有主要的集群技术,例如 Kubernetes、Docker、Docker Swarm、AWS、Mesos、Marathon等等并且可以同时处理多个。
使用 Traefik,无需维护和同步单独的配置文件:一切都自动实时发生(无需重启)。使用 Traefik,您可以花时间为系统开发和部署新功能,而不是配置和维护其工作状态。
详情访问:官方文档
Treafik配置
列一下我的配置,方便以后使用
docker-compose
文件路径~/docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| version: '3.7'
services:
traefik:
image: traefik:v2.4
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/configurations:/configurations
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.tangyongyong.cn`)"
- "traefik.http.routers.traefik-secure.middlewares=user-auth@file"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
|
静态文件配置
文件路径~/data/traefik.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
| api:
dashboard: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
websecure:
address: :443
http:
middlewares:
- secureHeaders@file
- nofloc@file
tls:
certResolver: letsencrypt
pilot:
dashboard: false
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /configurations/dynamic.yml
certificatesResolvers:
letsencrypt:
acme:
email: 804872504@qq.com
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: web
buypass:
acme:
email: 804872504@qq.com
storage: acme.json
caServer: https://api.buypass.com/acme/directory
keyType: EC256
httpChallenge:
entryPoint: web
|
动态配置文件
文件路径~/data/configurations/dynamic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
http:
middlewares:
nofloc:
headers:
customResponseHeaders:
Permissions-Policy: "interest-cohort=()"
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
user-auth:
basicAuth:
users:
- "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
|
创建文件
1
2
| touch data/acme.json //在data文件夹创建acme文件来储存https证书
chmod 600 data/acme.json //修改权限600
|
