traefik - 同一主机 V2 的多个端口绑定
traefik - multiple port bindings for the same host V2
我不知道如何让本地主机上的 http 和 https 都可以访问一个简单的服务。到目前为止,这是我的设置,我正在使用 traefik V2.xxx.
我希望能够使用两种 https/http 协议访问此站点(仅出于开发机器上的原因)。 https 工作正常但 http 不工作。我需要什么标签 add/remove/change?
http://whoami.localhost:8000/
https://whoami.localhost:8443/
docker-compose.yml
version: "3.7"
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
- traefik.http.routers.whoami.entrypoints=web,web-secure
- traefik.http.routers.whoami.tls=true
- traefik.protocol=http,https
reverse-proxy:
depends_on:
- whoami
image: traefik:v2.1.1
ports:
- 8000:80
- 8443:443
- 8001:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik:ro
traefik/traefik.toml
[log]
level = "DEBUG"
[accessLog]
filePath = "/logs/access.log"
bufferingSize = 20
[docker]
exposedbydefault = false
[api]
dashboard = true
insecure = true
[providers]
[providers.file]
filename = "/etc/traefik/traefik.toml"
watch = true
[providers.docker]
exposedbydefault = false
[[tls.certificates]]
certFile = "/etc/traefik/certs/localhost-cert.pem"
keyFile = "/etc/traefik/certs/localhost-key.pem"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
C:\Windows\System32\drivers\etc\hosts
127.0.0.1 whoami.localhost
终于成功了。 traefik 文档在某些主题上完全处于深奥区域,鉴于最近的主要 2.0 版本,目前还没有很多示例。
这是我的工作 docker-compose.yml 文件,其中应用程序现在使用同一主机“whomai.localhost”并在端口 8000 (http) 和 8443 ( https).
version: "3.7"
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami-http.rule=Host(`whoami.localhost`)
- traefik.http.routers.whoami-http.entrypoints=web
- traefik.http.routers.whoami-http.service=whoami-http-service
- traefik.http.services.whoami-http-service.loadbalancer.server.port=80
- traefik.http.routers.whoami-https.rule=Host(`whoami.localhost`)
- traefik.http.routers.whoami-https.entrypoints=web-secure
- traefik.http.routers.whoami-https.service=whoami-https-service
- traefik.http.services.whoami-https-service.loadbalancer.server.port=80
- traefik.http.routers.whoami-https.tls=true
reverse-proxy:
depends_on:
- whoami
image: traefik:v2.1.1
ports:
- 8000:80
- 8443:443
- 8001:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik:ro
trafik 2.x 中的路由器和服务可以使用 docker 标签使用您想要的任何命名约定动态创建。在此设置中,我只是将它们称为路由器 whoami-http 和 whoami-https,将服务称为 whoami-http-service 和 whoami-https-service。由于我正在动态创建自己的 routers/services 而不是使用默认值,因此必须明确告知每个服务的负载均衡器目标应用程序的服务器端口。由于 whoami 应用程序仅公开端口 80 本身并且 TLS 在 traefik 处终止,因此对于 http 和 https 服务,这被定义为端口 80。
对于此类自定义 router/service 设置,上面显示的所有标签都是必需的,不能省略。
我在 Windows 10 上使用 mkcert 作为有效的本地证书,以防你想知道。
mkcert -install
mkcert -key-file traefik\certs\localhost-key.pem -cert-file traefik\certs\localhost-cert.pem whoami.localhost localhost 127.0.0.1 ::1
实际上,您只需要 3 个标签,只要您将网络安全入口点默认为 tls。
docker-compose.yml
version: "3.7"
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
- traefik.http.services.whoami.loadbalancer.port=80
reverse-proxy:
image: traefik:v2.1.1
ports:
- 8000:80
- 8443:443
- 8001:8080
command: --entrypoints.web-secure.http.tls=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik:ro
我就是这样做的,从我的 Docker Compose 文件开始:
# docker-compose.yml
version: '3.7'
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.entryPoints=web
- traefik.http.routers.whoami.rule=Host(`localhost`)
- traefik.http.routers.whoami-secured.entryPoints=web-secure
- traefik.http.routers.whoami-secured.rule=Host(`localhost`)
- traefik.http.routers.whoami-secured.tls=true
proxy:
image: traefik:2.4
ports:
- '80:80'
- '443:443'
- '8080:8080'
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./docker/proxy/traefik.yml:/etc/traefik/traefik.yml
- ./docker/proxy/dynamic_config.yml:/etc/traefik/dynamic_config.yml
- ./docker/proxy/certs/server.crt:/etc/ssl/server.crt
- ./docker/proxy/certs/server.key:/etc/ssl/server.key
接下来是我的静态配置文件,我在其中定义入口点(以及其他内容):
# ./docker/proxy/traefik.yml
api:
insecure: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: web-secure
scheme: https
web-secure:
address: :443
log:
level: INFO
providers:
docker:
exposedByDefault: false
file:
filename: /etc/traefik/dynamic_config.yml
动态配置文件是我配置 SSL 证书的地方。 (它们是自签名证书。):
# ./docker/proxy/dynamic_config.yml
tls:
certificates:
- certFile: /etc/ssl/server.crt
keyFile: /etc/ssl/server.key
我曾经使用中间件来处理安全重定向——我也有这个文件——直到我偶然发现上面的配置将它设置为入口点的一部分。
我不知道如何让本地主机上的 http 和 https 都可以访问一个简单的服务。到目前为止,这是我的设置,我正在使用 traefik V2.xxx.
我希望能够使用两种 https/http 协议访问此站点(仅出于开发机器上的原因)。 https 工作正常但 http 不工作。我需要什么标签 add/remove/change?
http://whoami.localhost:8000/
https://whoami.localhost:8443/
docker-compose.yml
version: "3.7"
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
- traefik.http.routers.whoami.entrypoints=web,web-secure
- traefik.http.routers.whoami.tls=true
- traefik.protocol=http,https
reverse-proxy:
depends_on:
- whoami
image: traefik:v2.1.1
ports:
- 8000:80
- 8443:443
- 8001:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik:ro
traefik/traefik.toml
[log]
level = "DEBUG"
[accessLog]
filePath = "/logs/access.log"
bufferingSize = 20
[docker]
exposedbydefault = false
[api]
dashboard = true
insecure = true
[providers]
[providers.file]
filename = "/etc/traefik/traefik.toml"
watch = true
[providers.docker]
exposedbydefault = false
[[tls.certificates]]
certFile = "/etc/traefik/certs/localhost-cert.pem"
keyFile = "/etc/traefik/certs/localhost-key.pem"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
C:\Windows\System32\drivers\etc\hosts
127.0.0.1 whoami.localhost
终于成功了。 traefik 文档在某些主题上完全处于深奥区域,鉴于最近的主要 2.0 版本,目前还没有很多示例。
这是我的工作 docker-compose.yml 文件,其中应用程序现在使用同一主机“whomai.localhost”并在端口 8000 (http) 和 8443 ( https).
version: "3.7"
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami-http.rule=Host(`whoami.localhost`)
- traefik.http.routers.whoami-http.entrypoints=web
- traefik.http.routers.whoami-http.service=whoami-http-service
- traefik.http.services.whoami-http-service.loadbalancer.server.port=80
- traefik.http.routers.whoami-https.rule=Host(`whoami.localhost`)
- traefik.http.routers.whoami-https.entrypoints=web-secure
- traefik.http.routers.whoami-https.service=whoami-https-service
- traefik.http.services.whoami-https-service.loadbalancer.server.port=80
- traefik.http.routers.whoami-https.tls=true
reverse-proxy:
depends_on:
- whoami
image: traefik:v2.1.1
ports:
- 8000:80
- 8443:443
- 8001:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik:ro
trafik 2.x 中的路由器和服务可以使用 docker 标签使用您想要的任何命名约定动态创建。在此设置中,我只是将它们称为路由器 whoami-http 和 whoami-https,将服务称为 whoami-http-service 和 whoami-https-service。由于我正在动态创建自己的 routers/services 而不是使用默认值,因此必须明确告知每个服务的负载均衡器目标应用程序的服务器端口。由于 whoami 应用程序仅公开端口 80 本身并且 TLS 在 traefik 处终止,因此对于 http 和 https 服务,这被定义为端口 80。
对于此类自定义 router/service 设置,上面显示的所有标签都是必需的,不能省略。
我在 Windows 10 上使用 mkcert 作为有效的本地证书,以防你想知道。
mkcert -install
mkcert -key-file traefik\certs\localhost-key.pem -cert-file traefik\certs\localhost-cert.pem whoami.localhost localhost 127.0.0.1 ::1
实际上,您只需要 3 个标签,只要您将网络安全入口点默认为 tls。
docker-compose.yml
version: "3.7"
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
- traefik.http.services.whoami.loadbalancer.port=80
reverse-proxy:
image: traefik:v2.1.1
ports:
- 8000:80
- 8443:443
- 8001:8080
command: --entrypoints.web-secure.http.tls=true
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik:ro
我就是这样做的,从我的 Docker Compose 文件开始:
# docker-compose.yml
version: '3.7'
services:
whoami:
image: containous/whoami
labels:
- traefik.enable=true
- traefik.http.routers.whoami.entryPoints=web
- traefik.http.routers.whoami.rule=Host(`localhost`)
- traefik.http.routers.whoami-secured.entryPoints=web-secure
- traefik.http.routers.whoami-secured.rule=Host(`localhost`)
- traefik.http.routers.whoami-secured.tls=true
proxy:
image: traefik:2.4
ports:
- '80:80'
- '443:443'
- '8080:8080'
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./docker/proxy/traefik.yml:/etc/traefik/traefik.yml
- ./docker/proxy/dynamic_config.yml:/etc/traefik/dynamic_config.yml
- ./docker/proxy/certs/server.crt:/etc/ssl/server.crt
- ./docker/proxy/certs/server.key:/etc/ssl/server.key
接下来是我的静态配置文件,我在其中定义入口点(以及其他内容):
# ./docker/proxy/traefik.yml
api:
insecure: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: web-secure
scheme: https
web-secure:
address: :443
log:
level: INFO
providers:
docker:
exposedByDefault: false
file:
filename: /etc/traefik/dynamic_config.yml
动态配置文件是我配置 SSL 证书的地方。 (它们是自签名证书。):
# ./docker/proxy/dynamic_config.yml
tls:
certificates:
- certFile: /etc/ssl/server.crt
keyFile: /etc/ssl/server.key
我曾经使用中间件来处理安全重定向——我也有这个文件——直到我偶然发现上面的配置将它设置为入口点的一部分。