traefik 2.1 for docker

  用traefik 做一个本机docker环境的代理,对于开发人员用起来还是挺方便的, 搞一个泛解析的域名,然后部署一个容器,就能马上用二级域名访问,至少不用烦心端口的相互占用。

  traefik 是用来做反向代理和负载均衡的,在原生云环境中能动态的根据后端的变化而动态配置,适合微服和kubernetes这种service 频繁变化的应用环境,traefik 可以在docker,kubernetes ,或者独立运行。traefik的后台配置支持非常多比如docker,k8s,etcd,zookeeper。 traefik 2比1版本的主要区别之一,是增加了Middlewares这样一个中间层,这样意味着代理的流量还可以在traefik里面周游一圈洗个澡了再出来,效率怎么样还不好说,至少又多了一层控制手段。想着用就用个新版的,没事用一用可以为将来做准备。

  这里主要用traefik 2.1 以docker为配置后端实际操作一下,为开发人员开一个方便之门。假设你已经安装好docker,和docker-compose,为了区别具体环境,输出一下我的本地环境。

[root@one ~]# rpm -qa |grep docker
docker-ce-cli-19.03.4-3.el7.x86_64
docker-ce-19.03.4-3.el7.x86_64
[root@one ~]# docker-compose version
docker-compose version 1.25.0, build 0a186604
docker-py version: 4.1.0
CPython version: 3.7.4
OpenSSL version: OpenSSL 1.1.0l  10 Sep 2019

一个traefik,mysql,phpmyadmin 的样例

编写docker-compose.yml

version: '3'

volumes:
  mysql_data:
      driver: local
services:
  mysql:
      image: mysql:5.7.26
      container_name: mysql
      volumes:
        - mysql_data:/var/lib/mysql
      environment:
        MYSQL_ROOT_PASSWORD: root
        MYSQL_DATABASE: keycloak
        MYSQL_USER: keycloak
        MYSQL_PASSWORD: password
      ports:
        - 3306:3306
      networks:
        default:
          aliases:
          - mysql
  phpmyadmin:
      image: phpmyadmin/phpmyadmin:edge-4.9
      labels:
        - "traefik.http.routers.phpmyadmin.rule=Host(`pma.xilin.com`)"
        - "traefik.http.services.phpmyadmin.loadbalancer.server.port=80"
        - "traefik.enable=true"
      container_name: phpmyadmin
      environment:
        PMA_HOST: mysql
        PMA_PORT: 3306
        PMA_USER: root
        PMA_PASSWORD: root
      networks:
        default:
          aliases:
          - phpmyadmin
      depends_on:
        - mysql
  traefik:
      image: traefik:2.1
      container_name: traefik
      volumes:
        - /etc/traefik/traefik.toml:/etc/traefik/traefik.toml
        - /var/run/docker.sock:/var/run/docker.sock
      networks:
        default:
          aliases:
          - traefik
      ports:
        - 80:80
        - 443:443
        - 8080:8080

traefik.toml配置

################################################################
# Global configuration
################################################################
[global]
  checkNewVersion = true
  sendAnonymousUsage = true

################################################################
# Entrypoints configuration
################################################################

# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"

################################################################
# Traefik logs configuration
################################################################

# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
[log]

  # Log level
  #
  # Optional
  # Default: "ERROR"
  #
  # level = "DEBUG"

  # Sets the filepath for the traefik log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  # filePath = "log/traefik.log"

  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  # format = "json"

################################################################
# Access logs configuration
################################################################

# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]

  # Sets the file path for the access log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  # filePath = "/path/to/log/log.txt"

  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  # format = "json"

################################################################
# API and dashboard configuration
################################################################

# Enable API and dashboard
[api]

  # Enable the API in insecure mode
  #
  # Optional
  # Default: true
  #
  insecure = true

  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  dashboard = true

################################################################
# Ping configuration
################################################################

# Enable ping
[ping]

  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
  # entryPoint = "traefik"

################################################################
# Docker configuration backend
################################################################

# Enable Docker configuration backend
[providers.docker]

  # Docker server endpoint. Can be a tcp or a unix socket endpoint.
  #
  # Required
  # Default: "unix:///var/run/docker.sock"
  #
  # endpoint = "tcp://10.10.10.10:2375"
  # domain = "xilin.com"
  # Default host rule.
  #
  # Optional
  # Default: "Host(`{{ normalize .Name }}`)"
  #
  #defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
  defaultRule = "Host(`{{ .Name }}.xilin.com`)"

  # Expose containers by default in traefik
  #
  # Optional
  # Default: true
  #
  exposedByDefault = false

敲黑板,注:

  • traefik有默认的defaultRule = "Host({{ normalize .Name }}.docker.localhost)"
    他产生的域名应该是 serviceName - userName.docker.loalhost。
  • 但你更依靠docker-compose.yml中的labels让traefik为你工作, 注意labels 的书写方式,网上有很多文章不一样,应该是版本的差异,注意自己的使用环境。
    labels:
    - "traefik.http.routers.phpmyadmin.rule=Host(pma.xilin.com)"
    "traefik.http.services.rabbitmq.loadbalancer.server.port" 指定被代理的端口
    traefik2 的界面比1的漂亮多了
    1.png
2.png
3.png

至于 traefik 的中间层下次吧。

附录:

labels:
  - "traefik.enable=true"
  - "traefik.docker.network=foobar"
  - "traefik.docker.lbswarm=true"
  - "traefik.http.middlewares.middleware00.addprefix.prefix=foobar"
  - "traefik.http.middlewares.middleware01.basicauth.headerfield=foobar"
  - "traefik.http.middlewares.middleware01.basicauth.realm=foobar"
  - "traefik.http.middlewares.middleware01.basicauth.removeheader=true"
  - "traefik.http.middlewares.middleware01.basicauth.users=foobar, foobar"
  - "traefik.http.middlewares.middleware01.basicauth.usersfile=foobar"
  - "traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes=42"
  - "traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes=42"
  - "traefik.http.middlewares.middleware02.buffering.memrequestbodybytes=42"
  - "traefik.http.middlewares.middleware02.buffering.memresponsebodybytes=42"
  - "traefik.http.middlewares.middleware02.buffering.retryexpression=foobar"
  - "traefik.http.middlewares.middleware03.chain.middlewares=foobar, foobar"
  - "traefik.http.middlewares.middleware04.circuitbreaker.expression=foobar"
  - "traefik.http.middlewares.middleware05.compress=true"
  - "traefik.http.middlewares.middleware06.digestauth.headerfield=foobar"
  - "traefik.http.middlewares.middleware06.digestauth.realm=foobar"
  - "traefik.http.middlewares.middleware06.digestauth.removeheader=true"
  - "traefik.http.middlewares.middleware06.digestauth.users=foobar, foobar"
  - "traefik.http.middlewares.middleware06.digestauth.usersfile=foobar"
  - "traefik.http.middlewares.middleware07.errors.query=foobar"
  - "traefik.http.middlewares.middleware07.errors.service=foobar"
  - "traefik.http.middlewares.middleware07.errors.status=foobar, foobar"
  - "traefik.http.middlewares.middleware08.forwardauth.address=foobar"
  - "traefik.http.middlewares.middleware08.forwardauth.authresponseheaders=foobar, foobar"
  - "traefik.http.middlewares.middleware08.forwardauth.tls.ca=foobar"
  - "traefik.http.middlewares.middleware08.forwardauth.tls.caoptional=true"
  - "traefik.http.middlewares.middleware08.forwardauth.tls.cert=foobar"
  - "traefik.http.middlewares.middleware08.forwardauth.tls.insecureskipverify=true"
  - "traefik.http.middlewares.middleware08.forwardauth.tls.key=foobar"
  - "traefik.http.middlewares.middleware08.forwardauth.trustforwardheader=true"
  - "traefik.http.middlewares.middleware09.headers.accesscontrolallowcredentials=true"
  - "traefik.http.middlewares.middleware09.headers.accesscontrolallowheaders=foobar, foobar"
  - "traefik.http.middlewares.middleware09.headers.accesscontrolallowmethods=foobar, foobar"
  - "traefik.http.middlewares.middleware09.headers.accesscontrolalloworigin=foobar"
  - "traefik.http.middlewares.middleware09.headers.accesscontrolexposeheaders=foobar, foobar"
  - "traefik.http.middlewares.middleware09.headers.accesscontrolmaxage=42"
  - "traefik.http.middlewares.middleware09.headers.addvaryheader=true"
  - "traefik.http.middlewares.middleware09.headers.allowedhosts=foobar, foobar"
  - "traefik.http.middlewares.middleware09.headers.browserxssfilter=true"
  - "traefik.http.middlewares.middleware09.headers.contentsecuritypolicy=foobar"
  - "traefik.http.middlewares.middleware09.headers.contenttypenosniff=true"
  - "traefik.http.middlewares.middleware09.headers.custombrowserxssvalue=foobar"
  - "traefik.http.middlewares.middleware09.headers.customframeoptionsvalue=foobar"
  - "traefik.http.middlewares.middleware09.headers.customrequestheaders.name0=foobar"
  - "traefik.http.middlewares.middleware09.headers.customrequestheaders.name1=foobar"
  - "traefik.http.middlewares.middleware09.headers.customresponseheaders.name0=foobar"
  - "traefik.http.middlewares.middleware09.headers.customresponseheaders.name1=foobar"
  - "traefik.http.middlewares.middleware09.headers.featurepolicy=foobar"
  - "traefik.http.middlewares.middleware09.headers.forcestsheader=true"
  - "traefik.http.middlewares.middleware09.headers.framedeny=true"
  - "traefik.http.middlewares.middleware09.headers.hostsproxyheaders=foobar, foobar"
  - "traefik.http.middlewares.middleware09.headers.isdevelopment=true"
  - "traefik.http.middlewares.middleware09.headers.publickey=foobar"
  - "traefik.http.middlewares.middleware09.headers.referrerpolicy=foobar"
  - "traefik.http.middlewares.middleware09.headers.sslforcehost=true"
  - "traefik.http.middlewares.middleware09.headers.sslhost=foobar"
  - "traefik.http.middlewares.middleware09.headers.sslproxyheaders.name0=foobar"
  - "traefik.http.middlewares.middleware09.headers.sslproxyheaders.name1=foobar"
  - "traefik.http.middlewares.middleware09.headers.sslredirect=true"
  - "traefik.http.middlewares.middleware09.headers.ssltemporaryredirect=true"
  - "traefik.http.middlewares.middleware09.headers.stsincludesubdomains=true"
  - "traefik.http.middlewares.middleware09.headers.stspreload=true"
  - "traefik.http.middlewares.middleware09.headers.stsseconds=42"
  - "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth=42"
  - "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
  - "traefik.http.middlewares.middleware10.ipwhitelist.sourcerange=foobar, foobar"
  - "traefik.http.middlewares.middleware11.inflightreq.amount=42"
  - "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.depth=42"
  - "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
  - "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requestheadername=foobar"
  - "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.locality=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.organization=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.province=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.serialnumber=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.notafter=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.notbefore=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.sans=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.commonname=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.country=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.domaincomponent=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.locality=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.organization=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.province=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.serialnumber=true"
  - "traefik.http.middlewares.middleware12.passtlsclientcert.pem=true"
  - "traefik.http.middlewares.middleware13.ratelimit.average=42"
  - "traefik.http.middlewares.middleware13.ratelimit.burst=42"
  - "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.depth=42"
  - "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
  - "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requestheadername=foobar"
  - "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requesthost=true"
  - "traefik.http.middlewares.middleware14.redirectregex.permanent=true"
  - "traefik.http.middlewares.middleware14.redirectregex.regex=foobar"
  - "traefik.http.middlewares.middleware14.redirectregex.replacement=foobar"
  - "traefik.http.middlewares.middleware15.redirectscheme.permanent=true"
  - "traefik.http.middlewares.middleware15.redirectscheme.port=foobar"
  - "traefik.http.middlewares.middleware15.redirectscheme.scheme=foobar"
  - "traefik.http.middlewares.middleware16.replacepath.path=foobar"
  - "traefik.http.middlewares.middleware17.replacepathregex.regex=foobar"
  - "traefik.http.middlewares.middleware17.replacepathregex.replacement=foobar"
  - "traefik.http.middlewares.middleware18.retry.attempts=42"
  - "traefik.http.middlewares.middleware19.stripprefix.forceslash=true"
  - "traefik.http.middlewares.middleware19.stripprefix.prefixes=foobar, foobar"
  - "traefik.http.middlewares.middleware20.stripprefixregex.regex=foobar, foobar"
  - "traefik.http.routers.router0.entrypoints=foobar, foobar"
  - "traefik.http.routers.router0.middlewares=foobar, foobar"
  - "traefik.http.routers.router0.priority=42"
  - "traefik.http.routers.router0.rule=foobar"
  - "traefik.http.routers.router0.service=foobar"
  - "traefik.http.routers.router0.tls=true"
  - "traefik.http.routers.router0.tls.certresolver=foobar"
  - "traefik.http.routers.router0.tls.domains[0].main=foobar"
  - "traefik.http.routers.router0.tls.domains[0].sans=foobar, foobar"
  - "traefik.http.routers.router0.tls.domains[1].main=foobar"
  - "traefik.http.routers.router0.tls.domains[1].sans=foobar, foobar"
  - "traefik.http.routers.router0.tls.options=foobar"
  - "traefik.http.routers.router1.entrypoints=foobar, foobar"
  - "traefik.http.routers.router1.middlewares=foobar, foobar"
  - "traefik.http.routers.router1.priority=42"
  - "traefik.http.routers.router1.rule=foobar"
  - "traefik.http.routers.router1.service=foobar"
  - "traefik.http.routers.router1.tls=true"
  - "traefik.http.routers.router1.tls.certresolver=foobar"
  - "traefik.http.routers.router1.tls.domains[0].main=foobar"
  - "traefik.http.routers.router1.tls.domains[0].sans=foobar, foobar"
  - "traefik.http.routers.router1.tls.domains[1].main=foobar"
  - "traefik.http.routers.router1.tls.domains[1].sans=foobar, foobar"
  - "traefik.http.routers.router1.tls.options=foobar"
  - "traefik.http.services.service01.loadbalancer.healthcheck.headers.name0=foobar"
  - "traefik.http.services.service01.loadbalancer.healthcheck.headers.name1=foobar"
  - "traefik.http.services.service01.loadbalancer.healthcheck.hostname=foobar"
  - "traefik.http.services.service01.loadbalancer.healthcheck.interval=foobar"
  - "traefik.http.services.service01.loadbalancer.healthcheck.path=foobar"
  - "traefik.http.services.service01.loadbalancer.healthcheck.port=42"
  - "traefik.http.services.service01.loadbalancer.healthcheck.scheme=foobar"
  - "traefik.http.services.service01.loadbalancer.healthcheck.timeout=foobar"
  - "traefik.http.services.service01.loadbalancer.passhostheader=true"
  - "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar"
  - "traefik.http.services.service01.loadbalancer.sticky=true"
  - "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly=true"
  - "traefik.http.services.service01.loadbalancer.sticky.cookie.name=foobar"
  - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
  - "traefik.http.services.service01.loadbalancer.server.port=foobar"
  - "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
  - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
  - "traefik.tcp.routers.tcprouter0.rule=foobar"
  - "traefik.tcp.routers.tcprouter0.service=foobar"
  - "traefik.tcp.routers.tcprouter0.tls=true"
  - "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
  - "traefik.tcp.routers.tcprouter0.tls.domains[0].main=foobar"
  - "traefik.tcp.routers.tcprouter0.tls.domains[0].sans=foobar, foobar"
  - "traefik.tcp.routers.tcprouter0.tls.domains[1].main=foobar"
  - "traefik.tcp.routers.tcprouter0.tls.domains[1].sans=foobar, foobar"
  - "traefik.tcp.routers.tcprouter0.tls.options=foobar"
  - "traefik.tcp.routers.tcprouter0.tls.passthrough=true"
  - "traefik.tcp.routers.tcprouter1.entrypoints=foobar, foobar"
  - "traefik.tcp.routers.tcprouter1.rule=foobar"
  - "traefik.tcp.routers.tcprouter1.service=foobar"
  - "traefik.tcp.routers.tcprouter1.tls=true"
  - "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
  - "traefik.tcp.routers.tcprouter1.tls.domains[0].main=foobar"
  - "traefik.tcp.routers.tcprouter1.tls.domains[0].sans=foobar, foobar"
  - "traefik.tcp.routers.tcprouter1.tls.domains[1].main=foobar"
  - "traefik.tcp.routers.tcprouter1.tls.domains[1].sans=foobar, foobar"
  - "traefik.tcp.routers.tcprouter1.tls.options=foobar"
  - "traefik.tcp.routers.tcprouter1.tls.passthrough=true"
  - "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
  - "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"

你可能感兴趣的:(traefik 2.1 for docker)