我需要将 Traefik 用于反向代理,用于 docker。我的用户案例需要从不同的 docker-compose.yml 文件启动容器。理想情况下,我想为 Traefik 本身使用 docker-compose.yml 文件,为我的其他网站使用不同的 docker-compose.yml 文件。我们的网站相互关联,但来自不同的开发流(和不同的存储库)。 这是为了让开发人员能够将站点下拉到本地,启动每个站点,开发代码,然后推送到相关的存储库。 我正在寻找有关如何正确使用标签来执行此操作的示例(如果这是正确的方法)。 谢谢。
【问题讨论】:
使用 Traefik 及其标签进行动态部署可能是您可以做出的最佳选择。这将使路由非常容易使用。我们在 docker swarm 中使用它,但这只是一些额外的步骤,因此您可以重用我们的配置。
您必须为所有容器和 Traefik 共享 1 个公共网络,以便它可以解析标签。
对于服务端的标签,我使用:
labels:
# Traefik
- "traefik.enable=true"
- "traefik.docker.network=traefik-proxy" #that common network i was talking about
# Routers
- "traefik.http.routers.service-name.rule=Host(`$SWARM_HOST`) && PathPrefix(`/service-path`)"
- "traefik.http.routers.service-name.service=service-name"
- "traefik.http.routers.service-name.entrypoints=http" #configuration inside traefik stack
- "traefik.http.routers.service-name.middlewares=strip-path-prefix" # we use this to strip the /service-path/... part off the request so all requests hit / inside our containers (no need to worry about that on the API side)
# Services
- "traefik.http.services.service-name.loadbalancer.server.port=${LISTEN_PORT}"
对于实际的 Traefik 服务,我将附加整个组合配置,你可以只剪掉你需要的部分并跳过 swarm 特定的东西:
version: '3.9'
services:
traefik:
# Use the latest v2.2.x Traefik image available
image: traefik:v2.5.4
healthcheck:
test: ["CMD", "traefik", "healthcheck", "--ping"]
interval: 10s
timeout: 5s
retries: 3
start_period: 15s
deploy:
mode: global
update_config:
order: start-first
failure_action: rollback
parallelism: 1
delay: 15s
monitor: 30s
restart_policy:
condition: any
delay: 10s
max_attempts: 3
labels:
# Enable Traefik for this service, to make it available in the public network
- "traefik.enable=true"
# Use the traefik-public network (declared below)
- "traefik.docker.network=traefik-proxy"
# Uses the environment variable DOMAIN
- "traefik.http.routers.dashboard.rule=Host(`swarm-traefik.company.org`)"
- "traefik.http.routers.dashboard.entrypoints=http"
# Use the special Traefik service api@internal with the web UI/Dashboard
- "traefik.http.routers.dashboard.service=api@internal"
# Enable HTTP Basic auth, using the middleware created above
- "traefik.http.routers.dashboard.middlewares=admin-auth"
# Define the port inside of the Docker service to use
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
# Middlewares
- "traefik.http.middlewares.strip-path-prefix.replacepathregex.regex=^/[a-z,0-9,-]+/(.*)"
- "traefik.http.middlewares.strip-path-prefix.replacepathregex.replacement=/$$1"
# admin-auth middleware with HTTP Basic auth
- "traefik.http.middlewares.admin-auth.basicauth.users=TODO_GENERATE_USER_BASIC_AUTH"
placement:
constraints:
- "node.role==manager"
volumes:
# Add Docker as a mounted volume, so that Traefik can read the labels of other services
- /var/run/docker.sock:/var/run/docker.sock:ro
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Adds default network
- --providers.docker.network=traefik-proxy
# Create an entrypoint "http" listening on port 80
- --entrypoints.http.address=:80
# Enable the Traefik log, for configurations and errors
- --log
#- --log.level=INFO
# Enable the Dashboard and API
- --api
# Enable Access log - in our case we dont need it because we have Nginx infront which has top level access logs
# - --accesslog
# Enable /ping healthcheck route
- --ping=true
# Enable zipkin tracing & configuration
#- --tracing.zipkin=true
#- --tracing.zipkin.httpEndpoint=https://misc-zipkin.company.org/api/v2/spans
networks:
# Use the public network created to be shared between Traefik and
# any other service that needs to be publicly available with HTTPS
- traefik-proxy
networks:
traefik-proxy:
external: true
【讨论】: