Traefik 体验笔记
traefik 与fabio 一样,也是一款现代流行的HTTP反向代理、负载均衡工具。功能要比fabio 更为丰富。
快速部署
- docker-compose.yml
version: '3'
services:
reverse-proxy:
image: traefik:1.7 # The official Traefik docker image
command: --api --docker --docker.domain=docker.localhost # Enables the web UI and tells Traefik to listen to docker
networks:
- web
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:status.demo.com
- traefik.port=8080
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
volumes:
- /var/run/docker.sock:/var/run/docker.sock
backend:
image: nginx:alpine
labels:
- "traefik.frontend.rule=Host:demo.com"
- "traefik.backend=backend01"
- "traefik.port=80"
- "traefik.enable=true"
- "traefik.docker.network=web"
networks:
- web
networks:
web:
external: true
- 启动Docker 实例
$ sudo docker-compose up
HTTPS 部署
- 创建网络依赖
docker network create traefik_proxy
- config/traefik/traefik.toml
#Traefik Global Configuration
debug = false
checkNewVersion = true
logLevel = "ERROR"
#Define the EntryPoint for HTTP and HTTPS
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/ddos.com.pem"
keyFile = "/certs/ddos.com.key"
[entryPoints.eightzero]
address = ":8081"
[api]
entrypoint = "eightzero"
#Enable retry sending a request if the network error
[retry]
#Define Docker Backend Configuration
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "docker.local"
watch = true
exposedbydefault = false
- docker-compose.yml
version: '2.3'
services:
reverse-proxy:
image: traefik:1.7
command: --api --docker --docker.domain=docker.localhost
networks:
- proxy
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:monitor.example.com"
- "traefik.port=8080"
- "traefik.frontend.auth.basic=admin:$$apr1$$IBj9Hfsd$$kf7vXLpY4/9XD365jcp/n1" # 带$符号的字符前面多加一个$
- "traefik.frontend.entryPoints=https"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./config/traefik/traefik.toml:/traefik.toml:rw
- ./config/traefik/certs:/certs:ro
restart: on-failure
backend:
image: nginx:alpine
labels:
- "traefik.frontend.rule=Host:example.com"
- "traefik.backend=backend"
- "traefik.port=80"
- "traefik.enable=true"
- "traefik.passHostHeader=true"
- "traefik.docker.network=traefik_proxy"
- "traefik.frontend.entryPoints=http"
- "traefik.backend.maxconn.amount=10"
- "traefik.backend.maxconn.extractorfunc=client.ip"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.frontend.headers.customResponseHeaders=Server:Traefik || X-Powered-By:vqiu.cn"
#- "traefik.frontend.headers.SSLHost=example.com"
networks:
- proxy
restart: on-failure
cadvisor:
image: google/cadvisor:latest
networks:
proxy:
aliases:
- cadvisor
labels:
- "traefik.port=8080"
- "traefik.frontend.rule=Host:cadvisor.example.com"
- "traefik.frontend.auth.basic=admin:$$apr1$$IBj9Hfsd$$kf7vXLpY4/9XD365jcp/n1"
- "traefik.backend=cadvisor"
- "traefik.frontend.entryPoints=https"
- "traefik.frontend.passHostHeader=true"
- "traefik.frontend.whiteList.sourceRange=119.147.144.xx/29"
- "traefik.frontend.whiteList.useXForwardedFor=true"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.frameDeny=true"
- "traefik.frontend.headers.customFrameOptionsValue=SAMEORIGIN"
- "traefik.frontend.headers.STSSeconds=31536000"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
volumes:
- /:/rootfs:ro
- /var/run:/var/run:rw
- /sys:/sys:ro
- /var/lib/docker/:/var/lib/docker:ro
- /dev/disk/:/dev/disk:ro
- /etc/localtime:/etc/localtime:ro
restart: on-failure
networks:
proxy:
external:
name: traefik_proxy