Traefik 2.0 tcp 路由试用
对于tcp 的路由是基于sni (需要tls)但是可以通过统配(*) 解决不试用tls的,当然也可以让Traefik 自动生成tls 证书
以下是测试http 以及mysql 的tcp 路由配置(demo 很简单,就是一个proxy)
环境准备
- docker-compose文件
version: '3'
services:
database:
image: mysql:5.7.16
labels:
- "traefik.tcp.routers.mysql.rule=HostSNI(`*`)"
- "traefik.tcp.routers.mysql.entrypoints=mysql-default"
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_ROOT_PASSWORD: dalongrong
MYSQL_DATABASE: gogs
MYSQL_USER: gogs
MYSQL_PASSWORD: dalongrong
TZ: Asia/Shanghai
database2:
image: mysql:5.7.16
labels:
- "traefik.tcp.routers.mysql2.rule=HostSNI(`*`)"
- "traefik.tcp.routers.mysql2.entrypoints=mysql-default2"
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
environment:
MYSQL_ROOT_PASSWORD: dalongrong
MYSQL_DATABASE: app
MYSQL_USER: app
MYSQL_PASSWORD: dalongrong
TZ: Asia/Shanghai
nginx:
image: nginx
labels:
- "traefik.http.routers.nginx.rule=Host(`dalong.web.localhost`)"
- "traefik.http.routers.nginx.entrypoints=web"
reverse-proxy:
image: traefik:v2.0
build: ./
entrypoint: traefik --configfile /traefik.toml
ports:
- "80:80"
- "8090:8080"
- "3306:3306"
- "3307:3307"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik 配置
[global]
checkNewVersion = false
sendAnonymousUsage = false
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.mysql-default]
address = ":3306"
[entryPoints.mysql-default2]
address = ":3307"
[entryPoints.web-nginx]
address = ":443"
[entryPoints.traefik]
address = ":8080"
[log]
level = "DEBUG"
[api]
insecure = true
dashboard = true
[ping]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = true
[metrics]
[metrics.prometheus]
- dockerfile
FROM traefik:v2.0
COPY traefik.toml /traefik.toml
- 说明
tcp 路由配置需要sni,对于没有tls 证书的我们可以使用* 配置,比如mysql的
labels:
- "traefik.tcp.routers.mysql2.rule=HostSNI(`*`)"
- "traefik.tcp.routers.mysql2.entrypoints=mysql-default2"
启动 &&测试
- 启动
docker-compose build
docker-compose up -d
- 效果
整体界面
http 路由
tcp 路由
- http 测试
配置hosts 文件
访问效果
- tcp 路由测试
直接使用端口+ ip 方式
database1
mysql -uroot -pdalongrong -h127.0.0.1
效果:
database2
mysql -uroot -P3307 -pdalongrong -h127.0.0.1
- prometheus metrics
说明
以上是一个简单的测试,主要是 需要sni 支持,但是sni 需要tls,实际我们的连接也需要少有改动,可能四层用haproxy 会更方便点,对于简单,同时数量不多的
四层处理还是挺不错的
参考资料
https://docs.traefik.io/routing/routers/#configuring-tcp-routers
https://blog.containo.us/back-to-traefik-2-0-2f9aa17be305