【转载】docker swarm集群中部署traefik和其他服务

以下配置来自:https://blog.csdn.net/wave_sheep/article/details/104186192
感谢作者!

traefik.yaml

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.8
    command:
      # 启用dashboard
      - "--api.dashboard=true"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=traefik-public"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.le.acme.httpchallenge=true"
      - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencryptresolver.acme.email=填一个你自己的邮箱"
      - "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - 80:80
      - 443:443
    volumes:
      - traefik-certificates:/letsencrypt
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - traefik-public
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.http2https.rule=HostRegexp(`{any:.+}`)"
        - "traefik.http.routers.http2https.entrypoints=web"
        - "traefik.http.routers.http2https.middlewares=https-redirect"
        - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
        # dashboard配置
        - "traefik.http.routers.api.rule=Host(`traefik.xxxx.cn`)"
        - "traefik.http.routers.api.entrypoints=websecure"
        - "traefik.http.routers.api.tls.certresolver=le"
        # 获取dashboard提供器
        # PS: @后面变量表示routers为api的路径的提供者, 像之前的hello-world实际上省略了@docker
        - "traefik.http.routers.api.service=api@internal"
        # 基本验证中间件
        - "traefik.http.routers.api.middlewares=api-auth"
        # 配置用户名密码
        # 这里默认是用户名密码都是admin
        # 可以用htpasswd(https://httpd.apache.org/docs/2.4/programs/htpasswd.html)生成用户名密码
        - "traefik.http.middlewares.api-auth.basicauth.users=admin:$$apr1$$8EVjn/nj$$GiLUZqcbueTFeD23SuB6x0"
        # 最最关键的一步,创建一个noop虚服务的loadbalancer,port为api服务监听端口(这里相当于nginx中的upstream)
        - "traefik.http.services.noop.loadbalancer.server.port=9999"

networks:
  traefik-public:
    external: true
volumes:
  traefik-certificates:

部署: docker stack deploy --compose-file traefik.yaml test

yewu-api.yaml

version: "3"
services:
  api:
    image: imageUrl/test/api:2023xxxx
    networks:
      - traefik-public
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.enable=true"
        #- "traefik.http.routers.yewu-api.rule=HostRegexp(`xxxxtt.yyy.io`)"
        - "traefik.http.routers.yewu-api.rule=Host(`xxxxtt.yyy.io`)"
        - "traefik.http.routers.yewu-api.tls=true"
        - "traefik.http.routers.yewu-api.entrypoints=websecure"
        - "traefik.http.services.yewu-api.loadbalancer.server.port=9001" # 9001就是api服务监听的业务端口
networks:
  traefik-public:
    external: true

部署: docker stack deploy --compose-file yewu-api.yaml test

只匹配yewu-api服务/api开头的请求

version: "3"
services:
  api:
    image: imageUrl/test/api:2023xxxx
    networks:
      - my_proxy
    volumes:
      - "/data-xfs/touch/test_env/api/cert:/opt/cert"
      - "/data-xfs/touch/test_env/logs/api:/opt/data/logs"
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.yewu-api.rule=Host(`xxxxtt.yyy.io`) && PathPrefix(`/api`)"
        - "traefik.http.routers.yewu-api.tls=true"
        - "traefik.http.routers.yewu-api.entrypoints=websecure"
        - "traefik.http.services.yewu-api.loadbalancer.server.port=9001"
networks:
  my_proxy:
    external: true
posted @ 2023-02-20 20:05  没脚的丛林鸟  阅读(181)  评论(0编辑  收藏  举报