【转载】docker swarm集群中部署traefik和其他服务
以下配置来自:https://blog.csdn.net/wave_sheep/article/details/104186192
感谢作者!
traefik.yaml
version: '3'
services:
reverse-proxy:
image: traefik:v2.8
command:
# 启用dashboard
- "--api.dashboard=true"
- "--providers.docker.swarmMode=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik-public"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.le.acme.httpchallenge=true"
- "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.letsencryptresolver.acme.email=填一个你自己的邮箱"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
volumes:
- traefik-certificates:/letsencrypt
- /var/run/docker.sock:/var/run/docker.sock:ro
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.http2https.rule=HostRegexp(`{any:.+}`)"
- "traefik.http.routers.http2https.entrypoints=web"
- "traefik.http.routers.http2https.middlewares=https-redirect"
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
# dashboard配置
- "traefik.http.routers.api.rule=Host(`traefik.xxxx.cn`)"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.tls.certresolver=le"
# 获取dashboard提供器
# PS: @后面变量表示routers为api的路径的提供者, 像之前的hello-world实际上省略了@docker
- "traefik.http.routers.api.service=api@internal"
# 基本验证中间件
- "traefik.http.routers.api.middlewares=api-auth"
# 配置用户名密码
# 这里默认是用户名密码都是admin
# 可以用htpasswd(https://httpd.apache.org/docs/2.4/programs/htpasswd.html)生成用户名密码
- "traefik.http.middlewares.api-auth.basicauth.users=admin:$$apr1$$8EVjn/nj$$GiLUZqcbueTFeD23SuB6x0"
# 最最关键的一步,创建一个noop虚服务的loadbalancer,port为api服务监听端口(这里相当于nginx中的upstream)
- "traefik.http.services.noop.loadbalancer.server.port=9999"
networks:
traefik-public:
external: true
volumes:
traefik-certificates:
部署: docker stack deploy --compose-file traefik.yaml test
yewu-api.yaml
version: "3"
services:
api:
image: imageUrl/test/api:2023xxxx
networks:
- traefik-public
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
#- "traefik.http.routers.yewu-api.rule=HostRegexp(`xxxxtt.yyy.io`)"
- "traefik.http.routers.yewu-api.rule=Host(`xxxxtt.yyy.io`)"
- "traefik.http.routers.yewu-api.tls=true"
- "traefik.http.routers.yewu-api.entrypoints=websecure"
- "traefik.http.services.yewu-api.loadbalancer.server.port=9001" # 9001就是api服务监听的业务端口
networks:
traefik-public:
external: true
部署: docker stack deploy --compose-file yewu-api.yaml test
只匹配yewu-api服务/api开头的请求
version: "3"
services:
api:
image: imageUrl/test/api:2023xxxx
networks:
- my_proxy
volumes:
- "/data-xfs/touch/test_env/api/cert:/opt/cert"
- "/data-xfs/touch/test_env/logs/api:/opt/data/logs"
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.yewu-api.rule=Host(`xxxxtt.yyy.io`) && PathPrefix(`/api`)"
- "traefik.http.routers.yewu-api.tls=true"
- "traefik.http.routers.yewu-api.entrypoints=websecure"
- "traefik.http.services.yewu-api.loadbalancer.server.port=9001"
networks:
my_proxy:
external: true