如何使用 letsencrypt 和多个服务配置 Traefik
How can I configure Traefik with letsencrypt and multiple services
我正在尝试了解 Traefik,但由于缺乏知识,我不确定我是否了解它是如何工作的。我想创建以下场景
Frontend --> Static. www.example.com example.com with LE
Backend --> api.example.com LE
Redis --> Local network only
Mongodb --> Local network only.
我阅读了文档并提出了以下 docker-compose.yml 文件,但我不知道它是否正确。我不确定 nginx 如何映射到端口 80 以及 traefik 如何创建 LE 证书。
version: '3'
services:
redis:
restart: always
image: redis:alpine
networks:
- internal
mongo:
restart: always
image: mongodb
networks:
- internal
frontend:
image: nginx:1-alpine
command: [nginx-debug, '-g', 'daemon off; error_log /dev/stdout info;']
volumes:
- "./static_assets:/usr/share/nginx/html:ro"
- "./nginx_config/default.conf:/etc/nginx/conf.d/default.conf"
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=PathPrefixStrip: /assets"
- "traefik.port=80"
- "traefik.frontend.rule=Host:example.com,www.example.com"
api:
image: MYAPIIMAGE
ports:
- "3000:3000"
networks:
- web
- internal
labels:
- "traefik.backend=api"
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.port=3000"
- "traefik.frontend.rule=Host:api.example.com"
traefik:
image: traefik:1.4.5
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- "./acme.toml:/etc/traefik/conf/acme.toml:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/etc/traefik/conf/acme.json:rw"
container_name: traefik
networks:
web:
external:
name: web
internal:
external:
name: internal
Traefik 将根据您的前端规则接收请求并将其映射到容器的端口。除非在您的 Traefik 配置中另有指定,否则 traefik 将始终将其端口 80 映射到您在 traefik.port 中指定的任何端口。这些是在 Traefik 的 entrypoints.http 配置中配置的。
只要您在 traefik 配置中将 acme.OnHostRule 设置为 true,Traefik 就会尝试为其获取 Let's Encrypt 证书。
我正在尝试了解 Traefik,但由于缺乏知识,我不确定我是否了解它是如何工作的。我想创建以下场景
Frontend --> Static. www.example.com example.com with LE
Backend --> api.example.com LE
Redis --> Local network only
Mongodb --> Local network only.
我阅读了文档并提出了以下 docker-compose.yml 文件,但我不知道它是否正确。我不确定 nginx 如何映射到端口 80 以及 traefik 如何创建 LE 证书。
version: '3'
services:
redis:
restart: always
image: redis:alpine
networks:
- internal
mongo:
restart: always
image: mongodb
networks:
- internal
frontend:
image: nginx:1-alpine
command: [nginx-debug, '-g', 'daemon off; error_log /dev/stdout info;']
volumes:
- "./static_assets:/usr/share/nginx/html:ro"
- "./nginx_config/default.conf:/etc/nginx/conf.d/default.conf"
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=PathPrefixStrip: /assets"
- "traefik.port=80"
- "traefik.frontend.rule=Host:example.com,www.example.com"
api:
image: MYAPIIMAGE
ports:
- "3000:3000"
networks:
- web
- internal
labels:
- "traefik.backend=api"
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.port=3000"
- "traefik.frontend.rule=Host:api.example.com"
traefik:
image: traefik:1.4.5
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- "./acme.toml:/etc/traefik/conf/acme.toml:ro"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./acme.json:/etc/traefik/conf/acme.json:rw"
container_name: traefik
networks:
web:
external:
name: web
internal:
external:
name: internal
Traefik 将根据您的前端规则接收请求并将其映射到容器的端口。除非在您的 Traefik 配置中另有指定,否则 traefik 将始终将其端口 80 映射到您在 traefik.port 中指定的任何端口。这些是在 Traefik 的 entrypoints.http 配置中配置的。
只要您在 traefik 配置中将 acme.OnHostRule 设置为 true,Traefik 就会尝试为其获取 Let's Encrypt 证书。