如何使用 letsencrypt 和多个服务配置 Traefik

How can I configure Traefik with letsencrypt and multiple services

我正在尝试了解 Traefik,但由于缺乏知识,我不确定我是否了解它是如何工作的。我想创建以下场景

Frontend --> Static. www.example.com example.com with LE
Backend --> api.example.com LE
Redis --> Local network only
Mongodb --> Local network only.

我阅读了文档并提出了以下 docker-compose.yml 文件,但我不知道它是否正确。我不确定 nginx 如何映射到端口 80 以及 traefik 如何创建 LE 证书。

version: '3'

services:
    redis:
      restart: always
      image: redis:alpine
      networks:
        - internal

    mongo:
      restart: always
      image: mongodb
      networks:
        - internal

    frontend:
      image: nginx:1-alpine
      command: [nginx-debug, '-g', 'daemon off; error_log /dev/stdout info;']
      volumes:
        - "./static_assets:/usr/share/nginx/html:ro"
        - "./nginx_config/default.conf:/etc/nginx/conf.d/default.conf"
      labels:
        - "traefik.enable=true"
        - "traefik.frontend.rule=PathPrefixStrip: /assets"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:example.com,www.example.com"

    api:
      image: MYAPIIMAGE
      ports:
        - "3000:3000"
      networks:
        - web
        - internal
      labels:
        - "traefik.backend=api"
        - "traefik.docker.network=web"
        - "traefik.enable=true"
        - "traefik.port=3000"
        - "traefik.frontend.rule=Host:api.example.com"
    traefik:
      image: traefik:1.4.5
      restart: always
      ports:
        - 80:80
        - 443:443
      networks:
        - web
      volumes:
        - "./acme.toml:/etc/traefik/conf/acme.toml:ro"
        - "/var/run/docker.sock:/var/run/docker.sock:ro"
        - "./acme.json:/etc/traefik/conf/acme.json:rw"
      container_name: traefik

networks:
  web:
    external:
      name: web
  internal:
    external:
      name: internal

Traefik 将根据您的前端规则接收请求并将其映射到容器的端口。除非在您的 Traefik 配置中另有指定,否则 traefik 将始终将其端口 80 映射到您在 traefik.port 中指定的任何端口。这些是在 Traefik 的 entrypoints.http 配置中配置的。

只要您在 traefik 配置中将 acme.OnHostRule 设置为 true,Traefik 就会尝试为其获取 Let's Encrypt 证书。