如何使用 CLI 参数为 Traefik 仪表板设置密码?
How to set password for Traefik dashboard with CLI argument?
here 中有一个手册,但它对 TOML 来说非常严格,我需要 CLI 参数,因为我在 docker-swarm 中,具有 Consul 设置和高可用性
consul:
image: consul
command: agent -server -bootstrap-expect=1
volumes:
- consul-data:/consul/data
environment:
- CONSUL_LOCAL_CONFIG={"datacenter":"ams3","server":true}
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
networks:
- traefik
proxy_init:
image: traefik:1.6.3-alpine
command: >
storeconfig
--api
--entrypoints=Name:http Address::80 Redirect.EntryPoint:https
--entrypoints=Name:api Address::8080 Auth.Basic.Users:test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/ Auth.HeaderField:X-WebAuth-User
--entrypoints=Name:https Address::443 TLS
--defaultentrypoints=http,https
--acme
--acme.storage="traefik/acme/account"
--acme.entryPoint=https
--acme.httpChallenge.entryPoint=http
--acme.onHostRule=true
--acme.acmelogging=true
--acme.onDemand=false
--acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
--acme.email="whatever@gmail.com"
--docker
--docker.swarmMode
--docker.domain=swarm.xxx.io
--docker.endpoint=unix://var/run/docker.sock
--docker.watch
--consul
--consul.watch
--consul.endpoint=consul:8500
--consul.prefix=traefik
--logLevel=DEBUG
--accesslogsfile=/dev/stdout
networks:
- traefik
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
depends_on:
- consul
proxy:
image: traefik:1.6.3-alpine
depends_on:
- traefik_init
- consul
command: >
--consul
--consul.endpoint=consul:8500
--consul.prefix=traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- webgateway
- traefik
ports:
- 80:80
- 443:443
- 8080:8080
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock
您也可以为 traefik 容器设置标签。 Traefik 可以管理自己的容器,因此您可以像使用任何其他容器一样通过 label 设置 http 基本身份验证。我遇到的唯一问题是来自 ACME 客户端的 DNS 质询失败,但它适用于自签名证书。
deploy:
labels:
- "traefik.docker.network=infra_traefik"
- "traefik.port=8080"
- "traefik.tags=monitoring"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.frontend.passHostHeader=true"
- "traefik.frontend.rule=Host:proxy01.swarm.lympo.io,proxy.swarm.lympo.io"
- "traefik.frontend.auth.basic=admin:$$apr1$$Xv0Slw4m$$MqFgCq4Do83fcKIsPTDGu/"
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
这是我使用的配置。 ping(8082) 和 API/Dashboard(具有基本身份验证的 8081)我有两个不同的端点:
version: "3.4"
services:
traefik_init:
image: traefik:1.7.9
command:
- "storeconfig"
- "--api"
- "--api.entrypoint=foo"
- "--ping"
- "--ping.entrypoint=bar"
- "--accessLog"
- "--logLevel=INFO"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--entrypoints=Name:foo Address::8081 Auth.Basic.Users:admin:$a$$$i9SzMNSHJlab7zKH28z17uicrnXbHfIicWJVPanNBxf6aiNyoMare"
- "--entrypoints=Name:bar Address::8082"
- "--defaultentrypoints=http,https"
警告: $ 字符应在 YAML
中用另一个 $ 进行转义
here 中有一个手册,但它对 TOML 来说非常严格,我需要 CLI 参数,因为我在 docker-swarm 中,具有 Consul 设置和高可用性
consul:
image: consul
command: agent -server -bootstrap-expect=1
volumes:
- consul-data:/consul/data
environment:
- CONSUL_LOCAL_CONFIG={"datacenter":"ams3","server":true}
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_CLIENT_INTERFACE=eth0
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
networks:
- traefik
proxy_init:
image: traefik:1.6.3-alpine
command: >
storeconfig
--api
--entrypoints=Name:http Address::80 Redirect.EntryPoint:https
--entrypoints=Name:api Address::8080 Auth.Basic.Users:test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/ Auth.HeaderField:X-WebAuth-User
--entrypoints=Name:https Address::443 TLS
--defaultentrypoints=http,https
--acme
--acme.storage="traefik/acme/account"
--acme.entryPoint=https
--acme.httpChallenge.entryPoint=http
--acme.onHostRule=true
--acme.acmelogging=true
--acme.onDemand=false
--acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
--acme.email="whatever@gmail.com"
--docker
--docker.swarmMode
--docker.domain=swarm.xxx.io
--docker.endpoint=unix://var/run/docker.sock
--docker.watch
--consul
--consul.watch
--consul.endpoint=consul:8500
--consul.prefix=traefik
--logLevel=DEBUG
--accesslogsfile=/dev/stdout
networks:
- traefik
deploy:
placement:
constraints:
- node.role == manager
restart_policy:
condition: on-failure
depends_on:
- consul
proxy:
image: traefik:1.6.3-alpine
depends_on:
- traefik_init
- consul
command: >
--consul
--consul.endpoint=consul:8500
--consul.prefix=traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- webgateway
- traefik
ports:
- 80:80
- 443:443
- 8080:8080
deploy:
mode: replicated
replicas: 2
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
volumes:
- "/var/run/docker.sock:/var/run/docker.sock
您也可以为 traefik 容器设置标签。 Traefik 可以管理自己的容器,因此您可以像使用任何其他容器一样通过 label 设置 http 基本身份验证。我遇到的唯一问题是来自 ACME 客户端的 DNS 质询失败,但它适用于自签名证书。
deploy:
labels:
- "traefik.docker.network=infra_traefik"
- "traefik.port=8080"
- "traefik.tags=monitoring"
- "traefik.backend.loadbalancer.stickiness=true"
- "traefik.frontend.passHostHeader=true"
- "traefik.frontend.rule=Host:proxy01.swarm.lympo.io,proxy.swarm.lympo.io"
- "traefik.frontend.auth.basic=admin:$$apr1$$Xv0Slw4m$$MqFgCq4Do83fcKIsPTDGu/"
restart_policy:
condition: on-failure
placement:
constraints:
- node.role == manager
这是我使用的配置。 ping(8082) 和 API/Dashboard(具有基本身份验证的 8081)我有两个不同的端点:
version: "3.4"
services:
traefik_init:
image: traefik:1.7.9
command:
- "storeconfig"
- "--api"
- "--api.entrypoint=foo"
- "--ping"
- "--ping.entrypoint=bar"
- "--accessLog"
- "--logLevel=INFO"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 TLS"
- "--entrypoints=Name:foo Address::8081 Auth.Basic.Users:admin:$a$$$i9SzMNSHJlab7zKH28z17uicrnXbHfIicWJVPanNBxf6aiNyoMare"
- "--entrypoints=Name:bar Address::8082"
- "--defaultentrypoints=http,https"
警告: $ 字符应在 YAML
$ 进行转义