Traefik v2作为不带Docker的反向代理

时间:2019-10-22 02:17:43

标签: reverse-proxy traefik

我已经阅读了文档,但是在不涉及Docker的情况下,我无法弄清楚如何配置Traefik v2以替换Nginx作为网站(虚拟主机)的反向代理。理想情况下,也应该让我们将https加密。

我有一个在http://127.0.0.1:4000上运行的服务,我想将代理从http://myhost.com:80撤消

这是我到目前为止提出的配置:

[Global]
checkNewVersion = true

[log]
  level = "DEBUG"
  filePath = "log-file.log"

[accessLog]
  filePath =  "log-access.log"
  bufferingSize =  100

[entrypoints]
    [entrypoints.http]
    address = ":80"

[http]
    [http.routers]
       [http.routers.my-router]
          rule = "Host(`www.myhost.com`)"
          service = "http"
          entrypoint=["http"]

    [http.services]
          [http.services.http.loadbalancer]
            [[http.services.http.loadbalancer.servers]]
              url = "http://127.0.0.1:4000"

3 个答案:

答案 0 :(得分:3)

我知道了, 第一部分要注意的是,traefik v2中有两种配置类型,静态配置和动态配置。因此,我创建了两个文件traefik.toml和traefik-dynamic.toml。

traefik.toml的内容:

[log]
  level = "DEBUG"
  filePath = "log-file.log"

[accessLog]
  filePath =  "log-access.log"
  bufferingSize =  100

[providers]
  [providers.file]
    filename = "traefik-dynamic.toml"

[api]
  dashboard = true
  debug = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.web-secure]
    address = ":443"
  [entryPoints.dashboard]
    address = ":8080"

[certificatesResolvers.sample.acme]
  email = "myemail@example.com"
  storage = "acme.json"

  [certificatesResolvers.sample.acme.httpChallenge]
    # used during the challenge
    entryPoint = "web"

traefik-dynamic.toml:

[http]
    # Redirect to https
    [http.middlewares]
      [http.middlewares.test-redirectscheme.redirectScheme]
        scheme = "https"

    [http.routers]
       [http.routers.my-router]
          rule = "Host(`www.example.com`)"
          service = "phx"
          entryPoints = ["web-secure"]
       [http.routers.my-router.tls]
          certResolver = "sample"

    [http.services]
          [http.services.phx.loadbalancer]
            [[http.services.phx.loadbalancer.servers]]
              url = "http://127.0.0.1:4000"

答案 1 :(得分:2)

您还可以使用Traefik v2将代理反向转换为在本地主机上运行的服务,而无需使用Nginx,如此处所述,使用Traefik的 File (而不是 Docker 提供程序)。

首先,通过更新myhost.com将呼叫通过localhost路由到/etc/hosts,例如:

127.0.0.1 myhost.com

创建一个最小的docker-compose.yml,例如:

version: "3.7"
services:

  proxy:
    image: traefik:2.0
    command:
      - "--providers.file.filename=/etc/traefik/proxy-config.toml"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
    volumes:
      - ./proxy-config.toml:/etc/traefik/proxy-config.toml:ro

此Compose文件创建一个只读卷,其中包含根据要求代表Nginx的Traefik反向代理的动态配置。它为Traefik使用 File 提供程序,而不是 Docker ,并且将空白HTTP地址映射到入口点的端口80。这本身就是一个完整的Compose文件。除此之外,还需要Traefik的反向代理配置。

在同一目录中配置Traefik反向代理proxy-config.toml

[http.routers.test-streamrouter]
  rule = "Host(`myhost.com`)"
  service = "test-loadbalancer"
  entryPoints = ["web"]

[[http.services.test-loadbalancer.loadBalancer.servers]]
  url = "http://host.docker.internal:4000"

这是一个完整的示例反向代理。中间件可以增强它的功能,以执行URL重写,更新域名甚至重定向用户(如果您这样做)。如this answer所示,使用单个负载均衡器。并且host.docker.internal用于返回主机的internal networking address

注意:在撰写本文时,"host.docker.internal"仅适用于Mac的Docker,在Linux上将失败。但是,您也许可以改用Compose服务名称(即"proxy")。

一旦完成这项工作,就可以使用TRAEFIK_PROVIDERS_FILE_FILENAME环境变量来设置“让我们加密”内容或在开发配置和生产配置之间交换。

答案 2 :(得分:0)

您可以

  1. 在同一桥接网络(而不是localhost)中使用容器名称
  2. 链接没有@file后缀的中间件和服务

请注意,在yaml和toml文件中,您需要注意属性的小写字母。在docker中,loadbalancerloadBalencer,而您需要在配置文件中写入http: middlewares: docs: stripPrefix: prefixes: - "/docs" restapi: stripPrefix: prefixes: - "/api/v1" routers: restapi: rule: "PathPrefix(`/api/v1`)" middlewares: - "restapi" service: "restapi" entryPoints: - http docs: rule: "PathPrefix(`/docs`)" middlewares: - "docs" service: "docs" entryPoints: - http client: rule: "PathPrefix(`/`)" service: "client" entryPoints: - http help: rule: "PathPrefix(`/server/sicon/help`)" services: restapi: loadBalancer: servers: - url: "http://sicon_backend:1881" docs: loadBalancer: servers: - url: "http://sicon_backend:1882" client: loadBalancer: servers: - url: "http://sicon_client"

/identitytoolkit/v3/relyingparty/signupNewUser