我想从Nginx作为反向代理切换到traefik,因为traefik提供了粘性会话,这在Docker Swarm环境中是需要的。这是我的Nginx安装程序的一部分,运行良好:
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth/ {
proxy_pass https://127.0.0.1:8443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
这是我的traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
[entryPoints.keycloak]
address = ":8443"
[entryPoints.shinyproxy]
address = ":5000"
[retry]
[docker]
exposedByDefault = false
[acme]
email = "langmarkus@hotmail.com"
storage = "acme/certs.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
这是我的撰写文件:
version: "3.7"
services:
shinyproxy:
build: /home/shinyproxy
deploy:
#replicas: 3
user: root:root
hostname: shinyproxy
image: shinyproxy-example
labels:
- "traefik.enable=true" # Enable reverse-proxy for this service
- "traefik.frontend.rule=Host:analytics.data-mastery.com" # Domain name for the app
- "traefik.port=443"
ports:
- 5000:5000
keycloak:
image: jboss/keycloak
labels:
- "traefik.enable=true" # Enable reverse-proxy for this service
- "traefik.frontend.rule=Host:analytics.data-mastery.com" # Domain name for the app
- "traefik.port=443"
networks:
- sp-example-net
volumes:
- type: bind
source: /home/certs/fullchain.pem
target: /etc/x509/https/tls.crt
- type: bind
source: /home/certs/privkey.pem
target: /etc/x509/https/tls.key
- /home/theme/:/opt/jboss/keycloak/themes/custom/
environment:
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_USER=myadmin
- KEYCLOAK_PASSWORD=mypassword
ports:
- 8443:8443
reverseproxy:
image: traefik:v1.7.16
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik/traefik.toml:/traefik.toml # Traefik configuration file
- ./volumes/traefik-acme:/acme # Tell Traefik to save SSL certs here
command: --api # Enables the web UI
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
- "8080:8080" # The web UI
networks:
sp-example-net:
driver: overlay
attachable: true
SSL正在运行,我的密钥隐藏服务正在此处运行:https://analytics.data-mastery.com:8443/auth/。但是,我想归档与proxy_pass相同的行为,而不必使用URL中的端口。我必须更改什么?
答案 0 :(得分:1)
如果要继续使用旧的traefik版本,则可以使用以下堆栈文件(也可以摆脱traefik.toml并仅使用CLI命令)
使用以下堆栈文件,您将能够访问analytics.data-mastery.com上的Shinyproxy和analytics.data-mastery.com/auth上的keycloak此处的导入内容是已定义的rule https://docs.traefik.io/routing/routers/
您也不需要公开此服务的端口,traefik将使用内部端口
version: "3.7"
services:
shinyproxy:
build: /home/shinyproxy
deploy:
replicas: 3
user: root:root
hostname: shinyproxy
image: shinyproxy-example
labels:
- traefik.enable=true
- traefik.backend.loadbalancer.swarm=true
- traefik.backend=shinyproxy
- traefik.frontend.rule=Host:analytics.data-mastery.com;
- traefik.port=5000
- traefik.docker.network=sp-example-net
keycloak:
image: jboss/keycloak
labels:
- traefik.enable=true
- traefik.backend.loadbalancer.swarm=true
- traefik.backend=keycloak
- traefik.frontend.rule=Host:analytics.data-mastery.com;Path:/auth
- traefik.port=8443
- traefik.docker.network=sp-example-net
networks:
- sp-example-net
volumes:
- type: bind
source: /home/certs/fullchain.pem
target: /etc/x509/https/tls.crt
- type: bind
source: /home/certs/privkey.pem
target: /etc/x509/https/tls.key
- /home/theme/:/opt/jboss/keycloak/themes/custom/
environment:
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_USER=myadmin
- KEYCLOAK_PASSWORD=mypassword
reverseproxy:
image: traefik:v1.7.16
networks:
- sp-example-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik/traefik.toml:/traefik.toml # Traefik configuration file
- ./volumes/traefik-acme:/acme # Tell Traefik to save SSL certs here
command:
- '--docker'
- '--docker.swarmmode'
- '--docker.domain=analytics.data-mastery.com'
- '--docker.watch'
- '--accessLog'
- '--checkNewVersion=false'
- '--api'
- '--ping.entryPoint=http'
# if you want to get reid of the toml file at all
# - '--entrypoints=Name:http Address::80 Redirect.EntryPoint:https'
# - '--entrypoints=Name:https Address::443 TLS'
# - '--defaultentrypoints=http,https'
# - '--acme.entrypoint=https'
# - '--acme.email=langmarkus@hotmail.com'
# - '--acme.storage=/var/lib/traefik/acme.json'
# - '--acme.acmelogging=true'
# - '--acme.httpChallenge.entryPoint=http'
# - '--acme.domains=*.analytics.data-mastery.com,analytics.data-mastery.com'
ports:
- "80:80"
- "443:443"
- "8080:8080"
networks:
sp-example-net:
driver: overlay
attachable: true
如果您想直接跳转到traefik2.1,这里的link包含使用它的好例子