个人中心
gpt4 book ai didi

docker - 在两个 docker 容器前配置 Traefik,都在 80 端口

转载 作者:行者123 更新时间:2023-12-02 18:29:48 30 4
gpt4 key购买 nike

我尝试在一台主机上运行三个 docker 容器。 Traaefik 是将流量代理到其他容器的容器之一。

我的第一个目标是通过端口 80 上的专用主机名访问每个容器。 Traefik ui 应该仅通过主机名和端口 80 可用,并具有某种身份验证。

仅使用 docker-compose.yml,我可以使用主机名访问所有三个容器,全部在端口 80 上。但是要添加身份验证,我想我需要引入 traefik.toml。但这给我带来了麻烦。
下一个目标是在所有三个主机上使用让我们加密来引入 SSL。但首先要做的是......

三个主机的工作解决方案,都在端口 80 上,缺乏 Traefik UI 的授权:

version: "2"

networks:
 web:

services:

 prox:
    image: containous/traefik:latest # The official Traefik docker image
    command: --api --docker # Enables the web UI and tells Træfik to listen to docker
    restart: unless-stopped
    ports:
      - "80:80"     # The HTTP port
    labels:
      - "traefik.port=8080"
      - "traefik.backend=traefikception"
      - "traefik.frontend.rule=Host:traefik.test.com"
      - "traefik.enable=true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
    networks:
      - web

 seafile_1:
    image: seafileltd/seafile
    container_name: seafile_1
    restart: unless-stopped
    environment:
      SEAFILE_ADMIN_EMAIL: me@test.com
      SEAFILE_ADMIN_PASSWORD: ####
      SEAFILE_SERVER_HOSTNAME: 1.test.com
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:1.test.com
      - traefik.port=80
      - traefik.backend=seafile_1
      - traefik.docker.network=web
    volumes:
      - /opt/seafile-data/ttt_1:/shared
    networks:
      - web

 seafile_2:
    image: seafileltd/seafile
    container_name: seafile_2
    restart: unless-stopped
    environment:
      SEAFILE_ADMIN_EMAIL: me@test2.com
      SEAFILE_ADMIN_PASSWORD: #####
      SEAFILE_SERVER_HOSTNAME: 2.test2.com
    labels:
      - traefik.enable=true
      - traefik.frontend.rule=Host:2.test2.com
      - traefik.port=80
      - traefik.backend=seafile_1
      - traefik.docker.network=web
    volumes:
      - /opt/seafile-data/ttt_2:/shared
    networks:
      - web

添加以下 traefik.toml: 
defaultEntryPoints = ["http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"

 [entryPoints.proxy]
   address=":80"
   [entryPoints.proxy.auth]
     [entryPoints.proxy.auth.basic]
       users = [
         "joh:$apr1$RKdHyOKO$QDK1EKB4UJbsda7CXfPfK0",
       ]

[api]
entrypoint="proxy"

我在日志中收到很多以下错误,没有一个容器可以从外部访问: 
prox_1           | time="2018-06-17T19:23:26Z" level=fatal msg="Error preparing server: listen tcp :8080: bind: address already in use"
prox_1           | time="2018-06-17T19:24:26Z" level=error msg="Error opening listener listen tcp :8080: bind: address already in use"
prox_1           | time="2018-06-17T19:24:26Z" level=fatal msg="Error preparing server: listen tcp :8080: bind: address already in use"

我很确定我需要调整我的 docker-compose.yml 并将设置移动到 traefik.toml,但我无法弄清楚如何去做。

提前致谢!!

最佳答案

在 traefik 对 slack 的支持的帮助下,我能够解决这个问题。

  • 每个端口的入口点不得超过一个
  • 可以在 docker-compose.yml
    • 中配置授权
  • 添加 acme.json 并配置 https ,让我们只在 traefik.toml
    • 中加密

    在/opt/traefik 中放入以下三个文件:

    acme.json:

    可能为空,但必须妥善保护: 
    touch acme.json
    chmod 600 acme.json

    docker -compose.yml: 
    version: "2"

    networks:
     web:

    services:

     prox:
        image: containous/traefik:latest # The official Traefik docker image
        command: --api --docker # Enables the web UI and tells Træfik to listen to docker
        restart: unless-stopped
        ports:
          - "80:80"
          - "443:443"
    #     - "8080:8080" # Don't want this port open (on all hostnames!)
        labels:
          - "traefik.port=8080"
          - "traefik.backend=traefikception"
          - "traefik.frontend.rule=Host:traefik.example.me"
          - "traefik.enable=true"
          - "traefik.frontend.auth.basic=admin:$$ert2$$RKdHyOKO$$QDK1EKB4UJbsda7CXfPfK0"
        volumes:
          - "/var/run/docker.sock:/var/run/docker.sock" # So that Traefik can listen to the Docker events
          - "./traefik.toml:/traefik.toml"
          - "./acme.json:/acme.json"
        networks:
          - web

    seafile_org1:
        image: seafileltd/seafile
        container_name: seafile_org1
        restart: unless-stopped
        environment:
          SEAFILE_ADMIN_EMAIL: mail@mail.me
          SEAFILE_ADMIN_PASSWORD: ####
          SEAFILE_SERVER_HOSTNAME: org1.example.me
        labels:
          - traefik.enable=true
          - traefik.frontend.rule=Host:org1.example.me
          - traefik.port=80
          - traefik.backend=seafile_org1
          - traefik.docker.network=web
        volumes:
          - /opt/seafile-data/org1:/shared
        networks:
          - web

     seafile_org2:
        image: seafileltd/seafile
        container_name: seafile_org2
        restart: unless-stopped
        environment:
          SEAFILE_ADMIN_EMAIL: mail@mail.com
          SEAFILE_ADMIN_PASSWORD: ####
          SEAFILE_SERVER_HOSTNAME: org2.example.com
        labels:
          - traefik.enable=true
          - traefik.frontend.rule=Host:org2.example.com
          - traefik.port=80
          - traefik.backend=seafile_org2
          - traefik.docker.network=web
        volumes:
          - /opt/seafile-data/org2:/shared
        networks:
          - web

    获取您需要为 traefik.frontend.auth.basic 发行的值(value): 
    htpasswd -n admin

    traefik.toml:
    defaultEntryPoints = ["http", "https"] 
    [entryPoints]
      [entryPoints.http]
      address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"

      [entryPoints.https]
      address = ":443"
    [entryPoints.https.tls]

    [retry]

    [api]
    dashboard = true


    # Enable ACME (Let's Encrypt): automatic SSL.
    [acme]
    email = "you@mail.com"
    storage = "acme.json"
    entryPoint = "https"
    # If true, display debug log messages from the acme client library.
    # acmeLogging = true
    # Enable certificate generation on frontends host rules.
    onHostRule = true
    # CA server to use.
    # Uncomment the line to use Let's Encrypt's staging server,
    # leave commented to go to prod.
    caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
    # Use a HTTP-01 ACME challenge.
    # Optional (but recommended)
    [acme.httpChallenge]
      entryPoint = "http"

    这使用 Let's encrypt staging environment 来获得三个证书。用 caServer 评论该行以获得真正的证书!重新创建一个空的 acme.json !

    海文件数据存储在 
    /opt/seafile-data/org1


    /opt/seafile-data/org2

    分别。

    在/opt/traefik 你可以启动系统: 
    docker-compose up -d

    并查看日志 
    docker-compose logs

    启动在第一次运行时需要一些时间来设置 seafile,获取证书,...

    您的主机应该是可访问的,不会出现 SSL 错误或警告
  • http://traefik.example.me (要求您的凭据查看页面)
  • http://org1.example.me
  • http://org2.example.com

    • 剩下要做的就是编辑每个seafile安装目录(/opt/seafile-data/org1/seafile/conf/ccnet.conf)中的ccnet.conf文件并将协议(protocol)更改为“http”并删除端口“:8000"来自 SERVICE_URL 以便共享链接对于该设置也是正确的。该行应为: 
    SERVICE_URL = https://org1.example.me

    关于docker - 在两个 docker 容器前配置 Traefik,都在 80 端口,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50899827/

    30 4 0
    文章推荐: apache - 如何使用Docker容器在前端和后端之间进行REST调用
    文章推荐: git - 在 Gitlab 的 Dockerfile 上使用 SSH key - 权限被拒绝
    文章推荐: Docker 无法使用复制命令找到文件或目录
    文章推荐: docker - Docker群
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com