zoukankan      html  css  js  c++  java

  • Docker Compose + Traefik v2 快速安装, 自动申请SSL证书 http转https 初次尝试

    前言

    昨晚闲得无聊睡不着觉,拿起服务器尝试部署了一下Docker + Traefik v2.1.6 ,以下是一些配置的总结,初次接触,大佬勿喷。
    我的系统环境是 Ubuntu 18.04.3 LTS

    一、Docker 和 Docker Compose 安装

    懒人使用一键脚本
    1.Docker 安装

    curl -sSL https://get.daocloud.io/docker | sh

    安装后将会自动重启。
    2.Docker Compose 安装

    curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

    可自行前往Github 查看最新版本 Releases · docker/compose

    Docker以及Docker Compose简单介绍使用传送门:docker 及 docker-compose 的快速安装和简单使用

    二、使用Docker Compose快速安装Traefik v2.1.6

    1.建立traefik目录,新建docker-compose.yml文件 以下是我的配置,仅供参考

    vim docker-compose.yml

    version: "3.7"
services:
  dykimy_traefik:
    restart: always
    image: traefik:v2.1.6
    container_name: dykimy_traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # 入口点信息 其中 http & https 可以自己定义名称 在routers entrypoints中会用到
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      # ACME信息
      - "--certificatesresolvers.dykimy.acme.httpchallenge=true"
      - "--certificatesresolvers.dykimy.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.dykimy.acme.email=${AcmeEmail}"
      - "--certificatesresolvers.dykimy.acme.storage=/letsencrypt/acme.json"
    networks:
      - webgateway
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/timezone:/etc/timezone"
      - "/etc/localtime:/etc/localtime"
    labels:
      - "traefik.enable=true"
      # Traefik仪表板相关配置
      - "traefik.http.routers.dykimy_traefik.rule=Host(`${TraefikDomain}`)"
      - "traefik.http.routers.dykimy_traefik.tls.certresolver=dykimy"
      - "traefik.http.routers.dykimy_traefik.entrypoints=https"
      - "traefik.http.routers.dykimy_traefik.middlewares=authtraefik"
      - "traefik.http.services.dykimy_traefik.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.authtraefik.basicauth.users=${TraefikUsers}"

      # 全局重定向到HTTPS
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # 重定向中间件
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"        
networks:
  webgateway:
    external:
      # 请先自行创建网络 docker network create dykimy_gateway 名字自己定义
      name: dykimy_gateway

    vim .env

    AcmeEmail=yourname@youremail.com
TraefikDomain=traefik.yourdomain.com
TraefikUsers=user:$apr1$7u80L7XB$Oqh/UiL5EjWr94lSkULKl0,user2:$apr1$U.eJNqst$DeuE7JjXgbiqP9g2nUq18/

    #用户可以设置多个,生成htpasswd使用如下shell获取。
echo $(htpasswd -nb user password)
#user:$apr1$7u80L7XB$Oqh/UiL5EjWr94lSkULKl0

#如果需要直接卸载yml中,因为有$符号需要转移。
echo $(htpasswd -nb user password) | sed -e s/\$/\$\$/g
#user:$$apr1$$i88wLyi0$$/2dB/ShipkdrTZpnDjcpo0

    yml中的写法

    labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

    2.拉取镜像,启动容器

    docker-compose up -d

    访问 traefik.yourdomain.com 就可以看到Traefik 的界面啦,下面附送两张图片,Traefik V2的UI是真的好看。

    3.其他站点如何配置?
    我以一个whoami的示例给大家举例

    vim docker-compose.yml

    version: "3.7"
services:
  whoami:
    restart: always
    image: containous/whoami
    container_name: whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      # 这里的dykimy 填写上面的ACME你定义的节点名称
      - "traefik.http.routers.whoami.tls.certresolver=dykimy"
    networks:
      - webgateway
networks:
  webgateway:
    external:
      name: dykimy_gateway

    启动容器

    docker-compose up -d

    访问whoami.yourdomain.com就可以看到效果了

    4.不带www转到www
    我搜索了中文结果,英文结果,都没有找到traefik v2 设置不带www跳转www的方法,然后发现老外的需求都是带www跳转到不带www,哈哈,然后自己写了一个,仅供参考。
    在 traefik 目录的 docker-compose.yml 下的 labels 节点,增加如下配置:

    - "traefik.http.middlewares.https-force-www.redirectregex.regex=^https://([^www](?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9])(.+)"
- "traefik.http.middlewares.https-force-www.redirectregex.replacement=https://www.$${1}$${2}"
- "traefik.http.middlewares.https-force-www.redirectregex.permanent=true"

    完整文件内容

    version: "3.7"
services:
  dykimy_traefik:
    restart: always
    image: traefik:v2.1.6
    container_name: dykimy_traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # 入口点信息 其中 http & https 可以自己定义名称 在routers entrypoints中会用到
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      # ACME信息
      - "--certificatesresolvers.dykimy.acme.httpchallenge=true"
      - "--certificatesresolvers.dykimy.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.dykimy.acme.email=${AcmeEmail}"
      - "--certificatesresolvers.dykimy.acme.storage=/letsencrypt/acme.json"
    networks:
      - webgateway
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/timezone:/etc/timezone"
      - "/etc/localtime:/etc/localtime"
    labels:
      - "traefik.enable=true"
      # Traefik仪表板相关配置
      - "traefik.http.routers.dykimy_traefik.rule=Host(`${TraefikDomain}`)"
      - "traefik.http.routers.dykimy_traefik.tls.certresolver=dykimy"
      - "traefik.http.routers.dykimy_traefik.entrypoints=https"
      - "traefik.http.routers.dykimy_traefik.middlewares=authtraefik"
      - "traefik.http.services.dykimy_traefik.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.authtraefik.basicauth.users=${TraefikUsers}"

      # 全局重定向到HTTPS
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # 重定向中间件
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # 全局重定向https请求不带www到www中间件
      - "traefik.http.middlewares.https-force-www.redirectregex.regex=^https://([^www](?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9])(.+)"
      - "traefik.http.middlewares.https-force-www.redirectregex.replacement=https://www.$${1}$${2}"
      - "traefik.http.middlewares.https-force-www.redirectregex.permanent=true"
networks:
  webgateway:
    external:
      # 请先自行创建网络 docker network create dykimy_gateway 名字自己定义
      name: dykimy_gateway

    对应修改站点下的docker-compose.yml为:

    version: "3.7"
services:
  whoami:
    restart: always
    image: containous/whoami
    container_name: whoami
    labels:
      - "traefik.enable=true"
      # 注意这里增加了www前缀
      - "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`,`www.whoami.yourdomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      # 这里的dykimy 填写上面的ACME你定义的节点名称
      - "traefik.http.routers.whoami.tls.certresolver=dykimy"
      # 使用咱们全局定义的https-force-www中间件
      - "traefik.http.routers.whoami.middlewares=https-force-www"
    networks:
      - webgateway
networks:
  webgateway:
    external:
      name: dykimy_gateway

    好了,大功告成,一写博客就去了几个小时,哈哈哈,如果本文帮到您,请大家多多支持,如有不足之处,请指出,感谢您的阅读。

    本文版权归 Dykimy博客园 共有,欢迎转载,如未经作者允许,转载需保留此段声明,并在文章显眼处注明出处,否则保留追究法律责任的权利。
  • 相关阅读:
    poj 2942 Knights of the Round Table 双连通分量
    zoj 2588 Burning Bridges 桥
    desin pattern
    android
    ubuntu
    centos
    android布局
    gradle
    好站
    tomcat datasource
  • 原文地址:https://www.cnblogs.com/Dykimy/p/12464652.html
Copyright © 2011-2022 走看看