wiki

Инструменты пользователя

Инструменты сайта

Вы находитесь здесь: start » how-to » Traefik
Вы посетили: Bind pv FTP udev Grafana Netplan Provisioning Traefik
how-to:traefik

Содержание

Traefik

docker-compose.yaml

docker-compose.yaml 

version: '3.5'

services:
 traefik:
  image: traefik:${VERSION-2.8}
  ports:
    - mode: host
      protocol: tcp
      published: 80
      target: 80
    - mode: host
      protocol: tcp
      published: 443
      target: 443
    - mode: host
      protocol: tcp
      published: 9000
      target: 9000
  volumes:
   - ${VOLPATH-/data/docker/traefik}/traefik/traefik.yml:/etc/traefik/traefik.yml:ro
   - ${VOLPATH-/data/docker/traefik}/acme:/acme:rw
   - ${VOLPATH-/data/docker/traefik}/config:/config:ro
   - ${VOLPATH-/data/docker/traefik}/ssl:/ssl:ro
  deploy:
    resources:
      limits:
        memory: 100m

Примеры

Балансировка с активными проверками

traefik.yml

traefik.yml 

log:
  level: INFO

api:
  dashboard: true
  insecure: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: false
  https:
    address: ":443"
  traefik:
    address: ":9000"

providers:
  file:
    directory: /config
    watch: true

/config/tls.yaml

/config/tls.yaml 

tls:
  certificates:
    - certFile: /ssl/domain.com.crt
      keyFile: /ssl/domain.com.key
  options:
    default:
      sniStrict: true

/config/docs.yaml

/config/docs.yaml 

http:
  routers:
    docs:
      rule: Host(`docs.domain.com`)
      entryPoints:
      - https
      service: docs
      tls:
        domains:
          - main: "docs.domain.com"
  services:
    docs:
      loadBalancer:
        servers:
        - url: http://docs1.domain.com/
        - url: http://docs2.domain.com/
        healthCheck:
          path: /
          interval: "30s"
          timeout: "3s"

docker run:

docker run: 

docker run -d -p 443:443 -p 80:80 \
  -v /data/docker/traefik/traefik.yml:/etc/traefik/traefik.yml \
  -v /data/docker/traefik/config:/config \
  -v /data/docker/traefik/ssl:/ssl:ro \
  --name traefik traefik:v2.4


ACME

traefik.yml

traefik.yml 

certificatesResolvers:
  resName:
    acme:
      email: devops@domain.com
      storage: /acme/acme.json
      httpChallenge:
        entryPoint: http

/config/docs.yaml

/config/docs.yaml 

http:
  routers:
    docs:
      tls:
        certResolver: "resName"
        domains:
          - main: "docs.domain.com"


Удаление сертификатов: 

cat /acme/acme.json | jq "del(.le.Certificates[] | select(.domain.main == \"$domain\"))" | grep $domain

https://gist.github.com/DrJume/64ff0ec0bdcfdadf98519b9422fca5ae
https://github.com/ldez/traefik-certs-cleaner

Rewrite

docs.domain.com/foo2 → docs.domain.com/foo:

/config/docs.yaml

/config/docs.yaml 

http:
  middlewares:
    test-replacepath:
      replacepathregex:
        regex: "^/foo2/(.*)"
        replacement: "/foo/$1"

  routers:
    docs:
      rule: (Host(`docs.domain.com`)) && PathPrefix(`/foo2`)
      middlewares:
      - test-replacepath
      service: docs 
  services:
    docs:
      loadBalancer:
        servers:
        - url: "http://docs1.domain.com/"


doc1.domain.com → doc2.domain.com:

/config/doc1.yaml

/config/doc1.yaml 

http:
  middlewares:
    doc1.domain.com:
      redirectregex:
        regex: ^https?://doc1.domain.com
        replacement: https://doc2.domain.com
        permanent: false
  routers:
    doc1.domain.com:
      rule: (Host(`doc1.domain.com`))
      entryPoints:
      - https
      middlewares:
      - doc1.domain.com
      - secureHeader
      service: doc1.domain.com
      tls:
        {}
  services:
    doc1.domain.com:
      loadBalancer:
        servers:
        - url: http://127.0.0.1/


https://doc.traefik.io/traefik/middlewares/http/replacepath/

Redirect

Весь трафик http→https:

traefik

traefik 

  command:
    --entryPoints.http.http.redirections.entryPoint.to=https
    --entryPoints.http.http.redirections.entryPoint.scheme=https
    --entryPoints.http.http.redirections.entryPoint.permanent=false


Middlware http→https (httptohttps) и www→https (wwwtohttps):

traefik

traefik 

  deploy:
    labels:
      - traefik.http.middlewares.httptohttps.redirectscheme.scheme=https
      - traefik.http.middlewares.httptohttps.redirectscheme.permanent=false
      - traefik.http.middlewares.wwwtohttps.redirectregex.regex=^https?://(?:www\.)?(.+)
      - traefik.http.middlewares.wwwtohttps.redirectregex.replacement=https://$${1}
      - traefik.http.middlewares.wwwtohttps.redirectregex.permanent=false

service

service 

  deploy:
    labels:
      - traefik.http.routers.service.middlewares=httptohttps,wwwtohttps

https://community.traefik.io/t/global-redirect-www-to-non-www-with-https-redirection/2313/9

basicauth

https://doc.traefik.io/traefik/middlewares/http/basicauth/

midleware

midleware 

http:
  middlewares:
    test-auth:
      basicAuth:
        users:
          - "username:$apr1$cgV3maky$LuKYngOIN60dzPXis/u9x0"


Генерировать пароль: 

htpasswd -nb username password

Экранировать символ $ в compose символом $. Пример:

compose

compose 

labels:
  - traefik.http.middlewares.promtail-loki-auth.basicauth.users=username:$$apr1$$cgV3maky$$LuKYngOIN60dzPXis/u9x0


Ссылки

https://doc.traefik.io/traefik/
https://dockerswarm.rocks/traefik/

Ошибки

port is missing
msg="service \"traefik-traefik\" error: port is missing"

Причина:
Порт expose сервиса не назначен в traefik

Решение:

  1. Отключить сервис от сканирования traefik: 
    - traefik.enable=false
  2. Добавить порт назначенный в expose в сервис: 
    - traefik.http.services.$SERVICE.loadbalancer.server.port=$PORT
  3. Добавить порт назначенный в expose в подставной сервис 
    - traefik.http.services.dummyService.loadbalancer.server.port=$PORT
how-to/traefik.txt · Последнее изменение: 127.0.0.1