概述
Entrypoints-> 入口HTTP Router-> 路由规则Service-> 可以理解为部署在docker中的容器、这里也可以是在配置文件中自定义的serviceTLS->https
toml配置文件
traefik支持通过toml配置文件手动配置https、自定义Router、Service;
traefik.toml
# 全局配置
[global]
checkNewVersion = false
sendAnonymousUsage = false
# 入口
[entryPoints]
# http
[entryPoints.web]
address = ":80"
# https "websecure"这个名字是自己定义的
[entryPoints.websecure]
address = ":443"
# traefik web ui
[entryPoints.traefik]
address = ":8080"
# 免费Let's Encrypt 证书(注意:必须域名解析到的主机中才有效,traefik会把秘钥写入acme.json中)
[certificatesResolvers.bxtlschallenge.acme]
# 自己的邮箱地址
email = "xxxx@xx.com"
# 秘钥写入地址,根据自己文件映射来配置
storage = "/letsencrypt/acme.json"
[certificatesResolvers.bxtlschallenge.acme.httpChallenge]
entryPoint = "web"
# 自定义Router、Services(貌似必须定义在外部文件里面,坑了好久)
[providers.file]
directory = "/etc/traefik/conf"
# traefik 需要开启的功能
[api]
insecure = true
dashboard = true
[ping]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = true
# 传输配置
[serversTransport]
# 如果后端需要代理https自定义证书,可以使用这种方式就可以跳过验证,不然会报x509证书错误
insecureSkipVerify = true
file.toml
[http]
# 自定义 routers
[http.routers]
# http 方式
[http.routers.routers-cnblogs]
entryPoints = ["web"]
rule = "Host(`cnblogs.fanxp.com`)"
service = "cnblogs"
# https 方式
[http.routers.routers-cnblogs1]
entryPoints = ["websecure"]
rule = "Host(`cnblogs.fanxp.com`)"
service = "cnblogs"
[http.routers.routers-cnblogs1.tls]
certResolver = "bxtlschallenge"
# 自定义 services
[http.services]
[http.services.cnblogs]
# 可以设置多个url traefik 根据算法做负载均衡
[http.services.cnblogs.loadBalancer]
[[http.services.cnblogs.loadBalancer.servers]]
url = "https://www.cnblogs.com/fanxp/"
[[http.services.cnblogs.loadBalancer.servers]]
url = "https://github.com/fanxiaoping/grpc-test"
- 测试
traefik-compose.yml
version: '3'
services:
traefik:
image: traefik:v2.1
container_name: traefik
ports:
# HTTP 端口
- "80:80"
# HTTPS 端口
- "443:443"
# Web UI 端口
- "8080:8080"
volumes:
# 这样Traefik可以监听Docker事件
- /var/run/docker.sock:/var/run/docker.sock:ro
# 启动配置文件
- ./traefik.toml:/etc/traefik/traefik.toml
# 自定义routers、services
- ./conf:/etc/traefik/conf
# 存储证书秘钥
- ./letsencrypt:/letsencrypt
whoami:
# 公开API以显示其IP地址的容器
image: containous/whoami
container_name: whoami
labels:
# 地址:whoami.fanxp.com
- "traefik.http.routers.whoami.rule=Host(`whoami.fanxp.com`)"
# 入口方式,这里采用https
- "traefik.http.routers.whoami.entrypoints=websecure"
# 指定证书
- "traefik.http.routers.whoami.tls.certresolver=bxtlschallenge"
whoami2:
# 公开API以显示其IP地址的容器
image: containous/whoami
container_name: whoami2
labels:
# 地址:whoami.fanxp.com/v2
- "traefik.http.routers.whoami2.rule=Host(`whoami.fanxp.com`) && PathPrefix(`/v2`)"
# 默认代理使用http://172.0.0.4 配置方式用https://172.0.0.4
# - "traefik.http.services.bx_resource_library.loadbalancer.server.scheme=https"
# 定义中间件 规则
- "traefik.http.routers.whoami2.middlewares=whoami2-stripprefix"
# 代理:172.0.0.4/v2访问,这肯定不是我们想要的 写上规则后 代理:172.0.0.4
- "traefik.http.middlewares.whoami2-stripprefix.stripprefix.prefixes=/v2"
# 如果容器有多个端口 可以指定当前service暴露哪一个端口,默认第一个
- "traefik.http.services.whoami2.loadbalancer.server.port=80"
# 入口方式,这里采用https
- "traefik.http.routers.whoami2.entrypoints=websecure"
# 指定证书
- "traefik.http.routers.whoami2.tls.certresolver=bxtlschallenge"