docker - 使用 traefik 将 DNS 重定向到不同的端口
问题描述
我正在尝试使用 traefik、grafana、zabbix、gotify 等创建一个监控堆栈。我有一个名为domain.tld的域名。
在我的 docker-compose 中,我有一些具有不同端口的服务(例如 grafana),但我也有一些在同一个端口上的服务(gotify、zabbix)。
我想用 zabbix.domain.tld、grafana.domain.tld 将我的 domain.tld 重定向到每个使用 SSL 的容器。这是有效的,但不完全是。
如果我在地址栏中输入: grafana.domain.tld -> 404 SSL 重定向错误
如果我输入地址栏: grafana.domain.tld:3000 -> 没关系
我认为,在我的许多修改中,我几乎没有迷失(或完全?)。只有 doc 和我是不够的。
所以,我的码头工人撰写:
version: '3.5'
networks:
traefik_front:
external: true
services:
traefik:
image: traefik
command: --api --docker
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "${TRAEFIK_PATH}/traefik.toml:/etc/traefik/traefik.toml"
- "${TRAEFIK_PATH}/acme.json:/acme.json"
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.frontend.rule=Host:traefik.${DOMAIN}"
- "treafik.port=8080"
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.docker.network=traefik_front"
#- "traefik.frontend.entryPoints=http,https"
networks:
- traefik_front
gotify:
image: gotify/server
container_name: gotify
volumes:
- "${GOTIFY_PATH}:/app/data"
env_file:
- env/.env_gotify
labels:
- "traefik.frontend.rule=Host:push.${DOMAIN}"
- "traefik.port=80"
- "traefik.enable=true"
- "traefik.backend=gotify"
- "traefik.docker.network=traefik_front"
networks:
- traefik_front
- default
grafana:
image: grafana/grafana
container_name: grafana
volumes:
- "${GF_PATH}:/var/lib/grafana"
env_file:
- env/.env_grafana
labels:
- "traefik.frontend.rule=Host:grafana.${DOMAIN}"
- "traefik.port=3000"
- "traefik.enable=true"
- "traefik.backend=grafana"
- "traefik.docker.network=traefik_front"
networks:
- traefik_front
- default
zabbix-server:
image: zabbix/zabbix-server-mysql:ubuntu-4.0-latest
volumes:
- "${ZABBIX_PATH}/alertscripts:/usr/lib/zabbix/alertscripts:ro"
- "${ZABBIX_PATH}/externalscripts:/usr/lib/zabbix/externalscripts:ro"
- "${ZABBIX_PATH}/modules:/var/lib/zabbix/modules:ro"
- "${ZABBIX_PATH}/enc:/var/lib/zabbix/enc:ro"
- "${ZABBIX_PATH}/ssh_keys:/var/lib/zabbix/ssh_keys:ro"
- "${ZABBIX_PATH}/mibs:/var/lib/zabbix/mibs:ro"
- "${ZABBIX_PATH}/snmptraps:/var/lib/zabbix/snmptraps:ro"
links:
- mysql-server:mysql-server
env_file:
- env/.env_zabbix_db_mysql
- env/.env_zabbix_srv
user: root
depends_on:
- mysql-server
- zabbix-snmptraps
labels:
- "traefik.backend=zabbix-server"
- "traefik.port=10051"
zabbix-web-apache-mysql:
image: zabbix/zabbix-web-apache-mysql:ubuntu-4.0-latest
links:
- mysql-server:mysql-server
- zabbix-server:zabbix-server
volumes:
- "${ZABBIX_PATH}/ssl/apache2:/etc/ssl/apache2:ro"
env_file:
- env/.env_zabbix_db_mysql
- env/.env_zabbix_web
user: root
depends_on:
- mysql-server
- zabbix-server
labels:
- "traefik.frontend.rule=Host:zabbix.${DOMAIN}"
- "traefik.port=80"
- "traefik.enable=true"
- "traefik.backend=zabbix-web"
- "traefik.docker.network=traefik_front"
networks:
- traefik_front
- default
zabbix-agent:
image: zabbix/zabbix-agent:ubuntu-4.0-latest
ports:
- "10050:10050"
volumes:
- "${ZABBIX_PATH}/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro"
- "${ZABBIX_PATH}/modules:/var/lib/zabbix/modules:ro"
- "${ZABBIX_PATH}/enc:/var/lib/zabbix/enc:ro"
- "${ZABBIX_PATH}/ssh_keys:/var/lib/zabbix/ssh_keys:ro"
links:
- zabbix-server:zabbix-server
env_file:
- env/.env_zabbix_agent
user: root
networks:
- default
zabbix-snmptraps:
image: zabbix/zabbix-snmptraps:ubuntu-4.0-latest
ports:
- "162:162/udp"
volumes:
- "${ZABBIX_PATH}/snmptraps:/var/lib/zabbix/snmptraps:rw"
user: root
networks:
- default
mysql-server:
image: mysql:5.7
command: [mysqld, --character-set-server=utf8, --collation-server=utf8_bin]
volumes:
- /var/lib/mysql:/var/lib/mysql:rw
env_file:
- env/.env_zabbix_db_mysql
labels:
- "traefik.enable=false"
user: root
networks:
- default
还有我的 traefik.toml:
# WEBUI
[web]
entryPoint = "dashboard"
dashboard = true
address = ":8080"
usersFile = "/etc/docker/traefik/.htpasswd"
logLevel = "ERROR"
# Force HTTPS
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = false
domain = "domain.tld"
network = "traefik_front"
# Let's Encrypt
[acme]
email = "mail@mail.fr"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
[acme.httpChallenge]
entryPoint = "http"
OnHostRule = true
[[acme.domains]]
main = "domain.tld"
[[acme.domains]]
main = "domain.tld"
[[acme.domains]]
main = "domain.tld"
[[acme.domains]]
main = "domain.tld"
解决方案
我做了类似的事情,它会在你的设置上看起来像这样
码头工人-compose.yml
service:
traefik:
labels:
- "treafik.port=8080"
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.docker.network=traefik_front"
- "traefik.frontend.rule=Host:traefik.${DOMAIN}"
- "traefik.webservice.frontend.entryPoints=https"
zabbix-web-apache-mysql:
labels:
- "traefik.port=80"
- "traefik.enable=true"
- "traefik.backend=zabbix-web"
- "traefik.passHostHeader=true"
- "traefik.docker.network=traefik_front"
- "traefik.frontend.rule=Host:zabbix.${DOMAIN}"
grafana:
labels:
- "traefik.port=3000"
- "traefik.enable=true"
- "traefik.backend=grafana"
- "traefik.passHostHeader=true"
- "traefik.docker.network=traefik_front"
- "traefik.frontend.rule=Host:grafana.${DOMAIN}"
以及我的 traefik.toml 的配置方式
InsecureSkipVerify = true ## This is optional
## Force HTTPS
[entryPoints]
[entryPoints.http]
passHostHeader = true
address = ":80"
[entryPoints.http.forwardedHeaders]
insecure = true
[entryPoints.http.proxyProtocol]
insecure = true
## This seems to be an absolute requirement for redirect
## ...but it redirects every request to https
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.traefik]
address = ":8080"
[entryPoints.traefik.auth.basic]
# the "user" password is the MD5 encrpytion of the word "pass"
users = ["user:$apr1$.LWU4fEi$4YipxeuXs5T0xulH3S7Kb."]
[entryPoints.https]
passHostHeader = true
address = ":443"
[entryPoints.https.tls] ## This seems to be an absolute requirement
[entryPoints.https.forwardedHeaders]
insecure = true
[entryPoints.https.proxyProtocol]
insecure = true
推荐阅读
- docker - 使用 AWS CDK 将图像上传到 ECR 时可以绕过 docker 登录吗?
- tensorflow - 如何检查 TPU 在 Google Colab 中是否可用?
- javascript - 如何自定义jsGrid新行位置
- git - Git 正在重命名文件,就好像有重复文件一样,但没有(PhpStorm)
- kubernetes - 如果我关闭其中一个主节点,Kubernetes 节点会获得“未就绪”状态
- c# - 如何在 C# 中使用循环将数据添加到列表中?
- android - 准备好后如何显示 Glide 图像?如果没有完全下载,它们会显示不正确
- javascript - nodejs objects 属性只能更改为 int 而不是 string
- powershell - 用于检查正在运行的浏览器的 PowerShell 脚本
- mongodb - 无法连接到 VPS 上的 MongoDB