Traefik-V2.0 & Docker-Compose 最佳实践

/ Developer / 没有评论 / 1017浏览

介绍说明

先记录,其他后面补!

具体部署文档

./traefik/docker-compose.yaml

version: '3.7'
services:
  traefik:
    image: traefik
    restart: always
    command:
    # 默认为 ERROR 级别日志
    #- "--log.level=DEBUG"
    - "--api.insecure=true"
    - "--api.dashboard=true"
    - "--providers.docker=true"
    - "--providers.docker.swarmMode=false"
    - "--providers.docker.useBindPortIP=true"
    - "--providers.docker.network=net-traefik"
    - "--providers.docker.exposedbydefault=false"
    - "--entrypoints.http.address=:80"
    - "--entrypoints.https.address=:443"
    # 三种 ACME 颁发方式任选其一(本服务采用HTTP方式,注意持久化acme.json文件)
    # https://docs.traefik.io/v2.0/user-guides/docker-compose/acme-tls/
    # https://docs.traefik.io/v2.0/user-guides/docker-compose/acme-http/
    # https://docs.traefik.io/v2.0/user-guides/docker-compose/acme-dns/
    - "--certificatesresolvers.acme-resolver.acme.httpchallenge=true"
    - "--certificatesresolvers.acme-resolver.acme.httpchallenge.entrypoint=http"
    # 如需调试请取消注释签发演示证书
    #- "--certificatesresolvers.acme-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
    - "--certificatesresolvers.acme-resolver.acme.email=name@domain"
    - "--certificatesresolvers.acme-resolver.acme.storage=/etc/traefik/letsencrypt/acme.json"
    labels:
    - "traefik.enable=true"
    - "traefik.http.middlewares.gzip.compress=true"
    - "traefik.http.middlewares.ssl.headers.sslRedirect=true"
    # Swarm 模式要显式定义 service 否则不会被路由
    #- "traefik.http.services.traefik.loadbalancer.server.port=8080"
    networks:
    - traefik
    ports:
    - '80:80'
    - "443:443"
    - "8080:8080"
    volumes:
    - "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
  traefik:
    name: net-traefik

./service/docker-compose.yaml

version: '3.7'
services:
  service1:
    image: 6xyun/whoami
    restart: always
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.traefik_http.rule=Host(`service.local`)"
    - "traefik.http.routers.traefik_http.entrypoints=http"
    - "traefik.http.routers.traefik_http.middlewares=gzip"
    - "traefik.http.services.service.loadbalancer.server.port=80"
    - "traefik.http.services.service.loadbalancer.healthCheck.path=/"
    - "traefik.http.services.service.loadbalancer.healthCheck.port=80"
    - "traefik.http.services.service.loadbalancer.healthCheck.interval=10s"
    - "traefik.http.services.service.loadbalancer.healthCheck.timeout=3s"
    networks:
    - traefik
  service2:
    image: 6xyun/whoami
    restart: always
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.traefik_http.rule=Host(`service.local`)"
    - "traefik.http.routers.traefik_http.entrypoints=http"
    - "traefik.http.routers.traefik_http.middlewares=gzip"
    - "traefik.http.services.service.loadbalancer.server.port=80"
    - "traefik.http.services.service.loadbalancer.healthCheck.path=/"
    - "traefik.http.services.service.loadbalancer.healthCheck.port=80"
    - "traefik.http.services.service.loadbalancer.healthCheck.interval=10s"
    - "traefik.http.services.service.loadbalancer.healthCheck.timeout=3s"
    networks:
    - traefik
  service3:
    image: nginx
    restart: always
    labels:
    - "traefik.enable=true"
    - "traefik.http.routers.traefik_http.rule=Host(`service.local`)"
    - "traefik.http.routers.traefik_http.entrypoints=http"
    - "traefik.http.routers.traefik_http.middlewares=gzip"
    - "traefik.http.services.service.loadbalancer.server.port=80"
    - "traefik.http.services.service.loadbalancer.healthCheck.path=/"
    - "traefik.http.services.service.loadbalancer.healthCheck.port=80"
    - "traefik.http.services.service.loadbalancer.healthCheck.interval=10s"
    - "traefik.http.services.service.loadbalancer.healthCheck.timeout=3s"
    networks:
    - traefik
networks:
  traefik:
    name: net-traefik
    external: true