Traefik: Skirtumas tarp puslapio versijų

Iš Žinynas.
Jump to navigation Jump to search
(Naujas puslapis: = Docker = == Docker tinklas skirtas traefik == docker network create \ --driver=bridge \ --subnet=172.16.224.0/24 \ traefik == Docker compose == <syntaxhighlight la...)
 
181 eilutė: 181 eilutė:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
[[Category:Dockers]]
+
[[Category:Docker]]

22:08, 2 gruodžio 2024 versija

Docker

Docker tinklas skirtas traefik

docker network create \
  --driver=bridge \
  --subnet=172.16.224.0/24 \
  traefik

Docker compose

services:
  traefik:
    container_name: traefik
    restart: unless-stopped
    image: traefik:v3.2
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /srv/dockers/traefik/etc:/config
      - /srv/dockers/traefik/rules:/rules
      - /srv/dockers/traefik/logs:/logs
      - /srv/dockers/traefik/acme:/acme
    networks:
      traefik:
          aliases:
            - traefik.${DOMAINNAME}
    command:
      - "--configFile=/config/traefik.yaml"
    ports:
      - name: web
        host_ip: 0.0.0.0    # All interfaces, not a specific one
        target: 80          # Container Port
        published: "80"     # STRING
        protocol: tcp       # tcp or udp
        app_protocol: http  # OPTIONAL. Layer 7 Protocol used.  "Richer behavior"
        mode: host          # or Ingress for load balancing
      - name: websecure
        host_ip: 0.0.0.0
        target: 443
        published: "443"
        protocol: tcp
        app_protocol: https
        mode: host
    environment:
      - TZ
      - DOMAINNAME
      - CLOUDFLARE_EMAIL="mano@email.lt"
      - CLOUDFLARE_API_KEY="xxx"
    mem_limit: 640M
    cpus: 1.0
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.${DOMAINNAME}`) || Host(`traefik.traefik`)"
      - "traefik.http.routers.traefik-rtr.entrypoints=websecure"  # Defined in traefik.yaml
      - "traefik.http.routers.traefik-rtr.middlewares=middlewares-authentik@file"
      ## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
networks:
  traefik:
    external: true

Konfigūracija

traefik.yaml

Failas randasi: /srv/dockers/traefik/etc/traefik.yaml

# Traefik 3.x (YAML)
# Updated 2024-June-04

################################################################
# Global configuration - https://doc.traefik.io/traefik/reference/static-configuration/file/
################################################################
global:
  checkNewVersion: false
  sendAnonymousUsage: false

################################################################
# Entrypoints - https://doc.traefik.io/traefik/routing/entrypoints/
################################################################
entryPoints:
  web:
    address: ":80"
    # Global HTTP to HTTPS redirection
    http:
      redirections:
        entrypoint:
          to: websecure
          scheme: https

  websecure:
    address: ":443"
    http:
      tls:
        #options: tls-opts@file
        certResolver: le
        domains:
          - main: "domenas.lt"
            sans:
              - "*.domenas.lt"
    forwardedHeaders:
      trustedIPs:
        # Local IPs
        - "127.0.0.1/32"
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.224.0/24"
        - "172.16.0.0/12"

# Logs - https://doc.traefik.io/traefik/observability/logs/
################################################################
log:
  level: INFO # Options: DEBUG, PANIC, FATAL, ERROR (Default), WARN, and INFO
  filePath: /logs/traefik-container.log # Default is to STDOUT
  # format: json # Uses text format (common) by default
  noColor: false # Recommended to be true when using common
  maxSize: 100 # In megabytes
  compress: true # gzip compression when rotating

################################################################
# Access logs - https://doc.traefik.io/traefik/observability/access-logs/
################################################################
accessLog:
  addInternals: true  # things like ping@internal
  filePath: /logs/traefik-access.log # In the Common Log Format (CLF) by default
  bufferingSize: 100 # Number of log lines
  fields:
    names:
      StartUTC: drop  # Write logs in Container Local Time instead of UTC
  filters:
    statusCodes:
      - "204-299"
      - "400-499"
      - "500-599"

################################################################
# API and Dashboard
################################################################
api:
  dashboard: true
  # Rely on api@internal and Traefik with Middleware to control access
  # insecure: true

################################################################
# Providers - https://doc.traefik.io/traefik/providers/docker/
################################################################
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: traefik  # network to use for connections to all containers
    # defaultRule: TODO
    watch: true

  # Enable auto loading of newly created rules by watching a directory
  file:
  # Apps, LoadBalancers, TLS Options, Middlewares, Middleware Chains
    directory: /rules
    watch: true

################################################################
# Let's Encrypt (ACME)
################################################################
certificatesResolvers:
  le:
    acme:
      email: "mano@email.lt"
      storage: "/acme/acme.json"
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 30
        # Custom DNS server resolution
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"