Docker compose 为什么我的portainer和traefik不能公开使用?
我正在建立一个docker swarm,并尝试在docker manager上使用traefik reverse和portainer+代理。但该容器尚未公开 我是docker和reverse proxys的新手,所以我只尝试了显示的代码 首先是: docker堆栈部署-c stack.yml stack0 stack.ymlDocker compose 为什么我的portainer和traefik不能公开使用?,docker-compose,stack,traefik,portainer,Docker Compose,Stack,Traefik,Portainer,我正在建立一个docker swarm,并尝试在docker manager上使用traefik reverse和portainer+代理。但该容器尚未公开 我是docker和reverse proxys的新手,所以我只尝试了显示的代码 首先是: docker堆栈部署-c stack.yml stack0 stack.yml version: "3.3" services: traefik: image: traefik command: --docker.swarmmode
version: "3.3"
services:
traefik:
image: traefik
command: --docker.swarmmode
networks:
- traefik-net
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefikdata:/etc/traefik
deploy:
placement:
constraints: [node.role==manager]
portainer-agent:
image: portainer/agent
environment:
AGENT_CLISTER_ADDR: tasks.agent
AGENT_PORT: 9001
LOG_LEVEL: debug
ports:
- target: 9001
published: 9001
protocol: tcp
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- portainer-agent_network
- traefik-net
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
portainer:
image: portainer/portainer
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./portainerdata:/data"
networks:
- portainer-agent_network
- traefik-net
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.port=9000"
- "traefik.docker.network=stack0_traefik-net"
- "traefik.frontend.rule=Host:portainer.intern.domain.tld"
networks:
traefik-net:
portainer-agent_network:
driver: overlay
attachable: true
traefikdata/traefik.toml
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[docker]
domain = "traefik.intern.domain.tld"
watch = true
exposedbydefault = false
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Let's encrypt configuration
[acme]
email="network@techgods.biz"
storage="/etc/traefik/acme/acme.json"
entryPoint="https"
acmeLogging=true
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
我希望运行Traefik反向代理,UI可通过Traefik.intern.domain.tld访问,portainer可通过portainer.intern.domain.tld访问。为了完全明确,我还将引入入口点定义:
- "traefik.frontend.entryPoints=https"
你确信这部分是正确的吗
- "traefik.docker.network=stack0_traefik-net"
它似乎与您的网络定义不一致:
networks:
traefik-net:
portainer-agent_network:
driver: overlay
attachable: true
我强烈建议您在不使用网络定义的情况下使用它,然后一次添加这些定义 经过几个小时的尝试,我重新启动了stack.yml,我从一开始就阅读了更多的文档,发现了很多有用的stackoverflow帖子 最后,我实际上有这样一个:
version: "3"
services:
traefik:
image: traefik:latest
command: --web --docker --docker.swarmmode --docker.watch --docker.domain=intern.domain.tld --logLevel=DEBUG
deploy:
placement:
constraints: [node.role==manager]
restart_policy:
condition: on-failure
labels:
- "traefik.port=8080"
- "traefik.docker.network=proxy"
- "traefik.frontend.rule=Host:traefik.intern.domain.tld"
ports:
- "80:80"
- "5003:8080"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /dev/null:/traefik.toml
networks:
- proxy
portainer:
image: portainer/portainer:latest
command: --no-auth -H unix:///var/run/docker.sock
deploy:
placement:
constraints: [node.role == manager]
labels:
- "traefik.portainer.port=9000"
- "traefik.docker.network=proxy"
- "traefik.frontend.rule=Host:portainer.intern.domain.tld"
ports:
- "5001:9000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- proxy
networks:
proxy:
现在我需要让portainer代理工作。我会努力的。在第一个视图中,portainer和traefik可在右侧端口访问。SSL还没有,但我的问题如下
实际上,portainer.intern.domain.tld:5001和traefik.intern.domain.tld:5001仍然是portainer,但是traefik.intern.domain.tld:5001不应该是可访问的-只有:5003和traefik-也应该是相反的。
在文档中,我读到了集群操作需要kv存储才能跨多台主机使用acme证书。尽管如此,我还是在网络中找到了用于swarm操作的acme.json配置。kv存储是否是强制性的?
如果他们是portainer和traefik前面的第一个基本身份验证,我将不胜感激-稍后要将其编辑为证书。我对traefik.toml中的配置略知一二——但如果我在compose文件上做了其他事情,这是正确的方法吗?
SSL也是一样-我知道一些关于通过traefik.toml进行配置的知识,但这是正确的方法吗?将所有这些存储在compose文件中怎么样?
提前感谢您。put traefik.enable=true标签,因为您的配置指定默认情况下不公开