Fatal编程技术网
  • docker-compose/
  • Docker compose 为什么我的portainer和traefik不能公开使用?

Docker compose 为什么我的portainer和traefik不能公开使用?

docker-compose

Docker compose 为什么我的portainer和traefik不能公开使用?,docker-compose,stack,traefik,portainer,Docker Compose,Stack,Traefik,Portainer,我正在建立一个docker swarm,并尝试在docker manager上使用traefik reverse和portainer+代理。但该容器尚未公开 我是docker和reverse proxys的新手,所以我只尝试了显示的代码 首先是: docker堆栈部署-c stack.yml stack0 stack.yml version: "3.3" services: traefik: image: traefik command: --docker.swarmmode

我正在建立一个docker swarm,并尝试在docker manager上使用traefik reverse和portainer+代理。但该容器尚未公开

我是docker和reverse proxys的新手,所以我只尝试了显示的代码

首先是: docker堆栈部署-c stack.yml stack0

stack.yml

version: "3.3"
services:
  traefik:
    image: traefik
    command: --docker.swarmmode
    networks:
      - traefik-net
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefikdata:/etc/traefik
    deploy:
      placement:
        constraints: [node.role==manager]

  portainer-agent:
    image: portainer/agent
    environment:
      AGENT_CLISTER_ADDR: tasks.agent
      AGENT_PORT: 9001
      LOG_LEVEL: debug
    ports:
      - target: 9001
        published: 9001
        protocol: tcp
        mode: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - portainer-agent_network
      - traefik-net
    deploy:
      mode: global
      placement:
        constraints: [node.platform.os == linux]

  portainer:
    image: portainer/portainer
    command: -H tcp://tasks.agent:9001 --tlsskipverify
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./portainerdata:/data"
    networks:
      - portainer-agent_network
      - traefik-net
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints: [node.role == manager]
      labels:
        - "traefik.enable=true"
        - "traefik.port=9000"
        - "traefik.docker.network=stack0_traefik-net"
        - "traefik.frontend.rule=Host:portainer.intern.domain.tld"

networks:
  traefik-net:

  portainer-agent_network:
    driver: overlay
    attachable: true
traefikdata/traefik.toml

logLevel = "INFO"
  defaultEntryPoints = ["http", "https"]

[web]
  address = ":8080"

[docker]
  domain = "traefik.intern.domain.tld"
  watch = true
  exposedbydefault = false

 # Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

 # Let's encrypt configuration
 [acme]
   email="network@techgods.biz"
   storage="/etc/traefik/acme/acme.json"
   entryPoint="https"
   acmeLogging=true
   OnHostRule=true
   [acme.httpChallenge]
     entryPoint = "http"
我希望运行Traefik反向代理,UI可通过Traefik.intern.domain.tld访问,portainer可通过portainer.intern.domain.tld访问。为了完全明确,我还将引入入口点定义:

- "traefik.frontend.entryPoints=https"
你确信这部分是正确的吗

- "traefik.docker.network=stack0_traefik-net"
它似乎与您的网络定义不一致:

networks:
  traefik-net:

  portainer-agent_network:
    driver: overlay
    attachable: true
我强烈建议您在不使用网络定义的情况下使用它,然后一次添加这些定义

经过几个小时的尝试,我重新启动了stack.yml,我从一开始就阅读了更多的文档,发现了很多有用的stackoverflow帖子

最后,我实际上有这样一个:

version: "3"

services:

  traefik:
    image: traefik:latest
    command: --web --docker --docker.swarmmode --docker.watch --docker.domain=intern.domain.tld --logLevel=DEBUG
    deploy:
      placement:
        constraints: [node.role==manager]
      restart_policy:
        condition: on-failure
    labels:
      - "traefik.port=8080"
      - "traefik.docker.network=proxy"
      - "traefik.frontend.rule=Host:traefik.intern.domain.tld"
    ports:
      - "80:80"
      - "5003:8080"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /dev/null:/traefik.toml
    networks:
      - proxy

  portainer:
    image: portainer/portainer:latest
    command: --no-auth -H unix:///var/run/docker.sock
    deploy:
      placement:
        constraints: [node.role == manager]
      labels:
        - "traefik.portainer.port=9000"
        - "traefik.docker.network=proxy"
        - "traefik.frontend.rule=Host:portainer.intern.domain.tld"
    ports:
      - "5001:9000"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - proxy

networks:
  proxy:
现在我需要让portainer代理工作。我会努力的。在第一个视图中,portainer和traefik可在右侧端口访问。SSL还没有,但我的问题如下

实际上,portainer.intern.domain.tld:5001和traefik.intern.domain.tld:5001仍然是portainer,但是traefik.intern.domain.tld:5001不应该是可访问的-只有:5003和traefik-也应该是相反的。 在文档中,我读到了集群操作需要kv存储才能跨多台主机使用acme证书。尽管如此,我还是在网络中找到了用于swarm操作的acme.json配置。kv存储是否是强制性的? 如果他们是portainer和traefik前面的第一个基本身份验证,我将不胜感激-稍后要将其编辑为证书。我对traefik.toml中的配置略知一二——但如果我在compose文件上做了其他事情,这是正确的方法吗? SSL也是一样-我知道一些关于通过traefik.toml进行配置的知识,但这是正确的方法吗?将所有这些存储在compose文件中怎么样?
提前感谢您。

put traefik.enable=true标签,因为您的配置指定默认情况下不公开