如何在docker中为SSL添加适当的标签?
我已经成功地将Traefik设置为与docker swarm一起工作,对于HTTP请求,它工作得非常好。但是,我不知道如何为我的一些容器设置SSL。我将使用letsencrypt生成证书 traefik.toml(部分) docker-compose.yml如何在docker中为SSL添加适当的标签?,ssl,docker,docker-compose,traefik,Ssl,Docker,Docker Compose,Traefik,我已经成功地将Traefik设置为与docker swarm一起工作,对于HTTP请求,它工作得非常好。但是,我不知道如何为我的一些容器设置SSL。我将使用letsencrypt生成证书 traefik.toml(部分) docker-compose.yml version: '3' services: web: ... deploy: labels: - "traefik.enable=true" - "traefik.front
version: '3'
services:
web:
...
deploy:
labels:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:example.com,www.example.com"
- "traefik.docker.network=public"
- "traefik.frontend.entryPoints=http"
- "traefik.backend=service_web"
在此配置中,我的应用程序永远不会到达SSL,因为我的容器没有SSL入口点设置。如果我将“traefik.frontend.entryPoints”更改为“https”,则会调用Letsencrypt(由于登台,LE givges出现错误,但目前这对我来说并不重要)
我最大的问题是,我仍然不知道如何将traefik TOML配置转换为docker compose标签。例如,请解释入口点,但我有一堆生活在不同域下的服务。有些有SSL,有些没有SSL;因此,我希望能够仅使用docker compose设置http和https入口点、http到https重定向等
此外,一旦我能够在docker compose中设置入口点,我是否需要在traefik.toml中保留[entrypoints]
块?Ahoi
要求:本地持久卷插件:
(否则,必须更改音量驱动程序)
Traefik的网络必须预先创建:“docker Network create proxy-d overlay”
(1)启动Traefik:
version: "3"
services:
traefik:
image: traefik
#command: --consul --consul.endpoint=consul:8500
#command: storeconfig --consul --consul.endpoint=consul:8500
networks:
- proxy
ports:
- 80:80
- 443:443
#- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefikdata:/etc/traefik/
deploy:
#replicas: 3
replicas: 1
placement:
constraints: [node.role == manager]
update_config:
parallelism: 1
delay: 45s
monitor: 15s
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 10
window: 60s
volumes:
traefikdata:
driver: local-persist
driver_opts:
mountpoint: /data/docker/proxy
networks:
proxy:
external: true
重要注意事项:当使用ACME并希望缩放Traefik时(如此处3),您必须使用Concur或ETCD作为配置的“存储”。
如果只使用Traefik的一个实例,则不使用Consoure或ETCD。
拥有普通证书的ETCD和领事是不需要的
(2)特拉菲克山
logLevel = "WARN"
debug = false
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = false
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#Letsencrypt
[acme]
email = "admin@berndklaus.at"
storage = "traefik/acme/account"
entryPoint = "https"
onHostRule = true
onDemand = true
#[[acme.domains]]
# main = "yourdomain.at"
# sans = ["sub1.yourdomain.at", "www.yourdomain.at"]
#[[acme.domains]]
# main = "anotherdomain.at"
#[web]
#address = ":8080"
[docker]
domain = "docker.localhost"
watch = true
swarmmode = true
未注释部分不是强制性的
(3)启动任何服务
version: '3'
services:
nginx:
image: nginx
deploy:
labels:
- "traefik.port=80"
- "traefik.docker.network=proxy"
- "traefik.frontend.rule=Host:sub1.yourdomain.at"
- "traefik.backend=nginx"
- "traefik.frontend.entryPoints=http,https"
replicas: 1
networks:
proxy:
aliases:
- nginx
volumes:
- html:/usr/share/nginx/html
environment:
- NGINX_HOST=sub.yourdomain.at
- NGINX_PORT=80
#command: /bin/bash -c "envsubst < /etc/nginx/conf.d/mysite.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
networks:
proxy:
external: true
default:
driver: overlay
volumes:
html:
driver: local-persist
driver_opts:
mountpoint: /data/docker/html
版本:“3”
服务:
nginx:
图片:nginx
部署:
标签:
-“traefik.port=80”
-“traefik.docker.network=proxy”
-“traefik.frontend.rule=Host:sub1.yourdomain.at”
-“traefik.backend=nginx”
-traefik.frontend.entryPoints=http,https
副本:1份
网络:
代理:
别名:
-nginx
卷数:
-html:/usr/share/nginx/html
环境:
-NGINX_HOST=sub.yourdomain.at
-NGINX_端口=80
#命令:/bin/bash-c“envsubst/etc/nginx/conf.d/default.conf&&nginx-g‘守护进程关闭’”
网络:
代理:
外部:正确
违约:
驱动程序:覆盖
卷数:
html:
司机:本地司机
驾驶员选择:
挂载点:/data/docker/html
还有一些例子:
version: '3'
services:
nginx:
image: nginx
deploy:
labels:
- "traefik.port=80"
- "traefik.docker.network=proxy"
- "traefik.frontend.rule=Host:sub1.yourdomain.at"
- "traefik.backend=nginx"
- "traefik.frontend.entryPoints=http,https"
replicas: 1
networks:
proxy:
aliases:
- nginx
volumes:
- html:/usr/share/nginx/html
environment:
- NGINX_HOST=sub.yourdomain.at
- NGINX_PORT=80
#command: /bin/bash -c "envsubst < /etc/nginx/conf.d/mysite.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
networks:
proxy:
external: true
default:
driver: overlay
volumes:
html:
driver: local-persist
driver_opts:
mountpoint: /data/docker/html