Traefik
(发音像traffic
)是一个现代的HTTP反向代理
和负载均衡器
,用于轻松部署微服务。它支持多个后端(Docker
, Swarm mode
, Kubernetes
, Marathon
, Consul
, Etcd
, Rancher
, Amazon ECS
等)来自动和动态地管理其配置。
基本概念
- Providers 自动发现平台上的服务,比如 Docker、Kubernetes
- Entrypoints 监听传入的流量(端口等),是网络入口点,定义了接收请求的端口(HTTP 或者 TCP)
- Routers 分析请求(host、path、headers、SSL等),负责将传入请求连接到处理这些请求的服务上
- Services 将请求转发给你的应用(如load balancing),负责配置如何获取最终将处理传入请求的实际服务
- Middlewares 中间件,用来修改请求或者根据请求来做出一些判断(authentication、rate limiting、headers等)
示例
该示例基于 docker
+ traefik
+ Let's Encrypt
部署。
docker network create web
mkdir -p /opt/traefik
touch /opt/traefik/docker-compose.yml
touch /opt/traefik/acme.json && chmod 600 /opt/traefik/acme.json
touch /opt/traefik/traefik.toml
- /opt/traefik/docker-compose.yml
version: '2'
services:
traefik:
image: traefik:1.3.5
restart: always
ports:
- 80:80
- 443:443
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
container_name: traefik
networks:
web:
external: true
- /opt/traefik/traefik.toml
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefic.pn.cx"
watch = true
exposedByDefault = false
[acme]
email = "me@xiexianbin.cn"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
docker-compose up -d
whoami
mkdir /opt/whoami
- /opt/whoami/docker-compose.yml
version: "2.1"
services:
whoami:
image: traefik/whoami
restart: always
networks:
- web
expose:
- "3000"
labels:
- "traefik.backend=whoami"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:whoami.pn.cx"
- "traefik.enable=true"
- "traefik.port=3000"
networks:
web:
external: true
docker-compose up -d