docker部署traefik3

操作目录：workspace/tools/traefik/docker-compose

docker-compose.yaml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44


version: "3"

# services:
#   traefik:
#     image: traefik:v3.0.0-beta3
#     ports:
#       - 8080:8080
#     command: "--api=true --api.dashboard=true --api.insecure=true"
services:
  traefik:
    image: traefik:v3.0.0-beta3
    restart: always
    ports:
      # - 80:80
      - 443:443
    command:
     - "--api=true"
     - "--api.dashboard=true"
     - "--api.insecure=true"
     - "--ping=true"
     - "--providers.docker=true"
     - "--providers.docker.endpoint=unix:///var/run/docker.sock"
     - "--entrypoints.https.address=:443"
     - "--providers.file.directory=/etc/traefik/config"
    labels:
      - "traefik.http.middlewares.gzip.compress=true"
      - "traefik.http.routers.traefik-dashboard.middlewares=gzip@docker"
      - "traefik.http.routers.traefik-dashboard-api.middlewares=gzip@docker"
      - "traefik.http.routers.traefik-dashboard.entrypoints=https"
      - "traefik.http.routers.traefik-dashboard.tls=true"
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.console.lab.io`)"
      - "traefik.http.routers.traefik-dashboard.service=dashboard@internal"
      - "traefik.http.routers.traefik-dashboard-api.entrypoints=https"
      - "traefik.http.routers.traefik-dashboard-api.tls=true"
      - "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.console.lab.io`) && PathPrefix(`/api`)"
      - "traefik.http.routers.traefik-dashboard-api.service=api@internal"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./certs/ssl/:/certs/:ro
      - ./config/:/etc/traefik/config/:ro
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy off localhost:8080/ping || exit 1"]
      interval: 3s
      retries: 10

自动跳转到 https

为了解决这个问题，我们可以使用 Traefik 虚拟网络来解决问题，首先是通过命令行创建一个 Traefik 用来服务发现使用的traefik 虚拟网络：

1

docker network create traefik

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86


version: "3"

# services:
#   traefik:
#     image: traefik:v3.0.0-beta3
#     ports:
#       - 8080:8080
#     command: "--api=true --api.dashboard=true --api.insecure=true"
services:
  traefik:
    image: traefik:v3.0.0-beta3
    restart: always
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    command:
      - "--global.sendanonymoususage=false"
      - "--global.checknewversion=false"
      - "--api=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--api.debug=false"
      - "--ping=true"
      - "--log.level=INFO"
      - "--log.format=common"
      - "--accesslog=false"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      - "--providers.docker=true"
      - "--providers.docker.watch=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.endpoint=unix:///var/run/docker.sock"
      - "--providers.docker.useBindPortIP=false"
      - "--providers.docker.network=traefik"
      - "--providers.file=true"
      - "--providers.file.watch=true"
      - "--providers.file.directory=/etc/traefik/config"
      - "--providers.file.debugloggeneratedtemplate=true"
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"

      - "traefik.http.middlewares.gzip.compress=true"
      - "traefik.http.middlewares.redir-https.redirectscheme.scheme=https"
      - "traefik.http.middlewares.redir-https.redirectscheme.permanent=false"

      - "traefik.http.routers.traefik-dashboard.middlewares=redir-https@docker"
      - "traefik.http.routers.traefik-dashboard-secure.middlewares=gzip@docker"
      - "traefik.http.routers.traefik-dashboard-api-secure.middlewares=gzip@docker"

      - "traefik.http.routers.traefik-dashboard.entrypoints=http"
      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.console.lab.io`)"
      - "traefik.http.routers.traefik-dashboard.service=noop@internal"

      - "traefik.http.routers.traefik-dashboard-secure.entrypoints=https"
      - "traefik.http.routers.traefik-dashboard-secure.tls=true"
      - "traefik.http.routers.traefik-dashboard-secure.rule=Host(`traefik.console.lab.io`)"
      - "traefik.http.routers.traefik-dashboard-secure.service=dashboard@internal"

      - "traefik.http.routers.traefik-dashboard-api-secure.entrypoints=https"
      - "traefik.http.routers.traefik-dashboard-api-secure.tls=true"
      - "traefik.http.routers.traefik-dashboard-api-secure.rule=Host(`traefik.console.lab.io`) && PathPrefix(`/api`)"
      - "traefik.http.routers.traefik-dashboard-api-secure.service=api@internal"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./certs/ssl/:/certs/:ro
      - ./config/:/etc/traefik/config/:ro
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy off localhost:8080/ping || exit 1"]
      interval: 3s
      retries: 10
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
networks:
  traefik:
    external: true

避免 Traefik 进行数据上报

想要避免 Traefik 进行数据上报，我们可以通过设置下面两个 command 参数实现：

1
2
3


command:
  - '--global.sendanonymoususage=false'
  - '--global.checknewversion=false'

如果你还不放心，可以继续设置下面的配置，让容器访问不到下面的 API 地址：

1
2
3
4
5
6


extra_hosts:
  # https://github.com/traefik/traefik/blob/master/pkg/version/version.go#L64
      - "update.traefik.io:127.0.0.1"
  # https://github.com/containous/traefik/blob/master/pkg/collector/collector.go#L20
  - "collect.traefik.io:127.0.0.1"
  - "stats.g.doubleclick.net:127.0.0.1"