通过 websockets 将 traefik 用于 docker 内部流量
[英]Using traefik for docker internal traffic via websockets
问题描述
I'm using docker in swarm mode for the services in my application and traefik to handle, well, the traffic.
我在 swarm 模式下使用 docker 为我的应用程序中的服务和 traefik 处理流量。 My goal is to make a separate service for each API section my application has (so for example requests on domain.com/api/foo_api go to the foo_api service and requests on domain.com/api/bar_api go to the bar_api service.我的目标是为我的应用程序拥有的每个 API 部分创建一个单独的服务(例如,对domain.com/api/foo_api请求转到foo_api服务,对domain.com/api/bar_api请求转到bar_api服务。
Now all this is pretty straightforward with traefik.现在这一切在 traefik 中变得非常简单。 However, I'm also using the API services with other internal services not related to the API.但是,我还将 API 服务与其他与 API 无关的内部服务一起使用。 They use a websocket connection to the internal docker URL, so currently it's ws://api:api_port/ws .他们使用 websocket 连接到内部 docker URL,所以目前它是ws://api:api_port/ws 。 However, if I split up the API part I'd need something like ws://foo_api:foo_api_port/ws which obviously leaves the service only access to the foo_api , not every other one.但是,如果我拆分 API 部分,我需要像ws://foo_api:foo_api_port/ws这样的foo_api ,这显然使服务只能访问foo_api ,而不是其他所有。
So my question is: Can I route this websocket traffic with traefik similiar to how I do it externally, but internally in the docker net?所以我的问题是:我可以使用 traefik 路由这个 websocket 流量,类似于我在外部如何做,但在 docker net 内部吗?
1 个解决方案
解决方案1
4 2020-01-24 17:39:43
Traefik is a north-south reverse proxy. Traefik 是一个南北向的反向代理。 Most people historically in traditional infrastructure would use NGINX or Apache to address inbound - good to see you using a more modern tool.过去在传统基础设施中的大多数人会使用 NGINX 或 Apache 来解决入站问题——很高兴看到您使用更现代的工具。 What you are describing is an east-west pattern of communication inside your firewall behind traefik (assuming you control all ingress through traefik).您所描述的是 traefik 后面防火墙内的东西向通信模式(假设您通过 traefik 控制所有入口)。
Have you considered using service discovery and registry capabilities with tools like Hashicorp Consul - https://consul.io ?您是否考虑过将服务发现和注册功能与 Hashicorp Consul - https://consul.io等工具结合使用?
The idea of having service discovery is so that your containers / services inside the swarm can be discovered and made available through the registry and referenced in proximation to each other by name without the pains of manual labor in building and maintaining complicated name-IP-lookups.服务发现的想法是,您可以通过注册中心发现和提供集群内的容器/服务,并通过名称相互接近引用,而无需手动构建和维护复杂的名称 IP 查找的痛苦. Most understand this historically in a more persistent model behind DNS SRV which requires external query.大多数人在历史上在需要外部查询的 DNS SRV 背后的更持久模型中理解这一点。 Consul can still support that legacy reference integration as well. Consul 仍然可以支持遗留参考集成。
This site might help you along: https://attx-project.github.io/Consul-for-Service-Discovery-on-Docker-Swarm.html这个站点可能会帮助你: https : //attx-project.github.io/Consul-for-Service-Discovery-on-Docker-Swarm.html
They appear to have addressed a similar case to yours.他们似乎解决了与您类似的案例。 And the work is likely reusable with a few tweaks.通过一些调整,这项工作很可能可以重复使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.