堆栈内存溢出
  简体   繁体   English

将 Nginx 反向代理迁移到 traefik => 服务无法正确提供

[英]Migrating Nginx reverse proxy to traefik => Services do not get served correctly

 原文  2020-02-29 14:08:07       docker/ nginx/ traefik

问题描述

I want to switch from Nginx as Reverse Proxy to traefik, since traefik offers sticky sessions, which I need in a Docker Swarm environment.我想从 Nginx 作为反向代理切换到 traefik,因为 traefik 提供粘性会话,这是我在 Docker Swarm 环境中需要的。 This is part my Nginx Setup which worked fine:这是我的 Nginx 设置的一部分,它运行良好:

   location / {
   proxy_pass          http://127.0.0.1:5000;

   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_read_timeout 600s;

   proxy_redirect    off;
   proxy_set_header  Host             $http_host;
   proxy_set_header  X-Real-IP        $remote_addr;
   proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
   proxy_set_header  X-Forwarded-Proto $scheme;

 }


   location /auth/ {
   proxy_pass          https://127.0.0.1:8443;

   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   proxy_read_timeout 600s;

   proxy_redirect    off;
   proxy_set_header  Host             $http_host;
   proxy_set_header  X-Real-IP        $remote_addr;
   proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
   proxy_set_header  X-Forwarded-Proto $scheme;

 }

This is my traefik.toml:这是我的 traefik.toml:

debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    cipherSuites = [
    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_RSA_WITH_AES_256_GCM_SHA384"
    ]
    [entryPoints.keycloak]
    address = ":8443"  
    [entryPoints.shinyproxy]
    address = ":5000"  


[retry]

[docker]
exposedByDefault = false

[acme]
email = "langmarkus@hotmail.com"
storage = "acme/certs.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"

And this is my compose file:这是我的撰写文件:

version: "3.7"
services:
  shinyproxy:
    build: /home/shinyproxy
    deploy:
      #replicas: 3
    user: root:root
    hostname: shinyproxy
    image: shinyproxy-example
    labels:
      - "traefik.enable=true" # Enable reverse-proxy for this service
      - "traefik.frontend.rule=Host:analytics.data-mastery.com" # Domain name for the app
      - "traefik.port=443"
    ports:
      - 5000:5000
  keycloak:
    image: jboss/keycloak
    labels:
      - "traefik.enable=true" # Enable reverse-proxy for this service
      - "traefik.frontend.rule=Host:analytics.data-mastery.com" # Domain name for the app
      - "traefik.port=443"
    networks:
      - sp-example-net
    volumes:
      - type: bind
        source: /home/certs/fullchain.pem
        target: /etc/x509/https/tls.crt
      - type: bind
        source: /home/certs/privkey.pem
        target: /etc/x509/https/tls.key
      - /home/theme/:/opt/jboss/keycloak/themes/custom/
    environment:
      - PROXY_ADDRESS_FORWARDING=true
      - KEYCLOAK_USER=myadmin
      - KEYCLOAK_PASSWORD=mypassword
    ports:
      - 8443:8443
  reverseproxy:
    image: traefik:v1.7.16
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - ./traefik/traefik.toml:/traefik.toml # Traefik configuration file
      - ./volumes/traefik-acme:/acme # Tell Traefik to save SSL certs here
    command: --api # Enables the web UI
    ports:
      - "80:80" # The HTTP port
      - "443:443" # The HTTPS port
      - "8080:8080" # The web UI

networks:
  sp-example-net:
    driver: overlay
    attachable: true

SSL is working, my keycloak service is running here: https://analytics.data-mastery.com:8443/auth/ . SSL 工作正常,我的 keycloak 服务在此处运行: https ://analytics.data-mastery.com:8443/auth / However, I want to archieve the same behaviour like with proxy_pass where I will not have to use ports in the URL.但是,我想归档与 proxy_pass 相同的行为,我不必在 URL 中使用端口。 What do I have to change?我需要改变什么?

1 个解决方案

解决方案1
 2  2020-02-29 15:12:25

in case you want to keep using the old traefik version, you can use the below stack files (you can also get rid of the traefik.toml and use only CLI commands) With the below stack file, you will be able to access shinyproxy on analytics.data-mastery.com and keycloak on analytics.data-mastery.com/auth The import thing here is the defined rule https://docs.traefik.io/routing/routers/如果你想继续使用旧的 traefik 版本,你可以使用下面的堆栈文件(你也可以去掉 traefik.toml 并只使用 CLI 命令)使用下面的堆栈文件,你将能够访问 Shinyproxy analytics.data-mastery.com和keycloak analytics.data-mastery.com/auth这里进口的就是定义rule https://docs.traefik.io/routing/routers/

you also don't need to expose the ports for this service, traefik will use the internal ones您也不需要为此服务公开端口,traefik 将使用内部端口

version: "3.7"
services:

  shinyproxy:
    build: /home/shinyproxy
    deploy:
      replicas: 3
    user: root:root
    hostname: shinyproxy
    image: shinyproxy-example
    labels:
      - traefik.enable=true
      - traefik.backend.loadbalancer.swarm=true
      - traefik.backend=shinyproxy
      - traefik.frontend.rule=Host:analytics.data-mastery.com;
      - traefik.port=5000
      - traefik.docker.network=sp-example-net

  keycloak:
    image: jboss/keycloak
    labels:
      - traefik.enable=true
      - traefik.backend.loadbalancer.swarm=true
      - traefik.backend=keycloak
      - traefik.frontend.rule=Host:analytics.data-mastery.com;Path:/auth
      - traefik.port=8443
      - traefik.docker.network=sp-example-net
    networks:
      - sp-example-net
    volumes:
      - type: bind
        source: /home/certs/fullchain.pem
        target: /etc/x509/https/tls.crt
      - type: bind
        source: /home/certs/privkey.pem
        target: /etc/x509/https/tls.key
      - /home/theme/:/opt/jboss/keycloak/themes/custom/
    environment:
      - PROXY_ADDRESS_FORWARDING=true
      - KEYCLOAK_USER=myadmin
      - KEYCLOAK_PASSWORD=mypassword

  reverseproxy:
    image: traefik:v1.7.16
    networks:
      - sp-example-net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
      - ./traefik/traefik.toml:/traefik.toml # Traefik configuration file
      - ./volumes/traefik-acme:/acme # Tell Traefik to save SSL certs here
    command:
      - '--docker'
      - '--docker.swarmmode'
      - '--docker.domain=analytics.data-mastery.com'
      - '--docker.watch'
      - '--accessLog'
      - '--checkNewVersion=false'
      - '--api'
      - '--ping.entryPoint=http'
      # if you want to get reid of the toml file at all
      # - '--entrypoints=Name:http Address::80 Redirect.EntryPoint:https'
      # - '--entrypoints=Name:https Address::443 TLS'
      # - '--defaultentrypoints=http,https'
      # - '--acme.entrypoint=https'
      # - '--acme.email=langmarkus@hotmail.com'
      # - '--acme.storage=/var/lib/traefik/acme.json'
      # - '--acme.acmelogging=true'
      # - '--acme.httpChallenge.entryPoint=http'
      # - '--acme.domains=*.analytics.data-mastery.com,analytics.data-mastery.com'
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"

networks:
  sp-example-net:
    driver: overlay
    attachable: true

if you want to jump directly to traefik2.1, here is a link that includes good examples for using it如果你想直接跳转到 traefik2.1,这里有一个链接,其中包含使用它的好例子

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将 Traefik 反向代理到 Docker 容器中的 Nginx - Reverse proxy Traefik to Nginx in Docker containers 使用 Traefik 的 Mailcow 反向代理未路由到正确的 Nginx 服务 - Mailcow Reverse Proxy using Traefik not routing to the correct Nginx Service 尝试将 Traefik 设置为 node.js 和 nginx 的反向代理 - Trying to set up Traefik as a reverse proxy for node.js and nginx 使用 traefik 作为反向代理的 Bookstack - Bookstack with traefik as reverse proxy Docker的Traefik反向代理 - Traefik Reverse Proxy with Docker Nginx反向代理到在docker swarm中创建的docker services应用程序? - How to do nginx reverse proxy to docker services app created in docker swarm? 使用 docker 将 traefik 配置为反向代理 - configure traefik as reverse proxy with docker Traefik 反向代理 Ubooquity 失败 - Traefik Reverse Proxy Ubooquity failure 让 GitLab 在 Nginx 反向代理后面运行 - Get GitLab running behind Nginx Reverse Proxy nginx docker 容器作为在 docker 容器中运行的服务的反向代理 - nginx docker container as reverse proxy for services running in docker containers
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM