[英]Migrating Nginx reverse proxy to traefik => Services do not get served correctly
I want to switch from Nginx as Reverse Proxy to traefik, since traefik offers sticky sessions, which I need in a Docker Swarm environment.我想从 Nginx 作为反向代理切换到 traefik,因为 traefik 提供粘性会话,这是我在 Docker Swarm 环境中需要的。 This is part my Nginx Setup which worked fine:这是我的 Nginx 设置的一部分,它运行良好:
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /auth/ {
proxy_pass https://127.0.0.1:8443;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
This is my traefik.toml:这是我的 traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
[entryPoints.keycloak]
address = ":8443"
[entryPoints.shinyproxy]
address = ":5000"
[retry]
[docker]
exposedByDefault = false
[acme]
email = "langmarkus@hotmail.com"
storage = "acme/certs.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
And this is my compose file:这是我的撰写文件:
version: "3.7"
services:
shinyproxy:
build: /home/shinyproxy
deploy:
#replicas: 3
user: root:root
hostname: shinyproxy
image: shinyproxy-example
labels:
- "traefik.enable=true" # Enable reverse-proxy for this service
- "traefik.frontend.rule=Host:analytics.data-mastery.com" # Domain name for the app
- "traefik.port=443"
ports:
- 5000:5000
keycloak:
image: jboss/keycloak
labels:
- "traefik.enable=true" # Enable reverse-proxy for this service
- "traefik.frontend.rule=Host:analytics.data-mastery.com" # Domain name for the app
- "traefik.port=443"
networks:
- sp-example-net
volumes:
- type: bind
source: /home/certs/fullchain.pem
target: /etc/x509/https/tls.crt
- type: bind
source: /home/certs/privkey.pem
target: /etc/x509/https/tls.key
- /home/theme/:/opt/jboss/keycloak/themes/custom/
environment:
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_USER=myadmin
- KEYCLOAK_PASSWORD=mypassword
ports:
- 8443:8443
reverseproxy:
image: traefik:v1.7.16
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik/traefik.toml:/traefik.toml # Traefik configuration file
- ./volumes/traefik-acme:/acme # Tell Traefik to save SSL certs here
command: --api # Enables the web UI
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTPS port
- "8080:8080" # The web UI
networks:
sp-example-net:
driver: overlay
attachable: true
SSL is working, my keycloak service is running here: https://analytics.data-mastery.com:8443/auth/ . SSL 工作正常,我的 keycloak 服务在此处运行: https ://analytics.data-mastery.com:8443/auth / 。 However, I want to archieve the same behaviour like with proxy_pass where I will not have to use ports in the URL.但是,我想归档与 proxy_pass 相同的行为,我不必在 URL 中使用端口。 What do I have to change?我需要改变什么?
in case you want to keep using the old traefik version, you can use the below stack files (you can also get rid of the traefik.toml and use only CLI commands) With the below stack file, you will be able to access shinyproxy on analytics.data-mastery.com
and keycloak on analytics.data-mastery.com/auth
The import thing here is the defined rule
https://docs.traefik.io/routing/routers/如果你想继续使用旧的 traefik 版本,你可以使用下面的堆栈文件(你也可以去掉 traefik.toml 并只使用 CLI 命令)使用下面的堆栈文件,你将能够访问 Shinyproxy analytics.data-mastery.com
和keycloak analytics.data-mastery.com/auth
这里进口的就是定义rule
https://docs.traefik.io/routing/routers/
you also don't need to expose the ports for this service, traefik will use the internal ones您也不需要为此服务公开端口,traefik 将使用内部端口
version: "3.7"
services:
shinyproxy:
build: /home/shinyproxy
deploy:
replicas: 3
user: root:root
hostname: shinyproxy
image: shinyproxy-example
labels:
- traefik.enable=true
- traefik.backend.loadbalancer.swarm=true
- traefik.backend=shinyproxy
- traefik.frontend.rule=Host:analytics.data-mastery.com;
- traefik.port=5000
- traefik.docker.network=sp-example-net
keycloak:
image: jboss/keycloak
labels:
- traefik.enable=true
- traefik.backend.loadbalancer.swarm=true
- traefik.backend=keycloak
- traefik.frontend.rule=Host:analytics.data-mastery.com;Path:/auth
- traefik.port=8443
- traefik.docker.network=sp-example-net
networks:
- sp-example-net
volumes:
- type: bind
source: /home/certs/fullchain.pem
target: /etc/x509/https/tls.crt
- type: bind
source: /home/certs/privkey.pem
target: /etc/x509/https/tls.key
- /home/theme/:/opt/jboss/keycloak/themes/custom/
environment:
- PROXY_ADDRESS_FORWARDING=true
- KEYCLOAK_USER=myadmin
- KEYCLOAK_PASSWORD=mypassword
reverseproxy:
image: traefik:v1.7.16
networks:
- sp-example-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik/traefik.toml:/traefik.toml # Traefik configuration file
- ./volumes/traefik-acme:/acme # Tell Traefik to save SSL certs here
command:
- '--docker'
- '--docker.swarmmode'
- '--docker.domain=analytics.data-mastery.com'
- '--docker.watch'
- '--accessLog'
- '--checkNewVersion=false'
- '--api'
- '--ping.entryPoint=http'
# if you want to get reid of the toml file at all
# - '--entrypoints=Name:http Address::80 Redirect.EntryPoint:https'
# - '--entrypoints=Name:https Address::443 TLS'
# - '--defaultentrypoints=http,https'
# - '--acme.entrypoint=https'
# - '--acme.email=langmarkus@hotmail.com'
# - '--acme.storage=/var/lib/traefik/acme.json'
# - '--acme.acmelogging=true'
# - '--acme.httpChallenge.entryPoint=http'
# - '--acme.domains=*.analytics.data-mastery.com,analytics.data-mastery.com'
ports:
- "80:80"
- "443:443"
- "8080:8080"
networks:
sp-example-net:
driver: overlay
attachable: true
if you want to jump directly to traefik2.1, here is a link that includes good examples for using it如果你想直接跳转到 traefik2.1,这里有一个链接,其中包含使用它的好例子
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.