[英]How can I use Apache2 on my host machine (Lamp install) and run Traefik (Reverse proxy Docker) since both are using ports 80 & 443?
I have a Debian 10 machine running a LAMP environment with Apache2 which I'll refer to the host machine.我有一台运行 LAMP 环境和 Apache2 的 Debian 10 机器,我将指代主机。 The host machine has few websites running on virtual hosts such as :
主机在虚拟主机上运行的网站很少,例如:
<VirtualHost *:80>
ServerName VirtualExample.com
ServerAlias www.VirtualExample.com
ServerAdmin development@example.cafe
DocumentRoot /var/www/hosted_sites/VirtualExample
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =VirtualExample.com [OR]
RewriteCond %{SERVER_NAME} =www.VirtualExample.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName VirtualExample.com
ServerAlias www.VirtualExample.com
ServerAdmin development@example.cafe
DocumentRoot /var/www/hosted_sites/VirtualExample
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/VirtualExample.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/VirtualExample.com/privkey.pem
</VirtualHost>
</IfModule>
or hiding behind a reverse proxy like so :或者像这样隐藏在反向代理后面:
<VirtualHost *:80>
ServerAdmin development@example.cafe
ServerName api.staging.example.fr
ProxyPreserveHost On
ProxyPass / http://localhost:3001/ Keepalive=On
ProxyPassReverse / http://localhost:3001/
</VirtualHost>
In our last case http://localhost:3001/ could refers either to an application running directly on the host machine or a docker application (where 3001 would be the exposed port)在我们的最后一种情况下,http://localhost:3001/ 可以指直接在主机上运行的应用程序或 docker 应用程序(其中 3001 将是公开的端口)
Now in the long term, I project to dockerize all the other applications, but for now my aim is simply to get rid of the Apache Reverse proxies and set them up in traefik (for better monitoring of future docker apps).现在从长远来看,我计划对所有其他应用程序进行 dockerize,但现在我的目标只是摆脱 Apache Reverse 代理并在 traefik 中设置它们(以便更好地监控未来的 docker 应用程序)。
Currently, I didn't manage to run Apache2 and Traefik at the same time, the issue being the shared ports 80 and 443.目前,我没有设法同时运行 Apache2 和 Traefik,问题是共享端口 80 和 443。
My configs for Traefik is rather generic :我的 Traefik 配置相当通用:
Docker-compose Docker-compose
version: '3.3'
networks:
wan:
external: true
services:
traefik:
container_name: traefik
restart: always
image: traefik:1.7-alpine
networks:
- wan
ports:
- 81:80
- 444:443
labels:
- traefik.frontend.rule=Host:traefik.example.com
- traefik.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
traefik.toml traefik.toml
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["user:encryptedpassword"]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "development@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "example.com"
watch = true
network = "wan"
The only solution I see so far, is to map the Traefik 80 and 443 ports to other values, and set one Apache Reverse proxy to redirect ?到目前为止,我看到的唯一解决方案是将 Traefik 80 和 443 端口映射到其他值,并将一个 Apache 反向代理设置为重定向? This seems a bit fuzzy, and I feel that is only the tip of the iceberg.
这似乎有点模糊,我觉得这只是冰山一角。
Would be the solution to redirect all HTTP/HTTPS traffic to Traefik be right ?将所有 HTTP/HTTPS 流量重定向到 Traefik 的解决方案是否正确? Would it be possible to fallback traffic that doesn't resolve to Traefik to Apache ?
是否可以将无法解析为 Traefik 的流量回退到 Apache ?
What would be the best approach ?最好的方法是什么? What are good practices when proxy reversing ?
代理反向时有哪些好的做法?
+> In the future, I will proceed to dockerize every application on the server. +> 将来,我将继续对服务器上的每个应用程序进行 dockerize。
You can't bind 2 processes on the same port on the same ip address: there is no way to accomplish this.你不能在同一个 IP 地址的同一个端口上绑定 2 个进程:没有办法做到这一点。 As you already found out, the solution is to use different ports: 80 and 443 for apache and, for example, 20080 and and 20443 for traefik.
正如您已经发现的,解决方案是使用不同的端口:80 和 443 用于 apache,例如,20080 和 20443 用于 traefik。
An alternative solution (highly discouraged) could be to associate a new ip to the same ethernet card so the same physical interface has 2 ip: on the first one you can bind apache on port 80 and 443 and on the second one you can bind traefik on port 80 and 443.另一种解决方案(非常不鼓励)可能是将新 ip 关联到同一个以太网卡,这样同一个物理接口有 2 个 ip:在第一个上,您可以在端口 80 和 443 上绑定 apache,在第二个上您可以绑定 traefik在端口 80 和 443 上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.