堆栈内存溢出
  简体   繁体   English

我如何在我的主机上使用 Apache2(Lamp 安装)并运行 Traefik(反向代理 Docker),因为两者都使用端口 80 和 443?

[英]How can I use Apache2 on my host machine (Lamp install) and run Traefik (Reverse proxy Docker) since both are using ports 80 & 443?

 原文  2020-10-12 14:38:16       docker/ apache2/ reverse-proxy/ traefik

问题描述

I have a Debian 10 machine running a LAMP environment with Apache2 which I'll refer to the host machine.我有一台运行 LAMP 环境和 Apache2 的 Debian 10 机器,我将指代主机。 The host machine has few websites running on virtual hosts such as :主机在虚拟主机上运行的网站很少,例如:

<VirtualHost *:80>
        ServerName VirtualExample.com
        ServerAlias www.VirtualExample.com

        ServerAdmin development@example.cafe
        DocumentRoot /var/www/hosted_sites/VirtualExample

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =VirtualExample.com [OR]
        RewriteCond %{SERVER_NAME} =www.VirtualExample.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName VirtualExample.com
        ServerAlias www.VirtualExample.com

        ServerAdmin development@example.cafe
        DocumentRoot /var/www/hosted_sites/VirtualExample

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/VirtualExample.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/VirtualExample.com/privkey.pem
    </VirtualHost>
</IfModule>

or hiding behind a reverse proxy like so :或者像这样隐藏在反向代理后面:

<VirtualHost *:80>
    ServerAdmin development@example.cafe
    ServerName api.staging.example.fr
    ProxyPreserveHost On
    ProxyPass / http://localhost:3001/ Keepalive=On
    ProxyPassReverse / http://localhost:3001/
</VirtualHost>

In our last case http://localhost:3001/ could refers either to an application running directly on the host machine or a docker application (where 3001 would be the exposed port)在我们的最后一种情况下,http://localhost:3001/ 可以指直接在主机上运行的应用程序或 docker 应用程序(其中 3001 将是公开的端口)

Now in the long term, I project to dockerize all the other applications, but for now my aim is simply to get rid of the Apache Reverse proxies and set them up in traefik (for better monitoring of future docker apps).现在从长远来看,我计划对所有其他应用程序进行 dockerize,但现在我的目标只是摆脱 Apache Reverse 代理并在 traefik 中设置它们(以便更好地监控未来的 docker 应用程序)。

Currently, I didn't manage to run Apache2 and Traefik at the same time, the issue being the shared ports 80 and 443.目前,我没有设法同时运行 Apache2 和 Traefik,问题是共享端口 80 和 443。

My configs for Traefik is rather generic :我的 Traefik 配置相当通用:

Docker-compose Docker-compose

version: '3.3'
networks:
  wan:
    external: true

services:
  traefik:
    container_name: traefik
    restart: always
    image: traefik:1.7-alpine
    networks:
      - wan
    ports:
      - 81:80
      - 444:443
    labels:
      - traefik.frontend.rule=Host:traefik.example.com
      - traefik.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json

traefik.toml traefik.toml

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.dashboard]
    address = ":8080"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["user:encryptedpassword"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

[api]
entrypoint="dashboard"

[acme]
email = "development@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

[docker]
domain = "example.com"
watch = true
network = "wan"

The only solution I see so far, is to map the Traefik 80 and 443 ports to other values, and set one Apache Reverse proxy to redirect ?到目前为止,我看到的唯一解决方案是将 Traefik 80 和 443 端口映射到其他值,并将一个 Apache 反向代理设置为重定向? This seems a bit fuzzy, and I feel that is only the tip of the iceberg.这似乎有点模糊,我觉得这只是冰山一角。

  1. Would be the solution to redirect all HTTP/HTTPS traffic to Traefik be right ?将所有 HTTP/HTTPS 流量重定向到 Traefik 的解决方案是否正确? Would it be possible to fallback traffic that doesn't resolve to Traefik to Apache ?是否可以将无法解析为 Traefik 的流量回退到 Apache ?

  2. What would be the best approach ?最好的方法是什么? What are good practices when proxy reversing ?代理反向时有哪些好的做法?

+> In the future, I will proceed to dockerize every application on the server. +> 将来,我将继续对服务器上的每个应用程序进行 dockerize。

1 个解决方案

解决方案1
 0  2020-12-30 22:09:04

You can't bind 2 processes on the same port on the same ip address: there is no way to accomplish this.你不能在同一个 IP 地址的同一个端口上绑定 2 个进程:没有办法做到这一点。 As you already found out, the solution is to use different ports: 80 and 443 for apache and, for example, 20080 and and 20443 for traefik.正如您已经发现的,解决方案是使用不同的端口:80 和 443 用于 apache,例如,20080 和 20443 用于 traefik。

An alternative solution (highly discouraged) could be to associate a new ip to the same ethernet card so the same physical interface has 2 ip: on the first one you can bind apache on port 80 and 443 and on the second one you can bind traefik on port 80 and 443.另一种解决方案(非常不鼓励)可能是将新 ip 关联到同一个以太网卡,这样同一个物理接口有 2 个 ip:在第一个上,您可以在端口 80 和 443 上绑定 apache,在第二个上您可以绑定 traefik在端口 80 和 443 上。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 80 端口的主机和 docker 容器中运行 apache - Run apache in both host machine and docker container on 80 port Plesk:如何将域端口 80 和 443 重定向到我的 Docker 容器? - Plesk: how to redirect domain ports 80 and 443 to my Docker container? 如何将端口限制到由 docker-machine 创建的主机? - How can I restrict ports to a host created by docker-machine? 如何通过 Nginx 将外部请求的端口 80 和 443 分别转发到端口 81 和 444? - How can I forward ports 80 and 443 from an external request through Nginx to ports 81 and 444, respectively? 如何在 podman 或 docker 中使用主机的 PKI 证书从 caddy 反向代理到 HTTPS 上游服务? - How do I use the host machine's PKI certificates in podman or docker from a caddy reverse proxy to HTTPS upstream services? Docker的Traefik反向代理 - Traefik Reverse Proxy with Docker 如何正确设置基本 traefik 反向代理? - How can I properly setup basic traefik reverse proxy? Traefik可以在固定端口上创建到Docker主机上容器的路由吗? - Can Traefik create routes with fixed ports to containers on a Docker host? 使用 docker 将 traefik 配置为反向代理 - configure traefik as reverse proxy with docker 当端口80已在使用中时,如何在宅基地上运行docker计算机? - How to run a docker machine on homestead when port 80 is already in use?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM