I have a Debian 10 machine running a LAMP environment with Apache2 which I'll refer to the host machine. The host machine has few websites running on virtual hosts such as :
<VirtualHost *:80>
ServerName VirtualExample.com
ServerAlias www.VirtualExample.com
ServerAdmin development@example.cafe
DocumentRoot /var/www/hosted_sites/VirtualExample
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =VirtualExample.com [OR]
RewriteCond %{SERVER_NAME} =www.VirtualExample.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName VirtualExample.com
ServerAlias www.VirtualExample.com
ServerAdmin development@example.cafe
DocumentRoot /var/www/hosted_sites/VirtualExample
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/VirtualExample.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/VirtualExample.com/privkey.pem
</VirtualHost>
</IfModule>
or hiding behind a reverse proxy like so :
<VirtualHost *:80>
ServerAdmin development@example.cafe
ServerName api.staging.example.fr
ProxyPreserveHost On
ProxyPass / http://localhost:3001/ Keepalive=On
ProxyPassReverse / http://localhost:3001/
</VirtualHost>
In our last case http://localhost:3001/ could refers either to an application running directly on the host machine or a docker application (where 3001 would be the exposed port)
Now in the long term, I project to dockerize all the other applications, but for now my aim is simply to get rid of the Apache Reverse proxies and set them up in traefik (for better monitoring of future docker apps).
Currently, I didn't manage to run Apache2 and Traefik at the same time, the issue being the shared ports 80 and 443.
My configs for Traefik is rather generic :
Docker-compose
version: '3.3'
networks:
wan:
external: true
services:
traefik:
container_name: traefik
restart: always
image: traefik:1.7-alpine
networks:
- wan
ports:
- 81:80
- 444:443
labels:
- traefik.frontend.rule=Host:traefik.example.com
- traefik.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
traefik.toml
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["user:encryptedpassword"]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "development@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "example.com"
watch = true
network = "wan"
The only solution I see so far, is to map the Traefik 80 and 443 ports to other values, and set one Apache Reverse proxy to redirect ? This seems a bit fuzzy, and I feel that is only the tip of the iceberg.
Would be the solution to redirect all HTTP/HTTPS traffic to Traefik be right ? Would it be possible to fallback traffic that doesn't resolve to Traefik to Apache ?
What would be the best approach ? What are good practices when proxy reversing ?
+> In the future, I will proceed to dockerize every application on the server.
You can't bind 2 processes on the same port on the same ip address: there is no way to accomplish this. As you already found out, the solution is to use different ports: 80 and 443 for apache and, for example, 20080 and and 20443 for traefik.
An alternative solution (highly discouraged) could be to associate a new ip to the same ethernet card so the same physical interface has 2 ip: on the first one you can bind apache on port 80 and 443 and on the second one you can bind traefik on port 80 and 443.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.