stackoom
  简体   繁体   中英

How can I use Apache2 on my host machine (Lamp install) and run Traefik (Reverse proxy Docker) since both are using ports 80 & 443?

 原文  2020-10-12 14:38:16       docker/ apache2/ reverse-proxy/ traefik

Question

I have a Debian 10 machine running a LAMP environment with Apache2 which I'll refer to the host machine. The host machine has few websites running on virtual hosts such as :

<VirtualHost *:80>
        ServerName VirtualExample.com
        ServerAlias www.VirtualExample.com

        ServerAdmin development@example.cafe
        DocumentRoot /var/www/hosted_sites/VirtualExample

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =VirtualExample.com [OR]
        RewriteCond %{SERVER_NAME} =www.VirtualExample.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName VirtualExample.com
        ServerAlias www.VirtualExample.com

        ServerAdmin development@example.cafe
        DocumentRoot /var/www/hosted_sites/VirtualExample

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/VirtualExample.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/VirtualExample.com/privkey.pem
    </VirtualHost>
</IfModule>

or hiding behind a reverse proxy like so :

<VirtualHost *:80>
    ServerAdmin development@example.cafe
    ServerName api.staging.example.fr
    ProxyPreserveHost On
    ProxyPass / http://localhost:3001/ Keepalive=On
    ProxyPassReverse / http://localhost:3001/
</VirtualHost>

In our last case http://localhost:3001/ could refers either to an application running directly on the host machine or a docker application (where 3001 would be the exposed port)

Now in the long term, I project to dockerize all the other applications, but for now my aim is simply to get rid of the Apache Reverse proxies and set them up in traefik (for better monitoring of future docker apps).

Currently, I didn't manage to run Apache2 and Traefik at the same time, the issue being the shared ports 80 and 443.

My configs for Traefik is rather generic :

Docker-compose 

version: '3.3'
networks:
  wan:
    external: true

services:
  traefik:
    container_name: traefik
    restart: always
    image: traefik:1.7-alpine
    networks:
      - wan
    ports:
      - 81:80
      - 444:443
    labels:
      - traefik.frontend.rule=Host:traefik.example.com
      - traefik.port=8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json

traefik.toml 

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.dashboard]
    address = ":8080"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["user:encryptedpassword"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

[api]
entrypoint="dashboard"

[acme]
email = "development@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

[docker]
domain = "example.com"
watch = true
network = "wan"

The only solution I see so far, is to map the Traefik 80 and 443 ports to other values, and set one Apache Reverse proxy to redirect ? This seems a bit fuzzy, and I feel that is only the tip of the iceberg.

  1. Would be the solution to redirect all HTTP/HTTPS traffic to Traefik be right ? Would it be possible to fallback traffic that doesn't resolve to Traefik to Apache ?

  2. What would be the best approach ? What are good practices when proxy reversing ?

+> In the future, I will proceed to dockerize every application on the server.

1 answers

solution1
 0  2020-12-30 22:09:04

You can't bind 2 processes on the same port on the same ip address: there is no way to accomplish this. As you already found out, the solution is to use different ports: 80 and 443 for apache and, for example, 20080 and and 20443 for traefik.

An alternative solution (highly discouraged) could be to associate a new ip to the same ethernet card so the same physical interface has 2 ip: on the first one you can bind apache on port 80 and 443 and on the second one you can bind traefik on port 80 and 443.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Run apache in both host machine and docker container on 80 port Plesk: how to redirect domain ports 80 and 443 to my Docker container? How can I restrict ports to a host created by docker-machine? How can I forward ports 80 and 443 from an external request through Nginx to ports 81 and 444, respectively? How do I use the host machine's PKI certificates in podman or docker from a caddy reverse proxy to HTTPS upstream services? Traefik Reverse Proxy with Docker How can I properly setup basic traefik reverse proxy? Can Traefik create routes with fixed ports to containers on a Docker host? configure traefik as reverse proxy with docker How to run a docker machine on homestead when port 80 is already in use?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM