如何在Docker中为SSL添加适当的标签?

我已经设法设置Traefik来与我的docker群一起工作,对于HTTP请求,它工作的很好。 但是,我不知道如何为我的一些容器安装SSL。 我将使用letsencrypt来生成证书。

traefik.toml(部分) 

defaultEntryPoints = ["https","http"] [entryPoints] [entryPoints.http] address = ":80" [entryPoints.https] address = ":443" [entryPoints.https.tls] [acme] email = "acme@example.com" storage = "acme.json" entryPoint = "https" onHostRule = true caServer = "https://acme-staging.api.letsencrypt.org/directory"

泊坞窗,compose.yml 

 version: '3' services: web: ... deploy: labels: - "traefik.enable=true" - "traefik.frontend.rule=Host:example.com,www.example.com" - "traefik.docker.network=public" - "traefik.frontend.entryPoints=http" - "traefik.backend=service_web"

在此configuration中,我的应用程序永远不会到达SSL,因为我的容器没有安装SSL入口点。 如果我把“traefik.frontend.entryPoints”改为“https”,Letsencrypt就会被调用(LE因为升级而出错,但这对我来说并不重要)。

我最大的问题是,我仍然不知道如何将traefik TOMLconfiguration转换为docker-compose标签。 例如, Traefik docs解释入口点,但我有一群生活在不同领域的服务。 有的有SSL,有的没有SSL; 因此,我希望能够设置http和https入口点,http到httpsredirect等仅使用docker-compose。

另外,一旦我能够在docker-compose中设置入口点,我是否需要将[entryPoints]块保留在traefik.toml中?

AHOI!

要求 :本地持续卷插件: https : //github.com/CWSpear/local-persist (否则卷驱动器必须改变)networking为Traefik必须预先创build:“dockernetworking创build代理-d覆盖“

(1)火起来: 

 version: "3" services: traefik: image: traefik #command: --consul --consul.endpoint=consul:8500 #command: storeconfig --consul --consul.endpoint=consul:8500 networks: - proxy ports: - 80:80 - 443:443 #- 8080:8080 volumes: - /var/run/docker.sock:/var/run/docker.sock - traefikdata:/etc/traefik/ deploy: #replicas: 3 replicas: 1 placement: constraints: [node.role == manager] update_config: parallelism: 1 delay: 45s monitor: 15s restart_policy: condition: on-failure delay: 5s max_attempts: 10 window: 60s volumes: traefikdata: driver: local-persist driver_opts: mountpoint: /data/docker/proxy networks: proxy: external: true

重要提示 :当使用ACME并且想要扩展Traefik(比如这里3)时,你必须使用Consul或ETCD作为Config的“存储”。 如果您只使用一个Traefik实例,则不使用Consule或ETCD。 一个正常的证书ETCD&领事从来没有要求。

(2)登上traefik.toml 

 logLevel = "WARN" debug = false defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":80" compress = false [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] #Letsencrypt [acme] email = "admin@berndklaus.at" storage = "traefik/acme/account" entryPoint = "https" onHostRule = true onDemand = true #[[acme.domains]] # main = "yourdomain.at" # sans = ["sub1.yourdomain.at", "www.yourdomain.at"] #[[acme.domains]] # main = "anotherdomain.at" #[web] #address = ":8080" [docker] domain = "docker.localhost" watch = true swarmmode = true

未注释的部分不是强制性的

(3)启动任何服务 

 version: '3' services: nginx: image: nginx deploy: labels: - "traefik.port=80" - "traefik.docker.network=proxy" - "traefik.frontend.rule=Host:sub1.yourdomain.at" - "traefik.backend=nginx" - "traefik.frontend.entryPoints=http,https" replicas: 1 networks: proxy: aliases: - nginx volumes: - html:/usr/share/nginx/html environment: - NGINX_HOST=sub.yourdomain.at - NGINX_PORT=80 #command: /bin/bash -c "envsubst < /etc/nginx/conf.d/mysite.template > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'" networks: proxy: external: true default: driver: overlay volumes: html: driver: local-persist driver_opts: mountpoint: /data/docker/html

更多的例子: https : //github.com/Berndinox/compose-v3-collection

Interesting Posts

Ant不能在Docker容器中使用Jenkins

docker中的rabbitmq的Spring Boot应用程序问题

使用docker的多个ethconfiguration

无限地在后台运行Python脚本

从Docker容器中获取AWS实例元数据?

Docker 17.06中的服务无法在群集模式下随机工作

图Python 3兼容?

Kubernetes minikube教程后不能停止10个容器

Docker – 命名空间查询

在Docker容器中运行的PhantomJS服务器