前言
我的docker是truenas scale的,所以是被禁用了bridge,我这里是自己创建了一个macvlan,所以都是在macvlan上的
创建文件
mkdir -p /mnt/important/docker/traefik/configurations
touch docker-compose.yml
touch /mnt/important/docker/traefik/traefik.yml
touch /mnt/important/docker/traefik/acme.json
touch /mnt/important/docker/traefik/configurations/dynamic.yml
chmod 600 /mnt/important/docker/traefik/acme.json
traefik.yml
api:
dashboard: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
websecure:
address: :443
http:
middlewares:
- secureHeaders@file
tls:
certResolver: letsencrypt
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /configurations/dynamic.yml
certificatesResolvers:
letsencrypt:
acme:
email: admin@yourdomain
storage: acme.json
keyType: EC384
httpChallenge:
entryPoint: web
buypass:
acme:
email: admin@yourdomain
storage: acme.json
caServer: https://api.buypass.com/acme/directory
keyType: EC256
httpChallenge:
entryPoint: web
email地址改成自己的
dynamic.yml
http:
middlewares:
secureHeaders:
headers:
sslRedirect: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
# UserName : admin
# Password : qwer1234
user-auth:
basicAuth:
users:
- "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
minVersion: VersionTLS12
Docker-compose
version: '3.7'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /mnt/important/docker/traefik/traefik.yml:/traefik.yml:ro
- /mnt/important/docker/traefik/acme.json:/acme.json
# Add folder with dynamic configuration yml
- /mnt/important/docker/traefik/configurations:/configurations
networks:
- macvlan
labels:
- "traefik.enable=true"
- "traefik.http.services.justAdummyService.loadbalancer.server.port=1337"
- "traefik.docker.network=macvlan"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`yourdomain`)"
- "traefik.http.routers.traefik-secure.middlewares=user-auth@file"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
macvlan:
external: true
把yourdomain
换成自己的IP或者域名
运行
docker-compose up -d
访问yourdomain
就可以看到dashboard了
2 条评论
你好,我想请问下traefik是否可以代理非docker部署的网页
可以