Traefik

Docker中使用

使用文件证书

相比Nginx更加简单，给出docker-compose文件：

services:
  traefik:
    image: traefik:v3.4
    container_name: traefik
    security_opt:
      - no-new-privileges:true
    networks:
      - app_net
    command:
      - "--api.insecure=false"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=app_net"
      - "--providers.file.directory=/etc/traefik/dynamic"
      - "--entryPoints.http.address=:80"
      - "--entryPoints.https.address=:443"
      - "--entryPoints.https.http.tls=true"
      - "--entryPoints.http.http.redirections.entryPoint.to=https"
      - "--entryPoints.http.http.redirections.entryPoint.scheme=https"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./certs:/certs:ro"
      - "./dynamic:/etc/traefik/dynamic:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.evalexp.top`)"
      - "traefik.http.routers.dashboard.entrypoints=https"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.dashboard.middlewares=dashboard-auth"
      - "traefik.http.middlewares.dashboard-auth.basicauth.users=admin:$$2y$$05$$HaY5fUzjZxKwK6AqKVZyjOMLOIw.BLGtFuHHecSBRocWu6AxeLBDu"

这里需要说明的是，证书需要放置到当前目录下的certs目录中，文件的动态配置放置到dynamic文件夹下，并且添加一个tls.yaml的配置，如下：

tls:
  certificates:
    - certFile: /certs/SAN_evalexp.top.cer
      keyFile: /certs/SAN_evalexp.top.key

这样就添加了TLS证书；需要注意的是，在我们配置路由的过程中，无需指定证书，traefik会根据SNI自动匹配合适的证书。

当前结构如下：

traefik
├── certs
│   ├── SAN_evalexp.top.cer
│   └── SAN_evalexp.top.key
├── docker-compose.yml
└── dynamic
    ├── ipfs.yml
    └── tls.yaml

使用证书中心

如果通过证书中心，我们就不需要考虑那么多了，参考Traefik 接入，直接将证书相关的去除，添加一个etcd的provider即可。