在两个docker容器前面配置Traefik，全部在端口80上

1 回答

• 1

  在traefik对slack的支持的帮助下，我能够解决这个问题 .

  • 每个端口可能没有多个entryPoint

  • 可以在docker-compose.yml中配置授权

  • 添加acme.json并配置https和Let仅在traefik.toml中加密

  在/ opt / traefik中放入以下三个文件：

  acme.json:

  可能是空的，但必须妥善保管：

  touch acme.json
  chmod 600 acme.json
  

  docker-compose.yml:

  version: "2"
  
  networks:
   web:
  
  services:
  
   prox:
      image: containous/traefik:latest # The official Traefik docker image
      command: --api --docker # Enables the web UI and tells Træfik to listen to docker
      restart: unless-stopped
      ports:
        - "80:80"
        - "443:443"
  #     - "8080:8080" # Don't want this port open (on all hostnames!)
      labels:
        - "traefik.port=8080"
        - "traefik.backend=traefikception"
        - "traefik.frontend.rule=Host:traefik.example.me"
        - "traefik.enable=true"
        - "traefik.frontend.auth.basic=admin:$$ert2$$RKdHyOKO$$QDK1EKB4UJbsda7CXfPfK0"
      volumes:
        - "/var/run/docker.sock:/var/run/docker.sock" # So that Traefik can listen to the Docker events
        - "./traefik.toml:/traefik.toml"
        - "./acme.json:/acme.json"
      networks:
        - web
  
  seafile_org1:
      image: seafileltd/seafile
      container_name: seafile_org1
      restart: unless-stopped
      environment:
        SEAFILE_ADMIN_EMAIL: mail@mail.me
        SEAFILE_ADMIN_PASSWORD: ####
        SEAFILE_SERVER_HOSTNAME: org1.example.me
      labels:
        - traefik.enable=true
        - traefik.frontend.rule=Host:org1.example.me
        - traefik.port=80
        - traefik.backend=seafile_org1
        - traefik.docker.network=web
      volumes:
        - /opt/seafile-data/org1:/shared
      networks:
        - web
  
   seafile_org2:
      image: seafileltd/seafile
      container_name: seafile_org2
      restart: unless-stopped
      environment:
        SEAFILE_ADMIN_EMAIL: mail@mail.com
        SEAFILE_ADMIN_PASSWORD: ####
        SEAFILE_SERVER_HOSTNAME: org2.example.com
      labels:
        - traefik.enable=true
        - traefik.frontend.rule=Host:org2.example.com
        - traefik.port=80
        - traefik.backend=seafile_org2
        - traefik.docker.network=web
      volumes:
        - /opt/seafile-data/org2:/shared
      networks:
        - web
  

  得到你需要把它作为 Value 发给traefik.frontend.auth.basic发行：

  htpasswd -n admin
  

  traefik.toml: defaultEntryPoints = ["http"，"https"]

  [entryPoints]
    [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  
    [entryPoints.https]
    address = ":443"
  [entryPoints.https.tls]
  
  [retry]
  
  [api]
  dashboard = true
  
  
  # Enable ACME (Let's Encrypt): automatic SSL.
  [acme]
  email = "you@mail.com"
  storage = "acme.json"
  entryPoint = "https"
  # If true, display debug log messages from the acme client library.
  # acmeLogging = true
  # Enable certificate generation on frontends host rules.
  onHostRule = true
  # CA server to use.
  # Uncomment the line to use Let's Encrypt's staging server,
  # leave commented to go to prod.
  caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
  # Use a HTTP-01 ACME challenge.
  # Optional (but recommended)
  [acme.httpChallenge]
    entryPoint = "http"
  

  这使用Let的加密登台环境来获得三个证书 . 使用caServer注释该行以获得真正的证书！重新创建一个空的acme.json！

  seafile数据存储在

  /opt/seafile-data/org1
  

  和

  /opt/seafile-data/org2
  

  分别 .

  在/ opt / traefik中，您可以启动系统：

  docker-compose up -d
  

  和看日志

  docker-compose logs
  

  首次运行启动需要一些时间来设置seafile，获取证书，...

  您的主机应该可以访问，不会出现SSL错误或警告

  • http://traefik.example.me（询问您的凭据以查看该页面）

  • http://org1.example.me

  • http://org2.example.com

  剩下要做的是编辑每个seafile安装目录（/opt/seafile-data/org1/seafile/conf/ccnet.conf）中的ccnet.conf文件，并将协议更改为“http”并删除端口“ ：来自SERVICE_URL的8000“，以便共享链接也适用于该设置 . 该行应为：

  SERVICE_URL = https://org1.example.me
  

  回复于 2024-04-29T22:56:44+08:00