Docker Compose + Traefik v2 快速安裝，自動申請SSL證書 http轉https 初次嘗試

本文轉載自查看原文 2020-03-11 19:27 1764 traefik/ docker-compose/ docker

前言

昨晚閑得無聊睡不着覺，拿起服務器嘗試部署了一下Docker + Traefik v2.1.6 ，以下是一些配置的總結，初次接觸，大佬勿噴。
我的系統環境是 Ubuntu 18.04.3 LTS

一、Docker 和 Docker Compose 安裝

懶人使用一鍵腳本
1.Docker 安裝

curl -sSL https://get.daocloud.io/docker | sh

安裝后將會自動重啟。
2.Docker Compose 安裝

curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

可自行前往Github 查看最新版本 Releases · docker/compose

Docker以及Docker Compose簡單介紹使用傳送門：docker 及 docker-compose 的快速安裝和簡單使用

二、使用Docker Compose快速安裝Traefik v2.1.6

1.建立traefik目錄，新建docker-compose.yml文件以下是我的配置，僅供參考

vim docker-compose.yml

version: "3.7"
services:
  dykimy_traefik:
    restart: always
    image: traefik:v2.1.6
    container_name: dykimy_traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # 入口點信息 其中 http & https 可以自己定義名稱 在routers entrypoints中會用到
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      # ACME信息
      - "--certificatesresolvers.dykimy.acme.httpchallenge=true"
      - "--certificatesresolvers.dykimy.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.dykimy.acme.email=${AcmeEmail}"
      - "--certificatesresolvers.dykimy.acme.storage=/letsencrypt/acme.json"
    networks:
      - webgateway
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/timezone:/etc/timezone"
      - "/etc/localtime:/etc/localtime"
    labels:
      - "traefik.enable=true"
      # Traefik儀表板相關配置
      - "traefik.http.routers.dykimy_traefik.rule=Host(`${TraefikDomain}`)"
      - "traefik.http.routers.dykimy_traefik.tls.certresolver=dykimy"
      - "traefik.http.routers.dykimy_traefik.entrypoints=https"
      - "traefik.http.routers.dykimy_traefik.middlewares=authtraefik"
      - "traefik.http.services.dykimy_traefik.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.authtraefik.basicauth.users=${TraefikUsers}"

      # 全局重定向到HTTPS
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # 重定向中間件
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"        
networks:
  webgateway:
    external:
      # 請先自行創建網絡 docker network create dykimy_gateway 名字自己定義
      name: dykimy_gateway

vim .env

AcmeEmail=yourname@youremail.com
TraefikDomain=traefik.yourdomain.com
TraefikUsers=user:$apr1$7u80L7XB$Oqh/UiL5EjWr94lSkULKl0,user2:$apr1$U.eJNqst$DeuE7JjXgbiqP9g2nUq18/

#用戶可以設置多個，生成htpasswd使用如下shell獲取。
echo $(htpasswd -nb user password)
#user:$apr1$7u80L7XB$Oqh/UiL5EjWr94lSkULKl0

#如果需要直接卸載yml中，因為有$符號需要轉移。
echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
#user:$$apr1$$i88wLyi0$$/2dB/ShipkdrTZpnDjcpo0

yml中的寫法

labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

2.拉取鏡像，啟動容器

docker-compose up -d

訪問 traefik.yourdomain.com 就可以看到Traefik 的界面啦，下面附送兩張圖片，Traefik V2的UI是真的好看。

3.其他站點如何配置？
我以一個whoami的示例給大家舉例

vim docker-compose.yml

version: "3.7"
services:
  whoami:
    restart: always
    image: containous/whoami
    container_name: whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      # 這里的dykimy 填寫上面的ACME你定義的節點名稱
      - "traefik.http.routers.whoami.tls.certresolver=dykimy"
    networks:
      - webgateway
networks:
  webgateway:
    external:
      name: dykimy_gateway

啟動容器

docker-compose up -d

訪問whoami.yourdomain.com就可以看到效果了

4.不帶www轉到www
我搜索了中文結果，英文結果，都沒有找到traefik v2 設置不帶www跳轉www的方法，然后發現老外的需求都是帶www跳轉到不帶www，哈哈，然后自己寫了一個，僅供參考。
在 traefik 目錄的 docker-compose.yml 下的 labels 節點，增加如下配置：

- "traefik.http.middlewares.https-force-www.redirectregex.regex=^https://([^www](?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9])(.+)"
- "traefik.http.middlewares.https-force-www.redirectregex.replacement=https://www.$${1}$${2}"
- "traefik.http.middlewares.https-force-www.redirectregex.permanent=true"

完整文件內容

version: "3.7"
services:
  dykimy_traefik:
    restart: always
    image: traefik:v2.1.6
    container_name: dykimy_traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # 入口點信息 其中 http & https 可以自己定義名稱 在routers entrypoints中會用到
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      # ACME信息
      - "--certificatesresolvers.dykimy.acme.httpchallenge=true"
      - "--certificatesresolvers.dykimy.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.dykimy.acme.email=${AcmeEmail}"
      - "--certificatesresolvers.dykimy.acme.storage=/letsencrypt/acme.json"
    networks:
      - webgateway
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/timezone:/etc/timezone"
      - "/etc/localtime:/etc/localtime"
    labels:
      - "traefik.enable=true"
      # Traefik儀表板相關配置
      - "traefik.http.routers.dykimy_traefik.rule=Host(`${TraefikDomain}`)"
      - "traefik.http.routers.dykimy_traefik.tls.certresolver=dykimy"
      - "traefik.http.routers.dykimy_traefik.entrypoints=https"
      - "traefik.http.routers.dykimy_traefik.middlewares=authtraefik"
      - "traefik.http.services.dykimy_traefik.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.authtraefik.basicauth.users=${TraefikUsers}"

      # 全局重定向到HTTPS
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # 重定向中間件
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # 全局重定向https請求不帶www到www中間件
      - "traefik.http.middlewares.https-force-www.redirectregex.regex=^https://([^www](?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9])(.+)"
      - "traefik.http.middlewares.https-force-www.redirectregex.replacement=https://www.$${1}$${2}"
      - "traefik.http.middlewares.https-force-www.redirectregex.permanent=true"
networks:
  webgateway:
    external:
      # 請先自行創建網絡 docker network create dykimy_gateway 名字自己定義
      name: dykimy_gateway

對應修改站點下的docker-compose.yml為：

version: "3.7"
services:
  whoami:
    restart: always
    image: containous/whoami
    container_name: whoami
    labels:
      - "traefik.enable=true"
      # 注意這里增加了www前綴
      - "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`,`www.whoami.yourdomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      # 這里的dykimy 填寫上面的ACME你定義的節點名稱
      - "traefik.http.routers.whoami.tls.certresolver=dykimy"
      # 使用咱們全局定義的https-force-www中間件
      - "traefik.http.routers.whoami.middlewares=https-force-www"
    networks:
      - webgateway
networks:
  webgateway:
    external:
      name: dykimy_gateway

好了，大功告成，一寫博客就去了幾個小時，哈哈哈，如果本文幫到您，請大家多多支持，如有不足之處，請指出，感謝您的閱讀。

本文版權歸 Dykimy 和博客園共有，歡迎轉載，如未經作者允許，轉載需保留此段聲明，並在文章顯眼處注明出處，否則保留追究法律責任的權利。

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 SSL證書申請及HTTP轉HTTPS traefik v1 結合 docker-compose 的快速安裝及使用【http轉https】其之一：騰訊雲 DV SSL證書申請實驗 linux安裝 docker compose v2 【http轉https】其之二：申請Let's Encrypt頒發SSL證書阿里雲ssl證書申請部署開啟http跳轉https 讓網站永久擁有HTTPS - 申請免費SSL證書並自動續期申請Let’s Encrypt通配符HTTPS證書(certbot ACME v2版) acme自動申請ssl證書 Tomcat 服務器安裝 SSL證書，實現 HTTP 自動跳轉 HTTPS