Overview

要求发生了什么?

让我们放大Traefik的体系结构,并讨论使路线得以创建的组件.

首先,当您启动Traefik时,您定义了入口点 (以其最基本的形式,它们是端口号). 然后,连接到这些入口点的路由器会分析传入的请求,以查看它们是否符合一组规则 . 如果它们这样做,则路由器可能会在将请求转发到您的服务之前使用中间件来转换请求.

Architecture

Clear Responsibilities

  • 提供者发现您的基础结构上存在的服务(它们的IP,运行状况等)
  • 入口点侦听传入流量(端口等)
  • 路由器分析请求(主机,路径,标头,SSL等)
  • 服务将请求转发到您的服务(负载平衡,...)
  • 中间件可以更新请求或根据请求做出决定(身份验证,速率限制,标头等).

Example with a File Provider

以下是文件提供商的完整配置文件的示例,该文件http://domain/whoami/请求转发到http://private/whoami-service/上可访问http://private/whoami-service/ . 在此过程中,Traefik将确保对用户进行身份验证(使用BasicAuth中间件 ).

静态配置:

[entryPoints]
  [entryPoints.web]
    # Listen on port 8081 for incoming requests
    address = ":8081"

[providers]
  # Enable the file provider to define routers / middlewares / services in file
  [providers.file]
    directory = "/path/to/dynamic/conf"
entryPoints:
  web:
    # Listen on port 8081 for incoming requests
    address: :8081

providers:
  # Enable the file provider to define routers / middlewares / services in file
  file:
    directory: /path/to/dynamic/conf
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081

# Enable the file provider to define routers / middlewares / services in file
--providers.file.directory=/path/to/dynamic/conf

动态配置:

# http routing section
[http]
  [http.routers]
     # Define a connection between requests and services
     [http.routers.to-whoami]
      rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
      # If the rule matches, applies the middleware
      middlewares = ["test-user"]
      # If the rule matches, forward to the whoami service (declared below)
      service = "whoami"

  [http.middlewares]
    # Define an authentication mechanism
    [http.middlewares.test-user.basicAuth]
      users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]

  [http.services]
    # Define how to reach an existing service on our infrastructure
    [http.services.whoami.loadBalancer]
      [[http.services.whoami.loadBalancer.servers]]
        url = "http://private/whoami-service"
# http routing section
http:
  routers:
    # Define a connection between requests and services
    to-whoami:
      rule: "Host(`domain`) && PathPrefix(`/whoami/`)"
       # If the rule matches, applies the middleware
      middlewares:
      - test-user
      # If the rule matches, forward to the whoami service (declared below)
      service: whoami

  middlewares:
    # Define an authentication mechanism
    test-user:
      basicAuth:
        users:
        - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/

  services:
    # Define how to reach an existing service on our infrastructure
    whoami:
      loadBalancer:
        servers:
        - url: http://private/whoami-service

在此示例中,我们使用文件提供商 . 即使这是配置Traefik的最神奇的方法之一,它也明确描述了每个可用的概念.

HTTP / TCP

在此示例中,我们仅为http请求定义了路由规则. Traefik还支持TCP请求. 要添加TCP路由器TCP服务 ,请在TCP部分中声明它们,如下所示.

在whoami.traefik.io上为TLS请求添加TCP路由

静态配置

[entryPoints]
  [entryPoints.web]
    # Listen on port 8081 for incoming requests
    address = ":8081"

[providers]
  # Enable the file provider to define routers / middlewares / services in file
  [providers.file]
    directory = "/path/to/dynamic/conf"
entryPoints:
  web:
    # Listen on port 8081 for incoming requests
    address: :8081
providers:
  # Enable the file provider to define routers / middlewares / services in file
  file:
    directory: /path/to/dynamic/conf
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081

# Enable the file provider to define routers / middlewares / services in file
--providers.file.directory=/path/to/dynamic/conf

动态配置

# http routing section
[http]
  [http.routers]
    # Define a connection between requests and services
    [http.routers.to-whoami]
      rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
      # If the rule matches, applies the middleware
      middlewares = ["test-user"]
      # If the rule matches, forward to the whoami service (declared below)
      service = "whoami"

  [http.middlewares]
     # Define an authentication mechanism
     [http.middlewares.test-user.basicAuth]
       users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]

  [http.services]
     # Define how to reach an existing service on our infrastructure
     [http.services.whoami.loadBalancer]
       [[http.services.whoami.loadBalancer.servers]]
         url = "http://private/whoami-service"

[tcp]
  [tcp.routers]
    [tcp.routers.to-whoami-tcp]
      rule = "HostSNI(`whoami-tcp.traefik.io`)"
      service = "whoami-tcp"
      [tcp.routers.to-whoami-tcp.tls]

  [tcp.services]
    [tcp.services.whoami-tcp.loadBalancer]
      [[tcp.services.whoami-tcp.loadBalancer.servers]]
        address = "xx.xx.xx.xx:xx"
# http routing section
http:

  routers:
    # Define a connection between requests and services
    to-whoami:
      rule: Host(`domain`) && PathPrefix(`/whoami/`)
      # If the rule matches, applies the middleware
      middlewares:
      - test-user
      # If the rule matches, forward to the whoami service (declared below)
      service: whoami

  middlewares:
    # Define an authentication mechanism
    test-user:
      basicAuth:
        users:
        - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/

  services:
    # Define how to reach an existing service on our infrastructure
    whoami:
      loadBalancer:
        servers:
        - url: http://private/whoami-service
tcp:

  routers:
    to-whoami-tcp:
      service: whoami-tcp
      rule: HostSNI(`whoami-tcp.traefik.io`)

  services:
    whoami-tcp:
      loadBalancer:
        servers:
        - address: xx.xx.xx.xx:xx

Transport configuration

客户端和Traefik之间以及随后的Traefik与后端服务器之间的连接发生的大部分事情都是通过入口点路由器进行配置的.

此外,一些参数专用于全局配置Traefik与后端之间的连接所发生的情况. 这是通过配置的serversTransport部分完成的,它具有以下选项:

insecureSkipVerify

可选,默认= false

insecureSkipVerify禁用SSL证书验证.

## Static configuration
[serversTransport]
  insecureSkipVerify = true
## Static configuration
serversTransport:
  insecureSkipVerify: true
## Static configuration
--serversTransport.insecureSkipVerify=true

rootCAs

Optional

rootCAs是使用自签名TLS证书时将被设置为"根证书颁发机构"的证书列表(作为文件路径或数据字节).

## Static configuration
[serversTransport]
  rootCAs = ["foo.crt", "bar.crt"]
## Static configuration
serversTransport:
  rootCAs:
    - foo.crt
    - bar.crt
## Static configuration
--serversTransport.rootCAs=foo.crt,bar.crt

maxIdleConnsPerHost

可选,默认= 2

如果不为零,则maxIdleConnsPerHost控制最大空闲(保持活动状态)连接以保留每个主机.

## Static configuration
[serversTransport]
  maxIdleConnsPerHost = 7
## Static configuration
serversTransport:
  maxIdleConnsPerHost: 7
## Static configuration
--serversTransport.maxIdleConnsPerHost=7

forwardingTimeouts

forwardingTimeouts大约与将请求转发到后端服务器时有关的超时时间.

forwardingTimeouts.dialTimeout`

可选,默认= 30s

dialTimeout是建立与后端服务器的连接所允许的最大持续时间. 零表示没有超时.

## Static configuration
[serversTransport.forwardingTimeouts]
  dialTimeout = "1s"
## Static configuration
serversTransport:
  forwardingTimeouts:
    dialTimeout: 1s
## Static configuration
--serversTransport.forwardingTimeouts.dialTimeout=1s

forwardingTimeouts.responseHeaderTimeout`

可选,默认= 0s

responseHeaderTimeout (如果非零),它指定在完全写入请求(包括其主体,如果有)之后等待服务器的响应头的时间. 该时间不包括读取响应正文的时间. 零表示没有超时.

## Static configuration
[serversTransport.forwardingTimeouts]
  responseHeaderTimeout = "1s"
## Static configuration
serversTransport:
  forwardingTimeouts:
    responseHeaderTimeout: 1s
## Static configuration
--serversTransport.forwardingTimeouts.responseHeaderTimeout=1s

forwardingTimeouts.idleConnTimeout`

可选,默认= 90s

idleConnTimeout ,是空闲(保持活动状态)连接在关闭自身之前将保持空闲状态的最长时间. 零表示无限制.

## Static configuration
[serversTransport.forwardingTimeouts]
  idleConnTimeout = "1s"
## Static configuration
serversTransport:
  forwardingTimeouts:
    idleConnTimeout: 1s
## Static configuration
--serversTransport.forwardingTimeouts.idleConnTimeout=1s