Traefik & Docker

标签和容器的故事

Docker

将标签贴到您的容器上,让Traefik完成其余工作!

Configuration Examples

配置Docker和部署/公开服务

启用Docker提供程序

[providers.docker]
providers:
  docker: {}
--providers.docker=true

将标签粘贴到容器(在docker compose文件中)

version: "3"
services:
  my-container:
    # ...
    labels:
      - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
指定容器的自定义端口

将对http://mydomain.com请求转发到http://<private IP of container>:12345

version: "3"
services:
  my-container:
    # ...
    labels:
      - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
      # Tell Traefik to use the port 12345 to connect to `my-container`
      - traefik.http.services.my-service.loadbalancer.server.port=12345

Traefik连接到错误的端口: HTTP/502 Gateway Error

默认情况下,Traefik使用容器的第一个暴露端口.

设置标签traefik.http.services.xxx.loadbalancer.server.port会覆盖该行为.

配置Docker Swarm和部署/公开服务

启用Docker提供程序(群模式)

[providers.docker]
  # swarm classic (1.12-)
  # endpoint = "tcp://127.0.0.1:2375"
  # docker swarm mode (1.12+)
  endpoint = "tcp://127.0.0.1:2377"
  swarmMode = true
providers:
  docker:
    # swarm classic (1.12-)
    # endpoint = "tcp://127.0.0.1:2375"
    # docker swarm mode (1.12+)
    endpoint: "tcp://127.0.0.1:2375"
    swarmMode: true
--providers.docker.endpoint=tcp://127.0.0.1:2375
--providers.docker.swarmMode=true

在Swarm模式下(在docker compose文件中)将标签附加到服务(而不是容器)

version: "3"
services:
  my-container:
    deploy:
      labels:
        - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
        - traefik.http.services.my-container-service.loadbalancer.server.port=8080

Docker Swarm模式下的标签

在群模式下,Traefik使用在服务而非单个容器上找到的标签. 因此,如果在Swarm模式下使用撰写文件,则应在服务的deploy部分中定义标签. 仅在docker-compose版本3+( Compose file reference )中启用了此行为.

Routing Configuration

Labels

  • 标签不区分大小写.
  • 标签的完整列表可以在参考页中找到.

General

Traefik为每个容器创建一个相应的服务路由器 .

服务会根据容器的每个实例自动获取一台服务器,而路由器会自动获取defaultRule定义的规则(如果在标签中未定义规则).

Service definition

通常,在配置Traefik提供程序时,还必须定义分配给一个(或多个)路由器的服务,以使路由起作用.

但是,使用基于标签的配置时会有例外:

  1. 如果标签定义了路由器(例如,通过路由器规则)并且标签定义了服务(例如,通过负载平衡器服务器端口值隐式),但是路由器未指定任何服务,则该服务会自动分配给路由器.
  2. 如果标签定义了路由器(例如,通过路由器规则),但未定义服务,则将自动创建服务并将其分配给路由器.

正如人们所期望的那样,在这两种情况下,如果还为路由器指定了一项服务,则该服务即为已分配的服务,而不管它是实际定义的还是其他任何定义的服务.

带标签的自动服务分配

在撰写文件中带有标签

labels:
  - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
  # service myservice gets automatically assigned to router myproxy
  - "traefik.http.services.myservice.loadbalancer.server.port=80"
自动创建服务并分配标签

在撰写文件中带有标签

labels:
  # no service specified or defined and yet one gets automatically created
  # and assigned to router myproxy.
  - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"

Routers

要更新自动附加到容器的路由器的配置,请添加以traefik.http.routers.<name-of-your-choice>.开头的标签traefik.http.routers.<name-of-your-choice>. 然后是您要更改的选项.

例如,要更改规则,可以添加标签traefik.http.routers.my-container.rule=Host(`mydomain.com`) .

路由器名称<router_name>未授权字符@ .

traefik.http.routers.<router_name>.rule

有关更多信息,请参见规则 .

- "traefik.http.routers.myrouter.rule=Host(`mydomain.com`)"
traefik.http.routers.<router_name>.entrypoints

有关更多信息,请参见入口点 .

- "traefik.http.routers.myrouter.entrypoints=ep1,ep2"
traefik.http.routers.<router_name>.middlewares

有关更多信息,请参见中间件中间件概述 .

- "traefik.http.routers.myrouter.middlewares=auth,prefix,cb"
traefik.http.routers.<router_name>.service

有关更多信息,请参见规则 .

- "traefik.http.routers.myrouter.service=myservice"
traefik.http.routers.<router_name>.tls

有关更多信息,请参见tls .

- "traefik.http.routers.myrouter.tls=true"
traefik.http.routers.<router_name>.tls.certresolver

有关更多信息,请参见certResolver .

- "traefik.http.routers.myrouter.tls.certresolver=myresolver"
traefik.http.routers.<router_name>.tls.domains[n].main

有关更多信息,请参见 .

- "traefik.http.routers.myrouter.tls.domains[0].main=foobar.com"
traefik.http.routers.<router_name>.tls.domains[n].sans

有关更多信息,请参见 .

- "traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
traefik.http.routers.<router_name>.tls.options

请参阅选项以获取更多信息.

- "traefik.http.routers.myrouter.tls.options=foobar"
traefik.http.routers.<router_name>.priority

有关更多信息,请参见优先级 .

- "traefik.http.routers.myrouter.priority=42"

Services

要更新自动附加到容器的服务的配置,请添加以traefik.http.services.<name-of-your-choice>.开头的标签traefik.http.services.<name-of-your-choice>. ,然后是您要更改的选项.

例如,要更改passHostHeader行为,您可以添加标签traefik.http.services.<name-of-your-choice>.loadbalancer.passhostheader=false .

服务名称<service_name>未授权字符@ .

traefik.http.services.<service_name>.loadbalancer.server.port

注册端口. 当容器公开多个端口时很有用.

Docker Swarm的必需项(请参阅"使用Docker Swarm进行端口检测"一节 ).

- "traefik.http.services.myservice.loadbalancer.server.port=8080"
traefik.http.services.<service_name>.loadbalancer.server.scheme

覆盖默认方案.

- "traefik.http.services.myservice.loadbalancer.server.scheme=http"
traefik.http.services.<service_name>.loadbalancer.passhostheader

有关更多信息,请参见传递主机头 .

- "traefik.http.services.myservice.loadbalancer.passhostheader=true"
traefik.http.services.<service_name>.loadbalancer.healthcheck.headers.<header_name>

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.headers.X-Foo=foobar"
traefik.http.services.<service_name>.loadbalancer.healthcheck.hostname

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com"
traefik.http.services.<service_name>.loadbalancer.healthcheck.interval

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.interval=10"
traefik.http.services.<service_name>.loadbalancer.healthcheck.path

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo"
traefik.http.services.<service_name>.loadbalancer.healthcheck.port

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.port=42"
traefik.http.services.<service_name>.loadbalancer.healthcheck.scheme

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.scheme=http"
traefik.http.services.<service_name>.loadbalancer.healthcheck.timeout

请参阅运行状况检查以获取更多信息.

- "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10"
traefik.http.services.<service_name>.loadbalancer.sticky

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky=true"
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky.cookie.httponly=true"
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.name

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky.cookie.name=foobar"
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.secure

有关更多信息,请参见粘性会话 .

- "traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true"
traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval

有关更多信息,请参见响应转发 .

- "traefik.http.services.myservice.loadbalancer.responseforwarding.flushinterval=10"

Middleware

You can declare pieces of middleware using labels starting with traefik.http.middlewares.<name-of-your-choice>., followed by the middleware type/options.

例如,要声明一个名为my-redirect的中间件redirectscheme ,您可以编写traefik.http.middlewares.my-redirect.redirectscheme.scheme=https .

专用中间件部分中提供了有关可用中间件的更多信息.

中间件名称中未授权字符@ .

声明和引用中间件
   services:
     my-container:
       # ...
       labels:
         # Declaring a middleware
         - traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
         # Referencing a middleware
         - traefik.http.routers.my-container.middlewares=my-redirect

宣言冲突

如果用相同的名称声明了多个具有不同参数的中间件,则中间件将无法声明.

TCP

您可以使用标签声明TCP路由器和/或服务.

声明TCP路由器和服务
   services:
     my-container:
       # ...
       labels:
         - "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
         - "traefik.tcp.routers.my-router.tls=true"
         - "traefik.tcp.services.my-service.loadbalancer.server.port=4123"

TCP和HTTP

如果声明了TCP路由器/服务,它将阻止Traefik自动创建HTTP路由器/服务(就像没有定义TCP路由器/服务时默认情况下一样). 您可以为同一容器声明TCP路由器/服务和HTTP路由器/服务(但必须手动进行声明).

TCP Routers

traefik.tcp.routers.<router_name>.entrypoints

有关更多信息,请参见入口点 .

- "traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2"
traefik.tcp.routers.<router_name>.rule

有关更多信息,请参见规则 .

- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
traefik.tcp.routers.<router_name>.service

有关更多信息,请参见服务 .

- "traefik.tcp.routers.mytcprouter.service=myservice"
traefik.tcp.routers.<router_name>.tls

有关更多信息,请参见TLS .

- "traefik.tcp.routers.mytcprouter.tls=true"
traefik.tcp.routers.<router_name>.tls.certresolver

有关更多信息,请参见certResolver .

- "traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver"
traefik.tcp.routers.<router_name>.tls.domains[n].main

有关更多信息,请参见 .

- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
traefik.tcp.routers.<router_name>.tls.domains[n].sans

有关更多信息,请参见 .

- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
traefik.tcp.routers.<router_name>.tls.options

请参阅选项以获取更多信息.

- "traefik.tcp.routers.mytcprouter.tls.options=mysoptions"
traefik.tcp.routers.<router_name>.tls.passthrough

有关更多信息,请参见TLS .

- "traefik.tcp.routers.mytcprouter.tls.passthrough=true"

TCP Services

traefik.tcp.services.<service_name>.loadbalancer.server.port

注册应用程序的端口.

- "traefik.tcp.services.mytcpservice.loadbalancer.server.port=423"
traefik.tcp.services.<service_name>.loadbalancer.terminationdelay

有关更多信息,请参见终止延迟 .

- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"

Specific Provider Options

traefik.enable

- "traefik.enable=true"

您可以通过将traefik.enable设置为true或false来告诉Traefik考虑(或不考虑)容器.

此选项将覆盖exposedByDefault的值.

traefik.docker.network

- "traefik.docker.network=mynetwork"

覆盖用于连接到容器的默认docker网络.

如果容器链接到多个网络,请确保设置正确的网络名称(您可以使用docker inspect <container_id> ),否则它将随机选择一个(取决于docker返回它们的方式).

Warning

从组合文件stack部署stack ,定义的网络将以stack为前缀.

traefik.docker.lbswarm

- "traefik.docker.lbswarm=true"

启用S​​warm的内置负载均衡器(仅在Swarm模式下相关).

如果启用此选项,Traefik将使用docker swarm提供的虚拟IP代替容器IP. 这意味着Traefik将不执行任何类型的负载平衡,并将此任务委托给群集.