简介
中小型产品项目,如果能将本地的开发环境与生产的部署环境达成一致的话,会很方便运维、测试,也可以说是小团队和独立开发者很好的解决方案。我的一些中小型项目就没有采用一些常规的运维、测试解决方案,而是利用 traefik + Docker 容器来实现,经过多个项目的实践相信这是另一种很实用的工作方法,现将一些配置的要点总结如下:
准备
- 本地安装 docker,参见官方文档找到对应的系统平台
https://docs.docker.com/install/#supported-platforms - 配置 docker 加速,推荐 daocloud 的加速服务
https://www.daocloud.io/mirror
开始
一、配置 traefik v2
建立如下目录
.
├── acme.json
├── docker-compose.yml
├── dynamic_conf.toml
├── logs # 日志会自动生成
│ ├── access.log
│ └── traefik.log
├── ssl
│ ├── caixie.top.crt
│ ├── caixie.top.key
└── traefix.toml
1. 配置 docker-compose.yml 编排文件,内容如下
version: '3'
services:
reverse-proxy:
image: traefik:v2.0.1
container_name: "traefik"
restart: always
labels:
- traefik.enable=true
- traefik.docker.network=traefik
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
# ./acme.json:/acme.json
- ./logs:/var/log
- ./dynamic_conf.toml:/dynamic_conf.toml
- ./ssl:/data/ssl/
networks:
- default
- traefik
whoami:
# A container that exposes an API to show its IP address
image: containous/whoami
labels:
# 声明公开此容器访问
- "traefik.enable=true"
# 服务将响应的域
- "traefik.http.routers.whoami.rule=Host(`whoami.caixie.top`)"
# 只允许来自预定义的入口点“web”的请求
- "traefik.http.routers.whoami.entrypoints=web, web-secure"
- traefik.docker.network=traefik
networks:
- default
- traefik
networks:
traefik:
external: true
2 traefik 静态配置, traefik.toml 文件内容如下
## traefik.toml
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[entryPoints.traefik]
address = ":8000"
[providers]
[providers.docker]
# 限制服务发现范围
# 如果设置为 false, 则没有 traefik.enable=true 标签的容器将从生成的路由配置中忽略
exposedByDefault = false
network = "traefik"
[providers.file]
filename = "dynamic_conf.toml"
watch = true
[retry]
[api]
# dashboard = true
# insecure = true
#debug = true
[ping]
3 traefik 动态配置, dynamic_conf.toml 内容如下
## Dynamic configuration
[http.routers.api]
rule = "Host(`d.caixie.top`)"
entrypoints = ["web-secure"]
service = "api@internal"
middlewares = ["myAuth"]
[http.routers.api.tls]
# 用户:test 密码:test
[http.middlewares.myAuth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
]
[tls]
[[tls.certificates]]
certFile = "/data/ssl/caixie.top.crt"
keyFile = "/data/ssl/caixie.top.key"
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "/data/ssl/caixie.top.crt"
keyFile = "/data/ssl/caixie.top.key"
4 启动 treafik 服务
docker-compose up -d
5 进入 Dashboard 管理页面
浏览器打开刚配置的 d.caixie.top 出现类似如下页面就成功配置了:
二、 应用端配置
1 示例: API 服务端
# Dockerfile 文件
#FROM mhart/alpine-node:12
FROM node:10-alpine
# 设置镜像作者
#MAINTAINER baisheng <baisheng@gmail.com>
# 设置时区
RUN sh -c "echo 'Asia/Shanghai' > /etc/timezone"
# 使用 aliyun 仓库加速
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
# 以下软件根据实际情况选择是否安装
RUN apk add --no-cache make gcc g++ python git
# Nodejs 服务的淘宝源配置
RUN npm config set registry https://registry.npm.taobao.org && \
npm config set disturl https://npm.taobao.org/dist && \
npm config set electron_mirror https://npm.taobao.org/mirrors/electron/ && \
npm config set sass_binary_site https://npm.taobao.org/mirrors/node-sass/ && \
npm config set phantomjs_cdnurl https://npm.taobao.org/mirrors/phantomjs/
RUN npm install --global node-gyp
#
WORKDIR /home/node/app
COPY package.json .
COPY package-lock.json /home/node/app
RUN npm ci
COPY . /home/node/app
RUN npm run build
EXPOSE 80
docker-compose 编排文件
# docker-compose.yml
# 根据项目用到的软件情况进行编排配置
version: '3.7'
services:
redis:
image: bitnami/redis:latest
environment:
- ALLOW_EMPTY_PASSWORD=yes
- REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL
ports:
- 6379:6379
volumes:
- redis_data:/bitnami/redis/data
networks:
- db-tier
mongodb:
image: bitnami/mongodb:latest
volumes:
- mongodb_data:/bitnami
ports:
- 27017:27017
networks:
- db-tier
# 应用配置
baisheng.api:
build:
context: .
dockerfile: Dockerfile
volumes:
- ./:/app
- /app/node_modules
depends_on:
- mongodb
- redis
networks:
- traefik
- db-tier
- default
command: yarn start:prod
labels:
# 声明公开此容器访问
- "traefik.enable=true"
- "traefik.http.routers.baisheng-server.entrypoints=web, web-secure"
- "traefik.http.routers.baisheng-server.tls=true"
- "traefik.http.routers.baisheng-server.rule=Host(`api.caixie.top`)"
- "traefik.docker.network=traefik"
volumes:
redis_data:
# 大部分情况为本地驱动,除有外部存储的情况,需要单独配置
# https://docs.docker.com/compose/compose-file/#driver
driver: local
mongodb_data:
driver: local
# 与 traefik v2 基础服务在同一网络
networks:
db-tier:
traefik:
external: true
name: traefik
2 示例: 应用WEB端
# Dockerfile 文件
FROM baisheng/alpine-node:12
WORKDIR /app
COPY . .
RUN npm install
EXPOSE 3000
3 docker-compose 编排文件
version: '3.7'
services:
website:
# image: mhart/alpine-node:12
# working_dir: /app
environment:
# - NODE_ENV=production
- NODE_ENV=development
build:
context: .
dockerfile: Dockerfile
volumes:
- ./:/app
- /app/node_modules
networks:
- traefik
command: yarn dev
# command: sh docker-entrypoint.sh
# ports:
# - 3001:80
labels:
- "traefik.enable=true"
- "traefik.http.routers.baisheng-website.entrypoints=web, web-secure"
# 禁止非安全请求
- "traefik.http.routers.baisheng-website.tls=true"
- "traefik.http.routers.baisheng-website.rule=Host(`www.caixie.top`)"
- "traefik.docker.network=traefik"
networks:
traefik:
external: true
4 查看配置是否成功
进入 dashboard 到 http 标签选项卡中查看是否已正确发现你的应用配置,如果出现配置信息,表示应用配置成功:
重要说明
- networks 需要在同一网络,网络之间的子应用才能正确通讯
- 如果 treafik 的服务器发现设置为 exposeByDefault=false,需要由 treafik 管理的应用需要设置 treafik.enable=true
- 如果应用采用 docker 编排,应用的启动IP设置应为 0.0.0.0 否则无法解析应用域名访问