k8s/Kubernetes>> traefik-docker>> 返回
项目作者: riogezz

项目描述 :
Traefik on docker serving HTTP and HTTPS with Let's Encrypt certificates
高级语言:
项目地址: git://github.com/riogezz/traefik-docker.git
创建时间: 2020-03-10T21:31:38Z
项目社区:https://github.com/riogezz/traefik-docker
开源协议:
下载


Traefik on Docker

HTTP and HTTPS example with Let’s Encrypt certificates served by DNS01-Challenge on AWS Route53 and HTTP-to-HTTPS redirect
| Please check traefik 2.1 docs for more.

.env file variables

Name Example value value Description
- Global

TZ| Europe/Rome| container timezone |
RESTART| unless-stopped| container restart policy |
COMPOSE_PROJECT_NAME| traefikrouter| project name used as prepend string |
|- Traefik specific|
VERSION| latest| traefik version |
LOG| INFO| traefik minimum logging |
|- ACME DNS-01 Challenge|
|PROVIDER|route53|check provider list |
|RESOLVER|1.1.1.1:53|public DNS server to be used for acme TXT fields checks
|EMAIL|xyz@domain.ltd|your email |
|- _ACME AWS Route53 example|
|AWS_ACCESS_KEY_ID|ABCXYZ|IAM username |
|AWS_SECRET_ACCESS_KEY|123890|IAM secret |
|AWS_REGION|us-east-1|AWS Route53 service is region independent |

| for AWS Route53 provider configuration head to AWS docs about AWS IAM credentials and policy document example or Let’s Encrypt GO client route53 provider docs.

docker-compose explanation

docker-compose.yml conatins a whoami test instance with http-to-https redirect features

  1.     labels:
  2.       - "traefik.enable=true"
  3.       # default route
  4.       - "traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)"
  5.       - "traefik.http.routers.whoami.entrypoints=https"
  6.       - "traefik.http.routers.whoami.tls.certresolver=${PROVIDER}"
  7.       # HTTP to HTTPS
  8.       - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
  9.       - "traefik.http.routers.whoami-redirs.rule=hostregexp(`{host:.+}`)"
  10.       - "traefik.http.routers.whoami-redirs.entrypoints=http"
  11.       - "traefik.http.routers.whoami-redirs.middlewares=redirect-to-https"

sections explanation:

  • enable traefik configuration on this container

    1.     - "traefik.enable=true"

  • configure router to serve “whoami.domain.tld” FQDN over https entrypoint and generate SSL certificate using provider defined inside .env (eg: route53 )

    1.     - "traefik.http.routers.whoami.rule=Host(`whoami.domain.tld`)"
    2.     - "traefik.http.routers.whoami.entrypoints=https"
    3.     - "traefik.http.routers.whoami.tls.certresolver=${PROVIDER}"

  • configure http-to-https redirect scheme

    1.     - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

  • apply redirect scheme to every request directed to host over http (link)

    1.     - "traefik.http.routers.whoami-redirs.rule=hostregexp(`{host:.+}`)"
    2.     - "traefik.http.routers.whoami-redirs.entrypoints=http"
    3.     - "traefik.http.routers.whoami-redirs.middlewares=redirect-to-https"

Traefik dashboard will run on exposed TCP/8080 and should be like this

traefik dashboard image