如何使用 Traefik 反向代理已经运行的节点服务?

【问题标题】:How to use Traefik to reverse proxy an already running node service?如何使用 Traefik 反向代理已经运行的节点服务?
【发布时间】:2021-11-28 21:15:23
【问题描述】:

我有一个使用 pm2 在端口 3000 上运行的节点进程。 我想配置 Traefik 以便它在端口 80 上反向代理此服务。

this 出色的博文之后,我能够使用 docker compose 快速启动 Traefik 并为节点服务器设置骨架配置。

但是,该示例假设节点进程也托管在 docker 中。我无法让它为我的节点进程 (*) 工作,所以我只想能够通过以某种方式指向端口 3000 来配置 Traefik。看起来很简单,但无法让它发挥作用。

我坚持使用以下配置(这是各种博客文章的混合,但实际上并不知道我在做什么):

services:
  reverse-proxy:
    image: traefik:v2.4
    container_name: "traefik"
    command:
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--api.debug=true"
      - "--providers.docker=true"
      - "--log.LEVEL=DEBUG"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--providers.docker.exposedbydefault=false"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.email=xxxx@xxx.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "80:80"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  node-server:
    loadBalancer:
      servers:
        - url: http://127.0.0.1:3000/
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.node-server.rule=Host(`xxxxxx.com`)"
      - "traefik.http.routers.node-server.entrypoints=websecure"
      - "traefik.http.routers.node-server.tls.certresolver=myresolver"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"

这给出了错误:'不支持的配置选项 services.node-server: 'loadBalancer'"

长话短说:我将如何配置 Traefik 以反向代理在端口 3000 上运行的服务?

*) 一个 Docker 的新手,我无法让这种情况正常工作,其中节点进程依赖于父目录中的自定义 javascript 模块。也许有一种方法可以做到这一点,而我可以用“docker 中的主机节点”的方式来做到这一点。我都在听

【问题讨论】:

  • 我会开始在 docker-compose 中添加version: "3" 并检查缩进是否正确

标签: node.js docker docker-compose traefik


【解决方案1】:

几个月前我已经配置了一个反向代理,这里是我的配置:

version: '3'

services:
  reverse-proxy:
    image: traefik:v2.5
    container_name: selling-point-reverse-proxy
    ports:
      - 80:80
      - 8080:8080
    volumes:
      # Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
    command:
      # Enables the web UI
      - --api.insecure=true
      # Tells Traefik to listen to docker
      - --providers.docker
      # Creates a new entrypoint called web
      - --entrypoints.web.address=:80
      # Disable container exposition
      - --providers.docker.exposedByDefault=false
      # Traefik matches against the container's labels to determine whether to create any route for that container
      - --providers.docker.constraints=Label(`traefik.scope`,`selling-point`)
      # Enable tracing (using jaeger by default)
      - --tracing=true
      # Name of the tracing service on Jaeger
      - --tracing.serviceName=reverse-proxy
      # Host and port of the Jaeger agent
      - --tracing.jaeger.localAgentHostPort=jaeger:6831
    labels:
      # Matcher for creating a route
      - traefik.scope=selling-point
      # Exposes container
      - traefik.enable=true
      # Creates circuit breaker middleware
      - traefik.http.middlewares.latency.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 10000
      # Creates a forward auth middleware
      - traefik.http.middlewares.auth.forwardauth.address=http://auth:3000/auth/authorize
      # Enables cross origin requests
      - traefik.http.middlewares.cors.headers.accesscontrolalloworiginlist=*
      # Enables forwarding of the request headers
      - traefik.http.middlewares.cors.headers.accessControlAllowHeaders=*
    networks:
      - selling-point
  api:
    image: selling-point-api
    container_name: selling-point-api
    build: 
      context: ./selling-point-api
    labels:
      # Tells Traefik where to redirect the request if the url has the specified prefix
      - traefik.http.routers.api.rule=PathPrefix(`/api`)
      # Attaches a middleware for forwarding the authentication
      - traefik.http.routers.api.middlewares=cors,auth,latency
      # Attaches entrypoints
      - traefik.http.routers.api.entrypoints=web
      # Exposes container
      - traefik.enable=true
      # Matcher for creating a route
      - traefik.scope=selling-point
      # Creates a service called selling-point-api
      - traefik.http.services.selling-point-api.loadbalancer.server.port=3000
      # Attach the container to a service
      - traefik.http.routers.api.service=selling-point-api
    volumes:
      - ./selling-point-api/src:/app/src
    networks:
      - selling-point
    environment:
      WAIT_HOSTS: mysql:3306
      DATABASE_URL: mysql://root:huachinango@mysql:3306/selling_point
      NODE_ENV: development
  auth:
    image: selling-point-auth
    container_name: selling-point-auth
    build: 
      context: ./selling-point-auth
    labels:
      # Tells Traefik where to redirect the request if the url has the specified prefix
      - traefik.http.routers.auth.rule=PathPrefix(`/auth`)
        # Attaches a circuit breaker middleware
      - traefik.http.routers.auth.middlewares=cors,latency
      # Attaches entrypoints
      - traefik.http.routers.auth.entrypoints=web
      # Exposes container
      - traefik.enable=true
      # Matcher for creating a route
      - traefik.scope=selling-point
      # Creates a service called selling-point-auth
      - traefik.http.services.selling-point-auth.loadbalancer.server.port=3000
      # Attach the container to a service
      - traefik.http.routers.auth.service=selling-point-auth
    environment:
      WAIT_HOSTS: mysql:3306
      IGNORE_ENV_FILE: 'true'
      DATABASE_URL: mysql://root:huachinango@mysql:3306/selling_point
      PASSWORD_SALT: $$2b$$10$$g0OI8KtIE3j6OQqt1ZUDte
      NODE_ENV: development
    volumes:
      - ./selling-point-auth/src:/app/src
    networks:
      - selling-point
  mysql:
    image: mysql:5
    container_name: selling-point-mysql
    environment:
      MYSQL_ROOT_PASSWORD: huachinango
      MYSQL_DATABASE: selling_point
    networks:
      - selling-point
    volumes:
      - mysql-db:/var/lib/mysql
  jaeger:
    image: jaegertracing/all-in-one:1.29
    container_name: selling-point-tracing
    environment:
      COLLECTOR_ZIPKIN_HOST_PORT: :9411
    ports:
      - 16686:16686
    networks:
      - selling-point
volumes:
  mysql-db:

networks:
  selling-point:
    name: selling-point
    driver: bridge

【讨论】:

  • 干杯我会调查这个。顺便说一句:可能想要混淆 PASSWORD_SALT
  • 好的,我已经更新了 docker-compose.yaml,因为我发现了一个与 CORS 相关的问题,我将使用 docker secrets 作为 PASSWORD_SALT,但感谢您的建议 :),让我知道是否适合你
猜你喜欢
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2019-04-04
  • 1970-01-01
  • 2020-11-02
  • 1970-01-01
  • 1970-01-01
  • 2021-11-14
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode