Traefik反向代理部署

创建所需文件夹(文件)

mkdir -p docker/traefik/configurations
cd /docker
touch docker-compose.yml
touch traefik/traefik.yml
touch traefik/acme.json
touch traefik/configurations/dynamic.yml
chmod 600 traefik/acme.json

docker-compose.yml文件：

    version: '3.8'
    
    services:
      traefik:
        image: traefik:v2.4
        container_name: traefik
        restart: always
        security_opt:
          - no-new-privileges:true
        ports:
          - 889:88
          - 4443:443
          - 8080:8080
        environment:
          - "ALICLOUD_ACCESS_KEY=XXXXXXXXXXXX"
          - "ALICLOUD_SECRET_KEY=XXXXXXXXXXXX"
        volumes:
          - /etc/localtime:/etc/localtime:ro
          - /var/run/docker.sock:/var/run/docker.sock:ro
          - ./traefik/traefik.yml:/traefik.yml:ro
          - ./traefik/acme.json:/acme.json
          # Add folder with dynamic configuration yml
          - ./traefik/configurations:/configurations
        networks:
          - proxy
        labels:
          - "traefik.enable=true"
          - "traefik.docker.network=bridge"
          - "traefik.http.routers.traefik-secure.entrypoints=websecure"
          - "traefik.http.routers.traefik-secure.rule=Host(`XXXX.com`)"
          - "traefik.http.routers.traefik-secure.middlewares=user-auth@file"
          - "traefik.http.routers.traefik-secure.service=api@internal"
    networks:
      proxy:
        external: true

备注：ALICLOUD_ACCESS_KEY与ALICLOUD_SECRET_KEY填写你阿里云获取的密钥
XXXX.comXXXX填写你的顶级域名

dynamic.yml

    # Dynamic configuration
    http:
      routers:
        emby:##名称
          service: emby##名称
          middlewares:
          rule: "Host(`emby.XXXX.com`)"##你想要反向代理的域名
      services:
        emby:##名称
          loadBalancer:
            servers:
              - url: "http://10.10.10.13:8096"##你的内网地址
    
    
      middlewares:
        secureHeaders:
          headers:
            sslRedirect: true
            forceSTSHeader: true
            stsIncludeSubdomains: true
            stsPreload: true
            stsSeconds: 31536000
            
        user-auth:
          basicAuth:
            users:
              - "admin:$apr1$tm53ra6x$FntXd6jcvxYM/YH0P2hcc1"

traefik.yml

    api:
      dashboard: true
      insecure: true
    entryPoints:
      web:
        address: :80
        http:
          redirections:
            entryPoint:
              to: websecure
    
      websecure:
        address: :443
        http:
          middlewares:
            - secureHeaders@file
          tls:
            certResolver: myssl
            
    serversTransport:
      insecureSkipVerify: true
                  
    providers:
      docker:
        endpoint: "unix:///var/run/docker.sock"
        exposedByDefault: false
      file:
        filename: /configurations/dynamic.yml
    
    certificatesResolvers:
      myssl:
        acme:
          dnsChallenge:
            provider: alidns
            delayBeforeCheck: 0
            resolvers:
              - "119.29.29.29:53"
              - "8.8.8.8:53"

启动容器:

docker-compose up -d

RSG博客

https://www.lxg2016.com/54748.html

FoMM’s Blog

https://hexo.aufomm.com/traefik/