安全协议>> traefik>> 返回
项目作者: ealcantara22

项目描述 :
Traefik HTTP reverse proxy base configuration with SSL certificate support.
高级语言: Shell
项目地址: git://github.com/ealcantara22/traefik.git
创建时间: 2020-04-08T03:26:13Z
项目社区:https://github.com/ealcantara22/traefik
开源协议:
下载


Description

Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with with multiples infrastructure components (Docker, Kubernetes, …) and configures itself automatically and dynamically.

This project focuses on the steps needed to setup a local Traefik environment.

Note: This guide asumes that you already have Docker and Docker Compose installed on your system.

Getting and running traefik

  1. Add all the domains you need to your /etc/hosts file.
    1.  127.0.0.1   localhost.traefik.com
    2.  127.0.0.1   localhost.site.com

  2. Create an external Docker network, it will be used to connect traefik to other services. 

    1.  docker network create docker_default

  3. Clone this repository

    1.  git clone https://github.com/ealcantara22/traefik.git
    2.  cd traefik

  4. Copy the .env.sample file as .env and fill it with the information you used in steps 1 and 2.

    1.  cp .env.sample .env

  5. Start traefik and verify that http://localhost.traefik.com/dashboard/ works. The final / is mandatory.

    1.  docker-compose up -d

Generating an SSL certificate

I like to run all my apps locally using HTTPS for multiple reasons, and the easiest way for me to accomplish that is supporting all the apps and services domain that I need in a single certificate by using a Multi-Domain (SAN) Certificate.

  1. Edit the openssl.conf.

    1.1. Replace the distinguished name (dn) section with your informacion. You can read more about these values here.

    1.  [dn]
    2.  C=Country
    3.  ST=State or Province name
    4.  L=Locality name
    5.  CN=Common Name
    6.  O=Organization name
    7.  OU=Organizational Unit name
    8.  emailAddress=Email address

    1.2. Add all the domain names you need in the alt_names section.

    1.  [alt_names]
    2.  DNS.1=localhost.traefik.com
    3.  DNS.2=localhost.site.com
    4.  DNS.3=my-domain.com
    5.  .
    6.  .
    7.  .
  2. Generate the certificate by executing the generate-ssl.sh script located in the scripts directory. You will notice that a cert.crt and cert.key files were created.
    1.  cd scripts && ./generate-ssl.sh

Adding SSL Certificates to traefik

Now that you bought or generate a certificate, add it to traefik is really easy.

  1. Place your certificate files (generally a .crt and a .key files) inside the certs directory.

  2. Rename the tlsOptions.toml.sample file place in the dynamic directory to tlsOptions.toml.

    1.  mv tlsOptions.toml.sample tlsOptions.toml

  3. Edit the tlsOptions.toml file content with your certificate file information using the configuration that best suits your needs. Read more here

Testing

  1. Create this docker-composer.yml file and run docker-compose up.

    1.  version: "3.3"
    3.  networks:
    4.  docker_default:
    5.      external: true
    7.  services:
    8.  nginx:
    9.      image: nginx:latest
    10.      networks:
    11.      - docker_default
    12.      labels:
    13.      - traefik.enable=true
    14.      - traefik.docker.network=docker_default
    15.      - traefik.http.routers.nginx.entryPoints=https
    16.      - traefik.http.routers.nginx.rule=Host(`localhost.nginx.com`)
    17.      - traefik.http.routers.nginx.tls=true
  2. Open your favorite web browser and go to localhost.nginx.com.

Contributions

There’s always room for improvements, please submit a issue or a pull request if you have the time.