Docker Compose + Traefik v2 快速安装， 自动申请SSL证书 http转https 初次尝试

前言

昨晚闲得无聊睡不着觉，拿起服务器尝试部署了一下Docker + Traefik v2.1.6 ，以下是一些配置的总结，初次接触，大佬勿喷。

我的系统环境是 Ubuntu 18.04.3 LTS

一、Docker 和 Docker Compose 安装

懒人使用一键脚本

1.Docker 安装

curl -sSL https://get.daocloud.io/docker | sh

安装后将会自动重启。

2.Docker Compose 安装

curl -L https://github.com/docker/compose/releases/download/1.25.4/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

可自行前往Github 查看最新版本 Releases · docker/compose

Docker以及Docker Compose简单介绍使用传送门：docker 及 docker-compose 的快速安装和简单使用

二、使用Docker Compose快速安装Traefik v2.1.6

1.建立traefik目录，新建docker-compose.yml文件 以下是我的配置，仅供参考

vim docker-compose.yml

version: "3.7"
services:
  dykimy_traefik:
    restart: always
    image: traefik:v2.1.6
    container_name: dykimy_traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # 入口点信息 其中 http & https 可以自己定义名称 在routers entrypoints中会用到
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      # ACME信息
      - "--certificatesresolvers.dykimy.acme.httpchallenge=true"
      - "--certificatesresolvers.dykimy.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.dykimy.acme.email=${AcmeEmail}"
      - "--certificatesresolvers.dykimy.acme.storage=/letsencrypt/acme.json"
    networks:
      - webgateway
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/timezone:/etc/timezone"
      - "/etc/localtime:/etc/localtime"
    labels:
      - "traefik.enable=true"
      # Traefik仪表板相关配置
      - "traefik.http.routers.dykimy_traefik.rule=Host(`${TraefikDomain}`)"
      - "traefik.http.routers.dykimy_traefik.tls.certresolver=dykimy"
      - "traefik.http.routers.dykimy_traefik.entrypoints=https"
      - "traefik.http.routers.dykimy_traefik.middlewares=authtraefik"
      - "traefik.http.services.dykimy_traefik.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.authtraefik.basicauth.users=${TraefikUsers}"

      # 全局重定向到HTTPS
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # 重定向中间件
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
networks:
  webgateway:
    external:
      # 请先自行创建网络 docker network create dykimy_gateway 名字自己定义
      name: dykimy_gateway

vim .env

AcmeEmail=yourname@youremail.com
TraefikDomain=traefik.yourdomain.com
TraefikUsers=user:$apr1$7u80L7XB$Oqh/UiL5EjWr94lSkULKl0,user2:$apr1$U.eJNqst$DeuE7JjXgbiqP9g2nUq18/

#用户可以设置多个，生成htpasswd使用如下shell获取。
echo $(htpasswd -nb user password)
#user:$apr1$7u80L7XB$Oqh/UiL5EjWr94lSkULKl0

#如果需要直接卸载yml中，因为有$符号需要转移。
echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
#user:$$apr1$$i88wLyi0$$/2dB/ShipkdrTZpnDjcpo0

yml中的写法

labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

2.拉取镜像，启动容器

docker-compose up -d

访问 traefik.yourdomain.com 就可以看到Traefik 的界面啦，下面附送两张图片，Traefik V2的UI是真的好看。

3.其他站点如何配置？

我以一个whoami的示例给大家举例

vim docker-compose.yml

version: "3.7"
services:
  whoami:
    restart: always
    image: containous/whoami
    container_name: whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      # 这里的dykimy 填写上面的ACME你定义的节点名称
      - "traefik.http.routers.whoami.tls.certresolver=dykimy"
    networks:
      - webgateway
networks:
  webgateway:
    external:
      name: dykimy_gateway

启动容器

docker-compose up -d

访问whoami.yourdomain.com就可以看到效果了

4.不带www转到www

我搜索了中文结果，英文结果，都没有找到traefik v2 设置不带www跳转www的方法，然后发现老外的需求都是带www跳转到不带www，哈哈，然后自己写了一个，仅供参考。

在 traefik 目录的 docker-compose.yml 下的 labels 节点，增加如下配置：

- "traefik.http.middlewares.https-force-www.redirectregex.regex=^https://([^www](?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9])(.+)"
- "traefik.http.middlewares.https-force-www.redirectregex.replacement=https://www.$${1}$${2}"
- "traefik.http.middlewares.https-force-www.redirectregex.permanent=true"

完整文件内容

version: "3.7"
services:
  dykimy_traefik:
    restart: always
    image: traefik:v2.1.6
    container_name: dykimy_traefik
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      # 入口点信息 其中 http & https 可以自己定义名称 在routers entrypoints中会用到
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      # ACME信息
      - "--certificatesresolvers.dykimy.acme.httpchallenge=true"
      - "--certificatesresolvers.dykimy.acme.httpchallenge.entrypoint=http"
      - "--certificatesresolvers.dykimy.acme.email=${AcmeEmail}"
      - "--certificatesresolvers.dykimy.acme.storage=/letsencrypt/acme.json"
    networks:
      - webgateway
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/timezone:/etc/timezone"
      - "/etc/localtime:/etc/localtime"
    labels:
      - "traefik.enable=true"
      # Traefik仪表板相关配置
      - "traefik.http.routers.dykimy_traefik.rule=Host(`${TraefikDomain}`)"
      - "traefik.http.routers.dykimy_traefik.tls.certresolver=dykimy"
      - "traefik.http.routers.dykimy_traefik.entrypoints=https"
      - "traefik.http.routers.dykimy_traefik.middlewares=authtraefik"
      - "traefik.http.services.dykimy_traefik.loadbalancer.server.port=8080"
      - "traefik.http.middlewares.authtraefik.basicauth.users=${TraefikUsers}"

      # 全局重定向到HTTPS
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # 重定向中间件
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

      # 全局重定向https请求不带www到www中间件
      - "traefik.http.middlewares.https-force-www.redirectregex.regex=^https://([^www](?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9])(.+)"
      - "traefik.http.middlewares.https-force-www.redirectregex.replacement=https://www.$${1}$${2}"
      - "traefik.http.middlewares.https-force-www.redirectregex.permanent=true"
networks:
  webgateway:
    external:
      # 请先自行创建网络 docker network create dykimy_gateway 名字自己定义
      name: dykimy_gateway

对应修改站点下的docker-compose.yml为：

version: "3.7"
services:
  whoami:
    restart: always
    image: containous/whoami
    container_name: whoami
    labels:
      - "traefik.enable=true"
      # 注意这里增加了www前缀
      - "traefik.http.routers.whoami.rule=Host(`whoami.yourdomain.com`,`www.whoami.yourdomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=https"
      # 这里的dykimy 填写上面的ACME你定义的节点名称
      - "traefik.http.routers.whoami.tls.certresolver=dykimy"
      # 使用咱们全局定义的https-force-www中间件
      - "traefik.http.routers.whoami.middlewares=https-force-www"
    networks:
      - webgateway
networks:
  webgateway:
    external:
      name: dykimy_gateway

好了，大功告成，一写博客就去了几个小时，哈哈哈，如果本文帮到您，请大家多多支持，如有不足之处，请指出，感谢您的阅读。

本文版权归 Dykimy 和 博客园 共有，欢迎转载，如未经作者允许，转载需保留此段声明，并在文章显眼处注明出处，否则保留追究法律责任的权利。