美文网首页Traefik
基于 traefik v2 的本地开发、部署一致环境方案

基于 traefik v2 的本地开发、部署一致环境方案

作者: 思考蛙 | 来源:发表于2019-09-30 16:34 被阅读0次
    图片.png

    简介

    中小型产品项目,如果能将本地的开发环境与生产的部署环境达成一致的话,会很方便运维、测试,也可以说是小团队和独立开发者很好的解决方案。我的一些中小型项目就没有采用一些常规的运维、测试解决方案,而是利用 traefik + Docker 容器来实现,经过多个项目的实践相信这是另一种很实用的工作方法,现将一些配置的要点总结如下:

    准备

    1. 本地安装 docker,参见官方文档找到对应的系统平台
      https://docs.docker.com/install/#supported-platforms
    2. 配置 docker 加速,推荐 daocloud 的加速服务
      https://www.daocloud.io/mirror

    开始

    一、配置 traefik v2

    建立如下目录

    .
    ├── acme.json
    ├── docker-compose.yml
    ├── dynamic_conf.toml
    ├── logs  # 日志会自动生成
    │   ├── access.log
    │   └── traefik.log
    ├── ssl
    │   ├── caixie.top.crt
    │   ├── caixie.top.key
    └── traefix.toml
    

    1. 配置 docker-compose.yml 编排文件,内容如下

    version: '3'
     
    services:
      reverse-proxy:
        image: traefik:v2.0.1
        container_name: "traefik"
        restart: always
        labels:
          - traefik.enable=true
          - traefik.docker.network=traefik
        ports:
          - 80:80
          - 443:443
        volumes:
          - /var/run/docker.sock:/var/run/docker.sock
          - ./traefik.toml:/traefik.toml
          # ./acme.json:/acme.json
          - ./logs:/var/log
          - ./dynamic_conf.toml:/dynamic_conf.toml
          - ./ssl:/data/ssl/
        networks:
          - default
          - traefik
      whoami:
        # A container that exposes an API to show its IP address
        image: containous/whoami
        labels:
          # 声明公开此容器访问
          - "traefik.enable=true"
          # 服务将响应的域
          - "traefik.http.routers.whoami.rule=Host(`whoami.caixie.top`)"
          # 只允许来自预定义的入口点“web”的请求
          - "traefik.http.routers.whoami.entrypoints=web, web-secure"
          - traefik.docker.network=traefik
        networks:
          - default
          - traefik
    
    networks:
      traefik:
        external: true
    
    

    2 traefik 静态配置, traefik.toml 文件内容如下

    ## traefik.toml
    ## Static configuration
    
    [entryPoints]
      [entryPoints.web]
        address = ":80"
    
      [entryPoints.web-secure]
        address = ":443"
    
      [entryPoints.traefik]
        address = ":8000"
    
    [providers]
      [providers.docker]
        # 限制服务发现范围
        # 如果设置为 false, 则没有 traefik.enable=true 标签的容器将从生成的路由配置中忽略
        exposedByDefault = false 
        network = "traefik"
      [providers.file]
        filename = "dynamic_conf.toml"
        watch = true
    
    [retry]
    
    [api]
      # dashboard = true
      # insecure = true
      #debug = true
     
    [ping]
    

    3 traefik 动态配置, dynamic_conf.toml 内容如下

    ## Dynamic configuration
    
    [http.routers.api]
      rule = "Host(`d.caixie.top`)"
      entrypoints = ["web-secure"]
      service = "api@internal"
      middlewares = ["myAuth"]
      [http.routers.api.tls]
    
    # 用户:test 密码:test
    [http.middlewares.myAuth.basicAuth]
      users = [
        "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
      ]
    
    [tls]
      [[tls.certificates]]
        certFile = "/data/ssl/caixie.top.crt"
        keyFile = "/data/ssl/caixie.top.key"
    [tls.stores]
      [tls.stores.default]
        [tls.stores.default.defaultCertificate]
          certFile = "/data/ssl/caixie.top.crt"
          keyFile = "/data/ssl/caixie.top.key"  
    

    4 启动 treafik 服务

    docker-compose up -d
    

    5 进入 Dashboard 管理页面

    浏览器打开刚配置的 d.caixie.top 出现类似如下页面就成功配置了:


    Traefik Dashboard

    二、 应用端配置

    1 示例: API 服务端

    # Dockerfile 文件
    #FROM mhart/alpine-node:12
    FROM node:10-alpine
    # 设置镜像作者
    #MAINTAINER baisheng <baisheng@gmail.com>
    # 设置时区
    RUN sh -c "echo 'Asia/Shanghai' > /etc/timezone"
    # 使用 aliyun 仓库加速
    RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
    
    # 以下软件根据实际情况选择是否安装
    RUN apk add --no-cache make gcc g++ python git
    # Nodejs 服务的淘宝源配置
    
    RUN npm config set registry https://registry.npm.taobao.org && \
        npm config set disturl https://npm.taobao.org/dist && \
        npm config set electron_mirror https://npm.taobao.org/mirrors/electron/ && \
        npm config set sass_binary_site https://npm.taobao.org/mirrors/node-sass/ && \
        npm config set phantomjs_cdnurl https://npm.taobao.org/mirrors/phantomjs/
    RUN npm install --global node-gyp
    
    #
    WORKDIR /home/node/app
    
    COPY package.json .
    COPY package-lock.json /home/node/app
    RUN npm ci
    
    COPY . /home/node/app
    RUN npm run build
    
    EXPOSE 80
    
    

    docker-compose 编排文件

    # docker-compose.yml
    # 根据项目用到的软件情况进行编排配置
    
    version: '3.7'
    services:
      redis:
        image: bitnami/redis:latest
        environment:
          - ALLOW_EMPTY_PASSWORD=yes
          - REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL
        ports:
          - 6379:6379
        volumes:
          - redis_data:/bitnami/redis/data
        networks:
          - db-tier
      mongodb:
        image: bitnami/mongodb:latest
        volumes:
          - mongodb_data:/bitnami
        ports:
          - 27017:27017
        networks:
          - db-tier
      # 应用配置
      baisheng.api:
        build:
          context: .
          dockerfile: Dockerfile
        volumes:
          - ./:/app
          - /app/node_modules
        depends_on:
          - mongodb
          - redis
        networks:
          - traefik
          - db-tier
          - default
        command: yarn start:prod
        labels:
          # 声明公开此容器访问
          - "traefik.enable=true"
          - "traefik.http.routers.baisheng-server.entrypoints=web, web-secure"
          - "traefik.http.routers.baisheng-server.tls=true"
          - "traefik.http.routers.baisheng-server.rule=Host(`api.caixie.top`)"
          - "traefik.docker.network=traefik"
    volumes:
      redis_data:
        # 大部分情况为本地驱动,除有外部存储的情况,需要单独配置
        # https://docs.docker.com/compose/compose-file/#driver
        driver: local
      mongodb_data:
        driver: local
    # 与 traefik v2 基础服务在同一网络
    networks:
      db-tier:
      traefik:
        external: true
        name: traefik
    

    2 示例: 应用WEB端

    # Dockerfile 文件
    
    FROM baisheng/alpine-node:12
    WORKDIR /app
    COPY . .
    RUN npm install
    EXPOSE 3000
    

    3 docker-compose 编排文件

    version: '3.7'
    services:
      website:
    #    image: mhart/alpine-node:12
    #    working_dir: /app
        environment:
    #      - NODE_ENV=production
           - NODE_ENV=development
        build:
          context: .
          dockerfile: Dockerfile
        volumes:
          - ./:/app
          - /app/node_modules
        networks:
          - traefik
        command: yarn dev
    #    command: sh docker-entrypoint.sh
    #    ports:
    #      - 3001:80
        labels:
          - "traefik.enable=true"
          - "traefik.http.routers.baisheng-website.entrypoints=web, web-secure"
    #         禁止非安全请求
          - "traefik.http.routers.baisheng-website.tls=true"
          - "traefik.http.routers.baisheng-website.rule=Host(`www.caixie.top`)"
          - "traefik.docker.network=traefik"
    networks:
      traefik:
        external: true
    

    4 查看配置是否成功

    进入 dashboard 到 http 标签选项卡中查看是否已正确发现你的应用配置,如果出现配置信息,表示应用配置成功:

    Dashboard HTTP

    重要说明

    • networks 需要在同一网络,网络之间的子应用才能正确通讯
    • 如果 treafik 的服务器发现设置为 exposeByDefault=false,需要由 treafik 管理的应用需要设置 treafik.enable=true
    • 如果应用采用 docker 编排,应用的启动IP设置应为 0.0.0.0 否则无法解析应用域名访问

    相关文章

      网友评论

        本文标题:基于 traefik v2 的本地开发、部署一致环境方案

        本文链接:https://www.haomeiwen.com/subject/ksxhpctx.html