如何从我的 EC2 实例外部公开我的 Docker 容器?
version: '3.1' services: php: image: leonard/${CPROJECT}.php:tg1 build: context: . dockerfile: './docker/php/Dockerfile' depends_on:
- redis
- mariadb command:
- /bin/bash
- -c
- umask 000 && ./php-fpm-build.sh && php-fpm networks:
- backend volumes:
- ./htomato.com/:/var/www/:consistent
- ./htomato.com/node_modules/:/var/www/node_modules/:cached
- ./htomato.com/vendor/:/var/www/vendor/:cached
- ./logs/php/:/var/log/htomato/:cached
apache: image: leonard/common.apache:tg1 build: './docker/apache/' depends_on:
- php networks:
- frontend
- backend
- traefik labels:
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.service=${COMPOSE_CPROJECT_NAME}-apache
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.entryPoints=web
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache.loadbalancer.server.port=80
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.entryPoints=websecure
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.service=${COMPOSE_CPROJECT_NAME}-apache-ssl
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.tls=true
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-ssl.loadbalancer.server.port=80
- traefik.enable=true
- traefik.docker.network=webgateway
- traefik.port=80 volumes:
- ./htomato.com/public:/var/www/public
- ./docker/php/php.ini:/usr/local/etc/php/php.ini
mariadb: image: leonard/common.mariadb:tg1 build: './docker/mariadb/' restart: always environment: MYSQL_ROOT_PASSWORD: A7h2ie23 MYSQL_DATABASE: ${CPROJECT} MYSQL_USER: ${CPROJECT} MYSQL_PASSWORD: ${MARIADB_PASS} DBDUMP: ${DBDUMP} DATABASE: ${CPROJECT} volumes:
- db-data:/var/lib/mysql
- ./docker/mariadb/import-dump.sh:/docker-entrypoint-initdb.d/a-import-dump.sh networks:
- backend ports:
- ${MARIADB_DEVPORT}:3301
redis: image: redis restart: always networks:
- backend
varnish: image: varnish:6.1 restart: always depends_on:
- apache networks:
- frontend
- backend
- traefik volumes:
- ./docker/varnish:/etc/varnish
node: image: leonard/node:8.17 build: context: . dockerfile: './docker/node/Dockerfile'
networks: backend: traefik: labels:
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.entryPoints=gulp
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.service=${COMPOSE_CPROJECT_NAME}-apache-gulp
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-gulp.loadbalancer.server.port=3000
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.rule=${HTTPRULE}
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.entryPoints=gulp-ui
- traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.service=${COMPOSE_CPROJECT_NAME}-apache-gulp-ui
- traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.loadbalancer.server.port=3000
- traefik.enable=true
- traefik.docker.network=webgateway
- traefik.port=80
command:
- /bin/bash
- -c
- umask 000 && npm ci; socat TCP-LISTEN:80,fork,reuseaddr TCP:apache:80 & make css-browser volumes:
- ./htomato.com:/htomato.com working_dir: /htomato.com
volumes: db-data:
networks: frontend: backend: traefik: external: name: webgateway
以上是我的docker-compose文件。运行后,我得到:
我运行了 docker-compose up 并得到了:
Proxying: http:local.htomato.com:80
and Access URLs: Local: http://localhost:3000 External: http://0.0.0.0:30
ec2 实例可通过 ssh 通过 staging.htomato.com 端口 22 访问,但我如何从外部访问 localhost:3000?我被告知只需在浏览器中输入 staging.htomato.com:3000,但它无法按预期工作。
答案1
你的 docker-compose 格式完全混乱,但我没有在你的 traefik 路由器中看到将域与你的容器绑定的规则。
Traefik 是一个反向代理,您必须将所有域名和子域指向负载均衡器或实例前面的弹性 IP 地址。
因此对于第一个希望,即从域/到子域,DNS 映射将覆盖路由。
对于下一个希望,即将请求路由到实际容器,您将需要一个主机规则。
看
所以你可能需要通过
Host(`staging.htomato.com`)
到${HTTPRULE}
您不需要提供端口,因为 traefik 充当反向代理,并且端口不会暴露