如何在我的 EC2 实例之外公开我的 Docker 容器?

如何在我的 EC2 实例之外公开我的 Docker 容器?

如何从我的 EC2 实例外部公开我的 Docker 容器?

version: '3.1' services:  php:   image: leonard/${CPROJECT}.php:tg1   build:    context: .    dockerfile: './docker/php/Dockerfile'   depends_on:
   - redis
   - mariadb   command:
   - /bin/bash
   - -c
   - umask 000 && ./php-fpm-build.sh && php-fpm   networks:
   - backend   volumes:
   - ./htomato.com/:/var/www/:consistent
   - ./htomato.com/node_modules/:/var/www/node_modules/:cached
   - ./htomato.com/vendor/:/var/www/vendor/:cached
   - ./logs/php/:/var/log/htomato/:cached

 apache:   image: leonard/common.apache:tg1   build: './docker/apache/'   depends_on:
   - php   networks:
   - frontend
   - backend
   - traefik   labels:
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.rule=${HTTPRULE}
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.service=${COMPOSE_CPROJECT_NAME}-apache
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache.entryPoints=web
   - traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache.loadbalancer.server.port=80

   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.rule=${HTTPRULE}
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.entryPoints=websecure
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.service=${COMPOSE_CPROJECT_NAME}-apache-ssl
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-ssl.tls=true
   - traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-ssl.loadbalancer.server.port=80

   - traefik.enable=true
   - traefik.docker.network=webgateway
   - traefik.port=80   volumes:
   - ./htomato.com/public:/var/www/public
   - ./docker/php/php.ini:/usr/local/etc/php/php.ini

 mariadb:   image: leonard/common.mariadb:tg1   build: './docker/mariadb/'   restart: always   environment:    MYSQL_ROOT_PASSWORD: A7h2ie23    MYSQL_DATABASE: ${CPROJECT}    MYSQL_USER: ${CPROJECT}    MYSQL_PASSWORD: ${MARIADB_PASS}    DBDUMP: ${DBDUMP}    DATABASE: ${CPROJECT}   volumes:
   - db-data:/var/lib/mysql
   - ./docker/mariadb/import-dump.sh:/docker-entrypoint-initdb.d/a-import-dump.sh networks:
   - backend   ports:
   - ${MARIADB_DEVPORT}:3301

 redis:   image: redis   restart: always   networks:
   - backend

 varnish:   image: varnish:6.1   restart: always   depends_on:
   - apache   networks:
   - frontend
   - backend
   - traefik   volumes:
   - ./docker/varnish:/etc/varnish

 node:   image: leonard/node:8.17   build:    context: .    dockerfile: './docker/node/Dockerfile'

  networks:    backend:    traefik:   labels:
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.rule=${HTTPRULE}
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.entryPoints=gulp
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp.service=${COMPOSE_CPROJECT_NAME}-apache-gulp
   - traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-gulp.loadbalancer.server.port=3000

   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.rule=${HTTPRULE}
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.entryPoints=gulp-ui
   - traefik.http.routers.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.service=${COMPOSE_CPROJECT_NAME}-apache-gulp-ui
   - traefik.http.services.${COMPOSE_CPROJECT_NAME}-apache-gulp-ui.loadbalancer.server.port=3000

   - traefik.enable=true
   - traefik.docker.network=webgateway
   - traefik.port=80

  command:
   - /bin/bash
   - -c
   - umask 000 && npm ci; socat TCP-LISTEN:80,fork,reuseaddr TCP:apache:80 & make css-browser   volumes:
   - ./htomato.com:/htomato.com   working_dir: /htomato.com

volumes:  db-data:

networks:  frontend:  backend:  traefik:   external:    name: webgateway

以上是我的docker-compose文件。运行后,我得到:

我运行了 docker-compose up 并得到了:

Proxying: http:local.htomato.com:80
and Access URLs: Local: http://localhost:3000 External: http://0.0.0.0:30
  

ec2 实例可通过 ssh 通过 staging.htomato.com 端口 22 访问,但我如何从外部访问 localhost:3000?我被告知只需在浏览器中输入 staging.htomato.com:3000,但它无法按预期工作。

答案1

你的 docker-compose 格式完全混乱,但我没有在你的 traefik 路由器中看到将域与你的容器绑定的规则。

Traefik 是一个反向代理,您必须将所有域名和子域指向负载均衡器或实例前面的弹性 IP 地址。

因此对于第一个希望,即从域/到子域,DNS 映射将覆盖路由。

对于下一个希望,即将请求路由到实际容器,您将需要一个主机规则。

所以你可能需要通过

Host(`staging.htomato.com`) 

${HTTPRULE}

您不需要提供端口,因为 traefik 充当反向代理,并且端口不会暴露

相关内容