需要帮助通过 WAN 和 LAN 设置 traefik

需要帮助通过 WAN 和 LAN 设置 traefik

因此,我正在通过 docker 构建一个媒体服务器,该服务器应该可以从任何地方访问(主机、整个主机的 LAN、WAN)。基本上,我每个都有一堆 Web 接口。每个接口默认可在特定端口下访问,但我希望它可以在端口 80 上的子域下访问。我想使用 traefik 作为反向代理,这样它就成为唯一一个从技术上可以从任何地方访问的容器。

我猜想从我的网络访问托管在我网络上的域可能会引起一些问题。这就是为什么我首先关注 WAN 访问,因为我总是可以访问 WAN,但不能访问 LAN (4G)。

如果我想通过 WAN 访问服务器,请求 (plex.domain.tld:80) 将会

  1. 到 DNS 服务器 - DNS 配置并指向我的路由器 IP
  2. 到我的路由器 - 端口 80 转发到我的 docker 主机
  3. 致我的主人——问题我不知道如何将其重定向到我的 traefik 容器。docker-compose.yml我在其中定义了一个带有子网的自定义网络,并为我的 traefik 容器提供了一个静态 IP。
  4. 对于 traefik -警告我不确定我的是否docker-compose.yml正确。它应该将对 plex.domain.tld 端口 80 的请求重定向到我的 plex 容器,但我还无法测试它。

我的问题是:首先,我上面的假设正确吗?我根本不是网络专家,想从好的基础开始。其次,如果我唯一的问题是将进入我主机的流量重定向到我知道其 IP 的特定容器;我该如何重定向所述流量?

docker-compose.yml最新版本

version: '3.2'

networks:
  proxy:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 172.16.238.0/24

services:
  traefik:
    image: traefik
    container_name: traefik
    hostname: traefik
    restart: unless-stopped  
    networks:
      proxy:
        ipv4_address: 172.16.238.2
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TIMEZONE}
    ports:
      - 8080:8080
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ${ROOT_FOLDER}\\traefik\\config:/etc/traefik
      #- ${ROOT_FOLDER}\\traefik\\config\\acme.json:/acme.json
    labels:
      - "traefik.enable=false"
      - "traefik.docker.network=proxy"
      - "traefik.port=80"
      - "traefik.frontend.rule=Host:traefik.${DOMAIN_NAME}"
      - "traefik.frontend.rule=Host:${DOMAIN_NAME}"

  plex: # https://hub.docker.com/r/linuxserver/plex
    image: linuxserver/plex
    container_name: plex
    hostname: plex
    restart: unless-stopped
    networks:
      - proxy
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TIMEZONE}
      - PLEX_CLAIM=${PLEX_CLAIM}
      - VERSION=public
      - UMASK_SET=022
    ports:
      - 32400:32400/tcp
      - 3005:3005/tcp
      - 8324:8324/tcp
      - 32469:32469/tcp
      - 1900:1900/udp
      - 32410:32410/udp
      - 32412:32412/udp
      - 32413:32413/udp
      - 32414:32414/udp
    volumes:
      - "${ROOT_FOLDER}\\library:/library"
      - "${ROOT_FOLDER}\\plex\\database:/config"
      - "${ROOT_FOLDER}\\plex\\tmp\\transcode:/transcode"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.port=80"
      - "traefik.frontend.rule=Host:plex.${DOMAIN_NAME}"
    depends_on:
      - traefik

答案1

你的假设是正确的,所以

  1. 首先,请求将发送到 DNS 服务器,该服务器指向你的公共 IP 地址
  2. 你的路由器会将传入的请求转发到 docker 主机的 80 端口
  3. 在你的docker主机上,traefik将监听到达80端口的每个请求
  4. 根据您的配置,traefik 将把请求路由到特定的 docker 容器。

首先,你应该添加一个 docker 网络(proxynetwork),这样 traefik 就可以找到你所有的 docker 容器

docker network create proxynetwork

之后,你应该将 treafik 配置文件保存在你的 traefik 文件夹中 (${ROOT_FOLDER}\traefik\traefik.toml)。替换[电子邮件保护]您的电子邮件地址。

################################################################
#
# Configuration sample for Traefik v2.
#
# For Traefik v1: https://github.com/containous/traefik/blob/v1.7/traefik.sample.toml
#
################################################################

################################################################
# Global configuration
################################################################
[global]
  checkNewVersion = true
  sendAnonymousUsage = true

################################################################
# Entrypoints configuration
################################################################

# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"

################################################################
# Traefik logs configuration
################################################################

# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
[log]

  # Log level
  #
  # Optional
  # Default: "ERROR"
  #
  # level = "DEBUG"

  # Sets the filepath for the traefik log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  # filePath = "log/traefik.log"

  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  # format = "json"

################################################################
# Access logs configuration
################################################################

# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]

  # Sets the file path for the access log. If not specified, stdout will be used.
  # Intermediate directories are created if necessary.
  #
  # Optional
  # Default: os.Stdout
  #
  # filePath = "/path/to/log/log.txt"

  # Format is either "json" or "common".
  #
  # Optional
  # Default: "common"
  #
  # format = "json"

################################################################
# API and dashboard configuration
################################################################

# Enable API and dashboard
[api]

  # Enable the API in insecure mode
  #
  # Optional
  # Default: false
  #
  # insecure = true

  # Enabled Dashboard
  #
  # Optional
  # Default: true
  #
  dashboard = true

################################################################
# Ping configuration
################################################################

# Enable ping
[ping]

  # Name of the related entry point
  #
  # Optional
  # Default: "traefik"
  #
  # entryPoint = "traefik"

################################################################
# Docker configuration backend
################################################################

# Enable Docker configuration backend
[providers.docker]

  # Docker server endpoint. Can be a tcp or a unix socket endpoint.
  #
  # Required
  # Default: "unix:///var/run/docker.sock"
  #
  # endpoint = "tcp://10.10.10.10:2375"

  # Default host rule.
  #
  # Optional
  # Default: "Host(`{{ normalize .Name }}`)"
  #
  # defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"

  # Expose containers by default in traefik
  #
  # Optional
  # Default: true
  #
  exposedByDefault = false

################################################################
# ACME configuration
################################################################

# Enable ACME (Let's Encrypt): automatic SSL.
[certificatesResolvers.sgfs-httpChallenge.acme]

  # Email address used for registration.
  #
  # Required
  #
  email = "[email protected]"

  # File or key used for certificates storage.
  #
  # Required
  #
  storage = "${ROOT_FOLDER}\\traefik\\acme.json"

  # CA server to use.
  # Uncomment the line to use Let's Encrypt's staging server,
  # leave commented to go to prod.
  #
  # Optional
  # Default: "https://acme-v02.api.letsencrypt.org/directory"
  #
  # caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"

  # KeyType to use.
  #
  # Optional
  # Default: "RSA4096"
  #
  # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
  #
  # keyType = "RSA4096"

  # Use a TLS-ALPN-01 ACME challenge.
  #
  # Optional (but recommended)
  #
  #[certificatesResolvers.sgfs.acme.tlsChallenge]

  # Use a HTTP-01 ACME challenge.
  #
  # Optional
  #
  [certificatesResolvers.sgfs-httpChallenge.acme.httpChallenge]

    # EntryPoint to use for the HTTP-01 challenges.
    #
    # Required
    #
    entryPoint = "web"

  # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
  # Note: mandatory for wildcard certificate generation.
  #
  # Optional
  #
  # [certificatesResolvers.sample.acme.dnsChallenge]

    # DNS provider used.
    #
    # Required
    #
    # provider = "digitalocean"

    # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
    # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
    # Useful if internal networks block external DNS queries.
    #
    # Optional
    # Default: 0
    #
    # delayBeforeCheck = 0

    # Use following DNS servers to resolve the FQDN authority.
    #
    # Optional
    # Default: empty
    #
    # resolvers = ["1.1.1.1:53", "8.8.8.8:53"]

    # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
    #
    # NOT RECOMMENDED:
    # Increase the risk of reaching Let's Encrypt's rate limits.
    #
    # Optional
    # Default: false
    #
    # disablePropagationCheck = true

之后,您可以使用以下 docker-compose 文件设置 traefik (v2.0)

version: "3.3"

services:
  traefik:
    image: traefik:latest
    restart: always
    container_name: traefik
    hostname: traefik
    domainname: "domain.tld"
    networks:
      - proxynetwork
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ${ROOT_FOLDER}\\traefik\\traefik.toml:/etc/traefik/traefik.toml
      - ${ROOT_FOLDER}\\traefik\\acme.json:/etc/traefik/acme.json
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.rule=Host(`traefik.domain.tld`)
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.middlewares=sgfs-auth
      - traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"

networks:
  proxynetwork:
    external: true

改变密码和用户名就行:

  • traefik.http.middlewares.auth.basicauth.users=测试:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,测试2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0”

例如,您可以在本网站

因此现在您应该能够使用以下 URL 访问 traefik 仪表板。

traefik.domain.tld

最后一步,您可以设置媒体 docker 容器。为此使用以下 docker-compose 文件


version: "3.3"

services:
  plex: # https://hub.docker.com/r/linuxserver/plex
    image: linuxserver/plex
    container_name: plex
    hostname: plex
    restart: unless-stopped
    networks:
      - proxynetwork
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TIMEZONE}
      - PLEX_CLAIM=${PLEX_CLAIM}
      - VERSION=public
      - UMASK_SET=022
    ports:
      - 32400:32400/tcp
      - 3005:3005/tcp
      - 8324:8324/tcp
      - 32469:32469/tcp
      - 1900:1900/udp
      - 32410:32410/udp
      - 32412:32412/udp
      - 32413:32413/udp
      - 32414:32414/udp
    volumes:
      - "${ROOT_FOLDER}\\library:/library"
      - "${ROOT_FOLDER}\\plex\\database:/config"
      - "${ROOT_FOLDER}\\plex\\tmp\\transcode:/transcode"
    labels:
      - traefik.enable=true
      - traefik.docker.network=proxynetwork
      - traefik.http.routers.plex.rule=Host(`plex.domain.tld`)
      - traefik.http.routers.plex.entrypoints=web

networks:
  proxynetwork:
    external: true

我希望这对你有用。

相关内容