因此,我正在通过 docker 构建一个媒体服务器,该服务器应该可以从任何地方访问(主机、整个主机的 LAN、WAN)。基本上,我每个都有一堆 Web 接口。每个接口默认可在特定端口下访问,但我希望它可以在端口 80 上的子域下访问。我想使用 traefik 作为反向代理,这样它就成为唯一一个从技术上可以从任何地方访问的容器。
我猜想从我的网络访问托管在我网络上的域可能会引起一些问题。这就是为什么我首先关注 WAN 访问,因为我总是可以访问 WAN,但不能访问 LAN (4G)。
如果我想通过 WAN 访问服务器,请求 (plex.domain.tld:80) 将会
- 到 DNS 服务器 - DNS 配置并指向我的路由器 IP
- 到我的路由器 - 端口 80 转发到我的 docker 主机
- 致我的主人——问题我不知道如何将其重定向到我的 traefik 容器。
docker-compose.yml
我在其中定义了一个带有子网的自定义网络,并为我的 traefik 容器提供了一个静态 IP。 - 对于 traefik -警告我不确定我的是否
docker-compose.yml
正确。它应该将对 plex.domain.tld 端口 80 的请求重定向到我的 plex 容器,但我还无法测试它。
我的问题是:首先,我上面的假设正确吗?我根本不是网络专家,想从好的基础开始。其次,如果我唯一的问题是将进入我主机的流量重定向到我知道其 IP 的特定容器;我该如何重定向所述流量?
docker-compose.yml
:最新版本
version: '3.2'
networks:
proxy:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.238.0/24
services:
traefik:
image: traefik
container_name: traefik
hostname: traefik
restart: unless-stopped
networks:
proxy:
ipv4_address: 172.16.238.2
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TIMEZONE}
ports:
- 8080:8080
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${ROOT_FOLDER}\\traefik\\config:/etc/traefik
#- ${ROOT_FOLDER}\\traefik\\config\\acme.json:/acme.json
labels:
- "traefik.enable=false"
- "traefik.docker.network=proxy"
- "traefik.port=80"
- "traefik.frontend.rule=Host:traefik.${DOMAIN_NAME}"
- "traefik.frontend.rule=Host:${DOMAIN_NAME}"
plex: # https://hub.docker.com/r/linuxserver/plex
image: linuxserver/plex
container_name: plex
hostname: plex
restart: unless-stopped
networks:
- proxy
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TIMEZONE}
- PLEX_CLAIM=${PLEX_CLAIM}
- VERSION=public
- UMASK_SET=022
ports:
- 32400:32400/tcp
- 3005:3005/tcp
- 8324:8324/tcp
- 32469:32469/tcp
- 1900:1900/udp
- 32410:32410/udp
- 32412:32412/udp
- 32413:32413/udp
- 32414:32414/udp
volumes:
- "${ROOT_FOLDER}\\library:/library"
- "${ROOT_FOLDER}\\plex\\database:/config"
- "${ROOT_FOLDER}\\plex\\tmp\\transcode:/transcode"
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.port=80"
- "traefik.frontend.rule=Host:plex.${DOMAIN_NAME}"
depends_on:
- traefik
答案1
你的假设是正确的,所以
- 首先,请求将发送到 DNS 服务器,该服务器指向你的公共 IP 地址
- 你的路由器会将传入的请求转发到 docker 主机的 80 端口
- 在你的docker主机上,traefik将监听到达80端口的每个请求
- 根据您的配置,traefik 将把请求路由到特定的 docker 容器。
首先,你应该添加一个 docker 网络(proxynetwork),这样 traefik 就可以找到你所有的 docker 容器
docker network create proxynetwork
之后,你应该将 treafik 配置文件保存在你的 traefik 文件夹中 (${ROOT_FOLDER}\traefik\traefik.toml)。替换[电子邮件保护]您的电子邮件地址。
################################################################
#
# Configuration sample for Traefik v2.
#
# For Traefik v1: https://github.com/containous/traefik/blob/v1.7/traefik.sample.toml
#
################################################################
################################################################
# Global configuration
################################################################
[global]
checkNewVersion = true
sendAnonymousUsage = true
################################################################
# Entrypoints configuration
################################################################
# Entrypoints definition
#
# Optional
# Default:
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
################################################################
# Traefik logs configuration
################################################################
# Traefik logs
# Enabled by default and log to stdout
#
# Optional
#
[log]
# Log level
#
# Optional
# Default: "ERROR"
#
# level = "DEBUG"
# Sets the filepath for the traefik log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "log/traefik.log"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "json"
################################################################
# Access logs configuration
################################################################
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
#
# Optional
#
# [accessLog]
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
#
# Optional
# Default: os.Stdout
#
# filePath = "/path/to/log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "json"
################################################################
# API and dashboard configuration
################################################################
# Enable API and dashboard
[api]
# Enable the API in insecure mode
#
# Optional
# Default: false
#
# insecure = true
# Enabled Dashboard
#
# Optional
# Default: true
#
dashboard = true
################################################################
# Ping configuration
################################################################
# Enable ping
[ping]
# Name of the related entry point
#
# Optional
# Default: "traefik"
#
# entryPoint = "traefik"
################################################################
# Docker configuration backend
################################################################
# Enable Docker configuration backend
[providers.docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
# endpoint = "tcp://10.10.10.10:2375"
# Default host rule.
#
# Optional
# Default: "Host(`{{ normalize .Name }}`)"
#
# defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
# Expose containers by default in traefik
#
# Optional
# Default: true
#
exposedByDefault = false
################################################################
# ACME configuration
################################################################
# Enable ACME (Let's Encrypt): automatic SSL.
[certificatesResolvers.sgfs-httpChallenge.acme]
# Email address used for registration.
#
# Required
#
email = "[email protected]"
# File or key used for certificates storage.
#
# Required
#
storage = "${ROOT_FOLDER}\\traefik\\acme.json"
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod.
#
# Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory"
#
# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# KeyType to use.
#
# Optional
# Default: "RSA4096"
#
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
#
# keyType = "RSA4096"
# Use a TLS-ALPN-01 ACME challenge.
#
# Optional (but recommended)
#
#[certificatesResolvers.sgfs.acme.tlsChallenge]
# Use a HTTP-01 ACME challenge.
#
# Optional
#
[certificatesResolvers.sgfs-httpChallenge.acme.httpChallenge]
# EntryPoint to use for the HTTP-01 challenges.
#
# Required
#
entryPoint = "web"
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation.
#
# Optional
#
# [certificatesResolvers.sample.acme.dnsChallenge]
# DNS provider used.
#
# Required
#
# provider = "digitalocean"
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
# Useful if internal networks block external DNS queries.
#
# Optional
# Default: 0
#
# delayBeforeCheck = 0
# Use following DNS servers to resolve the FQDN authority.
#
# Optional
# Default: empty
#
# resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
#
# NOT RECOMMENDED:
# Increase the risk of reaching Let's Encrypt's rate limits.
#
# Optional
# Default: false
#
# disablePropagationCheck = true
之后,您可以使用以下 docker-compose 文件设置 traefik (v2.0)
version: "3.3"
services:
traefik:
image: traefik:latest
restart: always
container_name: traefik
hostname: traefik
domainname: "domain.tld"
networks:
- proxynetwork
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${ROOT_FOLDER}\\traefik\\traefik.toml:/etc/traefik/traefik.toml
- ${ROOT_FOLDER}\\traefik\\acme.json:/etc/traefik/acme.json
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
labels:
- traefik.enable=true
- traefik.http.routers.api.rule=Host(`traefik.domain.tld`)
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=sgfs-auth
- traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
networks:
proxynetwork:
external: true
改变密码和用户名就行:
- traefik.http.middlewares.auth.basicauth.users=测试:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,测试2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0”
例如,您可以在本网站。
因此现在您应该能够使用以下 URL 访问 traefik 仪表板。
traefik.domain.tld
最后一步,您可以设置媒体 docker 容器。为此使用以下 docker-compose 文件
version: "3.3"
services:
plex: # https://hub.docker.com/r/linuxserver/plex
image: linuxserver/plex
container_name: plex
hostname: plex
restart: unless-stopped
networks:
- proxynetwork
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TIMEZONE}
- PLEX_CLAIM=${PLEX_CLAIM}
- VERSION=public
- UMASK_SET=022
ports:
- 32400:32400/tcp
- 3005:3005/tcp
- 8324:8324/tcp
- 32469:32469/tcp
- 1900:1900/udp
- 32410:32410/udp
- 32412:32412/udp
- 32413:32413/udp
- 32414:32414/udp
volumes:
- "${ROOT_FOLDER}\\library:/library"
- "${ROOT_FOLDER}\\plex\\database:/config"
- "${ROOT_FOLDER}\\plex\\tmp\\transcode:/transcode"
labels:
- traefik.enable=true
- traefik.docker.network=proxynetwork
- traefik.http.routers.plex.rule=Host(`plex.domain.tld`)
- traefik.http.routers.plex.entrypoints=web
networks:
proxynetwork:
external: true
我希望这对你有用。