哪个 Traefik 配置可以替代 Ngrok?

哪个 Traefik 配置可以替代 Ngrok?

我有一台服务器公有 IPTraefik V2在其上运行(docker化)。

我有本地主机.example.com指向服务器的公网IP。

我可以通过运行以下命令在我的笔记本电脑和服务器之间建立 SSH 反向隧道:ssh -N -R '9191:localhost:9090' example.com

我有两个问题:

  1. 是否可以让 Traefik 通过 SSH 反向隧道路由 HTTP 流量,以便任何人都可以使用 localhost.example.com 访问我的笔记本电脑上运行的服务?
  2. 如果可能的话,配置应该是什么样的?

以下是我目前编写的配置:

v2.traefik.yml

http:
  routers:
    localhostRouter:
      entryPoints:
        - "websecure"
      rule: "Host(`localhost.example.com`)"
      service: "localhostService"
      tls:
        certresolver: myresolver
  services:
    localhostService:
      loadBalancer:
        servers:
          - url: "127.0.0.1:9191"

docker-compose.yml

version: '3'

services:
  traefik:
    image: traefik:2.4
    container_name: traefik
    restart: always
    command:
      - "--api=true"
      - "--providers.docker=true"
      - "--providers.file.filename=/traefik.yml"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.storage=/acme.json"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
    networks:
      - web
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ./acme.json:/acme.json
      - ./v2.traefik.yml:/traefik.yml

networks:
  web:
    external: true

非常感谢你的帮助!!!

答案1

好的,这是正确的配置:

1- 确保更新到 Traefik 2.4.5(以避免这个 tls/acme 挑战漏洞

2- 这是最终版本docker-compose.yml文件

version: '3'

services:
  traefik:
    image: traefik:2.4.5
    container_name: traefik
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api=true"
      - "--providers.docker=true"
      - "--providers.file.directory=/etc/traefik/config"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "[email protected]"
      - "--certificatesresolvers.myresolver.acme.storage=/acme.json"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - web
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ./acme.json:/acme.json
      - ./config:/etc/traefik/config

networks:
  web:
    external: true

3- 这是最终版本v2.traefik.yml动态配置文件:

http:
  routers:
    LocalhostRouter:
      entryPoints:
        - "websecure"
      rule: "Host(`localhost.example.com`)"
      service: "LocalhostService"
      tls:
        certResolver: "myresolver"
  services:
    LocalhostService:
      loadBalancer:
        servers:
          - url: http://172.18.0.1:9191

4- 请注意,172.18.0.1 是 Docker 网关地址(因为 Traefik 在 docker 中运行)。您可以通过以下方式找到 IPdocker inspect <a3ec>

5- 在本地机器上运行ssh -N -R 9191:127.0.0.1:9191 [email protected]

你应该会很棒!现在您可以使用域名访问在本地机器上运行的 Web 服务器(类似于 Ngrok、localtunnel、expose),但免费或更可靠 ;)

相关内容