我有一台服务器公有 IP和Traefik V2在其上运行(docker化)。
我有本地主机.example.com指向服务器的公网IP。
我可以通过运行以下命令在我的笔记本电脑和服务器之间建立 SSH 反向隧道:ssh -N -R '9191:localhost:9090' example.com
我有两个问题:
- 是否可以让 Traefik 通过 SSH 反向隧道路由 HTTP 流量,以便任何人都可以使用 localhost.example.com 访问我的笔记本电脑上运行的服务?
- 如果可能的话,配置应该是什么样的?
以下是我目前编写的配置:
v2.traefik.yml:
http:
routers:
localhostRouter:
entryPoints:
- "websecure"
rule: "Host(`localhost.example.com`)"
service: "localhostService"
tls:
certresolver: myresolver
services:
localhostService:
loadBalancer:
servers:
- url: "127.0.0.1:9191"
docker-compose.yml:
version: '3'
services:
traefik:
image: traefik:2.4
container_name: traefik
restart: always
command:
- "--api=true"
- "--providers.docker=true"
- "--providers.file.filename=/traefik.yml"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- 80:80
- 443:443
- 8080:8080
networks:
networks:
- web
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ./acme.json:/acme.json
- ./v2.traefik.yml:/traefik.yml
networks:
web:
external: true
非常感谢你的帮助!!!
答案1
好的,这是正确的配置:
1- 确保更新到 Traefik 2.4.5(以避免这个 tls/acme 挑战漏洞)
2- 这是最终版本docker-compose.yml文件
version: '3'
services:
traefik:
image: traefik:2.4.5
container_name: traefik
restart: always
command:
- "--log.level=DEBUG"
- "--api=true"
- "--providers.docker=true"
- "--providers.file.directory=/etc/traefik/config"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.web.http.redirections.entrypoint.permanent=true"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "[email protected]"
- "--certificatesresolvers.myresolver.acme.storage=/acme.json"
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- web
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- ./acme.json:/acme.json
- ./config:/etc/traefik/config
networks:
web:
external: true
3- 这是最终版本v2.traefik.yml动态配置文件:
http:
routers:
LocalhostRouter:
entryPoints:
- "websecure"
rule: "Host(`localhost.example.com`)"
service: "LocalhostService"
tls:
certResolver: "myresolver"
services:
LocalhostService:
loadBalancer:
servers:
- url: http://172.18.0.1:9191
4- 请注意,172.18.0.1 是 Docker 网关地址(因为 Traefik 在 docker 中运行)。您可以通过以下方式找到 IPdocker inspect <a3ec>
5- 在本地机器上运行ssh -N -R 9191:127.0.0.1:9191 [email protected]
你应该会很棒!现在您可以使用域名访问在本地机器上运行的 Web 服务器(类似于 Ngrok、localtunnel、expose),但免费或更可靠 ;)