我有一台Debian 10机器,它使用Apache2运行LAMP环境,我将其称为主机。主机上很少有网站在虚拟主机上运行,例如:
<VirtualHost *:80>
ServerName VirtualExample.com
ServerAlias www.VirtualExample.com
ServerAdmin development@example.cafe
DocumentRoot /var/www/hosted_sites/VirtualExample
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =VirtualExample.com [OR]
RewriteCond %{SERVER_NAME} =www.VirtualExample.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName VirtualExample.com
ServerAlias www.VirtualExample.com
ServerAdmin development@example.cafe
DocumentRoot /var/www/hosted_sites/VirtualExample
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/VirtualExample.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/VirtualExample.com/privkey.pem
</VirtualHost>
</IfModule>
或者像这样隐藏在反向代理后面:
<VirtualHost *:80>
ServerAdmin development@example.cafe
ServerName api.staging.example.fr
ProxyPreserveHost On
ProxyPass / http://localhost:3001/ Keepalive=On
ProxyPassReverse / http://localhost:3001/
</VirtualHost>
在我们的最后一个案例中http://localhost:3001/可以是指直接在主机上运行的应用程序,也可以是docker应用程序(其中3001将是暴露的端口(
现在,从长远来看,我计划对所有其他应用程序进行码头化,但目前我的目标只是摆脱Apache Reverse代理,并在traefik中设置它们(以便更好地监控未来的码头应用程序(。
目前,我无法同时运行Apache2和Traefik,问题是共享端口80和443。
我的Traefik配置相当通用:
Docker撰写
version: '3.3'
networks:
wan:
external: true
services:
traefik:
container_name: traefik
restart: always
image: traefik:1.7-alpine
networks:
- wan
ports:
- 81:80
- 444:443
labels:
- traefik.frontend.rule=Host:traefik.example.com
- traefik.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
traefik.toml
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["user:encryptedpassword"]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "development@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "example.com"
watch = true
network = "wan"
到目前为止,我看到的唯一解决方案是将Traefik 80和443端口映射到其他值,并设置一个Apache Reverse代理重定向?这似乎有点模糊,我觉得这只是冰山一角。
将所有HTTP/HTTPS流量重定向到Traefik的解决方案是否正确?是否可以将未解析为Traefik的流量回退到Apache?
什么是最好的方法?代理反转时有哪些良好做法?
+>将来,我将继续对服务器上的每个应用程序进行dockerize。
您不能在同一个ip地址的同一个端口上绑定两个进程:这是无法实现的。正如您已经发现的,解决方案是使用不同的端口:80和443用于apache,例如20080和20443用于traefik。
另一种解决方案(强烈建议(是将一个新的ip关联到同一以太网卡,这样同一物理接口就有两个ip:在第一个接口上,你可以在端口80和443上绑定apache,在第二个接口上你可以在80和443端口上绑定traefik。