我有一个在8080端口上运行的服务,它接受http和gRPC。我知道traefik中的gRPC有一些限制,所以这里是最终目标。
- 在端口8080上接受ipWhitelisted流量
- 接受来自:80/graphql的流量并路由到:8080/graphql
- 最终我想在路由/和路由到/graphql时接受这一点
- 接受来自80/admin/schema的ipWhitelisted流量并路由到:8080/admin/schema
- 最终我想在route/admin和route-to-/graphql上接受这一点
如果我能完成这项工作,我相信我可以完成下一部分:
- 使用letsencrypt启用https,并接受从:443到/graphql和/admin端点的traeffici
对于配置,我使用了一个docker compose文件。
version: "3.2"
services:
reverse-proxy:
image: traefik:v2.2
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.dgraph.address=:8080"
ports:
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# there is another service here `zero` that is not using traefik so I ommitted its config.
alpha:
image: dgraph/dgraph:master
volumes:
- /dgraph/data:/dgraph
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.adminIps.ipwhitelist.sourcerange=1.1.1.1" # my ip address instead of 1.1.1.1
- "traefik.http.routers.alpha.rule=Host(`api.mydomain.com`) && Path(`/graphql`)"
- "traefik.http.routers.alpha.entrypoints=dgraph"
- "traefik.http.routers.schema.rule=Host(`api.mydomain.com`) && Path(`/admin/schema`)"
- "traefik.http.routers.schema.middlewares=adminIps@docker"
- "traefik.http.routers.schema.entrypoints=dgraph"
- "traefik.http.routers.all.rule=Host(`api.mydomain.com`)"
- "traefik.http.routers.all.middlewares=adminIps@docker"
- "traefik.http.routers.all.entrypoints=dgraph"
restart: always
command: dgraph alpha --my=alpha:7080 --zero=zero:5080 --whitelist 172.0.0.0:172.254.254.254
我尝试在端口80上创建另一个入口点,然后在路由器中使用它,并添加了一个负载均衡器,但这似乎不起作用。这是修改后的配置:
version: "3.2"
services:
reverse-proxy:
image: traefik:v2.2
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.dgraph.address=:8080"
- "--entrypoints.web.address=:80"
ports:
- "8080:8080"
- "80:80"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
# there is another service here `zero` that is not using traefik so I ommitted its config.
alpha:
image: dgraph/dgraph:master
volumes:
- /dgraph/data:/dgraph
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.adminIps.ipwhitelist.sourcerange=1.1.1.1" # my ip address instead of 1.1.1.1
- "traefik.http.routers.alpha.rule=Host(`api.mydomain.com`) && Path(`/graphql`)"
- "traefik.http.routers.alpha.entrypoints=web"
- "traefik.http.services.alpha.loadbalancer.server.port=80"
- "traefik.http.routers.schema.rule=Host(`api.mydomain.com`) && Path(`/admin/schema`)"
- "traefik.http.routers.schema.middlewares=adminIps@docker"
- "traefik.http.routers.schema.entrypoints=dgraph"
- "traefik.http.routers.all.rule=Host(`api.mydomain.com`)"
- "traefik.http.routers.all.middlewares=adminIps@docker"
- "traefik.http.routers.all.entrypoints=dgraph"
restart: always
command: dgraph alpha --my=alpha:7080 --zero=zero:5080 --whitelist 172.0.0.0:172.254.254.254
上面的第一个docker-compose.yml文件可以工作。我所说的工作是指它正确地将路由、规则和中间件都应用到8080端口上。
上面的第二个docker-compose.yml文件我希望打开端口80,并应用规则将http api.mydomain.com/graphql路由到alpha:8080/graphql。但这并没有发生。当我用docker-compose up -d推送它时,我没有得到任何错误,但当我使用yougetsignal.com并检查打开的端口80时,我得到的响应是端口80已关闭,当我尝试使用以前使用route-all(api.mydomain.com:8080(的端口8080时,我在浏览器中得到响应";坏网关";
您说您的服务alpha正在侦听8080,所以您应该在loadbalancer:中使用它
"traefik.http.services.alpha.loadbalancer.server.port=8080"
您可以这样想:entrypoint是传入连接,loadbalancer是Traefik重定向请求的地方。