From ac5a485b0ae089aaedab7ea7b04117ecad7e3b3a Mon Sep 17 00:00:00 2001 From: Jeffery Date: Wed, 21 Jan 2026 14:28:46 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E5=B0=8D=E9=BD=8A=E8=A8=BB=E8=A7=A3?= =?UTF-8?q?=EF=BC=8C=E5=8A=A0=E4=B8=8A=E8=A8=98=E6=86=B6=E9=AB=94=E9=99=90?= =?UTF-8?q?=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- traefik/docker-compose.yaml | 95 +++++++++++++++++++------------------ 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/traefik/docker-compose.yaml b/traefik/docker-compose.yaml index 937e3ad..f3e4639 100644 --- a/traefik/docker-compose.yaml +++ b/traefik/docker-compose.yaml @@ -3,7 +3,7 @@ # =============================================================== # 服務描述: Traefik 反向代理與負載平衡器 # 建立日期: 2025-10-23 -# 更新日期: 2025-10-23 +# 更新日期: 2026-01-21 # 版本: latest # 網路連接埠: 80 (HTTP), 443 (HTTPS) # 管理介面: traefik.jsc.idv.me @@ -17,6 +17,9 @@ services: image: traefik:latest container_name: traefik_server + # === 資源限制 === + mem_limit: 512m # 記憶體限制 512MB + # === 網路連接埠對應 === ports: - "80:80" # HTTP 連接埠 @@ -29,38 +32,38 @@ services: - "traefik.docker.network=traefik_vlan" # 指定網路 # --- HTTP 壓縮中介軟體 --- - - "traefik.http.middlewares.gzip.compress=true" + - "traefik.http.middlewares.gzip.compress=true" # 啟用 GZIP 壓縮 # --- Basic Auth 中介軟體 (共用) --- - - "traefik.http.middlewares.auth.basicauth.users=jiantw83:$$apr1$$u.VU3c6O$$AfAxvklBJ4lelZw07o2g20" + - "traefik.http.middlewares.auth.basicauth.users=jiantw83:$$apr1$$u.VU3c6O$$AfAxvklBJ4lelZw07o2g20" # 使用者: jiantw83 # --- HTTP 重導向中介軟體 --- - - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https" - - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true" + - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https" # 重導向至 HTTPS + - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true" # 永久重導向 (301) # --- Traefik 儀表板 HTTP 路由 --- - - "traefik.http.routers.traefik-dashboard.entrypoints=http" - - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.jsc.idv.me`)" - - "traefik.http.routers.traefik-dashboard.middlewares=https-redirect@docker" + - "traefik.http.routers.traefik-dashboard.entrypoints=http" # 監聽 HTTP + - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則 + - "traefik.http.routers.traefik-dashboard.middlewares=https-redirect@docker" # 套用 HTTPS 重導向 # --- Traefik 儀表板 HTTPS 路由 --- - - "traefik.http.routers.traefik-dashboard-tls.entrypoints=https" - - "traefik.http.routers.traefik-dashboard-tls.rule=Host(`traefik.jsc.idv.me`)" - - "traefik.http.routers.traefik-dashboard-tls.middlewares=gzip@docker" - - "traefik.http.routers.traefik-dashboard-tls.service=dashboard@internal" - - "traefik.http.routers.traefik-dashboard-tls.tls=true" + - "traefik.http.routers.traefik-dashboard-tls.entrypoints=https" # 監聽 HTTPS + - "traefik.http.routers.traefik-dashboard-tls.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則 + - "traefik.http.routers.traefik-dashboard-tls.middlewares=gzip@docker" # 套用壓縮中介軟體 + - "traefik.http.routers.traefik-dashboard-tls.service=dashboard@internal" # 使用內建儀表板服務 + - "traefik.http.routers.traefik-dashboard-tls.tls=true" # 啟用 TLS # --- Traefik API HTTP 路由 --- - - "traefik.http.routers.traefik-dashboard-api.entrypoints=http" - - "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.jsc.idv.me`)" - - "traefik.http.routers.traefik-dashboard-api.middlewares=https-redirect@docker" + - "traefik.http.routers.traefik-dashboard-api.entrypoints=http" # 監聽 HTTP + - "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則 + - "traefik.http.routers.traefik-dashboard-api.middlewares=https-redirect@docker" # 套用 HTTPS 重導向 # --- Traefik API HTTPS 路由 --- - - "traefik.http.routers.traefik-dashboard-api-tls.entrypoints=https" - - "traefik.http.routers.traefik-dashboard-api-tls.rule=Host(`traefik.jsc.idv.me`) && PathPrefix(`/api`)" - - "traefik.http.routers.traefik-dashboard-api-tls.middlewares=gzip@docker" - - "traefik.http.routers.traefik-dashboard-api-tls.service=api@internal" - - "traefik.http.routers.traefik-dashboard-api-tls.tls=true" + - "traefik.http.routers.traefik-dashboard-api-tls.entrypoints=https" # 監聽 HTTPS + - "traefik.http.routers.traefik-dashboard-api-tls.rule=Host(`traefik.jsc.idv.me`) && PathPrefix(`/api`)" # 主機名稱 + 路徑規則 + - "traefik.http.routers.traefik-dashboard-api-tls.middlewares=gzip@docker" # 套用壓縮中介軟體 + - "traefik.http.routers.traefik-dashboard-api-tls.service=api@internal" # 使用內建 API 服務 + - "traefik.http.routers.traefik-dashboard-api-tls.tls=true" # 啟用 TLS # === 環境變數設定 === environment: @@ -68,60 +71,60 @@ services: # === 資料持久化 === volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro # Docker Socket (唯讀,用於監聽容器事件) + - /var/run/docker.sock:/var/run/docker.sock:ro # Docker Socket (唯讀,用於監聽容器事件) # === 健康檢查 === healthcheck: test: [ "CMD-SHELL", "wget -q --spider --proxy off traefik_server:8080/ping || exit 1" ] - interval: 3s # 檢查間隔 - retries: 10 # 重試次數 + interval: 3s # 檢查間隔 + retries: 10 # 重試次數 # === 日誌管理 === logging: - driver: "json-file" # 使用 JSON 檔案記錄日誌 + driver: "json-file" # 使用 JSON 檔案記錄日誌 options: - max-size: "1m" # 單一日誌檔案最大 1MB + max-size: "1m" # 單一日誌檔案最大 1MB # === 網路設定 === networks: - - vlan # 連接到 vlan 網路 + - vlan # 連接到 vlan 網路 # === Traefik 啟動參數 === command: # --- API 與儀表板設定 --- - - "--api=true" # 啟用 API - - "--api.dashboard=true" # 啟用儀表板 - - "--ping=true" # 啟用 ping 端點 - - "--accesslog=true" # 啟用存取日誌 - - "--tracing=true" # 啟用追蹤 + - "--api=true" # 啟用 API + - "--api.dashboard=true" # 啟用儀表板 + - "--ping=true" # 啟用 ping 端點 + - "--accesslog=true" # 啟用存取日誌 + - "--tracing=true" # 啟用追蹤 # --- 入口點設定 --- - - "--entrypoints.http.address=:80" # HTTP 入口點 - - "--entrypoints.https.address=:443" # HTTPS 入口點 + - "--entrypoints.http.address=:80" # HTTP 入口點 + - "--entrypoints.https.address=:443" # HTTPS 入口點 # --- Docker 提供者設定 --- - - "--providers.docker=true" # 啟用 Docker 提供者 - - "--providers.docker.endpoint=unix:///var/run/docker.sock" # Docker Socket 連接端點 - - "--providers.file.directory=/etc/traefik/config" # 檔案提供者配置目錄 (動態配置和憑證) - - "--providers.docker.exposedbydefault=false" # 只路由有 traefik.enable=true 的服務 + - "--providers.docker=true" # 啟用 Docker 提供者 + - "--providers.docker.endpoint=unix:///var/run/docker.sock" # Docker Socket 連接端點 + - "--providers.file.directory=/etc/traefik/config" # 檔案提供者配置目錄 (動態配置和憑證) + - "--providers.docker.exposedbydefault=false" # 只路由有 traefik.enable=true 的服務 # --- 全域設定 --- - - "--global.sendanonymoususage=false" # 停用匿名使用資料收集 - - "--global.checknewversion=false" # 停用版本檢查 + - "--global.sendanonymoususage=false" # 停用匿名使用資料收集 + - "--global.checknewversion=false" # 停用版本檢查 # --- Let's Encrypt 憑證設定 --- - - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" # 使用 TLS Challenge 驗證 - - "--certificatesresolvers.letsencrypt.acme.email=jiantw83@yahoo.com" # ACME 註冊信箱 - - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/config/acme.json" # 憑證存儲位置 + - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" # 使用 TLS Challenge 驗證 + - "--certificatesresolvers.letsencrypt.acme.email=jiantw83@yahoo.com" # ACME 註冊信箱 + - "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/config/acme.json" # 憑證存儲位置 # --- SSL 設定 --- - - "--serverstransport.insecureskipverify=true" # 跳過後端服務 SSL 憑證驗證 (⚠️ 僅用於開發環境) + - "--serverstransport.insecureskipverify=true" # 跳過後端服務 SSL 憑證驗證 (⚠️ 僅用於開發環境) # === 重新啟動策略 === - restart: always # 容器異常退出時自動重啟 + restart: always # 容器異常退出時自動重啟 # =============================================================== # Docker Networks 定義 # =============================================================== networks: - vlan: # Traefik 專用網路 (完整名稱: traefik_vlan) \ No newline at end of file + vlan: # Traefik 專用網路 (完整名稱: traefik_vlan) \ No newline at end of file