Compare commits
2 Commits
1b10271ee6
...
ac5a485b0a
| Author | SHA1 | Date | |
|---|---|---|---|
| ac5a485b0a | |||
| 5497a058fe |
@@ -3,7 +3,7 @@
|
|||||||
# ===============================================================
|
# ===============================================================
|
||||||
# 服務描述: Traefik 反向代理與負載平衡器
|
# 服務描述: Traefik 反向代理與負載平衡器
|
||||||
# 建立日期: 2025-10-23
|
# 建立日期: 2025-10-23
|
||||||
# 更新日期: 2025-10-23
|
# 更新日期: 2026-01-21
|
||||||
# 版本: latest
|
# 版本: latest
|
||||||
# 網路連接埠: 80 (HTTP), 443 (HTTPS)
|
# 網路連接埠: 80 (HTTP), 443 (HTTPS)
|
||||||
# 管理介面: traefik.jsc.idv.me
|
# 管理介面: traefik.jsc.idv.me
|
||||||
@@ -17,6 +17,9 @@ services:
|
|||||||
image: traefik:latest
|
image: traefik:latest
|
||||||
container_name: traefik_server
|
container_name: traefik_server
|
||||||
|
|
||||||
|
# === 資源限制 ===
|
||||||
|
mem_limit: 512m # 記憶體限制 512MB
|
||||||
|
|
||||||
# === 網路連接埠對應 ===
|
# === 網路連接埠對應 ===
|
||||||
ports:
|
ports:
|
||||||
- "80:80" # HTTP 連接埠
|
- "80:80" # HTTP 連接埠
|
||||||
@@ -29,38 +32,38 @@ services:
|
|||||||
- "traefik.docker.network=traefik_vlan" # 指定網路
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
||||||
|
|
||||||
# --- HTTP 壓縮中介軟體 ---
|
# --- HTTP 壓縮中介軟體 ---
|
||||||
- "traefik.http.middlewares.gzip.compress=true"
|
- "traefik.http.middlewares.gzip.compress=true" # 啟用 GZIP 壓縮
|
||||||
|
|
||||||
# --- Basic Auth 中介軟體 (共用) ---
|
# --- Basic Auth 中介軟體 (共用) ---
|
||||||
- "traefik.http.middlewares.auth.basicauth.users=jiantw83:$$apr1$$u.VU3c6O$$AfAxvklBJ4lelZw07o2g20"
|
- "traefik.http.middlewares.auth.basicauth.users=jiantw83:$$apr1$$u.VU3c6O$$AfAxvklBJ4lelZw07o2g20" # 使用者: jiantw83
|
||||||
|
|
||||||
# --- HTTP 重導向中介軟體 ---
|
# --- HTTP 重導向中介軟體 ---
|
||||||
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
|
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https" # 重導向至 HTTPS
|
||||||
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
|
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true" # 永久重導向 (301)
|
||||||
|
|
||||||
# --- Traefik 儀表板 HTTP 路由 ---
|
# --- Traefik 儀表板 HTTP 路由 ---
|
||||||
- "traefik.http.routers.traefik-dashboard.entrypoints=http"
|
- "traefik.http.routers.traefik-dashboard.entrypoints=http" # 監聽 HTTP
|
||||||
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.jsc.idv.me`)"
|
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則
|
||||||
- "traefik.http.routers.traefik-dashboard.middlewares=https-redirect@docker"
|
- "traefik.http.routers.traefik-dashboard.middlewares=https-redirect@docker" # 套用 HTTPS 重導向
|
||||||
|
|
||||||
# --- Traefik 儀表板 HTTPS 路由 ---
|
# --- Traefik 儀表板 HTTPS 路由 ---
|
||||||
- "traefik.http.routers.traefik-dashboard-tls.entrypoints=https"
|
- "traefik.http.routers.traefik-dashboard-tls.entrypoints=https" # 監聽 HTTPS
|
||||||
- "traefik.http.routers.traefik-dashboard-tls.rule=Host(`traefik.jsc.idv.me`)"
|
- "traefik.http.routers.traefik-dashboard-tls.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則
|
||||||
- "traefik.http.routers.traefik-dashboard-tls.middlewares=gzip@docker"
|
- "traefik.http.routers.traefik-dashboard-tls.middlewares=gzip@docker" # 套用壓縮中介軟體
|
||||||
- "traefik.http.routers.traefik-dashboard-tls.service=dashboard@internal"
|
- "traefik.http.routers.traefik-dashboard-tls.service=dashboard@internal" # 使用內建儀表板服務
|
||||||
- "traefik.http.routers.traefik-dashboard-tls.tls=true"
|
- "traefik.http.routers.traefik-dashboard-tls.tls=true" # 啟用 TLS
|
||||||
|
|
||||||
# --- Traefik API HTTP 路由 ---
|
# --- Traefik API HTTP 路由 ---
|
||||||
- "traefik.http.routers.traefik-dashboard-api.entrypoints=http"
|
- "traefik.http.routers.traefik-dashboard-api.entrypoints=http" # 監聽 HTTP
|
||||||
- "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.jsc.idv.me`)"
|
- "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.jsc.idv.me`)" # 主機名稱規則
|
||||||
- "traefik.http.routers.traefik-dashboard-api.middlewares=https-redirect@docker"
|
- "traefik.http.routers.traefik-dashboard-api.middlewares=https-redirect@docker" # 套用 HTTPS 重導向
|
||||||
|
|
||||||
# --- Traefik API HTTPS 路由 ---
|
# --- Traefik API HTTPS 路由 ---
|
||||||
- "traefik.http.routers.traefik-dashboard-api-tls.entrypoints=https"
|
- "traefik.http.routers.traefik-dashboard-api-tls.entrypoints=https" # 監聽 HTTPS
|
||||||
- "traefik.http.routers.traefik-dashboard-api-tls.rule=Host(`traefik.jsc.idv.me`) && PathPrefix(`/api`)"
|
- "traefik.http.routers.traefik-dashboard-api-tls.rule=Host(`traefik.jsc.idv.me`) && PathPrefix(`/api`)" # 主機名稱 + 路徑規則
|
||||||
- "traefik.http.routers.traefik-dashboard-api-tls.middlewares=gzip@docker"
|
- "traefik.http.routers.traefik-dashboard-api-tls.middlewares=gzip@docker" # 套用壓縮中介軟體
|
||||||
- "traefik.http.routers.traefik-dashboard-api-tls.service=api@internal"
|
- "traefik.http.routers.traefik-dashboard-api-tls.service=api@internal" # 使用內建 API 服務
|
||||||
- "traefik.http.routers.traefik-dashboard-api-tls.tls=true"
|
- "traefik.http.routers.traefik-dashboard-api-tls.tls=true" # 啟用 TLS
|
||||||
|
|
||||||
# === 環境變數設定 ===
|
# === 環境變數設定 ===
|
||||||
environment:
|
environment:
|
||||||
@@ -68,7 +71,7 @@ services:
|
|||||||
|
|
||||||
# === 資料持久化 ===
|
# === 資料持久化 ===
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro # Docker Socket (唯讀)
|
- /var/run/docker.sock:/var/run/docker.sock:ro # Docker Socket (唯讀,用於監聽容器事件)
|
||||||
|
|
||||||
# === 健康檢查 ===
|
# === 健康檢查 ===
|
||||||
healthcheck:
|
healthcheck:
|
||||||
@@ -84,7 +87,7 @@ services:
|
|||||||
|
|
||||||
# === 網路設定 ===
|
# === 網路設定 ===
|
||||||
networks:
|
networks:
|
||||||
- vlan # 使用 traefik_vlan 網路
|
- vlan # 連接到 vlan 網路
|
||||||
|
|
||||||
# === Traefik 啟動參數 ===
|
# === Traefik 啟動參數 ===
|
||||||
command:
|
command:
|
||||||
@@ -101,8 +104,8 @@ services:
|
|||||||
|
|
||||||
# --- Docker 提供者設定 ---
|
# --- Docker 提供者設定 ---
|
||||||
- "--providers.docker=true" # 啟用 Docker 提供者
|
- "--providers.docker=true" # 啟用 Docker 提供者
|
||||||
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock" # Docker Socket 連接端點
|
||||||
- "--providers.file.directory=/etc/traefik/config"
|
- "--providers.file.directory=/etc/traefik/config" # 檔案提供者配置目錄 (動態配置和憑證)
|
||||||
- "--providers.docker.exposedbydefault=false" # 只路由有 traefik.enable=true 的服務
|
- "--providers.docker.exposedbydefault=false" # 只路由有 traefik.enable=true 的服務
|
||||||
|
|
||||||
# --- 全域設定 ---
|
# --- 全域設定 ---
|
||||||
@@ -110,12 +113,12 @@ services:
|
|||||||
- "--global.checknewversion=false" # 停用版本檢查
|
- "--global.checknewversion=false" # 停用版本檢查
|
||||||
|
|
||||||
# --- Let's Encrypt 憑證設定 ---
|
# --- Let's Encrypt 憑證設定 ---
|
||||||
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
|
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" # 使用 TLS Challenge 驗證
|
||||||
- "--certificatesresolvers.letsencrypt.acme.email=jiantw83@yahoo.com"
|
- "--certificatesresolvers.letsencrypt.acme.email=jiantw83@yahoo.com" # ACME 註冊信箱
|
||||||
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/config/acme.json"
|
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/config/acme.json" # 憑證存儲位置
|
||||||
|
|
||||||
# --- SSL 設定 ---
|
# --- SSL 設定 ---
|
||||||
- "--serverstransport.insecureskipverify=true" # 跳過 SSL 驗證
|
- "--serverstransport.insecureskipverify=true" # 跳過後端服務 SSL 憑證驗證 (⚠️ 僅用於開發環境)
|
||||||
|
|
||||||
# === 重新啟動策略 ===
|
# === 重新啟動策略 ===
|
||||||
restart: always # 容器異常退出時自動重啟
|
restart: always # 容器異常退出時自動重啟
|
||||||
@@ -124,4 +127,4 @@ services:
|
|||||||
# Docker Networks 定義
|
# Docker Networks 定義
|
||||||
# ===============================================================
|
# ===============================================================
|
||||||
networks:
|
networks:
|
||||||
vlan: # Traefik 專用網路
|
vlan: # Traefik 專用網路 (完整名稱: traefik_vlan)
|
||||||
Reference in New Issue
Block a user