127 lines
5.8 KiB
YAML
127 lines
5.8 KiB
YAML
# ===============================================================
|
|
# Traefik Reverse Proxy Docker Compose Configuration
|
|
# ===============================================================
|
|
# 服務描述: Traefik 反向代理與負載平衡器
|
|
# 建立日期: 2025-10-23
|
|
# 更新日期: 2025-10-23
|
|
# 版本: latest
|
|
# 網路連接埠: 80 (HTTP), 443 (HTTPS)
|
|
# 管理介面: traefik.jsc.idv.me
|
|
# ===============================================================
|
|
|
|
services:
|
|
# --- Traefik 反向代理主服務 ---
|
|
server:
|
|
# === 容器基本設定 ===
|
|
build: .
|
|
image: traefik:latest
|
|
container_name: traefik_server
|
|
|
|
# === 網路連接埠對應 ===
|
|
ports:
|
|
- "80:80" # HTTP 連接埠
|
|
- "443:443" # HTTPS 連接埠
|
|
|
|
# === Traefik 標籤設定 ===
|
|
labels:
|
|
# --- 基本設定 ---
|
|
- "traefik.enable=true" # 啟用 Traefik 路由
|
|
- "traefik.docker.network=traefik_vlan" # 指定網路
|
|
|
|
# --- HTTP 壓縮中介軟體 ---
|
|
- "traefik.http.middlewares.gzip.compress=true"
|
|
|
|
# --- Basic Auth 中介軟體 (共用) ---
|
|
- "traefik.http.middlewares.auth.basicauth.users=jiantw83:$$apr1$$u.VU3c6O$$AfAxvklBJ4lelZw07o2g20"
|
|
|
|
# --- HTTP 重導向中介軟體 ---
|
|
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
|
|
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
|
|
|
|
# --- Traefik 儀表板 HTTP 路由 ---
|
|
- "traefik.http.routers.traefik-dashboard.entrypoints=http"
|
|
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.jsc.idv.me`)"
|
|
- "traefik.http.routers.traefik-dashboard.middlewares=https-redirect@docker"
|
|
|
|
# --- Traefik 儀表板 HTTPS 路由 ---
|
|
- "traefik.http.routers.traefik-dashboard-tls.entrypoints=https"
|
|
- "traefik.http.routers.traefik-dashboard-tls.rule=Host(`traefik.jsc.idv.me`)"
|
|
- "traefik.http.routers.traefik-dashboard-tls.middlewares=gzip@docker"
|
|
- "traefik.http.routers.traefik-dashboard-tls.service=dashboard@internal"
|
|
- "traefik.http.routers.traefik-dashboard-tls.tls=true"
|
|
|
|
# --- Traefik API HTTP 路由 ---
|
|
- "traefik.http.routers.traefik-dashboard-api.entrypoints=http"
|
|
- "traefik.http.routers.traefik-dashboard-api.rule=Host(`traefik.jsc.idv.me`)"
|
|
- "traefik.http.routers.traefik-dashboard-api.middlewares=https-redirect@docker"
|
|
|
|
# --- Traefik API HTTPS 路由 ---
|
|
- "traefik.http.routers.traefik-dashboard-api-tls.entrypoints=https"
|
|
- "traefik.http.routers.traefik-dashboard-api-tls.rule=Host(`traefik.jsc.idv.me`) && PathPrefix(`/api`)"
|
|
- "traefik.http.routers.traefik-dashboard-api-tls.middlewares=gzip@docker"
|
|
- "traefik.http.routers.traefik-dashboard-api-tls.service=api@internal"
|
|
- "traefik.http.routers.traefik-dashboard-api-tls.tls=true"
|
|
|
|
# === 環境變數設定 ===
|
|
environment:
|
|
TZ: "Asia/Taipei" # 時區設定 (台北時間 UTC+8)
|
|
|
|
# === 資料持久化 ===
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro # Docker Socket (唯讀,用於監聽容器事件)
|
|
|
|
# === 健康檢查 ===
|
|
healthcheck:
|
|
test: [ "CMD-SHELL", "wget -q --spider --proxy off traefik_server:8080/ping || exit 1" ]
|
|
interval: 3s # 檢查間隔
|
|
retries: 10 # 重試次數
|
|
|
|
# === 日誌管理 ===
|
|
logging:
|
|
driver: "json-file" # 使用 JSON 檔案記錄日誌
|
|
options:
|
|
max-size: "1m" # 單一日誌檔案最大 1MB
|
|
|
|
# === 網路設定 ===
|
|
networks:
|
|
- vlan # 連接到 vlan 網路
|
|
|
|
# === Traefik 啟動參數 ===
|
|
command:
|
|
# --- API 與儀表板設定 ---
|
|
- "--api=true" # 啟用 API
|
|
- "--api.dashboard=true" # 啟用儀表板
|
|
- "--ping=true" # 啟用 ping 端點
|
|
- "--accesslog=true" # 啟用存取日誌
|
|
- "--tracing=true" # 啟用追蹤
|
|
|
|
# --- 入口點設定 ---
|
|
- "--entrypoints.http.address=:80" # HTTP 入口點
|
|
- "--entrypoints.https.address=:443" # HTTPS 入口點
|
|
|
|
# --- Docker 提供者設定 ---
|
|
- "--providers.docker=true" # 啟用 Docker 提供者
|
|
- "--providers.docker.endpoint=unix:///var/run/docker.sock" # Docker Socket 連接端點
|
|
- "--providers.file.directory=/etc/traefik/config" # 檔案提供者配置目錄 (動態配置和憑證)
|
|
- "--providers.docker.exposedbydefault=false" # 只路由有 traefik.enable=true 的服務
|
|
|
|
# --- 全域設定 ---
|
|
- "--global.sendanonymoususage=false" # 停用匿名使用資料收集
|
|
- "--global.checknewversion=false" # 停用版本檢查
|
|
|
|
# --- Let's Encrypt 憑證設定 ---
|
|
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" # 使用 TLS Challenge 驗證
|
|
- "--certificatesresolvers.letsencrypt.acme.email=jiantw83@yahoo.com" # ACME 註冊信箱
|
|
- "--certificatesresolvers.letsencrypt.acme.storage=/etc/traefik/config/acme.json" # 憑證存儲位置
|
|
|
|
# --- SSL 設定 ---
|
|
- "--serverstransport.insecureskipverify=true" # 跳過後端服務 SSL 憑證驗證 (⚠️ 僅用於開發環境)
|
|
|
|
# === 重新啟動策略 ===
|
|
restart: always # 容器異常退出時自動重啟
|
|
|
|
# ===============================================================
|
|
# Docker Networks 定義
|
|
# ===============================================================
|
|
networks:
|
|
vlan: # Traefik 專用網路 (完整名稱: traefik_vlan) |