Shulou(Shulou.com)06/02 Report--

Traefik uses etcd as the backend configuration storage configuration instance function test purpose: 1:Traefik as the web service, using the etd library as the configuration unified storage space, so that the traefik service can easily add and delete nodes and decouple the service configuration after traefik service startup. 2:Traefik uses http verification to apply for a ssl certificate, that is, each domain name is configured to let traefik automatically apply for a ssl certificate for us. The test steps are as follows: 1: install traefik 1.7 + 2: install etcd3: install Etcdkeeper4: configure traefik docking etcd library demonstration environment using AWS cloud platform test: one CVM, configure public network IP address, open 80443 8080 1180 port traefik v1.7 + web service occupied port: http 80 https 443 traefik management page 8080 configuration directory / etc/traefik Etcd: highly available, highly consistent service discovery storage warehouse Configure storage occupancy port as traefik backend: external client connects to 2379etcd inter-service communication 2380Etcdkeeper:Etcd web interface Api port occupancy with v3 support (can be set by yourself): 11800Docker: used to simulate the quick start of a backend web service image address: containous/whoami installation traefik occupancy port: http 80 https 443 traefik management page 8080 configuration directory / etc/traefik steps are as follows: wget https://github.com/containous/traefik/releases/download/v1.7.19/traefik_linux-amd64mv traefik_linux-amd64 / usr/bin/traefikchmod 755 / usr/bin/ Traefik mkdir-p / etc/traefik touch / etc/traefik/acme.jsonchmod 755 / etc/traefik chmod 600 / etc/traefik/acme.json verified version [root@ip-10-3-1-119 traefik] # traefik versionVersion: v1.7.19Codename: maroillesGo version: go1.12.12Built: 2019-10-28_02:07:32PMOS/Arch: linux/amd64

At this point, traefik configuration is complete!

Start the back-end Web service to prepare for the following test docker run-d-p 8880 containous/whoamidocker run-d-p 8890 containous/whoamidocker run 80 containous/whoami main configuration file vi / etc/traefik/traefik.toml# turns on debug mode for easy debugging Default,falsedebug = true# log level, "DEBUG", "INFO", "WARN", "ERROR", "FATAL", "PANIC" logLevel = "INFO" # both http and httpsdefaultEntryPoints = ["http" are supported "https"] [entryPoints] [entryPoints.http] address = ": 80" # enable compressed transmission compress = true # http forced jump https [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ": 443" # enable compressed transmission compress = true [entryPoints.https.tls] # configure automatic Let's Encrypt certificate [acme] email = "kjh@mail.com" # add Storage location of secret files storage = "/ etc/traefik/acme.json" # # Certificate type Must point to a port 443 entryPoint = "https" # apply for a certificate when the new domain name accepts the first https request onDemand = false# automatically apply for a certificate for the new domain name under acme.entryPoint onHostRule = true [acme.httpChallenge] # acme authentication method supports dns, http, tls This time, use https # https://letsencrypt.org/zh-cn/docs/challenge-types/ entryPoint= "http" # to enable the log function # successful access log [accessLog] filePath = "/ var/log/traefik/acceslog.txt" format = "json" # Service startup log [traefikLog] filePath = "/ var/log/traefik/traefik.log" # Open web management [web] address = ": 8080" # set RESTAPI to read-only mode readOnly = True [web.auth.basic] # test/test login / password can be generated by openssl # users = ["test:$apr1 $H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"] # enable details output Some error messages will be printed under the management interface for reference. [web.statistics] ecentErrors = 1 enable api, modify service configuration, it is recommended to add encryption authentication in production environment [api] entryPoint = "traefik" # Open management panel dashboard = true debug = true# use file management configuration [file] # find configuration file in specified directory directory = "/ etc/traefik/rules" # Monitor file change watch = true# use etcd as storage to open this configuration, you need to open this configuration at the same time as file management configuration Otherwise, it will not be possible to configure [etcd] # Node address: Port endpoint = "10.3.1.119apiuseAPIV3 2379" # Force v3 version apiuseAPIV3 = true# to monitor configuration changes watch = true add reverse proxy configuration file / etc/traefik/rulesweb domain name is: kjh.pt1.jp backend service: http://54.238.247.28:8880http://10.3.1.119:8890vi / etc/traefik/rules/kjh.pt1 The .toml addition configuration is as follows: [frontends] [frontends.ft01] backend = "bk01" [frontends.ft01.routes.rule_1] rule = "Host:kjh.pt1.jp" Kjh01.pt1.jp "[backends] [backends.bk01] [backends.bk01.servers.server1] url =" http://54.238.247.28:8880" weight = 10 [backends.bk01.servers.server2] url = "http://10.3.1.119:8890" weight = 10

Note: the domain name configured above needs to be resolved in dns and points to the IP address of traefik node, otherwise you can't apply for ssl certificate normally!

Install etcdyum install etcd-yvi / etc/etcd/etcd.conf modify ttp://localhost:2379 to http://0.0.0.0:2379# the main modifications are as follows: ETCD_LISTEN_CLIENT_URLS= "http://0.0.0.0:2379"ETCD_ADVERTISE_CLIENT_URLS="http://0.0.0.0:2379"# startup service systemctl daemon-reloadsystemctl start etcdsystemctl status etcd install etcdkeeperwget https://github.com/evildecay/etcdkeeper/releases / download/v0.7.5/etcdkeeper-v0.7.5-linux_x86_64.zipunzip etcdkeeper-v0.7.5-linux_x86_64.zipcd etcdkeeperchmod 755 etcdkeeper# background launch. / etcdkeeper- p 11800 & browser access:

Http:// node IP address: 11800 /

If you can browse the contents of the etd library as normal, but there are no files at this time

Traefik configuration will be stored to etcd

Synchronize traefik configuration to etcd library

Traefik storeconfig-c traefik.toml [root @ ip-10-3-1-119 traefik] # traefik storeconfig traefik.toml.0, "DebugLogGeneratedTemplate": false, "Directory": "/ etc/traefik/rules", "TraefikFile": ""} 21:19:22 Writing config to KV verification on 2020-01-05

1: no error is returned when the configuration is imported, and Writing config to KV is returned

2: visit etcd ui to check whether the traefik configuration information has been imported successfully. The display directory is roughly as follows

/ etctraefik starts the traefik service and executes the traefik command. By default, the configuration file is found in the / etc/traefik/ directory. Total experience

Access the traefik node IP address: 8080 you can see the configuration of the file and the configuration of the KV library, and the domain name configured by the configuration file can be accessed normally.

The effect picture is as follows:

Reference documentation:

Https://zhuanlan.zhihu.com/p/74042144

Https://www.cnblogs.com/morang/p/10390055.html

Https://ystyle.top/2017/12/08/traefik-getting-start/

Https://jupyterhub-traefik-proxy.readthedocs.io/en/latest/toml.html

Https://my.oschina.net/guol/blog/2209678

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.