基于此(https://github.com/r9r-dev/portaefik)我已经设置了portainer,前面有traefik。效果很好,我正在用它主持 portainer 和 traefik 背后的其他一些事情。
但是,我希望 portainer 管理界面无法在常规 80/443 端口上访问,而是在单独的端口(如 9443)上访问,这样我就可以在防火墙中过滤该端口,并阻止除我之外的任何人访问它.
那么我如何告诉 traefik 在另一个端口上公开 portainer,但继续在 80/443 上提供其他服务?
到目前为止我的所有尝试都失败了,要么是 traefik 要么是 portainer 损坏了。
这就是我当前的 docker-compose 的样子。
version: "3"
#https://github.com/r9r-dev/portaefik
services:
proxy:
image: traefik:v3.0
container_name: "traefik"
networks:
- traefik
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
volumes:
- ./letsencrypt:/letsencrypt
- ./users.u:/users/users.u
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
command:
#- "--log.level=DEBUG"
# Docker configuration
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik"
# Configure entrypoint
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
# SSL configuration
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge=true"
- "--certificatesresolvers.letsencryptresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.letsencryptresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.letsencryptresolver.acme.email=none@none.com"
- "--certificatesresolvers.letsencryptresolver.acme.storage=/letsencrypt/acme.json"
# Global HTTP -> HTTPS
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
# Enable dashboard
- "--api.dashboard=true"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=dashboard-auth"
- "traefik.http.middlewares.dashboard-auth.basicauth.usersfile=/users/users.u"
- "traefik.http.routers.dashboard.rule=Host(`traefik.mydomain.se`)"
- "traefik.http.services.dashboard.loadbalancer.server.port=8080"
portainer:
image: portainer/portainer-ce
container_name: "portainer"
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.rule=Host(`portainer.mydomain.se`)"
- "traefik.http.routers.portainer.entrypoints=websecure"
- "traefik.http.routers.portainer.tls.certresolver=letsencryptresolver"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /mnt/Storage1/docker-data/portainer:/data
restart: always
networks:
traefik:
external:
name: traefik
想通了。
向 compose 文件的 traefik 部分添加了新的公开端口
ports:
- "80:80" # HTTP
- "443:443" # HTTPS
- "9443:9443" # PORTAINER <---
- "8080:8080" # TRAEFIK <---
添加了名为 traefik 和 portainer 的新入口点:
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.traefik.address=:8080" <---
- "--entrypoints.portainer.address=:9443" <---
更改了 traefik 仪表板和 portainer 的入口点。
- "traefik.http.routers.dashboard.entrypoints=traefik"
- "traefik.http.routers.portainer.entrypoints=portainer"