前置条件,可以查看这篇文章生成测试证书
只配置https访问
静态配置
# 流量入口
entryPoints:
web:
address: :80
forwardedHeaders:
insecure: true
http:
# 重定向到443
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
forwardedHeaders:
insecure: true
http:
tls: {}
# 动态配置
providers:
file:
filename: gateway/dynamic_conf.yml
# 工作日志
log:
filePath: gateway/log/traefik.log
# 访问日志
accessLog:
filePath: gateway/log/access.log
# 保留在内存中的日志行数
bufferingSize: 100
fields:
names:
# 设置本地时区,不然默认是0时区时间输出
StartLocal: keep
StartUTC: drop
api:
# false为启用安全访问
insecure: false
动态配置
http:
routers:
# traefik 内置web仪表盘
dashboard:
rule: "(PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
# 内部api服务
service: api@internal
# 使用中间件,auth安全访问
middlewares:
- auth
# 指定入口,可有可无
entryPoints:
- websecure
# 加上这项,则只允许https访问
tls: {}
dami-api:
rule: "Host(`www.domain.com`)"
service: dami-api
# 加上这项,则只允许https访问
tls: {}
middlewares:
# 用户认证
auth:
# 使用官方的中间件
basicAuth:
usersFile: gateway/auth
services:
dami-api:
loadBalancer:
servers:
- url: http://localhost:8080
tls:
certificates:
- certFile: gateway/www.crt
keyFile: gateway/www.key
配置http和https访问
静态配置
entryPoints:
web:
address: :80
forwardedHeaders:
insecure: true
# 443入口,任意起名
websecure:
address: :443
forwardedHeaders:
insecure: true
http:
tls: {}
# 动态配置
providers:
file:
filename: gateway/dynamic_conf.yml
# 工作日志
log:
filePath: gateway/log/traefik.log
# 访问日志
accessLog:
filePath: gateway/log/access.log
# 保留在内存中的日志行数
bufferingSize: 100
fields:
names:
# 设置本地时区,不然默认是0时区时间输出
StartLocal: keep
StartUTC: drop
api:
# false为启用安全访问
insecure: false
动态配置
http:
routers:
blog-ui:
rule: "Host(`blog.takujo.cn`)"
service: blog-ui
middlewares:
- usually
blog-user:
rule: "Host(`blog.takujo.cn`) && PathPrefix(`/user`)"
service: blog-user
middlewares:
- strip
- usually
blog-auth:
rule: "Host(`blog.takujo.cn`) && PathPrefix(`/auth`)"
service: blog-user
middlewares:
- strip
- usually
blog-consul:
rule: "Host(`blog.takujo.cn`) && (PathPrefix(`/consul`)|| PathPrefix(`/v1`) )"
middlewares:
- auth
service: blog-consul
dashboard:
rule: "Host(`blog.takujo.cn`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service: api@internal
middlewares:
- auth
middlewares:
auth:
basicAuth:
usersFile: gateway/auth
breaker:
circuitBreaker:
expression: NetworkErrorRatio() > 0.10 || ResponseCodeRatio(500, 600, 0, 600) > 0.25
limit:
rateLimit:
average: 10
strip:
stripPrefix:
prefixes:
- /user
errorpage:
errors:
status:
- 500-599
- 404
service: blog-ui
query: /{status}.html
usually:
chain:
middlewares:
- breaker
- limit
- errorpage
services:
blog-ui:
loadBalancer:
servers:
- url: http://localhost:8081
healthCheck:
path: /health
interval: 10s
timeout: 3s
blog-consul:
loadBalancer:
servers:
- url: http://localhost:8500
healthCheck:
path: /v1/agent/checks
interval: 10s
timeout: 3s
blog-user:
loadBalancer:
servers:
- url: http://localhost:8082
- url: http://localhost:8083
healthCheck:
path: /health
interval: 10s
timeout: 3s
blog-auth:
loadBalancer:
servers:
- url: http://localhost:8084
healthCheck:
path: /health
interval: 10s
timeout: 3s
tls:
certificates:
- certFile: gateway/takujo.cn.crt
keyFile: gateway/takujo.cn.key