允许通过本地dockerized traefik实例从互联网访问本地托管的dockerized django应用程序?

问题描述 投票:0回答:1

问题:

从我的 Windows 机器上的浏览器,我可以通过以下方式访问默认的 django 页面:

  • 本地主机:5000
  • 192.168.1.100:5000
  • 但是,不是通过我的域名example.com

来自同一台 Windows 机器:

  • 我可以通过 monitor.example.com
    • 访问 traefik 仪表板

所以我知道从互联网到内部 docker 容器的路由是有效的。

注意: django 应用程序是显示 django 默认页面的最低要求

我的家庭实验室设置

  • 使用 Cloudflare 将 example.com 指向我的外部 IP 地址
  • 本地边缘路由器端口转发 80、443 到 docker-main 服务器 (x.x.x.165)
  • docker-主服务器托管 traefik docker 实例
  • Windows 上的 docker 桌面托管简单的 Django 应用程序 (x.x.x.100)

注意:使用cloudflare原始证书,而不是letsencrypt

traefik docker-compose.yml 文件是:

networks:
  mynet:
    external: true

services:
  traefik:
    image: docker.io/library/traefik:2.11.2
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      # -- (Optional) Enable Dashboard, don't do in production
      - 8080:8080
    environment:
      - CF_DNS_API_TOKEN=[cloudflare token]
      - TZ=[local timezone]
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./config/traefik.yml:/etc/traefik/traefik.yml:ro    # For the static configuration 
      - ./config/config.yml:/etc/traefik/config.yml:ro      # For any dynamic configuration you add
      - ./certs:/certs:ro                               # location for the certs
      - ./logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:[password]"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.rule=Host(`monitor.example.com`)"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
      - "traefik.http.routers.traefik-secure.rule=Host(`monitor.example.com`)"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
    networks:
      - mynet

django 应用程序的 traefik config.yml 是:

  • 注意:删除了其他路由配置
tls:
  certificates:
    - certFile: /certs/[origin cert].crt
      keyFile: /certs/[origin cert].key
http:
  routers:
    django:
      rule: "Host(`example.com`) || Host(`www.example.com`)"
      entryPoints:
        - "web"
      service: django

  services:
    django:
      loadBalancer:
        servers:
          - url: "http://192.168.1.100:5000"

在 traefik.yml 文件中:

global:
  checkNewVersion: false
  sendAnonymousUsage: false

log:
 level: INFO

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: :80
    # http:                # commenting this out to just try getting http working first
    #   redirections:
    #     entryPoint:
    #       to: websecure
    #       scheme: https     
  websecure:
    address: :443

serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: mynet
  file:
    filename: /etc/traefik/config.yml
    watch: true

django docker-compose 文件是:

  • 这是 django-cookiecutter 的精简版本,包括 Dockerfile,删除了不必要的内容以供参考
volumes:
  production_postgres_data: {}
  production_postgres_data_backups: {}
  production_django_media: {}

networks: 
  mynet:
    external: true

services:
  django:
    build:
      context: .
      dockerfile: ./compose/production/django/Dockerfile
    image: project_production_django
    container_name: project_production_django
    volumes:
      - production_django_media:/app/project/media
    depends_on:
      - postgres
    env_file:
      - ./.envs/.production/.django
      - ./.envs/.production/.postgres
    networks:
      - mynet
    ports:
      - 5000:5000
    command: /start

  postgres:
    build:
      context: .
      dockerfile: ./compose/production/postgres/Dockerfile
    image: project_production_postgres
    container_name: project_production_postgres
    volumes:
      - production_postgres_data:/var/lib/postgresql/data
      - production_postgres_data_backups:/backups
    env_file:
      - ./.envs/.production/.postgres
    networks:
      - mynet

在 django 设置中我有

ALLOWED_HOSTS = ["localhost", "127.0.0.1", "192.168.1.100", ".example.com",]

还需要其他信息吗?

那么我错过了什么...:o(

提前干杯

django docker traefik
1个回答
0
投票

我不知道如何使用 config.yml 指向我的 django 服务,即使用什么 URL。

但是,我确实通过在 docker compose 文件中向 django 服务添加标签(最初源自 django-cookiecutter)来使其工作。

提醒:我没有使用 certresolver/LetsEncrypt,而是使用来自 cloudflare 的源服务器证书。

显然将 example.com 替换为您的域名。

volumes:
  production_postgres_data: {}
  production_postgres_data_backups: {}
  # production_traefik: {}
  production_django_media: {}

networks: 
  mynet:
    external: true

services:
  django:
    build:
      context: .
      dockerfile: ./compose/production/django/Dockerfile
    image: project_production_django
    volumes:
      - production_django_media:/app/project/media
    depends_on:
      - postgres
    env_file:
      - ./.envs/.production/.django
      - ./.envs/.production/.postgres
    labels:
      - "traefik.enable=true"           # This option overrides the provider value of exposedByDefault.
      - "traefik.http.routers.django.rule=Host(`example.com`)"
      - "traefik.http.services.django.loadbalancer.server.port=5000"
      - "traefik.http.routers.django.tls=true"
    networks:
      - mynet
    ports:
      - 5000:5000
    command: /start

  postgres:
    build:
      context: .
      dockerfile: ./compose/production/postgres/Dockerfile
    image: project_production_postgres
    # container_name: project_production_postgres
    volumes:
      - production_postgres_data:/var/lib/postgresql/data
      - production_postgres_data_backups:/backups
    env_file:
      - ./.envs/.production/.postgres
    networks:
      - mynet
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.