如何使用gRPC和Docker设置Traefik v2

时间:2019-11-15 14:53:45

标签: docker grpc traefik

我已按照TLS challenge的说明进行操作,并通读了grpc guide进行traefik的操作,但是我不知道如何将它们组合在一起。

当前,我的域中有traefik仪表板,我可以使用http服务器,但无法使用grpc服务。它显示在仪表板的HTTP Services下,但是当我尝试通过请求访问端点时,它只是超时,表明它无法访问。

我的docker-compose(我没有TOML文件):

traefik:
    image: "traefik:v2.0.0"
    container_name: traefik
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --entrypoints.grpc.address=:8090
      - --providers.docker
      - --api
      # Lets Encrypt Resolvers
      - --certificatesresolvers.leresolver.acme.email=${EMAIL}
      - --certificatesresolvers.leresolver.acme.storage=/etc/acme/cert.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/etc/acme/:/etc/acme/"
    labels:
      # Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=leresolver"
      - "traefik.http.routers.traefik.entrypoints=websecure"

      # Auth
      - "traefik.http.routers.traefik.middlewares=authtraefik"
      - "traefik.http.middlewares.authtraefik.basicauth.users=admin:xxx"

      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - internal
      - proxied

  grpc_server:
    image: xxx
    container_name: grpc_server
    labels:
      - "traefik.http.routers.grpc_server.rule=Host(`grpc.${DOMAIN}`)"
      - "traefik.http.routers.grpc_server.entrypoints=grpc"
      - "traefik.http.routers.grpc_server.tls=true"
      - "traefik.http.routers.grpc_server.tls.certresolver=leresolver"
    expose:
      - 8090 # grpc server

我不需要加密从traefik到grpc的层,这就是为什么我没有按照grpc的示例设置自签名证书的原因。我的grpc服务在不安全的模式下运行,并且没有出现在traefik后面的情况。

我明显错过了什么?

0 个答案:

没有答案
免费获取贴纸的机会↓↓↓
豫ICP备18024241号-1