5.5 KiB
5.5 KiB
Traefik + Docker Swarm 集成
📋 概述
本项目实现了 Traefik 与 Docker Swarm 的完整集成,提供统一的入口点管理所有 Swarm 服务。
🏗️ 架构设计
Internet
↓
Traefik (Load Balancer)
↓
Docker Swarm Services
├── Web App (app.local)
├── API Service (api.local)
├── Monitor Service (monitor.local)
└── Other Services...
📁 文件结构
/root/mgmt/
├── traefik-swarm-stack.yml # Traefik 主服务配置
├── demo-services-stack.yml # 示例服务配置
├── monitoring-stack.yml # 监控服务配置
├── swarm-traefik-manager.sh # 管理脚本
└── README-traefik-swarm.md # 说明文档
🚀 快速开始
1. 初始化环境
# 确保 Docker Swarm 已激活
docker swarm init
# 初始化 Traefik 环境
./swarm-traefik-manager.sh init
2. 部署所有服务
# 一键部署所有服务
./swarm-traefik-manager.sh deploy-all
# 或分步部署
./swarm-traefik-manager.sh deploy # 仅部署 Traefik
./swarm-traefik-manager.sh deploy-demo # 部署示例服务
./swarm-traefik-manager.sh deploy-monitoring # 部署监控服务
3. 更新 hosts 文件
# 自动更新 hosts 文件
./swarm-traefik-manager.sh update-hosts
# 或手动添加到 /etc/hosts
echo "127.0.0.1 traefik.local app.local api.local monitor.local prometheus.local grafana.local" >> /etc/hosts
🌐 访问地址
| 服务 | 地址 | 说明 |
|---|---|---|
| Traefik Dashboard | http://traefik.local:8080 | 管理界面 |
| Web App | http://app.local | 示例 Web 应用 |
| API Service | http://api.local | 示例 API 服务 |
| Monitor Service | http://monitor.local | 监控服务 |
| Prometheus | http://prometheus.local | 指标收集 |
| Grafana | http://grafana.local | 可视化面板 |
🛠️ 管理命令
查看服务状态
./swarm-traefik-manager.sh status
查看服务日志
./swarm-traefik-manager.sh logs traefik_traefik
./swarm-traefik-manager.sh logs demo_webapp
扩缩容服务
# 扩容 webapp 到 3 个副本
./swarm-traefik-manager.sh scale demo webapp 3
# 扩容 API 服务到 2 个副本
./swarm-traefik-manager.sh scale demo api 2
清理环境
./swarm-traefik-manager.sh cleanup
📊 监控配置
Prometheus 指标
- Traefik 指标: http://traefik:8080/metrics
- Node Exporter: 系统指标
- cAdvisor: 容器指标
Grafana 配置
- 默认用户: admin
- 默认密码: admin123
- 数据源: Prometheus (http://prometheus:9090)
🔧 服务配置
为新服务添加 Traefik 路由
在 Docker Compose 文件中添加以下标签:
services:
your-service:
image: your-image
networks:
- traefik-public
deploy:
labels:
- traefik.enable=true
- traefik.http.routers.your-service.rule=Host(`your-domain.local`)
- traefik.http.routers.your-service.entrypoints=web
- traefik.http.services.your-service.loadbalancer.server.port=80
高级路由配置
# 路径前缀路由
- traefik.http.routers.api-path.rule=Host(`app.local`) && PathPrefix(`/api`)
# HTTPS 重定向
- traefik.http.routers.your-service.entrypoints=websecure
- traefik.http.routers.your-service.tls.certresolver=letsencrypt
# 中间件配置
- traefik.http.routers.your-service.middlewares=auth
- traefik.http.middlewares.auth.basicauth.users=user:password
🔒 安全配置
基本认证
labels:
- traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$10$$...
- traefik.http.routers.service.middlewares=auth
HTTPS 配置
labels:
- traefik.http.routers.service.tls.certresolver=letsencrypt
- traefik.http.routers.service.entrypoints=websecure
🐛 故障排除
常见问题
-
服务无法访问
# 检查服务状态 docker stack services traefik # 检查网络连接 docker network ls | grep traefik-public -
路由不生效
# 查看 Traefik 日志 ./swarm-traefik-manager.sh logs traefik_traefik # 检查服务标签 docker service inspect demo_webapp -
DNS 解析问题
# 检查 hosts 文件 cat /etc/hosts | grep local # 更新 hosts 文件 ./swarm-traefik-manager.sh update-hosts
调试命令
# 查看所有 Swarm 服务
docker service ls
# 查看特定服务详情
docker service inspect traefik_traefik
# 查看服务任务
docker service ps traefik_traefik
# 进入容器调试
docker exec -it $(docker ps -q -f name=traefik) sh
📈 性能优化
负载均衡配置
labels:
- traefik.http.services.service.loadbalancer.sticky.cookie=true
- traefik.http.services.service.loadbalancer.healthcheck.path=/health
缓存配置
labels:
- traefik.http.middlewares.cache.headers.customrequestheaders.Cache-Control=max-age=3600
🔄 备份与恢复
备份配置
# 备份 Docker 配置
docker config ls
docker config inspect config_name
# 备份 Swarm 状态
docker node ls
docker service ls
恢复服务
# 重新部署服务
./swarm-traefik-manager.sh deploy-all