해피 투게더

omv5 에서 traefik2 설정하기 본문

장난감

omv5 에서 traefik2 설정하기

보아요 2020. 8. 12. 09:31

traefik2 리다이렉트, 리버즈 프록시 설정.

 

추가부분은 dynamic-conf.yml 부분만 수정이 필요.

 

폴더 구조

traefik2 아래 config, log 폴더 와 traefik.yml

config 폴더아래 acme.json, dynamic-conf.yml

 

포테이너 스택에 아래를 넣고 디플로이, 설정파일 위치는 적당히.

 

portainer stack

 

version: "2"
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    volumes:
      - /srv/dev-disk-by-id-ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M5NLPC0L-part2/hd1/docker/traefik2/traefik.yml:/etc/traefik/traefik.yml
      - /srv/dev-disk-by-id-ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M5NLPC0L-part2/hd1/docker/traefik2/config:/config
      - /srv/dev-disk-by-id-ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M5NLPC0L-part2/hd1/docker/traefik2/config/acme.json:/acme.json
      - /srv/dev-disk-by-id-ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M5NLPC0L-part2/hd1/docker/traefik2/log:/log
      - /var/run/docker.sock:/var/run/docker.sock # traefik이 docker event를 listen하게 합니다.
    ports:
      - 8880:80
      - 8443:443
      - 8080:8080
    restart: unless-stopped

 

traefik.yml duckdns 도메인, 렛츠인크립트용 이메일 주소만 바꿔주세요.

 

## traefik.yml

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entrypoint:
          to: https
  https:
    address: ":443"

# Docker configuration backend
providers:
  docker:
    exposedByDefault: false
    defaultRule: "Host(`{{ trimPrefix `/` .Name }}.domain.duckdns.org`)"
  file:
    filename: "/config/dynamic-conf.yml"
    watch: true

# API and dashboard configuration
api:
  insecure: true

certificatesResolvers:
  letsencrypt:
    acme:
      # used during the challenge
      httpChallenge:
        entryPoint: http
      email: "email@gmail.com"
      storage: "/config/acme.json"
log:
  filePath: "log/traefik.log"
  level: WARN
accessLog:
  filePath: "log/access.log"
  bufferingSize: 100

 

dynamic-conf.yml 는 router 설정 참고.

 

http:
  routers:
    to-webfolder: 
      rule: "(Host(`domain.duckdns.org`) && Path(`/sub`)) || Host(`sub.domain.duckdns.org`)"
      tls:
        certResolver: letsencrypt
      service: webfolder
  services:
    webfolder:
      loadBalancer:
        servers:
          - url: "http://192.168.2.107:2020"

tls:
  options:
    default:
      minVersion: VersionTLS13
    mintls12:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

 

인증서는 잘 생성되는데 torrssen2 의 경우는 안전하지 않다고 나오는데 이유를 잘 모르겠음.

 

저작자표시 비영리 변경금지
'장난감' Related Articles more