Detailed installation and deployment of Traefik 2.2.0

Reload Address

Reload original address

Prerequisite:

Traefik 2.X.0 has been released for some time, and many new features of the version have been updated, especially the highlight of the coexistence of TCP forwarding and http forwarding, which can solve many business problems, save many core network ports and experience bare metal deployment.  

Core concepts

Traefik, like an edge router, acts as an entry point for the entire platform to process and route each incoming request according to logic and rules.These rules determine which services handle which requests; traditional reverse proxies require a configuration file that contains all possible routes to your service, while Traefik detects the service in real time and updates the routing rules automatically, allowing automatic service discovery.

Entrypoint This is the entry to traffic, which defines the port (HTTP or TCP) on which requests are received.
Providers are used to automatically discover services on the platform, such as orchestration tools, container engines, or key-value storage, such as Docker, Kubernetes, File
 Routers Analysis Request (host, path, headers, SSL,...)Is responsible for connecting incoming requests to services that can handle them.
Services forward requests to your application (load balancing,...)Is responsible for configuring how to obtain the actual service that will eventually process incoming requests.
Middlewares middleware, which is used to modify requests or make judgments based on requests (authentication, rate limiting, headers,...), is attached to a route and is a way to adjust requests before they are sent to your service (or before the service's response is sent to the client).

Add the following main functions:

[acme,middleware,tls] entry point redirection and default router configuration
 [consul,etcd,kv,redis,zk] Add KV Store Provider (dynamic configuration only)
[consulcatalog,docker,marathon,rancher,udp]Add UDP to providers with labels
 [docker] Repair traefik behavior when network_mode l is host
 [Docker] Supports SSH connections to Dockers
 [health check] Do not redirect health check URLs
 [k8s,k8s/crd,udp] Add UDP support to the kubernetesCRD provider
 The theme to add darkness to [WebUI] is Web UI

Bug fixes a lot:

Check the update instructions for more details:
https://github.com/containous/traefik/releases

Introduction to the environment:

Default Occupied Port: 
http 80  
https 443  
traefik management page 8080 

Configuration directory: /etc/traefik  
Service log path: /var/log/traefik
 Access log: /data/traefiklog

Install traefik

wget --quiet -O /tmp/traefik.tar.gz "https://github.com/containous/traefik/releases/download/v2.2.0/traefik_v2.2.0_linux_amd64.tar.gz"

tar xzvf /tmp/traefik.tar.gz -C /usr/local/bin traefik

rm -f /tmp/traefik.tar.gz;

chmod +x /usr/local/bin/traefik

mkdir -p /etc/traefik  
mkdir -p /var/log/traefik
mkdir -p /data/traefiklog

Verify Version

traefik  version
Version:      2.2.0
Codename:     chevrotin
Go version:   go1.14.1
Built:        2020-03-25T17:32:57Z
OS/Arch:      linux/amd64

Add traefik startup file:

cd /etc/systemd/system/ 
Traefik The startup file is as follows: 

vi traefik.service 

[Unit] 
Description=Traefik 
Documentation=https://docs.traefik.io 
#After=network-online.target 
#AssertFileIsExecutable=/usr/local/bin/traefik
#AssertPathExists=/etc/traefik/traefik.toml 

[Service] 
# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik) 
#User=traefik 
#AmbientCapabilities=CAP_NET_BIND_SERVICE 
# configure service behavior 
Type=notify 
ExecStart=/usr/local/bin/traefik --configFile=/etc/traefik/traefik.toml 
Restart=always 
WatchdogSec=1s 

# lock down system access 
# prohibit any operating system and configuration modification 
#ProtectSystem=strict 
# create separate, new (and empty) /tmp and /var/tmp filesystems 
#PrivateTmp=true 
# make /home directories inaccessible 
#ProtectHome=true 
# turns off access to physical devices (/dev/...) 
#PrivateDevices=true 
# make kernel settings (procfs and sysfs) read-only 
#ProtectKernelTunables=true 
# make cgroups /sys/fs/cgroup read-only 
#ProtectControlGroups=true 

# allow writing of acme.json 
#ReadWritePaths=/etc/traefik/acme.json 
# depending on log and entrypoint configuration, you may need to allow writing to other paths, too 
# limit number of processes in this unit 
#LimitNPROC=1 

[Install] 
WantedBy=multi-user.target 

Modify permissions

sudo chown root:root /etc/systemd/system/traefik.service 
sudo chmod 644 /etc/systemd/system/traefik.service 

Initialize Profile

Please go to the original site to read:
Original address

Management Panel

Address is node IP address: 8080

The overall effect is much better than version 1.X, and the overall function is much stronger than version 1.X!

Tags: Web Server Docker network github JSON

Posted on Thu, 30 Apr 2020 12:40:33 -0700 by plaggypig