一、 引导语
上一篇,我们介绍了如何使用nginx反向代理MinIO,本篇介绍如何使用Traefik代理MinIO。Traefik是出色的边缘路由器 ,具体参考Traefik简介 和 配置介绍
二、使用Traefik反向代理MinIO
(一)、创建docker证书
参考上一篇的介绍
(二)、MinIO容器配置
docker-compose.yml文件
-
为了让traefik能够发现MinIO服务集群,需要为每个节点进行labels配置,设置"traefik.enable=true"
-
需要设置entrypoint,让请求从traefik的哪个端点进来
"traefik.http.routers.<service_name>.entrypoints=<entryPoint_name>"
- 需要设置服务的名称
"traefik.http.routers.<service_name>.service=<service_name>"
- 需要设置负载均衡的端口号
"traefik.http.services.<service_name>.loadbalancer.server.port=<service_listen_port>"
version: '3.7'
# Settings and configurations that are common for all containers
x-minio-common: &minio-common
image: minio/minio:$MINIO_VERSION
command: server --address "0.0.0.0:9000" --console-address "0.0.0.0:9001" http://minio{1...4}/data{1...2}
restart: always
expose:
- "9000"
- "9001"
environment:
TZ: UTC
MINIO_ROOT_USER: $MINIO_ROOT_USER
MINIO_ROOT_PASSWORD: $MINIO_ROOT_PASSWORD
extra_hosts:
- $DOCKER_DOMAIN_HOST_NAME:$DOCKER_DOMAIN_HOST_IP
networks:
- minio-net
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
# starts 4 docker containers running minio server instances.
# using nginx reverse proxy, load balancing, you can access
# it through port 9000.
services:
minio1:
<< : *minio-common
hostname: minio1
volumes:
- data1-1:/data1
- data1-2:/data2
labels:
- "traefik.enable=true"
- traefik.http.routers.minio1.rule=Host(`$DOCKER_DOMAIN_HOST_NAME`)
- "traefik.http.routers.minio1.entrypoints=mio-api"
- "traefik.http.routers.minio1.service=minio1"
- "traefik.http.services.minio1.loadbalancer.server.port=9000"
minio2:
<< : *minio-common
hostname: minio2
volumes:
- data2-1:/data1
- data2-2:/data2
labels:
- "traefik.enable=true"
- traefik.http.routers.minio2.rule=Host(`$DOCKER_DOMAIN_HOST_NAME`)
- "traefik.http.routers.minio2.entrypoints=mio-api"
- "traefik.http.routers.minio2.service=minio2"
- "traefik.http.services.minio2.loadbalancer.server.port=9000"
minio3:
<< : *minio-common
hostname: minio3
volumes:
- data3-1:/data1
- data3-2:/data2
labels:
- "traefik.enable=true"
- traefik.http.routers.minio3.rule=Host(`$DOCKER_DOMAIN_HOST_NAME`)
- "traefik.http.routers.minio3.entrypoints=mio-console"
- "traefik.http.routers.minio3.service=minio3"
- "traefik.http.services.minio3.loadbalancer.server.port=9001"
minio4:
<< : *minio-common
hostname: minio4
volumes:
- data4-1:/data1
- data4-2:/data2
labels:
- "traefik.enable=true"
- traefik.http.routers.minio4.rule=Host(`$DOCKER_DOMAIN_HOST_NAME`)
- "traefik.http.routers.minio4.entrypoints=mio-console"
- "traefik.http.routers.minio4.service=minio4"
- "traefik.http.services.minio4.loadbalancer.server.port=9001"
## By default this config uses default local driver,
## For custom volumes replace with volume driver configuration.
volumes:
data1-1:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data1-1
data1-2:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data1-2
data2-1:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data2-1
data2-2:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data2-2
data3-1:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data3-1
data3-2:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data3-2
data4-1:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data4-1
data4-2:
driver_opts:
type: ext4
o: bind
device: /home/ws/docker/minio/datas/data4-2
networks:
minio-net:
name: minionet
driver: bridge
ipam:
driver: default
config:
- subnet: 172.30.6.0/24
gateway: 172.30.6.1
.env文件
DOCKER_DOMAIN_HOST_NAME=docker.homeserver.net
DOCKER_DOMAIN_HOST_IP=192.168.3.26
TRAEFIK_IMAGE_VERSION=v2.5
#MINIO_VERSION=RELEASE.2021-12-10T23-03-39Z
#MINIO_VERSION=RELEASE.2021-12-20T22-07-16Z
MINIO_VERSION=latest
MINIO_ROOT_USER=AKIAIOSFODNN7EXAPPLE
MINIO_ROOT_PASSWORD=wJalrXUtnFEMIK7MDENGbPxRfiCYEXAPPLEKEY
(三)、配置Traefik路由
1. 编写traefik.yml配置文件
# mkdir -p /home/ws/docker/traefik/conf /home/ws/docker/traefik/conf/dynamic
# cd /home/ws/docker/traefik/conf
# vim traefik.yml
# log configuration
log:
filePath: "/traefik/logs/mainLog/traefik.log"
format: json
level: DEBUG
accessLog:
filePath: "/traefik/logs/accessLog/access.log"
format: json
bufferingSize: 100
fields:
names:
StartUTC: drop
# global transportation configuration
serversTransport:
insecureSkipVerify: true
# entryPoints configuration
entryPoints:
# secure listen port
websecure:
address: ":443"
# minio api listen port
mio-api:
address: ":9000"
# minio console listen port
mio-console:
address: ":9001"
# providers configuration
providers:
docker:
exposedByDefault: false
file:
directory: /traefik/conf/dynamic
watch: true
# api configuration
api:
insecure: true
dashboard: true
2. docker-compose.yml文件
# cd /home/ws/docker/traefik
# vim docker-compose.yml
version: '3.7'
x-dashboard-common: &dashboard-common
image: traefik:$TRAEFIK_IMAGE_VERSION
restart: always
extra_hosts:
- $DOCKER_DOMAIN_HOST_NAME:$DOCKER_DOMAIN_HOST_IP
environment:
TZ: $CONTAINER_TIMEZONE
networks:
- traefik-net
- minio-net
services:
# traefik as a reverse proxy
dashboard:
<< : *dashboard-common
hostname: dashboard
container_name: traefik-dashboard
volumes:
- "/home/ws/config/ssl/docker/ca.pem:/traefik/certs/CAs/docker-ca.crt"
- "/home/ws/config/ssl/docker/docker-cert.pem:/traefik/certs/public.crt"
- "/home/ws/config/ssl/docker/docker-key.pem:/traefik/certs/private.key"
- /var/run/docker.sock:/var/run/docker.sock
- ./conf/traefik/traefik.yml:/etc/traefik/traefik.yml
- ./conf/traefik/dynamic:/traefik/conf/dynamic
- ./logs/traefik/mainLog:/traefik/logs/mainLog
- ./logs/traefik/accessLog:/traefik/logs/accessLog
ports:
- $NGINX_PORT_MINIO_API:9000
- $NGINX_PORT_MINIO_CONSOLE:9001
- $NGINX_PORT_TRAEFIK_DASHBOARD:8080
labels:
- "traefik.enable=false"
networks:
minio-net:
name: minionet
external: true
traefik-net:
name: traefiknet
driver: bridge
ipam:
driver: default
config:
- subnet: 172.30.11.0/24
gateway: 172.30.11.1
3. .env文件
DOCKER_DOMAIN_HOST_NAME=docker.homeserver.net
DOCKER_DOMAIN_HOST_IP=192.168.3.26
CONTAINER_TIMEZONE=UTC
# Container versions
TRAEFIK_IMAGE_VERSION=v2.5
TRAEFIK_INFLUXDB_IMAGE_VERSION=2.1.1-alpine
TRAEFIK_GRAFANA_IMAGE_VERSION=latest
TRAEFIK_NGINX_IMAGE_VERSION=1.20.2-alpine
# Nginx ports configuration
NGINX_PORT_MINIO_API=49000
NGINX_PORT_MINIO_CONSOLE=49001
NGINX_PORT_TRAEFIK_DASHBOARD=49002
(四)、开放端口
# firewall-cmd --zone=public --add-port=49000/tcp --permanent
# firewall-cmd --zone=public --add-port=49001/tcp --permanent
# firewall-cmd --zone=public --add-port=49002/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
(五)、浏览器访问
MinIO-Console
Traefik-Dashboard
