This article is published under a SIGNATURE 4.0 International (CC BY 4.0) license. Signature 4.0 International (CC BY 4.0)
Author: Su Yang
Creation time: July 18, 2019 statistical word count: 7078 words reading time: 15 minutes to read this article links: soulteary.com/2019/07/18/…
Use Traefik on a cluster
This article discusses how to use Traefik on the CDH system to turn NAS devices into useful Web servers.
So far, I’ve written close to 30 articles documenting the various open source software used with Traefik, so if you want to learn more, check out the historical articles.
Writing in the front
Since Traefik has been installed on my home device, in order to use a clean and pure environment, this demonstration is based on virtual machines: Virtual machine Cluster Brightness system version 6.1+ can be used for 6.2+ system (the new version only has interface differences, but the functions and configurations are consistent).
For the convenience of this article, I signed the certificate and configured the domain name to this “Qunhui” VIRTUAL machine.
There are two ways to use Traefik in a crowd:
- Using Traefik alone, specify a non-80/443 port to provide service.
- Traefik is used in conjunction with the Nginx of the system and supports access to services through port 80/443.
Before moving on to Traefik, it’s important to understand some of the default logic of the Huhui system:
- By default, qunhui provides a Web interface. You can use port 5000 or 5001 to access the system through HTTP or HTTPS. You can configure your own SSL certificate.
- By default, after a user accesses the IP address or host name (without the port number), the user directly jumps to port 5000/5001.
- All kinds of applications/sharing agreement will use low port number, if you do not want to conflict, user-defined port need to avoid this kind of port, such as port conflict, conflict software can only be carried out “two”, the software started first, then the other can only report an error exit.
So here are two basic rules to keep in mind:
- Port 80/443 is not as easy to use, and using tripartite software like Traefik has to come with a port number and put up with “imperfections”.
- A bunch of low level ports need to be avoided to prevent system/application functionality from becoming unavailable.
Let’s talk about how to use Traefik alone.
(For the domain names used in the following sections, you need to perform hosts binding or DNS resolution pointing.)
Traefik is used alone
Using Traefik alone is very simple, as described in the two rules above.
Traefik is recommended to run in containers for maintenance purposes, so if you haven’t installed it before, you’ll need to find the Docker in your package and install it. After installing it, you’ll see a directory named Docker in FileStation.
Run Traefik as a service
Traefik’s default port is 80. As mentioned earlier, this port is used by the system by default, so we map the port to a relatively obscure high number: 52080.
version: '3'Services: Traefik: image: traefik: V1.7 -alpine Restart: always container_name: Traefik ports: -52080:80 Networks: - traefikcommand: traefik -c /etc/traefik.toml
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/etc/traefik.toml
healthcheck:
test: ["CMD-SHELL"."wget -q --spider --proxy off localhost:4399/ || exit 1"]
networks:
traefik:
external: true
Copy the codeSave the configuration as docker-comemage.yml and proceed to write the traefik configuration file: traefik.toml.
debug = false
sendAnonymousUsage = false
defaultEntryPoints = ["http"]
[entryPoints]
[entryPoints.http]
address = ": 80"
compress = true
[entryPoints.traefik-api]
address = ": 4399"
[file]
[backends]
[backends.dashboard]
[backends.dashboard.servers.server1]
url = "http://127.0.0.1:4399"
[frontends]
[frontends.dashboard]
entrypoints = ["http"]
backend = "dashboard"
[frontends.dashboard.routes.route01]
rule = "Host:dashboard.orange.lab.com"
[traefikLog]
filePath = "/tmp/traefik.log"
[accessLog]
filePath = "/tmp/access.log"
[api]
entryPoint = "traefik-api"
dashboard = true
defaultEntryPoints = ["http"]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.orange.lab.com"
watch = true
exposedbydefault = false
usebindportip = false
swarmmode = false
Copy the codeAfter saving the two files separately, upload the files to the CDH and start Traefik: (Here take the docker directory created automatically by the system just now as an example)
Create a directory
mkdir -p /volume1/docker/traefik
cd /volume1/docker/traefik
docker network create traefik
docker-compose up -d
Copy the codeAfter the command execution, visit dashboard.orange.lab.com: 52080 can see Traefik Dashboard.
With no other applications running at the moment, the Dashboard looks empty.
So, let’s add two apps to test Traefik’s capabilities.
Install the first application (WordPress)
Unlike Nginx as a reverse proxy, adding apps with Traefik requires only one rule to allow your app to access a domain name, making it much easier.
Here we use the WordPress configuration from the previous article and simplify it to launch our first test application.
version: '3'Services: wp: image: wordpress:5.2.2-php7.1- Apache restart: Always Networks: -traefik environment: WORDPRESS_DB_HOST: wp-db WORDPRESS_TABLE_PREFIX: wp WORDPRESS_DB_NAME: wordpress WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: wordpress labels: -"traefik.enable=true"
- "traefik.frontend.rule=Host:wp.orange.lab.com"
- "traefik.frontend.entryPoints=http"Mariadb: image: mariadb:10.3.8 restart: always container_name: wp-db networks: -traefik environment: MYSQL_DATABASE: wordpress MYSQL_USER: wordpress MYSQL_PASSWORD: wordpress MYSQL_ROOT_PASSWORD: soulteary networks: traefik: external:true
Copy the codeSave the above configuration as docker-comemage. yml, and just like with traefik, upload it to the cluster directory and start the container.
mkdir -p /volume1/docker/wordpress
cd /volume1/docker/wordpress
docker-compose up -d
Copy the codeJust a moment, please. Open http://wp.orange.lab.com:52080 can see familiar installation interface.
Install the second application (Nginx)
In addition to being a service gateway commonly used by servers, Nginx is often used as Web front-end software for dynamic and static sites.
Here, again using a simplified Nginx configuration from the previous article, we launch the second test application.
version: '3'Services: nginx: image: nginx:1.15.10- Alpine Restart: always Networks: -traefik expose: -80 labels: -"traefik.enable=true"
- "traefik.frontend.rule=Host:ngx.orange.lab.com"
- "traefik.frontend.entryPoints=http"
networks:
traefik:
external: true
Copy the codeAgain, save the above configuration as docker-comemage. yml, similar to the previous application, upload it to the cluster directory and start the container.
mkdir -p /volume1/docker/nginx
cd /volume1/docker/nginx
docker-compose up -d
Copy the codeJust a moment, please. Open http://nginx.orange.lab.com:52080 you can see the “Welcome to nginx!” The default runtime interface of the.
If you build a lot of websites, especially on the same machine, you will find that using Traefik for “service domain management” is really efficient.
Let’s take a look at the Traefik Dashboard from before.
This is where all the apps that registered for service discovery are shown, so if you can’t open your app in your browser, check here to see if it exists and is configured correctly.
Used with Web Station
After Traefik is used independently, let’s talk about how to remove redundant port numbers from the address bar, such as “52080”.
Because qunhui updates frequently, each update will cover the user’s modification of the system software. Therefore, we should not only ensure that the modification will not affect the normal functions of Qunhui, but also ensure that our modification will not be affected by the upgrade of Qunhui system or software.
Change the default behavior of a cluster
We know that if you want to hide ports in your browser, you need to use two default ports: 80 and 443. The two ports correspond to HTTP and HTTPS protocols respectively.
As mentioned above, when qunhui visits port 80/443 by default, it will jump to the background page of port 5000/5001. However, if we install the official Web Station suite, this default behavior can be broken.
After the Web Station is installed, we will visit the domain name or IP of Qunhui again and see the default blue page above.
In the File Station, we can see that a directory named Web is automatically created, and the files saved in it are the “blue interface” we see.
Traefik requests using the Web Station proxy
Since the address of the CDH device can be removed from the port number, there is no problem with the software that just used Traefik to expose the service through the domain name.
Open the Web Station suite and add a website using a domain name.
At the moment, if you use this domain name to open the site, you will find that the site’s interface is the same as the original blue screen. This is because the default configuration generated by Web Station only supports simple scenarios, but it can be easily modified.
Using the terminal to switch to the /etc/nginx/conf.d directory, we will see some configuration and some directories, which are empty by default.
/etc/nginx/conf.d# ls
0a977aa1-e8b6-4f98-9f0a-b595268aaa5b dsm.docker.conf dsm.ssdp.conf events.conf main.conf
Copy the codeAdd a configuration named user.conf to the 0a977aa1-e8b6-4f98-9f0a-b595268aaa5b directory above.
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_intercept_errors on;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:52080/;
}
Copy the codeThen use the following command to restart qunhui’s Web Station:
/usr/syno/bin/synopkg restart WebStation
Copy the codeOf course, you can also use standard nginx commands
nginx -t && nginx -s reload
Copy the code
WordPress will then be up and running. Follow the above method, repeat the operation a few times, other sites can also remove the port to run.
other
At the time of installation configuration group of CDH system, in fact, we can in addition to open http://find.synology.com/ or download to use Synology Assistant.
You only need to use the arp command of the system to discover the hui device waiting for operation, for example:
# arp -a(10.11.12.13) at 20:76:93:xx: YY :zz on en0 ifscope [Ethernet] notebook. (10.11.12.110) at 8C :85:90:xx: YY: ZZ On en0 ifscope permanent [Ethernet] Diskstation. pear (10.11.12.179) at 0:11:32:xx:yy:zz on en0 ifscope [Ethernet]? (172.16.24.1) at 0:50:5xx:yy:zz on vmnet1 ifscope permanent [Ethernet]? (192.168.247.1) at 0:50:5 XX: YY :zz on vmnet8 ifscope permanent [Ethernet]? (224.0.0.251) at 1:0:5xx:yy: ZZ on en0 ifscope permanent [Ethernet]? (239.255.255.250) at 1:0:5e:xx:yy: ZZ on en0 ifscope permanent [Ethernet]Copy the codeThe last
In recent years, cluster devices have become more and more powerful, even outperforming Web servers that used ATOM cpus in previous years.
If we just let them do a simple storage device, it is too wasteful, make the best use of things, maybe it will be better.
– EOF
I now have a small toss group, which gathered some like to toss small partners.
In the case of no advertisement, we will talk about software, HomeLab and some programming problems together, and also share some technical salon information in the group from time to time.
Like to toss small partners welcome to scan code to add friends. (Please specify source and purpose, otherwise it will not be approved)
All this stuff about getting into groups