本文将介绍如何在Debian系统上安装Docker并进行配置。
建议优先参考官方文档
Install Docker Engine on Debian | Docker Documentation
首先需要添加Docker的软件源并安装最新版Docker Engine:
1 2 3 4 5 6 7 8 9 10
| sudo apt install ca-certificates curl gnupg sudo install -m 0755 -d /etc/apt/keyrings curl -fsSL [https://download.docker.com/linux/ubuntu/gpg](https://download.docker.com/linux/ubuntu/gpg) | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg sudo chmod a+r /etc/apt/keyrings/docker.gpg echo \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] [https://download.docker.com/linux/ubuntu](https://download.docker.com/linux/ubuntu) \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt update sudo apt install docker-ce docker-ce-cli [containerd.io](http://containerd.io/) docker-buildx-plugin docker-compose-plugin
|
然后需要将当前用户加入docker组,以免每次执行Docker命令时都需要sudo:
1
| sudo usermod -aG docker username
|
注销并重新登录以使更改生效。
编辑/etc/docker/daemon.json文件:
1
| sudo vim /etc/docker/daemon.json
|
加入以下内容:
1 2 3 4 5 6 7 8 9 10 11
| { "log-driver": "json-file", "log-opts": { "max-size": "20m", "max-file": "3" }, "ipv6": true, "fixed-cidr-v6": "fd00:dead:beef:c0::/80", "experimental":true, "ip6tables":true }
|
重启Docker服务:
1
| sudo systemctl restart docker
|
安装Traefik
首先,我们需要创建一个Docker network,以便Traefik和其他服务可以互相通信:
1
| docker network create traefik
|
然后,创建Traefik的配置目录和存放证书的文件:
1 2 3
| mkdir -p ~/traefik touch ~/traefik/acme.json chmod 600 ~/traefik/acme.json
|
编辑Traefik的静态配置文件traefik.yml:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
| global: checkNewVersion: true sendAnonymousUsage: false
entryPoints: web: address: ":80" http: redirections: entryPoint: to: websecure
websecure: address: ":443" http: tls: certResolver: dns-cloudflare domains: - main: "domain.com" sans: - "*.domain.com"
providers: docker: defaultRule: "Host(`{{ trimPrefix `/` .Name }}.domain.com`)" watch: true network: traefik exposedByDefault: false
file: filename: /etc/traefik/dynamic.yml watch: true
api: dashboard: true
log: level: WARN
accessLog: {}
certificatesResolvers: dns-cloudflare: acme: email: name@email.com storage: /etc/traefik/acme.json dnsChallenge: provider: cloudflare resolvers: - "1.1.1.1:53" - "1.0.0.1:53"
|
然后编辑Traefik的动态配置文件dynamic.yml:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| tls: options: default: sniStrict: true minVersion: VersionTLS12 cipherSuites: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 mintls13: minVersion: VersionTLS13
|
部署Traefik服务:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
| services: traefik: image: traefik:v2.10.1 container_name: traefik security_opt: - no-new-privileges:true ports: - "80:80" - "443:443" volumes: - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ~/traefik:/etc/traefik networks: - traefik labels: traefik.enable: true traefik.http.routers.api.rule: Host(`traefik.domain.com`) traefik.http.routers.api.entryPoints: websecure traefik.http.routers.api.service: api@internal environment: PUID: 1000 PGID: 1000 CF_DNS_API_TOKEN: your cloudflare dns token restart: unless-stopped
networks: traefik: external: true
|
获取CF_DNS_API_TOKEN的步骤:
- 登录Cloudflare控制面板,点击右上角的个人资料图标,选择“My Profile”。
- 在“API Tokens”选项卡上,点击“Create Token”。
- 选择 Edit zone DNS, 点击”Use template”
- 输入一个描述性名称, Permissions不用改,保持”Zone-DNS-Edit”,
- Zone Resources,第三项可以选择要认证的域名,最下面点击“Continue”。
- 复制显示的API令牌,这就是你的CF_DNS_API_TOKEN。