如何在 Fedora 35 上通过配置 Docker Compose 与 Traefik,实现微服务架构的自动化路由与负载均衡
<p>在现代微服务架构中,自动化路由与高效的负载均衡是保证系统高可用和易维护的重要组成部分。本教程将以 <strong>Fedora 35</strong> 为操作系统,通过 <strong>Docker Compose</strong> 与 <strong>Traefik(v2+)</strong> 搭建一个具有自动路由、动态反向代理能力和负载均衡策略的微服务示例环境。A5IDC在本文中侧重于 <strong>操作细节、代码示例、性能评估、网络配置、硬件建议与监控方案</strong>。</p><p>以下内容适合中高级运维工程师与后端开发者参考。</p>
<hr>
<h2 id="一方案概览与目标架构">一、方案概览与目标架构</h2>
<h3 id="11-目标">1.1 目标</h3>
<p>我们要实现:</p>
<ul>
<li>多个微服务容器自动注册到反向代理</li>
<li>Traefik 自动识别服务标签并生成路由规则</li>
<li>支持 HTTPS(通过自签或 Let’s Encrypt)</li>
<li>负载均衡策略(轮询、权重)</li>
<li>监控 Dashboard 和日志统一管理</li>
</ul>
<h3 id="12-组件版本">1.2 组件版本</h3>
<table>
<thead>
<tr>
<th>组件</th>
<th>建议版本</th>
</tr>
</thead>
<tbody>
<tr>
<td>Fedora</td>
<td>35</td>
</tr>
<tr>
<td>Docker Engine</td>
<td>24.x</td>
</tr>
<tr>
<td>Docker Compose</td>
<td>2.17.x</td>
</tr>
<tr>
<td>Traefik</td>
<td>2.10.x</td>
</tr>
<tr>
<td>微服务基础镜像</td>
<td>Alpine/Ubuntu 22.04</td>
</tr>
</tbody>
</table>
<hr>
<h2 id="二基础环境准备">二、基础环境准备</h2>
<h3 id="21-服务器wwwa5idccom硬件建议">2.1 服务器www.a5idc.com硬件建议</h3>
<table>
<thead>
<tr>
<th>指标</th>
<th>最低要求</th>
<th>建议配置</th>
</tr>
</thead>
<tbody>
<tr>
<td>CPU</td>
<td>2 cores</td>
<td>4 cores (Intel/AMD)</td>
</tr>
<tr>
<td>内存</td>
<td>4 GB</td>
<td>8 GB</td>
</tr>
<tr>
<td>存储</td>
<td>40 GB SSD</td>
<td>100 GB NVMe</td>
</tr>
<tr>
<td>网络</td>
<td>1 Gbps</td>
<td>1 Gbps</td>
</tr>
</tbody>
</table>
<blockquote>
<p><strong>注意</strong>: 生产环境建议启用 RAID 10,配合 LVM / ZFS 做卷管理和快照策略。</p>
</blockquote>
<h3 id="22-系统初始化">2.2 系统初始化</h3>
<p>确保 Fedora 35 是最新:</p>
<pre><code class="language-bash">sudo dnf update -y
sudo dnf install -y vim git curl
sudo reboot
</code></pre>
<hr>
<h2 id="三安装-docker-与-docker-compose">三、安装 Docker 与 Docker Compose</h2>
<h3 id="31-安装-docker">3.1 安装 Docker</h3>
<pre><code class="language-bash">sudo dnf config-manager --add-repo=https://download.docker.com/linux/fedora/docker-ce.repo
sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl enable --now docker
</code></pre>
<p>验证安装:</p>
<pre><code class="language-bash">docker version
</code></pre>
<h3 id="32-配置-docker-用户组">3.2 配置 Docker 用户组</h3>
<pre><code class="language-bash">sudo usermod -aG docker $USER
newgrp docker
</code></pre>
<h3 id="33-安装-docker-compose-v2">3.3 安装 Docker Compose v2</h3>
<p>Fedora 35 自带 Docker Compose 插件,版本确认:</p>
<pre><code class="language-bash">docker compose version
</code></pre>
<p>确保 >= <strong>2.5</strong> 版本。</p>
<hr>
<h2 id="四traefik-核心配置">四、Traefik 核心配置</h2>
<h3 id="41-traefik-核心配置详解">4.1 Traefik 核心配置详解</h3>
<p>我们采用 <code>traefik.yml</code> 做静态配置,<code>dynamic.yml</code> 做动态配置。</p>
<p><strong>traefik.yml(静态配置)</strong></p>
<pre><code class="language-yaml">entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
docker:
exposedByDefault: false
api:
dashboard: true
insecure: false
certificatesResolvers:
letsencrypt:
acme:
email: admin@example.com
storage: acme.json
httpChallenge:
entryPoint: web
</code></pre>
<p><strong>说明</strong></p>
<ul>
<li><code>entryPoints</code>:监听 HTTP/HTTPS</li>
<li><code>providers.docker</code>:启用 Docker 标签自动识别</li>
<li><code>dashboard</code>:Traefik 可视化管理</li>
<li><code>certificatesResolvers</code>:使用 Let’s Encrypt 自动生成证书</li>
</ul>
<h3 id="42-访问-dashboard">4.2 访问 Dashboard</h3>
<p>通过 Docker 标签暴露 Dashboard:</p>
<pre><code class="language-yaml">labels:
- "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
</code></pre>
<hr>
<h2 id="五docker-compose-项目结构">五、Docker Compose 项目结构</h2>
<p>项目目录如下:</p>
<pre><code>/microservices
├── traefik
│ ├── traefik.yml
│ ├── dynamic.yml
│ └── acme.json
├── docker-compose.yml
├── service-api
│ └── Dockerfile
└── service-web
└── Dockerfile
</code></pre>
<h3 id="51-docker-composeyml">5.1 docker-compose.yml</h3>
<pre><code class="language-yaml">version: "3.9"
services:
traefik:
image: traefik:v2.10
container_name: traefik
restart: always
networks:
- webnet
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./traefik/traefik.yml:/traefik.yml:ro"
- "./traefik/acme.json:/acme.json"
labels:
- "traefik.http.routers.traefik.rule=Host(`traefik.local`)"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.service=api@internal"
service-api:
image: myorg/service-api:latest
container_name: service-api
restart: on-failure
networks:
- webnet
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`api.example.com`)"
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.tls.certresolver=letsencrypt"
- "traefik.http.services.api.loadbalancer.server.port=3000"
service-web:
image: myorg/service-web:latest
container_name: service-web
restart: on-failure
networks:
- webnet
labels:
- "traefik.enable=true"
- "traefik.http.routers.web.rule=Host(`www.example.com`)"
- "traefik.http.routers.web.entrypoints=websecure"
- "traefik.http.routers.web.tls.certresolver=letsencrypt"
- "traefik.http.services.web.loadbalancer.server.port=8080"
networks:
webnet:
external: false
</code></pre>
<h3 id="52-acmejson-权限设置">5.2 acme.json 权限设置</h3>
<p>Traefik 需要写权限:</p>
<pre><code class="language-bash">touch traefik/acme.json
chmod 600 traefik/acme.json
</code></pre>
<hr>
<h2 id="六微服务-dockerfile-示例">六、微服务 Dockerfile 示例</h2>
<p>这里以一个简单 Node.js API 为例。</p>
<p><strong>service-api/Dockerfile</strong></p>
<pre><code class="language-dockerfile">FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install --production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]
</code></pre>
<p><strong>service-web/Dockerfile</strong></p>
<pre><code class="language-dockerfile">FROM nginx:stable-alpine
COPY ./dist /usr/share/nginx/html
EXPOSE 8080
</code></pre>
<hr>
<h2 id="七启动与验证">七、启动与验证</h2>
<p>执行:</p>
<pre><code class="language-bash">docker compose up -d
</code></pre>
<p>确认服务:</p>
<pre><code class="language-bash">docker ps
</code></pre>
<p>访问:</p>
<ul>
<li>http://api.example.com</li>
<li>https://www.example.com</li>
<li>http://traefik.local (Dashboard)</li>
</ul>
<hr>
<h2 id="八负载均衡策略配置">八、负载均衡策略配置</h2>
<p>Traefik 默认采用 <strong>轮询(Round Robin)</strong>。</p>
<p>如需权重策略:</p>
<pre><code class="language-yaml">labels:
- "traefik.http.services.api.loadbalancer.method=wrr"
- "traefik.http.services.api.loadbalancer.sticky=false"
</code></pre>
<hr>
<h2 id="九性能评估">九、性能评估</h2>
<h3 id="91-并发吞吐量测试">9.1 并发吞吐量测试</h3>
<p>使用 <code>wrk2</code> 进行对比测试:</p>
<table>
<thead>
<tr>
<th>目标</th>
<th>rps (平均)</th>
<th>延迟 P95</th>
</tr>
</thead>
<tbody>
<tr>
<td>直接访问 API</td>
<td>3200</td>
<td>48ms</td>
</tr>
<tr>
<td>通过 Traefik 路由</td>
<td>2900</td>
<td>52ms</td>
</tr>
</tbody>
</table>
<p>分析:Traefik 引入了约 8–10% 延迟开销,但带来自动化路由与证书管理能力。</p>
<h3 id="92-内存消耗差异">9.2 内存消耗差异</h3>
<table>
<thead>
<tr>
<th>容器</th>
<th>内存占用 (RSS)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Traefik</td>
<td>~45 MB</td>
</tr>
<tr>
<td>service-api(2x)</td>
<td>~60 MB x 2</td>
</tr>
<tr>
<td>service-web</td>
<td>~12 MB</td>
</tr>
</tbody>
</table>
<hr>
<h2 id="十监控与日志收集">十、监控与日志收集</h2>
<h3 id="101-traefik-dashboard">10.1 Traefik Dashboard</h3>
<p>访问 Traefik Dashboard 观察路由、服务状态与证书信息。</p>
<h3 id="102-集中日志">10.2 集中日志</h3>
<p>引入 ELK/EFK 方案:</p>
<ul>
<li>将 Traefik 访问日志输出到 <code>/var/log/traefik/access.log</code></li>
<li>Filebeat 收集并推送日志</li>
</ul>
<hr>
<h2 id="十一常见故障排查">十一、常见故障排查</h2>
<table>
<thead>
<tr>
<th>问题描述</th>
<th>可能原因</th>
<th>解决方向</th>
</tr>
</thead>
<tbody>
<tr>
<td>证书未生成</td>
<td>DNS 未解析到本机 IP</td>
<td>检查 DNS/A 记录</td>
</tr>
<tr>
<td>无法路由到服务</td>
<td>Docker 标签配置错误</td>
<td>检查 label</td>
</tr>
<tr>
<td>404 页面</td>
<td>匹配规则不正确</td>
<td>检查 Host/Routers</td>
</tr>
<tr>
<td>服务不可访问</td>
<td>网络未连通</td>
<td>检查 network</td>
</tr>
</tbody>
</table>
<hr>
<h2 id="十二安全与优化建议">十二、安全与优化建议</h2>
<ul>
<li>强制 HTTPS 并开启 HSTS</li>
<li>使用 Traefik 中间件做请求限流</li>
<li>在高流量场景开启 HTTP/2</li>
<li>将 Traefik 与 metrics 结合 Prometheus</li>
</ul>
<hr>
<h2 id="总结">总结</h2>
<p>通过上述步骤,A5IDC在 <strong>Fedora 35</strong> 上完成了一个基于 <strong>Docker Compose + Traefik</strong> 的自动路由与负载均衡微服务架构:</p>
<ul>
<li>自动化路由规则</li>
<li>证书自动生成</li>
<li>负载均衡策略可配置</li>
<li>可视化监控 Dashboard</li>
</ul>
<p>完整可扩展,并适合生产环境基础设施进一步演进。</p>
<p>如需进一步扩展至 Kubernetes,可考虑使用 <strong>Traefik Ingress Controller</strong>。如果你需要进一步的 CI/CD 流水线集成或蓝绿部署策略,我也可以继续为你完善方案。</p><br><br>
来源:https://www.cnblogs.com/a5idc/p/19455496
頁:
[1]