这可能是关于 traefik 和 SSL 配置的新手问题。 我想在 traefik 中使用我自己的(自签名、公司、...)证书。我尝试按照文档进行操作,但我不断收到以下消息:
... level=debug msg="No default certificate, generating one"
我的 traefik.toml
看起来像这样:
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[log]
level = "DEBUG"
[api]
insecure = true
dashboard = true
[providers.docker]
exposedByDefault = false
[[tls]]
entryPoints = ["websecure"]
[[tls.certificate]]
certFile = "/certs/cert.crt"
keyFile = "/certs/cert.key"
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "/cert/cert.crt"
keyFile = "/cert/cert.key"
而我的 docker-compose.yml
看起来像这样:
version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.2
ports:
# The HTTP port
- "80:80"
- "443:443"
# The Web UI (enabled by --api.insecure=true)
- "8080:8080"
volumes:
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock:ro
- $PWD/shared/traefik/etc/traefik.toml:/etc/traefik/traefik.toml
- $PWD/shared/traefik/ssl:/certs/
whoami:
# A container that exposes an API to show its IP address
image: containous/whoami
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.basic-auth-whoami.basicauth.users=***:***"
- "traefik.http.middlewares.strip-whoami.stripprefix.prefixes=/whoami"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.middlewares=basic-auth-whoami@docker,strip-whoami@docker"
- "traefik.http.routers.whoami.rule=PathPrefix(`/whoami`) && Host(`<mydomain>`)"
- "traefik.http.services.whoami-poc-traefik.loadbalancer.server.port=80"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.redirs.entrypoints=web"
- "traefik.http.routers.redirs.middlewares=redirect-to-https"
- "traefik.http.routers.whoami.tls=true"
我很确定这是一件琐碎的事情,但我想不通(toml 语法和 traefik 概念都难以同时接受)。
最佳答案
我终于通过关注 blog 发现了什么不起作用
我不得不:
将动态配置的文件提供程序添加到我的
traefik.toml
文件中:[providers.file] filename = "/tls-certs.toml"
将卷映射添加到我的
docker-compose.yml
文件:- $PWD/shared/traefik/etc/tls-certs.toml:/tls-certs.toml
提供一个
tls-certs.toml
文件:[[tls.certificates]] #first certificate certFile = "/certs/cert.crt" keyFile = "/certs/cert.key"
关于ssl - "No default certificate, generating one"提供默认证书时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61256934/