Docker、Traefik 2.2和默认证书
问:为什么Traefik不使用我的通配符证书(如Traefik.yml文件中所述),而是坚持生成自己的证书Docker、Traefik 2.2和默认证书,docker,traefik,Docker,Traefik,问:为什么Traefik不使用我的通配符证书(如Traefik.yml文件中所述),而是坚持生成自己的证书 docker compose.yml version: '3' services: traefik: image: traefik:2.2 container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks:
docker compose.yml
version: '3'
services:
traefik:
image: traefik:2.2
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- $PWD/traefik.yml:/etc/traefik/traefik.yml:ro
- $PWD/certs:/certs
labels:
- traefik.enable=true
- traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
- traefik.http.routers.traefik.middlewares=traefik-https-redirect
- traefik.http.routers.traefik-secure.entrypoints=https
- traefik.http.routers.traefik-secure.rule=Host("traefik.network.lan")
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.service=api@internal
networks:
proxy:
external: true
global:
checkNewVersion: true
sendAnonymousUsage: true
log:
level: DEBUG
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
swarmMode: false
tls:
certificates:
- certFile: /certs/wildcard.crt
keyFile: /certs/wildcard.key
stores:
- default
stores:
default:
defaultCertificate:
certFile: /certs/wildcard.crt
keyFile: /certs/wildcard.key
options:
default:
minVersion: VersionTLS12
preferServerCipherSuites: true
mintls13:
minVersion: VersionTLS13
accessLog: {}
$PWD/traefik.yml
version: '3'
services:
traefik:
image: traefik:2.2
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- $PWD/traefik.yml:/etc/traefik/traefik.yml:ro
- $PWD/certs:/certs
labels:
- traefik.enable=true
- traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
- traefik.http.routers.traefik.middlewares=traefik-https-redirect
- traefik.http.routers.traefik-secure.entrypoints=https
- traefik.http.routers.traefik-secure.rule=Host("traefik.network.lan")
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.service=api@internal
networks:
proxy:
external: true
global:
checkNewVersion: true
sendAnonymousUsage: true
log:
level: DEBUG
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
swarmMode: false
tls:
certificates:
- certFile: /certs/wildcard.crt
keyFile: /certs/wildcard.key
stores:
- default
stores:
default:
defaultCertificate:
certFile: /certs/wildcard.crt
keyFile: /certs/wildcard.key
options:
default:
minVersion: VersionTLS12
preferServerCipherSuites: true
mintls13:
minVersion: VersionTLS13
accessLog: {}
我已连接到traefik容器以验证/etc/traefik/traefik.yml
和/certs
中的两个证书是否存在。当我查看traefik容器的日志时,我会在启动期间看到以下行(注意调试级别,这表明我的配置确实正在被读取)
似乎您的配置没有正确加载,请尝试使用配置文件显式配置traefik,绕过下面的参数使用traefik命令
- '--providers.file.filename=/etc/traefik/traefik.yml'
我认为问题在于证书位于
traefik.yml
文件中。证书应该是动态配置的一部分,请参阅
这意味着,您需要两件事:
certs.yml
并移动tls
部分(使用证书
,存储
和选项
部分)traefik.yml
文件中,例如