Docker、Traefik 2.2和默认证书

问：为什么Traefik不使用我的通配符证书（如Traefik.yml文件中所述），而是坚持生成自己的证书

docker compose.yml

version: '3'

services:

  traefik:
    image: traefik:2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $PWD/traefik.yml:/etc/traefik/traefik.yml:ro
      - $PWD/certs:/certs
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host("traefik.network.lan")
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.service=api@internal

networks:
  proxy:
    external: true

global:
  checkNewVersion: true
  sendAnonymousUsage: true



log:
  level: DEBUG

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    swarmMode: false

tls:

  certificates:
    - certFile: /certs/wildcard.crt
      keyFile: /certs/wildcard.key
      stores:
        - default

  stores:
    default:
      defaultCertificate:
        certFile: /certs/wildcard.crt
        keyFile: /certs/wildcard.key

  options:
    default:
      minVersion: VersionTLS12
      preferServerCipherSuites: true

    mintls13:
      minVersion: VersionTLS13

accessLog: {}

$PWD/traefik.yml

version: '3'

services:

  traefik:
    image: traefik:2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $PWD/traefik.yml:/etc/traefik/traefik.yml:ro
      - $PWD/certs:/certs
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host("traefik.network.lan")
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.service=api@internal

networks:
  proxy:
    external: true

global:
  checkNewVersion: true
  sendAnonymousUsage: true



log:
  level: DEBUG

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    swarmMode: false

tls:

  certificates:
    - certFile: /certs/wildcard.crt
      keyFile: /certs/wildcard.key
      stores:
        - default

  stores:
    default:
      defaultCertificate:
        certFile: /certs/wildcard.crt
        keyFile: /certs/wildcard.key

  options:
    default:
      minVersion: VersionTLS12
      preferServerCipherSuites: true

    mintls13:
      minVersion: VersionTLS13

accessLog: {}

我已连接到traefik容器以验证

/etc/traefik/traefik.yml

和

/certs

中的两个证书是否存在。当我查看traefik容器的日志时，我会在启动期间看到以下行（注意调试级别，这表明我的配置确实正在被读取）

---

似乎您的配置没有正确加载，请尝试使用配置文件显式配置traefik，绕过下面的参数使用traefik命令

- '--providers.file.filename=/etc/traefik/traefik.yml'

---

我认为问题在于证书位于

traefik.yml

文件中。证书应该是动态配置的一部分，请参阅

这意味着，您需要两件事：

另一个配置文件，例如

certs.yml

并移动

tls

部分（使用

证书

，

存储

和

选项

部分）

将另一个提供者添加到您的

traefik.yml

文件中，例如