Fatal编程技术网
  • docker/
  • Docker Traefik V2.2.1-除Traefik服务外的所有服务返回[NET::ERR\u CERT\u AUTHORITY\u INVALID]并使用[Traefik DEFAULT CERT]

Docker Traefik V2.2.1-除Traefik服务外的所有服务返回[NET::ERR\u CERT\u AUTHORITY\u INVALID]并使用[Traefik DEFAULT CERT]

docker ssl

Docker Traefik V2.2.1-除Traefik服务外的所有服务返回[NET::ERR\u CERT\u AUTHORITY\u INVALID]并使用[Traefik DEFAULT CERT],docker,ssl,traefik,Docker,Ssl,Traefik,我决定将traefik的版本从1.7.x升级到2.2.1。 因此,我遵循了上述解决方案()的指导原则,以便2.2.1版中的traefik能够工作。 Traefik v2.2.1运行正常,并正确地将http端口重定向到https。 但是,whoami服务会从http端口重定向到https,但会显示以下消息: WHOAMI return NET :: ERR_CERT_AUTHORITY_INVALID TRAEFIK DEFAULT CERT 我想知道如何解决这个问题。 我查看了traefik

我决定将traefik的版本从1.7.x升级到2.2.1。 因此,我遵循了上述解决方案()的指导原则,以便2.2.1版中的traefik能够工作。 Traefik v2.2.1运行正常,并正确地将http端口重定向到https。 但是,whoami服务会从http端口重定向到https,但会显示以下消息:

WHOAMI return

NET :: ERR_CERT_AUTHORITY_INVALID
TRAEFIK DEFAULT CERT
我想知道如何解决这个问题。 我查看了traefik文档,但没有发现任何错误。

我更改了此部分

- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
为了这个

- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`)"
成功了

你已经解决了这个问题。我认为有一个问题,由于二度子域。 
############################################
Files and settings I'm using:
############################################

############################################
[Traefik v2.] - docker-compose.yml with httpChallenge
############################################

version: '3.7'

services:
  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik.yml:/traefik.yml:ro
      - ./acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:$$password"

      - "traefik.http.routers.traefik.rule=Host(`traefik.ehpop.com.br`)"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"

      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.ehpop.com.br`)"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.tls=true"

      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.permanent=true"

      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"

networks:
  proxy:
    external: true



############################################
[Traefik v2.] - traefik.yml with httpChallenge
############################################

api:
  dashboard: true

# Writing Logs to a File, in JSON
log:
  level: DEBUG
  filePath: "log-file.log"
  format: json

# Configuring a buffer of 100 lines
accessLog:
  filePath: "log-access.log"
  bufferingSize: 100  

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false

certificatesResolvers:
  http:
    acme:
      email: naugustijr@gmail.com
      storage: acme.json
      httpChallenge:
        entryPoint: http    



############################################
[Traefik v2.] - whoami - docker-compose.yml
############################################

version: '3.7'

services:
    whoami:
      image: containous/whoami
      container_name: whoami
      restart: unless-stopped
      security_opt:
        - no-new-privileges:true
      networks:
        - proxy
      volumes:
        - /etc/localtime:/etc/localtime:ro
        - /var/run/docker.sock:/var/run/docker.sock:ro
        - ./data:/data
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.entrypoints=http"
        - "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
        - "traefik.http.middlewares.whoami-https-redirect.redirectscheme.scheme=https"
        - "traefik.http.middlewares.whoami-https-redirect.redirectscheme.permanent=true"

        - "traefik.http.routers.whoami.middlewares=whoami-https-redirect"
        - "traefik.http.routers.whoami-secure.entrypoints=https"
        - "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
        - "traefik.http.routers.whoami-secure.tls=true"
        - "traefik.http.routers.whoami-secure.tls.certresolver=http"
        - "traefik.http.routers.whoami-secure.service=whoami"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"
        - "traefik.docker.network=proxy"

networks:
  proxy:
    external: true


- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`, `www.whoami.ehpop.com.br`)"

- "traefik.http.routers.whoami.rule=Host(`whoami.ehpop.com.br`)"
- "traefik.http.routers.whoami-secure.rule=Host(`whoami.ehpop.com.br`)"