Https 为什么Traefik 2.0没有检测到我指定的默认静态证书,而是自己生成一个?

Https 为什么Traefik 2.0没有检测到我指定的默认静态证书,而是自己生成一个?,https,docker-swarm,traefik,Https,Docker Swarm,Traefik,在我最初尝试将基于docker swarm的Traefik安装从1.7迁移到2.0的过程中,我发现Traefik.toml配置文件中默认的静态指定SSL配置被忽略,启用调试后,docker日志显示了许多类似的消息: time="2019-11-06T20:26:30Z" level=debug msg="No default certificate, generating one" 事实证明,对于Traefik 2.0,SSL配置始终被视为动态的(请仔细阅读),因此必须定义一个动态文件提供程序

在我最初尝试将基于docker swarm的Traefik安装从1.7迁移到2.0的过程中,我发现Traefik.toml配置文件中默认的静态指定SSL配置被忽略,启用调试后,docker日志显示了许多类似的消息:

time="2019-11-06T20:26:30Z" level=debug msg="No default certificate, generating one"

事实证明,对于Traefik 2.0,SSL配置始终被视为动态的(请仔细阅读),因此必须定义一个动态文件提供程序(请参阅),而且此动态配置必须位于与Traefik主配置文件分离的文件中

如果试图缩短此过程的快捷方式,并将主traefik配置文件声明为动态文件提供程序,则可能会在日志中看到此无帮助的消息:

time="2019-11-06T20:26:30Z" level=error msg="Cannot start the provider *file.Provider: template: :179:35: executing \"\" at <.Name>: can't evaluate field Name in type bool"
Containeous社区论坛(例如)和Reddit(例如)上的几个帖子肯定有助于解决这个问题,但希望这个总结也能有所帮助

下面的docker-compose.yml(手动编辑以删除一些抽象,例如位置限制、网络、我们自己的身份验证等)是目前运行Traefik作为docker swarm上的一个扩展docker服务的基本工具,启用了仪表板并支持https。本例中的Traefik标签位于Traefik服务本身上,并为8080上运行的仪表板设置路由器和“后端”服务

version: '3.3'
secrets:
  rsa_private_key:
    file: key.pem
  rsa_cert:
    file: crt.pem
configs:
  toml_conf:
    file: traefik.toml
  dynamic_toml_conf:
    file: dynamic_conf.toml
services:
  svc:
    # The official v2.0 Traefik docker image
    image: traefik:v2.0.2
    # Enables the web UI and tells Traefik to listen to docker
    ports:
      # Primary inbound HTTPS traffic.
      - "443:443"
      # HTTP traffic open for the purposes of permanent redirect to HTTPS.
      - "80:80"
    deploy:
      replicas: 3
      restart_policy:
        condition: on-failure
        max_attempts: 3
        delay: 30s
        window: 60s
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.api-sec.entrypoints=websecure"
        - "traefik.http.routers.api-sec.tls=true"
        - "traefik.http.routers.api-sec.tls.options=default"
        - "traefik.http.routers.api-sec.rule=Host(`myhost`)"
        - "traefik.http.routers.api-sec.service=api@internal"
        # Now the backend service...
        - "traefik.http.services.api.loadbalancer.server.port=8080"
    secrets:
      - source: rsa_private_key
        target: /etc/certs/server.key
      - source: rsa_cert
        target: /etc/certs/server.crt
    configs:
      - source: toml_conf
        target: /etc/traefik/traefik.toml
      - source: dynamic_toml_conf
        target: /etc/dynamic_conf.toml
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
version: '3.3'
secrets:
  rsa_private_key:
    file: key.pem
  rsa_cert:
    file: crt.pem
configs:
  toml_conf:
    file: traefik.toml
  dynamic_toml_conf:
    file: dynamic_conf.toml
services:
  svc:
    # The official v2.0 Traefik docker image
    image: traefik:v2.0.2
    # Enables the web UI and tells Traefik to listen to docker
    ports:
      # Primary inbound HTTPS traffic.
      - "443:443"
      # HTTP traffic open for the purposes of permanent redirect to HTTPS.
      - "80:80"
    deploy:
      replicas: 3
      restart_policy:
        condition: on-failure
        max_attempts: 3
        delay: 30s
        window: 60s
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.api-sec.entrypoints=websecure"
        - "traefik.http.routers.api-sec.tls=true"
        - "traefik.http.routers.api-sec.tls.options=default"
        - "traefik.http.routers.api-sec.rule=Host(`myhost`)"
        - "traefik.http.routers.api-sec.service=api@internal"
        # Now the backend service...
        - "traefik.http.services.api.loadbalancer.server.port=8080"
    secrets:
      - source: rsa_private_key
        target: /etc/certs/server.key
      - source: rsa_cert
        target: /etc/certs/server.crt
    configs:
      - source: toml_conf
        target: /etc/traefik/traefik.toml
      - source: dynamic_toml_conf
        target: /etc/dynamic_conf.toml
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock