Fatal编程技术网
  • ssl/
  • Ssl Traefik入口点和默认证书

Ssl Traefik入口点和默认证书

ssl

Ssl Traefik入口点和默认证书,ssl,traefik,Ssl,Traefik,问题1 似乎表明如果我没有指定任何certFile或keyFile,Traefik将生成一个自签名证书,并使用它 每个入口点只能设置一个defaultCertificate。使用一组方括号[],而不是普通证书所需的两个方括号如果未提供默认证书,Traefik将生成一个自签名证书,并使用它。 然而,当我尝试此操作并输入时,Chrome会出现一个SSL错误(ERR_SSL_PROTOCOL_error)。日志还显示level=error msg=“未能加载X509密钥对:tls:未能在证书输入中找到

问题1

似乎表明如果我没有指定任何
certFile
keyFile
,Traefik将生成一个自签名证书,并使用它

每个入口点只能设置一个defaultCertificate。使用一组方括号[],而不是普通证书所需的两个方括号如果未提供默认证书,Traefik将生成一个自签名证书,并使用它。

然而,当我尝试此操作并输入时,Chrome会出现一个SSL错误(ERR_SSL_PROTOCOL_error)。日志还显示
level=error msg=“未能加载X509密钥对:tls:未能在证书输入中找到任何PEM数据”
。我是否误解了文档中的配置

这是我必须测试的代码

test.yml

version: '3.6'
services:
  traefik:
    image: traefik
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.port=8080"
        - "traefik.frontend.rule=PathPrefixStrip:/traefik"
    networks:
      - traefiknet
  whoami:
    image: emilevauge/whoami
    deploy:
      labels:
        - "traefik.port=80"
        - "traefik.frontend.rule=PathPrefixStrip:/whoami"
    networks:
      - traefiknet
networks:
  traefiknet:

logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[api]

[entryPoints]
  [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
      [entryPoints.https.tls.defaultCertificate]

[docker]
  endpoint = "unix:///var/run/docker.sock"
  watch = true
  swarmMode = true
  network = "test_traefiknet"
traefik.toml

version: '3.6'
services:
  traefik:
    image: traefik
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.port=8080"
        - "traefik.frontend.rule=PathPrefixStrip:/traefik"
    networks:
      - traefiknet
  whoami:
    image: emilevauge/whoami
    deploy:
      labels:
        - "traefik.port=80"
        - "traefik.frontend.rule=PathPrefixStrip:/whoami"
    networks:
      - traefiknet
networks:
  traefiknet:

logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[api]

[entryPoints]
  [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
      [entryPoints.https.tls.defaultCertificate]

[docker]
  endpoint = "unix:///var/run/docker.sock"
  watch = true
  swarmMode = true
  network = "test_traefiknet"
从以下内容开始:

docker stack deploy -c test.yml test
问题2

请注意,我还测试了如何按此页面上的内容进行操作:

如果提供了空的TLS配置,则会生成默认的自签名证书

然而,这也不起作用。但是,我的问题是,此配置与toml文件中问题1中显示的配置有什么区别?

我找到了答案。我需要删除
[entryPoints.https.tls.defaultCertificate]
。不幸的是,我认为这方面的文件不是很清楚