Ssl Traefik入口点和默认证书
问题1 似乎表明如果我没有指定任何Ssl Traefik入口点和默认证书,ssl,traefik,Ssl,Traefik,问题1 似乎表明如果我没有指定任何certFile或keyFile,Traefik将生成一个自签名证书,并使用它 每个入口点只能设置一个defaultCertificate。使用一组方括号[],而不是普通证书所需的两个方括号如果未提供默认证书,Traefik将生成一个自签名证书,并使用它。 然而,当我尝试此操作并输入时,Chrome会出现一个SSL错误(ERR_SSL_PROTOCOL_error)。日志还显示level=error msg=“未能加载X509密钥对:tls:未能在证书输入中找到
certFile
或keyFile
,Traefik将生成一个自签名证书,并使用它
每个入口点只能设置一个defaultCertificate。使用一组方括号[],而不是普通证书所需的两个方括号如果未提供默认证书,Traefik将生成一个自签名证书,并使用它。
然而,当我尝试此操作并输入时,Chrome会出现一个SSL错误(ERR_SSL_PROTOCOL_error)。日志还显示level=error msg=“未能加载X509密钥对:tls:未能在证书输入中找到任何PEM数据”
。我是否误解了文档中的配置
这是我必须测试的代码
test.yml
version: '3.6'
services:
traefik:
image: traefik
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.port=8080"
- "traefik.frontend.rule=PathPrefixStrip:/traefik"
networks:
- traefiknet
whoami:
image: emilevauge/whoami
deploy:
labels:
- "traefik.port=80"
- "traefik.frontend.rule=PathPrefixStrip:/whoami"
networks:
- traefiknet
networks:
traefiknet:
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[api]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.https.tls.defaultCertificate]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
swarmMode = true
network = "test_traefiknet"
traefik.toml
version: '3.6'
services:
traefik:
image: traefik
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/etc/traefik/traefik.toml
deploy:
placement:
constraints:
- node.role == manager
labels:
- "traefik.port=8080"
- "traefik.frontend.rule=PathPrefixStrip:/traefik"
networks:
- traefiknet
whoami:
image: emilevauge/whoami
deploy:
labels:
- "traefik.port=80"
- "traefik.frontend.rule=PathPrefixStrip:/whoami"
networks:
- traefiknet
networks:
traefiknet:
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[api]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.https.tls.defaultCertificate]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
swarmMode = true
network = "test_traefiknet"
从以下内容开始:
docker stack deploy -c test.yml test
问题2
请注意,我还测试了如何按此页面上的内容进行操作:
如果提供了空的TLS配置,则会生成默认的自签名证书
然而,这也不起作用。但是,我的问题是,此配置与toml文件中问题1中显示的配置有什么区别?我找到了答案。我需要删除
[entryPoints.https.tls.defaultCertificate]
。不幸的是,我认为这方面的文件不是很清楚