Ssl 有没有办法让一些traefik服务自己管理tls证书?
我将尝试为以下内容配置traefik: 1) server.example.com-->traefik-->httpChallengeToLetsEncrypt 2) 客户端-->traefik(passthrough tls)-->server.example.com(使用let's encrypt) 注意:traefik在example.com级别接收其请求 正在发生的事情: 1) 只有在traefik不管理let's encrypt certificates本身时才能正常工作(否则它不会传输路径前缀以“.well-known/acme challenge”开头的任何请求):-\) 2) 不适用于tcp路由器的以下配置:Ssl 有没有办法让一些traefik服务自己管理tls证书?,ssl,traefik,Ssl,Traefik,我将尝试为以下内容配置traefik: 1) server.example.com-->traefik-->httpChallengeToLetsEncrypt 2) 客户端-->traefik(passthrough tls)-->server.example.com(使用let's encrypt) 注意:traefik在example.com级别接收其请求 正在发生的事情: 1) 只有在traefik不管理let's encrypt certificates本身时才能正常工作(否则它不会传
tcp:
routers:
example:
entryPoints:
- web-secure
rule: "HostSNI(`server.example.com`)"
service: example
tls:
passthrough: true
services:
example:
loadBalancer:
servers:
- url: "https://192.168.0.1:443/"
您将如何让一个或多个服务自行管理其let's encrypt证书?
有没有可能在traefik同时管理let’s encrypt certificates或者第1点提到的问题是redibitory
致以最良好的祝愿
jmc使用
tls.passthrough=true
和tcp
路由器,而不是http
下面是一个完整的示例,apache负责自己的证书
特拉菲克从不碰它们
version: "3"
services:
traefik:
image: traefik
command:
- --api.insecure=true
- --providers.docker=true
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- traefik.http.routers.api.rule=Host(`traefik.docker.local`)
- traefik.http.routers.api.service=api@internal
whoami:
image: containous/whoami
labels:
- traefik.http.routers.whoami.rule=Host(`whoami.docker.local`)
- traefik.http.routers.whoami.service=whoami@docker
- traefik.http.services.whoami.loadbalancer.server.port=80
apache:
build: php-apache
depends_on: [traefik]
env_file: ./php-apache/env
volumes:
- "./php-apache/cert/haproxy/:/etc/ssl/haproxy/"
- "./php-apache/cert/private/:/etc/ssl/private/"
- "./php-apache/cert/trusted/:/usr/local/share/ca-certificates/"
- "./php-apache/conf/:/etc/apache2/conf-enabled/"
- "./php-apache/log/:/var/log/apache2/"
- "./php-apache/sites/available/:/etc/apache2/sites-available/"
- "./php-apache/sites/enabled/:/etc/apache2/sites-enabled/"
- "./php-apache/www/:/var/www/"
labels:
- "traefik.http.routers.apache.entrypoints=http"
- "traefik.http.routers.apache.priority=1"
- "traefik.http.routers.apache.rule=HostRegexp(`{catchall:.*}`)"
- "traefik.http.routers.apache.service=apache@docker"
- "traefik.http.services.apache.loadbalancer.server.port=80"
- "traefik.tcp.routers.apache.entrypoints=https"
- "traefik.tcp.routers.apache.rule=HostSNI(`*`)"
- "traefik.tcp.routers.apache.service=apache@docker"
- "traefik.tcp.routers.apache.tls.passthrough=true"
- "traefik.tcp.services.apache.loadbalancer.server.port=443"
非常感谢。你说“使用tls.passthrough=true和tcp路由器而不是http”,但我确实这么做了。在您的示例中,apache不使用let's encrypt进行http质询。如果在同一配置中有多台apache服务器,您会用什么规则来代替这个规则:“traefik.tcp.routers.apache.rule=HostSNI(*
)”?