背景
我正在尝试将traefik仪表板设置为可在 sub.domain.com 访问,并通过Let的加密SSL证书自动保护它。使用下面的配置文件,我成功地设置了容器并通过https://sub.domain.com访问仪表板。
我有多个A记录指向同一个IP,这是一个VPS:
问题
加载仪表板页面后,我收到了不受信任的证书错误。
LOGS& CONFIGS
查看容器日志,我可以看到以下内容
Sub Add()
Set wb = Application.ActiveWorkbook
wb.Sheets.Add(After:=wb.Sheets(wb.Sheets.Count)).Name = "For Export"
End Sub
time="2018-01-23T04:47:53Z" level=info msg="Generating ACME Account..."
time="2018-01-23T04:48:11Z" level=debug msg="Building ACME client..."
time="2018-01-23T04:48:11Z" level=info msg=Register...
time="2018-01-23T04:48:12Z" level=debug msg=AgreeToTOS...
time="2018-01-23T04:48:12Z" level=info msg="Preparing server traefik &{Network: Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4202a2940} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2018-01-23T04:48:12Z" level=info msg="Retrieving ACME certificates..."
time="2018-01-23T04:48:12Z" level=info msg="Retrieved ACME certificates"
time="2018-01-23T04:48:12Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"bendwyer.net","TLS":null,"ExposedByDefault":false,"UseBindPortIP":false,"SwarmMode":false}"
time="2018-01-23T04:48:12Z" level=info msg="Starting server on :443"
time="2018-01-23T04:48:12Z" level=info msg="Starting server on :8080"
time="2018-01-23T04:48:12Z" level=info msg="Testing certificate renew..."
我可以看到该文件已填充了Let的加密信息,但证书部分是空白的。 acme.json
traefik.toml
defaultEntryPoints = ["http", "https"]
debug = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "name@domain.com"
storage = "acme.json"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
exposedbydefault = false
docker-compose.yml
答案 0 :(得分:0)
你必须改变你的配置:
[acme]
email = "name@domain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true # <-----------
[acme.httpChallenge]
entryPoint = "http"