对于traefik使用docker后端时,我们只为主域生成加密证书,但不为任何子域生成证书。我已按照本指南操作:Docker and Lets Encrypt。主域名有来自加密的证书。运行带标签的docker容器时,不会生成证书。
Docker版本= 17.10,Traefik版本= traefik:1.5
这是我的traefik.toml配置:
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "email@example.com"
storage = "acme.json"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
以下是我正在使用的标签:
"traefik.backend": "test",
"traefik.docker.network": "proxy",
"traefik.enable": "true",
"traefik.frontend.rule": "Host:test.example.com",
"traefik.port": "8000"
example.com上的证书是:
Issued to: example.com
Issued by: Lets Encrypt Authority X3
并且test.example.com上的证书是:
Issued to: TRAEFIK DEFAULT CERT
Issued by: TRAEFIK DEFAULT CERT
有谁知道我做错了什么?
答案 0 :(得分:1)
这是我使用它的唯一方法:通过指定acme.domains这样
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = false
[entrypoints.traefik]
address=":8080"
[api]
dashboard = true
entryPoint = "traefik"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "email@example.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "domain1.com"
sans = ["www.domain1.com","other.domain1.com"]
[[acme.domains]]
main = "domain2.com"
sans = ["www.domain2.com","other.domain2.com"]