Traeffic,Docker和我们加密

时间:2018-07-01 19:21:07

标签: docker lets-encrypt traefik

我的网站最终可以上线之前的最后阶段-> SSL。

我使用的是Jekyll网站,使用Traefic作为反向代理,使用Docker防止“它在我的计算机上工作”,并让我们加密SSL。看文档,这应该是在公园里散步,但是(就像软件开发中的一切一样)要困难得多。

我当前的Traefic配置:

Sales

还有docker-compose文件

[entryPoints]
    [entryPoints.http]
        address = ":80"
        [entryPoints.http.redirect]
            entryPoint = "https"
            permanent = true
    [entryPoints.https]
    address = ":443"
        [entryPoints.https.tls]

[docker]
    endpoint = "unix:///var/run/docker.sock"
    domain = "johanvergeer.com"
    watch = true
    exposedByDefault = true
    usebindportip = true
    swarmMode = true
[acme]
    email = "johanvergeer@gmail.com"
    storage = "acme.json"
    entryPoint = "https"
    acmeLogging = true
    caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
    [[acme.domains]]
    main = "johanvergeer.com"
    [acme.httpChallenge]
    entryPoint = "http"
    provider = "digitalocean"

此刻,即使设置在DEBUG上,我什至在Traefic日志中也什么都没有收到。

浏览器显示错误version: "3.6" services: site: ports: - 4000:4000 image: registry.gitlab.com/johanvergeer/redgyro/site:latest deploy: labels: - traefik.site.port=4000 - traefik.enable=true - traefik.frontend.rule=Host:johanvergeer.com - traefik.frontend.entryPoints=http,https - traefik.docker.network=traefik-net - traefik.backend.loadbalancer.method=drr networks: - traefik-net reverse-proxy: image: traefik # The official Traefik docker image ports: - "80:80" # The HTTP port - "8080:8080" # The Web UI (enabled by --api) - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events - $PWD/traefik.toml:/etc/traefik/traefik.toml - $PWD/acme.json:/etc/traefik/acme.json deploy: labels: - traefik.site.port=80 - traefik.logLevel=DEBUG - traefik.docker.network=traefik-net - traefik.backend.loadbalancer.method=drr placement: constraints: - node.role == manager update_config: parallelism: 1 delay: 10s restart_policy: condition: on-failure networks: - traefik-net networks: traefik-net: name: traefik-net Your connection is not private

有人知道如何解决吗?

1 个答案:

答案 0 :(得分:0)

isinstance不接受httpChallenge参数。您可以尝试删除它。

如果这不起作用,并且您正在DigitalOcean上运行,请尝试执行dnsChallenge而不是httpChallenge。为此,请从此修改您的provider

traefik.toml

对此:

[acme.httpChallenge]
entryPoint = "http"
provider = "digitalocean"

并将[acme.dnsChallenge] provider = "digitalocean" delayBeforeCheck = 0 环境变量作为specified here传递。如果您预计以后再添加子域,DNS challenge with wildcard domains是您的理想选择。

还可以考虑从配置中删除DO_AUTH_TOKEN,以便在遇到Let's Encrypto Rate Limit进行登台时默认使用生产版本。

如果您还没有的话,也可以尝试在Let's Encrypt Community Support论坛上寻求帮助。

相关问题
最新问题