为什么traefik acme生成的证书标记为“不安全”?

时间:2018-10-05 02:01:42

标签: docker-swarm traefik

我正在尝试使用traefik启动应用程序。我有多个装有群集的容器。我可以在浏览器中访问它们,但网站标记为不安全。我尝试删除acme.json并重新生成ssl证书,但没有任何改变。

据我了解,使用ACME,证书是在引导时生成的。但是现在,就像我看到的“ Fake LE Intermediate X1”一样,它的行为就像是自签名证书一样。

这是我的配置:

logLevel="DEBUG"
debug=true
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[retry]

[api]
address=":8080"

[docker]
endpoint="unix://var/run/docker.sock"
domain = "4yourfinance.com"
watch=true
swarmMode=true
exposedByDefault = false

[acme]
email = "serviceplatform@myfeelix.de"
storage = "/etc/traefik/acme/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
entryPoint = "https"
  [acme.httpChallenge]
  entryPoint = "http"

  [[acme.domains]]
    main = "4yourfinance.com"
    sans = ["nginx.4yourfinance.com", "api-wl.4yourfinance.com"]

我的docker组成了

version: "3.3"

services:
  traefik:
    image: traefik
    ports:
      - 80:80
      - 8080:8080
      - 443:443
    networks:
      - traefik-net
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme:/etc/traefik/acme
    configs:
      - source: traefik-config
        target: /etc/traefik/traefik.toml
    deploy:
      placement:
        constraints: [engine.labels.com.role == 4yourfinance]

  nginx2:
    image: nginx
    networks:
      traefik-net:
        aliases:
          - nginx
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.backend=nginx2"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:4yourfinance.com"
      placement:
        constraints: [engine.labels.com.role == 4yourfinance]

  nginx:
    image: nginx
    networks:
      traefik-net:
        aliases:
          - nginx
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.backend=nginx"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:nginx.4yourfinance.com"
      placement:
        constraints: [engine.labels.com.role == 4yourfinance]

  nginx3:
    image: nginx
    networks:
      traefik-net:
        aliases:
          - nginx
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.backend=api-wl"
        - "traefik.port=80"
        - "traefik.frontend.rule=Host:api-wl.4yourfinance.com"
      placement:
        constraints: [engine.labels.com.role == client-feelix]

networks:
  traefik-net:
    external:
      name: traefik-net

configs:
  traefik-config:
    file: config2.toml

1 个答案:

答案 0 :(得分:0)

我正在使用暂存caServer而不是生产服务器。我还必须设置其他域: 将caServer替换为

caServer = "https://acme-v02.api.letsencrypt.org/directory"

并添加域以执行以下操作:

[[acme.domains]]
  main = "4yourfinance.com"
[[acme.domains]]
  main = "nginx.4yourfinance.com"
相关问题
最新问题