Traefik不信任ssl证书

时间:2018-11-17 23:04:08

标签: nginx docker-compose traefik

我在实例化traefik容器以及其他4个nginx容器方面都取得了成功,这些容器可以为将我的子域路由到每个单独服务的应用程序提供服务。路由有效,并且我正在使用[acme]生成证书,但是每次我尝试进入我的任何子域时,chrome仍然给我一个错误,指出“此连接不受信任”,然后我必须点击“高级”并继续。单个应用程序可以很好地加载,但是证书有问题。

我尝试清除acme.json文件无济于事。我也曾在traefick.toml中启用onDemand,但是那也不起作用。

请帮助?

traefik.toml

# defaultEntryPoints must be at the top 
# because it should not be in any table below

defaultEntryPoints = ["http", "https"]

# Entrypoints, http and https
[entryPoints]

# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"

# https is the default
[entryPoints.https]
address = ":443"

[entryPoints.https.tls]

# Enable ACME (Let's Encrypt): automatic SSL
[acme]
email = "chris@myubercode.com"
storage = "./acme.json"
entryPoint = "https"
OnHostRule = true
acmeLogging = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[acme.httpChallenge]
entryPoint = "http"
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
[[acme.domains]]
  main = "cswilson.site"
  sans = ["profile.cswilson.site", "ecommerce.cswilson.site", "fitness.cswilson.site", "biosite.cswilson.site"]

traefikLogsFile = "/tmp/traefik.log"
logLevel = "DEBUG"
[accessLog]
filePath = "/tmp/access.log"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "cswilson.site"
watch = true
exposedbydefault = false

docker-compose.yml(用于traefik容器):

version: '3'
services:
  traefik:
    image: traefik
    command: --docker
    ports:
      - "80:80"
      - "443:443"
    restart: always
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "./traefik.toml:/traefik.toml"
      - "./acme.json:/acme.json"
    networks:
      - default

这是4个不同应用程序容器的docker-compose.yml:

version: '3'
services:
  profile:
    build: .
    image: nginx
    labels:
      - "traefik.enabled=true"
      - "traefik.backend=profile"
      - "traefik.frontend.rule=Host:profile.cswilson.site"
      - "traefik.frontend.entryPoinst=http,https"
    restart: always
    networks:
      - "traefik_default"
  fitness:
    build: .
    image: nginx
    labels:
      - "traefik.enabled=true"
      - "traefik.backend=fitness"
      - "traefik.frontend.rule=Host:fitness.cswilson.site"
      - "traefik.frontend.entryPoinst=http,https"
    restart: always
    networks:
      - "traefik_default"
  ecommerce:
    build: .
    image: nginx
    labels:
      - "traefik.enabled=true"
      - "traefik.backend=ecommerce"
      - "traefik.frontend.rule=Host:ecommerce.cswilson.site"
      - "traefik.port=80"
    restart: always
    networks:
      - "traefik_default"
  biosite:
    build: .
    image: nginx
    labels:
      - "traefik.enabled=true"
      - "traefik.backend=ecommerce"
      - "traefik.frontend.rule=Host:biosite.cswilson.site"
      - "traefik.port=80"
    restart: always
    networks:
      - "traefik_default"
networks:
  traefik_default:
    external:
      name: traefik_default

我是Docker的新手,今天早上才发现traefik,我真的不知道我是否需要某种真实的证书才能放入 [[entryPoints.http.tls.certificates]]

非常感谢您的帮助,谢谢

0 个答案:

没有答案