Traefik让我们为多个域加密ACME Route53

时间:2018-12-09 16:39:19

标签: lets-encrypt traefik docker-swarm-mode

我已将Traefik配置为使用DNS-01挑战颁发“让我们加密通配符证书”。

我的环境文件中有* .domain1.com(domain1.com)的变量AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_REGION,AWS_HOSTED_ZONE_ID。此AWS_HOSTED_ZONE_ID仅与domain1.com相关。

我需要添加同样在Route53中托管的新域domain2.com,以便Traefik可以为* .domain1.com和* .domain2.com颁发证书。

Traefik如何在多个Route53域中颁发Letsencrypt证书?

接下来是我的treafik.yml文件:

version: "3.6"

services:

  traefik:
    image: traefik
    env_file: /mnt/ceph/traefik/env
    command:
      - "--debug=true"
      - "--logLevel=DEBUG"
      - "--api"
      - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
      - "--entrypoints=Name:https Address::443 Compress:true TLS"
      - "--defaultentrypoints=http,https"
      - "--acme"
      - "--acme.storage=acme.json"
      - "--acme.acmeLogging=true"
      - "--acme.entryPoint=https"
      - "--acme.email=email@domain1.com"
      #- "--acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
      - "--acme.dnsChallenge.provider=route53"
      - "--acme.dnsChallenge.delayBeforeCheck=0"
      - "--acme.domains=*.domain1.com,domain1.com"
      - "--docker"
      - "--docker.domain=domain1.com"
      - "--docker.exposedByDefault=false"
      - "--docker.swarmMode"
      - "--docker.watch"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/ceph/traefik/acme.json:/acme.json
    networks:
      - backend
      - webgateway
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 8080
        published: 8080
        mode: host
    deploy:
      mode: global
      placement:
        constraints:
          - node.role == manager
      update_config:
        parallelism: 2
        failure_action: rollback
        order: start-first
        #delay: 5s
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.backend=dashboard"
        - "traefik.port=8080"
        - "traefik.frontend.rule=Host:dashboard.domain1.com"

networks:
  backend:
    name: traefik_backend
    driver: overlay
    external: true
  webgateway:
    driver: overlay

提前谢谢!

0 个答案:

没有答案