如何解决“无法在键输入中找到任何PEM数据”错误?

时间:2019-02-15 18:13:43

标签: traefik

我正在使用Docker Swarm为Traefik设置HTTPS提供的证书,并且不会加载失败的failed to find any PEM data in key input

我尝试使用相对路径和绝对路径进行设置(请参阅https://github.com/containous/traefik/issues/2001),但似乎无法解决问题。

我使用的证书是自签名的,但是可以与Nginx完美结合。

Traefik配置在撰写中

version: "3.6"

services:

  traefik:
    image: traefik
    command:
      - "--defaultentrypoints=http,https"
      - "--docker"
      - "--docker.swarmMode"
      - "--docker.exposedByDefault=false"
      - "--docker.domain=sdb.it"
      - "--docker.watch"
      - "--entryPoints='Name:http Address::80 Redirect.EntryPoint:https'"
      - "--entryPoints='Name:https Address::443 TLS:/etc/ssl/certs/sonarqube.crt,/etc/ssl/certs/sonarqube.key'"
      - "--loglevel=DEBUG"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    ports:
      - 80:80
      - 443:443
    networks:
      - traefik
    secrets:
      - source: sdbit-sonarqube-docker.sdb.it.crt
        target: /etc/ssl/certs/sonarqube.crt
        mode: 644
      - source: sdbit-sonarqube-docker.sdb.it.key
        target: /etc/ssl/certs/sonarqube.key
        mode: 644
    deploy:
      placement:
        constraints:
          - node.role == manager

volumes:
  certificates:
    external: true
networks:
  traefik:
    external: true
secrets:
  sdbit-sonarqube-docker.sdb.it.crt:
    external: true
  sdbit-sonarqube-docker.sdb.it.key:
    external: true

这是Traefik日志:

time="2019-02-15T17:57:51Z" level=info msg="No tls.defaultCertificate given for : using the first item in tls.certificates as a fallback.",
time="2019-02-15T17:57:51Z" level=info msg="Traefik version v1.7.9 built on 2019-02-11_11:36:32AM",
time="2019-02-15T17:57:51Z" level=debug msg="Global configuration loaded {\"LifeCycle\":{\"RequestAcceptGraceTimeout\":0,\"GraceTimeOut\":10000000000},\"GraceTimeOut\":0,\"Debug\":false,\"CheckNewVersion\":true,\"SendAnonymousUsage\":false,\"AccessLogsFile\":\"\",\"AccessLog\":null,\"TraefikLogsFile\":\"\",\"TraefikLog\":null,\"Tracing\":null,\"LogLevel\":\"DEBUG\",\"EntryPoints\":{\"\":{\"Address\":\":443\",\"TLS\":{\"MinVersion\":\"\",\"CipherSuites\":null,\"Certificates\":[{\"CertFile\":\"certs/sonarqube.crt\",\"KeyFile\":\"certs/sonarqube.key'\"}],\"ClientCAFiles\":null,\"ClientCA\":{\"Files\":null,\"Optional\":false},\"DefaultCertificate\":{\"CertFile\":\"certs/sonarqube.crt\",\"KeyFile\":\"certs/sonarqube.key'\"},\"SniStrict\":false},\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}}},\"Cluster\":null,\"Constraints\":[],\"ACME\":null,\"DefaultEntryPoints\":[\"http\",\"https\"],\"ProvidersThrottleDuration\":2000000000,\"MaxIdleConnsPerHost\":200,\"IdleTimeout\":0,\"InsecureSkipVerify\":false,\"RootCAs\":null,\"Retry\":null,\"HealthCheck\":{\"Interval\":30000000000},\"RespondingTimeouts\":null,\"ForwardingTimeouts\":null,\"AllowMinWeightZero\":false,\"KeepTrailingSlash\":false,\"Web\":null,\"Docker\":{\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"sdb.it\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":true,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15},\"File\":null,\"Marathon\":null,\"Consul\":null,\"ConsulCatalog\":null,\"Etcd\":null,\"Zookeeper\":null,\"Boltdb\":null,\"Kubernetes\":null,\"Mesos\":null,\"Eureka\":null,\"ECS\":null,\"Rancher\":null,\"DynamoDB\":null,\"ServiceFabric\":null,\"Rest\":null,\"API\":null,\"Metrics\":null,\"Ping\":null,\"HostResolver\":null}",
time="2019-02-15T17:57:51Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n",
time="2019-02-15T17:57:51Z" level=error msg="failed to load X509 key pair: tls: failed to find any PEM data in certificate input",
time="2019-02-15T17:57:51Z" level=info msg="Preparing server  &{Address::443 TLS:0xc000283290 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000512540} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s",
time="2019-02-15T17:57:51Z" level=error msg="Unable to add a certificate to the entryPoint \"\" : unable to generate TLS certificate : tls: failed to find any PEM data in certificate input",
time="2019-02-15T17:57:51Z" level=info msg="Starting provider configuration.ProviderAggregator {}",
time="2019-02-15T17:57:51Z" level=info msg="Starting server on :443",
time="2019-02-15T17:57:51Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"sdb.it\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":true,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15}",
time="2019-02-15T17:57:51Z" level=debug msg="Provider connection established with docker 18.09.0 (API 1.39)",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_alertmanager.1",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container portainer_portainer.1",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_cadvisor.02f9e4aqq9h8p5wxtvebrpdmi",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_cadvisor.3wjdodinomlez4o034htgxq4f",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_cadvisor.6qextrzc6c3mli99sl5qs8sj7",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_cadvisor.epwzjchzyldg35bp7zh83h2l8",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_cadvisor.fex6ncwmfhrs4mp8g3iwk2yxb",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_prometheus.1",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container sonarqube-glf-dev_sonarqube.1",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container sonarqube-glf-dev_db.1",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container portainer_agent.dm14e8f833zvl3iov8c7ejlui",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container portainer_agent.f61gqjypxiepukygmba1kjwi1",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container portainer_agent.iei6yqpdqfqm6okwmp54pbdt8",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container portainer_agent.oej5oojf7vhp17hi0h0notgjd",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container portainer_agent.oxa7l6ahqpo4mu5j0zoh4puf9",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_node-exporter.hzarmo2gu75r0mrmwtfeitbok",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_node-exporter.igb6gb1yb313gky7j3t9idc8k",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_node-exporter.oyr1umf2pp7bdkvuez7nz8m54",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_node-exporter.v7q6iugofokx59254h537tvnz",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_node-exporter.v9d4wnwgvlcfytgk4de1ys1k6",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container prometheus_grafana.1",
time="2019-02-15T17:57:51Z" level=debug msg="Filtering disabled container gitlab-runner_gitlab-runner.1",
time="2019-02-15T17:57:51Z" level=debug msg="Configuration received from provider docker: {}",
time="2019-02-15T17:57:51Z" level=error msg="failed to load X509 key pair: tls: failed to find any PEM data in certificate input",
time="2019-02-15T17:57:51Z" level=info msg="Server configuration reloaded on :443",

1 个答案:

答案 0 :(得分:1)

回答我自己的问题:这就是我在上面的Compose文件中传递命令行参数的方式。

Traefik这样不接受证书:

      - "--defaultentrypoints=http,https"
      - "--docker"
      - "--docker.swarmMode"
      - "--docker.exposedByDefault=false"
      - "--docker.domain=sdb.it"
      - "--docker.watch"
      - "--entryPoints='Name:http Address::80 Redirect.EntryPoint:https'"
      - "--entryPoints='Name:https Address::443 TLS:/etc/ssl/certs/sonarqube.crt,/etc/ssl/certs/sonarqube.key'"
      - "--loglevel=DEBUG"

但是,如果您删除了我错误地放在entryPoints参数中的引号,它会做到:

    command:
      - --defaultentrypoints=http,https
      - --docker
      - --docker.swarmMode
      - --docker.exposedByDefault=false
      - --docker.domain=sdb.it
      - --docker.watch
      - --entryPoints=Name:http Address::80 Redirect.EntryPoint:https
      - --entryPoints=Name:https Address::443 TLS:/etc/ssl/certs/sonarqube.crt,/etc/ssl/certs/sonarqube.key
相关问题
最新问题