具有通配符域的Traefik Docker

时间:2019-03-17 03:11:53

标签: docker wildcard lets-encrypt traefik

嗨,我正在尝试通过加密ssl设置我的traefik码头

这是我的traefik.toml 

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.dashboard]
    address = ":88"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["admin:19081987"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

[api]
entrypoint="dashboard"

[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false
  [acme.httpChallenge]
  entryPoint = "http"

[docker]
domain = "mysite.com"
watch = true
network = "web"

[[acme.domains]]
   main = "mysite.com"
[[acme.domains]]
   main = "*.mysite.com"

我的docker-compose文件(带有wordpress和管理员)

version: '3.7'
services:
   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     volumes:
       - ./wordpress_files:/var/www/html
       - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
     restart: always
     networks:
       - web
     container_name: mysitewp
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: user
       WORDPRESS_DB_PASSWORD: pass
       WORDPRESS_DB_NAME: mysitedp
     labels:
       - "traefik.backend=mysitewp"
       - "traefik.docker.network=web"
       - "traefik.frontend.rule=Host:mysite.com"
       - "traefik.enable=true"
       - "traefik.port=80"

   db:
     image: mysql:5.7
     volumes:
       - ./db_data:/var/lib/mysql
     restart: always
     networks:
       - web
     container_name: mysitedb
     environment:
       MYSQL_ROOT_PASSWORD: pass
       MYSQL_DATABASE: mysitedb
       MYSQL_USER: user
       MYSQL_PASSWORD: pass

   adminer:
     image: adminer
     restart: always
     networks:
       - web
     ports:
       - 89:8080
     labels:
       - "traefik.backend=adminer"
       - "traefik.docker.network=web"
       - "hostname=adminer"
       - "traefik.frontend.rule=Host:adminer.mysite.com"
       - "traefik.enable=true"
       - "traefik.port=89"
     depends_on:
       - db

networks:
   web:
     external: true

除管理员(无法访问adminer.mysite.com我已检查traefik日志的所有信息外,其他一切正常(我可以使用https访问我的网站)

unable to generate a certificate for the domains

似乎traefik无法为通配符域(* .mysite.com)生成证书。任何具有traefik的配置通配符域,让我们进行加密吗?

2 个答案:

答案 0 :(得分:1)

  

Let's Encrypt's post中所述,通配符证书只能通过DNS-01 challenge生成。

https://docs.traefik.io/v1.7/configuration/acme/#wildcard-domains

答案 1 :(得分:0)

根据docs,您可以在手动模式下运行traefik并生成证书。

可以在配置文件中进行以下更改,

[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false

[acme.dnsChallenge]
  provider = "manual"
相关问题
最新问题