我让特拉菲克(traefik:1.7.11-alpine)在Docker容器中运行,其中包含许多服务,使用“让我们加密”来请求证书以保护它们。就像魅力一样。
我还启用了Treafik Web控制台,但是没有暴露给外界。换句话说,它在本地主机上运行。在日志文件中,我看到Traefik正在尝试为本地主机请求证书。这正常吗?我可以禁用它吗?
这是错误消息
time="2019-05-27T07:03:45Z" level=error msg="Unable to obtain ACME certificate for domains \"localhost\" detected thanks to rule \"PathPrefixStrip:/traefik;Host:localhost\" : unable to generate a certificate for the domains [localhost]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:malformed :: Error creating new order :: DNS name does not have enough labels, url: "
对此我感到奇怪的是,Web控制台正在8080上运行,并且始终未链接到https入口点。因此,我可以想象Traefik在确定需要为哪个端点请求证书时会忽略它。
这是我正在使用的配置:
logLevel = "DEBUG"
[traefikLog]
[accessLog]
[accessLog.filters]
statusCodes = ["0-600"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
[entryPoints.traefik]
address=":8080"
[entryPoints.traefik.auth]
[entryPoints.traefik.auth.basic]
users = ["admin:$apr1$HR4Hj/Zy$fPwTS8LMBqKPpzdzGkyTa/"]
[api]
entrypoint="traefik"
dashboard = true
debug = false
[docker]
watch = true
exposedbydefault = false
domain = "domain.com"
network = "web"
[acme]
email = "info@domain.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
答案 0 :(得分:0)
只需在这里为遇到此问题的任何人记录解决方案。 Traefik Docker Compose示例设置了标签traefik.enable=true,如果启用了Let's Encrypt,则Traefik会尝试为该服务请求证书。即使对于localhost :-(将值设置为false也可以解决问题。