Traefik v2.0使用自签名证书的问题

时间:2019-10-20 21:36:50

标签: https docker-compose traefik self-signed-certificate

我正在尝试使用traefik设置docker以在本地主机上使用自签名证书

我正在本地计算机上开发,我想将docker与traefik一起使用。我遇到的问题是我无法获得自签名证书来使用我的设置。我需要有人指出我正确的方向!

浏览器中显示的证书始终是TRAEFIK DEFAULT CERT或进入我的域时找不到404页面

我的docker-compose.yaml

version: "3.7"

services:
    mariadb:
        image: wodby/mariadb:$MARIADB_TAG
        container_name: "${PROJECT_NAME}_mariadb"
        stop_grace_period: 30s
        environment:
            MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
            MYSQL_DATABASE: $DB_NAME
            MYSQL_USER: $DB_USER
            MYSQL_PASSWORD: $DB_PASSWORD
        ports:
            - 3306:3306
        volumes:
            #      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
            - mysql:/var/lib/mysql # I want to manage volumes manually.

    php:
        image: wodby/wordpress-php:$PHP_TAG
        container_name: "${PROJECT_NAME}_php"
        environment:
            PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
            DB_HOST: $DB_HOST
            DB_USER: $DB_USER
            DB_PASSWORD: $DB_PASSWORD
            DB_NAME: $DB_NAME
            PHP_FPM_USER: wodby
            PHP_FPM_GROUP: wodby
        ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
        #      PHP_XDEBUG: 1
        #      PHP_XDEBUG_DEFAULT_ENABLE: 1
        #      PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
        #      PHP_IDE_CONFIG: serverName=my-ide
        #      PHP_XDEBUG_IDEKEY: "my-ide"
        #      PHP_XDEBUG_REMOTE_HOST: 172.17.0.1 # Linux
        #      PHP_XDEBUG_REMOTE_HOST: 10.254.254.254 # macOS
        #      PHP_XDEBUG_REMOTE_HOST: 10.0.75.1 # Windows
        volumes:
            #        - ./app:/var/www/html
            ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
    #      - docker-sync:/var/www/html # Docker-sync
    ## For XHProf and Xdebug profiler traces
    #      - files:/mnt/files

    nginx:
        image: wodby/nginx:$NGINX_TAG
        container_name: "${PROJECT_NAME}_nginx"
        depends_on:
            - php
        environment:
            NGINX_STATIC_OPEN_FILE_CACHE: "off"
            NGINX_ERROR_LOG_LEVEL: debug
            NGINX_BACKEND_HOST: php
            NGINX_VHOST_PRESET: wordpress
            #NGINX_SERVER_ROOT: /var/www/html/subdir
        volumes:
            #    - ./app:/var/www/html
            # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
        #      - docker-sync:/var/www/html # Docker-sync
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_nginx.tls=true"
            # - "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certResolver=${PROJECT_BASE_URL}"

    mailhog:
        image: mailhog/mailhog
        container_name: "${PROJECT_NAME}_mailhog"
        labels:
            - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
            -"traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

    portainer:
        image: portainer/portainer
        container_name: "${PROJECT_NAME}_portainer"
        command: --no-auth -H unix:///var/run/docker.sock
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"

    traefik:
        image: traefik:v2.0
        container_name: "${PROJECT_NAME}_traefik"
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080" # Dashboard
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik:/etc/traefik
            - ./certs:/certs
volumes:
    mysql:
## Docker-sync for macOS users
#  docker-sync:
#    external: true
## For Xdebug profiler
#  files:

我的traefik.yml

providers:
    file:
        filename: "/etc/traefik/config.yml"
    docker:
        endpoint: "unix:///var/run/docker.sock"

api:
    insecure: true

entryPoints:
    web:
        address: ":80"

    web-secure:
        address: ":443"

还有我的config.yml(我知道tls的配置必须在单独的文件中!!)

tls:
    certificates:
        - certFile: /certs/domain.test.crt
        - certKey: /certs/domain.test.key

2 个答案:

答案 0 :(得分:0)

我已经对此进行了一段时间的争夺,并且似乎已经找到了使之有效的组合,请注意,您不需要不需要在单独的文件中包含TLS配置。 / p>

[provider]
  [provider.file]
    # This file
    filename = "/etc/traefik/traefik.toml"

[tls.stores.default.defaultCertificate]
  certFile = "/certs/mycert.crt"
  keyFile = "/certs/mycert.key"  

答案 1 :(得分:0)

我现在已经解决了。我最终的docker-compose.yml看起来像这样

非常感谢@fffnite

version: "3.7"

services:
    mariadb:
        image: wodby/mariadb:$MARIADB_TAG
        container_name: "${PROJECT_NAME}_mariadb"
        stop_grace_period: 30s
        environment:
            MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
            MYSQL_DATABASE: $DB_NAME
            MYSQL_USER: $DB_USER
            MYSQL_PASSWORD: $DB_PASSWORD
        ports:
            - 3306:3306
        volumes:
            #      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
            - mysql:/var/lib/mysql # I want to manage volumes manually.

    php:
        image: wodby/wordpress-php:$PHP_TAG
        container_name: "${PROJECT_NAME}_php"
        environment:
            PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
            DB_HOST: $DB_HOST
            DB_USER: $DB_USER
            DB_PASSWORD: $DB_PASSWORD
            DB_NAME: $DB_NAME
            PHP_FPM_USER: wodby
            PHP_FPM_GROUP: wodby
        ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
        #      PHP_XDEBUG: 1
        #      PHP_XDEBUG_DEFAULT_ENABLE: 1
        #      PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
        #      PHP_IDE_CONFIG: serverName=my-ide
        #      PHP_XDEBUG_IDEKEY: "my-ide"
        #      PHP_XDEBUG_REMOTE_HOST: 172.17.0.1 # Linux
        #      PHP_XDEBUG_REMOTE_HOST: 10.254.254.254 # macOS
        #      PHP_XDEBUG_REMOTE_HOST: 10.0.75.1 # Windows
        volumes:
            #        - ./app:/var/www/html
            ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
    #      - docker-sync:/var/www/html # Docker-sync
    ## For XHProf and Xdebug profiler traces
    #      - files:/mnt/files

    nginx:
        image: wodby/nginx:$NGINX_TAG
        container_name: "${PROJECT_NAME}_nginx"
        depends_on:
            - php
        environment:
            NGINX_STATIC_OPEN_FILE_CACHE: "off"
            NGINX_ERROR_LOG_LEVEL: debug
            NGINX_BACKEND_HOST: php
            NGINX_VHOST_PRESET: wordpress
            #NGINX_SERVER_ROOT: /var/www/html/subdir
        volumes:
            #    - ./app:/var/www/html
            # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
        #      - docker-sync:/var/www/html # Docker-sync
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=web"
            - "traefik.http.middlewares.${PROJECT_NAME}_https_nginx.redirectscheme.scheme=https"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.entrypoints=web-secure"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.tls=true"

    mailhog:
        image: mailhog/mailhog
        container_name: "${PROJECT_NAME}_mailhog"
        labels:
            - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
            - "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

    portainer:
        image: portainer/portainer
        container_name: "${PROJECT_NAME}_portainer"
        command: --no-auth -H unix:///var/run/docker.sock
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"

    traefik:
        image: traefik:v2.0
        container_name: "${PROJECT_NAME}_traefik"
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080" # Dashboard
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik:/etc/traefik
            - ./certs:/certs
volumes:
    mysql:
## Docker-sync for macOS users
#  docker-sync:
#    external: true
## For Xdebug profiler
#  files: