Question

我在本地计算机上出于开发目的使用Linux中的mkcert生成的自生成证书存在问题。

我已经创建

用于traefik容器的docker-compose文件，该文件将充当反向代理
一个与traefik容器连接在同一网络上的mailhog容器的docker-compose文件
一个certificate.yml文件，其中包含自行生成的证书的路径
包含所有证书的文件夹配置

以下是traefik的docker compose的代码（docker-compose.yml）

version: "2"

services:
  traefik:
    image: "traefik:v2.0.0"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --api
      - --providers.file.directory=/configuration/
      - --providers.file.watch=true
      - --providers.file.filename=certificates.yml
      - --log.level=DEBUG
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./acme.json:/acme.json"
      - ${PWD}/configuration/:/configuration/ # SSL Development certificates
      - ${PWD}/certificates.yml:/configuration/certificates.yml # SSL Development certificates
    labels:
      # Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.docker.localhost`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.docker.network=traefik_proxy"

      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    networks:
      - traefik_proxy

networks:
  traefik_proxy:
    external: true

mailhog（docker-compose-mailhog.yml）

version: "2"

services:
  mailhog:
    image: mailhog/mailhog
    labels:
      - "traefik.http.routers.mailhog.rule=Host(`mailhog.docker.localhost`)"
      - "traefik.http.services.mailhog.loadbalancer.server.port=8025"
      - "traefik.http.routers.mailhog.entrypoints=websecure"
      - "traefik.http.routers.mailhog.tls=true"
      - "traefik.docker.network=traefik_proxy"
    networks:
      - traefik_proxy

networks:
  traefik_proxy:
    external: true

certificates.yml

tls:
  certificates:
  - certFile: /configuration/traefik.docker.localhost+4.pem
    keyFile: /configuration/traefik.docker.localhost+4-key.pem
  - certFile: /configuration/whoami.docker.localhost+4-key.pem
    keyFile: /configuration/whoami.docker.localhost+4-key.pem

包含证书文件的配置文件夹

Configuration folder content

在终端上，我启动这三个命令

docker network create traefik_proxy（创建网络名称traefik_proxy）

docker-compose up -d

docker-compose -f docker-compose-mailhog.yml up -d

容器启动没有问题

当我访问traefik.docker.localhost时，证书已正确加载。绿色锁定显示在地址栏上。查看随附的屏幕截图

Green icon for traefik.docker.localhost

如何，当我访问地址mailhog.docker.localhost时，收到消息“您的连接不安全”

Mailhog page not secure

然后我点击确认 Invalid certificate

页面不安全 Inscure page

有人可以帮我解决这个问题吗？稍后我将不得不在每个容器上创建多个带有其证书的容器

我以为certificate.yml中的布局导致了此问题，但不确定...

非常感谢您的帮助

ps：

这是下载files

的链接

traefik（docker）中自行生成的证书问题

0 个答案: