提供默认证书时“无默认证书,生成一个”

时间:2020-04-16 18:02:11

标签: ssl https ssl-certificate traefik

这可能是有关traefik和SSL配置的新手问题。 我想在traefik中使用自己的(自签名,公司等)证书。我试图按照文档进行操作,但是我不断收到以下消息:

... level = debug msg =“没有默认证书,生成一个证书”

我的traefik.toml看起来像这样:

[entryPoints]
    [entryPoints.web]
    address = ":80"

    [entryPoints.web.http]
        [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
            to = "websecure"
            scheme = "https"

    [entryPoints.websecure]
    address = ":443"

[log]
    level = "DEBUG"
[api]
    insecure = true
    dashboard = true
[providers.docker]
    exposedByDefault = false

[[tls]]
  entryPoints = ["websecure"]

[[tls.certificate]]
    certFile = "/certs/cert.crt"
    keyFile = "/certs/cert.key"

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/cert/cert.crt"
      keyFile  = "/cert/cert.key"

我的docker-compose.yml看起来像这样:

version: '3'

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.2
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $PWD/shared/traefik/etc/traefik.toml:/etc/traefik/traefik.toml
      - $PWD/shared/traefik/ssl:/certs/

  whoami:
    # A container that exposes an API to show its IP address
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.basic-auth-whoami.basicauth.users=***:***"
      - "traefik.http.middlewares.strip-whoami.stripprefix.prefixes=/whoami"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.middlewares=basic-auth-whoami@docker,strip-whoami@docker"
      - "traefik.http.routers.whoami.rule=PathPrefix(`/whoami`) && Host(`<mydomain>`)"
      - "traefik.http.services.whoami-poc-traefik.loadbalancer.server.port=80"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
      - "traefik.http.routers.whoami.tls=true"

我很确定这是一件琐碎的事情,但我无法弄清楚(toml语法和traefik概念太多,无法一次吞咽)。

1 个答案:

答案 0 :(得分:1)

通过遵循此blog

,我终于发现了什么不起作用

我必须:

  1. 将用于动态配置的文件提供程序添加到我的traefik.toml文件中:

    [providers.file]
filename = "/tls-certs.toml"

  2. 向我的docker-compose.yml文件添加卷映射:

    - $PWD/shared/traefik/etc/tls-certs.toml:/tls-certs.toml

  3. 提供一个tls-certs.toml文件:

    [[tls.certificates]] #first certificate
  certFile = "/certs/cert.crt"
  keyFile = "/certs/cert.key"
相关问题
最新问题