我尝试将traefik配置为可通过admin.example.com访问的我的弹性集群的前端。我可以在acme.json中看到它具有正确的证书,并且docker日志告诉我“ elastic_traefik.1.ht9otlhc49f9@deleted.hostname.com | time =“ 2020-04-19T04:29:09Z” level = debug msg =“为域admin.example.com添加证书“”
但是当我尝试通过cURL访问它时,我得到curl: (60) SSL certificate problem: unable to get local issuer certificate和openssl s_client揭示
Certificate chain
0 s:/CN=TRAEFIK DEFAULT CERT
i:/CN=TRAEFIK DEFAULT CERT
并且日志确实显示msg="Serving default cert for request: \"\""
docker-compose.yml的相关部分:
elasticsearch:
networks:
- elastic
labels:
- "traefik.docker.network=elastic"
- "traefik.frontend.rule=Host:admin.example.com"
- "traefik.enable=true"
- "traefik.port=9200"
- "traefik.frontend.entryPoints=http,https"
- "traefik.default.protocol=http"
- "traefik.backend=elasticsearch"
deploy:
mode: 'global'
traefik:
image: traefik:v1.7
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik:/etc/traefik"
labels:
- "traefik.enable=true"
- "traefik.backend=dashboard"
- "traefik.frontend.rule=Host:admin.example.com" #change it
- "traefik.port=8083"
networks:
- elastic
traefik.toml:
logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.admin]
address = ":8083"
[entryPoints.admin.auth]
[entryPoints.admin.auth.basic]
users = [
"test:$apr1$K8RmlfSZ$zOnm8Bdc7ohhbFVqUVkny."
]
[retry]
[api]
entryPoint = "admin"
dashboard = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "admin.example.com"
watch = true
exposedByDefault = false
[acme]
email = "example@gmail.com"
entryPoint = "https"
storage = "/etc/traefik/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
delayBeforeCheck = 0
[[acme.domains]]
main = "admin.example.com"