Docker,Traefik 2.2和默认证书

时间:2020-06-14 16:22:50

标签: docker traefik

问题:为什么Traefik不使用我的通配符证书(如我的traefik.yml文件中概述的那样),而是坚持生成自己的通配符?

docker-compose.yml 

version: '3'

services:

  traefik:
    image: traefik:2.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $PWD/traefik.yml:/etc/traefik/traefik.yml:ro
      - $PWD/certs:/certs
    labels:
      - traefik.enable=true
      - traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https
      - traefik.http.routers.traefik.middlewares=traefik-https-redirect
      - traefik.http.routers.traefik-secure.entrypoints=https
      - traefik.http.routers.traefik-secure.rule=Host("traefik.network.lan")
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.service=api@internal

networks:
  proxy:
    external: true

$PWD/traefik.yml 

global:
  checkNewVersion: true
  sendAnonymousUsage: true



log:
  level: DEBUG

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    swarmMode: false

tls:

  certificates:
    - certFile: /certs/wildcard.crt
      keyFile: /certs/wildcard.key
      stores:
        - default

  stores:
    default:
      defaultCertificate:
        certFile: /certs/wildcard.crt
        keyFile: /certs/wildcard.key

  options:
    default:
      minVersion: VersionTLS12
      preferServerCipherSuites: true

    mintls13:
      minVersion: VersionTLS13

accessLog: {}

我已连接到traefik容器以验证/etc/traefik/traefik.yml/certs中的两个证书是否存在。当我查看traefik容器的日志时,在启动过程中会看到以下一行(注意调试级别,表明确实在读取我的配置 

traefik    | time="2020-06-14T17:01:51Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml"
traefik    | time="2020-06-14T17:01:51Z" level=info msg="Traefik version 2.2.1 built on 2020-04-29T18:02:09Z"
...
traefik    | time="2020-06-14T17:01:51Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}}},\"tcp\":{},\"tls\":{}}" providerName=internal
traefik    | time="2020-06-14T17:01:51Z" level=debug msg="No default certificate, generating one"
...
traefik    | time="2020-06-14T17:01:51Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik    | time="2020-06-14T17:01:51Z" level=debug msg="No default certificate, generating one"

2 个答案:

答案 0 :(得分:1)

我认为问题出在traefik.yml文件中。证书应该是动态配置的一部分,请参见https://docs.traefik.io/https/tls/#user-defined

这意味着,您需要做两件事:

  1. 另一个配置文件,例如certs.yml并移动tls部分(包括certificatesstoresoptions部分)
  2. 将另一个提供程序添加到您的traefik.yml文件中,例如
providers:
  docker:
    ...
  file:
    filename: /path/to/certs.yml

答案 1 :(得分:0)

似乎您的配置未正确加载,请尝试使用配置文件显式配置traefik,将以下args绕过traefik命令。 

- '--providers.file.filename=/etc/traefik/traefik.yml'
相关问题
最新问题