我有一个带有MongoDB容器,python后端服务,portainer的应用程序。 Traefik用于路由到portainer和后端(一个API端点)。路由工作完美。但是,我想使用SSL,但是Traefik 2.2无法获取LetsEncrypt证书。
Dockerfile(我正在打包一个容器,以执行acme.json的chmod)
FROM traefik:v2.2
COPY traefik /etc/traefik
RUN chmod 600 /etc/traefik/acme.json
docker-compose.yml:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$$1"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$$1"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml:
[log]
level = "DEBUG"
[providers]
[providers.docker]
exposedByDefault = false
[providers.file]
directory = "/etc/traefik/dynamic"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[certificatesResolvers.lets-encrypt.acme]
storage = "/etc/traefik/acme.json"
email = "bla@mydomain.com"
[certificatesResolvers.lets-encrypt.acme.tlsChallenge]
/etc/traefik/dynamic/force-https.toml:
[http.routers]
[http.routers.force-https]
entryPoints = ["http"]
middlewares = ["force-https"]
rule = "HostRegexp(`{any:.+}`)"
service = "noop"
[http.middlewares]
[http.middlewares.force-https.redirectScheme]
scheme = "https"
[http.services]
[http.services.noop.loadBalancer]
我在日志中没有看到任何错误。但是我在浏览器中得到了这个:
ea351828037eb97754d6ed00d36a2108.e645b5289e7388055e4ecd78af554f8.traefik.default.
Fehlercode: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
有什么我想念的吗?
答案 0 :(得分:0)
我自己弄清楚了。我必须将其添加到每个服务的docker-compose文件中:
traefik.http.routers.fiverr-autocompletion.tls.domains[0].main=app.mydomain.com
然后正确的docker-compose如下所示:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$$1"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$$1"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml: