自分配 TLS 证书 traefik
我的问题是自分配证书而不是让加密证书
docker-compose.yml:
version: "3.7"
services:
traefik:
image: traefik
command:
- --api
- --providers.docker
- --providers.docker.exposedbydefault=false
ports:
- 8080:8080
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/data/traefik.yml:/etc/traefik/traefik.yml
- /var/run/docker.sock:/var/run/docker.sock
networks:
- public
- private
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`dashboard.example.com`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:admin"
replicas: 1
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
服务标签
- "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.registry.tls.domains[0].main=example.com"
- "traefik.http.routers.registry.tls.domains[0].sans=*.example.com"
- "traefik.http.routers.gites.tls.certresolver=resolver"
- "traefik.http.services.gitea-svc.loadbalancer.server.port=3000"
traefik.yml:
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
resolver:
acme:
email: mail@example.com
storage: acme.json
tlsChallenge: {}
这是我在 Firefox 中得到的:
发生这种情况,因为浏览器采用 traefik 默认证书,但必须有 let-encrypt 证书
使用日志级别调试我得到
level=debug msg="http: TLS handshake error from 192.168.80.1:53932: remote error: tls: bad certificate"
1 个答案:
答案 0 :(得分:0)
我解决了我的问题
docker-compose.yml:
version: "3.7"
services:
traefik:
image: traefik:v2.2.11
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/data/traefik.yml:/etc/traefik/traefik.yml
- /var/run/docker.sock:/var/run/docker.sock
- /etc/data/letsencrypt:/letsencrypt
networks:
- public
- private
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=web"
- "traefik.http.routers.traefik.rule=Host(`dashboard.example.com`)"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=web"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=websecure"
- "traefik.http.routers.traefik-secure.rule=Host(`dashboard.example.com`)"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=resolver"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
gitea:
image: gitea/gitea:latest
environment:
- APP_NAME=Gitea
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=https://gitea.example.com
- SSH_DOMAIN=gitea.example.com
- SSH_PORT=2222
- HTTP_PORT=3000
- DB_TYPE=postgres
- DB_HOST=gitea-db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
volumes:
- gitea_app:/data
ports:
- 2222:2222
networks:
- public
- private
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitea.entrypoints=web"
- "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
- "traefik.http.middlewares.gitea-https-redirect.redirectscheme.scheme=websecure"
- "traefik.http.routers.gitea.middlewares=gitea-https-redirect"
- "traefik.http.routers.gitea-secure.entrypoints=websecure"
- "traefik.http.routers.gitea-secure.rule=Host(`gitea.example.com`)"
- "traefik.http.routers.gitea-secure.tls=true"
- "traefik.http.routers.gitea-secure.tls.certresolver=resolver"
- "traefik.http.routers.gitea-secure.service=gitea"
- "traefik.http.services.gitea.loadbalancer.server.port=3000"
- "traefik.docker.network=public"
gitea-db:
image: postgres:alpine
volumes:
- gitea_db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- private
traefik.yml
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
api:
dashboard: true
log:
level: DEBUG
providers:
docker:
exposedbydefault: false
endpoint: "unix:///var/run/docker.sock"
swarmMode: true
certificatesResolvers:
resolver:
acme:
email: mail@example.com
storage: letsencrypt/acme.json
httpChallenge:
entryPoint: web
我还有一个用于 acme.json 文件的 letencrypt 空文件夹
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?