问题描述

这可能是一个关于 traefik 和 SSL 配置的新手问题.我想在 traefik 中使用我自己的(自签名，公司，...)证书.我试图遵循文档，但我不断收到以下消息:

This probably a newbie question regarding traefik and the SSL configuration.I'd like to use my own (self-signed, company, ...) certificates with traefik. I tried to follow the documentation, but I keep on getting the following message:

... level=debug msg="没有默认证书，生成一个"

我的 traefik.toml 看起来像这样:

My traefik.tomllooks like this:

[entryPoints]
    [entryPoints.web]
    address = ":80"

    [entryPoints.web.http]
        [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
            to = "websecure"
            scheme = "https"

    [entryPoints.websecure]
    address = ":443"

[log]
    level = "DEBUG"
[api]
    insecure = true
    dashboard = true
[providers.docker]
    exposedByDefault = false

[[tls]]
  entryPoints = ["websecure"]

[[tls.certificate]]
    certFile = "/certs/cert.crt"
    keyFile = "/certs/cert.key"

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/cert/cert.crt"
      keyFile  = "/cert/cert.key"

和我的 docker-compose.yml 看起来像这样:

and my docker-compose.yml looks like this:

version: '3'

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.2
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $PWD/shared/traefik/etc/traefik.toml:/etc/traefik/traefik.toml
      - $PWD/shared/traefik/ssl:/certs/

  whoami:
    # A container that exposes an API to show its IP address
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.basic-auth-whoami.basicauth.users=***:***"
      - "traefik.http.middlewares.strip-whoami.stripprefix.prefixes=/whoami"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.middlewares=basic-auth-whoami@docker,strip-whoami@docker"
      - "traefik.http.routers.whoami.rule=PathPrefix(`/whoami`) && Host(`<mydomain>`)"
      - "traefik.http.services.whoami-poc-traefik.loadbalancer.server.port=80"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
      - "traefik.http.routers.whoami.tls=true"

我很确定这是一件微不足道的，但我想不通(toml 语法和 traefik 概念都太难理解了).

I am quite sure this is something trivial but I can't figure it out (both the toml syntax and traefik concepts being a too much to swallow at once).

推荐答案

我终于发现了以下内容不起作用 博客

I finally found out what was not working by following this blog

我不得不:

1. 将动态配置的文件提供程序添加到我的 traefik.toml 文件:

[providers.file]
filename = "/tls-certs.toml"

- $PWD/shared/traefik/etc/tls-certs.toml:/tls-certs.toml

[[tls.certificates]] #first certificate
  certFile = "/certs/cert.crt"
  keyFile = "/certs/cert.key"

这篇关于“无默认证书，生成一个"当提供默认证书时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！