自分配 TLS 证书 traefik

【问题标题】:Self assigned TLS sertificate traefik自分配 TLS 证书 traefik
【发布时间】:2021-10-06 05:47:30
【问题描述】:

我的问题是自分配证书而不是 let-encrypt 证书
docker-compose.yml:

version: "3.7"

services:
  traefik:
    image: traefik
    command:
      - --api
      - --providers.docker
      - --providers.docker.exposedbydefault=false
    ports:
      - 8080:8080
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/data/traefik.yml:/etc/traefik/traefik.yml
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - public
      - private
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.dashboard.rule=Host(`dashboard.example.com`)"
        - "traefik.http.routers.dashboard.service=api@internal"
        - "traefik.http.routers.dashboard.middlewares=auth"
        - "traefik.http.middlewares.auth.basicauth.users=admin:admin"
      replicas: 1
      placement:
        constraints:
          - node.role == manager
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure

服务标签

- "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.registry.tls.domains[0].main=example.com"
- "traefik.http.routers.registry.tls.domains[0].sans=*.example.com"
- "traefik.http.routers.gites.tls.certresolver=resolver"
- "traefik.http.services.gitea-svc.loadbalancer.server.port=3000"

traefik.yml:

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

certificatesResolvers:
  resolver:
    acme:
      email: mail@example.com
      storage: acme.json
      tlsChallenge: {}

这是我在 Firefox 中得到的:

这是发生的,因为浏览器采用 traefik 默认证书,但必须有 let-encrypt 证书
通过日志级别调试我得到

level=debug msg="http: TLS handshake error from 192.168.80.1:53932: remote error: tls: bad certificate"

【问题讨论】:

    标签: docker docker-swarm tls1.2 traefik lets-encrypt


    【解决方案1】:

    我解决了我的问题

    docker-compose.yml:

    version: "3.7"


services:
  traefik:
    image: traefik:v2.2.11
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/data/traefik.yml:/etc/traefik/traefik.yml
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/data/letsencrypt:/letsencrypt
    networks:
      - public
      - private
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.rule=Host(`dashboard.example.com`)"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=web"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
      - "traefik.http.routers.traefik-secure.rule=Host(`dashboard.example.com`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=resolver"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.services.traefik.loadbalancer.server.port=8080"
      
  gitea:
    image: gitea/gitea:latest
    environment:
      - APP_NAME=Gitea
      - USER_UID=1000
      - USER_GID=1000
      - ROOT_URL=https://gitea.example.com
      - SSH_DOMAIN=gitea.example.com
      - SSH_PORT=2222
      - HTTP_PORT=3000
      - DB_TYPE=postgres
      - DB_HOST=gitea-db:5432
      - DB_NAME=gitea
      - DB_USER=gitea
      - DB_PASSWD=gitea
    volumes:
      - gitea_app:/data
    ports:
      - 2222:2222
    networks:
      - public
      - private
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitea.entrypoints=web"
      - "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
      - "traefik.http.middlewares.gitea-https-redirect.redirectscheme.scheme=websecure"
      - "traefik.http.routers.gitea.middlewares=gitea-https-redirect"
      - "traefik.http.routers.gitea-secure.entrypoints=websecure"
      - "traefik.http.routers.gitea-secure.rule=Host(`gitea.example.com`)"
      - "traefik.http.routers.gitea-secure.tls=true"
      - "traefik.http.routers.gitea-secure.tls.certresolver=resolver"
      - "traefik.http.routers.gitea-secure.service=gitea"
      - "traefik.http.services.gitea.loadbalancer.server.port=3000"
      - "traefik.docker.network=public"

  gitea-db:
    image: postgres:alpine
    volumes:
      - gitea_db:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=gitea
      - POSTGRES_PASSWORD=gitea
      - POSTGRES_DB=gitea
    networks:
      - private

    traefik.yml

    entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

api:
  dashboard: true

log:
  level: DEBUG

providers:
  docker:
    exposedbydefault: false
    endpoint: "unix:///var/run/docker.sock"
    swarmMode: true
    
certificatesResolvers:
  resolver:
    acme:
      email: mail@example.com
      storage: letsencrypt/acme.json
      httpChallenge: 
        entryPoint: web

    我还有一个用于 acme.json 文件的 letencrypt 空文件夹

    【讨论】:

      猜你喜欢
      • 2021-09-21
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2023-01-25
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode