提供默认证书时“无默认证书,生成一个”

【问题标题】:"No default certificate, generating one" when a default certificate is provided提供默认证书时“无默认证书,生成一个”
【发布时间】:2020-04-16 18:02:11
【问题描述】:

这可能是关于 traefik 和 SSL 配置的新手问题。 我想在 traefik 中使用我自己的(自签名、公司、...)证书。我尝试按照文档进行操作,但我不断收到以下消息:

... level=debug msg="没有默认证书,正在生成一个"

我的traefik.toml看起来像这样:

[entryPoints]
    [entryPoints.web]
    address = ":80"

    [entryPoints.web.http]
        [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
            to = "websecure"
            scheme = "https"

    [entryPoints.websecure]
    address = ":443"

[log]
    level = "DEBUG"
[api]
    insecure = true
    dashboard = true
[providers.docker]
    exposedByDefault = false

[[tls]]
  entryPoints = ["websecure"]

[[tls.certificate]]
    certFile = "/certs/cert.crt"
    keyFile = "/certs/cert.key"

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/cert/cert.crt"
      keyFile  = "/cert/cert.key"

我的docker-compose.yml 看起来像这样:

version: '3'

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.2
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $PWD/shared/traefik/etc/traefik.toml:/etc/traefik/traefik.toml
      - $PWD/shared/traefik/ssl:/certs/

  whoami:
    # A container that exposes an API to show its IP address
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.basic-auth-whoami.basicauth.users=***:***"
      - "traefik.http.middlewares.strip-whoami.stripprefix.prefixes=/whoami"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.middlewares=basic-auth-whoami@docker,strip-whoami@docker"
      - "traefik.http.routers.whoami.rule=PathPrefix(`/whoami`) && Host(`<mydomain>`)"
      - "traefik.http.services.whoami-poc-traefik.loadbalancer.server.port=80"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.redirs.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.redirs.entrypoints=web"
      - "traefik.http.routers.redirs.middlewares=redirect-to-https"
      - "traefik.http.routers.whoami.tls=true"

我很确定这是一件琐碎的事情,但我想不通(toml 语法和 traefik 概念都难以同时接受)。

【问题讨论】:

    标签: ssl https ssl-certificate traefik


    【解决方案1】:

    通过关注blog,我终于发现了什么不起作用

    我不得不:

    1. 将动态配置的文件提供程序添加到我的traefik.toml 文件中:

      [providers.file]
filename = "/tls-certs.toml"

    2. 将卷映射添加到我的docker-compose.yml 文件:

      - $PWD/shared/traefik/etc/tls-certs.toml:/tls-certs.toml

    3. 提供tls-certs.toml 文件:

      [[tls.certificates]] #first certificate
  certFile = "/certs/cert.crt"
  keyFile = "/certs/cert.key"

    【讨论】:

    • 谢谢。你救了我的周末。文件提供程序是我的游牧模板没有重新加载自身的问题。
    猜你喜欢
    • 1970-01-01
    • 2013-09-12
    • 2015-06-21
    • 2020-07-19
    • 2014-09-02
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2021-03-25
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode