Traefik 与 Let's Encrypt 尝试为本地主机请求证书

Question

我有 Traefik (traefik:1.7.11-alpine) 在 Docker 容器中运行，其中包含许多使用 Let's Encrypt 请求证书来保护它们的服务。这就像一个魅力。

我还启用了 Treafik Web 控制台，但未向外界公开。换句话说，它在 localhost 上运行。在日志文件中，我看到 Traefik 正在尝试为 localhost 请求证书。这是正常的吗？我可以禁用它吗？

这是错误信息

time="2019-05-27T07:03:45Z" level=error msg="Unable to obtain ACME certificate for domains \"localhost\" detected thanks to rule \"PathPrefixStrip:/traefik;Host:localhost\" : unable to generate a certificate for the domains [localhost]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:malformed :: Error creating new order :: DNS name does not have enough labels, url: "

我觉得奇怪的是 Web 控制台在 8080 上运行，并且无论如何都没有链接到 https 入口点。所以我想 Traefik 在确定它需要为哪个端点请求证书时会忽略。

这是我正在使用的配置：

logLevel = "DEBUG"

[traefikLog]

[accessLog]
  [accessLog.filters]
    statusCodes = ["0-600"]

[entryPoints]
  [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
        entryPoint = "https"

  [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
      minVersion = "VersionTLS12"
      cipherSuites = [
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_RSA_WITH_AES_256_GCM_SHA384"
      ]

  [entryPoints.traefik]
    address=":8080"
    [entryPoints.traefik.auth]
      [entryPoints.traefik.auth.basic]
        users = ["admin:$apr1$HR4Hj/Zy$fPwTS8LMBqKPpzdzGkyTa/"]

[api]
  entrypoint="traefik"
  dashboard = true
  debug = false

[docker]
  watch = true
  exposedbydefault = false
  domain = "domain.com"
  network = "web"

[acme]
  email = "info@domain.com"
  storage = "acme.json"
  entryPoint = "https"
  onHostRule = true
  [acme.httpChallenge]
    entryPoint = "http"

Answer 1

在这里为遇到此问题的任何人记录解决方案。 Traefik Docker Compose 示例设置了标签 traefik.enable=true，如果启用 Let's Encrypt，Traefik 会尝试为服务请求证书。即使对于 localhost :-( 将值设置为 false 也可以解决问题。