用于多个子域的Traefik - TLS证书不起作用。
用于多个子域的Traefik - TLS证书不起作用。
提问于 2020-06-15 08:04:06
我正在使用traefik作为我的潜艇的反向代理。我想使用部署,类似于这样的堆栈:
proxy
- Nextcloud
- Redis:
- Traefik :反向
- Postgres: Nextcloud Db
- Gogs : VCS
- Postgres : Gogs Db
F 213
我的作文如下:
version: "3.3"
volumes:
nextcloud-www:
driver: local
nextcloud-db:
driver: local
nextcloud-redis:
driver: local
letsencrypt:
driver: local
gogs-data:
driver: local
gogs-db:
driver: local
services:
#Traefik
traefik:
image: traefik
container_name: traefik
restart: unless-stopped
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=myemail@email.email"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- nextcloud
- gogs
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
labels:
traefik.enable: true
# Nextcloud
nextcloud:
image: nextcloud
container_name: nextcloud
restart: unless-stopped
networks:
- nextcloud
depends_on:
- nextcloud_redis
- nextcloud_db
labels:
traefik.enable: true
traefik.http.routers.nextcloud.middlewares: nextcloud,nextcloud_redirect
traefik.http.routers.nextcloud.tls.certresolver: myresolver
traefik.http.routers.nextcloud.rule: Host(`cloud.mydomain.fr`)
traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue: ALLOW-FROM https://mydomain.fr
traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy: frame-ancestors 'self' mydomain.fr *.mydomain.fr
traefik.http.middlewares.nextcloud.headers.stsSeconds: 155520011
traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains: true
traefik.http.middlewares.nextcloud.headers.stsPreload: true
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
environment:
POSTGRES_HOST: nextcloud_db
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: password
NEXTCLOUD_ADMIN_USER: dimitri_admin
NEXTCLOUD_ADMIN_PASSWORD: password
REDIS_HOST: nextcloud_redis
NEXTCLOUD_TRUSTED_DOMAINS: cloud.mydomain.fr
TRUSTED_PROXIES: 172.18.0.0/16
volumes:
- nextcloud-www:/var/www/html
# Nextcloud Db
nextcloud_db:
image: postgres
container_name: nextcloud_db
restart: unless-stopped
networks:
- nextcloud
environment:
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: password
volumes:
- nextcloud-db:/var/lib/postgresql/data
# Nextcloud Redis
nextcloud_redis:
image: redis
container_name: nextcloud_redis
restart: unless-stopped
networks:
- nextcloud
volumes:
- nextcloud-redis:/var/lib/redis
# Gogs
gogs:
image: gogs/gogs-rpi
container_name: gogs
restart: unless-stopped
networks:
- gogs
depends_on:
- gogs_db
labels:
traefik.enable: true
traefik.http.services.gogs.loadbalancer.server.port: 3000
traefik.http.routers.gogs.tls.certresolver: myresolver
traefik.http.routers.gogs.rule: Host(`git.mydomain.fr`)
environment:
# Postgres config
POSTGRES_HOST: gogs_db
POSTGRES_DB: gogs
POSTGRES_USER: gogs
POSTGRES_PASSWORD: password
volumes:
- gogs-data:/data
# Gogs database
gogs_db:
image: postgres
container_name: gogs_db
restart: unless-stopped
networks:
- gogs
environment:
POSTGRES_DB: gogs
POSTGRES_USER: gogs
POSTGRES_PASSWORD: password
volumes:
- gogs-db:/var/lib/postgresql/data
# Networks
networks:
nextcloud:
external: true
gogs:
external: true问题是:没有为我的网站生成证书。
我该怎么做呢?谢谢!
回答 1
Stack Overflow用户
发布于 2020-07-21 21:18:39
选项1:使用通配符..。
https://docs.traefik.io/https/acme/#wildcard-domains
备选方案2:多个证书.
制作多个证书解析器和证书文件(每个域1个),并在服务中使用这些文件。
services:
traefik:
command:
- "--certificatesresolvers.myresolver1.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver1.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver1.acme.email=myemail@email.email"
- "--certificatesresolvers.myresolver1.acme.storage=/letsencrypt/domain1.json"
- "--certificatesresolvers.myresolver2.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver2.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver2.acme.email=myemail@email.email"
- "--certificatesresolvers.myresolver2.acme.storage=/letsencrypt/domain2.json"
nextcloud:
labels:
traefik.http.routers.nextcloud.tls.certresolver: myresolver1
gogs:
labels:
traefik.http.routers.gogs.tls.certresolver: myresolver2页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/62383901
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号