Traefik 2.2无法获得让人加密的证书
Traefik 2.2无法获得让人加密的证书
提问于 2020-06-23 16:00:49
我有一个带有MongoDB容器、python后端服务和门户程序的应用程序。Traefik用于路由到portainer和后端(一个API端点)。路线运作得很好。但是,我想使用SSL,但是Traefik2.2不获取LetsEncrypt证书。
Dockerfile (我正在打包一个容器,以执行acme.json的chmod )
FROM traefik:v2.2
COPY traefik /etc/traefik
RUN chmod 600 /etc/traefik/acme.jsondocker-compose.yml:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$$1"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$$1"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017/etc/traefik/traefik.toml:
[log]
level = "DEBUG"
[providers]
[providers.docker]
exposedByDefault = false
[providers.file]
directory = "/etc/traefik/dynamic"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[certificatesResolvers.lets-encrypt.acme]
storage = "/etc/traefik/acme.json"
email = "bla@mydomain.com"
[certificatesResolvers.lets-encrypt.acme.tlsChallenge]/etc/traefik/dynamic/force-https.toml:
[http.routers]
[http.routers.force-https]
entryPoints = ["http"]
middlewares = ["force-https"]
rule = "HostRegexp(`{any:.+}`)"
service = "noop"
[http.middlewares]
[http.middlewares.force-https.redirectScheme]
scheme = "https"
[http.services]
[http.services.noop.loadBalancer]我看不出日志里有什么错误。不过,我在浏览器中得到了这样的信息:
ea351828037eb97754d6ed00d36a2108.e645b5289e7388055e4ecd78af554f8.traefik.default.
Fehlercode: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT我遗漏了什么吗?
回答 1
Stack Overflow用户
回答已采纳
发布于 2020-06-24 16:24:50
我自己想出来的。我必须为每个服务将其添加到docker-组合文件中:
traefik.http.routers.fiverr-autocompletion.tls.domains[0].main=app.mydomain.com正确的对接组合如下所示:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$$1"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$$1"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml:页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/62538954
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号