Traefik和自签名SSL

Question

Noob到Traefik和Docker。我已经准备了一个自签名证书，使用：

openssl req -x509 -newkey rsa:4096 -keyout www.example.co.uk.key -out www.example.co.uk.crt-days 365

在我的traefik.toml文件中有：

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    certFile = "certs/www.example.co.uk.crt"
    keyFile = "certs/www.example.co.uk.key"

但是，这会导致：

traefik          | time="2019-06-17T22:11:17Z" level=debug msg="Serving default cert for request: \"www.example.co.uk\""
traefik          | time="2019-06-17T22:11:17Z" level=debug msg="http: TLS handshake error from 172.20.0.1:57770: tls: no certificates configured"

如果我省略证书定义，使traefik.toml读取为：

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
  #  [[entryPoints.https.tls.certificates]]
  #  certFile = "certs/www.example.co.uk.crt"
  #  keyFile = "certs/www.example.co.uk.key"

我得到了Traefik提供的虚拟证书，它工作得很好，但我只想弄清楚为什么我定义的证书没有被使用。

在我的docker-compose.yml中，我相信我已经挂载了正确的卷：

volumes:
  - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
  - ./traefik.toml:/traefik.toml
  - /var/www/docker/certs:/certs

证书驻留在相对于我的docker-compose.yml和traefik.toml文件的certs/。权限似乎也很好，都是根用户拥有的- crt拥有644，key拥有600。

如何使用自签名证书而不是Traefiks默认值？

Answer 1

可能是路径不匹配，特别是某些路径是相对路径，而其他路径是绝对路径。在合成文件中尝试执行以下操作(本地证书的相对路径)：

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - ./traefik.toml:/traefik.toml
  - ./certs:/certs

然后切换到toml中的绝对路径(证书上的前导斜杠)：

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    certFile = "/certs/www.example.co.uk.crt"
    keyFile = "/certs/www.example.co.uk.key"