堆栈内存溢出
  简体   繁体   English

Traefik和自签名SSL

[英]Traefik and self-signed SSL

 原文  2019-06-17 22:25:18       docker/ ssl/ openssl/ traefik

问题描述

Noob to Traefik and Docker. 从Noob到Traefik和Docker。 I have prepared a self signed certiicate using: 我已使用以下方法准备了自签名证书: 

openssl req -x509 -newkey rsa:4096 -keyout www.example.co.uk.key -out www.example.co.uk.crt-days 365

In my traefik.toml file I have: 在我的traefik.toml文件中,我有: 

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    certFile = "certs/www.example.co.uk.crt"
    keyFile = "certs/www.example.co.uk.key"

However this results in: 但是,这导致: 

traefik          | time="2019-06-17T22:11:17Z" level=debug msg="Serving default cert for request: \"www.example.co.uk\""
traefik          | time="2019-06-17T22:11:17Z" level=debug msg="http: TLS handshake error from 172.20.0.1:57770: tls: no certificates configured"

If I omit the cert definitions so that traefik.toml reads as: 如果我省略证书定义,那么traefik.toml读为: 

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
  #  [[entryPoints.https.tls.certificates]]
  #  certFile = "certs/www.example.co.uk.crt"
  #  keyFile = "certs/www.example.co.uk.key"

I get the dummy cert provided by Traefik and it works great but I just want to wrap my head around why my defined certs are not being used. 我得到了Traefik提供的虚拟证书,并且效果很好,但是我只是想绕开为什么不使用我定义的证书的原因。

In my docker-compose.yml I believe I have mounted the correct volume: 我相信在我的docker-compose.yml中已经安装了正确的卷: 

volumes:
  - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
  - ./traefik.toml:/traefik.toml
  - /var/www/docker/certs:/certs

And the certs reside at certs/ relative to my docker-compose.ym l and traefik.toml files. 证书位于相对于我docker-compose.ym l和traefik.toml文件的certs/ Permissions seem good as well both owned by root - the crt having 644 and key having 600. 权限似乎也很好,由root拥有crt有644, key有600。

How can I use a self-signed cert instead of Traefiks defaults? 如何使用自签名证书代替Traefiks的默认证书?

1 个解决方案

解决方案1
 1 已采纳  2019-06-17 22:50:05

Probably a path mismatch, particularly with some paths relative and others absolute. 可能是路径不匹配,尤其是某些相对路径和其他绝对路径。 Try the following in your compose file (relative path to local certs): 在撰写文件中尝试以下操作(本地证书的相对路径): 

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - ./traefik.toml:/traefik.toml
  - ./certs:/certs

And then switch to an absolute path in the toml (leading slash on certs): 然后切换到toml中的绝对路径(证书上的斜杠): 

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    certFile = "/certs/www.example.co.uk.crt"
    keyFile = "/certs/www.example.co.uk.key"

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有自签名证书的 Traefik - Traefik with self-signed certificate 如何在 docker-compose 文件中引用 traefik v2 的自签名 SSL 证书? - How do I reference a self-signed SSL certificates for traefik v2 in a docker-compose file? 对部署映像使用自签名SSL证书 - Using self-signed SSL certificate for deployment images JBoss/Keycloak 服务器:更新自签名服务器 SSL 证书 - JBoss/Keycloak Server: Update self-signed Server SSl certificate 如何配置 Docker for Windows 以接受自签名 SSL? - How to configure Docker for Windows to accept a self-signed SSL? Python 请求不查看 /etc/ssl/certs 以获取自签名证书 - Python requests not looking into /etc/ssl/certs for self-signed certificates Traefik 自签名证书 - Traefik Self Signed Certificate 使用Docker设置自签名SSL反向代理时无法在Laravel项目中加载资产 - Can't load assets in Laravel project when setting up a self-signed SSL reverse proxy with Docker docker 在忽略 TLS 未授权 0 后仍然返回自签名 SSL 证书错误 - docker still return self-signed SSL cert error after ignore the TLS unauthorized 0 将自签名 ssl 证书添加到 gcp 容器化 .net core web vm 实例 - Add self-signed ssl certificate to gcp containerized .net core web vm instance
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM