[英]Traefik and self-signed SSL
Noob to Traefik and Docker. 从Noob到Traefik和Docker。 I have prepared a self signed certiicate using:
我已使用以下方法准备了自签名证书:
openssl req -x509 -newkey rsa:4096 -keyout www.example.co.uk.key -out www.example.co.uk.crt-days 365
In my traefik.toml file I have: 在我的traefik.toml文件中,我有:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "certs/www.example.co.uk.crt"
keyFile = "certs/www.example.co.uk.key"
However this results in: 但是,这导致:
traefik | time="2019-06-17T22:11:17Z" level=debug msg="Serving default cert for request: \"www.example.co.uk\""
traefik | time="2019-06-17T22:11:17Z" level=debug msg="http: TLS handshake error from 172.20.0.1:57770: tls: no certificates configured"
If I omit the cert definitions so that traefik.toml reads as: 如果我省略证书定义,那么traefik.toml读为:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# [[entryPoints.https.tls.certificates]]
# certFile = "certs/www.example.co.uk.crt"
# keyFile = "certs/www.example.co.uk.key"
I get the dummy cert provided by Traefik and it works great but I just want to wrap my head around why my defined certs are not being used. 我得到了Traefik提供的虚拟证书,并且效果很好,但是我只是想绕开为什么不使用我定义的证书的原因。
In my docker-compose.yml I believe I have mounted the correct volume: 我相信在我的docker-compose.yml中已经安装了正确的卷:
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik.toml:/traefik.toml
- /var/www/docker/certs:/certs
And the certs reside at certs/
relative to my docker-compose.ym
l and traefik.toml
files. 证书位于相对于我
docker-compose.ym
l和traefik.toml
文件的certs/
。 Permissions seem good as well both owned by root - the crt
having 644 and key
having 600. 权限似乎也很好,由root拥有
crt
有644, key
有600。
How can I use a self-signed cert instead of Traefiks defaults? 如何使用自签名证书代替Traefiks的默认证书?
Probably a path mismatch, particularly with some paths relative and others absolute. 可能是路径不匹配,尤其是某些相对路径和其他绝对路径。 Try the following in your compose file (relative path to local certs):
在撰写文件中尝试以下操作(本地证书的相对路径):
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./certs:/certs
And then switch to an absolute path in the toml (leading slash on certs): 然后切换到toml中的绝对路径(证书上的斜杠):
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/www.example.co.uk.crt"
keyFile = "/certs/www.example.co.uk.key"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.