堆栈内存溢出
  繁体   English   中英

Traefik Docker 带通配符域

[英]Traefik Docker with wildcard domain

 原文  2019-03-17 03:11:53       docker/ wildcard/ lets-encrypt/ traefik

问题描述

我正在尝试使用 Let's Encrypt SSL 设置我的 Traefik Docker:

这是我的traefik.toml

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.dashboard]
    address = ":88"
    [entryPoints.dashboard.auth]
      [entryPoints.dashboard.auth.basic]
        users = ["admin:19081987"]
  [entryPoints.http]
    address = ":80"
      [entryPoints.http.redirect]
        entryPoint = "https"
  [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

[api]
entrypoint="dashboard"

[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false
  [acme.httpChallenge]
  entryPoint = "http"

[docker]
domain = "mysite.com"
watch = true
network = "web"

[[acme.domains]]
   main = "mysite.com"
[[acme.domains]]
   main = "*.mysite.com"

我的docker-compose文件与 WordPress 和管理员

version: '3.7'
services:
   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     volumes:
       - ./wordpress_files:/var/www/html
       - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
     restart: always
     networks:
       - web
     container_name: mysitewp
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: user
       WORDPRESS_DB_PASSWORD: pass
       WORDPRESS_DB_NAME: mysitedp
     labels:
       - "traefik.backend=mysitewp"
       - "traefik.docker.network=web"
       - "traefik.frontend.rule=Host:mysite.com"
       - "traefik.enable=true"
       - "traefik.port=80"

   db:
     image: mysql:5.7
     volumes:
       - ./db_data:/var/lib/mysql
     restart: always
     networks:
       - web
     container_name: mysitedb
     environment:
       MYSQL_ROOT_PASSWORD: pass
       MYSQL_DATABASE: mysitedb
       MYSQL_USER: user
       MYSQL_PASSWORD: pass

   adminer:
     image: adminer
     restart: always
     networks:
       - web
     ports:
       - 89:8080
     labels:
       - "traefik.backend=adminer"
       - "traefik.docker.network=web"
       - "hostname=adminer"
       - "traefik.frontend.rule=Host:adminer.mysite.com"
       - "traefik.enable=true"
       - "traefik.port=89"
     depends_on:
       - db

networks:
   web:
     external: true

除了Adminer(无法访问adminer.mysite.com )之外,一切正常(我可以使用https访问我的网站)。 我检查了 Traefik 日志

unable to generate a certificate for the domains

Traefik 似乎无法为通配符域 (*.mysite.com) 生成证书。 任何带有 Traefik 和 Let's Encrypt 的配置通配符域?

3 个解决方案

解决方案1
 1  2019-03-17 03:35:38

Let's Encrypt 的后通配符证书中所述,只能通过DNS-01质询生成。

https://docs.traefik.io/v1.7/configuration/acme/#wildcard-domains

解决方案2
 0  2019-03-17 05:04:54

根据docs ,您可以在手动模式下运行 traefik 并生成证书。

可以在配置文件中进行以下更改,

[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false

[acme.dnsChallenge]
  provider = "manual"

解决方案3
 0  2022-04-30 17:01:03

您可以在此 repo 上找到带有和不带有通配符的示例: https://github.com/TiBillet/Traefik-reverse-proxy

以 OVH 作为提供者和 DNS 挑战的示例:

version: "3.3"
services:
  traefik:
    image: "traefik:vacherin"
    container_name: "traefik"
    command:
      - --log.level=DEBUG
      - --api.insecure=true
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false

      - --entrypoints.web.address=:80
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https

      - --entrypoints.websecure.address=:443
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certResolver=letsencrypt

      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=60
      - --certificatesresolvers.letsencrypt.acme.email=me@pm.me
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
#      - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory

      - --entrypoints.websecure.http.tls.domains[0].main=domain.tech
      - --entrypoints.websecure.http.tls.domains[0].sans=*.domain.tech
    ports:
      - "80:80"
      - "443:443"
#      - "8080:8080"
    environment:
      - "OVH_ENDPOINT=ovh-eu" # ou "ovh-ca"
      - "OVH_APPLICATION_KEY=${OVH_APPLICATION_KEY}"
      - "OVH_APPLICATION_SECRET=${OVH_APPLICATION_SECRET}"
      - "OVH_CONSUMER_KEY=${OVH_CONSUMER_KEY}"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

    networks:
      - frontend

networks:
  frontend:
    external: true

和 web 服务:


version: "3.7"
services:
  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
      - traefik.enable=true
      - traefik.docker.network=frontend
      - traefik.http.routers.whoami.tls.certresolver=letsencrypt
      - traefik.http.routers.whoami.tls.domains[0].main=domain.tech
      - traefik.http.routers.whoami.tls.domains[0].sans=*.domain.tech

      - traefik.http.routers.whoami.rule=HostRegexp(`{sub:[a-zA-Z0-9-]+}.domain.tech`) || Host(`domain.tech`)
      - traefik.http.routers.whoami.entrypoints=websecure

    networks:
      - frontend

networks:
  frontend:
    external: true

您必须为 DNS 挑战赛生成凭证。 这将在您的域中添加一个 TXT 条目。 对于ovh,您可以按照以下步骤操作: https://medium.com/nephely/configure-traefik-for-the-dns-01-challenge-with-ovh-as-dns-provider-c737670c0434

对于法语: https://github.com/TiBillet/Traefik-reverse-proxy

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Docker Traefik 和 letencrypt 通配符 Fritzbox 拒绝使用 traefik / docker 的自定义域请求 Traefik 请求子域特定证书而不是通配符? Traefik在单个域上路由到已知和通配符子域 在 Docker Swarm 上的 Traefik v2 中使用通配符证书 Traefik Docker Swarm Unifi 设置无法从域访问 Traefik: http, https, ws, wss 在同一个域 (docker swarm) Traefik websocket secure (wss) 和 https 与 docker 在同一个域 docker-compose → 为链接容器设置通配符域名 Traefik允许自定义域
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM