[英]Traefik Docker with wildcard domain
我正在尝试使用 Let's Encrypt SSL 设置我的 Traefik Docker:
这是我的traefik.toml
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":88"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["admin:19081987"]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "mysite.com"
watch = true
network = "web"
[[acme.domains]]
main = "mysite.com"
[[acme.domains]]
main = "*.mysite.com"
我的docker-compose
文件与 WordPress 和管理员
version: '3.7'
services:
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- ./wordpress_files:/var/www/html
- ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
restart: always
networks:
- web
container_name: mysitewp
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: user
WORDPRESS_DB_PASSWORD: pass
WORDPRESS_DB_NAME: mysitedp
labels:
- "traefik.backend=mysitewp"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:mysite.com"
- "traefik.enable=true"
- "traefik.port=80"
db:
image: mysql:5.7
volumes:
- ./db_data:/var/lib/mysql
restart: always
networks:
- web
container_name: mysitedb
environment:
MYSQL_ROOT_PASSWORD: pass
MYSQL_DATABASE: mysitedb
MYSQL_USER: user
MYSQL_PASSWORD: pass
adminer:
image: adminer
restart: always
networks:
- web
ports:
- 89:8080
labels:
- "traefik.backend=adminer"
- "traefik.docker.network=web"
- "hostname=adminer"
- "traefik.frontend.rule=Host:adminer.mysite.com"
- "traefik.enable=true"
- "traefik.port=89"
depends_on:
- db
networks:
web:
external: true
除了Adminer(无法访问adminer.mysite.com
)之外,一切正常(我可以使用https访问我的网站)。 我检查了 Traefik 日志
unable to generate a certificate for the domains
Traefik 似乎无法为通配符域 (*.mysite.com) 生成证书。 任何带有 Traefik 和 Let's Encrypt 的配置通配符域?
根据docs ,您可以在手动模式下运行 traefik 并生成证书。
可以在配置文件中进行以下更改,
[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false
[acme.dnsChallenge]
provider = "manual"
您可以在此 repo 上找到带有和不带有通配符的示例: https://github.com/TiBillet/Traefik-reverse-proxy
以 OVH 作为提供者和 DNS 挑战的示例:
version: "3.3"
services:
traefik:
image: "traefik:vacherin"
container_name: "traefik"
command:
- --log.level=DEBUG
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh
- --certificatesresolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=60
- --certificatesresolvers.letsencrypt.acme.email=me@pm.me
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
# - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --entrypoints.websecure.http.tls.domains[0].main=domain.tech
- --entrypoints.websecure.http.tls.domains[0].sans=*.domain.tech
ports:
- "80:80"
- "443:443"
# - "8080:8080"
environment:
- "OVH_ENDPOINT=ovh-eu" # ou "ovh-ca"
- "OVH_APPLICATION_KEY=${OVH_APPLICATION_KEY}"
- "OVH_APPLICATION_SECRET=${OVH_APPLICATION_SECRET}"
- "OVH_CONSUMER_KEY=${OVH_CONSUMER_KEY}"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- frontend
networks:
frontend:
external: true
和 web 服务:
version: "3.7"
services:
whoami:
image: "traefik/whoami"
container_name: "simple-service"
- traefik.enable=true
- traefik.docker.network=frontend
- traefik.http.routers.whoami.tls.certresolver=letsencrypt
- traefik.http.routers.whoami.tls.domains[0].main=domain.tech
- traefik.http.routers.whoami.tls.domains[0].sans=*.domain.tech
- traefik.http.routers.whoami.rule=HostRegexp(`{sub:[a-zA-Z0-9-]+}.domain.tech`) || Host(`domain.tech`)
- traefik.http.routers.whoami.entrypoints=websecure
networks:
- frontend
networks:
frontend:
external: true
您必须为 DNS 挑战赛生成凭证。 这将在您的域中添加一个 TXT 条目。 对于ovh,您可以按照以下步骤操作: https://medium.com/nephely/configure-traefik-for-the-dns-01-challenge-with-ovh-as-dns-provider-c737670c0434
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.