Traefik Docker 帶通配符域
[英]Traefik Docker with wildcard domain
問題描述
我正在嘗試使用 Let's Encrypt SSL 設置我的 Traefik Docker:
這是我的traefik.toml
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":88"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["admin:19081987"]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false
[acme.httpChallenge]
entryPoint = "http"
[docker]
domain = "mysite.com"
watch = true
network = "web"
[[acme.domains]]
main = "mysite.com"
[[acme.domains]]
main = "*.mysite.com"
我的docker-compose文件與 WordPress 和管理員
version: '3.7'
services:
wordpress:
depends_on:
- db
image: wordpress:latest
volumes:
- ./wordpress_files:/var/www/html
- ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
restart: always
networks:
- web
container_name: mysitewp
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: user
WORDPRESS_DB_PASSWORD: pass
WORDPRESS_DB_NAME: mysitedp
labels:
- "traefik.backend=mysitewp"
- "traefik.docker.network=web"
- "traefik.frontend.rule=Host:mysite.com"
- "traefik.enable=true"
- "traefik.port=80"
db:
image: mysql:5.7
volumes:
- ./db_data:/var/lib/mysql
restart: always
networks:
- web
container_name: mysitedb
environment:
MYSQL_ROOT_PASSWORD: pass
MYSQL_DATABASE: mysitedb
MYSQL_USER: user
MYSQL_PASSWORD: pass
adminer:
image: adminer
restart: always
networks:
- web
ports:
- 89:8080
labels:
- "traefik.backend=adminer"
- "traefik.docker.network=web"
- "hostname=adminer"
- "traefik.frontend.rule=Host:adminer.mysite.com"
- "traefik.enable=true"
- "traefik.port=89"
depends_on:
- db
networks:
web:
external: true
除了Adminer(無法訪問adminer.mysite.com )之外,一切正常(我可以使用https訪問我的網站)。 我檢查了 Traefik 日志
unable to generate a certificate for the domains
Traefik 似乎無法為通配符域 (*.mysite.com) 生成證書。 任何帶有 Traefik 和 Let's Encrypt 的配置通配符域?
3 個解決方案
解決方案1
1 2019-03-17 03:35:38
解決方案2
0 2019-03-17 05:04:54
根據docs ,您可以在手動模式下運行 traefik 並生成證書。
可以在配置文件中進行以下更改,
[acme]
email = "myemail@gmail.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = false
[acme.dnsChallenge]
provider = "manual"
解決方案3
0 2022-04-30 17:01:03
您可以在此 repo 上找到帶有和不帶有通配符的示例: https://github.com/TiBillet/Traefik-reverse-proxy
以 OVH 作為提供者和 DNS 挑戰的示例:
version: "3.3"
services:
traefik:
image: "traefik:vacherin"
container_name: "traefik"
command:
- --log.level=DEBUG
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entrypoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls=true
- --entrypoints.websecure.http.tls.certResolver=letsencrypt
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=ovh
- --certificatesresolvers.letsencrypt.acme.dnschallenge.delayBeforeCheck=60
- --certificatesresolvers.letsencrypt.acme.email=me@pm.me
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
# - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --entrypoints.websecure.http.tls.domains[0].main=domain.tech
- --entrypoints.websecure.http.tls.domains[0].sans=*.domain.tech
ports:
- "80:80"
- "443:443"
# - "8080:8080"
environment:
- "OVH_ENDPOINT=ovh-eu" # ou "ovh-ca"
- "OVH_APPLICATION_KEY=${OVH_APPLICATION_KEY}"
- "OVH_APPLICATION_SECRET=${OVH_APPLICATION_SECRET}"
- "OVH_CONSUMER_KEY=${OVH_CONSUMER_KEY}"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- frontend
networks:
frontend:
external: true
和 web 服務:
version: "3.7"
services:
whoami:
image: "traefik/whoami"
container_name: "simple-service"
- traefik.enable=true
- traefik.docker.network=frontend
- traefik.http.routers.whoami.tls.certresolver=letsencrypt
- traefik.http.routers.whoami.tls.domains[0].main=domain.tech
- traefik.http.routers.whoami.tls.domains[0].sans=*.domain.tech
- traefik.http.routers.whoami.rule=HostRegexp(`{sub:[a-zA-Z0-9-]+}.domain.tech`) || Host(`domain.tech`)
- traefik.http.routers.whoami.entrypoints=websecure
networks:
- frontend
networks:
frontend:
external: true
您必須為 DNS 挑戰賽生成憑證。 這將在您的域中添加一個 TXT 條目。 對於ovh,您可以按照以下步驟操作: https://medium.com/nephely/configure-traefik-for-the-dns-01-challenge-with-ovh-as-dns-provider-c737670c0434
Fritzbox 拒絕使用 traefik / docker 的自定義域請求
[英]Fritzbox refuses request for custom domain with traefik / docker
Traefik Docker Swarm Unifi 設置無法從域訪問
[英]Traefik Docker Swarm Unifi setup does is not reachable from domain
Traefik: http, https, ws, wss 在同一個域 (docker swarm)
[英]Traefik: http, https, ws, wss on same domain (docker swarm)
Traefik websocket secure (wss) 和 https 與 docker 在同一個域
[英]Traefik websocket secure ( wss ) and https on the same domain with docker
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
Docker Traefik 和 letencrypt 通配符
Fritzbox 拒絕使用 traefik / docker 的自定義域請求
Traefik 請求子域特定證書而不是通配符?
Traefik在單個域上路由到已知和通配符子域
在 Docker Swarm 上的 Traefik v2 中使用通配符證書
Traefik Docker Swarm Unifi 設置無法從域訪問
Traefik: http, https, ws, wss 在同一個域 (docker swarm)
Traefik websocket secure (wss) 和 https 與 docker 在同一個域
docker-compose → 為鏈接容器設置通配符域名
Traefik允許自定義域
相關標簽