[英]Traefik and self-signed SSL
從Noob到Traefik和Docker。 我已使用以下方法准備了自簽名證書:
openssl req -x509 -newkey rsa:4096 -keyout www.example.co.uk.key -out www.example.co.uk.crt-days 365
在我的traefik.toml文件中,我有:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "certs/www.example.co.uk.crt"
keyFile = "certs/www.example.co.uk.key"
但是,這導致:
traefik | time="2019-06-17T22:11:17Z" level=debug msg="Serving default cert for request: \"www.example.co.uk\""
traefik | time="2019-06-17T22:11:17Z" level=debug msg="http: TLS handshake error from 172.20.0.1:57770: tls: no certificates configured"
如果我省略證書定義,那么traefik.toml讀為:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# [[entryPoints.https.tls.certificates]]
# certFile = "certs/www.example.co.uk.crt"
# keyFile = "certs/www.example.co.uk.key"
我得到了Traefik提供的虛擬證書,並且效果很好,但是我只是想繞開為什么不使用我定義的證書的原因。
我相信在我的docker-compose.yml中已經安裝了正確的卷:
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik.toml:/traefik.toml
- /var/www/docker/certs:/certs
證書位於相對於我docker-compose.ym
l和traefik.toml
文件的certs/
。 權限似乎也很好,由root擁有crt
有644, key
有600。
如何使用自簽名證書代替Traefiks的默認證書?
可能是路徑不匹配,尤其是某些相對路徑和其他絕對路徑。 在撰寫文件中嘗試以下操作(本地證書的相對路徑):
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./certs:/certs
然后切換到toml中的絕對路徑(證書上的斜杠):
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/www.example.co.uk.crt"
keyFile = "/certs/www.example.co.uk.key"
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.