让我们用 Traefik 加密
Let's Encrypt with Traefik
我尝试使用 Let's Encrypt with Traefik,但这里是 Traefik 的日志:
Looking for provided certificate to validate [rancher.foo.bar]...
No provided certificate found for domains [rancher.foo.bar], get ACME certificate.
Looking for an existing ACME challenge for rancher.foo.bar...
No certificate found or generated for rancher.foo.bar
http2: server: error reading preface from client 1.2.3.4:60876: remote error: tls: unknown certificate authority
这是我的配置:
traefikLogsFile = "/tmp/traefik.log"
logLevel = "DEBUG" # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
[accessLog]
filePath = "/tmp/access.log"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
email = "foo@foo.bar"
storage = "/tmp/acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[api]
entryPoint = "traefik"
dashboard = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "foo.bar"
watch = true
exposedbydefault = true
usebindportip = true
swarmmode = false
Traefik 提供商:
{
"docker": {
"backends": {
"backend-rancher": {
"servers": {
"server-rancher": {
"url": "http://172.17.0.3:8080",
"weight": 0
}
},
"loadBalancer": {
"method": "wrr"
}
}
},
"frontends": {
"frontend-Host-rancher-foo-bar-0": {
"entryPoints": [
"http"
],
"backend": "backend-rancher",
"routes": {
"route-frontend-Host-rancher-foo-bar-0": {
"rule": "Host:rancher.foo.bar"
}
},
"passHostHeader": true,
"priority": 0,
"basicAuth": []
}
}
}
}
怎么了?
谢谢
你能补充一下吗:
defaultEntryPoints = ["http", "https"]
在您的 TOML 文件的顶部。
您使用 onHostRule,这将从 Let's Encrypt 为每个具有主机规则的前端请求证书。但是您需要将前端分配给 ACME 的 TLS 入口点。 (此处 https
)。
因此,在您的 docker 标签中,您需要在 frontend.entrypoint 上添加 https
。
我尝试使用 Let's Encrypt with Traefik,但这里是 Traefik 的日志:
Looking for provided certificate to validate [rancher.foo.bar]...
No provided certificate found for domains [rancher.foo.bar], get ACME certificate.
Looking for an existing ACME challenge for rancher.foo.bar...
No certificate found or generated for rancher.foo.bar
http2: server: error reading preface from client 1.2.3.4:60876: remote error: tls: unknown certificate authority
这是我的配置:
traefikLogsFile = "/tmp/traefik.log"
logLevel = "DEBUG" # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
[accessLog]
filePath = "/tmp/access.log"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
email = "foo@foo.bar"
storage = "/tmp/acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[api]
entryPoint = "traefik"
dashboard = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "foo.bar"
watch = true
exposedbydefault = true
usebindportip = true
swarmmode = false
Traefik 提供商:
{
"docker": {
"backends": {
"backend-rancher": {
"servers": {
"server-rancher": {
"url": "http://172.17.0.3:8080",
"weight": 0
}
},
"loadBalancer": {
"method": "wrr"
}
}
},
"frontends": {
"frontend-Host-rancher-foo-bar-0": {
"entryPoints": [
"http"
],
"backend": "backend-rancher",
"routes": {
"route-frontend-Host-rancher-foo-bar-0": {
"rule": "Host:rancher.foo.bar"
}
},
"passHostHeader": true,
"priority": 0,
"basicAuth": []
}
}
}
}
怎么了?
谢谢
你能补充一下吗:
defaultEntryPoints = ["http", "https"]
在您的 TOML 文件的顶部。
您使用 onHostRule,这将从 Let's Encrypt 为每个具有主机规则的前端请求证书。但是您需要将前端分配给 ACME 的 TLS 入口点。 (此处 https
)。
因此,在您的 docker 标签中,您需要在 frontend.entrypoint 上添加 https
。