让我们用 Traefik 加密

Let's Encrypt with Traefik

我尝试使用 Let's Encrypt with Traefik,但这里是 Traefik 的日志:

Looking for provided certificate to validate [rancher.foo.bar]...
No provided certificate found for domains [rancher.foo.bar], get ACME certificate.
Looking for an existing ACME challenge for rancher.foo.bar...
No certificate found or generated for rancher.foo.bar
http2: server: error reading preface from client 1.2.3.4:60876: remote error: tls: unknown certificate authority

这是我的配置:

traefikLogsFile = "/tmp/traefik.log"
logLevel = "DEBUG" # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
[accessLog]
filePath = "/tmp/access.log"


[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
email = "foo@foo.bar"
storage = "/tmp/acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"


[api]
entryPoint = "traefik"
dashboard = true


[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "foo.bar"
watch = true
exposedbydefault = true
usebindportip = true
swarmmode = false

Traefik 提供商:

{
  "docker": {
    "backends": {
      "backend-rancher": {
        "servers": {
          "server-rancher": {
            "url": "http://172.17.0.3:8080",
            "weight": 0
          }
        },
        "loadBalancer": {
          "method": "wrr"
        }
      }
    },
    "frontends": {
      "frontend-Host-rancher-foo-bar-0": {
        "entryPoints": [
          "http"
        ],
        "backend": "backend-rancher",
        "routes": {
          "route-frontend-Host-rancher-foo-bar-0": {
            "rule": "Host:rancher.foo.bar"
          }
        },
        "passHostHeader": true,
        "priority": 0,
        "basicAuth": []
      }
    }
  }
}

怎么了?
谢谢

你能补充一下吗:

defaultEntryPoints = ["http", "https"]

在您的 TOML 文件的顶部。

您使用 onHostRule,这将从 Let's Encrypt 为每个具有主机规则的前端请求证书。但是您需要将前端分配给 ACME 的 TLS 入口点。 (此处 https)。

因此,在您的 docker 标签中,您需要在 frontend.entrypoint 上添加 https