Traefik 配置示例混合 Let's Encrypt 和购买的证书
Traefik Configuration Example Mixing Let's Encrypt and Purchased Certs
对于 Traefik,我只想对一些新的特定前端主机规则使用 Let's Encrypt,因为我已经为一些现有的前端主机规则使用了购买的证书。这是我现有的工作示例 traefik.toml,没有 Let's Encrypt [acme] 配置:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/certs/myhost.tld.crt"
keyFile = "/etc/traefik/certs/myhost.tld.key"
据我了解here OnHostRule = true 适用于所有主机规则。
是否有 Traefik 配置示例说明如何对特定主机使用 Let's Encrypt 而不是使用已购买证书的主机?
您可以将 HTTPS 与 SNI(服务器名称指示)结合使用,将特定的 SSL 证书分配给特定的域或子域。
您可以从下面的官方文档 link 中找到 HTTPS + SNI 配置的示例。
https://docs.traefik.io/user-guide/examples/#http-https-with-sni
编辑 1:
Is there an example Traefik configuration that shows how to use Let's Encrypt for specific hosts and not for hosts using already purchased certs?
你可以试试官方文档this section中的例子。它说它将仅为提供的证书无法检查的域生成让我们加密证书。
您也可以参考this link了解ACME let's encrypt配置的各个配置项的解释。
希望对您有所帮助。
假设您的目录和文件结构如下所示。
traefik
|-ssl
|-ca.key
|-ca_chain.crt
|-traefik.toml
|-acme.json
更新您的 traefik.toml
#traefik.toml
debug = true
defaultEntryPoints = ["http", "https"]
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/ssl/ca_chain.crt"
keyFile = "/etc/traefik/ssl/ca.key"
# Let's encrypt configuration
[acme]
email = "email@domain.com" #any email id will work
storage="/etc/traefik/acme.json"
entryPoint = "https"
acmeLogging=true
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
创建acme.json 文件
touch ./traefik/acme.json
chmod 600 .traefik/acme.json
使用以下命令创建容器:
docker run --network=traefik-network -p 80:80 -p 443:443 -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/traefik:/etc/traefik --name=traefik traefik:latest --api --docker
对于 Traefik,我只想对一些新的特定前端主机规则使用 Let's Encrypt,因为我已经为一些现有的前端主机规则使用了购买的证书。这是我现有的工作示例 traefik.toml,没有 Let's Encrypt [acme] 配置:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/certs/myhost.tld.crt"
keyFile = "/etc/traefik/certs/myhost.tld.key"
据我了解here OnHostRule = true 适用于所有主机规则。
是否有 Traefik 配置示例说明如何对特定主机使用 Let's Encrypt 而不是使用已购买证书的主机?
您可以将 HTTPS 与 SNI(服务器名称指示)结合使用,将特定的 SSL 证书分配给特定的域或子域。
您可以从下面的官方文档 link 中找到 HTTPS + SNI 配置的示例。
https://docs.traefik.io/user-guide/examples/#http-https-with-sni
编辑 1:
Is there an example Traefik configuration that shows how to use Let's Encrypt for specific hosts and not for hosts using already purchased certs?
你可以试试官方文档this section中的例子。它说它将仅为提供的证书无法检查的域生成让我们加密证书。
您也可以参考this link了解ACME let's encrypt配置的各个配置项的解释。
希望对您有所帮助。
假设您的目录和文件结构如下所示。
traefik
|-ssl
|-ca.key
|-ca_chain.crt
|-traefik.toml
|-acme.json
更新您的 traefik.toml
#traefik.toml
debug = true
defaultEntryPoints = ["http", "https"]
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/traefik/ssl/ca_chain.crt"
keyFile = "/etc/traefik/ssl/ca.key"
# Let's encrypt configuration
[acme]
email = "email@domain.com" #any email id will work
storage="/etc/traefik/acme.json"
entryPoint = "https"
acmeLogging=true
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
创建acme.json 文件
touch ./traefik/acme.json
chmod 600 .traefik/acme.json
使用以下命令创建容器:
docker run --network=traefik-network -p 80:80 -p 443:443 -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/traefik:/etc/traefik --name=traefik traefik:latest --api --docker