使用 traefik 配置通配符证书并让我们加密?
Configure wildcard certificates with traefik and let's encrypt?
从 traefik 1.6.0 开始,应该可以使用 dns 质询从 Let's Encrypt 获取域的通配符证书。
使用下面的示例,您需要更改什么才能获得通配符证书?
# Enable ACME (Let's Encrypt): automatic SSL
[acme]
email = "test@traefik.io"
storage = "C:/etc/ssl/lets-encrypt.json"
entryPoint = "https"
acmeLogging = true
[acme.dnsChallenge]
provider = "cloudflare"
[[acme.domains]]
main = "domain.com"
sans = ["www.domain.com","sub.domain.com"]
您正在寻找的更改已在 2-3 天前在 traefik 中实现,并且可以找到文档@traefik.io v1.6 acme
根据您在问题中分享的内容,我看到您正在使用 CloudFare 作为提供者,并且来自与上面完全相同的配置 link,下面的配置属性也将包括在内:--
- CLOUDFLARE_EMAIL
- CLOUDFLARE_API_KEY - The Cloudflare Global API Key
needs to be used and not the Origin CA Key
添加那些配置属性并尝试生成通配符?
需要考虑的要点:
Wildcard domains Wildcard domain has to be defined as a main domain
with no SANs (alternative domains). All domains must have A/AAAA
records pointing to Træfik.
WARNING Note that Let's Encrypt has rate limiting.
"For the moment, we do not support wildcard certificates with/in SANs."
https://github.com/containous/traefik/pull/3063#issuecomment-376440741
我是这样工作的:
[acme]
email = "test@traefik.io"
storage = "C:/etc/ssl/lets-encrypt.json"
entryPoint = "https"
acmeLogging = true
[acme.dnsChallenge]
provider = "cloudflare"
[[acme.domains]]
main = "*.domain.com"
sans = ["domain.com"]
感谢@Farhan 为我指明了正确的方向。
从 traefik 1.6.0 开始,应该可以使用 dns 质询从 Let's Encrypt 获取域的通配符证书。
使用下面的示例,您需要更改什么才能获得通配符证书?
# Enable ACME (Let's Encrypt): automatic SSL
[acme]
email = "test@traefik.io"
storage = "C:/etc/ssl/lets-encrypt.json"
entryPoint = "https"
acmeLogging = true
[acme.dnsChallenge]
provider = "cloudflare"
[[acme.domains]]
main = "domain.com"
sans = ["www.domain.com","sub.domain.com"]
您正在寻找的更改已在 2-3 天前在 traefik 中实现,并且可以找到文档@traefik.io v1.6 acme
根据您在问题中分享的内容,我看到您正在使用 CloudFare 作为提供者,并且来自与上面完全相同的配置 link,下面的配置属性也将包括在内:--
- CLOUDFLARE_EMAIL
- CLOUDFLARE_API_KEY - The Cloudflare Global API Key needs to be used and not the Origin CA Key
添加那些配置属性并尝试生成通配符?
需要考虑的要点:
Wildcard domains Wildcard domain has to be defined as a main domain with no SANs (alternative domains). All domains must have A/AAAA records pointing to Træfik.
WARNING Note that Let's Encrypt has rate limiting.
"For the moment, we do not support wildcard certificates with/in SANs."
https://github.com/containous/traefik/pull/3063#issuecomment-376440741
我是这样工作的:
[acme]
email = "test@traefik.io"
storage = "C:/etc/ssl/lets-encrypt.json"
entryPoint = "https"
acmeLogging = true
[acme.dnsChallenge]
provider = "cloudflare"
[[acme.domains]]
main = "*.domain.com"
sans = ["domain.com"]
感谢@Farhan 为我指明了正确的方向。