为什么 traefik acme 生成的证书被标记为 "Not Secure"?
why are traefik acme generated certificate flagged as "Not Secure"?
我正在尝试使用 traefik 启动应用程序。我用 swarm 设置了多个容器。我可以在浏览器中访问它们,但网站被标记为不安全。我尝试删除 acme.json 并重新生成 ssl 证书,但它没有任何改变。
据我了解,使用 ACME,证书是在启动时生成的。但是现在,正如我所见,它的行为就像是自签名证书 "Fake LE Intermediate X1"
这是我的配置:
logLevel="DEBUG"
debug=true
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
address=":8080"
[docker]
endpoint="unix://var/run/docker.sock"
domain = "4yourfinance.com"
watch=true
swarmMode=true
exposedByDefault = false
[acme]
email = "serviceplatform@myfeelix.de"
storage = "/etc/traefik/acme/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "4yourfinance.com"
sans = ["nginx.4yourfinance.com", "api-wl.4yourfinance.com"]
还有我的docker撰写
version: "3.3"
services:
traefik:
image: traefik
ports:
- 80:80
- 8080:8080
- 443:443
networks:
- traefik-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./acme:/etc/traefik/acme
configs:
- source: traefik-config
target: /etc/traefik/traefik.toml
deploy:
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx2:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=nginx2"
- "traefik.port=80"
- "traefik.frontend.rule=Host:4yourfinance.com"
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=nginx"
- "traefik.port=80"
- "traefik.frontend.rule=Host:nginx.4yourfinance.com"
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx3:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=api-wl"
- "traefik.port=80"
- "traefik.frontend.rule=Host:api-wl.4yourfinance.com"
placement:
constraints: [engine.labels.com.role == client-feelix]
networks:
traefik-net:
external:
name: traefik-net
configs:
traefik-config:
file: config2.toml
我使用的是暂存 caServer 而不是生产。我还必须设置其他域:
用
替换 caServer
caServer = "https://acme-v02.api.letsencrypt.org/directory"
并添加域:
[[acme.domains]]
main = "4yourfinance.com"
[[acme.domains]]
main = "nginx.4yourfinance.com"
我正在尝试使用 traefik 启动应用程序。我用 swarm 设置了多个容器。我可以在浏览器中访问它们,但网站被标记为不安全。我尝试删除 acme.json 并重新生成 ssl 证书,但它没有任何改变。
据我了解,使用 ACME,证书是在启动时生成的。但是现在,正如我所见,它的行为就像是自签名证书 "Fake LE Intermediate X1"
这是我的配置:
logLevel="DEBUG"
debug=true
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
address=":8080"
[docker]
endpoint="unix://var/run/docker.sock"
domain = "4yourfinance.com"
watch=true
swarmMode=true
exposedByDefault = false
[acme]
email = "serviceplatform@myfeelix.de"
storage = "/etc/traefik/acme/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "4yourfinance.com"
sans = ["nginx.4yourfinance.com", "api-wl.4yourfinance.com"]
还有我的docker撰写
version: "3.3"
services:
traefik:
image: traefik
ports:
- 80:80
- 8080:8080
- 443:443
networks:
- traefik-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./acme:/etc/traefik/acme
configs:
- source: traefik-config
target: /etc/traefik/traefik.toml
deploy:
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx2:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=nginx2"
- "traefik.port=80"
- "traefik.frontend.rule=Host:4yourfinance.com"
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=nginx"
- "traefik.port=80"
- "traefik.frontend.rule=Host:nginx.4yourfinance.com"
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx3:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=api-wl"
- "traefik.port=80"
- "traefik.frontend.rule=Host:api-wl.4yourfinance.com"
placement:
constraints: [engine.labels.com.role == client-feelix]
networks:
traefik-net:
external:
name: traefik-net
configs:
traefik-config:
file: config2.toml
我使用的是暂存 caServer 而不是生产。我还必须设置其他域: 用
替换 caServercaServer = "https://acme-v02.api.letsencrypt.org/directory"
并添加域:
[[acme.domains]]
main = "4yourfinance.com"
[[acme.domains]]
main = "nginx.4yourfinance.com"