Traefik v1.7 静态证书和动态acme证书
Traefix v1.7 static certificates and dynamic acme certificates
我在 docker 中以群模式使用 traefik:1.7.6-alpine。我需要指定静态ssl证书和其他自行管理的acme证书。
这是我在提起容器时遇到的错误:
time="2020-06-18T02:45:52Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
time="2020-06-18T02:45:52Z" level=error msg="Failed to read new account, ACME data conversion is not available : unexpected end of JSON input"
time="2020-06-18T02:45:52Z" level=error msg="Unable to add ACME provider to the providers list: unable to get ACME account : unexpected end of JSON input"
time="2020-06-18T02:45:52Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000288630 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006a45c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-06-18T02:45:52Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006a4560} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-06-18T02:45:52Z" level=info msg="Starting server on :443"
time="2020-06-18T02:45:52Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006a4580} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-06-18T02:45:52Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
time="2020-06-18T02:45:52Z" level=info msg="Starting server on :8080"
time="2020-06-18T02:45:52Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"arkaangel.com\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":false,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15}"
time="2020-06-18T02:45:52Z" level=info msg="Starting server on :80"
这是我的traefik.toml
debug = true
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/path/to/first/first.crt"
keyFile = "/path/to/first/first.key"
[[entryPoints.https.tls.certificates]]
certFile = "/path/to/second/second.crt"
keyFile = "/path/to/second/second.key"
[api]
dashboard = true
[api.statistics]
recentErrors = 10
[docker]
exposedbydefault = false
watch = true
domain = "mydomain.com"
[acme]
email = "myemail@gmail.com"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "third-site.com"
这就是我在 docker-compose 中挂载 acme.json 文件以保留生成的证书的方式:
volumes:
./traefik/acme/acme.json:/etc/traefik/acme/acme.json
acme.json 文件具有 600 权限和所有者 root:root .
除了显示的配置之外,我尝试过的无法生成证书的事情:
- 不映射 acme.json 文件而是映射父文件夹,以便 traefik 创建 acme.json 文件 (失败)
- 不要为 acme.json 映射任何卷,以便在删除容器时它会丢失。 (失败)
- 将文件 acme.json 的所有者更改为 myuser: myuser,因此容器中的用户 1000 显示为所有者 (失败)
我解决以下错误的方法:“无法读取新帐户,ACME 数据转换不可用:JSON 输入意外结束” ,正在文件 acme.json {}
中写入,显然在尝试读取空文件并将其解析为 json 时出现错误。
总结:
在要映射的主机上创建 acme.json 时,您必须执行以下操作:
touch acme.json
echo '{}'> acme.json
chmod 600 acme.json
我在 docker 中以群模式使用 traefik:1.7.6-alpine。我需要指定静态ssl证书和其他自行管理的acme证书。
这是我在提起容器时遇到的错误:
time="2020-06-18T02:45:52Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
time="2020-06-18T02:45:52Z" level=error msg="Failed to read new account, ACME data conversion is not available : unexpected end of JSON input"
time="2020-06-18T02:45:52Z" level=error msg="Unable to add ACME provider to the providers list: unable to get ACME account : unexpected end of JSON input"
time="2020-06-18T02:45:52Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000288630 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006a45c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-06-18T02:45:52Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006a4560} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-06-18T02:45:52Z" level=info msg="Starting server on :443"
time="2020-06-18T02:45:52Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006a4580} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-06-18T02:45:52Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
time="2020-06-18T02:45:52Z" level=info msg="Starting server on :8080"
time="2020-06-18T02:45:52Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"arkaangel.com\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":false,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15}"
time="2020-06-18T02:45:52Z" level=info msg="Starting server on :80"
这是我的traefik.toml
debug = true
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/path/to/first/first.crt"
keyFile = "/path/to/first/first.key"
[[entryPoints.https.tls.certificates]]
certFile = "/path/to/second/second.crt"
keyFile = "/path/to/second/second.key"
[api]
dashboard = true
[api.statistics]
recentErrors = 10
[docker]
exposedbydefault = false
watch = true
domain = "mydomain.com"
[acme]
email = "myemail@gmail.com"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "third-site.com"
这就是我在 docker-compose 中挂载 acme.json 文件以保留生成的证书的方式:
volumes:
./traefik/acme/acme.json:/etc/traefik/acme/acme.json
acme.json 文件具有 600 权限和所有者 root:root .
除了显示的配置之外,我尝试过的无法生成证书的事情:
- 不映射 acme.json 文件而是映射父文件夹,以便 traefik 创建 acme.json 文件 (失败)
- 不要为 acme.json 映射任何卷,以便在删除容器时它会丢失。 (失败)
- 将文件 acme.json 的所有者更改为 myuser: myuser,因此容器中的用户 1000 显示为所有者 (失败)
我解决以下错误的方法:“无法读取新帐户,ACME 数据转换不可用:JSON 输入意外结束” ,正在文件 acme.json {}
中写入,显然在尝试读取空文件并将其解析为 json 时出现错误。
总结: 在要映射的主机上创建 acme.json 时,您必须执行以下操作:
touch acme.json
echo '{}'> acme.json
chmod 600 acme.json