Traefik 2.2 无法获取 letsencrypt 证书
Traefik 2.2 unable to get letsencrypt certificate
我有一个带有 MongoDB 容器、python 后端服务和 portainer 的应用程序。 Traefik 用于路由到 portainer 和后端(一个 API 端点)。路由工作完美。但是,我想使用 SSL,但是 Traefik 2.2 没有获取 LetsEncrypt 证书。
Dockerfile(我正在打包一个容器,做一个acme.json的chmod)
FROM traefik:v2.2
COPY traefik /etc/traefik
RUN chmod 600 /etc/traefik/acme.json
docker-compose.yml:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml:
[log]
level = "DEBUG"
[providers]
[providers.docker]
exposedByDefault = false
[providers.file]
directory = "/etc/traefik/dynamic"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[certificatesResolvers.lets-encrypt.acme]
storage = "/etc/traefik/acme.json"
email = "bla@mydomain.com"
[certificatesResolvers.lets-encrypt.acme.tlsChallenge]
/etc/traefik/dynamic/force-https.toml:
[http.routers]
[http.routers.force-https]
entryPoints = ["http"]
middlewares = ["force-https"]
rule = "HostRegexp(`{any:.+}`)"
service = "noop"
[http.middlewares]
[http.middlewares.force-https.redirectScheme]
scheme = "https"
[http.services]
[http.services.noop.loadBalancer]
我在日志中没有看到任何错误。但是我在浏览器中得到这个:
ea351828037eb97754d6ed00d36a2108.e645b5289e7388055e4ecd78af554f8.traefik.default.
Fehlercode: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
有什么我遗漏的吗?
我自己想出来的。我必须将其添加到每个服务的 docker-compose 文件中:
traefik.http.routers.fiverr-autocompletion.tls.domains[0].main=app.mydomain.com
正确的 docker-compose 看起来像这样:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml:
我有一个带有 MongoDB 容器、python 后端服务和 portainer 的应用程序。 Traefik 用于路由到 portainer 和后端(一个 API 端点)。路由工作完美。但是,我想使用 SSL,但是 Traefik 2.2 没有获取 LetsEncrypt 证书。
Dockerfile(我正在打包一个容器,做一个acme.json的chmod)
FROM traefik:v2.2
COPY traefik /etc/traefik
RUN chmod 600 /etc/traefik/acme.json
docker-compose.yml:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml:
[log]
level = "DEBUG"
[providers]
[providers.docker]
exposedByDefault = false
[providers.file]
directory = "/etc/traefik/dynamic"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[certificatesResolvers.lets-encrypt.acme]
storage = "/etc/traefik/acme.json"
email = "bla@mydomain.com"
[certificatesResolvers.lets-encrypt.acme.tlsChallenge]
/etc/traefik/dynamic/force-https.toml:
[http.routers]
[http.routers.force-https]
entryPoints = ["http"]
middlewares = ["force-https"]
rule = "HostRegexp(`{any:.+}`)"
service = "noop"
[http.middlewares]
[http.middlewares.force-https.redirectScheme]
scheme = "https"
[http.services]
[http.services.noop.loadBalancer]
我在日志中没有看到任何错误。但是我在浏览器中得到这个:
ea351828037eb97754d6ed00d36a2108.e645b5289e7388055e4ecd78af554f8.traefik.default.
Fehlercode: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
有什么我遗漏的吗?
我自己想出来的。我必须将其添加到每个服务的 docker-compose 文件中:
traefik.http.routers.fiverr-autocompletion.tls.domains[0].main=app.mydomain.com
正确的 docker-compose 看起来像这样:
version: "3.3"
services:
backend:
image: registry.gitlab.com/uuuu/backend:latest
container_name: backend
ports:
- 5000
environment:
- CONNECTOR=$CONNECTOR
- CONNECTOR_MAX_WORKERS=$CONNECTOR_MAX_WORKERS
- LOGLEVEL=$LOGLEVEL
- MONGODB_URI=mongodb://scraper-db/blubb
depends_on:
- db
labels:
- 'traefik.enable=true'
- 'traefik.http.routers.backend.rule=Host(`app.mydomain.com`)'
- 'traefik.http.routers.backend.rule=PathPrefix(`/api/bla/`)'
- 'traefik.http.routers.backend.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.backend.tls=true'
- 'traefik.http.routers.backend.tls.certresolver=lets-encrypt'
- "traefik.http.routers.backend.middlewares=autocompletionreplacer"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.regex=^/api/bla/(.*)"
- "traefik.http.middlewares.autocompletionreplacer.replacepathregex.replacement=/$"
portainer:
image: portainer/portainer:latest
container_name: portainer
ports:
- 9000
volumes:
- /etc/localtime:/etc/localtime
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=Host(`app.mydomain.com`)"
- 'traefik.http.routers.portainer.rule=PathPrefix(`/portainer/`)'
- 'traefik.http.routers.portainer.tls.domains[0].main=app.mydomain.com'
- 'traefik.http.routers.portainer.tls=true'
- 'traefik.http.routers.portainer.tls.certresolver=lets-encrypt'
- "traefik.http.routers.portainer.middlewares=portainerreplacer"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.regex=^/portainer/(.*)"
- "traefik.http.middlewares.portainerreplacer.replacepathregex.replacement=/$"
proxy:
image: my-proxy:latest
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- ./traefik:/etc/traefik:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
build: .
db:
image: mongo:3.7
container_name: db
ports:
- 27017
/etc/traefik/traefik.toml: