Traefik 和自签名 SSL

Zak*_*lwe 6 ssl openssl docker traefik

从新手到 Traefik 和 Docker。我已经使用以下方法准备了自签名证书:

openssl req -x509 -newkey rsa:4096 -keyout www.example.co.uk.key -out www.example.co.uk.crt-days 365
Run Code Online (Sandbox Code Playgroud)

在我的 traefik.toml 文件中,我有:

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    certFile = "certs/www.example.co.uk.crt"
    keyFile = "certs/www.example.co.uk.key"
Run Code Online (Sandbox Code Playgroud)

然而这会导致:

traefik          | time="2019-06-17T22:11:17Z" level=debug msg="Serving default cert for request: \"www.example.co.uk\""
traefik          | time="2019-06-17T22:11:17Z" level=debug msg="http: TLS handshake error from 172.20.0.1:57770: tls: no certificates configured"
Run Code Online (Sandbox Code Playgroud)

如果我省略证书定义,以便 traefik.toml 读取为:

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
  #  [[entryPoints.https.tls.certificates]]
  #  certFile = "certs/www.example.co.uk.crt"
  #  keyFile = "certs/www.example.co.uk.key"
Run Code Online (Sandbox Code Playgroud)

我得到了 Traefik 提供的虚拟证书,它效果很好,但我只是想弄清楚为什么我定义的证书没有被使用。

在我的 docker-compose.yml 中,我相信我已经安装了正确的卷:

volumes:
  - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
  - ./traefik.toml:/traefik.toml
  - /var/www/docker/certs:/certs
Run Code Online (Sandbox Code Playgroud)

证书位于certs/与我的docker-compose.ym文件和traefik.toml文件相关的位置。root 拥有的权限似乎也不错 -crt拥有 644 和key拥有 600。

如何使用自签名证书而不是 Traefiks 默认证书?

BMi*_*tch 7

可能是路径不匹配,特别是对于某些相对路径和其他绝对路径。在您的撰写文件中尝试以下操作(本地证书的相对路径):

volumes:
  - /var/run/docker.sock:/var/run/docker.sock
  - ./traefik.toml:/traefik.toml
  - ./certs:/certs
Run Code Online (Sandbox Code Playgroud)

然后切换到 toml 中的绝对路径(证书前导斜杠):

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
    [[entryPoints.https.tls.certificates]]
    certFile = "/certs/www.example.co.uk.crt"
    keyFile = "/certs/www.example.co.uk.key"
Run Code Online (Sandbox Code Playgroud)