У меня проблемы с генерированием сертификата traefik после обновления с traefik 1 до 2. Я использую docker провайдеров и все настраиваю с помощью меток.
Вот ссылка на сертификат тест: https://check-your-website.server-daten.de/?q=staging.evopoints.co.za
Конфигурация stati c traefik.yml:
global:
checkNewVersion: true
sendAnonymousUsage: false
providers:
docker:
exposedByDefault: false
watch: true
entryPoints:
web-insecure:
address: ":80"
web-secure:
address: ":443"
transport:
lifeCycle:
requestAcceptGraceTimeout: 42
graceTimeOut: 42
respondingTimeouts:
readTimeout: 42
writeTimeout: 42
idleTimeout: 42
certificatesResolvers:
letsencrypt:
acme:
email: <private-email>
storage: acme.json
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
httpChallenge:
entryPoint: web-insecure
api:
insecure: true
dashboard: true
debug: true
log:
filePath: /mnt/logs/traefik/traefik.log
level: DEBUG
accessLog:
filePath: /mnt/logs/traefik/access.log
Вот соответствующие фрагменты из docker-compose.yml:
version: '3'
services:
webapp:
image: <private registry>
restart: always
volumes:
... snipped list of volumes ...
labels:
- "traefik.enable=true"
# Create a bunch of required middlewares
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
- "traefik.http.middlewares.www-redirect.redirectregex.regex=^https://evopoints.co.za/(.*)"
# Note: all dollar signs need to be doubled for escaping.
- "traefik.http.middlewares.www-redirect.redirectregex.replacement=https://staging.evopoints.co.za/$${1}"
- "traefik.http.middlewares.webapp.headers.customrequestheaders.http-x-forwarded-proto=https"
- "traefik.http.middlewares.webapp.headers.sslredirect=true"
- "traefik.http.middlewares.webapp.headers.sslforcehost=true"
- "traefik.http.middlewares.webapp.headers.sslhost=staging.evopoints.co.za"
# Insecure Entry
- "traefik.http.routers.webapp-insecure.entrypoints=web-insecure"
- "traefik.http.routers.webapp-insecure.rule=Host(`staging.evopoints.co.za`)"
- "traefik.http.routers.webapp-insecure.middlewares=https-redirect"
# Secure entry
- "traefik.http.routers.webapp.entrypoints=web-secure"
- "traefik.http.routers.webapp.rule=Host(`staging.evopoints.co.za`)"
- "traefik.http.routers.webapp.tls=true"
- "traefik.http.routers.webapp.tls.certresolver=letsencrypt"
- "traefik.http.routers.webapp.middlewares=webapp"
nginx:
image: <private_registry>
restart: always
volumes:
... snipped volumnes ...
labels:
- "traefik.enable=true"
- "traefik.http.services.nginx.loadbalancer.server.port=443"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.routers.nginx.entrypoints=web-secure"
- "traefik.http.routers.nginx.rule=Host(`staging.evopoints.co.za`) && (PathPrefix(`/static`, `/media`) || Path(`/service-worker.js`))"
traefik:
image: traefik:v2.1
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./resources/traefik/traefik.yml:/traefik.yml
- ./resources/traefik/acme.json:/acme.json
- ./logs/traefik:/mnt/logs/traefik