Problèmes avec Traefik v2.0 pour utiliser un certificat auto-signé

Question

J'essaie de configurer docker avec traefik pour utiliser un certificat auto-signé sur localhost

Je développe sur ma machine locale et je souhaite utiliser docker avec traefik. Le problème que j'ai est que je ne peux pas obtenir de certificat auto-signé pour travailler avec ma configuration. J'ai besoin que quelqu'un me pointe dans la bonne direction!

Le certificat affiché dans le navigateur est toujours TRAEFIK DEFAULT CERT ou une page get 404 introuvable lorsque j'entre dans mon domaine

Mon docker-compose.yaml

version: "3.7" services: mariadb: image: wodby/mariadb:$MARIADB_TAG container_name: "${PROJECT_NAME}_mariadb" stop_grace_period: 30s environment: MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD MYSQL_DATABASE: $DB_NAME MYSQL_USER: $DB_USER MYSQL_PASSWORD: $DB_PASSWORD ports: - 3306:3306 volumes: # - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here. - mysql:/var/lib/mysql # I want to manage volumes manually. php: image: wodby/wordpress-php:$PHP_TAG container_name: "${PROJECT_NAME}_php" environment: PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025 DB_Host: $DB_Host DB_USER: $DB_USER DB_PASSWORD: $DB_PASSWORD DB_NAME: $DB_NAME PHP_FPM_USER: wodby PHP_FPM_GROUP: wodby ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug # PHP_XDEBUG: 1 # PHP_XDEBUG_DEFAULT_ENABLE: 1 # PHP_XDEBUG_REMOTE_CONNECT_BACK: 0 # PHP_IDE_CONFIG: serverName=my-ide # PHP_XDEBUG_IDEKEY: "my-ide" # PHP_XDEBUG_REMOTE_Host: 172.17.0.1 # Linux # PHP_XDEBUG_REMOTE_Host: 10.254.254.254 # macOS # PHP_XDEBUG_REMOTE_Host: 10.0.75.1 # Windows volumes: # - ./app:/var/www/html ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac) - ./app:/var/www/html:cached # User-guided caching # - docker-sync:/var/www/html # Docker-sync ## For XHProf and Xdebug profiler traces # - files:/mnt/files nginx: image: wodby/nginx:$NGINX_TAG container_name: "${PROJECT_NAME}_nginx" depends_on: - php environment: NGINX_STATIC_OPEN_FILE_CACHE: "off" NGINX_ERROR_LOG_LEVEL: debug NGINX_BACKEND_Host: php NGINX_VHOST_PRESET: wordpress #NGINX_SERVER_ROOT: /var/www/html/subdir volumes: # - ./app:/var/www/html # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac) - ./app:/var/www/html:cached # User-guided caching # - docker-sync:/var/www/html # Docker-sync labels: - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)" - "traefik.http.routers.${PROJECT_NAME}_nginx.tls=true" # - "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certResolver=${PROJECT_BASE_URL}" mailhog: image: mailhog/mailhog container_name: "${PROJECT_NAME}_mailhog" labels: - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025" -"traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)" portainer: image: portainer/portainer container_name: "${PROJECT_NAME}_portainer" command: --no-auth -H unix:///var/run/docker.sock volumes: - /var/run/docker.sock:/var/run/docker.sock labels: - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)" traefik: image: traefik:v2.0 container_name: "${PROJECT_NAME}_traefik" ports: - "80:80" - "443:443" - "8080:8080" # Dashboard volumes: - /var/run/docker.sock:/var/run/docker.sock - ./traefik:/etc/traefik - ./certs:/certs volumes: mysql: ## Docker-sync for macOS users # docker-sync: # external: true ## For Xdebug profiler # files:

Mon traefik.yml

providers: file: filename: "/etc/traefik/config.yml" docker: endpoint: "unix:///var/run/docker.sock" api: insecure: true entryPoints: web: address: ":80" web-secure: address: ":443"

Et mon config.yml (je comprends que la config pour les tls doit être dans un fichier séparé !?)

tls: certificates: - certFile: /certs/domain.test.crt - certKey: /certs/domain.test.key

Daniel Glans · Accepted Answer

Je l'ai maintenant résolu. Mon docker-compose.yml final ressemble à ceci

Un grand merci à @fffnite

version: "3.7" services: mariadb: image: wodby/mariadb:$MARIADB_TAG container_name: "${PROJECT_NAME}_mariadb" stop_grace_period: 30s environment: MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD MYSQL_DATABASE: $DB_NAME MYSQL_USER: $DB_USER MYSQL_PASSWORD: $DB_PASSWORD ports: - 3306:3306 volumes: # - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here. - mysql:/var/lib/mysql # I want to manage volumes manually. php: image: wodby/wordpress-php:$PHP_TAG container_name: "${PROJECT_NAME}_php" environment: PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025 DB_Host: $DB_Host DB_USER: $DB_USER DB_PASSWORD: $DB_PASSWORD DB_NAME: $DB_NAME PHP_FPM_USER: wodby PHP_FPM_GROUP: wodby ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug # PHP_XDEBUG: 1 # PHP_XDEBUG_DEFAULT_ENABLE: 1 # PHP_XDEBUG_REMOTE_CONNECT_BACK: 0 # PHP_IDE_CONFIG: serverName=my-ide # PHP_XDEBUG_IDEKEY: "my-ide" # PHP_XDEBUG_REMOTE_Host: 172.17.0.1 # Linux # PHP_XDEBUG_REMOTE_Host: 10.254.254.254 # macOS # PHP_XDEBUG_REMOTE_Host: 10.0.75.1 # Windows volumes: # - ./app:/var/www/html ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac) - ./app:/var/www/html:cached # User-guided caching # - docker-sync:/var/www/html # Docker-sync ## For XHProf and Xdebug profiler traces # - files:/mnt/files nginx: image: wodby/nginx:$NGINX_TAG container_name: "${PROJECT_NAME}_nginx" depends_on: - php environment: NGINX_STATIC_OPEN_FILE_CACHE: "off" NGINX_ERROR_LOG_LEVEL: debug NGINX_BACKEND_Host: php NGINX_VHOST_PRESET: wordpress #NGINX_SERVER_ROOT: /var/www/html/subdir volumes: # - ./app:/var/www/html # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac) - ./app:/var/www/html:cached # User-guided caching # - docker-sync:/var/www/html # Docker-sync labels: - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)" - "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=web" - "traefik.http.middlewares.${PROJECT_NAME}_https_nginx.redirectscheme.scheme=https" - "traefik.http.routers.${PROJECT_NAME}_https_nginx.rule=Host(`${PROJECT_BASE_URL}`)" - "traefik.http.routers.${PROJECT_NAME}_https_nginx.entrypoints=web-secure" - "traefik.http.routers.${PROJECT_NAME}_https_nginx.tls=true" mailhog: image: mailhog/mailhog container_name: "${PROJECT_NAME}_mailhog" labels: - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025" - "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)" portainer: image: portainer/portainer container_name: "${PROJECT_NAME}_portainer" command: --no-auth -H unix:///var/run/docker.sock volumes: - /var/run/docker.sock:/var/run/docker.sock labels: - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)" traefik: image: traefik:v2.0 container_name: "${PROJECT_NAME}_traefik" ports: - "80:80" - "443:443" - "8080:8080" # Dashboard volumes: - /var/run/docker.sock:/var/run/docker.sock - ./traefik:/etc/traefik - ./certs:/certs volumes: mysql: ## Docker-sync for macOS users # docker-sync: # external: true ## For Xdebug profiler # files:

fffnite · Answer

Je me bats avec cela depuis un petit moment maintenant et je semble avoir trouvé la combinaison qui le fait fonctionner, notez, vous avez pas besoin d'avoir votre configuration TLS dans un fichier séparé.

[provider] [provider.file] # This file filename = "/etc/traefik/traefik.toml" [tls.stores.default.defaultCertificate] certFile = "/certs/mycert.crt" keyFile = "/certs/mycert.key"