Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Issues with Traefik v2.0 to use self signed certificate

I'm trying to setup docker with traefik to use self signed certificate on localhost

I'm am developing on my local machine and I want to use docker with traefik. The problem I'm having is that i can't get self signed certificate to work with my setup. I need someone to point me in the right direction!

The certificate shown in browser is always TRAEFIK DEFAULT CERT or a get 404 page not found when i enter my domain

My docker-compose.yaml

version: "3.7"

services:
    mariadb:
        image: wodby/mariadb:$MARIADB_TAG
        container_name: "${PROJECT_NAME}_mariadb"
        stop_grace_period: 30s
        environment:
            MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
            MYSQL_DATABASE: $DB_NAME
            MYSQL_USER: $DB_USER
            MYSQL_PASSWORD: $DB_PASSWORD
        ports:
            - 3306:3306
        volumes:
            #      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
            - mysql:/var/lib/mysql # I want to manage volumes manually.

    php:
        image: wodby/wordpress-php:$PHP_TAG
        container_name: "${PROJECT_NAME}_php"
        environment:
            PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
            DB_HOST: $DB_HOST
            DB_USER: $DB_USER
            DB_PASSWORD: $DB_PASSWORD
            DB_NAME: $DB_NAME
            PHP_FPM_USER: wodby
            PHP_FPM_GROUP: wodby
        ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
        #      PHP_XDEBUG: 1
        #      PHP_XDEBUG_DEFAULT_ENABLE: 1
        #      PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
        #      PHP_IDE_CONFIG: serverName=my-ide
        #      PHP_XDEBUG_IDEKEY: "my-ide"
        #      PHP_XDEBUG_REMOTE_HOST: 172.17.0.1 # Linux
        #      PHP_XDEBUG_REMOTE_HOST: 10.254.254.254 # macOS
        #      PHP_XDEBUG_REMOTE_HOST: 10.0.75.1 # Windows
        volumes:
            #        - ./app:/var/www/html
            ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
    #      - docker-sync:/var/www/html # Docker-sync
    ## For XHProf and Xdebug profiler traces
    #      - files:/mnt/files

    nginx:
        image: wodby/nginx:$NGINX_TAG
        container_name: "${PROJECT_NAME}_nginx"
        depends_on:
            - php
        environment:
            NGINX_STATIC_OPEN_FILE_CACHE: "off"
            NGINX_ERROR_LOG_LEVEL: debug
            NGINX_BACKEND_HOST: php
            NGINX_VHOST_PRESET: wordpress
            #NGINX_SERVER_ROOT: /var/www/html/subdir
        volumes:
            #    - ./app:/var/www/html
            # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
        #      - docker-sync:/var/www/html # Docker-sync
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_nginx.tls=true"
            # - "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certResolver=${PROJECT_BASE_URL}"

    mailhog:
        image: mailhog/mailhog
        container_name: "${PROJECT_NAME}_mailhog"
        labels:
            - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
            -"traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

    portainer:
        image: portainer/portainer
        container_name: "${PROJECT_NAME}_portainer"
        command: --no-auth -H unix:///var/run/docker.sock
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"

    traefik:
        image: traefik:v2.0
        container_name: "${PROJECT_NAME}_traefik"
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080" # Dashboard
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik:/etc/traefik
            - ./certs:/certs
volumes:
    mysql:
## Docker-sync for macOS users
#  docker-sync:
#    external: true
## For Xdebug profiler
#  files:

My traefik.yml

providers:
    file:
        filename: "/etc/traefik/config.yml"
    docker:
        endpoint: "unix:///var/run/docker.sock"

api:
    insecure: true

entryPoints:
    web:
        address: ":80"

    web-secure:
        address: ":443"

And my config.yml (I understands it that the config for the tls has to be in a separate file!?)

tls:
    certificates:
        - certFile: /certs/domain.test.crt
        - certKey: /certs/domain.test.key

like image 587
Daniel Glans Avatar asked Oct 16 '22 10:10

Daniel Glans


2 Answers

I have been battling with this for a bit now and I seem to have found the combination that gets it working, note, you do not need to have your TLS config in a separate file.

[provider]
  [provider.file]
    # This file
    filename = "/etc/traefik/traefik.toml"

[tls.stores.default.defaultCertificate]
  certFile = "/certs/mycert.crt"
  keyFile = "/certs/mycert.key"  
like image 65
fffnite Avatar answered Oct 21 '22 01:10

fffnite


I have now solved it. My final docker-compose.yml looks like this

Many thanks to @fffnite

version: "3.7"

services:
    mariadb:
        image: wodby/mariadb:$MARIADB_TAG
        container_name: "${PROJECT_NAME}_mariadb"
        stop_grace_period: 30s
        environment:
            MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
            MYSQL_DATABASE: $DB_NAME
            MYSQL_USER: $DB_USER
            MYSQL_PASSWORD: $DB_PASSWORD
        ports:
            - 3306:3306
        volumes:
            #      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
            - mysql:/var/lib/mysql # I want to manage volumes manually.

    php:
        image: wodby/wordpress-php:$PHP_TAG
        container_name: "${PROJECT_NAME}_php"
        environment:
            PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
            DB_HOST: $DB_HOST
            DB_USER: $DB_USER
            DB_PASSWORD: $DB_PASSWORD
            DB_NAME: $DB_NAME
            PHP_FPM_USER: wodby
            PHP_FPM_GROUP: wodby
        ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
        #      PHP_XDEBUG: 1
        #      PHP_XDEBUG_DEFAULT_ENABLE: 1
        #      PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
        #      PHP_IDE_CONFIG: serverName=my-ide
        #      PHP_XDEBUG_IDEKEY: "my-ide"
        #      PHP_XDEBUG_REMOTE_HOST: 172.17.0.1 # Linux
        #      PHP_XDEBUG_REMOTE_HOST: 10.254.254.254 # macOS
        #      PHP_XDEBUG_REMOTE_HOST: 10.0.75.1 # Windows
        volumes:
            #        - ./app:/var/www/html
            ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
    #      - docker-sync:/var/www/html # Docker-sync
    ## For XHProf and Xdebug profiler traces
    #      - files:/mnt/files

    nginx:
        image: wodby/nginx:$NGINX_TAG
        container_name: "${PROJECT_NAME}_nginx"
        depends_on:
            - php
        environment:
            NGINX_STATIC_OPEN_FILE_CACHE: "off"
            NGINX_ERROR_LOG_LEVEL: debug
            NGINX_BACKEND_HOST: php
            NGINX_VHOST_PRESET: wordpress
            #NGINX_SERVER_ROOT: /var/www/html/subdir
        volumes:
            #    - ./app:/var/www/html
            # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
        #      - docker-sync:/var/www/html # Docker-sync
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=web"
            - "traefik.http.middlewares.${PROJECT_NAME}_https_nginx.redirectscheme.scheme=https"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.entrypoints=web-secure"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.tls=true"

    mailhog:
        image: mailhog/mailhog
        container_name: "${PROJECT_NAME}_mailhog"
        labels:
            - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
            - "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

    portainer:
        image: portainer/portainer
        container_name: "${PROJECT_NAME}_portainer"
        command: --no-auth -H unix:///var/run/docker.sock
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"

    traefik:
        image: traefik:v2.0
        container_name: "${PROJECT_NAME}_traefik"
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080" # Dashboard
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik:/etc/traefik
            - ./certs:/certs
volumes:
    mysql:
## Docker-sync for macOS users
#  docker-sync:
#    external: true
## For Xdebug profiler
#  files:

like image 1
Daniel Glans Avatar answered Oct 21 '22 02:10

Daniel Glans