I'm trying to setup docker with traefik to use self signed certificate on localhost
I'm am developing on my local machine and I want to use docker with traefik. The problem I'm having is that i can't get self signed certificate to work with my setup. I need someone to point me in the right direction!
The certificate shown in browser is always TRAEFIK DEFAULT CERT or a get 404 page not found when i enter my domain
My docker-compose.yaml
version: "3.7"
services:
mariadb:
image: wodby/mariadb:$MARIADB_TAG
container_name: "${PROJECT_NAME}_mariadb"
stop_grace_period: 30s
environment:
MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
MYSQL_DATABASE: $DB_NAME
MYSQL_USER: $DB_USER
MYSQL_PASSWORD: $DB_PASSWORD
ports:
- 3306:3306
volumes:
# - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
- mysql:/var/lib/mysql # I want to manage volumes manually.
php:
image: wodby/wordpress-php:$PHP_TAG
container_name: "${PROJECT_NAME}_php"
environment:
PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
DB_HOST: $DB_HOST
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
PHP_FPM_USER: wodby
PHP_FPM_GROUP: wodby
## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
# PHP_XDEBUG: 1
# PHP_XDEBUG_DEFAULT_ENABLE: 1
# PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
# PHP_IDE_CONFIG: serverName=my-ide
# PHP_XDEBUG_IDEKEY: "my-ide"
# PHP_XDEBUG_REMOTE_HOST: 172.17.0.1 # Linux
# PHP_XDEBUG_REMOTE_HOST: 10.254.254.254 # macOS
# PHP_XDEBUG_REMOTE_HOST: 10.0.75.1 # Windows
volumes:
# - ./app:/var/www/html
## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
- ./app:/var/www/html:cached # User-guided caching
# - docker-sync:/var/www/html # Docker-sync
## For XHProf and Xdebug profiler traces
# - files:/mnt/files
nginx:
image: wodby/nginx:$NGINX_TAG
container_name: "${PROJECT_NAME}_nginx"
depends_on:
- php
environment:
NGINX_STATIC_OPEN_FILE_CACHE: "off"
NGINX_ERROR_LOG_LEVEL: debug
NGINX_BACKEND_HOST: php
NGINX_VHOST_PRESET: wordpress
#NGINX_SERVER_ROOT: /var/www/html/subdir
volumes:
# - ./app:/var/www/html
# Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
- ./app:/var/www/html:cached # User-guided caching
# - docker-sync:/var/www/html # Docker-sync
labels:
- "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
- "traefik.http.routers.${PROJECT_NAME}_nginx.tls=true"
# - "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certResolver=${PROJECT_BASE_URL}"
mailhog:
image: mailhog/mailhog
container_name: "${PROJECT_NAME}_mailhog"
labels:
- "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
-"traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"
portainer:
image: portainer/portainer
container_name: "${PROJECT_NAME}_portainer"
command: --no-auth -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"
traefik:
image: traefik:v2.0
container_name: "${PROJECT_NAME}_traefik"
ports:
- "80:80"
- "443:443"
- "8080:8080" # Dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik
- ./certs:/certs
volumes:
mysql:
## Docker-sync for macOS users
# docker-sync:
# external: true
## For Xdebug profiler
# files:
My traefik.yml
providers:
file:
filename: "/etc/traefik/config.yml"
docker:
endpoint: "unix:///var/run/docker.sock"
api:
insecure: true
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
And my config.yml (I understands it that the config for the tls has to be in a separate file!?)
tls:
certificates:
- certFile: /certs/domain.test.crt
- certKey: /certs/domain.test.key
I have been battling with this for a bit now and I seem to have found the combination that gets it working, note, you do not need to have your TLS config in a separate file.
[provider]
[provider.file]
# This file
filename = "/etc/traefik/traefik.toml"
[tls.stores.default.defaultCertificate]
certFile = "/certs/mycert.crt"
keyFile = "/certs/mycert.key"
I have now solved it. My final docker-compose.yml looks like this
Many thanks to @fffnite
version: "3.7"
services:
mariadb:
image: wodby/mariadb:$MARIADB_TAG
container_name: "${PROJECT_NAME}_mariadb"
stop_grace_period: 30s
environment:
MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
MYSQL_DATABASE: $DB_NAME
MYSQL_USER: $DB_USER
MYSQL_PASSWORD: $DB_PASSWORD
ports:
- 3306:3306
volumes:
# - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
- mysql:/var/lib/mysql # I want to manage volumes manually.
php:
image: wodby/wordpress-php:$PHP_TAG
container_name: "${PROJECT_NAME}_php"
environment:
PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
DB_HOST: $DB_HOST
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
PHP_FPM_USER: wodby
PHP_FPM_GROUP: wodby
## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
# PHP_XDEBUG: 1
# PHP_XDEBUG_DEFAULT_ENABLE: 1
# PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
# PHP_IDE_CONFIG: serverName=my-ide
# PHP_XDEBUG_IDEKEY: "my-ide"
# PHP_XDEBUG_REMOTE_HOST: 172.17.0.1 # Linux
# PHP_XDEBUG_REMOTE_HOST: 10.254.254.254 # macOS
# PHP_XDEBUG_REMOTE_HOST: 10.0.75.1 # Windows
volumes:
# - ./app:/var/www/html
## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
- ./app:/var/www/html:cached # User-guided caching
# - docker-sync:/var/www/html # Docker-sync
## For XHProf and Xdebug profiler traces
# - files:/mnt/files
nginx:
image: wodby/nginx:$NGINX_TAG
container_name: "${PROJECT_NAME}_nginx"
depends_on:
- php
environment:
NGINX_STATIC_OPEN_FILE_CACHE: "off"
NGINX_ERROR_LOG_LEVEL: debug
NGINX_BACKEND_HOST: php
NGINX_VHOST_PRESET: wordpress
#NGINX_SERVER_ROOT: /var/www/html/subdir
volumes:
# - ./app:/var/www/html
# Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
- ./app:/var/www/html:cached # User-guided caching
# - docker-sync:/var/www/html # Docker-sync
labels:
- "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
- "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=web"
- "traefik.http.middlewares.${PROJECT_NAME}_https_nginx.redirectscheme.scheme=https"
- "traefik.http.routers.${PROJECT_NAME}_https_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
- "traefik.http.routers.${PROJECT_NAME}_https_nginx.entrypoints=web-secure"
- "traefik.http.routers.${PROJECT_NAME}_https_nginx.tls=true"
mailhog:
image: mailhog/mailhog
container_name: "${PROJECT_NAME}_mailhog"
labels:
- "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
- "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"
portainer:
image: portainer/portainer
container_name: "${PROJECT_NAME}_portainer"
command: --no-auth -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
labels:
- "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"
traefik:
image: traefik:v2.0
container_name: "${PROJECT_NAME}_traefik"
ports:
- "80:80"
- "443:443"
- "8080:8080" # Dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik:/etc/traefik
- ./certs:/certs
volumes:
mysql:
## Docker-sync for macOS users
# docker-sync:
# external: true
## For Xdebug profiler
# files:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With