8wDlpd.png
8wDFp9.png
8wDEOx.png
8wDMfH.png
8wDKte.png

Traefik 默认证书被分配给我的 LCN 证书

Oran G. Utan 2月前

24 0

Treafik 版本 2.5Traefik.toml 文件# 入口点配置[entryPoints] [entryPoints.web] 地址 = \':80\' [entryPoints.websecure] 地址 = \':443\' [

Treafik 版本 2.5

Traefik.toml 文件

# Entry Points Configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http.tls]

# Providers Configuration
[providers]
  [providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

# TLS Certificates Configuration
[tls]
  [[tls.certificates]]
    certFile = "/certs/certificate.crt"
    keyFile = "/certs/private.key"
    stores = ["default"]

# TLS Stores Configuration
[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/certs/certificate.crt"
      keyFile  = "/certs/private.key"

# TLS Options Configuration
[tls.options]
  [tls.options.default]
    minVersion = "VersionTLS12"
    maxVersion = "VersionTLS13"
    cipherSuites = [
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    ]
    curvePreferences = ["CurveP521", "CurveP384"]
    sniStrict = true

# API Configuration
[api]
  dashboard = true
  insecure = true

docker-compose.yml 文件

version: '3.3'

services:
  traefik:
    image: traefik:v2.5
    command:
      - --configFile=/traefik.toml
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
      - "/certs:/certs"
      - "./traefik.toml:/traefik.toml"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`example`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=websecure"

  backend:
    build: ./backend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.backend.rule=Host(`example`)"
      - "traefik.http.services.backend.loadbalancer.server.port=4000"
      - "traefik.http.routers.backend.entrypoints=websecure"
    env_file:
      - ./backend/.env
    volumes:
      - ./backend/upload/images:/app/backend/upload/images

  frontend:
    build: ./frontend
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.frontend.rule=Host(`example`, `example`)"
      - "traefik.http.services.frontend.loadbalancer.server.port=3000"
      - "traefik.http.routers.frontend.entrypoints=websecure"
    env_file:
      - ./frontend/.env

  admin:
    build: ./admin
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.admin.rule=Host(`example`)"
      - "traefik.http.services.admin.loadbalancer.server.port=5173"
      - "traefik.http.routers.admin.entrypoints=websecure"
    env_file:
      - ./admin/.env

SSL Checker 状态:(查看图片)

我的 LCN DNS 记录:所有 A 都指向正确的 IP 地址

DNS 检查状态已解决

root@ubuntu-s-2vcpu-4gb-amd-lon1-01:/home/root/example# docker exec -it $(docker ps -qf "name=example_traefik_1") sh -c 'ls -l /certs; cat /traefik.toml'
total 8
-rw-r--r--    1 root     root          2244 Jun 24 10:53 certificate.crt
-rw-------    1 root     root          1704 Jun 20 14:49 private.key
# Entry Points Configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entryPoints.websecure]
    address = ":443"
    [entryPoints.websecure.http.tls]

# Providers Configuration
[providers]
  [providers.docker]
    endpoint = "unix:///var/run/docker.sock"
    exposedByDefault = false

# TLS Certificates Configuration
[tls]
  [[tls.certificates]]
    certFile = "/certs/certificate.crt"
    keyFile = "/certs/private.key"
    stores = ["default"]

# TLS Stores Configuration
[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/certs/certificate.crt"
      keyFile  = "/certs/private.key"

# TLS Options Configuration
[tls.options]
  [tls.options.default]
    minVersion = "VersionTLS12"
    maxVersion = "VersionTLS13"
    cipherSuites = [
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
    ]
    curvePreferences = ["CurveP521", "CurveP384"]
    sniStrict = true

# API Configuration
[api]
  dashboard = true
  insecure = true

完全不知道我遗漏了什么或者做错了什么?为什么它仍然分配默认证书而不是我的自定义证书?

帖子版权声明 1、本帖标题:Traefik 默认证书被分配给我的 LCN 证书
    本站网址:http://xjnalaquan.com/
2、本网站的资源部分来源于网络,如有侵权,请联系站长进行删除处理。
3、会员发帖仅代表会员个人观点,并不代表本站赞同其观点和对其真实性负责。
4、本站一律禁止以任何方式发布或转载任何违法的相关信息,访客发现请向站长举报
5、站长邮箱:yeweds@126.com 除非注明,本帖由Oran G. Utan在本站《ubuntu》版块原创发布, 转载请注明出处!
最新回复 (0)
  • TLS 是通过 Traefik 中的动态配置加载的( doc ),因此你需要一个单独的动态配置文件,可以通过以下方式在静态配置中加载 providers.file .

  • 我按照 https://hub.docker.com/r/look4/nginx 的指南在 Ubuntu 24.04 上安装了带有 systemd 的无根 podman 容器。我的容器运行良好,但是当我重新启动系统时,我的容器......

    的指南 https://hub.docker.com/r/look4/nginx 在 Ubuntu 24.04 上安装了带有 systemd 的无根 podman 容器。

    我的容器运行良好,但当我重新启动系统时,容器不会自动启动。在系统日志中我没有发现任何错误。

    也许指南并不完整。我阅读了许多有关 podman rootless systemd 容器的文章,但找不到缺失的部分。

    谢谢你的帮助

  • 已加载:已加载(/home/nginx/.config/containers/systemd/nginx.container;已生成)活动:未活动(已死亡)

返回
作者最近主题: