docker - Traefik v2 和 Invalid Lets Encrypt 证书
问题描述
从 traefik 1 升级到 2 后,我遇到了 traefik 生成证书的问题。我正在使用 docker 提供程序,并使用标签设置所有内容。
这是证书测试的链接:https ://check-your-website.server-daten.de/?q=staging.evopoints.co.za
静态traefik.yml
配置是:
global:
checkNewVersion: true
sendAnonymousUsage: false
providers:
docker:
exposedByDefault: false
watch: true
entryPoints:
web-insecure:
address: ":80"
web-secure:
address: ":443"
transport:
lifeCycle:
requestAcceptGraceTimeout: 42
graceTimeOut: 42
respondingTimeouts:
readTimeout: 42
writeTimeout: 42
idleTimeout: 42
certificatesResolvers:
letsencrypt:
acme:
email: <private-email>
storage: acme.json
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
httpChallenge:
entryPoint: web-insecure
api:
insecure: true
dashboard: true
debug: true
log:
filePath: /mnt/logs/traefik/traefik.log
level: DEBUG
accessLog:
filePath: /mnt/logs/traefik/access.log
以下是来自的相关片段docker-compose.yml
:
version: '3'
services:
webapp:
image: <private registry>
restart: always
volumes:
... snipped list of volumes ...
labels:
- "traefik.enable=true"
# Create a bunch of required middlewares
- "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"
- "traefik.http.middlewares.www-redirect.redirectregex.regex=^https://evopoints.co.za/(.*)"
# Note: all dollar signs need to be doubled for escaping.
- "traefik.http.middlewares.www-redirect.redirectregex.replacement=https://staging.evopoints.co.za/$${1}"
- "traefik.http.middlewares.webapp.headers.customrequestheaders.http-x-forwarded-proto=https"
- "traefik.http.middlewares.webapp.headers.sslredirect=true"
- "traefik.http.middlewares.webapp.headers.sslforcehost=true"
- "traefik.http.middlewares.webapp.headers.sslhost=staging.evopoints.co.za"
# Insecure Entry
- "traefik.http.routers.webapp-insecure.entrypoints=web-insecure"
- "traefik.http.routers.webapp-insecure.rule=Host(`staging.evopoints.co.za`)"
- "traefik.http.routers.webapp-insecure.middlewares=https-redirect"
# Secure entry
- "traefik.http.routers.webapp.entrypoints=web-secure"
- "traefik.http.routers.webapp.rule=Host(`staging.evopoints.co.za`)"
- "traefik.http.routers.webapp.tls=true"
- "traefik.http.routers.webapp.tls.certresolver=letsencrypt"
- "traefik.http.routers.webapp.middlewares=webapp"
nginx:
image: <private_registry>
restart: always
volumes:
... snipped volumnes ...
labels:
- "traefik.enable=true"
- "traefik.http.services.nginx.loadbalancer.server.port=443"
- "traefik.http.routers.nginx.tls=true"
- "traefik.http.routers.nginx.entrypoints=web-secure"
- "traefik.http.routers.nginx.rule=Host(`staging.evopoints.co.za`) && (PathPrefix(`/static`, `/media`) || Path(`/service-worker.js`))"
traefik:
image: traefik:v2.1
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./resources/traefik/traefik.yml:/traefik.yml
- ./resources/traefik/acme.json:/acme.json
- ./logs/traefik:/mnt/logs/traefik
解决方案
解决方案正如 zeitounator 在我的帖子的评论中指出的那样。Letencrypt 暂存环境未正确签署证书,这是预期的,因此看起来无效。暂存环境仅用于测试是否确实生成了证书,仅此而已。
更改为生产证书解析器后,一切都按预期工作。
推荐阅读
- php - 向 Woocommerce 3 中的“谢谢”页面添加附加消息
- angular - Reactive FormGroup 隐藏默认值
- javascript - ReactJS/JavaScript RegExr 将对象 html 的数据转换为文本
- r - 如何使用自己想要的颜色让图例出现在我的情节中?
- mongodb - Meteor 使用 MongoDB-collection 和已经存在的对象数组
- kubernetes-helm - helm lint:INFO Chart.yaml:推荐使用图标
- javascript - Jquery表单提交变量未定义
- python - Tensorflow - 如何让聊天机器人使用已经训练过的模型/加载模型时出错
- android - 奇怪的BLE连接状态
- ios - 想从 firebase 获取数据