ssl-certificate - Traefik - 多个子域的 TLS 证书不起作用
问题描述
我正在使用 traefik 作为我的基础设施的反向代理。我想使用 docker compose 进行部署,这样的堆栈:
- Traefik:反向代理
- 下一云
- Redis:Nextcloud 缓存
- Postgres:Nnextcloud Db
- 高斯:VCS
- Postgres:Gogs Db
我的作曲如下:
version: "3.3"
volumes:
nextcloud-www:
driver: local
nextcloud-db:
driver: local
nextcloud-redis:
driver: local
letsencrypt:
driver: local
gogs-data:
driver: local
gogs-db:
driver: local
services:
#Traefik
traefik:
image: traefik
container_name: traefik
restart: unless-stopped
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver.acme.email=myemail@email.email"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- nextcloud
- gogs
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- letsencrypt:/letsencrypt
labels:
traefik.enable: true
# Nextcloud
nextcloud:
image: nextcloud
container_name: nextcloud
restart: unless-stopped
networks:
- nextcloud
depends_on:
- nextcloud_redis
- nextcloud_db
labels:
traefik.enable: true
traefik.http.routers.nextcloud.middlewares: nextcloud,nextcloud_redirect
traefik.http.routers.nextcloud.tls.certresolver: myresolver
traefik.http.routers.nextcloud.rule: Host(`cloud.mydomain.fr`)
traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue: ALLOW-FROM https://mydomain.fr
traefik.http.middlewares.nextcloud.headers.contentSecurityPolicy: frame-ancestors 'self' mydomain.fr *.mydomain.fr
traefik.http.middlewares.nextcloud.headers.stsSeconds: 155520011
traefik.http.middlewares.nextcloud.headers.stsIncludeSubdomains: true
traefik.http.middlewares.nextcloud.headers.stsPreload: true
traefik.http.middlewares.nextcloud_redirect.redirectregex.regex: /.well-known/(card|cal)dav
traefik.http.middlewares.nextcloud_redirect.redirectregex.replacement: /remote.php/dav/
environment:
POSTGRES_HOST: nextcloud_db
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: password
NEXTCLOUD_ADMIN_USER: dimitri_admin
NEXTCLOUD_ADMIN_PASSWORD: password
REDIS_HOST: nextcloud_redis
NEXTCLOUD_TRUSTED_DOMAINS: cloud.mydomain.fr
TRUSTED_PROXIES: 172.18.0.0/16
volumes:
- nextcloud-www:/var/www/html
# Nextcloud Db
nextcloud_db:
image: postgres
container_name: nextcloud_db
restart: unless-stopped
networks:
- nextcloud
environment:
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD: password
volumes:
- nextcloud-db:/var/lib/postgresql/data
# Nextcloud Redis
nextcloud_redis:
image: redis
container_name: nextcloud_redis
restart: unless-stopped
networks:
- nextcloud
volumes:
- nextcloud-redis:/var/lib/redis
# Gogs
gogs:
image: gogs/gogs-rpi
container_name: gogs
restart: unless-stopped
networks:
- gogs
depends_on:
- gogs_db
labels:
traefik.enable: true
traefik.http.services.gogs.loadbalancer.server.port: 3000
traefik.http.routers.gogs.tls.certresolver: myresolver
traefik.http.routers.gogs.rule: Host(`git.mydomain.fr`)
environment:
# Postgres config
POSTGRES_HOST: gogs_db
POSTGRES_DB: gogs
POSTGRES_USER: gogs
POSTGRES_PASSWORD: password
volumes:
- gogs-data:/data
# Gogs database
gogs_db:
image: postgres
container_name: gogs_db
restart: unless-stopped
networks:
- gogs
environment:
POSTGRES_DB: gogs
POSTGRES_USER: gogs
POSTGRES_PASSWORD: password
volumes:
- gogs-db:/var/lib/postgresql/data
# Networks
networks:
nextcloud:
external: true
gogs:
external: true
问题如下:没有为我的网站生成证书。
我该怎么做 ?谢谢 !
解决方案
选项 1:使用通配符...
https://docs.traefik.io/https/acme/#wildcard-domains
选项 2:多个证书...
制作多个证书解析器和证书文件(每个域 1 个)并在服务中使用它们。
services:
traefik:
command:
- "--certificatesresolvers.myresolver1.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver1.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver1.acme.email=myemail@email.email"
- "--certificatesresolvers.myresolver1.acme.storage=/letsencrypt/domain1.json"
- "--certificatesresolvers.myresolver2.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver2.acme.httpchallenge.entrypoint=web"
- "--certificatesresolvers.myresolver2.acme.email=myemail@email.email"
- "--certificatesresolvers.myresolver2.acme.storage=/letsencrypt/domain2.json"
nextcloud:
labels:
traefik.http.routers.nextcloud.tls.certresolver: myresolver1
gogs:
labels:
traefik.http.routers.gogs.tls.certresolver: myresolver2
推荐阅读
- reactjs - 反应私人路线
- android - 在 Xamarin Android 项目中添加 Firebase Crashlytics 的问题
- html - 视频会议,如使用 css 网格的视频网格
- reactjs - 是否可以在 React 应用程序之外改变组件状态?
- c# - 如何按字母顺序将字符串插入新数组?
- java - 将 scriplet 部分转换为 java 类
- javascript - 使用画布 drawImage 不透明度问题将图像包裹在圆柱体周围
- javascript - wasm/dotnet 完整性属性对 Github 页面上的 Blazor 应用程序无效
- makefile - 在 Makefile 中有几乎重复的目标规则的后果是什么?
- node.js - MongoTimeoutError: 名称: 'MongoNetworkError', [Symbol(mongoErrorContextSymbol)]: {}