I'm working on a project runs on Ubuntu 18.04 , I depend on Docker to run the application.
here is the production.yml file part of traefik :
traefik:
build:
context: .
dockerfile: ./compose/production/traefik/Dockerfile
image: goplus_backend_production_traefik
depends_on:
- django
volumes:
- production_traefik:/etc/traefik/acme
- ${PWD}/certs:/certs
ports:
- "0.0.0.0:80:80"
- "0.0.0.0:443:443"
here is the Dockerfile for traefik :
FROM traefik:alpine
RUN mkdir -p /etc/traefik/acme
RUN touch /etc/traefik/acme/acme.json
RUN chmod 600 /etc/traefik/acme/acme.json
COPY ./compose/production/traefik/traefik.toml /etc/traefik
and here is traefik.toml file:
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
# Entrypoints, http and https
[entryPoints]
# http should be redirected to https
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
# https is the default
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "/certs/hrattendence_gs-group_nl.chained.crt"
keyFile = "/certs/hrattendence_gs-group_nl.key"
[file]
[backends]
[backends.django]
[backends.django.servers.server1]
url = "http://django:5000"
[frontends]
[frontends.django]
backend = "django"
passHostHeader = true
[frontends.django.headers]
HostsProxyHeaders = ['X-CSRFToken']
[frontends.django.routes.dr1]
rule = "Host:<IP name>
Each time i run docker i got this error messages about traefik:
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="No tls.defaultCertificate given for https: using the first item in tls.certificates as a fallback."
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Traefik version v1.7.16 built on 2019-09-13_01:12:20PM"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=error msg="failed to load X509 key pair: tls: private key does not match public key"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc00018a280 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000619b20} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000540f30 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000619b40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Starting server on :80"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=error msg="Unable to add a certificate to the entryPoint \"https\" : unable to generate TLS certificate : tls: private key does not match public key"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Starting server on :443"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Starting provider *file.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Directory\":\"\",\"TraefikFile\":\"/etc/traefik/traefik.toml\"}"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=error msg="failed to load X509 key pair: tls: private key does not match public key"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Server configuration reloaded on :80"
traefik_1_6f05e4889627 | time="2020-09-18T23:23:49Z" level=info msg="Server configuration reloaded on :443"
It is my first time to add SSL certificate to a website, i received from my leader files with that names:
hrattendence_gs-group_nl.ca-bundle
hrattendence_gs-group_nl.csr
hrattendence_gs-group_nl.chained.crt
hrattendence_gs-group_nl.key
I read articles and tried both .ca-bundle & .crt files and added them to certFile at traefik.toml and i got the same problem. so, how to solve this problem?
How to ensure that the public key matches the private key? BTW this SSL is paid.