Docker SSL Certificates

Hi all,

Working on moving from V1 to V2.

So far all seems to carry over pretty well with the exception of the SSL certificates.
I cannot seem to get it nailed down.

Can someone direct me to the correct location to set the SSL cert to be used?

I have a wild card cert that will be used for all containers sitting behind Traefik.

docker-compose.tml:

version: '3.7'
services:
  reverse-proxy:
    # The official v2.0 Traefik Docker image
    image: traefik:v2.0
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - "--log.level=DEBUG"
      - "--log.filepath=/traefik.log"
      - "--log.format=json"
      - "--api=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=reverse-proxy"
      - "traefik.http.routers.traefik.rule=Host(`test.dev.com`)"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefikloadbalancer.server.port=8080"
    ports:
      # The HTTP port
      - "80:80"
      # The HTTPS port
      - "443:443"
      # The web UI
      - "8080:8080"
    volumes:
      # So that traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /srv/ssl/:/etc/traefik/ssl
      - ./logs/traefik.log:/traefik.log
    networks:
      - reverse-proxy

networks:
  reverse-proxy:
    name: reverse-proxy

The assistance is appreciated!

Hello !
You can head to https://docs.traefik.io/https/tls/#certificates-stores to define certificates to be used !

I added the following to traefik.toml and still get the self-signed cert...

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "path/to/cert.crt"
      keyFile  = "path/to/cert.key"

Is there anything beyond that needed?

Hello,

In the v2 the dynamic configuration and the static configuration must be defined in 2 different files.

version: '3.7'
services:
  reverse-proxy:
    # The official v2.0 Traefik Docker image
    image: traefik:v2.0
    # Enables the web UI and tells Traefik to listen to docker
    command:
      - "--log.level=DEBUG"
      - "--log.filepath=/traefik.log"
      - "--log.format=json"
      - "--api=true"
      - "--api.dashboard=true"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--providers.file=true"
      - "--providers.file.filname=/dyn/dynamic.toml"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=reverse-proxy"
      - "traefik.http.routers.traefik.rule=Host(`test.dev.com`)"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefikloadbalancer.server.port=8080"
    ports:
      # The HTTP port
      - "80:80"
      # The HTTPS port
      - "443:443"
      # The web UI
      - "8080:8080"
    volumes:
      # So that traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /srv/ssl/:/etc/traefik/ssl
      - ./logs/traefik.log:/traefik.log
      - ./dyn/:/dyn/
    networks:
      - reverse-proxy

networks:
  reverse-proxy:
    name: reverse-proxy

That did it!

That makes sense now that I see it in a real config file. The Docs didn't make it so clear...

Now...probably for another thread but any container that I try to hit as HTTPS gets the cert correctly but returns a 404...

Hi
Can you post the snippet of both files static and dynamic
I have a real struggle with the documentation
thanks

Snippets for static: https://docs.traefik.io/v2.0/reference/static-configuration/file/
Snippets for dynamic: https://docs.traefik.io/v2.0/reference/dynamic-configuration/file/