disclaimer: I'm fairly new to Docker and Traefik. I'm slowly progressing and getting to know my Traefik environment.
I have a Docker swarm, in which I currently run these containers using docker-compose: Traefik, viz and a webserver (whoami). I successfully do reverse-proxy for viz and webserver, and have the TLS certificates from letsencrypt. I also managed to put in an authentication and security headers middleware using a dynamic configuration file.
I have another internal website running (which I call Digimon), outside of my docker container. I want to reverse proxy this website using a Letsencrypt certificate too. However, these certificates do not get downloaded, and I'm presented with the default Traefik certificate. The DNS record has been created in my domain.
The Traefik log shows : time="2019-12-13T10:27:17Z" level=error msg="error while parsing rule HostSNI(digimon.domain.com
): unsupported function: HostSNI" entryPointName=websecure routerName=digimon@file
The access log shows: "time="2019-12-13T10:18:03Z" level=debug msg="http: TLS handshake error from 10.0.0.3:63465: remote error: tls: unknown certificate"
What am I doing wrong ?
This is the dynamic configuration file:
tls:
options:
default:
# sniStrict: true
minVersion: VersionTLS13
mintls13:
minVersion: VersionTLS13
http:
middlewares:
auth:
basicAuth:
users:
- “test:pwd”
d-auth:
digestAuth:
users:
- “test:realm:pwd”
realm: "realm"
security-headers:
headers:
AccessControlAllowOrigin: "origin-list-or-null"
sslRedirect: true
stsSeconds: 315360000
STSPreload: true
stsIncludeSubdomains: true
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
frameDeny: true
services:
digimon:
loadBalancer:
servers:
- url: "http://192.168.0.10/"
routers:
digimon:
entryPoints:
- "websecure"
rule: "HostSNI(`digimon.domain.com`)"
middlewares:
- d-auth
- security-headers
service: digimon
tls:
certresolver: mytlschallenge```