Zack
August 4, 2019, 11:21am
1
And the acme.json format changes so I am forced to renew them all.
[log]
level = "DEBUG"
[providers]
[providers.file]
filename = "/o/traefik.toml"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
usebindportip = false
[api]
#entryPoint = "traefik"
dashboard = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[retry]
[certificatesResolvers.sample.acme]
email = "zack@x.com"
storage = "/o/acme.json"
[acme.httpChallenge]
# used during the challenge
entryPoint = "web"
#[accessLog]
#filePath = "/var/log/access.log"
[http.routers]
[http.routers.web-secure-redirect]
rule = "HostRegexp(`{any:.*}`)"
middlewares = ["web-secure-redirect"]
service = "dummy"
[http.middlewares]
[http.middlewares.web-secure-redirect.redirectscheme]
scheme = "https"
[http.services]
[http.services.dummy.LoadBalancer]
[[http.services.dummy.LoadBalancer.servers]]
url = ""
ldez
August 4, 2019, 11:26am
2
dalan
August 4, 2019, 11:48am
3
@Zack if you run through your logs you should see what's going wrong by grep
ping for error
and cert
.
Here's my dnsChallenge config:
[certificatesresolvers.cloudflare.acme]
email = "email@gmail.com"
storage = "/acme.json"
[certificatesresolvers.cloudflare.acme.dnschallenge]
provider = "cloudflare"
delayBeforeCheck = 3
resolvers = ["1.1.1.1:53", "1.0.0.1:53"]
ldez
August 4, 2019, 2:47pm
4
There is an eror in your configuration:
[certificatesResolvers.sample.acme]
email = "zack@x.com"
storage = "/o/acme.json"
[acme.sample.httpChallenge] # <------------
# used during the challenge
entryPoint = "web"
Zack
August 4, 2019, 2:54pm
5
Hi all, and thank you for the help.
For some reason I wasn't able to see any acme errors, it just stayed silent in that regard.
I've moved forward with everyone's help, now I'm getting:
time="2019-08-04T14:51:25Z" level=debug msg="No domain parsed in provider ACME" routerName=t rule="HostRegexp(`{host:.*}`)" providerName=acme.basic
traefik.toml
[log]
level = "DEBUG"
[providers]
[providers.file]
filename = "/o/dynt.toml"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
usebindportip = false
[api]
#entryPoint = "traefik"
dashboard = true
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[retry]
[certificatesResolvers.basic.acme]
email = "acme@apertron.com"
storage = "/o/acme.json"
[acme.basic.httpChallenge]
# used during the challenge
entryPoint = "web"
dynt.toml
[http]
[http.middlewares]
[http.middlewares.compression.compress]
# https redirect
[http.middlewares.https_redirect.redirectscheme]
scheme = "https"
permanent = true
[http.routers]
[http.routers.t]
rule = "HostRegexp(`{host:.*}`)"
[http.routers.t.tls]
certResolver = "basic"
compose
reverse-proxy:
image: traefik:2.0-alpine
command: --configFile=/o/traefik.toml --api --providers.docker # Enables the web UI and tells Traefik to listen to docker
ports:
- "80:80" # The HTTP port
- "443:443" # The HTTP port
- "9800:8080" # The HTTP port
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik:/o/
- /var/log/access.log:/var/log/access.log
container_name: traefik
labels:
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=https_redirect"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
Thanks again.
ldez
August 4, 2019, 3:04pm
6
A router define in the file provider must be linked to a service.
In Docker, by default, if there is only one router, the service is automatically created and linked to the router.
By default Traefik try to find a Host()
rule (HostRegexp()
is different from Host()
).
If there is no Host()
rule, Traefik will try to use the domains
defined in the tls
section of the router.
Zack
August 4, 2019, 3:52pm
7
Hi,
How can I have a default configuration for all routers? I want to ACME used for all routers, as before, do I need to specify a cert provider in all my docker compose files or is there a way to do it in one fell swoop?
Thanks,
Zack
Zack
August 4, 2019, 7:07pm
8
time="2019-08-04T19:07:18Z" level=info msg="Testing certificate renew..." providerName=acme.basic
time="2019-08-04T19:07:18Z" level=debug msg="Configuration received from provider acme.basic: {\"http\":{},\"tls\":{}}" providerName=acme.basic
I don't get much else, nothing saying error.
ldez
August 4, 2019, 7:08pm
9
With the new certificate resolvers it's not possible: you have to define the certResolver
on all routers.
Zack
August 4, 2019, 7:09pm
10
Any plans to change that?
ldez
August 4, 2019, 7:14pm
11
With this change, you can now have dynamic wildcards certificates, use multiple acme challenges, and more.
To do that you have to define the certResolver
on the routers.
Then there is a cost but it seems acceptable.
trajano
September 13, 2019, 5:54am
12
@Zack with your config, did you find your certificate actually being stored in /o/acme.json
?