Its not clear how (or if its possible) to store certificate base64 data in consul when consul is being used as a configuration provider.
Attaching Consul as a configuration provider to Traefik provides a way to provide dynamic configuration to Traefik without needing direct access to the filesystem, or restart containers or anything, except, when configuring a new https/tls endpoint, when populating tls:certificates: or tls:stores: it always wants a "certFile: /path/to/file"
This is a problem - we implemented Consul to avoid needing to manage and accessing files.
Hello @chrisbecke
For storing certificates I would recommend using Vault as a Key-Value Data store when you can manually upload TLS certificates and Traefik will pick up the appropriate certificates that match a domain name.
Here is the recording explaining how it should be configured. Tutorial: How to Use Traefik Enterprise and Vault // Traefik Labs - YouTube
It also works fine for Traefik Proxy, so don't be surprised that in the video we use enterprise edition.
Thank you,
1 Like
Hi,
I realise this is quite a late reply, but your message looked like it was exactly what I need. Thank you for posting a link to that YouTube video.
Can you confirm that both methods mentioned in the video are available in the open source traefik proxy? That is, both Vault PKI and Vault integration via Key-Value engine? In the latter case, I simply get an error message when trying to load the plugin.
Kind Regards,
Alexander
Having plain certs inline of a dynamic config file works for Traefik open source, see post.
Check if the plugin you mentioned is on the list, then it should be available in Traefik open source.
If something does not work, describe the error and include the full error message.
Share your full Traefik static and dynamic config, and docker-compose.yml
if used.