Hello, sorry for my English, I am trying to use wildcard certified files. I would also like to be able to generate with Let's Encrypt but I am not able to use both at the same time. I always take the files by default.
docker-compose.yml
version: "3.8"
services:
traefik:
container_name: ctpx_traefik_${SERVER_NAME}
image: "traefik:${TRAEFIK_VERSION}"
restart: unless-stopped
command:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker=true
- --providers.docker.endpoint=tcp://socket-proxy:2375
- --providers.docker.exposedByDefault=false
- --api
- --api.dashboard=true
- --log.level=DEBUG
- --accesslog=true
- --accesslog.filepath=.logs
- --accesslog.format=json
- --accesslog.filters.statuscodes=200,300-302
- --accesslog.filters.retryattempts
- --accesslog.filters.minduration=10ms
- --providers.file.filename=/traefik_conf.yaml
- --providers.file.watch=true
ports:
- "80:80" #web
- "443:443" #websecure
volumes:
- ".logs:/var/log"
- "./letsencrypt:/letsencrypt"
- "./letsencrypt2:/letsencrypt2"
- "./traefik_conf.yaml:/traefik_conf.yaml"
labels:
- "traefik.enable=true"
# Redirigir todo HTTP a HTTPS permanentemente
- traefik.http.routers.http_catchall.rule=HostRegexp(`{any:.+}`)
- traefik.http.routers.http_catchall.entrypoints=web
- traefik.http.routers.http_catchall.middlewares=https_redirect
- traefik.http.middlewares.https_redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https_redirect.redirectscheme.permanent=true
traefik_config.yaml
tls:
options:
default:
minVersion: VersionTLS12
sniStrict : true
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
mintls13:
minVersion: VersionTLS13
certificates:
- certFile: /letsencrypt2/domain1.com/fullchain.pem
keyFile: /letsencrypt2/domain1.com/privkey.pem
stores:
- default
# - certFile: /letsencrypt2/domain2.com/other-domain.cert
# keyFile: /letsencrypt2/domain2.com/other-domain.key
# Esto es para tener varios certifacadores
certificatesResolvers:
le01: #letsencrypt-01
acme:
email: user01@domain
storage: /letsencrypt/letsencrypt01.json
keyType: RSA8192
tlschallenge:
# entryPoint: http
le02: #letsencrypt-02
acme:
email: user02@domain
storage: /letsencrypt/letsencrypt02.json
keyType: RSA8192
tlschallenge:
entryPoint: http
buypass:
acme:
email: user03@domain
storage: /letsencrypt/buypass.json
caServer: https://api.buypass.com/acme/directory
keyType: EC256
tlschallenge:
entryPoint: http
#para generar wilcard
le-dns:
acme:
email: user04@domain
storage: /letsencrypt/ledns.json
keyType: EC384
dnsChallenge:
provider: acme-dns
Site 1: docker-compose.yml for sub.domain1.com. wildcard works. Result * .domain1.com
version: "3.7"
services:
whoami:
image: "traefik/whoami"
container_name: "test1"
networks:
- traefik-public
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`sub.domain1.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls=true"
networks:
traefik-public:
external: true
Site 2 docker compose.yml www.sub.domain1.com doesn't work. Result * .domain1.com
version: "3.7"
services:
whoami:
image: "traefik/whoami"
container_name: "test2"
networks:
- traefik-public
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`www.sub.domain1.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=le01"
networks:
traefik-public:
external: true
Site 3 docker compose.yml site.sub.domain1.com doesn't work. Result * .domain1.com
version: "3.7"
services:
whoami:
image: "traefik/whoami"
container_name: "test3"
networks:
- traefik-public
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`site.sub.domain1.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=le02"
networks:
traefik-public:
external: true
Always uses the wilcard certificate by default.
Any suggestions that they have tried and works?