Is there any plan to bring back the possibility to use Traefik as a global proxy in Docker Swarm and have it play nicely with Lets Encrypt, in v3? I understand this was possible in v1 but not v2.
I have setup in v2 a single lego container that accomplishes this but it's a little buggy when first reading the files in from a shared file provider.
This is a regular discussion here to use LetsEncrypt with multiple Traefik instances with Docker Swarm. It's too bad that Docker Swarm configs
and secrets
are not update-able.
Traefik EE supports "distributed" LetsEncrypt out-of-the-box, it requires a subscription, I think it uses consul
as distributed storage.
It was discussed to use a shared folder to store acme.json
, not sure if that works, haven't tested myself.
I build a proof-of-concept to use a certbot
instance in Docker Swarm behind Traefik that provides a Traefik dynamic configuration via http with certificates inline.
I also build a proof-of-concept to run syncthing
as distributed storage in Docker Swarm on which the dynamic config file could be stored - if you prefer provider.file
over provider.http
. Note that syncthing
syncing is probably too slow to use directly with Traefik's acme.json
.
If you already have a distributed storage, then adapting my certbot to create the dynamic config file is probably the easiest solution, use it with provider.file
and enable watch
.
Hi bluepuma77, thanks for the info. I'd say this is a little of topic so I will update my other thread from last november about this matter which is here: Traefik Proxy on Docker Swarm Multiple Managers - #4 by DevilaN
but it would be great to know from others if this feature is coming back
Well, the feature is there, you just need to pay for Traefik EE. The devs need to get paid, too