Docker (Swarm) labels, Let's Encrypt, onHostRule and wildcard certificates

luislavena · September 7, 2019, 5:15pm

Hello folks,

My setup of Traefik is using command line options (no configuration file) and deploy labels for services.

I've deployed a few services that define specific Host:, and those services have received the correct Let's Encrypt certificates.

However, I'm struggling to find documentation or pointers on how to correctly use docker labels so one service using HostRegexp to generate a wildcard certificate.

All the docs points that is not possible to use onHostRule for wildcard, so I'm wondering if those can be generated only using labels.

I've tried the following within my docker compose deploy labels section:

services:
  server:
    image: my-image:latest
    deploy:
      mode: replicated
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.port=80
        - traefik.frontend.rule=HostRegexp:{subdomain:[a-z]+}.mydomain.com
        - traefik.acme.domains.main=*.mydomain.com
        - traefik.acme.domains.sans=mydomain.com

I'm using --acme.dnschallenge --acme.dnschallenge.provider=cloudflare and setting the required environment variables.

As mentioned, this works great for Host: rules (as the docs say) but not sure how I can generate those for services without having to use a TOML configuration file.

I'm using Traefik 1.7.14:

Version:      v1.7.14
Codename:     maroilles
Go version:   go1.12.8
Built:        2019-08-14_09:46:58AM
OS/Arch:      linux/amd64

Thank you in advance for your responses.

Cheers,
Luis

ldez · September 7, 2019, 6:40pm

Hello,

To get wildcard certificates you must use acme.domain in the static configuration:

https://docs.traefik.io/configuration/acme/#wildcard-domains

It's not possible to use HostRegexp and onHostRule to get wildcard certificates: onHostRule only works with the Host rule.

luislavena · September 8, 2019, 5:48pm

Thank you for your response Idez, was hoping could avoid the static configuration in some way, but seems have no option.

Cheers.
Luis

luislavena · September 9, 2019, 12:58pm

Hello,

For the record, I ended adding the domains to the command line options instead of creating a TOML file:

services:
  traefik:
    image: traefik:1.7
    command:
    # ...
      - "--acme.domains=*.mydomain.com,mydomain.com"

Thus avoiding having to build a custom container or setup a volume mount for it.

Cheers.

Topic		Replies	Views
Can't create letsencrypt wildcard certificates with traefik 2.0.0-beta1 Traefik v2 docker-swarm , letsencrypt-acme	6	8358	February 25, 2020
Let's encrypt for a lot of domains automatically Traefik v2 docker , docker-swarm , letsencrypt-acme	14	3967	October 23, 2023
Multiple domains Let's encrypt certificates in labels Traefik v2 docker , letsencrypt-acme	3	4092	October 23, 2022
Wildcard certificate on demand with docker-compose / rancher Traefik v1 rancher , docker , letsencrypt-acme	2	866	July 17, 2019
[fixed] Docker Swarm + LetsEncrypt with just labels and command line (no TOML) not working Traefik v2 docker-swarm , letsencrypt-acme	1	743	September 5, 2019

Docker (Swarm) labels, Let's Encrypt, onHostRule and wildcard certificates

Related Topics