Docker, Traefik v2, SSL cannot set default cert

Traefik Traefik v2
1

Hi guys,

I am totally baffled by the v2 setup for Traefik and using a standard SSL cert.

traefik.toml

entryPoints]
  [entryPoints.http]
    address = ":80"

  [entryPoints.https]
    address = ":443"

[http.routers]
  [http.routers.https]
    [http.routers.https.tls]
      options = "myTLSOptions"
      entryPoints = [ "https" ]

[[tls.certificates]]
  certFile = "/tls/cert.cert"
  keyFile = "/tls/key.key"

[tls.stores]
  [tls.stores.default.defaultCertificate]
    certFile = "/tls/cert.cert"
    keyFile = "/tls/key.key"

[tls.options]
  [tls.options.default]
    minVersion = "VersionTLS12"

  [tls.options.myTLSOptions]
    minVersion = "VersionTLS13"
    cipherSuites = [
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
          "TLS_RSA_WITH_AES_256_GCM_SHA384"
        ]

    [api]
      dashboard = true
      insecure = true

    [providers.docker]
      endpoint = "unix:///var/run/docker.sock"

[log]
  level = "DEBUG"

Container Labels

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.people-app.rule=PathPrefix(`/people`)"
      - "traefik.http.middlewares.people-app-pathstrip.stripprefix.prefixes=/people"
      - "traefik.http.routers.people-app.entrypoints=https"
      - "traefik.http.routers.people-app.middlewares=people-app-pathstrip@docker"
      - "traefik.http.routers.people-app.tls.options=myTLSOptions@file"
      - "traefik.http.routers.people-app.tls=true"

Traefik compose file

version: "3.7"

services:
  traefik:
    image: "traefik:v2.0.0"
    container_name: "traefik"
    deploy:
      resources:
        limits:
          cpus: "0.10"
          memory: "120m"
        reservations:
          memory: "50m"
      restart_policy:
        condition: any
    command:
       - "--providers.file=true"
       - "--providers.file.filname=/dyn/dynamic.toml"
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=services"
      - "traefik.http.routers.traefik.entrypoints=https"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefikloadbalancer.server.port=8080"
    secrets:
    - source: traefik_cert
      target: /tls/cert.cert
      uid: "0"
      mode: 400
    - source: traefik_key
      target: /tls/key.key
      uid: "0"
      mode: 400
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - ./traefik.toml:/traefik.toml:ro
    networks:
      - services

secrets:
  traefik_cert:
    external: true
  traefik_key:
    external: true
networks:
  services:
    external: true

All I can get it to do is serve the default cert. No matter what I try I cant work out how to set the default cert. Nor can I work out how to assign a cert.

2

Hello,

in the v2, the dynamic configuration and the static must define in separated files:

# traefik.toml
# static configuration

[entryPoints]
  [entryPoints.http]
    address = ":80"

  [entryPoints.https]
    address = ":443"

[providers.file]
  filename = "/dynamic.toml"

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"

[api]
  dashboard = true
  insecure = true

[log]
  level = "DEBUG"

# dynamic.toml
# dynamic configuration

[http.routers]
  [http.routers.https]
    [http.routers.https.tls]
      options = "myTLSOptions"
      entryPoints = [ "https" ]

[[tls.certificates]]
  certFile = "/tls/cert.cert"
  keyFile = "/tls/key.key"

[tls.stores]
  [tls.stores.default.defaultCertificate]
    certFile = "/tls/cert.cert"
    keyFile = "/tls/key.key"

[tls.options]
  [tls.options.default]
    minVersion = "VersionTLS12"

  [tls.options.myTLSOptions]
    minVersion = "VersionTLS13"
    cipherSuites = [
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
          "TLS_RSA_WITH_AES_256_GCM_SHA384"
        ]
3

Awesome mate that sorted that one out.