Hi,
I was following the guide at
https://www.youtube.com/watch?v=IBlZgrwc1T8&t=896s&pp=ygUUamltJ3MgZ2FyYWdlIHRyYWVmaWs%3D
and saw the 2 domain setup here.
https://github.com/JamesTurland/JimsGarage/blob/main/Traefik-Secure/docker-compose.yaml
I configured my docker compose and traefik.yml correctly, (See below) and it won't provide any cert (my browser shows traefik default), but when I do just one or the other it gets certs just fine... I talked to some other people having the same issue so it doesn't seem to just be me.
docker-compose:
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 81:81 # external http
- 443:443
- 444:444 # external https
environment:
NS1_API_Key: ${NS1_API_KEY}
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
secrets:
- ns1_api_key
env_file: .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./data/config.yml:/config.yml:ro
- ./logs:/var/log/traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http" # restricts dashboard to internal entrypoint
- "traefik.http.routers.dashboard.tls=true"
- "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.hogwarts.dev`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.hogwarts.dev`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=ns1"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.hogwarts.dev"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.hogwarts.dev"
- "traefik.http.routers.traefik-secure.tls.domains[1].main=hogwarts.dev"
- "traefik.http.routers.traefik-secure.tls.domains[1].sans=*.hogwarts.dev"
- "traefik.http.routers.traefik-secure.service=api@internal"
secrets:
ns1_api_key:
file: ./ns1_api_key.txt
networks:
proxy:
external: true
traefik.yml:
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
middlewares:
- crowdsec-bouncer@file
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
http:
middlewares:
- crowdsec-bouncer@file
http-external:
address: ":81"
http:
middlewares:
- crowdsec-bouncer@file
redirections:
entryPoint:
to: https-external
scheme: https
https-external:
address: ":444"
http:
middlewares:
- crowdsec-bouncer@file
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
ns1:
acme:
email: jaspermayone@gmail.com
storage: acme.json
# caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# staging
dnsChallenge:
provider: ns1
disablePropagationCheck: true
# uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
#delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
log:
level: "INFO"
filePath: "/var/log/traefik/traefik.log"
accessLog:
filePath: "/var/log/traefik/access.log"
Ty in advance for any help/suggestions!