Help with configuring Traefik with Self Signed certificates

Hey community!

I'm using docker as a provider and at the moment trying to configure self signed certificates for Treafik. I'm following step by step all the settings but it seems I'm missing something as Traefik keeps serving its own certs.

This is my docker-compose.yml:

version: '3.7'
services:
  # traefik service
  traefik:
    image: "traefik:v2.2"
    command:
      - --providers.file.filename=/dynconf/dyn.toml
      - --providers.file.watch=true
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.to-dashboard.rule=Host(`dashboard.local`)"
      - "traefik.http.routers.to-dashboard.entrypoints=dashboard"
      - "traefik.http.routers.to-dashboard.middlewares=auth"
      - "traefik.http.routers.to-dashboard.service=api@internal"
      - "traefik.http.middlewares.auth.basicauth.users=test:<redacted>"

    container_name: "traefik"
    ports:
      - "11000:80"
      - "11001:443"
      - "127.0.0.1:11002:8181"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/home/traefik/traefik.toml:/traefik.toml:ro"
      - "/home/traefik/dynconf/dyn.toml:/dynconf/dyn.toml"
      - "/home/traefik/certs/:/certs/"

  whoami:
    image: "traefik/whoami"
    container_name: "whoami"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.to-whoami.rule=Host(`container.internal`)"
      - "traefik.http.routers.to-whoami.entrypoints=web"
      - "traefik.http.routers.to-whoami.middlewares=https_redirect"

      - "traefik.http.routers.to-whoami-secure.rule=Host(`container.internal`)"
      - "traefik.http.routers.to-whoami-secure.entrypoints=websecure"
      - "traefik.http.routers.to-whoami-secure.tls=true"

      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"

  httpecho2:
    image: "hashicorp/http-echo"
    container_name: "httpecho1"
    command: "-text='whoami hello world'"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.to-httpecho2.rule=Host(`container.internal`) && Path(`/httpecho`)"
      - "traefik.http.routers.to-httpecho2.entrypoints=web"
      - "traefik.http.routers.to-httpecho2.middlewares=https_redirect"

      - "traefik.http.routers.to-httpecho2-secure.rule=Host(`container.internal`) && Path(`/httpecho`)"
      - "traefik.http.routers.to-httpecho2-secure.entrypoints=websecure"
      - "traefik.http.routers.to-httpecho2-secure.entrypoints=websecure"
      - "traefik.http.routers.to-httpecho2-secure.tls=true"

      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https_redirect.redirectscheme.permanent=true"

networks:
  default:
    external:
      name: "traefik_network"

And this is my dynamic configuration:

[[tls.certificates]]
  certFile = "/certs/container.crt"
  keyFile = "/certs/container.key"

Would appreciate any recommendations.

Thanks

Hello,

In Traefik v2, the sources of static configuration are mutually exclusive:

This means that you can't use CLI flags and file (traefik.toml) at the same time, you have to choose between CLI flags and file (traefik.toml).

So you have to move the section:

to the traefik.toml file.

Also, I recommend using directory instead of filename.

[providers.file]
  directory = "/dynconf"
  watch = true

Hi @ldez,

Thank you so much! This one worked!

I thought TLS was dynamic configuration, that's why I added it as a command line argument. Any reference in the documentation says it's dynamic configuration: https://doc.traefik.io/traefik/v2.3/https/tls/

I have one more issue. On the server I'm testing Traefik on, I'm already running Apache on ports 80 and 443. When I do a curl to http://container.internal:11000 I'm redirected to https://container.internal and presented with the page that Apache serves on 443 instead of https://container.internal:11001. Which configuration I'll have to change for this? I'm not able to explain why this happens

The TLS section is a part of the dynamic configuration and must be define through the file provider.

The CLI Flags are related to the static configuration.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.