I’m trying to migrate from Nginx Proxy Manager to Traefik 2. I have a bunch of services all running in docker containers. DNS is on Cloudflare and I have one Letsencrypt wildcard cert which covers all of the services. For the past week I’m searching the net trying to find sample configuration (docker-compose + Traefik yaml if necessary) which would work in the setup described above. I came across few configs that were that were close but didn’t address the wildcard cert which I would prefer. I would greatly appreciate if somebody could share their config or point me in the right direction. Traefik documentation seems really detailed but little difficult to put together for somebody without much experience like myself.
As far as i can tell, this can be done if you set cloudflare to not proxy your ip.
Although that probably defeats the porous of using cloudflare.
I have not found a solution to this exact issue myself, but i hope to, and i will try to remember to update this thread also when i have a nice solution, than preserves the cloudflare proxying.
This is over two year old and my setup is slightly different but, just in case google lands someone here...
Wildcard certs require DNS challenge (Traefik Let's Encrypt Documentation - Traefik). There a few different options (Traefik Let's Encrypt Documentation - Traefik) but none covered my current provider so I solved the issue by getting my certs manually with certbot (User Guide — Certbot 2.6.0 documentation) - on your case, you probaly can use the cloudflare provider.
this is what worked for me:
$ certbot certonly --manual -d example.com,*.example.com
then you can create a config file for your certificates (Traefik TLS Documentation - Traefik):
[[tls.certificates]]
certFile = "/path/to/certfile"
keyFile = "/path/to/key"
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "/path/to/certfile"
keyFile = "/path/to/certfile"
make sure you put the tls configuration file in the same directory as your dynamic configuration file and change the file provider in your static config to directory:
[providers.file]
directory = "/path/to/config/dir/"
watch = true