Given below are the commands relevant to tls/certificates that i pass to traefik in my docker compose file
I now need to stop traefik from generating its own certificate and pass my own certificate which i have generated through certbot. Accordingly, i checked the user defined tls section here - Traefik TLS Documentation | Traefik | v3.0 , but i dont' see any cli option here ?
- Can someone please help me with the the cli command for the user defined tls referred above
- Lastly, which lines would i need to remove from the existing cli arguments i use.i think except the first 2 lines, i should remove everything else but just wanna confirm
It’s simple: you can not.
For own custom certs, you need to use
providers.file (or another provider) and load the dynamic TLS config (doc).
UPDATE: But at least you can place the certs inline, if you only want 1 additional file to manage (example).
thanks for the confirmation and regarding the second question, should i remove all these lines from traefik -> command: except the first 2 ?
If you want to use your own certs, then you only need the
provider to load dynamic TLS config and
to globally declare the use of TLS on that entrypoint/port.
Don’t forget to (manually) renew the certs!
iirc certbot sets up automatic renewal by default these days, lemme confirm once, oh yes certainly it does
ubuntu@xd003:/etc/systemd/system$ ls | grep certbot
It felt a weird idea to have a separate yml/toml just for 2 lines of config. So i added the following to the command: block of Traefik in my docker compose
- sh -c "mkdir -p /config && wget "https://gist.githubusercontent.com/xd003/dc5c6947bb5331834fbc07f2d97c8103/raw/f6a785cb0612a7917cc1a4c8659ff6f1a841b044/config.toml" -P /config"
That github gist link contains the following
certFile = "/etc/letsencrypt/live/xd003.site/fullchain.pem"
keyFile = "/etc/letsencrypt/live/xd003.site/privkey.pem"
I am trying to enter shell command to create the directory
/config and wget
config.toml from github gists inside that folder then use
providers.file to have traefik read that dynamic config
But the sh command doesn't seem to have worked at all, any clue what might be going wrong here ?
If it’s static, you could just use
echo "content" > /path/file.
If it’s dynamic, you could have a tiny script to add all cert files dynamically to the config file, as I have tried before:
printf "tls:\n options:\n default:\n minVersion: VersionTLS12\n certificates:\n" > $FILE
for NAME in $(find /etc/letsencrypt/live/ -maxdepth 1 -mindepth 1 -type d -print) ; do
printf "TRAEFIK TLS FILE ADD $NAME\n"
printf " # CERT FILE $NAME\n" >> $FILE
printf " - certFile: |-\n" >> $FILE
sed -e 's/^/ /' $NAME/fullchain.pem >> $FILE
printf " keyFile: |-\n" >> $FILE
sed -e 's/^/ /' $NAME/privkey.pem >> $FILE
cat <<EOT >> /config.toml
certFile = "/etc/letsencrypt/live/example.site/fullchain.pem"
keyFile = "/etc/letsencrypt/live/example.site/privkey.pem"
I just need to execute this shell command inside traefik container but its not getting accepted along with the existing parameters because ig those parameters are passed to the entrypoint. i can't really pass a shell command here. Normally such commands can be easily passed through
sh -c but don't seem possible in combination with traefik cli arguments
Did you ever check my other post? It's running a full script inside docker-compose.
Of course if you overwrite
command, you need to manually start Traefik at the end. According to the Dockerfile, its just
You also use CLI for
--providers.file, but I don't see any entrypoint declaration. You can not mix static config in traefik.yml and CLI parameters, Traefik will only use one source. Please check again the simple Traefik example.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.