So I have traefik
on traefik.example.com
and my-service
on example.com
in docker-swarm mode and I want to get and define Let's Encrypt certificate for example.com
and SAN for *.example.com
(tls/http challenge only). Other words any other services on www.example.com
, smth.example.com
etc. should work by https with this settings. What should I write in config?
Current configuration (doesn't work correct):
# docker-compose.traefik.yaml
version: '3.9'
services:
traefik:
image: traefik:v2.10
ports:
- 80:80
- 443:443
deploy:
restart_policy:
condition: on-failure
placement:
constraints:
- node.labels.certificate-storage == true
- node.role == manager
labels:
- traefik.enable=true
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-public-http.rule=Host(`traefik.example.com`)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
- traefik.http.routers.traefik-public-https.rule=Host(`traefik.example.com`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
- traefik.http.routers.traefik-public-https.tls.certresolver=le
- traefik.http.routers.traefik-public-https.tls.domains[0].main=example.com
- traefik.http.routers.traefik-public-https.tls.domains[0].sans=*.example.com
- traefik.http.routers.traefik-public-https.service=api@internal
- traefik.http.services.traefik.loadbalancer.server.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates
command:
- --providers.docker
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=test@gmail.com
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
networks:
- traefik-public
volumes:
traefik-public-certificates:
networks:
traefik-public:
driver: overlay
attachable: true
# docker-compose.yaml
version: "3.9"
services:
my-service:
image: my-service:latest
deploy:
replicas: 1
restart_policy:
condition: on-failure
labels:
- traefik.enable=true
- traefik.http.services.my-service.loadbalancer.server.port=8080
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.my-service-http.rule=Host(`example.com`)
- traefik.http.routers.my-service-http.entrypoints=http
- traefik.http.routers.my-service-http.middlewares=https-redirect
- traefik.http.routers.my-service-https.rule=Host(`example.com`)
- traefik.http.routers.my-service-https.entrypoints=https
- traefik.http.routers.my-service-https.tls=true
- traefik.http.routers.my-service-https.tls.certresolver=le
networks:
- traefik-public
networks:
traefik-public: