...which works just fine without Souin. But when I configure as described in the Souin docs and wget http://traefik from the Souin terminal, I get a certificate validation failure. I've tried manually reconstructing an acme.json file and pointing Souin to it, but without success. Maybe I'm not specifying the JSON values correctly.
Anyone have any idea how to proceed? I'm at my wit's end.
Thanks for the reply, @bluepuma77, but everything works perfectly (and has been for years) without Souin in the loop.
As noted in the referenced post, Souin “fronts” Traefik when used as a container (instead of as a plugin), and therein lies the issue.
I’d prefer to use it as a plug-in, but then I get Go lang errors (which, according to the docs, is not uncommon because Traefik uses their own interpreter, which breaks things frequently).
So the issue boils down to how to properly configure TLS to appease Souin when it’s sitting in front of Traefik. I’m at a loss as to how to proceed.
...so I base64-encoded the contents of the PEM files, but it didn't help. I have a feeling I should be using something other than Account as the ttCertResolver since I'm not actually using Let's Encrypt in my dev environment. Maybe what I'm trying to do just isn't possible.
What I get at the Souin terminal is a failure to verify the certificate...
/ # wget http://traefik
Connecting to traefik (172.20.0.100:80)
Connecting to traefik (172.20.0.100:443)
08FB89483B7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:
ssl_client: SSL_connect
wget: error getting response: Connection reset by peer
Anyway, I'm at a loss and just shooting in the dark at this point.
Load the custom TLS certs in Traefik, then check directly via browser if they are served.
If that works, then it’s up to your fronting container to accept those custom TLS certs when sending requests to Traefik, it’s up to the app how to configure it.
The certs have been working in Traefik for years. They are not the issue per se.
That's precisely the issue. As depicted and described in the Souin docs, there's only ONE way to configure Souin as a container, and it seems to assume the use of Let's Encrypt, which is not the case on my dev machine.
Hey @shot the standalone server is deprecated and won't be maintained in the future.
If you want to not use Souin in front of Træfik, I suggest you to use the Caddy integration with Souin as middleware in it
You will have something like that:
incoming request -> caddy (+ souin as module) -> traefik -> app
Caddy will handle the TLS certs for you and you will get better cache performances because Træfik don't allow developers to use low level code so caddy with souin is more efficient than Traefik with souin.
Thanks for the reply, @darkweak, but I definitely DON'T want to use Souin in front of Traefik. I originally wanted to use it as Traefik middleware via Docker.
The attempt outlined in this thread was an act of desperation when I couldn't get Souin working as Traefik middleware. However, since this post, I have been successful getting Souin to work as middleware. I've invested a ton of time and effort learning the ropes with Traefik (and it's been working out well), so I have no intention of moving from Traefik.
I've also been really pleased with the performance of Souin as Traefik middleware, although I've encountered some issues related to viewing keys and purging the cache which seem like bugs. I'll be reporting issues via Github and trying the next release, so hopefully, those cache-related kinks can be worked out.
The actual setup is straightforward. It's just a plugin, and once you install and configure it, just reference the middleware in your routers, and you're off to the races.
My hurdles were due mostly to a lack of familiarity with some of the concepts and terminology and with understanding how best to integrate it into my "chain" of other middleware (which does various header and body rewrites).
The good news is that I was able to get up to speed [enough] technically through online resources; and the bugs I did identify were quickly resolved by the developer.
I would recommend giving it a go if you're looking for a cache solution.