Http is working - https is not

Traefik Traefik v2
1

I think I have done the most simple test of Traefik I can.

I downloaded the default config and added the tls node

[entryPoints]
[entryPoints.web]
address = ":80"

[entryPoints.websecure]
address = ":443"

[[tls.certificates]]
certFile = "/etc/traefik/home.local.crt"
keyFile = "/etc/traefik/home.local.key"

My docker run looks like this

docker run -d --name Traefik -p 8080:8080 -p 80:80 -p 443:443 -v "//etc/dockerstorage/traefik/traefik.toml:/etc/traefik/traefik.toml" -v /var/run/docker.sock:/var/run/docker.sock traefik:latest

http works fine but https does not. I get an 404 error and it looks like it's the default traefik certifikat that is being used and not my own.

2

Hi @Hamsterman

TLS will have to be enabled on the Entrypoint or router, this is not done by default.
https://doc.traefik.io/traefik/routing/entrypoints/#tls
https://doc.traefik.io/traefik/routing/providers/docker/#routers
see: traefik.http.routers.<router_name>.tls

3

Thanks alot for your reply.

This made it work more or less

[entryPoints.websecure]
address = ":443"

[entryPoints.websecure.http.tls]
  [[entryPoints.websecure.http.tls.domains]]
    main = "home.local"
    sans = ["*.home.local"]

Now the https is responding - but I can't figure out how to have Traefik use my own certificate though.

4

The tls.domains main and sans options is for requesting certificates via lets encrypt.

[entryPoints.websecure.http.tls] will be enough to activate TLS.

Check the logs for errors/warnings at startup. Enable the debug if necessary.

The router must have a Host rule that matches a certificate, san or wildcard in the certificate otherwise the Traefik Default certificate will be used.

How are you testing https, browser or command line ?

5

Thanks for your reply

I tried this configuration then:

[entryPoints]
[entryPoints.web]
address = ":80"

[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]

[http.routers]
[http.routers.Router-1]
# By default, routers listen to every entry points
rule = "Host(home.local)"
service = "service-1"

Still the TLS (https) is working but the default Traefik certificate is being used.
There are no errors in the log.
Also I find it odd that I don't need to configure where my custom certificate is located so I added this to my docker run

-v "//etc/dockerstorage/traefik/certificates:/certificates:ro"

In the certificates folder I placed home.local.crt and home.local.key (generated with openssl).

I am testing using a browser.

6

I had the same problem configuring TLS with custom cert.
I'm new to traefik so the following statements may not be accurate.

https://doc.traefik.io/traefik/https/tls/#user-defined
You need to provide your tls config in a seperate file, like this YAML (tls.yml):

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /config/tls.crt
        keyFile: /config/tls.key
  certificates:
    - certFile: /config/tls.crt
      keyFile: /config/tls.key

I configure the traefik container like this:

  reverseproxy:
    image: "traefik:v2.4"
    restart: always
    command: >-
      --log.level=DEBUG
      --api.insecure=true
      --providers.docker=true
      --providers.docker.exposedbydefault=false
      --providers.file.directory=/config/
      --entrypoints.web.address=:80
      --entrypoints.web.http.redirections.entryPoint.to=websecure
      --entrypoints.websecure.address=:443
    ports:
      - "80:80"
      - "443:443"
      - "127.0.0.1:8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./reverseproxy/:/config/

The local reverseproxy directory contains the three files tls.crt, tls.key and tls.yml (see above)

1 Like
7

Finally it works - Thanks alot @deceptiveSimplicity

I created the new tls.yml config as you suggested and added this to my .toml config.

[providers]
[providers.file]
directory = "/certificates/"

8

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.