**My Docker-Compose**
version: '3.8'
services:
reverse-proxy:
container_name: 'traefik_reverse_proxy'
image: traefik:v2.11.0
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme=false"
- "--providers.file.filename=/home/servlinux/traefik/traefik_dynamic.yml"
- "--accesslog=true"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.yml:/etc/traefik/traefik.yml:ro
- ./cert:/etc/traefik/cert/Star.abc_2023-24.crt
- ./cert:/etc/traefik/cert/Star.abc_2023-24.key
- ./traefik_dynamic.yml:/etc/traefik/traefik_dynamic.yml
networks:
- traefik-public
- proxy
restart: unless-stopped
networks:
proxy:
traefik-public:
external: true
**Traefik.yml file**
api:
insecure: true
dashboard: true
http:
routers:
tmarouter:
rule: Host(`auth.mydomain.com`)
service: server
log:
level: DEBUG
accessLog:
format: json
**Traefik Dynamic file**
tls:
certificates:
- certFile: "/home/servlinux/traefik/cert/Star.abc_2023-24.crt"
keyFile: "/home/servlinux/traefik/cert/Star.abc_2023-24.key"
stores:
- default
defaultCertificate:
certFile: "/home/servlinux/traefik/cert/Star.abc_2023-24.crt"
keyFile: "/home/servlinux/traefik/cert/Star.abc_2023-24.key"
options:
myresolver:
sniStrict: true
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
clientAuth:
clientAuthType: RequireAndVerifyClientCert
clientAuthType: RequireAndVerifyClientCert
**My Label**
labels:
- "traefik.enable=true"
- "traefik.http.routers.tmarouter.rule=Host(`auth.mydomain.com`)"
- "traefik.http.routers.tmarouter.entrypoints=web"
- "traefik.http.routers.tmarouter.entrypoints=websecure"
- "traefik.http.routers.tmarouter.tls=true"
- "traefik.http.routers.tmarouter.service=server"
- "traefik.http.services.server.loadbalancer.server.port=9000"
- "traefik.http.services.server.loadbalancer.server.scheme=http"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.tmarouter.middlewares=redirect-to-https@docker"
- "traefik.http.middlewares.force-secure.redirectscheme.scheme=https"
- "traefik.http.middlewares.force-secure.redirectscheme.permanent=true"
It’s the third time I post it this week:
You can only use traefik.yml or compose command: for static config, not both, decide for one.
Thank you for your reply, I have removed the command section. Could you guide me where I went wrong Traefik is serving only default certificate instead of my own SSL.
You need to have an entrypoint websecure for TLS on port 443, enable TLS (true) on entrypoint or router. Load custom TLS cert files in a dynamic config file, which is loaded in static config via providers.file.
You don’t need any certresolver if you bring your own certs.
I followed everything, could you have a glance at my docker-compose file, entrypoints are mentioned.