Hello,
Sorry for my english, I'm french.
I'm try to install traefik on my DS918+ with docker compose but I meet some problems.
I've got a domain name from OVH (I'll call it my_domain.com)
I've generate wildcard certificate from Let's Encrypt.
On my NAS, certificates are located in /volumes1/docker/traefik/Certs/my_domain.com/
I've got 3 files to install Traefik.
- docker-compose.yml
- traefik.yml
- config.yml
docker-compose.yml
version: '3.8'
services:
reverse-proxy:
image: traefik:v2.3
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
# On map la conf statique dans le conteneur
- /volume1/docker/traefik/traefik.yml:/etc/traefik/traefik.yml
# On map la conf dynamique statique dans le conteneur
- /volume1/docker/traefik/config.yml:/etc/traefik/config.yml
# On map les certificats dans le conteneur
- /volume1/docker/traefic/Certs/my_domain.com/:/etc/traefik/certs:ro
networks:
- proxy
labels:
# Permettre à ce conteneur d'être accessible par traefik
# Pour plus d'information, voir : https://docs.traefik.io/providers/docker/#exposedbydefault
- "traefik.enable=true"
# Utilise la configuration du routeur "traefik" définie dans le fichier de configuration dynamique : ./traefik/config.yml
- "traefik.http.routers.traefik=true"
networks:
proxy:
name: proxy
traefik.yml
global:
checkNewVersion: true
sendAnonymousUsage: false
log:
level: INFO
format: common
api:
insecure: false
dashboard: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
watch: true
network: proxy
exposedByDefault: false
file:
filename: "/etc/traefik/config.yml"
watch: true
config.yml
http:
routers:
traefik:
rule: "Host(`traefik.my_domain.com`)"
service: "api@internal"
tls:
domains:
- main: "my_domain.com"
sans:
- "*.my_domain.com"
# Specifying a certificate that will be used for matching requests
tls:
certificates:
- certFile: "/certs/my_domain.com.cer"
keyFile: "/certs/my_domain.com.key"
Unfortunatly, when i make
docker-compose up -d
I got that
Creating network "proxy" with the default driver
Creating traefik ... done
And when I look at the logs with
docker logs traefik -f
I got this error
time="2021-04-11T09:42:23Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml"
time="2021-04-11T09:42:23Z" level=info msg="Traefik version 2.3.7 built on 2021-01-11T18:03:02Z"
time="2021-04-11T09:42:23Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/config.yml\"}"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider *traefik.Provider {}"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"proxy\",\"swarmModeRefreshSeconds\":15000000000}"
time="2021-04-11T09:42:24Z" level=error msg="Unable to append certificate /volume1/docker/traefik/Certs/my_domain.com/my_domain.com.cer to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
Maybe I'm wrong with the paths from my synology.
I've checked my certificate with
openssl x509 -in my_domaine.com.cer -text
And it seems to be good
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:ef:f4:c2:85:XXXXXXXXXXXXXXXX57:38:aa:11:00:3b:de:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: Apr 8 15:23:44 2021 GMT
Not After : Jul 7 15:23:44 2021 GMT
Subject: CN=my_domain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ab:30:80:f7:66:10:5a:cf:c0:8d:6d:3b:c7:6e:
23:67:40:57XXXXXXXXXXXXXX1:76:7f:a1:c1:
8f:a6:57XXXXXXX:7d:f5:2d:09:e8:d6:55:42:1d:
1f:d8:ae:af:e3:d4:63:XXXXXXXXXXXXX2:af:64:
28:56:45:a6:7c:05:ad:07:e6:81:c2:06:cb:ab:1e:
Need your help to make it work