Install traefik on Synology with docker-compose

Traefik Traefik v2 (latest)
,
1

Hello,

Sorry for my english, I'm french.
I'm try to install traefik on my DS918+ with docker compose but I meet some problems.
I've got a domain name from OVH (I'll call it my_domain.com)
I've generate wildcard certificate from Let's Encrypt.

On my NAS, certificates are located in /volumes1/docker/traefik/Certs/my_domain.com/
I've got 3 files to install Traefik.

  • docker-compose.yml
  • traefik.yml
  • config.yml

docker-compose.yml

version: '3.8'

services:
  reverse-proxy:
    image: traefik:v2.3
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # On map la conf statique dans le conteneur
      - /volume1/docker/traefik/traefik.yml:/etc/traefik/traefik.yml
      # On map la conf dynamique statique dans le conteneur
      - /volume1/docker/traefik/config.yml:/etc/traefik/config.yml
      # On map les certificats dans le conteneur
      - /volume1/docker/traefic/Certs/my_domain.com/:/etc/traefik/certs:ro
    networks:
      - proxy
    labels:
      # Permettre à ce conteneur d'être accessible par traefik
      # Pour plus d'information, voir : https://docs.traefik.io/providers/docker/#exposedbydefault
      - "traefik.enable=true"
      # Utilise la configuration du routeur "traefik" définie dans le fichier de configuration dynamique : ./traefik/config.yml
      - "traefik.http.routers.traefik=true"
networks:
  proxy:
   name: proxy

traefik.yml

global:
  checkNewVersion: true
  sendAnonymousUsage: false

log:
  level: INFO
  format: common

api:
  insecure: false
  dashboard: true

entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    watch: true
    network: proxy
    exposedByDefault: false
  file:
    filename: "/etc/traefik/config.yml"
    watch: true

config.yml

http:
  routers:
    traefik:
      rule: "Host(`traefik.my_domain.com`)"
      service: "api@internal"
      tls:
        domains:
          - main: "my_domain.com"
            sans:
              - "*.my_domain.com"

# Specifying a certificate that will be used for matching requests
tls:
  certificates:
    - certFile: "/certs/my_domain.com.cer"
      keyFile: "/certs/my_domain.com.key"

Unfortunatly, when i make

docker-compose up -d

I got that

Creating network "proxy" with the default driver
Creating traefik ... done

And when I look at the logs with

docker logs traefik -f

I got this error

time="2021-04-11T09:42:23Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml"
time="2021-04-11T09:42:23Z" level=info msg="Traefik version 2.3.7 built on 2021-01-11T18:03:02Z"
time="2021-04-11T09:42:23Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/config.yml\"}"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider *traefik.Provider {}"
time="2021-04-11T09:42:23Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"proxy\",\"swarmModeRefreshSeconds\":15000000000}"
time="2021-04-11T09:42:24Z" level=error msg="Unable to append certificate /volume1/docker/traefik/Certs/my_domain.com/my_domain.com.cer to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default

Maybe I'm wrong with the paths from my synology.
I've checked my certificate with

openssl x509 -in my_domaine.com.cer -text

And it seems to be good

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:ef:f4:c2:85:XXXXXXXXXXXXXXXX57:38:aa:11:00:3b:de:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Validity
            Not Before: Apr  8 15:23:44 2021 GMT
            Not After : Jul  7 15:23:44 2021 GMT
        Subject: CN=my_domain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ab:30:80:f7:66:10:5a:cf:c0:8d:6d:3b:c7:6e:
                    23:67:40:57XXXXXXXXXXXXXX1:76:7f:a1:c1:
                    8f:a6:57XXXXXXX:7d:f5:2d:09:e8:d6:55:42:1d:
                    1f:d8:ae:af:e3:d4:63:XXXXXXXXXXXXX2:af:64:
                    28:56:45:a6:7c:05:ad:07:e6:81:c2:06:cb:ab:1e:

Need your help to make it work :slight_smile:

2

Is this just a simple typing error for your source volume?

1 Like
3

Hello,
I resolved. In fact, in config.yml, it was

  certificates:
    - certFile: "/etc/traefik/certs/my_domain.com.cer"
      keyFile: "/etc/traefik/certs/my_domain.com.key"

not

  certificates:
    - certFile: "/certs/my_domain.com.cer"
      keyFile: "/certs/my_domain.com.key"

Thanks !