My server is hosting services for the internet as well as some small services for the local network. So far I was able to secure the external services with Lets Encrypt. To improve security on my internal services (LAN only) I want to introduce TLS with self signed certificates.
I don't get the TLS to work with the self signed certificate. I simply don't see where I bind my docker to the self signed certificate.
The container I want to use a self signed certificate:
services:
dokuwiki:
build: ./dokuwiki
container_name: dokuwiki
labels:
- traefik.enable=true
- traefik.http.routers.dokuwiki.entrypoints=internal
- traefik.http.routers.dokuwiki.rule=Host(`servername.localdomain`)
- traefik.http.routers.dokuwiki.tls=true
# what do I use here to tell traefik to use the self signed certificate?!?
traefik:
image: traefik
container_name: traefik
ports:
- "80:80"
- "443:443"
- "8011:8080"
- "8642:8642" # the port where I want to use the self signed certificate
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik.toml:/traefik.toml
- ./rules.toml:/rules.toml
- ./acme.json:/acme.json
- ./certs:/certs
traefik.toml:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.internal]
address = ":8642" # the port where I want to use the self signed certificate
...
[certificatesResolvers]
[certificatesResolvers.default]
[certificatesResolvers.default.acme]
email = "my-email@foo.bar"
storage = "acme.json"
[certificatesResolvers.default.acme.tlsChallenge]
[[tls.certificates]] # the self signed certificate
certFile = "/certs/localdomain.crt"
keyFile = "/certs/localdomain.key"