So I tried for a third time to migrate to Traefik v2 in my docker swarm but I had to roll it all back again... the most annoying part is that 1.7 fulfills all my needs but I'm afraid it wont be supported in a while.
What I want to do is to register wildcard DNS domain "*.mydomain.com" with Letsencrypt + godaddy.
Then I want my containers to be reachable on container.mydomain.com (with https) and also container.internaldomain (with http).
I'm also doing some serving of content with a certificate coming from another traefik installation (in another docker swarm). Also I dont want to expose my "external" services on this traefik instance (i have another instance for that).
As I understand, the domain name for letsencrypt request comes now from each containers routing rules? But I want to use a wildcard cert, so I don't want it to request a cert for container1.mydomain.com, I want it to use *.mydomain.com. This is my current (obfuscated) config:
logLevel = "INFO" defaultEntryPoints = ["http", "https"] insecureSkipVerify = true [entryPoints] [entryPoints.http] address = ":80" [entryPoints.https] address = ":443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "/cert/otherdomain.crt" keyFile = "/cert/otherdomain.key" [metrics] [metrics.prometheus] [api] [docker] endpoint = "unix:///var/run/docker.sock" domain = "docker" watch = true swarmmode = true constraints = ["tag!=exposed"] network = "traefik-net" [acme] email = "xxxx" storage = "acme.json" entryPoint = "https" acmeLogging = true [acme.dnsChallenge] provider = "godaddy" delayBeforeCheck = 90 resolvers =["22.214.171.124:53"] [[acme.domains]] main = "*.mydomain.com" sans = ["mydomain.com"]
Then on each container I have these labels:
Simple non ssl enabled: labels: - "traefik.enable=true" - "traefik.frontend.rule=Host:website.internaldomain" - "traefik.port=8080" Published with non ssl, ssl and also on other domain: labels: - "traefik.enable=true" - "traefik.frontend.rule=Host:grafana.internaldomain,grafana.mydomain.com,grafana.otherdomain.com" - "traefik.port=3000"
Compose file for traefik:
version: '3.5' services: traefik: image: traefik:1.7-alpine ports: - "80:80" - "443:443" - "8380:8080" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /mnt/storage/traefik/traefik.toml:/traefik.toml - /mnt/storage/traefik/toml:/toml - /mnt/storage/traefik/cert:/cert - /mnt/storage/traefik/acme.json:/acme.json environment: - "GODADDY_API_KEY=xxxx" - "GODADDY_API_SECRET=yyyy" networks: - traefik-net deploy: update_config: order: start-first failure_action: rollback restart_policy: delay: 30s placement: constraints: - node.role==manager - node.labels.ingress==true labels: - "traefik.enable=true" - "traefik.frontend.rule=Host:traefik.internaldomain,traefik.mydomain.com" - "traefik.port=8080" networks: traefik-net: external: true
If anyone could help me a bit on the way I would be grateful. This is also my simple traefik instance. The other one is "edge" routing from internet, with authentication from authelia, and I want to first understand my internal setup before I move on to the edge cluster.