Hello All.
I have traefik 2.6.3.
Have some sites that use letsencrypt as certificate authority.
But now i need add sites with own certificate authority (files ssl_certificate /etc/ssl/private/fullchain.pem;
ssl_certificate_key /etc/ssl/private/privkey.pem;)
will be 3 websites additional websites: www.exaple.com; registration.exaple.com; status.examplenew.com
Question: How to setup sites to use own ssl files from different CA (i hope answer is simple)?
part of docker-compose (docker swarm) for existed service with letsencrypt as certificate authority.
version: "3.9"
networks:
traefiknet:
attachable: true
external: true
project_tpl_network:
attachable: true
external: true
services:
rabbitmq:
image: lovelysystems/rabbitmq-swarm-cluster
hostname: "{{.Service.Name}}.{{.Task.Slot}}.{{.Task.ID}}"
deploy:
replicas: 3
placement:
constraints: [node.role == worker]
max_replicas_per_node: 1
restart_policy:
condition: any
delay: 5s
update_config:
parallelism: 1
delay: 10s
failure_action: rollback
monitor: 1s
# max_failure_ratio: 1
order: start-first
labels:
- traefik.enable=true
# - traefik.docker.lbswarm=true
- traefik.docker.network=traefiknet
- traefik.http.routers.project_tpl-rabbitmq.rule=Host(`rabbitmq.strange.com`)
- traefik.http.routers.project_tpl-rabbitmq.tls=true
- traefik.http.routers.project_tpl-rabbitmq.tls.certresolver=le
- traefik.http.routers.project_tpl-rabbitmq.entrypoints=websecure
- traefik.http.routers.project_tpl-rabbitmq.middlewares=project_tpl-rabbitmq@docker,project_tpl-rabbitmq_whitelist@docker
# - traefik.http.routers.project_tpl-rabbitmq.entrypoints=web
- traefik.http.routers.project_tpl-rabbitmq.service=project_tpl-rabbitmq
- traefik.http.services.project_tpl-rabbitmq.loadbalancer.server.port=15672
- traefik.http.services.project_tpl-rabbitmq.loadbalancer.server.scheme=http
- traefik.http.services.project_tpl-rabbitmq.loadbalancer.passhostheader=true
- traefik.http.services.project_tpl-rabbitmq.loadbalancer.sticky=true
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.accesscontrolalloworiginlist=*"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.addvaryheader=true"
###########
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.browserxssfilter=true"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.forceSTSHeader=true"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.framedeny=true"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.stsIncludeSubdomains=true"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.stsPreload=true"
- "traefik.http.middlewares.project_tpl-rabbitmq.headers.stsSeconds=15552000"
###########
- "traefik.http.middlewares.project_tpl-rabbitmq_whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 0.0.0.0/0"
# Write Here
environment:
- RABBITMQ_ERLANG_COOKIE=abc
# - RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS="-setcookie abc"
- RABBITMQ_USE_LONGNAME=true
- RABBITMQ_MNESIA_DIR=/var/lib/rabbitmq/mnesia
# - RABBITMQ_PLUGINS_EXPAND_DIR=/var/lib/rabbitmq/mnesia/plugins-expand
- RABBITMQ_PLUGINS_EXPAND_DIR=/var/lib/rabbitmq/plugins-expand
- RABBITMQ_HIPE_COMPILE=1
- RABBITMQ_DEFAULT_USER=admin
- RABBITMQ_DEFAULT_PASS=rabbitmqPWD
- SERVICE_NAME={{.Service.Name}}
- SLOT={{.Task.Slot}}
- MASTER_SLOT=1
# not working with mounted external :(
# volumes:
# - /external/efs/services/project_tpl/backend/rabbitmq/mnesia/:/var/lib/rabbitmq/mnesia
ports:
- "5672:5672" # amqp
# - "15672:15672" # web ui
# healthcheck:
# test: [ "CMD", "nc", "-z", "localhost", "5672" ]
# interval: 1m30s
# timeout: 15s
# retries: 3
# start_period: 45s
networks:
- traefiknet
- project_tpl_network
traefik.yml:
################################################################
# Global configuration
################################################################
global:
checkNewVersion: false
sendAnonymousUsage: false
## STATIC CONFIGURATION
log:
level: INFO
filepath: /var/log/traefik.log
format: json
#accessLog:
# filePath: /var/log/traefik_access.log
# format: json
ping:
entryPoint: "web"
api:
debug: true
insecure: true
dashboard: true
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"
metrics:
address: ":8082"
providers:
docker:
swarmmode: true
swarmModeRefreshSeconds: 30
network: traefiknet
watch: true
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
watch: true
directory: "/etc/traefik/conf"
# debugloggeneratedtemplate: true
certificatesResolvers:
le:
acme:
#caServer: https://acme-production-v02.api.letsencrypt.org/directory
email: info@solutions.com
storage: /etc/traefik/acme/acme.json
tlsChallenge: true
# httpChallenge: true
httpChallenge:
entryPoint: web
metrics:
prometheus:
entryPoint: metrics
addEntryPointsLabels: true
addServicesLabels: true
# addRoutersLabels: true
buckets:
- 0.1
- 0.3
- 1.2
- 5.0
default.yml:
http:
middlewares:
docker-redirect:
redirectScheme:
scheme: https
docker-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "0.0.0.0/0" # any
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
# - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- secp521r1
- secp384r1
sniStrict: true