Hello everyone,
My https let's encrypt certificate are invalid (default traefik certificate on the dashboard for example)
I use Traefik:v2.0 docker image and here is my configuration file :
version: "3.7"
services:
ingress:
image: traefik:v2.0
networks:
- traefik-net
ports:
- "80:80"
- "443:443"
command:
### ###
# Traefik Global Configuration #
### ###
# Enable DEBUG logs
- "--log.level=DEBUG"
- "--ping=true"
# Enable api access without authentification (only GET route so it only possible to get IPs)
- "--api.insecure=true"
# Set the provider to Docker
- "--providers.docker=true"
# Set the docker network
- "--providers.docker.network=traefik-net"
# Set to docker swarm cluster
- "--providers.docker.swarmMode=true"
# If False : Do not expose containers to the web by default
- "--providers.docker.exposedByDefault=false"
# Default rule to service-name.nocturlab.fr
#- "--providers.docker.defaultRule=Host(`{{ trimPrefix `/` .Name }}.nocturlab.fr`)"
# Default http port
- "--entrypoints.http.address=:80"
# Default https port
- "--entrypoints.https.address=:443"
# Enable let's encrypt
- "--certificatesresolvers.certbot.acme.httpChallenge=true"
- "--certificatesresolvers.certbot.acme.httpChallenge.entrypoint=http"
- "--certificatesresolvers.certbot.acme.email=admin@nocturlab.fr"
- "--certificatesresolvers.certbot.acme.storage=/letsencrypt/acme.json"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./acme.json:/letsencrypt/acme.json
deploy:
replicas: 1
labels:
### ###
# Traefik Dashboard #
### ###
# Enable this endpoint
- traefik.enable=true
##
# Http
#
# Set the service route
- traefik.http.routers.ingress_http.rule=Host(`dashboard.nocturlab.fr`)
# Set the entrypoint (http or https)
- traefik.http.routers.ingress_http.entrypoints=http
# Rule to redirect to http to https
- traefik.http.middlewares.ingress-https-redirect.redirectscheme.scheme=https
# Enable Https redirection
- traefik.http.routers.ingress_http.middlewares=ingress-https-redirect@docker
#
##
##
# Https
#
- traefik.http.routers.ingress_https.rule=Host(`dashboard.nocturlab.fr`)
# Set the entrypoint (http or https)
- traefik.http.routers.ingress_https.entrypoints=https
# Enable Let's encrypt auto certificat creation
- traefik.http.routers.ingress_https.tls.certresolver=certbot
# Enable authentification
- traefik.http.routers.ingress_https.middlewares=ingress-auth@docker
# Uncommant this to enable basic authentification
- traefik.http.middlewares.ingress-auth.basicauth.users=myuser:$$this$$is$$my$$password
#
##
##
# Service
#
# Set the service port
- traefik.http.services.ingress.loadbalancer.server.port=8080
#
##
placement:
constraints:
- node.role == manager
- node.hostname == nocturlab-ks
networks:
traefik-net:
external: true
If I've correctly understand Traefik v2, this CLI argument activate the 'certbot' Certificate Resolver and I can use it on any service.
--certificatesresolvers.certbot.acme.httpChallenge=true
--certificatesresolvers.certbot.acme.httpChallenge.entrypoint=http
--certificatesresolvers.certbot.acme.email=admin@nocturlab.fr
--certificatesresolvers.certbot.acme.storage=/letsencrypt/acme.json
And I've created an empty 'acme.json' file.
Here is my Traefik log in DEBUG output :
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" serviceName=ingress middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=ingress_http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" routerName=ingress_http@docker serviceName=ingress entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.198:8080" serviceName=ingress entryPointName=http routerName=ingress_http@docker serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware ingress" routerName=ingress_http@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" routerName=ingress_http@docker middlewareName=ingress-https-redirect@docker middlewareType=RedirectScheme entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Setting up redirection to https " middlewareType=RedirectScheme entryPointName=http routerName=ingress_http@docker middlewareName=ingress-https-redirect@docker
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=ingress_http@docker middlewareName=ingress-https-redirect@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" routerName=cloud-http@docker serviceName=cloud middlewareName=pipelining middlewareType=Pipelining entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" serviceName=cloud entryPointName=http routerName=cloud-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.20:80" serverName=0 entryPointName=http routerName=cloud-http@docker serviceName=cloud
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware cloud" routerName=cloud-http@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=http middlewareName=cloud-https-redirect@docker middlewareType=RedirectScheme routerName=cloud-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Setting up redirection to https " entryPointName=http middlewareName=cloud-https-redirect@docker middlewareType=RedirectScheme routerName=cloud-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" routerName=cloud-http@docker middlewareName=cloud-https-redirect@docker entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" serviceName=vscode middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=vscode-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=http routerName=vscode-http@docker serviceName=vscode
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.150:8080" routerName=vscode-http@docker serviceName=vscode serverName=0 entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware vscode" entryPointName=http routerName=vscode-http@docker middlewareType=TracingForwarder middlewareName=tracing
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=http routerName=vscode-http@docker middlewareName=vscode-https-redirect@docker
time="2019-11-05T15:15:30Z" level=debug msg="Setting up redirection to https " entryPointName=http routerName=vscode-http@docker middlewareName=vscode-https-redirect@docker middlewareType=RedirectScheme
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" entryPointName=http middlewareName=vscode-https-redirect@docker routerName=vscode-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" serviceName=db middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=db-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=http routerName=db-http@docker serviceName=db
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.15:8080" routerName=db-http@docker serviceName=db serverName=0 entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware db" routerName=db-http@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=vscode-https@docker serviceName=vscode middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=vscode-https@docker serviceName=vscode
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.150:8080" entryPointName=https routerName=vscode-https@docker serviceName=vscode serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware vscode" routerName=vscode-https@docker entryPointName=https middlewareName=tracing middlewareType=TracingForwarder
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=db-https@docker serviceName=db middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" routerName=db-https@docker serviceName=db entryPointName=https
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.15:8080" entryPointName=https routerName=db-https@docker serverName=0 serviceName=db
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware db" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=db-https@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=ingress_https@docker serviceName=ingress middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=ingress_https@docker serviceName=ingress
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.198:8080" routerName=ingress_https@docker serviceName=ingress entryPointName=https serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware ingress" entryPointName=https routerName=ingress_https@docker middlewareName=tracing middlewareType=TracingForwarder
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=ingress_https@docker middlewareName=ingress-auth@docker middlewareType=BasicAuth
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" routerName=ingress_https@docker entryPointName=https middlewareName=ingress-auth@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" routerName=cloud-https@docker serviceName=cloud entryPointName=https middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" routerName=cloud-https@docker serviceName=cloud entryPointName=https
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.20:80" serviceName=cloud entryPointName=https routerName=cloud-https@docker serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware cloud" middlewareType=TracingForwarder entryPointName=https routerName=cloud-https@docker middlewareName=tracing
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2019-11-05T15:15:30Z" level=debug msg="No default certificate, generating one"
time="2019-11-05T15:15:31Z" level=debug msg="Creating TCP server 0 at 10.0.0.13:5432" serverName=0 serviceName=psql entryPointName=psql routerName=psql@docker
time="2019-11-05T15:15:31Z" level=debug msg="Adding route * on TCP" entryPointName=psql routerName=psql@docker
time="2019-11-05T15:15:31Z" level=error msg="the router ingress_https uses a non-existent resolver: certbot"
time="2019-11-05T15:15:31Z" level=error msg="the router cloud-https uses a non-existent resolver: certbot"
time="2019-11-05T15:15:31Z" level=error msg="the router vscode-https uses a non-existent resolver: certbot"
time="2019-11-05T15:15:31Z" level=error msg="the router db-https uses a non-existent resolver: certbot"
Can someone help me ?