Hi, I have both self-signed cert and key pem files that stored in the root/traefik/certs/https/ folder and included tls.certificates in the dynamic-conf.toml file. Deployed the service docker stack file. But when I try to access the service in the browser it is still showing not secured. Please help me to resolve this issue. Or I am missing anything in this.
Can you share your static configs, dyn configs, compose file, logs, etc?
I am not able to see the logs.
traefik.toml
[global]
checkNewVersion = false
sendAnonymousUsage = false
[accessLog]
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientHost" = "keep"
[api]
dashboard = true
insecure = true # Protected by password to compensate for allowing access through port 443
[log]
level = "INFO"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.mariadb]
address = ":3306"
[providers]
[providers.docker]
useBindPortIP = true
watch = true
swarmMode = true
endpoint = "tcp://10.16.117.134:2376"
network = "traefik-public"
exposedByDefault = false
[providers.docker.tls]
CA = "/root/.docker/ca.pem"
Cert = "/root/.docker/cert.pem"
Key = "/root/.docker/key.pem"
insecureSkipVerify = true
CAOptional = false
[providers.file]
filename = "/etc/traefik/dynamic-conf.toml"
watch = true
dynamic-conf.toml
[tls.options]
[tls.options.wgovio]
sniStrict = true
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
]
[tls.options.wgovio.clientAuth]
caFiles = ["/root/.mtls/ca.pem"]
clientAuthType = "RequireAndVerifyClientCert"
#clientAuthType = "NoClientCert"
[[tls.certificates]]
certFile = "/root/.https/xgov.com.cert.pem"
keyFile = "/root/.https/xgov.com.key.pem"
[[tls.certificates]]
certFile = "/root/.https/mgov.io.cert.pem"
keyFile = "/root/.https/mgov.io.key.pem"
[[tls.certificates]]
certFile = "/root/.https/xcatalyst.com.cert.pem"
keyFile = "/root/.https/xcatalyst.com.key.pem"
[[tls.certificates]]
certFile = "/root/.https/xlegislators.com.cert.pem"
keyFile = "/root/.https/xlegislators.com.key.pem"
[[tls.certificates]]
certFile = "/root/.https/xtasc.com.cert.pem"
keyFile = "/root/.https/xtasc.com.key.pem"
traefik docker compose file
version: "3.7"
services:
traefik:
image: traefik:v2.1
networks:
- traefik-public
ports:
- target: 80
protocol: tcp
published: 80
mode: host
- target: 443
protocol: tcp
published: 443
mode: host
- target: 3306
protocol: tcp
published: 3306
mode: ingress
volumes:
- ./certs/https:/root/.https
- ./certs/docker:/root/.docker
- ./certs/mtls:/root/.mtls
- ./config:/etc/traefik
deploy:
replicas: 1
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.net-dashboard.rule=Host(`dc-1-network.wgov.io`)"
- "traefik.http.routers.net-dashboard.entryPoints=http"
- "traefik.http.routers.net-dashboard.service=net-dashboard-svc"
- "traefik.http.routers.net-dashboard.middlewares=https_redirect"
- "traefik.http.routers.net-dashboard-secure.rule=Host(`dc-1-network.wgov.io`)"
- "traefik.http.routers.net-dashboard-secure.entryPoints=https"
- "traefik.http.routers.net-dashboard-secure.tls=true"
- "traefik.http.routers.net-dashboard-secure.service=net-dashboard-svc"
- "traefik.http.routers.net-dashboard-secure.middlewares=password-prompt"
- "traefik.http.services.net-dashboard-svc.loadbalancer.server.port=8080"
- "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.password-prompt.basicauth.realm=Cluster Network Diagnostics"
- "traefik.http.middlewares.password-prompt.basicauth.users=xgov:$$apr1$$RzCRPC.I$$vr4hfGA8I4eSwSDQlEYQv/"
networks:
traefik-public:
external: true
driver: overlay