Problem attaching self signed certificate to localhost subdomain

epodegrid · July 20, 2023, 12:30pm

Hello all! I've been trying to use a self signed certificate with traefik, to secure all *.localhost domains. I'm tryin to make the traefik dashboard be accessible at traefik.localhost, with other services being accessible at either something.localhost or something.somewhere.localhost. I can reach the dashboard via http, if I change the entrypoint to "web". But it doesn't work with web-secure/https. I get error 404 in this case.

My files are as follows:

Docker compose:

version: "3.8"

services:
  traefik:
    image: "traefik:latest"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "./certs:/etc/traefik/certs"
      - "./traefik/traefik.yaml:/etc/traefik/traefik.yml"
      - "./traefik/dynamic.yaml:/etc/traefik/dynamic.yml"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.entrypoints=web-secure"
      - "traefik.http.routers.api.rule=Host(`traefik.localhost`)"
      - "traefik.http.routers.api.service=api@internal"
    networks:
      frontend:
      backend:

networks:
  frontend:
    driver: "bridge"
  backend:
    driver: "bridge"

Static Configuration:

api:
    insecure: true

entryPoints:
    web:
        address: ":80"
    web-secure:
        address: ":443"

providers:
    docker:
        exposedByDefault: false
    file:
      filename: "/etc/traefik/dynamic.yml"

log:
  level: DEBUG

Dynamic Configuration:

tls:
  stores:
    default:
      defaultCertificate:
        certFile: "/etc/traefik/certs/cert.crt"
        keyFile: "/etc/traefik/certs/cert.key

Upon inspecting the logs, I see the error message:

2023-07-20 17:51:00 time="2023-07-20T12:21:00Z" level=debug msg="Serving default certificate for request: \"traefik.localhost\""
2023-07-20 17:51:00 time="2023-07-20T12:21:00Z" level=debug msg="http: TLS handshake error from 192.168.0.1:49644: remote error: tls: unknown certificate"
2023-07-20 17:51:02 time="2023-07-20T12:21:02Z" level=debug msg="Serving default certificate for request: \"traefik.localhost\""
2023-07-20 17:51:02 time="2023-07-20T12:21:02Z" level=debug msg="http: TLS handshake error from 192.168.0.1:49648: remote error: tls: unknown certificate"
2023-07-20 17:51:02 time="2023-07-20T12:21:02Z" level=debug msg="Serving default certificate for request: \"traefik.localhost\""

I've tried to add the certificates to keychain on my machine, to see if that might be the issue, but it did not work.

Any help with this is greatly appreaciated. I'm still trying to understand all this, so if you can please explain what I did wrong, then I would like to study it in more detail. Thanks!

bluepuma77 · July 20, 2023, 7:31pm

Well, first you need to enable dashboard. Then you need to disable insecure. Then you need to enable plain TLS on entrypoint or router.

See simple Traefik example.

Topic		Replies	Views
Traefik not sending self-signed certificates for subdomain localhost Traefik v2 (latest) docker , tcp	2	2203	March 15, 2020
Cannot get traefik to work with self-signed certificate - an exception cannot be added for the website Traefik v2 (latest) docker	9	2123	October 22, 2021
Exposing Traefik UI on secure local domain Traefik v2 (latest) docker , dashboard-api	1	201	December 14, 2023
[HTTPS] How to force Traefik to use local certificates (and not self-generated one instead) Traefik v2 (latest) docker , file	3	1069	August 17, 2021
Help with configuring Traefik with Self Signed certificates Traefik v2 (latest) docker	4	978	October 6, 2020

Problem attaching self signed certificate to localhost subdomain

Related Topics