Hello,
I'd like to pass my route53 DNS challenge credentials via docker secrets, but AWS_ACCESS_KEY_ID_FILE and AWS_SECRET_ACCESS_KEY_FILE environment variables pointing to my docker secret paths doesn't work!?!
Directly passing AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY on the otherhand works. I'd like to use docker secrets, instead of passing account information via environment variables...
Thanks in advance for your support!
version: '3.7'
services:
traefik:
image: traefik:2.0-alpine
environment:
- AWS_REGION=xxx
- AWS_HOSTED_ZONE_ID=xxx
- AWS_ACCESS_KEY_ID_FILE=/run/secrets/AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/AWS_SECRET_ACCESS_KEY
deploy:
replicas: 1
restart_policy:
delay: 5s
max_attempts: 3
placement:
constraints:
- node.role == manager
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik_http.rule=Host(`traefik.domain.tld`)"
- "traefik.http.routers.traefik_http.entrypoints=http"
- "traefik.http.routers.traefik_http.middlewares=http-chain@file"
- "traefik.http.routers.traefik_https.rule=Host(`traefik.domain.tld`)"
- "traefik.http.routers.traefik_https.entrypoints=https"
- "traefik.http.routers.traefik_https.middlewares=https-basicauth-chain@file"
- "traefik.http.routers.traefik_https.tls=true"
- "traefik.http.routers.traefik_https.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik_https.tls.domains[0].main=domain.tld"
- "traefik.http.routers.traefik_https.tls.domains[0].sans=*.domain.tld"
- "traefik.http.routers.traefik_https.service=traefik_https"
- "traefik.http.services.traefik_https.loadbalancer.server.port=8080"
- "traefik.http.services.traefik_https.loadbalancer.server.scheme=http"
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /opt/docker.swarm/traefik/traefik.toml:/traefik.toml:ro
- /opt/docker.swarm/traefik/acme.json:/acme.json
- /opt/docker.swarm/traefik/conf.d/:/etc/traefik/conf.d/
# - /var/log/:/var/log/
secrets:
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_HOSTED_ZONE_ID
- AWS_REGION
whoami:
image: containous/whoami
deploy:
replicas: 1
restart_policy:
delay: 5s
max_attempts: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami_http.rule=Host(`whoami.domain.tld`)"
- "traefik.http.routers.whoami_http.entrypoints=http"
- "traefik.http.routers.whoami_http.middlewares=http-chain@file"
- "traefik.http.routers.whoami_https.rule=Host(`whoami.domain.tld`)"
- "traefik.http.routers.whoami_https.entrypoints=https"
- "traefik.http.routers.whoami_https.middlewares=https-chain@file"
- "traefik.http.routers.whoami_https.tls=true"
- "traefik.http.routers.whoami_https.tls.certresolver=letsencrypt"
- "traefik.http.routers.whoami_https.tls.domains[0].main=domain.tld"
- "traefik.http.routers.whoami_https.tls.domains[0].sans=*.domain.tld"
- "traefik.http.routers.whoami_https.service=whoami_https"
- "traefik.http.services.whoami_https.loadbalancer.server.port=80"
- "traefik.http.services.whoami_https.loadbalancer.server.scheme=http"
networks:
default:
external: true
name: traefik
secrets:
AWS_ACCESS_KEY_ID:
external: true
AWS_SECRET_ACCESS_KEY:
external: true
time="2019-07-24T19:56:00Z" level=debug msg="Loading ACME certificates [domain.tld *.domain.tld]..." providerName=acme.letsencrypt
time="2019-07-24T19:56:00Z" level=debug msg="Building ACME client..." providerName=acme
time="2019-07-24T19:56:00Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=acme
time="2019-07-24T19:56:00Z" level=debug msg="Loading ACME certificates [domain.tld *.domain.tld]..." providerName=acme.letsencrypt
time="2019-07-24T19:56:00Z" level=debug msg="Using DNS Challenge provider: route53" providerName=acme
time="2019-07-24T19:56:00Z" level=debug msg="legolog: [INFO] [domain.tld, *.domain.tld] acme: Obtaining bundled SAN certificate"
time="2019-07-24T19:56:00Z" level=debug msg="legolog: [INFO] [domain.tld, *.domain.tld] acme: Obtaining bundled SAN certificate"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [*.domain.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxx"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxx"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [*.domain.tld] acme: use dns-01 solver"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] acme: Could not find solver for: tls-alpn-01"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] acme: Could not find solver for: http-01"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] acme: use dns-01 solver"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [*.domain.tld] acme: Preparing to solve DNS-01"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [*.domain.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxx"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/xxx"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [*.domain.tld] acme: use dns-01 solver"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] acme: Could not find solver for: tls-alpn-01"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] acme: Could not find solver for: http-01"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [domain.tld] acme: use dns-01 solver"
time="2019-07-24T19:56:02Z" level=debug msg="legolog: [INFO] [*.domain.tld] acme: Preparing to solve DNS-01"
time="2019-07-24T19:56:08Z" level=debug msg="legolog: [INFO] [domain.tld] acme: Preparing to solve DNS-01"
time="2019-07-24T19:56:16Z" level=debug msg="legolog: [INFO] [domain.tld] acme: Preparing to solve DNS-01"
time="2019-07-24T19:56:23Z" level=debug msg="legolog: [INFO] [*.domain.tld] acme: Cleaning DNS-01 challenge"
time="2019-07-24T19:56:30Z" level=debug msg="legolog: [WARN] [*.domain.tld] acme: error cleaning up: failed to determine Route 53 hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated."
time="2019-07-24T19:56:30Z" level=debug msg="legolog: [INFO] [domain.tld] acme: Cleaning DNS-01 challenge"
time="2019-07-24T19:56:37Z" level=debug msg="legolog: [INFO] [*.domain.tld] acme: Cleaning DNS-01 challenge"
2019/07/24 19:56:42 server.go:3012: http: TLS handshake error from 10.255.0.2:4358: strict SNI enabled - No certificate found for domain: "", closing connection
time="2019-07-24T19:56:44Z" level=debug msg="legolog: [WARN] [domain.tld] acme: error cleaning up: failed to determine Route 53 hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated."