Hi,
could anybody give me an example as docker-compose.yml
how i can use existing ssl-cert/key files provided as /certs/default-cert.pem
and /certs/default-key.pem
for each dynamic router which I add?
All I am trying is not working, e.g.
version: '3.2'
services:
app:
image: traefik:v2.0
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "5432:5432"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${traefik_certs_folder:-./certs}:/certs
environment:
TRAEFIK_API: "true"
TRAEFIK_API_INSECURE: "true"
TRAEFIK_SERVERSTRANSPORT_INSECURESKIPVERIFY: "true"
TRAEFIK_ENTRYPOINTS_HTTPS: "true"
TRAEFIK_ENTRYPOINTS_HTTPS_ADDRESS: ":443"
TRAEFIK_LOG_LEVEL: "DEBUG"
TRAEFIK_PROVIDERS_DOCKER: "true"
TRAEFIK_PROVIDERS_DOCKER_NETWORK: "proxy"
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: "false"
TRAEFIK_PING: "true"
labels:
- "traefik.enable=true"
- "traefik.docker.network=proxy"
- "traefik.http.routers.traefik-https.entrypoints=https"
- "traefik.http.routers.traefik-https.tls=true"
- "traefik.http.routers.traefik-https.rule=Host(`${host:-traefik.localhost}`)"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.tls.stores.default.defaultCertificate.certFile=/certs/default-cert.pem"
- "traefik.tls.stores.default.defaultCertificate.keyFile=/certs/default-key.pem"
networks:
default:
external:
name: proxy
traefik always complains about no default certificate and is generating a new one. This is annoying because this certificate is shared among all services and is always created when a new service arrives
app_1 | time="2019-09-25T13:51:54Z" level=info msg="Configuration loaded from environment variables."
app_1 | time="2019-09-25T13:51:54Z" level=info msg="Traefik version 2.0.0 built on 2019-09-16T17:35:17Z"
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"proxy\",\"swarmModeRefreshSeconds\":15000000000}},\"api\":{\"insecure\":true,\"dashboard\":true},\"ping\":{\"entryPoint\":\"traefik\"},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"}}"
app_1 | time="2019-09-25T13:51:54Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/v2.0/contributing/data-collection/\n"
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="No default certificate, generating one"
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Start TCP Server" entryPointName=traefik
app_1 | time="2019-09-25T13:51:54Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Start TCP Server" entryPointName=https
app_1 | time="2019-09-25T13:51:54Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"proxy\",\"swarmModeRefreshSeconds\":15000000000}"
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Provider connection established with docker 19.03.2 (API 1.40)" providerName=docker
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Filtering disabled container" providerName=docker container=/mailcollect_app.1.t9wwpkp1y0d3534bt69ensxs8-6a82a8f4673ccf227aa09ef298ea6dfe8c890820140ee9a599fb60f5472bfb62
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"traefik-https\":{\"entryPoints\":[\"https\"],\"service\":\"traefik\",\"rule\":\"Host(`traefik.localhost`)\",\"tls\":{}}},\"services\":{\"traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://10.13.2.176:8080\"}],\"passHostHeader\":true}}}},\"tcp\":{}}" providerName=docker
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Creating middleware" entryPointName=https routerName=traefik-https@docker serviceName=traefik middlewareName=pipelining middlewareType=Pipelining
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=traefik-https@docker serviceName=traefik
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Creating server 0 http://10.13.2.176:8080" entryPointName=https routerName=traefik-https@docker serviceName=traefik serverName=0
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Added outgoing tracing middleware traefik" routerName=traefik-https@docker entryPointName=https middlewareName=tracing middlewareType=TracingForwarder
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="Creating middleware" entryPointName=https middlewareType=Recovery middlewareName=traefik-internal-recovery
app_1 | time="2019-09-25T13:51:54Z" level=debug msg="No default certificate, generating one"
thanks in advance