Forgive the silly question; I'm new to Traefik, especially Traefikv2.
I have managed to follow the documentation to stand up an environment in GCP using TLS and ACME with Lets Encrypt, which works really well. All traffic is HTTP on the backend and redirected to HTTPS when hitting the Ingress.
I'd like to do the same on premise but using self signed certificates. Is this possible with Traefikv2 and if so how? I've been reading through the documentation, support forums and Stack Overflow but unable to find a clear answer or example on how I would achieve this. Any help would be very very appreciated.
Hi @vaughnage , let's go step by step. I propose that I won't give you an out of the box solution, but point you to the main configuration elements so you'll build ti by yourself for self success
- Step 1: Generating the self sign certificate. There are plenty methods, I have my personal preference for https://github.com/FiloSottile/mkcert as this CLI is multi-platform, and take care of loading the CA authority in your web browsers, so no more annoying message around self signed in the development environments
- Step 2: Provides the 2 generated files to Traefik: it depends on how do you execute Traefik. Mount the files in the container if using Docker or Compose, load the files in secrets if using Swarm or Kubernetes, etc.
- Step 3: Configure Traefik to load the certificates. This is done by:
- Step 4: enable TLS on your routers without supplemental option.
=> If you are using a full Kubernetes setup, there is an easier way: Load the certificate in a Kubernetes Secret, and reference the secret in the Traefik IngressRoute.
@dduportal What do you mean by "supplemental option" in step 4? Can step 3 be done in docker labels, or must be done using the static files? (I realize there are several definitions of static & dynamic in these contexts, but I think mine prevails: those yaml & toml files are evaluated statically while docker-compose.yml is evaluated dynamically.)