Self-Signed Certificate in Traefik not trusted even when I add CA Cert to Browser

Cloufish · April 5, 2023, 2:57pm

I'd like to add that I also tried:

Adding ca-cert.pem into the traefik container and using - "--serverstransport.rootcas=/certs/ca-cert.pem" command in Docker Compose
Adding - "traefik.http.services.dashboard.loadbalancer.server.scheme=https" label to each of my service
^ From -> Problem using ssl Backend with selfsigned certificates - #9 by trajano

But it still doesn't work

I also give the plain docker-compose files for better readibility:

traefik.yml

version: '3.5'

services:
  reverse-proxy:
    image: traefik:v2.10
    command:
      - "--api.dashboard=true"
      - "--providers.docker"
      - "--providers.docker.swarmMode=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker.exposedByDefault=false"
      - "--log.level=DEBUG"
      - "--providers.file.directory=/configuration/"
      - "--serverstransport.rootcas=/certs/ca-cert.pem"
      - "--providers.file.watch=true"
      - "--serversTransport.insecureSkipVerify=true"
    ports:
      - "80:80"
      - "8080:8080"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - "/home/swarm/traefik/configuration/:/configuration/"
      - "/home/swarm/traefik/certs/:/certs/"
    networks:
      - web

    deploy:
      labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik.home`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=<REDACTED>:<REDACTED>"
      # Dummy service for Swarm port detection. The port can be any valid integer value.
      - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
      mode: global
      placement:
        constraints: [node.role == manager]

networks:
  web:
    driver: overlay
    attachable: true
    name: web

Example App:

version: "3.5"


services:
  dsomm:
    image: "wurstbrot/dsomm:latest"
    container_name: dsomm
    ports:
      - "80"
    networks:
      - web
      - dsomm
    volumes:
      - dsomm-volume:/app
    deploy:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.dsomm.rule=Host(`dsomm.home`)"
        - "traefik.http.services.dsomm.loadbalancer.server.port=8080"
        - "traefik.docker.network=web"
        - "io.portainer.accesscontrol.users=admin"
        - "traefik.http.routers.dsomm.tls=true"
        - "serverstransport.insecureskipverify=true"

networks:
  dsomm:
    driver: overlay
    attachable: true
    name: dsomm
  web:
    external: true
    name: web

volumes:
  dsomm-volume:
    driver: local

Topic		Replies	Views
Default certification authority Traefik v2 (latest) docker , file	3	1047	September 30, 2019
Self Signed Certificate Generation example for a development environment Traefik v2 (latest) kubernetes-ingress	2	943	March 25, 2021
Browser does not trust TLS certificate (ERR_CERT_AUTHORITY_INVALID) Traefik v2 (latest) docker	3	2561	July 12, 2021
Wildcard certificates for all subdomains without service Traefik v2 (latest) docker , letsencrypt-acme	1	3069	May 3, 2021
Cannot get custom SSL certificate to work Traefik v2 (latest) docker	2	13582	November 12, 2019

Self-Signed Certificate in Traefik not trusted even when I add CA Cert to Browser

Related Topics