TLS For LAN Sites with Docker

TL, DR: I cannot seem to get Traefik to use my provided SSL certs.

Introduction

I develop B2E apps using Docker that are only accessed within the business LAN. After having struggled with using Nginx as my centralized router crashing every time one of my apps has a hiccup. As one of the key aspects of my design pattern is that a failure for one app should have no effect on another, this is non desirable.

I was hoping to use Traefik as my central reverse proxy server and I've had tremendous luck in terms of my local development. However, in order to reduce the amount of panicked "I've been hacked" emails I need to provide a TLS connection with a CA signed certificate so everyone's browsers play nice.

Configuration

  • I have wildcard certificates so that I can generate any number of applications as subdomains for the domain solutions.blahblahblah.com
  • I am running Traefik using docker-compose and I map each individual file in the volumes section like so:
    • "./ssl/STAR_solutions_blahblahblah_com.crt:/certs/ssl.cert"
    • "./ssl/STAR_solutions_blahblahblah.key:/certs/ssl.key"
  • I specify these certificates in the tls section of my traefik.yml file like so:
    tls:
      entryPoints: websecure
        certificates:
          - certFile: "/certs/ssl.cert"
            keyFile: "/certs/ssl.key"
        stores:
          - default
    stores:
      default:
        defaultCertificates:
          certFile: "/certs/ssl.cert"
          keyFile: "/certs/ssl.key"
    options:
      default:
        minVersion: VersionTLS12
        cipherSuites:
          - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • I have a .ca-bundle file as well but I'm not sure what exactly to do with it.
  • I run the Traefik container undaemonized so I can see all the logging and there are no errors.

Problem

I have followed all the guides I can find for using static SSL certificates with Traefik but every time I inspect the certificate being used in my TLS connection it's the Traefik Default Self Signed. Can anyone see what I'm missing?