I've followed the next proceed (https://sysadmins.co.za/traefik-and-portainer-on-docker-swarm-with-letsencrypt/) and also reviewed the doc traefik about letsencrypt
I have in my swarm 2 internal sites.
- traefik.${WEB_DOMAIN}
- portainer.${WEB_DOMAIN}
The swarm is right now a lab environment in my laptop, and $WEB_DOMAIN is not (yet) a public domain ( so I have added these 2 sites in my /etc/hosts in order to browse them inside my laptop)
I expect 2 different certificates one for each site but I can see only one and always for CN= TRAEFIK DEFAULT CERT
This is my configuration for docker swarm
version: "3.3"
services:
traefik:
image: traefik:v1.7
command: --docker \
--docker.swarmmode \
--docker.domain=${WEB_DOMAIN} \
--docker.watch \
--docker.exposedbydefault=false \
--docker.endpoint=unix:///var/run/docker.sock \
--constraints=tag==net-public \
--defaultentrypoints=https,http
--entrypoints='Name:http Address::80' \
--entrypoints='Name:https Address::443 TLS' \
--retry \
--acme \
--acme.email=test@${WEB_DOMAIN} \
--acme.storage=/certificates/acme.json \
--acme.entryPoint=https \
--acme.httpChallenge.entryPoint=http \
--acme.onHostRule=true \
--acme.onDemand=false \
--acme.acmelogging=true \
--logLevel=DEBUG \
--accessLog \
--api \
--metrics \
--metrics.prometheus
networks:
- net-public
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- traefik-public-certificates:/certificates
- /dev/null:/traefik.toml
deploy:
placement:
constraints: [node.role==manager]
labels:
- "traefik.frontend.rule=Host:traefik.${WEB_DOMAIN}"
- "traefik.enable=true"
- "traefik.port=8080"
- "traefik.tags=net-public"
- traefik.docker.network=net-public
- "traefik.redirectorservice.frontend.entryPoints=http"
- "traefik.redirectorservice.frontend.redirect.entryPoint=https"
- "traefik.webservice.frontend.entryPoints=https"
- "traefik.frontend.auth.basic.users=${WEB_ADMIN_USERNAME}:${WEB_ADMIN_HASHED_PASSWORD}"
agent:
image: portainer/agent
environment:
AGENT_CLUSTER_ADDR: tasks.agent
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- net-public
deploy:
mode: global
placement:
constraints:
- node.platform.os == linux
portainer:
image: portainer/portainer
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- portainer-data:/data
networks:
- net-public
deploy:
placement:
constraints:
- node.role == manager
labels:
- traefik.frontend.rule=Host:portainer.${WEB_DOMAIN}
- traefik.enable=true
- traefik.port=9000
- traefik.tags=net-public
- traefik.docker.network=net-public
- traefik.redirectorservice.frontend.entryPoints=http
- traefik.redirectorservice.frontend.redirect.entryPoint=https
- traefik.webservice.frontend.entryPoints=https
networks:
net-public:
external: true
volumes:
portainer-data:
traefik-public-certificates: