Hi all,
I don't know what to do anymore. I tried now so many different things from different documentations. I also think I over configured my traefik.yml and dynamic.conf after so many different attempts to fix this by myself. At the end I still have the same error and behavior as at the beginning.
I get an error in my traefik.logs after calling the url in the browser. It does not matter if it is the traefik dashboard or any other service.
level=debug msg="http: TLS handshake error from 172.18.0.1:57674: remote error: tls: bad certificate"
If I call the url in the browser I get at first a certificate warning and after accepting this 404 page not found. I don't know if this is the result from the error or another problem. (btw. I deactivated the redirection to websecure and still get this message). So I guess this is another problem???
So what do I have to do to fix the certification error.
I would also appreciate any tips on reducing unnecessary over-configuration.
So far I added
stores:
default: {}
and
insecureSkipVerify: true
I also made sure, that my acme.json is a file and not a folder and deleted the docker volume multiple times to reset.
I also configured my dynamic_conf.yml directly in the compose file because I thought this configuration is not found.
I come from traefik 2.7 with a http challenge and here everything is working as expected. But now I want to use tsl as you can see in my files...
I am working with docker on an ubuntu 22.04 server
docker info
Client: Docker Engine - Community
Version: 24.0.5
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.11.2
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.20.2
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 5
Server Version: 24.0.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 8165feabfdfe38c65b599c4993d227328c231fca
runc version: v1.1.8-0-g82f18fe
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 5.15.0-83-generic
Operating System: Ubuntu 22.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.39GiB
Name: lab
ID: 2cabbfaa-c422-4358-b8d8-4afd847876a3
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
My compose file is:
version: "3.8"
services:
traefik:
image: traefik:2.10
container_name: traefik
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- ./config:/etc/traefik
- ./log:/var/log/traefik/
- certificates:/certificates
- /var/run/docker.sock:/var/run/docker.sock:ro
labels:
- "traefik.http.routers.traefik.rule=Host(`traefik.xxxxx.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.traefik.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=xxxx:xxxxx"
networks:
- proxy
restart: unless-stopped
networks:
proxy:
external: true
volumes:
certificates:
my traefik.conf:
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
level: DEBUG
format: common
filePath: "/var/log/traefik/traefik.log"
accessLog:
format: common
filePath: "/var/log/traefik/access.log"
api:
dashboard: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
certificatesResolvers:
letsencrypt:
acme:
email: myemail@mail.org
storage: /certificates/acme.json
tlsChallenge: {}
providers:
docker:
exposedByDefault: false
network: "proxy"
file:
directory: /etc/traefik/
watch: true
providersThrottleDuration: 10
my dynamic-conf.yml
tls:
stores:
default: {}
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
sniStrict: false
http:
services:
traefik:
loadBalancer:
serversTransport: mytransport
serversTransports:
mytransport:
insecureSkipVerify: true
The full error message from the beginning:
level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
level=debug msg="Added outgoing tracing middleware noop@internal" middlewareType=TracingForwarder entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing
level=debug msg="Creating middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
level=debug msg="Setting up redirection to https 443" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web
level=debug msg="Creating middleware" middlewareType=Recovery middlewareName=traefik-internal-recovery entryPointName=web
level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder
level=debug msg="Creating middleware" middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal
level=debug msg="Setting up redirection to https 443" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web
level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
level=debug msg="Serving default certificate for request: \"traefik.xxxx.com\""
level=debug msg="http: TLS handshake error from 172.18.0.1:57674: remote error: tls: bad certificate"
level=debug msg="Serving default certificate for request: \"traefik.xxxxx.com\""
Many many thanks in advance