Hi,
I am trying to get wildcard certificates up and running using the IONOS API in combination with traefik, following those video instructions:
I managed to get traefik running but the certificate is only a default(?) local one:
Is there something wrong in the config? I put as environment:
environment:
- IONOS_API_KEY=0bc789c…public.7DRB6lD8t…private
As also described in the traefik documentation:
https://go-acme.github.io/lego/dns/ionos/
I suggest you share you Traefik static and dynamic config, and docker-compose.yml
if used.
These one?
traefik.yml
api:
dashboard: true
debug: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
to: https
scheme: https
https:
address: ":443"
serversTransport:
insecureSkipVerify: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: /config.yml
certificatesResolvers:
ionos:
acme:
email: pixelwave@me.com
storage: acme.json
dnsChallenge:
provider: ionos
#disablePropagationCheck: true # uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
resolvers:
- "ns1092.ui-dns.de"
- "ns1092.ui-dns.com"
- "ns1092.ui-dns.org"
- "ns1092.ui-dns.biz"
docker-compose.yml
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
environment:
- IONOS_API_KEY=<public>.<private>
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/pixelwave/traefik/data/traefik.yml:/traefik.yml:ro
- /home/pixelwave/traefik/data/acme.json:/acme.json
- /home/pixelwave/traefik/data/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.local.p-wave.de`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=pixelwave:<MY PASSWORD HASH>"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.local.p-wave.de`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=ionos"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.p-wave.de"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.p-wave.de"
- "traefik.http.routers.traefik-secure.service=api@internal"
networks:
proxy:
external: true
.. everything in "<...>" I anonymized.
If I query the logs:
# docker logs e84224a5b295
time="2023-02-14T13:19:10+01:00" level=info msg="Configuration loaded from file: /traefik.yml"
It's all in the logs
Use chmod
to change file permissions.
Yes that I already fixed ... noticed a typo in the userfolder.
The logs now read:
# docker logs e84224a5b295
time="2023-02-14T13:19:10+01:00" level=info msg="Configuration loaded from file: /traefik.yml"
But certificate is still the default one:
Note that you only need one http->https redirect, you got it in static entryPoints
, no need for dynamic
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
I deleted those two lines. This looks good now or?
...awesome! thanks a lot!
Deleted all four lines - still working!
system
Closed
February 17, 2023, 12:41pm
13
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.