Hello everyone,
I can't seem to make traefik serves my own self signed certificates for subdomains. Works fine for anything.localhost but not anything.anything.localhost
I tried playing with the sniStrict
option and SNIHost
but it doesn't work.
What am I missing ?
networks:
default:
external:
name: traefik
services:
reverse-proxy:
command: --api.dashboard=true --providers.docker=true --entrypoints.https.address=:443 --providers.file.filename=/etc/traefik/dyn.yml
image: traefik:2.1
ports:
- "443:443"
volumes:
- ./certs/localhost.crt:/localhost.crt
- ./certs/localhost.key:/localhost.key
- ./dyn.yml:/etc/traefik/dyn.yml
- /var/run/docker.sock:/var/run/docker.sock
labels:
- traefik.http.routers.traefik.entrypoints=https
- traefik.http.routers.traefik.rule=Host(`traefik.localhost`)
- traefik.http.routers.traefik.service=api@internal
- traefik.http.routers.traefik.tls=true
whoami:
image: containous/whoami
labels:
- traefik.http.routers.whoami.entrypoints=https
- traefik.http.routers.whoami.rule=Host(`www.whoami.localhost`)
- traefik.http.routers.whoami.tls=true
tls:
stores:
default: {}
# options:
# default:
# sniStrict: true
certificates:
- certFile: /localhost.crt
keyFile: /localhost.key
stores:
- default
$ nmap -p 443 --script ssl-cert traefik.localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2020-03-15 11:05 CET
Nmap scan report for traefik.localhost (127.0.0.1)
Host is up (0.00010s latency).
Other addresses for traefik.localhost (not scanned): ::1
rDNS record for 127.0.0.1: localhost
PORT STATE SERVICE
443/tcp open https
| ssl-cert: Subject: commonName=localhost/organizationName##REDACTEDOUT##
| Subject Alternative Name: DNS:*.localhost
| Issuer: commonName=localhost/organizationName=##REDACTEDOUT##
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2019-07-29T20:48:53
| Not valid after: 2029-07-26T20:48:53
| MD5: a5d0 ea65 3932 1c51 9f48 be9c e0e5 bbaf
|_SHA-1: 5514 8843 0185 548e a3ac 0b19 7b38 04ca 8806 2624
$ nmap -p 443 --script ssl-cert www.whoami.localhost
Starting Nmap 7.60 ( https://nmap.org ) at 2020-03-15 11:05 CET
Nmap scan report for www.whoami.localhost (127.0.0.1)
Host is up (0.00011s latency).
Other addresses for www.whoami.localhost (not scanned): ::1
rDNS record for 127.0.0.1: localhost
PORT STATE SERVICE
443/tcp open https
| ssl-cert: Subject: commonName=TRAEFIK DEFAULT CERT
| Subject Alternative Name: DNS:2dbe3b83a8de0d19335f5913c18792d7.ac40383a9ffe2c5c4474a07271b1c0d3.traefik.default
| Issuer: commonName=TRAEFIK DEFAULT CERT
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2020-03-15T10:04:59
| Not valid after: 2021-03-15T10:04:59
| MD5: 4b82 fb6b 94a1 3fb1 bb25 b0b1 49df a957
|_SHA-1: 0dc8 f999 7156 beb6 69ef 9807 ec02 2cf0 a8c7 15d1
That certificate is working fine with traefik 1.7.
Thanks for reading :).