Traefik SSL without Let's Encrypt but with signed local created cer/key files

Traefik Traefik v2
1

Hi all. I'm trying to make SSL work but my ISP blocks access to my LAN, so I cannot use Let's Encrypt. I rented a VPS and created my certificates using ACME, and now I'm trying to make it work on my local installation. I don't plan to use my local server from the internet, just inside my own LAN, but I still want to use SSL.

docker-compose.yml:

---
version: "3"

networks:
  frontend:
    driver: bridge
  backend:
    driver: bridge

services:

  traefik:
    image: "traefik:v2.3"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      
    labels:
      - "traefik.frontend.rule=Host:traefik.tunguska.cc"
      - "traefik.port=8080"
      - "traefik.docker.network=frontend"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
    ports:
      - "80:80"
      - "8080:8080"
      - 443:443
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - /data/services/traefik/certs/tunguska.cc.cer:/etc/traefik/certs/cert.cer:ro
      - /data/services/traefik/certs/tunguska.cc.key:/etc/traefik/certs/cert.key:ro
      - /data/services/traefik/config/traefik.yml:/etc/traefik/traefik.yml:ro
      - /data/services/traefik/config/traefik_dynamic.yml:/etc/traefik/traefik_dynamic.yml:ro
    networks:
      - frontend
      - backend


  transmission:
    image: ghcr.io/linuxserver/transmission
    container_name: transmission
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Sao_Paulo
      - "USER=${USER}" 
      - "PASS=${PASSWORD}"
    volumes:
      - /data/services/transmission/config:/config
      - /storage/media/content:/downloads
      - /storage/media/content:/watch
    ports:
      - 9091:9091
      - 51413:51413
      - 51413:51413/udp
    restart: unless-stopped
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.transmission.rule=Host(`transmission.server`)"
      - "traefik.http.routers.transmission.entrypoints=websecure"
      - "traefik.http.routers.transmission.tls=true"
    networks:
      - frontend

traefik.yml:

providers:
  file:
    filename: "/etc/traefik/traefik_dynamic.yml"

traefik_dynamic.yml:

tls:
  certificates:
    - certFile: "/etc/traefik/certs/cert.cer"
      keyFile: "/etc/traefik/certs/cert.key"

HTTP works fine, but HTTPS does not work. Any ideas? Thanks

2

You have command line options mixed in with your labels on the traefik container.

Just in case you are not aware the LE certificates are valid for 90 days. So you'll have to complete this issuance again to keep using a valid certificate.

A more descriptive problem statement will help with diagnostics. Times out, returns 404, returns 502 etc...

3

Hi there.

Yep, I changed the commands from labels, sorry.

Just in case you are not aware the LE certificates are valid for 90 days. So you'll have to complete this issuance again to keep using a valid certificate.

I'm aware. I want to test with real SSL certificates before I purchase from my registrar.

A more descriptive problem statement will help with diagnostics. Times out, returns 404, returns 502 etc...

Yep, sorry I was being vague. I get 404 usually, or traefik redirects to the default generated one instead of using my certificates.

4

Hi @weirdtunguska

You're missing a reference for you file provider, add it in your static file or as a command line argument.

https://doc.traefik.io/traefik/providers/file/

Hopefully just a copy/paste/formatting error, missing () and `:

      - "traefik.frontend.rule=Host:traefik.tunguska.cc"