ffrank
November 3, 2022, 4:48pm
1
I run traefik in Docker Swarm.
I launch it with
command:
- --providers.docker.swarmMode=true
- --providers.file.directory=/configuration
- --log.level=DEBUG
In the volume mounted to /configuration I have certificates.yaml as follows:
tls:
certificates:
- certFile: /puppet_certs/puppet01.my-domain.net.pem
keyFile: /run/secrets/puppet01_key
- certFile: /um-wildcard-chain.pem
keyFile: /run/secrets/wildcard_key
Using the log I can verify that traefik is reading this file, e.g. by changing "certificates" to "certificatess" (extra s) I see this error:
2022-11-03T16:34:33.578516682Z time="2022-11-03T16:34:33Z" level=error msg="Error occurred during watcher callback: /configuration/certificates.yaml: field not found, node: certificatess" providerName=file
But when the file is intact, I only get this debug message:
2022-11-03T16:34:44.982153004Z time="2022-11-03T16:34:44Z" level=debug msg="Configuration received: {"http":{},"tcp":{},"udp":{},"tls":{}}" providerName=file
2022-11-03T16:34:44.982432812Z time="2022-11-03T16:34:44Z" level=debug msg="Skipping unchanged configuration." providerName=file
My certificates are not available, and traefik uses the default certificate in my TLS enabled services.
How can I make traefik accept my TLS configuration?
ffrank
November 4, 2022, 12:47am
2
Update: I cannot reproduce after downgrading to v2.8. Older traefik containers work as expected and load my certificates.
This might be a bug in (the latest) 2.9 version.
Just tested with Docker Hub's traefik:v2.9
and it seems to work fine.
docker-compose.yml:
version: '3.9'
services:
traefik:
image: traefik:v2.9
ports:
# listen on host ports without ingress network (Docker Swarm)
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /root/traefik-dashboard-tls:/traefik
command:
--providers.docker=true
--providers.docker.exposedByDefault=false
--providers.file.directory=/traefik
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--api.debug=true
--api.dashboard=true
--log.level=DEBUG
--accesslog=true
labels:
- traefik.enable=true
- traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.api.rule=Host(`example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.middlewares=auth
- 'traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/'
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.whoami.entrypoints=websecure
- traefik.http.routers.whoami.rule=Host(`example.com`)
- traefik.http.services.whoami.loadbalancer.server.port=80
networks:
proxy:
name: proxy
external: true
traefik-dynamic.yml
tls:
options:
default:
minVersion: VersionTLS12
certificates:
- certFile: /traefik/example.com.crt
keyFile: /traefik/example.com.key