When I access my Traefik instance in the browser, I get a certificate warning because it uses the default Traefik certificate. I want Traefik to use a self-signed certificate that I generated with my own CA.
I am setting up traefik for the first time. I have a private server with no public IP. My instance of traefik is running in docker. This is my docker compose
networks:
traefik_visible:
external: true
services:
traefik:
image: traefik:v3.6
networks:
- traefik_visible
security_opt:
- no-new-privileges:true
command:
- "--providers.file.filename=/etc/traefik/dynamic/tls.yml"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=traefik_visible"
- "--entrypoints.websecure.address=:443"
ports:
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/traefik.yml:/traefik.yml
- ./certs:/certs
- ./dynamic:/etc/traefik/dynamic:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.server.local`)"
- "traefik.http.routers.dashboard.entrypoints=websecure"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.tls=true"
restart: unless-stopped
I have certificates located in certs/ and the tls configuration located in dynamic/ relative to my docker-compose.yml
tls.yml
tls:
certificates:
- certFile: "/certs/traefik.crt"
keyFile: "/certs/traefik.key"
- stores:
- default
traefik.yml
entryPoints:
websecure:
address: ":443"
# Docker configuration backend
providers:
docker: {}
# API and dashboard configuration
api:
insecure: true