Using Traefik as a Reverse Proxy with Certificates Signed by My Own PKI

LostTime · June 14, 2024, 2:26pm

Hello,

I’m new to Traefik and might have made a few mistakes in my configuration.

My objective was to use Traefik as a reverse proxy for the other Docker containers running on my host. I’m managing containers with Portainer.

To start, let’s share my configuration files.

traefik-stack (docker compose file) :

services:
  traefik-reverse-proxy:
    image: traefik:latest
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
    ports:
      # The HTTP port
      - "80:80"
      # The HTTPS port
      - "443:443"
      # The Traefik port
      - "8080:8080"
    volumes:
      - traefik-main-config:/etc/traefik/
      - traefik-config-files:/etc/traefik/conf/
      - traefik-ca:/etc/traefik/certs/
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  traefik-main-config:
  traefik-config-files:
  traefik-ca:

traefik.yaml (located in traefik-main-conf volume) :

global:
  checkNewVersion: false
  sendAnonymousUsage: false

# -- (Optional) Change Log Level and Format here...
#     - loglevels [DEBUG, INFO, WARNING, ERROR, CRITICAL]
#     - format [common, json, logfmt]
# log:
#  level: ERROR
#  format: common
#  filePath: /var/log/traefik/traefik.log

# -- (Optional) Enable Accesslog and change Format here...
#     - format [common, json, logfmt]
# accesslog:
#   format: common
#   filePath: /var/log/traefik/access.log

# -- (Optional) Enable API and Dashboard here, don't do in production
api:
  dashboard: true
  insecure: true

# -- Change EntryPoints here...
entryPoints:
  web:
    address: :80
    # -- (Optional) Redirect all HTTP to HTTPS
    # http:
    #   redirections:
    #     entryPoint:
    #       to: websecure
    #       scheme: https
  websecure:
    address: :443
  # -- (Optional) Add custom Entrypoint
  traefik:
    address: :8080

# -- Change CertificateResolver here...
#certificatesResolvers:
#  myresolver:
#    caServer: /etc/traefik/certs/MY-ROOT-CA.crt


# -- (Optional) Disable TLS Cert verification check
# serversTransport:
#   insecureSkipVerify: true

providers:
  docker:
    # -- (Optional) Enable this, if you want to expose all containers automatically
    exposedByDefault: false
  file:
    directory: /etc/traefik
    watch: true

dynamic_conf.yaml (located in traefik-main-conf volume) :

# -- (Optional) Overwrite Default Certificates
tls:
  #certificatesResolvers:
  #  myresolver:
  #    caServer: /etc/traefik/certs/MY-ROOT-CA.crt


  certificates:
    # Note that since no store is defined,
    # the certificate below will be stored in the `default` store.

    # Certificatecain
    - certFile: /etc/traefik/certs/MY-ROOT-CA.crt
      stores:
        - mystore
    - certFile: /etc/traefik/certs/MY-Policy-CA.crt
      stores:
        - mystore
    - certFile: /etc/traefik/certs/MY-Issuing-CA.crt
      stores:
        - mystore

    # Webserver Certificates
    - certFile: /etc/traefik/certs/treafik.my-domain.com.crt
      keyFile: /etc/traefik/certs/traefik.my-domain.com.key
      stores:
        - mystore
    - certFile: /etc/traefik/certs/netbox.my-domain.com.crt
      keyFile: /etc/traefik/certs/netbox.my-domain.com.key
      stores:
        - mystore

    - certFile: /etc/traefik/certs/phpipam.my-domain.com.crt
      keyFile: /etc/traefik/certs/phpipam.my-domain.com.key
      stores:
        - mystore

# -- (Optional) Disable TLS version 1.0 and 1.1
#   options:
#     default:
#       minVersion: VersionTLS12

netbox-stack (docker compose file) :

<..>
services:
  netbox:
    <<: *shared_settings
    logging:
        driver: journald
    labels:
      - traefik.enable=true
      - traefik.http.routers.netbox-proxy.rule=Host(`netbox.my-domain.com`)
      - traefik.http.routers.netbox-proxy.tls=true
      - traefik.http.routers.netbox-proxy.tls.certresolver=mystore
      - traefik.http.routers.netbox-proxy.service=netbox
      - traefik.http.services.netbox.loadbalancer.server.port=8080
<...>

phpipam-stack (docker compose file) :

<...>
services:
  phpipam-web:
    image: phpipam/phpipam-www:latest
    environment:
      - TZ=Europe/Berlin
    labels:
      - traefik.enable=true
      - traefik.http.routers.phpipam-proxy.rule=Host(`phpipam.my-domain.com`)
      - traefik.http.routers.phpipam-proxy.tls=true
      - traefik.http.routers.phpipam-proxy.tls.certresolver=mystore
      #- traefik.http.routers.phpipam-proxy.service=phpipam-web
      #- traefik.http.services.phpipam-web.loadbalancer.server.port=80
<...>

I generated the certificates using my own PKI and exported them, along with their private key, to a .pfx file. Next, I converted them using OpenSSL with the following commands to create both a .crt and a .key file:

openssl pkcs12 -in "$Path\$CertName.pfx" -out "$Path\$CertName.crt" -clcerts -nokeys -passin pass:$CertPassword

openssl pkcs12 -in "$Path\$CertName.pfx" -out "$Path\$CertName.key" -nocerts -nodes -passin pass:$CertPassword

Finally, I copied the certificates to the traefik-ca volume.

Regarding my configuration, the main issue now is that Traefik isn’t using my certificates and is displaying the default Traefik certificate. What do I need to change to make my own certificates work with the services?

Log output of docker logs traefik-stack-traefik-reverse-proxy-1 :

see next comment

LostTime · June 14, 2024, 2:27pm

{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:18+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:19+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:20+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:21+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:22+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:25+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:29+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:36+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:20:49+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:21:16+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:22:08+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:23:09+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:24:09+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:25:10+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:26:11+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:27:11+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:28:12+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:29:13+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:30:13+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:31:14+02:00","message":"Command error"}
{"level":"error","error":"command traefik error: field not found, node: caServer","time":"2024-06-14T14:32:14+02:00","message":"Command error"}
2024-06-14T14:33:10+02:00 ERR Unable to append certificate Bag Attributes: <Empty Attributes> subject=DC = com, DC = my, CN = my Enterprise Policy CA issuer=CN = my Enterprise ROOT CA -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:33:10+02:00 ERR Unable to append certificate Bag Attributes: <Empty Attributes> subject=DC = com, DC = my, CN = my Enterprise Issuing CA (mypkisrv01) issuer=DC = com, DC = my, CN = my Enterprise Policy CA -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:33:10+02:00 ERR Unable to append certificate /etc/traefik/certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:33:10+02:00 ERR Unable to append certificate Bag Attributes: <Empty Attributes> subject=CN = my Enterprise ROOT CA issuer=CN = my Enterprise ROOT CA -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:33:11+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:33:11+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:41:18+02:00 ERR error="accept tcp [::]:443: use of closed network connection" entryPointName=websecure
2024-06-14T14:41:18+02:00 ERR error="close tcp [::]:443: use of closed network connection" entryPointName=websecure
2024-06-14T14:41:18+02:00 ERR error="accept tcp [::]:80: use of closed network connection" entryPointName=web
2024-06-14T14:41:18+02:00 ERR error="close tcp [::]:80: use of closed network connection" entryPointName=web
2024-06-14T14:41:18+02:00 ERR error="accept tcp [::]:8080: use of closed network connection" entryPointName=traefik
2024-06-14T14:41:18+02:00 ERR error="close tcp [::]:8080: use of closed network connection" entryPointName=traefik
2024-06-14T14:41:19+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:41:19+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:41:19+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:41:19+02:00 ERR Unable to append certificate /etc/traefik/certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:41:20+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:41:20+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:42:20+02:00 ERR Error while Peeking first byte error="read tcp 192.168.48.2:8080->10.100.193.202:16066: i/o timeout"
2024-06-14T14:49:22+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:22+02:00 ERR Unable to append certificate /etc/traefik/certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:49:22+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:22+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:22+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:49:22+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:49:28+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:28+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:28+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:28+02:00 ERR Unable to append certificate /etc/traefik/certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:49:29+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:49:29+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:49:30+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:30+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:30+02:00 ERR Unable to append certificate -----BEGIN CERTIFICATE----- <..> -----END CERTIFICATE----- to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=mystore
2024-06-14T14:49:30+02:00 ERR Unable to append certificate /etc/traefik/certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:49:30+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:49:30+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:50:19+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:19+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:19+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:19+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:19+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:19+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:20+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:50:20+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:50:21+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:21+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:21+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:21+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:21+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:21+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:50:22+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:50:22+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:57:18+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:18+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:18+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:18+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:18+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:18+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:19+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:57:19+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:57:20+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:20+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:20+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:20+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:20+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:20+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:21+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:57:21+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker

LostTime · June 14, 2024, 2:28pm

2024-06-14T14:57:40+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:40+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:40+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:40+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:40+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:40+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:40+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:57:40+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:57:42+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:42+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:42+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:42+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:42+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:42+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:42+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:57:42+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:57:45+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:45+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:45+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:45+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:45+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:45+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:46+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:57:46+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:57:47+02:00 ERR Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:47+02:00 ERR Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:47+02:00 ERR Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:47+02:00 ERR Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:47+02:00 ERR Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:47+02:00 ERR Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:48+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:57:48+02:00 ERR Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker
2024-06-14T14:57:51+02:00 ERR error="accept tcp [::]:80: use of closed network connection" entryPointName=web
2024-06-14T14:57:51+02:00 ERR error="accept tcp [::]:8080: use of closed network connection" entryPointName=traefik
2024-06-14T14:57:51+02:00 ERR error="close tcp [::]:8080: use of closed network connection" entryPointName=traefik
2024-06-14T14:57:51+02:00 ERR error="close tcp [::]:80: use of closed network connection" entryPointName=web
2024-06-14T14:57:51+02:00 ERR error="accept tcp [::]:443: use of closed network connection" entryPointName=websecure
2024-06-14T14:57:51+02:00 ERR error="close tcp [::]:443: use of closed network connection" entryPointName=websecure
2024-06-14T14:57:53+02:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:100 > Traefik version 3.0.2 built on 2024-06-10T14:38:51Z version=3.0.2
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/cmd/traefik/traefik.go:107 > Static configuration loaded [json] staticConfiguration={"api":{"dashboard":true,"insecure":true},"entryPoints":{"traefik":{"address":":8080","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"web":{"address":":80","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}},"websecure":{"address":":443","forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s","readTimeout":"1m0s"}},"udp":{"timeout":"3s"}}},"global":{},"log":{"format":"common","level":"DEBUG"},"providers":{"docker":{"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","watch":true},"file":{"directory":"/etc/traefik","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"}}
2024-06-14T14:57:53+02:00 INF github.com/traefik/traefik/v3/cmd/traefik/traefik.go:605 > Stats collection is disabled. Help us improve Traefik by turning this feature on :) More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2024-06-14T14:57:53+02:00 INF github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:73 > Starting provider aggregator aggregator.ProviderAggregator
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=web
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=traefik
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/server/server_entrypoint_tcp.go:220 > Starting TCP Server entryPointName=websecure
2024-06-14T14:57:53+02:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *file.Provider
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *file.Provider provider configuration config={"directory":"/etc/traefik","watch":true}
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/dynamic_conf.yaml
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/file/file.go:122 > add watcher on: /etc/traefik/traefik.yaml
2024-06-14T14:57:53+02:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *traefik.Provider
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *traefik.Provider provider configuration config={}
2024-06-14T14:57:53+02:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *acme.ChallengeTLSALPN
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *acme.ChallengeTLSALPN provider configuration config={}
2024-06-14T14:57:53+02:00 INF github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:202 > Starting provider *docker.Provider
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/aggregator/aggregator.go:203 > *docker.Provider provider configuration config={"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","watch":true}
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=file
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"dashboard_redirect":{"redirectRegex":{"permanent":true,"regex":"^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$","replacement":"${1}/dashboard/"}},"dashboard_stripprefix":{"stripPrefix":{"prefixes":["/dashboard/","/dashboard"]}}},"routers":{"api":{"entryPoints":["traefik"],"priority":9223372036854775806,"rule":"PathPrefix(`/api`)","ruleSyntax":"v3","service":"api@internal"},"dashboard":{"entryPoints":["traefik"],"middlewares":["dashboard_redirect@internal","dashboard_stripprefix@internal"],"priority":9223372036854775805,"rule":"PathPrefix(`/`)","ruleSyntax":"v3","service":"dashboard@internal"}},"serversTransports":{"default":{"maxIdleConnsPerHost":200}},"services":{"api":{},"dashboard":{},"noop":{}}},"tcp":{"serversTransports":{"default":{"dialKeepAlive":"15s","dialTimeout":"30s"}}},"tls":{},"udp":{}} providerName=internal
2024-06-14T14:57:53+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:53+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:53+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:53+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:53+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:53+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/pdocker.go:89 > Provider connection established with docker 26.1.4 (API 1.45) providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=traefik-reverse-proxy-traefik-stack-1fdc5d7633e010de8917c0d00a48a98e12c17128b957013574b1a8e6a0808d3d providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=netbox-worker-netbox-stack-004b96a236e7e0831355197d2ea030712d07656f73370fff19e54550ad32f519 providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=netbox-housekeeping-netbox-stack-74bbc620e0f46b4613c8f13b2c34fc1f1026ec2cac61a4af254d2851ffa4de61 providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=redis-netbox-stack-a5bbd64461b4eea2ff5faa7789aee49f58245f134ca2b9e1867f64576565ff8d providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=postgres-netbox-stack-175c2827828d1680f1b5ea3dde2185ae07ac30681d7be95b846846a3e3f02a0f providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=redis-cache-netbox-stack-fc4b08722b3ecc3adcf89f16c09d7e1061cd20e4e1974883c6e4b9067b5e65af providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=phpipam-cron-phpipam-stack-4b83d2af33952db0f31845a551b965afe2af21a96d869f53c339e0b22119ff7c providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=phpipam-mariadb-phpipam-stack-e63fcdf14566a22a6928d74e9e814037d58cd7477b91a7b4360d9789900ce857 providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/provider/docker/config.go:184 > Filtering disabled container container=portainer-b60f9781a203258b2dcb183ae273a3e2da5afcb9253f8f2edb5863acfb4e1d9f providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"routers":{"netbox-proxy":{"rule":"Host(`netbox.my-domain.com`)","service":"netbox","tls":{"certResolver":"mystore"}},"phpipam-proxy":{"rule":"Host(`phpipam.my-domain.com`)","service":"phpipam-web-phpipam-stack","tls":{"certResolver":"myresolver"}}},"services":{"netbox":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.29.0.5:8080"}]}},"phpipam-web-phpipam-stack":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.18.0.4:80"}]}}}},"tcp":{},"tls":{},"udp":{}} providerName=docker
2024-06-14T14:57:53+02:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=mystore
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/stripprefix/strip_prefix.go:32 > Creating middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:17 > Creating middleware entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:18 > Setting up redirection from ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$ to ${1}/dashboard/ entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_redirect@internal routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/aggregator.go:51 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["web","websecure"] routerName=netbox-proxy
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/aggregator.go:51 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["web","websecure"] routerName=phpipam-proxy
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/treafik.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/netbox.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/phpipam.my-domain.com.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/my-ROOT-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/my-Policy-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /certs/my-Issuing-CA.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=mystore
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=mystore
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/stripprefix/strip_prefix.go:32 > Creating middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:17 > Creating middleware entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_regex.go:18 > Setting up redirection from ^(http:\/\/(\[[\w:.]+\]|[\w\._-]+)(:\d+)?)\/$ to ${1}/dashboard/ entryPointName=traefik middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=traefik middlewareName=dashboard_redirect@internal routerName=dashboard@internal
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:259 > Creating load-balancer entryPointName=web routerName=netbox-proxy@docker serviceName=netbox@docker
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:301 > Creating server entryPointName=web routerName=netbox-proxy@docker serverName=8b865225841a1221 serviceName=netbox@docker target=http://172.29.0.5:8080
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:259 > Creating load-balancer entryPointName=web routerName=phpipam-proxy@docker serviceName=phpipam-web-phpipam-stack@docker
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/service/service.go:301 > Creating server entryPointName=web routerName=phpipam-proxy@docker serverName=6b567c1384106610 serviceName=phpipam-web-phpipam-stack@docker target=http://172.18.0.4:80
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for netbox.my-domain.com with TLS options default entryPointName=web
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for phpipam.my-domain.com with TLS options default entryPointName=web
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for netbox.my-domain.com with TLS options default entryPointName=websecure
2024-06-14T14:57:54+02:00 DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for phpipam.my-domain.com with TLS options default entryPointName=websecure
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/cmd/traefik/traefik.go:355 > Router uses a non-existent certificate resolver certificateResolver=mystore routerName=netbox-proxy@docker
2024-06-14T14:57:54+02:00 ERR github.com/traefik/traefik/v3/cmd/traefik/traefik.go:355 > Router uses a non-existent certificate resolver certificateResolver=myresolver routerName=phpipam-proxy@docker

bluepuma77 · June 14, 2024, 5:06pm

When you generate your own TLS certs, then you need to load them in a dynamic config file, which is loaded with providers.file in static config. Then you need to set tls=true on entrypoint or router.

certresolver is only used for LetsEncrypt certificates.

When the TLS cert does not include the domain, then you need to set it as default in dynamic config file. Oherwise Traefik will generate a custom TLS cert by itself (when TLS is enabled), and your client/browser will show an error for untrusted cert.

Note that I don’t think that custom TLS stores (with own name) are possible, I think there is just a default store (which is different from the default cert).

LostTime · June 17, 2024, 4:02pm

Thanks to @bluepuma77 for the input.

As a result, I adjusted my configuration as follows and now the certificates are both successfully imported and used when calling the corresponding service.

LostTime · June 17, 2024, 4:15pm

As mentioned before, here are my current configuration files:

traefik-stack (docker compose file) :

<...>
      "was left unchanged"
<...>

traefik.yaml (located in traefik-main-conf volume) :

global:
  checkNewVersion: false
  sendAnonymousUsage: false

# Change Log Level and Format here...
#  - loglevels [DEBUG, INFO, WARNING, ERROR, CRITICAL]
#  - format [common, json, logfmt]
log:
  level: DEBUG
  format: common
#  filePath: /var/log/traefik/traefik.log

# Enable Accesslog and change Format here...
#  - format [common, json, logfmt]
accessLog:
  format: common
#  filePath: /var/log/traefik/access.log

# Enable API and Dashboard here, don't do in production
api:
  dashboard: true
  insecure: true

# Define EntryPoints here...
entryPoints:
  web:
    address: :80
    # Redirect all HTTP to HTTPS
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443

providers:
  docker:
    # Enable this, if you want to expose all containers automatically
    exposedByDefault: false
  file:
    directory: /etc/traefik
    watch: true

dynamic_conf.yaml (located in traefik-main-conf volume) :

tls:
  certificates:

    # Import wildcard certificate in case a service does not have its own
#    - certFile: /etc/traefik/certs/wildcard.cer
#      keyFile: /etc/traefik/certs/wildcard.key
#      stores:
#        - default

    # Import the certificates of the respective services
    - certFile: /etc/traefik/certs/traefik.crt
      keyFile: /etc/traefik/certs/traefik.key
      stores:
        - default
    - certFile: /etc/traefik/certs/netbox.crt
      keyFile: /etc/traefik/certs/netbox.key
      stores:
        - default
    - certFile: /etc/traefik/certs/phpipam.crt
      keyFile: /etc/traefik/certs/phpipam.key
      stores:
        - default

#  stores:
#    default:
    # Define the wildcard certificate as default certificate
#      defaultCertificate:
#        certFile: /etc/traefik/certs/wildcard.cer
#        keyFile: /etc/traefik/certs/wildcard.key

# -- (Optional) Disable TLS version 1.0 and 1.1
#   options:
#     default:
#       minVersion: VersionTLS12

netbox-stack (docker compose file) :

<...>
    labels:
      - traefik.enable=true
      - traefik.http.routers.netbox-proxy.entrypoints=websecure
      - traefik.http.routers.netbox-proxy.tls=true
      - traefik.http.routers.netbox-proxy.rule=Host(`${NETBOX_URL}`)
      - traefik.http.routers.netbox-proxy.service=netbox-lb
      - traefik.http.services.netbox-lb.loadbalancer.server.port=8080
<...>

phpipam-stack (docker compose file) :

<...>
    labels:
      - traefik.enable=true
      - traefik.http.routers.phpipam-proxy.entrypoints=websecure
      - traefik.http.routers.phpipam-proxy.tls=true
      - traefik.http.routers.phpipam-proxy.rule=Host(`${PHPIPAM_URL}`)
      - traefik.http.routers.phpipam-proxy.service=phpipam-lb
      - traefik.http.services.phpipam-lb.loadbalancer.server.port=80
<...>

LostTime · June 17, 2024, 4:25pm

Netbox seems to be happy with this configuration. At least when calling from http, the redirect to https takes place and the page is displayed correctly and with the correct certificate.

PHPipam is a bit stubborn. When calling from http, I don't get a redirect to https, but rather "404 page not found". When calling directly with https, the correct certificate is pulled, but the page is displayed incorrectly and with a "jQuerry error".

I don't want to rule out the possibility that I still have a configuration error somewhere with traefik or even phpipam.

LostTime · June 17, 2024, 6:01pm

I have now found the solution to the problem with PHPipam.
Because of the reverse proxy, two environment variables had to be set.
My changes look like this:

phpipam-stack (docker compose file) :

    environment:
      - TZ=Europe/Berlin
      - IPAM_BASE=/
      - IPAM_TRUST_X_FORWARDED=true

Topic		Replies	Views
Traefik reverse proxy doesn't work Traefik v2 docker	3	629	July 1, 2021
Add Docker Microservices to Traefik Traefik v2 docker	3	1509	January 19, 2020
I can't use traefik to reverse proxy external services Traefik v2 docker	5	1834	July 4, 2022
Unable to get HTTPS using Traefik as reverse proxy Traefik v2 docker	2	1183	October 26, 2022
Need some suggestion on my traefik config Traefik v3 (latest) docker , cli	4	112	May 31, 2024

Using Traefik as a Reverse Proxy with Certificates Signed by My Own PKI

Related topics