Wildcard certificate config in command vs labels

I want a wildcard certificate.

In examples for the traefik container's docker-compose.yml, I've seen this:

command:
  - --entrypoints.websecure.http.tls=true
  - --entrypoints.websecure.http.tls.certResolver=myresolver
  - --entrypoints.websecure.http.tls.domains[0].main=${DOMAIN}
  - --entrypoints.websecure.http.tls.domains[0].sans=*.${DOMAIN}

or this:

labels:
  - traefik.http.routers.wildcard.tls.certresolver=myresolver
  - traefik.http.routers.wildcard.tls.domains[0].main=${DOMAIN}
  - traefik.http.routers.wildcard.tls.domains[0].sans=*.${DOMAIN}

(Assume myresolver and DOMAIN are defined correctly.)

What is the difference, and which should I use?

As you learned yesterday, there is global static config and more local dynamic config, with labels usually related to target services in a container.

If the cert is used by multiple services, I would place it on static command to be used globally, otherwise on the related service dynamic labels config.

Thanks once again bluepuma.

The routers bit confused me - I wasn't sure whether the two config blocks actually did the same thing.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.