Get letsencrypt to work with traefik.

agolangf · · 703 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>I have just begun looking at traefik as a reverse proxy for my nodejs application I am running in docker.</p> <p>Now I am looking into how to get letsencrypt to work with traefik. I have never tried something like this before, and I am therefore looking for a more or less step by step guide.</p> <p>ATM I have these different files to spin it all up with docker-compose:</p> <p>Dockerfile:</p> <pre><code>FROM node:6.3.0 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app RUN npm install -g nodemon COPY package.json /usr/src/app RUN npm install COPY . /usr/src/app EXPOSE 3000 CMD [&#34;npm&#34;, &#34;start&#34;] </code></pre> <p>docker-compose.yml:</p> <pre><code>version: &#34;2&#34; services: web: build: . volumes: - .:/app ports: - &#34;3000:3000&#34; links: - database labels: - &#34;traefik.port=3000&#34; - &#34;traefik.backend=web&#34; - &#34;traefik.protocol=http&#34; - &#34;traefik.frontend.entryPoints=http&#34; - &#34;traefik.frontend.rule=Host:hostname.com&#34; database: image: mongo container_name: mongo ports: - &#34;27017:27017&#34; volumes_from: - mongodata command: --smallfiles --noprealloc mongodata: image: tianon/true volumes: - ./data/db:/data/db traefik: image: traefik:v1.1.1 command: --web.readonly --docker --docker.watch --docker.domain=docker.localhost --logLevel=DEBUG --entryPoints=&#34;Name:http Address::80&#34; ports: - &#34;80:80&#34; - &#34;443:443&#34; - &#34;8080:8080&#34; volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc/traefik/traefik.toml:/etc/traefik/traefik.toml - /etc/traefik/acme.json:/etc/traefik/acme.json </code></pre> <p>traefik.toml:</p> <pre><code>defaultEntryPoints = [&#34;http&#34;, &#34;https&#34;] [web] address = &#34;:8080&#34; [entryPoints] [entryPoints.http] address = &#34;:80&#34; [entryPoints.https] address = &#34;:443&#34; [entryPoints.https.tls] [acme] email = &#34;my@email.com&#34; storageFile = &#34;acme.json&#34; entryPoint = &#34;https&#34; onDemand = true onHostRule = true </code></pre> <p>Some of the things I am speculating is how the certificate is generated. Do I do this elsewhere or is this taken care of from traefik. When I read different guides it seems like this is taken care from by traefik, but I cannot access my site with https</p> <p>I hope this is the correct place to ask. Otherwise let me know. I am only here to learn :)</p> <hr/>**评论:**<br/><br/>wwader: <pre><p>I think the problem could be that you set traefik.frontend.entryPoints=http for the web service which i think means the site should only be accessible via non-tls-http.</p> <p>If you want more debug you can add debug = true in the config file. Then you will also see let&#39;s encrypt challenges etc.</p></pre>lidttilvenstre: <pre><p>Does not seem to work. The containers are running but i get a 404 on the webpage. Can see the dashboard for traefik though. Don&#39;t I need to get the certificates and put them somewhere? This is what confuses me the most. How are the certificates created?</p></pre>wwader: <pre><p>All certificate information for all domains are stored inside acme.json. Do you see anything interesting when enabling debug?</p> <p>Here is a similar setup that i use <a href="https://gist.github.com/wader/fd6aa0c5cc2e67da0c3c846573a8afc1" rel="nofollow">https://gist.github.com/wader/fd6aa0c5cc2e67da0c3c846573a8afc1</a></p></pre>lidttilvenstre: <pre><p>So the thing that I think I am lacking is how to get the acme.json file with the certificate information. Because I read it as something that traefik would take completely care of.</p> <p>EDIT: I have posted an update on my configurations. I have looked more at the example on traefik and tried to take it from there.</p></pre>lidttilvenstre: <pre><p>I have tried to change my configurations and now they look like this:</p> <p>Dockerfile:</p> <pre><code>FROM node:6.3.0 RUN mkdir -p /usr/src/app WORKDIR /usr/src/app RUN npm install -g nodemon COPY package.json /usr/src/app RUN npm install COPY . /usr/src/app EXPOSE 3000 CMD [&#34;npm&#34;, &#34;start&#34;] </code></pre> <p>docker-compose.yml:</p> <pre><code>version: &#34;2&#34; services: web: build: . volumes: - .:/app ports: - &#34;3000:3000&#34; links: - database labels: - &#34;traefik.port=3000&#34; - &#34;traefik.backend=web&#34; - &#34;traefik.protocol=https&#34; - &#34;traefik.frontend.entryPoints=https&#34; - &#34;traefik.frontend.rule=Host:brobet.dk, www.brobet.dk&#34; database: image: mongo container_name: mongo ports: - &#34;27017:27017&#34; volumes_from: - mongodata command: --smallfiles --noprealloc mongodata: image: tianon/true volumes: - ./data/db:/data/db traefik: image: traefik:v1.1.1 command: --web.readonly --docker --docker.watch --docker.domain=docker.localhost --logLevel=DEBUG --entryPoints=&#34;Name:http Address::80&#34; ports: - &#34;80:80&#34; - &#34;443:443&#34; - &#34;8080:8080&#34; volumes: - /var/run/docker.sock:/var/run/docker.sock - /etc/traefik/traefik.toml:/etc/traefik/traefik.toml - /etc/traefik/acme.json:/etc/traefik/acme.json </code></pre> <p>traefik.toml</p> <pre><code>debug = true [web] address = &#34;:8080&#34; [entryPoints] [entryPoints.https] address = &#34;:443&#34; [entryPoints.https.tls] [acme] email = &#34;nicklas_just2@hotmail.com&#34; storage = &#34;acme.json&#34; entryPoint = &#34;https&#34; acmeLogging = true onDemand = true OnHostRule = true </code></pre> <p>With this I get the following from docker logs traefik (changed domain name to [domain]) (Further info. I get a msg stating: level=debug msg=&#34;Global configuration loaded[.......] So I think that I don&#39;t get the custom toml used....):</p> <pre><code>time=&#34;2017-05-22T08:01:00Z&#34; level=debug msg=&#34;Last docker config received less than 2s, waiting...&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=debug msg=&#34;Waited for docker config, OK&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=debug msg=&#34;Creating frontend frontend-Host-brobet-dk-www-[domain]-dk&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=debug msg=&#34;Wiring frontend frontend-Host-brobet-dk-www-[domain]-dk to entryPoint https&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=error msg=&#34;Undefined entrypoint &#39;https&#39; for frontend frontend-Host-brobet-dk-www-brobet-dk&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=error msg=&#34;Skipping frontend frontend-Host-[domain]-dk-www-[domain]-dk...&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=debug msg=&#34;Creating frontend frontend-Host-mongo-docker-localhost&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=error msg=&#34;No entrypoint defined for frontend frontend-Host-mongo-docker-localhost, defaultEntryPoints:[]&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=error msg=&#34;Skipping frontend frontend-Host-mongo-docker-localhost...&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=debug msg=&#34;Creating frontend frontend-Host-skovejr-traefik-1-docker-localhost&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=error msg=&#34;No entrypoint defined for frontend frontend-Host-skovejr-traefik-1-docker-localhost, defaultEntryPoints:[]&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=error msg=&#34;Skipping frontend frontend-Host-skovejr-traefik-1-docker-localhost...&#34; time=&#34;2017-05-22T08:01:02Z&#34; level=info msg=&#34;Server configuration reloaded on :80&#34; </code></pre> <p>EDIT:</p> <p>So I have been successful in getting the certificates from Letsencrypt but I now get the following error in traefik when trying to access the webpage:</p> <pre><code>time=&#34;2017-05-22T10:11:39Z&#34; level=warning msg=&#34;Error forwarding to https://172.18.0.2:3000, err: EOF&#34; time=&#34;2017-05-22T10:11:39Z&#34; level=warning msg=&#34;Error forwarding to https://172.18.0.2:3000, err: EOF&#34; 2017/05/22 10:13:00 server.go:2317: http: TLS handshake error from 192.38.33.17:51390: EOF </code></pre> <p>Full log from docker logs &lt;traefik_container_name&gt;: <a href="https://pastebin.com/7NtHxVVu%5D" rel="nofollow">pastebin</a></p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

703 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传