Reputation: 71
Traefik Self Signed Certificate
I am trying to get one of my Docker containers to use a custom self-signed SSL. I have followed some instructions I have gathered from browsing around the internet and everything else works fine however my container keeps using a Traefik default certificate rather than the custom one I would like it to use. How can I achieve this?
To be honest, I am not exactly clear on how the Docker containers pick and use an SSL certificate and the documentation I have read does not seem to make it clear either. Here is what I have done so far.
Docker Compose yml file for Traefik
version: '3'
services:
traefik:
image: "traefik:v2.2"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ~/docker-data/traefik/traefik.yml:/etc/traefik/traefik.yaml:ro
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`traefik.com`)"
- "traefik.http.routers.api.entrypoints=insecure"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=api-auth"
- "traefik.http.middlewares.api-auth.basicauth.users=admin:..."
container_name: traefik
networks:
default:
external:
name: "web"
My Traefik yml file
providers: # You can add more than one provider if needed
docker:
endpoint: "unix:///var/run/docker.sock"
network: "web" # Custom docker network
exposedByDefault: false # Only expose explicitly enabled containers
file:
filename: ~/docker-data/traefik/dynamic_conf.yml
watch: true
entryPoints:
insecure:
address: ":80"
secure:
address: ":443"
api:
dashboard: true
My dynamic configuration file
# Dynamic configuration
tls:
certificates:
- certFile: "~/ssl/bwtest-cert.pem"
keyFile: "~/ssl/bwtest-key.pem"
My Docker Container
---
version: '3'
services:
bwtest:
image: bitwardenrs/server
restart: always
container_name: bwtest
volumes:
- bw-test-data:/data
# - bw-test-ssl:/ssl
environment:
LOG_FILE: '/data/bw.log'
SHOW_PASSWORD_HINT: 'true'
labels:
- traefik.enable=true
- traefik.docker.network=web
- traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
- traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
- traefik.http.routers.bitwarden-ui-https.rule=Host(`bwtest.com`)
- traefik.http.routers.bitwarden-ui-https.entrypoints=secure
- traefik.http.routers.bitwarden-ui-https.tls=true
- traefik.http.routers.bitwarden-ui-https.service=bwtest
- traefik.http.routers.bitwarden-ui-http.rule=Host(`bwtest.com`)
- traefik.http.routers.bitwarden-ui-http.entrypoints=insecure
- traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
- traefik.http.routers.bitwarden-ui-http.service=bwtest
- traefik.http.services.bwtest.loadbalancer.server.port=80
- traefik.http.routers.mydomain.tls.domains[0].main=bwtest.com
- traefik.http.routers.mydomain.tls.domains[0].sans=www.bwtest.com
networks:
- web
networks:
web:
external: true
volumes:
bw-test-data:
bw-test-ssl:
Upvotes: 3
Views: 5336
Answers (1)
Reputation: 874
I would suggest trying to move the certificates to default store (https://docs.traefik.io/https/tls/#default-certificate):
tls:
stores:
default:
defaultCertificate:
certFile: path/to/cert.crt
keyFile: path/to/cert.key
Upvotes: 3
Related Questions
- How do I reference a self-signed SSL certificates for traefik v2 in a docker-compose file?
- Traefik with self-signed certificate
- Docker, Traefik 2.2, and Default Certificate
- Traefik not generating TLS certificate (Error 401)
- Issues with Traefik v2.0 to use self signed certificate
- issues running docker traefik v2.0 to use self signed certificate
- Traefik and self-signed SSL
- Traefik is ignoring docker with traefik.enable=true set
- Traefik SSL configuration
- Traefik and https private repository - tls error