Reputation: 1
Traefik Disable tls for only 1 container
Good morning, I am setting up a bastion container, here is my compose docker file:
traefik:
restart: always
image: traefik
container_name: traefik
hostname: traefik
command:
- --log.level=info
- --api.insecure=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
- --entryPoints.smtp.address=:25
- --entryPoints.smtp-ssl.address=:465
- --entryPoints.imap-ssl.address=:993
- --entryPoints.sieve.address=:4190
- --entryPoints.ssh-proxy.address=:8022
- --metrics.prometheus=true
- --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
- --providers.docker.watch
- --certificatesresolvers.myresolver.acme.httpchallenge=true
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.myresolver.acme.email=mail@mail
- --certificatesresolvers.myresolver.acme.storage=/certs/acme.json
ports:
- 80:80
- 443:443
- 8080:8080
- 25:25
- 465:465
- 993:993
- 4190:4190
- 8022:8022
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/log/traefik:/var/log
- ./traefik/certs:/certs
networks:
- backend
- frontend
labels:
- traefik.http.middlewares.traefik-redirect-web-secure.redirectscheme.scheme=https
[...]
trasa_app:
image: seknox/trasa:v1.1.4
container_name: trasa_app
restart: always
labels:
- traefik.enable=true
- traefik.http.middlewares.bastion-redirect-web-secure.redirectscheme.scheme=https
- traefik.http.routers.bastion-web.middlewares=bastion-redirect-web-secure
- traefik.http.routers.bastion-web.rule=Host(`bastion.${DOMAINNAME}`)
- traefik.http.routers.bastion-web.entrypoints=web
- traefik.http.routers.bastion-web-secure.rule=Host(`bastion.${DOMAINNAME}`)
#- traefik.http.routers.bastion-web-secure.tls.certresolver=myresolver
- traefik.http.routers.bastion-web-secure.tls=false
- traefik.http.routers.bastion-web-secure.entrypoints=web-secure
- traefik.tcp.routers.ssh-proxy.rule=HostSNI(`*`)
- traefik.tcp.routers.ssh-proxy.entrypoints=ssh-proxy
- traefik.tcp.routers.ssh-proxy.service=ssh-proxy
- traefik.tcp.services.ssh-proxy.loadbalancer.server.port=8022
environment:
- TRASA.LISTENADDR=bastion.${DOMAINNAME}
- TRASA.AUTOCERT=true
- DATABASE.SERVER=pgdb
- REDIS.SERVER=redis:6379
- PROXY.GUACDADDR=guacd:4822
volumes:
- /tmp/trasa/accessproxy/guac:/tmp/trasa/accessproxy/guac
links:
- pgdb:pgdb
- redis:redis
- guacd:guacd
networks:
- frontend
- backend
Here is my problem: When traefik manages the container certificate of trasa_app: I get an error "Error while setting TCP connection deadline: set tcp {ip}: use of closed network connection"
So what I want to do is disable obtaining the certificate from the trafik container so that the trasa_app container manages its own certificate.
so I added the label traefik.http.routers.bastion-web-secure.tls=false but when I access bastion.domainname: the certificate is "TRAEFIK DEFAULT CERT"
(https://i.sstatic.net/9GVKi.png)
How can I do so that traefik does not manage the trasa certificate?
thank you very much in advance,
Dimox
When traefik manages the certificate, the trasa container does not have the key so there is an error... When the trasa container manages the certificate, the traefik container returns a default certificate and not the trasa one...
Upvotes: 0
Views: 781
Answers (1)
Related Questions
- Traefik request wrong tls certificates
- Traefik v2: 404 Page not found
- Traefik gateway timeout for service with multiple networks
- Docker Compose with Traefik - unreachable URL from within the container
- What is the TLS 1.3 Flag for DefaultSecureProtocols?
- Disable TLS 1.3 in Twisted Python
- Does only TLS_AES_128_GCM_SHA256 cipher work for psk connections for TLS 1.3?