我对Traefik和Docker一窍不通。我使用以下方法准备了一个自签名证书:
openssl req -x509 -newkey rsa:4096 -keyout www.example.co.uk.key -out www.example.co.uk.crt-days 365
在我的traefik.toml文件中,我有以下内容:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
certFile = "certs/www.example.co.uk.crt"
keyFile = "certs/www.example.co.uk.key"
然而,这样做会导致:
traefik | time="2019-06-17T22:11:17Z" level=debug msg="Serving default cert for request: \"www.example.co.uk\""
traefik | time="2019-06-17T22:11:17Z" level=debug msg="http: TLS handshake error from 172.20.0.1:57770: tls: no certificates configured"
如果我忽略证书定义,让traefik.toml文件如下所示:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# [[entryPoints.https.tls.certificates]]
# certFile = "certs/www.example.co.uk.crt"
# keyFile = "certs/www.example.co.uk.key"
我使用Traefik提供的虚拟证书,效果很好,但我只是想理解为什么我的定义证书没有被使用。
我相信在我的docker-compose.yml文件中已经挂载了正确的卷:
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- ./traefik.toml:/traefik.toml
- /var/www/docker/certs:/certs
证书存储在与我的
docker-compose.yml 和 traefik.toml 文件相对的 certs/ 目录中。权限看起来也没问题,都被 root 拥有 - crt 的访问权限是 644,key 的访问权限是 600。我如何使用自签名证书替代 Traefik 默认的证书?