小贝子编程

为什么 Traefik Acme 生成的证书被标记为"Not Secure"?



我正在尝试使用 traefik 启动应用程序。我用群设置了多个容器。我可以在浏览器中访问它们,但网站被标记为不安全。我尝试删除 acme.json 并重新生成 ssl 证书,但它没有改变任何东西。

据我了解,使用 ACME,证书是在启动时生成的。但是现在,它的行为就像一个自签名证书,因为我看到"假 LE 中间 X1">

这是我的配置:

logLevel="DEBUG"
debug=true
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[api]
address=":8080"
[docker]
endpoint="unix://var/run/docker.sock"
domain = "4yourfinance.com"
watch=true
swarmMode=true
exposedByDefault = false
[acme]
email = "serviceplatform@myfeelix.de"
storage = "/etc/traefik/acme/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "4yourfinance.com"
sans = ["nginx.4yourfinance.com", "api-wl.4yourfinance.com"]

和我的码头工人组成

version: "3.3"
services:
traefik:
image: traefik
ports:
- 80:80
- 8080:8080
- 443:443
networks:
- traefik-net
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./acme:/etc/traefik/acme
configs:
- source: traefik-config
target: /etc/traefik/traefik.toml
deploy:
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx2:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=nginx2"
- "traefik.port=80"
- "traefik.frontend.rule=Host:4yourfinance.com"
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=nginx"
- "traefik.port=80"
- "traefik.frontend.rule=Host:nginx.4yourfinance.com"
placement:
constraints: [engine.labels.com.role == 4yourfinance]
nginx3:
image: nginx
networks:
traefik-net:
aliases:
- nginx
deploy:
labels:
- "traefik.enable=true"
- "traefik.backend=api-wl"
- "traefik.port=80"
- "traefik.frontend.rule=Host:api-wl.4yourfinance.com"
placement:
constraints: [engine.labels.com.role == client-feelix]
networks:
traefik-net:
external:
name: traefik-net
configs:
traefik-config:
file: config2.toml

我使用的是暂存 caServer 而不是生产。我还必须设置其他域: 将服务器替换为

caServer = "https://acme-v02.api.letsencrypt.org/directory"

并添加域,执行以下操作:

[[acme.domains]]
main = "4yourfinance.com"
[[acme.domains]]
main = "nginx.4yourfinance.com"

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium