在使用Traefik的Docker Backend时,让我们加密证书仅对主要领域生成,而不是为任何子域生成。我遵循了本指南:Docker,让我们加密。主要域具有Lets Geent的证书。运行带有标签的Docker容器时,没有生成证书。
docker版本= 17.10,traefik版本= traefik:1.5
这是我的traefik.toml配置:
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "email@example.com"
storage = "acme.json"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
exposedbydefault = false
这是我正在使用的标签:
"traefik.backend": "test",
"traefik.docker.network": "proxy",
"traefik.enable": "true",
"traefik.frontend.rule": "Host:test.example.com",
"traefik.port": "8000"
example.com上的证书是:
Issued to: example.com
Issued by: Lets Encrypt Authority X3
和test.example.com上的证书是:
Issued to: TRAEFIK DEFAULT CERT
Issued by: TRAEFIK DEFAULT CERT
有人知道我做错了什么吗?
这是我让它起作用的唯一方法:通过指定这样的acme.domains
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = false
[entrypoints.traefik]
address=":8080"
[api]
dashboard = true
entryPoint = "traefik"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "email@example.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "domain1.com"
sans = ["www.domain1.com","other.domain1.com"]
[[acme.domains]]
main = "domain2.com"
sans = ["www.domain2.com","other.domain2.com"]