具有 docker-compose 配置 TLS 的 Traefik 2.2
Traefik 2.2 with docker-compose configuration TLS
我一直在努力寻找关于如何使用 Traefik 在网站上启用 SSL 的简单概述。虽然所有示例都是针对 .toml 文件的,但我想使用我的 docker-compose 文件对其进行配置。
我在 Traefik 文档中找到的唯一示例是:https://docs.traefik.io/reference/dynamic-configuration/docker/
如何将以下配置转换为 docker-compose 设置?
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
您应该将标签添加到您的 yml 文件中:
services:
your-traefix-srv:
build:
labels:
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=/path/to/domain.cert"
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=/path/to/domain.key"
此外,如果需要,请添加:
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
最后,应该以某种方式添加文件 /path/to/domain.cert 和 /path/to/domain.key,在 Dockerfile 和 dockerbuilt 时间,以及将它们安装为绑定卷。
实际上,你不能这样做。仅通过文件提供程序支持证书定义。引用自文档:
In the above example, we've used the file provider to handle these
definitions. It is the only available method to configure the
certificates (as well as the options and the stores). However, in
Kubernetes, the certificates can and must be provided by secrets.
我一直在努力寻找关于如何使用 Traefik 在网站上启用 SSL 的简单概述。虽然所有示例都是针对 .toml 文件的,但我想使用我的 docker-compose 文件对其进行配置。
我在 Traefik 文档中找到的唯一示例是:https://docs.traefik.io/reference/dynamic-configuration/docker/
如何将以下配置转换为 docker-compose 设置?
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
您应该将标签添加到您的 yml 文件中:
services:
your-traefix-srv:
build:
labels:
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=/path/to/domain.cert"
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=/path/to/domain.key"
此外,如果需要,请添加:
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
最后,应该以某种方式添加文件 /path/to/domain.cert 和 /path/to/domain.key,在 Dockerfile 和 dockerbuilt 时间,以及将它们安装为绑定卷。
实际上,你不能这样做。仅通过文件提供程序支持证书定义。引用自文档:
In the above example, we've used the file provider to handle these definitions. It is the only available method to configure the certificates (as well as the options and the stores). However, in Kubernetes, the certificates can and must be provided by secrets.