web-dev-qa-db-ja.com

自己署名証明書を使用するためのTraefik v2.0の問題

Localhostで自己署名証明書を使用するようにtraefikでdockerをセットアップしようとしています

私は自分のローカルマシンで開発しています。Dockerとtraefikを使用したいと考えています。私が抱えている問題は、セットアップで動作する自己署名証明書を取得できないことです。私を正しい方向に向けてくれる人が必要です!

ブラウザに表示される証明書は常にTRAEFIK DEFAULT CERTであるか、ドメインに入るときにget 404ページが見つかりません

私のdocker-compose.yaml

version: "3.7"

services:
    mariadb:
        image: wodby/mariadb:$MARIADB_TAG
        container_name: "${PROJECT_NAME}_mariadb"
        stop_grace_period: 30s
        environment:
            MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
            MYSQL_DATABASE: $DB_NAME
            MYSQL_USER: $DB_USER
            MYSQL_PASSWORD: $DB_PASSWORD
        ports:
            - 3306:3306
        volumes:
            #      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
            - mysql:/var/lib/mysql # I want to manage volumes manually.

    php:
        image: wodby/wordpress-php:$PHP_TAG
        container_name: "${PROJECT_NAME}_php"
        environment:
            PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
            DB_Host: $DB_Host
            DB_USER: $DB_USER
            DB_PASSWORD: $DB_PASSWORD
            DB_NAME: $DB_NAME
            PHP_FPM_USER: wodby
            PHP_FPM_GROUP: wodby
        ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
        #      PHP_XDEBUG: 1
        #      PHP_XDEBUG_DEFAULT_ENABLE: 1
        #      PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
        #      PHP_IDE_CONFIG: serverName=my-ide
        #      PHP_XDEBUG_IDEKEY: "my-ide"
        #      PHP_XDEBUG_REMOTE_Host: 172.17.0.1 # Linux
        #      PHP_XDEBUG_REMOTE_Host: 10.254.254.254 # macOS
        #      PHP_XDEBUG_REMOTE_Host: 10.0.75.1 # Windows
        volumes:
            #        - ./app:/var/www/html
            ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
    #      - docker-sync:/var/www/html # Docker-sync
    ## For XHProf and Xdebug profiler traces
    #      - files:/mnt/files

    nginx:
        image: wodby/nginx:$NGINX_TAG
        container_name: "${PROJECT_NAME}_nginx"
        depends_on:
            - php
        environment:
            NGINX_STATIC_OPEN_FILE_CACHE: "off"
            NGINX_ERROR_LOG_LEVEL: debug
            NGINX_BACKEND_Host: php
            NGINX_VHOST_PRESET: wordpress
            #NGINX_SERVER_ROOT: /var/www/html/subdir
        volumes:
            #    - ./app:/var/www/html
            # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
        #      - docker-sync:/var/www/html # Docker-sync
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_nginx.tls=true"
            # - "traefik.http.routers.${PROJECT_NAME}_nginx.tls.certResolver=${PROJECT_BASE_URL}"

    mailhog:
        image: mailhog/mailhog
        container_name: "${PROJECT_NAME}_mailhog"
        labels:
            - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
            -"traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

    portainer:
        image: portainer/portainer
        container_name: "${PROJECT_NAME}_portainer"
        command: --no-auth -H unix:///var/run/docker.sock
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"

    traefik:
        image: traefik:v2.0
        container_name: "${PROJECT_NAME}_traefik"
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080" # Dashboard
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik:/etc/traefik
            - ./certs:/certs
volumes:
    mysql:
## Docker-sync for macOS users
#  docker-sync:
#    external: true
## For Xdebug profiler
#  files:

私のtraefik.yml

providers:
    file:
        filename: "/etc/traefik/config.yml"
    docker:
        endpoint: "unix:///var/run/docker.sock"

api:
    insecure: true

entryPoints:
    web:
        address: ":80"

    web-secure:
        address: ":443"

そして私のconfig.yml(tlsの構成が別のファイルにある必要があることを理解しています!)

tls:
    certificates:
        - certFile: /certs/domain.test.crt
        - certKey: /certs/domain.test.key

4
Daniel Glans

私はそれを解決しました。私の最終的なdocker-compose.ymlは次のようになります

@fffniteに感謝

version: "3.7"

services:
    mariadb:
        image: wodby/mariadb:$MARIADB_TAG
        container_name: "${PROJECT_NAME}_mariadb"
        stop_grace_period: 30s
        environment:
            MYSQL_ROOT_PASSWORD: $DB_ROOT_PASSWORD
            MYSQL_DATABASE: $DB_NAME
            MYSQL_USER: $DB_USER
            MYSQL_PASSWORD: $DB_PASSWORD
        ports:
            - 3306:3306
        volumes:
            #      - ./mariadb-init:/docker-entrypoint-initdb.d # Place init .sql file(s) here.
            - mysql:/var/lib/mysql # I want to manage volumes manually.

    php:
        image: wodby/wordpress-php:$PHP_TAG
        container_name: "${PROJECT_NAME}_php"
        environment:
            PHP_SENDMAIL_PATH: /usr/sbin/sendmail -t -i -S mailhog:1025
            DB_Host: $DB_Host
            DB_USER: $DB_USER
            DB_PASSWORD: $DB_PASSWORD
            DB_NAME: $DB_NAME
            PHP_FPM_USER: wodby
            PHP_FPM_GROUP: wodby
        ## Read instructions at https://wodby.com/docs/stacks/wordpress/local#xdebug
        #      PHP_XDEBUG: 1
        #      PHP_XDEBUG_DEFAULT_ENABLE: 1
        #      PHP_XDEBUG_REMOTE_CONNECT_BACK: 0
        #      PHP_IDE_CONFIG: serverName=my-ide
        #      PHP_XDEBUG_IDEKEY: "my-ide"
        #      PHP_XDEBUG_REMOTE_Host: 172.17.0.1 # Linux
        #      PHP_XDEBUG_REMOTE_Host: 10.254.254.254 # macOS
        #      PHP_XDEBUG_REMOTE_Host: 10.0.75.1 # Windows
        volumes:
            #        - ./app:/var/www/html
            ## For macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
    #      - docker-sync:/var/www/html # Docker-sync
    ## For XHProf and Xdebug profiler traces
    #      - files:/mnt/files

    nginx:
        image: wodby/nginx:$NGINX_TAG
        container_name: "${PROJECT_NAME}_nginx"
        depends_on:
            - php
        environment:
            NGINX_STATIC_OPEN_FILE_CACHE: "off"
            NGINX_ERROR_LOG_LEVEL: debug
            NGINX_BACKEND_Host: php
            NGINX_VHOST_PRESET: wordpress
            #NGINX_SERVER_ROOT: /var/www/html/subdir
        volumes:
            #    - ./app:/var/www/html
            # Options for macOS users (https://wodby.com/docs/stacks/wordpress/local#docker-for-mac)
            - ./app:/var/www/html:cached # User-guided caching
        #      - docker-sync:/var/www/html # Docker-sync
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_nginx.entrypoints=web"
            - "traefik.http.middlewares.${PROJECT_NAME}_https_nginx.redirectscheme.scheme=https"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.rule=Host(`${PROJECT_BASE_URL}`)"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.entrypoints=web-secure"
            - "traefik.http.routers.${PROJECT_NAME}_https_nginx.tls=true"

    mailhog:
        image: mailhog/mailhog
        container_name: "${PROJECT_NAME}_mailhog"
        labels:
            - "traefik.http.services.${PROJECT_NAME}_mailhog.loadbalancer.server.port=8025"
            - "traefik.http.routers.${PROJECT_NAME}_mailhog.rule=Host(`mailhog.${PROJECT_BASE_URL}`)"

    portainer:
        image: portainer/portainer
        container_name: "${PROJECT_NAME}_portainer"
        command: --no-auth -H unix:///var/run/docker.sock
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
        labels:
            - "traefik.http.routers.${PROJECT_NAME}_portainer.rule=Host(`portainer.${PROJECT_BASE_URL}`)"

    traefik:
        image: traefik:v2.0
        container_name: "${PROJECT_NAME}_traefik"
        ports:
            - "80:80"
            - "443:443"
            - "8080:8080" # Dashboard
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik:/etc/traefik
            - ./certs:/certs
volumes:
    mysql:
## Docker-sync for macOS users
#  docker-sync:
#    external: true
## For Xdebug profiler
#  files:

1
Daniel Glans

私は今これと少し戦っていますが、それを機能させる組み合わせを見つけたようです、注意してくださいnot別のファイルにTLS構成を含める必要があります。

[provider]
  [provider.file]
    # This file
    filename = "/etc/traefik/traefik.toml"

[tls.stores.default.defaultCertificate]
  certFile = "/certs/mycert.crt"
  keyFile = "/certs/mycert.key"  
1
fffnite