提问人:Dimox 提问时间:7/24/2023 更新时间:8/3/2023 访问量:179
Traefik 仅对 1 个容器禁用 tls
Traefik Disable tls for only 1 container
问:
早上好 我正在设置一个堡垒容器,这是我的 compose docker 文件:
traefik:
restart: always
image: traefik
container_name: traefik
hostname: traefik
command:
- --log.level=info
- --api.insecure=true
- --providers.docker
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web-secure.address=:443
- --entryPoints.smtp.address=:25
- --entryPoints.smtp-ssl.address=:465
- --entryPoints.imap-ssl.address=:993
- --entryPoints.sieve.address=:4190
- --entryPoints.ssh-proxy.address=:8022
- --metrics.prometheus=true
- --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
- --providers.docker.watch
- --certificatesresolvers.myresolver.acme.httpchallenge=true
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.myresolver.acme.email=mail@mail
- --certificatesresolvers.myresolver.acme.storage=/certs/acme.json
ports:
- 80:80
- 443:443
- 8080:8080
- 25:25
- 465:465
- 993:993
- 4190:4190
- 8022:8022
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/log/traefik:/var/log
- ./traefik/certs:/certs
networks:
- backend
- frontend
labels:
- traefik.http.middlewares.traefik-redirect-web-secure.redirectscheme.scheme=https
[...]
trasa_app:
image: seknox/trasa:v1.1.4
container_name: trasa_app
restart: always
labels:
- traefik.enable=true
- traefik.http.middlewares.bastion-redirect-web-secure.redirectscheme.scheme=https
- traefik.http.routers.bastion-web.middlewares=bastion-redirect-web-secure
- traefik.http.routers.bastion-web.rule=Host(`bastion.${DOMAINNAME}`)
- traefik.http.routers.bastion-web.entrypoints=web
- traefik.http.routers.bastion-web-secure.rule=Host(`bastion.${DOMAINNAME}`)
#- traefik.http.routers.bastion-web-secure.tls.certresolver=myresolver
- traefik.http.routers.bastion-web-secure.tls=false
- traefik.http.routers.bastion-web-secure.entrypoints=web-secure
- traefik.tcp.routers.ssh-proxy.rule=HostSNI(`*`)
- traefik.tcp.routers.ssh-proxy.entrypoints=ssh-proxy
- traefik.tcp.routers.ssh-proxy.service=ssh-proxy
- traefik.tcp.services.ssh-proxy.loadbalancer.server.port=8022
environment:
- TRASA.LISTENADDR=bastion.${DOMAINNAME}
- TRASA.AUTOCERT=true
- DATABASE.SERVER=pgdb
- REDIS.SERVER=redis:6379
- PROXY.GUACDADDR=guacd:4822
volumes:
- /tmp/trasa/accessproxy/guac:/tmp/trasa/accessproxy/guac
links:
- pgdb:pgdb
- redis:redis
- guacd:guacd
networks:
- frontend
- backend
这是我的问题: 当 traefik 管理trasa_app的容器证书时:我收到错误“设置 TCP 连接截止时间时出错:设置 tcp {ip}:使用封闭的网络连接”
所以我想做的是禁用从 trafik 容器获取证书,以便trasa_app容器管理自己的证书。
所以我添加了标签,但是当我访问 bastion.domainname 时:证书是“TRAEFIK DEFAULT CERT”
(https://i.stack.imgur.com/9GVKi.pngtraefik.http.routers.bastion-web-secure.tls=false)
我怎样才能使 traefik 不管理 trasa 证书?
提前非常感谢你,
迪莫克斯
当 traefik 管理证书时,trasa 容器没有密钥,因此出现错误... 当 trasa 容器管理证书时,traefik 容器返回默认证书,而不是 trasa 证书...
答:
0赞
Rob Hefty
8/3/2023
#1
您可以通过定义 TLSStore 来定义 Traefik 将用作默认证书的内容,如下所示。
评论