我在 traefik v1 docker 容器后面运行一个 gitlab-ee docker 容器。我的 gitlab 应该gitlab.dev.example.com:65443在我的路由器内的服务器上的端口 65443 被转发到 443 的域上运行(我的 443 和 80 端口上运行了其他东西)。我的 traefik 仪表板正在运行traefik.dev.example.com:65443/dashboard/
现在,当我想使用 traefik 获取让我们加密的证书时,它会尝试为域获取它gitlab.dev.example.com并失败并显示“无法获取域的 ACME 证书“gitlab.dev.example.com”[...]”
如果我访问https://gitlab.dev.example.com:65443它会打开我的 gitlab 容器,但会显示“Traefik 默认证书”。我无法从这些 gitlab 存储库中推送或拉取,因为 SSL 证书是自签名的,因此我想获得一个让我们加密的证书。
我显然用“example.com”替换了实际域
我的 traefik.toml:
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https", "http"]
[web]
address = ":80"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "traefik.dev.example.com" //swapped the url out
watch = true
exposedByDefault = false
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable retry sending a request if the network error
[retry]
# Let's encrypt configuration
[acme]
email="e@mail.com" //swapped the email out
storage="acme.json"
entryPoint="https"
acmeLogging=true
OnHostRule=true
[acme.httpChallenge]
entryPoint = "http"
现在到我的 docker-compose 文件。我为每个容器有一个单独的 docker-compose.yml 我的 docker-compose.yml 用于 traefik 容器:
version: "3.2"
services:
reverse-proxy:
image: traefik:alpine
command: --api --docker --logLevel=error
restart: unless-stopped
container_name: docker-traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/etc/traefik/traefik.toml
- ./acme.json:/acme.json
environment:
- "TZ=Europe/Berlin"
networks:
- traefik_proxy
- default
ports:
- "443:443"
- "80:80"
logging:
driver: "json-file"
options:
max-file: "3"
max-size: "5m"
labels:
- traefik.backend=traefik-proxy
- traefik.frontend.rule=Host:traefik.dev.loropserver.de
- traefik.docker.network=traefik_proxy
- traefik.port=8080
- traefik.enable=true
- traefik.frontend.auth.basic=lorop:$$apr1$$dHnqprRX$$DjIWIaE97EnMoxwu6o/14.
networks:
traefik_proxy:
external:
name: traefik_proxy
# default:
# driver: bridge
我的 docker-compose.yml 用于 gitlab 容器:
version: '3.5'
services:
gitlab:
image: 'gitlab/gitlab-ee:latest'
container_name: gitlab
restart: unless-stopped
hostname: 'gitlab.dev.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.dev.example.com';
//some more configs
ports:
- '22:22'
- '5005:5005'
volumes:
- './volumes/gitlab/config:/etc/gitlab'
- './volumes/gitlab/logs:/var/log/gitlab'
- './volumes/gitlab/data:/var/opt/gitlab'
- /etc/localtime:/etc/localtime:ro
- './certs:/etc/gitlab/trusted-certs'
networks:
- traefik_proxy
labels:
- 'traefik.enable=true'
- 'traefik.port=65443'
- 'traefik.docker.network=traefik_proxy'
- 'traefik.backend=gitlab'
- 'traefik.frontend.rule=Host:gitlab.dev.example.com'
- 'traefik.http.routers.entrypoints=websecure'
networks:
traefik_proxy:
external: true