Last active
October 15, 2024 13:55
-
-
Save pyrou/4f555cd55677331c742742ee6007a73a to your computer and use it in GitHub Desktop.
Use https://traefik.me SSL certificates for local HTTPS without having to touch your /etc/hosts or your certificate CA.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| traefik: | |
| restart: unless-stopped | |
| image: traefik:v2.0.2 | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| labels: | |
| - "traefik.http.services.traefik.loadbalancer.server.port=8080" | |
| volumes: | |
| - ./traefik.yml:/etc/traefik/traefik.yml | |
| - ./tls.yml:/etc/traefik/tls.yml | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| - certs:/etc/ssl/traefik | |
| app1: | |
| image: containous/whoami | |
| labels: | |
| - "traefik.http.routers.app1.rule=Host(`app1.traefik.me`)" | |
| - "traefik.http.routers.app1-tls.tls.domains[0].main=app1.traefik.me" | |
| - "traefik.http.routers.app1-tls.tls.domains[0].sans=app1-*.traefik.me" | |
| app2: | |
| image: containous/whoami | |
| labels: | |
| - "traefik.http.routers.app2.rule=Host(`app2.traefik.me`)" | |
| - "traefik.http.routers.app2-tls.tls.domains[0].main=app2.traefik.me" | |
| - "traefik.http.routers.app2-tls.tls.domains[0].sans=app2-*.traefik.me" | |
| reverse-proxy-https-helper: | |
| image: alpine | |
| command: sh -c "cd /etc/ssl/traefik | |
| && wget traefik.me/cert.pem -O cert.pem | |
| && wget traefik.me/privkey.pem -O privkey.pem" | |
| volumes: | |
| - certs:/etc/ssl/traefik | |
| volumes: | |
| certs: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| tls: | |
| stores: | |
| default: | |
| defaultCertificate: | |
| certFile: /etc/ssl/traefik/cert.pem | |
| keyFile: /etc/ssl/traefik/privkey.pem | |
| certificates: | |
| - certFile: /etc/ssl/traefik/cert.pem | |
| keyFile: /etc/ssl/traefik/privkey.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| logLevel: INFO | |
| api: | |
| insecure: true | |
| dashboard: true | |
| entryPoints: | |
| http: | |
| address: ":80" | |
| https: | |
| address: ":443" | |
| providers: | |
| file: | |
| filename: /etc/traefik/tls.yml | |
| docker: | |
| endpoint: unix:///var/run/docker.sock | |
| watch: true | |
| exposedByDefault: true | |
| defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)" |
Anyone had Traefik 3.0 version of config files ?
it is working now with 3.0-RC3
Very convenient! It works perfectly !
I just have a problem with CURL inside a php container.
in app1 curl to app2
=> SSL certificate problem: unable to get local issuer certificate
adding curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
works but I would like to avoid having to modify the code inside my app.
I tried a lot of things without success. My knowledge of security certificates is poor...
Any ideas ?
Very convenient! It works perfectly !
I just have a problem with CURL inside a php container.
in app1 curl to app2 => SSL certificate problem: unable to get local issuer certificate
adding
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);works but I would like to avoid having to modify the code inside my app.I tried a lot of things without success. My knowledge of security certificates is poor... Any ideas ?
@scaudace download the fullchain.pem and use it as the certFile instead of the cert.pem
reverse-proxy-https-helper:
image: alpine
command: sh -c "cd /etc/ssl/traefik
&& wget traefik.me/fullchain.pem -O cert.pem
&& wget traefik.me/privkey.pem -O privkey.pem"
volumes:
- certs:/etc/ssl/traefik
For traefik v3.1.2:
- defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"
+ defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}-.+.traefik.me`) || HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`)"
I was using `defaultRule: 'HostRegexp(`{{ index .Labels
"com.docker.compose.service"}}.traefik.me`,`{{ index .Labels
"com.docker.compose.service"}}-{dashed-ip:.*}.traefik.me`)'`
seams working.
…On Sat, Aug 10, 2024 at 1:58 PM Jizu Sun ***@***.***> wrote:
***@***.**** commented on this gist.
------------------------------
For traefik v3.1.2:
- defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"+ defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}-.+.traefik.me`) || HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`)"
—
Reply to this email directly, view it on GitHub
<https://gist.github.com/pyrou/4f555cd55677331c742742ee6007a73a#gistcomment-5150298>
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEZJ33Q4JWND7NR5TIUC23ZQZ5INBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA4TSNZVHAZTKNVHORZGSZ3HMVZKMY3SMVQXIZI>
.
You are receiving this email because you commented on the thread.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>
.
--
Thanks,
Sumanth
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Anyone had Traefik 3.0 version of config files ?