search

containous / traefik-library-image

ARCHIVED
https://github.com/traefik/traefik-library-image
Apache License 2.0
218 stars 60 forks source link

Traefik serves default cert when restarting the container #72

Closed muuvmuuv closed 4 years ago

muuvmuuv commented 4 years ago

When I manually restart the container with docker restart traefik-cont-name and go to my webpage again it is now served with Traefik's default certificate. How can I prevent this?

I made sure everything is correctly placed in the container through docker exec -it src-api-traefik /bin/ash and looked into every file. All seems fine.

/etc/traefik/traefik.yaml:

#
# Providers
#

providers:
  docker:
    exposedByDefault: false
    network: public
    watch: true
  file:
    filename: "/etc/traefik/dynamic-conf.yaml"
    watch: true

#
# Entrypoints
#

entryPoints:
  web:
    address: ":80"
  web-secure:
    address: ":443"

#
# Traefik API
#
api:
  insecure: true
  dashboard: true

#
# Logs
#
log:
  filePath: "/var/log/traefik/traefik.log"

accessLog:
  filePath: "/var/log/traefik/access.log"

Modified version of /etc/traefik/dynamic_conf.yaml:

http:
  routers:
    srv-router-http:
      entryPoints:
        - web
      middlewares:
        - redirect_https
      rule: "Host(`hostname.lcl`)"
      service: src-chat

    srv-router-https:
      entryPoints:
        - web-secure
      middlewares:
        - srv_headers
      rule: "Host(`hostname.lcl`)"
      service: srv-chat
      tls: {}

  middlewares:
    redirect_https:
      redirectScheme:
        scheme: https
    srv_headers:
      headers:
        accessControlAllowOrigin:
          - https://localhost:8100

  services:
    srv-chat:
      loadBalancer:
        servers:
          - url: http://docker-network-alias:port
        healthCheck:
          path: /health
          interval: "10s"
          timeout: "3s"

tls:
  options:
    default:
      sniStrict: true
      minVersion: VersionTLS12
  stores:
    default:
      defaultCertificate:
        certFile: /etc/certs/server.crt
        keyFile: /etc/certs/server.key
  certificates:
    - certFile: /etc/certs/server.crt
      keyFile: /etc/certs/server.key

Dockerfile:

FROM traefik:latest

COPY ./config/ /etc/traefik/
COPY ./certs/ /etc/certs/

Modified version of docker-compose.yml:

version: "3.7"

#
# [ services ]
#
services:
  traefik:
    image: "srv-api:traefik"
    build:
      context: ./docker/traefik
    container_name: srv-api-traefik
    volumes:
      - type: bind
        source: ./docker/traefik/config
        target: /etc/traefik/
      - type: bind
        source: ./docker/traefik/certs
        target: /etc/certs
      - type: bind
        read_only: true
        source: /var/run/docker.sock
        target: /var/run/docker.sock
      - type: bind
        consistency: consistent
        source: ./logs/traefik
        target: /var/log/traefik
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    networks:
      private:
      public:
        aliases:
          - traefik

#
# [ networks ]
#
networks:
  public:
    driver: bridge
  private:
    driver: bridge
ldez commented 4 years ago

Hello,

It's not the good place for this issue.

KristupasSavickas commented 4 years ago

@muuvmuuv did you manage to solve this?

muuvmuuv commented 4 years ago

Have not looked at it again. Will create a new one on traefik directly next time i see this