Closed hvandenborn closed 3 years ago
The Setup-TraefikContainerForNavContainers was actually added by @tfenster and it was primarily intended to work with AzureVMs and letsencrypt certificates (which is what you see). I am not too familiar with the function, but it does have a parameter called -traefikToml, where you can specify your own .toml template.
The default template looks like this:
debug = false
defaultEntryPoints = ["https","http"]
[api]
# Check https://docs.traefik.io/v1.7/configuration/api/#security
# to enable authentication on the dashboard for extra security
[docker]
domain = "$PublicDnsName"
watch = true
endpoint = "npipe:////./pipe/docker_engine"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
minVersion = "VersionTLS12"
[acme]
email = "$ContactEMailForLetsEncrypt"
storage = "c:/etc/traefik/acme.json"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "$PublicDnsName"
[file]
[backends]
[backends.host]
[backends.host.servers.server1]
url = "http://${IP}:8180"
[frontends]
[frontends.host]
backend = "host"
[frontends.host.routes.route1]
rule = "PathPrefix:/"
if you save this to a file (my.toml), modify it as you need and add -traefiktoml c:....\my.toml to the Setup-TraefikContainerForNavContainers call, then it should use your new toml template.
Looking at the code though - it looks like it should support an own certificate, maybe @tfenster can shed some light on that?
I created a branch with what I think is a fix for this: https://github.com/microsoft/navcontainerhelper/tree/Issue1793 I am not certain that the fix works - I am a bit on thin ice here:-)
You could try to download the code from that - and run BcContainerHelper.ps1 in the root folder - that makes you use the BcContainerHelper from that folder in that session.
Cool, ill test it on monday👍
Yes, it works, Thanks!
i stopped my traefik container and removed it,
i run Setup-TraefikContainerForBcContainers with recreate and my certificates: Setup-TraefikContainerForBcContainers -PublicDnsName $PublicDNS -CrtFile $CrtFile -CrtKeyFile $CrtKeyFile -Recreate
and it uses my certificates, great!
Shipped in 2.0.9
Freddy,
I setup Traefik with this "Setup-TraefikContainerForNavContainers" command, Then Started a container with traefik and that worked, Only. if i access the URL in our domain, you get the message that the HTTPS is not OK, hackers are stealing your passwords etc etc. So i try to use our Wildcard certificate of our domain to make this work. this server is only accessible on our internal domain,
but if i call Setup-TraefikContainerForNavContainers: Setup-TraefikContainerForBcContainers -PublicDnsName $PublicDNS -CrtFile $CrtFile -CrtKeyFile $CrtKeyFile [-Recreate] it will copy the certificates to And recreate the traefik container, then i make a new BCcontainer Still the certificate is not used,
now if i check the article https://www.axians-infoma.de/techblog/traefik-support-for-navcontainerhelper-the-nav-arm-templates-for-azure-vms-and-local-environments/ It points out that traefik.toml needs to be eddited with: is this something the Setup-TraefikContainerForNavContainers forgets? because its not in my traefik.toml It would be very nice if this part of the setup is also done, or if there is a switch or something to do this automaticly for using your own Certificate.
the only way i can make it work with my certificate is like https://www.axians-infoma.de/techblog/traefik-support-for-navcontainerhelper-the-nav-arm-templates-for-azure-vms-and-local-environments/ says, change the certificate filenames from certificate to traefik and add the TLS section and remove the [acme] section including [[acme.domains]] then it works.
I also tried NOT to change te certificate filenames but changed the reference path in the TLS setion of traefik.toml from traefik.crt and .key to certificate.crt and .key, but that does not work.
My traefik.toml after generation
---My traefik.toml after altering it for using my own certificate---
and my C:\ProgramData\BcContainerHelper\traefikforbc\config folder after changing it:
Can this be buildin? of fixed to work with a certificate that i give this function to setup with?
-- Creation of new-bccontainer --