raggnor
(raggnor_)
22 Wrzesień 2022 10:48
#1
Walcze z tym od ponad miesiąca i nadal nic. Zwracam sie o pomoc do was!
portainer.yml
version: '3.7'
services:
proxy:
image: "traefik:latest"
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/timezone:/etc/timezone:ro"
- "/etc/localtime:/etc/localtime:ro"
- "/etc/traefik:/etc/traefik"
deploy:
placement:
constraints: [node.role == manager]
agent:
image: portainer/agent:latest
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
app:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=(Host(`example.com`) && PathPrefix(`/admin/portainer/`))"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.example.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:
traefik.toml
################################################################
# Global configuration
################################################################
[global]
checkNewVersion = true
sendAnonymousUsage = false
[log]
filePath = "/etc/traefik/logs/traefik.log"
level = "DEBUG"
################################################################
# Entrypoints configuration
################################################################
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.letsencrypt.acme]
email = "my-domain@example.com"
storage = "/etc/letsencrypt/acme.json"
[certificatesResolvers.letsencrypt.acme.httpChallenge]
entryPoint = "web"
################################################################
# Docker configuration backend
################################################################
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
swarmMode = true
network = "public"
exposedByDefault = false
watch = true
[providers.file]
directory = "/etc/traefik"
hindus
(hindus)
23 Wrzesień 2022 10:28
#4
No to pobierz certyfikat i dodaj go sobie do zaufanych bo zapewne jest tzw. self-signed bez możliwości zweryfikowania go przez CA.
raggnor
(raggnor_)
23 Wrzesień 2022 10:33
#5
Nie rozumiem jak mam to zrobic. Powinno byc to automatycznie.
Dodam jeszcze ze jest to docker swarm na serwerach cloud ionos
Bradlee
(Bradlee)
23 Wrzesień 2022 11:01
#6
Przeglądarka dostaje domyślny certyfikat od traefika, utworzony w celach deweloperskich
Z jakiegoś powodu nie jest to certyfikat Let’s Encrypt. Przeszukaj logi traefika i zobacz czy nie ma tam czegoś związanego Let’s Encrypt
Tutaj SSL with Traefik and Let's Encrypt Tutorial piszą, że:
Note that per the Traefik documentation, you must specify that a service requires the certificate resolver – it doesn’t automatically get used.
Jednym słowem certyfikat nie zostanie użyty do czasu aż nie wskażesz na niego (sekcja ‘whoami’ we wklejonym powyżej linku. Nie widzę jej w twoim konfigu. Przerób sobie tylko notację, na tą której używasz)
raggnor
(raggnor_)
23 Wrzesień 2022 11:11
#7
Bradlee
(Bradlee)
23 Wrzesień 2022 11:24
#9
Niestety nie mam tyle czasu, żeby Ci to rozpracować. Używam treaefika do celów deweloperskich więc nie generowałem certyfikatu. Może ktoś inny? Podążaj za wklejonym przeze mnie tutorialem. Na deweloperce mam traefika i tam są dwa kontenery. Tj traefik
oraz whoami
. Sprawdź czy ten drugi masz uruchomiony.
No a za tym wszystkim solidny stoi kawał wiedzy.
raggnor
(raggnor_)
25 Wrzesień 2022 13:09
#10
Kolejna sciana: 404 page not found
time="2022-09-25T15:07:09+02:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-09-25T15:07:09+02:00" level=debug msg="Adding route for snobby.dev with TLS options default" entryPointName=web
time="2022-09-25T15:07:09+02:00" level=debug msg="Adding route for edge.snobby.dev with TLS options default" entryPointName=web
time="2022-09-25T15:07:09+02:00" level=debug msg="Try to challenge certificate for domain [snobby.dev] found in HostSNI rule" providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=portainer@docker rule="(Host(`snobby.dev`) && PathPrefix(`/admin/portainer/`))"
time="2022-09-25T15:07:09+02:00" level=debug msg="Try to challenge certificate for domain [edge.snobby.dev] found in HostSNI rule" routerName=edge@docker rule="Host(`edge.snobby.dev`)" providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2022-09-25T15:07:09+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"edge.snobby.dev\"]..." providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=edge@docker rule="Host(`edge.snobby.dev`)"
time="2022-09-25T15:07:09+02:00" level=debug msg="No ACME certificate generation required for domains [\"edge.snobby.dev\"]." providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=edge@docker rule="Host(`edge.snobby.dev`)"
time="2022-09-25T15:07:09+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"snobby.dev\"]..." routerName=portainer@docker rule="(Host(`snobby.dev`) && PathPrefix(`/admin/portainer/`))" providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2022-09-25T15:07:09+02:00" level=debug msg="No ACME certificate generation required for domains [\"snobby.dev\"]." providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=portainer@docker rule="(Host(`snobby.dev`) && PathPrefix(`/admin/portainer/`))"
time="2022-09-25T15:07:21+02:00" level=debug msg="Serving default certificate for request: \"\""
time="2022-09-25T15:40:14+02:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-09-25T15:40:14+02:00" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2022-09-25T15:40:14+02:00" level=debug msg="Adding certificate for domain(s) snobby.dev"
time="2022-09-25T15:40:14+02:00" level=debug msg="Adding certificate for domain(s) edge.snobby.dev"
time="2022-09-25T15:40:14+02:00" level=debug msg="Added outgoing tracing middleware noop@internal" middlewareType=TracingForwarder entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing
time="2022-09-25T15:40:14+02:00" level=debug msg="Creating middleware" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web
time="2022-09-25T15:40:14+02:00" level=debug msg="Setting up redirection to https 443" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
time="2022-09-25T15:40:14+02:00" level=debug msg="Adding tracing to middleware" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal entryPointName=web
time="2022-09-25T15:40:14+02:00" level=debug msg="Added outgoing tracing middleware acme-http@internal" middlewareType=TracingForwarder middlewareName=tracing entryPointName=web routerName=acme-http@internal
time="2022-09-25T15:40:14+02:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
Krok po kroku kiedys to ruszy
maciej1993
(maciej1993)
30 Wrzesień 2022 13:01
#11
A jak dodałeś ten certyfikat w mianowicie konkretnie krok po kroku jak to zrobiłeś?
Charav
(Charav)
16 Październik 2022 16:19
#12
U mnie niby dodaje a jednak nie dodaje bo plik acme.json jest pusty.
time="2022-10-16T11:46:46Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
time="2022-10-16T11:46:46Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2022-10-16T11:46:46Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"acme-http\":{\"entryPoints\":[\"web\"],\"service\":\"acme-http@internal\",\"rule\":\"PathPrefix(`/.well-known/acme-challenge/`)\",\"priority\":2147483647}},\"services\":{\"acme-http\":{},\"noop\":{}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2022-10-16T11:46:46Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=letsencrypt.acme
time="2022-10-16T11:46:46Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2022-10-16T11:46:46Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=acme-http@internal
time="2022-10-16T11:46:46Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
time="2022-10-16T11:46:46Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2022-10-16T11:46:46Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" entryPointName=web routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder
time="2022-10-16T11:46:46Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
Nie mam pojęcia o co chodzi.