Witam mam problem przy implementacji docker oraz traefik.
time="2022-10-16T11:38:16Z" level=debug msg="http: TLS handshake error from 10.0.0.2:53581: remote error: tls: unknown certificate"
time="2022-10-16T11:38:16Z" level=debug msg="http: TLS handshake error from 10.0.0.2:53580: remote error: tls: unknown certificate"
time="2022-10-16T11:38:16Z" level=debug msg="Serving default certificate for request: \"example.com\""
time="2022-10-16T11:38:16Z" level=debug msg="Serving default certificate for request: \"example.com\""
time="2022-10-16T11:38:16Z" level=debug msg="http: TLS handshake error from 10.0.0.2:53582: remote error: tls: unknown certificate"
time="2022-10-16T11:38:16Z" level=debug msg="http: TLS handshake error from 10.0.0.2:53583: remote error: tls: unknown certificate"
time="2022-10-16T11:44:32Z" level=debug msg="Serving default certificate for request: \"example.com\""
time="2022-10-16T11:44:32Z" level=debug msg="Serving default certificate for request: \"example.com\""
time="2022-10-16T11:44:32Z" level=debug msg="http: TLS handshake error from 10.0.0.2:53992: remote error: tls: unknown certificate"
time="2022-10-16T11:44:32Z" level=debug msg="http: TLS handshake error from 10.0.0.2:53993: remote error: tls: unknown certificate"
Plik acme.json jest ciagle pusty.
time="2022-10-16T11:46:46Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
time="2022-10-16T11:46:46Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2022-10-16T11:46:46Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"acme-http\":{\"entryPoints\":[\"web\"],\"service\":\"acme-http@internal\",\"rule\":\"PathPrefix(`/.well-known/acme-challenge/`)\",\"priority\":2147483647}},\"services\":{\"acme-http\":{},\"noop\":{}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2022-10-16T11:46:46Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=letsencrypt.acme
time="2022-10-16T11:46:46Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2022-10-16T11:46:46Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=acme-http@internal
time="2022-10-16T11:46:46Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=web middlewareName=traefik-internal-recovery
time="2022-10-16T11:46:46Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2022-10-16T11:46:46Z" level=debug msg="Added outgoing tracing middleware acme-http@internal" entryPointName=web routerName=acme-http@internal middlewareName=tracing middlewareType=TracingForwarder
time="2022-10-16T11:46:46Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
Plik portainer.yml
version: '3.5'
services:
proxy:
image: "traefik:latest"
ports:
- "80:80"
- "443:443"
networks:
- public
volumes:
- "/etc/timezone:/etc/timezone"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/etc/traefik:/etc/traefik"
- "/etc/traefik/logs:/etc/traefik/logs"
- "/etc/letsencrypt:/etc/letsencrypt"
deploy:
mode: global
placement:
constraints: [node.role == manager]
agent:
image: portainer/agent:latest
environment:
# REQUIRED: Should be equal to the service name prefixed by "tasks." when
# deployed inside an overlay network
AGENT_CLUSTER_ADDR: tasks.agent
# AGENT_PORT: 9001
# LOG_LEVEL: debug
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/docker/volumes:/var/lib/docker/volumes
networks:
- agent_network
deploy:
mode: global
placement:
constraints: [node.platform.os == linux]
app:
image: portainer/portainer-ce:latest
command: -H tcp://tasks.agent:9001 --tlsskipverify
volumes:
- data:/data
networks:
- public
- agent_network
deploy:
mode: replicated
replicas: 1
placement:
constraints: [node.role == manager]
labels:
- "traefik.enable=true"
- "traefik.http.routers.portainer.rule=(Host(`example.com`) && PathPrefix(`/admin/portainer/`))"
- "traefik.http.routers.portainer.entrypoints=web"
- "traefik.http.services.portainer.loadbalancer.server.port=9000"
- "traefik.http.routers.portainer.service=portainer"
- "traefik.http.routers.portainer.tls=true"
- "traefik.http.routers.portainer.tls.certresolver=letsencrypt"
# Edge
- "traefik.http.routers.edge.rule=Host(`edge.example.com`)"
- "traefik.http.routers.edge.entrypoints=web"
- "traefik.http.services.edge.loadbalancer.server.port=8000"
- "traefik.http.routers.edge.service=edge"
- "traefik.http.routers.edge.tls=true"
- "traefik.http.routers.edge.tls.certresolver=letsencrypt"
networks:
public:
external: true
agent_network:
external: true
volumes:
data:
Plik traefik.yml
################################################################
# Global configuration
################################################################
global:
checkNewVersion: true
sendAnonymousUsage: false
################################################################
# EntryPoints configuration
################################################################
entryPoints:
web:
address: :80
websecure:
address: :443
certificatesResolvers:
letsencrypt:
acme:
email: mail@example.com
storage: /etc/letsencrypt/acme.json
httpChallenge:
entryPoint: web
################################################################
# Traefik logs configuration
################################################################
log:
filePath: /etc/traefik/logs/traefik.log
level: DEBUG
################################################################
# Docker configuration backend
################################################################
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: "public"
swarmMode: true
file:
directory: /etc/traefik
Plik traefik-dynamic.yml
tls:
stores:
default:
defaultGeneratedCert:
resolver: letsencrypt
domain:
main: example.com
sans:
- edge.example.com
W przeglądarce cały czas wyświetla blad:
NET::ERR_CERT_AUTHORITY_INVALID
Czy jest ktoś w stanie mi wyjaśnić gdzie jest problem?
example.com wpisalem na potrzeby tego posta w konfiguracji jest tam moja domena.
