【发布时间】:2018-07-01 19:21:07
【问题描述】:
我的网站最终上线之前的最后阶段 --> SSL。
我正在使用 Jekyll 站点,使用 Traefic 作为反向代理,使用 Docker 来防止“它在我的机器上运行”和 Let's Encrypt for SSL。看看文档,这应该是在公园里散步,但是(就像软件开发中的一切一样)它看起来更难。
我当前的 Traefic 配置:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
permanent = true
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "johanvergeer.com"
watch = true
exposedByDefault = true
usebindportip = true
swarmMode = true
[acme]
email = "johanvergeer@gmail.com"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
[[acme.domains]]
main = "johanvergeer.com"
[acme.httpChallenge]
entryPoint = "http"
provider = "digitalocean"
还有 docker-compose 文件
version: "3.6"
services:
site:
ports:
- 4000:4000
image: registry.gitlab.com/johanvergeer/redgyro/site:latest
deploy:
labels:
- traefik.site.port=4000
- traefik.enable=true
- traefik.frontend.rule=Host:johanvergeer.com
- traefik.frontend.entryPoints=http,https
- traefik.docker.network=traefik-net
- traefik.backend.loadbalancer.method=drr
networks:
- traefik-net
reverse-proxy:
image: traefik # The official Traefik docker image
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
- $PWD/traefik.toml:/etc/traefik/traefik.toml
- $PWD/acme.json:/etc/traefik/acme.json
deploy:
labels:
- traefik.site.port=80
- traefik.logLevel=DEBUG
- traefik.docker.network=traefik-net
- traefik.backend.loadbalancer.method=drr
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
networks:
- traefik-net
networks:
traefik-net:
name: traefik-net
此时我什至没有收到 Traefic 日志中的任何内容,而它设置为 DEBUG。
浏览器显示错误Your connection is not private 和NET::ERR_CERT_AUTHORITY_INVALID。
有人知道怎么解决吗?
【问题讨论】:
标签: docker lets-encrypt traefik