我让Traefik配置为使用DNS-01挑战发出Let's Encrypt通配符证书 .
我在env文件中有变量AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_REGION,AWS_HOSTED_ZONE_ID,用于* .domain1.com(domain1.com) . 此AWS_HOSTED_ZONE_ID仅与domain1.com相关 .
我需要添加也在Route53中托管的新域domain2.com,因此Traefik可以为* .domain1.com和* .domain2.com颁发证书 .
Traefik如何在多个Route53域中发布Letsencrypt证书?
接下来是我的treafik.yml文件:
version: "3.6"
services:
traefik:
image: traefik
env_file: /mnt/ceph/traefik/env
command:
- "--debug=true"
- "--logLevel=DEBUG"
- "--api"
- "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
- "--entrypoints=Name:https Address::443 Compress:true TLS"
- "--defaultentrypoints=http,https"
- "--acme"
- "--acme.storage=acme.json"
- "--acme.acmeLogging=true"
- "--acme.entryPoint=https"
- "--acme.email=email@domain1.com"
#- "--acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
- "--acme.dnsChallenge.provider=route53"
- "--acme.dnsChallenge.delayBeforeCheck=0"
- "--acme.domains=*.domain1.com,domain1.com"
- "--docker"
- "--docker.domain=domain1.com"
- "--docker.exposedByDefault=false"
- "--docker.swarmMode"
- "--docker.watch"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /mnt/ceph/traefik/acme.json:/acme.json
networks:
- backend
- webgateway
ports:
- target: 80
published: 80
mode: host
- target: 443
published: 443
mode: host
- target: 8080
published: 8080
mode: host
deploy:
mode: global
placement:
constraints:
- node.role == manager
update_config:
parallelism: 2
failure_action: rollback
order: start-first
#delay: 5s
restart_policy:
condition: on-failure
labels:
- "traefik.enable=true"
- "traefik.backend=dashboard"
- "traefik.port=8080"
- "traefik.frontend.rule=Host:dashboard.domain1.com"
networks:
backend:
name: traefik_backend
driver: overlay
external: true
webgateway:
driver: overlay
先感谢您!!