2
traefik配置digicert家得泛域名证书
source link: https://bajie.dev/posts/20231221-traefik_digicert/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Traefik配置digicert家得泛域名证书
2023-12-21
1 分钟阅读
traefik使用digicert付费的证书和使用letencrypt免费证书的方法不一样,下面说一下怎么配置:
traefik.yml里面就没有任何配置
log:
level: DEBUG
api:
insecure: false
dashboard: true
entryPoints:
http:
address: ":80"
#http:
# redirections:
# entryPoint:
# to: https
# scheme: https
https:
address: ":443"
providers:
file:
directory: /export/servers/traefik/dynamic
watch: true
所有的配置都放到到/export/servers/traefik/dynamic目录下了,动态更新:
certs.yml来定义证书选项
tls:
certificates:
- certFile: "/export/servers/traefik/ddky.crt"
keyFile: "/export/servers/traefik/ddky.key"
options:
default:
sniStrict: true
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
test7-01.yml单独test7.ddky.com的配置
http:
routers:
https_01:
rule: "Host(`test7.ddky.com`)"
service: svc_01
tls:
domains:
- main: "test7.ddky.com"
sans:
- "*.ddky.com"
http_01:
rule: "Host(`test7.ddky.com`)"
service: svc_01
entryPoints:
- http
services:
svc_01:
loadBalancer:
servers:
test8-02.yml单独test8.ddky.com的配置
http:
routers:
https_02:
rule: "Host(`test8.ddky.com`)"
service: svc_02
tls:
domains:
- main: "test8.ddky.com"
http_02:
rule: "Host(`test8.ddky.com`)"
service: svc_02
entryPoints:
- http
services:
svc_02:
loadBalancer:
servers:
- url: "http://172.18.31.33:80"
注意上面tls的选项,sans备用域名可加可不加。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK