traefik使用digicert付费的证书和使用letencrypt免费证书的方法不一样,下面说一下怎么配置:
traefik.yml里面就没有任何配置
1log:
2 level: DEBUG
3
4api:
5 insecure: false
6 dashboard: true
7
8entryPoints:
9 http:
10 address: ":80"
11 #http:
12 # redirections:
13 # entryPoint:
14 # to: https
15 # scheme: https
16
17 https:
18 address: ":443"
19
20providers:
21 file:
22 directory: /export/servers/traefik/dynamic
23 watch: true
所有的配置都放到到/export/servers/traefik/dynamic目录下了,动态更新:
certs.yml来定义证书选项
1tls:
2 certificates:
3 - certFile: "/export/servers/traefik/ddky.crt"
4 keyFile: "/export/servers/traefik/ddky.key"
5 options:
6 default:
7 sniStrict: true
8 minVersion: VersionTLS12
9 cipherSuites:
10 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
11 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
12 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
13 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
14 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
test7-01.yml单独test7.ddky.com的配置
1http:
2 routers:
3 https_01:
4 rule: "Host(`test7.ddky.com`)"
5 service: svc_01
6 tls:
7 domains:
8 - main: "test7.ddky.com"
9 sans:
10 - "*.ddky.com"
11
12 http_01:
13 rule: "Host(`test7.ddky.com`)"
14 service: svc_01
15 entryPoints:
16 - http
17
18 services:
19 svc_01:
20 loadBalancer:
21 servers:
test8-02.yml单独test8.ddky.com的配置
1http:
2 routers:
3 https_02:
4 rule: "Host(`test8.ddky.com`)"
5 service: svc_02
6 tls:
7 domains:
8 - main: "test8.ddky.com"
9
10 http_02:
11 rule: "Host(`test8.ddky.com`)"
12 service: svc_02
13 entryPoints:
14 - http
15
16 services:
17 svc_02:
18 loadBalancer:
19 servers:
20 - url: "http://172.18.31.33:80"
注意上面tls的选项,sans备用域名可加可不加。
