Comments (13)
emilevauge
commented on May 17, 2024
2
Hi @F0rth, I'm currently already working on that ^^
from traefik.
jpillora
commented on May 17, 2024
👍 letsencrypt all the things!
from traefik.
ludovicc
commented on May 17, 2024
There is a Go library (https://github.com/xenolf/lego) used by Caddy.
from traefik.
emilevauge
commented on May 17, 2024
@ludovicc yep, I have seen what Caddy does with letsencrypt using lego. It would be awesome to add that feature in Traefik :)
from traefik.
strarsis
commented on May 17, 2024
+1
from traefik.
sheerun
commented on May 17, 2024
I'm also interested. Maybe running traefik on top of consul-template would work?
from traefik.
strarsis
commented on May 17, 2024
https://github.com/emilevauge/traefik/issues/211, #217 and #212
from traefik.
emilevauge
commented on May 17, 2024
Hi all, I created a traefik docker image with let's encrypt support: containous/traefik:add-lets-encrypt-suppport
I invite you to test it before the PR is merged ;)
Here is the new toml file to use:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "[email protected]"
# group domains to get SNA
domains = [["test.local1.com", "test.local2.com"], ["test.local4.com", "test.local3.com"]]
storageFile = "acme.json" # mount it in a volume ;)
# Uncomment to load SSL cert on demand (be careful)
#onDemand = true
# Uncomment the line to run on the staging let's encrypt server
# Leave comment to go to prod
# caServer = "https://acme-staging.api.letsencrypt.org/directory"
entryPoint = "http" # must point to an entrypoint on port 80
Your feedback is welcome :)
from traefik.
strarsis
commented on May 17, 2024
So the domains for the ACME client are listed in the domains option of acme key in configuration file.
Can this also be dynamically changed? Could one flag containers with an acme or even letsencrypt flag so traefik knows that the domains in the routes for these containers should have certs/keys requests over acme?
from traefik.
emilevauge
commented on May 17, 2024
@strarsis, thanks for your feedback!
If you enable onDemand = true, traefik will dynamically download cert at the first request.
But, this is not perfect, I know that.
Maybe a new option on frontend, that would trigger cert download.
I was wondering if I had to rely directly on Host frontend rules, but they can be also wildcard :'(
from traefik.
thorhs
commented on May 17, 2024
Maybe this could fit? https://github.com/dkumor/acmewrapper
from traefik.
djmaze
commented on May 17, 2024
@emilevauge Letsencrypt does not (yet) support wildcard certificates, and generating certificates upon request is not desirable. So, in my opinion, if the Host rule contains a wildcard, ACME/SSL support should automatically be disabled for that particular frontend. Then certificates need to be generated only when a new frontend is added.
from traefik.
djmaze
commented on May 17, 2024
@emilevauge Your toml file example works for me if I set defaultEntryPoints to just ["https"]. Otherwise Traefik only serves the backend service on port 80, and the .well-known directory is not reachable.
from traefik.
Related Issues (20)
- v2.11.2 migration guide possibly incomplete HOT 1
- TCP+TLS connection kill in 3.0.0-rc5 HOT 14
- Does settings a readTimeout to 0 still protect us against CVE-2024-28869? HOT 5
- Provider icon size is not consistant with the other dashboard icons HOT 1
- Websocket ping/pong timeout not working HOT 5
- Display conflicting configuration in dashboard as failed routes HOT 2
- /metrics sometimes return "has a label named 'service' whose value is not utf8" HOT 2
- Gitlab desktop client connect not found HOT 1
- Switch to Kubernetes EndpointSlices API HOT 2
- Fix UI unit tests
- Traefik should prompt for MTLs client certificates in the browser HOT 1
- Enable STARTTLS for origin Postgres server in TLSRoute of Kubernetes Gateway API HOT 2
- Activate tracing by routers HOT 2
- Timeout (499 Client Closed Request) issue introduced with v2.11.2 (working correctly with all previous versions) HOT 1
- grpc bi directional streaming - READTIMEOUT HOT 1
- Middlewares: IpAllowList doesn't work with localhost HOT 1
- upload file > 2G Fail with traefik 2.11 HOT 4
- Traefik does not attach itself to provided docker networks.
- run traefik as windows native service
- Body truncation issue in traffic plugin under certain conditions HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from traefik.