I have created an easier, well documented version of this in my blog at https://blog.wyraz.de/linux/deploying-rancher-server-standalone-behind-traefik-with-lets-encrypt-for-both/
Last active
May 29, 2022 01:32
-
-
Save micw/67faf5cd3d4a6f64568ca2bb9a051230 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is an example how to pass acme challenges to a backend of a particular domain while | |
# all other acme challenges are solved by traefik | |
# Tested with traefik 1.7.7 | |
# How it works: | |
# - an entry point listens at 81 which is used for traefik's acme. This port is not exposed | |
# - a default rule for /.well-known/acme-challenge/ is added for the http entry point. It has a priority of 1000 | |
# and forwards acme requests to localhost:81 where traefik accepts acme challenges | |
# - for a particular domain, a rule with higher priority is added, so this domain's acme challenges are not sent to | |
# traefik | |
# Note: to make traefik issue certs automatically (via onHostRule), it is necessary that the rule is bound to the "acme" | |
# entrypoint (see https://github.com/containous/traefik/issues/3918) | |
[entryPoints] | |
[entryPoints.http] | |
address = ":80" | |
[entryPoints.acme] | |
address = ":81" | |
[entryPoints.https] | |
address = ":443" | |
[entryPoints.https.tls] | |
[acme] | |
email = "test@traefik.io" | |
storage = "acme.json" | |
entryPoint = "https" | |
[acme.httpChallenge] | |
entryPoint = "acme" | |
[file] | |
[backends] | |
[backends.acme] | |
[backends.acme.servers] | |
[backends.acme.servers.server0] | |
url = "http://127.0.0.1:81/" | |
[backends.backend1] | |
[backends.backend1.servers] | |
[backends.backend1.servers.server0] | |
url = "https://ifconfig.io/" | |
[frontends] | |
[frontends.acme] | |
entryPoints = ["http"] | |
backend = "acme" | |
passHostHeader = true | |
priority = 1000 | |
[frontends.acme.routes] | |
[frontends.acme.routes.route0] | |
rule = "PathPrefix:/.well-known/acme-challenge/" | |
[frontends.frontend1] | |
entryPoints = ["http"] | |
backend = "backend1" | |
passHostHeader = false | |
priority = 1001 | |
[frontends.frontend1.routes] | |
[frontends.frontend1.routes.route0] | |
rule = "Host:127.0.0.1.xip.io" | |
priority = 1001 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It works similar with traefik 2:
1st enable an extra entry point for acme (e.g. via CLI) and route config from a file (/etc/traefik/dynamic_conf.yml):
In the config, add a default route for acme challenges with a priority of 1000:
Now for every service that needs to solve acme itself, setup a http router with a priority >1000. Docker example: