docker-compose.yml
:
version: '3'
services:
traefik:
image: traefik:1.7
command:
--entryPoints='Name:http Address::80'
--entryPoints='Name:https Address::443 TLS'
--defaultentrypoints=http,https
--logLevel=DEBUG
--docker
--docker.exposedByDefault=false
--acme
--acme.acmeLogging=true
--acme.entrypoint=https
--acme.storage=/data/acme.json
--acme.onHostRule=true
--acme.httpChallenge.entryPoint=http
ports:
- 8001:80
- 8002:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- .:/data
traefik-certs-dumper:
image: ldez/traefik-certs-dumper:v2.7.0
entrypoint: sh -c '
apk add jq
; while ! [ -e /data/acme.json ]
|| ! [ `jq ".Certificates | length" /data/acme.json` != 0 ]; do
sleep 1
; done
&& traefik-certs-dumper file --watch
--source /data/acme.json --dest /data/certs'
volumes:
- .:/data
whoami:
image: containous/whoami
labels:
traefik.enable: true
traefik.frontend.rule: Host:example.com
ldez/traefik-certs-dumper
is needed in case you want to put traefik behind another proxy.
time="2020-05-17T16:21:51Z" level=info msg="Traefik version v1.7.24 built on 2020-03-25_04:34:11PM"
time="2020-05-17T16:21:51Z" level=debug msg="Global configuration loaded {
"AccessLog": null,
"TraefikLog": null,
"LogLevel": "DEBUG",
"EntryPoints": {
"http": {
"Address": ":80",
"TLS": null,
...
},
"https": {
"Address": ":443",
"TLS": {...},
...
}
},
"ACME": {
"Email": "",
"Domains": null,
"Storage": "/data/acme.json",
"OnHostRule": true,
"EntryPoint": "https",
"HTTPChallenge": {
"EntryPoint": "http"
},
"ACMELogging": true,
...
},
"DefaultEntryPoints": [
"http",
"https"
],
"Docker": {
"Endpoint": "unix:///var/run/docker.sock",
"ExposedByDefault": false,
"SwarmMode": false,
...
},
...
}
time="2020-05-17T16:21:51Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/v1.7/basics/#collected-data\n"
time="2020-05-17T16:21:51Z" level=debug msg="Setting Acme Certificate store from Entrypoint: https"
time="2020-05-17T16:21:51Z" level=info msg="Preparing server https &{Address::443 TLS:0xc0007b1950 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006d49a0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-05-17T16:21:51Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc0006d48e0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2020-05-17T16:21:51Z" level=info msg="Starting server on :443"
time="2020-05-17T16:21:51Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
time="2020-05-17T16:21:51Z" level=info msg="Starting server on :80"
time="2020-05-17T16:21:51Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":false,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15}"
time="2020-05-17T16:21:51Z" level=info msg="Starting provider *acme.Provider {\"Email\":\"\",\"ACMELogging\":true,\"CAServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"Storage\":\"/data/acme.json\",\"EntryPoint\":\"https\",\"KeyType\":\"\",\"OnHostRule\":true,\"OnDemand\":false,\"DNSChallenge\":null,\"HTTPChallenge\":{\"EntryPoint\":\"http\"},\"TLSChallenge\":null,\"Domains\":null,\"Store\":{}}"
time="2020-05-17T16:21:51Z" level=info msg="Testing certificate renew..."
time="2020-05-17T16:21:51Z" level=debug msg="Configuration received from provider ACME: {}"
time="2020-05-17T16:21:51Z" level=debug msg="Provider connection established with docker 18.06.3-ce (API 1.38)"
time="2020-05-17T16:21:51Z" level=debug msg="Filtering disabled container /traefik-ssl_traefik_1"
time="2020-05-17T16:21:51Z" level=debug msg="Filtering disabled container /traefik-ssl_traefik-certs-dumper_1"
time="2020-05-17T16:21:51Z" level=debug msg="originLabelsmap[
com.docker.compose.config-hash:cc8dd9859b14b96c12537af1175910291ff4d1de04eb61beb3d66ada87bdb630
com.docker.compose.container-number:1
com.docker.compose.oneoff:False
com.docker.compose.project:traefik-ssl
com.docker.compose.service:whoami
com.docker.compose.version:1.24.1
traefik.enable:True
traefik.frontend.rule:Host:example.com
]"
time="2020-05-17T16:21:51Z" level=debug msg="allLabelsmap[:map[
traefik.enable:True
traefik.frontend.rule:Host:example.com
]]"
time="2020-05-17T16:21:51Z" level=debug msg="originLabelsmap[
com.docker.compose.config-hash:cc8dd9859b14b96c12537af1175910291ff4d1de04eb61beb3d66ada87bdb630
com.docker.compose.container-number:1
com.docker.compose.oneoff:False
com.docker.compose.project:traefik-ssl
com.docker.compose.service:whoami
com.docker.compose.version:1.24.1
traefik.enable:True
traefik.frontend.rule:Host:example.com
]"
time="2020-05-17T16:21:51Z" level=debug msg="allLabelsmap[:map[
traefik.enable:True
traefik.frontend.rule:Host:example.com
]]"
time="2020-05-17T16:21:51Z" level=debug msg="Backend backend-whoami-traefik-ssl: no load-balancer defined, fallback to 'wrr' method"
time="2020-05-17T16:21:51Z" level=debug msg="Configuration received from provider docker: {
"backends": {
"backend-whoami-traefik-ssl": {
"servers": {
"server-eaa0e2fdd516-traefik-ssl-whoami-1-ba08b9a6fd6a6a434ae85c28fea6f773": {
"url": "http://172.23.0.3:80",
"weight": 1
}
},
...
}
},
"frontends": {
"frontend-Host-example-com-0": {
"entryPoints": [
"http",
"https"
],
"backend": "backend-whoami-traefik-ssl",
"routes": {
"route-frontend-Host-example-com-0": {
"rule": "Host:example.com"
}
},
...
}
}
}
time="2020-05-17T16:21:51Z" level=info msg="Server configuration reloaded on :80"
time="2020-05-17T16:21:51Z" level=info msg="Server configuration reloaded on :443"
time="2020-05-17T16:21:51Z" level=debug msg="Wiring frontend frontend-Host-example-com-0 to entryPoint http"
time="2020-05-17T16:21:51Z" level=debug msg="Creating backend backend-whoami-traefik-ssl"
time="2020-05-17T16:21:51Z" level=debug msg="Creating load-balancer wrr"
time="2020-05-17T16:21:51Z" level=debug msg="Creating server server-eaa0e2fdd516-traefik-ssl-whoami-1-ba08b9a6fd6a6a434ae85c28fea6f773 at http://172.23.0.3:80 with weight 1"
time="2020-05-17T16:21:51Z" level=debug msg="Creating route route-frontend-Host-example-com-0 Host:example.com"
time="2020-05-17T16:21:51Z" level=debug msg="Wiring frontend frontend-Host-example-com-0 to entryPoint https"
time="2020-05-17T16:21:51Z" level=debug msg="Creating backend backend-whoami-traefik-ssl"
time="2020-05-17T16:21:51Z" level=debug msg="Creating load-balancer wrr"
time="2020-05-17T16:21:51Z" level=debug msg="Creating server server-eaa0e2fdd516-traefik-ssl-whoami-1-ba08b9a6fd6a6a434ae85c28fea6f773 at http://172.23.0.3:80 with weight 1"
time="2020-05-17T16:21:51Z" level=debug msg="Creating route route-frontend-Host-example-com-0 Host:example.com"
time="2020-05-17T16:21:51Z" level=info msg="Server configuration reloaded on :443"
time="2020-05-17T16:21:51Z" level=info msg="Server configuration reloaded on :80"
time="2020-05-17T16:21:51Z" level=debug msg="Try to challenge certificate for domain [example-com] founded in Host rule"
time="2020-05-17T16:21:51Z" level=debug msg="Looking for provided certificate(s) to validate ["example.com"]..."
time="2020-05-17T16:21:51Z" level=debug msg="Domains ["example.com"] need ACME certificates generation for domains "example.com"."
time="2020-05-17T16:21:51Z" level=debug msg="Loading ACME certificates [example.com]..."
time="2020-05-17T16:21:51Z" level=info msg="The key type is empty. Use default key type 4096."
time="2020-05-17T16:21:56Z" level=debug msg="Building ACME client..."
time="2020-05-17T16:21:56Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
time="2020-05-17T16:21:56Z" level=info msg=Register...
time="2020-05-17T16:21:57Z" level=debug msg="Using HTTP Challenge provider."
time="2020-05-17T16:21:57Z" level=info msg="legolog: [INFO] [example.com] acme: Obtaining bundled SAN certificate"
time="2020-05-17T16:21:57Z" level=info msg="legolog: [INFO] [example.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4642384633"
time="2020-05-17T16:21:57Z" level=info msg="legolog: [INFO] [example.com] acme: Could not find solver for: tls-alpn-01"
time="2020-05-17T16:21:57Z" level=info msg="legolog: [INFO] [example.com] acme: use http-01 solver"
time="2020-05-17T16:21:57Z" level=info msg="legolog: [INFO] [example.com] acme: Trying to solve HTTP-01"
time="2020-05-17T16:21:58Z" level=debug msg="Unable to split host and port: address example.com: missing port in address. Fallback to request host."
time="2020-05-17T16:21:58Z" level=debug msg="Looking for an existing ACME challenge for token YHbdxGL9bxJeJIaCnSEkC3PMv5O5kYF-WKg8xFlQgLE..."
time="2020-05-17T16:21:58Z" level=debug msg="Unable to split host and port: address example.com: missing port in address. Fallback to request host."
time="2020-05-17T16:21:58Z" level=debug msg="Looking for an existing ACME challenge for token YHbdxGL9bxJeJIaCnSEkC3PMv5O5kYF-WKg8xFlQgLE..."
time="2020-05-17T16:21:58Z" level=debug msg="Unable to split host and port: address example.com: missing port in address. Fallback to request host."
time="2020-05-17T16:21:58Z" level=debug msg="Looking for an existing ACME challenge for token YHbdxGL9bxJeJIaCnSEkC3PMv5O5kYF-WKg8xFlQgLE..."
time="2020-05-17T16:21:58Z" level=debug msg="Unable to split host and port: address example.com: missing port in address. Fallback to request host."
time="2020-05-17T16:21:58Z" level=debug msg="Looking for an existing ACME challenge for token YHbdxGL9bxJeJIaCnSEkC3PMv5O5kYF-WKg8xFlQgLE..."
time="2020-05-17T16:22:02Z" level=info msg="legolog: [INFO] [example.com] The server validated our request"
time="2020-05-17T16:22:02Z" level=info msg="legolog: [INFO] [example.com] acme: Validations succeeded; requesting certificates"
time="2020-05-17T16:22:03Z" level=info msg="legolog: [INFO] [example.com] Server responded with a certificate."
time="2020-05-17T16:22:03Z" level=debug msg="Certificates obtained for domains [example.com]"
time="2020-05-17T16:22:03Z" level=debug msg="Configuration received from provider ACME: {}"
time="2020-05-17T16:22:03Z" level=debug msg="Wiring frontend frontend-Host-example-com-0 to entryPoint http"
time="2020-05-17T16:22:03Z" level=debug msg="Creating backend backend-whoami-traefik-ssl"
time="2020-05-17T16:22:03Z" level=debug msg="Creating load-balancer wrr"
time="2020-05-17T16:22:03Z" level=debug msg="Creating server server-eaa0e2fdd516-traefik-ssl-whoami-1-ba08b9a6fd6a6a434ae85c28fea6f773 at http://172.23.0.3:80 with weight 1"
time="2020-05-17T16:22:03Z" level=debug msg="Creating route route-frontend-Host-example-com-0 Host:example.com"
time="2020-05-17T16:22:03Z" level=debug msg="Wiring frontend frontend-Host-example-com-0 to entryPoint https"
time="2020-05-17T16:22:03Z" level=debug msg="Creating backend backend-whoami-traefik-ssl"
time="2020-05-17T16:22:03Z" level=debug msg="Creating load-balancer wrr"
time="2020-05-17T16:22:03Z" level=debug msg="Creating server server-eaa0e2fdd516-traefik-ssl-whoami-1-ba08b9a6fd6a6a434ae85c28fea6f773 at http://172.23.0.3:80 with weight 1"
time="2020-05-17T16:22:03Z" level=debug msg="Creating route route-frontend-Host-example-com-0 Host:example.com"
time="2020-05-17T16:22:03Z" level=debug msg="Adding certificate for domain(s) example.com"
time="2020-05-17T16:22:03Z" level=info msg="Server configuration reloaded on :80"
time="2020-05-17T16:22:03Z" level=info msg="Server configuration reloaded on :443"