Docker – Traefik and self-signed SSL


Noob to Traefik and Docker. I have prepared a self signed certiicate using:

openssl req -x509 -newkey rsa:4096 -keyout -out 365

In my traefik.toml file I have:

  address = ":80"
  address = ":443"
    certFile = "certs/"
    keyFile = "certs/"

However this results in:

traefik          | time="2019-06-17T22:11:17Z" level=debug msg="Serving default cert for request: \"\""
traefik          | time="2019-06-17T22:11:17Z" level=debug msg="http: TLS handshake error from tls: no certificates configured"

If I omit the cert definitions so that traefik.toml reads as:

  address = ":80"
  address = ":443"
  #  [[entryPoints.https.tls.certificates]]
  #  certFile = "certs/"
  #  keyFile = "certs/"

I get the dummy cert provided by Traefik and it works great but I just want to wrap my head around why my defined certs are not being used.

In my docker-compose.yml I believe I have mounted the correct volume:

  - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
  - ./traefik.toml:/traefik.toml
  - /var/www/docker/certs:/certs

And the certs reside at certs/ relative to my docker-compose.yml and traefik.toml files. Permissions seem good as well both owned by root – the crt having 644 and key having 600.

How can I use a self-signed cert instead of Traefiks defaults?

Best Answer

Probably a path mismatch, particularly with some paths relative and others absolute. Try the following in your compose file (relative path to local certs):

  - /var/run/docker.sock:/var/run/docker.sock
  - ./traefik.toml:/traefik.toml
  - ./certs:/certs

And then switch to an absolute path in the toml (leading slash on certs):

  address = ":80"
  address = ":443"
    certFile = "/certs/"
    keyFile = "/certs/"
Related Topic