traefik使用digicert付费的证书和使用letencrypt免费证书的方法不一样,下面说一下怎么配置:
traefik.yml里面就没有任何配置
log:
level: DEBUG
api:
insecure: false
dashboard: true
entryPoints:
http:
address: ":80"
#http:
# redirections:
# entryPoint:
# to: https
# scheme: https
https:
address: ":443"
providers:
file:
directory: /export/servers/traefik/dynamic
watch: true
所有的配置都放到到/export/servers/traefik/dynamic目录下了,动态更新:
certs.yml来定义证书选项
tls:
certificates:
- certFile: "/export/servers/traefik/ddky.crt"
keyFile: "/export/servers/traefik/ddky.key"
options:
default:
sniStrict: true
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
test7-01.yml单独test7.ddky.com的配置
http:
routers:
https_01:
rule: "Host(`test7.ddky.com`)"
service: svc_01
tls:
domains:
- main: "test7.ddky.com"
sans:
- "*.ddky.com"
http_01:
rule: "Host(`test7.ddky.com`)"
service: svc_01
entryPoints:
- http
services:
svc_01:
loadBalancer:
servers:
test8-02.yml单独test8.ddky.com的配置
http:
routers:
https_02:
rule: "Host(`test8.ddky.com`)"
service: svc_02
tls:
domains:
- main: "test8.ddky.com"
http_02:
rule: "Host(`test8.ddky.com`)"
service: svc_02
entryPoints:
- http
services:
svc_02:
loadBalancer:
servers:
- url: "http://172.18.31.33:80"
注意上面tls的选项,sans备用域名可加可不加。