Internal Search Domains & LetsEncrypt TLS on TraefikUtilising TLS within internal search domains
putting logo on same line but after title, latex
Non-trope happy ending?
Redundant comparison & "if" before assignment
Electoral considerations aside, what are potential benefits, for the US, of policy changes proposed by the tweet recognizing Golan annexation?
Are Captain Marvel's powers affected by Thanos' actions in Infinity War
How to rewrite equation of hyperbola in standard form
Why is this estimator biased?
How does a computer interpret real numbers?
How can "mimic phobia" be cured or prevented?
What is Cash Advance APR?
Lowest total scrabble score
Strong empirical falsification of quantum mechanics based on vacuum energy density
On a tidally locked planet, would time be quantized?
Biological Blimps: Propulsion
Why should universal income be universal?
How much character growth crosses the line into breaking the character
The IT department bottlenecks progress. How should I handle this?
Does Doodling or Improvising on the Piano Have Any Benefits?
Is there an injective, monotonically increasing, strictly concave function from the reals, to the reals?
How do you respond to a colleague from another team when they're wrongly expecting that you'll help them?
Why Shazam when there is already Superman?
Can a College of Swords bard use a Blade Flourish option on an opportunity attack provoked by their own Dissonant Whispers spell?
Quoting Keynes in a lecture
How to cover method return statement in Apex Class?
Internal Search Domains & LetsEncrypt TLS on Traefik
Utilising TLS within internal search domains
I'm running Traefik in a docker container with a wildcard certificate provided for my domain by Cloudflare using ACME. The upstream DNS server is configured to return a local IP, and ACME is done via DNS authentication since the sites aren't accessible via the internet.
This is the docker-compose for my Traefik installation, showing the labels I'm trying to get working:
version: '3'
services:
traefik:
image: traefik
restart: always
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
networks:
- web
environment:
- CF_API_EMAIL=<snip>
- CF_API_KEY=<snip>
labels:
- "traefik.frontend.rule=Host:traefik.local.domain.com"
- "traefik.frontend.redirect.regex=^http://traefik.local.domain.com/"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
- "traefik.port=8080"
networks:
web:
This works great when I go directly to traefik.local.domain.com. The SSL cert works fine and everything looks how it should.
However, to try and simplify things even more I added local.domain.com to my DHCP options as a search domain. Unfortunately, going to traefik/ then causes traefik to use the wrong TLS cert, as it doesn't realise I'm connecting to the same backend.
I was able to get this working without TLS by using the rules
- "traefik.frontend.rule=Host:traefik.local.domain.com,traefik"
- "traefik.frontend.redirect.regex=^https?://(traefik.local.domain.com|traefik)/?"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
and disabling ACME so the DNS validation doesn't fail, but I'd really like to use TLS inside the network, just without having to type the entire domain.
I would rather not have to go to **http**://traefik/ to be redirected to https://traefik.local.domain.com, but I fear this might be the only option (and I'm not sure how to configure that in Traefik as well).
There is a related question here, but it uses the above redirection method, which I'd like to avoid.
ubuntu ssl web-server docker
asked 2 mins ago
Connor BellConnor Bell
815
add a comment |
I'm running Traefik in a docker container with a wildcard certificate provided for my domain by Cloudflare using ACME. The upstream DNS server is configured to return a local IP, and ACME is done via DNS authentication since the sites aren't accessible via the internet.
This is the docker-compose for my Traefik installation, showing the labels I'm trying to get working:
version: '3'
services:
traefik:
image: traefik
restart: always
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
networks:
- web
environment:
- CF_API_EMAIL=<snip>
- CF_API_KEY=<snip>
labels:
- "traefik.frontend.rule=Host:traefik.local.domain.com"
- "traefik.frontend.redirect.regex=^http://traefik.local.domain.com/"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
- "traefik.port=8080"
networks:
web:
This works great when I go directly to traefik.local.domain.com. The SSL cert works fine and everything looks how it should.
However, to try and simplify things even more I added local.domain.com to my DHCP options as a search domain. Unfortunately, going to traefik/ then causes traefik to use the wrong TLS cert, as it doesn't realise I'm connecting to the same backend.
I was able to get this working without TLS by using the rules
- "traefik.frontend.rule=Host:traefik.local.domain.com,traefik"
- "traefik.frontend.redirect.regex=^https?://(traefik.local.domain.com|traefik)/?"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
and disabling ACME so the DNS validation doesn't fail, but I'd really like to use TLS inside the network, just without having to type the entire domain.
I would rather not have to go to **http**://traefik/ to be redirected to https://traefik.local.domain.com, but I fear this might be the only option (and I'm not sure how to configure that in Traefik as well).
There is a related question here, but it uses the above redirection method, which I'd like to avoid.
ubuntu ssl web-server docker
asked 2 mins ago
Connor BellConnor Bell
815
add a comment |
I'm running Traefik in a docker container with a wildcard certificate provided for my domain by Cloudflare using ACME. The upstream DNS server is configured to return a local IP, and ACME is done via DNS authentication since the sites aren't accessible via the internet.
This is the docker-compose for my Traefik installation, showing the labels I'm trying to get working:
version: '3'
services:
traefik:
image: traefik
restart: always
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
networks:
- web
environment:
- CF_API_EMAIL=<snip>
- CF_API_KEY=<snip>
labels:
- "traefik.frontend.rule=Host:traefik.local.domain.com"
- "traefik.frontend.redirect.regex=^http://traefik.local.domain.com/"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
- "traefik.port=8080"
networks:
web:
This works great when I go directly to traefik.local.domain.com. The SSL cert works fine and everything looks how it should.
However, to try and simplify things even more I added local.domain.com to my DHCP options as a search domain. Unfortunately, going to traefik/ then causes traefik to use the wrong TLS cert, as it doesn't realise I'm connecting to the same backend.
I was able to get this working without TLS by using the rules
- "traefik.frontend.rule=Host:traefik.local.domain.com,traefik"
- "traefik.frontend.redirect.regex=^https?://(traefik.local.domain.com|traefik)/?"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
and disabling ACME so the DNS validation doesn't fail, but I'd really like to use TLS inside the network, just without having to type the entire domain.
I would rather not have to go to **http**://traefik/ to be redirected to https://traefik.local.domain.com, but I fear this might be the only option (and I'm not sure how to configure that in Traefik as well).
There is a related question here, but it uses the above redirection method, which I'd like to avoid.
ubuntu ssl web-server docker
asked 2 mins ago
Connor BellConnor Bell
815
I'm running Traefik in a docker container with a wildcard certificate provided for my domain by Cloudflare using ACME. The upstream DNS server is configured to return a local IP, and ACME is done via DNS authentication since the sites aren't accessible via the internet.
This is the docker-compose for my Traefik installation, showing the labels I'm trying to get working:
version: '3'
services:
traefik:
image: traefik
restart: always
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
networks:
- web
environment:
- CF_API_EMAIL=<snip>
- CF_API_KEY=<snip>
labels:
- "traefik.frontend.rule=Host:traefik.local.domain.com"
- "traefik.frontend.redirect.regex=^http://traefik.local.domain.com/"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
- "traefik.port=8080"
networks:
web:
This works great when I go directly to traefik.local.domain.com. The SSL cert works fine and everything looks how it should.
However, to try and simplify things even more I added local.domain.com to my DHCP options as a search domain. Unfortunately, going to traefik/ then causes traefik to use the wrong TLS cert, as it doesn't realise I'm connecting to the same backend.
I was able to get this working without TLS by using the rules
- "traefik.frontend.rule=Host:traefik.local.domain.com,traefik"
- "traefik.frontend.redirect.regex=^https?://(traefik.local.domain.com|traefik)/?"
- "traefik.frontend.redirect.replacement=http://traefik.local.domain.com/dashboard/"
and disabling ACME so the DNS validation doesn't fail, but I'd really like to use TLS inside the network, just without having to type the entire domain.
I would rather not have to go to **http**://traefik/ to be redirected to https://traefik.local.domain.com, but I fear this might be the only option (and I'm not sure how to configure that in Traefik as well).
There is a related question here, but it uses the above redirection method, which I'd like to avoid.
ubuntu ssl web-server docker
ubuntu ssl web-server docker
asked 2 mins ago
Connor BellConnor Bell
815
asked 2 mins ago
Connor BellConnor Bell
815
asked 2 mins ago
Connor BellConnor Bell
815
asked 2 mins ago
Connor BellConnor Bell
815
asked 2 mins ago
Connor BellConnor Bell
815
815
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959587%2finternal-search-domains-letsencrypt-tls-on-traefik%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959587%2finternal-search-domains-letsencrypt-tls-on-traefik%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
