问题
I've been fiddling with Traefik for a few hours and find it extremely interesting. However, I've ran into a problem that I can't seem to solve by myself.
It's a very simple setup, just trying to test the HTTP to HTTPS redirection and my SSL certificates.
I have the following docker-compose.yml
version: '2'
services:
traefik:
image: traefik:v1.3.7-alpine
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:z
- /opt/dockerapp/rocketchat/traefik/traefik.toml:/etc/traefik/traefik.toml:ro,z
- /opt/dockerapp/rocketchat/traefik/ssl:/etc/traefik/ssl/:ro,z
command: --logLevel=DEBUG
My traefik.toml
is
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "ssl/mycert.pem"
KeyFile = "ssl/mycert.key"
[docker]
domain = "docker.local"
watch = true
[web]
address = ":8080"
However, when I try to run it:
docker-compose up
Starting rocketchat_traefik_1
Attaching to rocketchat_traefik_1
traefik_1 | time="2017-08-29T13:45:55Z" level=info msg="Traefik version v1.3.7 built on 2017-08-25_08:56:06PM"
traefik_1 | time="2017-08-29T13:45:55Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
traefik_1 | time="2017-08-29T13:45:55Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":false,"CheckNewVersion":true,"AccessLogsFile":"","TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":{"EntryPoint":"https","Regex":"","Replacement":""},"Auth":null,"Compress":false},"https":{"Network":"","Address":":443","TLS":{"MinVersion":"","CipherSuites":null,"Certificates":[{"CertFile":"ssl/mycert.pem","KeyFile":"ssl/mycert.key"}],"ClientCAFiles":null},"Redirect":null,"Auth":null,"Compress":false}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":["http","https"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":180000000000,"InsecureSkipVerify":false,"Retry":null,"HealthCheck":{"Interval":30000000000},"Docker":{"Watch":true,"Filename":"","Constraints":null,"Endpoint":"unix:///var/run/docker.sock","Domain":"docker.local","TLS":null,"ExposedByDefault":true,"UseBindPortIP":false,"SwarmMode":false},"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":null,"Path":"","Auth":null},"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":null,"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
traefik_1 | time="2017-08-29T13:45:55Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:0xc4202f4ea0 Auth:<nil> Compress:false}"
traefik_1 | time="2017-08-29T13:45:55Z" level=info msg="Preparing server https &{Network: Address::443 TLS:0xc42032c000 Redirect:<nil> Auth:<nil> Compress:false}"
traefik_1 | time="2017-08-29T13:45:55Z" level=error msg="Error creating TLS config: tls: failed to find any PEM data in certificate input"
traefik_1 | time="2017-08-29T13:45:55Z" level=fatal msg="Error preparing server: tls: failed to find any PEM data in certificate input"
rocketchat_traefik_1 exited with code 1
Which seems to indicate there's something wrong with my certificate. I know for sure the certificate is fine, it's a wildcard certificate we're using successfully with Apache and NGINX.
I've already checked this possible answer, but both the certificate and the private key match those parameters.
Can anybody shed some light?
Thanks!
回答1:
Looks like traefik is not finding your certificates. Try putting an absolute path for CertFile and KeyFile such as:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/etc/traefik/ssl/mycert.pem"
KeyFile = "/etc/traefik/ssl/mycert.key"
[docker]
domain = "docker.local"
watch = true
[web]
address = ":8080"
来源:https://stackoverflow.com/questions/45940935/error-creating-tls-config-v1-3-7