Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
lifeexample2021-04-16 16:04:37
Digital certificates
lifeexample, 2021-04-16 16:04:37

Traefik docker creates self-signed ssl certificates. How to disable?

I'm not sure that I correctly formulated the essence of the question, but it seems to me that this can solve my problem. If there is another solution, please tell me.

It is necessary to redirect all site traffic through the Traefik v2 reverse proxy on two ports 80 and 443, respectively.
It is important in this task to do without redirecting all traffic to https, without self-signed certificates, without certificatesresolvers and without letsencrypt! In other words, we need a simple proxying of requests to the container 80-> 80, 443-> 443

That is, we create two entrypoints in the traffic container: web and websecure

image: traefik:v2.4
    command: 
      - "--api.insecure=true" 
      - "--providers.docker"
      - "--providers.docker.exposedbydefault=false" 
      - "--providers.docker.network=proxy-network"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"


In the container with the site, we indicate in the labels the entry points web and websecure
image: httpd:latest
   labels:
      - "traefik.enable=true"

      - "traefik.http.routers.exampleforhttp.rule=Host(`example.com`)"
      - "traefik.http.routers.exampleforhttp.entrypoints=web"
     
      - "traefik.http.routers.exampleforhttps.rule=Host(`example.com`)"
      - "traefik.http.routers.exampleforhttps.entrypoints=websecure"
      - "traefik.http.routers.exampleforhttps.tls=true"


With this setting, the problem is almost solved,
the site opens via two links
example.com
https://example.com

, the only problem is that when this label is included - "traefik.http.routers.exampleforhttps.tls=true" traefik creates a self-signed certificate and opens the site using the link https://example.com already with its own certificate.

It is necessary that the traffic simply reaches the final container with the apache web server, and then apache itself will fasten the real ssl certificate known to it, stored in the container. Does anyone know how to implement this?

Thank you!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
shurshur, 2021-04-16
@lifeexample

To do this, the port must be forwarded as tcp, not http/https.
But in general this is a bad practice. Just on proxies / balancers, they hang a certificate in such cases, and then terminate traffic to http or https with any certificate.

Similar questions
A
airbor2019-05-22 19:21:58
Why did the SSL certificate suddenly break? 1Reply
T
torr20092015-01-07 00:02:06
How to configure backend access via SSL in nginx? 1Reply
N
Nikita Fedorov2019-06-01 13:01:28
How to remove an unencrypted page? 1Reply
K
Kirill Fs2019-06-08 19:25:48
How to fix an error when creating a self-written openssl vkapi.crt? 1Reply
V
Volgarastraport2017-01-17 08:51:32
How to convert Webmoney crt certificate to pfx? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question