posts/traefik-3-docker-certificates/ #319
Replies: 34 comments 38 replies
-
I really like your approach. I'm using it for more than a year now and it just works. I've one improvement for you. In the video you mentiond that you have to register a cname for every service. To achieve this you simply have to modify the pihole volumes. In my case i use an ip address approach. address=/local.example.com/192.168.0.10 It is importand to set the ipv4 and ipv6 entry because windows will work with just the ipv4 rule but linux will try ipv6 first. |
Beta Was this translation helpful? Give feedback.
-
Excellent tutorial . Thanks. I have followed everyt.hing in the video and everything appears to be working fine, BUT, I am not getting ANY SSL certs on the internal browser pages. Being a relative novice to running a server, I am at a loss to figure out where to start looking to get letsencrypt to send me some certs. I look forward to any pointers you can send me, so I can fix my almost working traefik system. Rgds Ken |
Beta Was this translation helpful? Give feedback.
-
I have some troubles. I install traefik on rosberiPy. but I still get ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains... I have acme.sh . and it generates serts from the terminal . but traefik did not do it ? Any Help |
Beta Was this translation helpful? Give feedback.
-
I followed the tutorial. Docker doesn't show any logs, which is good, but it doesn't show me the traefik dashboard. I had written the secrets and the .env file, but no luck. What do I do? |
Beta Was this translation helpful? Give feedback.
-
With the redirection on the entrypoint, you don't need the redirect rules in the labels or config.
|
Beta Was this translation helpful? Give feedback.
-
I have notice two things: I am getting a 404 error still, I have resolved pihole issue but this remains at issue. For clarity I am using my own domain and change exmaple.com to my my-site. Computer domain. Does this have a limit using the tld. .computer as in getting confused with com domains. I have repeated the process with the video 3 times to ensure I did not miss a step; the error remains the same. |
Beta Was this translation helpful? Give feedback.
-
Firstlly, Desptie getting errors ONLY on NOT getting any letscrypt certs.. I had lo in say this in absolutely one the best well rounded , well thought, in depth traefik install walk-through I have come accross thus far, just had to had to say it , thanks and well done Tim.. On the off chance anyone has the same issue: ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [xx.xx.io .xx.xx.io]: error: one or more domains had a problem:\n[.xx.xx.xx] propagation: time limit exceeded: last error: NS xx.ns.cloudflare.com. returned REFUSED for _acme-challenge.xx.xx.io.\n[xx.xx.io] propagation: time limit exceeded: last error: NS xx.ns.cloudflare.com. returned REFUSED for _acme-challenge.xx.xx.io.\n
Hopefully someone can point out the obvious if they have come across the same message. |
Beta Was this translation helpful? Give feedback.
-
Basically I get the traefiic certs and NOT the Letsenscrypt beauties sadly.. |
Beta Was this translation helpful? Give feedback.
-
Anyone got a decent links showing how to add multiple external links. I've got my proxmox added as per the video no issues.. Looking to add more starting with Authentik first. Is it just a case of just adding more ip along with the respective traffic labels in the Config.yml file? Don't fancy breaking anything just yet 😊🤗 |
Beta Was this translation helpful? Give feedback.
-
This helped me remember to change the router/service name... and as a side effect, reduced some redundancy.
.env file:
|
Beta Was this translation helpful? Give feedback.
-
Thanks for the tutorial! |
Beta Was this translation helpful? Give feedback.
-
Thanks Tim, followed all but getting below error. Any ideas? |
Beta Was this translation helpful? Give feedback.
-
Everything works except I am not able to make any links for proxmox LXC´s. I tried making one for jellyfin and other services but no luck at all. Can anyone offer a word of advice? |
Beta Was this translation helpful? Give feedback.
-
Tim, thank you very much for this video, it helped me a lot. It must have taken a lot of work, I appreciate that! Thanks to you, all my local domains have a valid certificate. But, how to obtain the certificate for a public address? I have a registered A record (name) and would like to use it for a reverse proxy. How to force a certificate for this record? Maybe a stupid question, but I only have experience with SWAG. This doesn't work, it keeps returning me a certificate for
|
Beta Was this translation helpful? Give feedback.
-
Tim, thank you for the info. I have two questions. Do you expect an update on CloudFlare that is visible in the DNS list? And do you run firewall did you have to enable any new rules? (I have FortiGate and I suspect it is causing me headache because I can't access urls from outside of the network). |
Beta Was this translation helpful? Give feedback.
-
Obviously the above tutorial is based around running traefik in docker. I run traefik 'natively' inside a debian LXC, but I can't workout how you inform traefik of the cloudflare API in that scenario. Surely there is a way of defining it directly inside your static traefik yaml, but for the life of me I cannot find that documented. Thoughts? |
Beta Was this translation helpful? Give feedback.
-
Thank you for the tutorial. In your design, you show multiple Docker nodes; however, I don't believe that you're using a Docker Swarm. I found that I had to run other containers on the same Docker node as Traefik so that it would work even though the "proxy" network is shared amongst the nodes. Have you run into a case where Traefik is used in a Docker Swarm? Would I just add the other containers to the config.yml? |
Beta Was this translation helpful? Give feedback.
-
Great video, thanks. Followed all the above, receive traeifik cert in the end and 404 when trying to access dashboard. Think to start with more easy setup and access traefik unsecure, and then configure it with secure properties. It's kinda demotivates receive 404 on the last stage of connection. |
Beta Was this translation helpful? Give feedback.
-
I had the issue where despite all the settings appearing correct within the traefik container I was getting the default traefik certificate when accessing the dashboard. As usual Techno Tim was right when he said "It's always DNS". I had overlooked that when I set up my Firewall I had created a NAT port forwarding rule that redirected all DNS traffic to my local DNS resolver PiHole. So this was preventing Cloudflare from preforming its check that the site covered by the certificate resolved. Solution was to simply add another NAT port forwarding rule (with a higher priority) that allowed DNS requests from the Traefik host to external DNS services. After that my certificates could be validated and used by traefik. |
Beta Was this translation helpful? Give feedback.
-
Check your docker logs for the container, LetsEncrypt are ruthless in blocking you if you exceed more than just a couple of certificate pull requests in 24hrs. I experienced this and had to wait 24 hours before I could pull a certificate from production. Being blocked by LetsEncrypt, even when all other settings are correct will result in the default cert being served. Patience is definitely a must have when trouble shooting, use the Let'sEncrypt staging until you are absolutely sure that everything is working, especially the DNS resolution from the container. Good luck. |
Beta Was this translation helpful? Give feedback.
-
I followed the tutorial to the core and most things are working fine. However, I need help with certain other things. First, I'd like to describe my setup.
I am new to all this so keep trying a few things. Now, I can get certs for my urls of proxmox, my docker portainers on proxmox, and my Truenas. However, I am not sure how to get certs and DNS for services running in dockers and LXCs. Also, even though I get cert for Truenas, I am not able to get cert for Nexcloud, even though my internal DNS for Nexcloud is resolving fine using PiHole. Any guide to how to accomplish my tasjks? |
Beta Was this translation helpful? Give feedback.
-
Try cloudflare tunnels theres video that touches it with traefik for
containers by Christian Lempa.. If it helps..
Ta
…On Sat, 7 Sept 2024, 19:06 drsa23, ***@***.***> wrote:
Any guide on resource on how to achieve that. I am not an IT guy, I just
do this for fun, just as a hobby.
—
Reply to this email directly, view it on GitHub
<#319 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEKC7ZOUYPD6JX2FY6XWTBLZVM6DHAVCNFSM6AAAAABHA6E6BWVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTANJXHAZDSOA>
.
You are receiving this because you commented.Message ID:
<techno-tim/techno-tim.github.io/repo-discussions/319/comments/10578298@
github.com>
|
Beta Was this translation helpful? Give feedback.
-
Hello Tim, Thank you for your introduction. It took me a while to get it running on a test environment. I’m someone who tries these instructions at home as a hobby. I managed to get it working without restarting the docker-compose file by adding a dynamic entry in the docker-compose.yaml and traefik.yml files, and I was able to obtain a certificate for the client devices by creating additional configuration.yml files. However, I’m having trouble creating a configuration for setting up a Remote Desktop Server. I added the entrypoints in both docker-compose.yml and traefik.yml, but so far without success. Could you check my configuration file or suggest how I could solve this issue? Or maybe you could add an adjusted rdp.yml to the tutorial? Perhaps you could extend the tutorial with Crowdsec if that's feasible. Thank you very much for your work, and best regards tcp: services: |
Beta Was this translation helpful? Give feedback.
-
So, I have something weird going on lately and would like to get some help. I had my basic setup up and running fine with about 11 hostnames defines within the respective dockers and I had another 10 which were configured using middleware in config.yml. Yesterday I tried to add a new host to config.yml and for some reason the hostnames for the 10 services configured via config.yml stopped working. As I am not a very knowledgeable person in all this and I just follow tutorials and guides, I thought it is best to restore my last backup for my Ubuntu VM (running Traefik) in Proxmox. After backup everything started working fine. This morning I tried to add another service (different that the one yesterday) to my config.yml. Again had some issue and did the restore of a working setup. However, this time it did not help. I am still not able to get those 10 services to route. Someone, please help me on how to get this issue resolved. |
Beta Was this translation helpful? Give feedback.
-
I'm getting "exec /entrypoint.sh: operation not permitted" over and over in the logs after starting things up. not sure how to fix that. |
Beta Was this translation helpful? Give feedback.
-
Was working for me, then I rebooted my proxmox environment and fired up Traefik to find an error: Assuming its the traefik.yml file with the filename field /config.yml. Should this be ./config.yml instead? Any suggestions as to what generates this error? |
Beta Was this translation helpful? Give feedback.
-
Awesome tutorial! I've found this topic very overwhelming so thanks for walking me through it. |
Beta Was this translation helpful? Give feedback.
-
Hi Tim Thanks for the guide TIA Søren |
Beta Was this translation helpful? Give feedback.
-
Good day, |
Beta Was this translation helpful? Give feedback.
-
Thanks so much for this! I got it working finally (fyi for those that block preprogrammed dns on individual devices, you need to allow the system/container this is installed on to access ports 80 & 444 to get the certificates; this tripped me up for awhile). Silly question but how do I then add additional services to the config file? Do I need separate files? |
Beta Was this translation helpful? Give feedback.
-
posts/traefik-3-docker-certificates/
In today’s Traefik tutorial we’ll get FREE Wildcard certificates to use in our HomeLab and with all of our internal self-hosted services. We’re going to set up Traefik 3 in Docker and get Let’s Encrypt certificates using Cloudflare as our DNS Provider (we’ll cover how to set up others too). Then we’ll configure local DNS using PiHole (or any other local DNS) to route to our services that are now protected with secure certificates!
https://technotim.live/posts/traefik-3-docker-certificates/
Beta Was this translation helpful? Give feedback.
All reactions