ソースを参照

ssl cert store update and self-signed cert support

xcad2k 4 年 前
コミット
4e6e48dc52

+ 1 - 2
docker-compose/prometheus-grafana/docker-compose.yml

@@ -1,4 +1,3 @@
----
 version: '3'
 
 volumes:
@@ -21,7 +20,7 @@ services:
       - "--config.file=/etc/prometheus/prometheus.yml"
 
   grafana:
-    image: grafana/grafana:latest
+    image: grafana/grafana-oss:latest
     container_name: grafana
     ports:
       - "3000:3000"

+ 29 - 28
docker-compose/traefik/config/traefik.yml

@@ -37,36 +37,37 @@ entryPoints:
   websecure:
     address: :443
 
-# Certificates configuration
+# Configure your CertificateResolver here...
 # ---
-# TODO: Custmoize your Cert Resolvers and Domain settings
-# 
-certificatesResolvers:
-# LET'S ENCRYPT:
-# ---
-# 
-  staging:
-    acme:
-      email: your-email@example.com  # TODO: Change this to your email
-      storage: /ssl-certs/acme.json
-      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
-      httpChallenge:
-        entryPoint: web
-  production:
-    acme:
-      email: your-email@example.com  # TODO: Change this to your email
-      storage: /ssl-certs/acme.json
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
-      httpChallenge:
-        entryPoint: web
+# certificatesResolvers:
+#   staging:
+#     acme:
+#       email: your-email@example.com
+#       storage: /etc/traefik/certs/acme.json
+#       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
+#       httpChallenge:
+#         entryPoint: web
+#
+#   production:
+#     acme:
+#       email: your-email@example.com
+#       storage: /etc/traefik/certs/acme.json
+#       caServer: "https://acme-v02.api.letsencrypt.org/directory"
+#       httpChallenge:
+#         entryPoint: webproviders:
+
+# (Optional) Overwrite Default Certificates
+# tls:
+#   stores:
+#     default:
+#       defaultCertificate:
+#         certFile: /etc/traefik/certs/cert.pem
+#         keyFile: /etc/traefik/certs/cert-key.pem
 
-# Provider Configuration
-# ---
-# TODO: Customize your Provider Settings if needed
-# 
 providers:
-# DOCKER:
-# ---
-#
   docker:
     exposedByDefault: false  # Default is true
+  file:
+    # watch for dynamic configuration changes
+    directory: /etc/traefik
+    watch: true

+ 0 - 5
docker-compose/traefik/docker-compose.yml

@@ -1,9 +1,5 @@
 version: '3'
 
-volumes:
-  traefik-ssl-certs:
-    driver: local
-
 services:
   traefik:
     image: "traefik:v2.5"
@@ -15,5 +11,4 @@ services:
       - "8080:8080"  # Don't do this in production!
     volumes:
       - /etc/traefik:/etc/traefik
-      - traefik-ssl-certs:/ssl-certs
       - /var/run/docker.sock:/var/run/docker.sock:ro