Fix traefik issues with certs and update notes.

2025-10-05 05:37:29 -07:00 · 2023-04-11 22:25:49 +00:00 · 2023-04-11 22:25:49 +00:00 · c9fed73d51
commit c9fed73d51
parent fe762476b5
3 changed files with 33 additions and 14 deletions
--- a/traefik/README.md
+++ b/traefik/README.md
@ -8,6 +8,25 @@ For setup I followed this official Traefik tutorial: https://doc.traefik.io/trae

 GENERAL NOTE: Don't restart the container that often because it issues Let'sEncrypt challenges that can get you rate limited quickly. (1hr cooldown)

+## GENERAL REMINDERS
+
+There is some funkiness with Traefik's acme.json file. The container is supposed to create it and manage it but due to docker linking of files and folders this gets mixed up.
+
+Reading the logs can help you understand, need to look backward from the cert resolver that i've called lets-encrypt.
+
+To make Traefik correctly populate the acme.json do the following:
+
+1. create acme.json yourself.
+
+2. Make sure the mount in docker works with the definition of the certresolver in traefik.toml.
+
+I found that we needed to have a full path (or at least a path that contained a folder, so that traefik didn't get confused and think that acme.json was a folder.
+
+3. Give the acme.json file specific permissions (600) e.g. `chmod 600 acme.json`
+
+4. Run docker-compose, does not require you to be root.
+
+
 ### Baby Steps Setup

 ##### Step 1
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@ -1,4 +1,4 @@
-version: "3.3"
+version: "3"

 networks:
  traefik-network:
@ -6,24 +6,24 @@ networks:
 services:

  traefik:
-    image: "traefik:v2.9"
-    container_name: "traefik"
-    restart: always
+    image: traefik:v2.9
+    container_name: traefik
+    #restart: always
    networks:
      - traefik-network
    ports:
-      - "80:80"
-      - "8080:8080"
-      - "443:443"
+      - 80:80
+      - 8080:8080
+      - 443:443
    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock:ro"
-      - "./traefik.toml:/etc/traefik/traefik.toml"
-      - "./traefik-dynamic.toml:/etc/traefik/dynamic/traefik-dynamic.toml"
-      - "./acme.json:/acme.json"
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./traefik.toml:/etc/traefik/traefik.toml
+      - ./traefik-dynamic.toml:/etc/traefik/dynamic/traefik-dynamic.toml
+      - ./acme.json:/etc/acme.json

  whoami:
-    image: "traefik/whoami"
-    container_name: "whoami_traefik"
+    image: traefik/whoami
+    container_name: whoami_traefik
    networks:
      - traefik-network
    labels:
--- a/traefik/traefik-BLANKED.toml
+++ b/traefik/traefik-BLANKED.toml
@ -20,7 +20,7 @@

 [certificatesResolvers.lets-encrypt.acme]
  email = "runyanjake@gmail.com"
-  storage = "acme.json"
+  storage = "/etc/acme.json"
  [certificatesResolvers.lets-encrypt.acme.tlsChallenge]

 [providers]