Traefik Self-Signed SSL

Dan_W · June 7, 2020, 6:49am

Hi all, I am new to this forum. I have recently started using Traefik with my docker containers and must say it is fantastic. Currently. I am trying to get one of my docker containers to use a custom self-signed SSL. I have followed some instructions I have gathered from browsing around the internet and everything else works fine however my container keeps using a traefik default certificate rather than the custom one I would like it to use. Can someone help me on how I can achieve this please? To be honest, I am not exactly clear on how the docker containers pick and use an SSL certificate and the documentation I have read does not seem to make it clear either. Here is what I have done so far.

Docker Compose yml file for Traefik
version: '3' services: traefik: image: "traefik:v2.2" ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock - ~/docker-data/traefik/traefik.yml:/etc/traefik/traefik.yaml:ro labels: - "traefik.enable=true" - "traefik.http.routers.api.rule=Host(`traefik.com`)" - "traefik.http.routers.api.entrypoints=insecure" - "traefik.http.routers.api.service=api@internal" - "traefik.http.routers.api.middlewares=api-auth" - "traefik.http.middlewares.api-auth.basicauth.users=admin:..." container_name: traefik networks: default: external: name: "web"

My Traefik yml file

```
providers: # You can add more than one provider if needed
  docker:
    endpoint: "unix:///var/run/docker.sock"
    network: "web" # Custom docker network
    exposedByDefault: false # Only expose explicitly enabled containers

  file:
    filename: ~/docker-data/traefik/dynamic_conf.yml
    watch: true

entryPoints:
  insecure:
    address: ":80"
  secure:
    address: ":443"

api:
  dashboard: true
```

My dynamic configuration file

```
# Dynamic configuration
tls:
  certificates:
    - certFile: "~/ssl/bwtest-cert.pem"
      keyFile: "~/ssl/bwtest-key.pem"
```

My docker container:

```
---
version: '3'
services:
  bwtest:
    image: bitwardenrs/server
    restart: always
    container_name: bwtest
    volumes:
      - bw-test-data:/data
#      - bw-test-ssl:/ssl
    environment:
      LOG_FILE: '/data/bw.log'
      SHOW_PASSWORD_HINT: 'true'
    labels:

      - traefik.enable=true
      - traefik.docker.network=web
      - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
      - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
      - traefik.http.routers.bitwarden-ui-https.rule=Host(`bwtest.com`)
      - traefik.http.routers.bitwarden-ui-https.entrypoints=secure
      - traefik.http.routers.bitwarden-ui-https.tls=true
      - traefik.http.routers.bitwarden-ui-https.service=bwtest
      - traefik.http.routers.bitwarden-ui-http.rule=Host(`bwtest.com`)
      - traefik.http.routers.bitwarden-ui-http.entrypoints=insecure
      - traefik.http.routers.bitwarden-ui-http.middlewares=redirect-https
      - traefik.http.routers.bitwarden-ui-http.service=bwtest
      - traefik.http.services.bwtest.loadbalancer.server.port=80
      - traefik.http.routers.mydomain.tls.domains[0].main=bwtest.com
      - traefik.http.routers.mydomain.tls.domains[0].sans=www.bwtest.com
    networks:
      - web
networks:
  web:
    external: true
volumes:
  bw-test-data:
  bw-test-ssl:
```