We have a Docker Swarm Cluster with Consul + Traefik as a proxy for our microservices. Traefik v1.6.1 was installed and now we have to configure de SSL certificate.
This certificate is a wildcard certificate (*.mydomain.com) to support our micro services availables in subdomains as "microservice2.mydomain.com".
For this purpose, we would like to know if it is possible to set the entire certificate chain on Traefik, and how could it be done.
Regards,
Related
I'm configuring multiple domains in docker-compose and to route traffic I would like to use Traefik. He has very nice ability to create and manage letsencrypt certificate but some of my domains have enterprise SSL certificates from ssl provider (comodo).
My question is it possible to configure traefik such that it will be generate, manage letsencrypt certificates and at the same time he will be handle "static" certificates from another providers, e.g. comodo?
I have a running docker droplet on DigitalOcean but this droplet running on http and I want to run it on https.
I don't want to purchase any domain name. Actually I don't need a domain name, ip address is enough.
Certbot and Letsencrypt are not allowing creating SSL certificate on bare IP address.
Is there any solution for this problem?
How can I do that?
Thank you for your collaborations.
Use openssl for generating the certificates and make the docker daemon trust those certificates.
I am having a website running on container port 80 and 443. I am using ready docker image from docker hub.
I have enabled SSL on Kubernetes using ingress.
I can not generate a certificate inside the pod. If I create cert inside the pod manually then at the time of service Apache restart then the container will restart and the whole pod will be created again. The WHOLE setup will change as default in docker image.
So how to install SSL on this website. Currently, it is giving an error of self-signed certificate.
It is like you are describing, you are using a self-signed certificate.
If you want to remove the warning or error you will have to get a certificate from a well known CA like Comodo or Symantec. If not you will have to trust the CA that you used to create your self-signed certificate. This is an example on how to do it on Ubuntu.
Hope it helps!
I Have multiple Docker containers exposing their respective ports which I am bringing up using docker-compose, I have a service which is running on port 80.
I need to add SSL Certificate for all those Containers, Such that the application running on port 80 will be https
You can either keep certificate on a reverse proxy or propagate through service configuration tools - which one depends on your infrastructure. One example might be vault
I would like to use kubernetes for gitlab runner.
I have a gitlab instance on server 1 and kubernetes on server 2 (with gitlab runner) .
I installed kubernetes with kubeadm and flannel network pod.
When I launch the build, I can connect with kubernetes.
But, the job is not running.
I have this error:
Post https://<master_ip>:<master_port>/api/v1/namespaces/gitlab/pods: x509: certificate signed by unknown authority
So I know it is a ssl issue.
Do I must create a ssl certificates?
And how and which argument?
Thanks for help
have you tried making a service account on kubernetes and generate a bearer token? Not sure if gitlab works with tokens. If not you'll need the following:
The following options are provided, which allow you to connect to the Kubernetes API:
host: Optional Kubernetes apiserver host URL (auto-discovery attempted if not specified)
cert_file: Optional Kubernetes apiserver user auth certificate
key_file: Optional Kubernetes apiserver user auth private key
ca_file: Optional Kubernetes apiserver ca certificate
So in short, you'll have to generate a key-cert combo based on the ca that you kubernetes apiserver uses. The content of your combo can be the following (this is a raw json example config that I use for cfssl):{"CN":"worker","hosts":[],"key":{"algo":"rsa","size":2048},"names":[{"C":"US","L":"OV","OU":"Devops"}]}