国内服务器不支持绑定域名,无法申请证书,不能在https页面通过js调用http的api,为了解决这个问题,去zerossl.com申请了一个ip证书。
在配置traefik的https的时候遇到了问题,最后发现在配置里的证书地址配错了,需要填写traefik的docker内地址
配置证书路径
这里在traefik的docker运行时增加一个硬盘映射:/root/traefik/dynamic:/etc/traefik/dynamic,将zerossl.com下载的证书复制到/root/traefik/dynamic/cert
|
1 2 3 4 5 6 7 8 9 10 11 12 |
## Dynamic configuration ... tls: stores: default: defaultCertificate: certFile: /etc/traefik/dynamic/cert/certificate.crt keyFile: /etc/traefik/dynamic/cert/private.key certificates: - certFile: /etc/traefik/dynamic/cert/certificate.crt keyFile: /etc/traefik/dynamic/cert/private.key ... |
配置routers
在动态配置文件的routers添加tls选项就可以开启https
|
1 2 3 4 5 6 7 8 9 10 11 |
## Dynamic configuration ... http: routers: https-root: entryPoints: - "websecure" rule: "( Path(`/`) )" service: "php@docker" tls: {} ... |
http跳转https
配置一个中间件来处理跳转
|
1 2 3 4 5 6 7 8 9 10 |
## Dynamic configuration ... http: ... middlewares: test-redirectscheme: redirectScheme: scheme: https permanent: true ... |
将中间件添加到http-router
|
1 2 3 4 5 6 7 8 9 10 11 12 |
## Dynamic configuration ... http: routers: http-root: entryPoints: - "web" rule: "( Path(`/`) )" service: "php@docker" middlewares: - test-redirectscheme ... |
There are no comments yet