Add doc for self-signed certificates
This commit is contained in:
parent
79685c728b
commit
32e700f076
|
@ -29,6 +29,45 @@ devture_traefik_config_entrypoint_web_secure_enabled: false
|
|||
|
||||
## Using self-signed SSL certificates
|
||||
|
||||
Using self-signed certificates with Traefik is a somewhat involved processes, where you need to manually mount the files into the container and adjust the "static" configuration to refer to them.
|
||||
To use self-signed SSL certificates, you need to disable the certResolvers and the traefik-certs-dumper tool.
|
||||
You also need to override the providers.file setting in the Traefik configs.
|
||||
Create a file 'certificates.yml' in /devture-traefik/config/ with the following content:
|
||||
|
||||
Feel free to research this approach on your own and improve this guide!
|
||||
```yaml
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: /ssl/cert.pem
|
||||
keyFile: /ssl/privkey.pem
|
||||
stores:
|
||||
default:
|
||||
defaultCertificate:
|
||||
certFile: /ssl/cert.pem
|
||||
keyFile: /ssl/privkey.pem
|
||||
```
|
||||
|
||||
Place the key and your certificate in /devture-traefik/ssl/
|
||||
You can use the matrix-aux role for this:
|
||||
|
||||
```yaml
|
||||
matrix_aux_file_definitions:
|
||||
- dest: /devture-traefik/ssl/privkey.pem
|
||||
src: /path/to/privkey.pem
|
||||
- dest: /devture-traefik/ssl/cert.pem
|
||||
src: /path/to/cert.pem
|
||||
- dest: /devture-traefik/config/certificates.yml
|
||||
src: /path/to/certificates.yml
|
||||
```
|
||||
|
||||
Then add the following to your vars.yml:
|
||||
|
||||
```yaml
|
||||
devture_traefik_config_certificatesResolvers_acme_enabled: false
|
||||
devture_traefik_certResolver_primary: ''
|
||||
devture_traefik_ssl_dir_enabled: true
|
||||
devture_traefik_configuration_extension_yaml: |
|
||||
providers:
|
||||
file:
|
||||
filename: /config/certificates.yml
|
||||
watch: true
|
||||
matrix_playbook_traefik_certs_dumper_role_enabled: false
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue