Traefik-Konfiguration für Netcup DNS-basierte Let's Encrypt-Zertifikate

In unserem vorherigen Post Einfaches Traefik docker-compose-Setup mit Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01-Challenges haben wir gezeigt, wie man Traefik mit docker-compose-Labels konfiguriert.

Hier ist, was Sie zu den Labels hinzufügen müssen, um für Netcup zu konfigurieren (anstelle von oder zusätzlich zu Cloudflare).

Zur labels:-Sektion in docker-compose.yml fügen Sie dies hinzu:

docker-compose.labels.yml

#
      - "--certificatesresolvers.netcup-ec384.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.netcup-ec384-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384-staging.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384-staging.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384-staging.acme.storage=/letsencrypt/acme.json"

#
      - "--certificatesresolvers.netcup-ec384.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.netcup-ec384-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384-staging.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384-staging.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384-staging.acme.storage=/letsencrypt/acme.json"

Zur environment:-Sektion in docker-compose.yml fügen Sie dies hinzu:

docker-compose.env.yml

      - NETCUP_CUSTOMER_NUMBER=123456
      - NETCUP_API_KEY=Qk5Xc1R2U3k4aU9mR1pXNkptQm9qTkpsQ1REdDZRQ2U3
      - NETCUP_API_PASSWORD=cW9LQ1p3L1FqV0ZrSmZpQ09rR1NwN2hUa0x4V1o1

      - NETCUP_CUSTOMER_NUMBER=123456
      - NETCUP_API_KEY=Qk5Xc1R2U3k4aU9mR1pXNkptQm9qTkpsQ1REdDZRQ2U3
      - NETCUP_API_PASSWORD=cW9LQ1p3L1FqV0ZrSmZpQ09rR1NwN2hUa0x4V1o1

Starten Sie nun Ihre Traefik-Instanz neu, um die Änderungen zu übernehmen.

In einer docker-compose.yml für einen Service können Sie es so verwenden:

service_labels_example.yml

            labels:
                  - "traefik.enable=true"
                  - "traefik.http.routers.seafile-mydomain.rule=Host(`seafile.mydomain.com`)"
                  - "traefik.http.routers.seafile-mydomain.entrypoints=websecure"
                  - "traefik.http.routers.seafile-mydomain.tls.certResolver=netcup-ec384"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].main=mydomain.com"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].sans=*.mydomain.com"

            labels:
                  - "traefik.enable=true"
                  - "traefik.http.routers.seafile-mydomain.rule=Host(`seafile.mydomain.com`)"
                  - "traefik.http.routers.seafile-mydomain.entrypoints=websecure"
                  - "traefik.http.routers.seafile-mydomain.tls.certResolver=netcup-ec384"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].main=mydomain.com"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].sans=*.mydomain.com"

Check out similar posts by category:

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee