Traefik：Netcup DNS 验证 Let's Encrypt 证书的配置

在之前的文章使用 Let’s Encrypt Cloudflare DNS-01、TLS-ALPN-01 和 HTTP-01 挑战的简单 Traefik docker-compose 设置中，我们展示了如何使用 docker-compose 标签配置 Traefik。

以下是为 Netcup 配置（替代或附加于 Cloudflare）需要添加到标签中的内容。

在 docker-compose.yml 的 labels: 节中添加：

docker-compose.labels.yml

#
      - "--certificatesresolvers.netcup-ec384.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.netcup-ec384-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384-staging.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384-staging.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384-staging.acme.storage=/letsencrypt/acme.json"

#
      - "--certificatesresolvers.netcup-ec384.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.netcup-ec384-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384-staging.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384-staging.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384-staging.acme.storage=/letsencrypt/acme.json"

在 docker-compose.yml 的 environment: 节中添加：

docker-compose.env.yml

      - NETCUP_CUSTOMER_NUMBER=123456
      - NETCUP_API_KEY=Qk5Xc1R2U3k4aU9mR1pXNkptQm9qTkpsQ1REdDZRQ2U3
      - NETCUP_API_PASSWORD=cW9LQ1p3L1FqV0ZrSmZpQ09rR1NwN2hUa0x4V1o1

      - NETCUP_CUSTOMER_NUMBER=123456
      - NETCUP_API_KEY=Qk5Xc1R2U3k4aU9mR1pXNkptQm9qTkpsQ1REdDZRQ2U3
      - NETCUP_API_PASSWORD=cW9LQ1p3L1FqV0ZrSmZpQ09rR1NwN2hUa0x4V1o1

现在重启 Traefik 实例以应用更改。

在服务的 docker-compose.yml 中，可以这样使用：

service_labels_example.yml

            labels:
                  - "traefik.enable=true"
                  - "traefik.http.routers.seafile-mydomain.rule=Host(`seafile.mydomain.com`)"
                  - "traefik.http.routers.seafile-mydomain.entrypoints=websecure"
                  - "traefik.http.routers.seafile-mydomain.tls.certResolver=netcup-ec384"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].main=mydomain.com"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].sans=*.mydomain.com"

            labels:
                  - "traefik.enable=true"
                  - "traefik.http.routers.seafile-mydomain.rule=Host(`seafile.mydomain.com`)"
                  - "traefik.http.routers.seafile-mydomain.entrypoints=websecure"
                  - "traefik.http.routers.seafile-mydomain.tls.certResolver=netcup-ec384"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].main=mydomain.com"
                  - "traefik.http.routers.seafile-mydomain.tls.domains[0].sans=*.mydomain.com"

Check out similar posts by category:

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee