homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Manage certificates dynamically in kv store

Browse source
This commit is contained in:
lishaoxiong 2017-11-23 18:50:03 +08:00 committed by Traefiker
parent 7063da1c7d
commit 1feeeb2eec
11 changed files with 604 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/basics.md
View file

@ -546,6 +546,7 @@ The dynamic configuration concerns :
- [Frontends](/basics/#frontends)
- [Backends](/basics/#backends)
- [Servers](/basics/#servers)
- HTTPS Certificates
Træfik can hot-reload those rules which could be provided by [multiple configuration backends](/configuration/commons).

36
docs/user-guide/kv-config.md
View file

@ -85,6 +85,9 @@ defaultEntryPoints = ["http", "https"]
keyFile = """-----BEGIN CERTIFICATE-----
<key file content>
-----END CERTIFICATE-----"""
[entryPoints.other-https]
address = ":4443"
[entryPoints.other-https.tls]
[consul]
endpoint = "127.0.0.1:8500"
@ -108,6 +111,7 @@ And there, the same global configuration in the Key-value Store (using `prefix =
| `/traefik/entrypoints/https/tls/certificates/0/keyfile` | `integration/fixtures/https/snitest.com.key` |
| `/traefik/entrypoints/https/tls/certificates/1/certfile` | `--BEGIN CERTIFICATE--<cert file content>--END CERTIFICATE--` |
| `/traefik/entrypoints/https/tls/certificates/1/keyfile` | `--BEGIN CERTIFICATE--<key file content>--END CERTIFICATE--` |
| `/traefik/entrypoints/other-https/address` | `:4443`
| `/traefik/consul/endpoint` | `127.0.0.1:8500` |
| `/traefik/consul/watch` | `true` |
| `/traefik/consul/prefix` | `traefik` |
@ -212,7 +216,7 @@ Remember the command `traefik --help` to display the updated list of flags.
## Dynamic configuration in Key-value store
Following our example, we will provide backends/frontends rules to Træfik.
Following our example, we will provide backends/frontends rules and HTTPS certificates to Træfik.
!!! note
This section is independent of the way Træfik got its static configuration.
@ -265,6 +269,21 @@ Here is the toml configuration we would like to store in the store :
entrypoints = ["http", "https"] # overrides defaultEntryPoints
backend = "backend2"
rule = "Path:/test"
[[tlsConfiguration]]
entryPoints = ["https"]
[tlsConfiguration.certificate]
certFile = "path/to/your.cert"
keyFile = "path/to/your.key"
[[tlsConfiguration]]
entryPoints = ["https","other-https"]
[tlsConfiguration.certificate]
certFile = """-----BEGIN CERTIFICATE-----
<cert file content>
-----END CERTIFICATE-----"""
keyFile = """-----BEGIN CERTIFICATE-----
<key file content>
-----END CERTIFICATE-----"""
```
And there, the same dynamic configuration in a KV Store (using `prefix = "traefik"`):
@ -310,6 +329,21 @@ And there, the same dynamic configuration in a KV Store (using `prefix = "traefi
| `/traefik/frontends/frontend2/entrypoints` | `http,https` |
| `/traefik/frontends/frontend2/routes/test_2/rule` | `PathPrefix:/test` |
- certificate 1
| Key | Value |
|----------------------------------------------------|--------------------|
| `/traefik/tlsconfiguration/1/entrypoints` | `https` |
| `/traefik/tlsconfiguration/1/certificate/certfile` | `path/to/your.cert`|
| `/traefik/tlsconfiguration/1/certificate/keyfile` | `path/to/your.key` |
- certificate 2
| Key | Value |
|----------------------------------------------------|-----------------------|
| `/traefik/tlsconfiguration/2/entrypoints` | `https,other-https` |
| `/traefik/tlsconfiguration/2/certificate/certfile` | `<cert file content>` |
| `/traefik/tlsconfiguration/2/certificate/certfile` | `<key file content>` |
### Atomic configuration changes
Træfik can watch the backends/frontends configuration changes and generate its configuration automatically.