souin icon indicating copy to clipboard operation
souin copied to clipboard

Published 20 hours ago verified publisher icon darkweak

[Standalone] Traefik SSL Certificates not properly loading

Open Keridos opened this issue 3 years ago • 1 comments

Using souin out of the box standalone as proxy in front of traefik but it does not seem to load the correct certificates from the traefik acme.json. I get errors like: http: TLS handshake error from ip:35338: remote error: tls: bad certificate

This is my docker-compose.yml:

services:
  #  ----- Webserver Frontend
  traefik:
    image: traefik:latest
    security_opt:
      - no-new-privileges:true
    container_name: traefik
    restart: always
    networks:
      - proxy
      - socket_proxy
    volumes:
      - /etc/docker_cfg/traefik/:/etc/traefik
      - /etc/docker_cfg/traefik/acme.json:/acme.json
      - /var/log/traefik:/var/log
    environment:
      - HETZNER_API_KEY=$HETZNER_API_KEY
      - HETZNER_TTL=600
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.dummyService.loadbalancer.server.port=1337"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.$DOMAIN_NAME0`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls=true"
      - 'traefik.http.routers.dashboard.tls.certresolver=default'
      - "traefik.http.routers.dashboard.middlewares=secure"

      # Authelia Stuff
      - "traefik.http.middlewares.secure.chain.middlewares=security@file,authelia"
      - "traefik.http.middlewares.authelia.forwardauth.address=http://authelia:9091/api/verify?rd=https://authelia.${DOMAIN_NAME0}"
      - "traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true"
      - "traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email"

  souin:
    image: darkweak/souin:latest
    container_name: souin
    restart: always
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    environment:
      GOPATH: /app
    volumes:
      - /etc/docker_cfg/traefik/acme.json:/ssl/traefik.json:ro
      - /etc/docker_cfg/souin/configuration.yml:/configuration/configuration.yml

And this is my souin configuration:

reverse_proxy_url: 'http://traefik'
log_level: INFO # Logs verbosity [ DEBUG, INFO, WARN, ERROR, DPANIC, PANIC, FATAL ], case do not matter
ssl_providers: # The {providers}.json to use
  - traefik
default_cache:
  port: # Ports on which Souin will be exposed
    web: 80
    tls: 443
  allowed_http_verbs: # Allowed HTTP verbs to cache (default GET, HEAD).
    - GET
    - POST
    - HEAD
  headers: # Default headers concatenated in stored keys
    - Authorization
    - Content-Type
  stale: 1000s # Stale duration
  ttl: 1000s # Default TTL
  default_cache_control: no-store # Set default value for Cache-Control response header if not set by upstream

Keridos avatar Nov 02 '22 23:11 Keridos

Hey @Keridos the standalone server is not actively maintained and was first for development purpose. If you use Træfik I recommend to use the plugin (but you'll discover the fabulous Yægi interpreter and it's random breaking changes). Anyway I'll make a PR to fix issues in the Souin standalone distribution.

darkweak avatar Nov 12 '22 20:11 darkweak