add option for self signed or provided certificate #37

New Issue

yksflip · 2022-08-21T14:07:13Z

yksflip commented

2022-08-21 14:07:13 +00:00

I think it would be really cool to have a option to use a self-signed or provided certificate instead of acme.
We realised it's difficult to use the traefik recipe in local-area environments or local testing without public ip address.

I think it would be really cool to have a option to use a self-signed or provided certificate instead of acme. We realised it's difficult to use the traefik recipe in local-area environments or local testing without public ip address.

👍 2

cas commented

2023-05-03 16:53:55 +00:00

Big ol' plus one from me. This would be extremely useful.

decentral1se commented

2023-05-05 09:05:21 +00:00

Seems you'd to drop back to the file provider method for this over in https://doc.traefik.io/traefik/https/tls/#user-defined (see https://docs.coopcloud.tech/operators/handbook/#proxying-apps-outside-of-co-op-cloud-with-traefik for more). Not sure how you'd turn off the default tls production/staging resolver configuration tho? Maybe just dropping that label? Would need some testing and fiddling around for sure.

Just running Traefik locally without any certificates is pretty handy btw https://doc.traefik.io/traefik/getting-started/quick-start/ but our setup just prioritises "production" mode. There could be ways to have a "local-first" Traefik config?

Seems you'd to drop back to the file provider method for this over in https://doc.traefik.io/traefik/https/tls/#user-defined (see https://docs.coopcloud.tech/operators/handbook/#proxying-apps-outside-of-co-op-cloud-with-traefik for more). Not sure how you'd turn off the default tls `production`/`staging` resolver configuration tho? Maybe just dropping that label? Would need some testing and fiddling around for sure. Just running Traefik locally without any certificates is pretty handy btw https://doc.traefik.io/traefik/getting-started/quick-start/ but our setup just prioritises "production" mode. There could be ways to have a "local-first" Traefik config?

wolcen commented

2023-12-10 04:34:21 +00:00

I have a WIP for this which is working for me. See coop-cloud/traefik#45

Note the caveat: I did not specifically change the labels to disable the cert resolver, but either do that or set LETS_ENCRYPT_ENV=staging in your config. (Also, using trafik:v2.10.7, but I doubt this effects anything - haven't checked the changelog to be sure though.)

I have a WIP for this which is working for me. See coop-cloud/traefik#45 Note the caveat: I did not specifically change the labels to disable the cert resolver, but either do that or set `LETS_ENCRYPT_ENV=staging` in your config. (Also, using trafik:v2.10.7, but I doubt this effects anything - haven't checked the changelog to be sure though.)

decentral1se commented

2023-12-11 10:58:27 +00:00

Left a review: #45 (comment)

Any more eyeballs on the change set? Would be much appreciated folks.

Left a review: https://git.coopcloud.tech/coop-cloud/traefik/pulls/45#issuecomment-19175 Any more eyeballs on the change set? Would be much appreciated folks.

wolcen commented

2024-01-12 02:50:54 +00:00

Marking as no longer WIP. I also updated the commit history to use the e.g. feat: etc.

Side note: while I stepped up to 2.10.7, 2.11.0 has a release candidate with one deprecation (IPWhiteList -> IPAllowList).

Marking as no longer WIP. I also updated the commit history to use the e.g. feat: etc. Side note: while I stepped up to 2.10.7, 2.11.0 has a [release candidate](https://github.com/traefik/traefik/releases/tag/v2.11.0-rc1) with one deprecation (IPWhiteList -> IPAllowList).

❤️ 1

wolcen commented

2024-01-17 20:45:12 +00:00

!45 has been merged, woohoo!

🎉 1

wolcen closed this issue

2024-01-17 20:45:12 +00:00

Sign in to join this conversation.