A few months back I was looking for an HTTP reverse proxy and load balancer to put in front of our Docker setup. By accident I came across traefik. I deployed it on one of our internal servers and it worked out-of-the box. Recently we configured a Docker setup for one of our clients and I picked traefik again. Since this setup will host some public instances the customer demanded SSL encryption. Luckily traefik comes with support for Let's Encrypt built in. I added the needed configuration to the traefik configuration file:
# Email address used for registration
email = "firstname.lastname@example.org"
# File used for certificates storage.
storageFile = "/etc/traefik/acme.json"
# Entrypoint to proxy acme challenge to.
entryPoint = "https"
# Enable on demand certificate.
onDemand = true
# Enable certificate generation on frontends Host rules.
OnHostRule = true
Unfortunately the setup did not work. Traefik would not connect to Let's Encrypt, instead the traefik logs showed a "runtime error: invalid memory address".
Thanks to some help from another Traefik user the fix was simple: My https configuration was lacking the TLS option which is needed by traefik when Let's Encrypt support is enabled. I just had to slightly change the configuration to make it work:
address = ":80"
address = ":443"