Using Let's Encrypt with Traefik
A few months back I was looking for a HTTP reverse proxy and load balancer to put in front of our Docker setup. By accident I came across traefik. I deployed it on one of our internal servers and it worked out-of-the box. Recently we configured a Docker setup for one of our clients and I picked traefik again. Since this setup will host some public instances the customer demanded SSL encryption. Luckily traefik comes with support for Let's Encrypt built in. I added the needed configuration to the traefik configuration file:
[acme] # Email address used for registration email = "firstname.lastname@example.org" # File used for certificates storage. storageFile = "/etc/traefik/acme.json" # Entrypoint to proxy acme challenge to. entryPoint = "https" # Enable on demand certificate. onDemand = true # Enable certificate generation on frontends Host rules. OnHostRule = true
Unfortunately the setup did not work. Traefik would not connect to Let's Encrypt, instead the traefik logs showed a "runtime error: invalid memory address".
Thanks to some help from another Traefik user the fix was simple: My https configuration was lacking the TLS option which is needed by traefik when Let's Encrypt support is enabled. I just had to slightly change the configuration to make it work:
[entryPoints] [entryPoints.http] address = ":80" [entryPoints.https] address = ":443" [entryPoints.https.tls]