I'm trying to set up a home automation server, with docker, letsencrypt and traefik. Also using duckdns for ddns. I have some other containers like sickrage and so on on the same machine.
I've opened and forwarded ports 80 and 443 on the router to my ubuntu 18.04 server. When I try to connect to sickrage.myserver.duckdns.org on http I get the following error:
**Your connection is not private**
Attackers might be trying to steal your information from sabnzbd.myserver.duckdns.org
NET::ERR_CERT_AUTHORITY_INVALID
Here is my traefik.toml file:
logLevel = "WARN" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
defaultEntryPoints = ["http", "https"]
# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[api]
entryPoint = "traefik"
dashboard = true
address = ":8080"
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[file]
watch = true
filename = "${USERDIR}/docker/traefik/rules.toml"
# Let's encrypt configura
[acme]
caServer = "https://acme-v02.api.letsencrypt.org/directory"
email = "[email protected]" #any email id will work
storage="${USERDIR}/docker/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true
onDemand = false #create certificate when container is created
onHostRule = true
# Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
# uncomment 2 lines for subdirs
#[acme.httpChallenge]
[acme.dnsChallenge]
provider = "duckdns"
entryPoint = "https"
# uncomment follwoing for suubsomains
#[[acme.domains]]
#main = "myserver.duckdns.org"
#[[acme.domains]]
#main = "*.myserver.duckdns.org"
#[acme.dnsChallenge]
#provider = "duckdns"
#delayBeforeCheck = 0
# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "myserver.duckdns.org"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false
And parts of my docker-compose file:
---
version: "3.6"
services:
############################################# Frontends ############################
############################################# Traefik - Reverse proxy ###########################
traefik:
hostname: traefik
image: traefik:latest
container_name: traefik
restart: always
domainname: ${DOMAINNAME}
command: --api --docker --docker.domain=${DOMAINNAME} --docker.watch --loglevel=DEBUG
#command: --api --docker --docker.domain=docker.localhost --docker.watch --loglevel=DEBUG
networks:
- default
- traefik_proxy
depends_on:
- duckdns
environment:
- TOKEN=${DUCKDNS_TOKEN}
ports:
- "80:80"
- "443:443"
- "8008:8080"
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.port=8080"
- "traefik.protocol=http"
#- "traefik.frontend.auth.basic=patrick:$$2y$$05$$a8dtYfcMqH.kUFq3zZPGqe9kq7Tyok7.3/mKdMa1NaCuSwAZ0InOq"
#- "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /traefik"
- "traefik.frontend.rule=Host:traefik.${DOMAINNAME}"
- "traefik.docker.network=traefik_proxy"
- "traefik.frontend.entryPoints=https"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLHost=dellubuntu.duckdns.org"
- "traefik.frontend.headers.STSIncludeSubdomains=false"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
#- "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/docker/traefik/acme/acme.json:/acme.json
- ${USERDIR}/docker/traefik/traefik.toml:/traefik.toml
- ${USERDIR}/docker/letsencrypt/config/etc/letsencrypt:/le-ssl
- ${USERDIR}/docker/traefik:/etc/traefik
- ${USERDIR}/docker/shared:/shared
#Letsencrypt ------------------------ Letsencrypt
letsencrypt:
image: linuxserver/letsencrypt
container_name: le
#ports:
#- "447:443"
networks:
- default
- traefik_proxy
volumes:
- ${USERDIR}/docker/letsencrypt/config:/config
restart: always
depends_on:
- portainer
- heimdall
- organizr2
- lazylibrarian
- plex
- tautulli
- headphones
#- lidarr
- couchpotato
#- radarr
- sickrage
#- sonarr
#- airsonic
- glances
- ghost
- transmission-vpn
- sabnzbd
- huginn
- netdata
#- nextcloud
#- hydra2
#- nzbget
#- jackett
##- duplicati
##- bazarr
##- homeassistant
##- filebrowser
##- ombi
##- elkarbackup
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- URL=${DOMAINNAME}
- EMAIL=${EMAIL}
- SUBDOMAINS=wildcard
- VALIDATION=duckdns
- DUCKDNSTOKEN=${DUCKDNS_TOKEN}
- ONLY_SUBDOMAINS=false
- DHLEVEL=4096
The examples I've tried to follow doesn't include the letsencrypt container. Should I remove it? If so, how will letsencrypt keep track of stopped and started containers? Is there another way to get this running?
