本环境为archwsl+docker配置完成。
目录结构为:
CA证书的生成使用的是ca.sh 这个脚本:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
cat ca.sh
#!/bin/sh
OUTPUT_FILENAME="lab.com"
printf "[req]
prompt = no
default_bits = 4096
default_md = sha256
encrypt_key = no
string_mask = utf8only
distinguished_name = cert_distinguished_name
req_extensions = req_x509v3_extensions
x509_extensions = req_x509v3_extensions
[ cert_distinguished_name ]
C = CN
ST = BJ
L = BJ
O = lab.com
OU = lab.com
CN = lab.com
[req_x509v3_extensions]
basicConstraints = critical,CA:true
subjectKeyIdentifier = hash
keyUsage = critical,digitalSignature,keyCertSign,cRLSign #,keyEncipherment
extendedKeyUsage = critical,serverAuth #, clientAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = lab.com
DNS.2 = *.lab.com
DNS.3 = *.local.lab.com
DNS.4 = *.local-test.lab.com
" >ssl/${OUTPUT_FILENAME}.conf
openssl req -x509 -newkey rsa:2048 -keyout ssl/$OUTPUT_FILENAME.key -out ssl/$OUTPUT_FILENAME.crt -days 3600 -nodes -config ssl/${OUTPUT_FILENAME}.conf
|
操作步骤如下:
1
2
3
|
mkdir -p ssl
sh ca.sh
ls -all ssl
|
当见到如下情况证明成功
把文件转到traefik的ssl目录下即可:
参考文档:
https://www.halobug.cn/posts/2020-12/traefik-%E9%85%8D%E7%BD%AEca%E8%AF%81%E4%B9%A6http%E8%BD%AChttps/