Hello,
in my previous post here I have managed to set up a reverse proxy with traefik for http.
In the meantime I have managed to get my domain on tor darknet and it works flawlessly.
Now I would like to secure the http traffic on normal clearnet using encryption certificates issued by let’s encrypt.
I have decided to go with traefik since it can already do that and I avoid installing more software.
Here are the relevant configs:
staticConfigOptions = {
entryPoints = {
http = {
address = ":80";
forwardedHeaders.trustedIPs = [ "127.0.0.1/32" "10.0.0.0/8" "192.168.0.0/16" ]; # "172.16.0.0/12"
};
https = {
address = ":443";
forwardedHeaders.trustedIPs = [ "127.0.0.1/32" "10.0.0.0/8" "192.168.0.0/16" ]; # "172.16.0.0/12"
};
};
certificateResolvers.len.acme = { # len = Let's ENcrypt
email = contactEmail;
storage = "/var/lib/traefik/acme.json";
# caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging
httpChallenge.entryPoint = "http";
};
};
dynamicConfigOptions = {
http = {
routers = {
# FEATURES
s1 = { service = "s1"; entryPoints = [ "http" "https" ];
rule = "Host(`s1.${domain}`) || Host(`s1.${torDomain}`)";
};
git = { service = "s2"; entryPoints = [ "http" "https" ];
rule = "Host(`s2.${domain}`) || Host(`s2.${torDomain}`)";
};
paperless = { service = "s3 entryPoints = [ "http" "https" ];
rule = "Host(`s3.${domain}`) || Host(`s3.torDomain}`)";
};
website = { service = "website"; entryPoints = [ "http" "https" ];
rule = "Host(`${domain}`) || Host(`${torDomain}`)";
tls.certResolver = "len";
};
};
services = {
website.loadBalancer.servers = [ { url = "http://localhost:8000"; } ];
s1.loadBalancer.servers = [ { url = "http://localhost:8001"; } ];
s2.loadBalancer.servers = [ { url = "http://localhost:8002"; } ];
s3.loadBalancer.servers = [ { url = "http://localhost:8003"; } ];
};
};
I get this error:
Router uses a non-existent certificate resolver certificateResolver=len routerName=website@file
and the config producing this variable is here:
[certificateResolvers]
[certificateResolvers.len]
[certificateResolvers.len.acme]
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
email = "my@mail"
storage = "/var/lib/traefik/acme.json"
[certificateResolvers.len.acme.httpChallenge]
entryPoint = "http"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "10.0.0.0/8", "192.168.0.0/16"]
[entryPoints.https]
address = ":443"
[entryPoints.https.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "10.0.0.0/8", "192.168.0.0/16"]
[providers]
[providers.file]
filename = "/nix/store/jvkihig776mx9f9svi9q781bs5ddzfg4-config.toml"
Now the website gives me a 404.
As you can see the len provider exists.
Does anyone know why this is the case?