Hey everyone,
I am currently setting up Traefik as a loadbalancer / reverse-proxy in NixOS-unstable.
Everything is working fine until I try to load a selfsigned cert.pem
and key.pem
in the data directory of traefik.
Input:
Configuration:
services.traefik = {
enable = true;
dynamicConfigOptions = {
http.middlewares.prefix-strip.stripprefixregex.regex = "/[^/]+";
http = {
services = {
rtl.loadBalancer.servers = [ { url = "http://169.254.1.29:3000/"; } ];
spark.loadBalancer.servers = [ { url = "http://169.254.1.17:9737/"; } ];
};
routers = {
rtl = {
rule = "PathPrefix(`/rtl`,`/rtl/`)";
entryPoints = [ "websecure" ];
service = "rtl";
tls = true;
};
spark = {
rule = "PathPrefix(`/spark`,`/spark/`)";
entryPoints = [ "websecure" ];
middlewares = "prefix-strip";
service = "spark";
tls = true;
};
};
};
tcp = {
services = {
electrs.loadBalancer.servers = [ { address = "169.254.1.16:50001"; } ];
};
routers = {
electrs = {
rule = "HostSNI(`*`)";
entryPoints = [ "electrs" ];
service = "electrs";
tls = true;
};
};
};
tls = {
certificates = {
certFile = "/var/lib/traefik/cert.pem";
keyFile = "/var/lib/traefik/key.pem";
};
};
};
staticConfigOptions = {
accessLog = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure.address = ":443";
electrs.address = ":50002";
};
};
};
Certificate
a new cert.pem
and key.pem
pair in /var/lib/traefik/
via
openssl req -x509 -newkey rsa:4096 -keyout /var/lib/traefik/key.pem -out /var/lib/traefik/cert.pem -sha256 -days 365 -nodes
Expected Output
The cert gets loaded and works
Actual Output
time="2022-10-26T22:10:42+02:00" level=error msg="Unable to append certificate to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
time="2022-10-26T22:10:42+02:00" level=error msg="Unable to append certificate to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
Thanks for your help