在DNS服务商申请token给traefik用来申请证书

DNSPOD

1. 登录官网
2. 在控制台中打开安全设置

3. 点击密钥管理

4. 点击创建密钥

4. 把密钥信息(id和token)保存下来(包括但不限于截图、复制到文本文件等手段, 随你喜欢)

5. 把id和token组合而成的login token填入到traefik的环境变量中

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

   version: '3' networks: traefik: services: traefik: # The official v2.0 Traefik docker image image: traefik:v2.0.4 restart: always container_name: traefik networks: - traefik ports: # The HTTP port - "80:80" # The Web UI - "8080:8080" - "443:443" expose: - 8080 environment: # DNSPOD - DNSPOD_API_KEY=126408,fb4d4667270f6e6b216cfe9a527bca76 volumes: # docker - "/var/run/docker.sock:/var/run/docker.sock:ro" # config - "./traefik.yml:/etc/traefik/traefik.yml" - "./dynamic.yml:/etc/traefik/dynamic.d/dynamic.yml" # log - "./log:/data/traefik/log/" # https - "./ca/:/data/traefik/ca/"

   这一步我要说一下, 理论上来说, 这样应该是可以的了, 因为我用curl测试的话是可以访问的

   1 2 3

   curl -X POST https://dnsapi.cn/Domain.List -d 'login_token=126408,fb4d4667270f6e6b216cfe9a527bca76&format=json' {"status":{"code":"1","message":"Action completed successful","created_at":"2019-11-24 22:58:30"},"info":{"domain_total":1,"all_total":1,"mine_total":"1","share_total":"0","vip_total":"0","ismark_total":"0","pause_total":"0","error_total":"0","lock_total":"0","spam_total":"0","vip_expire":0,"share_out_total":0},"domains":[{"id":64856337,"status":"enable","grade":"DP_Free","group_id":"1","searchengine_push":"yes","is_mark":"no","ttl":"600","cname_speedup":"disable","remark":"","created_on":"2018-03-09 18:06:05","updated_on":"2018-03-10 14:16:52","punycode":"alexc.cn","ext_status":"","src_flag":"QCLOUD","name":"alexc.cn","grade_title":"\u65b0\u514d\u8d39\u5957\u9910","is_vip":"no","owner":"qcloud_uin_894057821@qcloud.com","records":"13"}]}%

   而且我翻过源码, 发现traefik的ACME是引用了lego实现的, 而lego则是引用了dnspod-go来实现对dnspod的相关API操作, 而且我也跑过一下这个的源码, 是可以解析的, 但就是在traefik上不行, 会报无法解析/解析错误之类的错, 而我在考虑到后面会用CLOUDFLARE的DNS来解析我的域名, 我也就没深究下去了. 如果有人愿意研究一下的话, 可以看看是什么情况.

CLOUDFLARE

注意: 这里需要你在CLOUDFLARE里已经有一个可用的域名

1. 登录官网
2. 进入profile

3. 点击API Tokens

4. 点击Create Token, 并选择Start with a template这个radio button

5. 选择Edit DNS Zone这个模板

6. 为这个token选择要应用的目标域名

7. 然后点下一步、再点下一步,就会出现你要的token

8. 将这个用于DNS的token填入环境变量中的API token

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

version: '3'
networks:
  traefik:
services:
  traefik:
    # The official v2.0 Traefik docker image
    image: traefik:v2.0.4
    restart: always
    container_name: traefik
    networks:
      - traefik
    ports:
      # The HTTP port
      - "80:80"
      # The Web UI
      - "8080:8080"
      - "443:443"
    expose:
      - 8080
    environment:
      # CLOUDFLARE
      - CF_API_EMAIL=alexcdever@gmail.com
      - CF_API_KEY=xxxxxxxxxxxxxxxx
      - CF_DNS_API_TOKEN=GXdy_q3t-Ea__SiRyjFCWuurA3bHVKgKijBOv9AX

    volumes:
      # docker
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      # config
      - "./traefik.yml:/etc/traefik/traefik.yml"
      - "./dynamic.yml:/etc/traefik/dynamic.d/dynamic.yml"
      # log
      - "./log:/data/traefik/log/"
      # https
      - "./ca/:/data/traefik/ca/"

9. 再点击一下这里回到token管理页

10. 点击这里你就可以看到CF_API_KEY这个环境变量对应的key了