cameleer/cameleer-saas
2
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: move TLS default cert config to Traefik dynamic config
All checks were successful
CI / build (push) Successful in 1m17s
Details
CI / docker (push) Successful in 13s
Details

Browse Source 
Traefik v3 ignores tls.stores.default in the static config, causing it
to serve its auto-generated fallback cert instead of the platform cert.
Moving the default certificate store to the dynamic config (file
provider) fixes this — Traefik now serves the correct cert and also
picks up cert rotations without a restart.

This was the root cause of OIDC PKIX failures: the server imported the
CA into its JVM truststore, but Traefik was serving a different cert
entirely.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-11 11:45:02 +02:00
parent 3b8b76d53e
commit 9163f919c8
2 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docker/traefik-dynamic.yml
View File

@@ -15,3 +15,10 @@ http:
regex: "^(https?://[^/]+)/?$" regex: "^(https?://[^/]+)/?$"
replacement: "${1}/platform/" replacement: "${1}/platform/"
permanent: false permanent: false
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certs/cert.pem
keyFile: /etc/traefik/certs/key.pem

6
traefik.yml
View File

@@ -22,9 +22,3 @@ providers:
file: file:
filename: /etc/traefik/dynamic.yml filename: /etc/traefik/dynamic.yml
tls:
stores:
default:
defaultCertificate:
certFile: /etc/traefik/certs/cert.pem
keyFile: /etc/traefik/certs/key.pem