Proxy and certificates

Traefik is the HTTP proxy server used to access HTTP and HTTPS services, and it also manages TLS certificates of the local cluster node. See Traefik README for more information.

When a TLS certificate is uploaded from the cluster-admin UI, or it was requested with ACME protocols and obtained from Let’s Encrypt, the Traefik module notifies the certificate-changed event, with a JSON message that contains the following fields:

  • node_id (integer): the node id where the Traefik instance is running,
  • module_id (string): the ID of Traefik itself,
  • names (array): list of DNS names (also wildcard patterns) that are affected by the changed certificate.

Example:

{
    "node_id": 2,
    "module_id": "traefik2",
    "names": ["*.example.org", "www.example.com"]
}

The event is published in the Redis channel module/traefik<X>/event/certificate-changed.

Applications that listen for this event can obtain the certificate and its private key by calling the get-certificate action on the module that generated the event.

For more information, refer to TLS certificates under the Modules section.