starred/traefik-manager
1
0
Fork 0
mirror of https://github.com/chr0nzz/traefik-manager.git synced 2026-05-09 05:35:22 +02:00
Code Issues 1 Projects Packages Wiki Activity

[GH-ISSUE #30] Disable certificatesResolvers when using only tls/store with externaly generated certs files #29

New issue
Closed
opened 2026-05-06 12:22:49 +02:00 by BreizhHardware · 6 comments
BreizhHardware commented 2026-05-06 12:22:49 +02:00
Owner
Copy link

Originally created by @dginhoux on GitHub (May 1, 2026).
Original GitHub issue: https://github.com/chr0nzz/traefik-manager/issues/30

Originally assigned to: @chr0nzz on GitHub.

Hi,

I'm discovering this new tools for traefik. Good idea, lot of work done, than you.

When using only certs files, provided by others services/certs authority/selfgen, it can be great to disable certificatesResolvers into manager.

The next point i see, is the domain/subdomain in route editor, for existing files, generaly rules are defined with the full fqdn ; can the domain list be dynamically generated while reading the current configs files/dynamics configs ?

Have a good day.

Originally created by @dginhoux on GitHub (May 1, 2026). Original GitHub issue: https://github.com/chr0nzz/traefik-manager/issues/30 Originally assigned to: @chr0nzz on GitHub. Hi, I'm discovering this new tools for traefik. Good idea, lot of work done, than you. When using only certs files, provided by others services/certs authority/selfgen, it can be great to disable certificatesResolvers into manager. The next point i see, is the domain/subdomain in route editor, for existing files, generaly rules are defined with the full fqdn ; can the domain list be dynamically generated while reading the current configs files/dynamics configs ? Have a good day.
BreizhHardware 2026-05-06 12:22:49 +02:00
BreizhHardware commented 2026-05-06 12:22:49 +02:00
Author
Owner
Copy link

@chr0nzz commented on GitHub (May 1, 2026):

Thanks for the feedback and the kind words!

Both points you raised have been addressed and will be included in v1.0.0-beta4:

1. Cert resolver "none" support
You can now set the Certificate Resolver to none in Settings → Connection (or leave it as none in the CERT_RESOLVER env var) to indicate you're managing certificates externally. When a route is added or edited with TLS enabled and no resolver, TM writes tls: {} without a certResolver key, exactly what Traefik expects when using cert files, a custom CA, or tls.yml. The route form also always shows the cert resolver dropdown with a "None (external / custom cert)" option regardless of whether resolvers are configured.

2. Dynamic domain suggestions from existing configs
This is tracked and will be picked up in a follow-up release. The plan is to scan existing dynamic config files and surface domains already in use as additional suggestions in the route form, merging them with the domains configured in Connection settings.

Beta 4 is coming soon. Feel free to test it when it drops using the :beta tag or the beta installer:

curl -fsSL https://get-traefik.xyzlab.dev/beta | bash
<!-- gh-comment-id:4360860187 --> @chr0nzz commented on GitHub (May 1, 2026): Thanks for the feedback and the kind words! Both points you raised have been addressed and will be included in v1.0.0-beta4: **1. Cert resolver "none" support** You can now set the Certificate Resolver to `none` in Settings → Connection (or leave it as `none` in the `CERT_RESOLVER` env var) to indicate you're managing certificates externally. When a route is added or edited with TLS enabled and no resolver, TM writes `tls: {}` without a `certResolver` key, exactly what Traefik expects when using cert files, a custom CA, or `tls.yml`. The route form also always shows the cert resolver dropdown with a "None (external / custom cert)" option regardless of whether resolvers are configured. **2. Dynamic domain suggestions from existing configs** This is tracked and will be picked up in a follow-up release. The plan is to scan existing dynamic config files and surface domains already in use as additional suggestions in the route form, merging them with the domains configured in Connection settings. Beta 4 is coming soon. Feel free to test it when it drops using the `:beta` tag or the beta installer: ```bash curl -fsSL https://get-traefik.xyzlab.dev/beta | bash
BreizhHardware commented 2026-05-06 12:22:49 +02:00
Author
Owner
Copy link

@dginhoux commented on GitHub (May 1, 2026):

Hi,

I've discover the "none" value while reading your work (src code).

Using envvar, changing (in my case CERT_RESOLVER and DOMAINS), redeploying the stack don't update the manager.yml conf file (in /app/config docker volume).
So stopped use envvars and switched to manager.yml only. With my domains list populated and certresolver at none, it's awesome.

At this time, my comments/suggestions are :

  • COOKIE_SECURE, not in manager.yml (or i'm blind ?)
  • CONFIG_DIR: not in manager.yml for static config (not traefik.yml)
  • when using a volume for manager.yml, updating envvars don't update it
  • CERTS FILES paths seem read from tls: {} and without theses files mounted at the same location, they're not displayed in manager UI, maybe add a "CERTS_PATHS" or a note in docc about the need to mount at the same location ?
  • support for logs in json format ?
  • with logs, maybe you can per routes add logs entries, create stats about time, http code, etc... client ip, client location...

Your work and this crazy UI must be used to replace the too simply official UI...

<!-- gh-comment-id:4361226142 --> @dginhoux commented on GitHub (May 1, 2026): Hi, I've discover the "none" value while reading your work (src code). Using envvar, changing (in my case CERT_RESOLVER and DOMAINS), redeploying the stack don't update the manager.yml conf file (in /app/config docker volume). So stopped use envvars and switched to manager.yml only. With my domains list populated and certresolver at none, it's awesome. At this time, my comments/suggestions are : - COOKIE_SECURE, not in manager.yml (or i'm blind ?) - CONFIG_DIR: not in manager.yml for static config (not traefik.yml) - when using a volume for manager.yml, updating envvars don't update it - CERTS FILES paths seem read from tls: {} and without theses files mounted at the same location, they're not displayed in manager UI, maybe add a "CERTS_PATHS" or a note in docc about the need to mount at the same location ? - support for logs in json format ? - with logs, maybe you can per routes add logs entries, create stats about time, http code, etc... client ip, client location... Your work and this crazy UI must be used to replace the too simply official UI...
BreizhHardware commented 2026-05-06 12:22:50 +02:00
Author
Owner
Copy link

@dginhoux commented on GitHub (May 1, 2026):

Just deployed in http only instance ; will deploy on tcp/udp instance soon

<!-- gh-comment-id:4361234904 --> @dginhoux commented on GitHub (May 1, 2026): Just deployed in http only instance ; will deploy on tcp/udp instance soon
BreizhHardware commented 2026-05-06 12:22:50 +02:00
Author
Owner
Copy link

@chr0nzz commented on GitHub (May 1, 2026):

Great feedback, thank you.

A few clarifications and docs updates to address your points:

Env vars vs manager.yml
Override variables (DOMAINS, CERT_RESOLVER, TRAEFIK_API_URL, etc.) always take priority over manager.yml on every restart, so changing them will take effect. The confusion is understandable since the UI settings write to manager.yml but env vars silently win over them. The docs have been updated to make this clearer. If you prefer managing settings through the UI, remove the env var and the value in manager.yml will be used instead.

COOKIE_SECURE and CONFIG_DIR
Both are env-only and intentionally not stored in manager.yml since they control how the app starts up rather than runtime settings. This is now documented explicitly.

Cert files not shown in Certs tab
This is expected behavior. The certFile paths in your tls.yml point to files inside the Traefik container. For TM to read and display those certificates, the same files need to be mounted into the TM container at the same path. The Certs tab docs have been updated with a warning and a compose example for this.

JSON logs and per-route stats
Both are noted and tracked for a future release.

The doc updates will be live shortly. Thanks again for taking the time to test and report.

<!-- gh-comment-id:4361686801 --> @chr0nzz commented on GitHub (May 1, 2026): Great feedback, thank you. A few clarifications and docs updates to address your points: **Env vars vs manager.yml** Override variables (DOMAINS, CERT_RESOLVER, TRAEFIK_API_URL, etc.) always take priority over manager.yml on every restart, so changing them will take effect. The confusion is understandable since the UI settings write to manager.yml but env vars silently win over them. The docs have been updated to make this clearer. If you prefer managing settings through the UI, remove the env var and the value in manager.yml will be used instead. **COOKIE_SECURE and CONFIG_DIR** Both are env-only and intentionally not stored in manager.yml since they control how the app starts up rather than runtime settings. This is now documented explicitly. **Cert files not shown in Certs tab** This is expected behavior. The certFile paths in your tls.yml point to files inside the Traefik container. For TM to read and display those certificates, the same files need to be mounted into the TM container at the same path. The Certs tab docs have been updated with a warning and a compose example for this. **JSON logs and per-route stats** Both are noted and tracked for a future release. The doc updates will be live shortly. Thanks again for taking the time to test and report.
BreizhHardware commented 2026-05-06 12:22:50 +02:00
Author
Owner
Copy link

@chr0nzz commented on GitHub (May 2, 2026):

beta4 is out

<!-- gh-comment-id:4362888986 --> @chr0nzz commented on GitHub (May 2, 2026): beta4 is out
BreizhHardware commented 2026-05-06 12:22:51 +02:00
Author
Owner
Copy link

@dginhoux commented on GitHub (May 2, 2026):

Hi,

Just upgraded 1 http instances to beta4 : work fine, need to be tested.
I'm working for deploy the manager on my tcp/udp instances.

I really happy to help you to enhance your work. For me traefik lab should look here.

Have a good day.

<!-- gh-comment-id:4364557941 --> @dginhoux commented on GitHub (May 2, 2026): Hi, Just upgraded 1 http instances to beta4 : work fine, need to be tested. I'm working for deploy the manager on my tcp/udp instances. I really happy to help you to enhance your work. For me traefik lab should look here. Have a good day.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v1.0.0-beta4
v1.0.0-beta3.2
v1.0.0-beta3.1
v1.0.0-beta3
v1.0.0-beta2
v1.0.0-beta1.2
v1.0.0-beta1.1
v1.0.0-beta1
v0.12.1
v0.12.0
v0.11.0
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.0
v0.8.0
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
bug

   
bug

   
bug

   
feature request

   
pull-request
Mirrored from GitHub Pull Request

  
question
No labels
bug
bug
bug
feature request
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/traefik-manager#29
No description provided.