Merge pull request #2613 from m-elewa/develop

Update Traefik image to v2.2

DOCUMENTATION/content/documentation/index.md

@@ -1425,30 +1425,13 @@ GRAYLOG_SHA256_PASSWORD=b1cb6e31e172577918c9e7806c572b5ed8477d3f57aa737bee4b5b1d
 <a name="Use-Traefik"></a>
 ## Use Traefik
 
-To use Traefik you need to do some changes in `traefik/trafik.toml` and `docker-compose.yml`.
+To use Traefik you need to do some changes in `.env` and `docker-compose.yml`.
 
-1 - Open `traefik.toml` and change the `e-mail` property in `acme` section.
+1 - Open `.env` and change `ACME_DOMAIN` to your domain and `ACME_EMAIL` to your email.
 
-2 - Change your domain in `acme.domains`. For example: `main = "example.org"`
+2 - You need to change the `docker-compose.yml` file to match the Traefik needs. If you want to use Traefik, you must not expose the ports of each container to the internet, but specify some labels.
 
-2.1 - If you have subdomains, you must add them to `sans` property in `acme.domains` section.
-
-```bash
-[[acme.domais]]
-  main = "example.org"
-  sans = ["monitor.example.org", "pma.example.org"]
-```
-
-3 - If you need to add basic authentication (https://docs.traefik.io/configuration/entrypoints/#basic-authentication), you just need to add the following text after `[entryPoints.https.tls]`:
-
-```bash
-[entryPoints.https.auth.basic]
-  users = ["user:password"]
-```
-
-4 - You need to change the `docker-compose.yml` file to match the Traefik needs. If you want to use Traefik, you must not expose the ports of each container to the internet, but specify some labels.
-
-4.1 For example, let's try with NGINX. You must have:
+2.1 For example, let's try with NGINX. You must have:
 
 ```bash
 nginx:
@@ -1468,9 +1451,25 @@ nginx:
     - frontend
     - backend
   labels:
-    - traefik.backend=nginx
-    - traefik.frontend.rule=Host:example.org
-    - traefik.port=80
+    - "traefik.enable=true"
+    - "traefik.http.services.nginx.loadbalancer.server.port=80"
+    # https router
+    - "traefik.http.routers.https.rule=Host(`${ACME_DOMAIN}`, `www.${ACME_DOMAIN}`)"
+    - "traefik.http.routers.https.entrypoints=https"
+    - "traefik.http.routers.https.middlewares=www-redirectregex"
+    - "traefik.http.routers.https.service=nginx"
+    - "traefik.http.routers.https.tls.certresolver=letsencrypt"
+    # http router
+    - "traefik.http.routers.http.rule=Host(`${ACME_DOMAIN}`, `www.${ACME_DOMAIN}`)"
+    - "traefik.http.routers.http.entrypoints=http"
+    - "traefik.http.routers.http.middlewares=http-redirectscheme"
+    - "traefik.http.routers.http.service=nginx"
+    # middlewares
+    - "traefik.http.middlewares.www-redirectregex.redirectregex.permanent=true"
+    - "traefik.http.middlewares.www-redirectregex.redirectregex.regex=^https://www.(.*)"
+    - "traefik.http.middlewares.www-redirectregex.redirectregex.replacement=https://$$1"
+    - "traefik.http.middlewares.http-redirectscheme.redirectscheme.permanent=true"
+    - "traefik.http.middlewares.http-redirectscheme.redirectscheme.scheme=https"
 ```
 
 instead of

docker-compose.yml

@@ -1618,19 +1618,38 @@ services:
     traefik:
       build:
         context: ./traefik
-      command: --docker
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock
+        - ./traefik/data:/data
+      command:
+        - "--api"
+        - "--providers.docker.exposedbydefault=false"
+        - "--accesslog.filepath=/data/access.log"
+        # entrypoints
+        - "--entrypoints.http.address=:${TRAEFIK_HOST_HTTP_PORT}"
+        - "--entrypoints.http.http.redirections.entrypoint.to=https"
+        - "--entrypoints.https.address=:${TRAEFIK_HOST_HTTPS_PORT}"
+        - "--entrypoints.traefik.address=:${TRAEFIK_DASHBOARD_PORT}"
+        # certificatesresolvers
+        - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
+        - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
+        - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http"
       ports:
-        - "${TRAEFIK_HOST_HTTP_PORT}:80"
-        - "${TRAEFIK_HOST_HTTPS_PORT}:443"
+        - "${TRAEFIK_HOST_HTTP_PORT}:${TRAEFIK_HOST_HTTP_PORT}"
+        - "${TRAEFIK_HOST_HTTPS_PORT}:${TRAEFIK_HOST_HTTPS_PORT}"
+        - "${TRAEFIK_DASHBOARD_PORT}:${TRAEFIK_DASHBOARD_PORT}"
       networks:
         - frontend
         - backend
       labels:
-        - traefik.backend=traefik
-        - traefik.frontend.rule=Host:monitor.localhost
-        - traefik.port=8080
+        - "traefik.enable=true"
+        - "traefik.http.routers.traefik.rule=Host(`${ACME_DOMAIN}`)"
+        - "traefik.http.routers.traefik.entrypoints=traefik"
+        - "traefik.http.routers.traefik.service=api@internal"
+        - "traefik.http.routers.traefik.middlewares=access-auth"
+        - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
+        - "traefik.http.middlewares.access-auth.basicauth.realm=Login Required"
+        - "traefik.http.middlewares.access-auth.basicauth.users=${TRAEFIK_DASHBOARD_USER}"
 
 ### MOSQUITTO Broker #########################################
     mosquitto:

env-example

@@ -762,6 +762,11 @@ MAILU_WEBDAV=radicale
 
 TRAEFIK_HOST_HTTP_PORT=80
 TRAEFIK_HOST_HTTPS_PORT=443
+TRAEFIK_DASHBOARD_PORT=8888
+# basic authentication for traefik dashboard username: admin password:admin
+TRAEFIK_DASHBOARD_USER=admin:$2y$10$lXaL3lj6raFic6rFqr2.lOBoCudAIhB6zyoqObNg290UFppiUzTTi
+ACME_DOMAIN=example.org
+ACME_EMAIL=email@example.org
 
 
 ### MOSQUITTO #################################################

traefik/Dockerfile

@@ -1,7 +1,11 @@
-FROM traefik:1.7.5-alpine
+FROM traefik:v2.2
 
 LABEL maintainer="Luis Coutinho <luis@luiscoutinho.pt>"
 
-COPY traefik.toml acme.json /
+WORKDIR /data
 
-RUN chmod 600 /acme.json
+RUN touch acme.json
+
+RUN chmod 600 acme.json
+
+VOLUME /data

traefik/data/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

traefik/traefik.toml

@@ -1,23 +0,0 @@
-defaultEntryPoints = ["http", "https"]
-
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-      entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-
-[web]
-address = ":8080"
-[acme]
-email = "email@example.org"
-storage = "acme.json"
-entryPoint = "https"
-onHostRule = true
-  [acme.httpChallenge]
-    entryPoint = "http"
-
-[[acme.domais]]
-  main = "localhost"