From 90ba6df3add1883f9c62cfd0a4d79cf079460c18 Mon Sep 17 00:00:00 2001 From: Mahmoud Elewa Date: Sun, 31 May 2020 07:07:05 +0000 Subject: [PATCH] update traefik to v2.2 --- docker-compose.yml | 31 +++++++++++++++++++++++++------ env-example | 5 +++++ traefik/Dockerfile | 10 +++++++--- traefik/acme.json | 0 traefik/data/.gitignore | 2 ++ traefik/traefik.toml | 23 ----------------------- 6 files changed, 39 insertions(+), 32 deletions(-) delete mode 100644 traefik/acme.json create mode 100644 traefik/data/.gitignore delete mode 100644 traefik/traefik.toml diff --git a/docker-compose.yml b/docker-compose.yml index a5820223..1c9e8ef1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1616,19 +1616,38 @@ services: traefik: build: context: ./traefik - command: --docker volumes: - /var/run/docker.sock:/var/run/docker.sock + - ./traefik/data:/data + command: + - "--api" + - "--providers.docker.exposedbydefault=false" + - "--accesslog.filepath=/data/access.log" + # entrypoints + - "--entrypoints.http.address=:${NGINX_HOST_HTTP_PORT}" + - "--entrypoints.http.http.redirections.entrypoint.to=https" + - "--entrypoints.https.address=:${NGINX_HOST_HTTPS_PORT}" + - "--entrypoints.traefik.address=:${TRAEFIK_DASHBOARD_PORT}" + # certificatesresolvers + - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}" + - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json" + - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http" ports: - - "${TRAEFIK_HOST_HTTP_PORT}:80" - - "${TRAEFIK_HOST_HTTPS_PORT}:443" + - "${NGINX_HOST_HTTP_PORT}:${TRAEFIK_HOST_HTTP_PORT}" + - "${NGINX_HOST_HTTPS_PORT}:${TRAEFIK_HOST_HTTPS_PORT}" + - "${TRAEFIK_DASHBOARD_PORT}:${TRAEFIK_DASHBOARD_PORT}" networks: - frontend - backend labels: - - traefik.backend=traefik - - traefik.frontend.rule=Host:monitor.localhost - - traefik.port=8080 + - "traefik.enable=true" + - "traefik.http.routers.traefik.rule=Host(`${ACME_DOMAIN}`)" + - "traefik.http.routers.traefik.entrypoints=traefik" + - "traefik.http.routers.traefik.service=api@internal" + - "traefik.http.routers.traefik.middlewares=access-auth" + - "traefik.http.routers.traefik.tls.certresolver=letsencrypt" + - "traefik.http.middlewares.access-auth.basicauth.realm=Login Required" + - "traefik.http.middlewares.access-auth.basicauth.users=${TRAEFIK_DASHBOARD_USER}" ### MOSQUITTO Broker ######################################### mosquitto: diff --git a/env-example b/env-example index c642a4a2..f17cbc81 100644 --- a/env-example +++ b/env-example @@ -762,6 +762,11 @@ MAILU_WEBDAV=radicale TRAEFIK_HOST_HTTP_PORT=80 TRAEFIK_HOST_HTTPS_PORT=443 +TRAEFIK_DASHBOARD_PORT=8888 +# basic authentication for traefik dashboard username: admin password:admin +TRAEFIK_DASHBOARD_USER=admin:$2y$10$lXaL3lj6raFic6rFqr2.lOBoCudAIhB6zyoqObNg290UFppiUzTTi +ACME_DOMAIN=example.org +ACME_EMAIL=email@example.org ### MOSQUITTO ################################################# diff --git a/traefik/Dockerfile b/traefik/Dockerfile index 73825fd4..fa4e1764 100644 --- a/traefik/Dockerfile +++ b/traefik/Dockerfile @@ -1,7 +1,11 @@ -FROM traefik:1.7.5-alpine +FROM traefik:v2.2 LABEL maintainer="Luis Coutinho " -COPY traefik.toml acme.json / +WORKDIR /data -RUN chmod 600 /acme.json +RUN touch acme.json + +RUN chmod 600 acme.json + +VOLUME /data \ No newline at end of file diff --git a/traefik/acme.json b/traefik/acme.json deleted file mode 100644 index e69de29b..00000000 diff --git a/traefik/data/.gitignore b/traefik/data/.gitignore new file mode 100644 index 00000000..c96a04f0 --- /dev/null +++ b/traefik/data/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore \ No newline at end of file diff --git a/traefik/traefik.toml b/traefik/traefik.toml deleted file mode 100644 index 5875b94c..00000000 --- a/traefik/traefik.toml +++ /dev/null @@ -1,23 +0,0 @@ -defaultEntryPoints = ["http", "https"] - -[entryPoints] - [entryPoints.http] - address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" - [entryPoints.https] - address = ":443" - [entryPoints.https.tls] - -[web] -address = ":8080" -[acme] -email = "email@example.org" -storage = "acme.json" -entryPoint = "https" -onHostRule = true - [acme.httpChallenge] - entryPoint = "http" - -[[acme.domais]] - main = "localhost"