From 90ba6df3add1883f9c62cfd0a4d79cf079460c18 Mon Sep 17 00:00:00 2001
From: Mahmoud Elewa <m.2020.elewa@gmail.com>
Date: Sun, 31 May 2020 07:07:05 +0000
Subject: [PATCH 1/3] update traefik to v2.2

---
 docker-compose.yml      | 31 +++++++++++++++++++++++++------
 env-example             |  5 +++++
 traefik/Dockerfile      | 10 +++++++---
 traefik/acme.json       |  0
 traefik/data/.gitignore |  2 ++
 traefik/traefik.toml    | 23 -----------------------
 6 files changed, 39 insertions(+), 32 deletions(-)
 delete mode 100644 traefik/acme.json
 create mode 100644 traefik/data/.gitignore
 delete mode 100644 traefik/traefik.toml

diff --git a/docker-compose.yml b/docker-compose.yml
index a5820223..1c9e8ef1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1616,19 +1616,38 @@ services:
     traefik:
       build:
         context: ./traefik
-      command: --docker
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock
+        - ./traefik/data:/data
+      command:
+        - "--api"
+        - "--providers.docker.exposedbydefault=false"
+        - "--accesslog.filepath=/data/access.log"
+        # entrypoints
+        - "--entrypoints.http.address=:${NGINX_HOST_HTTP_PORT}"
+        - "--entrypoints.http.http.redirections.entrypoint.to=https"
+        - "--entrypoints.https.address=:${NGINX_HOST_HTTPS_PORT}"
+        - "--entrypoints.traefik.address=:${TRAEFIK_DASHBOARD_PORT}"
+        # certificatesresolvers
+        - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
+        - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
+        - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http"
       ports:
-        - "${TRAEFIK_HOST_HTTP_PORT}:80"
-        - "${TRAEFIK_HOST_HTTPS_PORT}:443"
+        - "${NGINX_HOST_HTTP_PORT}:${TRAEFIK_HOST_HTTP_PORT}"
+        - "${NGINX_HOST_HTTPS_PORT}:${TRAEFIK_HOST_HTTPS_PORT}"
+        - "${TRAEFIK_DASHBOARD_PORT}:${TRAEFIK_DASHBOARD_PORT}"
       networks:
         - frontend
         - backend
       labels:
-        - traefik.backend=traefik
-        - traefik.frontend.rule=Host:monitor.localhost
-        - traefik.port=8080
+        - "traefik.enable=true"
+        - "traefik.http.routers.traefik.rule=Host(`${ACME_DOMAIN}`)"
+        - "traefik.http.routers.traefik.entrypoints=traefik"
+        - "traefik.http.routers.traefik.service=api@internal"
+        - "traefik.http.routers.traefik.middlewares=access-auth"
+        - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
+        - "traefik.http.middlewares.access-auth.basicauth.realm=Login Required"
+        - "traefik.http.middlewares.access-auth.basicauth.users=${TRAEFIK_DASHBOARD_USER}"
 
 ### MOSQUITTO Broker #########################################
     mosquitto:
diff --git a/env-example b/env-example
index c642a4a2..f17cbc81 100644
--- a/env-example
+++ b/env-example
@@ -762,6 +762,11 @@ MAILU_WEBDAV=radicale
 
 TRAEFIK_HOST_HTTP_PORT=80
 TRAEFIK_HOST_HTTPS_PORT=443
+TRAEFIK_DASHBOARD_PORT=8888
+# basic authentication for traefik dashboard username: admin password:admin
+TRAEFIK_DASHBOARD_USER=admin:$2y$10$lXaL3lj6raFic6rFqr2.lOBoCudAIhB6zyoqObNg290UFppiUzTTi
+ACME_DOMAIN=example.org
+ACME_EMAIL=email@example.org
 
 
 ### MOSQUITTO #################################################
diff --git a/traefik/Dockerfile b/traefik/Dockerfile
index 73825fd4..fa4e1764 100644
--- a/traefik/Dockerfile
+++ b/traefik/Dockerfile
@@ -1,7 +1,11 @@
-FROM traefik:1.7.5-alpine
+FROM traefik:v2.2
 
 LABEL maintainer="Luis Coutinho <luis@luiscoutinho.pt>"
 
-COPY traefik.toml acme.json /
+WORKDIR /data
 
-RUN chmod 600 /acme.json
+RUN touch acme.json
+
+RUN chmod 600 acme.json
+
+VOLUME /data
\ No newline at end of file
diff --git a/traefik/acme.json b/traefik/acme.json
deleted file mode 100644
index e69de29b..00000000
diff --git a/traefik/data/.gitignore b/traefik/data/.gitignore
new file mode 100644
index 00000000..c96a04f0
--- /dev/null
+++ b/traefik/data/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
\ No newline at end of file
diff --git a/traefik/traefik.toml b/traefik/traefik.toml
deleted file mode 100644
index 5875b94c..00000000
--- a/traefik/traefik.toml
+++ /dev/null
@@ -1,23 +0,0 @@
-defaultEntryPoints = ["http", "https"]
-
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-      entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-
-[web]
-address = ":8080"
-[acme]
-email = "email@example.org"
-storage = "acme.json"
-entryPoint = "https"
-onHostRule = true
-  [acme.httpChallenge]
-    entryPoint = "http"
-
-[[acme.domais]]
-  main = "localhost"

From 227591cfb5f3e1f54221ef04d7d0d4fd1a54b99a Mon Sep 17 00:00:00 2001
From: Mahmoud Elewa <m.2020.elewa@gmail.com>
Date: Sun, 31 May 2020 07:13:13 +0000
Subject: [PATCH 2/3] update documentation for Traefik v2.2

---
 DOCUMENTATION/content/documentation/index.md | 47 ++++++++++----------
 1 file changed, 23 insertions(+), 24 deletions(-)

diff --git a/DOCUMENTATION/content/documentation/index.md b/DOCUMENTATION/content/documentation/index.md
index 808208d0..25406019 100644
--- a/DOCUMENTATION/content/documentation/index.md
+++ b/DOCUMENTATION/content/documentation/index.md
@@ -1425,30 +1425,13 @@ GRAYLOG_SHA256_PASSWORD=b1cb6e31e172577918c9e7806c572b5ed8477d3f57aa737bee4b5b1d
 <a name="Use-Traefik"></a>
 ## Use Traefik
 
-To use Traefik you need to do some changes in `traefik/trafik.toml` and `docker-compose.yml`.
+To use Traefik you need to do some changes in `.env` and `docker-compose.yml`.
 
-1 - Open `traefik.toml` and change the `e-mail` property in `acme` section.
+1 - Open `.env` and change `ACME_DOMAIN` to your domain and `ACME_EMAIL` to your email.
 
-2 - Change your domain in `acme.domains`. For example: `main = "example.org"`
+2 - You need to change the `docker-compose.yml` file to match the Traefik needs. If you want to use Traefik, you must not expose the ports of each container to the internet, but specify some labels.
 
-2.1 - If you have subdomains, you must add them to `sans` property in `acme.domains` section.
-
-```bash
-[[acme.domais]]
-  main = "example.org"
-  sans = ["monitor.example.org", "pma.example.org"]
-```
-
-3 - If you need to add basic authentication (https://docs.traefik.io/configuration/entrypoints/#basic-authentication), you just need to add the following text after `[entryPoints.https.tls]`:
-
-```bash
-[entryPoints.https.auth.basic]
-  users = ["user:password"]
-```
-
-4 - You need to change the `docker-compose.yml` file to match the Traefik needs. If you want to use Traefik, you must not expose the ports of each container to the internet, but specify some labels.
-
-4.1 For example, let's try with NGINX. You must have:
+2.1 For example, let's try with NGINX. You must have:
 
 ```bash
 nginx:
@@ -1468,9 +1451,25 @@ nginx:
     - frontend
     - backend
   labels:
-    - traefik.backend=nginx
-    - traefik.frontend.rule=Host:example.org
-    - traefik.port=80
+    - "traefik.enable=true"
+    - "traefik.http.services.nginx.loadbalancer.server.port=80"
+    # https router
+    - "traefik.http.routers.https.rule=Host(`${ACME_DOMAIN}`, `www.${ACME_DOMAIN}`)"
+    - "traefik.http.routers.https.entrypoints=https"
+    - "traefik.http.routers.https.middlewares=www-redirectregex"
+    - "traefik.http.routers.https.service=nginx"
+    - "traefik.http.routers.https.tls.certresolver=letsencrypt"
+    # http router
+    - "traefik.http.routers.http.rule=Host(`${ACME_DOMAIN}`, `www.${ACME_DOMAIN}`)"
+    - "traefik.http.routers.http.entrypoints=http"
+    - "traefik.http.routers.http.middlewares=http-redirectscheme"
+    - "traefik.http.routers.http.service=nginx"
+    # middlewares
+    - "traefik.http.middlewares.www-redirectregex.redirectregex.permanent=true"
+    - "traefik.http.middlewares.www-redirectregex.redirectregex.regex=^https://www.(.*)"
+    - "traefik.http.middlewares.www-redirectregex.redirectregex.replacement=https://$$1"
+    - "traefik.http.middlewares.http-redirectscheme.redirectscheme.permanent=true"
+    - "traefik.http.middlewares.http-redirectscheme.redirectscheme.scheme=https"
 ```
 
 instead of

From b5419c352db15924fca41b8424f96d8f1cd8ce19 Mon Sep 17 00:00:00 2001
From: Mahmoud Elewa <m.2020.elewa@gmail.com>
Date: Sun, 31 May 2020 07:43:41 +0000
Subject: [PATCH 3/3] change port variables from nginx to trafik

---
 docker-compose.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 1c9e8ef1..e482ca8a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1624,17 +1624,17 @@ services:
         - "--providers.docker.exposedbydefault=false"
         - "--accesslog.filepath=/data/access.log"
         # entrypoints
-        - "--entrypoints.http.address=:${NGINX_HOST_HTTP_PORT}"
+        - "--entrypoints.http.address=:${TRAEFIK_HOST_HTTP_PORT}"
         - "--entrypoints.http.http.redirections.entrypoint.to=https"
-        - "--entrypoints.https.address=:${NGINX_HOST_HTTPS_PORT}"
+        - "--entrypoints.https.address=:${TRAEFIK_HOST_HTTPS_PORT}"
         - "--entrypoints.traefik.address=:${TRAEFIK_DASHBOARD_PORT}"
         # certificatesresolvers
         - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
         - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
         - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http"
       ports:
-        - "${NGINX_HOST_HTTP_PORT}:${TRAEFIK_HOST_HTTP_PORT}"
-        - "${NGINX_HOST_HTTPS_PORT}:${TRAEFIK_HOST_HTTPS_PORT}"
+        - "${TRAEFIK_HOST_HTTP_PORT}:${TRAEFIK_HOST_HTTP_PORT}"
+        - "${TRAEFIK_HOST_HTTPS_PORT}:${TRAEFIK_HOST_HTTPS_PORT}"
         - "${TRAEFIK_DASHBOARD_PORT}:${TRAEFIK_DASHBOARD_PORT}"
       networks:
         - frontend