update traefik to v2.2

docker-compose.yml

@@ -1616,19 +1616,38 @@ services:
     traefik:
       build:
         context: ./traefik
-      command: --docker
       volumes:
         - /var/run/docker.sock:/var/run/docker.sock
+        - ./traefik/data:/data
+      command:
+        - "--api"
+        - "--providers.docker.exposedbydefault=false"
+        - "--accesslog.filepath=/data/access.log"
+        # entrypoints
+        - "--entrypoints.http.address=:${NGINX_HOST_HTTP_PORT}"
+        - "--entrypoints.http.http.redirections.entrypoint.to=https"
+        - "--entrypoints.https.address=:${NGINX_HOST_HTTPS_PORT}"
+        - "--entrypoints.traefik.address=:${TRAEFIK_DASHBOARD_PORT}"
+        # certificatesresolvers
+        - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
+        - "--certificatesresolvers.letsencrypt.acme.storage=/data/acme.json"
+        - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http"
       ports:
-        - "${TRAEFIK_HOST_HTTP_PORT}:80"
-        - "${TRAEFIK_HOST_HTTPS_PORT}:443"
+        - "${NGINX_HOST_HTTP_PORT}:${TRAEFIK_HOST_HTTP_PORT}"
+        - "${NGINX_HOST_HTTPS_PORT}:${TRAEFIK_HOST_HTTPS_PORT}"
+        - "${TRAEFIK_DASHBOARD_PORT}:${TRAEFIK_DASHBOARD_PORT}"
       networks:
         - frontend
         - backend
       labels:
-        - traefik.backend=traefik
-        - traefik.frontend.rule=Host:monitor.localhost
-        - traefik.port=8080
+        - "traefik.enable=true"
+        - "traefik.http.routers.traefik.rule=Host(`${ACME_DOMAIN}`)"
+        - "traefik.http.routers.traefik.entrypoints=traefik"
+        - "traefik.http.routers.traefik.service=api@internal"
+        - "traefik.http.routers.traefik.middlewares=access-auth"
+        - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
+        - "traefik.http.middlewares.access-auth.basicauth.realm=Login Required"
+        - "traefik.http.middlewares.access-auth.basicauth.users=${TRAEFIK_DASHBOARD_USER}"
 
 ### MOSQUITTO Broker #########################################
     mosquitto:

env-example

@@ -762,6 +762,11 @@ MAILU_WEBDAV=radicale
 
 TRAEFIK_HOST_HTTP_PORT=80
 TRAEFIK_HOST_HTTPS_PORT=443
+TRAEFIK_DASHBOARD_PORT=8888
+# basic authentication for traefik dashboard username: admin password:admin
+TRAEFIK_DASHBOARD_USER=admin:$2y$10$lXaL3lj6raFic6rFqr2.lOBoCudAIhB6zyoqObNg290UFppiUzTTi
+ACME_DOMAIN=example.org
+ACME_EMAIL=email@example.org
 
 
 ### MOSQUITTO #################################################

traefik/Dockerfile

@@ -1,7 +1,11 @@
-FROM traefik:1.7.5-alpine
+FROM traefik:v2.2
 
 LABEL maintainer="Luis Coutinho <luis@luiscoutinho.pt>"
 
-COPY traefik.toml acme.json /
+WORKDIR /data
 
-RUN chmod 600 /acme.json
+RUN touch acme.json
+
+RUN chmod 600 acme.json
+
+VOLUME /data

traefik/data/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

traefik/traefik.toml

@@ -1,23 +0,0 @@
-defaultEntryPoints = ["http", "https"]
-
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-      entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-
-[web]
-address = ":8080"
-[acme]
-email = "email@example.org"
-storage = "acme.json"
-entryPoint = "https"
-onHostRule = true
-  [acme.httpChallenge]
-    entryPoint = "http"
-
-[[acme.domais]]
-  main = "localhost"