Version bump to 2.1

config/traefik.toml

@@ -1,107 +1,43 @@
-# accept invalid SSL certs for backends
+[global]
-InsecureSkipVerify = true
+  checkNewVersion = false
-
+  sendAnonymousUsage = false
-defaultEntryPoints = ["http", "https"]
-
-[acme]
-email = "hostmaster@zom.bi"
-storage = "cert/acme.json"
-entryPoint = "https"
-onDemand = false
-#OnHostRule = true
-OnHostRule = false
-
-
-  [acme.httpChallenge]
-  entryPoint = "http"
 
 [entryPoints]
-  [entryPoints.http]
+  [entryPoints.web]
     address = ":80"
-      [entryPoints.http.redirect]
+
-        entryPoint = "https"
+  [entryPoints.websecure]
-  [entryPoints.https]
     address = ":443"
-      [entryPoints.https.tls]
+
-        # first certificate is default, serve nonsense to
+[log]
-        # mitigate TLS probing
+  level = "DEBUG"
-        [[entryPoints.https.tls.certificates]]
+
+[accessLog]
+  format = "common"
+  filePath = "/dev/null"
+
+[api]
+  dashboard = true
+
+[ping]
+
+[providers.docker]
+  network = "proxy_web"
+  exposedByDefault = false
+  defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
+
+[certificatesResolvers.default.acme]
+  email = "hostmaster@zom.bi"
+  storage = "/cert/acme.json"
+  [certificatesResolvers.default.acme.httpChallenge]
+    entryPoint = "web"
+
+[[tls.certificates]]
   certFile = "cert/snakeoil.pem"
   keyFile = "cert/snakeoil.key"
-        [[entryPoints.https.tls.certificates]]
+[[tls.certificates]]
   certFile = "cert/bitmask.me.origin.pem"
   keyFile = "cert/bitmask.me.origin.key"
-        [[entryPoints.https.tls.certificates]]
+[[tls.certificates]]
   certFile = "cert/grun.host.origin.pem"
   keyFile = "cert/grun.host.origin.key"
-
-[web]
-address = ":8080"
-
-[docker]
-endpoint = "unix:///var/run/docker.sock"
-domain = "docker.localhost"
-watch = true
-exposedbydefault = false
-
-# new domains and subdomains can be configured here.
-# note that domains and subdomains not defined in this file will still work,
-# when defined in a container Host-Rule. However, they will generate
-# their own ACME request, and will count towards LetsEncrypt's rate limit.
-[[acme.domains]]
-  main = "zom.bi"
-  sans = [
-    "conference.zom.bi",
-    "mumble.zom.bi",
-    "mx.zom.bi",
-    "user.zom.bi",
-    "xmpp.zom.bi",
-    "irc.zom.bi",
-
-    # web vhosts:
-    "api.zom.bi",
-    "autoconfig.zom.bi",
-    "blog.zom.bi",
-    "cloud.zom.bi",
-    "docker.zom.bi",
-    "download.zom.bi",
-    "gdpr.zom.bi",
-    "git.zom.bi",
-    "kanban.zom.bi",
-    "mail.zom.bi",
-    "music.zom.bi",
-    "org.zom.bi",
-    "ovpn.zom.bi",
-    "pad.zom.bi",
-    "push.zom.bi",
-    "static.zom.bi",
-    "stream.zom.bi",
-    "tube.zom.bi",
-    "upload.zom.bi",
-    "wiki.zom.bi",
-    "www.zom.bi",
-
-    # test subdomain
-    "test.zom.bi",
-  ]
-
-[[acme.domains]]
-  main = "suprememachines.de"
-  sans = [
-    "www.suprememachines.de",
-    "git.suprememachines.de",
-    "pad.suprememachines.de",
-  ]
-
-[[acme.domains]]
-  main = "aloneonline.net"
-  sans = ["www.aloneonline.net"]
-
-[[acme.domains]]
-  main = "graphs.xhain.space"
-
-# You can define multiple of these blocks, each of which will result in one
-# certificate.
-#[[acme.domains]]
-#  main = "zombi.systems"
-#  sans = ["www.zombi.systems", "blog.zombi.systems"]

docker-compose.yml

@@ -2,8 +2,7 @@ version: '2'
 
 services:
   proxy:
-    image: traefik:1.7
+    image: traefik:v2.1
-    command: --logLevel=ERROR
     ports:
       - "80:80"
       - "443:443"
@@ -13,9 +12,29 @@ services:
       - "./cert/:/cert/"
       - "./config/:/etc/traefik/:ro"
     labels:
-      - "traefik.enable=false" # set to true to expose the Monitoring & API
+      - "traefik.enable=true" # set to true to expose the Monitoring & API
+      # middleware redirect
+      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
+      # global redirect to https
+      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
+      - "traefik.http.routers.http-catchall.entrypoints=web"
+      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
+
       - "traefik.backend=proxy"
       - "traefik.port=8080"
+      # Password middleware
+      #- "traefik.http.middlewares.auth.basicauth.users=zombi:zombibi0815"
+      # Dashboard
+      - "traefik.http.routers.dashboard.rule=host(`test.zom.bi`)"
+      - "traefik.http.routers.dashboard.entrypoints=websecure"
+      - "traefik.http.routers.dashboard.tls=true"
+      - "traefik.http.routers.dashboard.service=api@internal"
+      - "traefik.http.routers.dashboard.tls.certresolver=default"
+      - "traefik.http.routers.dashboard.tls.domains[0].main=zom.bi"
+      - "traefik.http.routers.dashboard.tls.domains[0].sans=conference.zom.bi,mumble.zom.bi,mx.zom.bi,user.zom.bi,xmpp.zom.bi,irc.zom.bi,api.zom.bi,autoconfig.zom.bi,blog.zom.bi,cloud.zom.bi,docker.zom.bi,download.zom.bi,gdpr.zom.bi,git.zom.bi,kanban.zom.bi,mail.zom.bi,music.zom.bi,org.zom.bi,ovpn.zom.bi,pad.zom.bi,push.zom.bi,static.zom.bi,stream.zom.bi,tube.zom.bi,upload.zom.bi,wiki.zom.bi,www.zom.bi,test.zom.bi"
+      #- "traefik.http.routers.dashboard.middlewares=auth"
+
+      - "traefik.http.services.dashboard.loadbalancer.server.port=8080"
     networks:
       - "web"