I am running into issues with migrating my hass.io install (https://github.com/home-assistant/hassio-installer ) to 2.0 as well.
My setup for 1.7 was fairly simple:
- Traefik 1.7 and other containers via docker-compose
- containers proxied with labels on the docker compose yaml w/ cloudflare and sub-domain wildcards per container
- traefik configured via toml file
- hassio installed in docker
- install command
curl -sL https://raw.githubusercontent.com/home-assistant/hassio-installer/master/hassio_install.sh | bash -s -- -m qemux86-64 -d /home/USERNAME/docker/hassio
- used a rules.toml to proxy traefik:
[backends]
[backends.backend-homeassistant]
[backends.backend-homeassistant.servers]
[backends.backend-homeassistant.servers.server-homeassistant-ext]
url = "http://192.168.1.111:8123"
weight = 0
[frontends]
[frontends.frontend-homeassistant]
backend = "backend-homeassistant"
passHostHeader = true
[frontends.frontend-homeassistant.routes]
[frontends.frontend-homeassistant.routes.route-homeassistant-ext]
rule = "Host:SUD.DOMAIN.COM"
Now on 2.0 I have the docker-compose.yml containers working.
Traefik + exp container portion of docker-compose.yaml:
traefik:
hostname: traefik
image: traefik:latest
container_name: traefik
restart: always
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/docker/traefik:/etc/traefik
- ${USERDIR}/docker/shared:/shared
ports:
- "80:80"
- "443:443"
networks:
default:
traefik_proxy:
ipv4_address: 172.19.0.99
environment:
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
- CF_API_EMAIL=${CF_API_EMAIL}
- CF_API_KEY=${CF_API_KEY}
- TRAEFIK_ACCESSLOG=true
command:
- "--api=true"
- "--api.dashboard=true"
- "--global.sendanonymoususage=false"
- "--log.level=WARN"
- "--serverstransport.insecureskipverify"
- "--providers.docker=true"
- "--providers.docker.network=traefik_proxy"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.filename=/etc/traefik/dynamic_conf.toml"
- "--providers.file.watch=true"
- "--providers.rest=true"
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
- "--certificatesresolvers.cloudflare.acme.dnsChallenge=true"
- "--certificatesresolvers.cloudflare.acme.dnsChallenge.provider=cloudflare"
- "--certificatesresolvers.cloudflare.acme.email=${CF_API_EMAIL}"
- "--certificatesresolvers.cloudflare.acme.storage=/etc/traefik/acme.json"
labels:
traefik.enable: true
traefik.docker.network: traefik_proxy
traefik.http.routers.traefik.entrypoints: https
traefik.http.routers.traefik.tls.certresolver: cloudflare
traefik.http.routers.traefik.rule: Host(`traefik.${DOMAINNAME}`)
traefik.http.routers.traefik.middlewares: secureheaders, basicauth
traefik.http.routers.traefik.service: api@internal
traefik.http.routers.http.entrypoints: http
traefik.http.routers.http.rule: HostRegexp(`${DOMAINNAME}`, `{subdomain:[a-z]+}.${DOMAINNAME}`)
traefik.http.routers.http.middlewares: redirectscheme
traefik.http.middlewares.redirectscheme.redirectscheme.scheme: https
traefik.http.middlewares.basicauth.basicauth.users: user:passwd
traefik.http.middlewares.secureheaders.headers.stsSeconds: 15552000
traefik.http.middlewares.secureheaders.headers.framedeny: true
traefik.http.middlewares.secureheaders.headers.sslForceHost: true
traefik.http.middlewares.secureheaders.headers.sslRedirect: true
traefik.http.middlewares.secureheaders.headers.stsIncludeSubdomains: true
traefik.http.middlewares.secureheaders.headers.browserXssFilter: true
traefik.http.middlewares.secureheaders.headers.contentTypeNosniff: true
traefik.http.middlewares.secureheaders.headers.forceSTSHeader: true
traefik.http.middlewares.secureheaders.headers.stsPreload: true
traefik.http.middlewares.secureheaders.headers.customResponseHeaders.X-Robots-Tag: none
traefik.http.middlewares.secureheaders.headers.customFrameOptionsValue: SAMEORIGIN
portainer:
image: portainer/portainer
container_name: portainer
restart: always
command: -H unix:///var/run/docker.sock
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${USERDIR}/docker/portainer/data:/data
- ${USERDIR}/docker/shared:/shared
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
networks:
- traefik_proxy
ports:
- "9000:9000"
labels:
traefik.enable: true
traefik.docker.network: traefik_proxy
traefik.http.routers.portainer.entrypoints: https
traefik.http.routers.portainer.tls.certresolver: cloudflare
traefik.http.routers.portainer.rule: Host(`portainer.${DOMAINNAME}`)
I cannot figure out how to replicate what I had in my rules.toml for 2.0 yet though. I have read most all the documentation and I think I need a dynamic_conf.toml. So far I have:
[http.routers]
[http.routers.hassio]
entrypoints = ["http"]
rule = "Host(`SUB.DOMAIN.COM`)"
service = "hassio-docker"
[http.routers.hassio.tls]
certResolver = "cloudflare"
[http.services]
[http.services.hassio-docker.LoadBalancer]
[[http.services.hassio-docker.LoadBalancer.servers]]
url = "http://192.168.1.111:8123"
Does using a file config not pickup on the CLI commands I passed in docker-compose? Is it possible to not use the toml at all for this?
Also with how hassio is setup, it contains addons, that are docker containers. They do some ingress stuff (not familiar w/ ingress), and it is mainly managed by the hassio supervisor container. Is it possible to setup traefik to proxy those containers?
EDIT: Solved the frontend / backend issue.
edited docker-compose to have a command for "--providers.file.filename=/etc/traefik/dynamic_conf.toml"
instead of dynamic_conf.toml.
Added a rules.yaml with:
rules.yml:
http:
routers:
hass:
entryPoints:
- http
- https
rule: "Host(`hass.DOMAIN.XYZ`)"
service: hass
tls:
certResolver: "cloudflare"
domains:
- main: "DOMAIN.XYZ"
sans:
- "*.DOMAIN.XYZ"
services:
hass:
loadBalancer:
servers:
- url: "http://192.168.1.111:8123"
passHostHeader: true