Migrate v1 to v2 / Help with traefik.toml

Good Morning,
I tried to get to v2 from traefik.
So I start to translate my old config to the new one.
Can you guys maybe take a look and say if it is ok. Did I miss something:

old config:

debug = false
logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]

[file]
  watch = true

[traefikLog]
  filePath = "traefik.log"

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
  minVersion = "VersionTLS12"
  cipherSuites = [ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" ]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "admin.kiefer-networks.de"
watch = true
exposedbydefault = false

[acme]
email = "info@kiefer-networks.de"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"

[web]
address = ":8080"

My new config looks like this:

[global]
  checkNewVersion = true

[log]
  level = "DEBUG"
  filePath = "./traefik.log"
  format = "json"

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"

[tls.options]
  [tls.options.default]
    minVersion = "VersionTLS12"
    cipherSuites = [
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        ]

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  exposedByDefault = false

[api]
  dashboard = true

[http.routers.api]
  rule = "Host(`admin.kiefer-networks.de`)"
  entrypoints = ["web-secure"]
  service = "api@internal"
  middlewares = ["myAuth"]
  [http.routers.api.tls]

[http.middlewares.myAuth.basicAuth]
  users = [
    "admin:$apr1$H6uskkkW$IgXLP6ewTrSusafdasfdasfdasfdafasfasfasfasfdasdfBkTrqE8wj/"
  ]

[certificatesResolvers.le.acme]
  email = "info@kiefer-networks.de"
  storage = "acme.json"
  [certificatesResolvers.le.acme.tlsChallenge]

The password is only an example. I know I must change the rules on the labels on the docker container. But first want to check my traefik config.
This is my old docker-compose.yml file. I think I must change here a lot:

version: '3'

services:
  app:
    image: traefik:v1.7
    command: --web  --docker --logLevel=INFO
    restart: always
    networks:
      - web
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "traefik.frontend.rule=Host:admin.kiefer-networks.de"
      - "traefik.port=8080"
      - "traefik.frontend.headers.SSLRedirect=true"
      - "traefik.frontend.headers.STSSeconds=315360000"
      - "traefik.frontend.headers.browserXSSFilter=true"
      - "traefik.frontend.headers.contentTypeNosniff=true"
      - "traefik.frontend.headers.forceSTSHeader=true"
      - "traefik.frontend.headers.STSIncludeSubdomains=true"
      - "traefik.frontend.headers.STSPreload=true"
      - "traefik.frontend.headers.frameDeny=true"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json
networks:
  web:
    external: true

I changed my config to this

[global]
  checkNewVersion = true

[log]
  level = "DEBUG"
  filePath = "./traefik.log"
  format = "json"

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  exposedByDefault = false
  network = "web"

[providers.file]
  directory = "/tls/"

[api]
  dashboard = true

[http.routers.api]
  rule = "Host(`admin.kiefer-networks.de`)"
  entrypoints = ["web-secure"]
  service = "api@internal"
  middlewares = ["myAuth"]
  [http.routers.api.tls]

[http.middlewares.myAuth.basicAuth]
  users = [
    "admin:$apr1$H6uskkkW$IgXLP6ewTrSusafdasfdasfdasfdafasfasfasfasfdasdfBkTrqE8wj/"
  ]

[certificatesResolvers]
  [certificatesResolvers.le.acme]
    email = "info@kiefer-networks.de"
    storage = "acme.json"
    [certificatesResolvers.le.acme.tlsChallenge]

Then I created folder tls with a file .toml with this config

[tls]
  [tls.options]
    [tls.options.default]
       minVersion = "VersionTLS12"
       sniStrict = true
       cipherSuites = [
         "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
         "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
         "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
         "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
         "TLS_AES_128_GCM_SHA256",
         "TLS_AES_256_GCM_SHA384",
         "TLS_CHACHA20_POLY1305_SHA256",
      ]

Hello,

I recommend to use our migration tool to help you during the migration.