Good Morning,
I tried to get to v2 from traefik.
So I start to translate my old config to the new one.
Can you guys maybe take a look and say if it is ok. Did I miss something:
old config:
debug = false
logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]
[file]
watch = true
[traefikLog]
filePath = "traefik.log"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
minVersion = "VersionTLS12"
cipherSuites = [ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" ]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "admin.kiefer-networks.de"
watch = true
exposedbydefault = false
[acme]
email = "info@kiefer-networks.de"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[web]
address = ":8080"
My new config looks like this:
[global]
checkNewVersion = true
[log]
level = "DEBUG"
filePath = "./traefik.log"
format = "json"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
exposedByDefault = false
[api]
dashboard = true
[http.routers.api]
rule = "Host(`admin.kiefer-networks.de`)"
entrypoints = ["web-secure"]
service = "api@internal"
middlewares = ["myAuth"]
[http.routers.api.tls]
[http.middlewares.myAuth.basicAuth]
users = [
"admin:$apr1$H6uskkkW$IgXLP6ewTrSusafdasfdasfdasfdafasfasfasfasfdasdfBkTrqE8wj/"
]
[certificatesResolvers.le.acme]
email = "info@kiefer-networks.de"
storage = "acme.json"
[certificatesResolvers.le.acme.tlsChallenge]
The password is only an example. I know I must change the rules on the labels on the docker container. But first want to check my traefik config.
This is my old docker-compose.yml file. I think I must change here a lot:
version: '3'
services:
app:
image: traefik:v1.7
command: --web --docker --logLevel=INFO
restart: always
networks:
- web
ports:
- "80:80"
- "443:443"
labels:
- "traefik.frontend.rule=Host:admin.kiefer-networks.de"
- "traefik.port=8080"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
networks:
web:
external: true