I'm having some issues with upgrading from 2.8.1 to 2.8.3 with a few files that I would really appreciate some help with understanding what the error is on my part.
Here are three examples that do not have errors with Schema validation
Static Config
global:
checkNewVersion: true
sendAnonymousUsage: false
api:
dashboard: true
log:
level: 'ERROR' # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
accessLog:
filePath: '/traefik.log'
bufferingSize: 100 # Configuring a buffer of 100 lines
filters:
statusCodes:
- '400-499'
entryPoints:
# Not used in apps, but redirect everything from HTTP to HTTPS
http:
address: :80
forwardedHeaders:
trustedIPs: &trustedIps
# Start of Clouflare public IP list for HTTP requests, remove this if you don't use it
- 173.245.48.0/20
- 103.21.244.0/22
- 103.22.200.0/22
- 103.31.4.0/22
- 141.101.64.0/18
- 108.162.192.0/18
- 190.93.240.0/20
- 188.114.96.0/20
- 197.234.240.0/22
- 198.41.128.0/17
- 162.158.0.0/15
- 104.16.0.0/12
- 172.64.0.0/13
- 131.0.72.0/22
- 2400:cb00::/32
- 2606:4700::/32
- 2803:f800::/32
- 2405:b500::/32
- 2405:8100::/32
- 2a06:98c0::/29
- 2c0f:f248::/32
# End of Cloudlare public IP list
http:
redirections:
entryPoint:
to: https
scheme: https
# HTTPS endpoint, with domain wildcard
https:
address: :443
forwardedHeaders:
# Reuse list of Cloudflare Trusted IP's above for HTTPS requests
trustedIPs: *trustedIps
http:
tls:
certresolver: 'dns-cloudflare'
domains:
- main: 'mydomain.com'
- sans:
- '*.mydomain.com'
options: 'tls-opts@file'
providers:
providersThrottleDuration: 2s
# Docker provider for connecting all apps that are inside of the docker network
docker:
endpoint: 'unix:///var/run/docker.sock'
network: 'proxy'
exposedByDefault: false
swarmMode: false
watch: true
# File provider for connecting things that are outside of docker / defining middleware
file:
directory: '/rules'
watch: true
certificatesResolvers:
dns-cloudflare:
acme:
email: 'myemail'
storage: '/acme.json'
dnsChallenge:
provider: 'cloudflare'
resolvers:
- '1.1.1.1:53'
- '1.0.0.1:53'
delayBeforeCheck: '90'
Dynamic File 1
http:
middlewares:
middlewares-basic-auth:
basicAuth:
# users:
# - 'user:$apsdfswWvC/6.$E3FtsfTntPC0wVJ7IUVtX1'
usersFile: '/run/secrets/htpasswd' #be sure to mount the volume through docker-compose.yml
realm: 'Traefik 2 Basic Auth'
middlewares-rate-limit:
rateLimit:
average: 100
burst: 50
middlewares-https-redirectscheme:
redirectScheme:
scheme: https
permanent: true
middlewares-secure-headers:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- PUT
accessControlMaxAge: 100
hostsProxyHeaders:
- 'X-Forwarded-Host'
stsSeconds: 63072000
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
customFrameOptionsValue: 'allow-from https:{{env "DOMAINNAME"}}' #CSP takes care of this but may be needed for organizr.
contentTypeNosniff: true
browserXssFilter: true
# sslForceHost: true # add sslHost to all of the services
# sslHost: '{{env 'DOMAINNAME'}}'
referrerPolicy: 'same-origin'
permissionsPolicy: 'camera=(), microphone=(), geolocation=(), payment=(), usb=(), vr=()'
customResponseHeaders:
X-Robots-Tag: 'none,noarchive,nosnippet,notranslate,noimageindex,'
server: ''
# https://community.traefik.io/t/how-to-make-websockets-work-with-traefik-2-0-setting-up-rancher/1732
# X-Forwarded-Proto: 'https'
middlewares-oauth:
forwardAuth:
address: 'http://oauth:4181' # Make sure you have the OAuth service in docker-compose.yml
trustForwardHeader: true
authResponseHeaders:
- 'X-Forwarded-User'
middlewares-crowdsec-bouncer-traefik:
forwardAuth:
address: 'http://crowdsec-bouncer:8080/api/v1/forwardAuth' # Make sure you have the crowdsec-bouncer service in docker-compose.yml
trustForwardHeader: true
middlewares-oauth-external:
forwardAuth:
address: 'https://oauth.{{env "DOMAINNAME"}}' # Make sure you have the OAuth service in a remote server
trustForwardHeader: true
authResponseHeaders:
- 'X-Forwarded-User'
middlewares-authelia:
forwardAuth:
address: 'http://authelia:9091/api/verify?rd=https://authelia.{{env "DOMAINNAME"}}'
trustForwardHeader: true
authResponseHeaders:
- 'Remote-User'
- 'Remote-Groups'
middlewares-compress:
compress: {}
# https://stackoverflow.com/questions/49717670/how-to-config-upload-body-size-restriction-in-traefik
middlewares-buffering:
buffering:
maxResponseBodyBytes: 2000000
maxRequestBodyBytes: 10485760
memRequestBodyBytes: 2097152
memResponseBodyBytes: 2097152
retryExpression: 'IsNetworkError() && Attempts() <= 2'
Dynamic File 2
tcp:
routers:
pve01-tcp:
rule: 'HostSNI(`pve01.{{env "DOMAINNAME"}}`)'
entryPoints:
- https
# middlewares:
# - chain-authelia
service: pve01-svc
tls:
certResolver: dns-cloudflare
passthrough: true
services:
pve01-svc:
loadBalancer:
servers:
- address: 'pve01:8006'
But these three do have errors and I can't uderstand why.
Property tls is not allowed.
tls:
options:
tls-opts:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_FALLBACK_SCSV # Client is doing version fallback. See RFC 7507
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
Property http is not allowed.
http:
middlewares:
chain-no-auth:
chain:
middlewares:
# - middlewares-crowdsec-bouncer-traefik
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
# - middlewares-compress
chain-basic-auth:
chain:
middlewares:
# - middlewares-crowdsec-bouncer-traefik
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-basic-auth
# - middlewares-compress
chain-oauth:
chain:
middlewares:
# - middlewares-crowdsec-bouncer-traefik
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth
# - middlewares-compress
chain-oauth-external:
chain:
middlewares:
# - middlewares-crowdsec-bouncer-traefik
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-oauth-external
# - middlewares-compress
chain-authelia:
chain:
middlewares:
# - middlewares-crowdsec-bouncer-traefik
- middlewares-rate-limit
- middlewares-https-redirectscheme
- middlewares-secure-headers
- middlewares-authelia
# - middlewares-compress
Property http is not allowed.
http:
routers:
hass-rtr:
rule: 'Host(`hass.{{env "DOMAINNAME"}}`)'
entryPoints:
- https
middlewares:
- chain-no-auth
service: hass-svc
tls:
certResolver: dns-cloudflare
services:
hass-svc:
loadBalancer:
servers:
- url: 'http://nvr:8123'