i'm currently in the process of migrating from v1 to v2. This is a working v1 example for docker i have:
I cannot figure it out how to migrate this to v2. Currently my attempt looks like this:
This should work for the HTTPS router pointing to the service listening on HTTPS, shouldn't it?
However, i have two questions:
- What is the proper syntax for adding multiple middlewares to a router with labels for a docker container definition? The documentation says: A list. Since i am defining the containers via the ansible
docker_container module, one could assume a list in yaml style, but that cannot apply for a "simple"
docker run command.
- What does the
redirect@file middleware do? It is copypasted from the docs, but according to the docs there does not exist a
redirect@file middleware. Wouldn't a
RedirectScheme be more appropriate, like described in the lists of middlewares?
Maybe someone can help me accomplish my goal of translating the above v1 snippet to a v2 snippet which does the same, so i can adapt it to my other services.
I had a very similar question here Global http to https redirect in v2 .. but not label related. Similar assumption but yet similar unsure
I'm also still learning and deciphering the documentation, but I think this will help...
First, the @file syntax is a provider reference to dynamic file configuration. In order for your labels to work, you'd load a dynamic configuration that contained something like the following:
scheme = "https"
users = [
Note that "redirect" and "auth" are arbitrary names we're using in this example that reference the middleware configuration.
Then, because I don't believe they're referring to a YAML list rather than a literal list, in order to load both auth and redirect middlewares, I believe you'd do:
- "traefik.http.routers.web.rule: Host('resilio.mytld')"
- "traefik.http.routers.web.entrypoints: web"
- "traefik.http.routers.web.middlewares: redirect@file, auth@file"
- "traefik.http.routers.web-secured.rule: Host('resilio.mytld')"
- "traefik.http.routers.web-secured.entrypoints: web-secure"
- "traefik.http.routers.web-secured.tls: true"
- "traefik.http.routers.web-secured.service: resilio"
- "traefik.http.services.resilio.loadbalancer.server.port: 8888"
That said, you may want to attach your auth middleware to your secured route?
Again, any part of this may be incorrect as the docs have felt incomplete and a bit hard to follow for me thus far, but hopefully it helps you along.
@emce No, you got it right. redirect@file is indeed how you refer to a middleware arbitrarily named redirect, which would be defined for the file provider, i.e. in a dynamic file configuration.
Also, yes, a comma separated list should be the syntax to refer to a list of middlewares in a router, as confirmed in: https://docs.traefik.io/v2.0/reference/dynamic-configuration/docker/
Thanks for your answers. They have helped me a bit. However, currently i am struggling with the dynamic file configuration.
I have created a directory called
conf.d and mounted it in
/conf.d in the traefik container.
I reference this directory in the traefik.yaml with the following snippet:
Inside this directory there is a file called redirect.yaml with the following content:
And these are the labels with whom i want to make the traefik dashboard available via HTTP-to-HTTPS redirect and basic auth:
I already was successful with accessing the dashboard via plaintext HTTP, but the currrent configuration gives me these errors:
time="2019-09-19T08:37:26Z" level=info msg="Configuration loaded from file: /traefik.yaml"
time="2019-09-19T08:37:27Z" level=error msg="middleware \"redirect@file\" does not exist" entryPointName=web routerName=api@docker
time="2019-09-19T08:37:27Z" level=error msg="middleware \"redirect@file\" does not exist" entryPointName=web-secure routerName=api@docker
time="2019-09-19T08:37:27Z" level=error msg="middleware \"redirect@file\" does not exist" entryPointName=traefik routerName=api@docker
I fixed it. I didn't notice i already had a provider section for docker. Now everything's fine. Next step: Catchall HTTPS redirect, but i'll look into @EugenMayer s thread for that.