I'm trying to convert a working traefik1 config to v2. The concept I used is that all my services (which run in docker) run on http, with traefik applying a wildcard cert obtained via letsencrypt acme dnschallenge.
The idea is that the compose label config for services enabled in traefik should not require any https related config - this should be encapsulated in the static config in the toml/yml files. For all services incoming http should be redirected to https, also in the static cfg.
The working v1 configs looked like this:
debug = true logLevel = "INFO" defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.traefik] address = ":8088" [entryPoints.http] address = ":80" [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" [entryPoints.https.tls] [traefikLog] filePath = "traefik.log" [accessLog] filePath = "traefik_access.log" [api] [ping] [acme] email = "email@example.com" storage = "acme.json" entryPoint = "https" acmeLogging = true [[acme.domains]] main = "*.mydomain.com" [acme.dnsChallenge] provider = "ovh" delayBeforeCheck = 0 [docker] endpoint = "tcp://192.168.123.55:2375" exposedByDefault = false network = "traefik"
Traefik labels in service compose:
labels: # traefik-v1: - "traefik.enable=true" - "traefik.frontend.rule=Host:mb.mydomain.com" - "traefik.port=8096" - "traefik.backend=mb"
I've tried converting this to traefik2. Without certs I have a working setup, but when adding certificateResolvers etc I see nothing related to cert requests in the logs. I have removed the v1 acme.json as it's format seems no longer compatible. Current config looks like this (switched to yml format as this does not repeat base if identifiers):
global: checkNewVersion: true entryPoints: web: address: ":80" web-secure: address: ":443" log: level: "DEBUG" accessLog: filePath: "traefik_access.log" api: insecure: true providers: docker: endpoint: "tcp://192.168.123.55:2375" exposedByDefault: false network: "traefik" certificatesResolvers: sample: acme: email: "firstname.lastname@example.org" storage: "acme.json" dnsChallenge: provider: "ovh" delayBeforeCheck: 0
The service compose labels:
labels: - "traefik.enable=true" - "traefik.http.routers.mb-server.rule=Host(`mb.mydomain.com`)" - "traefik.http.routers.mb-server.entryPoints=web, web-secure" - "traefik.http.services.mb-server.loadbalancer.server.port=8096"
The required OVH-specific config is provided via env vars.
What seems to be missing in the v2 cfg is the
[[acme.domain]] declaration which provided the wild-card domain in v1.
I'm also unclear what the 'sample' label under certificateProviders should be.
If anybody can point me to the issues in my config I'd be very grateful!!