I'm trying to convert a working traefik1 config to v2. The concept I used is that all my services (which run in docker) run on http, with traefik applying a wildcard cert obtained via letsencrypt acme dnschallenge.
The idea is that the compose label config for services enabled in traefik should not require any https related config - this should be encapsulated in the static config in the toml/yml files. For all services incoming http should be redirected to https, also in the static cfg.
The working v1 configs looked like this:
debug = true
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.traefik]
address = ":8088"
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[traefikLog]
filePath = "traefik.log"
[accessLog]
filePath = "traefik_access.log"
[api]
[ping]
[acme]
email = "mymail@some.domain"
storage = "acme.json"
entryPoint = "https"
acmeLogging = true
[[acme.domains]]
main = "*.mydomain.com"
[acme.dnsChallenge]
provider = "ovh"
delayBeforeCheck = 0
[docker]
endpoint = "tcp://192.168.123.55:2375"
exposedByDefault = false
network = "traefik"
Traefik labels in service compose:
labels:
# traefik-v1:
- "traefik.enable=true"
- "traefik.frontend.rule=Host:mb.mydomain.com"
- "traefik.port=8096"
- "traefik.backend=mb"
I've tried converting this to traefik2. Without certs I have a working setup, but when adding certificateResolvers etc I see nothing related to cert requests in the logs. I have removed the v1 acme.json as it's format seems no longer compatible. Current config looks like this (switched to yml format as this does not repeat base if identifiers):
global:
checkNewVersion: true
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
log:
level: "DEBUG"
accessLog:
filePath: "traefik_access.log"
api:
insecure: true
providers:
docker:
endpoint: "tcp://192.168.123.55:2375"
exposedByDefault: false
network: "traefik"
certificatesResolvers:
sample:
acme:
email: "mymail@some.domain"
storage: "acme.json"
dnsChallenge:
provider: "ovh"
delayBeforeCheck: 0
The service compose labels:
labels:
- "traefik.enable=true"
- "traefik.http.routers.mb-server.rule=Host(`mb.mydomain.com`)"
- "traefik.http.routers.mb-server.entryPoints=web, web-secure"
- "traefik.http.services.mb-server.loadbalancer.server.port=8096"
The required OVH-specific config is provided via env vars.
What seems to be missing in the v2 cfg is the [[acme.domain]]
declaration which provided the wild-card domain in v1.
I'm also unclear what the 'sample' label under certificateProviders should be.
If anybody can point me to the issues in my config I'd be very grateful!!