chore(traefik): migrate compose overrides to v3 traefik

overrides/compose.custom-domain.yaml

@@ -14,7 +14,8 @@ services:
       - traefik.http.services.${ROUTER?ROUTER not set}.loadbalancer.server.port=2016
       - traefik.http.routers.${ROUTER}.service=${ROUTER}
       - traefik.http.routers.${ROUTER}.entrypoints=http
-      - traefik.http.routers.${ROUTER}.rule=Host(${SITES?SITES not set})
+      - traefik.http.routers.${ROUTER}.ruleSyntax=v3
+      - traefik.http.routers.${ROUTER}.rule=${SITES_RULE?SITES_RULE not set}
       - traefik.http.middlewares.${ROUTER}.headers.customrequestheaders.Host=${BASE_SITE?BASE_SITE not set}
       - traefik.http.routers.${ROUTER}.middlewares=${ROUTER}
     networks:

overrides/compose.https.yaml

@@ -1,32 +1,33 @@
-services:
-  frontend:
-    labels:
+services:
+  frontend:
+    labels:
       - traefik.enable=true
       - traefik.http.services.frontend.loadbalancer.server.port=8080
       - traefik.http.routers.frontend-http.entrypoints=websecure
       - traefik.http.routers.frontend-http.tls.certresolver=main-resolver
-      - traefik.http.routers.frontend-http.rule=Host(${SITES:?List of sites not set})
-
-  proxy:
-    image: traefik:v2.11
-    restart: unless-stopped
-    command:
-      - --providers.docker=true
-      - --providers.docker.exposedbydefault=false
-      - --entrypoints.web.address=:80
-      - --entrypoints.web.http.redirections.entrypoint.to=websecure
-      - --entrypoints.web.http.redirections.entrypoint.scheme=https
-      - --entrypoints.websecure.address=:443
-      - --certificatesResolvers.main-resolver.acme.httpChallenge=true
-      - --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web
-      - --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set}
-      - --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json
-    ports:
-      - ${HTTP_PUBLISH_PORT:-80}:80
-      - ${HTTPS_PUBLISH_PORT:-443}:443
-    volumes:
-      - cert-data:/letsencrypt
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-
-volumes:
-  cert-data:
+      - traefik.http.routers.frontend-http.ruleSyntax=v3
+      - traefik.http.routers.frontend-http.rule=${SITES_RULE:?SITES_RULE not set}
+
+  proxy:
+    image: traefik:v3.6
+    restart: unless-stopped
+    command:
+      - --providers.docker=true
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+      - --entrypoints.web.http.redirections.entrypoint.to=websecure
+      - --entrypoints.web.http.redirections.entrypoint.scheme=https
+      - --entrypoints.websecure.address=:443
+      - --certificatesResolvers.main-resolver.acme.httpChallenge=true
+      - --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web
+      - --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set}
+      - --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json
+    ports:
+      - ${HTTP_PUBLISH_PORT:-80}:80
+      - ${HTTPS_PUBLISH_PORT:-443}:443
+    volumes:
+      - cert-data:/letsencrypt
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+
+volumes:
+  cert-data:

overrides/compose.multi-bench-ssl.yaml

@@ -4,8 +4,9 @@ services:
       # ${ROUTER}-http to use the middleware to redirect to https
       - traefik.http.routers.${ROUTER}-http.middlewares=https-redirect
       # ${ROUTER}-https the actual router using HTTPS
-      # Uses the environment variable SITES
-      - traefik.http.routers.${ROUTER}-https.rule=Host(${SITES?SITES not set})
+      # Uses the environment variable SITES_RULE
+      - traefik.http.routers.${ROUTER}-https.ruleSyntax=v3
+      - traefik.http.routers.${ROUTER}-https.rule=${SITES_RULE?SITES_RULE not set}
       - traefik.http.routers.${ROUTER}-https.entrypoints=https
       - traefik.http.routers.${ROUTER}-https.tls=true
       # Use the service ${ROUTER} with the frontend

overrides/compose.multi-bench.yaml

@@ -9,7 +9,8 @@ services:
       - traefik.http.services.${ROUTER?ROUTER not set}.loadbalancer.server.port=8080
       - traefik.http.routers.${ROUTER}-http.service=${ROUTER}
       - traefik.http.routers.${ROUTER}-http.entrypoints=http
-      - traefik.http.routers.${ROUTER}-http.rule=Host(${SITES?SITES not set})
+      - traefik.http.routers.${ROUTER}-http.ruleSyntax=v3
+      - traefik.http.routers.${ROUTER}-http.rule=${SITES_RULE?SITES_RULE not set}
   configurator:
     networks:
       - bench-network

overrides/compose.proxy.yaml

@@ -1,19 +1,20 @@
-services:
-  frontend:
-    labels:
+services:
+  frontend:
+    labels:
       - traefik.enable=true
       - traefik.http.services.frontend.loadbalancer.server.port=8080
       - traefik.http.routers.frontend-http.entrypoints=web
-      - traefik.http.routers.frontend-http.rule=HostRegexp(`{any:.+}`)
-
-  proxy:
-    image: traefik:v2.11
-    command:
-      - --providers.docker
-      - --providers.docker.exposedbydefault=false
-      - --entrypoints.web.address=:80
-    ports:
-      - ${HTTP_PUBLISH_PORT:-80}:80
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    userns_mode: host
+      - traefik.http.routers.frontend-http.ruleSyntax=v3
+      - traefik.http.routers.frontend-http.rule=HostRegexp(`^.+$`)
+
+  proxy:
+    image: traefik:v3.6
+    command:
+      - --providers.docker
+      - --providers.docker.exposedbydefault=false
+      - --entrypoints.web.address=:80
+    ports:
+      - ${HTTP_PUBLISH_PORT:-80}:80
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    userns_mode: host

overrides/compose.traefik-ssl.yaml

@@ -1,48 +1,49 @@
-services:
-  traefik:
-    labels:
-      # https-redirect middleware to redirect HTTP to HTTPS
-      # It can be reused by other stacks in other Docker Compose files
-      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
-      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
-      # traefik-http to use the middleware to redirect to https
-      - traefik.http.routers.traefik-public-http.middlewares=https-redirect
+services:
+  traefik:
+    labels:
+      # https-redirect middleware to redirect HTTP to HTTPS
+      # It can be reused by other stacks in other Docker Compose files
+      - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
+      - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
+      # traefik-http to use the middleware to redirect to https
+      - traefik.http.routers.traefik-public-http.middlewares=https-redirect
       # traefik-https the actual router using HTTPS
       # Uses the environment variable DOMAIN
+      - traefik.http.routers.traefik-public-https.ruleSyntax=v3
       - traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_DOMAIN}`)
-      - traefik.http.routers.traefik-public-https.entrypoints=https
-      - traefik.http.routers.traefik-public-https.tls=true
-      # Use the special Traefik service api@internal with the web UI/Dashboard
-      - traefik.http.routers.traefik-public-https.service=api@internal
-      # Use the "le" (Let's Encrypt) resolver created below
-      - traefik.http.routers.traefik-public-https.tls.certresolver=le
-      # Enable HTTP Basic auth, using the middleware created above
-      - traefik.http.routers.traefik-public-https.middlewares=admin-auth
-    command:
-      # Enable Docker in Traefik, so that it reads labels from Docker services
-      - --providers.docker=true
-      # Do not expose all Docker services, only the ones explicitly exposed
-      - --providers.docker.exposedbydefault=false
-      # Create an entrypoint http listening on port 80
-      - --entrypoints.http.address=:80
-      # Create an entrypoint https listening on port 443
-      - --entrypoints.https.address=:443
-      # Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL
-      - --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set}
-      # Store the Let's Encrypt certificates in the mounted volume
-      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
-      # Use the TLS Challenge for Let's Encrypt
-      - --certificatesresolvers.le.acme.tlschallenge=true
-      # Enable the access log, with HTTP requests
-      - --accesslog
-      # Enable the Traefik log, for configurations and errors
-      - --log
-      # Enable the Dashboard and API
-      - --api
-    ports:
-      - ${HTTPS_PUBLISH_PORT:-443}:443
-    volumes:
-      - cert-data:/certificates
-
-volumes:
-  cert-data:
+      - traefik.http.routers.traefik-public-https.entrypoints=https
+      - traefik.http.routers.traefik-public-https.tls=true
+      # Use the special Traefik service api@internal with the web UI/Dashboard
+      - traefik.http.routers.traefik-public-https.service=api@internal
+      # Use the "le" (Let's Encrypt) resolver created below
+      - traefik.http.routers.traefik-public-https.tls.certresolver=le
+      # Enable HTTP Basic auth, using the middleware created above
+      - traefik.http.routers.traefik-public-https.middlewares=admin-auth
+    command:
+      # Enable Docker in Traefik, so that it reads labels from Docker services
+      - --providers.docker=true
+      # Do not expose all Docker services, only the ones explicitly exposed
+      - --providers.docker.exposedbydefault=false
+      # Create an entrypoint http listening on port 80
+      - --entrypoints.http.address=:80
+      # Create an entrypoint https listening on port 443
+      - --entrypoints.https.address=:443
+      # Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL
+      - --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set}
+      # Store the Let's Encrypt certificates in the mounted volume
+      - --certificatesresolvers.le.acme.storage=/certificates/acme.json
+      # Use the TLS Challenge for Let's Encrypt
+      - --certificatesresolvers.le.acme.tlschallenge=true
+      # Enable the access log, with HTTP requests
+      - --accesslog
+      # Enable the Traefik log, for configurations and errors
+      - --log
+      # Enable the Dashboard and API
+      - --api
+    ports:
+      - ${HTTPS_PUBLISH_PORT:-443}:443
+    volumes:
+      - cert-data:/certificates
+
+volumes:
+  cert-data:

overrides/compose.traefik.yaml

@@ -1,45 +1,46 @@
-services:
-  traefik:
-    image: "traefik:v2.11"
-    restart: unless-stopped
-    labels:
-      # Enable Traefik for this service, to make it available in the public network
-      - traefik.enable=true
-      # Use the traefik-public network (declared below)
-      - traefik.docker.network=traefik-public
+services:
+  traefik:
+    image: "traefik:v3.6"
+    restart: unless-stopped
+    labels:
+      # Enable Traefik for this service, to make it available in the public network
+      - traefik.enable=true
+      # Use the traefik-public network (declared below)
+      - traefik.docker.network=traefik-public
       # admin-auth middleware with HTTP Basic auth
       # Using the environment variables USERNAME and HASHED_PASSWORD
       - traefik.http.middlewares.admin-auth.basicauth.users=admin:${HASHED_PASSWORD:?No HASHED_PASSWORD set}
       # Uses the environment variable TRAEFIK_DOMAIN
+      - traefik.http.routers.traefik-public-http.ruleSyntax=v3
       - traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_DOMAIN:?No TRAEFIK_DOMAIN set}`)
-      - traefik.http.routers.traefik-public-http.entrypoints=http
-      # Use the special Traefik service api@internal with the web UI/Dashboard
-      - traefik.http.routers.traefik-public-http.service=api@internal
-      # Enable HTTP Basic auth, using the middleware created above
-      - traefik.http.routers.traefik-public-http.middlewares=admin-auth
-      # Define the port inside of the Docker service to use
-      - traefik.http.services.traefik-public.loadbalancer.server.port=8080
-    command:
-      # Enable Docker in Traefik, so that it reads labels from Docker services
-      - --providers.docker=true
-      # Do not expose all Docker services, only the ones explicitly exposed
-      - --providers.docker.exposedbydefault=false
-      # Create an entrypoint http listening on port 80
-      - --entrypoints.http.address=:80
-      # Enable the access log, with HTTP requests
-      - --accesslog
-      # Enable the Traefik log, for configurations and errors
-      - --log
-      # Enable the Dashboard and API
-      - --api
-    ports:
-      - ${HTTP_PUBLISH_PORT:-80}:80
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-    networks:
-      - traefik-public
-
-networks:
-  traefik-public:
-    name: traefik-public
-    external: false
+      - traefik.http.routers.traefik-public-http.entrypoints=http
+      # Use the special Traefik service api@internal with the web UI/Dashboard
+      - traefik.http.routers.traefik-public-http.service=api@internal
+      # Enable HTTP Basic auth, using the middleware created above
+      - traefik.http.routers.traefik-public-http.middlewares=admin-auth
+      # Define the port inside of the Docker service to use
+      - traefik.http.services.traefik-public.loadbalancer.server.port=8080
+    command:
+      # Enable Docker in Traefik, so that it reads labels from Docker services
+      - --providers.docker=true
+      # Do not expose all Docker services, only the ones explicitly exposed
+      - --providers.docker.exposedbydefault=false
+      # Create an entrypoint http listening on port 80
+      - --entrypoints.http.address=:80
+      # Enable the access log, with HTTP requests
+      - --accesslog
+      # Enable the Traefik log, for configurations and errors
+      - --log
+      # Enable the Dashboard and API
+      - --api
+    ports:
+      - ${HTTP_PUBLISH_PORT:-80}:80
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - traefik-public
+
+networks:
+  traefik-public:
+    name: traefik-public
+    external: false