diff --git a/overrides/compose.custom-domain.yaml b/overrides/compose.custom-domain.yaml index e7c82f90..7ca31776 100644 --- a/overrides/compose.custom-domain.yaml +++ b/overrides/compose.custom-domain.yaml @@ -14,7 +14,8 @@ services: - traefik.http.services.${ROUTER?ROUTER not set}.loadbalancer.server.port=2016 - traefik.http.routers.${ROUTER}.service=${ROUTER} - traefik.http.routers.${ROUTER}.entrypoints=http - - traefik.http.routers.${ROUTER}.rule=Host(${SITES?SITES not set}) + - traefik.http.routers.${ROUTER}.ruleSyntax=v3 + - traefik.http.routers.${ROUTER}.rule=${SITES_RULE?SITES_RULE not set} - traefik.http.middlewares.${ROUTER}.headers.customrequestheaders.Host=${BASE_SITE?BASE_SITE not set} - traefik.http.routers.${ROUTER}.middlewares=${ROUTER} networks: diff --git a/overrides/compose.https.yaml b/overrides/compose.https.yaml index 9096e560..55b453e8 100644 --- a/overrides/compose.https.yaml +++ b/overrides/compose.https.yaml @@ -1,32 +1,33 @@ -services: - frontend: - labels: +services: + frontend: + labels: - traefik.enable=true - traefik.http.services.frontend.loadbalancer.server.port=8080 - traefik.http.routers.frontend-http.entrypoints=websecure - traefik.http.routers.frontend-http.tls.certresolver=main-resolver - - traefik.http.routers.frontend-http.rule=Host(${SITES:?List of sites not set}) - - proxy: - image: traefik:v2.11 - restart: unless-stopped - command: - - --providers.docker=true - - --providers.docker.exposedbydefault=false - - --entrypoints.web.address=:80 - - --entrypoints.web.http.redirections.entrypoint.to=websecure - - --entrypoints.web.http.redirections.entrypoint.scheme=https - - --entrypoints.websecure.address=:443 - - --certificatesResolvers.main-resolver.acme.httpChallenge=true - - --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web - - --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set} - - --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json - ports: - - ${HTTP_PUBLISH_PORT:-80}:80 - - ${HTTPS_PUBLISH_PORT:-443}:443 - volumes: - - cert-data:/letsencrypt - - /var/run/docker.sock:/var/run/docker.sock:ro - -volumes: - cert-data: + - traefik.http.routers.frontend-http.ruleSyntax=v3 + - traefik.http.routers.frontend-http.rule=${SITES_RULE:?SITES_RULE not set} + + proxy: + image: traefik:v3.6 + restart: unless-stopped + command: + - --providers.docker=true + - --providers.docker.exposedbydefault=false + - --entrypoints.web.address=:80 + - --entrypoints.web.http.redirections.entrypoint.to=websecure + - --entrypoints.web.http.redirections.entrypoint.scheme=https + - --entrypoints.websecure.address=:443 + - --certificatesResolvers.main-resolver.acme.httpChallenge=true + - --certificatesResolvers.main-resolver.acme.httpChallenge.entrypoint=web + - --certificatesResolvers.main-resolver.acme.email=${LETSENCRYPT_EMAIL:?No Let's Encrypt email set} + - --certificatesResolvers.main-resolver.acme.storage=/letsencrypt/acme.json + ports: + - ${HTTP_PUBLISH_PORT:-80}:80 + - ${HTTPS_PUBLISH_PORT:-443}:443 + volumes: + - cert-data:/letsencrypt + - /var/run/docker.sock:/var/run/docker.sock:ro + +volumes: + cert-data: diff --git a/overrides/compose.multi-bench-ssl.yaml b/overrides/compose.multi-bench-ssl.yaml index 158d22bd..e38da19b 100644 --- a/overrides/compose.multi-bench-ssl.yaml +++ b/overrides/compose.multi-bench-ssl.yaml @@ -4,8 +4,9 @@ services: # ${ROUTER}-http to use the middleware to redirect to https - traefik.http.routers.${ROUTER}-http.middlewares=https-redirect # ${ROUTER}-https the actual router using HTTPS - # Uses the environment variable SITES - - traefik.http.routers.${ROUTER}-https.rule=Host(${SITES?SITES not set}) + # Uses the environment variable SITES_RULE + - traefik.http.routers.${ROUTER}-https.ruleSyntax=v3 + - traefik.http.routers.${ROUTER}-https.rule=${SITES_RULE?SITES_RULE not set} - traefik.http.routers.${ROUTER}-https.entrypoints=https - traefik.http.routers.${ROUTER}-https.tls=true # Use the service ${ROUTER} with the frontend diff --git a/overrides/compose.multi-bench.yaml b/overrides/compose.multi-bench.yaml index 7e681a18..542e7716 100644 --- a/overrides/compose.multi-bench.yaml +++ b/overrides/compose.multi-bench.yaml @@ -9,7 +9,8 @@ services: - traefik.http.services.${ROUTER?ROUTER not set}.loadbalancer.server.port=8080 - traefik.http.routers.${ROUTER}-http.service=${ROUTER} - traefik.http.routers.${ROUTER}-http.entrypoints=http - - traefik.http.routers.${ROUTER}-http.rule=Host(${SITES?SITES not set}) + - traefik.http.routers.${ROUTER}-http.ruleSyntax=v3 + - traefik.http.routers.${ROUTER}-http.rule=${SITES_RULE?SITES_RULE not set} configurator: networks: - bench-network diff --git a/overrides/compose.proxy.yaml b/overrides/compose.proxy.yaml index 32ce9fab..b3c467c7 100644 --- a/overrides/compose.proxy.yaml +++ b/overrides/compose.proxy.yaml @@ -1,19 +1,20 @@ -services: - frontend: - labels: +services: + frontend: + labels: - traefik.enable=true - traefik.http.services.frontend.loadbalancer.server.port=8080 - traefik.http.routers.frontend-http.entrypoints=web - - traefik.http.routers.frontend-http.rule=HostRegexp(`{any:.+}`) - - proxy: - image: traefik:v2.11 - command: - - --providers.docker - - --providers.docker.exposedbydefault=false - - --entrypoints.web.address=:80 - ports: - - ${HTTP_PUBLISH_PORT:-80}:80 - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - userns_mode: host + - traefik.http.routers.frontend-http.ruleSyntax=v3 + - traefik.http.routers.frontend-http.rule=HostRegexp(`^.+$`) + + proxy: + image: traefik:v3.6 + command: + - --providers.docker + - --providers.docker.exposedbydefault=false + - --entrypoints.web.address=:80 + ports: + - ${HTTP_PUBLISH_PORT:-80}:80 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + userns_mode: host diff --git a/overrides/compose.traefik-ssl.yaml b/overrides/compose.traefik-ssl.yaml index b83cb8e4..19083bf2 100644 --- a/overrides/compose.traefik-ssl.yaml +++ b/overrides/compose.traefik-ssl.yaml @@ -1,48 +1,49 @@ -services: - traefik: - labels: - # https-redirect middleware to redirect HTTP to HTTPS - # It can be reused by other stacks in other Docker Compose files - - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https - - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true - # traefik-http to use the middleware to redirect to https - - traefik.http.routers.traefik-public-http.middlewares=https-redirect +services: + traefik: + labels: + # https-redirect middleware to redirect HTTP to HTTPS + # It can be reused by other stacks in other Docker Compose files + - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https + - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true + # traefik-http to use the middleware to redirect to https + - traefik.http.routers.traefik-public-http.middlewares=https-redirect # traefik-https the actual router using HTTPS # Uses the environment variable DOMAIN + - traefik.http.routers.traefik-public-https.ruleSyntax=v3 - traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_DOMAIN}`) - - traefik.http.routers.traefik-public-https.entrypoints=https - - traefik.http.routers.traefik-public-https.tls=true - # Use the special Traefik service api@internal with the web UI/Dashboard - - traefik.http.routers.traefik-public-https.service=api@internal - # Use the "le" (Let's Encrypt) resolver created below - - traefik.http.routers.traefik-public-https.tls.certresolver=le - # Enable HTTP Basic auth, using the middleware created above - - traefik.http.routers.traefik-public-https.middlewares=admin-auth - command: - # Enable Docker in Traefik, so that it reads labels from Docker services - - --providers.docker=true - # Do not expose all Docker services, only the ones explicitly exposed - - --providers.docker.exposedbydefault=false - # Create an entrypoint http listening on port 80 - - --entrypoints.http.address=:80 - # Create an entrypoint https listening on port 443 - - --entrypoints.https.address=:443 - # Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL - - --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set} - # Store the Let's Encrypt certificates in the mounted volume - - --certificatesresolvers.le.acme.storage=/certificates/acme.json - # Use the TLS Challenge for Let's Encrypt - - --certificatesresolvers.le.acme.tlschallenge=true - # Enable the access log, with HTTP requests - - --accesslog - # Enable the Traefik log, for configurations and errors - - --log - # Enable the Dashboard and API - - --api - ports: - - ${HTTPS_PUBLISH_PORT:-443}:443 - volumes: - - cert-data:/certificates - -volumes: - cert-data: + - traefik.http.routers.traefik-public-https.entrypoints=https + - traefik.http.routers.traefik-public-https.tls=true + # Use the special Traefik service api@internal with the web UI/Dashboard + - traefik.http.routers.traefik-public-https.service=api@internal + # Use the "le" (Let's Encrypt) resolver created below + - traefik.http.routers.traefik-public-https.tls.certresolver=le + # Enable HTTP Basic auth, using the middleware created above + - traefik.http.routers.traefik-public-https.middlewares=admin-auth + command: + # Enable Docker in Traefik, so that it reads labels from Docker services + - --providers.docker=true + # Do not expose all Docker services, only the ones explicitly exposed + - --providers.docker.exposedbydefault=false + # Create an entrypoint http listening on port 80 + - --entrypoints.http.address=:80 + # Create an entrypoint https listening on port 443 + - --entrypoints.https.address=:443 + # Create the certificate resolver le for Let's Encrypt, uses the environment variable EMAIL + - --certificatesresolvers.le.acme.email=${EMAIL:?No EMAIL set} + # Store the Let's Encrypt certificates in the mounted volume + - --certificatesresolvers.le.acme.storage=/certificates/acme.json + # Use the TLS Challenge for Let's Encrypt + - --certificatesresolvers.le.acme.tlschallenge=true + # Enable the access log, with HTTP requests + - --accesslog + # Enable the Traefik log, for configurations and errors + - --log + # Enable the Dashboard and API + - --api + ports: + - ${HTTPS_PUBLISH_PORT:-443}:443 + volumes: + - cert-data:/certificates + +volumes: + cert-data: diff --git a/overrides/compose.traefik.yaml b/overrides/compose.traefik.yaml index 7765e19d..01ad3c5f 100644 --- a/overrides/compose.traefik.yaml +++ b/overrides/compose.traefik.yaml @@ -1,45 +1,46 @@ -services: - traefik: - image: "traefik:v2.11" - restart: unless-stopped - labels: - # Enable Traefik for this service, to make it available in the public network - - traefik.enable=true - # Use the traefik-public network (declared below) - - traefik.docker.network=traefik-public +services: + traefik: + image: "traefik:v3.6" + restart: unless-stopped + labels: + # Enable Traefik for this service, to make it available in the public network + - traefik.enable=true + # Use the traefik-public network (declared below) + - traefik.docker.network=traefik-public # admin-auth middleware with HTTP Basic auth # Using the environment variables USERNAME and HASHED_PASSWORD - traefik.http.middlewares.admin-auth.basicauth.users=admin:${HASHED_PASSWORD:?No HASHED_PASSWORD set} # Uses the environment variable TRAEFIK_DOMAIN + - traefik.http.routers.traefik-public-http.ruleSyntax=v3 - traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_DOMAIN:?No TRAEFIK_DOMAIN set}`) - - traefik.http.routers.traefik-public-http.entrypoints=http - # Use the special Traefik service api@internal with the web UI/Dashboard - - traefik.http.routers.traefik-public-http.service=api@internal - # Enable HTTP Basic auth, using the middleware created above - - traefik.http.routers.traefik-public-http.middlewares=admin-auth - # Define the port inside of the Docker service to use - - traefik.http.services.traefik-public.loadbalancer.server.port=8080 - command: - # Enable Docker in Traefik, so that it reads labels from Docker services - - --providers.docker=true - # Do not expose all Docker services, only the ones explicitly exposed - - --providers.docker.exposedbydefault=false - # Create an entrypoint http listening on port 80 - - --entrypoints.http.address=:80 - # Enable the access log, with HTTP requests - - --accesslog - # Enable the Traefik log, for configurations and errors - - --log - # Enable the Dashboard and API - - --api - ports: - - ${HTTP_PUBLISH_PORT:-80}:80 - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - networks: - - traefik-public - -networks: - traefik-public: - name: traefik-public - external: false + - traefik.http.routers.traefik-public-http.entrypoints=http + # Use the special Traefik service api@internal with the web UI/Dashboard + - traefik.http.routers.traefik-public-http.service=api@internal + # Enable HTTP Basic auth, using the middleware created above + - traefik.http.routers.traefik-public-http.middlewares=admin-auth + # Define the port inside of the Docker service to use + - traefik.http.services.traefik-public.loadbalancer.server.port=8080 + command: + # Enable Docker in Traefik, so that it reads labels from Docker services + - --providers.docker=true + # Do not expose all Docker services, only the ones explicitly exposed + - --providers.docker.exposedbydefault=false + # Create an entrypoint http listening on port 80 + - --entrypoints.http.address=:80 + # Enable the access log, with HTTP requests + - --accesslog + # Enable the Traefik log, for configurations and errors + - --log + # Enable the Dashboard and API + - --api + ports: + - ${HTTP_PUBLISH_PORT:-80}:80 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - traefik-public + +networks: + traefik-public: + name: traefik-public + external: false