redirect to https, configure dashboard

2026-04-25 17:00:40 +02:00 · 2021-11-06 15:58:13 +01:00
parent 8b759e6e98
commit d3daa5a27f
3 changed files with 32 additions and 14 deletions
@@ -3,12 +3,15 @@ version: '3'
 services:
  traefik:
    container_name: traefik
-    image: traefik:v2.2.1   
+    image: traefik:v2.5.3   
    ports:
      - 80:80
      - 443:443
+      - 8080:8080
    expose:
      - 8080
+    labels: 
+      - traefik.enable=true      
    networks:
      - srv
    restart: unless-stopped
@@ -3,11 +3,11 @@ version: '3'
 services:
  traefik:
    container_name: traefik
-    image: traefik:v2.2.1
+    image: traefik:v2.5.3
    command:
      - --providers.docker=true
      - --providers.docker.exposedbydefault=false      
-      - --api=true
+      - --api.dashboard=false
      - --entrypoints.http.address=:80      
      - --entrypoints.https.address=:443
      - --certificatesresolvers.letsencrypt.acme.email=${LETSENCRYPT_EMAIL}
@@ -21,13 +21,13 @@ services:
    environment:
      - GANDIV5_API_KEY=${GANDIV5_API_KEY}
    labels: 
-      - traefik.enable=true
-      - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
-      - traefik.http.routers.api.entrypoints=http
-      - traefik.http.routers.api.entrypoints=https
-      - traefik.http.routers.api.service=api@internal   
-      - traefik.http.routers.api.middlewares=auth
-      - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
+      #- traefik.enable=true
+      # - traefik.http.routers.api.rule=Host(`${HOST_TRAEFIK}.${DOMAIN}`)
+      # - traefik.http.routers.api.entrypoints=http
+      # - traefik.http.routers.api.entrypoints=https
+      # - traefik.http.routers.api.service=api@internal   
+      # - traefik.http.routers.api.middlewares=auth
+      # - traefik.http.middlewares.auth.basicauth.users=${BASIC_AUTH}
      # request widlcard certificate
      - traefik.http.routers.api.tls.certresolver=letsencrypt
      - traefik.http.routers.api.tls.domains[0].main=${DOMAIN}
@@ -42,8 +42,6 @@ services:
    ports:
      - 80:80
      - 443:443
-    expose:
-      - 8080
    networks:
      - srv
    restart: unless-stopped
@@ -16,5 +16,22 @@ providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    watch: true
-    exposedByDefault: true
-    defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"
+    exposedByDefault: false
+    defaultRule: "HostRegexp(`{{ index .Labels \"com.docker.compose.service\"}}.traefik.me`,`{{ index .Labels \"com.docker.compose.service\"}}-{dashed-ip:.*}.traefik.me`)"
+
+http:
+  # global redirect to https
+  routers:
+    http-catchall:
+      rule: "hostregexp(`{host:.+}`)"
+      entrypoints: 
+        - http
+      middlewares: 
+        - redirect-to-https
+
+  # middleware redirect
+  middlewares:
+    redirect-to-https:
+      redirectscheme:
+        scheme: https
+        permanent: true