From 8c47ddd18edfb3b9e3fe32e79fbdf70254b27181 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Tue, 2 Jul 2019 13:12:00 +0200 Subject: [PATCH 1/4] Segment labels and redirections --- docs/traefik-host.yml | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/docs/traefik-host.yml b/docs/traefik-host.yml index 3185773..6043afa 100644 --- a/docs/traefik-host.yml +++ b/docs/traefik-host.yml @@ -19,11 +19,8 @@ services: - traefik.port=8500 - traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public} - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} consul-replica: image: consul @@ -63,11 +60,8 @@ services: - traefik.port=8080 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} volumes: - /var/run/docker.sock:/var/run/docker.sock From 8dd1951a109e1e6192c8401d1a5fb3bfc27f339b Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Tue, 2 Jul 2019 13:20:31 +0200 Subject: [PATCH 2/4] update documentation --- docs/traefik-technical-details.md | 5 ++--- docs/traefik-with-volume.md | 15 ++++++--------- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/docs/traefik-technical-details.md b/docs/traefik-technical-details.md index 0271fcb..8db7848 100644 --- a/docs/traefik-technical-details.md +++ b/docs/traefik-technical-details.md @@ -29,9 +29,8 @@ It has several deployment labels, these are what make Traefik expose the Consul * `traefik.port=8500`: expose the content from the port `8500` (that's the port inside the container). * `traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public}`: as the main Traefik proxy will only expose services with the `traefik-public` tag (using a parameter below), make the Consul service have this tag too, so that the Traefik public can find it and expose it. Use as the tag the environment variable `TRAEFIK_PUBLIC_TAG`, or by default, set it to `traefik-public`. * `traefik.docker.network=traefik-public`: tell Traefik to get the contents provided by this service using that shared network. -* `traefik.redirectorservice.frontend.entryPoints=http`: make the service listen to HTTP, so that it can redirect to HTTPS. -* `traefik.redirectorservice.frontend.redirect.entryPoint=https`: make Traefik redirect HTTP trafic to HTTPS for the web UI. -* `traefik.webservice.frontend.entryPoints=https`: make the web UI listen and serve on HTTPS. +* `traefik.frontend.entryPoints=https`: make the web UI listen and serve on HTTP and HTTPS. +* `traefik.frontend.redirect.entryPoint=https`: make Traefik redirect HTTP trafic to HTTPS for the web UI. * `traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}`: enable basic auth, so that not everyone can access your Traefik web dashboard, it uses the username and password created above. If those environment variables are not set, show the error "`Variable USERNAME not set`" or "`Variable HASHED_PASSWORD not set`". ```YAML hl_lines="4 6 10 11 13 14 17 18 19 20 21 22 23 24 25 26 27" diff --git a/docs/traefik-with-volume.md b/docs/traefik-with-volume.md index bf049a0..e6307eb 100644 --- a/docs/traefik-with-volume.md +++ b/docs/traefik-with-volume.md @@ -108,9 +108,8 @@ docker service create \ --label "traefik.port=8080" \ --label "traefik.tags=traefik-public" \ --label "traefik.docker.network=traefik-public" \ - --label "traefik.redirectorservice.frontend.entryPoints=http" \ - --label "traefik.redirectorservice.frontend.redirect.entryPoint=https" \ - --label "traefik.webservice.frontend.entryPoints=https" \ + --label "traefik.frontend.entryPoints=http,https" \ + --label "traefik.frontend.redirect.entryPoint=https" \ --label "traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}" \ traefik:v1.7 \ --docker \ @@ -149,9 +148,8 @@ The previous command explained: * `--label "traefik.port=8080"`: when Traefik exposes itself as a service (for the dashboard), use the internal service port `8080` * `--label "traefik.tags=traefik-public"`: as the main Traefik proxy will only expose services with the `traefik-public` tag (using a parameter below), make the dashboard service have this tag too, so that the Traefik public (itself) can find it and expose it * `--label "traefik.docker.network=traefik-public"`: make the dashboard service use the `traefik-public` network to expose itself -* `--label "traefik.redirectorservice.frontend.entryPoints=http"`: make the web dashboard listen to HTTP, so that it can redirect to HTTPS -* `--label "traefik.redirectorservice.frontend.redirect.entryPoint=https"`: make Traefik redirect HTTP trafic to HTTPS for the web dashboard -* `--label "traefik.webservice.frontend.entryPoints=https"`: make the web dashboard listen and serve on HTTPS +* `--label "traefik.frontend.entryPoints=http"`: make the web dashboard listen and serve on HTTP and HTTPS +* `--label "traefik.frontend.redirect.entryPoint=https"`: make Traefik redirect HTTP trafic to HTTPS for the web dashboard * `--label "traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}"`: enable basic auth, so that not every one can access your Traefik web dashboard, it uses the username and password created above. If the variables are not set, show an error. * `traefik:v1.7`: use the image `traefik:v1.7` * `--docker`: enable Docker @@ -222,9 +220,8 @@ docker service create \ --label "traefik.port=8080" \ --label "traefik.tags=traefik-public" \ --label "traefik.docker.network=traefik-public" \ - --label "traefik.redirectorservice.frontend.entryPoints=http" \ - --label "traefik.redirectorservice.frontend.redirect.entryPoint=https" \ - --label "traefik.webservice.frontend.entryPoints=https" \ + --label "traefik.frontend.entryPoints=http,https" \ + --label "traefik.frontend.redirect.entryPoint=https" \ --label "traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}" \ traefik:v1.7 \ --docker \ From 73a3f512541e8127e5fe014e565e5875e58c5caf Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Tue, 2 Jul 2019 13:25:59 +0200 Subject: [PATCH 3/4] update other examples --- docs/portainer.yml | 7 ++----- docs/swarmpit.yml | 7 ++----- docs/thelounge.yml | 7 ++----- docs/traefik.yml | 14 ++++---------- 4 files changed, 10 insertions(+), 25 deletions(-) diff --git a/docs/portainer.yml b/docs/portainer.yml index 2942552..c6b0ab7 100644 --- a/docs/portainer.yml +++ b/docs/portainer.yml @@ -35,11 +35,8 @@ services: - traefik.port=9000 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https networks: agent-network: diff --git a/docs/swarmpit.yml b/docs/swarmpit.yml index 3d91cec..d349a7d 100644 --- a/docs/swarmpit.yml +++ b/docs/swarmpit.yml @@ -29,11 +29,8 @@ services: - traefik.port=8080 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https db: image: couchdb:2.3.0 diff --git a/docs/thelounge.yml b/docs/thelounge.yml index 4d27813..c242d8e 100644 --- a/docs/thelounge.yml +++ b/docs/thelounge.yml @@ -17,11 +17,8 @@ services: - traefik.port=9000 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https networks: traefik-public: diff --git a/docs/traefik.yml b/docs/traefik.yml index b9b9559..4752425 100644 --- a/docs/traefik.yml +++ b/docs/traefik.yml @@ -19,11 +19,8 @@ services: - traefik.port=8500 - traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public} - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} consul-replica: image: consul @@ -59,11 +56,8 @@ services: - traefik.port=8080 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} volumes: - /var/run/docker.sock:/var/run/docker.sock From 45579af29ae561f5c4fa1c79661756a49830ec8b Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Wed, 4 Dec 2019 23:30:03 +0100 Subject: [PATCH 4/4] Applies review changes. --- docs/traefik-technical-details.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/traefik-technical-details.md b/docs/traefik-technical-details.md index 8db7848..37b9a44 100644 --- a/docs/traefik-technical-details.md +++ b/docs/traefik-technical-details.md @@ -29,7 +29,7 @@ It has several deployment labels, these are what make Traefik expose the Consul * `traefik.port=8500`: expose the content from the port `8500` (that's the port inside the container). * `traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public}`: as the main Traefik proxy will only expose services with the `traefik-public` tag (using a parameter below), make the Consul service have this tag too, so that the Traefik public can find it and expose it. Use as the tag the environment variable `TRAEFIK_PUBLIC_TAG`, or by default, set it to `traefik-public`. * `traefik.docker.network=traefik-public`: tell Traefik to get the contents provided by this service using that shared network. -* `traefik.frontend.entryPoints=https`: make the web UI listen and serve on HTTP and HTTPS. +* `traefik.frontend.entryPoints=http,https`: make the web UI listen and serve on HTTP and HTTPS. * `traefik.frontend.redirect.entryPoint=https`: make Traefik redirect HTTP trafic to HTTPS for the web UI. * `traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}`: enable basic auth, so that not everyone can access your Traefik web dashboard, it uses the username and password created above. If those environment variables are not set, show the error "`Variable USERNAME not set`" or "`Variable HASHED_PASSWORD not set`".