From 09a543cacb2263584796ceeb3a4197f07f7a4594 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Mon, 6 Apr 2020 11:46:59 +0200 Subject: [PATCH] :recycle: Update and simplify labels and redirections (#22) * Segment labels and redirections * update documentation * update other examples * Applies review changes. --- docs/portainer.yml | 7 ++----- docs/swarmpit.yml | 7 ++----- docs/thelounge.yml | 7 ++----- docs/traefik-host.yml | 14 ++++---------- docs/traefik-technical-details.md | 5 ++--- docs/traefik-with-volume.md | 15 ++++++--------- docs/traefik.yml | 14 ++++---------- 7 files changed, 22 insertions(+), 47 deletions(-) diff --git a/docs/portainer.yml b/docs/portainer.yml index 2942552..c6b0ab7 100644 --- a/docs/portainer.yml +++ b/docs/portainer.yml @@ -35,11 +35,8 @@ services: - traefik.port=9000 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https networks: agent-network: diff --git a/docs/swarmpit.yml b/docs/swarmpit.yml index 3d91cec..d349a7d 100644 --- a/docs/swarmpit.yml +++ b/docs/swarmpit.yml @@ -29,11 +29,8 @@ services: - traefik.port=8080 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https db: image: couchdb:2.3.0 diff --git a/docs/thelounge.yml b/docs/thelounge.yml index 4d27813..c242d8e 100644 --- a/docs/thelounge.yml +++ b/docs/thelounge.yml @@ -17,11 +17,8 @@ services: - traefik.port=9000 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https networks: traefik-public: diff --git a/docs/traefik-host.yml b/docs/traefik-host.yml index 3185773..6043afa 100644 --- a/docs/traefik-host.yml +++ b/docs/traefik-host.yml @@ -19,11 +19,8 @@ services: - traefik.port=8500 - traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public} - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} consul-replica: image: consul @@ -63,11 +60,8 @@ services: - traefik.port=8080 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} volumes: - /var/run/docker.sock:/var/run/docker.sock diff --git a/docs/traefik-technical-details.md b/docs/traefik-technical-details.md index 0271fcb..37b9a44 100644 --- a/docs/traefik-technical-details.md +++ b/docs/traefik-technical-details.md @@ -29,9 +29,8 @@ It has several deployment labels, these are what make Traefik expose the Consul * `traefik.port=8500`: expose the content from the port `8500` (that's the port inside the container). * `traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public}`: as the main Traefik proxy will only expose services with the `traefik-public` tag (using a parameter below), make the Consul service have this tag too, so that the Traefik public can find it and expose it. Use as the tag the environment variable `TRAEFIK_PUBLIC_TAG`, or by default, set it to `traefik-public`. * `traefik.docker.network=traefik-public`: tell Traefik to get the contents provided by this service using that shared network. -* `traefik.redirectorservice.frontend.entryPoints=http`: make the service listen to HTTP, so that it can redirect to HTTPS. -* `traefik.redirectorservice.frontend.redirect.entryPoint=https`: make Traefik redirect HTTP trafic to HTTPS for the web UI. -* `traefik.webservice.frontend.entryPoints=https`: make the web UI listen and serve on HTTPS. +* `traefik.frontend.entryPoints=http,https`: make the web UI listen and serve on HTTP and HTTPS. +* `traefik.frontend.redirect.entryPoint=https`: make Traefik redirect HTTP trafic to HTTPS for the web UI. * `traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}`: enable basic auth, so that not everyone can access your Traefik web dashboard, it uses the username and password created above. If those environment variables are not set, show the error "`Variable USERNAME not set`" or "`Variable HASHED_PASSWORD not set`". ```YAML hl_lines="4 6 10 11 13 14 17 18 19 20 21 22 23 24 25 26 27" diff --git a/docs/traefik-with-volume.md b/docs/traefik-with-volume.md index bf049a0..e6307eb 100644 --- a/docs/traefik-with-volume.md +++ b/docs/traefik-with-volume.md @@ -108,9 +108,8 @@ docker service create \ --label "traefik.port=8080" \ --label "traefik.tags=traefik-public" \ --label "traefik.docker.network=traefik-public" \ - --label "traefik.redirectorservice.frontend.entryPoints=http" \ - --label "traefik.redirectorservice.frontend.redirect.entryPoint=https" \ - --label "traefik.webservice.frontend.entryPoints=https" \ + --label "traefik.frontend.entryPoints=http,https" \ + --label "traefik.frontend.redirect.entryPoint=https" \ --label "traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}" \ traefik:v1.7 \ --docker \ @@ -149,9 +148,8 @@ The previous command explained: * `--label "traefik.port=8080"`: when Traefik exposes itself as a service (for the dashboard), use the internal service port `8080` * `--label "traefik.tags=traefik-public"`: as the main Traefik proxy will only expose services with the `traefik-public` tag (using a parameter below), make the dashboard service have this tag too, so that the Traefik public (itself) can find it and expose it * `--label "traefik.docker.network=traefik-public"`: make the dashboard service use the `traefik-public` network to expose itself -* `--label "traefik.redirectorservice.frontend.entryPoints=http"`: make the web dashboard listen to HTTP, so that it can redirect to HTTPS -* `--label "traefik.redirectorservice.frontend.redirect.entryPoint=https"`: make Traefik redirect HTTP trafic to HTTPS for the web dashboard -* `--label "traefik.webservice.frontend.entryPoints=https"`: make the web dashboard listen and serve on HTTPS +* `--label "traefik.frontend.entryPoints=http"`: make the web dashboard listen and serve on HTTP and HTTPS +* `--label "traefik.frontend.redirect.entryPoint=https"`: make Traefik redirect HTTP trafic to HTTPS for the web dashboard * `--label "traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}"`: enable basic auth, so that not every one can access your Traefik web dashboard, it uses the username and password created above. If the variables are not set, show an error. * `traefik:v1.7`: use the image `traefik:v1.7` * `--docker`: enable Docker @@ -222,9 +220,8 @@ docker service create \ --label "traefik.port=8080" \ --label "traefik.tags=traefik-public" \ --label "traefik.docker.network=traefik-public" \ - --label "traefik.redirectorservice.frontend.entryPoints=http" \ - --label "traefik.redirectorservice.frontend.redirect.entryPoint=https" \ - --label "traefik.webservice.frontend.entryPoints=https" \ + --label "traefik.frontend.entryPoints=http,https" \ + --label "traefik.frontend.redirect.entryPoint=https" \ --label "traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}" \ traefik:v1.7 \ --docker \ diff --git a/docs/traefik.yml b/docs/traefik.yml index b9b9559..4752425 100644 --- a/docs/traefik.yml +++ b/docs/traefik.yml @@ -19,11 +19,8 @@ services: - traefik.port=8500 - traefik.tags=${TRAEFIK_PUBLIC_TAG:-traefik-public} - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} consul-replica: image: consul @@ -59,11 +56,8 @@ services: - traefik.port=8080 - traefik.tags=traefik-public - traefik.docker.network=traefik-public - # Traefik service that listens to HTTP - - traefik.redirectorservice.frontend.entryPoints=http - - traefik.redirectorservice.frontend.redirect.entryPoint=https - # Traefik service that listens to HTTPS - - traefik.webservice.frontend.entryPoints=https + - traefik.frontend.entryPoints=http,https + - traefik.frontend.redirect.entryPoint=https - traefik.frontend.auth.basic.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set} volumes: - /var/run/docker.sock:/var/run/docker.sock