Thema: Umstieg - Traefik V2 auf V3
-
11.05.2024, 00:41 #1
- Registriert seit
- 10.05.2024
- Beiträge
- 3
Thanked 0 Times in 0 PostsUmstieg - Traefik V2 auf V3
Ich bin durch Youtube auf dieses Forum gestossen auf der Suche nach Lösung zu Traefik:
Dabei dann auch über diesen Link: https://www.benjaminrancourt.ca/a-co...configuration/
Ich arbeite schon mit Docker und Traefik seit gut 3 Jahren und habe mir eine gute Config über Stunden zusammenerarbeitet.
Aber heute bin ich auf einen Fehler gestossen und dachte das ich in dem Zusammenhang auf die V3 umsteige oder Versuche umzusteigen:
Docker-Compose.yml von Traefik:
Code:volumes: letsencrypt-data: driver: local-persist driver_opts: mountpoint: ${CONTAINERVOLUMES}/letsencrypt # https://www.benjaminrancourt.ca/a-complete-traefik-configuration/ services: traefik: image: "traefik:v3.0" container_name: ${COMPOSE_PROJECT_NAME} command: - "--providers.file.filename=/traefik.yml" labels: traefik.enable: "true" traefik.http.routers.traefik.entrypoints: "websecure-https" traefik.http.routers.traefik.middlewares: "traefikAuth@file,default@file" traefik.http.routers.traefik.rule: "${HOSTRULE}" traefik.http.routers.traefik.service: "api@internal" traefik.http.routers.traefik.tls: "true" traefik.http.routers.traefik.tls.certresolver: "letsEncrypt" traefik.http.routers.traefik.tls.options: "modern@file" networks: - "${PROXY_NETWORK}" - "default" ports: # To be able to listen on port 80 (http) - mode: host published: 80 target: 80 # To be able to listen on port 443 (https) - mode: host published: 443 target: 443 restart: ${RESTART} volumes: - ./configs/traefik/config.yml:/etc/traefik/config.yml:ro - ./configs/traefik/traefik.yml:/traefik.yml:ro # Set the container timezone by sharing the read-only localtime - /etc/localtime:/etc/localtime:ro - letsencrypt-data:/letsencrypt - "/var/run/docker.sock:/var/run/docker.sock:ro" networks: traefik_proxy: external: true name: ${PROXY_NETWORK} default: driver: bridge
Code:api: dashboard: true # Enable the dashboard certificatesResolvers: letsEncrypt: acme: tlschallenge: true email: "webmaster@domain.de" storage: "/letsencrypt/Traefik.json" entryPoints: web-http: address: ":80" http: redirections: entryPoint: to: "https" scheme: "https" websecure-https: address: ":443" http: tls: certResolver: letsEncrypt log: level: DEBUG providers: docker: endpoint: "unix:///var/run/docker.sock" # Listen to the UNIX Docker socket exposedByDefault: false # Only expose container that are explicitly enabled (using label traefik.enabled) network: "traefik_proxy" # Default network to use for connections to all containers. file: filename: "/etc/traefik/config.yml" # Link to the dynamic configuration watch: true # Watch for modifications providersThrottleDuration: 10 # Configuration reload frequency
Code:http: middlewares: # A basic authentification middleware, to protect the Traefik dashboard to anyone except myself # Use with traefik.http.routers.myRouter.middlewares: "traefikAuth@file" # Password generieren: echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g # Passwort beachten - $ muss mit einen 2ten $ versehen werden traefikAuth: basicAuth: users: - "test:$$apr1$$pm8qg13l$$Nt2/Q0cgKS2pSLQwSPC6w0" # Recommended default middleware for most of the services # Use with traefik.http.routers.myRouter.middlewares: "default@file" # Equivalent of traefik.http.routers.myRouter.middlewares: "default-security-headers@file,error-pages@file,gzip@file" default: chain: middlewares: - default-security-headers - error-pages - gzip # Add automatically some security headers # Use with traefik.http.routers.myRouter.middlewares: "default-security-headers@file" default-security-headers: headers: browserXssFilter: true # X-XSS-Protection=1; mode=block contentTypeNosniff: true # X-Content-Type-Options=nosniff forceSTSHeader: true # Add the Strict-Transport-Security header even when the connection is HTTP frameDeny: true # X-Frame-Options=deny referrerPolicy: "strict-origin-when-cross-origin" sslRedirect: true # Allow only https requests stsIncludeSubdomains: true # Add includeSubdomains to the Strict-Transport-Security header stsPreload: true # Add preload flag appended to the Strict-Transport-Security header stsSeconds: 63072000 # Set the max-age of the Strict-Transport-Security header (63072000 = 2 years) # Serve the error pages when the status is included inside the following ranges # Use with traefik.http.routers.myRouter.middlewares: "error-pages@file" error-pages: errors: query: "erreur{status}/" service: traefik-error-pages status: - "403-404" - "500" - "503" # Enables the GZIP compression (https://docs.traefik.io/middlewares/compress/) # if the response body is larger than 1400 bytes # if the Accept-Encoding request header contains gzip # if the response is not already compressed (Content-Encoding is not set) # Use with traefik.http.routers.myRouter.middlewares: "gzip@file" gzip: compress: {} services: # Error pages traefik-error-pages: loadBalancer: servers: - url: "https://www.usherbrooke.ca/error-pages/" # See https://doc.traefik.io/traefik/https/tls/ tls: options: # To use with the label "traefik.http.routers.myrouter.tls.options=modern@file" modern: minVersion: "VersionTLS13" # Minimum TLS Version sniStrict: true # Strict SNI Checking # To use with the label "traefik.http.routers.myrouter.tls.options=intermediate@file" intermediate: cipherSuites: - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" minVersion: "VersionTLS12" # Minimum TLS Version sniStrict: true # Strict SNI Checking # To use with the label "traefik.http.routers.myrouter.tls.options=old@file" old: cipherSuites: - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305" - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_AES_128_GCM_SHA256" - "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_AES_128_CBC_SHA256" - "TLS_RSA_WITH_AES_128_CBC_SHA" - "TLS_RSA_WITH_AES_256_CBC_SHA" - "TLS_RSA_WITH_3DES_EDE_CBC_SHA" minVersion: "TLSv1" # Minimum TLS Version sniStrict: true # Strict SNI Checking
aber hier sperrt es gerade schonGeändert von csaeum (11.05.2024 um 10:00 Uhr) Grund: Datenschutz
-
11.05.2024, 10:55 #2
- Registriert seit
- 10.05.2024
- Beiträge
- 3
Thanked 0 Times in 0 PostsAW: Umstieg - Traefik V2 auf V3
Also vielleicht sollte man nicht bis spät Nachts oder Morgens sowas versuchen schon gar nicht wenn man den ganzen Tag schon an Problemen sitzt.
Hier meine Verzeichnisstruktur:
zu meinen Anfangspost habe ich nun folgende Dateien:
docker-compose.yml
Code:volumes: letsencrypt-data: driver: local-persist driver_opts: mountpoint: ${CONTAINERVOLUMES}/letsencrypt services: traefik: image: "traefik:v3.0" container_name: ${COMPOSE_PROJECT_NAME} command: - "--providers.file.filename=/traefik.yml" labels: traefik.enable: "true" traefik.http.routers.traefik.rule: "${HOSTRULE}" traefik.http.routers.traefik.service: "api@internal" traefik.http.routers.traefik.middlewares: "myauth" traefik.http.middlewares.myauth.basicauth.users: test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/ networks: - "${PROXY_NETWORK}" - "default" ports: # To be able to listen on port 80 (http) - mode: host published: 80 target: 80 # To be able to listen on port 443 (https) - mode: host published: 443 target: 443 restart: ${RESTART} volumes: # - ./configs/traefik/config.yml:/etc/traefik/config.yml:ro - ./configs/traefik/traefik.yml:/traefik.yml:ro - ./logs/access.log:/var/log/access.log - ./logs/traefik.log:/var/log/traefik.log # Set the container timezone by sharing the read-only localtime - /etc/localtime:/etc/localtime:ro - letsencrypt-data:/letsencrypt - "/var/run/docker.sock:/var/run/docker.sock:ro" networks: traefik_proxy: external: true name: ${PROXY_NETWORK} default: driver: bridge
Code:accessLog: filePath: "/var/log/access.log" api: # Enable the dashboard dashboard: true insecure: false certificatesResolvers: letsEncrypt: acme: tlschallenge: true email: "webmaster@example.com" storage: "/letsencrypt/Traefik.json" entryPoints: web-http: address: ":80" http: redirections: entryPoint: to: "https" scheme: "https" websecure-https: address: ":443" http: tls: certResolver: letsEncrypt log: level: DEBUG filePath: /var/log/traefik.log providers: docker: endpoint: "unix:///var/run/docker.sock" # Listen to the UNIX Docker socket exposedByDefault: false # Only expose container that are explicitly enabled (using label traefik.enabled) network: "traefik_proxy" # Default network to use for connections to all containers. file: filename: "/etc/traefik/config.yml" # Link to the dynamic configuration watch: true # Watch for modifications providersThrottleDuration: 10 # Configuration reload frequency
Dazu wäre mein Wunsch das man gzip für alle Seiten sowie das alle Headers sowie auch die Remote IP der Besucher der Container an diese durchgereicht wird.
Gestern hatte ich hier ein großes Problem mit den CORS Headern.
Würde mich freuen wenn wir für alle hier eine super Config zusammenbekommen.
Ich werde die Container auch auf GITHub hochladen.
Als nächstes will ich den Portainer zum laufen bekommen aber dies nicht in dieser Config sondern als Extra Docker Stack
Ähnliche Themen
-
Ubuntu Traefik 404 not found
Von BuddiHagge im Forum LinuxAntworten: 6Letzter Beitrag: 20.10.2022, 22:48 -
Umstieg auf das IPhone 6 Plus?
Von DarkRiverCoke im Forum iOSAntworten: 22Letzter Beitrag: 09.02.2015, 21:08 -
Lohnt sich der Umstieg vom HTC One M7 zum M8?
Von Nightmare1907 im Forum MobilgeräteAntworten: 2Letzter Beitrag: 09.10.2014, 22:15 -
Digitales TV - Umstieg
Von Devon im Forum Audio & VideoAntworten: 0Letzter Beitrag: 19.02.2012, 20:09
Stichworte
Diese Seite nutzt Cookies, um das Nutzererlebnis zu verbessern. Klicken Sie hier, um das Cookie-Tracking zu deaktivieren.