traefik v3

dockers/traefik/docker-compose.tmpl.yml.dist

@@ -1,20 +1,13 @@
-version: '3'
-
 services:
   reverse-proxy:
-    # The official v2 Traefik docker image
-    image: traefik:v2.10.7
+    image: traefik:v3.1.2
     container_name: ${traefikServName}
     restart: ${restartPolicy}
     # Enables the web UI and tells Traefik to listen to docker
     ports:
-      # The HTTP port
       - ${MAIN_IP}:80:80
       - ${MAIN_IP}:443:443
-      # The Web UI (enabled by --api.insecure=true)
-      # - ${MAIN_IP}:8289:8289
     volumes:
-      # So that Traefik can listen to the Docker events
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - ./conf:/etc/traefik/
       - letsencrypt:/letsencrypt
@@ -22,33 +15,39 @@ services:
       - TRAEFIK_PROVIDERS_DOCKER=true
       - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
       - TRAEFIK_API=true
-      - TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik/dynamic
+      - TRAEFIK_PROVIDERS_FILE_DIRECTORY=/etc/traefik
       - TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
       - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=websecure
       - TRAEFIK_ENTRYPOINTS_websecure_ADDRESS=:443
       - TRAEFIK_ENTRYPOINTS_websecure_HTTP_TLS_CERTRESOLVER=letsencrypt
-      #- TRAEFIK_ENTRYPOINTS_metrics_ADDRESS=:8289
-      #- TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT=metrics
+      - TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file,test-ipwhitelist@file
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_EMAIL=admin@${domain}
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_CASERVER=${acme_server}
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_STORAGE=/letsencrypt/acme.json
       - TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_TLSCHALLENGE=true
-      - TRAEFIK_LOG_LEVEL=DEBUG
-      - TRAEFIK_ENTRYPOINTS_websecure_HTTP_MIDDLEWARES=hsts@file
-      #- LEGO_CA_CERTIFICATES=/etc/traefik/root_ca.crt
-      #- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE=true
-      #- TRAEFIK_CERTIFICATESRESOLVERS_letsencrypt_ACME_HTTPCHALLENGE_ENTRYPOINT=web
+      - TRAEFIK_LOG_LEVEL=INFO
       - TRAEFIK_API_DASHBOARD=true
+      #pour la migration vers traefik3
+      - TRAEFIK_CORE_DEFAULTRULESYNTAX=v3
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`) && PathPrefix(`/api`, `/dashboard`)"
       - "traefik.http.routers.traefik_https.rule=Host(`${site}.${domain}`)"
       - "traefik.http.routers.traefik_https.entrypoints=websecure"
-      # - "traefik.http.routers.traefik_https.tls=true"
       - "traefik.http.routers.traefik_https.service=api@internal"
       - "traefik.http.routers.traefik_https.middlewares=test-adminipwhitelist@file,traefik-auth"
-      # - "traefik.http.routers.traefik_https.tls.certresolver=letsencrypt"
       - "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/etc/traefik/passfile"
+      # Middleware for redirection
+      - "traefik.http.middlewares.redirect-to-www.redirectregex.regex=^https?://${domain}(.*)"
+      - "traefik.http.middlewares.redirect-to-www.redirectregex.replacement=https://www.${domain}$${1}"
+      - "traefik.http.middlewares.redirect-to-www.redirectregex.permanent=true"
+      # Router for redirection
+      - "traefik.http.routers.redirection.rule=Host(`${domain}`)"
+      - "traefik.http.routers.redirection.entrypoints=websecure"
+      - "traefik.http.routers.redirection.middlewares=redirect-to-www"
+      - "traefik.http.routers.redirection.tls.certresolver=myresolver"
+
+
     networks:
       - traefikNet
 {{web