update traefik to v2.x

examples/traefik/docker-compose-swarm-registry.yml

@@ -0,0 +1,59 @@
+version: '3.7'
+
+services:
+  registry-ui:
+    image: joxit/docker-registry-ui:latest
+    environment:
+      - SINGLE_REGISTRY=true
+      - REGISTRY_TITLE=Docker Registry UI
+      # For deleting images, you need to activate the delete feature in the UI with DELETE_IMAGES=true and in your registry.
+      - DELETE_IMAGES=true
+      - SHOW_CONTENT_DIGEST=true
+      - NGINX_PROXY_PASS_URL=http://registry:5000
+      - SHOW_CATALOG_NB_TAGS=true
+      - CATALOG_MIN_BRANCHES=1
+      - CATALOG_MAX_BRANCHES=1
+      - TAGLIST_PAGE_SIZE=100
+      - REGISTRY_SECURED=true
+      - CATALOG_ELEMENTS_LIMIT=1000
+    networks:
+      - traefik-net 
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.registryui.rule=Host(`myregistry.com`)"
+        - "traefik.http.routers.registryui.entrypoints=web"
+        - "traefik.http.services.registryui.loadbalancer.server.port=80"
+        - "traefik.http.routers.registryui.service=registryui"
+    configs:
+      - source: ui_nginx_config
+        target: /etc/nginx/conf.d/default.conf
+
+  registry:
+    image: registry:2.8.3
+    volumes:
+      - /DATA/docker-registry/images:/var/lib/registry
+      - /DATA/docker-registry/htpasswd:/auth
+    environment:
+      - REGISTRY_AUTH=htpasswd
+      - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
+      - REGISTRY_AUTH_HTPASSWD_PATH=/auth
+      - REGISTRY_HTTP_RELATIVEURLS=true
+      # For deleting images, you need to activate the delete feature in the registry.
+      - REGISTRY_STORAGE_DELETE_ENABLED=true
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      placement:
+        constraints:
+          - node.role == manager
+    networks:
+      - traefik-net
+
+networks:
+  traefik-net:
+    external: true

examples/traefik/docker-compose-swarm-traefik.yml

@@ -0,0 +1,56 @@
+version: "3.7"
+
+services:
+  traefik:
+    image: traefik:v2.11.8
+    ports:
+      - "80:80"
+    command:
+      - --api.insecure=false # set to 'false' on production
+      - --api.dashboard=true # see https://docs.traefik.io/v2.11/operations/dashboard/#secure-mode for how to secure the dashboard
+      - --api.debug=false # enable additional endpoints for debugging and profiling
+      - --log.level=INFO # debug while we get it working, for more levels/info see https://docs.traefik.io/observability/logs/
+      - --log.format=common
+      - --accesslog=true
+      - --accesslog.fields.names.StartUTC=drop
+      - --providers.docker=true
+      - --providers.docker.swarmMode=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=public
+      - --entryPoints.web.address=:80
+      - --entryPoints.web.transport.respondingTimeouts.readTimeout=0 # https://doc.traefik.io/traefik/v2.11/routing/entrypoints/#respondingtimeouts
+      - --entryPoints.web.transport.respondingTimeouts.idleTimeout=0
+      - --entryPoints.web.forwardedHeaders.insecure
+        # - --entryPoints.websecure.address=:443
+    environment:
+      - TZ=Asia/Shanghai
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - traefik-net
+    deploy:
+      resources:
+        limits:
+          cpus: '4'
+          memory: 8g
+        reservations:
+          cpus: '1'
+          memory: 2g
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.dashboard.rule=Host(`mytraefik.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+        - "traefik.http.routers.dashboard.service=api@internal" # Let the dashboard access the traefik api
+        - "traefik.http.routers.dashboard.entrypoints=web" # Let the dashboard access the traefik api
+        - "traefik.http.services.traefik.loadbalancer.server.port=9090"
+        - "traefik.http.middlewares.auth.basicauth.users=admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0"
+        - "traefik.http.routers.dashboard.middlewares=auth"
+
+networks:
+  traefik-net:
+    external: true

examples/traefik/htpasswd

@@ -0,0 +1 @@
+admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0

examples/traefik/run-swarm.sh

@@ -6,37 +6,6 @@ if ! [[ `docker network ls | grep "traefik-net"` ]] &>/dev/null; then
 fi
 
 
-if ! [[ `docker service ls | grep "traefik2"` ]] &>/dev/null; then
-    dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+docker stack deploy --compose-file docker-compose-swarm-traefik.yml docker-traefik
 
-    # ensure acme.json wich will contains the letsencrypt certificates
-    touch "$dir"/acme.json && chmod 600 "$dir"/acme.json
-
-    docker service create --name traefik2 --detach=false \
-        --constraint node.role==manager \
-        --update-parallelism 1 --update-delay 10s \
-        --mode global \
-        --publish 80:80 \
-        --publish 443:443 \
-        --read-only \
-        --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \
-        --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
-        --network traefik-net \
-        traefik:1.7.4-alpine \
-        --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \
-        --entrypoints='Name:https Address::443 TLS' \
-        --defaultentrypoints=http,https \
-        --acme \
-        --acme.storage=/etc/traefik/acme.json \
-        --acme.entryPoint=https \
-        --acme.httpChallenge.entryPoint=http \
-        --acme.email=contact@mydomain.com \
-        --docker \
-        --docker.swarmMode \
-        --docker.domain=mydomain.com \
-        --docker.exposedByDefault=false \
-        --docker.watch \
-        --api
-fi
-
-docker stack deploy --compose-file docker-compose-swarm.yml docker-registry
+docker stack deploy --compose-file docker-compose-swarm-registry.yml docker-registry