From cfca328691d198bbda8b46d11202d6cce72ed190 Mon Sep 17 00:00:00 2001
From: ycyin <71380489+ycyin@users.noreply.github.com>
Date: Wed, 18 Sep 2024 18:35:38 +0800
Subject: [PATCH] update traefik to v2.x

---
 examples/traefik/acme.json                    |  0
 .../traefik/docker-compose-swarm-registry.yml | 59 +++++++++++++++++++
 .../traefik/docker-compose-swarm-traefik.yml  | 56 ++++++++++++++++++
 examples/traefik/docker-compose-swarm.yml     | 34 -----------
 examples/traefik/htpasswd                     |  1 +
 examples/traefik/run-swarm.sh                 | 35 +----------
 6 files changed, 118 insertions(+), 67 deletions(-)
 delete mode 100644 examples/traefik/acme.json
 create mode 100644 examples/traefik/docker-compose-swarm-registry.yml
 create mode 100644 examples/traefik/docker-compose-swarm-traefik.yml
 delete mode 100644 examples/traefik/docker-compose-swarm.yml
 create mode 100644 examples/traefik/htpasswd

diff --git a/examples/traefik/acme.json b/examples/traefik/acme.json
deleted file mode 100644
index e69de29b..00000000
diff --git a/examples/traefik/docker-compose-swarm-registry.yml b/examples/traefik/docker-compose-swarm-registry.yml
new file mode 100644
index 00000000..9aeb1178
--- /dev/null
+++ b/examples/traefik/docker-compose-swarm-registry.yml
@@ -0,0 +1,59 @@
+version: '3.7'
+
+services:
+  registry-ui:
+    image: joxit/docker-registry-ui:latest
+    environment:
+      - SINGLE_REGISTRY=true
+      - REGISTRY_TITLE=Docker Registry UI
+      # For deleting images, you need to activate the delete feature in the UI with DELETE_IMAGES=true and in your registry.
+      - DELETE_IMAGES=true
+      - SHOW_CONTENT_DIGEST=true
+      - NGINX_PROXY_PASS_URL=http://registry:5000
+      - SHOW_CATALOG_NB_TAGS=true
+      - CATALOG_MIN_BRANCHES=1
+      - CATALOG_MAX_BRANCHES=1
+      - TAGLIST_PAGE_SIZE=100
+      - REGISTRY_SECURED=true
+      - CATALOG_ELEMENTS_LIMIT=1000
+    networks:
+      - traefik-net 
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.registryui.rule=Host(`myregistry.com`)"
+        - "traefik.http.routers.registryui.entrypoints=web"
+        - "traefik.http.services.registryui.loadbalancer.server.port=80"
+        - "traefik.http.routers.registryui.service=registryui"
+    configs:
+      - source: ui_nginx_config
+        target: /etc/nginx/conf.d/default.conf
+
+  registry:
+    image: registry:2.8.3
+    volumes:
+      - /DATA/docker-registry/images:/var/lib/registry
+      - /DATA/docker-registry/htpasswd:/auth
+    environment:
+      - REGISTRY_AUTH=htpasswd
+      - REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm
+      - REGISTRY_AUTH_HTPASSWD_PATH=/auth
+      - REGISTRY_HTTP_RELATIVEURLS=true
+      # For deleting images, you need to activate the delete feature in the registry.
+      - REGISTRY_STORAGE_DELETE_ENABLED=true
+    deploy:
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      placement:
+        constraints:
+          - node.role == manager
+    networks:
+      - traefik-net
+
+networks:
+  traefik-net:
+    external: true
\ No newline at end of file
diff --git a/examples/traefik/docker-compose-swarm-traefik.yml b/examples/traefik/docker-compose-swarm-traefik.yml
new file mode 100644
index 00000000..f89fcb32
--- /dev/null
+++ b/examples/traefik/docker-compose-swarm-traefik.yml
@@ -0,0 +1,56 @@
+version: "3.7"
+
+services:
+  traefik:
+    image: traefik:v2.11.8
+    ports:
+      - "80:80"
+    command:
+      - --api.insecure=false # set to 'false' on production
+      - --api.dashboard=true # see https://docs.traefik.io/v2.11/operations/dashboard/#secure-mode for how to secure the dashboard
+      - --api.debug=false # enable additional endpoints for debugging and profiling
+      - --log.level=INFO # debug while we get it working, for more levels/info see https://docs.traefik.io/observability/logs/
+      - --log.format=common
+      - --accesslog=true
+      - --accesslog.fields.names.StartUTC=drop
+      - --providers.docker=true
+      - --providers.docker.swarmMode=true
+      - --providers.docker.exposedbydefault=false
+      - --providers.docker.network=public
+      - --entryPoints.web.address=:80
+      - --entryPoints.web.transport.respondingTimeouts.readTimeout=0 # https://doc.traefik.io/traefik/v2.11/routing/entrypoints/#respondingtimeouts
+      - --entryPoints.web.transport.respondingTimeouts.idleTimeout=0
+      - --entryPoints.web.forwardedHeaders.insecure
+        # - --entryPoints.websecure.address=:443
+    environment:
+      - TZ=Asia/Shanghai
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - traefik-net
+    deploy:
+      resources:
+        limits:
+          cpus: '4'
+          memory: 8g
+        reservations:
+          cpus: '1'
+          memory: 2g
+      replicas: 1
+      restart_policy:
+        condition: on-failure
+      placement:
+        constraints:
+          - node.role == manager
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.routers.dashboard.rule=Host(`mytraefik.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+        - "traefik.http.routers.dashboard.service=api@internal" # Let the dashboard access the traefik api
+        - "traefik.http.routers.dashboard.entrypoints=web" # Let the dashboard access the traefik api
+        - "traefik.http.services.traefik.loadbalancer.server.port=9090"
+        - "traefik.http.middlewares.auth.basicauth.users=admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0"
+        - "traefik.http.routers.dashboard.middlewares=auth"
+
+networks:
+  traefik-net:
+    external: true
\ No newline at end of file
diff --git a/examples/traefik/docker-compose-swarm.yml b/examples/traefik/docker-compose-swarm.yml
deleted file mode 100644
index cbe1da00..00000000
--- a/examples/traefik/docker-compose-swarm.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-version: '3.1'
-services:
-    registry:
-        image: registry:2.7
-        volumes:
-            - /opt/docker-registry:/var/lib/registry
-        environment:
-            - REGISTRY_HTTP_SECRET=my_registry_secret
-            - REGISTRY_STORAGE_DELETE_ENABLED=true
-        deploy:
-          placement:
-            constraints: [node.role == manager]
-
-    ui:
-        image: joxit/docker-registry-ui:latest
-        environment:
-            - DELETE_IMAGES=true
-            - REGISTRY_TITLE=My Private Docker Registry
-            - NGINX_PROXY_PASS_URL=http://docker-registry_registry:5000
-            - SINGLE_REGISTRY=true
-        depends_on: ['registry']
-        networks: ['proxy', 'default']
-        deploy:
-          labels:
-            traefik.backend: 'registry.mydomain.com'
-            traefik.frontend.rule: 'Host:registry.mydomain.com'
-            traefik.enable: 'true'
-            traefik.port: 80
-            traefik.docker.network: 'traefik-net'
-            traefik.frontend.auth.basic: 'admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0'
-            traefik.frontend.passHostHeader: 'true'
-
-networks:
-    proxy: {external: {name: 'traefik-net'}}
\ No newline at end of file
diff --git a/examples/traefik/htpasswd b/examples/traefik/htpasswd
new file mode 100644
index 00000000..35bb742c
--- /dev/null
+++ b/examples/traefik/htpasswd
@@ -0,0 +1 @@
+admin:$apr1$XXrpwZre$ItZSXpoeB6bdPLCGT7eXG0
\ No newline at end of file
diff --git a/examples/traefik/run-swarm.sh b/examples/traefik/run-swarm.sh
index 66c87239..9f484ae4 100755
--- a/examples/traefik/run-swarm.sh
+++ b/examples/traefik/run-swarm.sh
@@ -6,37 +6,6 @@ if ! [[ `docker network ls | grep "traefik-net"` ]] &>/dev/null; then
 fi
 
 
-if ! [[ `docker service ls | grep "traefik2"` ]] &>/dev/null; then
-    dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+docker stack deploy --compose-file docker-compose-swarm-traefik.yml docker-traefik
 
-    # ensure acme.json wich will contains the letsencrypt certificates
-    touch "$dir"/acme.json && chmod 600 "$dir"/acme.json
-
-    docker service create --name traefik2 --detach=false \
-        --constraint node.role==manager \
-        --update-parallelism 1 --update-delay 10s \
-        --mode global \
-        --publish 80:80 \
-        --publish 443:443 \
-        --read-only \
-        --mount type=bind,source="$(pwd)"/acme.json,target=/etc/traefik/acme.json \
-        --mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
-        --network traefik-net \
-        traefik:1.7.4-alpine \
-        --entrypoints='Name:http Address::80 Redirect.EntryPoint:https' \
-        --entrypoints='Name:https Address::443 TLS' \
-        --defaultentrypoints=http,https \
-        --acme \
-        --acme.storage=/etc/traefik/acme.json \
-        --acme.entryPoint=https \
-        --acme.httpChallenge.entryPoint=http \
-        --acme.email=contact@mydomain.com \
-        --docker \
-        --docker.swarmMode \
-        --docker.domain=mydomain.com \
-        --docker.exposedByDefault=false \
-        --docker.watch \
-        --api
-fi
-
-docker stack deploy --compose-file docker-compose-swarm.yml docker-registry
\ No newline at end of file
+docker stack deploy --compose-file docker-compose-swarm-registry.yml docker-registry
\ No newline at end of file