From 5d40b40a39c8f52e83835b96bf31b020309a73c7 Mon Sep 17 00:00:00 2001
From: lab <hi@esin.io>
Date: Fri, 10 Dec 2021 14:44:51 +0800
Subject: [PATCH] perfect traefik.yml config

---
 traefik/docker-compose-file-provider.yml | 18 ++++++++++----
 traefik/traefik.yml                      | 30 ++++++++++++++++++++----
 2 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/traefik/docker-compose-file-provider.yml b/traefik/docker-compose-file-provider.yml
index a71b60d..667bf8a 100644
--- a/traefik/docker-compose-file-provider.yml
+++ b/traefik/docker-compose-file-provider.yml
@@ -1,21 +1,29 @@
 version: "3.9"
 
 services:
-  reverse-proxy:
+  traefik-reverse-proxy:
     image: traefik:v2.5
     ports:
       - "80:80"
       - "443:443"
     environment:
       - "TZ=Asia/Shanghai"
+      - LINODE_TOKEN=${LINODE_TOKEN}
     labels:
       - "traefik.enable=true"
+      - "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.esin.io`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+      - "traefik.http.routers.traefik-dashboard.tls=true"
+      - "traefik.http.routers.traefik-dashboard.service=api@internal"
+      - "traefik.http.routers.traefik-dashboard.middlewares=traefik-dashboard-auth"
+      - "traefik.http.middlewares.traefik-dashboard-auth.basicauth.users=${AUTH_USER}:${AUTH_PASS}"
+      - "traefik.http.middlewares.traefik-dashboard.compress=true"
+      - "traefik.http.middlewares.traefik-dashboard.compress.excludedcontenttypes=text/event-stream"
     volumes:
+      - ./traefik/acme.json:/etc/acme/acme.json
+      - ./traefik/log:/var/log/traefik
+      - ./traefik/config/dynamic.d:/etc/traefik/dynamic.d:ro
+      - ./traefik/config/static.yml:/etc/traefik/traefik.yml:ro
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      - ./conf:/etc/traefik/config
-      - ./acme.json:/etc/acme/acme.json
-      - ./log:/var/log
-      - ./traefik.yml:/etc/traefik/traefik.yml:ro
     networks:
       - traefik
 
diff --git a/traefik/traefik.yml b/traefik/traefik.yml
index 430577d..5ef0872 100644
--- a/traefik/traefik.yml
+++ b/traefik/traefik.yml
@@ -1,14 +1,32 @@
+global:
+  sendanonymoususage: false
+  checknewversion: false
+
 entryPoints:
   web:
     address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
   websecure:
     address: ":443"
-    
+    http:
+      tls:
+        certresolver: letsencrypt
+        domains:
+          - main: "esin.io"
+            sans: "*.esin.io"
+
 providers:
   docker: 
+    watch: true
+    network: traefik
     exposedByDefault: false
   file:
-    directory: "/etc/traefik/config"
+    watch: true
+    directory: "/etc/traefik/dynamic.d"
 
 api:
   dashboard: true
@@ -20,15 +38,19 @@ certificatesResolvers:
     acme:
       email: "hi@esin.io"
       storage: "/etc/acme/acme.json"
+      tlsChallenge: {}
       httpChallenge:
         entryPoint: web
+      dnschallenge:
+        provider: linode
+        delayBeforeCheck: 0
 
 log:
-  filePath: "/var/log/traefik.log"
+  filePath: "/var/log/traefik/traefik.log"
   format: json
   level: INFO
 
 accessLog:
-  filePath: "/var/log/access.log"
+  filePath: "/var/log/traefik/access.log"
   format: json
   bufferingSize: 100