Upgraded and refactored Traefik (#585)

2025-05-12 04:50:42 +02:00 · 2022-06-02 16:35:42 +02:00 · 2022-06-02 16:35:42 +02:00 · c176745bc3
commit c176745bc3
parent e87ef5d0b0
15 changed files with 80 additions and 83 deletions
--- a/.gitignore
+++ b/.gitignore
@ -297,8 +297,6 @@ Production/.env
 .vscode/
 *docker-compose.generated.yml

-Generated/acme.json
-Generated/traefik_logs/
 Generated/chatwoot_config.env
 Generated/error

--- a/Generated/.gitignore
+++ b/Generated/.gitignore
@ -1,5 +1,4 @@
 *.yml
 nginx.tmpl
-*.toml
 *.json
-pull-images.sh
+pull-images.sh
--- a/Traefik/README.md
+++ b/Traefik/README.md
@ -1,17 +1,27 @@
 # How to use docker-compose with Traefik

-Traefik is a modern reverse proxy aimed towards applications running through container orchestrators. 
+Traefik is a modern reverse proxy aimed towards applications running through container orchestrators.

 Some of the benefits of using Traefik over NGinx are:
-* Real-time configuration changes - no need to reload the proxy
-* Auto discovery and configuration of services through a vast amount of container orchestrators.
-* Built-in official support for Let's Encrypt SSL with certificate auto-renewal
+
+- Real-time configuration changes - no need to reload the proxy
+- Auto discovery and configuration of services through a vast amount of container orchestrators.
+- Built-in official support for Let's Encrypt SSL with certificate auto-renewal
+- Supports path-based routing without need to [hard-code it in global config](../Production/nginx.tmpl).

 ## Traefik Specific Environment Variables

-* `BTCPAYGEN_REVERSEPROXY` to `traefik`.
-* `LETSENCRYPT_EMAIL`: Optional, The email Let's Encrypt will use to notify you about certificate expiration.
-* `BTCPAYGEN_ADDITIONAL_FRAGMENTS`: In the case that you have an already deployed traefik container, you can use the fragment `traefik-labels` which will tag the btcpayserver service with the needed labels to be discovered.
+- `BTCPAYGEN_REVERSEPROXY` to `traefik`.
+- `LETSENCRYPT_EMAIL`: Optional, The email Let's Encrypt will use to notify you about certificate expiration.
+- `BTCPAYGEN_ADDITIONAL_FRAGMENTS`: Add `traefik`
+- `BTCPAY_ADDITIONAL_HOSTS`: Traefic can not accept list of hosts. Add additional hosts in a new file named e.g. `btcpayserver-traefic.custom.yml`:
+  ```
+  version: "3"
+  services:
+    btcpayserver:
+      labels:
+        traefik.http.routers.btcpayserver2.rule: Host(`additional.example.com`)
+        traefik.http.routers.btcpayserver3.rule: Host(`another-additional.example.com`)
+  ```

-
-![Architecture](Production.png)
+![Architecture](Production.png)
--- a/Traefik/traefik.toml
+++ b/Traefik/traefik.toml
@ -1,34 +0,0 @@
-defaultEntryPoints = ["https","http"]
-
-logLevel = "ERROR"
-
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-  [entryPoints.https.tls]
-
-[retry]
-
-[docker]
-endpoint = "unix:///var/run/docker.sock"
-watch = true
-exposedByDefault = false
-
-[acme]
-storage = "acme.json"
-entryPoint = "https"
-onHostRule = true
-[acme.httpChallenge]
-entryPoint = "http"
-
-[traefikLog]
-  filePath = "/traefik_logs/traefik.log"
-  format   = "json"
-
-[accessLog]
-  filePath = "/traefik_logs/access.log"
-  format = "json"
--- a/Traefik/traefik.yml
+++ b/Traefik/traefik.yml
@ -0,0 +1,34 @@
+entryPoints:
+  http:
+    address: :80
+    http:
+      redirections:
+        entrypoint:
+          to: https
+          scheme: https
+  https:
+    address: :443
+    http:
+      tls:
+        certResolver: default
+
+providers:
+  docker:
+    exposedByDefault: false
+    watch: true
+    endpoint: unix:///var/run/docker.sock
+
+# Enable only for debug
+#api:
+#  insecure: true
+#  dashboard: true
+
+log:
+  level: ERROR # or DEBUG, PANIC, FATAL, WARN, and INFO
+
+certificatesResolvers:
+  default:
+    acme:
+      storage: /data/acme.json
+      httpChallenge:
+        entryPoint: http
--- a/build.ps1
+++ b/build.ps1
@ -31,9 +31,3 @@ docker run -v "$(Get-Location)\Generated:/app/Generated" `
 If ($BTCPAYGEN_REVERSEPROXY -eq "nginx") {
    Copy-Item ".\Production\nginx.tmpl" -Destination ".\Generated"
 }
-
-If ($BTCPAYGEN_REVERSEPROXY -eq "traefik") {
-    Copy-Item ".\Traefik\traefik.toml" -Destination ".\Generated"
-    
-    New-Item  ".\Generated\acme.json" -type file
-}
--- a/build.sh
+++ b/build.sh
@ -41,9 +41,3 @@ fi

 [[ -f "Generated/pull-images.sh" ]] && chmod +x Generated/pull-images.sh
 [[ -f "Generated/save-images.sh" ]] && chmod +x Generated/save-images.sh
-
-if [ "$BTCPAYGEN_REVERSEPROXY" == "traefik" ]; then
-    cp Traefik/traefik.toml Generated/traefik.toml
-    :> Generated/acme.json
-    chmod 600 Generated/acme.json
-fi
--- a/docker-compose-generator/docker-fragments/bitcoin-clightning.yml
+++ b/docker-compose-generator/docker-fragments/bitcoin-clightning.yml
@ -85,6 +85,9 @@ services:
      RTL_SSO: 1
      RTL_COOKIE_PATH: /data/.cookie
      LOGOUT_REDIRECT_LINK: /server/services
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`))
    volumes:
      - "clightning_bitcoin_datadir:/root/.lightning"
      - "bitcoin_datadir:/etc/bitcoin"
--- a/docker-compose-generator/docker-fragments/bitcoin-eclair.yml
+++ b/docker-compose-generator/docker-fragments/bitcoin-eclair.yml
@ -31,8 +31,8 @@ services:
        -Declair.bitcoind.zmqblock=tcp://bitcoind:28334
        -Declair.bitcoind.zmqtx=tcp://bitcoind:28333
    expose:
-      - "9735"  # server port
-      - "8080"  # api port
+      - "9735" # server port
+      - "8080" # api port
    volumes:
      - "bitcoin_datadir:/etc/bitcoin"
      - "eclair_bitcoin_datadir:/data"
@ -56,6 +56,9 @@ services:
      - "eclair_bitcoin_rtl_datadir:/data"
    expose:
      - "3000"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`))
    links:
      - eclair_bitcoin

--- a/docker-compose-generator/docker-fragments/bitcoin-lnd.yml
+++ b/docker-compose-generator/docker-fragments/bitcoin-lnd.yml
@ -66,6 +66,9 @@ services:
      - "lnd_bitcoin_rtl_datadir:/data"
    expose:
      - "3000"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`))
    links:
      - lnd_bitcoin

--- a/docker-compose-generator/docker-fragments/btcpayserver.yml
+++ b/docker-compose-generator/docker-fragments/btcpayserver.yml
@ -1,7 +1,6 @@
 version: "3"

 services:
-
  btcpayserver:
    restart: unless-stopped
    image: ${BTCPAY_IMAGE:-btcpayserver/btcpayserver:1.5.4$<BTCPAY_BUILD_CONFIGURATION>?}
@ -21,6 +20,10 @@ services:
      BTCPAY_DEBUGLOG: btcpay.log
      BTCPAY_UPDATEURL: https://api.github.com/repos/btcpayserver/btcpayserver/releases/latest
      BTCPAY_DOCKERDEPLOYMENT: "true"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.btcpayserver.rule: Host(`${BTCPAY_HOST}`)
+      # Traefic can not accept list from BTCPAY_ADDITIONAL_HOSTS, see Traefik/README.md
    links:
      - postgres
    volumes:
--- a/docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml
+++ b/docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml
@ -21,6 +21,9 @@ services:
      VIRTUAL_HOST: ${BTCTRANSMUTER_HOST}
      VIRTUAL_HOST_NAME: "btctransmuter"
      TRANSMUTER_BTCPayAuthServer: "http://btcpayserver:49392"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.btctransmuter.rule: Host(`${BTCPAY_HOST}`) && (Path(`/btctransmuter`) || PathPrefix(`/btctransmuter/`))
    expose:
      - "80"
    links:
--- a/docker-compose-generator/docker-fragments/opt-add-thunderhub.yml
+++ b/docker-compose-generator/docker-fragments/opt-add-thunderhub.yml
@ -19,6 +19,9 @@ services:
      NO_CLIENT_ACCOUNTS: "true"
      LOG_LEVEL: debug
      LOGOUT_URL: "/server/services/thunderhub/BTC"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_thub.rule: Host(`${BTCPAY_HOST}`) && (Path(`/thub`) || PathPrefix(`/thub/`))
    volumes:
      - "lnd_bitcoin_datadir:/etc/lnd"
      - "lnd_bitcoin_thub_datadir:/data"
--- a/docker-compose-generator/docker-fragments/traefik-labels.yml
+++ b/docker-compose-generator/docker-fragments/traefik-labels.yml
@ -1,12 +0,0 @@
-version: "3"
-
-services:
-  btcpayserver:
-    labels:
-      - "traefik.backend=btcpayserver"
-      - "traefik.backend.loadbalancer.sticky=true"
-      - "traefik.enable=true"
-      - "traefik.frontend.rule=Host:${BTCPAY_HOST}"
-      - "traefik.port.rule=49392"
-      - "traefik.acme.domains=${BTCPAY_HOST},www.${BTCPAY_HOST}"
-      - "traefik.acme.email=${LETSENCRYPT_EMAIL}"
--- a/docker-compose-generator/docker-fragments/traefik.yml
+++ b/docker-compose-generator/docker-fragments/traefik.yml
@ -3,23 +3,19 @@ version: "3"
 services:
  traefik:
    restart: unless-stopped
-    image: traefik
+    image: traefik:v2.6
    container_name: traefik
    ports:
      - "${REVERSEPROXY_HTTP_PORT:-80}:80"
      - "${REVERSEPROXY_HTTPS_PORT:-443}:443"
+      - "8080:8080" # Dashboard, enable for debug only
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
-      - "./traefik.toml:/traefik.toml"
-      - "./acme.json:/acme.json:ro"
-      - "./servers.toml:/servers.toml"
-      - "./traefik_logs:/traefik_logs"
-
-    links:
-      - btcpayserver
+      - "../Traefik/traefik.yml:/traefik.yml"
+      - "traefik_data:/data"

 volumes:
-  traefik_logs:
+  traefik_data:

 exclusive:
  - proxy