update

.env

@@ -1 +1,12 @@
 CF_DNS_API_TOKEN=
+ROOT_DOMAIN=tips-of-mine.com
+HTTP_TIMEOUT=60
+POLLING_INTERVAL=10
+PROPAGATION_TIMEOUT=3600
+TTL=300
+PROVIDERS_GOOGLE_CLIENT_ID=<GOOGLE CLIENT ID>
+PROVIDERS_GOOGLE_CLIENT_SECRET=<GOOGLE CLIENT SECRET>
+SECRET=RandomTextGoesHere
+WHITELIST=<YOUR GOOGLE ACCOUNT EMAIL>
+LOG_LEVEL=DEBUG
+ZONE_ID=<YOUR CLOUDFLARE ZONE ID>

configs/traefik.yml

@@ -75,33 +75,22 @@ providers:
     directory: /etc/traefik/dynamic
     watch: true
   providersThrottleDuration: 10
+  swarmMode: false
 
 certificatesResolvers:
-  staging:
+  letsencrypt:
-    acme:
-      email: admin@tips-of-mine.com
-      storage: /var/traefik/certs/acme.json
-      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
-      keyType: EC256
-      dnsChallenge:
-        provider: staging
-        resolvers:
-          - "1.1.1.1:53"
-          - "1.0.0.1:53"
-      tlschallenge: true
-#      httpChallenge:
-#        entryPoint: http
-  production:
     acme:
       email: admin@tips-of-mine.com
       storage: /var/traefik/certs/acme.json
       caServer: "https://acme-v02.api.letsencrypt.org/directory"
       keyType: EC256
       dnsChallenge:
-        provider: production
+        provider: letsencrypt
         resolvers:
+          - "8.8.8.8:53"
           - "1.1.1.1:53"
           - "1.0.0.1:53"
+        delaybeforecheck: 300
       tlschallenge: true
 #      httpchallenge:
 #        entrypoint: http
@@ -111,7 +100,7 @@ api:
   dashboard: true
 
 log:
-  level: DEBUG
+  level: ${LOG_LEVEL:-INFO}"
   filepath: "/var/log/traefik/traefik.log"
   format: json
 #  default: "common"

docker-compose.yml

@@ -35,6 +35,28 @@ services:
       - "./logs:/var/log/traefik:rw"
     environment:
       - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
+      - CLOUDFLARE_DNS_API_TOKEN_FILE=/run/secrets/cf_token
+      - CLOUDFLARE_HTTP_TIMEOUT=${HTTP_TIMEOUT}
+      - CLOUDFLARE_POLLING_INTERVAL=${POLLING_INTERVAL}
+      - CLOUDFLARE_PROPAGATION_TIMEOUT=${PROPAGATION_TIMEOUT}
+      - CLOUDFLARE_TTL=${TTL}
+# Swarm config
+#    deploy:
+#      restart_policy:
+#        condition: any
+#        delay: 5s
+#        max_attempts: 3
+#        window: 120s
+#      update_config:
+#        delay: 10s
+#        order: start-first
+#        parallelism: 1
+#      rollback_config:
+#        parallelism: 0
+#        order: stop-first
+#      placement:
+#        constraints:
+#          - node.role == manager
     networks:
       - back_network
       - front_network
@@ -52,11 +74,13 @@ services:
     networks:
       - front_network
 
-# whoami
+### whoami-externe
-  whoami:
+  whoami-externe:
-    container_name: traefik-whoami
+    container_name: traefik-whoami-externe
-    hostname: traefik-whoami
+    hostname: traefik-whoami-externe
     image: traefik/whoami:latest
+    command:
+       - --name=externe
     restart: unless-stopped
     networks:
       - front_network
@@ -64,12 +88,40 @@ services:
       - "traefik.enable=true"
       - "traefik.docker.network=front_network"
 # HTTP
-      - "traefik.http.routers.whoami-http.rule=Host(`whoami.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-externe-http.rule=Host(`whoami-externe.tips-of-mine.com`)"
-      - "traefik.http.routers.whoami-http.entrypoints=http"
+      - "traefik.http.routers.whoami-externe-http.entrypoints=http"
 # HTTPS
-      - "traefik.http.routers.whoami-https.rule=Host(`whoami.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-externe-https.rule=Host(`whoami-externe.tips-of-mine.com`)"
-      - "traefik.http.routers.whoami-https.entrypoints=https"
+      - "traefik.http.routers.whoami-externe-https.entrypoints=https"
-      - "traefik.http.routers.whoami-https.tls=true"
+      - "traefik.http.routers.whoami-externe-https.tls=true"
+      - "traefik.http.routers.whoami-externe-https.service=whoami-externe-service"
+# Middleware
+      - "traefik.http.routers.whoami-externe-https.middlewares=forward-auth"
+# Service
+      - "traefik.http.services.whoami-externe-service.loadbalancer.server.port=80"
+
+### whoami-interne
+  whoami-interne:
+    container_name: traefik-whoami-interne
+    hostname: traefik-whoami-interne
+    image: traefik/whoami:latest
+    command:
+       - --name=interne
+    restart: unless-stopped
+    networks:
+      - front_network
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=front_network"
+# HTTP
+      - "traefik.http.routers.whoami-interne-http.rule=Host(`whoami-interne.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-interne-http.entrypoints=http"
+# HTTPS
+      - "traefik.http.routers.whoami-interne-https.rule=Host(`whoami-interne.tips-of-mine.com`)"
+      - "traefik.http.routers.whoami-interne-https.entrypoints=https"
+      - "traefik.http.routers.whoami-interne-https.tls=true"
+      - "traefik.http.routers.whoami-interne-https.service=whoami-interne-service"
 # Middleware
 # Service
+      - "traefik.http.services.whoami-interne-service.loadbalancer.server.port=80"