[traefik] bump version to v2.4 and update config

Author: bensonfx

traefik/conf/default.yml

@@ -1,28 +1,28 @@
 http:
-  middlewares:
-    https-redirect:
-      redirectScheme:
-        scheme: https
-        permanent: false
-        port: 5443
-    content-compress:
-      compress: {}
+  # middlewares:
+  #   https-redirect:
+  #     redirectScheme:
+  #       scheme: https
+  #       permanent: false
+  #       port: 5443
+  #   content-compress:
+  #     compress: {}
 
-  services:
-    # tricks https://github.com/containous/traefik/issues/4863#issuecomment-491093096
-    dummy:
-      loadBalancer:
-        servers:
-          - url: "" # or url: "localhost"
+  # services:
+  #   # tricks https://github.com/containous/traefik/issues/4863#issuecomment-491093096
+  #   dummy:
+  #     loadBalancer:
+  #       servers:
+  #         - url: "" # or url: "localhost"
 
-  routers:
-    https-redirect:
-      entryPoints:
-        - http
-      rule: "HostRegexp(`{any:.*}`)"
-      service: "dummy"
-      middlewares:
-        - "https-redirect"
+  # routers:
+  #   https-redirect:
+  #     entryPoints:
+  #       - http
+  #     rule: "HostRegexp(`{any:.*}`)"
+  #     service: "dummy"
+  #     middlewares:
+  #       - "https-redirect"
 
 tls:
   # certificates:

traefik/conf/nas.yml

@@ -20,10 +20,4 @@ http:
         - https
       service: nas
       rule: "Host(`www.example.com`)"
-      tls:
-        certResolver: le
-        domains:
-          - main: "*.example.com"
-            sans:
-              - "example.com"
-              - "*.example.com"
+      tls: {}

traefik/docker-compose.yml

@@ -1,8 +1,8 @@
 version: '3'
 services:
   traefik:
-    container_name: traefik-v2
-    image: traefik:v2.3
+    container_name: traefik
+    image: traefik:v2.4
     restart: unless-stopped
     healthcheck:
       test: ["CMD-SHELL", "wget -q --spider localhost:8080/ping || exit 1"]
@@ -13,8 +13,15 @@ services:
       # - "--api.debug=true"
       - "--ping=true"
       - "--entrypoints.http.address=:80"
+      - "--entryPoints.http.forwardedHeaders.trustedIPs=$TRUST_IPS"
+      - "--entrypoints.http.http.redirections.entryPoint.to=https"
+      - "--entrypoints.http.http.redirections.entryPoint.scheme=https"
+      - "--entrypoints.http.http.redirections.entrypoint.permanent=true"
       - "--entrypoints.https.address=:443"
-      - "--entryPoints.web.forwardedHeaders.trustedIPs=172.18.0.0/24,192.168.31.0/24"
+      - "--entryPoints.https.forwardedHeaders.trustedIPs=$TRUST_IPS"
+      - "--entrypoints.https.http.tls.certResolver=le"
+      - "--entrypoints.https.http.tls.domains[0].main=$CERT_DOMAIN_MAIN"
+      - "--entrypoints.https.http.tls.domains[0].sans=$CERT_DOMAIN_SANS"
       - "--log.level=WARN"
       - "--log.filePath=/logs/traefik.log"
       - "--log.format=json"
@@ -58,10 +65,10 @@ services:
       - "traefik.docker.network=traefik"
       - "traefik.http.routers.traefik.service=api@internal"
       # 默认请求转发 https 端口
-      - "traefik.http.routers.traefik-dash-default.middlewares=https-redirect@file"
-      - "traefik.http.routers.traefik-dash-default.entrypoints=http"
-      - "traefik.http.routers.traefik-dash-default.rule=Host(`admin.example.com`)"
-      - "traefik.http.routers.traefik-dash.service=dashboard@internal"
+      # - "traefik.http.routers.traefik-dash-default.middlewares=https-redirect@file"
+      # - "traefik.http.routers.traefik-dash-default.entrypoints=http"
+      # - "traefik.http.routers.traefik-dash-default.rule=Host(`admin.example.com`)"
+      # - "traefik.http.routers.traefik-dash.service=dashboard@internal"
       # 处理网页
       - "traefik.http.middlewares.basic-auth.basicauth.users=$AUTH_USER_LIST"
       - "traefik.http.routers.traefik-dash-web.middlewares=basic-auth"

traefik/ssl/cert_req.sh

@@ -6,8 +6,8 @@ csr=${key%.key}.csr
 
 openssl req -new -sha256 \
     -key $key  \
-    -subj "/C=CN/ST=Beijing/L=Beijing/O=bensonfx.cc/CN=*.bensonfx.cc" \
+    -subj "/C=CN/ST=Beijing/L=Beijing/O=bensonfx.net/CN=*.bensonfx.net" \
     -reqexts SAN \
     -config <(cat /etc/ssl/openssl.cnf \
-        <(printf "[SAN]\nsubjectAltName=DNS:*.bensonfx.cc,DNS:bensonfx.cc")) \
+        <(printf "[SAN]\nsubjectAltName=DNS:*.bensonfx.net,DNS:bensonfx.net,DNS:*.bensonfx.app, DNS:bensonfx.app")) \
     -out $csr