traefik - replace environment variables by CLI arguments

More information about CLI arguments:
https://doc.traefik.io/traefik/reference/static-configuration/cli/

BREAKING CHANGE:

The following variables MUST be renamed in .env file:
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL -> TRAEFIK_ACME_EMAIL
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE -> TRAEFIK_ACME_TLSCHALLENGE
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER -> TRAEFIK_ACME_CASERVER
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE -> TRAEFIK_ACME_DNSCHALLENGE
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_PROVIDER -> TRAEFIK_ACME_DNSCHALLENGE_PROVIDER
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_DELAYBEFORECHECK -> TRAEFIK_ACME_DNSCHALLENGE_DELAYBEFORECHECK

baseline/.env.dist

@@ -42,15 +42,15 @@ BASIC_AUTH_USER=user:$2y$10$ZkKqodRFTqTper.DNIaen.k/nRG1VJ5XpQ724zfZKKMi1n0iGyKY
 # PLEASE keep tags, and not 'latest', because WatchTower will auto update this image
 TRAEFIK_VERSION=v2.6
 
-TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL=postmaster@example.com
+TRAEFIK_ACME_EMAIL=postmaster@example.com
 
 
 # Choose one of the challenges : TLS or DNS
 # when you choose one, the other method have to be set on 'false'
 
-#      TLS Challenge
+# TLS Challenge
 
-TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE=true
+TRAEFIK_ACME_TLSCHALLENGE=true
 
 
 
@@ -59,10 +59,10 @@ TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE=true
 # If you're also using OVH : https://medium.com/nephely/configure-traefik-for-the-dns-01-challenge-with-ovh-as-dns-provider-c737670c0434
 
 
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER=https://acme-v02.api.letsencrypt.org/directory  
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE=TRUE
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_PROVIDER=ovh
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
+#TRAEFIK_ACME_CASERVER=https://acme-v02.api.letsencrypt.org/directory  
+#TRAEFIK_ACME_DNSCHALLENGE=TRUE
+#TRAEFIK_ACME_DNSCHALLENGE_PROVIDER=ovh
+#TRAEFIK_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
 #OVH_ENDPOINT=
 #OVH_APPLICATION_KEY=
 #OVH_APPLICATION_SECRET=

baseline/README.md

@@ -48,19 +48,19 @@ The icon names can be found at [Material Design Icons](https://materialdesignico
 | PORTAINER_HOSTNAME                                    | docker                 | Hostname of the container, from outside it will be docker.example.com |
 | NETDATA_HOSTNAME                                      | host                   | Same as above                                                |
 | TRAEFIK_DASHBOARD_HOSTNAME                            | proxy                  | Same as above                                                |
-| TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL | postmaster@example.com | Email address used for registration.                         |
+| TRAEFIK_ACME_EMAIL  | postmaster@example.com      | Email address used for registration.                         |
 | WATCHTOWER_POLL_INTERVAL                              | 3600                   | Time in seconds for                                          |
 | WATCHTOWER_CLEANUP                                    | true                   | Removes old images after updating.                           |
 | WATCHTOWER_LABEL_ENABLE                               | true                   | Update only containers that have a `com.centurylinklabs.watchtower.enable` label set to true. |
 
-More informations about environment variables : 
+More informations about environment variables :
 
 - [Traefik](https://doc.traefik.io/traefik/reference/static-configuration/env/)
   - [Watchtower](https://containrrr.dev/watchtower/arguments/)
 
 ## Instructions
 
-#### 1. Clone the repository 
+#### 1. Clone the repository
 
 ```bash
 $ git clone https://github.com/soflane/docker-instances
@@ -82,7 +82,7 @@ $ cp traefik-conf/add-conf.yml.dist traefik-conf/add-conf.yml
 $ nano traefik-conf/add-conf.yml 
 ```
 
-#### 4. Edit .env file 
+#### 4. Edit .env file
 
 ```bash
 $ cp .env.dist .env
@@ -91,9 +91,8 @@ $ nano .env
 
 PS: I use nano (you can judge me for that, idc :p), you can use whatever text editor you want 
 
-#### 5. Start the docker-compose stack 
+#### 5. Start the docker-compose stack
 
 ```bash
 $ docker-compose up -d
 ```
-

baseline/docker-compose-slim.yml

@@ -9,34 +9,36 @@ services:
     env_file: .env
     container_name: traefik
     hostname: ${TRAEFIK_DASHBOARD_HOSTNAME}
-    environment:
-      - TRAEFIK_PROVIDERS_DOCKER=true
-      - TRAEFIK_PROVIDERS_DOCKER_ENDPOINT=unix:///var/run/docker.sock
-      - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
-      - TRAEFIK_PROVIDERS_FILE_DIRECTORY=/custom-conf/
-      - TRAEFIK_PROVIDERS_FILE_WATCH=true
-      - TRAEFIK_GLOBAL_CHECKNEWVERSION=true
-      - TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE=true
-      - TRAEFIK_ENTRYPOINTS_web=true
-      - TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=web-secure
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME=https
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT=true
-      - TRAEFIK_ENTRYPOINTS_web-secure=true
-      - TRAEFIK_ENTRYPOINTS_web-secure_ADDRESS=:443
-      - TRAEFIK_ENTRYPOINTS_web-secure_HTTP_MIDDLEWARES=security-protocol@file 
-      - TRAEFIK_LOG=true
-      - TRAEFIK_LOG_LEVEL=INFO
-      #- TRAEFIK_LOG_FILEPATH=/var/log/traefik.log
-      - TRAEFIK_ACCESSLOG=true
-      - TRAEFIK_ACCESSLOG_FILEPATH=/var/log/access.log
-      #- TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=400-499
-      #- TRAEFIK_API=true
-      - TRAEFIK_API_DASHBOARD=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE=/letsencrypt/acme.json
-      # For devlopment purposes
-      #- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory=value
+    command:
+      - "--log.level=INFO"
+      #- "--log.filepath=/var/log/traefik.log"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/custom-conf/"
+      - "--providers.file.watch=true"
+      - "--global.checknewversion=true"
+      - "--global.sendanonymoususage=false"
+      - "--certificatesresolvers.lets-encrypt=true"
+      - "--certificatesresolvers.lets-encrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
+      - "--certificatesresolvers.lets-encrypt.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
+      # For development purposes
+      #- "--certificatesresolvers.lets-encrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.lets-encrypt.acme.tlschallenge=${TRAEFIK_ACME_TLSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge=${TRAEFIK_ACME_DNSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.provider=${TRAEFIK_ACME_DNSCHALLENGE_PROVIDER:-''}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.delaybeforecheck=${TRAEFIK_ACME_DNSCHALLENGE_DELAYBEFORECHECK:-10}"
+      - "--certificatesresolvers.lets-encrypt.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=web-secure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
+      - "--entrypoints.web-secure.address=:443"
+      - "--entrypoints.web-secure.http.middlewares=security-protocol@file"
+      - "--accesslog=true"
+      - "--accesslog.filepath=/var/log/access.log"
+      #- "--accesslog.filters.statuscodes=400-499"
+      #- "--api=true"
+      - "--api.dashboard=true"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik-conf/:/custom-conf/

baseline/docker-compose.yml

@@ -3,41 +3,42 @@ services:
 ######################################
 #        Traefik Reverse Proxy       #
 ######################################   
-
   traefik:
     # PLEASE keep tags, and not 'latest', because WatchTower will auto update this image
     image: traefik:${TRAEFIK_VERSION}
     env_file: .env
     container_name: traefik
     hostname: ${TRAEFIK_DASHBOARD_HOSTNAME}
-    environment:
-      - TRAEFIK_PROVIDERS_DOCKER=true
-      - TRAEFIK_PROVIDERS_DOCKER_ENDPOINT=unix:///var/run/docker.sock
-      - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
-      - TRAEFIK_PROVIDERS_FILE_DIRECTORY=/custom-conf/
-      - TRAEFIK_PROVIDERS_FILE_WATCH=true
-      - TRAEFIK_GLOBAL_CHECKNEWVERSION=true
-      - TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE=true
-      - TRAEFIK_ENTRYPOINTS_web=true
-      - TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=web-secure
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME=https
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT=true
-      - TRAEFIK_ENTRYPOINTS_web-secure=true
-      - TRAEFIK_ENTRYPOINTS_web-secure_ADDRESS=:443
-      - TRAEFIK_ENTRYPOINTS_web-secure_HTTP_MIDDLEWARES=security-protocol@file 
-      - TRAEFIK_LOG=true
-      - TRAEFIK_LOG_LEVEL=INFO
-      #- TRAEFIK_LOG_FILEPATH=/var/log/traefik.log
-      - TRAEFIK_ACCESSLOG=true
-      - TRAEFIK_ACCESSLOG_FILEPATH=/var/log/access.log
-      #- TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=400-499
-      #- TRAEFIK_API=true
-      - TRAEFIK_API_DASHBOARD=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE=/letsencrypt/acme.json
+    command:
+      - "--log.level=INFO"
+      #- "--log.filepath=/var/log/traefik.log"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/custom-conf/"
+      - "--providers.file.watch=true"
+      - "--global.checknewversion=true"
+      - "--global.sendanonymoususage=false"
+      - "--certificatesresolvers.lets-encrypt=true"
+      - "--certificatesresolvers.lets-encrypt.acme.email=${TRAEFIK_ACME_EMAIL}"
+      - "--certificatesresolvers.lets-encrypt.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
       # For development purposes
-      #- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory=value
+      #- "--certificatesresolvers.lets-encrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.lets-encrypt.acme.tlschallenge=${TRAEFIK_ACME_TLSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge=${TRAEFIK_ACME_DNSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.provider=${TRAEFIK_ACME_DNSCHALLENGE_PROVIDER:-''}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.delaybeforecheck=${TRAEFIK_ACME_DNSCHALLENGE_DELAYBEFORECHECK:-10}"
+      - "--certificatesresolvers.lets-encrypt.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=web-secure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
+      - "--entrypoints.web-secure.address=:443"
+      - "--entrypoints.web-secure.http.middlewares=security-protocol@file"
+      - "--accesslog=true"
+      - "--accesslog.filepath=/var/log/access.log"
+      #- "--accesslog.filters.statuscodes=400-499"
+      #- "--api=true"
+      - "--api.dashboard=true"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik-conf/:/custom-conf/