traefik - replace environment variables by CLI arguments

More information about CLI arguments:
https://doc.traefik.io/traefik/reference/static-configuration/cli/

BREAKING CHANGE:

The following variables MUST be renamed in .env file:
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL -> ACME_EMAIL
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE -> ACME_TLSCHALLENGE
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER -> ACME_CASERVER
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE -> ACME_DNSCHALLENGE
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_PROVIDER -> ACME_DNSCHALLENGE_PROVIDER
- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_DELAYBEFORECHECK -> ACME_DNSCHALLENGE_DELAYBEFORECHECK

baseline/.env.dist

@@ -42,15 +42,15 @@ BASIC_AUTH_USER=user:$2y$10$ZkKqodRFTqTper.DNIaen.k/nRG1VJ5XpQ724zfZKKMi1n0iGyKY
 # PLEASE keep tags, and not 'latest', because WatchTower will auto update this image
 TRAEFIK_VERSION=v2.6
 
-TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_EMAIL=postmaster@example.com
+ACME_EMAIL=postmaster@example.com
 
 
 # Choose one of the challenges : TLS or DNS
 # when you choose one, the other method have to be set on 'false'
 
-#      TLS Challenge
+# TLS Challenge
 
-TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE=true
+ACME_TLSCHALLENGE=true
 
 
 
@@ -59,10 +59,10 @@ TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_TLSCHALLENGE=true
 # If you're also using OVH : https://medium.com/nephely/configure-traefik-for-the-dns-01-challenge-with-ovh-as-dns-provider-c737670c0434
 
 
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER=https://acme-v02.api.letsencrypt.org/directory  
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE=TRUE
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_PROVIDER=ovh
-#TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
+#ACME_CASERVER=https://acme-v02.api.letsencrypt.org/directory  
+#ACME_DNSCHALLENGE=TRUE
+#ACME_DNSCHALLENGE_PROVIDER=ovh
+#ACME_DNSCHALLENGE_DELAYBEFORECHECK=10
 #OVH_ENDPOINT=
 #OVH_APPLICATION_KEY=
 #OVH_APPLICATION_SECRET=

baseline/docker-compose-slim.yml

@@ -9,34 +9,36 @@ services:
     env_file: .env
     container_name: traefik
     hostname: ${TRAEFIK_DASHBOARD_HOSTNAME}
-    environment:
-      - TRAEFIK_PROVIDERS_DOCKER=true
-      - TRAEFIK_PROVIDERS_DOCKER_ENDPOINT=unix:///var/run/docker.sock
-      - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
-      - TRAEFIK_PROVIDERS_FILE_DIRECTORY=/custom-conf/
-      - TRAEFIK_PROVIDERS_FILE_WATCH=true
-      - TRAEFIK_GLOBAL_CHECKNEWVERSION=true
-      - TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE=true
-      - TRAEFIK_ENTRYPOINTS_web=true
-      - TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=web-secure
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME=https
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT=true
-      - TRAEFIK_ENTRYPOINTS_web-secure=true
-      - TRAEFIK_ENTRYPOINTS_web-secure_ADDRESS=:443
-      - TRAEFIK_ENTRYPOINTS_web-secure_HTTP_MIDDLEWARES=security-protocol@file 
-      - TRAEFIK_LOG=true
-      - TRAEFIK_LOG_LEVEL=INFO
-      #- TRAEFIK_LOG_FILEPATH=/var/log/traefik.log
-      - TRAEFIK_ACCESSLOG=true
-      - TRAEFIK_ACCESSLOG_FILEPATH=/var/log/access.log
-      #- TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=400-499
-      #- TRAEFIK_API=true
-      - TRAEFIK_API_DASHBOARD=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE=/letsencrypt/acme.json
-      # For devlopment purposes
-      #- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory=value
+    command:
+      - "--log.level=INFO"
+      #- "--log.filepath=/var/log/traefik.log"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/custom-conf/"
+      - "--providers.file.watch=true"
+      - "--global.checknewversion=true"
+      - "--global.sendanonymoususage=false"
+      - "--certificatesresolvers.lets-encrypt=true"
+      - "--certificatesresolvers.lets-encrypt.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.lets-encrypt.acme.caserver=${ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
+      # For development purposes
+      #- "--certificatesresolvers.lets-encrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.lets-encrypt.acme.tlschallenge=${ACME_TLSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge=${ACME_DNSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.provider=${ACME_DNSCHALLENGE_PROVIDER:-''}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.delaybeforecheck=${ACME_DNSCHALLENGE_DELAYBEFORECHECK:-10}"
+      - "--certificatesresolvers.lets-encrypt.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=web-secure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
+      - "--entrypoints.web-secure.address=:443"
+      - "--entrypoints.web-secure.http.middlewares=security-protocol@file"
+      - "--accesslog=true"
+      - "--accesslog.filepath=/var/log/access.log"
+      #- "--accesslog.filters.statuscodes=400-499"
+      #- "--api=true"
+      - "--api.dashboard=true"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik-conf/:/custom-conf/

baseline/docker-compose.yml

@@ -3,41 +3,42 @@ services:
 ######################################
 #        Traefik Reverse Proxy       #
 ######################################   
-
   traefik:
     # PLEASE keep tags, and not 'latest', because WatchTower will auto update this image
     image: traefik:${TRAEFIK_VERSION}
     env_file: .env
     container_name: traefik
     hostname: ${TRAEFIK_DASHBOARD_HOSTNAME}
-    environment:
-      - TRAEFIK_PROVIDERS_DOCKER=true
-      - TRAEFIK_PROVIDERS_DOCKER_ENDPOINT=unix:///var/run/docker.sock
-      - TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false
-      - TRAEFIK_PROVIDERS_FILE_DIRECTORY=/custom-conf/
-      - TRAEFIK_PROVIDERS_FILE_WATCH=true
-      - TRAEFIK_GLOBAL_CHECKNEWVERSION=true
-      - TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE=true
-      - TRAEFIK_ENTRYPOINTS_web=true
-      - TRAEFIK_ENTRYPOINTS_web_ADDRESS=:80
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_TO=web-secure
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME=https
-      - TRAEFIK_ENTRYPOINTS_web_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT=true
-      - TRAEFIK_ENTRYPOINTS_web-secure=true
-      - TRAEFIK_ENTRYPOINTS_web-secure_ADDRESS=:443
-      - TRAEFIK_ENTRYPOINTS_web-secure_HTTP_MIDDLEWARES=security-protocol@file 
-      - TRAEFIK_LOG=true
-      - TRAEFIK_LOG_LEVEL=INFO
-      #- TRAEFIK_LOG_FILEPATH=/var/log/traefik.log
-      - TRAEFIK_ACCESSLOG=true
-      - TRAEFIK_ACCESSLOG_FILEPATH=/var/log/access.log
-      #- TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES=400-499
-      #- TRAEFIK_API=true
-      - TRAEFIK_API_DASHBOARD=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt=true
-      - TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_STORAGE=/letsencrypt/acme.json
+    command:
+      - "--log.level=INFO"
+      #- "--log.filepath=/var/log/traefik.log"
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--providers.file.directory=/custom-conf/"
+      - "--providers.file.watch=true"
+      - "--global.checknewversion=true"
+      - "--global.sendanonymoususage=false"
+      - "--certificatesresolvers.lets-encrypt=true"
+      - "--certificatesresolvers.lets-encrypt.acme.email=${ACME_EMAIL}"
+      - "--certificatesresolvers.lets-encrypt.acme.caserver=${ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
       # For development purposes
-      #- TRAEFIK_CERTIFICATESRESOLVERS_lets-encrypt_ACME_CASERVER=https://acme-staging-v02.api.letsencrypt.org/directory=value
+      #- "--certificatesresolvers.lets-encrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.lets-encrypt.acme.tlschallenge=${ACME_TLSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge=${ACME_DNSCHALLENGE:-false}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.provider=${ACME_DNSCHALLENGE_PROVIDER:-''}"
+      - "--certificatesresolvers.lets-encrypt.acme.dnschallenge.delaybeforecheck=${ACME_DNSCHALLENGE_DELAYBEFORECHECK:-10}"
+      - "--certificatesresolvers.lets-encrypt.acme.storage=/letsencrypt/acme.json"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.web.http.redirections.entrypoint.to=web-secure"
+      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
+      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
+      - "--entrypoints.web-secure.address=:443"
+      - "--entrypoints.web-secure.http.middlewares=security-protocol@file"
+      - "--accesslog=true"
+      - "--accesslog.filepath=/var/log/access.log"
+      #- "--accesslog.filters.statuscodes=400-499"
+      #- "--api=true"
+      - "--api.dashboard=true"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ./traefik-conf/:/custom-conf/