#6 Update traefik config to version 2

Traefik.php

@@ -72,43 +72,31 @@ class Traefik {
 
   /**
    * Update the Traefik container.
+   *
+   * @param bool $rewrite
    */
-  public function update(): void {
+  public function update($rewrite = FALSE): void {
     // Update host wider traefik container.
     $traefikPath = $_SERVER['HOME'] . '/.traefik';
     $traefikCertPath = $_SERVER['HOME'] . '/.traefik/certs';
+    $traefikConfigPath = $_SERVER['HOME'] . '/.traefik/configuration';
     $traefikFile = $traefikPath . '/docker-compose.yml';
 
     $fs = new Filesystem();
-    if ($fs->exists($traefikFile)) {
+    if (!$rewrite && $fs->exists($traefikFile)) {
       $traefik = Yaml::parse(file_get_contents($traefikFile));
     }
     else {
       $fs->mkdir($traefikPath);
-      $traefik = [
-        'version' => '3',
-        'services' => [
-          'traefik' => [
-            'image' => 'traefik:1.7.17',
-            'restart' => 'unless-stopped',
-            'command' => '-c /dev/null --web --docker --defaultEntryPoints="https" --defaultEntryPoints="http" --entryPoints="Name:https Address::443 TLS:/certs/' . $this->cert_filename . ',/certs/' . $this->key_filename . '" --entryPoints="Name:http Address::80"',
-            'networks' => [],
-            'ports' => [
-              $this->http_port . ':80',
-              $this->https_port . ':443',
-            ],
-            'volumes' => [
-              './certs:/certs/',
-              '/var/run/docker.sock:/var/run/docker.sock',
-            ],
-          ],
-        ],
-        'networks' => [],
-      ];
+      $traefik = $this->defaultDockerCompose();
     }
     if (!$fs->exists($traefikCertPath)) {
       $fs->mkdir($traefikCertPath);
     }
+    if (!$fs->exists($traefikConfigPath)) {
+      $fs->mkdir($traefikConfigPath);
+    }
+    file_put_contents($traefikConfigPath . '/certificates.toml', $this->defaultCertificatesConfig());
 
     if (!in_array($this->name, $traefik['services']['traefik']['networks'], TRUE)) {
       $traefik['services']['traefik']['networks'][] = $this->name;
@@ -123,4 +111,67 @@ class Traefik {
     }
   }
 
+  /**
+   * @return array
+   */
+  private function defaultDockerCompose(): array {
+    return [
+      'version' => '3',
+      'services' => [
+        'traefik' => [
+          'image' => 'traefik:v2.3',
+          'command' => [
+            '--api=true',
+            '--api.dashboard=true',
+            '--api.insecure=true',
+            '--entrypoints.web.address=:' . $this->http_port,
+            '--entrypoints.websecure.address=:' . $this->https_port,
+            '--entrypoints.websecure.http.tls.domains[0].main=' . $this->domain,
+            '--entrypoints.websecure.http.tls.domains[0].sans=.' . $this->domain,
+            '--providers.file.directory=/configuration/',
+            '--providers.file.watch=true',
+            '--providers.docker=true',
+            '--providers.docker.exposedbydefault=false',
+          ],
+          'restart' => 'unless-stopped',
+          'networks' => [
+            'internal',
+          ],
+          'ports' => [
+            $this->http_port . ':80',
+            $this->https_port . ':443',
+          ],
+          'labels' => [
+            'traefik.enable=true',
+            'traefik.network=internal',
+            'traefik.http.routers.traefik.service=api@internal',
+            'traefik.http.routers.traefik.rule=Host(`traefik.' . $this->domain . '`)',
+          ],
+          'volumes' => [
+            './certs:/certs/:ro',
+            './configuration:/configuration/:ro',
+            '/var/run/docker.sock:/var/run/docker.sock:ro',
+          ],
+        ],
+      ],
+      'networks' => [
+        'internal' => [
+          'internal' => true,
+        ],
+      ],
+    ];
+  }
+
+  /**
+   * @return string
+   */
+  private function defaultCertificatesConfig(): string {
+    return <<<EOF
+[[tls.certificates]]
+   certFile = "/certs/$this->cert_filename"
+   keyFile = "/certs/$this->key_filename"
+EOF;
+
+  }
+
 }