diff --git a/Traefik.php b/Traefik.php
index e2fffe40a5c7a1eff39f60bdb700aed1901f65d1..c066463d156f7de50b24e251eafea29a2d7171e7 100644
--- a/Traefik.php
+++ b/Traefik.php
@@ -72,43 +72,31 @@ class Traefik {
/**
* Update the Traefik container.
+ *
+ * @param bool $rewrite
*/
- public function update(): void {
+ public function update($rewrite = FALSE): void {
// Update host wider traefik container.
$traefikPath = $_SERVER['HOME'] . '/.traefik';
$traefikCertPath = $_SERVER['HOME'] . '/.traefik/certs';
+ $traefikConfigPath = $_SERVER['HOME'] . '/.traefik/configuration';
$traefikFile = $traefikPath . '/docker-compose.yml';
$fs = new Filesystem();
- if ($fs->exists($traefikFile)) {
+ if (!$rewrite && $fs->exists($traefikFile)) {
$traefik = Yaml::parse(file_get_contents($traefikFile));
}
else {
$fs->mkdir($traefikPath);
- $traefik = [
- 'version' => '3',
- 'services' => [
- 'traefik' => [
- 'image' => 'traefik:1.7.17',
- 'restart' => 'unless-stopped',
- 'command' => '-c /dev/null --web --docker --defaultEntryPoints="https" --defaultEntryPoints="http" --entryPoints="Name:https Address::443 TLS:/certs/' . $this->cert_filename . ',/certs/' . $this->key_filename . '" --entryPoints="Name:http Address::80"',
- 'networks' => [],
- 'ports' => [
- $this->http_port . ':80',
- $this->https_port . ':443',
- ],
- 'volumes' => [
- './certs:/certs/',
- '/var/run/docker.sock:/var/run/docker.sock',
- ],
- ],
- ],
- 'networks' => [],
- ];
+ $traefik = $this->defaultDockerCompose();
}
if (!$fs->exists($traefikCertPath)) {
$fs->mkdir($traefikCertPath);
}
+ if (!$fs->exists($traefikConfigPath)) {
+ $fs->mkdir($traefikConfigPath);
+ }
+ file_put_contents($traefikConfigPath . '/certificates.toml', $this->defaultCertificatesConfig());
if (!in_array($this->name, $traefik['services']['traefik']['networks'], TRUE)) {
$traefik['services']['traefik']['networks'][] = $this->name;
@@ -123,4 +111,67 @@ class Traefik {
}
}
+ /**
+ * @return array
+ */
+ private function defaultDockerCompose(): array {
+ return [
+ 'version' => '3',
+ 'services' => [
+ 'traefik' => [
+ 'image' => 'traefik:v2.3',
+ 'command' => [
+ '--api=true',
+ '--api.dashboard=true',
+ '--api.insecure=true',
+ '--entrypoints.web.address=:' . $this->http_port,
+ '--entrypoints.websecure.address=:' . $this->https_port,
+ '--entrypoints.websecure.http.tls.domains[0].main=' . $this->domain,
+ '--entrypoints.websecure.http.tls.domains[0].sans=.' . $this->domain,
+ '--providers.file.directory=/configuration/',
+ '--providers.file.watch=true',
+ '--providers.docker=true',
+ '--providers.docker.exposedbydefault=false',
+ ],
+ 'restart' => 'unless-stopped',
+ 'networks' => [
+ 'internal',
+ ],
+ 'ports' => [
+ $this->http_port . ':80',
+ $this->https_port . ':443',
+ ],
+ 'labels' => [
+ 'traefik.enable=true',
+ 'traefik.network=internal',
+ 'traefik.http.routers.traefik.service=api@internal',
+ 'traefik.http.routers.traefik.rule=Host(`traefik.' . $this->domain . '`)',
+ ],
+ 'volumes' => [
+ './certs:/certs/:ro',
+ './configuration:/configuration/:ro',
+ '/var/run/docker.sock:/var/run/docker.sock:ro',
+ ],
+ ],
+ ],
+ 'networks' => [
+ 'internal' => [
+ 'internal' => true,
+ ],
+ ],
+ ];
+ }
+
+ /**
+ * @return string
+ */
+ private function defaultCertificatesConfig(): string {
+ return <<<EOF
+[[tls.certificates]]
+ certFile = "/certs/$this->cert_filename"
+ keyFile = "/certs/$this->key_filename"
+EOF;
+
+ }
+
}