diff --git a/CONTRIBUTORS.rst b/CONTRIBUTORS.rst index 53edb28e..46afc393 100644 --- a/CONTRIBUTORS.rst +++ b/CONTRIBUTORS.rst @@ -102,6 +102,7 @@ Listed in alphabetical order. Demetris Stavrou `@demestav`_ Denis Bobrov `@delneg`_ Denis Orehovsky `@apirobot`_ + Denis Savran `@blaxpy`_ Diane Chen `@purplediane`_ @purplediane88 Dónal Adams `@epileptic-fish`_ Dong Huynh `@trungdong`_ @@ -226,6 +227,7 @@ Listed in alphabetical order. .. _@arruda: https://github.com/arruda .. _@bertdemiranda: https://github.com/bertdemiranda .. _@bittner: https://github.com/bittner +.. _@blaxpy: https://github.com/blaxpy .. _@bloodpet: https://github.com/bloodpet .. _@blopker: https://github.com/blopker .. _@bogdal: https://github.com/bogdal diff --git a/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile b/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile index d7363a1a..746aa2b4 100644 --- a/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile +++ b/{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile @@ -1,5 +1,5 @@ -FROM traefik:1.7-alpine +FROM traefik:v2.0 RUN mkdir -p /etc/traefik/acme RUN touch /etc/traefik/acme/acme.json RUN chmod 600 /etc/traefik/acme/acme.json -COPY ./compose/production/traefik/traefik.toml /etc/traefik +COPY ./compose/production/traefik/traefik.yml /etc/traefik diff --git a/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.toml b/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.toml deleted file mode 100644 index 0f2abe8a..00000000 --- a/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.toml +++ /dev/null @@ -1,41 +0,0 @@ -logLevel = "INFO" -defaultEntryPoints = ["http", "https"] - -# Entrypoints, http and https -[entryPoints] - # http should be redirected to https - [entryPoints.http] - address = ":80" - [entryPoints.http.redirect] - entryPoint = "https" - # https is the default - [entryPoints.https] - address = ":443" - [entryPoints.https.tls] - -# Enable ACME (Let's Encrypt): automatic SSL -[acme] -# Email address used for registration -email = "{{ cookiecutter.email }}" -storage = "/etc/traefik/acme/acme.json" -entryPoint = "https" -onDemand = false -OnHostRule = true - # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge - [acme.httpChallenge] - entryPoint = "http" - -[file] -[backends] - [backends.django] - [backends.django.servers.server1] - url = "http://django:5000" - -[frontends] - [frontends.django] - backend = "django" - passHostHeader = true - [frontends.django.headers] - HostsProxyHeaders = ['X-CSRFToken'] - [frontends.django.routes.dr1] - rule = "Host:{{ cookiecutter.domain_name }}" diff --git a/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml b/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml new file mode 100644 index 00000000..324c62af --- /dev/null +++ b/{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml @@ -0,0 +1,67 @@ +log: + level: INFO + +entryPoints: + web: + # http + address: ":80" + + web-secure: + # https + address: ":443" + +certificatesResolvers: + letsencrypt: + # https://docs.traefik.io/master/https/acme/#lets-encrypt + acme: + email: "{{ cookiecutter.email }}" + storage: /etc/traefik/acme/acme.json + # https://docs.traefik.io/master/https/acme/#httpchallenge + httpChallenge: + entryPoint: web + +http: + routers: + web-router: + rule: "Host(`{{ cookiecutter.domain_name }}`)" + entryPoints: + - web + middlewares: + - redirect + - csrf + service: django + + web-secure-router: + rule: "Host(`{{ cookiecutter.domain_name }}`)" + entryPoints: + - web-secure + middlewares: + - csrf + service: django + tls: + # https://docs.traefik.io/master/routing/routers/#certresolver + certResolver: letsencrypt + + middlewares: + redirect: + # https://docs.traefik.io/master/middlewares/redirectscheme/ + redirectScheme: + scheme: https + permanent: true + csrf: + # https://docs.traefik.io/master/middlewares/headers/#hostsproxyheaders + # https://docs.djangoproject.com/en/dev/ref/csrf/#ajax + headers: + hostsProxyHeaders: ['X-CSRFToken'] + + services: + django: + loadBalancer: + servers: + - url: http://django:5000 + +providers: + # https://docs.traefik.io/master/providers/file/ + file: + filename: /etc/traefik/traefik.yml + watch: true