Upgrade to Traefik v2

CONTRIBUTORS.rst

@@ -102,6 +102,7 @@ Listed in alphabetical order.
   Demetris Stavrou         `@demestav`_
   Denis Bobrov             `@delneg`_
   Denis Orehovsky          `@apirobot`_
+  Denis Savran             `@blaxpy`_
   Diane Chen               `@purplediane`_               @purplediane88
   Dónal Adams              `@epileptic-fish`_
   Dong Huynh               `@trungdong`_
@@ -226,6 +227,7 @@ Listed in alphabetical order.
 .. _@arruda: https://github.com/arruda
 .. _@bertdemiranda: https://github.com/bertdemiranda
 .. _@bittner: https://github.com/bittner
+.. _@blaxpy: https://github.com/blaxpy
 .. _@bloodpet: https://github.com/bloodpet
 .. _@blopker: https://github.com/blopker
 .. _@bogdal: https://github.com/bogdal

{{cookiecutter.project_slug}}/compose/production/traefik/Dockerfile

@@ -1,5 +1,5 @@
-FROM traefik:1.7-alpine
+FROM traefik:v2.0
 RUN mkdir -p /etc/traefik/acme
 RUN touch /etc/traefik/acme/acme.json
 RUN chmod 600 /etc/traefik/acme/acme.json
-COPY ./compose/production/traefik/traefik.toml /etc/traefik
+COPY ./compose/production/traefik/traefik.yml /etc/traefik

{{cookiecutter.project_slug}}/compose/production/traefik/traefik.toml

@@ -1,41 +0,0 @@
-logLevel = "INFO"
-defaultEntryPoints = ["http", "https"]
-
-# Entrypoints, http and https
-[entryPoints]
-  # http should be redirected to https
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  # https is the default
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-
-# Enable ACME (Let's Encrypt): automatic SSL
-[acme]
-# Email address used for registration
-email = "{{ cookiecutter.email }}"
-storage = "/etc/traefik/acme/acme.json"
-entryPoint = "https"
-onDemand = false
-OnHostRule = true
-  # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
-  [acme.httpChallenge]
-  entryPoint = "http"
-
-[file]
-[backends]
-  [backends.django]
-    [backends.django.servers.server1]
-      url = "http://django:5000"
-
-[frontends]
-  [frontends.django]
-    backend = "django"
-    passHostHeader = true
-    [frontends.django.headers]
-      HostsProxyHeaders = ['X-CSRFToken']
-    [frontends.django.routes.dr1]
-      rule = "Host:{{ cookiecutter.domain_name }}"

{{cookiecutter.project_slug}}/compose/production/traefik/traefik.yml

@@ -0,0 +1,67 @@
+log:
+  level: INFO
+
+entryPoints:
+  web:
+    # http
+    address: ":80"
+
+  web-secure:
+    # https
+    address: ":443"
+
+certificatesResolvers:
+  letsencrypt:
+    # https://docs.traefik.io/master/https/acme/#lets-encrypt
+    acme:
+      email: "{{ cookiecutter.email }}"
+      storage: /etc/traefik/acme/acme.json
+      # https://docs.traefik.io/master/https/acme/#httpchallenge
+      httpChallenge:
+        entryPoint: web
+
+http:
+  routers:
+    web-router:
+      rule: "Host(`{{ cookiecutter.domain_name }}`)"
+      entryPoints:
+        - web
+      middlewares:
+        - redirect
+        - csrf
+      service: django
+
+    web-secure-router:
+      rule: "Host(`{{ cookiecutter.domain_name }}`)"
+      entryPoints:
+        - web-secure
+      middlewares:
+        - csrf
+      service: django
+      tls:
+        # https://docs.traefik.io/master/routing/routers/#certresolver
+        certResolver: letsencrypt
+
+  middlewares:
+    redirect:
+      # https://docs.traefik.io/master/middlewares/redirectscheme/
+      redirectScheme:
+        scheme: https
+        permanent: true
+    csrf:
+      # https://docs.traefik.io/master/middlewares/headers/#hostsproxyheaders
+      # https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
+      headers:
+        hostsProxyHeaders: ['X-CSRFToken']
+
+  services:
+    django:
+      loadBalancer:
+        servers:
+          - url: http://django:5000
+
+providers:
+  # https://docs.traefik.io/master/providers/file/
+  file:
+    filename: /etc/traefik/traefik.yml
+    watch: true