Upgraded and refactored Traefik (btcpayserver#585)

.gitignore

@@ -297,8 +297,6 @@ Production/.env
 .vscode/
 *docker-compose.generated.yml
 
-Generated/acme.json
-Generated/traefik_logs/
 Generated/chatwoot_config.env
 Generated/error
 

Generated/.gitignore

@@ -1,5 +1,4 @@
 *.yml
 nginx.tmpl
-*.toml
 *.json
-pull-images.sh
+pull-images.sh

Traefik/README.md

@@ -1,17 +1,27 @@
 # How to use docker-compose with Traefik
 
-Traefik is a modern reverse proxy aimed towards applications running through container orchestrators. 
+Traefik is a modern reverse proxy aimed towards applications running through container orchestrators.
 
 Some of the benefits of using Traefik over NGinx are:
-* Real-time configuration changes - no need to reload the proxy
-* Auto discovery and configuration of services through a vast amount of container orchestrators.
-* Built-in official support for Let's Encrypt SSL with certificate auto-renewal
 
-## Traefik Specific Environment Variables
+- Real-time configuration changes - no need to reload the proxy
+- Auto discovery and configuration of services through a vast amount of container orchestrators.
+- Built-in official support for Let's Encrypt SSL with certificate auto-renewal
+- Supports path-based routing without need to [hard-code it in global config](../Production/nginx.tmpl).
 
-* `BTCPAYGEN_REVERSEPROXY` to `traefik`.
-* `LETSENCRYPT_EMAIL`: Optional, The email Let's Encrypt will use to notify you about certificate expiration.
-* `BTCPAYGEN_ADDITIONAL_FRAGMENTS`: In the case that you have an already deployed traefik container, you can use the fragment `traefik-labels` which will tag the btcpayserver service with the needed labels to be discovered.
+## Traefik Specific Environment Variables
 
+- `BTCPAYGEN_REVERSEPROXY` to `traefik`.
+- `LETSENCRYPT_EMAIL`: Optional, The email Let's Encrypt will use to notify you about certificate expiration.
+- `BTCPAYGEN_ADDITIONAL_FRAGMENTS`: Add `traefik`
+- `BTCPAY_ADDITIONAL_HOSTS`: Traefic can not accept list of hosts. Add additional hosts in a new file named e.g. `btcpayserver-traefic.custom.yml`:
+  ```
+  version: "3"
+  services:
+    btcpayserver:
+      labels:
+        traefik.http.routers.btcpayserver2.rule: Host(`additional.example.com`)
+        traefik.http.routers.btcpayserver3.rule: Host(`another-additional.example.com`)
+  ```
 
-![Architecture](Production.png)
+![Architecture](Production.png)

Traefik/traefik.yml

@@ -0,0 +1,34 @@
+entryPoints:
+  http:
+    address: :80
+    http:
+      redirections:
+        entrypoint:
+          to: https
+          scheme: https
+  https:
+    address: :443
+    http:
+      tls:
+        certResolver: default
+
+providers:
+  docker:
+    exposedByDefault: false
+    watch: true
+    endpoint: unix:///var/run/docker.sock
+
+# Enable only for debug
+#api:
+#  insecure: true
+#  dashboard: true
+
+log:
+  level: ERROR # or DEBUG, PANIC, FATAL, WARN, and INFO
+
+certificatesResolvers:
+  default:
+    acme:
+      storage: /data/acme.json
+      httpChallenge:
+        entryPoint: http

build.ps1

@@ -31,9 +31,3 @@ docker run -v "$(Get-Location)\Generated:/app/Generated" `
 If ($BTCPAYGEN_REVERSEPROXY -eq "nginx") {
     Copy-Item ".\Production\nginx.tmpl" -Destination ".\Generated"
 }
-
-If ($BTCPAYGEN_REVERSEPROXY -eq "traefik") {
-    Copy-Item ".\Traefik\traefik.toml" -Destination ".\Generated"
-
-    New-Item  ".\Generated\acme.json" -type file
-}

build.sh

@@ -41,9 +41,3 @@ fi
 
 [[ -f "Generated/pull-images.sh" ]] && chmod +x Generated/pull-images.sh
 [[ -f "Generated/save-images.sh" ]] && chmod +x Generated/save-images.sh
-
-if [ "$BTCPAYGEN_REVERSEPROXY" == "traefik" ]; then
-    cp Traefik/traefik.toml Generated/traefik.toml
-    :> Generated/acme.json
-    chmod 600 Generated/acme.json
-fi

docker-compose-generator/docker-fragments/bitcoin-clightning.yml

@@ -85,6 +85,9 @@ services:
       RTL_SSO: 1
       RTL_COOKIE_PATH: /data/.cookie
       LOGOUT_REDIRECT_LINK: /server/services
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`))
     volumes:
       - "clightning_bitcoin_datadir:/root/.lightning"
       - "bitcoin_datadir:/etc/bitcoin"

docker-compose-generator/docker-fragments/bitcoin-eclair.yml

@@ -31,8 +31,8 @@ services:
         -Declair.bitcoind.zmqblock=tcp://bitcoind:28334
         -Declair.bitcoind.zmqtx=tcp://bitcoind:28333
     expose:
-      - "9735"  # server port
-      - "8080"  # api port
+      - "9735" # server port
+      - "8080" # api port
     volumes:
       - "bitcoin_datadir:/etc/bitcoin"
       - "eclair_bitcoin_datadir:/data"
@@ -56,6 +56,9 @@ services:
       - "eclair_bitcoin_rtl_datadir:/data"
     expose:
       - "3000"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`))
     links:
       - eclair_bitcoin
 

docker-compose-generator/docker-fragments/bitcoin-lnd.yml

@@ -66,6 +66,9 @@ services:
       - "lnd_bitcoin_rtl_datadir:/data"
     expose:
       - "3000"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_rtl.rule: Host(`${BTCPAY_HOST}`) && (Path(`/rtl`) || PathPrefix(`/rtl/`))
     links:
       - lnd_bitcoin
 

docker-compose-generator/docker-fragments/btcpayserver.yml

@@ -1,7 +1,6 @@
 version: "3"
 
 services:
-
   btcpayserver:
     restart: unless-stopped
     image: ${BTCPAY_IMAGE:-btcpayserver/btcpayserver:1.5.4$<BTCPAY_BUILD_CONFIGURATION>?}
@@ -21,6 +20,10 @@ services:
       BTCPAY_DEBUGLOG: btcpay.log
       BTCPAY_UPDATEURL: https://api.github.com/repos/btcpayserver/btcpayserver/releases/latest
       BTCPAY_DOCKERDEPLOYMENT: "true"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.btcpayserver.rule: Host(`${BTCPAY_HOST}`)
+      # Traefic can not accept list from BTCPAY_ADDITIONAL_HOSTS, see Traefik/README.md
     links:
       - postgres
     volumes:

docker-compose-generator/docker-fragments/opt-add-btctransmuter.yml

@@ -21,6 +21,9 @@ services:
       VIRTUAL_HOST: ${BTCTRANSMUTER_HOST}
       VIRTUAL_HOST_NAME: "btctransmuter"
       TRANSMUTER_BTCPayAuthServer: "http://btcpayserver:49392"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.btctransmuter.rule: Host(`${BTCPAY_HOST}`) && (Path(`/btctransmuter`) || PathPrefix(`/btctransmuter/`))
     expose:
       - "80"
     links:

docker-compose-generator/docker-fragments/opt-add-thunderhub.yml

@@ -19,6 +19,9 @@ services:
       NO_CLIENT_ACCOUNTS: "true"
       LOG_LEVEL: debug
       LOGOUT_URL: "/server/services/thunderhub/BTC"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.bitcoin_thub.rule: Host(`${BTCPAY_HOST}`) && (Path(`/thub`) || PathPrefix(`/thub/`))
     volumes:
       - "lnd_bitcoin_datadir:/etc/lnd"
       - "lnd_bitcoin_thub_datadir:/data"

docker-compose-generator/docker-fragments/traefik.yml

@@ -3,23 +3,19 @@ version: "3"
 services:
   traefik:
     restart: unless-stopped
-    image: traefik
+    image: traefik:v2.6
     container_name: traefik
     ports:
       - "${REVERSEPROXY_HTTP_PORT:-80}:80"
       - "${REVERSEPROXY_HTTPS_PORT:-443}:443"
+      - "8080:8080" # Dashboard, enable for debug only
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
-      - "./traefik.toml:/traefik.toml"
-      - "./acme.json:/acme.json:ro"
-      - "./servers.toml:/servers.toml"
-      - "./traefik_logs:/traefik_logs"
-
-    links:
-      - btcpayserver
+      - "../Traefik/traefik.yml:/traefik.yml"
+      - "traefik_data:/data"
 
 volumes:
-  traefik_logs:
+  traefik_data:
 
 exclusive:
   - proxy