Use Traefik 2.1 instead of Traefik 1.7 for testing

.gitlab-ci.yml

@@ -3,7 +3,7 @@ image: $CI_REGISTRY/$CI_PROJECT_NAMESPACE/hub/auto-deploy-image:latest
 variables:
   DOCKER_DRIVER: overlay2
   DOCKER_TLS_CERTDIR: "/certs"
-  TRAEFIK_VERSION: 1.7-alpine
+  TRAEFIK_VERSION: "2.1"
   PORTAINER_VERSION: latest
   PSU_IMAGE: ${CI_REGISTRY_IMAGE}/builds
   PSU_TAG: $CI_COMMIT_SHA

tests/dockerfiles/docker-stack-portainer.yml

@@ -3,13 +3,20 @@ version: '3.6'
 services:
   portainer:
     image: portainer/portainer:$PORTAINER_VERSION
-    command: --admin-password-file '/run/secrets/portainer-password'
+    command: --admin-password-file '/run/secrets/portainer-password' --no-analytics
     labels:
       - traefik.enable=true
-      - traefik.frontend.rule=Host:portainer.$BASE_DOMAIN
-      - traefik.frontend.redirect.entryPoint=https
-      - traefik.backend=portainer
-      - traefik.port=9000
+      - traefik.docker.network=traefik-net
+      # HTTPS route
+      - "traefik.http.routers.portainer.entrypoints=https"
+      - "traefik.http.routers.portainer.rule=Host(`portainer.$BASE_DOMAIN`)"
+      - "traefik.http.routers.portainer.tls=true"
+      - traefik.http.middlewares.retry-if-fails.retry.attempts=10
+      - traefik.http.middlewares.https-only.redirectscheme.scheme=https
+      - traefik.http.middlewares.secured.chain.middlewares=retry-if-fails,https-only
+      - traefik.http.routers.portainer.middlewares=secured
+      # Service
+      - traefik.http.services.portainer.loadbalancer.server.port=9000
     networks:
       - traefik-net
     environment:

tests/dockerfiles/docker-stack-traefik.yml

@@ -5,26 +5,32 @@ services:
     image: traefik:$TRAEFIK_VERSION
     # Enables the web UI and tells Traefik to listen to docker
     command:
-      - --api
-      - --docker
-      - --docker.watch
-      - --defaultEntryPoints=http,https
-      # IMPORTANT: The `retry.attempts` param is required to allow zero (1s) downtime deployment
-      - --retry.attempts=10
-      - "--entryPoints=Name:http Address::80"
-      - "--entryPoints=Name:https Address::443 TLS WhiteList.UseXForwardedFor:true"
-      - --docker.exposedbydefault=false
+      - --providers.docker=true
+      - --providers.docker.watch=true
+      - --providers.docker.exposedbydefault=false
+      - --entryPoints.http.address=:80
+      - --entryPoints.https.address=:443
+      - --api.dashboard=true
     environment:
       - HTTP_PROXY
       - HTTPS_PROXY
       - http_proxy
       - https_proxy
       - NO_PROXY
+    labels:
+      - "traefik.enable=true"
+      - traefik.docker.network=traefik-net
+      - traefik.http.middlewares.retry-if-fails.retry.attempts=10
+      - traefik.http.middlewares.https-only.redirectscheme.scheme=https
+      - traefik.http.middlewares.secured.chain.middlewares=retry-if-fails,https-only
+      - "traefik.http.routers.traefik.entrypoints=https"
+      - "traefik.http.routers.traefik.rule=Host(`traefik.$BASE_DOMAIN`)"
+      - "traefik.http.routers.traefik.middlewares=secured"
+      - "traefik.http.routers.traefik.tls=true"
+      - "traefik.http.routers.traefik.service=api@internal"
     ports:
       - "80:80"
       - 443:443
-      # The Web UI (enabled by --api)
-      - "8080:8080"
     networks:
       - traefik-net
     volumes:

tests/dockerfiles/docker-stack-web-app.yml

@@ -37,10 +37,18 @@ services:
     image: $CI_REGISTRY/$CI_PROJECT_NAMESPACE/hub/testing/psu-apache2:latest
     labels:
       - traefik.enable=true
-      - "traefik.frontend.rule=Host:$PSU_STACK_NAME.$BASE_DOMAIN"
-      - traefik.frontend.redirect.entryPoint=https
-      - traefik.backend=web-php-app
-      - traefik.port=5000
+      - traefik.docker.network=traefik-net
+      # HTTPS route
+      - "traefik.http.routers.web-php-app.entrypoints=https"
+      - "traefik.http.routers.web-php-app.rule=Host(`$PSU_STACK_NAME.$BASE_DOMAIN`)"
+      - "traefik.http.routers.web-php-app.tls=true"
+      # IMPORTANT: The `retry.attempts` middleware is required to allow zero (1s) downtime deployment
+      - traefik.http.middlewares.retry-if-fails.retry.attempts=10
+      - traefik.http.middlewares.https-only.redirectscheme.scheme=https
+      - traefik.http.middlewares.secured.chain.middlewares=retry-if-fails,https-only
+      - traefik.http.routers.web-php-app.middlewares=secured
+      # Service
+      - traefik.http.services.web-php-app.loadbalancer.server.port=5000
     environment:
       - HTTP_PROXY
       - HTTPS_PROXY
@@ -49,7 +57,6 @@ services:
       - NO_PROXY
     volumes:
       - php-runner:/var/run/php
-    stop_signal: SIGWINCH
     deploy:
       update_config:
         failure_action: rollback

tests/run.sh

@@ -44,9 +44,9 @@ docker swarm init
 
 # Deploy Traefik test
 # Parse the Docker traefik stack file to deploy
-envsubst '$TRAEFIK_VERSION' < dockerfiles/docker-stack-traefik.yml > dockerfiles/docker-stack-traefik-final.yml
+envsubst '$TRAEFIK_VERSION,$BASE_DOMAIN' < dockerfiles/docker-stack-traefik.yml > dockerfiles/docker-stack-traefik-final.yml
 docker stack deploy -c dockerfiles/docker-stack-traefik-final.yml traefik --with-registry-auth
-bash -c "timeout 20 bash -c 'while ! (echo > /dev/tcp/cluster/443 && curl -fs --max-time 2 http://cluster:8080/dashboard/) >/dev/null 2>&1; do sleep 1; done;'"
+bash -c "timeout 20 bash -c 'while ! (echo > /dev/tcp/cluster/443 && curl -fks --max-time 2 https://traefik.$BASE_DOMAIN/dashboard/) >/dev/null 2>&1; do sleep 1; done;'"
 
 # Deploy Portainer test
 echo -n $PSU_PASSWORD | docker secret create portainer-password -