diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000000000000000000000000000000000000..9c562bd1f916aaad7aef03ec2af22650cc38129d
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,12 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{markdown,md}]
+trim_trailing_whitespace = false
diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000000000000000000000000000000000000..6313b56c57848efce05faa7aa7e901ccfc2886ea
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+* text=auto eol=lf
diff --git a/.gitignore b/.gitignore
index 4b9708214ee9ce78e8115439703c20cd071b1efb..e68eca4b701455c02921cbda2f6eaf7d7715b17c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,89 +1,27 @@
-# File created using '.gitignore Generator' for Visual Studio Code: https://bit.ly/vscode-gig
-
-# Created by https://www.toptal.com/developers/gitignore/api/windows,macos,linux
-# Edit at https://www.toptal.com/developers/gitignore?templates=windows,macos,linux
-
-### Linux ###
-*~
-
-# temporary files which can be created if a process still has a handle open of a deleted file
-.fuse_hidden*
-
-# KDE directory preferences
-.directory
-
-# Linux trash folder which might appear on any partition or disk
-.Trash-*
-
-# .nfs files are created when an open file is removed but is still being accessed
-.nfs*
-
-### macOS ###
-# General
-.DS_Store
-.AppleDouble
-.LSOverride
-
-# Icon must end with two \r
-Icon
-
-# Thumbnails
-._*
-
-# Files that might appear in the root of a volume
-.DocumentRevisions-V100
-.fseventsd
-.Spotlight-V100
-.TemporaryItems
-.Trashes
-.VolumeIcon.icns
-.com.apple.timemachine.donotpresent
-
-# Directories potentially created on remote AFP share
-.AppleDB
-.AppleDesktop
-Network Trash Folder
-Temporary Items
-.apdisk
-
-### Windows ###
-# Windows thumbnail cache files
-Thumbs.db
-Thumbs.db:encryptable
-ehthumbs.db
-ehthumbs_vista.db
-
-# Dump file
-*.stackdump
-
-# Folder config file
-[Dd]esktop.ini
-
-# Recycle Bin used on file shares
-$RECYCLE.BIN/
-
-# Windows Installer files
-*.cab
-*.msi
-*.msix
-*.msm
-*.msp
-
-# Windows shortcuts
-*.lnk
-
-# End of https://www.toptal.com/developers/gitignore/api/windows,macos,linux
-
-# Custom rules (everything added below won't be overriden by 'Generate .gitignore File' if you use 'Update' option)
-
-.env
-docker-compose.yml
-
-config/**/*.json
-config/**/*.toml
-config/certs/**
-custom/**
+*
+
+!/.github/
+!/config/
+!/config/acme/
+!/config/certs/
+!/config/files/
+!/custom/
+!/references/
+
+!/.github/FUNDING.yml
+!/config/files/middlewares_basic.toml
+!/config/files/tls.toml
+!/references/info.yml
+!/references/traefik.sample.toml
+
+!/.editorconfig
+!/.gitattributes
+!/.gitignore
+!/.markdownlint.yml
+!/CODE_OF_CONDUCT.md
+!/LICENSE
+!/README.md
+!/sample..env
+!/sample.docker-compose.yml
!.keep
-!config/files/middlewares_basic.toml
-!config/files/tls.toml
diff --git a/.markdownlint.yml b/.markdownlint.yml
new file mode 100644
index 0000000000000000000000000000000000000000..229b58f58bcc34428be693edb5eef4fa0d7a7f8d
--- /dev/null
+++ b/.markdownlint.yml
@@ -0,0 +1 @@
+MD033: false
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
index 1dd899201772f033ff60c0e3021106f1006de465..9a8f1b70846a5b06c37c97f30a4262e1ca21daf2 100644
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -45,16 +45,16 @@ or harmful.
Community leaders have the right and responsibility to remove, edit, or reject
comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for
-moderation decisions when appropriate.
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also applies when
an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail
-address, posting via an official social media account, or acting as an
-appointed representative at an online or offline event.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
## Enforcement
@@ -116,13 +116,17 @@ the community.
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+[https://www.contributor-covenant.org/version/2/0/code_of_conduct.html][v2.0].
-Community Impact Guidelines were inspired by [Mozilla's code of conduct
-enforcement ladder](https://github.com/mozilla/diversity).
-
-[homepage]: https://www.contributor-covenant.org
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
-https://www.contributor-covenant.org/translations.
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available
+at [https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.0]: https://www.contributor-covenant.org/version/2/0/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations
diff --git a/README.md b/README.md
index 9bba288b2cf7a01e3cc7488f37ce39f998a85ce1..a73c31bb73169d74f1987e8bcd38182ed60c8caf 100644
--- a/README.md
+++ b/README.md
@@ -1,114 +1,113 @@
-[](https://github.com/RichardLitt/standard-readme/blob/master/example-readmes/minimal-readme.md) [](https://www.repostatus.org/#active) <a href="https://liberapay.com/benz0li/donate"><img src="https://liberapay.com/assets/widgets/donate.svg" alt="Donate using Liberapay" height="20"></a>
-
# Træfik
+<!-- markdownlint-disable line-length -->
+[](https://github.com/RichardLitt/standard-readme/blob/master/example-readmes/minimal-readme.md) [](https://www.repostatus.org/#active) <a href="https://liberapay.com/benz0li/donate"><img src="https://liberapay.com/assets/widgets/donate.svg" alt="Donate using Liberapay" height="20"></a>
+<!-- markdownlint-enable line-length -->
+
[This project](https://gitlab.com/b-data/docker/deployments/traefik) serves as
-a template to run [Træfik](https://hub.docker.com/_/traefik) v2.8 in a docker
+a template to run [Træfik](https://hub.docker.com/_/traefik) v2.11 in a docker
container using docker compose.
The goal is to set up a TLS termination proxy for all Docker containers
providing web services on a **single host**.
-**Features**
+Features:
-* Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge).
-* Provision of the following basic Middlewares:
- * RedirectScheme: Redirect from HTTP to HTTPS
- * RateLimit: Limit to a _fair_ amount of requests
- * average: 100 requests per second
- * burst: 50 requests (per second)
- * Headers: HTTP Strict Transport Security with long duration
-* Provision of three configurations (modern, intermediate [default], old) for
- TLS.
- → See [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org)
- for more information.
-* Use of an [.env file](https://docs.docker.com/compose/env-file/) for
- [variable substitution in the Compose file](https://docs.docker.com/compose/compose-file/#variable-substitution).
-
+* Automatic creation/renewal of Let's Encrypt certificates (HTTP challenge).
+* Provision of the following basic Middlewares:
+ * RedirectScheme: Redirect from HTTP to HTTPS
+ * RateLimit: Limit to a _fair_ amount of requests
+ * average: 100 requests per second
+ * burst: 50 requests (per second)
+ * Headers: HTTP Strict Transport Security with long duration
+* Provision of three configurations (modern, intermediate [default], old) for
+ TLS.
+ → See [Mozilla SSL Configuration Generator](https://ssl-config.mozilla.org)
+ for more information.
+* Use of an [.env file](https://docs.docker.com/compose/env-file/) for
+ [variable substitution in the Compose file](https://docs.docker.com/compose/compose-file/#variable-substitution).
-**About træfik**
+About træfik:
-* Homepage: https://traefik.io/traefik/
-* Documentation: https://doc.traefik.io/traefik/
+* Homepage: <https://traefik.io/traefik/>
+* Documentation: <https://doc.traefik.io/traefik/>
## Table of Contents
-* [Prerequisites](#prerequisites)
-* [Install](#install)
-* [Usage](#usage)
-* [Contributing](#contributing)
-* [License](#license)
+* [Prerequisites](#prerequisites)
+* [Install](#install)
+* [Usage](#usage)
+* [Contributing](#contributing)
+* [License](#license)
## Prerequisites
For the HTTP challenge you require:
-* A publicly accessible host allowing connections on port 80 & 443.
-* A DNS record for the domain you want to expose pointing to this host.
+* A publicly accessible host allowing connections on port 80 & 443.
+* A DNS record for the domain you want to expose pointing to this host.
## Install
To install docker and docker compose, follow the instructions for your platform:
-* [Install Docker Engine | Docker Documentation > Supported platforms](https://docs.docker.com/engine/install/#supported-platforms)
- * Includes Docker Compose V2
-* [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/)
+* [Install Docker Engine | Docker Documentation > Supported platforms](https://docs.docker.com/engine/install/#supported-platforms)
+ * Includes Docker Compose V2
+* [Post-installation steps for Linux](https://docs.docker.com/engine/install/linux-postinstall/)
## Usage
-1. Create an external docker network named "webproxy":
- ```bash
- docker network create webproxy
- ```
-1. Change file mode of `config/acme`:
- ```bash
- chmod go+w config/acme
- ```
-1. Make a copy of all `sample.` files:
- ```bash
- for file in sample.*; do cp "$file" "${file#sample.}"; done;
- ```
-1. Update environment variables `TF_ACME_EMAIL` and `TF_CERTRESOLVER_NAME1` in
- '.env':
- * Replace `postmaster@mydomain.com` with a valid email address of yours.
- * Replace `mydomain-com` with a suitable name to identify this certificate
- resolvers configuration.
- → Dots (`.`) in the name are not allowed!
-1. Start the container in detached mode:
- ```bash
- docker compose up -d
- ```
+1. Create an external docker network named "webproxy":
+
+ docker network create webproxy
+
+1. Change file mode of `config/acme`:
+
+ chmod go+w config/acme
+
+1. Make a copy of all `sample.` files:
+
+ for file in sample.*; do cp "$file" "${file#sample.}"; done;
+
+1. Update environment variables `TF_ACME_EMAIL` and `TF_CERTRESOLVER_NAME1` in
+ '.env':
+ * Replace `postmaster@mydomain.com` with a valid email address of yours.
+ * Replace `mydomain-com` with a suitable name to identify this certificate
+ resolvers configuration.
+ → Dots (`.`) in the name are not allowed!
+1. Start the container in detached mode:
+
+ docker compose up -d
`docker compose` commands must be run in the root directory of the project, i.e.
where 'docker-compose.yml' is located!
### Test
-1. Uncomment lines 43 to 55 in 'docker-compose.yml' to enable service "whoami"
- and configure as follows:
- * Replace `whoami.mydomain.com` with the intended domain from
- [Prerequisites](#prerequisites).
- * Replace `mydomain-com` with the value set for `TF_CERTRESOLVER_NAME1` in
- '.env'.
-2. Start the container in detached mode:
- ```bash
- docker compose up -d
- ```
-3. Wait a bit and visit http://whoami.mydomain.com to confirm everything went
-fine.
+1. Uncomment lines 43 to 55 in 'docker-compose.yml' to enable service "whoami"
+ and configure as follows:
+ * Replace `whoami.mydomain.com` with the intended domain from
+ [Prerequisites](#prerequisites).
+ * Replace `mydomain-com` with the value set for `TF_CERTRESOLVER_NAME1` in
+ '.env'.
+2. Start the container in detached mode:
+
+ docker compose up -d
+
+3. Wait a bit and visit <http://whoami.mydomain.com> to confirm everything went
+ fine.
### Debugging
-Use [docker logs](https://docs.docker.com/engine/reference/commandline/logs/)
-to see the output of the container:
+Use [docker logs](https://docs.docker.com/engine/reference/commandline/logs/) to
+see the output of the container:
-```bash
-docker logs webproxy-traefik-1
-```
+ docker logs webproxy-traefik-1
## Contributing
-PRs accepted.
+PRs accepted. Please submit to the
+[GitLab repository](https://gitlab.com/b-data/docker/deployments/traefik).
This project follows the
[Contributor Covenant](https://www.contributor-covenant.org)
diff --git a/references/info.yml b/references/info.yml
index ccf18c5f0bdd48723e3f8673da18b780b79529ba..8e5854f7548a94ef3cb05dc3272e734754f51bc3 100644
--- a/references/info.yml
+++ b/references/info.yml
@@ -1,4 +1,4 @@
-sources:
+sources:
- file_name: traefik.sample.toml
url: https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml
- date: 2021-10-07
+ date: 2023-02-20
diff --git a/sample..env b/sample..env
index c87ab1195cc3c4e3b97642eed29b531732e8cb9c..cf3c4df81fcb2a649c188563991ac0d920640069 100644
--- a/sample..env
+++ b/sample..env
@@ -7,7 +7,7 @@ COMPOSE_PROJECT_NAME=webproxy
TF_HOME=
## Version
-TF_VERSION=2.9
+TF_VERSION=2.11
## Certificate Resolvers
TF_ACME_EMAIL=postmaster@mydomain.com