Bonjour,
Par avance, merci pour votre aide.
Voici les éléments demandés.
docker logs traefik
time="2020-07-02T10:06:19Z" level=info msg="Configuration loaded from flags."
time="2020-07-02T10:06:19Z" level=info msg="Traefik version 2.2.1 built on 2020-04-29T18:02:09Z"
time="2020-07-02T10:06:19Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
time="2020-07-02T10:06:19Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-07-02T10:06:19Z" level=info msg="Starting provider *file.Provider {\"directory\":\"/etc/traefik/conf.d/\",\"watch\":true}"
time="2020-07-02T10:06:19Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-07-02T10:06:19Z" level=error msg="the router nextcloud-secure@file uses a non-existent resolver: letsencrypt-rsa2048"
time="2020-07-02T10:06:19Z" level=error msg="the router traefik-secure@file uses a non-existent resolver: letsencrypt-ecdsa"
time="2020-07-02T10:06:20Z" level=error msg="the router traefik-secure@file uses a non-existent resolver: letsencrypt-ecdsa"
time="2020-07-02T10:06:20Z" level=error msg="the router nextcloud-secure@file uses a non-existent resolver: letsencrypt-rsa2048"
#/srv/docker/traefik/docker-compose.yml
version: "3.8"
networks:
traefik:
services:
traefik:
image: traefik:chevrotin
container_name: traefik
volumes:
- /srv/docker/traefik/acme.json:/etc/traefik/acme.json
- /srv/docker/traefik/certs:/etc/traefik/certs
- /var/run/docker.sock:/var/run/docker.sock
- /srv/docker/traefik/conf.d:/etc/traefik/conf.d
ports:
- 80:80
- 443:443
- 8080:8080 # le temps de tester
networks:
- traefik
command:
- "--global.sendanonymoususage=false" # désactivation de l'envoi de donnée
- "--global.checknewversion=false" # puisque dockerisé, on désactive le check de mise à jour
- "--accesslog=true" # Pour avoir les logs d'accès
- "--api=true" # Pour activer l'api
- "--api.insecure=true" # Activer pour exposer l'api sur 8080
- "--api.dashboard=true" # Pour activer le dashboard
- "--log.level=INFO"
- "--providers.file.directory=/etc/traefik/conf.d/" # Permets de charger les configurations dans le répertoire (tout les yaml et toml)
- "--providers.file.watch=true" # Permets de surveiller le répertoire précédent pour charger dynamiquement les configurations
- "--entrypoints.web.address=:80" # Création de l'entrypoint nommé web sur le port 80
- "--entrypoints.websecure.address=:443" # Création de l'entrypoint nommé websecure sur le port 443
#- "--entrypoints.web.http.redirections.entrypoint.scheme=https" # Pour créer une redirection vers https
#- "--entrypoints.web.http.redirections.entrypoint.to=websecure" # Pour rediriger vers l'entrypoint websecure (port 443)
db_nextcloud:
image: postgres:12
container_name: db_nextcloud
networks:
- traefik
volumes:
- /srv/docker/db_nextcloud/:/var/lib/postgresql/
environment:
- POSTGRES_PASSWORD=nextcloud
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
nextcloud:
image: nextcloud:19
container_name: nextcloud
networks:
- traefik
environment:
- POSTGRES_HOST=db_nextcloud
- POSTGRES_DB=nextcloud
- POSTGRES_USER=nextcloud
- POSTGRES_PASSWORD=nextcloud
- NEXTCLOUD_ADMIN_USER=admin
- NEXTCLOUD_ADMIN_PASSWORD=admin
volumes:
- /srv/docker/nextcloud:/var/www/html
#/serv/docker/traefik/conf.d/auth.yml
http:
middlewares:
admin-users:
basicAuth:
users:
- "ricardo:xxxxx" # mot de passe masqué
dev-users:
basicAuth:
users:
- "tata:$apr1$inMBbv02$C/oh3LLEfmmOyloAtqW/V/"
#/srv/docker/traefik/conf.d/compression.yml
http:
middlewares:
compression:
compress:
excludedContentTypes:
- "text/event-stream"
#/srv/docker/traefik/conf.d/hsts.yml
http:
middlewares:
hsts:
headers:
forceSTSHeader: true
stsSeconds: 315360000
stsIncludeSubdomains: true
stsPreload: true
#/srv/docker/traefik/conf.d/nextcloud.yml
http:
services:
nextcloud:
loadBalancer:
servers:
- url: "http://192.168.1.104:80/cloud"
routers:
nextcloud:
rule: "Host(`xxxxx.ovh`) && PathPrefix(`/cloud`)" # domaine masqué
entryPoints:
- "web"
middlewares:
- "redirect-to-https@file"
service: "noop@internal"
nextcloud-secure:
rule: "Host(`xxxxx.ovh`) && PathPrefix(`/cloud`)" # domaine masqué
entryPoints:
- "websecure"
middlewares:
- "hsts@file"
- "security@file"
- "compression@file"
- "strip-cloud@file"
service: "nextcloud@file"
tls:
certResolver: letsencrypt-rsa2048
middlewares:
strip-cloud:
stripPrefix:
prefixes:
- "/cloud"
#/srv/docker/traefik/conf.d/redirect-to-https.yml
http:
middlewares:
redirect-to-https:
redirectScheme:
scheme: https
permanent: true
#/srv/docker/traefik/conf.d/security.yml
http:
middlewares:
security:
headers:
accessControlMaxAge: 100
addVaryHeader: true
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
sslRedirect: true
customFrameOptionsValue: "SAMEORIGIN"
referrerPolicy: "same-origin"
featurePolicy: "vibrate 'self'"
#/srv/docker/traefik/conf.d/tls.yml
certificatesResolvers:
letsencrypt-ecdsa: # Nom arbitraire, je pourrais mettre toto, ça fonctionne correctement
acme:
email: "xxx@xxxxx" # email masqué
caserver: "https://acme-v02.api.letsencrypt.org/directory"
storage: "/etc/traefik/acme.json"
keytype: "EC384"
httpChallenge:
entryPoint: "web"
letsencrypt-rsa2048: # Nom arbitraire, je pourrais mettre toto, ça fonctionne correctement
acme:
email: "xxx@xxxxx" # email masqué
caserver: "https://acme-v02.api.letsencrypt.org/directory"
storage: "/etc/traefik/acme.json"
keytype: "RSA2048"
httpChallenge:
entryPoint: "web"
tls:
options:
default:
minVersion: "VersionTLS12"
sniStrict: true
cipherSuites:
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
- "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
- "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
- "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"
- "TLS_AES_128_GCM_SHA256"
- "TLS_AES_256_GCM_SHA384"
- "TLS_CHACHA20_POLY1305_SHA256"
curvePreferences:
- X25519
- CurveP521
- CurveP384
- CurveP256
mintls13: # Arbitraire également, toto fonctionne aussi
minVersion: "VersionTLS13"
#/serv/docker/traefik/conf.d/traefik.yml
http:
services:
traefik:
loadBalancer:
servers:
- url: "http://192.168.1.104:8080"
routers:
traefik:
rule: "Host(`xxxxx.ovh`)" # domaine masqué
entryPoints:
- "web"
middlewares:
- "redirect-to-https@file"
service: "noop@internal"
traefik-secure:
rule: "Host(`xxxxx.ovh`)" # domaine masqué
entryPoints:
- "websecure"
middlewares:
- "hsts@file"
- "security@file"
- "compression@file"
- "admin-users@file"
service: "traefik@file"
tls:
certResolver: letsencrypt-ecdsa
options: mintls13
Enfin, je précise que la procédure a généré deux dossiers vides
/serv/docker/traefik/acme.json
/serv/docker/traefik/certs