.gitignore

@@ -8,9 +8,9 @@
 /site/
 /docs/site/
 /autogen/
-/traefik
+# /traefik
-/traefik.toml
+# /traefik.toml
-/traefik.yml
+# /traefik.yml
 *.log
 *.exe
 cover.out

Dockerfile

@@ -3,8 +3,8 @@ FROM alpine:3.21
 
 RUN apk add --no-cache --no-progress ca-certificates tzdata
 
-ARG TARGETPLATFORM
+COPY ./dist/linux/amd64/traefik /
-COPY ./dist/$TARGETPLATFORM/traefik /
+COPY ./traefik.yml /etc/traefik/traefik.yml
 
 EXPOSE 80
 VOLUME ["/tmp"]

cmd/traefik/traefik.go

@@ -49,6 +49,7 @@ import (
 	"github.com/traefik/traefik/v3/pkg/tracing"
 	"github.com/traefik/traefik/v3/pkg/types"
 	"github.com/traefik/traefik/v3/pkg/version"
+	"github.com/traefik/traefik/v3/pkg/updater"
 )
 
 func main() {
@@ -197,6 +198,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 
 	tsProviders := initTailscaleProviders(staticConfiguration, providerAggregator)
 
+	updaterProvider := updater.New(staticConfiguration);
+
 	// Observability
 
 	metricRegistries := registerMetricClients(staticConfiguration.Metrics)
@@ -383,6 +386,9 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		}
 	})
 
+	// Updater
+	watcher.AddListener(updaterProvider.HandleConfigUpdate)
+
 	return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, observabilityMgr), nil
 }
 

compose.yml

@@ -0,0 +1,20 @@
+services:
+  traefik:
+    build: .
+    network_mode: host
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - certs:/etc/certs/
+      - /tmp:/tmp
+    environment:
+      - CF_API_EMAIL=${CF_API_EMAIL}
+      - CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
+    labels:
+      traefik.host: _
+      traefik.http.services.dashboard.loadbalancer.server.port: 0
+      traefik.http.routers.api.rule: Host(`traefik-cpu.wzray.com`)
+      traefik.http.routers.api.service: api@internal
+    restart: unless-stopped
+
+volumes:
+  certs:

docs/content/reference/static-configuration/cli-ref.md

@@ -369,6 +369,9 @@ Periodically check if a new version has been released. (Default: ```true```)
 `--global.sendanonymoususage`:  
 Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. (Default: ```false```)
 
+`--global.updatercallbacks`:  
+Callback urls for updater script (example: https://localhost:8080/callback)
+
 `--hostresolver`:  
 Enable CNAME Flattening. (Default: ```false```)
 

docs/content/reference/static-configuration/env-ref.md

@@ -369,6 +369,9 @@ Periodically check if a new version has been released. (Default: ```true```)
 `TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:  
 Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. (Default: ```false```)
 
+`TRAEFIK_GLOBAL_UPDATERCALLBACKS`:  
+Callback urls for updater script (example: https://localhost:8080/callback)
+
 `TRAEFIK_HOSTRESOLVER`:  
 Enable CNAME Flattening. (Default: ```false```)
 

docs/content/reference/static-configuration/file.toml

@@ -3,6 +3,7 @@
 [global]
   checkNewVersion = true
   sendAnonymousUsage = true
+  updaterCallbacks = ["foobar", "foobar"]
 
 [serversTransport]
   insecureSkipVerify = true

docs/content/reference/static-configuration/file.yaml

@@ -3,6 +3,9 @@
 global:
   checkNewVersion: true
   sendAnonymousUsage: true
+  updaterCallbacks:
+    - foobar
+    - foobar
 serversTransport:
   insecureSkipVerify: true
   rootCAs:

pkg/config/static/static_config.go

@@ -108,6 +108,7 @@ type CertificateResolver struct {
 type Global struct {
 	CheckNewVersion    bool `description:"Periodically check if a new version has been released." json:"checkNewVersion,omitempty" toml:"checkNewVersion,omitempty" yaml:"checkNewVersion,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
 	SendAnonymousUsage bool `description:"Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default." json:"sendAnonymousUsage,omitempty" toml:"sendAnonymousUsage,omitempty" yaml:"sendAnonymousUsage,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
+	UpdaterCallbacks   []string `description:"Callback urls for updater script (example: https://localhost:8080/callback)" json:"updaterCallbacks,omitempty" toml:"updaterCallbacks,omitempty" yaml:"updaterCallbacks,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
 }
 
 // ServersTransport options to configure communication between Traefik and the servers.

pkg/updater/provider.go

@@ -0,0 +1,49 @@
+package updater
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+
+	"github.com/rs/zerolog/log"
+	"github.com/traefik/traefik/v3/pkg/config/dynamic"
+	"github.com/traefik/traefik/v3/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/safe"
+)
+
+type Updater struct {
+	callbackUrls []string
+}
+
+func New(config *static.Configuration) *Updater {
+	updater := &Updater{
+		callbackUrls: config.Global.UpdaterCallbacks,
+	}
+
+	return updater
+}
+
+func (u *Updater) HandleConfigUpdate(cfg dynamic.Configuration) {
+	body, err := json.Marshal(cfg)
+
+	if err != nil {
+		// should never happen?
+		log.Error().Err(err).Msg("Error while marshalling dynamic configuration data to json")
+		return
+	}
+
+	requestBody := bytes.NewBuffer(body)
+
+	for _, url := range u.callbackUrls {
+		safe.Go(func() {
+			resp, err := http.Post(url, "application/json", requestBody)
+
+			if err != nil {
+				log.Error().Err(err).Str("url", url).Msg("Error while sending configuration data to callback")
+			} else  {
+				log.Debug().Str("url", url).Msg("Configuration data sent")
+				resp.Body.Close()
+			}
+		})
+	}
+}

traefik.sample.toml

@@ -1,152 +0,0 @@
-################################################################
-#
-# Configuration sample for Traefik v2.
-#
-# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
-#
-################################################################
-
-################################################################
-# Global configuration
-################################################################
-[global]
-  checkNewVersion = true
-  sendAnonymousUsage = true
-
-################################################################
-# Entrypoints configuration
-################################################################
-
-# Entrypoints definition
-#
-# Optional
-# Default:
-[entryPoints]
-  [entryPoints.web]
-    address = ":80"
-
-  [entryPoints.websecure]
-    address = ":443"
-
-################################################################
-# Traefik logs configuration
-################################################################
-
-# Traefik logs
-# Enabled by default and log to stdout
-#
-# Optional
-#
-[log]
-
-  # Log level
-  #
-  # Optional
-  # Default: "ERROR"
-  #
-  # level = "DEBUG"
-
-  # Sets the filepath for the traefik log. If not specified, stdout will be used.
-  # Intermediate directories are created if necessary.
-  #
-  # Optional
-  # Default: os.Stdout
-  #
-  # filePath = "log/traefik.log"
-
-  # Format is either "json" or "common".
-  #
-  # Optional
-  # Default: "common"
-  #
-  # format = "json"
-
-################################################################
-# Access logs configuration
-################################################################
-
-# Enable access logs
-# By default it will write to stdout and produce logs in the textual
-# Common Log Format (CLF), extended with additional fields.
-#
-# Optional
-#
-# [accessLog]
-
-  # Sets the file path for the access log. If not specified, stdout will be used.
-  # Intermediate directories are created if necessary.
-  #
-  # Optional
-  # Default: os.Stdout
-  #
-  # filePath = "/path/to/log/log.txt"
-
-  # Format is either "json" or "common".
-  #
-  # Optional
-  # Default: "common"
-  #
-  # format = "json"
-
-################################################################
-# API and dashboard configuration
-################################################################
-
-# Enable API and dashboard
-[api]
-
-  # Enable the API in insecure mode
-  #
-  # Optional
-  # Default: false
-  #
-  # insecure = true
-
-  # Enabled Dashboard
-  #
-  # Optional
-  # Default: true
-  #
-  # dashboard = false
-
-################################################################
-# Ping configuration
-################################################################
-
-# Enable ping
-[ping]
-
-  # Name of the related entry point
-  #
-  # Optional
-  # Default: "traefik"
-  #
-  # entryPoint = "traefik"
-
-################################################################
-# Docker configuration backend
-################################################################
-
-# Enable Docker configuration backend
-[providers.docker]
-
-  # Docker server endpoint. Can be a tcp or a unix socket endpoint.
-  #
-  # Required
-  # Default: "unix:///var/run/docker.sock"
-  #
-  # endpoint = "tcp://10.10.10.10:2375"
-
-  # Default host rule.
-  #
-  # Optional
-  # Default: "Host(`{{ normalize .Name }}`)"
-  #
-  # defaultRule = "Host(`{{ normalize .Name }}.docker.localhost`)"
-
-  # Expose containers by default in traefik
-  #
-  # Optional
-  # Default: true
-  #
-  # exposedByDefault = false

traefik.sample.yml

@@ -1,151 +0,0 @@
-################################################################
-#
-# Configuration sample for Traefik v2.
-#
-# For Traefik v1: https://github.com/traefik/traefik/blob/v1.7/traefik.sample.toml
-#
-################################################################
-
-################################################################
-# Global configuration
-################################################################
-global:
-  checkNewVersion: true
-  sendAnonymousUsage: true
-
-################################################################
-# EntryPoints configuration
-################################################################
-
-# EntryPoints definition
-#
-# Optional
-#
-entryPoints:
-  web:
-    address: :80
-
-  websecure:
-    address: :443
-
-################################################################
-# Traefik logs configuration
-################################################################
-
-# Traefik logs
-# Enabled by default and log to stdout
-#
-# Optional
-#
-#log:
-  # Log level
-  #
-  # Optional
-  # Default: "ERROR"
-  #
-#  level: DEBUG
-
-  # Sets the filepath for the traefik log. If not specified, stdout will be used.
-  # Intermediate directories are created if necessary.
-  #
-  # Optional
-  # Default: os.Stdout
-  #
-#  filePath: log/traefik.log
-
-  # Format is either "json" or "common".
-  #
-  # Optional
-  # Default: "common"
-  #
-#  format: json
-
-################################################################
-# Access logs configuration
-################################################################
-
-# Enable access logs
-# By default it will write to stdout and produce logs in the textual
-# Common Log Format (CLF), extended with additional fields.
-#
-# Optional
-#
-#accessLog:
-  # Sets the file path for the access log. If not specified, stdout will be used.
-  # Intermediate directories are created if necessary.
-  #
-  # Optional
-  # Default: os.Stdout
-  #
-#  filePath: /path/to/log/log.txt
-
-  # Format is either "json" or "common".
-  #
-  # Optional
-  # Default: "common"
-  #
-#  format: json
-
-################################################################
-# API and dashboard configuration
-################################################################
-
-# Enable API and dashboard
-#
-# Optional
-#
-#api:
-  # Enable the API in insecure mode
-  #
-  # Optional
-  # Default: false
-  #
-#  insecure: true
-
-  # Enabled Dashboard
-  #
-  # Optional
-  # Default: true
-  #
-#  dashboard: false
-
-################################################################
-# Ping configuration
-################################################################
-
-# Enable ping
-#ping:
-  # Name of the related entry point
-  #
-  # Optional
-  # Default: "traefik"
-  #
-#  entryPoint: traefik
-
-################################################################
-# Docker configuration backend
-################################################################
-
-#providers:
-  # Enable Docker configuration backend
-#  docker:
-    # Docker server endpoint. Can be a tcp or a unix socket endpoint.
-    #
-    # Required
-    # Default: "unix:///var/run/docker.sock"
-    #
-#    endpoint: tcp://10.10.10.10:2375
-
-    # Default host rule.
-    #
-    # Optional
-    # Default: "Host(`{{ normalize .Name }}`)"
-    #
-#    defaultRule: Host(`{{ normalize .Name }}.docker.localhost`)
-
-    # Expose containers by default in traefik
-    #
-    # Optional
-    # Default: true
-    #
-#    exposedByDefault: false

traefik.yml

@@ -0,0 +1,54 @@
+api:
+  dashboard: true
+
+global:
+  updaterCallbacks: [http://127.0.0.1:56714/callback]
+
+providers:
+  docker:
+    constraints: '!Label(`traefik.host`, ``)'
+    defaultRule: Host(`{{ index .Labels "traefik.host" }}.wzray.com`)
+    exposedByDefault: true
+    allowEmptyServices: true
+
+certificatesResolvers:
+  cloudflare:
+    acme:
+      email: security@wzray.com
+      storage: /etc/certs/acme.json
+      caServer: https://acme-v02.api.letsencrypt.org/directory
+      dnsChallenge:
+        provider: cloudflare
+
+entryPoints:
+  https:
+    address: ':443'
+    asDefault: true
+    http:
+      tls:
+        certResolver: cloudflare
+        domains:
+          - main: wzray.com
+            sans: ['*.wzray.com']
+
+  ehttps:
+    address: ':8443'
+    proxyProtocol:
+      trustedIPs:
+        - 0.0.0.0/0
+    http:
+      tls:
+        certResolver: cloudflare
+        domains:
+          - main: wzray.com
+            sans: ['*.wzray.com']
+
+  http:
+    address: ':80'
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+
+# yaml-language-server: $schema=schema.json