Add a docker-compose & let's encrypt user-guide

[pbenefice]

What does this PR do?

Addind a User Guide to the existing documentation giving an example with docker-compose and let's encrypt behind a basic auth

Motivation

• I personally would have liked to find something like this in the doc
• it respond to some topics in the forum
  • https://community.containo.us/t/thats-it-time-to-learn-traefik/896
  • https://community.containo.us/t/a-global-http-https-redirection/864

More

• Added/updated tests
• Added/updated documentation

Additional Notes

I wanted to know if you could be interested in this ?
If yes, feel free to give me feedback =) (I did it quite quickly)

Thanks.

[SantoDE]

LGTM. Good job. Thanks!

[ldez]

Thanks for your time.

It's a little bit too raw:

• The purpose of the guide is to explain LE with Docker so the use of the provider File does not seem appropriate.
• the guide is not sync with the beta version
• some points are a little ambiguous

I would prefer a simpler user guide based on something like this:

version: "3.3"

services:

  traefik:
    image: "traefik:v2.0.0-beta1"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --api.dashboard=true
      - --providers.docker=true
      - --global.sendAnonymousUsage=true
      - --certificatesresolvers.basic.acme.email=postmaster@mydomain.com
      - --certificatesresolvers.basic.acme.storage=/acme.json
      - --certificatesresolvers.basic.acme.tlsChallenge
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    labels:
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    volumes:
      - "./acme.json:/acme.json"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: containous/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=basic"

[pbenefice]

Thanks for your review, I'll try to revamp this during the weekend.

[pbenefice]

@ldez Hi again =)
I rewrote the guide focusing more on let's encrypt. What do you think ?
cc @SantoDE

Thanks.

Edit : I have the following error in the travis-ci, but make docs-clean docs-verify was ok locally

=== Checking HTML content...
- /app/site/contributing/maintainers/index.html
  *  External link https://github.com/vdemeester failed: 502 No error
make[1]: *** [docs-verify] Error 123
make[1]: Leaving directory `/home/travis/build/containous/traefik/docs'
make: *** [docs] Error 2
The command "if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then make docs; fi" exited with 2.

[SantoDE]

Hey @pbenefice,

thanks once again.

I did reread your guide and I'm a bit cocerned about the DNS Challenge section, as the variables to set and stuff differ per DNS provider.

Maybe we could replace this with the TLS Challenge? WDYT?

[pbenefice]

Hi @SantoDE, thanks for your feedback.

IMHO the DNS challenge is important. It is the only challenge allowing for wildcard cert generation and it does not require to be directly exposed to the internet.
And, it's my opinion, but I don't feel it would be too difficult to adapt to a different provider : you just need to change the variables (already well documented on the Treafik doc 😉).

I can add a section detailing the TLS challenge if you wish, but my opinion is that the DNS one has real advantages and should be introduced (which doesn't force users to adopt it).
But it's only my opinion. What do you think ?

Edit : I could also split the guide to add a docker-compose section, with a page for the http challenge, a page for dns, ... It might be less confusing and easier to read for user interested in specific challenges, WDTY ?

[SantoDE]

Hey @pbenefice,

I agree. That would be a nice idea :) And yeah, maybe we make it clear that the DNS stuff changes per provider (values).

I also think detailing TLS might be a good idea :)

[pbenefice]

Well, I did something wrong with git, and lost all the work ^^

[pbenefice]

Thanks reflog, I managed to get my work back. I'm definitly not familiar with upstreams ^^
Anyway, I added a basic example with docker-compose that I use as a starting point to detail each 3 let's encrypt challenges in their own page.

@SantoDE WDTY ?

[SantoDE]

Thanks a lot for all you hard work! LGTM to me 👼

ping @dduportal

[ldez]

Thanks 👍

[dtomcej]

LGTM