This took me days to figure out how to configure Traefik v2. Here it is for posterity.
This is a docker-compose.yaml fragment to append to a service section:
labels:
- "traefik.enable=true"
- "traefik.http.routers.service.rule=Host(`www.example.com`)"
- "traefik.http.routers.service.entrypoints=websecure"
- "traefik.http.routers.service.tls.certresolver=myresolver"
- "traefik.http.middlewares.servicests.headers.stsincludesubdomains=false"
- "traefik.http.middlewares.servicests.headers.stspreload=true"
- "traefik.http.middlewares.servicests.headers.stsseconds=31536000"
- "traefik.http.middlewares.servicests.headers.isdevelopment=false"
- "traefik.http.routers.service.middlewares=servicests"
It will:
- tell Traefik to direct traffic for www.example.com to this container,
- on the websecure entrypoint (this is configured statically),
- using the myresolver (for Acme, resolver also configured statically),
- configure middleware to add HSTS headers,
- enable the middleware.
Here is a slightly more complex example for a nextcloud deployment which includes the recommended redirects.
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(`nextcloud.example.com`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls.certresolver=myresolver"
- "traefik.http.middlewares.nextcloudredir.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloudredir.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloudredir.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.nextcloudsts.headers.stsincludesubdomains=false"
- "traefik.http.middlewares.nextcloudsts.headers.stspreload=true"
- "traefik.http.middlewares.nextcloudsts.headers.stsseconds=31536000"
- "traefik.http.middlewares.nextcloudsts.headers.isdevelopment=false"
- "traefik.http.routers.nextcloud.middlewares=nextcloudredir,nextcloudsts"