Why is a separate Dockerfile necessary for Traefik

[arnav13081994]

I am not able to understand the reason why a custom traefik Docerfile is being used.

The static and dynamic config files can be mounted as ro Read-Only in the container and acme.json file is something that traefik creates on its own, so creating and setting 0600 permissions also seem unnecessary.

The whole file seems unnecessary to me. Am I missing something?

[demestav]

What alternative do you suggest?

[arnav13081994]

@demestav

Docker-compose can just have this for traefik service:

  traefik:
    image: traefik:v2.2.11
    depends_on:
      - django
    volumes:
      - ./docker/traefik/production/traefik.yml:/etc/traefik/traefik.yml:ro
    ports:
      - "0.0.0.0:80:80"
      - "0.0.0.0:443:443"
      {%- if cookiecutter.use_celery == 'y' %}
      - "0.0.0.0:5555:5555"
      {%- endif %}

And Dockerfile can be removed for Traefik.

[demestav]

Thank you. Regarding the acme.json file, I can't recall exactly why, but there an error was popping up if it wasn't created like that. But that was over 2 years ago (?). So it might not be relevant now. Regarding the Dockerfile, the docker image will still be created, so essentially what you propose will reduce the cookiecutter's files by 1. Yes, why not. Let's wait and see what the maintainers have to say.

Note that you are missing the acme volume in your definition above. If you don't include it, then in the event that you recreate the container, a new certificate will be issued which is not desirable.

[arnav13081994]

@demestav Good catch.

[browniebroke]

I think we would need a separate Dockerfile to fix #1992 as we can see in #2217.

[arnav13081994]

@browniebroke Ok makes sense.