update: refine Traefik rules for host matching v3 and add Traefik configuration regeneration in restore commands v3

Author: rbouma

commands/multistore.cmd

@@ -117,7 +117,7 @@ function generate_roll_env_yml() {
         else
             traefik_rules+=" || "
         fi
-        traefik_rules+="HostRegexp(\`{subdomain:.+}.${hostname}\`) || Host(\`${hostname}\`)"
+        traefik_rules+="HostRegexp(\`^.+\\.${hostname//./\\.}\$\$\`) || Host(\`${hostname}\`)"
     done < <(get_all_hostnames)
 
     # Build extra_hosts entries
@@ -134,7 +134,7 @@ services:
   nginx:
     labels:
       - traefik.http.routers.\${ROLL_ENV_NAME}-nginx.rule=
-          HostRegexp(\`{subdomain:.+}.\${TRAEFIK_DOMAIN}\`) || Host(\`\${TRAEFIK_DOMAIN}\`)
+          HostRegexp(\`^.+\\.\${TRAEFIK_DOMAIN}\$\$\`) || Host(\`\${TRAEFIK_DOMAIN}\`)
           || ${traefik_rules}
     volumes:
       - ./.roll/nginx/stores.map:/etc/nginx/default.d/stores.map:ro

commands/restore-full.cmd

@@ -1098,6 +1098,18 @@ function signEnvironmentCertificate() {
         }
     fi
 
+    # Regenerate traefik dynamic config and restart to pick up new certificates
+    logVerbose "Regenerating traefik configuration..."
+    if [[ $RESTORE_VERBOSE -eq 1 ]]; then
+        "${ROLL_DIR}/bin/roll" svc up traefik || {
+            logMessage WARNING "Failed to restart traefik"
+        }
+    else
+        "${ROLL_DIR}/bin/roll" svc up traefik >/dev/null 2>&1 || {
+            logMessage WARNING "Failed to restart traefik"
+        }
+    fi
+
     logMessage SUCCESS "SSL certificates signed for ${domain}"
 }
 

commands/restore.cmd

@@ -930,6 +930,18 @@ function signEnvironmentCertificate() {
         }
     fi
 
+    # Regenerate traefik dynamic config and restart to pick up new certificates
+    logVerbose "Regenerating traefik configuration..."
+    if [[ $RESTORE_VERBOSE -eq 1 ]]; then
+        "${ROLL_DIR}/bin/roll" svc up traefik || {
+            logMessage WARNING "Failed to restart traefik"
+        }
+    else
+        "${ROLL_DIR}/bin/roll" svc up traefik >/dev/null 2>&1 || {
+            logMessage WARNING "Failed to restart traefik"
+        }
+    fi
+
     logMessage SUCCESS "SSL certificates signed for ${domain}"
 }
 

docs/configuration/multipledomains.md

@@ -16,20 +16,20 @@ Multiple top-level domains may also be setup by following the instructions below
       varnish:
         labels:
           - traefik.http.routers.${ROLL_ENV_NAME}-varnish.rule=
-              HostRegexp(`{subdomain:.+}.${TRAEFIK_DOMAIN}`)
+              HostRegexp(`^.+\.${TRAEFIK_DOMAIN}$$`)
               || Host(`${TRAEFIK_DOMAIN}`)
-              || HostRegexp(`{subdomain:.+}.alternate1.test`)
+              || HostRegexp(`^.+\.alternate1\.test$$`)
               || Host(`alternate1.test`)
-              || HostRegexp(`{subdomain:.+}.alternate2.test`)
+              || HostRegexp(`^.+\.alternate2\.test$$`)
               || Host(`alternate2.test`)
       nginx:
         labels:
           - traefik.http.routers.${ROLL_ENV_NAME}-nginx.rule=
-              HostRegexp(`{subdomain:.+}.${TRAEFIK_DOMAIN}`)
+              HostRegexp(`^.+\.${TRAEFIK_DOMAIN}$$`)
               || Host(`${TRAEFIK_DOMAIN}`)
-              || HostRegexp(`{subdomain:.+}.alternate1.test`)
+              || HostRegexp(`^.+\.alternate1\.test$$`)
               || Host(`alternate1.test`)
-              || HostRegexp(`{subdomain:.+}.alternate2.test`)
+              || HostRegexp(`^.+\.alternate2\.test$$`)
               || Host(`alternate2.test`)
     ```
 

environments/includes/nginx.base.yml

@@ -7,7 +7,7 @@ services:
       - traefik.http.routers.${ROLL_ENV_NAME}-nginx.tls=true
       - traefik.http.routers.${ROLL_ENV_NAME}-nginx.priority=2
       - traefik.http.routers.${ROLL_ENV_NAME}-nginx.rule=
-          HostRegexp(`{subdomain:.+}.${TRAEFIK_DOMAIN}`) || Host(`${TRAEFIK_DOMAIN}`)
+          HostRegexp(`^.+\.${TRAEFIK_DOMAIN}$$`) || Host(`${TRAEFIK_DOMAIN}`)
       - traefik.http.services.${ROLL_ENV_NAME}-nginx.loadbalancer.server.port=80
       - traefik.docker.network=${ROLL_ENV_NAME}_default
     volumes:

environments/includes/varnish.base.yml

@@ -15,6 +15,6 @@ services:
       - traefik.http.routers.${ROLL_ENV_NAME}-varnish.tls=true
       - traefik.http.routers.${ROLL_ENV_NAME}-varnish.priority=1
       - traefik.http.routers.${ROLL_ENV_NAME}-varnish.rule=
-          HostRegexp(`{subdomain:.+}.${TRAEFIK_DOMAIN}`) || Host(`${TRAEFIK_DOMAIN}`)
+          HostRegexp(`^.+\.${TRAEFIK_DOMAIN}$$`) || Host(`${TRAEFIK_DOMAIN}`)
       - traefik.http.services.${ROLL_ENV_NAME}-varnish.loadbalancer.server.port=80
       - traefik.docker.network=${ROLL_ENV_NAME}_default

environments/magento2/magento2.base.yml

@@ -11,7 +11,7 @@ services:
       - traefik.http.routers.${ROLL_ENV_NAME}-livereload.tls=true
       - traefik.http.routers.${ROLL_ENV_NAME}-livereload.priority=3
       - traefik.http.routers.${ROLL_ENV_NAME}-livereload.rule=
-          (HostRegexp(`{subdomain:.+}.${TRAEFIK_DOMAIN}`) || Host(`${TRAEFIK_DOMAIN}`))
+          (HostRegexp(`^.+\.${TRAEFIK_DOMAIN}$$`) || Host(`${TRAEFIK_DOMAIN}`))
             && (Path(`/livereload.js`) || Path(`/livereload`))
       - traefik.http.routers.${ROLL_ENV_NAME}-livereload.service=${ROLL_ENV_NAME}-livereload
       - traefik.http.services.${ROLL_ENV_NAME}-livereload.loadbalancer.server.port=35729