Fix overwriting Traefik configuration

It turns out that the initial approach of overwriting certain configuration
from the command-line did not work at all, because Traefik insists on only receiving
configuration in one way. Either of config file, command-line or env variables.

The best thing to overwrite separately in a docker setup is environment variables,
so the configuration has been turned towards environment variables now.

docker/dev/tls/docker-compose.override.example.yml

@@ -1,13 +1,11 @@
 services:
   traefik:
-    # Overwrite to enable Let's encrypt instead of using Step CA for certificate generation
-    # command: >
-    #   --entryPoints.websecure.http.tls.certresolver=letsencrypt
-    #   --certificatesresolvers.letsencrypt.acme.email=you@example.com
-
-    # For step CA only: Overwrite trusted CA certificates with Step root CA (not needed for Let's encrypt)
     environment:
-      - LEGO_CA_CERTIFICATES=/step/certs/root_ca.crt
+      # For step CA only: Overwrite trusted CA certificates with Step root CA (not needed for Let's encrypt)
+      LEGO_CA_CERTIFICATES: /step/certs/root_ca.crt
+      # Overwrite to enable Let's encrypt instead of using Step CA for certificate generation
+      # TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: letsencrypt
+      # TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL: you@example.com
 
     # Necessary for certificates via Step CA only
     depends_on:

docker/dev/tls/docker-compose.yml

@@ -5,11 +5,23 @@ services:
       - "80:80"
       - "443:443"
     volumes:
-      - ./traefik.yaml:/etc/traefik/traefik.yaml:ro
       - /var/run/docker.sock:/var/run/docker.sock
       - ./acme.json:/acme.json
       - step:/step:ro
     restart: unless-stopped
+    environment:
+      TRAEFIK_LOG_LEVEL: INFO
+      TRAEFIK_API_DISABLEDASHBOARDAD: true
+      TRAEFIK_PROVIDERS_DOCKER_NETWORK: gateway
+      TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT: false
+      TRAEFIK_ENTRYPOINTS_WEB_ADDRESS: ":80"
+      TRAEFIK_ENTRYPOINTS_WEB_HTTP_REDIRECTIONS_ENTRYPOINT_TO: websecure
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS: ":443"
+      TRAEFIK_ENTRYPOINTS_WEBSECURE_HTTP_TLS_CERTRESOLVER: step
+      TRAEFIK_CERTIFICATESRESOLVERS_STEP_ACME_CASERVER: https://step:9000/acme/acme/directory
+      TRAEFIK_CERTIFICATESRESOLVERS_STEP_ACME_TLSCHALLENGE: true
+      TRAEFIK_CERTIFICATESRESOLVERS_STEP_ACME_EMAIL: root@localhost
+      TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_HTTPCHALLENGE_ENTRYPOINT: web
     networks:
       external:
         aliases:

docker/dev/tls/traefik.yaml

@@ -1,39 +0,0 @@
-log:
-  level: INFO
-
-api:
-  dashboard: true
-  disabledashboardad: true
-
-providers:
-  docker:
-    network: gateway
-    exposedByDefault: false
-
-entryPoints:
-  web:
-    address: ":80"
-    http:
-      redirections:
-        entrypoint:
-          to: websecure
-  websecure:
-    address: ":443"
-    http:
-      tls:
-        certresolver: step # Using step by default, overwritable via CLI
-
-certificatesresolvers:
-  step:
-    acme:
-      caserver: https://step:9000/acme/acme/directory
-      tlschallenge: true
-      email: root@localhost
-      keytype: RSA4096
-      storage: acme.json
-  letsencrypt:
-    acme:
-      keytype: RSA4096
-      storage: acme.json
-      httpChallenge:
-        entryPoint: web