Migrate from Traefik 1.x to 2.x with Docker labels.
I run a number of small sites behind Traefik. In this post I will outline the changes from version 1.7.9 to the latest 2.0 stable branch. My stack is like this:
- Digital Ocean VM (1 vcpu / 1 gig RAM)
- Docker (just Docker)
- HTTP and HTTPS ports open
- Traefik runs in Docker with ports open on 80 and 443
- Traefik is deployed with a
docker-compose.ymlfile for ease - All services are deployed with their own
docker-compose.ymlfile in separate folders.
This is the root of my "deployment" folder. Each subfolder contains a docker-compose.yml file and sometimes an env file to hold environment vars.
The migration will happen like this:
- Make edits to the
docker-compose.ymlthat handles Traefik. - Redeploy traefik with 2.0.x releases
- Make edits on all the other services'
docker-compose.ymlfiles and redploy those in place with new labels.
Below are side-by-side comparisons of the 1.7.x configs and the 2.0.x configs.
The old config (Traefik 1.7.9)
deploy@prod:~/deployment/containers/traefik$ ls -la
total 148
drwxrwxr-x 2 deploy deploy 4096 Feb 3 22:32 .
drwxrwxr-x 23 deploy deploy 4096 Feb 3 22:37 ..
-rw------- 1 deploy deploy 129558 Jan 28 09:51 acme.json
-rw-rw-r-- 1 deploy deploy 581 Jul 29 2019 docker-compose.yml
-rw-rw-r-- 1 deploy deploy 213 Sep 6 2018 Makefile
-rw-rw-r-- 1 deploy deploy 670 Mar 7 2019 traefik.toml
deploy@prod:~/deployment/containers/traefik$
acme.jsonholds the encryption keys for LetsEncryptdocker-compose.ymlis the deployment file for dockerMakefileas a task-runnertraefik.tomlconfig file for Traefik
The new config does not use a traefik.toml file, so I show it here:
traefik.toml
debug = false
logLevel = "INFO"
defaultEntryPoints = ["https","http"]
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:$xxxxxxxxxxxxxxxxxxxxxxx"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "prod.m3b"
watch = true
exposedbydefault = false
[acme]
email = "xxxx@xxx.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[accessLog]
format = "json"
Diff of Traefik 1 and Traefik 2 Config
Let's get a closer look to see what exactly has changed between the two configs. One big benefit of 2.0 is that you can move all of your config options into command line options when launching. That is what you see under the command: section on the right. This will obviate the need for the traefik.toml file.
Secondly, let's look at the labels: section. There we see options added for adding permanent HTTPS redirect policies on all attached services. This will simplify the configs on all subsequent Docker services needing HTTP routing.
The new Traefik 2.0 folder
total 36
-rw------- 1 root root 32698 Jan 30 22:22 acme.json
-rw-r--r-- 1 root root 1527 Jan 29 00:41 docker-compose.yml
root@host:~/deployment/traefik#
As you can see the traefik.toml file is gone. The configuration information there has moved into the docker-compose.yml file. However, the acme.json file remains.
Diff of labels for Docker services
Here we see that there are less than half the amount of labels. The configs for SSL are gone (having been moved up to traefik config), and the Host matching rule is also simplified.
Conclusion
So this was a quick run-through of how to modify your docker-compose.yml and Docker labels for Traefik migration from 1.7.x to 2.0.x releases. In my case it is simple a matter of bumbing the docker container version, and redeploying all my services with the appropriate labels for 2.0.