Migrate from Traefik 1.x to 2.x with Docker labels.
Follow these side-by-side configurations to see how quick and easy it is to migrate from Traefik 1 to version 2.
I run a number of small sites behind Traefik. In this post I will outline the changes from version 1.7.9 to the latest 2.0 stable branch. My stack is like this:
- Digital Ocean VM (1 vcpu / 1 gig RAM)
- Docker (just Docker)
- HTTP and HTTPS ports open
- Traefik runs in Docker with ports open on 80 and 443
- Traefik is deployed with a
docker-compose.ymlfile for ease
- All services are deployed with their own
docker-compose.ymlfile in separate folders.
This is the root of my "deployment" folder. Each subfolder contains a
docker-compose.yml file and sometimes an
env file to hold environment vars.
The migration will happen like this:
- Make edits to the
docker-compose.ymlthat handles Traefik.
- Redeploy traefik with 2.0.x releases
- Make edits on all the other services'
docker-compose.ymlfiles and redploy those in place with new labels.
Below are side-by-side comparisons of the 1.7.x configs and the 2.0.x configs.
The old config (Traefik 1.7.9)
deploy@prod:~/deployment/containers/traefik$ ls -la total 148 drwxrwxr-x 2 deploy deploy 4096 Feb 3 22:32 . drwxrwxr-x 23 deploy deploy 4096 Feb 3 22:37 .. -rw------- 1 deploy deploy 129558 Jan 28 09:51 acme.json -rw-rw-r-- 1 deploy deploy 581 Jul 29 2019 docker-compose.yml -rw-rw-r-- 1 deploy deploy 213 Sep 6 2018 Makefile -rw-rw-r-- 1 deploy deploy 670 Mar 7 2019 traefik.toml deploy@prod:~/deployment/containers/traefik$
acme.jsonholds the encryption keys for LetsEncrypt
docker-compose.ymlis the deployment file for docker
Makefileas a task-runner
traefik.tomlconfig file for Traefik
The new config does not use a traefik.toml file, so I show it here:
debug = false logLevel = "INFO" defaultEntryPoints = ["https","http"] [web] address = ":8080" [web.auth.basic] users = ["admin:$xxxxxxxxxxxxxxxxxxxxxxx"] [entryPoints] [entryPoints.http] address = ":80" compress = true [entryPoints.http.redirect] entryPoint = "https" [entryPoints.https] address = ":443" compress = true [entryPoints.https.tls] [retry] [docker] endpoint = "unix:///var/run/docker.sock" domain = "prod.m3b" watch = true exposedbydefault = false [acme] email = "email@example.com" storage = "acme.json" entryPoint = "https" OnHostRule = true [acme.httpChallenge] entryPoint = "http" [accessLog] format = "json"
Diff of Traefik 1 and Traefik 2 Config
Let's get a closer look to see what exactly has changed between the two configs. One big benefit of 2.0 is that you can move all of your config options into command line options when launching. That is what you see under the
command: section on the right. This will obviate the need for the
Secondly, let's look at the
labels: section. There we see options added for adding permanent HTTPS redirect policies on all attached services. This will simplify the configs on all subsequent Docker services needing HTTP routing.
The new Traefik 2.0 folder
total 36 -rw------- 1 root root 32698 Jan 30 22:22 acme.json -rw-r--r-- 1 root root 1527 Jan 29 00:41 docker-compose.yml root@host:~/deployment/traefik#
As you can see the traefik.toml file is gone. The configuration information there has moved into the
docker-compose.yml file. However, the
acme.json file remains.
Diff of labels for Docker services
Here we see that there are less than half the amount of labels. The configs for SSL are gone (having been moved up to traefik config), and the
Host matching rule is also simplified.
So this was a quick run-through of how to modify your
docker-compose.yml and Docker labels for Traefik migration from 1.7.x to 2.0.x releases. In my case it is simple a matter of bumbing the docker container version, and redeploying all my services with the appropriate labels for 2.0.