Migrate from Traefik 1.x to 2.x with Docker labels.

I run a number of small sites behind Traefik. In this post I will outline the changes from version 1.7.9 to the latest 2.0 stable branch. My stack is like this:

  • Digital Ocean VM (1 vcpu / 1 gig RAM)
  • Docker (just Docker)
  • HTTP and HTTPS ports open
  • Traefik runs in Docker with ports open on 80 and 443
  • Traefik is deployed with a docker-compose.yml file for ease
  • All services are deployed with their own docker-compose.yml file in separate folders.

This is the root of my "deployment" folder.  Each subfolder contains a docker-compose.yml file and sometimes an env file to hold environment vars.

The migration will happen like this:

  1. Make edits to the docker-compose.yml that handles Traefik.
  2. Redeploy traefik with 2.0.x releases
  3. Make edits on all the other services' docker-compose.yml files and redploy those in place with new labels.

Below are side-by-side comparisons of the 1.7.x configs and the 2.0.x configs.


The old config (Traefik 1.7.9)

deploy@prod:~/deployment/containers/traefik$ ls -la
total 148
drwxrwxr-x  2 deploy deploy   4096 Feb  3 22:32 .
drwxrwxr-x 23 deploy deploy   4096 Feb  3 22:37 ..
-rw-------  1 deploy deploy 129558 Jan 28 09:51 acme.json
-rw-rw-r--  1 deploy deploy    581 Jul 29  2019 docker-compose.yml
-rw-rw-r--  1 deploy deploy    213 Sep  6  2018 Makefile
-rw-rw-r--  1 deploy deploy    670 Mar  7  2019 traefik.toml
deploy@prod:~/deployment/containers/traefik$
  • acme.json holds the encryption keys for LetsEncrypt
  • docker-compose.yml is the deployment file for docker
  • Makefile as a task-runner
  • traefik.toml config file for Traefik

The new config does not use a traefik.toml file, so I show it here:

traefik.toml

debug = false

logLevel = "INFO"
defaultEntryPoints = ["https","http"]

[web]
address = ":8080"
  [web.auth.basic]
  users = ["admin:$xxxxxxxxxxxxxxxxxxxxxxx"]


[entryPoints]
  [entryPoints.http]
  address = ":80"
  compress = true
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  compress = true
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "prod.m3b"
watch = true
exposedbydefault = false

[acme]
email = "xxxx@xxx.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
entryPoint = "http"

[accessLog]
  format = "json"

Diff of Traefik 1 and Traefik 2 Config

Let's get a closer look to see what exactly has changed between the two configs. One big benefit of 2.0 is that you can move all of your config options into command line options when launching. That is what you see under the command: section on the right. This will obviate the need for the traefik.toml file.

Secondly, let's look at the labels: section. There we see options added for adding permanent HTTPS redirect policies on all attached services. This will simplify the configs on all subsequent Docker services needing HTTP routing.

The new Traefik 2.0 folder

total 36
-rw------- 1 root root 32698 Jan 30 22:22 acme.json
-rw-r--r-- 1 root root  1527 Jan 29 00:41 docker-compose.yml
root@host:~/deployment/traefik#

As you can see the traefik.toml file is gone. The configuration information there has moved into the docker-compose.yml file. However, the acme.json file remains.


Diff of labels for Docker services

Here we see that there are less than half the amount of labels. The configs for SSL are gone (having been moved up to traefik config), and the Host matching rule is also simplified.


Conclusion

So this was a quick run-through of how to modify your docker-compose.yml and Docker labels for Traefik migration from 1.7.x to 2.0.x releases. In my case it is simple a matter of bumbing the docker container version, and redeploying all my services with the appropriate labels for 2.0.

Show Comments