Traefik migrated to v2
Posted on 2020-05-09 by Yarmo Mackenbach
#100DaysToOffload >> 2020-05-09 >> 015/100
Last september, traefik received its big version 2 update. I was very excited about TCP routers and the newly implemented middlewares. Can't have been more than a few days later that I tried to migrate my homelab to the new version. I remember being annoyed by the lack of a proper migration guide. Sure, it's possible that I didn't look good enough, but I searched for it for a few days without results. I tried using the new documentation and failed, everything crashed and could not get it working. As I did not have the time to do much more extensive research and also, I needed the selfhosted services on a daily basis, so I left it.
Until today. The whole migration took me a little over three hours and I learned quite a bit on the way. Also, the migration guide has helped quite a bit. If this was updated since September, great article. If not, still a great article and I really did not take the appropriate amount of time to prepare my migration.
The first thing I did was a general search-and-replace for the docker labels (both routers and services). What was
traefik.frontend.rule=Host:xyz now is
traefik.http.routers.router0.rule=Host(``xyz``). What was
traefik.port=80 now is
traefik.http.services.service0.loadbalancer.server.port=80. Quite a bit longer and more cumbersome, but in the end, more extensible.
traefik.docker.network=xyz is now unnecessary in most cases as you can define a default network in the
traefik.toml file. Speaking of which, you can now work with a YAML file. It's not to everyone's taste, but I will switch to it in the future when I have some more time.
traefik.toml still needed quite the makeover, but everything is will explained in the migration guide and the reference page. Content-wise, I changed little, it's just that the syntax is different. Notable changes are the domains for which certificates are needed now are declared in the
entrypoints section instead of the
acme section and the
file section can no longer include the "router/service declarations", they belong in a separate file.
Doing this resulted in a non-functional state. Two different possibilities: either the container could not be redirected to the correct service resulting in a 404, or the redirect was correct but without correct certificate. That first possibility was mostly on me: containers are now no longer exposed by default and I forgot to add
traefik.enable=true. Mind you, I always set
traefik.enable=false when I didn't want a container exposed and still do.
However this did not solve the issue for all the containers. I suspect there's still some trickery I need to do in case of using multiple routers. I tried explicitly specifying the
service for the different routers but that wasn't the solution.
As for the other issue, the solution was simple but finding the source was quite hard: as it turns out, I renamed the
certificateResolver to something other than
default. If such is the case, then containers will NOT automatically use it for their certificates. Adding
traefik.http.routers.router0.tls.certresolver=mycertresolver to each container solves this issue.
One thing I haven't got working yet is using the
providers.file provider. I tried to mimic the container labels but to no avail. Yet.
Update 2020-05-12: I fixed the
providers.file issue. Remember kids, always read the documentation well. It turns out, I missed the line that starts with
* in the code below.
[http.services] [http.services.Service01] [http.services.Service01.loadBalancer] * [[http.services.Service01.loadBalancer.servers]] url = "foobar"