V1 to V2 Migration

Old Labels for one of our services:
- traefik.enable=true
- traefik.frontend.rule=Host:st2web.acme.net
- traefik.docker.network=public
- traefik.backend=st2web
- traefik.port=80
- traefik.frontend.entryPoints=https
After migration the labels above were translated to
- traefik.enable=true
- traefik.http.routers.st2web.rule=Host(st2web.acme.net)
- traefik.http.services.st2web.loadbalancer.server.port=80
- traefik.http.routers.st2web.entryPoints=websecure

I can see the router and service in the UI(see image), but it doesn't seem like the traefik is routing anything to the service.

Share your Traefik static and dynamic config, and docker-compose.yml if used.

Here you go

[serversTransport]
  insecureSkipVerify = true

[entryPoints]
  [entryPoints.web]
    address = ":80"
  [entrypoints.metrics]
    address = ":8085"
  [entryPoints.websecure]
    address = ":443"


[ping]
  entryPoint = "https"
  manualRouting = true

[log]
  level = "DEBUG"
  filePath = "/traefik.log"
  format = "json"

[accessLog]
  filePath = "/access.log"
  format = "json"

[api]
  dashboard = true
  insecure = true
  debug = true

[providers]
  [providers.file]
    filename = "/dynamic_conf.toml"
  [providers.docker]
    watch = true
    network = "public"
    exposedByDefault = false

[metrics]
  [metrics.prometheus]
    entryPoint = "metrics"
    buckets = [0.1,0.3,1.2,5.0]
    addServicesLabels = true
[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/star.acme.net.crt"
      keyFile = "/star.acme.net.key"

[[tls.certificates]]
  certFile = "/st1web.acme.net.crt"
  keyFile = "/st1web.acme.net.key"

version: "3"

networks:
  public:
    external: true
  private:
    external: false

services:
  traefik:
    image: traefik:2.10.1-alpine
    labels:
      - traefik.enable=true
      - traefik.http.routers.traefik.rule=Host(`st1web.acme.net`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      - traefik.docker.network=public
      - traefik.http.services.traefik.loadbalancer.server.port=80
      - traefik.http.routers.traefik.service=traefik
      - traefik.http.routers.traefik.tls=true
      - traefik.http.routers.api.rule=Host(`st1web.acme.net`)
      - traefik.http.routers.api.service=api@internal
    networks:
      - public
    ports:
      - 80:80
      - 443:443
      - 8080:8080
      - 8085:8085
    volumes:
      - /etc/pki/tls/opscert/star.acme.net.crt:/star.acme.net.crt
      - /etc/pki/tls/opskey/star.acme.net.key:/star.acme.net.key
      - /etc/pki/tls/opskey/st1web.acme.net.key:/st1web.acme.net.key
      - /etc/pki/tls/opscert/st1web.acme.net.crt:/st1web.acme.net.crt
      - /data/traefikv2/traefik_static_conf.toml:/traefik.toml
      - /data/traefikv2/traefik_dynamic_conf.toml:/dynamic_conf.toml
      - /data/traefikv2/access.log:/access.log
      - /data/traefikv2/traefik.log:/traefik.log
      - /var/run/docker.sock:/var/run/docker.sock

What’s your problem? Can you connect to the port? Do you use https and the domain name? What is the response?

I find it sub-optimal to use <> everywhere, because I can’t for example see if you use the same name within labels.

Did you check Traefik debug and access log?

I find it sub-optimal to use <> everywhere, because I can’t for example see if you use the same name within labels.- Updated the examples above to make sense.

What’s your problem? Can you connect to the port? Do you use https and the domain name? What is the response?- When I go to https://st2web.acme.net, I get a 404 not found. Here's what I'm seeing in the access logs.

{"ClientAddr":"10.130.21.21:51674","ClientHost":"10.130.21.21","ClientPort":"51674","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":137892,"OriginContentSize":19,"OriginDuration":12443,"OriginStatus":404,"Overhead":125449,"RequestAddr":"st2web.acme.net","RequestContentSize":0,"RequestCount":127,"RequestHost":"st2web.acme.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2023-05-25T20:36:33.401647565Z","StartUTC":"2023-05-25T20:36:33.401647565Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2023-05-25T20:36:33Z"}

Check the debug log. Are you sure your target service is not responding with a 404 on path "/"?

curl http://172.19.0.2:80/
<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>St2 Web UI</title>

  <link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
  <link rel="icon" href="favicon.ico" type="image/x-icon">

  <!-- buils:styles -->
  <link rel="stylesheet" href="css/style.css">
  <!-- endbuild -->

  <script type="text/javascript">
    window.angular = {
      module: (module) => ({
        constant: (constant, value) => {
          if (module !== 'main') {
            throw new Error('The st2web angular-config-polyfill only supports the "main" module.');
          }

          if (constant !== 'st2Config') {
            throw new Error('The st2web angular-config-polyfill only supports the "st2Config" constant.');
          }

          window.st2constants = window.st2constants || {};
          window.st2constants.st2Config = value;
        },
        run: (fn) => {
          if (module !== 'main') {
            throw new Error('The st2web angular-config-polyfill only supports the "main" module.');
          }

          window.st2constants = window.st2constants || {};
          window.st2constants.st2Config = window.st2constants.st2Config || {};

          fn(window.st2constants.st2Config);
        },
      }),
    };
  </script>
</head>

What are you trying to tell us? You receive a html page from your server? Congrats, then Traefik works.

No sir, that was an answer to your question above
Are you sure your target service is not responding with a 404 on path "/"

So far we have established that I have the route configured to the right service and the service is responding on http://172.19.0.2:80/ locally but when I'm trying to hit https://st2web.acme.net/. I'm seeing the access log as below. So the Traefik is getting the traffic but not routing to the service. So, what am I missing?

{"ClientAddr":"10.130.21.21:51674","ClientHost":"10.130.21.21","ClientPort":"51674","ClientUsername":"-","DownstreamContentSize":19,"DownstreamStatus":404,"Duration":137892,"OriginContentSize":19,"OriginDuration":12443,"OriginStatus":404,"Overhead":125449,"RequestAddr":"st2web.acme.net","RequestContentSize":0,"RequestCount":127,"RequestHost":"st2web.acme.net","RequestMethod":"GET","RequestPath":"/","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"StartLocal":"2023-05-25T20:36:33.401647565Z","StartUTC":"2023-05-25T20:36:33.401647565Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2023-05-25T20:36:33Z"}

Figured it out myself, I was missing the following label
traefik.http.routers.st2web.tls=true

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.