traefik: upgrading to v2.4

out which components are responsible for handling them. What sets Traefik

apart, besides its many features, is that it automatically discovers the right

configuration for your services.

## Register your instance to [pilot](https://pilot.traefik.io)

You can add your pilot token using the `TRAEFIK_PiLOT_TOKEN` environment

variable.

You can add this to your `.env` file:

```bash

echo "TRAEFIK_PiLOT_TOKEN=$MY_TOKEN" >> .env

```

## Add a Router/Service using the file provider

To create a new router and/or a new service, you can use the file provider:

Simply create a new file inside the `./traefik/dynamic_conf` folder with this

content:

```yml

http:

  # Add the router

  routers:

    service-example-router:

      service: service-example

      rule: Host(`example.localhost`)

  # Add the service

  services:

    service-example:

      loadBalancer:

        servers:

          - url: http://example.com

```

services:

  traefik:

    image: traefik:1.7.12

    command: >

     --api

     --api.statistics

     --ping=true

    image: traefik:2.4

    command:

      # Provider

      - '--providers.docker'

      - '--providers.docker.exposedbydefault=false'

      - '--providers.docker.network=make-my-server_srv'

      # Entrypoints

      - '--entrypoints.web.address=:80'

      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'

      - '--entrypoints.websecure.address=:443'

      # Let's Encrypt

      - '--certificatesresolvers.myresolver.acme.email=tom@moulard.org'

      - '--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web'

      - '--certificatesresolvers.myresolver.acme.httpchallenge=true'

      - '--entrypoints.websecure.http.tls.certresolver=myresolver'

      # Logs

      - '--accesslog.filepath=/logs/access.log'

      - '--accesslog.format=json'

      - '--log.filepath=/logs/traefik.log'

      # - '--log.format=json'

      - '--log.level=DEBUG'

      - '--metrics.prometheus'

      # Misc

      - '--api.insecure'

      - '--entrypoints.websecure.http.middlewares=compress@file,fail2ban@file'

      - '--experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban'

      - '--experimental.plugins.fail2ban.version=v0.6.0'

      - '--global.checknewversion=false'

      - '--global.sendanonymoususage=false'

      - '--pilot.token=${TRAEFIK_PILOT_TOKEN}'

      - '--ping'

      - '--providers.file.directory=/dynamic_conf/'

      - '--providers.file.watch=true'

    ports:

      - '80:80'

      - '443:443'

    networks:

      - 'srv'

    restart: always

    healthcheck:

      test: ['CMD', './traefik', 'healthcheck']

      interval: 10s

      timeout: 10s

      retries: 5

    # healthcheck:

      # test: ['CMD', './traefik', 'healthcheck']

      # interval: 10s

      # timeout: 10s

      # retries: 5

    labels:

      - 'traefik.enable=true'

      - 'traefik.port=8080'

      - 'traefik.frontend.rule=Host:traefik.${SITE}'

      - 'traefik.frontend.auth.basic.users=${USERS}'

      - 'traefik.http.routers.traefik.rule=Host(`traefik.${SITE}`)'

      - 'traefik.http.routers.traefik.middlewares=basic_auth@docker'

      - 'traefik.http.services.traefik.loadbalancer.server.port=8080'

      # Middleware definitions

      - 'traefik.http.middlewares.basic_auth.basicauth.users=${USERS}'

    volumes:

      - '/var/run/docker.sock:/var/run/docker.sock'

      - './traefik/traefik.toml:/traefik.toml'

      - './traefik/logs:/logs'

      - './traefik/dynamic_conf:/dynamic_conf'

http:

  middlewares:

    fail2ban:

      plugin:

        fail2ban:

          rules:

            bantime: 3h

            enabled: true

            findtime: 10m

            maxretry: 100

            ports: "80:443"

          whitelist:

            ip:

              - ::1

              - 127.0.0.1

http:

  middlewares:

    compress:

      compress: {}