What should we do with Traefik v1? #22

Open
opened 2020-11-13 11:03:06 +00:00 by quentin · 0 comments
Owner

Traefik v1 is our current load balancer.
It has multiple problems:

  • It is not maintained anymore
  • It has a weird bug where it stops accepting connections sometimes (fixed by Nomad monitoring that automatically restart it)
  • It takes around one minute to refresh after a configuration change. During that time, the impacted website will return a 404
  • Its cluster certificate management mode through Consul is broken (we had a bug where we had a deadlock)

Here are the following considered solutions:

  • Migrate to Traefik v2 but...
    • We need to rewrite our configurations
    • Cluster certificate management is not anymore available in the FOSS version
    • (We do not have a way to provision certificates for other services like postfix)
  • Fork Traefik v1
    • Delete what we do not use
    • Fix cluster certificate management
    • Maintain it forever
    • Will keep the lag of one minute (or we will need to fix it)
  • Code our own RP in Rust
    • See how we want to manage certificates
    • Use an ACME lib + a Consul lib + an HTTP lib
    • Maintain it forever

Our traefik config to see what features we use/need:

     18 "traefik.enable=true",
     13 "traefik.frontend.entryPoints=https,http",
      5 "traefik.frontend.entryPoints=https",
      2 "traefik.frontend.priority=100"
      2 "traefik.frontend.priority=10"
      1 "traefik.protocol=https"
      1 "traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/"
      1 "traefik.frontend.rule=Host:webcap.deuxfleurs.fr;PathPrefix:/"
      1 "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/"
      1 "traefik.frontend.rule=Host:plume.deuxfleurs.fr",
      1 "traefik.frontend.rule=Host:platoo.deuxfleurs.fr;PathPrefix:/"
      1 "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr",
      1 "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/",
      1 "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/",
      1 "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix",
      1 "traefik.frontend.rule=Host:guichet.deuxfleurs.fr",
      1 "traefik.frontend.rule=Host:garage.deuxfleurs.fr"
      1 "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr",
      1 "traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/"
      1 "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/",
      1 "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix",
      1 "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp"
      1 "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav"
      1 "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/"
      1 "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *",
Traefik v1 is our current load balancer. It has multiple problems: - It is not maintained anymore - It has a weird bug where it stops accepting connections sometimes (fixed by Nomad monitoring that automatically restart it) - It takes around one minute to refresh after a configuration change. During that time, the impacted website will return a 404 - Its cluster certificate management mode through Consul is broken (we had a bug where we had a deadlock) Here are the following considered solutions: - Migrate to Traefik v2 but... - We need to rewrite our configurations - Cluster certificate management is not anymore available in the FOSS version - (We do not have a way to provision certificates for other services like postfix) - Fork Traefik v1 - Delete what we do not use - Fix cluster certificate management - Maintain it forever - Will keep the lag of one minute (or we will need to fix it) - Code our own RP in Rust - See how we want to manage certificates - Use an ACME lib + a Consul lib + an HTTP lib - Maintain it forever --- Our traefik config to see what features we use/need: ``` 18 "traefik.enable=true", 13 "traefik.frontend.entryPoints=https,http", 5 "traefik.frontend.entryPoints=https", 2 "traefik.frontend.priority=100" 2 "traefik.frontend.priority=10" 1 "traefik.protocol=https" 1 "traefik.frontend.rule=Host:www.sogo.deuxfleurs.fr,sogo.deuxfleurs.fr;PathPrefix:/" 1 "traefik.frontend.rule=Host:webcap.deuxfleurs.fr;PathPrefix:/" 1 "traefik.frontend.rule=Host:quentin.dufour.io,www.quentin.dufour.io;PathPrefix:/" 1 "traefik.frontend.rule=Host:plume.deuxfleurs.fr", 1 "traefik.frontend.rule=Host:platoo.deuxfleurs.fr;PathPrefix:/" 1 "traefik.frontend.rule=Host:nextcloud.deuxfleurs.fr", 1 "traefik.frontend.rule=Host:jitsi.deuxfleurs.fr;PathPrefix:/", 1 "traefik.frontend.rule=Host:im.deuxfleurs.fr,riot.deuxfleurs.fr;PathPrefix:/", 1 "traefik.frontend.rule=Host:im.deuxfleurs.fr;PathPrefix:/_matrix", 1 "traefik.frontend.rule=Host:guichet.deuxfleurs.fr", 1 "traefik.frontend.rule=Host:garage.deuxfleurs.fr" 1 "traefik.frontend.rule=Host:easybridge.deuxfleurs.fr", 1 "traefik.frontend.rule=Host:diagnet.science.deuxfleurs.fr;PathPrefix:/" 1 "traefik.frontend.rule=Host:deuxfleurs.fr,www.deuxfleurs.fr,deuxfleurs.org,www.deuxfleurs.org;PathPrefix:/", 1 "traefik.frontend.rule=Host:deuxfleurs.fr;PathPrefix:/_matrix", 1 "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefixStrip:/seafhttp" 1 "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/seafdav" 1 "traefik.frontend.rule=Host:cloud.deuxfleurs.fr;PathPrefix:/" 1 "traefik.frontend.headers.customResponseHeaders=Access-Control-Allow-Origin: *", ```
quentin added the
design
label 2021-09-17 15:19:49 +00:00
This repo is archived. You cannot comment on issues.
No Milestone
No project
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/infrastructure#22
No description provided.