Skip to content

Advanced setup with Traefik uses an EOL version of Traefik (v2.7) #5002

New issue
New issue
Open
Open
Advanced setup with Traefik uses an EOL version of Traefik (v2.7)#5002
Labels
enhancementNew feature or requestkind:documentationAdds or improves documentation
@egonzalezpozega

Description

@egonzalezpozega
egonzalezpozega
opened on Oct 17, 2025

Is there an existing issue for this?

  • I have checked the existing issues and discussions, and I can confirm that there are no duplicates.

What happened?

The docs use an old version of Traefik v2.7 that is EOL. I suggest we update the advanced setup guide with Traefik so it uses the latest version of Traefik v3.4.

Expected Behavior

Use Traefik v3.4 instead of v2.7 which is EOL.

Can the issue reliably be reproduced?

Yes

Steps To Reproduce the issue

Traefik v2.7 is EOL since Jun 29, 2022: https://doc.traefik.io/traefik/deprecation/releases/

Relevant log output

N/A

Screenshots

N/A

Additional data

I was able to get TeslaMate working with Traefik v3.4. Here is the updated Docker compose file I used:

  teslamate:
    image: teslamate/teslamate:latest
    restart: always
    depends_on:
      - database
    environment:
      - ENCRYPTION_KEY=${TM_ENCRYPTION_KEY}
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - MQTT_HOST=mosquitto
      - VIRTUAL_HOST=${FQDN_TM}
      - CHECK_ORIGIN=true
      - TZ=${TM_TZ}
    volumes:
      - ./import:/opt/app/import
    labels:
      traefik.enable: "true"
      # CHANGED: traefik.port is deprecated - use full service label
      traefik.http.services.teslamate-service.loadbalancer.server.port: "4000"
      traefik.http.middlewares.redirect.redirectscheme.scheme: "https"
      traefik.http.middlewares.teslamate-auth.basicauth.realm: "teslamate"
      traefik.http.middlewares.teslamate-auth.basicauth.usersfile: "/auth/.htpasswd"
      traefik.http.routers.teslamate-insecure.rule: "Host(`${FQDN_TM}`)"
      traefik.http.routers.teslamate-insecure.middlewares: "redirect"
      traefik.http.routers.teslamate-ws.rule: "Host(`${FQDN_TM}`) && Path(`/live/websocket`)"
      traefik.http.routers.teslamate-ws.entrypoints: "websecure"
      traefik.http.routers.teslamate-ws.tls: ""
      traefik.http.routers.teslamate.rule: "Host(`${FQDN_TM}`)"
      traefik.http.routers.teslamate.middlewares: "teslamate-auth"
      traefik.http.routers.teslamate.entrypoints: "websecure"
      traefik.http.routers.teslamate.tls.certresolver: "tmhttpchallenge"
    cap_drop:
      - ALL
  
  database:
    image: postgres:17
    restart: always
    environment:
      - POSTGRES_USER=${TM_DB_USER}
      - POSTGRES_PASSWORD=${TM_DB_PASS}
      - POSTGRES_DB=${TM_DB_NAME}
    volumes:
      - teslamate-db:/var/lib/postgresql/data
  
  grafana:
    image: teslamate/grafana:latest
    restart: always
    environment:
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - GRAFANA_PASSWD=${GRAFANA_PW}
      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PW}
      - GF_AUTH_ANONYMOUS_ENABLED=false
      - GF_SERVER_DOMAIN=${FQDN_TM}
      - GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana
      - GF_SERVER_SERVE_FROM_SUB_PATH=true
    volumes:
      - teslamate-grafana-data:/var/lib/grafana
    labels:
      traefik.enable: "true"
      # CHANGED: traefik.port is deprecated - use full service label
      traefik.http.services.grafana-service.loadbalancer.server.port: "3000"
      traefik.http.middlewares.redirect.redirectscheme.scheme: "https"
      traefik.http.routers.grafana-insecure.rule: "Host(`${FQDN_TM}`)"
      traefik.http.routers.grafana-insecure.middlewares: "redirect"
      traefik.http.routers.grafana.rule: "Host(`${FQDN_TM}`) && (Path(`/grafana`) || PathPrefix(`/grafana/`))"
      traefik.http.routers.grafana.entrypoints: "websecure"
      traefik.http.routers.grafana.tls.certresolver: "tmhttpchallenge"
  
  mosquitto:
    image: eclipse-mosquitto:2
    restart: always
    command: mosquitto -c /mosquitto-no-auth.conf
    ports:
      - "127.0.0.1:1883:1883"
    volumes:
      - mosquitto-conf:/mosquitto/config
      - mosquitto-data:/mosquitto/data
  
  proxy:
    # CHANGED: Updated to v3.4
    image: traefik:v3.4
    restart: always
    command:
      - "--global.sendAnonymousUsage=false"
      - "--providers.docker"
      - "--providers.docker.exposedByDefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.tmhttpchallenge.acme.httpchallenge=true"
      - "--certificatesresolvers.tmhttpchallenge.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.tmhttpchallenge.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.tmhttpchallenge.acme.storage=/etc/acme/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./.htpasswd:/auth/.htpasswd
      - ./acme/:/etc/acme/
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  teslamate-db:
  teslamate-grafana-data:
  mosquitto-conf:
  mosquitto-data:

Type of installation

Docker (https://docs.teslamate.org/docs/installation/docker/)

Version

2.1.1

PostgreSQL version

17

Are you running latest major supported PostgreSQL version?

  • I run the latest major supported PostgreSQL version

Are you using a reverse Proxy for TeslaMate?

Yes (specify in next field)

Details about your reverse Proxy if applicable

I was able to get TeslaMate working with Traefik v3.4. Here is the updated Docker compose file I used:

  teslamate:
    image: teslamate/teslamate:latest
    restart: always
    depends_on:
      - database
    environment:
      - ENCRYPTION_KEY=${TM_ENCRYPTION_KEY}
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - MQTT_HOST=mosquitto
      - VIRTUAL_HOST=${FQDN_TM}
      - CHECK_ORIGIN=true
      - TZ=${TM_TZ}
    volumes:
      - ./import:/opt/app/import
    labels:
      traefik.enable: "true"
      # CHANGED: traefik.port is deprecated - use full service label
      traefik.http.services.teslamate-service.loadbalancer.server.port: "4000"
      traefik.http.middlewares.redirect.redirectscheme.scheme: "https"
      traefik.http.middlewares.teslamate-auth.basicauth.realm: "teslamate"
      traefik.http.middlewares.teslamate-auth.basicauth.usersfile: "/auth/.htpasswd"
      traefik.http.routers.teslamate-insecure.rule: "Host(`${FQDN_TM}`)"
      traefik.http.routers.teslamate-insecure.middlewares: "redirect"
      traefik.http.routers.teslamate-ws.rule: "Host(`${FQDN_TM}`) && Path(`/live/websocket`)"
      traefik.http.routers.teslamate-ws.entrypoints: "websecure"
      traefik.http.routers.teslamate-ws.tls: ""
      traefik.http.routers.teslamate.rule: "Host(`${FQDN_TM}`)"
      traefik.http.routers.teslamate.middlewares: "teslamate-auth"
      traefik.http.routers.teslamate.entrypoints: "websecure"
      traefik.http.routers.teslamate.tls.certresolver: "tmhttpchallenge"
    cap_drop:
      - ALL
  
  database:
    image: postgres:17
    restart: always
    environment:
      - POSTGRES_USER=${TM_DB_USER}
      - POSTGRES_PASSWORD=${TM_DB_PASS}
      - POSTGRES_DB=${TM_DB_NAME}
    volumes:
      - teslamate-db:/var/lib/postgresql/data
  
  grafana:
    image: teslamate/grafana:latest
    restart: always
    environment:
      - DATABASE_USER=${TM_DB_USER}
      - DATABASE_PASS=${TM_DB_PASS}
      - DATABASE_NAME=${TM_DB_NAME}
      - DATABASE_HOST=database
      - GRAFANA_PASSWD=${GRAFANA_PW}
      - GF_SECURITY_ADMIN_USER=${GRAFANA_USER}
      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PW}
      - GF_AUTH_ANONYMOUS_ENABLED=false
      - GF_SERVER_DOMAIN=${FQDN_TM}
      - GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana
      - GF_SERVER_SERVE_FROM_SUB_PATH=true
    volumes:
      - teslamate-grafana-data:/var/lib/grafana
    labels:
      traefik.enable: "true"
      # CHANGED: traefik.port is deprecated - use full service label
      traefik.http.services.grafana-service.loadbalancer.server.port: "3000"
      traefik.http.middlewares.redirect.redirectscheme.scheme: "https"
      traefik.http.routers.grafana-insecure.rule: "Host(`${FQDN_TM}`)"
      traefik.http.routers.grafana-insecure.middlewares: "redirect"
      traefik.http.routers.grafana.rule: "Host(`${FQDN_TM}`) && (Path(`/grafana`) || PathPrefix(`/grafana/`))"
      traefik.http.routers.grafana.entrypoints: "websecure"
      traefik.http.routers.grafana.tls.certresolver: "tmhttpchallenge"
  
  mosquitto:
    image: eclipse-mosquitto:2
    restart: always
    command: mosquitto -c /mosquitto-no-auth.conf
    ports:
      - "127.0.0.1:1883:1883"
    volumes:
      - mosquitto-conf:/mosquitto/config
      - mosquitto-data:/mosquitto/data
  
  proxy:
    # CHANGED: Updated to v3.4
    image: traefik:v3.4
    restart: always
    command:
      - "--global.sendAnonymousUsage=false"
      - "--providers.docker"
      - "--providers.docker.exposedByDefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.tmhttpchallenge.acme.httpchallenge=true"
      - "--certificatesresolvers.tmhttpchallenge.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.tmhttpchallenge.acme.email=${LETSENCRYPT_EMAIL}"
      - "--certificatesresolvers.tmhttpchallenge.acme.storage=/etc/acme/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./.htpasswd:/auth/.htpasswd
      - ./acme/:/etc/acme/
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  teslamate-db:
  teslamate-grafana-data:
  mosquitto-conf:
  mosquitto-data:

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestkind:documentationAdds or improves documentation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions