SW/traefik
2
0
Fork 1
forked from Ivasoft/traefik
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: SW:v2.0.0-alpha4
Branches Tags
SW:master SW:v2.9 SW:v1.5 SW:v1.4 SW:v3.0 SW:v2.8 SW:v1.6 SW:v1.7 SW:v2.0 SW:v2.1 SW:v2.2 SW:v2.7 SW:v2.6 SW:v2.3 SW:v2.4 SW:v2.5 SW:v1.0 SW:v1.1 SW:v1.2 SW:v1.3 SW:gh-pages
SW:v2.9.6-1 SW:v3.0.0-beta2 SW:v2.9.6 SW:v3.0.0-beta1 SW:v2.9.5 SW:v2.9.4 SW:v2.9.3 SW:v2.9.2 SW:v2.9.1 SW:v2.9.0-rc5 SW:v2.8.8 SW:v2.8.7 SW:v2.9.0-rc4 SW:v2.8.6 SW:v2.9.0-rc3 SW:v2.9.0-rc2 SW:v2.9.0-rc1 SW:v2.8.5 SW:v2.8.4 SW:v2.8.3 SW:v2.8.2 SW:v2.8.1 SW:v2.8.0 SW:v2.7.3 SW:v2.8.0-rc2 SW:v2.7.2 SW:v2.8.0-rc1 SW:v2.7.1 SW:v2.7.0 SW:v2.6.7 SW:v2.6.6 SW:v2.6.5 SW:v2.6.4 SW:v2.7.0-rc2 SW:v2.6.3 SW:v2.7.0-rc1 SW:v2.6.2 SW:v2.6.1 SW:v2.6.0 SW:v2.6.0-rc3 SW:v2.5.7 SW:v2.6.0-rc2 SW:v2.5.6 SW:v2.6.0-rc1 SW:v1.7.34 SW:v2.5.5 SW:v2.5.4 SW:v1.7.33 SW:v1.7.32 SW:v1.7.31 SW:v2.5.3 SW:v2.5.2 SW:v2.5.1 SW:v2.5.0 SW:v2.4.14 SW:v2.5.0-rc6 SW:v2.5.0-rc5 SW:v2.5.0-rc4 SW:v2.4.13 SW:v2.4.12 SW:v2.5.0-rc3 SW:v2.4.11 SW:v2.4.10 SW:v2.5.0-rc2 SW:v2.5.0-rc1 SW:v2.4.9 SW:v1.7.30 SW:v1.7.29 SW:v2.4.8 SW:v2.4.7 SW:v2.4.6 SW:v2.4.5 SW:v2.4.4 SW:v2.4.3 SW:v2.4.2 SW:v2.4.1 SW:v2.4.0 SW:v1.7.28 SW:v1.7.27 SW:v2.4.0-rc2 SW:v2.3.7 SW:v2.3.6 SW:v2.4.0-rc1 SW:v2.3.5 SW:v2.3.4 SW:v2.3.3 SW:v2.3.2 SW:v2.3.1 SW:v2.3.0 SW:v2.3.0-rc7 SW:v2.3.0-rc6 SW:v2.3.0-rc5 SW:v2.2.11 SW:v2.2.10 SW:v2.3.0-rc4 SW:v2.3.0-rc3 SW:v2.2.8 SW:v1.7.26 SW:v2.2.7 SW:v2.2.6 SW:v2.3.0-rc2 SW:v2.3.0-rc1 SW:v1.7.25 SW:v2.2.5 SW:v2.2.4 SW:v2.2.3 SW:v2.2.2 SW:v2.2.1 SW:v2.2.0 SW:v1.7.24 SW:v2.1.9 SW:v1.7.23 SW:v2.2.0-rc4 SW:v2.1.8 SW:v2.2.0-rc3 SW:v2.1.7 SW:v1.7.22 SW:v2.2.0-rc2 SW:v2.2.0-rc1 SW:v2.1.6 SW:v2.1.5 SW:v1.7.21 SW:v2.1.4 SW:v2.1.3 SW:v2.1.2 SW:v2.1.1 SW:v2.1.0 SW:v1.7.20 SW:v2.0.7 SW:v2.1.0-rc3 SW:v2.0.6 SW:v2.1.0-rc2 SW:v2.1.0-rc1 SW:v2.0.5 SW:v2.0.4 SW:v2.0.3 SW:v1.7.19 SW:v2.0.2 SW:v2.0.1 SW:v1.7.18 SW:v1.7.17 SW:v2.0.0 SW:v2.0.0-rc4 SW:v1.7.16 SW:v1.7.15 SW:v2.0.0-rc3 SW:v2.0.0-rc2 SW:v2.0.0-rc1 SW:v1.7.14 SW:v1.7.13 SW:v2.0.0-beta1 SW:v2.0.0-alpha8 SW:v2.0.0-alpha7 SW:v2.0.0-alpha6 SW:v2.0.0-alpha5 SW:v1.7.12 SW:v1.7.11 SW:v2.0.0-alpha4 SW:v2.0.0-alpha3 SW:v1.7.10 SW:v2.0.0-alpha2 SW:v2.0.0-alpha1 SW:v1.7.9 SW:v1.7.8 SW:v1.7.7 SW:v1.7.6 SW:v1.7.5 SW:v1.7.4 SW:v1.7.3 SW:v1.7.2 SW:v1.7.1 SW:v1.7.0 SW:v1.7.0-rc5 SW:v1.7.0-rc4 SW:v1.6.6 SW:v1.7.0-rc3 SW:v1.7.0-rc2 SW:v1.6.5 SW:v1.7.0-rc1 SW:v1.6.4 SW:v1.6.3 SW:v1.6.2 SW:v1.6.1 SW:v1.6.0 SW:v1.6.0-rc6 SW:v1.6.0-rc5 SW:v1.6.0-rc4 SW:v1.6.0-rc3 SW:v1.6.0-rc2 SW:v1.6.0-rc1 SW:v1.5.4 SW:v1.5.3 SW:v1.5.2 SW:v1.5.1 SW:v1.5.0 SW:v1.5.0-rc5 SW:v1.5.0-rc4 SW:v1.4.6 SW:v1.5.0-rc3 SW:v1.5.0-rc2 SW:v1.4.5 SW:v1.5.0-rc1 SW:v1.4.4 SW:v1.4.3 SW:v1.4.2 SW:v1.4.1 SW:v1.4.0 SW:v1.4.0-rc5 SW:v1.4.0-rc4 SW:v1.4.0-rc3 SW:v1.4.0-rc2 SW:v1.3.8 SW:v1.4.0-rc1 SW:v1.3.7 SW:v1.3.6 SW:v1.3.5 SW:v1.3.4 SW:v1.3.3 SW:v1.3.2 SW:v1.3.1 SW:v1.3.0 SW:v1.3.0-rc3 SW:v1.3.0-rc2 SW:v1.3.0-rc1 SW:v1.2.3 SW:v1.2.2 SW:v1.2.1 SW:v1.2.0 SW:v1.2.0-rc2 SW:v1.2.0-rc1 SW:v1.1.2 SW:v1.1.1 SW:v1.1.0 SW:v1.1.0-rc4 SW:v1.1.0-rc3 SW:v1.1.0-rc2 SW:v1.1.0-rc1 SW:v1.0.3 SW:v1.0.2 SW:v1.0.1 SW:v1.0.0 SW:v1.0.0-rc3 SW:v1.0.0-rc2 SW:v1.0.0-rc1 SW:v1.0.0-beta.809 SW:v1.0.0-beta.804 SW:v1.0.0-beta.794 SW:v1.0.0-beta.784 SW:v1.0.0-beta.771 SW:v1.0.0-beta.767 SW:v1.0.0-beta.756 SW:v1.0.0-beta.754 SW:v1.0.0-beta.744 SW:v1.0.0-beta.732 SW:v1.0.0-beta.723 SW:v1.0.0-beta.721 SW:v1.0.0-beta.712 SW:v1.0.0-beta.704 SW:v1.0.0-beta.695 SW:v1.0.0-beta.692 SW:v1.0.0-beta.682 SW:v1.0.0-beta.676 SW:v1.0.0-beta.673 SW:v1.0.0-beta.666 SW:v1.0.0-beta.652 SW:v1.0.0-beta.644 SW:v1.0.0-beta.621 SW:v1.0.0-beta.614 SW:v1.0.0-beta.610 SW:v1.0.0-beta.601 SW:v1.0.0-beta.582 SW:v1.0.0-beta.576 SW:v1.0.0-beta.573 SW:v1.0.0-beta.555 SW:v1.0.0-beta.548 SW:v1.0.0-beta.545 SW:v1.0.0-beta.524 SW:v1.0.0-beta.513 SW:v1.0.0-beta.508 SW:v1.0.0-beta.505 SW:v1.0.0-beta.484 SW:v1.0.0-beta.481 SW:v1.0.0-beta.475 SW:v1.0.0-beta.470 SW:v1.0.0-beta.453 SW:v1.0.0-beta.442 SW:v1.0.0-beta.440 SW:v1.0.0-beta.436 SW:v1.0.0-beta.433 SW:v1.0.0-beta.427 SW:v1.0.0-beta.421 SW:v1.0.0-beta.416 SW:v1.0.0-beta.408 SW:v1.0.0-beta.404 SW:v1.0.0-beta.395 SW:v1.0.0-beta.392 SW:v1.0.0-beta.374 SW:v1.0.0-beta.366 SW:v1.0.0-beta.355 SW:v1.0.0-beta.352 SW:v1.0.0-beta.341 SW:v1.0.0-beta.339 SW:v1.0.0-beta.324 SW:v1.0.0-beta.300 SW:v1.0.0-beta.291 SW:v1.0.0-beta.289 SW:v1.0.0-beta.287 SW:v1.0.0-beta.280 SW:v1.0.0-beta.277 SW:v1.0.0-beta.254 SW:v1.0.0-beta.247 SW:v1.0.0-beta.224 SW:v1.0.0-beta.220 SW:v1.0.0-beta.212 SW:v1.0.0-beta.211 SW:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 SW:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 SW:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb SW:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f SW:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e SW:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 SW:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 SW:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e SW:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b SW:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a SW:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b SW:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e SW:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d SW:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d SW:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 SW:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff SW:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb SW:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 SW:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b SW:v1.0.alpha.522 SW:v1.0.alpha.516 SW:v1.0.alpha.506 SW:v1.0.alpha.481 SW:v1.0.alpha.477 SW:v1.0.alpha.471 SW:v1.0.alpha.469 SW:v1.0.alpha.463 SW:v1.0.alpha.450 SW:v1.0.alpha.443 SW:v1.0.alpha.439 SW:v1.0.alpha.425 SW:v1.0.alpha.421 SW:v1.0.alpha.418 SW:v1.0.alpha.412 SW:v1.0.alpha.404 SW:v1.0.alpha.392 SW:v1.0.alpha.374 SW:v1.0.alpha.367 SW:v1.0.alpha.364 SW:v1.0.alpha.361 SW:v1.0.alpha.358 SW:v1.0.alpha.357 SW:v1.0.alpha.341 SW:v1.0.alpha.338 SW:v1.0.alpha.336 SW:v1.0.alpha.333 SW:v1.0.alpha.329 SW:v1.0.alpha.311 SW:v1.0.alpha.306 SW:v1.0.alpha.302 SW:v1.0.alpha.291 SW:v1.0.alpha.290 SW:v1.0.alpha.288 SW:v1.0.alpha.285 SW:v1.0.alpha.275 SW:v1.0.alpha.274 SW:v1.0.alpha.273 SW:v1.0.alpha.272 SW:v1.0.alpha.271 SW:v1.0.alpha.270 SW:v1.0.alpha.269 SW:v1.0.alpha.268 SW:v1.0.alpha.267 SW:v1.0.alpha.266 SW:v1.0.alpha.263 SW:v1.0.alpha.257 SW:v1.0.alpha.256 SW:v1.0.alpha.252 SW:v1.0.alpha.251 SW:v1.0.alpha.250 SW:v1.0.alpha.249 SW:v1.0.alpha.247 SW:v1.0.alpha.228 SW:v1.0.alpha.217 SW:v1.0.alpha.216 SW:v1.0.alpha.215 SW:v1.0.alpha.212 SW:v1.0.alpha.200 SW:v1.0.alpha.186 SW:v1.0.alpha.182 SW:v1.0.alpha.178 SW:v1.0.alpha.176 SW:v1.0.alpha.171 SW:v1.0.alpha.170 SW:v1.0.alpha.164 SW:v1.0.alpha.157 SW:v1.0
...
compare: SW:v2.0.0-alpha8
Branches Tags
SW:master SW:v2.9 SW:v1.5 SW:v1.4 SW:v3.0 SW:v2.8 SW:v1.6 SW:v1.7 SW:v2.0 SW:v2.1 SW:v2.2 SW:v2.7 SW:v2.6 SW:v2.3 SW:v2.4 SW:v2.5 SW:v1.0 SW:v1.1 SW:v1.2 SW:v1.3 SW:gh-pages
SW:v2.9.6-1 SW:v3.0.0-beta2 SW:v2.9.6 SW:v3.0.0-beta1 SW:v2.9.5 SW:v2.9.4 SW:v2.9.3 SW:v2.9.2 SW:v2.9.1 SW:v2.9.0-rc5 SW:v2.8.8 SW:v2.8.7 SW:v2.9.0-rc4 SW:v2.8.6 SW:v2.9.0-rc3 SW:v2.9.0-rc2 SW:v2.9.0-rc1 SW:v2.8.5 SW:v2.8.4 SW:v2.8.3 SW:v2.8.2 SW:v2.8.1 SW:v2.8.0 SW:v2.7.3 SW:v2.8.0-rc2 SW:v2.7.2 SW:v2.8.0-rc1 SW:v2.7.1 SW:v2.7.0 SW:v2.6.7 SW:v2.6.6 SW:v2.6.5 SW:v2.6.4 SW:v2.7.0-rc2 SW:v2.6.3 SW:v2.7.0-rc1 SW:v2.6.2 SW:v2.6.1 SW:v2.6.0 SW:v2.6.0-rc3 SW:v2.5.7 SW:v2.6.0-rc2 SW:v2.5.6 SW:v2.6.0-rc1 SW:v1.7.34 SW:v2.5.5 SW:v2.5.4 SW:v1.7.33 SW:v1.7.32 SW:v1.7.31 SW:v2.5.3 SW:v2.5.2 SW:v2.5.1 SW:v2.5.0 SW:v2.4.14 SW:v2.5.0-rc6 SW:v2.5.0-rc5 SW:v2.5.0-rc4 SW:v2.4.13 SW:v2.4.12 SW:v2.5.0-rc3 SW:v2.4.11 SW:v2.4.10 SW:v2.5.0-rc2 SW:v2.5.0-rc1 SW:v2.4.9 SW:v1.7.30 SW:v1.7.29 SW:v2.4.8 SW:v2.4.7 SW:v2.4.6 SW:v2.4.5 SW:v2.4.4 SW:v2.4.3 SW:v2.4.2 SW:v2.4.1 SW:v2.4.0 SW:v1.7.28 SW:v1.7.27 SW:v2.4.0-rc2 SW:v2.3.7 SW:v2.3.6 SW:v2.4.0-rc1 SW:v2.3.5 SW:v2.3.4 SW:v2.3.3 SW:v2.3.2 SW:v2.3.1 SW:v2.3.0 SW:v2.3.0-rc7 SW:v2.3.0-rc6 SW:v2.3.0-rc5 SW:v2.2.11 SW:v2.2.10 SW:v2.3.0-rc4 SW:v2.3.0-rc3 SW:v2.2.8 SW:v1.7.26 SW:v2.2.7 SW:v2.2.6 SW:v2.3.0-rc2 SW:v2.3.0-rc1 SW:v1.7.25 SW:v2.2.5 SW:v2.2.4 SW:v2.2.3 SW:v2.2.2 SW:v2.2.1 SW:v2.2.0 SW:v1.7.24 SW:v2.1.9 SW:v1.7.23 SW:v2.2.0-rc4 SW:v2.1.8 SW:v2.2.0-rc3 SW:v2.1.7 SW:v1.7.22 SW:v2.2.0-rc2 SW:v2.2.0-rc1 SW:v2.1.6 SW:v2.1.5 SW:v1.7.21 SW:v2.1.4 SW:v2.1.3 SW:v2.1.2 SW:v2.1.1 SW:v2.1.0 SW:v1.7.20 SW:v2.0.7 SW:v2.1.0-rc3 SW:v2.0.6 SW:v2.1.0-rc2 SW:v2.1.0-rc1 SW:v2.0.5 SW:v2.0.4 SW:v2.0.3 SW:v1.7.19 SW:v2.0.2 SW:v2.0.1 SW:v1.7.18 SW:v1.7.17 SW:v2.0.0 SW:v2.0.0-rc4 SW:v1.7.16 SW:v1.7.15 SW:v2.0.0-rc3 SW:v2.0.0-rc2 SW:v2.0.0-rc1 SW:v1.7.14 SW:v1.7.13 SW:v2.0.0-beta1 SW:v2.0.0-alpha8 SW:v2.0.0-alpha7 SW:v2.0.0-alpha6 SW:v2.0.0-alpha5 SW:v1.7.12 SW:v1.7.11 SW:v2.0.0-alpha4 SW:v2.0.0-alpha3 SW:v1.7.10 SW:v2.0.0-alpha2 SW:v2.0.0-alpha1 SW:v1.7.9 SW:v1.7.8 SW:v1.7.7 SW:v1.7.6 SW:v1.7.5 SW:v1.7.4 SW:v1.7.3 SW:v1.7.2 SW:v1.7.1 SW:v1.7.0 SW:v1.7.0-rc5 SW:v1.7.0-rc4 SW:v1.6.6 SW:v1.7.0-rc3 SW:v1.7.0-rc2 SW:v1.6.5 SW:v1.7.0-rc1 SW:v1.6.4 SW:v1.6.3 SW:v1.6.2 SW:v1.6.1 SW:v1.6.0 SW:v1.6.0-rc6 SW:v1.6.0-rc5 SW:v1.6.0-rc4 SW:v1.6.0-rc3 SW:v1.6.0-rc2 SW:v1.6.0-rc1 SW:v1.5.4 SW:v1.5.3 SW:v1.5.2 SW:v1.5.1 SW:v1.5.0 SW:v1.5.0-rc5 SW:v1.5.0-rc4 SW:v1.4.6 SW:v1.5.0-rc3 SW:v1.5.0-rc2 SW:v1.4.5 SW:v1.5.0-rc1 SW:v1.4.4 SW:v1.4.3 SW:v1.4.2 SW:v1.4.1 SW:v1.4.0 SW:v1.4.0-rc5 SW:v1.4.0-rc4 SW:v1.4.0-rc3 SW:v1.4.0-rc2 SW:v1.3.8 SW:v1.4.0-rc1 SW:v1.3.7 SW:v1.3.6 SW:v1.3.5 SW:v1.3.4 SW:v1.3.3 SW:v1.3.2 SW:v1.3.1 SW:v1.3.0 SW:v1.3.0-rc3 SW:v1.3.0-rc2 SW:v1.3.0-rc1 SW:v1.2.3 SW:v1.2.2 SW:v1.2.1 SW:v1.2.0 SW:v1.2.0-rc2 SW:v1.2.0-rc1 SW:v1.1.2 SW:v1.1.1 SW:v1.1.0 SW:v1.1.0-rc4 SW:v1.1.0-rc3 SW:v1.1.0-rc2 SW:v1.1.0-rc1 SW:v1.0.3 SW:v1.0.2 SW:v1.0.1 SW:v1.0.0 SW:v1.0.0-rc3 SW:v1.0.0-rc2 SW:v1.0.0-rc1 SW:v1.0.0-beta.809 SW:v1.0.0-beta.804 SW:v1.0.0-beta.794 SW:v1.0.0-beta.784 SW:v1.0.0-beta.771 SW:v1.0.0-beta.767 SW:v1.0.0-beta.756 SW:v1.0.0-beta.754 SW:v1.0.0-beta.744 SW:v1.0.0-beta.732 SW:v1.0.0-beta.723 SW:v1.0.0-beta.721 SW:v1.0.0-beta.712 SW:v1.0.0-beta.704 SW:v1.0.0-beta.695 SW:v1.0.0-beta.692 SW:v1.0.0-beta.682 SW:v1.0.0-beta.676 SW:v1.0.0-beta.673 SW:v1.0.0-beta.666 SW:v1.0.0-beta.652 SW:v1.0.0-beta.644 SW:v1.0.0-beta.621 SW:v1.0.0-beta.614 SW:v1.0.0-beta.610 SW:v1.0.0-beta.601 SW:v1.0.0-beta.582 SW:v1.0.0-beta.576 SW:v1.0.0-beta.573 SW:v1.0.0-beta.555 SW:v1.0.0-beta.548 SW:v1.0.0-beta.545 SW:v1.0.0-beta.524 SW:v1.0.0-beta.513 SW:v1.0.0-beta.508 SW:v1.0.0-beta.505 SW:v1.0.0-beta.484 SW:v1.0.0-beta.481 SW:v1.0.0-beta.475 SW:v1.0.0-beta.470 SW:v1.0.0-beta.453 SW:v1.0.0-beta.442 SW:v1.0.0-beta.440 SW:v1.0.0-beta.436 SW:v1.0.0-beta.433 SW:v1.0.0-beta.427 SW:v1.0.0-beta.421 SW:v1.0.0-beta.416 SW:v1.0.0-beta.408 SW:v1.0.0-beta.404 SW:v1.0.0-beta.395 SW:v1.0.0-beta.392 SW:v1.0.0-beta.374 SW:v1.0.0-beta.366 SW:v1.0.0-beta.355 SW:v1.0.0-beta.352 SW:v1.0.0-beta.341 SW:v1.0.0-beta.339 SW:v1.0.0-beta.324 SW:v1.0.0-beta.300 SW:v1.0.0-beta.291 SW:v1.0.0-beta.289 SW:v1.0.0-beta.287 SW:v1.0.0-beta.280 SW:v1.0.0-beta.277 SW:v1.0.0-beta.254 SW:v1.0.0-beta.247 SW:v1.0.0-beta.224 SW:v1.0.0-beta.220 SW:v1.0.0-beta.212 SW:v1.0.0-beta.211 SW:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 SW:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 SW:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb SW:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f SW:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e SW:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 SW:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 SW:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e SW:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b SW:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a SW:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b SW:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e SW:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d SW:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d SW:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 SW:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff SW:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb SW:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 SW:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b SW:v1.0.alpha.522 SW:v1.0.alpha.516 SW:v1.0.alpha.506 SW:v1.0.alpha.481 SW:v1.0.alpha.477 SW:v1.0.alpha.471 SW:v1.0.alpha.469 SW:v1.0.alpha.463 SW:v1.0.alpha.450 SW:v1.0.alpha.443 SW:v1.0.alpha.439 SW:v1.0.alpha.425 SW:v1.0.alpha.421 SW:v1.0.alpha.418 SW:v1.0.alpha.412 SW:v1.0.alpha.404 SW:v1.0.alpha.392 SW:v1.0.alpha.374 SW:v1.0.alpha.367 SW:v1.0.alpha.364 SW:v1.0.alpha.361 SW:v1.0.alpha.358 SW:v1.0.alpha.357 SW:v1.0.alpha.341 SW:v1.0.alpha.338 SW:v1.0.alpha.336 SW:v1.0.alpha.333 SW:v1.0.alpha.329 SW:v1.0.alpha.311 SW:v1.0.alpha.306 SW:v1.0.alpha.302 SW:v1.0.alpha.291 SW:v1.0.alpha.290 SW:v1.0.alpha.288 SW:v1.0.alpha.285 SW:v1.0.alpha.275 SW:v1.0.alpha.274 SW:v1.0.alpha.273 SW:v1.0.alpha.272 SW:v1.0.alpha.271 SW:v1.0.alpha.270 SW:v1.0.alpha.269 SW:v1.0.alpha.268 SW:v1.0.alpha.267 SW:v1.0.alpha.266 SW:v1.0.alpha.263 SW:v1.0.alpha.257 SW:v1.0.alpha.256 SW:v1.0.alpha.252 SW:v1.0.alpha.251 SW:v1.0.alpha.250 SW:v1.0.alpha.249 SW:v1.0.alpha.247 SW:v1.0.alpha.228 SW:v1.0.alpha.217 SW:v1.0.alpha.216 SW:v1.0.alpha.215 SW:v1.0.alpha.212 SW:v1.0.alpha.200 SW:v1.0.alpha.186 SW:v1.0.alpha.182 SW:v1.0.alpha.178 SW:v1.0.alpha.176 SW:v1.0.alpha.171 SW:v1.0.alpha.170 SW:v1.0.alpha.164 SW:v1.0.alpha.157 SW:v1.0

87 Commits
v2.0.0-alp ... v2.0.0-alp

Author SHA1 Message Date
Ludovic Fernandez
49814b92fe Prepare release v2.0.0-alpha8 2019-07-01 19:36:04 +02:00
Ludovic Fernandez
260b5d6b0d Add gRPC user guide 2019-07-01 15:28:04 +02:00
Julien Salleyron
4360ca14c1 Use h2c from x/net to handle h2c requests 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2019-07-01 15:08:04 +02:00
Ludovic Fernandez
c7d336f958 Use the same case everywhere 2019-07-01 11:30:05 +02:00
Máté Szabó
f6436663eb Make HTTP Keep-Alive timeout configurable for backend connections 2019-06-28 00:36:04 +02:00
Michael
84d7c65039 Improve tracing 2019-06-28 00:16:04 +02:00
Ludovic Fernandez
4245096be4 Define a TLS section to group TLS, TLSOptions, and TLSStores. 
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
 2019-06-27 23:58:03 +02:00
Ludovic Fernandez
c9b2a07bc7 Drop headers by default in access logs. 2019-06-27 16:04:03 +02:00
Ludovic Fernandez
e69d4cba88 Support YAML for the dynamic configuration. 2019-06-26 18:18:04 +02:00
mpl
96962dd21f Handle cross-provider middleware in kubernetes CRD 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2019-06-26 14:14:05 +02:00
Ludovic Fernandez
36d48224b5 fix: error log message. 2019-06-26 09:10:03 +02:00
Daniel Alan Miller
53779d6ceb Adding content-header to api endpoints 2019-06-25 17:44:03 +02:00
mpl
e7e268b3bd doc/crd-acme: specify required kubectl version 2019-06-25 14:50:04 +02:00
Damien Duportal
ca2f76fe1f Update Slack support channel references to Discourse community forum 2019-06-25 10:08:04 +02:00
Ludovic Fernandez
4d44ab9628 Change the loading resource order 2019-06-24 16:40:06 +02:00
Ludovic Fernandez
dd62051e6c Improve middleware documentation. 2019-06-24 06:04:03 +02:00
Ludovic Fernandez
fdb1701d1b Prepare release v2.0.0-alpha7 2019-06-21 17:46:02 +02:00
Jean-Baptiste Doumenjou
80b35575df Define TLS options on the Router configuration for Kubernetes 
Co-authored-by: juliens <julien@containo.us>
 2019-06-21 17:18:05 +02:00
Julien Salleyron
69cf05df9a Fix panic in tls manager 2019-06-21 16:32:04 +02:00
Ludovic Fernandez
69a1817c3f Improve some parts of the documentation. 2019-06-21 10:54:04 +02:00
Ludovic Fernandez
a918dcd5a4 Filter env vars configuration 2019-06-21 10:08:04 +02:00
Ludovic Fernandez
adc9a65ae3 Use name@provider instead of provider@name. 2019-06-21 09:54:04 +02:00
Ludovic Fernandez
1e779f7135 Fix some CLI bugs 2019-06-21 09:40:04 +02:00
Ludovic Fernandez
fe68e9e243 New constraints management. 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2019-06-21 09:24:04 +02:00
Ludovic Fernandez
e9792b446f Change the provider separator from . to @ 2019-06-20 00:40:05 +02:00
mpl
4012599264 docs: rewrite of the HTTPS and TLS section 
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
 2019-06-19 19:00:06 +02:00
mpl
429b1d8574 API: new contract 
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
 2019-06-19 18:34:04 +02:00
Ludovic Fernandez
a34876d700 Display an error when help is called on a non existing command. 2019-06-19 14:08:05 +02:00
Michael
68ecf78f0e Upgrade k3s version 2019-06-18 22:32:05 +02:00
Ludovic Fernandez
38344b342d Prepare release v2.0.0-alpha6. 2019-06-18 18:10:06 +02:00
Orhan Hirsch
346ff96de2 Kubernetes CRD documentation fixes 2019-06-18 12:20:04 +02:00
Ludovic Fernandez
31614bebc4 Don't allow non flag arguments by default. 2019-06-18 12:10:06 +02:00
Ludovic Fernandez
be888b59a6 doc: fix middleware names for CRD. 2019-06-18 09:50:05 +02:00
Ludovic Fernandez
6069df6cbd fix: revert deploy script. 2019-06-17 23:40:05 +02:00
Ludovic Fernandez
5e7b6e4860 fix: deploy script. 2019-06-17 22:14:05 +02:00
Ludovic Fernandez
ea6fa6e889 Prepare release v2.0.0-alpha5 2019-06-17 19:38:04 +02:00
Orhan Hirsch
3e914256ce Update headers middleware docs for kubernetes crd 2019-06-17 18:30:05 +02:00
Jean-Baptiste Doumenjou
85ce16b34f Define TLS options on the Router configuration 
Co-authored-by: juliens <julien@containo.us>
 2019-06-17 18:14:08 +02:00
Russ Ferriday
d306c8fd50 change doc references to scheme[Rr]edirect -> redirect[Ss]cheme 2019-06-17 18:00:07 +02:00
Ludovic Fernandez
8d7eccad5d New static configuration loading system. 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2019-06-17 11:48:05 +02:00
Amir Keibi
d18edd6f77 HttpOnly and Secure flags on the affinity cookie 2019-06-13 00:42:06 +02:00
Emile Vauge
cad3704efd Add Mathieu Lonjaret to maintainers 2019-06-12 23:04:03 +02:00
Andreas Bleuler
9a4b455c3f Correct typo in documentation on rate limiting 2019-06-12 17:22:07 +02:00
Daniel Tomcej
01c8798e4e Update docker api version 2019-06-12 02:54:03 +02:00
Ludovic Fernandez
61744fba11 Prepare release v1.7.12 2019-06-12 02:54:03 +02:00
Fernandez Ludovic
0034bef6b9 Update lego. 2019-06-12 02:54:03 +02:00
ravilr
63c3ed3931 Add missing callback on close of hijacked connections 2019-06-12 02:54:03 +02:00
Ludovic Fernandez
8a5db8a3ee Adds a log fields documentation. 2019-06-12 02:54:03 +02:00
Alex Antonov
adc2b62c22 Upgraded DataDog tracing library to 1.14.0 2019-06-12 02:54:03 +02:00
Wenxuan Zhao
1f2fe08c33 Allow SANs for wildcards domain. 2019-06-12 02:54:03 +02:00
HurricanKai
77b1933833 Fix Kubernetes Docs for Middlewares 2019-06-11 20:42:04 +02:00
mpl
c4df78b4b9 Add support for TCP (in kubernetes CRD) 
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
 2019-06-11 15:12:04 +02:00
Julien Salleyron
c1dc783512 Remove first byte wait when tcp catches all 2019-06-07 19:30:07 +02:00
Julien Salleyron
518a37e776 rework loadbalancer support 2019-06-05 22:18:06 +02:00
Brad Jones
b143101f82 Specify that Rancher provider is for 1.x only 2019-06-04 00:46:05 +02:00
Damien Duportal
2be6f4d153 Docs: improve the "reading path" for new contributers 2019-05-27 18:22:04 +02:00
Ludovic Fernandez
ac612734c8 fix the documentation about middleware labels. 2019-05-27 18:10:04 +02:00
Ludovic Fernandez
ffe69c67fc Entry points CLI description. 2019-05-27 18:02:06 +02:00
llussy
b3057a0ec3 Fix typo in the CRD documentation 2019-05-27 10:24:04 +02:00
mpl
563f059e73 Fix typos in data collection message 2019-05-21 17:12:09 +02:00
Ludovic Fernandez
6bbe7262ef documentation remove traefik.port. 2019-05-20 11:14:04 +02:00
Anton Dalgren
55a1a81010 Fixed readme misspelling 2019-05-17 13:40:04 +02:00
Michael
97ec764db7 Fix typos in documentation 2019-05-17 13:32:05 +02:00
mpl
f6df556eb0 API: expose runtime representation 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
 2019-05-16 10:58:06 +02:00
Damien Duportal
5cd9396dae Fix regression on plumbing scripts for developer usages 2019-05-14 19:58:04 +02:00
Damien Duportal
886a6bdbe0 Add shell script linting with shellcheck for better portability 2019-05-10 17:24:06 +02:00
Ludovic Fernandez
ab60e702d2 Remove old docs folder. 2019-05-10 10:16:05 +02:00
Jean-Baptiste Doumenjou
17141b3589 Remove timeout/interval from the ACME Provider 2019-05-10 09:58:05 +02:00
Daniel Tomcej
8f23243cb8 Add note about ACME renewal 2019-05-09 15:22:05 +02:00
Ludovic Fernandez
c2345c6e9a Don't add TCP proxy when error occurs during creation. 2019-05-09 14:30:06 +02:00
Michael Irwin
2617de2cdd Clarify docs with labels in Swarm Mode 2019-05-09 08:32:04 +02:00
Alex Antonov
9cf6827ccc Added support for Haystack tracing 2019-05-09 00:14:04 +02:00
Ludovic Fernandez
681892148e fix: typo in routing example. 2019-05-06 18:28:04 +02:00
Michael Irwin
558452a143 Fixed spelling typo 2019-05-06 17:44:04 +02:00
Daniel Tomcej
5a173fa968 Allow matching with FQDN hosts with trailing periods 2019-05-06 17:16:03 +02:00
Damien Duportal
72397ef90c Fix make validate on MacOS outside container 2019-05-06 09:40:03 +02:00
Yousef Lamlum
79ad4b4544 Clarification of the correct pronunciation of the word "Traefik" 2019-05-03 12:14:04 +02:00
Tim Möhlmann
49f3713c4f docker-compose basic auth needs dubble dollar signs 2019-05-03 10:16:06 +02:00
Ludovic Fernandez
4b5c3ccf58 Adds a reference to the middleware overview. 2019-04-29 19:36:07 +02:00
Michael
21dec70971 Fix strip prefix documentation 2019-04-29 19:00:05 +02:00
Ludovic Fernandez
0f2b774ea1 fix: Rancher documentation. 2019-04-26 11:48:04 +02:00
Ludovic Fernandez
e929caf15a Prepare release v1.7.11 2019-04-26 11:26:04 +02:00
Fernandez Ludovic
8d848c3d60 fix: update lego. 2019-04-26 11:26:04 +02:00
Marcelo Glezer
b8b0c8f3e5 compress link fixed 2019-04-25 17:54:05 +02:00
Michael
15e78da7eb Minor fix in documentation 2019-04-24 18:04:08 +02:00
Ludovic Fernandez
d80700810f Review documentation 2019-04-24 17:44:04 +02:00
Julien M'Poy
c1de6abf23 Fix a typo in documentation 2019-04-23 17:40:04 +02:00
1255 changed files with 103669 additions and 54207 deletions
Expand all files Collapse all files

3
.github/ISSUE_TEMPLATE.md vendored
View File

@@ -4,8 +4,7 @@ DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
The issue tracker is for reporting bugs and feature requests only.
For end-user related support questions, please refer to one of the following:
- Stack Overflow (using the "traefik" tag): https://stackoverflow.com/questions/tagged/traefik
- the Traefik community Slack channel: https://slack.traefik.io
- the Traefik community forum: https://community.containo.us/
-->

3
.github/ISSUE_TEMPLATE/Bug_report.md vendored
View File

@@ -10,8 +10,7 @@ DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
The issue tracker is for reporting bugs and feature requests only.
For end-user related support questions, please refer to one of the following:
- Stack Overflow (using the "traefik" tag): https://stackoverflow.com/questions/tagged/traefik
- the Traefik community Slack channel: https://slack.traefik.io
- the Traefik community forum: https://community.containo.us/
-->

3
.github/ISSUE_TEMPLATE/Feature_request.md vendored
View File

@@ -10,8 +10,7 @@ DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
The issue tracker is for reporting bugs and feature requests only.
For end-user related support questions, please refer to one of the following:
- Stack Overflow (using the "traefik" tag): https://stackoverflow.com/questions/tagged/traefik
- the Traefik community Slack channel: https://slack.traefik.io
- the Traefik community forum: https://community.containo.us/
-->

1
.gitignore vendored
View File

@@ -11,6 +11,7 @@
/autogen/
/traefik
/traefik.toml
/traefik.yml
*.log
*.exe
cover.out

4
.golangci.toml
View File

@@ -36,6 +36,8 @@
"scopelint",
"gochecknoinits",
"gochecknoglobals",
# uncomment when the CI will be updated
# "bodyclose", # Too many false-positive and panics.
]
[issues]
@@ -72,7 +74,7 @@
path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
text = "(U1000: func )?`(.+)` is unused"
[[issues.exclude-rules]]
path = "pkg/provider/label/internal/.+_test.go"
path = "pkg/config/parser/.+_test.go"
text = "U1000: field `(foo|fuu)` is unused"
[[issues.exclude-rules]]
path = "pkg/server/service/bufferpool.go"

2
.semaphoreci/job2.sh
View File

@@ -5,4 +5,4 @@ ci_retry make validate
if [ -n "$SHOULD_TEST" ]; then ci_retry make test-unit; fi
if [ -n "$SHOULD_TEST" ]; then make -j${N_MAKE_JOBS} crossbinary-default-parallel; fi
if [ -n "$SHOULD_TEST" ]; then make -j"${N_MAKE_JOBS}" crossbinary-default-parallel; fi

3
.semaphoreci/setup.sh
View File

@@ -3,9 +3,10 @@ set -e
export DOCKER_VERSION=17.03.1
# shellcheck source=/dev/null
source .semaphoreci/vars
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R); fi
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/"${PULL_REQUEST_NUMBER}".diff | patch --dry-run -p1 -R); fi
if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi

5
.semaphoreci/vars
View File

@@ -24,8 +24,8 @@ function ci_retry {
until [ $n -ge $NRETRY ]
do
"$@" && break
n=$[$n+1]
echo "$@ failed, attempt ${n}/${NRETRY}"
n=$((n+1))
echo "${*} failed, attempt ${n}/${NRETRY}"
sleep $NSLEEP
done
@@ -34,4 +34,3 @@ function ci_retry {
}
export -f ci_retry

1
.travis.yml
View File

@@ -38,7 +38,6 @@ deploy:
file: dist/traefik*
skip_cleanup: true
file_glob: true
draft: true
on:
repo: containous/traefik
tags: true

139
CHANGELOG.md
View File

@@ -1,5 +1,144 @@
# Change Log
## [v2.0.0-alpha8](https://github.com/containous/traefik/tree/v2.0.0-alpha8) (2019-07-01)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha7...v2.0.0-alpha8)
**Enhancements:**
- **[api]** Adding content-header to api endpoints ([#5019](https://github.com/containous/traefik/pull/5019) by [dalanmiller](https://github.com/dalanmiller))
- **[file]** Support YAML for the dynamic configuration. ([#5024](https://github.com/containous/traefik/pull/5024) by [ldez](https://github.com/ldez))
- **[logs]** Drop headers by default in access logs. ([#5034](https://github.com/containous/traefik/pull/5034) by [ldez](https://github.com/ldez))
- **[middleware,k8s/crd]** Handle cross-provider middleware in kubernetes CRD ([#5009](https://github.com/containous/traefik/pull/5009) by [mpl](https://github.com/mpl))
- **[server]** Use h2c from x/net to handle h2c requests ([#5045](https://github.com/containous/traefik/pull/5045) by [juliens](https://github.com/juliens))
- **[server]** Make HTTP Keep-Alive timeout configurable for backend connections ([#4983](https://github.com/containous/traefik/pull/4983) by [mszabo-wikia](https://github.com/mszabo-wikia))
- **[tls]** Define a TLS section to group TLS, TLSOptions, and TLSStores. ([#5031](https://github.com/containous/traefik/pull/5031) by [ldez](https://github.com/ldez))
- **[tracing]** Improve tracing ([#5010](https://github.com/containous/traefik/pull/5010) by [mmatur](https://github.com/mmatur))
**Bug fixes:**
- **[cli]** Change the loading resource order ([#5007](https://github.com/containous/traefik/pull/5007) by [ldez](https://github.com/ldez))
- **[logs]** fix: error log message. ([#5020](https://github.com/containous/traefik/pull/5020) by [ldez](https://github.com/ldez))
**Documentation:**
- **[acme]** doc/crd-acme: specify required kubectl version ([#5015](https://github.com/containous/traefik/pull/5015) by [mpl](https://github.com/mpl))
- **[middleware]** Improve middleware documentation. ([#5003](https://github.com/containous/traefik/pull/5003) by [ldez](https://github.com/ldez))
- **[server]** Add gRPC user guide ([#5042](https://github.com/containous/traefik/pull/5042) by [ldez](https://github.com/ldez))
- Use the same case everywhere ([#5043](https://github.com/containous/traefik/pull/5043) by [ldez](https://github.com/ldez))
## [v2.0.0-alpha7](https://github.com/containous/traefik/tree/v2.0.0-alpha7) (2019-06-21)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha6...v2.0.0-alpha7)
**Enhancements:**
- **[api]** API: new contract ([#4964](https://github.com/containous/traefik/pull/4964) by [mpl](https://github.com/mpl))
- **[k8s,k8s/crd,tls]** Define TLS options on the Router configuration for Kubernetes ([#4973](https://github.com/containous/traefik/pull/4973) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[middleware,provider]** Change the provider separator from . to @ ([#4982](https://github.com/containous/traefik/pull/4982) by [ldez](https://github.com/ldez))
- **[provider]** Use name@provider instead of provider@name. ([#4990](https://github.com/containous/traefik/pull/4990) by [ldez](https://github.com/ldez))
- **[provider]** New constraints management. ([#4965](https://github.com/containous/traefik/pull/4965) by [ldez](https://github.com/ldez))
**Bug fixes:**
- **[cli]** Fix some CLI bugs ([#4989](https://github.com/containous/traefik/pull/4989) by [ldez](https://github.com/ldez))
- **[cli]** Filter env vars configuration ([#4985](https://github.com/containous/traefik/pull/4985) by [ldez](https://github.com/ldez))
- **[cli]** Return an error when help is called on a non existing command. ([#4977](https://github.com/containous/traefik/pull/4977) by [ldez](https://github.com/ldez))
- **[tls]** Fix panic in TLS stores handling ([#4997](https://github.com/containous/traefik/pull/4997) by [juliens](https://github.com/juliens))
**Documentation:**
- **[acme,tls]** docs: rewrite of the HTTPS and TLS section ([#4980](https://github.com/containous/traefik/pull/4980) by [mpl](https://github.com/mpl))
- Improve various parts of the documentation. ([#4996](https://github.com/containous/traefik/pull/4996) by [ldez](https://github.com/ldez))
## [v2.0.0-alpha6](https://github.com/containous/traefik/tree/v2.0.0-alpha6) (2019-06-18)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha5...v2.0.0-alpha6)
**Bug fixes:**
- **[cli]** Don&#39;t allow non flag arguments by default. ([#4970](https://github.com/containous/traefik/pull/4970) by [ldez](https://github.com/ldez))
**Documentation:**
- **[middleware,k8s/crd]** doc: fix middleware names for CRD. ([#4966](https://github.com/containous/traefik/pull/4966) by [ldez](https://github.com/ldez))
- **[middleware]** Kubernetes CRD documentation fixes ([#4971](https://github.com/containous/traefik/pull/4971) by [orhanhenrik](https://github.com/orhanhenrik))
## [v2.0.0-alpha5](https://github.com/containous/traefik/tree/v2.0.0-alpha5) (2019-06-17)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha4...v2.0.0-alpha5)
**Enhancements:**
- **[acme]** Remove timeout/interval from the ACME Provider ([#4842](https://github.com/containous/traefik/pull/4842) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[api]** API: expose runtime representation ([#4841](https://github.com/containous/traefik/pull/4841) by [mpl](https://github.com/mpl))
- **[cli]** New static configuration loading system. ([#4935](https://github.com/containous/traefik/pull/4935) by [ldez](https://github.com/ldez))
- **[k8s,k8s/crd,tcp]** Add support for TCP (in kubernetes CRD) ([#4885](https://github.com/containous/traefik/pull/4885) by [mpl](https://github.com/mpl))
- **[server]** Rework loadbalancer support ([#4933](https://github.com/containous/traefik/pull/4933) by [juliens](https://github.com/juliens))
- **[sticky-session]** HttpOnly and Secure flags on the affinity cookie ([#4947](https://github.com/containous/traefik/pull/4947) by [gheibia](https://github.com/gheibia))
- **[tls]** Define TLS options on the Router configuration ([#4931](https://github.com/containous/traefik/pull/4931) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[tracing]** Added support for Haystack tracing ([#4555](https://github.com/containous/traefik/pull/4555) by [aantono](https://github.com/aantono))
**Bug fixes:**
- **[logs]** Fix typos in data collection message ([#4891](https://github.com/containous/traefik/pull/4891) by [mpl](https://github.com/mpl))
- **[middleware]** change doc references to scheme[Rr]edirect -&gt; redirect[Ss]cheme ([#4959](https://github.com/containous/traefik/pull/4959) by [topiaruss](https://github.com/topiaruss))
- **[rules]** Allow matching with FQDN hosts with trailing periods ([#4763](https://github.com/containous/traefik/pull/4763) by [dtomcej](https://github.com/dtomcej))
- **[tcp]** Remove first byte wait when tcp catches all ([#4938](https://github.com/containous/traefik/pull/4938) by [juliens](https://github.com/juliens))
- **[tcp]** Don&#39;t add TCP proxy when error occurs during creation. ([#4858](https://github.com/containous/traefik/pull/4858) by [ldez](https://github.com/ldez))
**Documentation:**
- **[acme]** Add note about ACME renewal ([#4860](https://github.com/containous/traefik/pull/4860) by [dtomcej](https://github.com/dtomcej))
- **[docker]** Remove traefik.port from documentation ([#4886](https://github.com/containous/traefik/pull/4886) by [ldez](https://github.com/ldez))
- **[docker]** Clarify docs with labels in Swarm Mode ([#4847](https://github.com/containous/traefik/pull/4847) by [mikesir87](https://github.com/mikesir87))
- **[k8s]** Fix typo in the CRD documentation ([#4902](https://github.com/containous/traefik/pull/4902) by [llussy](https://github.com/llussy))
- **[middleware,provider]** fix the documentation about middleware labels. ([#4888](https://github.com/containous/traefik/pull/4888) by [ldez](https://github.com/ldez))
- **[middleware]** Review documentation ([#4798](https://github.com/containous/traefik/pull/4798) by [ldez](https://github.com/ldez))
- **[middleware]** compress link fixed ([#4817](https://github.com/containous/traefik/pull/4817) by [gato](https://github.com/gato))
- **[middleware]** Fix strip prefix documentation ([#4829](https://github.com/containous/traefik/pull/4829) by [mmatur](https://github.com/mmatur))
- **[middleware]** Fix Kubernetes Docs for Middlewares ([#4943](https://github.com/containous/traefik/pull/4943) by [HurricanKai](https://github.com/HurricanKai))
- **[middleware]** Correct typo in documentation on rate limiting ([#4939](https://github.com/containous/traefik/pull/4939) by [ableuler](https://github.com/ableuler))
- **[middleware]** docker-compose basic auth needs double dollar signs ([#4831](https://github.com/containous/traefik/pull/4831) by [muhlemmer](https://github.com/muhlemmer))
- **[middleware]** Adds a reference to the middleware overview. ([#4824](https://github.com/containous/traefik/pull/4824) by [ldez](https://github.com/ldez))
- **[middleware]** Update headers middleware docs for kubernetes crd ([#4955](https://github.com/containous/traefik/pull/4955) by [orhanhenrik](https://github.com/orhanhenrik))
- **[rancher]** fix: Rancher documentation. ([#4818](https://github.com/containous/traefik/pull/4818) by [ldez](https://github.com/ldez))
- **[rancher]** Specify that Rancher provider is for 1.x only ([#4923](https://github.com/containous/traefik/pull/4923) by [bradjones1](https://github.com/bradjones1))
- **[tls]** fix: typo in routing example. ([#4849](https://github.com/containous/traefik/pull/4849) by [ldez](https://github.com/ldez))
- Clarification of the correct pronunciation of the word &#34;Traefik&#34; ([#4834](https://github.com/containous/traefik/pull/4834) by [ylamlum-g4m](https://github.com/ylamlum-g4m))
- Fix typos in documentation ([#4884](https://github.com/containous/traefik/pull/4884) by [michael-k](https://github.com/michael-k))
- Entry points CLI description. ([#4896](https://github.com/containous/traefik/pull/4896) by [ldez](https://github.com/ldez))
- Improve the &#34;reading path&#34; for new contributors ([#4908](https://github.com/containous/traefik/pull/4908) by [dduportal](https://github.com/dduportal))
- Fixed spelling typo ([#4848](https://github.com/containous/traefik/pull/4848) by [mikesir87](https://github.com/mikesir87))
- Fixed readme misspelling ([#4882](https://github.com/containous/traefik/pull/4882) by [antondalgren](https://github.com/antondalgren))
- Minor fix in documentation ([#4811](https://github.com/containous/traefik/pull/4811) by [mmatur](https://github.com/mmatur))
- Add Mathieu Lonjaret to maintainers ([#4950](https://github.com/containous/traefik/pull/4950) by [emilevauge](https://github.com/emilevauge))
- Fix a typo in documentation ([#4794](https://github.com/containous/traefik/pull/4794) by [groovytron](https://github.com/groovytron))
**Misc:**
- Cherry pick v1.7 into v2.0 ([#4948](https://github.com/containous/traefik/pull/4948) by [ldez](https://github.com/ldez))
- Cherry pick v1.7 into v2.0 ([#4823](https://github.com/containous/traefik/pull/4823) by [ldez](https://github.com/ldez))
## [v1.7.12](https://github.com/containous/traefik/tree/v1.7.12) (2019-05-29)
[All Commits](https://github.com/containous/traefik/compare/v1.7.11...v1.7.12)
**Bug fixes:**
- **[acme]** Allow SANs for wildcards domain. ([#4821](https://github.com/containous/traefik/pull/4821) by [vizv](https://github.com/vizv))
- **[acme]** fix: update lego. ([#4910](https://github.com/containous/traefik/pull/4910) by [ldez](https://github.com/ldez))
- **[api,authentication]** Remove authentication hashes from API ([#4918](https://github.com/containous/traefik/pull/4918) by [ldez](https://github.com/ldez))
- **[consul]** Enhance KV logs. ([#4877](https://github.com/containous/traefik/pull/4877) by [ldez](https://github.com/ldez))
- **[k8s]** Fix kubernetes template for backend responseforwarding flushinterval setting ([#4901](https://github.com/containous/traefik/pull/4901) by [ravilr](https://github.com/ravilr))
- **[metrics]** Upgraded DataDog tracing library to 1.13.0 ([#4878](https://github.com/containous/traefik/pull/4878) by [aantono](https://github.com/aantono))
- **[server]** Add missing callback on close of hijacked connections ([#4900](https://github.com/containous/traefik/pull/4900) by [ravilr](https://github.com/ravilr))
**Documentation:**
- **[docker]** Docs: Troubleshooting help for Docker Swarm labels ([#4751](https://github.com/containous/traefik/pull/4751) by [gregberns](https://github.com/gregberns))
- **[logs]** Adds a log fields documentation. ([#4890](https://github.com/containous/traefik/pull/4890) by [ldez](https://github.com/ldez))
## [v1.7.11](https://github.com/containous/traefik/tree/v1.7.11) (2019-04-26)
[All Commits](https://github.com/containous/traefik/compare/v1.7.10...v1.7.11)
**Enhancements:**
- **[k8s,k8s/ingress]** Enhance k8s tests maintainability ([#4696](https://github.com/containous/traefik/pull/4696) by [ldez](https://github.com/ldez))
**Bug fixes:**
- **[acme]** fix: update lego. ([#4800](https://github.com/containous/traefik/pull/4800) by [ldez](https://github.com/ldez))
- **[authentication,middleware]** Forward all header values from forward auth response ([#4515](https://github.com/containous/traefik/pull/4515) by [ctas582](https://github.com/ctas582))
- **[cluster]** Remove usage of github.com/satori/go.uuid ([#4722](https://github.com/containous/traefik/pull/4722) by [aaslamin](https://github.com/aaslamin))
- **[kv]** Enhance KV client error management ([#4819](https://github.com/containous/traefik/pull/4819) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[tls]** Improve log message about redundant TLS certificate ([#4765](https://github.com/containous/traefik/pull/4765) by [mpl](https://github.com/mpl))
- **[tracing]** Update zipkin-go-opentracing. ([#4720](https://github.com/containous/traefik/pull/4720) by [ldez](https://github.com/ldez))
**Documentation:**
- **[acme]** Documentation Update: Hosting.de wildcard support tested ([#4747](https://github.com/containous/traefik/pull/4747) by [martinhoefling](https://github.com/martinhoefling))
- **[acme]** Update Wildcard Domain documentation ([#4682](https://github.com/containous/traefik/pull/4682) by [DWSR](https://github.com/DWSR))
- **[middleware]** Keep consistent order ([#4690](https://github.com/containous/traefik/pull/4690) by [maxifom](https://github.com/maxifom))
## [v2.0.0-alpha4](https://github.com/containous/traefik/tree/v2.0.0-alpha4) (2019-04-17)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha3...v2.0.0-alpha4)

2
CONTRIBUTING.md
View File

@@ -1,3 +1,3 @@
# Contributing
See https://docs.traefik.io.
See <https://docs.traefik.io/v2.0/contributing/thank-you/>.

210
Gopkg.lock generated
View File

@@ -54,6 +54,14 @@
pruneopts = "NUT"
revision = "a368813c5e648fee92e5f6c30e3944ff9d5e8895"
[[projects]]
digest = "1:be4a03871fbc5250d19bcbc2d2b21c3c58fd97b048de64ec1ff4c8e3890d4f1b"
name = "github.com/ExpediaDotCom/haystack-client-go"
packages = ["."]
pruneopts = "NUT"
revision = "e7edbdf53a61a82ed143809088ed582312ff7e36"
version = "0.2.3"
[[projects]]
digest = "1:ab7fee312bbdc8070d0325d841de8704cc78bf032b076200f1458659b74b8ed6"
name = "github.com/JamesClonk/vultr"
@@ -143,12 +151,9 @@
[[projects]]
branch = "master"
digest = "1:28be1959f81e9a6dec3058768a4c4535cf73fcd6e171d21688ad0a7fdf49d43a"
digest = "1:d37d0fa13c422a0b85981fe42ff8f176885921294cf0c3ce585c160669cc32bb"
name = "github.com/abronan/valkeyrie"
packages = [
".",
"store",
]
packages = ["store"]
pruneopts = "NUT"
revision = "063d875e3c5fd734fa2aa12fac83829f62acfc70"
@@ -287,17 +292,6 @@
pruneopts = "NUT"
revision = "d83ebdd94cbdbcd9c6c6a22e1a0cde05e55d9d90"
[[projects]]
digest = "1:3cd675d508d3f9067704d36011c7a262fc0a0bf1ad0361a7d1e60a405d12941e"
name = "github.com/containous/flaeg"
packages = [
".",
"parse",
]
pruneopts = "NUT"
revision = "c93d194b807ef171c43344d60adad8b58217390a"
version = "v1.4.1"
[[projects]]
branch = "master"
digest = "1:3a789aa5487458c1fc913b47be763e5906e1524f1143acb8617287866184f9a7"
@@ -306,14 +300,6 @@
pruneopts = "NUT"
revision = "c33f32e268983f989290677351b871b65da75ba5"
[[projects]]
digest = "1:a4f16a1b72349621b887bde88f458da518160abcb600eae3d591d8a2afa78bda"
name = "github.com/containous/staert"
packages = ["."]
pruneopts = "NUT"
revision = "7a9987c3a6d46be84e141a5c3191347ec10af17d"
version = "v3.1.2"
[[projects]]
digest = "1:fa91847d50d3f656fc2d2d608b9749b97d77528e8988ad8001f957640545e91e"
name = "github.com/coreos/go-systemd"
@@ -598,7 +584,7 @@
revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee"
[[projects]]
digest = "1:a04af13190b67ff69cf8fcd79ee133a24c4a7a900cacbc296261dd43f3fbde5c"
digest = "1:d82b2dc81c551e7c15f31523a2cc8ee9121b39cfbf63174d98a0bc8edf2d3c5e"
name = "github.com/go-acme/lego"
packages = [
"acme",
@@ -622,6 +608,7 @@
"providers/dns/alidns",
"providers/dns/auroradns",
"providers/dns/azure",
"providers/dns/bindman",
"providers/dns/bluecat",
"providers/dns/cloudflare",
"providers/dns/cloudns",
@@ -640,6 +627,7 @@
"providers/dns/dreamhost",
"providers/dns/duckdns",
"providers/dns/dyn",
"providers/dns/easydns",
"providers/dns/exec",
"providers/dns/exoscale",
"providers/dns/fastdns",
@@ -652,6 +640,7 @@
"providers/dns/httpreq",
"providers/dns/iij",
"providers/dns/inwx",
"providers/dns/joker",
"providers/dns/lightsail",
"providers/dns/linode",
"providers/dns/linodev4",
@@ -683,8 +672,8 @@
"registration",
]
pruneopts = "NUT"
revision = "aaecc1ca7254190b71c5f01f57ee3bb6701bc937"
version = "v2.4.0"
revision = "01903cdfb9869df45cf5274c53226823a2532f2d"
version = "v2.6.0"
[[projects]]
branch = "fork-containous"
@@ -695,6 +684,14 @@
revision = "ca0bf163426aa183d03fd4949101785c0347f273"
source = "github.com/containous/check"
[[projects]]
digest = "1:ea1d5bfdb4ec5c2ee48c97865e6de1a28fa8c4849a3f56b27d521aa619038e06"
name = "github.com/go-errors/errors"
packages = ["."]
pruneopts = "NUT"
revision = "a6af135bd4e28680facf08a3d206b454abc877a4"
version = "v1.0.1"
[[projects]]
digest = "1:5e92676b56ce4c69edf9ee1f6343c56f637e30af11b9d8b5edd1b6530f3fbc3d"
name = "github.com/go-ini/ini"
@@ -765,7 +762,7 @@
revision = "44145f04b68cf362d9c4df2182967c2275eaefed"
[[projects]]
digest = "1:03e14cff610a8a58b774e36bd337fa979482be86aab01be81fb8bbd6d0f07fc8"
digest = "1:2d0636a8c490d2272dd725db26f74a537111b99b9dbdda0d8b98febe63702aa4"
name = "github.com/golang/protobuf"
packages = [
"proto",
@@ -775,8 +772,8 @@
"ptypes/timestamp",
]
pruneopts = "NUT"
revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265"
version = "v1.1.0"
revision = "b5d812f8a3706043e23a9cd5babf2e5423744d30"
version = "v1.3.1"
[[projects]]
branch = "master"
@@ -1014,6 +1011,25 @@
pruneopts = "NUT"
revision = "b84e30acd515aadc4b783ad4ff83aff3299bdfe0"
[[projects]]
digest = "1:1082aeb059ff66b4fb6da53f9e7591726c6a81901f05ce48a470091784b23914"
name = "github.com/labbsr0x/bindman-dns-webhook"
packages = [
"src/client",
"src/types",
]
pruneopts = "NUT"
revision = "234ca2a50eebc2095f42a884709a6e9013366d86"
version = "v1.0.0"
[[projects]]
branch = "master"
digest = "1:ad2a63b2d6dfe7d66bf14c01f1171a3951abef6e0fb136170359c3f7c4f51615"
name = "github.com/labbsr0x/goh"
packages = ["gohclient"]
pruneopts = "NUT"
revision = "60aa50bcbca768de1b8d37d7185daab4cf023ed2"
[[projects]]
branch = "master"
digest = "1:5a96e1f04259484b3dd183ca95d1e7bff768b1bab36c530e308a8d56243b50c7"
@@ -1190,14 +1206,6 @@
revision = "d8152159450570012552f924a0ae6ab3d8c617e0"
version = "v0.6.0"
[[projects]]
branch = "master"
digest = "1:95d27e49401b61dd203a4cf8237037bd6cd49599651f855ac1988c4ae27b090e"
name = "github.com/ogier/pflag"
packages = ["."]
pruneopts = "NUT"
revision = "45c278ab3607870051a2ea9040bb85fcb8557481"
[[projects]]
digest = "1:69e47979091e47a10e5ff0e2776ca71aa3e884238ce446bd71e246878ba0858d"
name = "github.com/opencontainers/go-digest"
@@ -1408,25 +1416,18 @@
revision = "1f30fe9094a513ce4c700b9a54458bbb0c96996c"
[[projects]]
branch = "master"
digest = "1:09d61699d553a4e6ec998ad29816177b1f3d3ed0c18fe923d2c174ec065c99c8"
name = "github.com/ryanuber/go-glob"
packages = ["."]
pruneopts = "NUT"
revision = "256dc444b735e061061cf46c809487313d5b0065"
[[projects]]
branch = "master"
digest = "1:fff470b0a7bbf05cfe8bfc73bfdf4d21eb009ea84e601f3d27781474e5da960f"
digest = "1:253f275bd72c42f8d234712d1574c8b222fe9b72838bfaca11b21ace9c0e3d0a"
name = "github.com/sacloud/libsacloud"
packages = [
".",
"api",
"sacloud",
"sacloud/ostype",
"utils/mutexkv",
]
pruneopts = "NUT"
revision = "306ea89b6ef19334614f7b0fc5aa19595022bb8c"
revision = "41c392dee98a83260abbe0fcd5c13beb7c75d103"
version = "v1.21.1"
[[projects]]
digest = "1:6bc0652ea6e39e22ccd522458b8bdd8665bf23bdc5a20eec90056e4dc7e273ca"
@@ -1480,13 +1481,6 @@
pruneopts = "NUT"
revision = "c4434f09ec131ecf30f986d5dcb1636508bfa49a"
[[projects]]
digest = "1:84b9a5318d8ce3b8a9b1509bf15734f4f9dcd4decf9d9e9c7346a16c7b64d49e"
name = "github.com/thoas/stats"
packages = ["."]
pruneopts = "NUT"
revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
[[projects]]
branch = "master"
digest = "1:99ce99ce6d6d0cbc5f822cda92095906e01d5546d60999ac839ab008938e4e17"
@@ -1580,7 +1574,7 @@
[[projects]]
branch = "master"
digest = "1:c878a802780168c80738d74607d14e7cb8765706990ae1260a3fd271c2c3b133"
digest = "1:d7ace03de79a9cec30e7a55cc16160602760470c5fe031b780dc2d84234d7f5a"
name = "github.com/vulcand/oxy"
packages = [
"buffer",
@@ -1593,15 +1587,15 @@
"utils",
]
pruneopts = "NUT"
revision = "c34b0c501e43223bc816ac9b40b0ac29c44c8952"
revision = "3d629cff40b7040e0519628e7774ed11a95d9aff"
[[projects]]
digest = "1:ca6bac407fedc14fbeeba861dd33a821ba3a1624c10126ec6003b0a28d4139c5"
digest = "1:b9d8cc221fb40078c7eb78d73b1702b5b548511b3d62bbd56b2f8180089c79af"
name = "github.com/vulcand/predicate"
packages = ["."]
pruneopts = "NUT"
revision = "939c094524d124c55fa8afe0e077701db4a865e2"
version = "v1.0.0"
revision = "8fbfb3ab0e94276b6b58bec378600829adc7a203"
version = "v1.1.0"
[[projects]]
branch = "master"
@@ -1626,6 +1620,42 @@
pruneopts = "NUT"
revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70"
[[projects]]
digest = "1:aafe0319af5410fb19a23a575ea6ee4b14253e122ef87f936bac65ea1e6b280c"
name = "go.opencensus.io"
packages = [
".",
"internal",
"internal/tagencoding",
"metric/metricdata",
"metric/metricproducer",
"plugin/ochttp",
"plugin/ochttp/propagation/b3",
"resource",
"stats",
"stats/internal",
"stats/view",
"tag",
"trace",
"trace/internal",
"trace/propagation",
"trace/tracestate",
]
pruneopts = "NUT"
revision = "df6e2001952312404b06f5f6f03fcb4aec1648e5"
version = "v0.21.0"
[[projects]]
branch = "master"
digest = "1:02fe59517e10f9b400b500af8ac228c74cecb0cba7a5f438d8283edb97e14270"
name = "go.uber.org/ratelimit"
packages = [
".",
"internal/clock",
]
pruneopts = "NUT"
revision = "c15da02342779cb6dc027fc95ee2277787698f36"
[[projects]]
branch = "master"
digest = "1:30c1930f8c9fee79f3af60c8b7cd92edd12a4f22187f5527d53509b1a794f555"
@@ -1647,7 +1677,7 @@
[[projects]]
branch = "master"
digest = "1:62afa19ba5d4c75369a1d6446688e33ef3c04a40aeedd819cf044a509747b563"
digest = "1:4d0fb9f19b2af3461e900a526395330403b39d839f126b66312215f153892ccc"
name = "golang.org/x/net"
packages = [
"bpf",
@@ -1655,6 +1685,7 @@
"context/ctxhttp",
"http/httpguts",
"http2",
"http2/h2c",
"http2/hpack",
"idna",
"internal/iana",
@@ -1669,7 +1700,7 @@
"websocket",
]
pruneopts = "NUT"
revision = "e514e69ffb8bc3c76a71ae40de0118d794855992"
revision = "da137c7871d730100384dbcf36e6f8fa493aef5b"
[[projects]]
branch = "master"
@@ -1687,15 +1718,14 @@
revision = "ec22f46f877b4505e0117eeaab541714644fdd28"
[[projects]]
branch = "master"
digest = "1:4e67fdd7a13cbdb3c0dff0a7505abbdf4f42b12b27da350d66bffdc700db2899"
digest = "1:51bfac9fe01b6a949bfed6db70b00bada281f0d64e5296ec644163aa977bfee0"
name = "golang.org/x/sys"
packages = [
"unix",
"windows",
]
pruneopts = "NUT"
revision = "fff93fa7cd278d84afc205751523809c464168ab"
revision = "1c9583448a9c3aa0f9a6a5241bf73c0bd8aafded"
[[projects]]
digest = "1:ca9ebfc1200ca7423d9778dba9cdd463704753541c99dc4896f15e0b8b2bf1e8"
@@ -1744,16 +1774,21 @@
[[projects]]
branch = "master"
digest = "1:da32ebe70dd3ec97d2df26281b08b18d05c2f12491ae79f389813f6c8d3006b3"
digest = "1:70c173b8ecc111dd01dc07f0ada72c076e4ed91618ee559312ef8adf154cc539"
name = "google.golang.org/api"
packages = [
"dns/v1",
"gensupport",
"googleapi",
"googleapi/internal/uritemplates",
"googleapi/transport",
"internal",
"option",
"transport/http",
"transport/http/internal/propagation",
]
pruneopts = "NUT"
revision = "de943baf05a022a8f921b544b7827bacaba1aed5"
revision = "067bed655e9cbc26f4dbac8f8897b30756d90990"
[[projects]]
digest = "1:7206d98ec77c90c72ec2c405181a1dcf86965803b6dbc4f98ceab7a5047c37a9"
@@ -1781,22 +1816,31 @@
revision = "09f6ed296fc66555a25fe4ce95173148778dfa85"
[[projects]]
digest = "1:a840929a3a2d91282dc853cbd5f586069c14ae373247fb7d4cb4fa02b285326e"
digest = "1:ffb498178a6bbe5a877e715cc85a40d5a712883d85f5bf05acf26dbd6c8f71e2"
name = "google.golang.org/grpc"
packages = [
".",
"balancer",
"balancer/base",
"balancer/roundrobin",
"channelz",
"binarylog/grpc_binarylog_v1",
"codes",
"connectivity",
"credentials",
"credentials/internal",
"encoding",
"encoding/proto",
"grpclb/grpc_lb_v1/messages",
"grpclog",
"internal",
"internal/backoff",
"internal/balancerload",
"internal/binarylog",
"internal/channelz",
"internal/envconfig",
"internal/grpcrand",
"internal/grpcsync",
"internal/syscall",
"internal/transport",
"keepalive",
"metadata",
"naming",
@@ -1807,14 +1851,13 @@
"stats",
"status",
"tap",
"transport",
]
pruneopts = "NUT"
revision = "41344da2231b913fa3d983840a57a6b1b7b631a1"
version = "v1.12.0"
revision = "25c4f928eaa6d96443009bd842389fb4fa48664e"
version = "v1.20.1"
[[projects]]
digest = "1:b886012746f19e2a7c6c3901ea9f86e8a5e32ff2b4407086f4f3181269976957"
digest = "1:b49eceff862a3048ec28dad1fce40bcbdc1703119dbad35d7e5f1beb4f9a4527"
name = "gopkg.in/DataDog/dd-trace-go.v1"
packages = [
"ddtrace",
@@ -1822,10 +1865,11 @@
"ddtrace/internal",
"ddtrace/opentracer",
"ddtrace/tracer",
"internal/globalconfig",
]
pruneopts = "NUT"
revision = "7fb2bce4b1ed6ab61f7a9e1be30dea56de19db7c"
version = "v1.8.0"
revision = "c19e9e56d5b5b71b6507ce1b0ec06d85aa3705a1"
version = "v1.14.0"
[[projects]]
digest = "1:c970218a20933dd0a2eb2006de922217fa9276f57d25009b2a934eb1c50031cc"
@@ -2173,6 +2217,7 @@
analyzer-version = 1
input-imports = [
"github.com/BurntSushi/toml",
"github.com/ExpediaDotCom/haystack-client-go",
"github.com/Masterminds/sprig",
"github.com/NYTimes/gziphandler",
"github.com/abbot/go-http-auth",
@@ -2180,10 +2225,7 @@
"github.com/armon/go-proxyproto",
"github.com/cenkalti/backoff",
"github.com/containous/alice",
"github.com/containous/flaeg",
"github.com/containous/flaeg/parse",
"github.com/containous/mux",
"github.com/containous/staert",
"github.com/coreos/go-systemd/daemon",
"github.com/davecgh/go-spew/spew",
"github.com/docker/docker/api/types",
@@ -2230,23 +2272,21 @@
"github.com/mitchellh/copystructure",
"github.com/mitchellh/hashstructure",
"github.com/mvdan/xurls",
"github.com/ogier/pflag",
"github.com/opentracing/opentracing-go",
"github.com/opentracing/opentracing-go/ext",
"github.com/opentracing/opentracing-go/log",
"github.com/openzipkin-contrib/zipkin-go-opentracing",
"github.com/patrickmn/go-cache",
"github.com/pmezard/go-difflib/difflib",
"github.com/prometheus/client_golang/prometheus",
"github.com/prometheus/client_golang/prometheus/promhttp",
"github.com/prometheus/client_model/go",
"github.com/rancher/go-rancher-metadata/metadata",
"github.com/ryanuber/go-glob",
"github.com/sirupsen/logrus",
"github.com/stretchr/testify/assert",
"github.com/stretchr/testify/mock",
"github.com/stretchr/testify/require",
"github.com/stvp/go-udp-testing",
"github.com/thoas/stats",
"github.com/uber/jaeger-client-go",
"github.com/uber/jaeger-client-go/config",
"github.com/uber/jaeger-client-go/zipkin",
@@ -2262,15 +2302,15 @@
"github.com/vulcand/oxy/roundrobin",
"github.com/vulcand/oxy/utils",
"github.com/vulcand/predicate",
"golang.org/x/net/http/httpguts",
"golang.org/x/net/http2",
"golang.org/x/net/http2/hpack",
"golang.org/x/net/http2/h2c",
"golang.org/x/net/websocket",
"google.golang.org/grpc",
"google.golang.org/grpc/credentials",
"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/opentracer",
"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer",
"gopkg.in/fsnotify.v1",
"gopkg.in/yaml.v2",
"k8s.io/api/core/v1",
"k8s.io/api/extensions/v1beta1",
"k8s.io/apimachinery/pkg/api/errors",

45
Gopkg.toml
View File

@@ -69,10 +69,6 @@ required = [
name = "github.com/cenkalti/backoff"
version = "2.1.1"
[[constraint]]
name = "github.com/containous/flaeg"
version = "1.4.1"
[[constraint]]
branch = "master"
name = "github.com/containous/mux"
@@ -81,14 +77,10 @@ required = [
branch = "containous-fork"
name = "github.com/containous/alice"
[[constraint]]
name = "github.com/containous/staert"
version = "3.1.2"
[[constraint]]
name = "github.com/thoas/stats"
# related to https://github.com/thoas/stats/pull/32
revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
#[[constraint]]
# name = "github.com/thoas/stats"
# # related to https://github.com/thoas/stats/pull/32
# revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
[[constraint]]
name = "github.com/coreos/go-systemd"
@@ -137,9 +129,9 @@ required = [
# branch = "master"
# name = "github.com/jjcollinge/servicefabric"
[[constraint]]
branch = "master"
name = "github.com/abronan/valkeyrie"
#[[constraint]]
# branch = "master"
# name = "github.com/abronan/valkeyrie"
#[[constraint]]
# name = "github.com/mesosphere/mesos-dns"
@@ -154,10 +146,6 @@ required = [
name = "github.com/rancher/go-rancher-metadata"
source = "github.com/containous/go-rancher-metadata"
[[constraint]]
branch = "master"
name = "github.com/ryanuber/go-glob"
[[constraint]]
name = "github.com/Masterminds/sprig"
version = "2.19.0"
@@ -193,13 +181,20 @@ required = [
name = "github.com/vulcand/oxy"
[[constraint]]
# branch = "master"
name = "github.com/go-acme/lego"
version = "2.4.0"
version = "2.6.0"
[[constraint]]
name = "google.golang.org/grpc"
version = "1.5.2"
version = "1.13.0"
[[override]]
name = "golang.org/x/sys"
revision = "1c9583448a9c3aa0f9a6a5241bf73c0bd8aafded"
[[constraint]]
name = "github.com/golang/protobuf"
version = "v1.3.0"
[[constraint]]
name = "gopkg.in/fsnotify.v1"
@@ -278,8 +273,12 @@ required = [
[[constraint]]
name = "gopkg.in/DataDog/dd-trace-go.v1"
version = "1.7.0"
version = "1.13.0"
[[constraint]]
name = "github.com/instana/go-sensor"
version = "1.4.12"
[[constraint]]
name = "github.com/ExpediaDotCom/haystack-client-go"
version = "0.2.3"

2
Makefile
View File

@@ -96,10 +96,12 @@ test-integration: $(PRE_TARGET)
## Validate code and docs
validate-files: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
bash $(CURDIR)/script/validate-shell-script.sh
## Validate code, docs, and vendor
validate: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
bash $(CURDIR)/script/validate-shell-script.sh
## Clean up static directory and build a Docker Traefik image
build-image: binary

7
README.md
View File

@@ -8,11 +8,11 @@
[![Go Report Card](https://goreportcard.com/badge/containous/traefik)](http://goreportcard.com/report/containous/traefik)
[![](https://images.microbadger.com/badges/image/traefik.svg)](https://microbadger.com/images/traefik)
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
[![Join the chat at https://slack.traefik.io](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://slack.traefik.io)
[![Join the community support forum at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Traefik (pronounced _traffic_) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
@@ -103,8 +103,7 @@ A collection of contributions around Traefik can be found at [https://awesome.tr
## Support
To get community support, you can:
- join the Traefik community Slack channel: [![Join the chat at https://slack.traefik.io](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://slack.traefik.io)
- use [Stack Overflow](https://stackoverflow.com/questions/tagged/traefik) (using the `traefik` tag)
- join the Traefik community forum: [![Join the chat at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
If you need commercial support, please contact [Containo.us](https://containo.us) by mail: <mailto:support@containo.us>.

190
cmd/configuration.go
View File

@@ -3,40 +3,27 @@ package cmd
import (
"time"
"github.com/containous/flaeg/parse"
"github.com/containous/traefik/pkg/config/static"
"github.com/containous/traefik/pkg/middlewares/accesslog"
"github.com/containous/traefik/pkg/ping"
"github.com/containous/traefik/pkg/provider/docker"
"github.com/containous/traefik/pkg/provider/file"
"github.com/containous/traefik/pkg/provider/kubernetes/ingress"
"github.com/containous/traefik/pkg/provider/marathon"
"github.com/containous/traefik/pkg/provider/rancher"
"github.com/containous/traefik/pkg/provider/rest"
"github.com/containous/traefik/pkg/tracing/datadog"
"github.com/containous/traefik/pkg/tracing/instana"
"github.com/containous/traefik/pkg/tracing/jaeger"
"github.com/containous/traefik/pkg/tracing/zipkin"
"github.com/containous/traefik/pkg/types"
jaegercli "github.com/uber/jaeger-client-go"
)
// TraefikConfiguration holds GlobalConfiguration and other stuff
type TraefikConfiguration struct {
static.Configuration `mapstructure:",squash" export:"true"`
ConfigFile string `short:"c" description:"Configuration file to use (TOML)." export:"true"`
// TraefikCmdConfiguration wraps the static configuration and extra parameters.
type TraefikCmdConfiguration struct {
static.Configuration `export:"true"`
// ConfigFile is the path to the configuration file.
ConfigFile string `description:"Configuration file to use. If specified all other flags are ignored." export:"true"`
}
// NewTraefikConfiguration creates a TraefikConfiguration with default values
func NewTraefikConfiguration() *TraefikConfiguration {
return &TraefikConfiguration{
// NewTraefikConfiguration creates a TraefikCmdConfiguration with default values.
func NewTraefikConfiguration() *TraefikCmdConfiguration {
return &TraefikCmdConfiguration{
Configuration: static.Configuration{
Global: &static.Global{
CheckNewVersion: true,
},
EntryPoints: make(static.EntryPoints),
Providers: &static.Providers{
ProvidersThrottleDuration: parse.Duration(2 * time.Second),
ProvidersThrottleDuration: types.Duration(2 * time.Second),
},
ServersTransport: &static.ServersTransport{
MaxIdleConnsPerHost: 200,
@@ -45,162 +32,3 @@ func NewTraefikConfiguration() *TraefikConfiguration {
ConfigFile: "",
}
}
// NewTraefikDefaultPointersConfiguration creates a TraefikConfiguration with pointers default values
func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
// default File
var defaultFile file.Provider
defaultFile.Watch = true
defaultFile.Filename = "" // needs equivalent to viper.ConfigFileUsed()
// default Ping
var defaultPing = ping.Handler{
EntryPoint: "traefik",
}
// default TraefikLog
defaultTraefikLog := types.TraefikLog{
Format: "common",
FilePath: "",
}
// default AccessLog
defaultAccessLog := types.AccessLog{
Format: accesslog.CommonFormat,
FilePath: "",
Filters: &types.AccessLogFilters{},
Fields: &types.AccessLogFields{
DefaultMode: types.AccessLogKeep,
Headers: &types.FieldHeaders{
DefaultMode: types.AccessLogKeep,
},
},
}
// default Tracing
defaultTracing := static.Tracing{
Backend: "jaeger",
ServiceName: "traefik",
SpanNameLimit: 0,
Jaeger: &jaeger.Config{
SamplingServerURL: "http://localhost:5778/sampling",
SamplingType: "const",
SamplingParam: 1.0,
LocalAgentHostPort: "127.0.0.1:6831",
Propagation: "jaeger",
Gen128Bit: false,
TraceContextHeaderName: jaegercli.TraceContextHeaderName,
},
Zipkin: &zipkin.Config{
HTTPEndpoint: "http://localhost:9411/api/v1/spans",
SameSpan: false,
ID128Bit: true,
Debug: false,
SampleRate: 1.0,
},
DataDog: &datadog.Config{
LocalAgentHostPort: "localhost:8126",
GlobalTag: "",
Debug: false,
PrioritySampling: false,
},
Instana: &instana.Config{
LocalAgentHost: "localhost",
LocalAgentPort: 42699,
LogLevel: "info",
},
}
// default ApiConfiguration
defaultAPI := static.API{
EntryPoint: "traefik",
Dashboard: true,
}
defaultAPI.Statistics = &types.Statistics{
RecentErrors: 10,
}
// default Metrics
defaultMetrics := types.Metrics{
Prometheus: &types.Prometheus{
Buckets: types.Buckets{0.1, 0.3, 1.2, 5},
EntryPoint: static.DefaultInternalEntryPointName,
},
Datadog: &types.Datadog{
Address: "localhost:8125",
PushInterval: "10s",
},
StatsD: &types.Statsd{
Address: "localhost:8125",
PushInterval: "10s",
},
InfluxDB: &types.InfluxDB{
Address: "localhost:8089",
Protocol: "udp",
PushInterval: "10s",
},
}
defaultResolver := types.HostResolverConfig{
CnameFlattening: false,
ResolvConfig: "/etc/resolv.conf",
ResolvDepth: 5,
}
var defaultDocker docker.Provider
defaultDocker.Watch = true
defaultDocker.ExposedByDefault = true
defaultDocker.Endpoint = "unix:///var/run/docker.sock"
defaultDocker.SwarmMode = false
defaultDocker.SwarmModeRefreshSeconds = 15
defaultDocker.DefaultRule = docker.DefaultTemplateRule
// default Rest
var defaultRest rest.Provider
defaultRest.EntryPoint = static.DefaultInternalEntryPointName
// default Marathon
var defaultMarathon marathon.Provider
defaultMarathon.Watch = true
defaultMarathon.Endpoint = "http://127.0.0.1:8080"
defaultMarathon.ExposedByDefault = true
defaultMarathon.DialerTimeout = parse.Duration(5 * time.Second)
defaultMarathon.ResponseHeaderTimeout = parse.Duration(60 * time.Second)
defaultMarathon.TLSHandshakeTimeout = parse.Duration(5 * time.Second)
defaultMarathon.KeepAlive = parse.Duration(10 * time.Second)
defaultMarathon.DefaultRule = marathon.DefaultTemplateRule
// default Kubernetes
var defaultKubernetes ingress.Provider
// default Rancher
var defaultRancher rancher.Provider
defaultRancher.Watch = true
defaultRancher.ExposedByDefault = true
defaultRancher.EnableServiceHealthFilter = true
defaultRancher.RefreshSeconds = 15
defaultRancher.DefaultRule = rancher.DefaultTemplateRule
defaultRancher.Prefix = "latest"
defaultProviders := static.Providers{
File: &defaultFile,
Docker: &defaultDocker,
Rest: &defaultRest,
Marathon: &defaultMarathon,
Kubernetes: &defaultKubernetes,
Rancher: &defaultRancher,
}
return &TraefikConfiguration{
Configuration: static.Configuration{
Providers: &defaultProviders,
Log: &defaultTraefikLog,
AccessLog: &defaultAccessLog,
Ping: &defaultPing,
API: &defaultAPI,
Metrics: &defaultMetrics,
Tracing: &defaultTracing,
HostResolver: &defaultResolver,
},
}
}

35
cmd/healthcheck/healthcheck.go
View File

@@ -7,34 +7,34 @@ import (
"os"
"time"
"github.com/containous/flaeg"
"github.com/containous/traefik/cmd"
"github.com/containous/traefik/pkg/cli"
"github.com/containous/traefik/pkg/config/static"
)
// NewCmd builds a new HealthCheck command
func NewCmd(traefikConfiguration *cmd.TraefikConfiguration, traefikPointersConfiguration *cmd.TraefikConfiguration) *flaeg.Command {
return &flaeg.Command{
Name: "healthcheck",
Description: `Calls traefik /ping to check health (web provider must be enabled)`,
Config: traefikConfiguration,
DefaultPointersConfig: traefikPointersConfiguration,
Run: runCmd(traefikConfiguration),
Metadata: map[string]string{
"parseAllSources": "true",
},
// NewCmd builds a new HealthCheck command.
func NewCmd(traefikConfiguration *static.Configuration, loaders []cli.ResourceLoader) *cli.Command {
return &cli.Command{
Name: "healthcheck",
Description: `Calls Traefik /ping to check the health of Traefik (the API must be enabled).`,
Configuration: traefikConfiguration,
Run: runCmd(traefikConfiguration),
Resources: loaders,
}
}
func runCmd(traefikConfiguration *cmd.TraefikConfiguration) func() error {
return func() error {
traefikConfiguration.Configuration.SetEffectiveConfiguration(traefikConfiguration.ConfigFile)
func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error {
return func(_ []string) error {
traefikConfiguration.SetEffectiveConfiguration("")
resp, errPing := Do(traefikConfiguration.Configuration)
resp, errPing := Do(*traefikConfiguration)
if resp != nil {
resp.Body.Close()
}
if errPing != nil {
fmt.Printf("Error calling healthcheck: %s\n", errPing)
os.Exit(1)
}
if resp.StatusCode != http.StatusOK {
fmt.Printf("Bad healthcheck status: %s\n", resp.Status)
os.Exit(1)
@@ -50,6 +50,7 @@ func Do(staticConfiguration static.Configuration) (*http.Response, error) {
if staticConfiguration.Ping == nil {
return nil, errors.New("please enable `ping` to use health check")
}
pingEntryPoint, ok := staticConfiguration.EntryPoints[staticConfiguration.Ping.EntryPoint]
if !ok {
return nil, errors.New("missing `ping` entrypoint")

150
cmd/storeconfig/storeconfig.go
View File

@@ -1,150 +0,0 @@
package storeconfig
import (
"encoding/json"
"fmt"
stdlog "log"
"github.com/containous/flaeg"
"github.com/containous/staert"
"github.com/containous/traefik/cmd"
)
// NewCmd builds a new StoreConfig command
func NewCmd(traefikConfiguration *cmd.TraefikConfiguration, traefikPointersConfiguration *cmd.TraefikConfiguration) *flaeg.Command {
return &flaeg.Command{
Name: "storeconfig",
Description: `Stores the static traefik configuration into a Key-value stores. Traefik will not start.`,
Config: traefikConfiguration,
DefaultPointersConfig: traefikPointersConfiguration,
HideHelp: true, // TODO storeconfig
Metadata: map[string]string{
"parseAllSources": "true",
},
}
}
// Run store config in KV
func Run(kv *staert.KvSource, traefikConfiguration *cmd.TraefikConfiguration) func() error {
return func() error {
if kv == nil {
return fmt.Errorf("error using command storeconfig, no Key-value store defined")
}
fileConfig := traefikConfiguration.Providers.File
if fileConfig != nil {
traefikConfiguration.Providers.File = nil
if len(fileConfig.Filename) == 0 && len(fileConfig.Directory) == 0 {
fileConfig.Filename = traefikConfiguration.ConfigFile
}
}
jsonConf, err := json.Marshal(traefikConfiguration.Configuration)
if err != nil {
return err
}
stdlog.Printf("Storing configuration: %s\n", jsonConf)
err = kv.StoreConfig(traefikConfiguration.Configuration)
if err != nil {
return err
}
if fileConfig != nil {
jsonConf, err = json.Marshal(fileConfig)
if err != nil {
return err
}
stdlog.Printf("Storing file configuration: %s\n", jsonConf)
config, err := fileConfig.BuildConfiguration()
if err != nil {
return err
}
stdlog.Print("Writing config to KV")
err = kv.StoreConfig(config)
if err != nil {
return err
}
}
// if traefikConfiguration.Configuration.ACME != nil {
// account := &acme.Account{}
//
// accountInitialized, err := keyExists(kv, traefikConfiguration.Configuration.ACME.Storage)
// if err != nil && err != store.ErrKeyNotFound {
// return err
// }
//
// // Check to see if ACME account object is already in kv store
// if traefikConfiguration.Configuration.ACME.OverrideCertificates || !accountInitialized {
//
// // Stores the ACME Account into the KV Store
// // Certificates in KV Stores will be overridden
// meta := cluster.NewMetadata(account)
// err = meta.Marshall()
// if err != nil {
// return err
// }
//
// source := staert.KvSource{
// Store: kv,
// Prefix: traefikConfiguration.Configuration.ACME.Storage,
// }
//
// err = source.StoreConfig(meta)
// if err != nil {
// return err
// }
// }
// }
return nil
}
}
// func keyExists(source *staert.KvSource, key string) (bool, error) {
// list, err := source.List(key, nil)
// if err != nil {
// return false, err
// }
//
// return len(list) > 0, nil
// }
// CreateKvSource creates KvSource
// TLS support is enable for Consul and Etcd backends
func CreateKvSource(traefikConfiguration *cmd.TraefikConfiguration) (*staert.KvSource, error) {
var kv *staert.KvSource
// var kvStore store.Store
var err error
// TODO kv store
// switch {
// case traefikConfiguration.Providers.Consul != nil:
// kvStore, err = traefikConfiguration.Providers.Consul.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Consul.Prefix,
// }
// case traefikConfiguration.Providers.Etcd != nil:
// kvStore, err = traefikConfiguration.Providers.Etcd.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Etcd.Prefix,
// }
// case traefikConfiguration.Providers.Zookeeper != nil:
// kvStore, err = traefikConfiguration.Providers.Zookeeper.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Zookeeper.Prefix,
// }
// case traefikConfiguration.Providers.Boltdb != nil:
// kvStore, err = traefikConfiguration.Providers.Boltdb.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Boltdb.Prefix,
// }
// }
return kv, err
}

170
cmd/traefik/traefik.go
View File

@@ -4,38 +4,30 @@ import (
"context"
"encoding/json"
"fmt"
fmtlog "log"
stdlog "log"
"net/http"
"os"
"path/filepath"
"reflect"
"strings"
"time"
"github.com/cenkalti/backoff"
"github.com/containous/flaeg"
"github.com/containous/staert"
"github.com/containous/traefik/autogen/genstatic"
"github.com/containous/traefik/cmd"
"github.com/containous/traefik/cmd/healthcheck"
"github.com/containous/traefik/cmd/storeconfig"
cmdVersion "github.com/containous/traefik/cmd/version"
"github.com/containous/traefik/pkg/cli"
"github.com/containous/traefik/pkg/collector"
"github.com/containous/traefik/pkg/config"
"github.com/containous/traefik/pkg/config/static"
"github.com/containous/traefik/pkg/job"
"github.com/containous/traefik/pkg/log"
"github.com/containous/traefik/pkg/provider/aggregator"
"github.com/containous/traefik/pkg/provider/kubernetes/k8s"
"github.com/containous/traefik/pkg/safe"
"github.com/containous/traefik/pkg/server"
"github.com/containous/traefik/pkg/server/router"
traefiktls "github.com/containous/traefik/pkg/tls"
"github.com/containous/traefik/pkg/types"
"github.com/containous/traefik/pkg/version"
"github.com/coreos/go-systemd/daemon"
assetfs "github.com/elazarl/go-bindata-assetfs"
"github.com/ogier/pflag"
"github.com/sirupsen/logrus"
"github.com/vulcand/oxy/roundrobin"
)
@@ -48,141 +40,38 @@ func init() {
os.Setenv("GODEBUG", goDebug+"tls13=1")
}
// sliceOfStrings is the parser for []string
type sliceOfStrings []string
// String is the method to format the flag's value, part of the flag.Value interface.
// The String method's output will be used in diagnostics.
func (s *sliceOfStrings) String() string {
return strings.Join(*s, ",")
}
// Set is the method to set the flag value, part of the flag.Value interface.
// Set's argument is a string to be parsed to set the flag.
// It's a comma-separated list, so we split it.
func (s *sliceOfStrings) Set(value string) error {
parts := strings.Split(value, ",")
if len(parts) == 0 {
return fmt.Errorf("bad []string format: %s", value)
}
for _, entrypoint := range parts {
*s = append(*s, entrypoint)
}
return nil
}
// Get return the []string
func (s *sliceOfStrings) Get() interface{} {
return *s
}
// SetValue sets the []string with val
func (s *sliceOfStrings) SetValue(val interface{}) {
*s = val.([]string)
}
// Type is type of the struct
func (s *sliceOfStrings) Type() string {
return "sliceOfStrings"
}
func main() {
// traefik config inits
traefikConfiguration := cmd.NewTraefikConfiguration()
traefikPointersConfiguration := cmd.NewTraefikDefaultPointersConfiguration()
tConfig := cmd.NewTraefikConfiguration()
// traefik Command init
traefikCmd := &flaeg.Command{
loaders := []cli.ResourceLoader{&cli.FileLoader{}, &cli.FlagLoader{}, &cli.EnvLoader{}}
cmdTraefik := &cli.Command{
Name: "traefik",
Description: `Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
Complete documentation is available at https://traefik.io`,
Config: traefikConfiguration,
DefaultPointersConfig: traefikPointersConfiguration,
Run: func() error {
return runCmd(&traefikConfiguration.Configuration, traefikConfiguration.ConfigFile)
Configuration: tConfig,
Resources: loaders,
Run: func(_ []string) error {
return runCmd(&tConfig.Configuration, cli.GetConfigFile(loaders))
},
}
// storeconfig Command init
storeConfigCmd := storeconfig.NewCmd(traefikConfiguration, traefikPointersConfiguration)
// init flaeg source
f := flaeg.New(traefikCmd, os.Args[1:])
// add custom parsers
f.AddParser(reflect.TypeOf(static.EntryPoints{}), &static.EntryPoints{})
f.AddParser(reflect.SliceOf(reflect.TypeOf("")), &sliceOfStrings{})
f.AddParser(reflect.TypeOf(traefiktls.FilesOrContents{}), &traefiktls.FilesOrContents{})
f.AddParser(reflect.TypeOf(types.Constraints{}), &types.Constraints{})
f.AddParser(reflect.TypeOf(k8s.Namespaces{}), &k8s.Namespaces{})
f.AddParser(reflect.TypeOf([]types.Domain{}), &types.Domains{})
f.AddParser(reflect.TypeOf(types.DNSResolvers{}), &types.DNSResolvers{})
f.AddParser(reflect.TypeOf(types.Buckets{}), &types.Buckets{})
f.AddParser(reflect.TypeOf(types.StatusCodes{}), &types.StatusCodes{})
f.AddParser(reflect.TypeOf(types.FieldNames{}), &types.FieldNames{})
f.AddParser(reflect.TypeOf(types.FieldHeaderNames{}), &types.FieldHeaderNames{})
// add commands
f.AddCommand(cmdVersion.NewCmd())
f.AddCommand(storeConfigCmd)
f.AddCommand(healthcheck.NewCmd(traefikConfiguration, traefikPointersConfiguration))
usedCmd, err := f.GetCommand()
err := cmdTraefik.AddCommand(healthcheck.NewCmd(&tConfig.Configuration, loaders))
if err != nil {
fmtlog.Println(err)
stdlog.Println(err)
os.Exit(1)
}
if _, err := f.Parse(usedCmd); err != nil {
if err == pflag.ErrHelp {
os.Exit(0)
}
fmtlog.Printf("Error parsing command: %s\n", err)
os.Exit(1)
}
// staert init
s := staert.NewStaert(traefikCmd)
// init TOML source
toml := staert.NewTomlSource("traefik", []string{traefikConfiguration.ConfigFile, "/etc/traefik/", "$HOME/.traefik/", "."})
// add sources to staert
s.AddSource(toml)
s.AddSource(f)
if _, err := s.LoadConfig(); err != nil {
fmtlog.Printf("Error reading TOML config file %s : %s\n", toml.ConfigFileUsed(), err)
os.Exit(1)
}
traefikConfiguration.ConfigFile = toml.ConfigFileUsed()
kv, err := storeconfig.CreateKvSource(traefikConfiguration)
err = cmdTraefik.AddCommand(cmdVersion.NewCmd())
if err != nil {
fmtlog.Printf("Error creating kv store: %s\n", err)
stdlog.Println(err)
os.Exit(1)
}
storeConfigCmd.Run = storeconfig.Run(kv, traefikConfiguration)
// if a KV Store is enable and no sub-command called in args
if kv != nil && usedCmd == traefikCmd {
s.AddSource(kv)
operation := func() error {
_, err := s.LoadConfig()
return err
}
notify := func(err error, time time.Duration) {
log.WithoutContext().Errorf("Load config error: %+v, retrying in %s", err, time)
}
err := backoff.RetryNotify(safe.OperationWithRecover(operation), job.NewBackOff(backoff.NewExponentialBackOff()), notify)
if err != nil {
fmtlog.Printf("Error loading configuration: %s\n", err)
os.Exit(1)
}
}
if err := s.Run(); err != nil {
fmtlog.Printf("Error running traefik: %s\n", err)
err = cli.Execute(cmdTraefik)
if err != nil {
stdlog.Println(err)
os.Exit(1)
}
@@ -192,10 +81,6 @@ Complete documentation is available at https://traefik.io`,
func runCmd(staticConfiguration *static.Configuration, configFile string) error {
configureLogging(staticConfiguration)
if len(configFile) > 0 {
log.WithoutContext().Infof("Using TOML configuration file %s", configFile)
}
http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
if err := roundrobin.SetDefaultWeight(0); err != nil {
@@ -289,7 +174,11 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
safe.Go(func() {
tick := time.Tick(t)
for range tick {
_, errHealthCheck := healthcheck.Do(*staticConfiguration)
resp, errHealthCheck := healthcheck.Do(*staticConfiguration)
if resp != nil {
resp.Body.Close()
}
if staticConfiguration.Ping == nil || errHealthCheck == nil {
if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok {
log.WithoutContext().Error("Fail to tick watchdog")
@@ -309,22 +198,17 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
func configureLogging(staticConfiguration *static.Configuration) {
// configure default log flags
fmtlog.SetFlags(fmtlog.Lshortfile | fmtlog.LstdFlags)
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
// configure log level
// an explicitly defined log level always has precedence. if none is
// given and debug mode is disabled, the default is ERROR, and DEBUG
// otherwise.
var levelStr string
if staticConfiguration.Log != nil {
levelStr := "error"
if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
levelStr = strings.ToLower(staticConfiguration.Log.Level)
}
if levelStr == "" {
levelStr = "error"
if staticConfiguration.Global.Debug {
levelStr = "debug"
}
}
level, err := logrus.ParseLevel(levelStr)
if err != nil {
log.WithoutContext().Errorf("Error getting level: %v", err)
@@ -377,7 +261,7 @@ func checkNewVersion() {
func stats(staticConfiguration *static.Configuration) {
if staticConfiguration.Global.SendAnonymousUsage == nil {
log.WithoutContext().Error(`
You haven't specify the sendAnonymousUsage option, it will be enable by default.
You haven't specified the sendAnonymousUsage option, it will be enabled by default.
`)
sendAnonymousUsage := true
staticConfiguration.Global.SendAnonymousUsage = &sendAnonymousUsage

16
cmd/version/version.go
View File

@@ -7,7 +7,7 @@ import (
"runtime"
"text/template"
"github.com/containous/flaeg"
"github.com/containous/traefik/pkg/cli"
"github.com/containous/traefik/pkg/version"
)
@@ -18,19 +18,17 @@ Built: {{.BuildTime}}
OS/Arch: {{.Os}}/{{.Arch}}`
// NewCmd builds a new Version command
func NewCmd() *flaeg.Command {
return &flaeg.Command{
Name: "version",
Description: `Print version`,
Config: struct{}{},
DefaultPointersConfig: struct{}{},
Run: func() error {
func NewCmd() *cli.Command {
return &cli.Command{
Name: "version",
Description: `Shows the current Traefik version.`,
Configuration: nil,
Run: func(_ []string) error {
if err := GetPrint(os.Stdout); err != nil {
return err
}
fmt.Print("\n")
return nil
},
}
}

1
docs/.markdownlint.json
View File

@@ -3,6 +3,7 @@
"MD007": { "indent": 4 },
"MD009": false,
"MD013": false,
"MD024": false,
"MD026": false,
"MD033": false,
"MD034": false,

0
old/docs/img/grpc.svg → docs/content/assets/img/user-guides/grpc.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 186 KiB

After

Width:  |  Height:  |  Size: 186 KiB

4
docs/content/assets/js/hljs/highlight.pack.js
View File

File diff suppressed because one or more lines are too long

12
docs/content/contributing/building-testing.md
View File

@@ -43,7 +43,7 @@ $ ls dist/
traefik*
```
The following targets can be executed outside Docker (we don't recommend that):
The following targets can be executed outside Docker by setting the variable `PRE_TARGET` to an empty string (we don't recommend that):
- `test-unit`
- `test-integration`
@@ -61,24 +61,24 @@ PRE_TARGET= make test-unit
You need `go` v1.12+.
!!! tip "Source Directory"
It is recommended that you clone Traefik into the `~/go/src/github.com/containous/traefik` directory.
This is the official golang workspace hierarchy that will allow dependencies to be properly resolved.
!!! note "Environment"
Set your `GOPATH` and `PATH` variable to be set to `~/go` via:
```bash
export GOPATH=~/go
export PATH=$PATH:$GOPATH/bin
```
For convenience, add `GOPATH` and `PATH` to your `.bashrc` or `.bash_profile`
Verify your environment is setup properly by running `$ go env`.
Depending on your OS and environment, you should see an output similar to:
```bash
GOARCH="amd64"
GOBIN=""

27
docs/content/contributing/data-collection.md
View File

@@ -14,9 +14,9 @@ For this very reason, the sendAnonymousUsage option is mandatory: we want you to
??? example "Enabling Data Collection with TOML"
```toml
[Global]
# Send anonymous usage data
sendAnonymousUsage = true
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
??? example "Enabling Data Collection with the CLI"
@@ -51,24 +51,23 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
```toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web]
address = ":80"
[api]
[Docker]
[providers.docker]
endpoint = "tcp://10.10.10.10:2375"
domain = "foo.bir"
exposedByDefault = true
swarmMode = true
[Docker.TLS]
[providers.docker.TLS]
ca = "dockerCA"
cert = "dockerCert"
key = "dockerKey"
insecureSkipVerify = true
[ECS]
[providers.ecs]
domain = "foo.bar"
exposedByDefault = true
clusters = ["foo-bar"]
@@ -81,24 +80,24 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
```toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web]
address = ":80"
[api]
[Docker]
[providers.docker]
endpoint = "xxxx"
domain = "xxxx"
exposedByDefault = true
swarmMode = true
[Docker.TLS]
[providers.docker.TLS]
ca = "xxxx"
cert = "xxxx"
key = "xxxx"
insecureSkipVerify = false
[ECS]
[providers.ecs]
domain = "xxxx"
exposedByDefault = true
clusters = []

2
docs/content/contributing/documentation.md
View File

@@ -10,7 +10,7 @@ Let's see how.
### General
This [documentation](http://docs.traefik.io/) is built with [mkdocs](http://mkdocs.org/).
This [documentation](https://docs.traefik.io/) is built with [mkdocs](https://mkdocs.org/).
### Method 1: `Docker` and `make`

3
docs/content/contributing/maintainers.md
View File

@@ -16,6 +16,7 @@
* Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
* Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
* Damien Duportal [@dduportal](https://github.com/dduportal)
* Mathieu Lonjaret [@mpl](https://github.com/mpl)
## Contributions Daily Meeting
@@ -27,7 +28,7 @@
* Modifying an issue or a pull request (labels, assignees, milestone) is only possible:
* During the Contributions Daily Meeting
* By an assigned maintainer
* In case of emergency, if a change proposal is approved by 2 other maintainers (on Slack, Discord, etc)
* In case of emergency, if a change proposal is approved by 2 other maintainers (on Slack, Discord, Discourse, etc)
## PR review process:

7
docs/content/contributing/submitting-issues.md
View File

@@ -11,11 +11,10 @@ To save us some time and get quicker feedback, be sure to follow the guide lines
!!! important "Getting Help Vs Reporting an Issue"
The issue tracker is not a general support forum, but a place to report bugs and asks for new features.
For end-user related support questions, try using first:
- the Traefik community Slack channel: [![Join the chat at https://slack.traefik.io](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://slack.traefik.io)
- [Stack Overflow](https://stackoverflow.com/questions/tagged/traefik) (using the `traefik` tag)
- the Traefik community forum: [![Join the chat at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
## Issue Title

2
docs/content/contributing/submitting-pull-requests.md
View File

@@ -42,4 +42,4 @@ Help the readers focus on what matters, and help them understand the structure o
!!! tip "10 Tips for Better Pull Requests"
We enjoyed this article, maybe you will too! [10 tips for better pull requests](http://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).
We enjoyed this article, maybe you will too! [10 tips for better pull requests](https://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).

17
docs/content/contributing/thank-you.md
View File

@@ -8,3 +8,20 @@ and wouldn't have become what it is today without the help of our [many contribu
not accounting for people having helped with issues, tests, comments, articles, ... or just enjoying it and letting others know.
So once again, thank you for your invaluable help on making Traefik such a good product.
!!! question "Where to Go Next?"
If you want to:
- Propose and idea, request a feature a report a bug,
read the page [Submitting Issues](./submitting-issues.md).
- Discover how to make an efficient contribution,
read the page [Submitting Pull Requests](./submitting-pull-requests.md).
- Learn how to build and test Traefik,
the page [Building and Testing](./building-testing.md) is for you.
- Contribute to the documentation,
read the related page [Documentation](./documentation.md).
- Understand how do we learn about Traefik usage,
read the [Data Collection](./data-collection.md) page.
- Spread the love about Traefik, please check the [Advocating](./advocating.md) page.
- Learn about who are the maintainers and how they work on the project,
read the [Maintainers](./maintainers.md) page.

2
docs/content/getting-started/concepts.md
View File

@@ -14,7 +14,7 @@ it knows all the logic and every rule that determine which services handle which
Where traditionally edge routers (or reverse proxies) need a configuration file that contains every possible route to your services, Traefik gets them from the services themselves.
Deploying your services, you attach information that tell Traefik the characteristics of the requests the services can handle.
Deploying your services, you attach information that tells Traefik the characteristics of the requests the services can handle.
![Decentralized Configuration](../assets/img/traefik-concepts-2.png)

59
docs/content/getting-started/configuration-overview.md
View File

@@ -6,14 +6,14 @@ How the Magic Happens
![Configuration](../assets/img/static-dynamic-configuration.png)
Configuration in Traefik can refer to two different things:
- The fully dynamic routing configuration (referred to as the _dynamic configuration_)
- The startup configuration (referred to as the _static configuration_)
Elements in the _static configuration_ set up connections to [providers](../../providers/overview/) and define the [entrypoints](../../routing/entrypoints/) Traefik will listen to (these elements don't change often).
Elements in the _static configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
The _dynamic configuration_ contains everything that defines how the requests are handled by your system.
This configuration can change and is seamlessly hot-reloaded, without any request interuption or connection loss.
This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
!!! warning "Incompatible Configuration"
Please be aware that the old configurations for Traefik v1.X are NOT compatible with the v2.X config as of now.
@@ -24,7 +24,7 @@ This configuration can change and is seamlessly hot-reloaded, without any reques
Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file. Since this configuration is specific to your infrastructure choices, we invite you to refer to the [dedicated section of this documentation](../providers/overview.md).
!!! Note
In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers.
!!! Note
@@ -33,31 +33,28 @@ Traefik gets its _dynamic configuration_ from [providers](../providers/overview.
## The Static Configuration
There are three different locations where you can define static configuration options in Traefik:
There are three different, mutually exclusive, ways to define static configuration options in Traefik:
- In a key-value store
- In the command-line arguments
- In a configuration file
- In the command-line arguments
- As environment variables
If you don't provide a value for a given option, default values apply.
These ways are evaluated in the order listed above.
!!! important "Precedence Order"
The following precedence order applies for configuration options: key-value > command-line > configuration file.
If no value was provided for a given option, a default value applies.
Moreover, if an option has sub-options, and any of these sub-options is not specified, a default value will apply as well.
It means that arguments override configuration file, and key-value store overrides arguments.
!!! important "Default Values"
Some root options are enablers: they set default values for all their children.
For example, the `--providers.docker` option enables the docker provider.
Once positioned, this option sets (and resets) all the default values under the root `providers.docker`.
If you define child options using a lesser precedence configuration source, they will be overwritten by the default values.
For example, the `--providers.docker` option is enough by itself to enable the docker provider, even though sub-options like `--providers.docker.endpoint` exist.
Once positioned, this option sets (and resets) all the default values of the sub-options of `--providers.docker`.
### Configuration File
At startup, Traefik searches for a file named `traefik.toml` in `/etc/traefik/`, `$HOME/.traefik/`, and `.` (_the working directory_).
At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` or `traefik.yaml`) in:
- `/etc/traefik/`
- `$XDG_CONFIG_HOME/`
- `$HOME/.config/`
- `.` (_the working directory_).
You can override this using the `configFile` argument.
@@ -67,16 +64,22 @@ traefik --configFile=foo/bar/myconfigfile.toml
### Arguments
Use `traefik --help` to get the list of the available arguments.
To get the list of all available arguments:
### Key-Value Stores
```bash
traefik --help
Traefik supports several Key-value stores:
# or
- [Consul](https://consul.io)
- [etcd](https://coreos.com/etcd/)
- [ZooKeeper](https://zookeeper.apache.org/)
- [boltdb](https://github.com/boltdb/bolt)
docker run traefik[:version] --help
# ex: docker run traefik:2.0 --help
```
All available arguments can also be found [here](../reference/static-configuration/cli.md).
### Environment Variables
All available environment variables can be found [here](../reference/static-configuration/env.md)
## Available Configuration Options

20
docs/content/getting-started/quick-start.md
View File

@@ -14,13 +14,18 @@ version: '3'
services:
reverse-proxy:
image: traefik:v2.0 # The official v2.0 Traefik docker image
command: --api --providers.docker # Enables the web UI and tells Traefik to listen to docker
# The official v2.0 Traefik docker image
image: traefik:v2.0
# Enables the web UI and tells Traefik to listen to docker
command: --api --providers.docker
ports:
- "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api)
# The HTTP port
- "80:80"
# The Web UI (enabled by --api)
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
# So that Traefik can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
```
**That's it. Now you can launch Traefik!**
@@ -42,7 +47,8 @@ Edit your `docker-compose.yml` file and add the following at the end of your fil
```yaml
# ...
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
# A container that exposes an API to show its IP address
image: containous/whoami
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
```
@@ -81,7 +87,7 @@ docker-compose up -d --scale whoami=2
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new instance of the container.
Finally, see that Traefik load-balances between the two instances of your services by running twice the following command:
Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:
```shell
curl -H Host:whoami.docker.localhost http://127.0.0.1

145
docs/content/https-tls/overview.md
View File

@@ -1,145 +0,0 @@
# HTTPS & TLS
Traefik supports HTTPS & TLS, and is able to accept new certificates / updates over time (without being restarted).
TLS is enabled at the [router](../routing/routers/index.md) level, but some options are configured in dedicated sections (`tlsOptions` & `tlsStores`) described in this section.
## Configuration Example
??? example "Configuring a Default Certificate"
```toml
[tlsStores]
[tlsStores.default]
[tlsStores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
??? example "Configuring a Minimum TLS Version"
```toml
[tlsOptions]
[tlsOptions.default]
minVersion = "VersionTLS12"
```
??? example "Defining Certificates"
```toml
[[tls]]
[tls.certificate]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls]]
[tls.certificate]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "File Provider Only"
In the above example, we've used the [file provider](../providers/file.md) to handle the TLS configuration (tlsStores, tlsOptions, and TLS certificates).
In its current alpha version, it is the only available method to configure these elements.
Of course, these options are hot reloaded and can be updated at runtime (they belong to the [dynamic configuration](../getting-started/configuration-overview.md)).
## Configuration Options
### Dynamic Certificates
To add / remove TLS certificates while Traefik is running, the [file provider](../providers/file.md) supports Dynamic TLS certificates in its `[[tls]]` section.
!!! example "Defining Certificates"
```toml
[[tls]]
stores = ["default"]
[tls.certificate]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls]]
stores = ["default"]
[tls.certificate]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
??? note "Stores"
During the alpha version, the stores option will be ignored and be automatically set to ["default"].
### Mutual Authentication
Traefik supports both optional and non optional (defaut value) mutual authentication.
- When `optional = false`, Traefik accepts connections only from client presenting a certificate signed by a CA listed in `ClientCA.files`.
- When `optional = true`, Traefik authorizes connections from client presenting a certificate signed by an unknown CA.
!!! example "Non Optional Mutual Authentication"
In the following example, both `snitest.com` and `snitest.org` will require client certificates.
```toml
[tlsOptions]
[tlsOptions.default]
[tlsOptions.default.ClientCA]
files = ["tests/clientca1.crt", "tests/clientca2.crt"]
optional = false
```
??? note "ClientCA.files"
You can use a file per `CA:s`, or a single file containing multiple `CA:s` (in `PEM` format).
`ClientCA.files` is not optional: every client will have to present a valid certificate. (This requirement will apply to every server certificate declared in the entrypoint.)
### Minimum TLS Version
!!! example "Min TLS version & [cipherSuites](https://godoc.org/crypto/tls#pkg-constants)"
```toml
[tlsOptions]
[tlsOptions.default]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
```
### Strict SNI Checking
With strict SNI checking, Traefik won't allow connections without a matching certificate.
!!! example "Strict SNI"
```toml
[tlsOptions]
[tlsOptions.default]
sniStrict = true
```
### Default Certificate
Traefik can use a default certificate for connections without a SNI, or without a matching domain.
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
!!! example "Setting a Default Certificate"
```toml
[tlsStores]
[tlsStores.default]
[tlsStores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
??? note "Only One Default Certificate"
There can only be one `defaultCertificate` per tlsOptions.
??? note "Default TLS Store"
During the alpha version, there is only one globally available TLS Store (`default`).

401
docs/content/https-tls/acme.md → docs/content/https/acme.md
View File

@@ -1,4 +1,4 @@
# ACME
# Let's Encrypt
Automatic HTTPS
{: .subtitle }
@@ -12,50 +12,106 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
??? example "Enabling ACME"
```toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.http-tls]
address = ":443"
[acme] # every router with TLS enabled will now be able to use ACME for its certificates
email = "your-email@your-domain.org"
storage = "acme.json"
onHostRule = true # dynamic generation based on the Host() & HostSNI() matchers
[acme.httpChallenge]
entryPoint = "web" # used during the challenge
```
??? example "Configuring Wildcard Certificates"
```toml
```toml tab="TOML"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.http-tls]
address = ":443"
# every router with TLS enabled will now be able to use ACME for its certificates
[acme]
email = "your-email@your-domain.org"
storage = "acme.json"
# dynamic generation based on the Host() & HostSNI() matchers
onHostRule = true
[acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```yaml tab="YAML"
entryPoints:
web:
address: ":80"
http-tls:
address: ":443"
# every router with TLS enabled will now be able to use ACME for its certificates
acme:
email: your-email@your-domain.org
storage: acme.json
# dynamic generation based on the Host() & HostSNI() matchers
onHostRule: true
httpChallenge:
# used during the challenge
entryPoint: web
```
??? example "Configuring Wildcard Certificates"
```toml tab="TOML"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.http-tls]
address = ":443"
[acme]
email = "your-email@your-domain.org"
storage = "acme.json"
[acme.dnsChallenge]
provider = "xxx"
[[acme.domains]]
main = "*.mydomain.com"
sans = ["mydomain.com"]
```
```yaml tab="YAML"
entryPoints:
web:
address: ":80"
http-tls:
address: ":443"
acme:
email: your-email@your-domain.org
storage: acme.json
dnsChallenge:
provide: xxx
domains:
- main: "*.mydomain.com"
sans:
- mydomain.com
```
??? note "Configuration Reference"
There are many available options for ACME. For a quick glance at what's possible, browse the configuration reference:
There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference:
```toml
--8<-- "content/https-tls/ref-acme.toml"
```toml tab="TOML"
--8<-- "content/https/ref-acme.toml"
```
```yaml tab="YAML"
--8<-- "content/https/ref-acme.yaml"
```
## Automatic Renewals
Traefik automatically tracks the expiry date of ACME certificates it generates.
If there are less than 30 days remaining before the certificate expires, Traefik will attempt to renew it automatically.
!!! note
Certificates that are no longer used may still be renewed, as Traefik does not currently check if the certificate is being used before renewing.
## The Different ACME Challenges
@@ -68,9 +124,14 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
??? example "Configuring the `tlsChallenge`"
```toml
```toml tab="TOML"
[acme]
[acme.tlsChallenge]
[acme.tlsChallenge]
```
```yaml tab="YAML"
acme:
tlsChallenge: {}
```
### `httpChallenge`
@@ -82,11 +143,18 @@ when using the `HTTP-01` challenge, `acme.httpChallenge.entryPoint` must be reac
??? example "Using an EntryPoint Called http for the `httpChallenge`"
```toml
```toml tab="TOML"
[acme]
# ...
[acme.httpChallenge]
entryPoint = "http"
# ...
[acme.httpChallenge]
entryPoint = "http"
```
```yaml tab="YAML"
acme:
# ...
httpChallenge:
entryPoint: http
```
!!! note
@@ -98,12 +166,21 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
```toml
```toml tab="TOML"
[acme]
# ...
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```yaml tab="YAML"
acme:
# ...
dnsChallenge:
provider: digitalocean
delayBeforeCheck: 0
# ...
```
@@ -119,63 +196,63 @@ Do not hesitate to complete it.
Every lego environment variable can be overridden by their respective `_FILE` counterpart, which should have a filepath to a file that contains the secret as its value.
For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used to provide a Cloudflare API email address as a Docker secret named `traefik_cf-api-email`.
| Provider Name | Provider Code | Environment Variables | Wildcard & Root Domain Support |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | Not tested yet |
| [Alibaba Cloud](https://www.vultr.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | Not tested yet |
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | Not tested yet |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | Not tested yet |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | Not tested yet |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | YES |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key` | YES |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | Not tested yet |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | YES |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | YES |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | YES |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | Not tested yet |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | Not tested yet |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | YES |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | YES |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | YES |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | Not tested yet |
| External Program | `exec` | `EXEC_PATH` | YES |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | YES |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | YES |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | Not tested yet |
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | YES |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | Not tested yet |
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | Not tested yet |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | YES |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | YES |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | YES |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | Not tested yet |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | YES |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | Not tested yet |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | Not tested yet |
| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | Not tested yet |
| manual | - | none, but you need to run Traefik interactively [^4], turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | YES |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | YES |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | YES |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | Not tested yet |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | Not tested yet |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | Not tested yet |
| [Ns1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | Not tested yet |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | Not tested yet |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | YES |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | YES |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | YES |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | Not tested yet |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | Not tested yet |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | Not tested yet |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | YES |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | Not tested yet |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | YES |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | Not tested yet |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | YES |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | Not tested yet |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | YES |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | Not tested yet |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | YES |
| Provider Name | Provider Code | Environment Variables | |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.vultr.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/fastdns) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linodev4) |
| manual | - | none, but you need to run Traefik interactively [^4], turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Ns1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
[^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application)
@@ -191,12 +268,22 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
Use custom DNS servers to resolve the FQDN authority.
```toml
```toml tab="TOML"
[acme]
# ...
[acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
# ...
[acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```yaml tab="YAML"
acme:
# ...
dnsChallenge:
# ...
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
```
#### Wildcard Domains
@@ -204,12 +291,23 @@ Use custom DNS servers to resolve the FQDN authority.
[ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](#dnschallenge).
```toml
```toml tab="TOML"
[acme]
# ...
[[acme.domains]]
main = "*.local1.com"
sans = ["local1.com"]
# ...
[[acme.domains]]
main = "*.local1.com"
sans = ["local1.com"]
# ...
```
```yaml tab="YAML"
acme:
# ...
domains:
- main: "*.local1.com"
sans:
- local1.com
# ...
```
@@ -231,17 +329,33 @@ You can set SANs (alternative domains) for each main domain.
Every domain must have A/AAAA records pointing to Traefik.
Each domain & SAN will lead to a certificate request.
```toml
```toml tab="TOML"
[acme]
# ...
[[acme.domains]]
main = "local1.com"
sans = ["test1.local1.com", "test2.local1.com"]
[[acme.domains]]
main = "local2.com"
[[acme.domains]]
main = "*.local3.com"
sans = ["local3.com", "test1.test1.local3.com"]
# ...
[[acme.domains]]
main = "local1.com"
sans = ["test1.local1.com", "test2.local1.com"]
[[acme.domains]]
main = "local2.com"
[[acme.domains]]
main = "*.local3.com"
sans = ["local3.com", "test1.test1.local3.com"]
# ...
```
```yaml tab="YAML"
acme:
# ...
domains:
- main: "local1.com"
sans:
- "test1.local1.com"
- "test2.local1.com"
- main: "local2.com"
- main: "*.local3.com"
sans:
- "local3.com"
- "test1.test1.local3.com"
# ...
```
@@ -255,11 +369,18 @@ Each domain & SAN will lead to a certificate request.
??? example "Using the Let's Encrypt staging server"
```toml
```toml tab="TOML"
[acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```yaml tab="YAML"
acme:
# ...
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# ...
```
## `onHostRule`
@@ -268,11 +389,18 @@ Enable certificate generation on [routers](../routing/routers/index.md) `Host` &
This will request a certificate from Let's Encrypt for each router with a Host rule.
```toml
```toml tab="TOML"
[acme]
# ...
onHostRule = true
# ...
# ...
onHostRule = true
# ...
```
```yaml tab="YAML"
acme:
# ...
onHostRule: true
# ...
```
!!! note "Multiple Hosts in a Rule"
@@ -285,17 +413,23 @@ This will request a certificate from Let's Encrypt for each router with a Host r
The `storage` option sets the location where your ACME certificates are saved to.
```toml
```toml tab="TOML"
[acme]
# ...
storage = "acme.json"
# ...
# ...
storage = "acme.json"
# ...
```
The value can refer to two kinds of storage:
```yaml tab="YAML"
acme
# ...
storage: acme.json
# ...
```
The value can refer to some kinds of storage:
- a JSON file
- a KV store entry
### In a File
@@ -314,19 +448,6 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
!!! warning
For concurrency reason, this file cannot be shared across multiple instances of Traefik. Use a key value store entry instead.
### In a a Key Value Store Entry
ACME certificates can be stored in a key-value store entry.
```toml
storage = "traefik/acme/account"
```
!!! note "Storage Size"
Because key-value stores have limited entry size, the certificates list is compressed _before_ it is saved.
For example, it is possible to store up to _approximately_ 100 ACME certificates in Consul.
## Fallback
If Let's Encrypt is not reachable, the following certificates will apply:

16
docs/content/https/overview.md Normal file
View File

@@ -0,0 +1,16 @@
# HTTPS & TLS
Overview
{: .subtitle }
Traefik supports HTTPS & TLS, which concerns roughly two parts of the configuration:
routers, and the TLS connection (and its underlying certificates).
When a router has to handle HTTPS traffic,
it should be specified with a `tls` field of the router definition.
See the TLS section of the [routers documentation](../routing/routers/index.md#tls).
The next sections of this documentation explain how to configure the TLS connection itself.
That is to say, how to obtain [TLS certificates](./tls.md#certificates-definition):
either through a definition in the dynamic configuration, or through [Let's Encrypt](./acme.md) (ACME).
And how to configure [TLS options](./tls.md#tls-options), and [certificates stores](./tls.md#certificates-stores).

31
docs/content/https-tls/ref-acme.toml → docs/content/https/ref-acme.toml
View File

@@ -7,31 +7,11 @@
#
email = "test@traefik.io"
# File used for certificates storage.
#
# Optional (Deprecated)
#
#storageFile = "acme.json"
# File or key used for certificates storage.
#
# Required
#
storage = "acme.json"
# or `storage = "traefik/acme/account"` if using KV store.
# Deprecated, replaced by [acme.dnsChallenge].
#
# Optional.
#
# dnsProvider = "digitalocean"
# Deprecated, replaced by [acme.dnsChallenge.delayBeforeCheck].
#
# Optional
# Default: 0
#
# delayDontCheckDNS = 0
# If true, display debug log messages from the acme client library.
#
@@ -47,14 +27,7 @@ storage = "acme.json"
#
# overrideCertificates = true
# Deprecated. Enable on demand certificate generation.
#
# Optional
# Default: false
#
# onDemand = true
# Enable certificate generation on frontends host rules.
# Enable certificate generation on routers host rules.
#
# Optional
# Default: false
@@ -95,7 +68,7 @@ storage = "acme.json"
#
# Required
#
# entryPoint = "http"
# entryPoint = "web"
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation.

127
docs/content/https/ref-acme.yaml Normal file
View File

@@ -0,0 +1,127 @@
# Enable ACME (Let's Encrypt): automatic SSL.
acme:
# Email address used for registration.
#
# Required
#
email: "test@traefik.io"
# File or key used for certificates storage.
#
# Required
#
storage: "acme.json"
# If true, display debug log messages from the acme client library.
#
# Optional
# Default: false
#
# acmeLogging: true
# If true, override certificates in key-value store when using storeconfig.
#
# Optional
# Default: false
#
# overrideCertificates: true
# Enable certificate generation on routers host rules.
#
# Optional
# Default: false
#
# onHostRule: true
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod.
#
# Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory"
#
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
# KeyType to use.
#
# Optional
# Default: "RSA4096"
#
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
#
# KeyType: RSA4096
# Use a TLS-ALPN-01 ACME challenge.
#
# Optional (but recommended)
#
tlsChallenge:
# Use a HTTP-01 ACME challenge.
#
# Optional
#
# httpChallenge:
# EntryPoint to use for the HTTP-01 challenges.
#
# Required
#
# entryPoint: web
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation.
#
# Optional
#
# dnsChallenge:
# DNS provider used.
#
# Required
#
# provider: digitalocean
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
# Useful if internal networks block external DNS queries.
#
# Optional
# Default: 0
#
# delayBeforeCheck: 0
# Use following DNS servers to resolve the FQDN authority.
#
# Optional
# Default: empty
#
# resolvers
# - "1.1.1.1:53"
# - "8.8.8.8:53"
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
#
# NOT RECOMMENDED:
# Increase the risk of reaching Let's Encrypt's rate limits.
#
# Optional
# Default: false
#
# disablePropagationCheck: true
# Domains list.
# Only domains defined here can generate wildcard certificates.
# The certificates for these domains are negotiated at traefik startup only.
#
# domains:
# - main: "local1.com"
# sans:
# - "test1.local1.com"
# - "test2.local1.com"
# - main: "local2.com"
# - main: "*.local3.com"
# sans:
# - "local3.com"
# - "test1.test1.local3.com"

211
docs/content/https/tls.md Normal file
View File

@@ -0,0 +1,211 @@
# TLS
Transport Layer Security
{: .subtitle }
## Certificates Definition
### Automated
See the [Let's Encrypt](./acme.md) page.
### User defined
To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section:
```toml tab="TOML"
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls.certificates]]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="YAML"
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
```
!!! important "File Provider Only"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
In its current alpha version, it is the only available method to configure the certificates (as well as the options and the stores).
## Certificates Stores
In Traefik, certificates are grouped together in certificates stores, which are defined as such:
```toml tab="TOML"
[tls.stores]
[tls.stores.default]
```
```yaml tab="YAML"
tls:
stores:
default: {}
```
!!! important "Alpha restriction"
During the alpha version, any store definition other than the default one (named `default`) will be ignored,
and there is thefore only one globally available TLS store.
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
```toml tab="TOML"
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="YAML"
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
stores:
- default
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
```
!!! important "Alpha restriction"
During the alpha version, the `stores` list will actually be ignored and automatically set to `["default"]`.
### Default Certificate
Traefik can use a default certificate for connections without a SNI, or without a matching domain.
This default certificate should be defined in a TLS store:
```toml tab="TOML"
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
```yaml tab="YAML"
tls:
stores:
default:
defaultCertificate:
certFile: path/to/cert.crt
keyFile: path/to/cert.key
```
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
## TLS Options
The TLS options allow one to configure some parameters of the TLS connection.
### Minimum TLS Version
```toml tab="TOML"
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="YAML"
tls:
options:
default:
minVersion: VersionTLS12
mintls13:
minVersion: VersionTLS13
```
### Mutual Authentication
Traefik supports both optional and strict (which is the default) mutual authentication, though the `ClientCA.files` section.
If present, connections from clients without a certificate will be rejected.
For clients with a certificate, the `optional` option governs the behaviour as follows:
- When `optional = false`, Traefik accepts connections only from clients presenting a certificate signed by a CA listed in `ClientCA.files`.
- When `optional = true`, Traefik authorizes connections from clients presenting a certificate signed by an unknown CA.
```toml tab="TOML"
[tls.options]
[tls.options.default]
[tls.options.default.clientCA]
# in PEM format. each file can contain multiple CAs.
files = ["tests/clientca1.crt", "tests/clientca2.crt"]
optional = false
```
```yaml tab="YAML"
tls:
options:
default:
clientCA:
# in PEM format. each file can contain multiple CAs.
files:
- tests/clientca1.crt
- tests/clientca2.crt
optional: false
```
### Cipher Suites
See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
```toml tab="TOML"
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
```
```yaml tab="YAML"
tls:
options:
default:
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
```
### Strict SNI Checking
With strict SNI checking, Traefik won't allow connections from clients connections
that do not specify a server_name extension.
```toml tab="TOML"
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="YAML"
tls:
options:
default:
sniStrict: true
```

4
docs/content/middlewares/addprefix.md
View File

@@ -41,8 +41,8 @@ labels:
```toml tab="File"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.AddPrefix]
prefix = "/foo"
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
## Configuration Options

20
docs/content/middlewares/basicauth.md
View File

@@ -11,8 +11,12 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
```yaml tab="Docker"
# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="Kubernetes"
@@ -43,7 +47,7 @@ labels:
```toml tab="File"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicauth]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
@@ -57,7 +61,7 @@ labels:
Passwords must be encoded using MD5, SHA1, or BCrypt.
!!! tip
Use `htpasswd` to generate the passwords.
### `users`
@@ -76,7 +80,7 @@ The file content is a list of `name:encoded-password`.
??? example "A file containing test/test and test2/test2"
```
```txt
test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
```
@@ -109,8 +113,14 @@ spec:
headerField: X-WebAuth-User
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.my-auth.basicauth.headerField": "X-WebAuth-User"
}
```
```toml tab="File"
[http.middlewares.my-auth.basicauth]
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```

2
docs/content/middlewares/buffering.md
View File

@@ -46,7 +46,7 @@ labels:
# Sets the maximum request body to 2Mb
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 250000
maxRequestBodyBytes = 250000
```
## Configuration Options

39
docs/content/middlewares/chain.md
View File

@@ -19,7 +19,7 @@ labels:
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.schemeredirect.scheme=https"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
@@ -69,7 +69,7 @@ kind: Middleware
metadata:
name: https-only
spec:
schemeRedirect:
redirectScheme:
scheme: https
---
apiVersion: traefik.containo.us/v1alpha1
@@ -90,7 +90,7 @@ spec:
"traefik.http.routers.router1.rule": "Host(`mydomain`)",
"traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"traefik.http.middlewares.https-only.schemeredirect.scheme": "https",
"traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
"http.services.service1.loadbalancer.server.port": "80"
}
@@ -103,7 +103,7 @@ labels:
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.schemeredirect.scheme=https"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
@@ -111,28 +111,27 @@ labels:
```toml tab="File"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.Chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.BasicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.SchemeRedirect]
scheme = "https"
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.LoadBalancer]
[[http.services.service1.LoadBalancer.Servers]]
URL = "http://127.0.0.1:80"
Weight = 1
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```

10
docs/content/middlewares/circuitbreaker.md
View File

@@ -55,8 +55,8 @@ labels:
```toml tab="File"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
## Possible States
@@ -66,7 +66,7 @@ There are three possible states for your circuit breaker:
- Close (your service operates normally)
- Open (the fallback mechanism takes over your service)
- Recovering (the circuit breaker tries to resume normal operations by progressively sending requests to your service)
### Close
While close, the circuit breaker only collects metrics to analyze the behavior of the requests.
@@ -95,7 +95,7 @@ The `expression` can check three different metrics:
- The network error ratio (`NetworkErrorRatio`)
- The status code ratio (`ResponseCodeRatio`)
- The latency at quantile, in milliseconds (`LatencyAtQuantileMS`)
#### `NetworkErrorRatio`
If you want the circuit breaker to trigger at a 30% ratio of network errors, the expression will be `NetworkErrorRatio() > 0.30`
@@ -151,7 +151,7 @@ Here is the list of supported operators:
### Fallback mechanism
The fallback mechanism returns a `HTTP 503 Service Unavailable` to the client (instead of calling the target service). This behavior cannot be configured.
### `CheckPeriod`
The interval used to evaluate `expression` and decide if the state of the circuit breaker must change. By default, `CheckPeriod` is 100Ms. This value cannot be configured.

12
docs/content/middlewares/compress.md
View File

@@ -15,6 +15,16 @@ labels:
- "traefik.http.middlewares.test-compress.compress=true"
```
```yaml tab="Kubernetes"
# Enable gzip compression
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-compress
spec:
compress: {}
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-compress.compress": "true"
@@ -30,7 +40,7 @@ labels:
```toml tab="File"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.Compress]
[http.middlewares.test-compress.compress]
```
## Notes

18
docs/content/middlewares/digestauth.md
View File

@@ -53,7 +53,7 @@ labels:
## Configuration Options
### `Users`
### `users`
The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.
@@ -61,7 +61,7 @@ The `users` option is an array of authorized users. Each user will be declared u
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
### `UsersFile`
### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@@ -69,7 +69,7 @@ The file content is a list of `name:realm:encoded-password`.
??? example "A file containing test/test and test2/test2"
```
```txt
test:traefik:a2688e031edb4be6a3797f3882655c05
test2:traefik:518845800f9e2bfb1f1f740ec24f074e
```
@@ -78,11 +78,11 @@ The file content is a list of `name:realm:encoded-password`.
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
### `Realm`
### `realm`
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
### `HeaderField`
### `headerField`
You can customize the header field for the authenticated user using the `headerField`option.
@@ -109,12 +109,18 @@ labels:
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.my-auth.digestauth.headerField": "X-WebAuth-User"
}
```
```toml tab="File"
[http.middlewares.my-auth.digestAuth]
# ...
headerField = "X-WebAuth-User"
```
### `RemoveHeader`
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)

2
docs/content/middlewares/errorpages.md
View File

@@ -52,7 +52,7 @@ labels:
```toml tab="File"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.Errors]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"

54
docs/content/middlewares/forwardauth.md
View File

@@ -14,14 +14,14 @@ Otherwise, the response from the authentication server is returned.
```yaml tab="Docker"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```yaml tab="Kubernetes"
@@ -45,28 +45,28 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.ForwardAuth.Address": "https://authserver.com/auth",
"traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders": "X-Auth-User,X-Secret",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA": "path/to/local.crt",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional": "true",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert": "path/to/foo.cert",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify": "true",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key": "path/to/foo.key",
"traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader": "true"
"traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth",
"traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders": "X-Auth-User,X-Secret",
"traefik.http.middlewares.test-auth.forwardauth.tls.ca": "path/to/local.crt",
"traefik.http.middlewares.test-auth.forwardauth.tls.caOptional": "true",
"traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
"traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify": "true",
"traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key",
"traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader": "true"
}
```
```yaml tab="Rancher"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.InisecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```toml tab="File"
@@ -77,7 +77,7 @@ labels:
trustForwardHeader = true
authResponseHeaders = ["X-Auth-User", "X-Secret"]
[http.middlewares.test-auth.forwardauth.tls]
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
caOptional = true
cert = "path/to/foo.cert"
@@ -92,7 +92,7 @@ The `address` option defines the authentication server address.
### `trustForwardHeader`
Set the `trustForwardHeader` option to true to trust all the existing X-Forwarded-* headers.
Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwarded-*` headers.
### `authResponseHeaders`
@@ -100,4 +100,4 @@ The `authResponseHeaders` option is the list of the headers to copy from the aut
### `tls`
The `tls` option is the tls configuration from Traefik to the authentication server.
The `tls` option is the TLS configuration from Traefik to the authentication server.

126
docs/content/middlewares/headers.md
View File

@@ -15,8 +15,8 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=True"
```
```yaml tab="Kubernetes"
@@ -26,31 +26,31 @@ metadata:
name: testHeader
spec:
headers:
CustomRequestHeaders:
customRequestHeaders:
X-Script-Name: "test"
CustomResponseHeaders:
customResponseHeaders:
X-Custom-Response-Header: "True"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name": "test",
"traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header": "True"
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
"traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "True"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=True"
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.CustomRequestHeaders]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.CustomResponseHeaders]
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "True"
```
@@ -59,7 +59,7 @@ labels:
`X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request,
and the `X-Custom-Response-Header` header removed from the response.
Please note that is not possible to remove headers through the use of Docker labels for now.
Please note that is not possible to remove headers through the use of labels (Docker, Rancher, Marathon, ...) for now.
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
@@ -68,26 +68,31 @@ metadata:
name: testHeader
spec:
headers:
CustomRequestHeaders:
customRequestHeaders:
X-Script-Name: "test" # Adds
X-Custom-Request-Header: "" # Removes
CustomResponseHeaders:
customResponseHeaders:
X-Custom-Response-Header: "" # Removes
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
}
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.CustomRequestHeaders]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.CustomResponseHeaders]
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
```
@@ -98,8 +103,8 @@ This functionality allows for some easy security features to quickly be set.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
- "traefik.http.middlewares.testHeader.headers.framedeny=true"
- "traefik.http.middlewares.testHeader.headers.sslredirect=true"
```
```yaml tab="Kubernetes"
@@ -109,14 +114,21 @@ metadata:
name: testHeader
spec:
headers:
FrameDeny: "true"
SSLRedirect: "true"
frameDeny: "true"
sslRedirect: "true"
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
- "traefik.http.middlewares.testheader.headers.framedeny=true"
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testheader.headers.framedeny": "true",
"traefik.http.middlewares.testheader.headers.sslredirect": "true"
}
```
```toml tab="File"
@@ -133,10 +145,10 @@ This functionality allows for more advanced security features to quickly be set.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
- "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```yaml tab="Kubernetes"
@@ -146,30 +158,39 @@ metadata:
name: testHeader
spec:
headers:
AccessControlAllowMethods:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
AccessControlAllowOrigin: "origin-list-or-null"
AccessControlMaxAge: 100
AddVaryHeader: "true"
accessControlAllowOrigin: "origin-list-or-null"
accessControlMaxAge: 100
addVaryHeader: "true"
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
- "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
"traefik.http.middlewares.testheader.headers.accesscontrolalloworigin": "origin-list-or-null",
"traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
"traefik.http.middlewares.testheader.headers.addvaryheader": "true"
}
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]
AccessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
AccessControlAllowOrigin = "origin-list-or-null"
AccessControlMaxAge = 100
AddVaryHeader = true
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOrigin = "origin-list-or-null"
accessControlMaxAge = 100
addVaryHeader = true
```
## Configuration Options
@@ -204,7 +225,8 @@ The `accessControlAllowMethods` indicates which methods can be used during requ
### `accessControlAllowOrigin`
The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values. The three options for this value are:
The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values.
The three options for this value are:
- `origin-list-or-null`
- `*`
@@ -240,11 +262,12 @@ Set the `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302
### `sslHost`
The `SSLHost` option is the host name that is used to redirect http requests to https.
The `sslHost` option is the host name that is used to redirect http requests to https.
### `sslProxyHeaders`
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request. Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request.
Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
### `sslForceHost`
@@ -252,7 +275,8 @@ Set `sslForceHost` to true and set SSLHost to forced requests to use `SSLHost` e
### `stsSeconds`
The `stsSeconds` is the max-age of the Strict-Transport-Security header. If set to 0, would NOT include the header.
The `stsSeconds` is the max-age of the Strict-Transport-Security header.
If set to 0, would NOT include the header.
### `stsIncludeSubdomains`
@@ -260,11 +284,11 @@ The `stsIncludeSubdomains` is set to true, the `includeSubdomains` will be appen
### `stsPreload`
Set `STSPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
Set `stsPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
### `forceSTSHeader`
Set `ForceSTSHeader` to true, to add the STS header even when the connection is HTTP.
Set `forceSTSHeader` to true, to add the STS header even when the connection is HTTP.
### `frameDeny`
@@ -272,7 +296,8 @@ Set `frameDeny` to true to add the `X-Frame-Options` header with the value of `D
### `customFrameOptionsValue`
The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value. This overrides the FrameDeny option.
The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value.
This overrides the FrameDeny option.
### `contentTypeNosniff`
@@ -280,11 +305,12 @@ Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with
### `browserXssFilter`
Set `BrowserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
### `customBrowserXSSValue`
The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the BrowserXssFilter option.
The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value.
This overrides the BrowserXssFilter option.
### `contentSecurityPolicy`
@@ -300,5 +326,7 @@ The `referrerPolicy` allows sites to control when browsers will pass the Referer
### `isDevelopment`
Set `isDevelopment` to true when developing. The AllowedHosts, SSL, and STS options can cause some unwanted effects. Usually testing happens on http, not https, and on localhost, not your production domain.
Set `isDevelopment` to true when developing.
The AllowedHosts, SSL, and STS options can cause some unwanted effects.
Usually testing happens on http, not https, and on localhost, not your production domain.
If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as false.

35
docs/content/middlewares/ipwhitelist.md
View File

@@ -12,7 +12,7 @@ IPWhitelist accepts / refuses requests based on the client IP.
```yaml tab="Docker"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
@@ -29,14 +29,14 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange": "127.0.0.1/32,192.168.1.7"
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
}
```
```yaml tab="Rancher"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File"
@@ -75,7 +75,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
@@ -87,27 +87,34 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
name: testIPwhitelist
spec:
ipWhiteList:
SourceRange:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
ipstrategy:
ipStrategy:
depth: 2
```
```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
}
```
```toml tab="File"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
depth = 2
```
!!! note
@@ -135,7 +142,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
@@ -146,7 +153,7 @@ metadata:
name: test-ipwhitelist
spec:
ipWhiteList:
ipstrategy:
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
@@ -155,7 +162,13 @@ spec:
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
```toml tab="File"

10
docs/content/middlewares/maxconnection.md
View File

@@ -19,10 +19,10 @@ labels:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: addprefix
name: test-maxconn
spec:
addPrefix:
prefix: /bar
maxConn:
amount: 10
```
```json tab="Marathon"
@@ -40,8 +40,8 @@ labels:
```toml tab="File"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-maxconn.maxconn]
amount = 10
[http.middlewares.test-maxconn.maxConn]
amount = 10
```
## Configuration Options

101
docs/content/middlewares/overview.md
View File

@@ -16,9 +16,13 @@ Pieces of middleware can be combined in chains to fit every scenario.
```yaml tab="Docker"
# As a Docker Label
whoami:
image: containous/whoami # A container that exposes an API to show its IP address
# A container that exposes an API to show its IP address
image: containous/whoami
labels:
# Create a middleware named `foo-add-prefix`
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# Apply the middleware named `foo-add-prefix` to the router named `router1`
- "traefik.http.router.router1.middlewares=foo-add-prefix@docker"
```
```yaml tab="Kubernetes"
@@ -42,7 +46,7 @@ kind: Middleware
metadata:
name: stripprefix
spec:
stripprefix:
stripPrefix:
prefixes:
- /stripit
@@ -50,7 +54,7 @@ spec:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute.crd
name: ingressroute
spec:
# more fields...
routes:
@@ -61,69 +65,108 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo"
"traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo",
"traefik.http.router.router1.middlewares": "foo-add-prefix@marathon"
}
```
```yaml tab="Rancher"
# As a Rancher Label
labels:
# Create a middleware named `foo-add-prefix`
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# Apply the middleware named `foo-add-prefix` to the router named `router1`
- "traefik.http.router.router1.middlewares=foo-add-prefix@rancher"
```
```toml tab="File"
# As Toml Configuration File
[providers]
[providers.file]
[providers.file]
[http.routers]
[http.routers.router1]
Service = "myService"
Middlewares = ["foo-add-prefix"]
Rule = "Host(`example.com`)"
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.AddPrefix]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.LoadBalancer]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.LoadBalancer.Servers]]
URL = "http://127.0.0.1:80"
Weight = 1
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
## Advanced Configuration
## Provider Namespace
When you declare a middleware, it lives in its `provider` namespace.
For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker `provider` namespace.
When you declare a middleware, it lives in its provider namespace.
For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider namespace.
If you use multiple `providers` and wish to reference a middleware declared in another `provider`, then you'll have to prefix the middleware name with the `provider` name.
If you use multiple providers and wish to reference a middleware declared in another provider
(aka referencing a cross-provider middleware),
then you'll have to append to the middleware name, the `@` separator, followed by the provider name.
??? abstract "Referencing a Middleware from Another Provider"
```text
<resource-name>@<provider-name>
```
!!! important "Kubernetes Namespace"
As Kubernetes also has its own notion of namespace, one should not confuse the "provider namespace"
with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.
In this case, since the definition of the middleware is not in kubernetes,
specifying a "kubernetes namespace" when referring to the resource does not make any sense,
and therefore this specification would be ignored even if present.
!!! abstract "Referencing a Middleware from Another Provider"
Declaring the add-foo-prefix in the file provider.
```toml
[providers]
[providers.file]
[providers.file]
[http.middlewares]
[http.middlewares.add-foo-prefix.AddPrefix]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```
Using the add-foo-prefix middleware from docker.
Using the add-foo-prefix middleware from other providers:
```yaml
```yaml tab="Docker"
your-container: #
image: your-docker-image
image: your-docker-image
labels:
# Attach file.add-foo-prefix middleware (declared in file)
- "traefik.http.routers.middlewares=file.add-foo-prefix"
labels:
# Attach add-foo-prefix@file middleware (declared in file)
- "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutestripprefix
spec:
entryPoints:
- web
routes:
- match: Host(`bar.com`)
kind: Rule
services:
- name: whoami
port: 80
middlewares:
- name: add-foo-prefix@file
# namespace: bar
# A namespace specification such as above is ignored
# when the cross-provider syntax is used.
```
## Available Middlewares
@@ -135,14 +178,14 @@ If you use multiple `providers` and wish to reference a middleware declared in a
| [Buffering](buffering.md) | Buffers the request/response | Request Lifecycle |
| [Chain](chain.md) | Combine multiple pieces of middleware | Middleware tool |
| [CircuitBreaker](circuitbreaker.md) | Stop calling unhealthy services | Request Lifecycle |
| [Compress](circuitbreaker.md) | Compress the response | Content Modifier |
| [Compress](compress.md) | Compress the response | Content Modifier |
| [DigestAuth](digestauth.md) | Adds Digest Authentication | Security, Authentication |
| [Errors](errorpages.md) | Define custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Authentication delegation | Security, Authentication |
| [Headers](headers.md) | Add / Update headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs | Security, Request lifecycle |
| [MaxConnection](maxconnection.md) | Limit the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | TODO | Security |
| [PassTLSClientCert](passtlsclientcert.md) | Adding Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limit the call frequency | Security, Request lifecycle |
| [RedirectScheme](redirectscheme.md) | Redirect easily the client elsewhere | Request lifecycle |
| [RedirectRegex](redirectregex.md) | Redirect the client elsewhere | Request lifecycle |

74
docs/content/middlewares/passtlsclientcert.md
View File

@@ -23,7 +23,7 @@ kind: Middleware
metadata:
name: addprefix
spec:
passtlsclientcert:
passTLSClientCert:
pem: true
```
@@ -42,7 +42,7 @@ labels:
```toml tab="File"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passtlsclientcert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
@@ -77,7 +77,7 @@ labels:
metadata:
name: test-passtlsclientcert
spec:
passtlsclientcert:
passTLSClientCert:
info:
notAfter: true
notBefore: true
@@ -121,16 +121,38 @@ labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber": "true"
}
```
```toml tab="File"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passtlsclientcert]
[http.middlewares.test-passtlsclientcert.passtlsclientcert.info]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
@@ -138,7 +160,7 @@ labels:
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
@@ -338,9 +360,9 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
If there are more than one certificate, they are separated by a `;`.
#### `info.notafter`
#### `info.notAfter`
Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part.
Set the `info.notAfter` option to `true` to add the `Not After` information from the `Validity` part.
The data are taken from the following certificate part:
@@ -349,15 +371,15 @@ The data are taken from the following certificate part:
Not After : Dec 5 11:10:16 2020 GMT
```
The escape `notafter` info part will be like:
The escape `notAfter` info part will be like:
```text
NA=1607166616
```
#### `info.notbefore`
#### `info.notBefore`
Set the `info.notafter` option to `true` to add the `Not Before` information from the `Validity` part.
Set the `info.notBefore` option to `true` to add the `Not Before` information from the `Validity` part.
The data are taken from the following certificate part:
@@ -366,7 +388,7 @@ Validity
Not Before: Dec 6 11:10:16 2018 GMT
```
The escape `notafter` info part will be like:
The escape `notBefore` info part will be like:
```text
NB=1544094616
@@ -449,9 +471,9 @@ The escape organization info in the subject part will be like :
O=Cheese,O=Cheese 2
```
##### `info.subject.commonname`
##### `info.subject.commonName`
Set the `info.subject.commonname` option to true to add the `commonname` information into the subject.
Set the `info.subject.commonName` option to true to add the `commonName` information into the subject.
The data are taken from the subject part with the `CN` key.
@@ -461,9 +483,9 @@ The escape common name info in the subject part will be like :
CN=*.cheese.com
```
##### `info.subject.serialnumber`
##### `info.subject.serialNumber`
Set the `info.subject.serialnumber` option to true to add the `serialnumber` information into the subject.
Set the `info.subject.serialNumber` option to true to add the `serialNumber` information into the subject.
The data are taken from the subject part with the `SN` key.
@@ -473,9 +495,9 @@ The escape serial number info in the subject part will be like :
SN=1234567890
```
##### `info.subject.domaincomponent`
##### `info.subject.domainComponent`
Set the `info.subject.domaincomponent` option to true to add the `domaincomponent` information into the subject.
Set the `info.subject.domainComponent` option to true to add the `domainComponent` information into the subject.
The data are taken from the subject part with the `DC` key.
@@ -541,9 +563,9 @@ The escape organization info in the issuer part will be like :
O=Cheese,O=Cheese 2
```
##### `info.issuer.commonname`
##### `info.issuer.commonName`
Set the `info.issuer.commonname` option to true to add the `commonname` information into the issuer.
Set the `info.issuer.commonName` option to true to add the `commonName` information into the issuer.
The data are taken from the issuer part with the `CN` key.
@@ -553,9 +575,9 @@ The escape common name info in the issuer part will be like :
CN=Simple Signing CA 2
```
##### `info.issuer.serialnumber`
##### `info.issuer.serialNumber`
Set the `info.issuer.serialnumber` option to true to add the `serialnumber` information into the issuer.
Set the `info.issuer.serialNumber` option to true to add the `serialNumber` information into the issuer.
The data are taken from the issuer part with the `SN` key.
@@ -565,9 +587,9 @@ The escape serial number info in the issuer part will be like :
SN=1234567890
```
##### `info.issuer.domaincomponent`
##### `info.issuer.domainComponent`
Set the `info.issuer.domaincomponent` option to true to add the `domaincomponent` information into the issuer.
Set the `info.issuer.domainComponent` option to true to add the `domainComponent` information into the issuer.
The data are taken from the issuer part with the `DC` key.

27
docs/content/middlewares/ratelimit.md
View File

@@ -32,15 +32,16 @@ metadata:
name: test-ratelimit
spec:
rateLimit:
extractorfunc = "client.ip"
rate0:
period = "10s"
average = 100
burst = 200
rate1:
period = "3s"
average = 5
burst = 10
extractorFunc: client.ip
rateSet:
rate0:
period: 10s
average: 100
burst: 200
rate1:
period: 3s
average: 5
burst: 10
```
```json tab="Marathon"
@@ -73,15 +74,15 @@ labels:
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
[http.middlewares]
[http.middlewares.test-ratelimit.ratelimit]
[http.middlewares.test-ratelimit.rateLimit]
extractorfunc = "client.ip"
[http.middlewares.test-ratelimit.ratelimit.rate0]
[http.middlewares.test-ratelimit.rateLimit.rateSet.rate0]
period = "10s"
average = 100
burst = 200
[http.middlewares.test-ratelimit.ratelimit.rate1]
[http.middlewares.test-ratelimit.rateLimit.rateSet.rate1]
period = "3s"
average = 5
burst = 10
@@ -99,7 +100,7 @@ The possible values are:
- `client.ip` categorizes requests based on the client ip.
- `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.
### `ratelimit`
### `rateSet`
You can combine multiple rate limits.
The rate limit will trigger with the first reached limit.

4
docs/content/middlewares/redirectregex.md
View File

@@ -45,7 +45,7 @@ labels:
```toml tab="File"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectregex]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/$1"
```
@@ -58,7 +58,7 @@ Set the `permanent` option to `true` to apply a permanent redirection.
### `regex`
The `Regex` option is the regular expression to match and capture elements from the request URL.
The `regex` option is the regular expression to match and capture elements from the request URL.
!!! warning

2
docs/content/middlewares/redirectscheme.md
View File

@@ -41,7 +41,7 @@ labels:
```toml tab="File"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectscheme]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```

4
docs/content/middlewares/replacepath.md
View File

@@ -41,8 +41,8 @@ labels:
```toml tab="File"
# Replace the path by /foo
[http.middlewares]
[http.middlewares.test-replacepath.ReplacePath]
path = "/foo"
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
## Configuration Options

2
docs/content/middlewares/replacepathregex.md
View File

@@ -61,7 +61,7 @@ The ReplacePathRegex middleware will:
### `regex`
The `Regex` option is the regular expression to match and capture the path from the request URL.
The `regex` option is the regular expression to match and capture the path from the request URL.
!!! warning

2
docs/content/middlewares/retry.md
View File

@@ -41,7 +41,7 @@ labels:
```toml tab="File"
# Retry to send request 4 times
[http.middlewares]
[http.middlewares.test-retry.Retry]
[http.middlewares.test-retry.retry]
attempts = 4
```

24
docs/content/middlewares/stripprefix.md
View File

@@ -10,39 +10,41 @@ Remove the specified prefixes from the URL path.
## Configuration Examples
```yaml tab="Docker"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar"
```
```yaml tab="Kubernetes"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-stripprefix
spec:
StripPrefix:
prefixes: "foobar, fiibar"
stripPrefix:
prefixes:
- /foobar
- /fiibar
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "foobar, fiibar"
"traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "/foobar, /fiibar"
}
```
```yaml tab="Rancher"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar"
```
```toml tab="File"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.StripPrefix]
prefixes: "foobar, fiibar"
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
## Configuration Options

8
docs/content/middlewares/stripprefixregex.md
View File

@@ -1,4 +1,4 @@
# StripPrefix
# StripPrefixRegex
Removing Prefixes From the Path Before Forwarding the Request (Using a Regex)
{: .subtitle }
@@ -22,7 +22,7 @@ kind: Middleware
metadata:
name: test-stripprefixregex
spec:
StripPrefixRegex:
stripPrefixRegex:
regex: "^/foo/(.*)"
```
@@ -41,7 +41,7 @@ labels:
```toml tab="File"
# Replace the path by /foo
[http.middlewares]
[http.middlewares.test-stripprefixregex.StripPrefixRegex]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex: "^/foo/(.*)"
```
@@ -56,7 +56,7 @@ The StripPrefixRegex middleware will:
!!! tip
Use a `StripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
Use a `stripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
### `regex`

198
docs/content/observability/access-logs.md
View File

@@ -5,51 +5,57 @@ Who Calls Whom?
By default, logs are written to stdout, in text format.
## Configuration Examples
## Configuration
??? example "Enabling Access Logs"
To enable the access logs:
```toml
[accessLog]
```
```toml tab="File"
[accessLog]
```
## Configuration Options
```bash tab="CLI"
--accesslog
```
### filePath
### `filePath`
By default access logs are written to the standard output.
To write the logs into a log file, use the `filePath` option.
in the Common Log Format (CLF), extended with additional fields.
### format
### `format`
By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option.
!!! note "Common Log Format"
#### CLF - Common Log Format
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_frontend_name>" "<Traefik_backend_URL>" <request_duration_in_ms>ms
```
#### bufferingSize
### `bufferingSize`
To write the logs in an asynchronous fashion, specify a `bufferingSize` option.
This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.
In some cases, this option can greatly help performances.
??? example "Configuring a buffer of 100 lines"
```toml tab="File"
# Configuring a buffer of 100 lines
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```toml
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```bash tab="CLI"
# Configuring a buffer of 100 lines
--accesslog
--accesslog.filepath="/path/to/access.log"
--accesslog.bufferingsize=100
```
#### Filtering
### Filtering
To filter logs, you can specify a set of filters which are logically "OR-connected".
Thus, specifying multiple filters will keep more access logs than specifying only one.
@@ -60,20 +66,29 @@ The available filters are:
- `retryAttempts`, to keep the access logs when at least one retry has happened
- `minDuration`, to keep access logs when requests take longer than the specified duration
??? example "Configuring Multiple Filters"
```toml tab="File"
# Configuring Multiple Filters
[accessLog]
filePath = "/path/to/access.log"
format = "json"
```toml
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.filters]
statusCodes = ["200", "300-302"]
retryAttempts = true
minDuration = "10ms"
```
[accessLog.filters]
statusCodes = ["200", "300-302"]
retryAttempts = true
minDuration = "10ms"
```
#### Limiting the Fields
```bash tab="CLI"
# Configuring Multiple Filters
--accesslog
--accesslog.filepath="/path/to/access.log"
--accesslog.format="json"
--accesslog.filters.statuscodes="200, 300-302"
--accesslog.filters.retryattempts
--accesslog.filters.minduration="10ms"
```
### Limiting the Fields
You can decide to limit the logged fields/headers to a given list with the `fields.names` and `fields.header` options
@@ -83,65 +98,76 @@ Each field can be set to:
- `drop` to drop the value
- `redact` to replace the value with "redacted"
??? example "Limiting the Logs to Specific Fields"
The `defaultMode` for `fields.header` is `drop`.
```toml
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.filters]
statusCodes = ["200", "300-302"]
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"
```toml tab="File"
# Limiting the Logs to Specific Fields
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
```bash tab="CLI"
# Limiting the Logs to Specific Fields
--accesslog
--accesslog.filepath="/path/to/access.log"
--accesslog.format="json"
--accesslog.fields.defaultmode="keep"
--accesslog.fields.names.ClientUsername="drop"
--accesslog.fields.headers.defaultmode="keep"
--accesslog.fields.headers.names.User-Agent="redact"
--accesslog.fields.headers.names.Authorization="drop"
--accesslog.fields.headers.names.Content-Type="keep"
```
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
??? list "Available Fields"
```ini
StartUTC
StartLocal
Duration
FrontendName
BackendName
BackendURL
BackendAddr
ClientAddr
ClientHost
ClientPort
ClientUsername
RequestAddr
RequestHost
RequestPort
RequestMethod
RequestPath
RequestProtocol
RequestLine
RequestContentSize
OriginDuration
OriginContentSize
OriginStatus
OriginStatusLine
DownstreamStatus
DownstreamStatusLine
DownstreamContentSize
RequestCount
GzipRatio
Overhead
RetryAttempts
```
| Field | Description |
|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `StartUTC` | The time at which request processing started. |
| `StartLocal` | The local time at which request processing started. |
| `Duration` | The total time taken by processing the response, including the origin server's time but not the log writing time. |
| `FrontendName` | The name of the Traefik frontend. |
| `BackendName` | The name of the Traefik backend. |
| `BackendURL` | The URL of the Traefik backend. |
| `BackendAddr` | The IP:port of the Traefik backend (extracted from `BackendURL`) |
| `ClientAddr` | The remote address in its original form (usually IP:port). |
| `ClientHost` | The remote IP address from which the client request was received. |
| `ClientPort` | The remote TCP port from which the client request was received. |
| `ClientUsername` | The username provided in the URL, if present. |
| `RequestAddr` | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API. |
| `RequestHost` | The HTTP Host server name (not including port). |
| `RequestPort` | The TCP port from the HTTP Host. |
| `RequestMethod` | The HTTP method. |
| `RequestPath` | The HTTP request URI, not including the scheme, host or port. |
| `RequestProtocol` | The version of HTTP requested. |
| `RequestLine` | `RequestMethod` + `RequestPath` + `RequestProtocol` |
| `RequestContentSize` | The number of bytes in the request entity (a.k.a. body) sent by the client. |
| `OriginDuration` | The time taken by the origin server ('upstream') to return its response. |
| `OriginContentSize` | The content length specified by the origin server, or 0 if unspecified. |
| `OriginStatus` | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent. |
| `OriginStatusLine` | `OriginStatus` + Status code explanation |
| `DownstreamStatus` | The HTTP status code returned to the client. |
| `DownstreamStatusLine` | `DownstreamStatus` + Status code explanation |
| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
| `RequestCount` | The number of requests received since the Traefik instance started. |
| `GzipRatio` | The response body compression ratio achieved. |
| `Overhead` | The processing time overhead caused by Traefik. |
| `RetryAttempts` | The amount of attempts the request was retried. |
## Log Rotation

60
docs/content/observability/logs.md
View File

@@ -5,41 +5,57 @@ Reading What's Happening
By default, logs are written to stdout, in text format.
## Configuration Example
??? example "Writing Logs in a File"
```toml
[log]
filePath = "/path/to/traefik.log"
```
??? example "Writing Logs in a File, in JSON"
```toml
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
## Configuration Options
## Configuration
### General
Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
#### filePath
#### `filePath`
By default, the logs are written to the standard output.
You can configure a file path instead using the `filePath` option.
#### format
```toml tab="File"
# Writing Logs to a File
[log]
filePath = "/path/to/traefik.log"
```
```bash tab="CLI"
# Writing Logs to a File
--log.filePath="/path/to/traefik.log"
```
#### `format`
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
#### log level
```toml tab="File"
# Writing Logs to a File, in JSON
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
By default, the `level` is set to `error`, but you can choose amongst `debug`, `panic`, `fatal`, `error`, `warn`, and `info`.
```bash tab="CLI"
# Writing Logs to a File, in JSON
--log.filePath="/path/to/traefik.log"
--log.format="json"
```
#### `level`
By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
```toml tab="File"
[log]
level = "DEBUG"
```
```bash tab="CLI"
--log.level="DEBUG"
```
## Log Rotation

234
docs/content/observability/tracing.md
View File

@@ -1,234 +0,0 @@
# Tracing
Visualize the Requests Flow
{: .subtitle }
The tracing system allows developers to visualize call flows in their infrastructure.
Traefik uses OpenTracing, an open standard designed for distributed tracing.
Traefik supports four tracing backends: Jaeger, Zipkin, DataDog, and Instana.
## Configuration Reference
??? example "With Jaeger"
```toml
# Tracing definition
[tracing]
# Backend name used to send tracing data
#
# Default: "jaeger"
#
backend = "jaeger"
# Service name used in Jaeger backend
#
# Default: "traefik"
#
serviceName = "traefik"
# Span name limit allows for name truncation in case of very long Frontend/Backend names
# This can prevent certain tracing providers to drop traces that exceed their length limits
#
# Default: 0 - no truncation will occur
#
spanNameLimit = 0
[tracing.jaeger]
# Sampling Server URL is the address of jaeger-agent's HTTP sampling server
#
# Default: "http://localhost:5778/sampling"
#
samplingServerURL = "http://localhost:5778/sampling"
# Sampling Type specifies the type of the sampler: const, probabilistic, rateLimiting
#
# Default: "const"
#
samplingType = "const"
# Sampling Param is a value passed to the sampler.
# Valid values for Param field are:
# - for "const" sampler, 0 or 1 for always false/true respectively
# - for "probabilistic" sampler, a probability between 0 and 1
# - for "rateLimiting" sampler, the number of spans per second
#
# Default: 1.0
#
samplingParam = 1.0
# Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address
#
# Default: "127.0.0.1:6831"
#
localAgentHostPort = "127.0.0.1:6831"
# Generate 128-bit trace IDs, compatible with OpenCensus
#
# Default: false
gen128Bit = true
# Set the propagation header type. This can be either:
# - "jaeger", jaeger's default trace header.
# - "b3", compatible with OpenZipkin
#
# Default: "jaeger"
propagation = "jaeger"
# Trace Context Header Name is the http header name used to propagate tracing context.
# This must be in lower-case to avoid mismatches when decoding incoming headers.
#
# Default: "uber-trace-id"
#
traceContextHeaderName = "uber-trace-id"
```
!!! warning
Traefik is only able to send data over the compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent).
??? example "With Zipkin"
```toml
# Tracing definition
[tracing]
# Backend name used to send tracing data
#
# Default: "jaeger"
#
backend = "zipkin"
# Service name used in Zipkin backend
#
# Default: "traefik"
#
serviceName = "traefik"
# Span name limit allows for name truncation in case of very long Frontend/Backend names
# This can prevent certain tracing providers to drop traces that exceed their length limits
#
# Default: 0 - no truncation will occur
#
spanNameLimit = 150
[tracing.zipkin]
# Zipkin HTTP endpoint used to send data
#
# Default: "http://localhost:9411/api/v1/spans"
#
httpEndpoint = "http://localhost:9411/api/v1/spans"
# Enable Zipkin debug
#
# Default: false
#
debug = false
# Use Zipkin SameSpan RPC style traces
#
# Default: false
#
sameSpan = false
# Use Zipkin 128 bit root span IDs
#
# Default: true
#
id128Bit = true
# The rate between 0.0 and 1.0 of requests to trace.
#
# Default: 1.0
#
sampleRate = 0.2
```
??? example "With DataDog"
```toml
# Tracing definition
[tracing]
# Backend name used to send tracing data
#
# Default: "jaeger"
#
backend = "datadog"
# Service name used in DataDog backend
#
# Default: "traefik"
#
serviceName = "traefik"
# Span name limit allows for name truncation in case of very long Frontend/Backend names
# This can prevent certain tracing providers to drop traces that exceed their length limits
#
# Default: 0 - no truncation will occur
#
spanNameLimit = 100
[tracing.datadog]
# Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address
#
# Default: "127.0.0.1:8126"
#
localAgentHostPort = "127.0.0.1:8126"
# Enable DataDog debug
#
# Default: false
#
debug = false
# Apply shared tag in a form of Key:Value to all the traces
#
# Default: ""
#
globalTag = ""
# Enable priority sampling. When using distributed tracing, this option must be enabled in order
# to get all the parts of a distributed trace sampled.
#
# Default: false
#
prioritySampling = false
```
??? example "With Instana"
```toml
# Tracing definition
[tracing]
# Backend name used to send tracing data
#
# Default: "jaeger"
#
backend = "instana"
# Service name used in Instana backend
#
# Default: "traefik"
#
serviceName = "traefik"
[tracing.instana]
# Local Agent Host instructs reporter to send spans to instana-agent at this address
#
# Default: "127.0.0.1"
#
localAgentHost = "127.0.0.1"
# Local Agent port instructs reporter to send spans to the instana-agent at this port
#
# Default: 42699
#
localAgentPort = 42699
# Set Instana tracer log level
#
# Default: info
# Valid values for logLevel field are:
# - error
# - warn
# - debug
# - info
#
logLevel = "info"
```

82
docs/content/observability/tracing/datadog.md Normal file
View File

@@ -0,0 +1,82 @@
# DataDog
To enable the DataDog:
```toml tab="File"
[tracing]
[tracing.dataDog]
```
```bash tab="CLI"
--tracing
--tracing.datadog
```
#### `localAgentHostPort`
_Required, Default="127.0.0.1:8126"_
Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address.
```toml tab="File"
[tracing]
[tracing.dataDog]
localAgentHostPort = "127.0.0.1:8126"
```
```bash tab="CLI"
--tracing
--tracing.datadog.localAgentHostPort="127.0.0.1:8126"
```
#### `debug`
_Optional, Default=false_
Enable DataDog debug.
```toml tab="File"
[tracing]
[tracing.dataDog]
debug = true
```
```bash tab="CLI"
--tracing
--tracing.datadog.debug=true
```
#### `globalTag`
_Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File"
[tracing]
[tracing.dataDog]
globalTag = "sample"
```
```bash tab="CLI"
--tracing
--tracing.datadog.globalTag="sample"
```
#### `prioritySampling`
_Optional, Default=false_
Enable priority sampling. When using distributed tracing,
this option must be enabled in order to get all the parts of a distributed trace sampled.
```toml tab="File"
[tracing]
[tracing.dataDog]
prioritySampling = true
```
```bash tab="CLI"
--tracing
--tracing.datadog.prioritySampling=true
```

132
docs/content/observability/tracing/haystack.md Normal file
View File

@@ -0,0 +1,132 @@
# Haystack
To enable the Haystack:
```toml tab="File"
[tracing]
[tracing.haystack]
```
```bash tab="CLI"
--tracing
--tracing.haystack
```
#### `localAgentHost`
_Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to haystack-agent at this address.
```toml tab="File"
[tracing]
[tracing.haystack]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI"
--tracing
--tracing.haystack.localAgentHost="127.0.0.1"
```
#### `localAgentPort`
_Require, Default=42699_
Local Agent port instructs reporter to send spans to the haystack-agent at this port.
```toml tab="File"
[tracing]
[tracing.haystack]
localAgentPort = 42699
```
```bash tab="CLI"
--tracing
--tracing.haystack.localAgentPort=42699
```
#### `globalTag`
_Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File"
[tracing]
[tracing.haystack]
globalTag = "sample:test"
```
```bash tab="CLI"
--tracing
--tracing.haystack.globalTag="sample:test"
```
#### `traceIDHeaderName`
_Optional, Default=empty_
Specifies the header name that will be used to store the trace ID.
```toml tab="File"
[tracing]
[tracing.haystack]
traceIDHeaderName = "sample"
```
```bash tab="CLI"
--tracing
--tracing.haystack.traceIDHeaderName="sample"
```
#### `parentIDHeaderName`
_Optional, Default=empty_
Specifies the header name that will be used to store the span ID.
```toml tab="File"
[tracing]
[tracing.haystack]
parentIDHeaderName = "sample"
```
```bash tab="CLI"
--tracing
--tracing.haystack.parentIDHeaderName="sample"
```
#### `spanIDHeaderName`
_Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File"
[tracing]
[tracing.haystack]
spanIDHeaderName = "sample:test"
```
```bash tab="CLI"
--tracing
--tracing.haystack.spanIDHeaderName="sample:test"
```
#### `baggagePrefixHeaderName`
_Optional, Default=empty_
Specifies the header name prefix that will be used to store baggage items in a map.
```toml tab="File"
[tracing]
[tracing.haystack]
baggagePrefixHeaderName = "sample"
```
```bash tab="CLI"
--tracing
--tracing.haystack.baggagePrefixHeaderName="sample"
```

71
docs/content/observability/tracing/instana.md Normal file
View File

@@ -0,0 +1,71 @@
# Instana
To enable the Instana:
```toml tab="File"
[tracing]
[tracing.instana]
```
```bash tab="CLI"
--tracing
--tracing.instana
```
#### `localAgentHost`
_Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to instana-agent at this address.
```toml tab="File"
[tracing]
[tracing.instana]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI"
--tracing
--tracing.instana.localAgentHost="127.0.0.1"
```
#### `localAgentPort`
_Require, Default=42699_
Local Agent port instructs reporter to send spans to the instana-agent at this port.
```toml tab="File"
[tracing]
[tracing.instana]
localAgentPort = 42699
```
```bash tab="CLI"
--tracing
--tracing.instana.localAgentPort=42699
```
#### `logLevel`
_Require, Default="info"_
Set Instana tracer log level.
Valid values for logLevel field are:
- `error`
- `warn`
- `debug`
- `info`
```toml tab="File"
[tracing]
[tracing.instana]
logLevel = "info"
```
```bash tab="CLI"
--tracing
--tracing.instana.logLevel="info"
```

146
docs/content/observability/tracing/jaeger.md Normal file
View File

@@ -0,0 +1,146 @@
# Jaeger
To enable the Jaeger:
```toml tab="File"
[tracing]
[tracing.jaeger]
```
```bash tab="CLI"
--tracing
--tracing.jaeger
```
!!! warning
Traefik is only able to send data over the compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent).
#### `samplingServerURL`
_Required, Default="http://localhost:5778/sampling"_
Sampling Server URL is the address of jaeger-agent's HTTP sampling server.
```toml tab="File"
[tracing]
[tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling"
```
```bash tab="CLI"
--tracing
--tracing.jaeger.samplingServerURL="http://localhost:5778/sampling"
```
#### `samplingType`
_Required, Default="const"_
Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`.
```toml tab="File"
[tracing]
[tracing.jaeger]
samplingType = "const"
```
```bash tab="CLI"
--tracing
--tracing.jaeger.samplingType="const"
```
#### `samplingParam`
_Required, Default=1.0_
Sampling Param is a value passed to the sampler.
Valid values for Param field are:
- for `const` sampler, 0 or 1 for always false/true respectively
- for `probabilistic` sampler, a probability between 0 and 1
- for `rateLimiting` sampler, the number of spans per second
```toml tab="File"
[tracing]
[tracing.jaeger]
samplingParam = 1.0
```
```bash tab="CLI"
--tracing
--tracing.jaeger.samplingParam="1.0"
```
#### `localAgentHostPort`
_Required, Default="127.0.0.1:6831"_
Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address.
```toml tab="File"
[tracing]
[tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831"
```
```bash tab="CLI"
--tracing
--tracing.jaeger.localAgentHostPort="127.0.0.1:6831"
```
#### `gen128Bit`
_Optional, Default=false_
Generate 128-bit trace IDs, compatible with OpenCensus.
```toml tab="File"
[tracing]
[tracing.jaeger]
gen128Bit = true
```
```bash tab="CLI"
--tracing
--tracing.jaeger.gen128Bit
```
#### `propagation`
_Required, Default="jaeger"_
Set the propagation header type.
This can be either:
- `jaeger`, jaeger's default trace header.
- `b3`, compatible with OpenZipkin
```toml tab="File"
[tracing]
[tracing.jaeger]
propagation = "jaeger"
```
```bash tab="CLI"
--tracing
--tracing.jaeger.propagation="jaeger"
```
#### `traceContextHeaderName`
_Required, Default="uber-trace-id"_
Trace Context Header Name is the http header name used to propagate tracing context.
This must be in lower-case to avoid mismatches when decoding incoming headers.
```toml tab="File"
[tracing]
[tracing.jaeger]
traceContextHeaderName = "uber-trace-id"
```
```bash tab="CLI"
--tracing
--tracing.jaeger.traceContextHeaderName="uber-trace-id"
```

67
docs/content/observability/tracing/overview.md Normal file
View File

@@ -0,0 +1,67 @@
# Tracing
Visualize the Requests Flow
{: .subtitle }
The tracing system allows developers to visualize call flows in their infrastructure.
Traefik uses OpenTracing, an open standard designed for distributed tracing.
Traefik supports five tracing backends:
- [Jaeger](./jaeger.md)
- [Zipkin](./zipkin.md)
- [DataDog](./datadog.md)
- [Instana](./instana.md)
- [Haystack](./haystack.md)
## Configuration
By default, Traefik uses Jaeger as tracing backend.
To enable the tracing:
```toml tab="File"
[tracing]
```
```bash tab="CLI"
--tracing
```
### Common Options
#### `serviceName`
_Required, Default="traefik"_
Service name used in selected backend.
```toml tab="File"
[tracing]
serviceName = "traefik"
```
```bash tab="CLI"
--tracing
--tracing.serviceName="traefik"
```
#### `spanNameLimit`
_Required, Default=0_
Span name limit allows for name truncation in case of very long names.
This can prevent certain tracing providers to drop traces that exceed their length limits.
`0` means no truncation will occur.
```toml tab="File"
[tracing]
spanNameLimit = 150
```
```bash tab="CLI"
--tracing
--tracing.spanNameLimit=150
```

98
docs/content/observability/tracing/zipkin.md Normal file
View File

@@ -0,0 +1,98 @@
# Zipkin
To enable the Zipkin:
```toml tab="File"
[tracing]
[tracing.zipkin]
```
```bash tab="CLI"
--tracing
--tracing.zipkin
```
#### `httpEndpoint`
_Required, Default="http://localhost:9411/api/v1/spans"_
Zipkin HTTP endpoint used to send data.
```toml tab="File"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v1/spans"
```
```bash tab="CLI"
--tracing
--tracing.zipkin.httpEndpoint="http://localhost:9411/api/v1/spans"
```
#### `debug`
_Optional, Default=false_
Enable Zipkin debug.
```toml tab="File"
[tracing]
[tracing.zipkin]
debug = true
```
```bash tab="CLI"
--tracing
--tracing.zipkin.debug=true
```
#### `sameSpan`
_Optional, Default=false_
Use Zipkin SameSpan RPC style traces.
```toml tab="File"
[tracing]
[tracing.zipkin]
sameSpan = true
```
```bash tab="CLI"
--tracing
--tracing.zipkin.sameSpan=true
```
#### `id128Bit`
_Optional, Default=true_
Use Zipkin 128 bit root span IDs.
```toml tab="File"
[tracing]
[tracing.zipkin]
id128Bit = false
```
```bash tab="CLI"
--tracing
--tracing.zipkin.id128Bit=false
```
#### `sampleRate`
_Required, Default=1.0_
The rate between 0.0 and 1.0 of requests to trace.
```toml tab="File"
[tracing]
[tracing.zipkin]
sampleRate = 0.2
```
```bash tab="CLI"
--tracing
--tracing.zipkin.sampleRate="0.2"
```

168
docs/content/operations/api.md Normal file
View File

@@ -0,0 +1,168 @@
# API
Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc.
As with all features of Traefik, this handler can be enabled with the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
## Security
Enabling the API in production is not recommended, because it will expose all configuration elements,
including sensitive data.
In production, it should be at least secured by authentication and authorizations.
A good sane default (non exhaustive) set of recommendations
would be to apply the following protection mechanisms:
* At the application level:
securing with middlewares such as [basic authentication](../middlewares/basicauth.md) or [white listing](../middlewares/ipwhitelist.md).
* At the transport level:
NOT publicly exposing the API's port,
keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
## Configuration
To enable the API handler:
```toml tab="File"
[api]
```
```bash tab="CLI"
--api
```
### `dashboard`
_Optional, Default=true_
Enable the dashboard. More about the dashboard features [here](./dashboard.md).
```toml tab="File"
[api]
dashboard = true
```
```bash tab="CLI"
--api.dashboard
```
### `entrypoint`
_Optional, Default="traefik"_
The entry point that the API handler will be bound to.
The default ("traefik") is an internal entry point (which is always defined).
```toml tab="File"
[api]
entrypoint = "web"
```
```bash tab="CLI"
--api.entrypoint="web"
```
### `middlewares`
_Optional, Default=empty_
The list of [middlewares](../middlewares/overview.md) applied to the API handler.
```toml tab="File"
[api]
middlewares = ["api-auth", "api-prefix"]
```
```bash tab="CLI"
--api.middlewares="api-auth,api-prefix"
```
### `debug`
_Optional, Default=false_
Enable additional endpoints for debugging and profiling, served under `/debug/`.
```toml tab="File"
[api]
debug = true
```
```bash tab="CLI"
--api.debug=true
```
## Endpoints
All the following endpoints must be accessed with a `GET` HTTP request.
| Path | Description |
|--------------------------------|-------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. |
| `/api/http/routers/{name}` | Returns the information of the HTTP router specified by `name`. |
| `/api/http/services` | Lists all the HTTP services information. |
| `/api/http/services/{name}` | Returns the information of the HTTP service specified by `name`. |
| `/api/http/middlewares` | Lists all the HTTP middlewares information. |
| `/api/http/middlewares/{name}` | Returns the information of the HTTP middleware specified by `name`. |
| `/api/tcp/routers` | Lists all the TCP routers information. |
| `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name`. |
| `/api/tcp/services` | Lists all the TCP services information. |
| `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name`. |
| `/api/version` | Returns information about Traefik version. |
| `/debug/vars` | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
| `/debug/pprof/` | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. |
| `/debug/pprof/cmdline` | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation. |
| `/debug/pprof/profile` | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. |
| `/debug/pprof/symbol` | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. |
| `/debug/pprof/trace` | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. |
## Common Configuration Use Cases
### Address / Port
You can define a custom address/port like this:
```toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.foo]
address = ":8082"
[entryPoints.bar]
address = ":8083"
[ping]
entryPoint = "foo"
[api]
entryPoint = "bar"
```
In the above example, you would access a service at /foo, an api endpoint, or the health-check as follows:
* Service: `http://hostname:80/foo`
* API: `http://hostname:8083/api/http/routers`
* Ping URL: `http://hostname:8082/ping`
### Authentication
To restrict access to the API handler, one can add authentication with the [basic auth middleware](../middlewares/basicauth.md).
```toml
[api]
middlewares=["api-auth"]
```
```toml
[http.middlewares]
[http.middlewares.api-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

60
docs/content/operations/cli.md
View File

@@ -6,48 +6,56 @@ The Traefik Command Line
## General
```bash
traefik [command] [--flag=flag_argument]
traefik [command] [flags] [arguments]
```
Available commands:
Use `traefik [command] --help` for help on any command.
- `version` : Print version
- `storeconfig` : Store the static Traefik configuration into a Key-value stores. Please refer to the `Store Traefik configuration`(TODO: add doc and link) section to get documentation on it.
- `healthcheck`: Calls Traefik `/ping` to check health.
Commands:
Each command can have additional flags.
- `healthcheck` Calls Traefik `/ping` to check the health of Traefik (the API must be enabled).
- `version` Shows the current Traefik version.
All those flags will be displayed with:
Flag's usage:
```bash
traefik [command] --help
# set flag_argument to flag(s)
traefik [--flag=flag_argument] [-f [flag_argument]]
# set true/false to boolean flag(s)
traefik [--flag[=true|false| ]] [-f [true|false| ]]
```
Each command is described at the beginning of the help section:
### `healthcheck`
```bash
traefik --help
Calls Traefik `/ping` to check the health of Traefik.
Its exit status is `0` if Traefik is healthy and `1` otherwise.
# or
docker run traefik[:version] --help
# ex: docker run traefik:1.5 --help
```
### Command: healthcheck
Checks the health of Traefik.
Its exit status is `0` if Traefik is healthy and `1` if it is unhealthy.
This can be used with Docker [HEALTHCHECK](https://docs.docker.com/engine/reference/builder/#healthcheck) instruction or any other health check orchestration mechanism.
This can be used with Docker [HEALTHCHECK](https://docs.docker.com/engine/reference/builder/#healthcheck) instruction
or any other health check orchestration mechanism.
!!! note
The [`ping` endpoint](../ping/) must be enabled to allow the `healthcheck` command to call `/ping`.
```bash
traefik healthcheck
```
Usage:
```bash
traefik healthcheck [command] [flags] [arguments]
```
Example:
```bash
$ traefik healthcheck
OK: http://:8082/ping
```
### `version`
Shows the current Traefik version.
Usage:
```bash
traefik version
```

8
docs/content/operations/dashboard.md
View File

@@ -10,13 +10,13 @@ The dashboard is the central place that shows you the current active routes hand
Therefore, the dashboard is currently not working.
<figure>
<img src="../../assets/img/dashboard-main.png" alt="Dashboard - Providers" />
<figcaption>The dashboard in action with Traefik listening to 3 different providers</figcaption>
<img src="../../assets/img/dashboard-main.png" alt="Dashboard - Providers" />
<figcaption>The dashboard in action with Traefik listening to 3 different providers</figcaption>
</figure>
<figure>
<img src="../../assets/img/dashboard-health.png" alt="Dashboard - Health" />
<figcaption>The dashboard shows the health of the system.</figcaption>
<img src="../../assets/img/dashboard-health.png" alt="Dashboard - Health" />
<figcaption>The dashboard shows the health of the system.</figcaption>
</figure>
By default, the dashboard is available on `/` on port `:8080`.

15
docs/content/operations/debug-mode.md
View File

@@ -1,15 +0,0 @@
# The Debug Mode
Getting More Information (Not For Production)
{: .subtitle }
The debug mode will make Traefik be _extremely_ verbose in its logs, and is NOT intended for production purposes.
## Configuration Example
??? example "TOML -- Enabling the Debug Mode"
```toml
[Global]
debug = true
```

2
docs/content/operations/ping.md
View File

@@ -22,7 +22,7 @@ Checking the Health of Your Traefik Instances
address = ":8082"
[ping]
entryPoint = "ping"
entryPoint = "ping"
```
| Path | Method | Description |

15
docs/content/providers/crd_ingress_route.yml
View File

@@ -11,3 +11,18 @@ spec:
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced

13
docs/content/providers/crd_tls_option.yml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced

95
docs/content/providers/docker.md
View File

@@ -18,7 +18,7 @@ Attach labels to your containers and let Traefik do the rest!
```toml
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
endpoint = "unix:///var/run/docker.sock"
```
Attaching labels to containers (in your docker compose file)
@@ -37,7 +37,7 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider (Swarm Mode)
```toml
[docker]
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
@@ -45,7 +45,7 @@ Attach labels to your containers and let Traefik do the rest!
swarmMode = true
```
Attaching labels to containers (in your docker compose file)
Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
```yaml
version: "3"
@@ -57,13 +57,13 @@ Attach labels to your containers and let Traefik do the rest!
```
!!! important "Labels in Docker Swarm Mode"
If you use a compose file with the Swarm mode, labels should be defined in the `deploy` part of your service.
While in Swarm Mode, Traefik uses labels found on services, not on individual containers. Therefore, if you use a compose file with Swarm Mode, labels should be defined in the `deploy` part of your service.
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/#labels-1)).
## Provider Configuration Options
!!! tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/docker.md) configuration references.
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration/overview.md) and the [dynamic](../reference/dynamic-configuration/docker.md) configuration references.
### `endpoint`
@@ -86,7 +86,7 @@ Traefik requires access to the docker socket to get its dynamic configuration.
- [KubeCon EU 2018 Keynote, Running with Scissors, from Liz Rice](https://www.youtube.com/watch?v=ltrV-Qmh3oY)
- [Don't expose the Docker socket (not even to a container)](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html)
- [A thread on Stack Overflow about sharing the `/var/run/docker.sock` file](https://news.ycombinator.com/item?id=17983623)
- [To Dind or not to DinD](https://blog.loof.fr/2018/01/to-dind-or-not-do-dind.html)
- [To DinD or not to DinD](https://blog.loof.fr/2018/01/to-dind-or-not-do-dind.html)
??? tip "Security Compensation"
@@ -136,8 +136,8 @@ Traefik requires access to the docker socket to get its dynamic configuration.
```toml
# ...
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
### `usebindportip`
@@ -147,12 +147,14 @@ _Optional, Default=false_
Traefik routes requests to the IP/Port of the matching container.
When setting `usebindportip=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port.
When used in conjunction with the `traefik.port` label (that tells Traefik to route requests to a specific port), Traefik tries to find a binding on port `traefik.port`.
If it can't find such a binding, Traefik falls back on the internal network IP of the container, but still uses the `traefik.port` that is set in the label.
When used in conjunction with the `traefik.http.services.XXX.loadbalancer.server.port` label (that tells Traefik to route requests to a specific port),
Traefik tries to find a binding on port `traefik.http.services.XXX.loadbalancer.server.port`.
If it can't find such a binding, Traefik falls back on the internal network IP of the container,
but still uses the `traefik.http.services.XXX.loadbalancer.server.port` that is set in the label.
??? example "Examples of `usebindportip` in different situations."
| traefik.port label | Container's binding | Routes to |
| port label | Container's binding | Routes to |
|--------------------|----------------------------------------------------|----------------|
| - | - | IntIP:IntPort |
| - | ExtPort:IntPort | IntIP:IntPort |
@@ -182,15 +184,24 @@ This option can be overridden on a container basis with the `traefik.docker.netw
### `defaultRule`
_Optional, Default=Host(`{{ normalize .Name }}`)_
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/),
augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
The container service name can be accessed as the Name identifier,
The container service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container.
``defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"``
```toml tab="File"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.docker
--providers.docker.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
### `swarmMode`
@@ -204,6 +215,48 @@ _Optional, Default=15_
Defines the polling interval (in seconds) in Swarm Mode.
### `constraints`
_Optional, Default=""_
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp("key", "value")` functions, as well as the usual boolean logic, as shown in examples below.
??? example "Constraints Expression Examples"
```toml
# Includes only containers having a label with key `a.label.name` and value `foo`
constraints = "Label(`a.label.name`, `foo`)"
```
```toml
# Excludes containers having any label with key `a.label.name` and value `foo`
constraints = "!Label(`a.label.name`, `value`)"
```
```toml
# With logical AND.
constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
```
```toml
# With logical OR.
constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
```
```toml
# With logical AND and OR, with precedence set by parentheses.
constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
```
```toml
# Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
```
## Routing Configuration Options
### General
@@ -221,7 +274,7 @@ Every [Router](../routing/routers/index.md) parameter can be updated this way.
### Services
To update the configuration of the Service automatically attached to the container, add labels starting with `traefik.http.services.{name-of-your-choice}.`, followed by the option you want to change. For example, to change the load balancer method, you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.method=drr`.
To update the configuration of the Service automatically attached to the container, add labels starting with `traefik.http.services.{name-of-your-choice}.`, followed by the option you want to change. For example, to change the passhostheader behavior, you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false`.
Every [Service](../routing/services/index.md) parameter can be updated this way.
@@ -236,14 +289,16 @@ You can declare pieces of middleware using labels starting with `traefik.http.mi
my-container:
# ...
labels:
- traefik.http.middlewares.my-redirect.schemeredirect.scheme=https
- traefik.http.routers.middlewares=my-redirect
- traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
- traefik.http.routers.my-container.middlewares=my-redirect
```
!!! warning "Conflicts in Declaration"
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### TCP
You can declare TCP Routers and/or Services using labels.
@@ -262,7 +317,7 @@ You can declare TCP Routers and/or Services using labels.
!!! warning "TCP and HTTP"
If you declare a TCP Router/Service, it will prevent Traefik from automatically create an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
### Specific Options
@@ -273,10 +328,6 @@ You can tell Traefik to consider (or not) the container by setting `traefik.enab
This option overrides the value of `exposedByDefault`.
#### `traefik.tags`
Sets the tags for [constraints filtering](./overview.md#constraints-configuration).
#### `traefik.docker.network`
Overrides the default docker network to use for connections to the container.

174
docs/content/providers/file.md
View File

@@ -3,12 +3,12 @@
Good Old Configuration File
{: .subtitle }
The file provider lets you define the [dynamic configuration](./overview.md) in a `toml` file.
The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file.
You can write these configuration elements:
* At the end of the main Traefik configuration file (by default: `traefik.toml`).
* In [a dedicated file](#filename-optional)
* In [several dedicated files](#directory-optional)
* At the end of the main Traefik configuration file (by default: `traefik.toml`/`traefik.yml`/`traefik.yaml`).
* In [a dedicated file](#filename)
* In [several dedicated files](#directory)
!!! note
The file provider is the default format used throughout the documentation to show samples of the configuration for many features.
@@ -20,10 +20,20 @@ You can write these configuration elements:
??? example "Declaring Routers, Middlewares & Services"
``` toml
# Enabling the file provider
[providers.file]
Enabling the file provider:
```toml tab="TOML"
[providers.file]
```
```yaml tab="YAML"
providers:
file: {}
```
Declaring Routers, Middlewares & Services:
```toml tab="TOML"
[http]
# Add the router
[http.routers]
@@ -35,7 +45,7 @@ You can write these configuration elements:
# Add the middleware
[http.middlewares]
[http.middlewares.my-basic-auth.BasicAuth]
[http.middlewares.my-basic-auth.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
@@ -43,64 +53,118 @@ You can write these configuration elements:
# Add the service
[http.services]
[http.services.service-foo]
[http.services.service-foo.LoadBalancer]
method = "wrr"
[[http.services.service-foo.LoadBalancer.Servers]]
[http.services.service-foo.loadBalancer]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://foo/"
weight = 30
[[http.services.service-foo.LoadBalancer.Servers]]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://bar/"
weight = 70
```
```yaml tab="YAML"
http:
# Add the router
routers:
router0:
entryPoints:
- web
middlewares:
- my-basic-auth
service: service-foo
rule: Path(`foo`)
# Add the middleware
middlewares:
my-basic-auth:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
usersFile: etc/traefik/.htpasswd
# Add the service
services:
service-foo:
loadBalancer:
servers:
- url: http://foo/
- url: http://bar/
passHostHeader: false
```
## Provider Configuration Options
!!! tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/file.md) configuration references.
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration/overview.md) and the [dynamic](../reference/dynamic-configuration/file.md) configuration references.
### `filename` (_Optional_)
### `filename`
_Optional_
Defines the path of the configuration file.
```toml
```toml tab="TOML"
[providers]
[providers.file]
filename = "rules.toml"
```
### `directory` (_Optional_)
```yaml tab="YAML"
providers:
file:
filename: rules.yaml
```
### `directory`
_Optional_
Defines the directory that contains the configuration files.
```toml
```toml tab="TOML"
[providers]
[providers.file]
directory = "/path/to/config"
```
### `watch` (_Optional_)
```yaml tab="YAML"
providers:
file:
directory: /path/to/config
```
### `watch`
_Optional_
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
It works with both the `filename` and the `directory` options.
```toml
```toml tab="TOML"
[providers]
[providers.file]
filename = "rules.toml"
watch = true
```
### TOML Templating
```yaml tab="YAML"
providers:
file:
filename: rules.yml
watch: true
```
### Go Templating
!!! warning
TOML templating only works along with dedicated configuration files. Templating does not work in the Traefik main configuration file.
Go Templating only works along with dedicated configuration files.
Templating does not work in the Traefik main configuration file.
Traefik allows using TOML templating.
Traefik allows using Go templating.
Thus, it's possible to define easily lot of routers, services and TLS certificates as described in the file `template-rules.toml` :
??? example "Configuring Using Templating"
```toml
```toml tab="TOML"
# template-rules.toml
[http]
@@ -111,7 +175,7 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
{{ end }}
[http.Services]
[http.services]
{{ range $i, $e := until 100 }}
[http.services.service{{ $e }}]
# ...
@@ -126,24 +190,62 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
{{ end }}
[tcp.Services]
[tcp.services]
{{ range $i, $e := until 100 }}
[http.services.service{{ $e }}]
# ...
{{ end }}
{{ range $i, $e := until 10 }}
[[TLS]]
Store = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
[TLS.Certificate]
CertFile = "/etc/traefik/cert-{{ $e }}.pem"
KeyFile = "/etc/traefik/cert-{{ $e }}.key"
[[tls.certificates]]
certFile = "/etc/traefik/cert-{{ $e }}.pem"
keyFile = "/etc/traefik/cert-{{ $e }}.key"
store = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
{{ end }}
[TLSConfig]
[tls.config]
{{ range $i, $e := until 10 }}
[TLSConfig.TLS{{ $e }}]
[tls.config.TLS{{ $e }}]
# ...
{{ end }}
```
```yaml tab="YAML"
http:
{{range $i, $e := until 100 }}
routers:
router{{ $e }:
# ...
{{end}}
{{range $i, $e := until 100 }}
services:
application{{ $e }}:
# ...
{{end}}
tcp:
{{range $i, $e := until 100 }}
routers:
router{{ $e }:
# ...
{{end}}
{{range $i, $e := until 100 }}
services:
service{{ $e }}:
# ...
{{end}}
{{ range $i, $e := until 10 }}
tls:
certificates:
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
```

98
docs/content/providers/kubernetes-crd.md
View File

@@ -33,7 +33,7 @@ In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File"
[Providers.KubernetesCRD]
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
@@ -50,7 +50,7 @@ _Optional, Default=empty_
Bearer token used for the Kubernetes client configuration.
```toml tab="File"
[Providers.KubernetesCRD]
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
@@ -68,7 +68,7 @@ Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File"
[Providers.KubernetesCRD]
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
@@ -85,7 +85,7 @@ _Optional, Default: all namespaces (empty array)_
Array of namespaces to watch.
```toml tab="File"
[Providers.KubernetesCRD]
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
@@ -105,7 +105,7 @@ A label selector can be defined to filter on specific Ingress objects only.
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File"
[Providers.KubernetesCRD]
[providers.kubernetesCRD]
labelselector = "A and not B"
# ...
```
@@ -125,7 +125,7 @@ If the parameter is non-empty, only Ingresses containing an annotation with the
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
```toml tab="File"
[Providers.KubernetesCRD]
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
@@ -145,13 +145,13 @@ If you're in a hurry, maybe you'd rather go through the [dynamic](../reference/d
--8<-- "content/providers/crd_ingress_route.yml"
```
That `IngressRoute` kind can then be used to define an `IngressRoute` object, such as:
That `IngressRoute` kind can then be used to define an `IngressRoute` object, such as in:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutefoo.crd
name: ingressroutefoo
spec:
entryPoints:
@@ -170,6 +170,22 @@ spec:
services:
- name: whoami
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcpfoo.crd
spec:
entryPoints:
- footcp
routes:
# Match is the rule corresponding to an underlying router.
- match: HostSNI(`*`)
services:
- name: whoamitcp
port: 8080
```
### Middleware
@@ -187,6 +203,7 @@ apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefix
namespace: foo
spec:
stripPrefix:
@@ -197,7 +214,7 @@ spec:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar.crd
name: ingressroutebar
spec:
entryPoints:
@@ -210,8 +227,69 @@ spec:
port: 80
middlewares:
- name: stripprefix
namespace: foo
```
!!! important "Cross-provider namespace"
As Kubernetes also has its own notion of namespace, one should not confuse the kubernetes namespace of a resource
(in the reference to the middleware) with the [provider namespace](../middlewares/overview.md#provider-namespace),
when the definition of the middleware is from another provider.
In this context, specifying a namespace when referring to the resource does not make any sense, and will be ignored.
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### TLS Option
Additionally, to allow for the use of TLS options in an IngressRoute, we defined the CRD below for the TLSOption kind.
More information about TLS Options is available in the dedicated [TLS Configuration Options](../../https/tls/#tls-options).
```yaml
--8<-- "content/providers/crd_tls_option.yml"
```
Once the TLSOption kind has been registered with the Kubernetes cluster or defined in the File Provider, it can then be used in IngressRoute definitions, such as:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: mytlsoption
namespace: default
spec:
minversion: VersionTLS12
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- web
routes:
- match: Host(`bar.com`) && PathPrefix(`/stripit`)
kind: Rule
services:
- name: whoami
port: 80
tls:
options:
name: mytlsoption
namespace: default
```
!!! important "References and namespaces"
If the optional `namespace` attribute is not set, the configuration will be applied with the namespace of the IngressRoute.
Additionally, when the definition of the TLS option is from another provider,
the cross-provider syntax (`middlewarename@provider`) should be used to refer to the TLS option,
just as in the [middleware case](../middlewares/overview.md#provider-namespace).
Specifying a namespace attribute in this case would not make any sense, and will be ignored.
### TLS
To allow for TLS, we made use of the `Secret` kind, as it was already defined, and it can be directly used in an `IngressRoute`:
@@ -230,7 +308,7 @@ data:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutetls.crd
name: ingressroutetls
spec:
entryPoints:

115
docs/content/providers/marathon.md
View File

@@ -13,7 +13,7 @@ See also [Marathon user guide](../user-guides/marathon.md).
```toml tab="File"
[providers.marathon]
endpoint = "http://127.0.0.1:8080"
endpoint = "http://127.0.0.1:8080"
```
```txt tab="CLI"
@@ -49,7 +49,7 @@ See also [Marathon user guide](../user-guides/marathon.md).
## Provider Configuration Options
!!! tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/marathon.md) configuration references.
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration/overview.md) and the [dynamic](../reference/dynamic-configuration/marathon.md) configuration references.
### `basic`
@@ -58,9 +58,9 @@ _Optional_
Enables Marathon basic authentication.
```toml tab="File"
[marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```txt tab="CLI"
@@ -78,9 +78,9 @@ DCOSToken for DCOS environment.
If set, it overrides the Authorization header.
```toml tab="File"
[marathon]
dcosToken = "xxxxxx"
# ...
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```txt tab="CLI"
@@ -101,9 +101,9 @@ The app ID can be accessed as the Name identifier,
and the template has access to all the labels defined on this Marathon application.
```toml tab="File"
[marathon]
defaultRule = ""
# ...
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
@@ -132,9 +132,9 @@ Marathon server endpoint.
You can optionally specify multiple endpoints:
```toml tab="File"
[marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```txt tab="CLI"
@@ -150,16 +150,59 @@ Exposes Marathon applications by default through Traefik.
If set to false, applications that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
### `filterMarathonConstraints`
### `constraints`
_Optional, Default=false_
_Optional, Default=""_
Enables filtering using Marathon constraints.
Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application.
That is to say, if none of the application's labels match the expression, no route for the application is created.
In addition, the expression also matched against the application's constraints, such as described in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html).
If the expression is empty, all detected applications are included.
If enabled, Traefik will take into account Marathon constraints, as defined in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html).
The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp("key", "value")`, as well as the usual boolean logic.
In addition, to match against marathon constraints, the function `MarathonConstraint("field:operator:value")` can be used, where the field, operator, and value parts are joined together in a single string with the `:` separator.
Each individual constraint will be treated as a verbatim compounded tag,
e.g. "rack_id:CLUSTER:rack-1", with all constraint groups concatenated together using ":".
??? example "Constraints Expression Examples"
```toml
# Includes only applications having a label with key `a.label.name` and value `foo`
constraints = "Label(`a.label.name`, `foo`)"
```
```toml
# Excludes applications having any label with key `a.label.name` and value `foo`
constraints = "!Label(`a.label.name`, `value`)"
```
```toml
# With logical AND.
constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
```
```toml
# With logical OR.
constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
```
```toml
# With logical AND and OR, with precedence set by parentheses.
constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
```
```toml
# Includes only applications having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
```
```toml
# Includes only applications having a Marathon constraint with field `A`, operator `B`, and value `C`.
constraints = "MarathonConstraint(`A:B:C`)"
```
```toml
# Uses both Marathon constraint and application label with logical operator.
constraints = "MarathonConstraint(`A:B:C`) && Label(`a.label.name`, `value`)"
```
### `forceTaskHostname`
@@ -204,11 +247,11 @@ _Optional_
TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config).
```toml tab="File"
[marathon.TLS]
CA = "/etc/ssl/ca.crt"
Cert = "/etc/ssl/marathon.cert"
Key = "/etc/ssl/marathon.key"
insecureSkipVerify = true
[providers.marathon.tls]
ca = "/etc/ssl/ca.crt"
cert = "/etc/ssl/marathon.cert"
key = "/etc/ssl/marathon.key"
insecureSkipVerify = true
```
```txt tab="CLI"
@@ -253,23 +296,23 @@ and the router automatically gets a rule defined by defaultRule (if no rule for
### Routers
To update the configuration of the Router automatically attached to the application,
add labels starting with `traefik.HTTP.Routers.{router-name-of-your-choice}.` and followed by the option you want to change.
For example, to change the routing rule, you could add the label ```traefik.HTTP.Routers.Routername.Rule=Host(`my-domain`)```.
add labels starting with `traefik.http.routers.{router-name-of-your-choice}.` and followed by the option you want to change.
For example, to change the routing rule, you could add the label ```traefik.http.routers.routername.rule=Host(`my-domain`)```.
Every [Router](../routing/routers/index.md) parameter can be updated this way.
### Services
To update the configuration of the Service automatically attached to the container,
add labels starting with `traefik.HTTP.Services.{service-name-of-your-choice}.`, followed by the option you want to change.
For example, to change the load balancer method, you'd add the label `traefik.HTTP.Services.Servicename.LoadBalancer.Method=drr`.
add labels starting with `traefik.http.services.{service-name-of-your-choice}.`, followed by the option you want to change.
For example, to change the passHostHeader behavior, you'd add the label `traefik.http.services.servicename.loadbalancer.passhostheader=false`.
Every [Service](../routing/services/index.md) parameter can be updated this way.
### Middleware
You can declare pieces of middleware using labels starting with `traefik.HTTP.Middlewares.{middleware-name-of-your-choice}.`, followed by the middleware type/options.
For example, to declare a middleware [`schemeredirect`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.HTTP.Middlewares.my-redirect.RedirectScheme.Scheme: https`.
You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{middleware-name-of-your-choice}.`, followed by the middleware type/options.
For example, to declare a middleware [`redirectscheme`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.redirectscheme.scheme: https`.
??? example "Declaring and Referencing a Middleware"
@@ -277,8 +320,8 @@ For example, to declare a middleware [`schemeredirect`](../middlewares/redirects
{
...
"labels": {
"traefik.http.middlewares.my-redirect.schemeredirect.scheme": "https",
"traefik.http.routers.middlewares": "my-redirect"
"traefik.http.middlewares.my-redirect.redirectscheme.scheme": "https",
"traefik.http.routers.my-container.middlewares": "my-redirect"
}
}
```
@@ -287,6 +330,8 @@ For example, to declare a middleware [`schemeredirect`](../middlewares/redirects
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### TCP
You can declare TCP Routers and/or Services using labels.
@@ -316,10 +361,6 @@ You can declare TCP Routers and/or Services using labels.
Setting this option controls whether Traefik exposes the application.
It overrides the value of `exposedByDefault`.
#### `traefik.tags`
Sets the tags for [constraints filtering](./overview.md#constraints-configuration).
#### `traefik.marathon.ipadressidx`
If a task has several IP addresses, this option specifies which one, in the list of available addresses, to select.

86
docs/content/providers/overview.md
View File

@@ -26,74 +26,46 @@ Even if each provider is different, we can categorize them in four groups:
Below is the list of the currently supported providers in Traefik.
| Provider | Type | Configuration Type |
|---------------------------------|--------------|--------------------|
| [Docker](./docker.md) | Orchestrator | Label |
| [File](./file.md) | Orchestrator | Custom Annotation |
| [Kubernetes](kubernetes-crd.md) | Orchestrator | Custom Resource |
| [Marathon](marathon.md) | Orchestrator | Label |
| Provider | Type | Configuration Type |
|-----------------------------------|--------------|--------------------|
| [Docker](./docker.md) | Orchestrator | Label |
| [Kubernetes](./kubernetes-crd.md) | Orchestrator | Custom Resource |
| [Marathon](./marathon.md) | Orchestrator | Label |
| [Rancher](./rancher.md) | Orchestrator | Label |
| [File](./file.md) | Manual | TOML format |
!!! note "More Providers"
The current version of Traefik is in development and doesn't support (yet) every provider. See the previous version (1.7) for more providers.
The current version of Traefik is in development and doesn't support (yet) every provider.
See the previous version (1.7) for more providers.
<!--
TODO (document TCP VS HTTP dynamic configuration)
-->
## Constraints Configuration
TODO (document TCP VS HTTP dynamic configuration)
-->
If you want to limit the scope of Traefik service discovery, you can set constraints.
Doing so, Traefik will create routes for containers that match these constraints only.
## Restrict the Scope of Service Discovery
??? example "Containers with the api Tag"
By default Traefik will create routes for all detected containers.
```toml
constraints = ["tag==api"]
```
If you want to limit the scope of Traefik's service discovery,
i.e. disallow route creation for some containers,
you can do so in two different ways:
either with the generic configuration option `exposedByDefault`,
or with a finer granularity mechanism based on constraints.
??? example "Containers without the api Tag"
### `exposedByDefault` and `traefik.enable`
```toml
constraints = ["tag!=api"]
```
??? example "Containers with tags starting with 'us-'"
List of providers that support that feature:
```toml
constraints = ["tag==us-*"]
```
- [Docker](./docker.md#exposedbydefault)
- [Rancher](./rancher.md#exposedbydefault)
- [Marathon](./marathon.md#exposedbydefault)
??? example "Multiple constraints"
### Constraints
```toml
# Multiple constraints
# - "tag==" must match with at least one tag
# - "tag!=" must match with none of tags
constraints = ["tag!=us-*", "tag!=asia-*"]
```
List of providers that support constraints:
??? note "List of Providers that Support Constraints"
- Docker
- Consul K/V
- BoltDB
- Zookeeper
- ECS
- Etcd
- Consul Catalog
- Rancher
- Marathon
- Kubernetes (using a provider-specific mechanism based on label selectors)
!!! note
The constraint option belongs to the provider configuration itself.
??? example "Setting the Constraint Options for Docker"
```toml
[providers]
[providers.docker]
constraints = ["tag==api"]
```
- [Docker](./docker.md#constraints)
- [Rancher](./rancher.md#constraints)
- [Marathon](./marathon.md#constraints)
- [Kubernetes CRD](./kubernetes-crd.md#labelselector)

143
docs/content/providers/rancher.md
View File

@@ -1,83 +1,41 @@
# Traefik & Rancher
A Story of Labels, Services & Container
A Story of Labels, Services & Containers
{: .subtitle }
![Rancher](../assets/img/providers/rancher.png)
Attach labels to your services and let Traefik do the rest!
!!! important
This provider is specific to Rancher 1.x.
Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query.
As such, Rancher 2.x users should utilize the [Kubernetes provider](./kubernetes-crd.md) directly.
## Configuration Examples
??? example "Configuring Docker & Deploying / Exposing Services"
??? example "Configuring Rancher & Deploying / Exposing Services"
Enabling the rancher provider
```toml
[provider.rancher]
[providers.rancher]
```
Attaching labels to services
```yaml
labels:
- traefik.http.services.my-service.rule=Host(my-domain)
- traefik.http.services.my-service.rule=Host(`my-domain`)
```
## Provider Configuration Options
!!! tip "Browse the Reference"
??? tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the configuration reference:
```toml
################################################################
# Rancher Provider
################################################################
# Enable Docker Provider.
[rancher]
# The default host rule for all services.
#
# Optionnal
#
DefaultRule = "unix:///var/run/docker.sock"
# Expose Rancher services by default in Traefik.
#
# Optional
#
ExposedByDefault = "docker.localhost"
# Enable watch docker changes.
#
# Optional
#
watch = true
# Filter services with unhealthy states and inactive states.
#
# Optional
#
EnableServiceHealthFilter = true
# Defines the polling interval (in seconds).
#
# Optional
#
RefreshSeconds = true
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
#
# Optional
#
IntervalPoll = false
# Prefix used for accessing the Rancher metadata service
#
# Optional
#
Prefix = 15
--8<-- "content/providers/rancher.toml"
```
### `ExposedByDefault`
@@ -89,10 +47,27 @@ If set to false, services that don't have a `traefik.enable=true` label will be
### `DefaultRule`
_Optional_
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
The default host rule for all services.
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/),
augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
The service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.rancher
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
### `EnableServiceHealthFilter`
@@ -120,6 +95,50 @@ _Optional, Default=/latest_
Prefix used for accessing the Rancher metadata service
### `constraints`
_Optional, Default=""_
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp("key", "value")` functions, as well as the usual boolean logic, as shown in examples below.
??? example "Constraints Expression Examples"
```toml
# Includes only containers having a label with key `a.label.name` and value `foo`
constraints = "Label(`a.label.name`, `foo`)"
```
```toml
# Excludes containers having any label with key `a.label.name` and value `foo`
constraints = "!Label(`a.label.name`, `value`)"
```
```toml
# With logical AND.
constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
```
```toml
# With logical OR.
constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
```
```toml
# With logical AND and OR, with precedence set by parentheses.
constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
```
```toml
# Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
```
## Routing Configuration Options
### General
Traefik creates, for each rancher service, a corresponding [service](../routing/services/index.md) and [router](../routing/routers/index.md).
@@ -136,29 +155,31 @@ Every [Router](../routing/routers/index.md) parameter can be updated this way.
### Services
To update the configuration of the Service automatically attached to the container, add labels starting with `traefik.http.services.{name-of-your-choice}.`,
followed by the option you want to change. For example, to change the load balancer method,
you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.method=drr`.
followed by the option you want to change. For example, to change the passhostheader behavior,
you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false`.
Every [Service](../routing/services/index.md) parameter can be updated this way.
### Middleware
You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{name-of-your-choice}.`, followed by the middleware type/options.
For example, to declare a middleware [`schemeredirect`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.schemeredirect.scheme: https`.
For example, to declare a middleware [`redirectscheme`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.redirectscheme.scheme: https`.
??? example "Declaring and Referencing a Middleware"
```yaml
# ...
labels:
- traefik.http.middlewares.my-redirect.schemeredirect.scheme=https
- traefik.http.routers.middlewares=my-redirect
- traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
- traefik.http.routers.my-container.middlewares=my-redirect
```
!!! warning "Conflicts in Declaration"
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### Specific Options
#### `traefik.enable`
@@ -167,10 +188,6 @@ You can tell Traefik to consider (or not) the container by setting `traefik.enab
This option overrides the value of `exposedByDefault`.
#### `traefik.tags`
Sets the tags for [constraints filtering](./overview.md#constraints-configuration).
#### Port Lookup
Traefik is now capable of detecting the port to use, by following the default rancher flow.

20
docs/content/providers/rancher.toml Normal file
View File

@@ -0,0 +1,20 @@
# Enable Rancher Provider.
[providers.rancher]
# Expose Rancher services by default in Traefik.
exposedByDefault = true
# Enable watch Rancher changes.
watch = true
# Filter services with unhealthy states and inactive states.
enableServiceHealthFilter = true
# Defines the polling interval (in seconds).
refreshSeconds = true
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
intervalPoll = false
# Prefix used for accessing the Rancher metadata service
prefix = "/latest"

2
docs/content/reference/dynamic-configuration/docker.md
View File

@@ -3,6 +3,8 @@
Dynamic configuration with Docker Labels
{: .subtitle }
The labels are case insensitive.
```yaml
--8<-- "content/reference/dynamic-configuration/labels.yml"
```

8
docs/content/reference/dynamic-configuration/file.md
View File

@@ -1,8 +1,12 @@
# File Configuration Reference
Dynamic configuration with toml files
Dynamic configuration with files
{: .subtitle }
```toml
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/dynamic-configuration/file.yaml"
```

477
docs/content/reference/dynamic-configuration/file.toml
View File

@@ -1,265 +1,248 @@
[HTTP]
[HTTP.Routers]
[HTTP.Routers.Router0]
EntryPoints = ["foobar", "foobar"]
Middlewares = ["foobar", "foobar"]
Service = "foobar"
Rule = "foobar"
[http]
[http.routers]
[http.routers.Router0]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
priority = 42
[HTTP.Routers.Router0.tls]
[HTTP.Middlewares]
[HTTP.Middlewares.Middleware0.AddPrefix]
Prefix = "foobar"
[HTTP.Middlewares.Middleware1.StripPrefix]
Prefixes = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware2.StripPrefixRegex]
Regex = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware3.ReplacePath]
Path = "foobar"
[HTTP.Middlewares.Middleware4.ReplacePathRegex]
Regex = "foobar"
Replacement = "foobar"
[HTTP.Middlewares.Middleware5.Chain]
Middlewares = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware6.IPWhiteList]
SourceRange = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware7.IPWhiteList.IPStrategy]
Depth = 42
ExcludedIPs = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware8.Headers]
AccessControlAllowCredentials = true
AccessControlAllowHeaders = ["foobar", "foobar"]
AccessControlAllowMethods = ["foobar", "foobar"]
AccessControlAllowOrigin = "foobar"
AccessControlExposeHeaders = ["foobar", "foobar"]
AccessControlMaxAge = 42
AddVaryHeader = true
AllowedHosts = ["foobar", "foobar"]
HostsProxyHeaders = ["foobar", "foobar"]
SSLRedirect = true
SSLTemporaryRedirect = true
SSLHost = "foobar"
SSLForceHost = true
STSSeconds = 42
STSIncludeSubdomains = true
STSPreload = true
ForceSTSHeader = true
FrameDeny = true
CustomFrameOptionsValue = "foobar"
ContentTypeNosniff = true
BrowserXSSFilter = true
CustomBrowserXSSValue = "foobar"
ContentSecurityPolicy = "foobar"
PublicKey = "foobar"
ReferrerPolicy = "foobar"
IsDevelopment = true
[HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders]
[http.routers.Router0.tls]
options = "TLS0"
[http.middlewares]
[http.middlewares.Middleware0]
[http.middlewares.Middleware0.addPrefix]
prefix = "foobar"
[http.middlewares.Middleware1]
[http.middlewares.Middleware1.stripPrefix]
prefixes = ["foobar", "foobar"]
[http.middlewares.Middleware10]
[http.middlewares.Middleware10.rateLimit]
extractorFunc = "foobar"
[http.middlewares.Middleware10.rateLimit.rateSet]
[http.middlewares.Middleware10.rateLimit.rateSet.Rate0]
period = 42
average = 42
burst = 42
[http.middlewares.Middleware10.rateLimit.rateSet.Rate1]
period = 42
average = 42
burst = 42
[http.middlewares.Middleware11]
[http.middlewares.Middleware11.redirectRegex]
regex = "foobar"
replacement = "foobar"
permanent = true
[http.middlewares.Middleware12]
[http.middlewares.Middleware12.redirectScheme]
scheme = "foobar"
port = "foobar"
permanent = true
[http.middlewares.Middleware13]
[http.middlewares.Middleware13.basicAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
realm = "foobar"
removeHeader = true
headerField = "foobar"
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.digestAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
removeHeader = true
realm = "foobar"
headerField = "foobar"
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.forwardAuth]
address = "foobar"
trustForwardHeader = true
authResponseHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware15.forwardAuth.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.maxConn]
amount = 42
extractorFunc = "foobar"
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.buffering]
maxRequestBodyBytes = 42
memRequestBodyBytes = 42
maxResponseBodyBytes = 42
memResponseBodyBytes = 42
retryExpression = "foobar"
[http.middlewares.Middleware18]
[http.middlewares.Middleware18.circuitBreaker]
expression = "foobar"
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.compress]
[http.middlewares.Middleware2]
[http.middlewares.Middleware2.stripPrefixRegex]
regex = ["foobar", "foobar"]
[http.middlewares.Middleware20]
[http.middlewares.Middleware20.passTLSClientCert]
pem = true
[http.middlewares.Middleware20.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.Middleware20.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware20.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware21]
[http.middlewares.Middleware21.retry]
attemps = 42
[http.middlewares.Middleware3]
[http.middlewares.Middleware3.replacePath]
path = "foobar"
[http.middlewares.Middleware4]
[http.middlewares.Middleware4.replacePathRegex]
regex = "foobar"
replacement = "foobar"
[http.middlewares.Middleware5]
[http.middlewares.Middleware5.chain]
middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware6]
[http.middlewares.Middleware6.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware7]
[http.middlewares.Middleware7.ipWhiteList]
[http.middlewares.Middleware7.ipWhiteList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware8]
[http.middlewares.Middleware8.headers]
accessControlAllowCredentials = true
accessControlAllowHeaders = ["foobar", "foobar"]
accessControlAllowMethods = ["foobar", "foobar"]
accessControlAllowOrigin = "foobar"
accessControlExposeHeaders = ["foobar", "foobar"]
accessControlMaxAge = 42
addVaryHeader = true
allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"]
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
stsSeconds = 42
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
frameDeny = true
customFrameOptionsValue = "foobar"
contentTypeNosniff = true
browserXssFilter = true
customBrowserXSSValue = "foobar"
contentSecurityPolicy = "foobar"
publicKey = "foobar"
referrerPolicy = "foobar"
isDevelopment = true
[http.middlewares.Middleware8.headers.customRequestHeaders]
name0 = "foobar"
name1 = "foobar"
[HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders]
[http.middlewares.Middleware8.headers.customResponseHeaders]
name0 = "foobar"
name1 = "foobar"
[HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders]
[http.middlewares.Middleware8.headers.sslProxyHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware9]
[http.middlewares.Middleware9.errors]
status = ["foobar", "foobar"]
service = "foobar"
query = "foobar"
[http.services]
[http.services.Service0]
[http.services.Service0.loadBalancer]
passHostHeader = true
[http.services.Service0.loadBalancer.stickiness]
cookieName = "foobar"
[HTTP.Middlewares.Middleware9.Errors]
Status = ["foobar", "foobar"]
Service = "foobar"
Query = "foobar"
[[http.services.Service0.loadBalancer.servers]]
url = "foobar"
[HTTP.Middlewares.Middleware10.RateLimit]
ExtractorFunc = "foobar"
[HTTP.Middlewares.Middleware10.RateLimit.RateSet]
[HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate0]
Period = 42
Average = 42
Burst = 42
[HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate1]
Period = 42
Average = 42
Burst = 42
[HTTP.Middlewares.Middleware11.RedirectRegex]
Regex = "foobar"
Replacement = "foobar"
Permanent = true
[HTTP.Middlewares.Middleware12.RedirectScheme]
Scheme = "foobar"
Port = "foobar"
Permanent = true
[HTTP.Middlewares.Middleware13.BasicAuth]
Users = ["foobar", "foobar"]
UsersFile = "foobar"
Realm = "foobar"
RemoveHeader = true
HeaderField = "foobar"
[HTTP.Middlewares.Middleware14.DigestAuth]
Users = ["foobar", "foobar"]
UsersFile = "foobar"
RemoveHeader = true
Realm = "foobar"
HeaderField = "foobar"
[HTTP.Middlewares.Middleware15.ForwardAuth]
Address = "foobar"
TrustForwardHeader = true
AuthResponseHeaders = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware15.ForwardAuth.TLS]
CA = "foobar"
CAOptional = true
Cert = "foobar"
Key = "foobar"
InsecureSkipVerify = true
[HTTP.Middlewares.Middleware16.MaxConn]
Amount = 42
ExtractorFunc = "foobar"
[HTTP.Middlewares.Middleware17.Buffering]
MaxRequestBodyBytes = 42
MemRequestBodyBytes = 42
MaxResponseBodyBytes = 42
MemResponseBodyBytes = 42
RetryExpression = "foobar"
[HTTP.Middlewares.Middleware18.CircuitBreaker]
Expression = "foobar"
[HTTP.Middlewares.Middleware19.Compress]
[HTTP.Middlewares.Middleware20.PassTLSClientCert]
PEM = true
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info]
NotAfter = true
NotBefore = true
Sans = true
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Subject]
Country = true
Province = true
Locality = true
Organization = true
CommonName = true
SerialNumber = true
DomainComponent = true
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Issuer]
Country = true
Province = true
Locality = true
Organization = true
CommonName = true
SerialNumber = true
DomainComponent = true
[HTTP.Middlewares.Middleware21.Retry]
Attempts = 42
[HTTP.Services]
[HTTP.Services.Service0]
[HTTP.Services.Service0.LoadBalancer]
Method = "foobar"
PassHostHeader = true
[[HTTP.Services.Service0.LoadBalancer.Servers]]
URL = "foobar"
Weight = 42
[HTTP.Services.Service0.LoadBalancer.Stickiness]
CookieName = "foobar"
[[HTTP.Services.Service0.LoadBalancer.Servers]]
URL = "foobar"
Weight = 42
[HTTP.Services.Service0.LoadBalancer.HealthCheck]
Scheme = "foobar"
Path = "foobar"
Port = 42
Interval = "foobar"
Timeout = "foobar"
Hostname = "foobar"
[HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers]
[[http.services.Service0.loadBalancer.servers]]
url = "foobar"
[http.services.Service0.loadBalancer.healthCheck]
scheme = "foobar"
path = "foobar"
port = 42
interval = "foobar"
timeout = "foobar"
hostname = "foobar"
[http.services.Service0.loadBalancer.healthCheck.headers]
name0 = "foobar"
name1 = "foobar"
[HTTP.Services.Service0.LoadBalancer.ResponseForwarding]
FlushInterval = "foobar"
[http.services.Service0.loadBalancer.responseForwarding]
flushInterval = "foobar"
[TCP]
[TCP.Routers]
[TCP.Routers.TCPRouter0]
EntryPoints = ["foobar", "foobar"]
Service = "foobar"
Rule = "foobar"
[TCP.Routers.TCPRouter0.tls]
[tcp]
[tcp.routers]
[tcp.routers.TCPRouter0]
entryPoints = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
[tcp.routers.TCPRouter0.tls]
passthrough = true
options = "TLS1"
[tcp.services]
[tcp.services.TCPService0]
[tcp.services.TCPService0.loadBalancer]
[TCP.Services]
[[tcp.services.TCPService0.loadBalancer.servers]]
address = "foobar"
[TCP.Services.TCPService0]
[TCP.Services.TCPService0.LoadBalancer]
Method = "foobar"
[[tcp.services.TCPService0.loadBalancer.servers]]
address = "foobar"
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
Address = "foobar"
Weight = 42
[tls]
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
Address = "foobar"
Weight = 42
[[tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
stores = ["foobar", "foobar"]
[[TLS]]
Stores = ["foobar", "foobar"]
[TLS.Certificate]
CertFile = "foobar"
KeyFile = "foobar"
[[TLS]]
Stores = ["foobar", "foobar"]
[TLS.Certificate]
CertFile = "foobar"
KeyFile = "foobar"
[TLSOptions]
[TLSOptions.TLS0]
MinVersion = "foobar"
CipherSuites = ["foobar", "foobar"]
SniStrict = true
[TLSOptions.TLS0.ClientCA]
Files = ["foobar", "foobar"]
Optional = true
[TLSOptions.TLS1]
MinVersion = "foobar"
CipherSuites = ["foobar", "foobar"]
SniStrict = true
[TLSOptions.TLS1.ClientCA]
Files = ["foobar", "foobar"]
Optional = true
[TLSStores]
[TLSStores.Store0]
[TLSStores.Store0.DefaultCertificate]
CertFile = "foobar"
KeyFile = "foobar"
[TLSStores.Store1]
[TLSStores.Store1.DefaultCertificate]
CertFile = "foobar"
KeyFile = "foobar"
[[tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
stores = ["foobar", "foobar"]
[tls.options]
[tls.options.TLS0]
minVersion = "foobar"
cipherSuites = ["foobar", "foobar"]
sniStrict = true
[tls.options.TLS0.clientCA]
files = ["foobar", "foobar"]
optional = true
[tls.options.TLS1]
minVersion = "foobar"
cipherSuites = ["foobar", "foobar"]
sniStrict = true
[tls.options.TLS1.clientCA]
files = ["foobar", "foobar"]
optional = true
[tls.stores]
[tls.stores.Store0]
[tls.stores.Store0.defaultCertificate]
certFile = "foobar"
keyFile = "foobar"
[tls.stores.Store1]
[tls.stores.Store1.defaultCertificate]
certFile = "foobar"
keyFile = "foobar"

281
docs/content/reference/dynamic-configuration/file.yaml Normal file
View File

@@ -0,0 +1,281 @@
http:
routers:
Router0:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
priority: 42
tls: {}
middlewares:
Middleware0:
addPrefix:
prefix: foobar
Middleware1:
stripPrefix:
prefixes:
- foobar
- foobar
Middleware2:
stripPrefixRegex:
regex:
- foobar
- foobar
Middleware3:
replacePath:
path: foobar
Middleware4:
replacePathRegex:
regex: foobar
replacement: foobar
Middleware5:
chain:
middlewares:
- foobar
- foobar
Middleware6:
ipWhiteList:
sourceRange:
- foobar
- foobar
Middleware7:
ipWhiteList:
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
Middleware8:
headers:
customRequestHeaders:
name0: foobar
name1: foobar
customResponseHeaders:
name0: foobar
name1: foobar
accessControlAllowCredentials: true
accessControlAllowHeaders:
- foobar
- foobar
accessControlAllowMethods:
- foobar
- foobar
accessControlAllowOrigin: foobar
accessControlExposeHeaders:
- foobar
- foobar
accessControlMaxAge: 42
addVaryHeader: true
allowedHosts:
- foobar
- foobar
hostsProxyHeaders:
- foobar
- foobar
sslRedirect: true
sslTemporaryRedirect: true
sslHost: foobar
sslProxyHeaders:
name0: foobar
name1: foobar
sslForceHost: true
stsSeconds: 42
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
frameDeny: true
customFrameOptionsValue: foobar
contentTypeNosniff: true
browserXssFilter: true
customBrowserXSSValue: foobar
contentSecurityPolicy: foobar
publicKey: foobar
referrerPolicy: foobar
isDevelopment: true
Middleware9:
errors:
status:
- foobar
- foobar
service: foobar
query: foobar
Middleware10:
rateLimit:
rateSet:
Rate0:
period: 42000000000
average: 42
burst: 42
Rate1:
period: 42000000000
average: 42
burst: 42
extractorFunc: foobar
Middleware11:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware12:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware13:
basicAuth:
users:
- foobar
- foobar
usersFile: foobar
realm: foobar
removeHeader: true
headerField: foobar
Middleware14:
digestAuth:
users:
- foobar
- foobar
usersFile: foobar
removeHeader: true
realm: foobar
headerField: foobar
Middleware15:
forwardAuth:
address: foobar
tls:
ca: foobar
caOptional: true
cert: foobar
key: foobar
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- foobar
- foobar
Middleware16:
maxConn:
amount: 42
extractorFunc: foobar
Middleware17:
buffering:
maxRequestBodyBytes: 42
memRequestBodyBytes: 42
maxResponseBodyBytes: 42
memResponseBodyBytes: 42
retryExpression: foobar
Middleware18:
circuitBreaker:
expression: foobar
Middleware19:
compress: {}
Middleware20:
passTLSClientCert:
pem: true
info:
notAfter: true
notBefore: true
sans: true
subject:
country: true
province: true
locality: true
organization: true
commonName: true
serialNumber: true
domainComponent: true
issuer:
country: true
province: true
locality: true
organization: true
commonName: true
serialNumber: true
domainComponent: true
Middleware21:
retry:
attemps: 42
services:
Service0:
loadBalancer:
stickiness:
cookieName: foobar
servers:
- url: foobar
- url: foobar
healthCheck:
scheme: foobar
path: foobar
port: 42
interval: foobar
timeout: foobar
hostname: foobar
headers:
name0: foobar
name1: foobar
passHostHeader: true
responseForwarding:
flushInterval: foobar
tcp:
routers:
TCPRouter0:
entryPoints:
- foobar
- foobar
service: foobar
rule: foobar
tls:
passthrough: true
services:
TCPService0:
loadBalancer:
servers:
- address: foobar
- address: foobar
tls:
certificates:
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
options:
TLS0:
minVersion: foobar
cipherSuites:
- foobar
- foobar
clientCA:
files:
- foobar
- foobar
optional: true
sniStrict: true
TLS1:
minVersion: foobar
cipherSuites:
- foobar
- foobar
clientCA:
files:
- foobar
- foobar
optional: true
sniStrict: true
stores:
Store0:
defaultCertificate:
certFile: foobar
keyFile: foobar
Store1:
defaultCertificate:
certFile: foobar
keyFile: foobar

60
docs/content/reference/dynamic-configuration/kubernetes-crd.yml
View File

@@ -26,11 +26,41 @@ spec:
singular: middleware
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute.crd
name: ingressroute
spec:
entryPoints:
- web
@@ -67,5 +97,31 @@ spec:
middlewares:
- name: stripprefix
- name: addprefix
# use an empty tls object for TLS with Let's Encrypt
tls:
secretName: supersecret
secretName: supersecret
options:
name: myTLSOption
namespace: default
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcp.crd
namespace: default
spec:
entryPoints:
- footcp
routes:
- match: HostSNI(`bar.com`)
services:
- name: whoamitcp
port: 8080
tls:
secretName: foosecret
passthrough: false
options:
name: myTLSOption
namespace: default

311
docs/content/reference/dynamic-configuration/labels.yml
View File

@@ -1,159 +1,154 @@
labels:
- "traefik.HTTP.Middlewares.Middleware0.AddPrefix.Prefix=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.HeaderField=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Realm=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.RemoveHeader=true"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Users=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.UsersFile=foobar"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxRequestBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxResponseBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemRequestBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemResponseBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.RetryExpression=foobar"
- "traefik.HTTP.Middlewares.Middleware3.Chain.Middlewares=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware4.CircuitBreaker.Expression=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.HeaderField=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Realm=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.RemoveHeader=true"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Users=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.UsersFile=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Query=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Service=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Status=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.Address=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional=true"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify=true"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TrustForwardHeader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowCredentials=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowHeaders=X-foobar, X-fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowMethods=GET, PUT"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowOrigin=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlExposeHeaders=X-foobar, X-fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlMaxAge=200"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AddVaryHeader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AllowedHosts=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.BrowserXSSFilter=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentSecurityPolicy=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentTypeNosniff=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomBrowserXSSValue=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomFrameOptionsValue=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ForceSTSHeader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.FrameDeny=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.HostsProxyHeaders=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds=42"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth=42"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.Amount=42"
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.ExtractorFunc=foobar"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotAfter=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotBefore=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Sans=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Country=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Province=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Locality=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Organization=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.CommonName=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.SerialNumber=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.DomainComponent=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Country=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Province=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Locality=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Organization=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.CommonName=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.SerialNumber=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.DomainComponent=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.PEM=true"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.ExtractorFunc=foobar"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Average=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Burst=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Period=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Average=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Burst=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Period=42"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Regex=foobar"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Replacement=foobar"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Permanent=true"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Scheme=https"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Port=80"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Permanent=true"
- "traefik.HTTP.Middlewares.Middleware14.ReplacePath.Path=foobar"
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Regex=foobar"
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Replacement=foobar"
- "traefik.HTTP.Middlewares.Middleware16.Retry.Attempts=42"
- "traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware19.Compress=true"
- "traefik.HTTP.Routers.Router0.EntryPoints=foobar, fiibar"
- "traefik.HTTP.Routers.Router0.Middlewares=foobar, fiibar"
- "traefik.HTTP.Routers.Router0.Priority=42"
- "traefik.HTTP.Routers.Router0.Rule=foobar"
- "traefik.HTTP.Routers.Router0.Service=foobar"
- "traefik.HTTP.Routers.Router0.TLS=true"
- "traefik.HTTP.Routers.Router1.EntryPoints=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Middlewares=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Priority=42"
- "traefik.HTTP.Routers.Router1.Rule=foobar"
- "traefik.HTTP.Routers.Router1.Service=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name1=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Hostname=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Interval=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Path=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Port=42"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Timeout=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.Method=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.PassHostHeader=true"
- "traefik.HTTP.Services.Service0.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Port=8080"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Weight=42"
- "traefik.HTTP.Services.Service0.LoadBalancer.Stickiness.CookieName=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name0=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name1=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Hostname=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Interval=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Path=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Port=42"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Scheme=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Timeout=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.Method=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.PassHostHeader=true"
- "traefik.HTTP.Services.Service1.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Port=8080"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Weight=42"
- "traefik.TCP.Routers.Router0.Rule=foobar"
- "traefik.TCP.Routers.Router0.EntryPoints=foobar, fiibar"
- "traefik.TCP.Routers.Router0.Service=foobar"
- "traefik.TCP.Routers.Router0.TLS.Passthrough=false"
- "traefik.TCP.Routers.Router1.Rule=foobar"
- "traefik.TCP.Routers.Router1.EntryPoints=foobar, fiibar"
- "traefik.TCP.Routers.Router1.Service=foobar"
- "traefik.TCP.Routers.Router1.TLS.Passthrough=false"
- "traefik.TCP.Services.Service0.LoadBalancer.Method=foobar"
- "traefik.TCP.Services.Service0.LoadBalancer.server.Port=42"
- "traefik.TCP.Services.Service0.LoadBalancer.server.Weight=42"
- "traefik.TCP.Services.Service1.LoadBalancer.Method=foobar"
- "traefik.TCP.Services.Service1.LoadBalancer.server.Port=42"
- "traefik.TCP.Services.Service1.LoadBalancer.server.Weight=42"
- "traefik.http.middlewares.Middleware0.addprefix.prefix=foobar"
- "traefik.http.middlewares.Middleware1.basicauth.headerfield=foobar"
- "traefik.http.middlewares.Middleware1.basicauth.realm=foobar"
- "traefik.http.middlewares.Middleware1.basicauth.removeheader=true"
- "traefik.http.middlewares.Middleware1.basicauth.users=foobar, fiibar"
- "traefik.http.middlewares.Middleware1.basicauth.usersfile=foobar"
- "traefik.http.middlewares.Middleware2.buffering.maxrequestbodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.maxresponsebodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.memrequestbodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.memresponsebodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.retryexpression=foobar"
- "traefik.http.middlewares.Middleware3.chain.middlewares=foobar, fiibar"
- "traefik.http.middlewares.Middleware4.circuitbreaker.expression=foobar"
- "traefik.http.middlewares.Middleware5.digestauth.headerfield=foobar"
- "traefik.http.middlewares.Middleware5.digestauth.realm=foobar"
- "traefik.http.middlewares.Middleware5.digestauth.removeheader=true"
- "traefik.http.middlewares.Middleware5.digestauth.users=foobar, fiibar"
- "traefik.http.middlewares.Middleware5.digestauth.usersfile=foobar"
- "traefik.http.middlewares.Middleware6.errors.query=foobar"
- "traefik.http.middlewares.Middleware6.errors.service=foobar"
- "traefik.http.middlewares.Middleware6.errors.status=foobar, fiibar"
- "traefik.http.middlewares.Middleware7.forwardauth.address=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders=foobar, fiibar"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.key=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowheaders=x-foobar, x-fiibar"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowmethods=get, put"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolalloworigin=foobar"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolexposeheaders=x-foobar, x-fiibar"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolmaxage=200"
- "traefik.http.middlewares.Middleware8.headers.addvaryheader=true"
- "traefik.http.middlewares.Middleware8.headers.allowedhosts=foobar, fiibar"
- "traefik.http.middlewares.Middleware8.headers.browserxssfilter=true"
- "traefik.http.middlewares.Middleware8.headers.contentsecuritypolicy=foobar"
- "traefik.http.middlewares.Middleware8.headers.contenttypenosniff=true"
- "traefik.http.middlewares.Middleware8.headers.custombrowserxssvalue=foobar"
- "traefik.http.middlewares.Middleware8.headers.customframeoptionsvalue=foobar"
- "traefik.http.middlewares.Middleware8.headers.customrequestheaders.name0=foobar"
- "traefik.http.middlewares.Middleware8.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.Middleware8.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.Middleware8.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.Middleware8.headers.forcestsheader=true"
- "traefik.http.middlewares.Middleware8.headers.framedeny=true"
- "traefik.http.middlewares.Middleware8.headers.hostsproxyheaders=foobar, fiibar"
- "traefik.http.middlewares.Middleware8.headers.isdevelopment=true"
- "traefik.http.middlewares.Middleware8.headers.publickey=foobar"
- "traefik.http.middlewares.Middleware8.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslforcehost=true"
- "traefik.http.middlewares.Middleware8.headers.sslhost=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslredirect=true"
- "traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.Middleware8.headers.stspreload=true"
- "traefik.http.middlewares.Middleware8.headers.stsseconds=42"
- "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips=foobar, fiibar"
- "traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange=foobar, fiibar"
- "traefik.http.middlewares.Middleware10.maxconn.amount=42"
- "traefik.http.middlewares.Middleware10.maxconn.extractorfunc=foobar"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.pem=true"
- "traefik.http.middlewares.Middleware12.ratelimit.extractorfunc=foobar"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.average=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.burst=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.period=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.average=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.burst=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.period=42"
- "traefik.http.middlewares.Middleware13.redirectregex.regex=foobar"
- "traefik.http.middlewares.Middleware13.redirectregex.replacement=foobar"
- "traefik.http.middlewares.Middleware13.redirectregex.permanent=true"
- "traefik.http.middlewares.Middleware13b.redirectscheme.scheme=https"
- "traefik.http.middlewares.Middleware13b.redirectscheme.port=80"
- "traefik.http.middlewares.Middleware13b.redirectscheme.permanent=true"
- "traefik.http.middlewares.Middleware14.replacepath.path=foobar"
- "traefik.http.middlewares.Middleware15.replacepathregex.regex=foobar"
- "traefik.http.middlewares.Middleware15.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.Middleware16.retry.attempts=42"
- "traefik.http.middlewares.Middleware17.stripprefix.prefixes=foobar, fiibar"
- "traefik.http.middlewares.Middleware18.stripprefixregex.regex=foobar, fiibar"
- "traefik.http.middlewares.Middleware19.compress=true"
- "traefik.http.routers.Router0.entrypoints=foobar, fiibar"
- "traefik.http.routers.Router0.middlewares=foobar, fiibar"
- "traefik.http.routers.Router0.priority=42"
- "traefik.http.routers.Router0.rule=foobar"
- "traefik.http.routers.Router0.service=foobar"
- "traefik.http.routers.Router0.tls=true"
- "traefik.http.routers.Router0.tls.options=foo"
- "traefik.http.routers.Router1.entrypoints=foobar, fiibar"
- "traefik.http.routers.Router1.middlewares=foobar, fiibar"
- "traefik.http.routers.Router1.priority=42"
- "traefik.http.routers.Router1.rule=foobar"
- "traefik.http.routers.Router1.service=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.port=42"
- "traefik.http.services.Service0.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.Service0.loadbalancer.passhostheader=true"
- "traefik.http.services.Service0.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.Service0.loadbalancer.server.port=8080"
- "traefik.http.services.Service0.loadbalancer.server.scheme=foobar"
- "traefik.http.services.Service0.loadbalancer.stickiness.cookiename=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.port=42"
- "traefik.http.services.Service1.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.Service1.loadbalancer.passhostheader=true"
- "traefik.http.services.Service1.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.Service1.loadbalancer.server.port=8080"
- "traefik.http.services.Service1.loadbalancer.server.scheme=foobar"
- "traefik.tcp.routers.Router0.rule=foobar"
- "traefik.tcp.routers.Router0.entrypoints=foobar, fiibar"
- "traefik.tcp.routers.Router0.service=foobar"
- "traefik.tcp.routers.Router0.tls.passthrough=false"
- "traefik.tcp.routers.Router0.tls.options=bar"
- "traefik.tcp.routers.Router1.rule=foobar"
- "traefik.tcp.routers.Router1.entrypoints=foobar, fiibar"
- "traefik.tcp.routers.Router1.service=foobar"
- "traefik.tcp.routers.Router1.tls.passthrough=false"
- "traefik.tcp.routers.Router1.tls.options=foobar"
- "traefik.tcp.services.Service0.loadbalancer.server.port=42"
- "traefik.tcp.services.Service1.loadbalancer.server.port=42"

13
docs/content/reference/static-configuration.md
View File

@@ -1,13 +0,0 @@
# Static Configuration
## File
```toml
--8<-- "content/reference/static-configuration.toml"
```
## CLI
```txt
--8<-- "content/reference/static-configuration.txt"
```

238
docs/content/reference/static-configuration.toml
View File

@@ -1,238 +0,0 @@
[Global]
Debug = true
CheckNewVersion = true
SendAnonymousUsage = true
[ServersTransport]
InsecureSkipVerify = true
RootCAs = ["foobar", "foobar"]
MaxIdleConnsPerHost = 42
[ServersTransport.ForwardingTimeouts]
DialTimeout = 42
ResponseHeaderTimeout = 42
[EntryPoints]
[EntryPoints.EntryPoint0]
Address = "foobar"
[EntryPoints.EntryPoint0.Transport]
[EntryPoints.EntryPoint0.Transport.LifeCycle]
RequestAcceptGraceTimeout = 42
GraceTimeOut = 42
[EntryPoints.EntryPoint0.Transport.RespondingTimeouts]
ReadTimeout = 42
WriteTimeout = 42
IdleTimeout = 42
[EntryPoints.EntryPoint0.ProxyProtocol]
Insecure = true
TrustedIPs = ["foobar", "foobar"]
[EntryPoints.EntryPoint0.ForwardedHeaders]
Insecure = true
TrustedIPs = ["foobar", "foobar"]
[Providers]
ProvidersThrottleDuration = 42
[Providers.Docker]
Watch = true
Endpoint = "foobar"
DefaultRule = "foobar"
ExposedByDefault = true
UseBindPortIP = true
SwarmMode = true
Network = "foobar"
SwarmModeRefreshSeconds = 42
[[Providers.Docker.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[[Providers.Docker.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[Providers.Docker.TLS]
CA = "foobar"
CAOptional = true
Cert = "foobar"
Key = "foobar"
InsecureSkipVerify = true
[Providers.File]
Directory = "foobar"
Watch = true
Filename = "foobar"
DebugLogGeneratedTemplate = true
TraefikFile = "foobar"
[Providers.Marathon]
Trace = true
Watch = true
Endpoint = "foobar"
DefaultRule = "foobar"
ExposedByDefault = true
DCOSToken = "foobar"
FilterMarathonConstraints = true
DialerTimeout = 42
ResponseHeaderTimeout = 42
TLSHandshakeTimeout = 42
KeepAlive = 42
ForceTaskHostname = true
RespectReadinessChecks = true
[[Providers.Marathon.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[[Providers.Marathon.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[Providers.Marathon.TLS]
CA = "foobar"
CAOptional = true
Cert = "foobar"
Key = "foobar"
InsecureSkipVerify = true
[Providers.Marathon.Basic]
HTTPBasicAuthUser = "foobar"
HTTPBasicPassword = "foobar"
[Providers.Kubernetes]
Endpoint = "foobar"
Token = "foobar"
CertAuthFilePath = "foobar"
DisablePassHostHeaders = true
Namespaces = ["foobar", "foobar"]
LabelSelector = "foobar"
IngressClass = "foobar"
[Providers.Kubernetes.IngressEndpoint]
IP = "foobar"
Hostname = "foobar"
PublishedService = "foobar"
[Providers.KubernetesCRD]
Endpoint = "foobar"
Token = "foobar"
CertAuthFilePath = "foobar"
DisablePassHostHeaders = true
Namespaces = ["foobar", "foobar"]
LabelSelector = "foobar"
IngressClass = "foobar"
[Providers.Rest]
EntryPoint = "foobar"
[API]
EntryPoint = "foobar"
Dashboard = true
Middlewares = ["foobar", "foobar"]
[API.Statistics]
RecentErrors = 42
[Metrics]
[Metrics.Prometheus]
Buckets = [42.0, 42.0]
EntryPoint = "foobar"
Middlewares = ["foobar", "foobar"]
[Metrics.Datadog]
Address = "foobar"
PushInterval = "foobar"
[Metrics.StatsD]
Address = "foobar"
PushInterval = "foobar"
[Metrics.InfluxDB]
Address = "foobar"
Protocol = "foobar"
PushInterval = "foobar"
Database = "foobar"
RetentionPolicy = "foobar"
Username = "foobar"
Password = "foobar"
[Ping]
EntryPoint = "foobar"
Middlewares = ["foobar", "foobar"]
[Log]
Level = "foobar"
FilePath = "foobar"
Format = "foobar"
[AccessLog]
FilePath = "foobar"
Format = "foobar"
BufferingSize = 42
[AccessLog.Filters]
StatusCodes = ["foobar", "foobar"]
RetryAttempts = true
MinDuration = 42
[AccessLog.Fields]
DefaultMode = "foobar"
[AccessLog.Fields.Names]
name0 = "foobar"
name1 = "foobar"
[AccessLog.Fields.Headers]
DefaultMode = "foobar"
[AccessLog.Fields.Headers.Names]
name0 = "foobar"
name1 = "foobar"
[Tracing]
Backend = "foobar"
ServiceName = "foobar"
SpanNameLimit = 42
[Tracing.Jaeger]
SamplingServerURL = "foobar"
SamplingType = "foobar"
SamplingParam = 42.0
LocalAgentHostPort = "foobar"
Gen128Bit = true
Propagation = "foobar"
TraceContextHeaderName = "foobar"
[Tracing.Zipkin]
HTTPEndpoint = "foobar"
SameSpan = true
ID128Bit = true
Debug = true
SampleRate = 42.0
[Tracing.DataDog]
LocalAgentHostPort = "foobar"
GlobalTag = "foobar"
Debug = true
PrioritySampling = true
TraceIDHeaderName = "foobar"
ParentIDHeaderName = "foobar"
SamplingPriorityHeaderName = "foobar"
BagagePrefixHeaderName = "foobar"
[Tracing.Instana]
LocalAgentHost = "foobar"
LocalAgentPort = 42
Level = "foobar"
[HostResolver]
CnameFlattening = true
ResolvConfig = "foobar"
ResolvDepth = 42
[ACME]
Email = "foobar"
ACMELogging = true
CAServer = "foobar"
Storage = "foobar"
EntryPoint = "foobar"
KeyType = "foobar"
OnHostRule = true
[ACME.DNSChallenge]
Provider = "foobar"
DelayBeforeCheck = 42
Resolvers = ["foobar", "foobar"]
DisablePropagationCheck = true
[ACME.HTTPChallenge]
EntryPoint = "foobar"
[ACME.TLSChallenge]
[[ACME.Domains]]
Main = "foobar"
SANs = ["foobar", "foobar"]
[[ACME.Domains]]
Main = "foobar"
SANs = ["foobar", "foobar"]

203
docs/content/reference/static-configuration.txt
View File

@@ -1,203 +0,0 @@
--accesslog Access log settings (default "false")
--accesslog.bufferingsize Number of access log lines to process in a buffered way. Default 0. (default "0")
--accesslog.fields AccessLogFields (default "false")
--accesslog.fields.defaultmode Default mode for fields: keep | drop (default "keep")
--accesslog.fields.headers Headers to keep, drop or redact (default "false")
--accesslog.fields.headers.defaultmode Default mode for fields: keep | drop | redact (default "keep")
--accesslog.fields.headers.names Override mode for headers (default "map[]")
--accesslog.fields.names Override mode for fields (default "map[]")
--accesslog.filepath Access log file path. Stdout is used when omitted or empty
--accesslog.filters Access log filters, used to keep only specific access logs (default "false")
--accesslog.filters.minduration Keep access logs when request took longer than the specified duration (default "0s")
--accesslog.filters.retryattempts Keep access logs when at least one retry happened (default "false")
--accesslog.filters.statuscodes Keep access logs with status codes in the specified range (default "[]")
--accesslog.format Access log format: json | common (default "common")
--acme Enable ACME (Let's Encrypt): automatic SSL (default "false")
--acme.acmelogging Enable debug logging of ACME actions. (default "false")
--acme.caserver CA server to use.
--acme.dnschallenge Activate DNS-01 Challenge (default "false")
--acme.dnschallenge.delaybeforecheck Assume DNS propagates after a delay in seconds rather than finding and querying (default "0s")
nameservers.
--acme.dnschallenge.disablepropagationcheck Disable the DNS propagation checks before notifying ACME that the DNS challenge (default "false")
is ready. [not recommended]
--acme.dnschallenge.provider Use a DNS-01 based challenge provider rather than HTTPS.
--acme.dnschallenge.resolvers Use following DNS servers to resolve the FQDN authority.
--acme.domains CN and SANs (alternative domains) to each main domain using format: (default "[]")
--acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No
SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge
--acme.email Email address used for registration
--acme.entrypoint EntryPoint to use.
--acme.httpchallenge Activate HTTP-01 Challenge (default "false")
--acme.httpchallenge.entrypoint HTTP challenge EntryPoint
--acme.keytype KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. Default to 'RSA4096'
--acme.onhostrule Enable certificate generation on frontends Host rules. (default "false")
--acme.storage Storage to use.
--acme.tlschallenge Activate TLS-ALPN-01 Challenge (default "false")
--api Enable api/dashboard (default "false")
--api.dashboard Activate dashboard (default "true")
--api.entrypoint EntryPoint (default "traefik")
--api.middlewares Middleware list
--api.statistics Enable more detailed statistics (default "true")
--api.statistics.recenterrors Number of recent errors logged (default "10")
-c, --configfile Configuration file to use (TOML).
--entrypoints Entrypoints definition using format: --entryPoints='Name:http Address::8000 (default "map[]")
Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442
TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'
--global Global configuration options (default "true")
--global.checknewversion Periodically check if a new version has been released (default "true")
-d, --global.debug Enable debug mode (default "false")
--global.sendanonymoususage send periodically anonymous usage statistics (default "false")
--hostresolver Enable CNAME Flattening (default "false")
--hostresolver.cnameflattening A flag to enable/disable CNAME flattening (default "false")
--hostresolver.resolvconfig resolv.conf used for DNS resolving (default "/etc/resolv.conf")
--hostresolver.resolvdepth The maximal depth of DNS recursive resolving (default "5")
--log Traefik log settings (default "false")
--log.filepath Traefik log file path. Stdout is used when omitted or empty
--log.format Traefik log format: json | common (default "common")
--log.level Log level set to traefik logs.
--metrics Enable a metrics exporter (default "false")
--metrics.datadog DataDog metrics exporter type (default "false")
--metrics.datadog.address DataDog's address (default "localhost:8125")
--metrics.datadog.pushinterval DataDog push interval (default "10s")
--metrics.influxdb InfluxDB metrics exporter type (default "false")
--metrics.influxdb.address InfluxDB address (default "localhost:8089")
--metrics.influxdb.database InfluxDB database used when protocol is http
--metrics.influxdb.password InfluxDB password (only with http)
--metrics.influxdb.protocol InfluxDB address protocol (udp or http) (default "udp")
--metrics.influxdb.pushinterval InfluxDB push interval (default "10s")
--metrics.influxdb.retentionpolicy InfluxDB retention policy used when protocol is http
--metrics.influxdb.username InfluxDB username (only with http)
--metrics.prometheus Prometheus metrics exporter type (default "false")
--metrics.prometheus.buckets Buckets for latency metrics (default "[0.1 0.3 1.2 5]")
--metrics.prometheus.entrypoint EntryPoint (default "traefik")
--metrics.prometheus.middlewares Middlewares
--metrics.statsd StatsD metrics exporter type (default "false")
--metrics.statsd.address StatsD address (default "localhost:8125")
--metrics.statsd.pushinterval StatsD push interval (default "10s")
--ping Enable ping (default "false")
--ping.entrypoint Ping entryPoint (default "traefik")
--ping.middlewares Middleware list
--providers Providers configuration (default "false")
--providers.docker Enable Docker backend with default settings (default "false")
--providers.docker.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.docker.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.docker.endpoint Docker server endpoint. Can be a tcp or a unix socket endpoint (default "unix:///var/run/docker.sock")
--providers.docker.exposedbydefault Expose containers by default (default "true")
--providers.docker.network Default Docker network used
--providers.docker.swarmmode Use Docker on Swarm Mode (default "false")
--providers.docker.swarmmoderefreshseconds Polling interval for swarm mode (in seconds) (default "15")
--providers.docker.tls Enable Docker TLS support (default "false")
--providers.docker.tls.ca TLS CA
--providers.docker.tls.caoptional TLS CA.Optional (default "false")
--providers.docker.tls.cert TLS cert
--providers.docker.tls.insecureskipverify TLS insecure skip verify (default "false")
--providers.docker.tls.key TLS key
--providers.docker.usebindportip Use the ip address from the bound port, rather than from the inner network (default "false")
--providers.docker.watch Watch provider (default "true")
--providers.file Enable File backend with default settings (default "true")
--providers.file.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--providers.file.directory Load configuration from one or more .toml files in a directory
--providers.file.filename Override default configuration template. For advanced users :)
--providers.file.watch Watch provider (default "true")
--providers.kubernetes Enable Kubernetes backend with default settings (default "true")
--providers.kubernetes.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
--providers.kubernetes.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
--providers.kubernetes.endpoint Kubernetes server endpoint (required for external cluster client)
--providers.kubernetes.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
--providers.kubernetes.ingressendpoint Kubernetes Ingress Endpoint (default "false")
--providers.kubernetes.ingressendpoint.hostname Hostname used for Kubernetes Ingress endpoints
--providers.kubernetes.ingressendpoint.ip IP used for Kubernetes Ingress endpoints
--providers.kubernetes.ingressendpoint.publishedservice Published Kubernetes Service to copy status from
--providers.kubernetes.labelselector Kubernetes Ingress label selector to use
--providers.kubernetes.namespaces Kubernetes namespaces (default "[]")
--providers.kubernetes.token Kubernetes bearer token (not needed for in-cluster client)
--providers.kubernetescrd Enable Kubernetes backend with default settings (default "false")
--providers.kubernetescrd.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
--providers.kubernetescrd.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
--providers.kubernetescrd.endpoint Kubernetes server endpoint (required for external cluster client)
--providers.kubernetescrd.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
--providers.kubernetescrd.labelselector Kubernetes label selector to use
--providers.kubernetescrd.namespaces Kubernetes namespaces (default "[]")
--providers.kubernetescrd.token Kubernetes bearer token (not needed for in-cluster client)
--providers.marathon Enable Marathon backend with default settings (default "false")
--providers.marathon.basic Enable basic authentication (default "false")
--providers.marathon.basic.httpbasicauthuser Basic authentication User
--providers.marathon.basic.httpbasicpassword Basic authentication Password
--providers.marathon.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.marathon.dcostoken DCOSToken for DCOS environment, This will override the Authorization header
--providers.marathon.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.marathon.dialertimeout Set a dialer timeout for Marathon (default "5s")
--providers.marathon.endpoint Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080")
--providers.marathon.exposedbydefault Expose Marathon apps by default (default "true")
--providers.marathon.filtermarathonconstraints Enable use of Marathon constraints in constraint filtering (default "false")
--providers.marathon.forcetaskhostname Force to use the task's hostname. (default "false")
--providers.marathon.keepalive Set a TCP Keep Alive time in seconds (default "10s")
--providers.marathon.respectreadinesschecks Filter out tasks with non-successful readiness checks during deployments (default "false")
--providers.marathon.responseheadertimeout Set a response header timeout for Marathon (default "1m0s")
--providers.marathon.tls Enable TLS support (default "false")
--providers.marathon.tls.ca TLS CA
--providers.marathon.tls.caoptional TLS CA.Optional (default "false")
--providers.marathon.tls.cert TLS cert
--providers.marathon.tls.insecureskipverify TLS insecure skip verify (default "false")
--providers.marathon.tls.key TLS key
--providers.marathon.tlshandshaketimeout Set a TLS handhsake timeout for Marathon (default "5s")
--providers.marathon.trace Display additional provider logs. (default "false")
--providers.marathon.watch Watch provider (default "true")
--providers.providersthrottleduration Backends throttle duration: minimum duration between 2 events from providers (default "2s")
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--providers.rancher Enable Rancher backend with default settings (default "true")
--providers.rancher.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.rancher.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.rancher.exposedbydefault Expose containers by default (default "true")
--providers.rancher.intervalpoll Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate) (default "false")
--providers.rancher.prefix Prefix used for accessing the Rancher metadata service (default "latest")
--providers.rancher.watch Watch provider (default "true")
--providers.rest Enable Rest backend with default settings (default "true")
--providers.rest.entrypoint EntryPoint (default "traefik")
--serverstransport Servers default transport (default "true")
--serverstransport.forwardingtimeouts Timeouts for requests forwarded to the backend servers (default "true")
--serverstransport.forwardingtimeouts.dialtimeout The amount of time to wait until a connection to a backend server can be (default "0s")
established. Defaults to 30 seconds. If zero, no timeout exists
--serverstransport.forwardingtimeouts.responseheadertimeout The amount of time to wait for a server's response headers after fully writing (default "0s")
the request (including its body, if any). If zero, no timeout exists
--serverstransport.insecureskipverify Disable SSL certificate verification (default "false")
--serverstransport.maxidleconnsperhost If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, (default "200")
DefaultMaxIdleConnsPerHost is used
--serverstransport.rootcas Add cert file for self-signed certificate
--tracing OpenTracing configuration (default "false")
--tracing.backend Selects the tracking backend ('jaeger','zipkin','datadog','instana'). (default "jaeger")
--tracing.datadog Settings for DataDog (default "false")
--tracing.datadog.bagageprefixheadername specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.datadog.debug Enable DataDog debug. (default "false")
--tracing.datadog.globaltag Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport Set datadog-agent's host:port that the reporter will used. Defaults to (default "localhost:8126")
localhost:8126
--tracing.datadog.parentidheadername Specifies the header name that will be used to store the parent ID.
--tracing.datadog.prioritysampling Enable priority sampling. When using distributed tracing, this option must be (default "false")
enabled in order to get all the parts of a distributed trace sampled.
--tracing.datadog.samplingpriorityheadername Specifies the header name that will be used to store the sampling priority.
--tracing.datadog.traceidheadername Specifies the header name that will be used to store the trace ID.
--tracing.instana Settings for Instana (default "false")
--tracing.instana.localagenthost Set instana-agent's host that the reporter will used. (default "localhost")
--tracing.instana.localagentport Set instana-agent's port that the reporter will used. (default "42699")
--tracing.instana.loglevel Set instana-agent's log level. ('error','warn','info','debug') (default "info")
--tracing.jaeger Settings for jaeger (default "false")
--tracing.jaeger.gen128bit generate 128 bit span IDs. (default "false")
--tracing.jaeger.localagenthostport set jaeger-agent's host:port that the reporter will used. (default "127.0.0.1:6831")
--tracing.jaeger.propagation which propgation format to use (jaeger/b3). (default "jaeger")
--tracing.jaeger.samplingparam set the sampling parameter. (default "1")
--tracing.jaeger.samplingserverurl set the sampling server url. (default "http://localhost:5778/sampling")
--tracing.jaeger.samplingtype set the sampling type. (default "const")
--tracing.jaeger.tracecontextheadername set the header to use for the trace-id. (default "uber-trace-id")
--tracing.servicename Set the name for this service (default "traefik")
--tracing.spannamelimit Set the maximum character limit for Span names (default 0 = no limit) (default "0")
--tracing.zipkin Settings for zipkin (default "false")
--tracing.zipkin.debug Enable Zipkin debug. (default "false")
--tracing.zipkin.httpendpoint HTTP Endpoint to report traces to. (default "http://localhost:9411/api/v1/spans")
--tracing.zipkin.id128bit Use Zipkin 128 bit root span IDs. (default "true")
--tracing.zipkin.samespan Use Zipkin SameSpan RPC style traces. (default "false")
--tracing.zipkin.samplerate The rate between 0.0 and 1.0 of requests to trace. (default "1")
-h, --help Print Help (this message) and exit

5
docs/content/reference/static-configuration/cli.md Normal file
View File

@@ -0,0 +1,5 @@
# Static Configuration: CLI
```txt
--8<-- "content/reference/static-configuration/cli.txt"
```

609
docs/content/reference/static-configuration/cli.txt Normal file
View File

@@ -0,0 +1,609 @@
--accesslog (Default: "false")
Access log settings.
--accesslog.bufferingsize (Default: "0")
Number of access log lines to process in a buffered way.
--accesslog.fields.defaultmode (Default: "keep")
Default mode for fields: keep | drop
--accesslog.fields.headers.defaultmode (Default: "keep")
Default mode for fields: keep | drop | redact
--accesslog.fields.headers.names.<name> (Default: "")
Override mode for headers
--accesslog.fields.names.<name> (Default: "")
Override mode for fields
--accesslog.filepath (Default: "")
Access log file path. Stdout is used when omitted or empty.
--accesslog.filters.minduration (Default: "0")
Keep access logs when request took longer than the specified duration.
--accesslog.filters.retryattempts (Default: "false")
Keep access logs when at least one retry happened.
--accesslog.filters.statuscodes (Default: "")
Keep access logs with status codes in the specified range.
--accesslog.format (Default: "common")
Access log format: json | common
--acme.acmelogging (Default: "false")
Enable debug logging of ACME actions.
--acme.caserver (Default: "https://acme-v02.api.letsencrypt.org/directory")
CA server to use.
--acme.dnschallenge (Default: "false")
Activate DNS-01 Challenge.
--acme.dnschallenge.delaybeforecheck (Default: "0")
Assume DNS propagates after a delay in seconds rather than finding and querying
nameservers.
--acme.dnschallenge.disablepropagationcheck (Default: "false")
Disable the DNS propagation checks before notifying ACME that the DNS challenge
is ready. [not recommended]
--acme.dnschallenge.provider (Default: "")
Use a DNS-01 based challenge provider rather than HTTPS.
--acme.dnschallenge.resolvers (Default: "")
Use following DNS servers to resolve the FQDN authority.
--acme.domains (Default: "")
The list of domains for which certificates are generated on startup. Wildcard
domains only accepted with DNSChallenge.
--acme.domains[n].main (Default: "")
Default subject name.
--acme.domains[n].sans (Default: "")
Subject alternative names.
--acme.email (Default: "")
Email address used for registration.
--acme.entrypoint (Default: "")
EntryPoint to use.
--acme.httpchallenge (Default: "false")
Activate HTTP-01 Challenge.
--acme.httpchallenge.entrypoint (Default: "")
HTTP challenge EntryPoint
--acme.keytype (Default: "RSA4096")
KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
--acme.onhostrule (Default: "false")
Enable certificate generation on router Host rules.
--acme.storage (Default: "acme.json")
Storage to use.
--acme.tlschallenge (Default: "true")
Activate TLS-ALPN-01 Challenge.
--api (Default: "false")
Enable api/dashboard.
--api.dashboard (Default: "true")
Activate dashboard.
--api.debug (Default: "false")
Enable additional endpoints for debugging and profiling.
--api.entrypoint (Default: "traefik")
The entry point that the API handler will be bound to.
--api.middlewares (Default: "")
Middleware list.
--api.statistics (Default: "false")
Enable more detailed statistics.
--api.statistics.recenterrors (Default: "10")
Number of recent errors logged.
--configfile (Default: "")
Configuration file to use. If specified all other flags are ignored.
--entrypoints.<name> (Default: "false")
Entry points definition.
--entrypoints.<name>.address (Default: "")
Entry point address.
--entrypoints.<name>.forwardedheaders.insecure (Default: "false")
Trust all forwarded headers.
--entrypoints.<name>.forwardedheaders.trustedips (Default: "")
Trust only forwarded headers from selected IPs.
--entrypoints.<name>.proxyprotocol (Default: "false")
Proxy-Protocol configuration.
--entrypoints.<name>.proxyprotocol.insecure (Default: "false")
Trust all.
--entrypoints.<name>.proxyprotocol.trustedips (Default: "")
Trust only selected IPs.
--entrypoints.<name>.transport.lifecycle.gracetimeout (Default: "10")
Duration to give active requests a chance to finish before Traefik stops.
--entrypoints.<name>.transport.lifecycle.requestacceptgracetimeout (Default: "0")
Duration to keep accepting requests before Traefik initiates the graceful
shutdown procedure.
--entrypoints.<name>.transport.respondingtimeouts.idletimeout (Default: "180")
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will
remain idle before closing itself. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.readtimeout (Default: "0")
ReadTimeout is the maximum duration for reading the entire request, including
the body. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.writetimeout (Default: "0")
WriteTimeout is the maximum duration before timing out writes of the response.
If zero, no timeout is set.
--global.checknewversion (Default: "true")
Periodically check if a new version has been released.
--global.sendanonymoususage
Periodically send anonymous usage statistics. If the option is not specified, it
will be enabled by default.
--hostresolver (Default: "false")
Enable CNAME Flattening.
--hostresolver.cnameflattening (Default: "false")
A flag to enable/disable CNAME flattening
--hostresolver.resolvconfig (Default: "/etc/resolv.conf")
resolv.conf used for DNS resolving
--hostresolver.resolvdepth (Default: "5")
The maximal depth of DNS recursive resolving
--log (Default: "false")
Traefik log settings.
--log.filepath (Default: "")
Traefik log file path. Stdout is used when omitted or empty.
--log.format (Default: "common")
Traefik log format: json | common
--log.level (Default: "ERROR")
Log level set to traefik logs.
--metrics.datadog (Default: "false")
DataDog metrics exporter type.
--metrics.datadog.address (Default: "localhost:8125")
DataDog's address.
--metrics.datadog.pushinterval (Default: "10")
DataDog push interval.
--metrics.influxdb (Default: "false")
InfluxDB metrics exporter type.
--metrics.influxdb.address (Default: "localhost:8089")
InfluxDB address.
--metrics.influxdb.database (Default: "")
InfluxDB database used when protocol is http.
--metrics.influxdb.password (Default: "")
InfluxDB password (only with http).
--metrics.influxdb.protocol (Default: "udp")
InfluxDB address protocol (udp or http).
--metrics.influxdb.pushinterval (Default: "10")
InfluxDB push interval.
--metrics.influxdb.retentionpolicy (Default: "")
InfluxDB retention policy used when protocol is http.
--metrics.influxdb.username (Default: "")
InfluxDB username (only with http).
--metrics.prometheus (Default: "false")
Prometheus metrics exporter type.
--metrics.prometheus.buckets (Default: "0.100000, 0.300000, 1.200000, 5.000000")
Buckets for latency metrics.
--metrics.prometheus.entrypoint (Default: "traefik")
EntryPoint.
--metrics.prometheus.middlewares (Default: "")
Middlewares.
--metrics.statsd (Default: "false")
StatsD metrics exporter type.
--metrics.statsd.address (Default: "localhost:8125")
StatsD address.
--metrics.statsd.pushinterval (Default: "10")
StatsD push interval.
--ping (Default: "false")
Enable ping.
--ping.entrypoint (Default: "traefik")
Ping entryPoint.
--ping.middlewares (Default: "")
Middleware list.
--providers.docker (Default: "false")
Enable Docker backend with default settings.
--providers.docker.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.docker.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.docker.endpoint (Default: "unix:///var/run/docker.sock")
Docker server endpoint. Can be a tcp or a unix socket endpoint.
--providers.docker.exposedbydefault (Default: "true")
Expose containers by default.
--providers.docker.network (Default: "")
Default Docker network used.
--providers.docker.swarmmode (Default: "false")
Use Docker on Swarm Mode.
--providers.docker.swarmmoderefreshseconds (Default: "15")
Polling interval for swarm mode.
--providers.docker.tls.ca (Default: "")
TLS CA
--providers.docker.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.docker.tls.cert (Default: "")
TLS cert
--providers.docker.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.docker.tls.key (Default: "")
TLS key
--providers.docker.usebindportip (Default: "false")
Use the ip address from the bound port, rather than from the inner network.
--providers.docker.watch (Default: "true")
Watch provider.
--providers.file (Default: "false")
Enable File backend with default settings.
--providers.file.debugloggeneratedtemplate (Default: "false")
Enable debug logging of generated configuration template.
--providers.file.directory (Default: "")
Load configuration from one or more .toml files in a directory.
--providers.file.filename (Default: "")
Override default configuration template. For advanced users :)
--providers.file.watch (Default: "true")
Watch provider.
--providers.kubernetes (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetes.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetes.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetes.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetes.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetes.ingressendpoint.hostname (Default: "")
Hostname used for Kubernetes Ingress endpoints.
--providers.kubernetes.ingressendpoint.ip (Default: "")
IP used for Kubernetes Ingress endpoints.
--providers.kubernetes.ingressendpoint.publishedservice (Default: "")
Published Kubernetes Service to copy status from.
--providers.kubernetes.labelselector (Default: "")
Kubernetes Ingress label selector to use.
--providers.kubernetes.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetes.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.kubernetescrd (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetescrd.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetescrd.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetescrd.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetescrd.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetescrd.labelselector (Default: "")
Kubernetes label selector to use.
--providers.kubernetescrd.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetescrd.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.marathon (Default: "false")
Enable Marathon backend with default settings.
--providers.marathon.basic.httpbasicauthuser (Default: "")
Basic authentication User.
--providers.marathon.basic.httpbasicpassword (Default: "")
Basic authentication Password.
--providers.marathon.constraints (Default: "")
Constraints is an expression that Traefik matches against the application's
labels to determine whether to create any route for that application.
--providers.marathon.dcostoken (Default: "")
DCOSToken for DCOS environment, This will override the Authorization header.
--providers.marathon.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.marathon.dialertimeout (Default: "5")
Set a dialer timeout for Marathon.
--providers.marathon.endpoint (Default: "http://127.0.0.1:8080")
Marathon server endpoint. You can also specify multiple endpoint for Marathon.
--providers.marathon.exposedbydefault (Default: "true")
Expose Marathon apps by default.
--providers.marathon.forcetaskhostname (Default: "false")
Force to use the task's hostname.
--providers.marathon.keepalive (Default: "10")
Set a TCP Keep Alive time.
--providers.marathon.respectreadinesschecks (Default: "false")
Filter out tasks with non-successful readiness checks during deployments.
--providers.marathon.responseheadertimeout (Default: "60")
Set a response header timeout for Marathon.
--providers.marathon.tls.ca (Default: "")
TLS CA
--providers.marathon.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.marathon.tls.cert (Default: "")
TLS cert
--providers.marathon.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.marathon.tls.key (Default: "")
TLS key
--providers.marathon.tlshandshaketimeout (Default: "5")
Set a TLS handshake timeout for Marathon.
--providers.marathon.trace (Default: "false")
Display additional provider logs.
--providers.marathon.watch (Default: "true")
Watch provider.
--providers.providersthrottleduration (Default: "2")
Backends throttle duration: minimum duration between 2 events from providers
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--providers.rancher (Default: "false")
Enable Rancher backend with default settings.
--providers.rancher.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.rancher.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.rancher.enableservicehealthfilter (Default: "true")
Filter services with unhealthy states and inactive states.
--providers.rancher.exposedbydefault (Default: "true")
Expose containers by default.
--providers.rancher.intervalpoll (Default: "false")
Poll the Rancher metadata service every 'rancher.refreshseconds' (less
accurate).
--providers.rancher.prefix (Default: "latest")
Prefix used for accessing the Rancher metadata service.
--providers.rancher.refreshseconds (Default: "15")
Defines the polling interval in seconds.
--providers.rancher.watch (Default: "true")
Watch provider.
--providers.rest (Default: "false")
Enable Rest backend with default settings.
--providers.rest.entrypoint (Default: "traefik")
EntryPoint.
--serverstransport.forwardingtimeouts.dialtimeout (Default: "30")
The amount of time to wait until a connection to a backend server can be
established. If zero, no timeout exists.
--serverstransport.forwardingtimeouts.responseheadertimeout (Default: "0")
The amount of time to wait for a server's response headers after fully writing
the request (including its body, if any). If zero, no timeout exists.
--serverstransport.forwardingtimeouts.idleconntimeout (Default: "90s")
The maximum period for which an idle HTTP keep-alive connection to a backend
server will remain open before closing itself.
--serverstransport.insecureskipverify (Default: "false")
Disable SSL certificate verification.
--serverstransport.maxidleconnsperhost (Default: "200")
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero,
DefaultMaxIdleConnsPerHost is used
--serverstransport.rootcas (Default: "")
Add cert file for self-signed certificate.
--tracing (Default: "false")
OpenTracing configuration.
--tracing.datadog (Default: "false")
Settings for DataDog.
--tracing.datadog.bagageprefixheadername (Default: "")
Specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.datadog.debug (Default: "false")
Enable DataDog debug.
--tracing.datadog.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport (Default: "localhost:8126")
Set datadog-agent's host:port that the reporter will used.
--tracing.datadog.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.datadog.prioritysampling (Default: "false")
Enable priority sampling. When using distributed tracing, this option must be
enabled in order to get all the parts of a distributed trace sampled.
--tracing.datadog.samplingpriorityheadername (Default: "")
Specifies the header name that will be used to store the sampling priority.
--tracing.datadog.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.haystack (Default: "false")
Settings for Haystack.
--tracing.haystack.baggageprefixheadername (Default: "")
Specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.haystack.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.haystack.localagenthost (Default: "LocalAgentHost")
Set haystack-agent's host that the reporter will used.
--tracing.haystack.localagentport (Default: "35000")
Set haystack-agent's port that the reporter will used.
--tracing.haystack.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.haystack.spanidheadername (Default: "")
Specifies the header name that will be used to store the span ID.
--tracing.haystack.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.instana (Default: "false")
Settings for Instana.
--tracing.instana.localagenthost (Default: "localhost")
Set instana-agent's host that the reporter will used.
--tracing.instana.localagentport (Default: "42699")
Set instana-agent's port that the reporter will used.
--tracing.instana.loglevel (Default: "info")
Set instana-agent's log level. ('error','warn','info','debug')
--tracing.jaeger (Default: "false")
Settings for jaeger.
--tracing.jaeger.gen128bit (Default: "false")
Generate 128 bit span IDs.
--tracing.jaeger.localagenthostport (Default: "127.0.0.1:6831")
Set jaeger-agent's host:port that the reporter will used.
--tracing.jaeger.propagation (Default: "jaeger")
Which propgation format to use (jaeger/b3).
--tracing.jaeger.samplingparam (Default: "1.000000")
Set the sampling parameter.
--tracing.jaeger.samplingserverurl (Default: "http://localhost:5778/sampling")
Set the sampling server url.
--tracing.jaeger.samplingtype (Default: "const")
Set the sampling type.
--tracing.jaeger.tracecontextheadername (Default: "uber-trace-id")
Set the header to use for the trace-id.
--tracing.servicename (Default: "traefik")
Set the name for this service.
--tracing.spannamelimit (Default: "0")
Set the maximum character limit for Span names (default 0 = no limit).
--tracing.zipkin (Default: "false")
Settings for zipkin.
--tracing.zipkin.debug (Default: "false")
Enable Zipkin debug.
--tracing.zipkin.httpendpoint (Default: "http://localhost:9411/api/v1/spans")
HTTP Endpoint to report traces to.
--tracing.zipkin.id128bit (Default: "true")
Use Zipkin 128 bit root span IDs.
--tracing.zipkin.samespan (Default: "false")
Use Zipkin SameSpan RPC style traces.
--tracing.zipkin.samplerate (Default: "1.000000")
The rate between 0.0 and 1.0 of requests to trace.

590
docs/content/reference/static-configuration/env.md Normal file
View File

@@ -0,0 +1,590 @@
# Static Configuration: Environment variables
`TRAEFIK_ACCESSLOG`:
Access log settings. (Default: ```false```)
`TRAEFIK_ACCESSLOG_BUFFERINGSIZE`:
Number of access log lines to process in a buffered way. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FIELDS_DEFAULTMODE`:
Default mode for fields: keep | drop (Default: ```keep```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_DEFAULTMODE`:
Default mode for fields: keep | drop | redact (Default: ```keep```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_NAMES_<NAME>`:
Override mode for headers
`TRAEFIK_ACCESSLOG_FIELDS_NAMES_<NAME>`:
Override mode for fields
`TRAEFIK_ACCESSLOG_FILEPATH`:
Access log file path. Stdout is used when omitted or empty.
`TRAEFIK_ACCESSLOG_FILTERS_MINDURATION`:
Keep access logs when request took longer than the specified duration. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FILTERS_RETRYATTEMPTS`:
Keep access logs when at least one retry happened. (Default: ```false```)
`TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES`:
Keep access logs with status codes in the specified range.
`TRAEFIK_ACCESSLOG_FORMAT`:
Access log format: json | common (Default: ```common```)
`TRAEFIK_ACME_ACMELOGGING`:
Enable debug logging of ACME actions. (Default: ```false```)
`TRAEFIK_ACME_CASERVER`:
CA server to use. (Default: ```https://acme-v02.api.letsencrypt.org/directory```)
`TRAEFIK_ACME_DNSCHALLENGE`:
Activate DNS-01 Challenge. (Default: ```false```)
`TRAEFIK_ACME_DNSCHALLENGE_DELAYBEFORECHECK`:
Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. (Default: ```0```)
`TRAEFIK_ACME_DNSCHALLENGE_DISABLEPROPAGATIONCHECK`:
Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] (Default: ```false```)
`TRAEFIK_ACME_DNSCHALLENGE_PROVIDER`:
Use a DNS-01 based challenge provider rather than HTTPS.
`TRAEFIK_ACME_DNSCHALLENGE_RESOLVERS`:
Use following DNS servers to resolve the FQDN authority.
`TRAEFIK_ACME_DOMAINS`:
The list of domains for which certificates are generated on startup. Wildcard domains only accepted with DNSChallenge.
`TRAEFIK_ACME_DOMAINS[n]_MAIN`:
Default subject name.
`TRAEFIK_ACME_DOMAINS[n]_SANS`:
Subject alternative names.
`TRAEFIK_ACME_EMAIL`:
Email address used for registration.
`TRAEFIK_ACME_ENTRYPOINT`:
EntryPoint to use.
`TRAEFIK_ACME_HTTPCHALLENGE`:
Activate HTTP-01 Challenge. (Default: ```false```)
`TRAEFIK_ACME_HTTPCHALLENGE_ENTRYPOINT`:
HTTP challenge EntryPoint
`TRAEFIK_ACME_KEYTYPE`:
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
`TRAEFIK_ACME_ONHOSTRULE`:
Enable certificate generation on router Host rules. (Default: ```false```)
`TRAEFIK_ACME_STORAGE`:
Storage to use. (Default: ```acme.json```)
`TRAEFIK_ACME_TLSCHALLENGE`:
Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`TRAEFIK_API`:
Enable api/dashboard. (Default: ```false```)
`TRAEFIK_API_DASHBOARD`:
Activate dashboard. (Default: ```true```)
`TRAEFIK_API_DEBUG`:
Enable additional endpoints for debugging and profiling. (Default: ```false```)
`TRAEFIK_API_ENTRYPOINT`:
The entry point that the API handler will be bound to. (Default: ```traefik```)
`TRAEFIK_API_MIDDLEWARES`:
Middleware list.
`TRAEFIK_API_STATISTICS`:
Enable more detailed statistics. (Default: ```false```)
`TRAEFIK_API_STATISTICS_RECENTERRORS`:
Number of recent errors logged. (Default: ```10```)
`TRAEFIK_CONFIGFILE`:
Configuration file to use. If specified all other flags are ignored. (Default: "")
`TRAEFIK_ENTRYPOINTS_<NAME>`:
Entry points definition. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_ADDRESS`:
Entry point address.
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_INSECURE`:
Trust all forwarded headers. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_TRUSTEDIPS`:
Trust only forwarded headers from selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL`:
Proxy-Protocol configuration. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_INSECURE`:
Trust all. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`:
Trust only selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_GRACETIMEOUT`:
Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_REQUESTACCEPTGRACETIMEOUT`:
Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT`:
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT`:
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:
WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_GLOBAL_CHECKNEWVERSION`:
Periodically check if a new version has been released. (Default: ```false```)
`TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:
Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default.
`TRAEFIK_HOSTRESOLVER`:
Enable CNAME Flattening. (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_CNAMEFLATTENING`:
A flag to enable/disable CNAME flattening (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_RESOLVCONFIG`:
resolv.conf used for DNS resolving (Default: ```/etc/resolv.conf```)
`TRAEFIK_HOSTRESOLVER_RESOLVDEPTH`:
The maximal depth of DNS recursive resolving (Default: ```5```)
`TRAEFIK_LOG`:
Traefik log settings. (Default: "false")
`TRAEFIK_LOG_FILEPATH`:
Traefik log file path. Stdout is used when omitted or empty.
`TRAEFIK_LOG_FORMAT`:
Traefik log format: json | common (Default: ```common```)
`TRAEFIK_LOG_LEVEL`:
Log level set to traefik logs. (Default: ```ERROR```)
`TRAEFIK_METRICS_DATADOG`:
DataDog metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_DATADOG_ADDRESS`:
DataDog's address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_DATADOG_PUSHINTERVAL`:
DataDog push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB`:
InfluxDB metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_INFLUXDB_ADDRESS`:
InfluxDB address. (Default: ```localhost:8089```)
`TRAEFIK_METRICS_INFLUXDB_DATABASE`:
InfluxDB database used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_PASSWORD`:
InfluxDB password (only with http).
`TRAEFIK_METRICS_INFLUXDB_PROTOCOL`:
InfluxDB address protocol (udp or http). (Default: ```udp```)
`TRAEFIK_METRICS_INFLUXDB_PUSHINTERVAL`:
InfluxDB push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB_RETENTIONPOLICY`:
InfluxDB retention policy used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_USERNAME`:
InfluxDB username (only with http).
`TRAEFIK_METRICS_PROMETHEUS`:
Prometheus metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_PROMETHEUS_BUCKETS`:
Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```)
`TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT`:
EntryPoint. (Default: ```traefik```)
`TRAEFIK_METRICS_PROMETHEUS_MIDDLEWARES`:
Middlewares.
`TRAEFIK_METRICS_STATSD`:
StatsD metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_STATSD_ADDRESS`:
StatsD address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_STATSD_PUSHINTERVAL`:
StatsD push interval. (Default: ```10```)
`TRAEFIK_PING`:
Enable ping. (Default: ```false```)
`TRAEFIK_PING_ENTRYPOINT`:
Ping entryPoint. (Default: ```traefik```)
`TRAEFIK_PING_MIDDLEWARES`:
Middleware list.
`TRAEFIK_PROVIDERS_DOCKER`:
Enable Docker backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`TRAEFIK_PROVIDERS_DOCKER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_DOCKER_ENDPOINT`:
Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: ```unix:///var/run/docker.sock```)
`TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_DOCKER_NETWORK`:
Default Docker network used.
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODE`:
Use Docker on Swarm Mode. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODEREFRESHSECONDS`:
Polling interval for swarm mode. (Default: ```15```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_DOCKER_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_DOCKER_USEBINDPORTIP`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_FILE`:
Enable File backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DEBUGLOGGENERATEDTEMPLATE`:
Enable debug logging of generated configuration template. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DIRECTORY`:
Load configuration from one or more .toml files in a directory.
`TRAEFIK_PROVIDERS_FILE_FILENAME`:
Override default configuration template. For advanced users :)
`TRAEFIK_PROVIDERS_FILE_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_KUBERNETES`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_LABELSELECTOR`:
Kubernetes label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETES_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_HOSTNAME`:
Hostname used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_IP`:
IP used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_PUBLISHEDSERVICE`:
Published Kubernetes Service to copy status from.
`TRAEFIK_PROVIDERS_KUBERNETES_LABELSELECTOR`:
Kubernetes Ingress label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETES_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETES_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_MARATHON`:
Enable Marathon backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICAUTHUSER`:
Basic authentication User.
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICPASSWORD`:
Basic authentication Password.
`TRAEFIK_PROVIDERS_MARATHON_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application.
`TRAEFIK_PROVIDERS_MARATHON_DCOSTOKEN`:
DCOSToken for DCOS environment, This will override the Authorization header.
`TRAEFIK_PROVIDERS_MARATHON_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_MARATHON_DIALERTIMEOUT`:
Set a dialer timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_ENDPOINT`:
Marathon server endpoint. You can also specify multiple endpoint for Marathon. (Default: ```http://127.0.0.1:8080```)
`TRAEFIK_PROVIDERS_MARATHON_EXPOSEDBYDEFAULT`:
Expose Marathon apps by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_MARATHON_FORCETASKHOSTNAME`:
Force to use the task's hostname. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_KEEPALIVE`:
Set a TCP Keep Alive time. (Default: ```10```)
`TRAEFIK_PROVIDERS_MARATHON_RESPECTREADINESSCHECKS`:
Filter out tasks with non-successful readiness checks during deployments. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_RESPONSEHEADERTIMEOUT`:
Set a response header timeout for Marathon. (Default: ```60```)
`TRAEFIK_PROVIDERS_MARATHON_TLSHANDSHAKETIMEOUT`:
Set a TLS handshake timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_MARATHON_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_MARATHON_TRACE`:
Display additional provider logs. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_PROVIDERSTHROTTLEDURATION`:
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```0```)
`TRAEFIK_PROVIDERS_RANCHER`:
Enable Rancher backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`TRAEFIK_PROVIDERS_RANCHER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_RANCHER_ENABLESERVICEHEALTHFILTER`:
Filter services with unhealthy states and inactive states. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_INTERVALPOLL`:
Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate). (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_PREFIX`:
Prefix used for accessing the Rancher metadata service. (Default: ```latest```)
`TRAEFIK_PROVIDERS_RANCHER_REFRESHSECONDS`:
Defines the polling interval in seconds. (Default: ```15```)
`TRAEFIK_PROVIDERS_RANCHER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_REST`:
Enable Rest backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_REST_ENTRYPOINT`:
EntryPoint. (Default: ```traefik```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT`:
The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_RESPONSEHEADERTIMEOUT`:
The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_IDLECONNTIMEOUT`:
The maximum period for which an idle HTTP keep-alive connection to a backend
server will remain open before closing itself. (Default: ```90s```)
`TRAEFIK_SERVERSTRANSPORT_INSECURESKIPVERIFY`:
Disable SSL certificate verification. (Default: ```false```)
`TRAEFIK_SERVERSTRANSPORT_MAXIDLECONNSPERHOST`:
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_ROOTCAS`:
Add cert file for self-signed certificate.
`TRAEFIK_TRACING`:
OpenTracing configuration. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG`:
Settings for DataDog. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_BAGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`:
Enable DataDog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_DATADOG_LOCALAGENTHOSTPORT`:
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
`TRAEFIK_TRACING_DATADOG_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_DATADOG_PRIORITYSAMPLING`:
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_SAMPLINGPRIORITYHEADERNAME`:
Specifies the header name that will be used to store the sampling priority.
`TRAEFIK_TRACING_DATADOG_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_HAYSTACK`:
Settings for Haystack. (Default: ```false```)
`TRAEFIK_TRACING_HAYSTACK_BAGGAGEPREFIXHEADERNAME`:
specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_HAYSTACK_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTHOST`:
Set haystack-agent's host that the reporter will used. (Default: ```LocalAgentHost```)
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTPORT`:
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
`TRAEFIK_TRACING_HAYSTACK_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_HAYSTACK_SPANIDHEADERNAME`:
Specifies the header name that will be used to store the span ID.
`TRAEFIK_TRACING_HAYSTACK_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_INSTANA`:
Settings for Instana. (Default: ```false```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTHOST`:
Set instana-agent's host that the reporter will used. (Default: ```localhost```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTPORT`:
Set instana-agent's port that the reporter will used. (Default: ```42699```)
`TRAEFIK_TRACING_INSTANA_LOGLEVEL`:
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
`TRAEFIK_TRACING_JAEGER`:
Settings for jaeger. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_GEN128BIT`:
Generate 128 bit span IDs. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_LOCALAGENTHOSTPORT`:
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
`TRAEFIK_TRACING_JAEGER_PROPAGATION`:
Which propgation format to use (jaeger/b3). (Default: ```jaeger```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM`:
Set the sampling parameter. (Default: ```1.000000```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGSERVERURL`:
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGTYPE`:
Set the sampling type. (Default: ```const```)
`TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`:
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
`TRAEFIK_TRACING_SERVICENAME`:
Set the name for this service. (Default: ```traefik```)
`TRAEFIK_TRACING_SPANNAMELIMIT`:
Set the maximum character limit for Span names (default 0 = no limit). (Default: ```0```)
`TRAEFIK_TRACING_ZIPKIN`:
Settings for zipkin. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_DEBUG`:
Enable Zipkin debug. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_HTTPENDPOINT`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v1/spans```)
`TRAEFIK_TRACING_ZIPKIN_ID128BIT`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)
`TRAEFIK_TRACING_ZIPKIN_SAMESPAN`:
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_SAMPLERATE`:
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

9
docs/content/reference/static-configuration/file.md Normal file
View File

@@ -0,0 +1,9 @@
# Static Configuration: File
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/static-configuration/file.yaml"
```

232
docs/content/reference/static-configuration/file.toml Normal file
View File

@@ -0,0 +1,232 @@
[global]
checkNewVersion = true
sendAnonymousUsage = true
[serversTransport]
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
maxIdleConnsPerHost = 42
[serversTransport.forwardingTimeouts]
dialTimeout = 42
responseHeaderTimeout = 42
idleConnTimeout = 42
[entryPoints]
[entryPoints.EntryPoint0]
address = "foobar"
[entryPoints.EntryPoint0.transport]
[entryPoints.EntryPoint0.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.EntryPoint0.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.EntryPoint0.proxyProtocol]
insecure = true
trustedIPs = ["foobar", "foobar"]
[entryPoints.EntryPoint0.forwardedHeaders]
insecure = true
trustedIPs = ["foobar", "foobar"]
[providers]
providersThrottleDuration = 42
[providers.docker]
constraints = "foobar"
watch = true
endpoint = "foobar"
defaultRule = "foobar"
exposedByDefault = true
useBindPortIP = true
swarmMode = true
network = "foobar"
swarmModeRefreshSeconds = 42
[providers.docker.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[providers.file]
directory = "foobar"
watch = true
filename = "foobar"
debugLogGeneratedTemplate = true
traefikFile = "foobar"
[providers.marathon]
constraints = "foobar"
trace = true
watch = true
endpoint = "foobar"
defaultRule = "foobar"
exposedByDefault = true
dcosToken = "foobar"
dialerTimeout = 42
responseHeaderTimeout = 42
tlsHandshakeTimeout = 42
keepAlive = 42
forceTaskHostname = true
respectReadinessChecks = true
[providers.marathon.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[providers.marathon.basic]
httpBasicAuthUser = "foobar"
httpBasicPassword = "foobar"
[providers.kubernetes]
endpoint = "foobar"
token = "foobar"
certAuthFilePath = "foobar"
disablePassHostHeaders = true
namespaces = ["foobar", "foobar"]
labelSelector = "foobar"
ingressClass = "foobar"
[providers.kubernetes.ingressEndpoint]
ip = "foobar"
hostname = "foobar"
publishedService = "foobar"
[providers.kubernetesCRD]
endpoint = "foobar"
token = "foobar"
certAuthFilePath = "foobar"
disablePassHostHeaders = true
namespaces = ["foobar", "foobar"]
labelSelector = "foobar"
ingressClass = "foobar"
[providers.rest]
entryPoint = "foobar"
[providers.rancher]
constraints = "foobar"
watch = true
defaultRule = "foobar"
exposedByDefault = true
enableServiceHealthFilter = true
refreshSeconds = 42
intervalPoll = true
prefix = "foobar"
[api]
entryPoint = "foobar"
dashboard = true
middlewares = ["foobar", "foobar"]
[api.statistics]
recentErrors = 42
[metrics]
[metrics.prometheus]
buckets = [42.0, 42.0]
entryPoint = "foobar"
middlewares = ["foobar", "foobar"]
[metrics.dataDog]
address = "foobar"
pushInterval = "10s"
[metrics.statsD]
address = "foobar"
pushInterval = "10s"
[metrics.influxDB]
address = "foobar"
protocol = "foobar"
pushInterval = "10s"
database = "foobar"
retentionPolicy = "foobar"
username = "foobar"
password = "foobar"
[ping]
entryPoint = "foobar"
middlewares = ["foobar", "foobar"]
[log]
level = "foobar"
filePath = "foobar"
format = "foobar"
[accessLog]
filePath = "foobar"
format = "foobar"
bufferingSize = 42
[accessLog.filters]
statusCodes = ["foobar", "foobar"]
retryAttempts = true
minDuration = 42
[accessLog.fields]
defaultMode = "foobar"
[accessLog.fields.names]
name0 = "foobar"
name1 = "foobar"
[accessLog.fields.headers]
defaultMode = "foobar"
[accessLog.fields.headers.names]
name0 = "foobar"
name1 = "foobar"
[tracing]
serviceName = "foobar"
spanNameLimit = 42
[tracing.jaeger]
samplingServerURL = "foobar"
samplingType = "foobar"
samplingParam = 42.0
localAgentHostPort = "foobar"
gen128Bit = true
propagation = "foobar"
traceContextHeaderName = "foobar"
[tracing.zipkin]
httpEndpoint = "foobar"
sameSpan = true
id128Bit = true
debug = true
sampleRate = 42.0
[tracing.dataDog]
localAgentHostPort = "foobar"
globalTag = "foobar"
debug = true
prioritySampling = true
traceIDHeaderName = "foobar"
parentIDHeaderName = "foobar"
samplingPriorityHeaderName = "foobar"
bagagePrefixHeaderName = "foobar"
[tracing.instana]
localAgentHost = "foobar"
localAgentPort = 42
logLevel = "foobar"
[tracing.haystack]
localAgentHost = "foobar"
localAgentPort = 42
globalTag = "foobar"
traceIDHeaderName = "foobar"
parentIDHeaderName = "foobar"
spanIDHeaderName = "foobar"
[hostResolver]
cnameFlattening = true
resolvConfig = "foobar"
resolvDepth = 42
[acme]
email = "foobar"
acmeLogging = true
caServer = "foobar"
storage = "foobar"
entryPoint = "foobar"
keyType = "foobar"
onHostRule = true
[acme.dnsChallenge]
provider = "foobar"
delayBeforeCheck = 42
resolvers = ["foobar", "foobar"]
disablePropagationCheck = true
[acme.httpChallenge]
entryPoint = "foobar"
[acme.tlsChallenge]
[[acme.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[acme.domains]]
main = "foobar"
sans = ["foobar", "foobar"]

244
docs/content/reference/static-configuration/file.yaml Normal file
View File

@@ -0,0 +1,244 @@
global:
checkNewVersion: true
sendAnonymousUsage: true
serversTransport:
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
maxIdleConnsPerHost: 42
forwardingTimeouts:
dialTimeout: 42000000000
responseHeaderTimeout: 42000000000
idleConnTimeout: 42000000000
entryPoints:
EntryPoint0:
address: foobar
transport:
lifeCycle:
requestAcceptGraceTimeout: 42000000000
graceTimeOut: 42000000000
respondingTimeouts:
readTimeout: 42000000000
writeTimeout: 42000000000
idleTimeout: 42000000000
proxyProtocol:
insecure: true
trustedIPs:
- foobar
- foobar
forwardedHeaders:
insecure: true
trustedIPs:
- foobar
- foobar
providers:
providersThrottleDuration: 42000000000
docker:
constraints: foobar
watch: true
endpoint: foobar
defaultRule: foobar
tls:
ca: foobar
caOptional: true
cert: foobar
key: foobar
insecureSkipVerify: true
exposedByDefault: true
useBindPortIP: true
swarmMode: true
network: foobar
swarmModeRefreshSeconds: 42000000000
file:
directory: foobar
watch: true
filename: foobar
debugLogGeneratedTemplate: true
traefikFile: foobar
marathon:
constraints: foobar
trace: true
watch: true
endpoint: foobar
defaultRule: foobar
exposedByDefault: true
dcosToken: foobar
tls:
ca: foobar
caOptional: true
cert: foobar
key: foobar
insecureSkipVerify: true
dialerTimeout: 42000000000
responseHeaderTimeout: 42000000000
tlsHandshakeTimeout: 42000000000
keepAlive: 42000000000
forceTaskHostname: true
basic:
httpBasicAuthUser: foobar
httpBasicPassword: foobar
respectReadinessChecks: true
kubernetes:
endpoint: foobar
token: foobar
certAuthFilePath: foobar
disablePassHostHeaders: true
namespaces:
- foobar
- foobar
labelSelector: foobar
ingressClass: foobar
ingressEndpoint:
ip: foobar
hostname: foobar
publishedService: foobar
kubernetesCRD:
endpoint: foobar
token: foobar
certAuthFilePath: foobar
disablePassHostHeaders: true
namespaces:
- foobar
- foobar
labelSelector: foobar
ingressClass: foobar
rest:
entryPoint: foobar
rancher:
constraints: foobar
watch: true
defaultRule: foobar
exposedByDefault: true
enableServiceHealthFilter: true
refreshSeconds: 42
intervalPoll: true
prefix: foobar
api:
entryPoint: foobar
dashboard: true
statistics:
recentErrors: 42
middlewares:
- foobar
- foobar
metrics:
prometheus:
buckets:
- 42
- 42
entryPoint: foobar
middlewares:
- foobar
- foobar
dataDog:
address: foobar
pushInterval: 10000000000
statsD:
address: foobar
pushInterval: 10000000000
influxDB:
address: foobar
protocol: foobar
pushInterval: 10000000000
database: foobar
retentionPolicy: foobar
username: foobar
password: foobar
ping:
entryPoint: foobar
middlewares:
- foobar
- foobar
log:
level: foobar
filePath: foobar
format: foobar
accessLog:
filePath: foobar
format: foobar
filters:
statusCodes:
- foobar
- foobar
retryAttempts: true
minDuration: 42000000000
fields:
defaultMode: foobar
names:
name0: foobar
name1: foobar
headers:
defaultMode: foobar
names:
name0: foobar
name1: foobar
bufferingSize: 42
tracing:
serviceName: foobar
spanNameLimit: 42
jaeger:
samplingServerURL: foobar
samplingType: foobar
samplingParam: 42
localAgentHostPort: foobar
gen128Bit: true
propagation: foobar
traceContextHeaderName: foobar
zipkin:
httpEndpoint: foobar
sameSpan: true
id128Bit: true
debug: true
sampleRate: 42
dataDog:
localAgentHostPort: foobar
globalTag: foobar
debug: true
prioritySampling: true
traceIDHeaderName: foobar
parentIDHeaderName: foobar
samplingPriorityHeaderName: foobar
bagagePrefixHeaderName: foobar
instana:
localAgentHost: foobar
localAgentPort: 42
logLevel: foobar
haystack:
localAgentHost: foobar
localAgentPort: 42
globalTag: foobar
traceIDHeaderName: foobar
parentIDHeaderName: foobar
spanIDHeaderName: foobar
hostResolver:
cnameFlattening: true
resolvConfig: foobar
resolvDepth: 42
acme:
email: foobar
acmeLogging: true
caServer: foobar
storage: foobar
entryPoint: foobar
keyType: foobar
onHostRule: true
dnsChallenge:
provider: foobar
delayBeforeCheck: 42000000000
resolvers:
- foobar
- foobar
disablePropagationCheck: true
httpChallenge:
entryPoint: foobar
tlsChallenge: {}
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar

5
docs/content/reference/static-configuration/overview.md Normal file
View File

@@ -0,0 +1,5 @@
# Static Configuration
- [File](./file.md)
- [CLI](./cli.md)
- [Environment Variables](./env.md)

Some files were not shown because too many files have changed in this diff Show More