SW/traefik
2
0
Fork 1
forked from Ivasoft/traefik
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: SW:v2.4.3
Branches Tags
SW:master SW:v2.9 SW:v1.5 SW:v1.4 SW:v3.0 SW:v2.8 SW:v1.6 SW:v1.7 SW:v2.0 SW:v2.1 SW:v2.2 SW:v2.7 SW:v2.6 SW:v2.3 SW:v2.4 SW:v2.5 SW:v1.0 SW:v1.1 SW:v1.2 SW:v1.3 SW:gh-pages
SW:v2.9.6-1 SW:v3.0.0-beta2 SW:v2.9.6 SW:v3.0.0-beta1 SW:v2.9.5 SW:v2.9.4 SW:v2.9.3 SW:v2.9.2 SW:v2.9.1 SW:v2.9.0-rc5 SW:v2.8.8 SW:v2.8.7 SW:v2.9.0-rc4 SW:v2.8.6 SW:v2.9.0-rc3 SW:v2.9.0-rc2 SW:v2.9.0-rc1 SW:v2.8.5 SW:v2.8.4 SW:v2.8.3 SW:v2.8.2 SW:v2.8.1 SW:v2.8.0 SW:v2.7.3 SW:v2.8.0-rc2 SW:v2.7.2 SW:v2.8.0-rc1 SW:v2.7.1 SW:v2.7.0 SW:v2.6.7 SW:v2.6.6 SW:v2.6.5 SW:v2.6.4 SW:v2.7.0-rc2 SW:v2.6.3 SW:v2.7.0-rc1 SW:v2.6.2 SW:v2.6.1 SW:v2.6.0 SW:v2.6.0-rc3 SW:v2.5.7 SW:v2.6.0-rc2 SW:v2.5.6 SW:v2.6.0-rc1 SW:v1.7.34 SW:v2.5.5 SW:v2.5.4 SW:v1.7.33 SW:v1.7.32 SW:v1.7.31 SW:v2.5.3 SW:v2.5.2 SW:v2.5.1 SW:v2.5.0 SW:v2.4.14 SW:v2.5.0-rc6 SW:v2.5.0-rc5 SW:v2.5.0-rc4 SW:v2.4.13 SW:v2.4.12 SW:v2.5.0-rc3 SW:v2.4.11 SW:v2.4.10 SW:v2.5.0-rc2 SW:v2.5.0-rc1 SW:v2.4.9 SW:v1.7.30 SW:v1.7.29 SW:v2.4.8 SW:v2.4.7 SW:v2.4.6 SW:v2.4.5 SW:v2.4.4 SW:v2.4.3 SW:v2.4.2 SW:v2.4.1 SW:v2.4.0 SW:v1.7.28 SW:v1.7.27 SW:v2.4.0-rc2 SW:v2.3.7 SW:v2.3.6 SW:v2.4.0-rc1 SW:v2.3.5 SW:v2.3.4 SW:v2.3.3 SW:v2.3.2 SW:v2.3.1 SW:v2.3.0 SW:v2.3.0-rc7 SW:v2.3.0-rc6 SW:v2.3.0-rc5 SW:v2.2.11 SW:v2.2.10 SW:v2.3.0-rc4 SW:v2.3.0-rc3 SW:v2.2.8 SW:v1.7.26 SW:v2.2.7 SW:v2.2.6 SW:v2.3.0-rc2 SW:v2.3.0-rc1 SW:v1.7.25 SW:v2.2.5 SW:v2.2.4 SW:v2.2.3 SW:v2.2.2 SW:v2.2.1 SW:v2.2.0 SW:v1.7.24 SW:v2.1.9 SW:v1.7.23 SW:v2.2.0-rc4 SW:v2.1.8 SW:v2.2.0-rc3 SW:v2.1.7 SW:v1.7.22 SW:v2.2.0-rc2 SW:v2.2.0-rc1 SW:v2.1.6 SW:v2.1.5 SW:v1.7.21 SW:v2.1.4 SW:v2.1.3 SW:v2.1.2 SW:v2.1.1 SW:v2.1.0 SW:v1.7.20 SW:v2.0.7 SW:v2.1.0-rc3 SW:v2.0.6 SW:v2.1.0-rc2 SW:v2.1.0-rc1 SW:v2.0.5 SW:v2.0.4 SW:v2.0.3 SW:v1.7.19 SW:v2.0.2 SW:v2.0.1 SW:v1.7.18 SW:v1.7.17 SW:v2.0.0 SW:v2.0.0-rc4 SW:v1.7.16 SW:v1.7.15 SW:v2.0.0-rc3 SW:v2.0.0-rc2 SW:v2.0.0-rc1 SW:v1.7.14 SW:v1.7.13 SW:v2.0.0-beta1 SW:v2.0.0-alpha8 SW:v2.0.0-alpha7 SW:v2.0.0-alpha6 SW:v2.0.0-alpha5 SW:v1.7.12 SW:v1.7.11 SW:v2.0.0-alpha4 SW:v2.0.0-alpha3 SW:v1.7.10 SW:v2.0.0-alpha2 SW:v2.0.0-alpha1 SW:v1.7.9 SW:v1.7.8 SW:v1.7.7 SW:v1.7.6 SW:v1.7.5 SW:v1.7.4 SW:v1.7.3 SW:v1.7.2 SW:v1.7.1 SW:v1.7.0 SW:v1.7.0-rc5 SW:v1.7.0-rc4 SW:v1.6.6 SW:v1.7.0-rc3 SW:v1.7.0-rc2 SW:v1.6.5 SW:v1.7.0-rc1 SW:v1.6.4 SW:v1.6.3 SW:v1.6.2 SW:v1.6.1 SW:v1.6.0 SW:v1.6.0-rc6 SW:v1.6.0-rc5 SW:v1.6.0-rc4 SW:v1.6.0-rc3 SW:v1.6.0-rc2 SW:v1.6.0-rc1 SW:v1.5.4 SW:v1.5.3 SW:v1.5.2 SW:v1.5.1 SW:v1.5.0 SW:v1.5.0-rc5 SW:v1.5.0-rc4 SW:v1.4.6 SW:v1.5.0-rc3 SW:v1.5.0-rc2 SW:v1.4.5 SW:v1.5.0-rc1 SW:v1.4.4 SW:v1.4.3 SW:v1.4.2 SW:v1.4.1 SW:v1.4.0 SW:v1.4.0-rc5 SW:v1.4.0-rc4 SW:v1.4.0-rc3 SW:v1.4.0-rc2 SW:v1.3.8 SW:v1.4.0-rc1 SW:v1.3.7 SW:v1.3.6 SW:v1.3.5 SW:v1.3.4 SW:v1.3.3 SW:v1.3.2 SW:v1.3.1 SW:v1.3.0 SW:v1.3.0-rc3 SW:v1.3.0-rc2 SW:v1.3.0-rc1 SW:v1.2.3 SW:v1.2.2 SW:v1.2.1 SW:v1.2.0 SW:v1.2.0-rc2 SW:v1.2.0-rc1 SW:v1.1.2 SW:v1.1.1 SW:v1.1.0 SW:v1.1.0-rc4 SW:v1.1.0-rc3 SW:v1.1.0-rc2 SW:v1.1.0-rc1 SW:v1.0.3 SW:v1.0.2 SW:v1.0.1 SW:v1.0.0 SW:v1.0.0-rc3 SW:v1.0.0-rc2 SW:v1.0.0-rc1 SW:v1.0.0-beta.809 SW:v1.0.0-beta.804 SW:v1.0.0-beta.794 SW:v1.0.0-beta.784 SW:v1.0.0-beta.771 SW:v1.0.0-beta.767 SW:v1.0.0-beta.756 SW:v1.0.0-beta.754 SW:v1.0.0-beta.744 SW:v1.0.0-beta.732 SW:v1.0.0-beta.723 SW:v1.0.0-beta.721 SW:v1.0.0-beta.712 SW:v1.0.0-beta.704 SW:v1.0.0-beta.695 SW:v1.0.0-beta.692 SW:v1.0.0-beta.682 SW:v1.0.0-beta.676 SW:v1.0.0-beta.673 SW:v1.0.0-beta.666 SW:v1.0.0-beta.652 SW:v1.0.0-beta.644 SW:v1.0.0-beta.621 SW:v1.0.0-beta.614 SW:v1.0.0-beta.610 SW:v1.0.0-beta.601 SW:v1.0.0-beta.582 SW:v1.0.0-beta.576 SW:v1.0.0-beta.573 SW:v1.0.0-beta.555 SW:v1.0.0-beta.548 SW:v1.0.0-beta.545 SW:v1.0.0-beta.524 SW:v1.0.0-beta.513 SW:v1.0.0-beta.508 SW:v1.0.0-beta.505 SW:v1.0.0-beta.484 SW:v1.0.0-beta.481 SW:v1.0.0-beta.475 SW:v1.0.0-beta.470 SW:v1.0.0-beta.453 SW:v1.0.0-beta.442 SW:v1.0.0-beta.440 SW:v1.0.0-beta.436 SW:v1.0.0-beta.433 SW:v1.0.0-beta.427 SW:v1.0.0-beta.421 SW:v1.0.0-beta.416 SW:v1.0.0-beta.408 SW:v1.0.0-beta.404 SW:v1.0.0-beta.395 SW:v1.0.0-beta.392 SW:v1.0.0-beta.374 SW:v1.0.0-beta.366 SW:v1.0.0-beta.355 SW:v1.0.0-beta.352 SW:v1.0.0-beta.341 SW:v1.0.0-beta.339 SW:v1.0.0-beta.324 SW:v1.0.0-beta.300 SW:v1.0.0-beta.291 SW:v1.0.0-beta.289 SW:v1.0.0-beta.287 SW:v1.0.0-beta.280 SW:v1.0.0-beta.277 SW:v1.0.0-beta.254 SW:v1.0.0-beta.247 SW:v1.0.0-beta.224 SW:v1.0.0-beta.220 SW:v1.0.0-beta.212 SW:v1.0.0-beta.211 SW:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 SW:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 SW:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb SW:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f SW:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e SW:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 SW:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 SW:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e SW:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b SW:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a SW:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b SW:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e SW:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d SW:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d SW:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 SW:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff SW:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb SW:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 SW:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b SW:v1.0.alpha.522 SW:v1.0.alpha.516 SW:v1.0.alpha.506 SW:v1.0.alpha.481 SW:v1.0.alpha.477 SW:v1.0.alpha.471 SW:v1.0.alpha.469 SW:v1.0.alpha.463 SW:v1.0.alpha.450 SW:v1.0.alpha.443 SW:v1.0.alpha.439 SW:v1.0.alpha.425 SW:v1.0.alpha.421 SW:v1.0.alpha.418 SW:v1.0.alpha.412 SW:v1.0.alpha.404 SW:v1.0.alpha.392 SW:v1.0.alpha.374 SW:v1.0.alpha.367 SW:v1.0.alpha.364 SW:v1.0.alpha.361 SW:v1.0.alpha.358 SW:v1.0.alpha.357 SW:v1.0.alpha.341 SW:v1.0.alpha.338 SW:v1.0.alpha.336 SW:v1.0.alpha.333 SW:v1.0.alpha.329 SW:v1.0.alpha.311 SW:v1.0.alpha.306 SW:v1.0.alpha.302 SW:v1.0.alpha.291 SW:v1.0.alpha.290 SW:v1.0.alpha.288 SW:v1.0.alpha.285 SW:v1.0.alpha.275 SW:v1.0.alpha.274 SW:v1.0.alpha.273 SW:v1.0.alpha.272 SW:v1.0.alpha.271 SW:v1.0.alpha.270 SW:v1.0.alpha.269 SW:v1.0.alpha.268 SW:v1.0.alpha.267 SW:v1.0.alpha.266 SW:v1.0.alpha.263 SW:v1.0.alpha.257 SW:v1.0.alpha.256 SW:v1.0.alpha.252 SW:v1.0.alpha.251 SW:v1.0.alpha.250 SW:v1.0.alpha.249 SW:v1.0.alpha.247 SW:v1.0.alpha.228 SW:v1.0.alpha.217 SW:v1.0.alpha.216 SW:v1.0.alpha.215 SW:v1.0.alpha.212 SW:v1.0.alpha.200 SW:v1.0.alpha.186 SW:v1.0.alpha.182 SW:v1.0.alpha.178 SW:v1.0.alpha.176 SW:v1.0.alpha.171 SW:v1.0.alpha.170 SW:v1.0.alpha.164 SW:v1.0.alpha.157 SW:v1.0
...
compare: SW:v2.4.9
Branches Tags
SW:master SW:v2.9 SW:v1.5 SW:v1.4 SW:v3.0 SW:v2.8 SW:v1.6 SW:v1.7 SW:v2.0 SW:v2.1 SW:v2.2 SW:v2.7 SW:v2.6 SW:v2.3 SW:v2.4 SW:v2.5 SW:v1.0 SW:v1.1 SW:v1.2 SW:v1.3 SW:gh-pages
SW:v2.9.6-1 SW:v3.0.0-beta2 SW:v2.9.6 SW:v3.0.0-beta1 SW:v2.9.5 SW:v2.9.4 SW:v2.9.3 SW:v2.9.2 SW:v2.9.1 SW:v2.9.0-rc5 SW:v2.8.8 SW:v2.8.7 SW:v2.9.0-rc4 SW:v2.8.6 SW:v2.9.0-rc3 SW:v2.9.0-rc2 SW:v2.9.0-rc1 SW:v2.8.5 SW:v2.8.4 SW:v2.8.3 SW:v2.8.2 SW:v2.8.1 SW:v2.8.0 SW:v2.7.3 SW:v2.8.0-rc2 SW:v2.7.2 SW:v2.8.0-rc1 SW:v2.7.1 SW:v2.7.0 SW:v2.6.7 SW:v2.6.6 SW:v2.6.5 SW:v2.6.4 SW:v2.7.0-rc2 SW:v2.6.3 SW:v2.7.0-rc1 SW:v2.6.2 SW:v2.6.1 SW:v2.6.0 SW:v2.6.0-rc3 SW:v2.5.7 SW:v2.6.0-rc2 SW:v2.5.6 SW:v2.6.0-rc1 SW:v1.7.34 SW:v2.5.5 SW:v2.5.4 SW:v1.7.33 SW:v1.7.32 SW:v1.7.31 SW:v2.5.3 SW:v2.5.2 SW:v2.5.1 SW:v2.5.0 SW:v2.4.14 SW:v2.5.0-rc6 SW:v2.5.0-rc5 SW:v2.5.0-rc4 SW:v2.4.13 SW:v2.4.12 SW:v2.5.0-rc3 SW:v2.4.11 SW:v2.4.10 SW:v2.5.0-rc2 SW:v2.5.0-rc1 SW:v2.4.9 SW:v1.7.30 SW:v1.7.29 SW:v2.4.8 SW:v2.4.7 SW:v2.4.6 SW:v2.4.5 SW:v2.4.4 SW:v2.4.3 SW:v2.4.2 SW:v2.4.1 SW:v2.4.0 SW:v1.7.28 SW:v1.7.27 SW:v2.4.0-rc2 SW:v2.3.7 SW:v2.3.6 SW:v2.4.0-rc1 SW:v2.3.5 SW:v2.3.4 SW:v2.3.3 SW:v2.3.2 SW:v2.3.1 SW:v2.3.0 SW:v2.3.0-rc7 SW:v2.3.0-rc6 SW:v2.3.0-rc5 SW:v2.2.11 SW:v2.2.10 SW:v2.3.0-rc4 SW:v2.3.0-rc3 SW:v2.2.8 SW:v1.7.26 SW:v2.2.7 SW:v2.2.6 SW:v2.3.0-rc2 SW:v2.3.0-rc1 SW:v1.7.25 SW:v2.2.5 SW:v2.2.4 SW:v2.2.3 SW:v2.2.2 SW:v2.2.1 SW:v2.2.0 SW:v1.7.24 SW:v2.1.9 SW:v1.7.23 SW:v2.2.0-rc4 SW:v2.1.8 SW:v2.2.0-rc3 SW:v2.1.7 SW:v1.7.22 SW:v2.2.0-rc2 SW:v2.2.0-rc1 SW:v2.1.6 SW:v2.1.5 SW:v1.7.21 SW:v2.1.4 SW:v2.1.3 SW:v2.1.2 SW:v2.1.1 SW:v2.1.0 SW:v1.7.20 SW:v2.0.7 SW:v2.1.0-rc3 SW:v2.0.6 SW:v2.1.0-rc2 SW:v2.1.0-rc1 SW:v2.0.5 SW:v2.0.4 SW:v2.0.3 SW:v1.7.19 SW:v2.0.2 SW:v2.0.1 SW:v1.7.18 SW:v1.7.17 SW:v2.0.0 SW:v2.0.0-rc4 SW:v1.7.16 SW:v1.7.15 SW:v2.0.0-rc3 SW:v2.0.0-rc2 SW:v2.0.0-rc1 SW:v1.7.14 SW:v1.7.13 SW:v2.0.0-beta1 SW:v2.0.0-alpha8 SW:v2.0.0-alpha7 SW:v2.0.0-alpha6 SW:v2.0.0-alpha5 SW:v1.7.12 SW:v1.7.11 SW:v2.0.0-alpha4 SW:v2.0.0-alpha3 SW:v1.7.10 SW:v2.0.0-alpha2 SW:v2.0.0-alpha1 SW:v1.7.9 SW:v1.7.8 SW:v1.7.7 SW:v1.7.6 SW:v1.7.5 SW:v1.7.4 SW:v1.7.3 SW:v1.7.2 SW:v1.7.1 SW:v1.7.0 SW:v1.7.0-rc5 SW:v1.7.0-rc4 SW:v1.6.6 SW:v1.7.0-rc3 SW:v1.7.0-rc2 SW:v1.6.5 SW:v1.7.0-rc1 SW:v1.6.4 SW:v1.6.3 SW:v1.6.2 SW:v1.6.1 SW:v1.6.0 SW:v1.6.0-rc6 SW:v1.6.0-rc5 SW:v1.6.0-rc4 SW:v1.6.0-rc3 SW:v1.6.0-rc2 SW:v1.6.0-rc1 SW:v1.5.4 SW:v1.5.3 SW:v1.5.2 SW:v1.5.1 SW:v1.5.0 SW:v1.5.0-rc5 SW:v1.5.0-rc4 SW:v1.4.6 SW:v1.5.0-rc3 SW:v1.5.0-rc2 SW:v1.4.5 SW:v1.5.0-rc1 SW:v1.4.4 SW:v1.4.3 SW:v1.4.2 SW:v1.4.1 SW:v1.4.0 SW:v1.4.0-rc5 SW:v1.4.0-rc4 SW:v1.4.0-rc3 SW:v1.4.0-rc2 SW:v1.3.8 SW:v1.4.0-rc1 SW:v1.3.7 SW:v1.3.6 SW:v1.3.5 SW:v1.3.4 SW:v1.3.3 SW:v1.3.2 SW:v1.3.1 SW:v1.3.0 SW:v1.3.0-rc3 SW:v1.3.0-rc2 SW:v1.3.0-rc1 SW:v1.2.3 SW:v1.2.2 SW:v1.2.1 SW:v1.2.0 SW:v1.2.0-rc2 SW:v1.2.0-rc1 SW:v1.1.2 SW:v1.1.1 SW:v1.1.0 SW:v1.1.0-rc4 SW:v1.1.0-rc3 SW:v1.1.0-rc2 SW:v1.1.0-rc1 SW:v1.0.3 SW:v1.0.2 SW:v1.0.1 SW:v1.0.0 SW:v1.0.0-rc3 SW:v1.0.0-rc2 SW:v1.0.0-rc1 SW:v1.0.0-beta.809 SW:v1.0.0-beta.804 SW:v1.0.0-beta.794 SW:v1.0.0-beta.784 SW:v1.0.0-beta.771 SW:v1.0.0-beta.767 SW:v1.0.0-beta.756 SW:v1.0.0-beta.754 SW:v1.0.0-beta.744 SW:v1.0.0-beta.732 SW:v1.0.0-beta.723 SW:v1.0.0-beta.721 SW:v1.0.0-beta.712 SW:v1.0.0-beta.704 SW:v1.0.0-beta.695 SW:v1.0.0-beta.692 SW:v1.0.0-beta.682 SW:v1.0.0-beta.676 SW:v1.0.0-beta.673 SW:v1.0.0-beta.666 SW:v1.0.0-beta.652 SW:v1.0.0-beta.644 SW:v1.0.0-beta.621 SW:v1.0.0-beta.614 SW:v1.0.0-beta.610 SW:v1.0.0-beta.601 SW:v1.0.0-beta.582 SW:v1.0.0-beta.576 SW:v1.0.0-beta.573 SW:v1.0.0-beta.555 SW:v1.0.0-beta.548 SW:v1.0.0-beta.545 SW:v1.0.0-beta.524 SW:v1.0.0-beta.513 SW:v1.0.0-beta.508 SW:v1.0.0-beta.505 SW:v1.0.0-beta.484 SW:v1.0.0-beta.481 SW:v1.0.0-beta.475 SW:v1.0.0-beta.470 SW:v1.0.0-beta.453 SW:v1.0.0-beta.442 SW:v1.0.0-beta.440 SW:v1.0.0-beta.436 SW:v1.0.0-beta.433 SW:v1.0.0-beta.427 SW:v1.0.0-beta.421 SW:v1.0.0-beta.416 SW:v1.0.0-beta.408 SW:v1.0.0-beta.404 SW:v1.0.0-beta.395 SW:v1.0.0-beta.392 SW:v1.0.0-beta.374 SW:v1.0.0-beta.366 SW:v1.0.0-beta.355 SW:v1.0.0-beta.352 SW:v1.0.0-beta.341 SW:v1.0.0-beta.339 SW:v1.0.0-beta.324 SW:v1.0.0-beta.300 SW:v1.0.0-beta.291 SW:v1.0.0-beta.289 SW:v1.0.0-beta.287 SW:v1.0.0-beta.280 SW:v1.0.0-beta.277 SW:v1.0.0-beta.254 SW:v1.0.0-beta.247 SW:v1.0.0-beta.224 SW:v1.0.0-beta.220 SW:v1.0.0-beta.212 SW:v1.0.0-beta.211 SW:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 SW:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 SW:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb SW:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f SW:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e SW:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 SW:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 SW:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e SW:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b SW:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a SW:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b SW:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e SW:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d SW:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d SW:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 SW:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff SW:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb SW:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 SW:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b SW:v1.0.alpha.522 SW:v1.0.alpha.516 SW:v1.0.alpha.506 SW:v1.0.alpha.481 SW:v1.0.alpha.477 SW:v1.0.alpha.471 SW:v1.0.alpha.469 SW:v1.0.alpha.463 SW:v1.0.alpha.450 SW:v1.0.alpha.443 SW:v1.0.alpha.439 SW:v1.0.alpha.425 SW:v1.0.alpha.421 SW:v1.0.alpha.418 SW:v1.0.alpha.412 SW:v1.0.alpha.404 SW:v1.0.alpha.392 SW:v1.0.alpha.374 SW:v1.0.alpha.367 SW:v1.0.alpha.364 SW:v1.0.alpha.361 SW:v1.0.alpha.358 SW:v1.0.alpha.357 SW:v1.0.alpha.341 SW:v1.0.alpha.338 SW:v1.0.alpha.336 SW:v1.0.alpha.333 SW:v1.0.alpha.329 SW:v1.0.alpha.311 SW:v1.0.alpha.306 SW:v1.0.alpha.302 SW:v1.0.alpha.291 SW:v1.0.alpha.290 SW:v1.0.alpha.288 SW:v1.0.alpha.285 SW:v1.0.alpha.275 SW:v1.0.alpha.274 SW:v1.0.alpha.273 SW:v1.0.alpha.272 SW:v1.0.alpha.271 SW:v1.0.alpha.270 SW:v1.0.alpha.269 SW:v1.0.alpha.268 SW:v1.0.alpha.267 SW:v1.0.alpha.266 SW:v1.0.alpha.263 SW:v1.0.alpha.257 SW:v1.0.alpha.256 SW:v1.0.alpha.252 SW:v1.0.alpha.251 SW:v1.0.alpha.250 SW:v1.0.alpha.249 SW:v1.0.alpha.247 SW:v1.0.alpha.228 SW:v1.0.alpha.217 SW:v1.0.alpha.216 SW:v1.0.alpha.215 SW:v1.0.alpha.212 SW:v1.0.alpha.200 SW:v1.0.alpha.186 SW:v1.0.alpha.182 SW:v1.0.alpha.178 SW:v1.0.alpha.176 SW:v1.0.alpha.171 SW:v1.0.alpha.170 SW:v1.0.alpha.164 SW:v1.0.alpha.157 SW:v1.0

67 Commits
v2.4.3 ... v2.4.9

Author SHA1 Message Date
Jean-Baptiste Doumenjou
5841c9a7a5 Prepare release v2.4.9 2021-06-21 17:00:09 +02:00
Michael
ed9b1bea3f Use github action to check and verify doc 2021-06-21 16:04:13 +02:00
Tom Moulard
c9df233d24 Changing default file format for the snippets from TOML to YAML 2021-06-19 00:08:08 +02:00
Ludovic Fernandez
99a23b0414 Use a dynamic buffer to handle client Hello SNI detection 2021-06-18 19:24:17 +02:00
Daniel Tomcej
95e0633b2f Create buffered signals channel 2021-06-18 18:43:10 +02:00
Maël Valais
5ca210fa60 gateway-api: fix the "values" field in the example of httproute 2021-06-18 18:14:07 +02:00
Jakub Hajek
fd1eae4f07 Adding formatting to the document. 2021-06-11 12:28:11 +02:00
Romain
51ee77b96f Explains Traefik HTTP response status codes 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2021-06-11 10:00:14 +02:00
Ludovic Fernandez
b03c5ff5ce Update go-acme/lego to v4.4.0 2021-06-08 23:50:05 +02:00
Moritz E. Beber
521fed1fea Elaborate on possible use of status codes with the errors middleware 2021-06-08 19:02:05 +02:00
mpl
2560626419 doc: clarify usage for ratelimit's excludedIPs 2021-06-07 17:46:14 +02:00
Jakub Hajek
c10c7619d3 Adding Maintainers Guidelines 2021-06-02 18:02:06 +02:00
Jakub Coufal
1680f00091 Fix incorrect behaviour with multi-port endpoint subsets 2021-05-28 00:58:07 +02:00
Danshil Kokil Mungur
376b6f90d9 docs: add pilot dashboard flag to static configuration file reference 2021-05-27 12:16:08 +02:00
Ludovic Fernandez
21c0195d29 fix: ACME preferred chain. 2021-05-20 15:08:12 +02:00
Sandro
d6d639d4d7 docs: add examples for removing headers 2021-05-17 18:07:25 +02:00
Douglas De Toni Machado
2408eeceba Fix plugin unzip call on windows 2021-05-17 12:10:09 +02:00
LandryBe
6ae194934d fix: use defaultEntryPoints when no entryPoint is defined in a TCPRouter 2021-05-11 16:46:14 +02:00
Romain
40f21f41e1 Fix ingressRouteTCP external name service examples in documentation 2021-05-06 12:04:08 +02:00
Ludovic Fernandez
ee12424795 Bump paerser to v0.1.4 2021-05-06 09:32:04 +02:00
Tom Moulard
56b26421a5 fix: remove linode link health check 2021-04-29 12:22:03 +02:00
Marc Vertes
ea8ba87aeb doc: fix a syntax error in ratelimit TOML configuration sample 2021-04-27 20:26:04 +02:00
Ludovic Fernandez
08b258a2cb Update Yaegi to v0.9.17 2021-04-27 20:16:04 +02:00
Tom Moulard
e096bf6b62 fix: k8s gateway api link 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2021-04-21 10:28:03 +02:00
Martin Vizvary
5814ba5322 Kubernetes ingress provider to search via all endpoints 2021-04-15 18:16:04 +02:00
Kevin Crawley
be81ce244e Error span on 5xx only 2021-04-14 12:20:03 +02:00
Jean-Baptiste Doumenjou
fe6acdf4d2 Fix Kubernetes Gateway API documentation links 2021-04-13 18:26:03 +02:00
Tom Moulard
46d6da4fce Docs: installing deps for html-proofer 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2021-04-13 14:02:04 +02:00
Clemens Bergmann
aa61835b78 correct annotation option 2021-04-06 17:18:03 +02:00
mpl
2a1e46c8b6 doc: typo fix 2021-04-01 12:05:03 +02:00
Tom Moulard
513f6e9a68 Remove error when HTTProutes is empty 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2021-03-30 16:32:03 +02:00
Fernandez Ludovic
ad980334d1 doc: remove dead page. 2021-03-30 14:51:30 +02:00
Tom Moulard
947798b44c Fix ServersTransport documentation 2021-03-29 14:18:03 +02:00
Ludovic Fernandez
ed427616d4 chore: update linter 2021-03-29 09:20:03 +02:00
Romain
297921182c Add metrics documentation 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2021-03-25 16:52:04 +01:00
Romain
32655b5b16 Prepare release v2.4.8 2021-03-23 16:34:04 +01:00
Romain
a513a05b7a Raise errors for non-ASCII domain names in a router's rules 2021-03-22 21:16:04 +01:00
Tom Moulard
1e716a93ff Adding an option to (de)activate Pilot integration into the Traefik dashboard 
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
 2021-03-22 19:18:04 +01:00
Fabian
06fc2c505f Doc: improve basic auth middleware httpasswd example 2021-03-22 15:26:03 +01:00
Deepyaman Datta
6fcea91d1f Add missing traefik. prefix across sample config 2021-03-19 09:12:04 +01:00
Tom Moulard
93d099a2f0 Fix travis docker image pulling for docs 2021-03-16 12:08:04 +01:00
Corey McGalliard
e5983d96f7 updating docs to remove a no longer needed note 2021-03-15 10:46:03 +01:00
Jean-Baptiste Doumenjou
08e6ae07af Update to gateway-api v0.2.0 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2021-03-15 09:44:03 +01:00
Matthias Schneider
49b46a9a3f server: updating go-proxyproto with security bugfix from upstream 2021-03-15 09:16:03 +01:00
Ludovic Fernandez
36c316f39c Update go-acme/lego to v4.3.1 2021-03-12 14:38:07 +01:00
Ludovic Fernandez
7e76abc067 Update go-acme/lego to v4.3.0 2021-03-11 09:52:04 +01:00
Jean-Baptiste Doumenjou
b1e11f3e88 Prepare release v2.4.7 2021-03-08 18:04:03 +01:00
Ludovic Fernandez
09d5f59701 fix: double close chan on TLS challenge 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2021-03-08 11:18:04 +01:00
Julien Salleyron
3c8675bb8b Fix flaky tests. 
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
 2021-03-08 09:58:04 +01:00
Ludovic Fernandez
71ca237478 Add new GitHub issue chooser. 2021-03-08 09:40:04 +01:00
dom3k
0e4b6d36fd Use Docker dependency directly without replace directive 2021-03-07 22:26:03 +01:00
Marc Vertes
e898080460 feature: tune transport buffer size to increase performance 2021-03-05 14:30:04 +01:00
Romain
bdba7d3adf Update to go1.16 2021-03-04 20:08:03 +01:00
Ludovic Fernandez
2e7833df49 chore: update linter. 2021-03-04 09:02:03 +01:00
Romain
ec0d03658d Fix ServersTransport documentation 
Co-authored-by: mpl <mathieu.lonjaret@gmail.com>
 2021-03-03 16:48:04 +01:00
Jean-Baptiste Doumenjou
d2d7cf14e5 Bump paerser to v0.1.2 2021-03-03 12:46:03 +01:00
Jean-Baptiste Doumenjou
40cd6ada4f Prepare release v2.4.6 2021-03-01 19:14:03 +01:00
wouter bolsterlee
c843c182e4 Address all shellcheck warnings 2021-02-26 14:34:04 +01:00
Tom Moulard
c35a8bdb15 Fixing doc for default value of checknewversion 2021-02-26 10:20:03 +01:00
Julien Salleyron
dd0701dd16 fix: wait for file and internal before applying configurations 
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
 2021-02-25 17:20:04 +01:00
Ludovic Fernandez
32500773b8 Update Yaegi to v0.9.13 2021-02-24 17:06:03 +01:00
Mal Curtis
e7d3f4316f Fix typo in routing/services/index.md 2021-02-22 20:28:05 +01:00
Vasilis Gerakaris
4b38d7368f Fix reflink typo in file provider documentation 2021-02-19 18:48:03 +01:00
Kevin Pollet
dce6a86900 Fix Kubernetes Gateway API documentation links 2021-02-19 17:16:03 +01:00
Romain
dc9c558c06 Prepare release v2.4.5 2021-02-18 18:04:03 +01:00
Romain
b8a466c571 Prepare release v2.4.4 2021-02-18 15:28:03 +01:00
Manuel Zapf
bae28c5f57 Only allow iframes to be loaded from our domain 2021-02-18 14:54:03 +01:00
227 changed files with 7193 additions and 6109 deletions
Expand all files Collapse all files

8
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Traefik Community Support
url: https://community.traefik.io/
about: If you have a question, or are looking for advice, please post on our Discuss forum! The community loves to chime in to help. Happy Coding!
- name: Traefik Helm Chart Issues
url: https://github.com/traefik/traefik-helm-chart
about: Are you submitting an issue or feature enhancement for the Traefik helm chart? Please post in the traefik-helm-chart GitHub Issues.

20
.github/workflows/check_doc.yml vendored Normal file
View File

@@ -0,0 +1,20 @@
name: Check Documentation
on:
pull_request:
jobs:
docs:
name: Check, verify and build documentation
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Check documentation
run: make docs-pull-images docs

84
.golangci.toml
View File

@@ -30,38 +30,73 @@
lines = 230 # default 60
statements = 120 # default 40
[linters-settings.forbidigo]
forbid = [
'^print(ln)?$',
'^spew\.Print(f|ln)?$',
'^spew\.Dump$',
]
[linters-settings.depguard]
list-type = "blacklist"
include-go-root = false
packages = ["github.com/pkg/errors"]
[linters-settings.godox]
keywords = ["FIXME"]
[linters-settings.importas]
corev1 = "k8s.io/api/core/v1"
networkingv1beta1 = "k8s.io/api/networking/v1beta1"
extensionsv1beta1 = "k8s.io/api/extensions/v1beta1"
metav1 = "k8s.io/apimachinery/pkg/apis/meta/v1"
kubeerror = "k8s.io/apimachinery/pkg/api/errors"
[linters-settings.gomoddirectives]
replace-allow-list = [
"github.com/abbot/go-http-auth",
"github.com/go-check/check",
"github.com/gorilla/mux",
"github.com/mailgun/minheap",
"github.com/mailgun/multibuf",
]
[linters]
enable-all = true
disable = [
"scopelint", # Deprecated
"interfacer", # Deprecated
"maligned", # Deprecated
"sqlclosecheck", # Not relevant (SQL)
"rowserrcheck", # Not relevant (SQL)
"lll", # Not relevant
"gocyclo", # FIXME must be fixed
"gosec",
"dupl",
"maligned",
"lll",
"unparam",
"prealloc",
"scopelint",
"cyclop", # Duplicate of gocyclo
"gocognit", # Too strict
"nestif", # Too many false-positive.
"prealloc", # Too many false-positive.
"makezero", # Not relevant
"ifshort", # Not relevant
"dupl", # Too strict
"gosec", # Too strict
"gochecknoinits",
"gochecknoglobals",
"godox",
"gocognit",
"bodyclose", # Too many false-positive and panics.
"wsl", # Too strict
"nlreturn", # Not relevant
"gomnd", # Too strict
"stylecheck", # skip because report issues related to some generated files.
"testpackage", # Too strict
"goerr113", # Too strict
"nestif", # Too many false-positive.
"noctx", # Too strict
"exhaustive", # Too strict
"nlreturn", # Not relevant
"wrapcheck", # Too strict
"tparallel", # Not relevant
"paralleltest", # Not relevant
"exhaustive", # Not relevant
"exhaustivestruct", # Not relevant
"makezero", # not relevant
"forbidigo", # not relevant
"ifshort", # not relevant
"goerr113", # Too strict
"wrapcheck", # Too strict
"noctx", # Too strict
"bodyclose", # Too many false-positive and panics.
"unparam", # Too strict
"godox", # Too strict
"forcetypeassert", # Too strict
]
[issues]
@@ -69,9 +104,9 @@
max-per-linter = 0
max-same-issues = 0
exclude = [
"SA1019: http.CloseNotifier is deprecated: the CloseNotifier interface predates Go's context package. New code should use Request.Context instead.", # FIXME must be fixed
"Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked",
"should have a package comment, unless it's in another file for this package",
"SA1019: http.CloseNotifier has been deprecated", # FIXME must be fixed
]
[[issues.exclude-rules]]
path = "(.+)_test.go"
@@ -88,18 +123,12 @@
[[issues.exclude-rules]]
path = "pkg/h2c/h2c.go"
text = "Error return value of `rw.Write` is not checked"
[[issues.exclude-rules]]
path = "pkg/middlewares/recovery/recovery.go"
text = "`logger` can be `github.com/stretchr/testify/assert.TestingT`"
[[issues.exclude-rules]]
path = "pkg/provider/docker/builder_test.go"
text = "(U1000: func )?`(.+)` is unused"
[[issues.exclude-rules]]
path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
text = "(U1000: func )?`(.+)` is unused"
[[issues.exclude-rules]]
path = "pkg/config/parser/.+_test.go"
text = "U1000: field `(foo|fuu)` is unused"
[[issues.exclude-rules]]
path = "pkg/server/service/bufferpool.go"
text = "SA6002: argument should be pointer-like to avoid allocations"
@@ -109,9 +138,6 @@
[[issues.exclude-rules]]
path = "pkg/server/middleware/middlewares.go"
text = "Function 'buildConstructor' has too many statements"
[[issues.exclude-rules]] # FIXME must be fixed
path = "cmd/context.go"
text = "S1000: should use a simple channel send/receive instead of `select` with a single case"
[[issues.exclude-rules]]
path = "pkg/tracing/haystack/logger.go"
linters = ["goprintffuncname"]

1
.travis.yml
View File

@@ -16,7 +16,6 @@ env:
script:
- echo "Skipping tests... (Tests are executed on SemaphoreCI)"
- if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then make docs; fi
before_deploy:
- >

87
CHANGELOG.md
View File

@@ -1,3 +1,90 @@
## [v2.4.9](https://github.com/traefik/traefik/tree/v2.4.9) (2021-06-21)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.8...v2.4.9)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.4.0 ([#8179](https://github.com/traefik/traefik/pull/8179) by [ldez](https://github.com/ldez))
- **[acme]** Fix: ACME preferred chain. ([#8146](https://github.com/traefik/traefik/pull/8146) by [ldez](https://github.com/ldez))
- **[k8s,k8s/gatewayapi]** Remove error when HTTProutes is empty ([#8023](https://github.com/traefik/traefik/pull/8023) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s,k8s/ingress]** Fix incorrect behaviour with multi-port endpoint subsets ([#8156](https://github.com/traefik/traefik/pull/8156) by [coufalja](https://github.com/coufalja))
- **[k8s,k8s/ingress]** Kubernetes ingress provider to search via all endpoints ([#7997](https://github.com/traefik/traefik/pull/7997) by [martinvizvary](https://github.com/martinvizvary))
- **[plugins,windows]** Fix plugin unzip call on windows ([#8136](https://github.com/traefik/traefik/pull/8136) by [ddtmachado](https://github.com/ddtmachado))
- **[plugins]** Update Yaegi to v0.9.17 ([#8100](https://github.com/traefik/traefik/pull/8100) by [ldez](https://github.com/ldez))
- **[provider]** Bump paerser to v0.1.4 ([#8116](https://github.com/traefik/traefik/pull/8116) by [ldez](https://github.com/ldez))
- **[server]** Create buffered signals channel ([#8190](https://github.com/traefik/traefik/pull/8190) by [dtomcej](https://github.com/dtomcej))
- **[server]** Fix: use defaultEntryPoints when no entryPoint is defined in a TCPRouter ([#8111](https://github.com/traefik/traefik/pull/8111) by [LandryBe](https://github.com/LandryBe))
- **[tls]** Use a dynamic buffer to handle client Hello SNI detection ([#8194](https://github.com/traefik/traefik/pull/8194) by [ldez](https://github.com/ldez))
- **[tracing]** Error span on 5xx only ([#8033](https://github.com/traefik/traefik/pull/8033) by [kevtainer](https://github.com/kevtainer))
**Documentation:**
- **[k8s,k8s/crd]** Fix ingressRouteTCP external name service examples in documentation ([#8120](https://github.com/traefik/traefik/pull/8120) by [rtribotte](https://github.com/rtribotte))
- **[k8s,k8s/gatewayapi]** Fix Kubernetes Gateway API documentation links ([#8063](https://github.com/traefik/traefik/pull/8063) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s,k8s/gatewayapi]** Fix: k8s gateway api link ([#8085](https://github.com/traefik/traefik/pull/8085) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s,k8s/gatewayapi]** Fix the &#34;values&#34; field in the example of httproute ([#8192](https://github.com/traefik/traefik/pull/8192) by [maelvls](https://github.com/maelvls))
- **[k8s/crd]** Fix ServersTransport documentation ([#8019](https://github.com/traefik/traefik/pull/8019) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s]** Correct annotation option ([#8031](https://github.com/traefik/traefik/pull/8031) by [cbergmann](https://github.com/cbergmann))
- **[metrics]** Add metrics documentation ([#8007](https://github.com/traefik/traefik/pull/8007) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Docs: add examples for removing headers ([#8030](https://github.com/traefik/traefik/pull/8030) by [SuperSandro2000](https://github.com/SuperSandro2000))
- **[middleware]** Doc: clarify usage for ratelimit&#39;s excludedIPs ([#8072](https://github.com/traefik/traefik/pull/8072) by [mpl](https://github.com/mpl))
- **[middleware]** Elaborate on possible use of status codes with the errors middleware ([#8176](https://github.com/traefik/traefik/pull/8176) by [Midnighter](https://github.com/Midnighter))
- **[middleware]** Doc: fix a syntax error in ratelimit TOML configuration sample ([#8101](https://github.com/traefik/traefik/pull/8101) by [mvertes](https://github.com/mvertes))
- **[pilot]** Docs: add pilot dashboard flag to static configuration file reference ([#8152](https://github.com/traefik/traefik/pull/8152) by [danshilm](https://github.com/danshilm))
- Adding Maintainers Guidelines ([#8168](https://github.com/traefik/traefik/pull/8168) by [jakubhajek](https://github.com/jakubhajek))
- Explains Traefik HTTP response status codes ([#8170](https://github.com/traefik/traefik/pull/8170) by [rtribotte](https://github.com/rtribotte))
- Doc: typo fix ([#8026](https://github.com/traefik/traefik/pull/8026) by [mpl](https://github.com/mpl))
- Adding formatting to the document. ([#8180](https://github.com/traefik/traefik/pull/8180) by [jakubhajek](https://github.com/jakubhajek))
- Changing default file format for the snippets from TOML to YAML ([#8193](https://github.com/traefik/traefik/pull/8193) by [tomMoulard](https://github.com/tomMoulard))
## [v2.4.8](https://github.com/traefik/traefik/tree/v2.4.8) (2021-03-22)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.7...v2.4.8)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.3.1 ([#7980](https://github.com/traefik/traefik/pull/7980) by [ldez](https://github.com/ldez))
- **[acme]** Update go-acme/lego to v4.3.0 ([#7975](https://github.com/traefik/traefik/pull/7975) by [ldez](https://github.com/ldez))
- **[k8s,k8s/gatewayapi]** Update to gateway-api v0.2.0 ([#7943](https://github.com/traefik/traefik/pull/7943) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[pilot,webui]** Adding an option to (de)activate Pilot integration into the Traefik dashboard ([#7994](https://github.com/traefik/traefik/pull/7994) by [tomMoulard](https://github.com/tomMoulard))
- **[rules]** Raise errors for non-ASCII domain names in a router&#39;s rules ([#7986](https://github.com/traefik/traefik/pull/7986) by [rtribotte](https://github.com/rtribotte))
- **[server]** Update pires/go-proxyproto to v0.5.0 ([#7948](https://github.com/traefik/traefik/pull/7948) by [mschneider82](https://github.com/mschneider82))
**Documentation:**
- **[middleware]** Improve basic auth middleware httpasswd example ([#7992](https://github.com/traefik/traefik/pull/7992) by [d3473r](https://github.com/d3473r))
- **[middleware]** Add missing `traefik.` prefix across sample config ([#7990](https://github.com/traefik/traefik/pull/7990) by [deepyaman](https://github.com/deepyaman))
- **[middleware]** Remove a no longer needed note ([#7979](https://github.com/traefik/traefik/pull/7979) by [cmcga1125](https://github.com/cmcga1125))
## [v2.4.7](https://github.com/traefik/traefik/tree/v2.4.7) (2021-03-08)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.6...v2.4.7)
**Bug fixes:**
- **[acme]** Fix: double close chan on TLS challenge ([#7956](https://github.com/traefik/traefik/pull/7956) by [ldez](https://github.com/ldez))
- **[provider]** Bump paerser to v0.1.2 ([#7945](https://github.com/traefik/traefik/pull/7945) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[server]** Feature: tune transport buffer size to increase performance ([#7957](https://github.com/traefik/traefik/pull/7957) by [mvertes](https://github.com/mvertes))
**Documentation:**
- **[service]** Fix ServersTransport documentation ([#7942](https://github.com/traefik/traefik/pull/7942) by [rtribotte](https://github.com/rtribotte))
## [v2.4.6](https://github.com/traefik/traefik/tree/v2.4.6) (2021-03-01)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.5...v2.4.6)
**Bug fixes:**
- **[plugins]** Update Yaegi to v0.9.13 ([#7928](https://github.com/traefik/traefik/pull/7928) by [ldez](https://github.com/ldez))
- **[provider]** Fix: wait for file and internal before applying configurations ([#7925](https://github.com/traefik/traefik/pull/7925) by [juliens](https://github.com/juliens))
**Documentation:**
- **[file]** Fix reflink typo in file provider documentation ([#7913](https://github.com/traefik/traefik/pull/7913) by [vgerak](https://github.com/vgerak))
- **[k8s/serviceapi]** Fix Kubernetes Gateway API documentation links ([#7914](https://github.com/traefik/traefik/pull/7914) by [kevinpollet](https://github.com/kevinpollet))
- **[service]** Fix typo in routing/services/index.md ([#7922](https://github.com/traefik/traefik/pull/7922) by [snikch](https://github.com/snikch))
- Fixing doc for default value of checknewversion ([#7933](https://github.com/traefik/traefik/pull/7933) by [tomMoulard](https://github.com/tomMoulard))
## [v2.4.5](https://github.com/traefik/traefik/tree/v2.4.5) (2021-02-18)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.3...v2.4.5)
**Bug fixes:**
- **[webui]** Only allow iframes to be loaded from our domain ([#7904](https://github.com/traefik/traefik/pull/7904) by [SantoDE](https://github.com/SantoDE))
## [v2.4.4](https://github.com/traefik/traefik/tree/v2.4.4) (2021-02-18)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.3...v2.4.4)
Release canceled.
## [v2.4.3](https://github.com/traefik/traefik/tree/v2.4.3) (2021-02-15)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.2...v2.4.3)

9
CONTRIBUTING.md
View File

@@ -1,4 +1,9 @@
# Contributing
- https://doc.traefik.io/traefik/contributing/submitting-pull-requests/
- https://doc.traefik.io/traefik/contributing/submitting-issues/
Here are some guidelines that should help to start contributing to the project.
- [Submitting pull Requests](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md)
- [Submitting issues](https://doc.traefik.io/traefik/contributing/submitting-issues/)
- [Submitting security issues](docs/content/contributing/submitting-security-issues.md)
If you are willing to become a maintainer of the project, please take a look at the [maintainers guidelines](docs/content/contributing/maintainers-guidelines.md).

10
Makefile
View File

@@ -63,18 +63,18 @@ generate-webui: build-webui-image
mkdir -p static; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build:nc; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ../static; \
echo 'For more informations show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \
echo 'For more information show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \
fi
## Build the linux binary
binary: generate-webui $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary
## Build the binary for the standard plaforms (linux, darwin, windows)
## Build the binary for the standard platforms (linux, darwin, windows)
crossbinary-default: generate-webui build-dev-image
$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default
## Build the binary for the standard plaforms (linux, darwin, windows) in parallel
## Build the binary for the standard platforms (linux, darwin, windows) in parallel
crossbinary-default-parallel:
$(MAKE) generate-webui
$(MAKE) build-dev-image crossbinary-default
@@ -127,6 +127,10 @@ docs:
docs-serve:
make -C ./docs docs-serve
## Pull image for doc building
docs-pull-images:
make -C ./docs docs-pull-images
## Generate CRD clientset
generate-crd:
./script/update-generated-crd-code.sh

5
README.md
View File

@@ -126,7 +126,10 @@ You can find high level and deep dive videos on [videos.traefik.io](https://vide
## Maintainers
[Information about process and maintainers](docs/content/contributing/maintainers.md)
We are strongly promoting a philosophy of openness and sharing, and firmly standing against the elitist closed approach. Being part of the core team should be accessible to anyone who is motivated and want to be part of that journey!
This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the core team as well as various responsibilities and guidelines for Traefik maintainers.
You can also find more information on our process to review pull requests and manage issues [in this document](docs/content/contributing/maintainers.md).
## Contributing

4
build.Dockerfile
View File

@@ -1,4 +1,4 @@
FROM golang:1.15-alpine
FROM golang:1.16-alpine
RUN apk --update upgrade \
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
@@ -19,7 +19,7 @@ RUN mkdir -p /usr/local/bin \
&& chmod +x /usr/local/bin/go-bindata
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.36.0
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.39.0
# Download misspell binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4

22
cmd/context.go
View File

@@ -1,22 +0,0 @@
package cmd
import (
"context"
"os"
"os/signal"
"syscall"
)
// ContextWithSignal creates a context canceled when SIGINT or SIGTERM are notified.
func ContextWithSignal(ctx context.Context) context.Context {
newCtx, cancel := context.WithCancel(ctx)
signals := make(chan os.Signal)
signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)
go func() {
select {
case <-signals:
cancel()
}
}()
return newCtx
}

57
cmd/traefik/traefik.go
View File

@@ -6,9 +6,11 @@ import (
stdlog "log"
"net/http"
"os"
"os/signal"
"path/filepath"
"sort"
"strings"
"syscall"
"time"
"github.com/coreos/go-systemd/daemon"
@@ -119,7 +121,7 @@ func runCmd(staticConfiguration *static.Configuration) error {
return err
}
ctx := cmd.ContextWithSignal(context.Background())
ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
if staticConfiguration.Experimental != nil && staticConfiguration.Experimental.DevPlugin != nil {
var cancel context.CancelFunc
@@ -222,6 +224,10 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
})
}
if staticConfiguration.Pilot != nil {
version.PilotEnabled = staticConfiguration.Pilot.Dashboard
}
// Plugins
pluginBuilder, err := createPluginBuilder(staticConfiguration)
@@ -256,6 +262,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
providerAggregator,
time.Duration(staticConfiguration.Providers.ProvidersThrottleDuration),
getDefaultsEntrypoints(staticConfiguration),
"internal",
)
// TLS
@@ -365,30 +372,32 @@ func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.Pr
var resolvers []*acme.Provider
for name, resolver := range c.CertificatesResolvers {
if resolver.ACME != nil {
if localStores[resolver.ACME.Storage] == nil {
localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
}
p := &acme.Provider{
Configuration: resolver.ACME,
Store: localStores[resolver.ACME.Storage],
ResolverName: name,
HTTPChallengeProvider: httpChallengeProvider,
TLSChallengeProvider: tlsChallengeProvider,
}
if err := providerAggregator.AddProvider(p); err != nil {
log.WithoutContext().Errorf("The ACME resolver %q is skipped from the resolvers list because: %v", name, err)
continue
}
p.SetTLSManager(tlsManager)
p.SetConfigListenerChan(make(chan dynamic.Configuration))
resolvers = append(resolvers, p)
if resolver.ACME == nil {
continue
}
if localStores[resolver.ACME.Storage] == nil {
localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
}
p := &acme.Provider{
Configuration: resolver.ACME,
Store: localStores[resolver.ACME.Storage],
ResolverName: name,
HTTPChallengeProvider: httpChallengeProvider,
TLSChallengeProvider: tlsChallengeProvider,
}
if err := providerAggregator.AddProvider(p); err != nil {
log.WithoutContext().Errorf("The ACME resolver %q is skipped from the resolvers list because: %v", name, err)
continue
}
p.SetTLSManager(tlsManager)
p.SetConfigListenerChan(make(chan dynamic.Configuration))
resolvers = append(resolvers, p)
}
return resolvers

6
docs/Makefile
View File

@@ -12,7 +12,7 @@ TRAEFIK_DOCS_CHECK_IMAGE ?= $(TRAEFIK_DOCS_BUILD_IMAGE)-check
SITE_DIR := $(CURDIR)/site
DOCKER_RUN_DOC_PORT := 8000
DOCKER_RUN_DOC_MOUNTS := -v $(CURDIR):/mkdocs
DOCKER_RUN_DOC_MOUNTS := -v $(CURDIR):/mkdocs
DOCKER_RUN_DOC_OPTS := --rm $(DOCKER_RUN_DOC_MOUNTS) -p $(DOCKER_RUN_DOC_PORT):8000
# Default: generates the documentation into $(SITE_DIR)
@@ -22,6 +22,10 @@ docs: docs-clean docs-image docs-lint docs-build docs-verify
docs-serve: docs-image
docker run $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) mkdocs serve
## Pull image for doc building
docs-pull-images:
grep --no-filename -E '^FROM' ./*.Dockerfile | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull
# Utilities Targets for each step
docs-image:
docker build -t $(TRAEFIK_DOCS_BUILD_IMAGE) -f docs.Dockerfile ./

11
docs/check.Dockerfile
View File

@@ -8,8 +8,11 @@ RUN apk --no-cache --no-progress add \
ruby-etc \
ruby-ffi \
ruby-json \
ruby-nokogiri
RUN gem install html-proofer --version 3.13.0 --no-document -- --use-system-libraries
ruby-nokogiri \
ruby-dev \
build-base
RUN gem install html-proofer --version 3.19.0 --no-document -- --use-system-libraries
# After Ruby, some NodeJS YAY!
RUN apk --no-cache --no-progress add \
@@ -21,8 +24,8 @@ RUN apk --no-cache --no-progress add \
RUN npm config set unsafe-perm true
RUN npm install --global \
markdownlint@0.17.2 \
markdownlint-cli@0.19.0
markdownlint@0.22.0 \
markdownlint-cli@0.26.0
# Finally the shell tools we need for later
# tini helps to terminate properly all the parallelized tasks when sending CTRL-C

BIN
docs/content/assets/img/maintainers-guidelines.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 966 KiB

4
docs/content/contributing/building-testing.md
View File

@@ -30,7 +30,7 @@ Successfully tagged traefik-webui:latest
[...]
docker build -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
Sending build context to Docker daemon 279MB
Step 1/10 : FROM golang:1.14-alpine
Step 1/10 : FROM golang:1.16-alpine
---> f4bfb3d22bda
[...]
Successfully built 5c3c1a911277
@@ -62,7 +62,7 @@ PRE_TARGET= make test-unit
Requirements:
- `go` v1.14+
- `go` v1.16+
- environment variable `GO111MODULE=on`
- [go-bindata](https://github.com/containous/go-bindata) `GO111MODULE=off go get -u github.com/containous/go-bindata/...`

76
docs/content/contributing/data-collection.md
View File

@@ -9,19 +9,19 @@ Understanding how you use Traefik is very important to us: it helps us improve t
For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
!!! example "Enabling Data Collection"
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```yaml tab="File (YAML)"
global:
# Send anonymous usage data
sendAnonymousUsage: true
```
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```bash tab="CLI"
# Send anonymous usage data
--global.sendAnonymousUsage
@@ -45,49 +45,51 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
- an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed).
!!! info
- We do not collect the dynamic configuration information (routers & services).
- We do not collect this data to run advertising programs.
- We do not sell this data to third-parties.
### Example of Collected Data
```toml tab="Original configuration"
[entryPoints]
[entryPoints.web]
address = ":80"
```yaml tab="Original configuration"
entryPoints:
web:
address: ":80"
[api]
api: {}
[providers.docker]
endpoint = "tcp://10.10.10.10:2375"
exposedByDefault = true
swarmMode = true
providers:
docker:
endpoint: "tcp://10.10.10.10:2375"
exposedByDefault: true
swarmMode: true
[providers.docker.TLS]
ca = "dockerCA"
cert = "dockerCert"
key = "dockerKey"
insecureSkipVerify = true
tls:
ca: dockerCA
cert: dockerCert
key: dockerKey
insecureSkipVerify: true
```
```toml tab="Resulting Obfuscated Configuration"
[entryPoints]
[entryPoints.web]
address = ":80"
```yaml tab="Resulting Obfuscated Configuration"
entryPoints:
web:
address: ":80"
[api]
api: {}
[providers.docker]
endpoint = "xxxx"
exposedByDefault = true
swarmMode = true
providers:
docker:
endpoint: "xxxx"
exposedByDefault: true
swarmMode: true
[providers.docker.TLS]
ca = "xxxx"
cert = "xxxx"
key = "xxxx"
insecureSkipVerify = true
tls:
ca: xxxx
cert: xxxx
key: xxxx
insecureSkipVerify: true
```
## The Code for Data Collection

12
docs/content/contributing/documentation.md
View File

@@ -14,10 +14,10 @@ This [documentation](https://doc.traefik.io/traefik/) is built with [mkdocs](htt
### Method 1: `Docker` and `make`
You can build the documentation and test it locally (with live reloading), using the `docs` target:
You can build the documentation and test it locally (with live reloading), using the `docs-serve` target:
```bash
$ make docs
$ make docs-serve
docker build -t traefik-docs -f docs.Dockerfile .
# […]
docker run --rm -v /home/user/go/github/traefik/traefik:/mkdocs -p 8000:8000 traefik-docs mkdocs serve
@@ -82,17 +82,19 @@ Running ["HtmlCheck", "ImageCheck", "ScriptCheck", "LinkCheck"] on /app/site/bas
!!! note "Clean & Verify"
If you've made changes to the documentation, it's safter to clean it before verifying it.
If you've made changes to the documentation, it's safter to clean it before verifying it.
```bash
$ make docs-clean docs-verify
$ make docs
...
```
Will perform all necessary steps for you.
!!! note "Disabling Documentation Verification"
Verification can be disabled by setting the environment variable `DOCS_VERIFY_SKIP` to `true`:
```shell
DOCS_VERIFY_SKIP=true make docs-verify
...

129
docs/content/contributing/maintainers-guidelines.md Normal file
View File

@@ -0,0 +1,129 @@
# The Maintainers Guidelines
![Maintainers Guidelines](../assets/img/maintainers-guidelines.png)
Note: the document is a work in progress.
Welcome to the Traefik Community.
This document describes how to be part of the core team
as well as various responsibilities
and guidelines for Traefik maintainers.
We are strongly promoting a philosophy of openness and sharing,
and firmly standing against the elitist closed approach.
Being part of the core team should be accessible to anyone motivated
and wants to be part of that journey!
## Onboarding process
If you consider joining our community please drop us a line using Twitter or leave a note in the issue.
We will schedule a quick call to meet you and learn more about your motivation.
During the call, the team will discuss the process of becoming a maintainer.
We will be happy to answer any questions and explain all your doubts.
## Maintainers requirements
Note: you do not have to meet all the listed requirements,
but must have achieved several.
- Enabled [2FA](https://docs.github.com/en/github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on your Github account
- The contributor has opened and successfully run medium to large PRs in the past 6 months.
- The contributor has participated in multiple code reviews of other PRs,
including those of other maintainers and contributors.
- The contributor showed a consistent pattern of helpful, non-threatening, and friendly behavior towards other community members in the past.
- The contributor is active on Traefik Community forums
or other technical forums/boards such as K8S slack, Reddit, StackOverflow, hacker news.
- Have read and accepted the contributor guidelines.
## Maintainers responsibilities and privileges
There are lots of areas where you can contribute to the project,
but we can suggest you start with activities such as:
- PR reviewing.
- According to our guidelines we require you have at least 3 reviewers,
thus you can review a PR and leave the relevant comment if it is necessary.
- Participating in a daily [issue triage](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).
- The process helps to understand and prioritize the reported issue according to its importance and severity.
This is crucial to learn how our users implement Traefik.
Each of the issues that are labeled as bug/possible bug/confirmed requires a reproducible use case.
You can help in creating a reproducible use case if it has not been added to the issue
or use the sample code provided by the reporter.
Typically, a simple docker compose should be enough to reproduce the issue.
- Code contribution.
- Documentation contribution.
- Technical documentation is one of the most important components of the product.
The ability to set up a testing environment in a few minutes,
using the official documentation,
is a game changer.
- You will be listed on our Maintainers Github page
as well as on our website in the section [maintainers](maintainers.md).
- We will be promoting you on social channels (mostly on Twitter).
## Governance
- Roadmap meetings on a regular basis where all maintainers are welcome.
## Communicating
- All of our maintainers are added to Slack #traefik-maintainers channel that belongs to Traefik labs workspace.
Having the team in one place helps us to communicate effectively.
You can reach Traefik core developers directly,
which offers the possibility to discuss issues, pull requests, enhancements more efficiently
and get the feedback almost immediately.
Fewer blockers mean more fun and engaging work.
- On a daily basis, we publish a report that includes all the activities performed during the day.
You are updated in regard to the workload that has been processed including:
working on the new features and enhancements,
activities related to the reported issues and PRs,
other important project-related announcements.
- At 5:00 PM CET every day we review all the created issues that have been reported,
assign them the appropriate *[labels](maintainers.md#labels)*
and prioritize them based on the severity of the problem.
The process is called *[issue triaging](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)*.
Each of the maintainers is welcome to join the meeting.
For that purpose, we use a dedicated Discord server
where you are invited once you have become the official maintainer.
## Maintainers Activity
In order to keep the core team efficient and dynamic,
maintainers' activity and involvement will be reviewed on a regular basis.
- Has the maintainer engaged with the team and the community by meeting two or more of these benchmarks in the past six months?
- Has the maintainer participated in at least two or three maintainer meetings?
- Substantial review of at least one or two PRs from either contributors or maintainers.
- Opened at least one or two bug fixes or feature request PRs
that were eventually merged (or on a trajectory for merge).
- Substantial participation in the Help Wanted program (answered questions, helped identify issues, applied guidelines from the Help Wanted guide to open issues).
- Substantial participation with the community in general.
- Has the maintainer shown a consistent pattern of helpful,
non-threatening,
and friendly behavior towards other people on the maintainer team and with our community?
## Additional comments for (not only) maintainers
- Be able to put yourself in users shoes.
- Be open-minded and respectful with other maintainers and other community members.
- Keep the communication public -
if anyone tries to communicate with you directly,
ask him politely to move the conversation to a public communication channel.
- Stay away from defensive comments.
- Please try to express your thoughts clearly enough
and note that some of us are not native English speakers.
Try to rephrase your sentences, avoiding mental shortcuts;
none of us is able to predict your thoughts.
- There are a lot of use cases of using Traefik
and even more issues that are difficult to reproduce.
If the issue cant be replicated due to a lack of reproducible case (a simple docker compose should be enough) -
set your time limits while working on the issue
and express clearly that you were not able to replicate it.
You can come back later to that case.
- Be proactive.
- Emoji are fine,
but if you express yourself clearly enough they are not necessary.
They will not replace good communication.
- Embrace mentorship.
- Keep in mind that we all have the same intent to improve the project.

4
docs/content/contributing/maintainers.md
View File

@@ -20,6 +20,10 @@
* Kevin Pollet [@kevinpollet](https://github.com/kevinpollet)
* Harold Ozouf [@jspdown](https://github.com/jspdown)
## Maintainers guidelines
Please read the [maintainers guidelines](maintainers-guidelines.md)
## Issue Triage
Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide).

22
docs/content/getting-started/configuration-overview.md
View File

@@ -13,13 +13,13 @@ Configuration in Traefik can refer to two different things:
Elements in the _static configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
The _dynamic configuration_ contains everything that defines how the requests are handled by your system.
This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
!!! warning "Incompatible Configuration"
Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now.
If you are running v2, please ensure you are using a v2 configuration.
## The Dynamic Configuration
## The Dynamic Configuration
Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file.
@@ -28,14 +28,14 @@ Since this configuration is specific to your infrastructure choices, we invite y
!!! info ""
In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers.
!!! info "HTTPS Certificates also belong to the dynamic configuration."
You can add / update / remove them without restarting your Traefik instance.
You can add / update / remove them without restarting your Traefik instance.
## The Static Configuration
There are three different, **mutually exclusive** (e.g. you can use only one at the same time), ways to define static configuration options in Traefik:
There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define static configuration options in Traefik:
1. In a configuration file
1. In the command-line arguments
@@ -45,13 +45,13 @@ These ways are evaluated in the order listed above.
If no value was provided for a given option, a default value applies.
Moreover, if an option has sub-options, and any of these sub-options is not specified, a default value will apply as well.
For example, the `--providers.docker` option is enough by itself to enable the docker provider, even though sub-options like `--providers.docker.endpoint` exist.
Once positioned, this option sets (and resets) all the default values of the sub-options of `--providers.docker`.
### Configuration File
At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` or `traefik.yaml`) in:
At startup, Traefik searches for a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:
- `/etc/traefik/`
- `$XDG_CONFIG_HOME/`
@@ -61,7 +61,7 @@ At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` o
You can override this using the `configFile` argument.
```bash
traefik --configFile=foo/bar/myconfigfile.toml
traefik --configFile=foo/bar/myconfigfile.yml
```
### Arguments

126
docs/content/getting-started/faq.md Normal file
View File

@@ -0,0 +1,126 @@
# FAQ
## Why is Traefik Answering `XXX` HTTP Response Status Code?
Traefik is a dynamic reverse proxy,
and while the documentation often demonstrates configuration options through file examples,
the core feature of Traefik is its dynamic configurability,
directly reacting to changes from providers over time.
Notably, a part of the configuration is [static](../configuration-overview/#the-static-configuration),
and can be provided by a file on startup, whereas various providers,
such as the file provider,
contribute dynamically all along the traefik instance lifetime to its [dynamic configuration](../configuration-overview/#the-dynamic-configuration) changes.
In addition, the configuration englobes concepts such as the EntryPoint which can be seen as a listener on the Transport Layer (TCP),
as apposed to the Router which is more about the Presentation (TLS) and Application layers (HTTP).
And there can be as many routers as one wishes for a given EntryPoint.
In other words, for a given Entrypoint,
at any given time the traffic seen is not bound to be just about one protocol.
It could be HTTP, or otherwise. Over TLS, or not.
Not to mention that dynamic configuration changes potentially make that kind of traffic vary over time.
Therefore, in this dynamic context,
the static configuration of an `entryPoint` does not give any hint whatsoever about how the traffic going through that `entryPoint` is going to be routed.
Or whether it's even going to be routed at all,
i.e. whether there is a Router matching the kind of traffic going through it.
### `404 Not found`
Traefik returns a `404` response code in the following situations:
- A request reaching an EntryPoint that has no Routers
- An HTTP request reaching an EntryPoint that has no HTTP Router
- An HTTPS request reaching an EntryPoint that has no HTTPS Router
- A request reaching an EntryPoint that has HTTP/HTTPS Routers that cannot be matched
From Traefik's point of view,
every time a request cannot be matched with a router the correct response code is a `404 Not found`.
In this situation, the response code is not a `503 Service Unavailable`
because Traefik is not able to confirm that the lack of a matching router for a request is only temporary.
Traefik's routing configuration is dynamic and aggregated from different providers,
hence it's not possible to assume at any moment that a specific route should be handled or not.
??? info "This behavior is consistent with rfc7231"
```txt
The server is currently unable to handle the request due to a
temporary overloading or maintenance of the server. The implication
is that this is a temporary condition which will be alleviated after
some delay. If known, the length of the delay MAY be indicated in a
Retry-After header. If no Retry-After is given, the client SHOULD
handle the response as it would for a 500 response.
Note: The existence of the 503 status code does not imply that a
server must use it when becoming overloaded. Some servers may wish
to simply refuse the connection.
```
Extract from [rfc7231#section-6.6.4](https://datatracker.ietf.org/doc/html/rfc7231#section-6.6.4).
### `502 Bad Gateway`
Traefik returns a `502` response code when an error happens while contacting the upstream service.
### `503 Service Unavailable`
Traefik returns a `503` response code when a Router has been matched
but there are no servers ready to handle the request.
This situation is encountered when a service has been explicitly configured without servers,
or when a service has healthcheck enabled and all servers are unhealthy.
### `XXX` Instead of `404`
Sometimes, the `404` response code doesn't play well with other parties or services (such as CDNs).
In these situations, you may want Traefik to always reply with a `503` response code,
instead of a `404` response code.
To achieve this behavior, a simple catchall router,
with the lowest possible priority and routing to a service without servers,
can handle all the requests when no other router has been matched.
The example below is a file provider only version (`yaml`) of what this configuration could look like:
```yaml tab="Static configuration"
# traefik.yml
entrypoints:
web:
address: :80
providers:
file:
filename: dynamic.yaml
```
```yaml tab="Dynamic configuration"
# dynamic.yaml
http:
routers:
catchall:
# attached only to web entryPoint
entryPoints:
- "web"
# catchall rule
rule: "PathPrefix(`/`)"
service: unavailable
# lowest possible priority
# evaluated when no other router is matched
priority: 1
services:
# Service that will always answer a 503 Service Unavailable response
unavailable:
loadBalancer:
servers: {}
```
!!! info "Dedicated service"
If there is a need for a response code other than a `503` and/or a custom message,
the principle of the above example above (a catchall router) still stands,
but the `unavailable` service should be adapted to fit such a need.

22
docs/content/getting-started/install-traefik.md
View File

@@ -11,12 +11,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml)
```bash
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.4
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.4
```
For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -31,8 +31,8 @@ For more details, go to the [Docker provider documentation](../providers/docker.
## Use the Helm Chart
!!! warning
The Traefik Chart from
The Traefik Chart from
[Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7).
Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/traefik/traefik-helm-chart>.
@@ -61,7 +61,7 @@ helm install traefik traefik/traefik
```
!!! tip "Helm Features"
All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
For instance, installing the chart in a dedicated namespace:
@@ -73,30 +73,30 @@ helm install traefik traefik/traefik
```
??? example "Installing with Custom Values"
You can customize the installation by specifying custom values,
as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing).
{: #helm-custom-values }
The values are not (yet) documented, but are self-explanatory:
you can look at the [default `values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
You can also set Traefik command line flags using `additionalArguments`.
Example of installation with logging set to `DEBUG`:
```bash tab="Using Helm CLI"
helm install --namespace=traefik-v2 \
--set="additionalArguments={--log.level=DEBUG}" \
traefik traefik/traefik
```
```yml tab="With a custom values file"
# File custom-values.yml
## Install with "helm install --values=./custom-values.yml traefik traefik/traefik
additionalArguments:
- "--log.level=DEBUG"
```
### Exposing the Traefik dashboard
This HelmChart does not expose the Traefik dashboard by default, for security concerns.

22
docs/content/glossary.md
View File

@@ -1,22 +0,0 @@
# TODO -- Glossary
Where Every Technical Word finds its Definition`
{: .subtitle}
- [ ] Provider
- [ ] Types of providers (KV, annotation based, label based, configuration based)
- [ ] Entrypoint
- [ ] Routers
- [ ] Middleware
- [ ] Service
- [ ] [Static configuration](getting-started/configuration-overview.md#the-static-configuration)
- [ ] [Dynamic configuration](getting-started/configuration-overview.md#the-dynamic-configuration)
- [ ] ACME
- [ ] Traefik Enterprise
- [ ] Tracing
- [ ] Metrics
- [ ] Orchestrator
- [ ] Key Value Store
- [ ] Logs
- [ ] Traefiker
- [ ] Traefik (How to pronounce)

242
docs/content/https/acme.md
View File

@@ -13,7 +13,7 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
## Certificate Resolvers
Traefik requires you to define "Certificate Resolvers" in the [static configuration](../getting-started/configuration-overview.md#the-static-configuration),
Traefik requires you to define "Certificate Resolvers" in the [static configuration](../getting-started/configuration-overview.md#the-static-configuration),
which are responsible for retrieving certificates from an ACME server.
Then, each ["router"](../routing/routers/index.md) is configured to enable TLS,
@@ -26,33 +26,33 @@ You can read more about this retrieval mechanism in the following section: [ACME
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? note "Configuration Reference"
There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference:
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml"
```
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```bash tab="CLI"
--8<-- "content/https/ref-acme.txt"
```
## Domain Definition
Certificate resolvers request certificates for a set of the domain names
Certificate resolvers request certificates for a set of the domain names
inferred from routers, with the following logic:
- If the router has a [`tls.domains`](../routing/routers/index.md#domains) option set,
then the certificate resolver uses the `main` (and optionally `sans`) option of `tls.domains` to know the domain names for this router.
- If no [`tls.domains`](../routing/routers/index.md#domains) option is set,
then the certificate resolver uses the [router's rule](../routing/routers/index.md#rule),
by checking the `Host()` matchers.
- If no [`tls.domains`](../routing/routers/index.md#domains) option is set,
then the certificate resolver uses the [router's rule](../routing/routers/index.md#rule),
by checking the `Host()` matchers.
Please note that [multiple `Host()` matchers can be used](../routing/routers/index.md#certresolver)) for specifying multiple domain names for this router.
Please note that:
@@ -69,31 +69,15 @@ Please check the [configuration examples below](#configuration-examples) for mor
## Configuration Examples
??? example "Enabling ACME"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
myresolver:
acme:
@@ -103,7 +87,23 @@ Please check the [configuration examples below](#configuration-examples) for mor
# used during the challenge
entryPoint: web
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
@@ -117,23 +117,23 @@ Please check the [configuration examples below](#configuration-examples) for mor
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? example "Single Domain from Router's Rule Example"
* A certificate for the domain `example.com` is requested:
--8<-- "content/https/include-acme-single-domain-example.md"
??? example "Multiple Domains from Router's Rule Example"
* A certificate for the domains `example.com` (main) and `blog.example.org`
is requested:
--8<-- "content/https/include-acme-multiple-domains-from-rule-example.md"
??? example "Multiple Domains from Router's `tls.domain` Example"
* A certificate for the domains `example.com` (main) and `*.example.org` (SAN)
is requested:
--8<-- "content/https/include-acme-multiple-domains-example.md"
## Automatic Renewals
@@ -165,12 +165,6 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
??? example "Configuring the `tlsChallenge`"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -178,7 +172,13 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
# ...
tlsChallenge: {}
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.tlschallenge=true
@@ -193,28 +193,14 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
??? example "Using an EntryPoint Called web for the `httpChallenge`"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
myresolver:
acme:
@@ -222,7 +208,21 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
httpChallenge:
entryPoint: web
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
@@ -239,15 +239,6 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -258,7 +249,16 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
delayBeforeCheck: 0
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
@@ -270,7 +270,7 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
A `provider` is mandatory.
#### `providers`
Here is a list of supported `providers`, that can automate the DNS verification,
along with the required environment variables and their [wildcard & root domain support](#wildcard-domains).
Do not hesitate to complete it.
@@ -303,6 +303,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
@@ -322,9 +323,10 @@ For complete details, refer to your provider's _Additional configuration_ link.
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
@@ -340,11 +342,13 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
@@ -355,12 +359,16 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
@@ -380,14 +388,6 @@ For complete details, refer to your provider's _Additional configuration_ link.
Use custom DNS servers to resolve the FQDN authority.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -400,6 +400,14 @@ certificatesResolvers:
- "8.8.8.8:53"
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
@@ -415,14 +423,6 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
- `kid`: Key identifier from External CA
- `hmacEncoded`: HMAC key from External CA, should be in Base64 URL Encoding without padding format
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.eab]
kid = "abc-keyID-xyz"
hmacEncoded = "abc-hmac-xyz"
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -433,6 +433,14 @@ certificatesResolvers:
hmacEncoded: abc-hmac-xyz
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.eab]
kid = "abc-keyID-xyz"
hmacEncoded = "abc-hmac-xyz"
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.eab.kid=abc-keyID-xyz
@@ -452,13 +460,6 @@ The CA server to use:
??? example "Using the Let's Encrypt staging server"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -468,6 +469,13 @@ The CA server to use:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
@@ -480,13 +488,6 @@ _Required, Default="acme.json"_
The `storage` option sets the location where your ACME certificates are saved to.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
storage = "acme.json"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -496,6 +497,13 @@ certificatesResolvers:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
storage = "acme.json"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.storage=acme.json
@@ -526,13 +534,6 @@ Preferred chain to use.
If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
preferredChain = "ISRG Root X1"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -542,6 +543,13 @@ certificatesResolvers:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
preferredChain = "ISRG Root X1"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1"
@@ -554,13 +562,6 @@ _Optional, Default="RSA4096"_
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
keyType = "RSA4096"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@@ -570,6 +571,13 @@ certificatesResolvers:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
keyType = "RSA4096"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.keyType="RSA4096"

24
docs/content/https/include-acme-multiple-domains-example.md
View File

@@ -64,18 +64,6 @@ labels:
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
sans = ["*.example.org"]
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@@ -89,3 +77,15 @@ http:
sans:
- "*.example.org"
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
sans = ["*.example.org"]
```

18
docs/content/https/include-acme-multiple-domains-from-rule-example.md
View File

@@ -52,15 +52,6 @@ labels:
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@@ -70,3 +61,12 @@ http:
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

18
docs/content/https/include-acme-single-domain-example.md
View File

@@ -52,15 +52,6 @@ labels:
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@@ -70,3 +61,12 @@ http:
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

232
docs/content/https/tls.md
View File

@@ -13,18 +13,6 @@ See the [Let's Encrypt](./acme.md) page.
To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section:
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls.certificates]]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -36,23 +24,28 @@ tls:
keyFile: /path/to/other-domain.key
```
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls.certificates]]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Restriction"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
It is the only available method to configure the certificates (as well as the options and the stores).
However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/).
However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/).
## Certificates Stores
In Traefik, certificates are grouped together in certificates stores, which are defined as such:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -61,6 +54,13 @@ tls:
default: {}
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
```
!!! important "Restriction"
Any store definition other than the default one (named `default`) will be ignored,
@@ -68,21 +68,6 @@ tls:
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -98,6 +83,21 @@ tls:
keyFile: /path/to/other-domain.key
```
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Restriction"
The `stores` list will actually be ignored and automatically set to `["default"]`.
@@ -107,16 +107,6 @@ tls:
Traefik can use a default certificate for connections without a SNI, or without a matching domain.
This default certificate should be defined in a TLS store:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -128,6 +118,16 @@ tls:
keyFile: path/to/cert.key
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
## TLS Options
@@ -155,18 +155,6 @@ The TLS options allow one to configure some parameters of the TLS connection.
### Minimum TLS Version
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -179,6 +167,18 @@ tls:
minVersion: VersionTLS13
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@@ -206,18 +206,6 @@ We discourage the use of this setting to disable TLS1.3.
The recommended approach is to update the clients to support TLS1.3.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
maxVersion = "VersionTLS13"
[tls.options.maxtls12]
maxVersion = "VersionTLS12"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -230,6 +218,18 @@ tls:
maxVersion: VersionTLS12
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
maxVersion = "VersionTLS13"
[tls.options.maxtls12]
maxVersion = "VersionTLS12"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@@ -255,16 +255,6 @@ spec:
See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -275,6 +265,16 @@ tls:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@@ -301,14 +301,6 @@ The names of the curves defined by [`crypto`](https://godoc.org/crypto/tls#Curve
See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
curvePreferences = ["CurveP521", "CurveP384"]
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -320,6 +312,14 @@ tls:
- CurveP384
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
curvePreferences = ["CurveP521", "CurveP384"]
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@@ -338,14 +338,6 @@ spec:
With strict SNI checking enabled, Traefik won't allow connections from clients
that do not specify a server_name extension or don't match any certificate configured on the tlsOption.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -355,6 +347,14 @@ tls:
sniStrict: true
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@@ -371,14 +371,6 @@ spec:
This option allows the server to choose its most preferred cipher suite instead of the client's.
Please note that this is enabled automatically when `minVersion` or `maxVersion` are set.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -388,6 +380,14 @@ tls:
preferServerCipherSuites: true
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@@ -404,25 +404,14 @@ spec:
Traefik supports mutual authentication, through the `clientAuth` section.
For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`.
The `clientAuth.clientAuthType` option governs the behaviour as follows:
- `NoClientCert`: disregards any client certificate.
- `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
```
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -438,6 +427,17 @@ tls:
clientAuthType: RequireAndVerifyClientCert
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption

18
docs/content/middlewares/addprefix.md
View File

@@ -1,9 +1,9 @@
# Add Prefix
Prefixing the Path
Prefixing the Path
{: .subtitle }
![AddPrefix](../assets/img/middleware/addprefix.png)
![AddPrefix](../assets/img/middleware/addprefix.png)
The AddPrefix middleware updates the path of a request before forwarding it.
@@ -43,13 +43,6 @@ labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
```
```toml tab="File (TOML)"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
```yaml tab="File (YAML)"
# Prefixing with /foo
http:
@@ -59,6 +52,13 @@ http:
prefix: "/foo"
```
```toml tab="File (TOML)"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
## Configuration Options
### `prefix`

104
docs/content/middlewares/basicauth.md
View File

@@ -14,7 +14,7 @@ The BasicAuth middleware restricts access to your services to known users.
#
# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
#
# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
labels:
@@ -48,16 +48,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
@@ -65,17 +55,27 @@ http:
test-auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
## Configuration Options
### General
Passwords must be hashed using MD5, SHA1, or BCrypt.
!!! tip
!!! tip
Use `htpasswd` to generate the passwords.
@@ -84,7 +84,7 @@ Passwords must be hashed using MD5, SHA1, or BCrypt.
The `users` option is an array of authorized users. Each user must be declared using the `name:hashed-password` format.
!!! note ""
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- For security reasons, the field `users` doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@@ -142,16 +142,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
@@ -159,10 +149,20 @@ http:
test-auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@@ -170,9 +170,9 @@ The `usersFile` option is the path to an external file that contains the authori
The file content is a list of `name:hashed-password`.
!!! note ""
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker"
labels:
@@ -216,12 +216,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -230,6 +224,12 @@ http:
usersFile: "/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
usersFile = "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2"
```txt
@@ -239,7 +239,7 @@ http:
### `realm`
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
```yaml tab="Docker"
labels:
@@ -271,12 +271,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -285,6 +279,12 @@ http:
realm: "MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
realm = "MyRealm"
```
### `headerField`
You can define a header field to store the authenticated user using the `headerField`option.
@@ -315,12 +315,6 @@ spec:
}
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -330,6 +324,12 @@ http:
headerField: "X-WebAuth-User"
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
@@ -364,12 +364,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -377,3 +371,9 @@ http:
basicAuth:
removeHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```

86
docs/content/middlewares/buffering.md
View File

@@ -47,13 +47,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
# Sets the maximum request body to 2MB
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)"
# Sets the maximum request body to 2MB
http:
@@ -63,6 +56,13 @@ http:
maxRequestBodyBytes: 2000000
```
```toml tab="File (TOML)"
# Sets the maximum request body to 2MB
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
## Configuration Options
### `maxRequestBodyBytes`
@@ -101,12 +101,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -115,6 +109,12 @@ http:
maxRequestBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
### `memRequestBodyBytes`
You can configure a threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.
@@ -149,12 +149,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -163,6 +157,12 @@ http:
memRequestBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memRequestBodyBytes = 2000000
```
### `maxResponseBodyBytes`
The `maxResponseBodyBytes` option configures the maximum allowed response size from the service (in bytes).
@@ -199,12 +199,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxResponseBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -213,6 +207,12 @@ http:
maxResponseBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxResponseBodyBytes = 2000000
```
### `memResponseBodyBytes`
You can configure a threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.
@@ -247,12 +247,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memResponseBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -261,17 +255,23 @@ http:
memResponseBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memResponseBodyBytes = 2000000
```
### `retryExpression`
You can have the Buffering middleware replay the request using `retryExpression`.
??? example "Retries once in the case of a network error"
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
@@ -281,28 +281,22 @@ You can have the Buffering middleware replay the request using `retryExpression`
buffering:
retryExpression: "IsNetworkError() && Attempts() < 2"
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.limit.buffering.retryExpression": "IsNetworkError() && Attempts() < 2"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
retryExpression = "IsNetworkError() && Attempts() < 2"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -311,6 +305,12 @@ You can have the Buffering middleware replay the request using `retryExpression`
retryExpression: "IsNetworkError() && Attempts() < 2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
retryExpression = "IsNetworkError() && Attempts() < 2"
```
The retry expression is defined as a logical combination of the functions below with the operators AND (`&&`) and OR (`||`). At least one function is required:
- `Attempts()` number of attempts (the first one counts)

64
docs/content/middlewares/chain.md
View File

@@ -21,7 +21,7 @@ labels:
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
- "traefik.http.services.service1.loadbalancer.server.port=80"
```
```yaml tab="Kubernetes"
@@ -89,7 +89,7 @@ spec:
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
- "traefik.http.services.service1.loadbalancer.server.port=80"
```
```json tab="Marathon"
@@ -101,7 +101,7 @@ spec:
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
"http.services.service1.loadbalancer.server.port": "80"
"traefik.http.services.service1.loadbalancer.server.port": "80"
}
```
@@ -114,35 +114,7 @@ labels:
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
```toml tab="File (TOML)"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
- "traefik.http.services.service1.loadbalancer.server.port=80"
```
```yaml tab="File (YAML)"
@@ -184,3 +156,31 @@ http:
servers:
- url: "http://127.0.0.1:80"
```
```toml tab="File (TOML)"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```

14
docs/content/middlewares/circuitbreaker.md
View File

@@ -59,13 +59,6 @@ labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
```
```toml tab="File (TOML)"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
```yaml tab="File (YAML)"
# Latency Check
http:
@@ -75,6 +68,13 @@ http:
expression: "LatencyAtQuantileMS(50.0) > 100"
```
```toml tab="File (TOML)"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
## Possible States
There are three possible states for your circuit breaker:

24
docs/content/middlewares/compress.md
View File

@@ -42,12 +42,6 @@ labels:
- "traefik.http.middlewares.test-compress.compress=true"
```
```toml tab="File (TOML)"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.compress]
```
```yaml tab="File (YAML)"
# Enable gzip compression
http:
@@ -56,6 +50,12 @@ http:
compress: {}
```
```toml tab="File (TOML)"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.compress]
```
!!! info
Responses are compressed when the following criteria are all met:
@@ -108,12 +108,6 @@ labels:
- "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-compress.compress]
excludedContentTypes = ["text/event-stream"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -122,3 +116,9 @@ http:
excludedContentTypes:
- text/event-stream
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-compress.compress]
excludedContentTypes = ["text/event-stream"]
```

15
docs/content/middlewares/contenttype.md
View File

@@ -1,4 +1,3 @@
# ContentType
Handling Content-Type auto-detection
@@ -62,13 +61,6 @@ labels:
- "traefik.http.middlewares.autodetect.contenttype.autodetect=false"
```
```toml tab="File (TOML)"
# Disable auto-detection
[http.middlewares]
[http.middlewares.autodetect.contentType]
autoDetect=false
```
```yaml tab="File (YAML)"
# Disable auto-detection
http:
@@ -78,6 +70,13 @@ http:
autoDetect: false
```
```toml tab="File (TOML)"
# Disable auto-detection
[http.middlewares]
[http.middlewares.autodetect.contentType]
autoDetect=false
```
## Configuration Options
### `autoDetect`

88
docs/content/middlewares/digestauth.md
View File

@@ -43,16 +43,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
@@ -64,6 +54,16 @@ http:
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
## Configuration Options
!!! tip
@@ -120,15 +120,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -139,6 +130,15 @@ http:
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@@ -148,7 +148,7 @@ The file content is a list of `name:realm:encoded-password`.
!!! note ""
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker"
labels:
@@ -192,12 +192,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -206,6 +200,12 @@ http:
usersFile: "/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
usersFile = "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2"
```txt
@@ -247,12 +247,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -261,6 +255,12 @@ http:
realm: "MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
realm = "MyRealm"
```
### `headerField`
You can customize the header field for the authenticated user using the `headerField`option.
@@ -296,12 +296,6 @@ labels:
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth]
# ...
headerField = "X-WebAuth-User"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -311,6 +305,12 @@ http:
headerField: "X-WebAuth-User"
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth]
# ...
headerField = "X-WebAuth-User"
```
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
@@ -345,12 +345,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
removeHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -358,3 +352,9 @@ http:
digestAuth:
removeHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
removeHeader = true
```

29
docs/content/middlewares/errorpages.md
View File

@@ -58,18 +58,6 @@ labels:
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
```
```toml tab="File (TOML)"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"
[http.services]
# ... definition of error-handler-service and my-service
```
```yaml tab="File (YAML)"
# Custom Error Page for 5XX
http:
@@ -81,6 +69,18 @@ http:
service: serviceError
query: "/{status}.html"
services:
# ... definition of error-handler-service and my-service
```
```toml tab="File (TOML)"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"
[http.services]
# ... definition of error-handler-service and my-service
```
@@ -99,7 +99,10 @@ The status code ranges are inclusive (`500-599` will trigger with every code bet
!!! note ""
You can define either a status code as a number (`500`) or ranges by separating two codes with a dash (`500-599`).
You can define either a status code as a number (`500`),
as multiple comma-separated numbers (`500,502`),
as ranges by separating two codes with a dash (`500-599`),
or a combination of the two (`404,418,500-599`).
### `service`

168
docs/content/middlewares/forwardauth.md
View File

@@ -45,13 +45,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
```
```toml tab="File (TOML)"
# Forward authentication to example.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
```yaml tab="File (YAML)"
# Forward authentication to example.com
http:
@@ -61,6 +54,13 @@ http:
address: "https://example.com/auth"
```
```toml tab="File (TOML)"
# Forward authentication to example.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
## Forward-Request Headers
The following request properties are provided to the forward-auth target endpoint as `X-Forwarded-` headers.
@@ -91,7 +91,7 @@ metadata:
name: test-auth
spec:
forwardAuth:
address: https://example.com/auth
address: https://example.com/auth
```
```yaml tab="Consul Catalog"
@@ -109,12 +109,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -123,6 +117,12 @@ http:
address: "https://example.com/auth"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
### `trustForwardHeader`
Set the `trustForwardHeader` option to `true` to trust all `X-Forwarded-*` headers.
@@ -158,13 +158,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
trustForwardHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -174,6 +167,13 @@ http:
trustForwardHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
trustForwardHeader = true
```
### `authResponseHeaders`
The `authResponseHeaders` option is the list of headers to copy from the authentication server response and set on
@@ -212,13 +212,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeaders = ["X-Auth-User", "X-Secret"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -230,6 +223,13 @@ http:
- "X-Secret"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeaders = ["X-Auth-User", "X-Secret"]
```
### `authResponseHeadersRegex`
The `authResponseHeadersRegex` option is the regex to match headers to copy from the authentication server response and
@@ -268,13 +268,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeadersRegex = "^X-"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -284,6 +277,13 @@ http:
authResponseHeadersRegex: "^X-"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeadersRegex = "^X-"
```
### `authRequestHeaders`
The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server.
@@ -323,13 +323,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authRequestHeaders = "Accept,X-CustomHeader"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -341,6 +334,13 @@ http:
- "X-CustomHeader"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authRequestHeaders = "Accept,X-CustomHeader"
```
### `tls`
The `tls` option is the TLS configuration from Traefik to the authentication server.
@@ -391,14 +391,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -409,6 +401,14 @@ http:
ca: "path/to/local.crt"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
```
#### `tls.caOptional`
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server.
@@ -453,14 +453,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
caOptional = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -471,6 +463,14 @@ http:
caOptional: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
caOptional = true
```
#### `tls.cert`
The public certificate used for the secure connection to the authentication server.
@@ -522,15 +522,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -542,6 +533,15 @@ http:
key: "path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
!!! info
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@@ -597,15 +597,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -617,6 +608,15 @@ http:
key: "path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
!!! info
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@@ -657,14 +657,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -674,3 +666,11 @@ http:
tls:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```

80
docs/content/middlewares/headers.md
View File

@@ -50,15 +50,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "value"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -70,16 +61,25 @@ http:
X-Custom-Response-Header: "value"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "value"
```
### Adding and Removing Headers
In the following example, requests are proxied with an extra `X-Script-Name` header while their `X-Custom-Request-Header` header gets stripped,
and responses are stripped of their `X-Custom-Response-Header` header.
Please note that it is not possible to remove headers through the use of labels (Docker, Rancher, Marathon, ...) for now.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header="
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header="
```
```yaml tab="Kubernetes"
@@ -98,27 +98,23 @@ spec:
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header="
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header="
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header": "",
"traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "",
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header="
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header="
```
```yaml tab="File (YAML)"
@@ -133,6 +129,16 @@ http:
X-Custom-Response-Header: "" # Removes
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
```
### Using Security Headers
Security-related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be managed similarly to custom headers as shown above.
@@ -173,13 +179,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
frameDeny = true
sslRedirect = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -189,6 +188,13 @@ http:
sslRedirect: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
frameDeny = true
sslRedirect = true
```
### CORS Headers
CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
@@ -244,15 +250,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
accessControlMaxAge = 100
addVaryHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -269,6 +266,15 @@ http:
addVaryHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
accessControlMaxAge = 100
addVaryHeader = true
```
## Configuration Options
### General

84
docs/content/middlewares/inflightreq.md
View File

@@ -41,13 +41,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections
http:
@@ -57,6 +50,13 @@ http:
amount: 10
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
## Configuration Options
### `amount`
@@ -96,13 +96,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections
http:
@@ -112,6 +105,13 @@ http:
amount: 10
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
@@ -171,13 +171,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -188,6 +181,13 @@ http:
depth: 2
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
depth = 2
```
##### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
@@ -238,13 +238,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -257,6 +250,13 @@ http:
- "192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests.
@@ -292,13 +292,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -308,6 +301,13 @@ http:
requestHeaderName: username
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHeaderName = "username"
```
#### `sourceCriterion.requestHost`
Whether to consider the request host as the source.
@@ -343,13 +343,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -358,3 +351,10 @@ http:
sourceCriterion:
requestHost: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHost = true
```

48
docs/content/middlewares/ipwhitelist.md
View File

@@ -44,13 +44,6 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
# Accepts request from defined IP
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
# Accepts request from defined IP
http:
@@ -62,6 +55,13 @@ http:
- "192.168.1.7"
```
```toml tab="File (TOML)"
# Accepts request from defined IP
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
## Configuration Options
### `sourceRange`
@@ -131,15 +131,6 @@ labels:
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
http:
@@ -153,6 +144,15 @@ http:
depth: 2
```
```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
```
#### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
@@ -206,14 +206,6 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For`
http:
@@ -225,3 +217,11 @@ http:
- "127.0.0.1/32"
- "192.168.1.7"
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

40
docs/content/middlewares/overview.md
View File

@@ -91,26 +91,6 @@ labels:
- "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher"
```
```toml tab="File (TOML)"
# As TOML Configuration File
[http.routers]
[http.routers.router1]
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
```yaml tab="File (YAML)"
# As YAML Configuration File
http:
@@ -133,6 +113,26 @@ http:
- url: "http://127.0.0.1:80"
```
```toml tab="File (TOML)"
# As TOML Configuration File
[http.routers]
[http.routers.router1]
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
## Available Middlewares
| Middleware | Purpose | Area |

66
docs/content/middlewares/passtlsclientcert.md
View File

@@ -46,13 +46,6 @@ labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
```
```toml tab="File (TOML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
```yaml tab="File (YAML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
http:
@@ -62,6 +55,13 @@ http:
pem: true
```
```toml tab="File (TOML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header"
```yaml tab="Docker"
@@ -182,32 +182,6 @@ http:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
```
```toml tab="File (TOML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
```
```yaml tab="File (YAML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
http:
@@ -236,6 +210,32 @@ http:
domainComponent: true
```
```toml tab="File (TOML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
```
## Configuration Options
### General

161
docs/content/middlewares/ratelimit.md
View File

@@ -50,15 +50,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
```
```toml tab="File (TOML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
burst = 50
```
```yaml tab="File (YAML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
@@ -70,6 +61,15 @@ http:
burst: 50
```
```toml tab="File (TOML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
burst = 50
```
## Configuration Options
### `average`
@@ -114,13 +114,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
```
```toml tab="File (TOML)"
# 100 reqs/s
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
```yaml tab="File (YAML)"
# 100 reqs/s
http:
@@ -130,6 +123,13 @@ http:
average: 100
```
```toml tab="File (TOML)"
# 100 reqs/s
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
### `period`
`period`, in combination with `average`, defines the actual maximum rate, such as:
@@ -179,14 +179,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
```
```toml tab="File (TOML)"
# 6 reqs/minute
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 6
period = 1m
```
```yaml tab="File (YAML)"
# 6 reqs/minute
http:
@@ -197,6 +189,14 @@ http:
period: 1m
```
```toml tab="File (TOML)"
# 6 reqs/minute
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 6
period = "1m"
```
### `burst`
`burst` is the maximum number of requests allowed to go through in the same arbitrarily small period of time.
@@ -233,12 +233,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -247,6 +241,12 @@ http:
burst: 100
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
@@ -306,13 +306,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -323,21 +316,55 @@ http:
depth: 2
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
depth = 2
```
##### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
!!! important "Contrary to what the name might suggest, this option is _not_ about excluding an IP from the rate limiter, and therefore cannot be used to deactivate rate limiting for some IPs."
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
`excludedIPs` is meant to address two classes of somewhat distinct use-cases:
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
1. Distinguish IPs which are behind the same (set of) reverse-proxies so that each of them contributes, independently to the others,
to its own rate-limit "bucket" (cf the [leaky bucket analogy](https://wikipedia.org/wiki/Leaky_bucket)).
In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For IPs` that are to be excluded,
in order to find the actual clientIP.
!!! example "Each IP as a distinct source"
| X-Forwarded-For | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source,
and all contribute to the same rate-limit bucket.
!!! example "Group IPs together as same source"
| X-Forwarded-For | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.3,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
For completeness, below are additional examples to illustrate how the matching works.
For a given request the list of `X-Forwarded-For` IPs is checked from most recent to most distant against the `excludedIPs` pool,
and the first IP that is _not_ in the pool (if any) is returned.
!!! example "Matching for clientIP"
| X-Forwarded-For | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"11.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
```yaml tab="Docker"
labels:
@@ -373,13 +400,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -392,6 +412,13 @@ http:
- "192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests.
@@ -427,13 +454,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -443,6 +463,13 @@ http:
requestHeaderName: username
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
#### `sourceCriterion.requestHost`
Whether to consider the request host as the source.
@@ -478,13 +505,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -493,3 +513,10 @@ http:
sourceCriterion:
requestHost: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```

18
docs/content/middlewares/redirectregex.md
View File

@@ -53,14 +53,6 @@ labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
```
```toml tab="File (TOML)"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/${1}"
```
```yaml tab="File (YAML)"
# Redirect with domain replacement
http:
@@ -71,6 +63,14 @@ http:
replacement: "http://mydomain/${1}"
```
```toml tab="File (TOML)"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/${1}"
```
## Configuration Options
!!! tip
@@ -84,7 +84,7 @@ Set the `permanent` option to `true` to apply a permanent redirection.
### `regex`
The `regex` option is the regular expression to match and capture elements from the request URL.
### `replacement`
The `replacement` option defines how to modify the URL to have the new target URL.

62
docs/content/middlewares/redirectscheme.md
View File

@@ -51,14 +51,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
permanent = true
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@@ -69,6 +61,14 @@ http:
permanent: true
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
permanent = true
```
## Configuration Options
### `permanent`
@@ -115,14 +115,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
permanent = true
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@@ -133,6 +125,14 @@ http:
permanent: true
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
permanent = true
```
### `scheme`
The `scheme` option defines the scheme of the new URL.
@@ -172,13 +172,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@@ -188,6 +181,13 @@ http:
scheme: https
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```
### `port`
The `port` option defines the port of the new URL.
@@ -232,14 +232,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
port = 443
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@@ -250,4 +242,12 @@ http:
port: "443"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
port = 443
```
!!! info "Port in this configuration is a string, not a numeric value."

14
docs/content/middlewares/replacepath.md
View File

@@ -45,13 +45,6 @@ labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
```
```toml tab="File (TOML)"
# Replace the path with /foo
[http.middlewares]
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
```yaml tab="File (YAML)"
# Replace the path with /foo
http:
@@ -61,6 +54,13 @@ http:
path: "/foo"
```
```toml tab="File (TOML)"
# Replace the path with /foo
[http.middlewares]
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
## Configuration Options
### General

18
docs/content/middlewares/replacepathregex.md
View File

@@ -50,14 +50,6 @@ labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
```
```toml tab="File (TOML)"
# Replace path with regex
[http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex]
regex = "^/foo/(.*)"
replacement = "/bar/$1"
```
```yaml tab="File (YAML)"
# Replace path with regex
http:
@@ -68,6 +60,14 @@ http:
replacement: "/bar/$1"
```
```toml tab="File (TOML)"
# Replace path with regex
[http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex]
regex = "^/foo/(.*)"
replacement = "/bar/$1"
```
## Configuration Options
### General
@@ -84,7 +84,7 @@ The ReplacePathRegex middleware will:
### `regex`
The `regex` option is the regular expression to match and capture the path from the request URL.
### `replacement`
The `replacement` option defines the replacement path format, which can include captured variables.

16
docs/content/middlewares/retry.md
View File

@@ -52,14 +52,6 @@ labels:
- "traefik.http.middlewares.test-retry.retry.initialinterval=100ms"
```
```toml tab="File (TOML)"
# Retry 4 times with exponential backoff
[http.middlewares]
[http.middlewares.test-retry.retry]
attempts = 4
initialInterval = "100ms"
```
```yaml tab="File (YAML)"
# Retry 4 times with exponential backoff
http:
@@ -70,6 +62,14 @@ http:
initialInterval: 100ms
```
```toml tab="File (TOML)"
# Retry 4 times with exponential backoff
[http.middlewares]
[http.middlewares.test-retry.retry]
attempts = 4
initialInterval = "100ms"
```
## Configuration Options
### `attempts`

28
docs/content/middlewares/stripprefix.md
View File

@@ -47,13 +47,6 @@ labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
```
```toml tab="File (TOML)"
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
```yaml tab="File (YAML)"
# Strip prefix /foobar and /fiibar
http:
@@ -65,6 +58,13 @@ http:
- "/fiibar"
```
```toml tab="File (TOML)"
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
## Configuration Options
### General
@@ -149,13 +149,6 @@ labels:
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -165,3 +158,10 @@ http:
- "/foobar"
forceSlash: false
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```

12
docs/content/middlewares/stripprefixregex.md
View File

@@ -38,12 +38,6 @@ labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = ["/foo/[a-z0-9]+/[0-9]+/"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -53,6 +47,12 @@ http:
- "/foo/[a-z0-9]+/[0-9]+/"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = ["/foo/[a-z0-9]+/[0-9]+/"]
```
## Configuration Options
### General

516
docs/content/migration/v1-to-v2.md
View File

@@ -68,27 +68,27 @@ Then any router can refer to an instance of the wanted middleware.
[frontends.frontend1]
entryPoints = ["http"]
backend = "backend1"
[frontends.frontend1.routes]
[frontends.frontend1.routes.route0]
rule = "Host:test.localhost"
[frontends.frontend1.routes.route0]
rule = "PathPrefix:/test"
[frontends.frontend1.auth]
[frontends.frontend1.auth.basic]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
[backends]
[backends.backend1]
[backends.backend1.servers.server0]
url = "http://10.10.10.1:80"
[backends.backend1.servers.server1]
url = "http://10.10.10.2:80"
[backends.backend1.loadBalancer]
method = "wrr"
```
@@ -110,19 +110,19 @@ Then any router can refer to an instance of the wanted middleware.
metadata:
name: basicauth
namespace: foo
spec:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- http
@@ -139,27 +139,6 @@ Then any router can refer to an instance of the wanted middleware.
namespace: foo
```
```toml tab="File (TOML)"
[http.routers]
[http.routers.router0]
rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
middlewares = ["auth"]
service = "my-service"
[http.services]
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.1:80"
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.2:80"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
http:
routers:
@@ -168,14 +147,14 @@ Then any router can refer to an instance of the wanted middleware.
service: my-service
middlewares:
- auth
services:
my-service:
loadBalancer:
servers:
- url: http://10.10.10.1:80
- url: http://10.10.10.2:80
middlewares:
auth:
basicAuth:
@@ -184,6 +163,27 @@ Then any router can refer to an instance of the wanted middleware.
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
[http.routers]
[http.routers.router0]
rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
middlewares = ["auth"]
service = "my-service"
[http.services]
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.1:80"
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.2:80"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
## TLS Configuration is Now Dynamic, per Router.
TLS parameters used to be specified in the static configuration, as an entryPoint field.
@@ -193,13 +193,13 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
!!! example "TLS on websecure entryPoint becomes TLS option on Router-1"
!!! info "v1"
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.tls]
minVersion = "VersionTLS12"
cipherSuites = [
@@ -221,33 +221,6 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
!!! info "v2"
```toml tab="File (TOML)"
# dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`example.com`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
options = "myTLSOptions"
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[tls.options]
[tls.options.myTLSOptions]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
```
```yaml tab="File (YAML)"
http:
routers:
@@ -257,7 +230,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
# will terminate the TLS request
tls:
options: myTLSOptions
tls:
certificates:
- certFile: /path/to/domain.cert
@@ -273,6 +246,33 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```toml tab="File (TOML)"
# dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`example.com`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
options = "myTLSOptions"
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[tls.options]
[tls.options.myTLSOptions]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
```
```yaml tab="K8s IngressRoute"
# The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://doc.traefik.io/traefik/v2.3/reference/dynamic-configuration/kubernetes-crd/#definitions
@@ -281,7 +281,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
metadata:
name: mytlsoption
namespace: default
spec:
minVersion: VersionTLS12
cipherSuites:
@@ -290,13 +290,13 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- web
@@ -322,7 +322,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
## HTTP to HTTPS Redirection is Now Configured on Routers
Previously on Traefik v1, the redirection was applied on an entry point or on a frontend.
With Traefik v2 it is applied on an entry point or a [Router](../routing/routers/index.md).
With Traefik v2 it is applied on an entry point or a [Router](../routing/routers/index.md).
To apply a redirection:
@@ -332,11 +332,11 @@ To apply a redirection:
!!! example "Global HTTP to HTTPS redirection"
!!! info "v1"
```toml tab="File (TOML)"
# static configuration
defaultEntryPoints = ["web", "websecure"]
[entryPoints]
[entryPoints.web]
address = ":80"
@@ -354,35 +354,11 @@ To apply a redirection:
```
!!! info "v2"
```bash tab="CLI"
## static configuration
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--providers.docker=true
```
```toml tab="File (TOML)"
# traefik.toml
## static configuration
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)"
# traefik.yaml
# traefik.yml
## static configuration
entryPoints:
web:
address: ":80"
@@ -391,15 +367,39 @@ To apply a redirection:
entrypoint:
to: websecure
scheme: https
websecure:
address: ":443"
```
```toml tab="File (TOML)"
# traefik.toml
## static configuration
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```bash tab="CLI"
## static configuration
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--providers.docker=true
```
!!! example "HTTP to HTTPS redirection per domain"
!!! info "v1"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
@@ -408,9 +408,9 @@ To apply a redirection:
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.tls]
[file]
[frontends]
[frontends.frontend1]
entryPoints = ["web", "websecure"]
@@ -428,11 +428,11 @@ To apply a redirection:
traefik.http.routers.app.rule: Host(`example.net`)
traefik.http.routers.app.entrypoints: web
traefik.http.routers.app.middlewares: https_redirect
traefik.http.routers.appsecured.rule: Host(`example.net`)
traefik.http.routers.appsecured.entrypoints: websecure
traefik.http.routers.appsecured.tls: true
traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
```
@@ -442,7 +442,7 @@ To apply a redirection:
kind: IngressRoute
metadata:
name: http-redirect-ingressRoute
spec:
entryPoints:
- web
@@ -454,13 +454,13 @@ To apply a redirection:
port: 80
middlewares:
- name: https-redirect
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: https-ingressRoute
spec:
entryPoints:
- websecure
@@ -471,7 +471,7 @@ To apply a redirection:
- name: whoami
port: 80
tls: {}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
@@ -483,33 +483,10 @@ To apply a redirection:
permanent: true
```
```toml tab="File (TOML)"
## dynamic configuration
# dynamic-conf.toml
[http.routers]
[http.routers.router0]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["web"]
middlewares = ["https_redirect"]
[http.routers.router1]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["websecure"]
[http.routers.router1.tls]
[http.middlewares]
[http.middlewares.https_redirect.redirectScheme]
scheme = "https"
permanent = true
```
```yaml tab="File (YAML)"
## dynamic configuration
# dynamic-conf.yml
http:
routers:
router0:
@@ -519,14 +496,14 @@ To apply a redirection:
middlewares:
- https_redirect
service: my-service
router1:
rule: "Host(`example.net`)"
entryPoints:
- websecure
service: my-service
tls: {}
middlewares:
https-redirect:
redirectScheme:
@@ -534,6 +511,29 @@ To apply a redirection:
permanent: true
```
```toml tab="File (TOML)"
## dynamic configuration
# dynamic-conf.toml
[http.routers]
[http.routers.router0]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["web"]
middlewares = ["https_redirect"]
[http.routers.router1]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["websecure"]
[http.routers.router1.tls]
[http.middlewares]
[http.middlewares.https_redirect.redirectScheme]
scheme = "https"
permanent = true
```
## Strip and Rewrite Path Prefixes
With the new core notions of v2 (introduced earlier in the section
@@ -619,23 +619,6 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
- /admin
```
```toml tab="File (TOML)"
## Dynamic configuration
# dynamic-conf.toml
[http.routers.router1]
rule = "Host(`example.org`) && PathPrefix(`/admin`)"
service = "admin-svc"
entrypoints = ["web"]
middlewares = ["admin-stripprefix"]
[http.middlewares]
[http.middlewares.admin-stripprefix.stripPrefix]
prefixes = ["/admin"]
# ...
```
```yaml tab="File (YAML)"
## Dynamic Configuration
# dynamic-conf.yml
@@ -652,12 +635,29 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
middlewares:
admin-stripprefix:
stripPrefix:
prefixes:
prefixes:
- "/admin"
# ...
```
```toml tab="File (TOML)"
## Dynamic configuration
# dynamic-conf.toml
[http.routers.router1]
rule = "Host(`example.org`) && PathPrefix(`/admin`)"
service = "admin-svc"
entrypoints = ["web"]
middlewares = ["admin-stripprefix"]
[http.middlewares]
[http.middlewares.admin-stripprefix.stripPrefix]
prefixes = ["/admin"]
# ...
```
??? question "What About Other Path Transformations?"
Instead of removing the path prefix with the [`stripprefix` middleware](../../middlewares/stripprefix/), you can also:
@@ -674,11 +674,11 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
!!! example "ACME from provider to a specific Certificate Resolver"
!!! info "v1"
```toml tab="File (TOML)"
# static configuration
defaultEntryPoints = ["websecure","web"]
[entryPoints.web]
address = ":80"
[entryPoints.web.redirect]
@@ -686,7 +686,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.tls]
[acme]
email = "your-email-here@example.com"
storage = "acme.json"
@@ -708,34 +708,17 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "myresolver"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
http:
tls:
certResolver: myresolver
certificatesResolvers:
myresolver:
acme:
@@ -744,6 +727,23 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
tlsChallenge: {}
```
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "myresolver"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
@@ -764,7 +764,7 @@ There is no more log configuration at the root level.
```toml tab="File (TOML)"
# static configuration
logLevel = "DEBUG"
[traefikLog]
filePath = "/path/to/traefik.log"
format = "json"
@@ -778,14 +778,6 @@ There is no more log configuration at the root level.
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[log]
level = "DEBUG"
filePath = "/path/to/log-file.log"
format = "json"
```
```yaml tab="File (YAML)"
# static configuration
log:
@@ -794,6 +786,14 @@ There is no more log configuration at the root level.
format: json
```
```toml tab="File (TOML)"
# static configuration
[log]
level = "DEBUG"
filePath = "/path/to/log-file.log"
format = "json"
```
```bash tab="CLI"
--log.level=DEBUG
--log.filePath=/path/to/traefik.log
@@ -838,17 +838,6 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[tracing]
servicename = "tracing"
[tracing.jaeger]
samplingParam = 1.0
samplingServerURL = "http://12.0.0.1:5778/sampling"
samplingType = "const"
localAgentHostPort = "12.0.0.1:6831"
```
```yaml tab="File (YAML)"
# static configuration
tracing:
@@ -860,6 +849,17 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is
localAgentHostPort: '12.0.0.1:6831'
```
```toml tab="File (TOML)"
# static configuration
[tracing]
servicename = "tracing"
[tracing.jaeger]
samplingParam = 1.0
samplingServerURL = "http://12.0.0.1:5778/sampling"
samplingType = "const"
localAgentHostPort = "12.0.0.1:6831"
```
```bash tab="CLI"
--tracing.servicename=tracing
--tracing.jaeger.localagenthostport=12.0.0.1:6831
@@ -891,13 +891,6 @@ For a basic configuration, the [metrics configuration](../observability/metrics/
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
entryPoint = "metrics"
```
```yaml tab="File (YAML)"
# static configuration
metrics:
@@ -910,6 +903,13 @@ For a basic configuration, the [metrics configuration](../observability/metrics/
entryPoint: metrics
```
```toml tab="File (TOML)"
# static configuration
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
entryPoint = "metrics"
```
```bash tab="CLI"
--metrics.prometheus.buckets=[0.1,0.3,1.2,5.0]
--metrics.prometheus.entrypoint=metrics
@@ -955,43 +955,43 @@ Each root item has been moved to a related section or removed.
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[global]
checkNewVersion = true
sendAnonymousUsage = true
[log]
level = "DEBUG"
[serversTransport]
insecureSkipVerify = true
rootCAs = [ "/mycert.cert" ]
maxIdleConnsPerHost = 42
[providers]
providersThrottleDuration = 42
```
```yaml tab="File (YAML)"
# static configuration
global:
checkNewVersion: true
sendAnonymousUsage: true
log:
level: DEBUG
serversTransport:
insecureSkipVerify: true
rootCAs:
- /mycert.cert
maxIdleConnsPerHost: 42
providers:
providersThrottleDuration: 42
```
```toml tab="File (TOML)"
# static configuration
[global]
checkNewVersion = true
sendAnonymousUsage = true
[log]
level = "DEBUG"
[serversTransport]
insecureSkipVerify = true
rootCAs = [ "/mycert.cert" ]
maxIdleConnsPerHost = 42
[providers]
providersThrottleDuration = 42
```
```bash tab="CLI"
--global.checknewversion=true
--global.sendanonymoususage=true
@@ -1018,7 +1018,7 @@ To activate the dashboard, you can either:
```toml tab="File (TOML)"
## static configuration
# traefik.toml
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.tls]
@@ -1027,7 +1027,7 @@ To activate the dashboard, you can either:
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
]
[api]
entryPoint = "websecure"
```
@@ -1050,55 +1050,25 @@ To activate the dashboard, you can either:
- "traefik.http.middlewares.myAuth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
```
```toml tab="File (TOML)"
## static configuration
# traefik.toml
[entryPoints.websecure]
address = ":443"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
##---------------------##
## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.toml
[http.routers.api]
rule = "Host(`traefik.docker.localhost`)"
entrypoints = ["websecure"]
service = "api@internal"
middlewares = ["myAuth"]
[http.routers.api.tls]
[http.middlewares.myAuth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
]
```
```yaml tab="File (YAML)"
## static configuration
# traefik.yaml
# traefik.yml
entryPoints:
websecure:
address: ':443'
api: {}
providers:
file:
directory: /path/to/dynamic/config
##---------------------##
## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.yaml
# /path/to/dynamic/config/dynamic-conf.yml
http:
routers:
api:
@@ -1109,7 +1079,7 @@ To activate the dashboard, you can either:
middlewares:
- myAuth
tls: {}
middlewares:
myAuth:
basicAuth:
@@ -1117,6 +1087,36 @@ To activate the dashboard, you can either:
- 'test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'
```
```toml tab="File (TOML)"
## static configuration
# traefik.toml
[entryPoints.websecure]
address = ":443"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
##---------------------##
## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.toml
[http.routers.api]
rule = "Host(`traefik.docker.localhost`)"
entrypoints = ["websecure"]
service = "api@internal"
middlewares = ["myAuth"]
[http.routers.api.tls]
[http.middlewares.myAuth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
]
```
## Providers
Supported [providers](../providers/overview.md), for now:

32
docs/content/migration/v2.md
View File

@@ -8,7 +8,7 @@ In v2.1, a new Kubernetes CRD called `TraefikService` was added.
While updating an installation to v2.1,
one should apply that CRD, and update the existing `ClusterRole` definition to allow Traefik to use that CRD.
To add that CRD and enhance the permissions, following definitions need to be applied to the cluster.
To add that CRD and enhance the permissions, the following definitions need to be applied to the cluster.
```yaml tab="TraefikService"
apiVersion: apiextensions.k8s.io/v1beta1
@@ -87,7 +87,7 @@ In v2.2, new Kubernetes CRDs called `TLSStore` and `IngressRouteUDP` were added.
While updating an installation to v2.2,
one should apply that CRDs, and update the existing `ClusterRole` definition to allow Traefik to use that CRDs.
To add that CRDs and enhance the permissions, following definitions need to be applied to the cluster.
To add that CRDs and enhance the permissions, the following definitions need to be applied to the cluster.
```yaml tab="TLSStore"
apiVersion: apiextensions.k8s.io/v1beta1
@@ -336,3 +336,31 @@ The file parser has been changed, since v2.3 the unknown options/fields in a dyn
In `v2.3`, the support of `IngressClass`, which is available since Kubernetes version `1.18`, has been introduced.
In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated.
## v2.3 to v2.4
### ServersTransport
In `v2.4.0`, the support of `ServersTransport` has been introduced.
It is therefore necessary to update [RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-crd.md) definitions.
## v2.4.7 to v2.4.8
### Non-ASCII Domain Names
In `v2.4.8`, we introduced a new check on domain names used in HTTP router rule `Host` and `HostRegexp` expressions,
and in TCP router rule `HostSNI` expression.
This check ensures that provided domain names don't contain non-ASCII characters.
If not, an error is raised, and the associated router will be shown as invalid in the dashboard.
This new behavior is intended to show what was failing silently previously and to help troubleshooting configuration issues.
It doesn't change the support for non-ASCII domain names in routers rules, which is not part of the Traefik feature set so far.
In order to use non-ASCII domain names in a router's rule, one should use the Punycode form of the domain name.
For more information, please read the [HTTP routers rule](../routing/routers/index.md#rule) part or [TCP router rules](../routing/routers/index.md#rule_1) part of the documentation.
## v2.4.8 to v2.4.9
### Tracing Span
In `v2.4.9`, we changed span error to log only server errors (>= 500).

106
docs/content/observability/access-logs.md
View File

@@ -5,18 +5,18 @@ Who Calls Whom?
By default, logs are written to stdout, in text format.
## Configuration
## Configuration
To enable the access logs:
```toml tab="File (TOML)"
[accessLog]
```
```yaml tab="File (YAML)"
accessLog: {}
```
```toml tab="File (TOML)"
[accessLog]
```
```bash tab="CLI"
--accesslog=true
```
@@ -26,28 +26,28 @@ accessLog: {}
By default access logs are written to the standard output.
To write the logs into a log file, use the `filePath` option.
```toml tab="File (TOML)"
[accessLog]
filePath = "/path/to/access.log"
```
```yaml tab="File (YAML)"
accessLog:
filePath: "/path/to/access.log"
```
```toml tab="File (TOML)"
[accessLog]
filePath = "/path/to/access.log"
```
```bash tab="CLI"
--accesslog.filepath=/path/to/access.log
```
### `format`
By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option.
If the given format is unsupported, the default (CLF) is used instead.
!!! info "Common Log Format"
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
```
@@ -58,13 +58,6 @@ To write the logs in an asynchronous fashion, specify a `bufferingSize` option.
This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.
In some cases, this option can greatly help performances.
```toml tab="File (TOML)"
# Configuring a buffer of 100 lines
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```yaml tab="File (YAML)"
# Configuring a buffer of 100 lines
accessLog:
@@ -72,6 +65,13 @@ accessLog:
bufferingSize: 100
```
```toml tab="File (TOML)"
# Configuring a buffer of 100 lines
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```bash tab="CLI"
# Configuring a buffer of 100 lines
--accesslog.filepath=/path/to/access.log
@@ -80,40 +80,40 @@ accessLog:
### Filtering
To filter logs, you can specify a set of filters which are logically "OR-connected".
To filter logs, you can specify a set of filters which are logically "OR-connected".
Thus, specifying multiple filters will keep more access logs than specifying only one.
The available filters are:
The available filters are:
- `statusCodes`, to limit the access logs to requests with a status codes in the specified range
- `retryAttempts`, to keep the access logs when at least one retry has happened
- `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration))
```yaml tab="File (YAML)"
# Configuring Multiple Filters
accessLog:
filePath: "/path/to/access.log"
format: json
filters:
statusCodes:
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"
```
```toml tab="File (TOML)"
# Configuring Multiple Filters
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.filters]
[accessLog.filters]
statusCodes = ["200", "300-302"]
retryAttempts = true
minDuration = "10ms"
```
```yaml tab="File (YAML)"
# Configuring Multiple Filters
accessLog:
filePath: "/path/to/access.log"
format: json
filters:
statusCodes:
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"
```
```bash tab="CLI"
# Configuring Multiple Filters
--accesslog.filepath=/path/to/access.log
@@ -135,27 +135,9 @@ Each field can be set to:
The `defaultMode` for `fields.headers` is `drop`.
```toml tab="File (TOML)"
# Limiting the Logs to Specific Fields
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
```yaml tab="File (YAML)"
# Limiting the Logs to Specific Fields
accessLog:
@@ -173,6 +155,24 @@ accessLog:
Content-Type: keep
```
```toml tab="File (TOML)"
# Limiting the Logs to Specific Fields
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
```bash tab="CLI"
# Limiting the Logs to Specific Fields
--accesslog.filepath=/path/to/access.log

40
docs/content/observability/logs.md
View File

@@ -16,18 +16,18 @@ Traefik logs concern everything that happens to Traefik itself (startup, configu
By default, the logs are written to the standard output.
You can configure a file path instead using the `filePath` option.
```toml tab="File (TOML)"
# Writing Logs to a File
[log]
filePath = "/path/to/traefik.log"
```
```yaml tab="File (YAML)"
# Writing Logs to a File
log:
filePath: "/path/to/traefik.log"
```
```toml tab="File (TOML)"
# Writing Logs to a File
[log]
filePath = "/path/to/traefik.log"
```
```bash tab="CLI"
# Writing Logs to a File
--log.filePath=/path/to/traefik.log
@@ -35,14 +35,7 @@ log:
#### `format`
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
```toml tab="File (TOML)"
# Writing Logs to a File, in JSON
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
```yaml tab="File (YAML)"
# Writing Logs to a File, in JSON
@@ -51,6 +44,13 @@ log:
format: json
```
```toml tab="File (TOML)"
# Writing Logs to a File, in JSON
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
```bash tab="CLI"
# Writing Logs to a File, in JSON
--log.filePath=/path/to/traefik.log
@@ -59,18 +59,18 @@ log:
#### `level`
By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
```toml tab="File (TOML)"
[log]
level = "DEBUG"
```
By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
```yaml tab="File (YAML)"
log:
level: DEBUG
```
```toml tab="File (TOML)"
[log]
level = "DEBUG"
```
```bash tab="CLI"
--log.level=DEBUG
```

58
docs/content/observability/metrics/datadog.md
View File

@@ -2,16 +2,16 @@
To enable the Datadog:
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
```
```yaml tab="File (YAML)"
metrics:
datadog: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
```
```bash tab="CLI"
--metrics.datadog=true
```
@@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8125"_
Address instructs exporter to send metrics to datadog-agent at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
address = "127.0.0.1:8125"
```
```yaml tab="File (YAML)"
metrics:
datadog:
address: 127.0.0.1:8125
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
address = "127.0.0.1:8125"
```
```bash tab="CLI"
--metrics.datadog.address=127.0.0.1:8125
```
@@ -44,18 +44,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
datadog:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.datadog.addEntryPointsLabels=true
```
@@ -66,18 +66,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
datadog:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.datadog.addServicesLabels=true
```
@@ -88,18 +88,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to datadog-agent.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
datadog:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
pushInterval = 10s
```
```bash tab="CLI"
--metrics.datadog.pushInterval=10s
```

118
docs/content/observability/metrics/influxdb.md
View File

@@ -2,16 +2,16 @@
To enable the InfluxDB:
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
```
```yaml tab="File (YAML)"
metrics:
influxDB: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
```
```bash tab="CLI"
--metrics.influxdb=true
```
@@ -22,18 +22,18 @@ _Required, Default="localhost:8089"_
Address instructs exporter to send metrics to influxdb at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
address = "localhost:8089"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
address: localhost:8089
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
address = "localhost:8089"
```
```bash tab="CLI"
--metrics.influxdb.address=localhost:8089
```
@@ -44,18 +44,18 @@ _Required, Default="udp"_
InfluxDB's address protocol (udp or http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
protocol = "udp"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
protocol: udp
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
protocol = "udp"
```
```bash tab="CLI"
--metrics.influxdb.protocol=udp
```
@@ -66,18 +66,18 @@ _Optional, Default=""_
InfluxDB database used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
database = "db"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
database: "db"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
database = "db"
```
```bash tab="CLI"
--metrics.influxdb.database=db
```
@@ -88,18 +88,18 @@ _Optional, Default=""_
InfluxDB retention policy used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
retentionPolicy = "two_hours"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
retentionPolicy: "two_hours"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
retentionPolicy = "two_hours"
```
```bash tab="CLI"
--metrics.influxdb.retentionPolicy=two_hours
```
@@ -110,18 +110,18 @@ _Optional, Default=""_
InfluxDB username (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
username = "john"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
username: "john"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
username = "john"
```
```bash tab="CLI"
--metrics.influxdb.username=john
```
@@ -132,18 +132,18 @@ _Optional, Default=""_
InfluxDB password (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
password = "secret"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
password: "secret"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
password = "secret"
```
```bash tab="CLI"
--metrics.influxdb.password=secret
```
@@ -154,18 +154,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
influxDB:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.influxdb.addEntryPointsLabels=true
```
@@ -176,18 +176,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
influxDB:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.influxdb.addServicesLabels=true
```
@@ -198,18 +198,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to influxdb.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
influxDB:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
pushInterval = 10s
```
```bash tab="CLI"
--metrics.influxdb.pushInterval=10s
```

313
docs/content/observability/metrics/overview.md
View File

@@ -1,6 +1,4 @@
# Metrics
Metrics system
{: .subtitle }
Traefik supports 4 metrics backends:
@@ -13,14 +11,317 @@ Traefik supports 4 metrics backends:
To enable metrics:
```toml tab="File (TOML)"
[metrics]
```
```yaml tab="File (YAML)"
metrics: {}
```
```toml tab="File (TOML)"
[metrics]
```
```bash tab="CLI"
--metrics=true
```
## Server Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------------------|---------|----------|------------|--------|
| [Configuration reloads](#configuration-reloads) | ✓ | ✓ | ✓ | ✓ |
| [Configuration reload failures](#configuration-reload-failures) | ✓ | ✓ | ✓ | ✓ |
| [Last Configuration Reload Success](#last-configuration-reload-success) | ✓ | ✓ | ✓ | ✓ |
| [Last Configuration Reload Failure](#last-configuration-reload-failure) | ✓ | ✓ | ✓ | ✓ |
### Configuration Reloads
The total count of configuration reloads.
```dd tab="Datadog"
config.reload.total
```
```influxdb tab="InfluDB"
traefik.config.reload.total
```
```prom tab="Prometheus"
traefik_config_reloads_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.config.reload.total
```
### Configuration Reload Failures
The total count of configuration reload failures.
```dd tab="Datadog"
config.reload.total (with tag "failure" to true)
```
```influxdb tab="InfluDB"
traefik.config.reload.total.failure
```
```prom tab="Prometheus"
traefik_config_reloads_failure_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.config.reload.total.failure
```
### Last Configuration Reload Success
The timestamp of the last configuration reload success.
```dd tab="Datadog"
config.reload.lastSuccessTimestamp
```
```influxdb tab="InfluDB"
traefik.config.reload.lastSuccessTimestamp
```
```prom tab="Prometheus"
traefik_config_last_reload_success
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.config.reload.lastSuccessTimestamp
```
### Last Configuration Reload Failure
The timestamp of the last configuration reload failure.
```dd tab="Datadog"
config.reload.lastFailureTimestamp
```
```influxdb tab="InfluDB"
traefik.config.reload.lastFailureTimestamp
```
```prom tab="Prometheus"
traefik_config_last_reload_failure
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.config.reload.lastFailureTimestamp
```
## EntryPoint Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-----------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count) | | | ✓ | |
| [Request Duration Histogram](#request-duration-histogram) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
The total count of HTTP requests processed on an entrypoint.
Available labels: `code`, `method`, `protocol`, `entrypoint`.
```dd tab="Datadog"
entrypoint.request.total
```
```influxdb tab="InfluDB"
traefik.entrypoint.requests.total
```
```prom tab="Prometheus"
traefik_entrypoint_requests_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.entrypoint.request.total
```
### HTTPS Requests Count
The total count of HTTPS requests processed on an entrypoint.
Available labels: `tls_version`, `tls_cipher`, `entrypoint`.
```prom tab="Prometheus"
traefik_entrypoint_requests_tls_total
```
### Request Duration Histogram
Request process time duration histogram on an entrypoint.
Available labels: `code`, `method`, `protocol`, `entrypoint`.
```dd tab="Datadog"
entrypoint.request.duration
```
```influxdb tab="InfluDB"
traefik.entrypoint.request.duration
```
```prom tab="Prometheus"
traefik_entrypoint_request_duration_seconds
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.entrypoint.request.duration
```
### Open Connections Count
The current count of open connections on an entrypoint.
Available labels: `method`, `protocol`, `entrypoint`.
```dd tab="Datadog"
entrypoint.connections.open
```
```influxdb tab="InfluDB"
traefik.entrypoint.connections.open
```
```prom tab="Prometheus"
traefik_entrypoint_open_connections
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.entrypoint.connections.open
```
## Service Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count_1) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count_1) | | | ✓ | |
| [Request Duration Histogram](#request-duration-histogram_1) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count_1) | ✓ | ✓ | ✓ | ✓ |
| [Requests Retries Count](#requests-retries-count) | ✓ | ✓ | ✓ | ✓ |
| [Service Server UP](#service-server-up) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
The total count of HTTP requests processed on a service.
Available labels: `code`, `method`, `protocol`, `service`.
```dd tab="Datadog"
service.request.total
```
```influxdb tab="InfluDB"
traefik.service.requests.total
```
```prom tab="Prometheus"
traefik_service_requests_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.service.request.total
```
### HTTPS Requests Count
The total count of HTTPS requests processed on a service.
Available labels: `tls_version`, `tls_cipher`, `service`.
```prom tab="Prometheus"
traefik_service_requests_tls_total
```
### Request Duration Histogram
Request process time duration histogram on a service.
Available labels: `code`, `method`, `protocol`, `service`.
```dd tab="Datadog"
service.request.duration
```
```influxdb tab="InfluDB"
traefik.service.request.duration
```
```prom tab="Prometheus"
traefik_service_request_duration_seconds
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.service.request.duration
```
### Open Connections Count
The current count of open connections on a service.
Available labels: `method`, `protocol`, `service`.
```dd tab="Datadog"
service.connections.open
```
```influxdb tab="InfluDB"
traefik.service.connections.open
```
```prom tab="Prometheus"
traefik_service_open_connections
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.service.connections.open
```
### Requests Retries Count
The count of requests retries on a service.
Available labels: `service`.
```dd tab="Datadog"
service.retries.total
```
```influxdb tab="InfluDB"
traefik.service.retries.total
```
```prom tab="Prometheus"
traefik_service_retries_total
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.service.retries.total
```
### Service Server UP
Current service's server status, described by a gauge with a value of 0 for a down server or a value of 1 for an up server.
Available labels: `service`, `url`.
```dd tab="Datadog"
service.server.up
```
```influxdb tab="InfluDB"
traefik.service.server.up
```
```prom tab="Prometheus"
traefik_service_server_up
```
```statsd tab="StatsD"
# Default prefix: "traefik"
{prefix}.service.server.up
```

78
docs/content/observability/metrics/prometheus.md
View File

@@ -2,16 +2,16 @@
To enable the Prometheus:
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
```
```yaml tab="File (YAML)"
metrics:
prometheus: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
```
```bash tab="CLI"
--metrics.prometheus=true
```
@@ -22,12 +22,6 @@ _Optional, Default="0.100000, 0.300000, 1.200000, 5.000000"_
Buckets for latency metrics.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
```
```yaml tab="File (YAML)"
metrics:
prometheus:
@@ -38,6 +32,12 @@ metrics:
- 5.0
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
```
```bash tab="CLI"
--metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000
```
@@ -48,18 +48,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.prometheus.addEntryPointsLabels=true
```
@@ -70,18 +70,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.prometheus.addServicesLabels=true
```
@@ -92,16 +92,6 @@ _Optional, Default=traefik_
Entry point used to expose metrics.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.metrics]
address = ":8082"
[metrics]
[metrics.prometheus]
entryPoint = "metrics"
```
```yaml tab="File (YAML)"
entryPoints:
metrics:
@@ -112,6 +102,16 @@ metrics:
entryPoint: metrics
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.metrics]
address = ":8082"
[metrics]
[metrics.prometheus]
entryPoint = "metrics"
```
```bash tab="CLI"
--entryPoints.metrics.address=:8082
--metrics.prometheus.entryPoint=metrics
@@ -123,18 +123,18 @@ _Optional, Default=false_
If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `prometheus@internal` service.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
manualRouting = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
manualRouting: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
manualRouting = true
```
```bash tab="CLI"
--metrics.prometheus.manualrouting=true
```

72
docs/content/observability/metrics/statsd.md
View File

@@ -2,16 +2,16 @@
To enable the Statsd:
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
```
```yaml tab="File (YAML)"
metrics:
statsD: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
```
```bash tab="CLI"
--metrics.statsd=true
```
@@ -22,18 +22,18 @@ _Required, Default="localhost:8125"_
Address instructs exporter to send metrics to statsd at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
address = "localhost:8125"
```
```yaml tab="File (YAML)"
metrics:
statsD:
address: localhost:8125
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
address = "localhost:8125"
```
```bash tab="CLI"
--metrics.statsd.address=localhost:8125
```
@@ -44,18 +44,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
statsD:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.statsd.addEntryPointsLabels=true
```
@@ -66,18 +66,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
statsD:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.statsd.addServicesLabels=true
```
@@ -88,18 +88,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to statsD.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
statsD:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
pushInterval = 10s
```
```bash tab="CLI"
--metrics.statsd.pushInterval=10s
```
@@ -110,18 +110,18 @@ _Optional, Default="traefik"_
The prefix to use for metrics collection.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
prefix = "traefik"
```
```yaml tab="File (YAML)"
metrics:
statsD:
prefix: traefik
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
prefix = "traefik"
```
```bash tab="CLI"
--metrics.statsd.prefix="traefik"
```
```

58
docs/content/observability/tracing/datadog.md
View File

@@ -2,16 +2,16 @@
To enable the Datadog:
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
```
```yaml tab="File (YAML)"
tracing:
datadog: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
```
```bash tab="CLI"
--tracing.datadog=true
```
@@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8126"_
Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
localAgentHostPort = "127.0.0.1:8126"
```
```yaml tab="File (YAML)"
tracing:
datadog:
localAgentHostPort: 127.0.0.1:8126
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
localAgentHostPort = "127.0.0.1:8126"
```
```bash tab="CLI"
--tracing.datadog.localAgentHostPort=127.0.0.1:8126
```
@@ -44,18 +44,18 @@ _Optional, Default=false_
Enable Datadog debug.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
debug = true
```
```yaml tab="File (YAML)"
tracing:
datadog:
debug: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
debug = true
```
```bash tab="CLI"
--tracing.datadog.debug=true
```
@@ -66,18 +66,18 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```yaml tab="File (YAML)"
tracing:
datadog:
globalTag: sample
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```bash tab="CLI"
--tracing.datadog.globalTag=sample
```
@@ -89,18 +89,18 @@ _Optional, Default=false_
Enable priority sampling. When using distributed tracing,
this option must be enabled in order to get all the parts of a distributed trace sampled.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
prioritySampling = true
```
```yaml tab="File (YAML)"
tracing:
datadog:
prioritySampling: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
prioritySampling = true
```
```bash tab="CLI"
--tracing.datadog.prioritySampling=true
```

46
docs/content/observability/tracing/elastic.md
View File

@@ -2,16 +2,16 @@
To enable the Elastic:
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
```
```yaml tab="File (YAML)"
tracing:
elastic: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
```
```bash tab="CLI"
--tracing.elastic=true
```
@@ -22,18 +22,18 @@ _Optional, Default="http://localhost:8200"_
APM ServerURL is the URL of the Elastic APM server.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serverURL = "http://apm:8200"
```
```yaml tab="File (YAML)"
tracing:
elastic:
serverURL: "http://apm:8200"
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serverURL = "http://apm:8200"
```
```bash tab="CLI"
--tracing.elastic.serverurl="http://apm:8200"
```
@@ -44,18 +44,18 @@ _Optional, Default=""_
APM Secret Token is the token used to connect to Elastic APM Server.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
secretToken = "mytoken"
```
```yaml tab="File (YAML)"
tracing:
elastic:
secretToken: "mytoken"
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
secretToken = "mytoken"
```
```bash tab="CLI"
--tracing.elastic.secrettoken="mytoken"
```
@@ -66,18 +66,18 @@ _Optional, Default=""_
APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serviceEnvironment = "production"
```
```yaml tab="File (YAML)"
tracing:
elastic:
serviceEnvironment: "production"
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serviceEnvironment = "production"
```
```bash tab="CLI"
--tracing.elastic.serviceenvironment="production"
```

94
docs/content/observability/tracing/haystack.md
View File

@@ -2,16 +2,16 @@
To enable the Haystack:
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
```
```yaml tab="File (YAML)"
tracing:
haystack: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
```
```bash tab="CLI"
--tracing.haystack=true
```
@@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to haystack-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentHost = "127.0.0.1"
```
```yaml tab="File (YAML)"
tracing:
haystack:
localAgentHost: 127.0.0.1
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI"
--tracing.haystack.localAgentHost=127.0.0.1
```
@@ -44,18 +44,18 @@ _Require, Default=35000_
Local Agent port instructs reporter to send spans to the haystack-agent at this port.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentPort = 35000
```
```yaml tab="File (YAML)"
tracing:
haystack:
localAgentPort: 35000
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentPort = 35000
```
```bash tab="CLI"
--tracing.haystack.localAgentPort=35000
```
@@ -66,18 +66,18 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
globalTag = "sample:test"
```
```yaml tab="File (YAML)"
tracing:
haystack:
globalTag: sample:test
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
globalTag = "sample:test"
```
```bash tab="CLI"
--tracing.haystack.globalTag=sample:test
```
@@ -88,18 +88,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the trace ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
traceIDHeaderName = "Trace-ID"
```
```yaml tab="File (YAML)"
tracing:
haystack:
traceIDHeaderName: Trace-ID
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
traceIDHeaderName = "Trace-ID"
```
```bash tab="CLI"
--tracing.haystack.traceIDHeaderName=Trace-ID
```
@@ -110,18 +110,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the parent ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
parentIDHeaderName = "Parent-Message-ID"
```
```yaml tab="File (YAML)"
tracing:
haystack:
parentIDHeaderName: Parent-Message-ID
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
parentIDHeaderName = "Parent-Message-ID"
```
```bash tab="CLI"
--tracing.haystack.parentIDHeaderName=Parent-Message-ID
```
@@ -132,18 +132,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the span ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
spanIDHeaderName = "Message-ID"
```
```yaml tab="File (YAML)"
tracing:
haystack:
spanIDHeaderName: Message-ID
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
spanIDHeaderName = "Message-ID"
```
```bash tab="CLI"
--tracing.haystack.spanIDHeaderName=Message-ID
```
@@ -154,18 +154,18 @@ _Optional, Default=empty_
Specifies the header name prefix that will be used to store baggage items in a map.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
baggagePrefixHeaderName = "sample"
```
```yaml tab="File (YAML)"
tracing:
haystack:
baggagePrefixHeaderName: "sample"
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
baggagePrefixHeaderName = "sample"
```
```bash tab="CLI"
--tracing.haystack.baggagePrefixHeaderName=sample

46
docs/content/observability/tracing/instana.md
View File

@@ -2,16 +2,16 @@
To enable the Instana:
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
```
```yaml tab="File (YAML)"
tracing:
instana: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
```
```bash tab="CLI"
--tracing.instana=true
```
@@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to instana-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentHost = "127.0.0.1"
```
```yaml tab="File (YAML)"
tracing:
instana:
localAgentHost: 127.0.0.1
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI"
--tracing.instana.localAgentHost=127.0.0.1
```
@@ -44,18 +44,18 @@ _Require, Default=42699_
Local Agent port instructs reporter to send spans to the instana-agent at this port.
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentPort = 42699
```
```yaml tab="File (YAML)"
tracing:
instana:
localAgentPort: 42699
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentPort = 42699
```
```bash tab="CLI"
--tracing.instana.localAgentPort=42699
```
@@ -73,18 +73,18 @@ Valid values for logLevel field are:
- `debug`
- `info`
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
logLevel = "info"
```
```yaml tab="File (YAML)"
tracing:
instana:
logLevel: info
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
logLevel = "info"
```
```bash tab="CLI"
--tracing.instana.logLevel=info
```

142
docs/content/observability/tracing/jaeger.md
View File

@@ -2,16 +2,16 @@
To enable the Jaeger:
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
```
```yaml tab="File (YAML)"
tracing:
jaeger: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
```
```bash tab="CLI"
--tracing.jaeger=true
```
@@ -26,18 +26,18 @@ _Required, Default="http://localhost:5778/sampling"_
Sampling Server URL is the address of jaeger-agent's HTTP sampling server.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingServerURL: http://localhost:5778/sampling
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling"
```
```bash tab="CLI"
--tracing.jaeger.samplingServerURL=http://localhost:5778/sampling
```
@@ -48,18 +48,18 @@ _Required, Default="const"_
Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingType = "const"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingType: const
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingType = "const"
```
```bash tab="CLI"
--tracing.jaeger.samplingType=const
```
@@ -76,18 +76,18 @@ Valid values for Param field are:
- for `probabilistic` sampler, a probability between 0 and 1
- for `rateLimiting` sampler, the number of spans per second
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingParam = 1.0
```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingParam: 1.0
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingParam = 1.0
```
```bash tab="CLI"
--tracing.jaeger.samplingParam=1.0
```
@@ -98,18 +98,18 @@ _Required, Default="127.0.0.1:6831"_
Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
localAgentHostPort: 127.0.0.1:6831
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831"
```
```bash tab="CLI"
--tracing.jaeger.localAgentHostPort=127.0.0.1:6831
```
@@ -120,18 +120,18 @@ _Optional, Default=false_
Generate 128-bit trace IDs, compatible with OpenCensus.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
gen128Bit = true
```
```yaml tab="File (YAML)"
tracing:
jaeger:
gen128Bit: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
gen128Bit = true
```
```bash tab="CLI"
--tracing.jaeger.gen128Bit
```
@@ -146,18 +146,18 @@ This can be either:
- `jaeger`, jaeger's default trace header.
- `b3`, compatible with OpenZipkin
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
propagation = "jaeger"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
propagation: jaeger
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
propagation = "jaeger"
```
```bash tab="CLI"
--tracing.jaeger.propagation=jaeger
```
@@ -169,18 +169,18 @@ _Required, Default="uber-trace-id"_
Trace Context Header Name is the http header name used to propagate tracing context.
This must be in lower-case to avoid mismatches when decoding incoming headers.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
traceContextHeaderName = "uber-trace-id"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
traceContextHeaderName: uber-trace-id
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
traceContextHeaderName = "uber-trace-id"
```
```bash tab="CLI"
--tracing.jaeger.traceContextHeaderName=uber-trace-id
```
@@ -192,18 +192,18 @@ _Optional, Default=true_
Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
disableAttemptReconnecting = false
```
```yaml tab="File (YAML)"
tracing:
jaeger:
disableAttemptReconnecting: false
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
disableAttemptReconnecting = false
```
```bash tab="CLI"
--tracing.jaeger.disableAttemptReconnecting=false
```
@@ -215,12 +215,6 @@ _Optional, Default=""_
Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
@@ -228,6 +222,12 @@ tracing:
endpoint: http://127.0.0.1:14268/api/traces?format=jaeger.thrift
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
```bash tab="CLI"
--tracing.jaeger.collector.endpoint=http://127.0.0.1:14268/api/traces?format=jaeger.thrift
```
@@ -238,12 +238,6 @@ _Optional, Default=""_
User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
user = "my-user"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
@@ -251,6 +245,12 @@ tracing:
user: my-user
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
user = "my-user"
```
```bash tab="CLI"
--tracing.jaeger.collector.user=my-user
```
@@ -261,12 +261,6 @@ _Optional, Default=""_
Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
password = "my-password"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
@@ -274,6 +268,12 @@ tracing:
password: my-password
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
password = "my-password"
```
```bash tab="CLI"
--tracing.jaeger.collector.password=my-password
```

28
docs/content/observability/tracing/overview.md
View File

@@ -22,14 +22,14 @@ By default, Traefik uses Jaeger as tracing backend.
To enable the tracing:
```toml tab="File (TOML)"
[tracing]
```
```yaml tab="File (YAML)"
tracing: {}
```
```toml tab="File (TOML)"
[tracing]
```
```bash tab="CLI"
--tracing=true
```
@@ -42,16 +42,16 @@ _Required, Default="traefik"_
Service name used in selected backend.
```toml tab="File (TOML)"
[tracing]
serviceName = "traefik"
```
```yaml tab="File (YAML)"
tracing:
serviceName: traefik
```
```toml tab="File (TOML)"
[tracing]
serviceName = "traefik"
```
```bash tab="CLI"
--tracing.serviceName=traefik
```
@@ -65,16 +65,16 @@ This can prevent certain tracing providers to drop traces that exceed their leng
`0` means no truncation will occur.
```toml tab="File (TOML)"
[tracing]
spanNameLimit = 150
```
```yaml tab="File (YAML)"
tracing:
spanNameLimit: 150
```
```toml tab="File (TOML)"
[tracing]
spanNameLimit = 150
```
```bash tab="CLI"
--tracing.spanNameLimit=150
```

58
docs/content/observability/tracing/zipkin.md
View File

@@ -2,16 +2,16 @@
To enable the Zipkin:
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
```
```yaml tab="File (YAML)"
tracing:
zipkin: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
```
```bash tab="CLI"
--tracing.zipkin=true
```
@@ -22,18 +22,18 @@ _Required, Default="http://localhost:9411/api/v2/spans"_
Zipkin HTTP endpoint used to send data.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v2/spans"
```
```yaml tab="File (YAML)"
tracing:
zipkin:
httpEndpoint: http://localhost:9411/api/v2/spans
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v2/spans"
```
```bash tab="CLI"
--tracing.zipkin.httpEndpoint=http://localhost:9411/api/v2/spans
```
@@ -44,18 +44,18 @@ _Optional, Default=false_
Use Zipkin SameSpan RPC style traces.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sameSpan = true
```
```yaml tab="File (YAML)"
tracing:
zipkin:
sameSpan: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sameSpan = true
```
```bash tab="CLI"
--tracing.zipkin.sameSpan=true
```
@@ -66,18 +66,18 @@ _Optional, Default=true_
Use Zipkin 128 bit trace IDs.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
id128Bit = false
```
```yaml tab="File (YAML)"
tracing:
zipkin:
id128Bit: false
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
id128Bit = false
```
```bash tab="CLI"
--tracing.zipkin.id128Bit=false
```
@@ -88,18 +88,18 @@ _Required, Default=1.0_
The rate between 0.0 and 1.0 of requests to trace.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sampleRate = 0.2
```
```yaml tab="File (YAML)"
tracing:
zipkin:
sampleRate: 0.2
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sampleRate = 0.2
```
```bash tab="CLI"
--tracing.zipkin.sampleRate=0.2
```

40
docs/content/operations/api.md
View File

@@ -26,16 +26,16 @@ If you enable the API, a new special `service` named `api@internal` is created a
To enable the API handler, use the following option on the
[static configuration](../getting-started/configuration-overview.md#the-static-configuration):
```toml tab="File (TOML)"
# Static Configuration
[api]
```
```yaml tab="File (YAML)"
# Static Configuration
api: {}
```
```toml tab="File (TOML)"
# Static Configuration
[api]
```
```bash tab="CLI"
--api=true
```
@@ -74,16 +74,16 @@ Enable the API in `insecure` mode, which means that the API will be available di
!!! info
If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080.
```toml tab="File (TOML)"
[api]
insecure = true
```
```yaml tab="File (YAML)"
api:
insecure: true
```
```toml tab="File (TOML)"
[api]
insecure = true
```
```bash tab="CLI"
--api.insecure=true
```
@@ -94,16 +94,16 @@ _Optional, Default=true_
Enable the dashboard. More about the dashboard features [here](./dashboard.md).
```toml tab="File (TOML)"
[api]
dashboard = true
```
```yaml tab="File (YAML)"
api:
dashboard: true
```
```toml tab="File (TOML)"
[api]
dashboard = true
```
```bash tab="CLI"
--api.dashboard=true
```
@@ -117,16 +117,16 @@ _Optional, Default=false_
Enable additional [endpoints](./api.md#endpoints) for debugging and profiling, served under `/debug/`.
```toml tab="File (TOML)"
[api]
debug = true
```
```yaml tab="File (YAML)"
api:
debug: true
```
```toml tab="File (TOML)"
[api]
debug = true
```
```bash tab="CLI"
--api.debug=true
```

32
docs/content/operations/dashboard.md
View File

@@ -31,16 +31,6 @@ This is the **recommended** method.
Start by enabling the dashboard by using the following option from [Traefik's API](./api.md)
on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration):
```toml tab="File (TOML)"
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
```
```yaml tab="File (YAML)"
api:
# Dashboard
@@ -51,6 +41,16 @@ api:
dashboard: true
```
```toml tab="File (TOML)"
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
```
```bash tab="CLI"
# Dashboard
#
@@ -105,18 +105,18 @@ This mode is not recommended because it does not allow the use of security featu
To enable the "insecure mode", use the following options from [Traefik's API](./api.md#insecure):
```toml tab="File (TOML)"
[api]
dashboard = true
insecure = true
```
```yaml tab="File (YAML)"
api:
dashboard: true
insecure: true
```
```toml tab="File (TOML)"
[api]
dashboard = true
insecure = true
```
```bash tab="CLI"
--api.dashboard=true --api.insecure=true
```

28
docs/content/operations/include-api-examples.md
View File

@@ -69,20 +69,6 @@ labels:
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`)"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Dynamic Configuration
http:
@@ -99,3 +85,17 @@ http:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`)"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

28
docs/content/operations/include-dashboard-examples.md
View File

@@ -69,20 +69,6 @@ labels:
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Dynamic Configuration
http:
@@ -99,3 +85,17 @@ http:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

46
docs/content/operations/ping.md
View File

@@ -7,14 +7,14 @@ Checking the Health of Your Traefik Instances
To enable the API handler:
```toml tab="File (TOML)"
[ping]
```
```yaml tab="File (YAML)"
ping: {}
```
```toml tab="File (TOML)"
[ping]
```
```bash tab="CLI"
--ping=true
```
@@ -39,15 +39,6 @@ _Optional, Default="traefik"_
Enabling /ping on a dedicated EntryPoint.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
```
```yaml tab="File (YAML)"
entryPoints:
ping:
@@ -57,6 +48,15 @@ ping:
entryPoint: "ping"
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
```
```bash tab="CLI"
--entryPoints.ping.address=:8082
--ping.entryPoint=ping
@@ -68,16 +68,16 @@ _Optional, Default=false_
If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `ping@internal` service.
```toml tab="File (TOML)"
[ping]
manualRouting = true
```
```yaml tab="File (YAML)"
ping:
manualRouting: true
```
```toml tab="File (TOML)"
[ping]
manualRouting = true
```
```bash tab="CLI"
--ping.manualrouting=true
```
@@ -93,16 +93,16 @@ be expected as the signal for graceful termination. In which case, the
terminatingStatusCode can be used to set the code returned by the ping
handler during termination.
```toml tab="File (TOML)"
[ping]
terminatingStatusCode = 204
```
```yaml tab="File (YAML)"
ping:
terminatingStatusCode: 204
```
```toml tab="File (TOML)"
[ping]
terminatingStatusCode = 204
```
```bash tab="CLI"
--ping.terminatingStatusCode=204
```

248
docs/content/providers/consul-catalog.md
View File

@@ -13,15 +13,15 @@ Attach tags to your services and let Traefik do the rest!
Enabling the consul catalog provider
```toml tab="File (TOML)"
[providers.consulCatalog]
```
```yaml tab="File (YAML)"
providers:
consulCatalog: {}
```
```toml tab="File (TOML)"
[providers.consulCatalog]
```
```bash tab="CLI"
--providers.consulcatalog=true
```
@@ -44,12 +44,6 @@ _Optional, Default=15s_
Defines the polling interval.
```toml tab="File (TOML)"
[providers.consulCatalog]
refreshInterval = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -57,6 +51,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
refreshInterval = "30s"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.refreshInterval=30s
# ...
@@ -68,12 +68,6 @@ _required, Default="traefik"_
The prefix for Consul Catalog tags defining Traefik labels.
```toml tab="File (TOML)"
[providers.consulCatalog]
prefix = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -81,6 +75,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
prefix = "test"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.prefix=test
# ...
@@ -98,12 +98,6 @@ Forces the read to be fully consistent.
For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency).
```toml tab="File (TOML)"
[providers.consulCatalog]
requireConsistent = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -111,6 +105,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
requireConsistent = true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.requireConsistent=true
# ...
@@ -128,12 +128,6 @@ Use stale consistency for catalog reads.
For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency).
```toml tab="File (TOML)"
[providers.consulCatalog]
stale = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -141,6 +135,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
stale = true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.stale=true
# ...
@@ -152,12 +152,6 @@ _Optional, Default=false_
Use local agent caching for catalog reads.
```toml tab="File (TOML)"
[providers.consulCatalog]
cache = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -165,6 +159,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
cache = true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.cache=true
# ...
@@ -180,13 +180,6 @@ Defines the address of the Consul server.
_Optional, Default="127.0.0.1:8500"_
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -195,6 +188,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.address=127.0.0.1:8500
# ...
@@ -206,13 +206,6 @@ _Optional, Default=""_
Defines the URI scheme for the Consul server.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
scheme = "https"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -221,6 +214,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
scheme = "https"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.scheme=https
# ...
@@ -233,13 +233,6 @@ _Optional, Default=""_
Defines the datacenter to use.
If not provided in Traefik, Consul uses the default agent datacenter.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
datacenter = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -248,6 +241,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
datacenter = "test"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.datacenter=test
# ...
@@ -259,13 +259,6 @@ _Optional, Default=""_
Token is used to provide a per-request ACL token which overwrites the agent's default token.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
token = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -274,6 +267,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
token = "test"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.token=test
# ...
@@ -286,13 +286,6 @@ _Optional, Default=""_
Limits the duration for which a Watch can block.
If not provided, the agent default values will be used.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
endpointWaitTime = "15s"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -301,6 +294,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
endpointWaitTime = "15s"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.endpointwaittime=15s
# ...
@@ -318,11 +318,6 @@ _Optional, Default=""_
Username to use for HTTP Basic Authentication.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
username = "test"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -331,6 +326,11 @@ providers:
username: test
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
username = "test"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.httpauth.username=test
```
@@ -341,11 +341,6 @@ _Optional, Default=""_
Password to use for HTTP Basic Authentication.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
password = "test"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -354,6 +349,11 @@ providers:
password: test
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
password = "test"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.httpauth.password=test
```
@@ -370,11 +370,6 @@ _Optional_
`ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -383,6 +378,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.ca=path/to/ca.crt
```
@@ -401,11 +401,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -414,6 +409,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
caOptional = true
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.caoptional=true
```
@@ -426,12 +426,6 @@ _Optional_
When using this option, setting the `key` option is required.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -441,6 +435,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert
--providers.consulcatalog.endpoint.tls.key=path/to/foo.key
@@ -454,12 +454,6 @@ _Optional_
When using this option, setting the `cert` option is required.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -469,6 +463,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert
--providers.consulcatalog.endpoint.tls.key=path/to/foo.key
@@ -480,11 +480,6 @@ _Optional_
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -493,6 +488,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.insecureskipverify=true
```
@@ -506,12 +506,6 @@ If set to `false`, services that don't have a `traefik.enable=true` tag will be
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.consulCatalog]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -519,6 +513,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.consulcatalog.exposedByDefault=false
# ...
@@ -538,12 +538,6 @@ and the template has access to all the labels (i.e. tags beginning with the `pre
The option can be overridden on an instance basis with the `traefik.http.routers.{name-of-your-choice}.rule` tag.
```toml tab="File (TOML)"
[providers.consulCatalog]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -551,6 +545,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
@@ -599,12 +599,6 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "TagRegex(`a\.tag\.t.+`)"
```
```toml tab="File (TOML)"
[providers.consulCatalog]
constraints = "Tag(`a.tag.name`)"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@@ -612,6 +606,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
constraints = "Tag(`a.tag.name`)"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.constraints="Tag(`a.tag.name`)"
# ...

98
docs/content/providers/consul.md
View File

@@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:8500"_
Defines how to access to Consul.
```toml tab="File (TOML)"
[providers.consul]
endpoints = ["127.0.0.1:8500"]
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -29,6 +24,11 @@ providers:
- "127.0.0.1:8500"
```
```toml tab="File (TOML)"
[providers.consul]
endpoints = ["127.0.0.1:8500"]
```
```bash tab="CLI"
--providers.consul.endpoints=127.0.0.1:8500
```
@@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.consul]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
consul:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.consul]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.consul.rootkey=traefik
```
@@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect to Consul with.
```toml tab="File (TOML)"
[providers.consul]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.consul]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.consul.username=foo
```
@@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password with which to connect to Consul.
```toml tab="File (TOML)"
[providers.consul]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.consul]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.consul.password=foo
```
@@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.consul.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.consul.tls.ca=path/to/ca.crt
```
@@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.consul.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.consul.tls]
caOptional = true
```
```bash tab="CLI"
--providers.consul.tls.caOptional=true
```
@@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key
@@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key
@@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.consul.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
consul:
@@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.consul.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.consul.tls.insecureSkipVerify=true
```

224
docs/content/providers/docker.md
View File

@@ -20,15 +20,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
Enabling the docker provider
```toml tab="File (TOML)"
[providers.docker]
```
```yaml tab="File (YAML)"
providers:
docker: {}
```
```toml tab="File (TOML)"
[providers.docker]
```
```bash tab="CLI"
--providers.docker=true
```
@@ -48,15 +48,6 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
Enabling the docker provider (Swarm Mode)
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -67,6 +58,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
swarmMode: true
```
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```bash tab="CLI"
# swarm classic (1.12-)
# --providers.docker.endpoint=tcp://127.0.0.1:2375
@@ -117,7 +117,7 @@ Port detection works as follows:
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) a single port,
then Traefik uses this port for private communication.
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports,
or does not expose any port, then you must manually specify which port Traefik should use for communication
or does not expose any port, then you must manually specify which port Traefik should use for communication
by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
(Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)).
@@ -261,12 +261,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
We specify the docker.sock in traefik's configuration file.
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -274,6 +268,12 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint=unix:///var/run/docker.sock
# ...
@@ -285,12 +285,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
We specify the SSH host and user in Traefik's configuration file.
Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
```toml tab="File (TOML)"
[providers.docker]
endpoint = "ssh://traefik@192.168.2.5:2022"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -298,22 +292,28 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "ssh://traefik@192.168.2.5:2022"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint=ssh://traefik@192.168.2.5:2022
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```yaml tab="File (YAML)"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```bash tab="CLI"
--providers.docker.endpoint=unix:///var/run/docker.sock
```
@@ -350,12 +350,6 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that
- `ExtPort` stands for "external Port found in the binding"
- `IntPort` stands for "internal network container's port."
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -363,6 +357,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```bash tab="CLI"
--providers.docker.useBindPortIP=true
# ...
@@ -377,12 +377,6 @@ If set to `false`, containers that do not have a `traefik.enable=true` label are
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -390,6 +384,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.docker.exposedByDefault=false
# ...
@@ -403,12 +403,6 @@ Defines a default docker network to use for connections to all containers.
This option can be overridden on a per-container basis with the `traefik.docker.network` label.
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -416,6 +410,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```bash tab="CLI"
--providers.docker.network=test
# ...
@@ -432,12 +432,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can
The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -445,6 +439,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.docker.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@@ -456,12 +456,6 @@ _Optional, Default=false_
Enables the Swarm Mode (instead of standalone Docker).
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -469,6 +463,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```bash tab="CLI"
--providers.docker.swarmMode=true
# ...
@@ -480,12 +480,6 @@ _Optional, Default=15_
Defines the polling interval (in seconds) for Swarm Mode.
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = 30
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -493,6 +487,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = 30
# ...
```
```bash tab="CLI"
--providers.docker.swarmModeRefreshSeconds=30
# ...
@@ -504,12 +504,6 @@ _Optional, Default=0_
Defines the client timeout (in seconds) for HTTP connections. If its value is `0`, no timeout is set.
```toml tab="File (TOML)"
[providers.docker]
httpClientTimeout = 300
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -517,6 +511,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
httpClientTimeout = 300
# ...
```
```bash tab="CLI"
--providers.docker.httpClientTimeout=300
# ...
@@ -528,12 +528,6 @@ _Optional, Default=true_
Watch Docker Swarm events.
```toml tab="File (TOML)"
[providers.docker]
watch = false
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -541,6 +535,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
watch = false
# ...
```
```bash tab="CLI"
--providers.docker.watch=false
# ...
@@ -591,12 +591,6 @@ as well as the usual boolean logic, as shown in examples below.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -604,6 +598,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI"
--providers.docker.constraints=Label(`a.label.name`,`foo`)
# ...
@@ -617,11 +617,6 @@ _Optional_
Certificate Authority used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -629,6 +624,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.docker.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.docker.tls.ca=path/to/ca.crt
```
@@ -645,11 +645,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -657,6 +652,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional = true
```
```bash tab="CLI"
--providers.docker.tls.caOptional=true
```
@@ -665,12 +665,6 @@ providers:
Public certificate used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -679,6 +673,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key
@@ -688,12 +688,6 @@ providers:
Private certificate used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -702,6 +696,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key
@@ -711,11 +711,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Docker accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.docker.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -723,6 +718,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.docker.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.docker.tls.insecureSkipVerify=true
```

82
docs/content/providers/ecs.md
View File

@@ -11,15 +11,15 @@ Attach labels to your ECS containers and let Traefik do the rest!
Enabling the ECS provider:
```toml tab="File (TOML)"
[providers.ecs]
```
```yaml tab="File (YAML)"
providers:
ecs: {}
```
```toml tab="File (TOML)"
[providers.ecs]
```
```bash tab="CLI"
--providers.ecs=true
```
@@ -63,12 +63,6 @@ Search for services in cluster list.
- If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters.
- If set to `false` service discovery is enabled on configured clusters only.
```toml tab="File (TOML)"
[providers.ecs]
autoDiscoverClusters = true
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@@ -76,6 +70,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
autoDiscoverClusters = true
# ...
```
```bash tab="CLI"
--providers.ecs.autoDiscoverClusters=true
# ...
@@ -87,12 +87,6 @@ _Optional, Default=["default"]_
Search for services in cluster list.
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@@ -101,6 +95,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
# ...
```
```bash tab="CLI"
--providers.ecs.clusters=default
# ...
@@ -114,12 +114,6 @@ Expose ECS services by default in Traefik.
If set to `false`, services that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
```toml tab="File (TOML)"
[providers.ecs]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@@ -127,6 +121,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.ecs.exposedByDefault=false
# ...
@@ -143,12 +143,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can
The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File (TOML)"
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@@ -156,6 +150,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@@ -167,12 +167,6 @@ _Optional, Default=15_
Polling interval (in seconds).
```toml tab="File (TOML)"
[providers.ecs]
refreshSeconds = 15
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@@ -180,6 +174,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
refreshSeconds = 15
# ...
```
```bash tab="CLI"
--providers.ecs.refreshSeconds=15
# ...
@@ -198,13 +198,6 @@ If `accessKeyID` and `secretAccessKey` are not provided, credentials are resolve
- Using shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.
- Using EC2 instance role or ECS task role
```toml tab="File (TOML)"
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
```
```yaml tab="File (YAML)"
providers:
ecs:
@@ -214,6 +207,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
```
```bash tab="CLI"
--providers.ecs.region="us-east-1"
--providers.ecs.accessKeyID="abc"

98
docs/content/providers/etcd.md
View File

@@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2379"_
Defines how to access etcd.
```toml tab="File (TOML)"
[providers.etcd]
endpoints = ["127.0.0.1:2379"]
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -29,6 +24,11 @@ providers:
- "127.0.0.1:2379"
```
```toml tab="File (TOML)"
[providers.etcd]
endpoints = ["127.0.0.1:2379"]
```
```bash tab="CLI"
--providers.etcd.endpoints=127.0.0.1:2379
```
@@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.etcd]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
etcd:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.etcd]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.etcd.rootkey=traefik
```
@@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username with which to connect to etcd.
```toml tab="File (TOML)"
[providers.etcd]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.etcd]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.etcd.username=foo
```
@@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password with which to connect to etcd.
```toml tab="File (TOML)"
[providers.etcd]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.etcd]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.etcd.password=foo
```
@@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.etcd.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.etcd.tls.ca=path/to/ca.crt
```
@@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.etcd.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.etcd.tls]
caOptional = true
```
```bash tab="CLI"
--providers.etcd.tls.caOptional=true
```
@@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key
@@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key
@@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to etcd accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.etcd.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
etcd:
@@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.etcd.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.etcd.tls.insecureSkipVerify=true
```

186
docs/content/providers/file.md
View File

@@ -3,9 +3,9 @@
Good Old Configuration File
{: .subtitle }
The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file.
The file provider lets you define the [dynamic configuration](./overview.md) in a YAML or TOML file.
It supports providing configuration through a [single configuration file]](#filename) or [multiple separate files](#directory).
It supports providing configuration through a [single configuration file](#filename) or [multiple separate files](#directory).
!!! info
@@ -21,50 +21,23 @@ It supports providing configuration through a [single configuration file]](#file
Enabling the file provider:
```toml tab="File (TOML)"
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)"
providers:
file:
directory: "/path/to/dynamic/conf"
```
```toml tab="File (TOML)"
[providers.file]
directory = "/path/to/dynamic/conf"
```
```bash tab="CLI"
--providers.file.directory=/path/to/dynamic/conf
```
Declaring Routers, Middlewares & Services:
```toml tab="TOML"
[http]
# Add the router
[http.routers]
[http.routers.router0]
entryPoints = ["web"]
middlewares = ["my-basic-auth"]
service = "service-foo"
rule = "Path(`/foo`)"
# Add the middleware
[http.middlewares]
[http.middlewares.my-basic-auth.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
# Add the service
[http.services]
[http.services.service-foo]
[http.services.service-foo.loadBalancer]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://foo/"
[[http.services.service-foo.loadBalancer.servers]]
url = "http://bar/"
```
```yaml tab="YAML"
http:
# Add the router
@@ -96,6 +69,33 @@ It supports providing configuration through a [single configuration file]](#file
passHostHeader: false
```
```toml tab="TOML"
[http]
# Add the router
[http.routers]
[http.routers.router0]
entryPoints = ["web"]
middlewares = ["my-basic-auth"]
service = "service-foo"
rule = "Path(`/foo`)"
# Add the middleware
[http.middlewares]
[http.middlewares.my-basic-auth.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
# Add the service
[http.services]
[http.services.service-foo]
[http.services.service-foo.loadBalancer]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://foo/"
[[http.services.service-foo.loadBalancer.servers]]
url = "http://bar/"
```
## Provider Configuration
For an overview of all the options that can be set with the file provider, see the [dynamic configuration](../reference/dynamic-configuration/file.md) and [static configuration](../reference/static-configuration/overview.md) references.
@@ -105,7 +105,7 @@ For an overview of all the options that can be set with the file provider, see t
With the file provider, Traefik listens for file system notifications to update the dynamic configuration.
If you use a mounted/bound file system in your orchestrator (like docker or kubernetes), the way the files are linked may be a source of errors.
If the link between the file systems is broken, when a source file/directory is changed/renamed, nothing will be reported to the linked file/directory, so the file system notifications will be neither triggered nor caught.
If the link between the file systems is broken, when a source file/directory is changed/renamed, nothing will be reported to the linked file/directory, so the file system notifications will be neither triggered nor caught.
For example, in Docker, if the host file is renamed, the link to the mounted file is broken and the container's file is no longer updated.
To avoid this kind of issue, it is recommended to:
@@ -125,20 +125,20 @@ Defines the path to the configuration file.
The `filename` and `directory` options are mutually exclusive.
It is recommended to use `directory`.
```toml tab="File (TOML)"
[providers]
[providers.file]
filename = "/path/to/config/dynamic_conf.toml"
```
```yaml tab="File (YAML)"
providers:
file:
filename: /path/to/config/dynamic_conf.yml
```
```toml tab="File (TOML)"
[providers]
[providers.file]
filename = "/path/to/config/dynamic_conf.toml"
```
```bash tab="CLI"
--providers.file.filename=/path/to/config/dynamic_conf.toml
--providers.file.filename=/path/to/config/dynamic_conf.yml
```
### `directory`
@@ -150,18 +150,18 @@ Defines the path to the directory that contains the configuration files.
The `filename` and `directory` options are mutually exclusive.
It is recommended to use `directory`.
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/config"
```
```yaml tab="File (YAML)"
providers:
file:
directory: /path/to/config
```
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/config"
```
```bash tab="CLI"
--providers.file.directory=/path/to/config
```
@@ -171,13 +171,6 @@ providers:
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
It works with both the `filename` and the `directory` options.
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/dynamic/conf"
watch = true
```
```yaml tab="File (YAML)"
providers:
file:
@@ -185,6 +178,13 @@ providers:
watch: true
```
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/dynamic/conf"
watch = true
```
```bash tab="CLI"
--providers.file.directory=/my/path/to/dynamic/conf
--providers.file.watch=true
@@ -205,6 +205,44 @@ To illustrate, it is possible to easily define multiple routers, services, and T
??? example "Configuring Using Templating"
```yaml tab="YAML"
http:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}-{{ env "MY_ENV_VAR" }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
application{{ $e }}:
# ...
{{end}}
tcp:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
service{{ $e }}:
# ...
{{end}}
tls:
certificates:
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
```
```toml tab="TOML"
# template-rules.toml
[http]
@@ -248,41 +286,3 @@ To illustrate, it is possible to easily define multiple routers, services, and T
# ...
{{ end }}
```
```yaml tab="YAML"
http:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}-{{ env "MY_ENV_VAR" }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
application{{ $e }}:
# ...
{{end}}
tcp:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
service{{ $e }}:
# ...
{{end}}
tls:
certificates:
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
```

84
docs/content/providers/http.md
View File

@@ -14,11 +14,6 @@ _Required_
Defines the HTTP(S) endpoint to poll.
```toml tab="File (TOML)"
[providers.http]
endpoint = "http://127.0.0.1:9000/api"
```
```yaml tab="File (YAML)"
providers:
http:
@@ -26,6 +21,11 @@ providers:
- "http://127.0.0.1:9000/api"
```
```toml tab="File (TOML)"
[providers.http]
endpoint = "http://127.0.0.1:9000/api"
```
```bash tab="CLI"
--providers.http.endpoint=http://127.0.0.1:9000/api
```
@@ -36,17 +36,17 @@ _Optional, Default="5s"_
Defines the polling interval.
```toml tab="File (TOML)"
[providers.http]
pollInterval = "5s"
```
```yaml tab="File (YAML)"
providers:
http:
pollInterval: "5s"
```
```toml tab="File (TOML)"
[providers.http]
pollInterval = "5s"
```
```bash tab="CLI"
--providers.http.pollInterval=5s
```
@@ -57,17 +57,17 @@ _Optional, Default="5s"_
Defines the polling timeout when connecting to the configured endpoint.
```toml tab="File (TOML)"
[providers.http]
pollTimeout = "5s"
```
```yaml tab="File (YAML)"
providers:
http:
pollTimeout: "5s"
```
```toml tab="File (TOML)"
[providers.http]
pollTimeout = "5s"
```
```bash tab="CLI"
--providers.http.pollTimeout=5s
```
@@ -80,11 +80,6 @@ _Optional_
Certificate Authority used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
http:
@@ -92,6 +87,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.http.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.http.tls.ca=path/to/ca.crt
```
@@ -108,11 +108,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.http.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
http:
@@ -120,6 +115,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.http.tls]
caOptional = true
```
```bash tab="CLI"
--providers.http.tls.caOptional=true
```
@@ -128,12 +128,6 @@ providers:
Public certificate used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
http:
@@ -142,6 +136,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.http.tls.cert=path/to/foo.cert
--providers.http.tls.key=path/to/foo.key
@@ -151,12 +151,6 @@ providers:
Private certificate used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
http:
@@ -165,6 +159,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.http.tls.cert=path/to/foo.cert
--providers.http.tls.key=path/to/foo.key
@@ -174,11 +174,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to the endpoint accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.http.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
http:
@@ -186,6 +181,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.http.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.http.tls.insecureSkipVerify=true
```

98
docs/content/providers/kubernetes-crd.md
View File

@@ -15,7 +15,7 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
* Add/update **all** the Traefik resources [definitions](../reference/dynamic-configuration/kubernetes-crd.md#definitions)
* Add/update the [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for the Traefik custom resources
* Use [Helm Chart](../getting-started/install-traefik.md#use-the-helm-chart) or use a custom Traefik Deployment
* Use [Helm Chart](../getting-started/install-traefik.md#use-the-helm-chart) or use a custom Traefik Deployment
* Enable the kubernetesCRD provider
* Apply the needed kubernetesCRD provider [configuration](#provider-configuration)
* Add all necessary Traefik custom [resources](../reference/dynamic-configuration/kubernetes-crd.md#resources)
@@ -81,12 +81,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -94,6 +88,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.endpoint=http://localhost:8080
```
@@ -104,12 +104,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -117,6 +111,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.token=mytoken
```
@@ -128,12 +128,6 @@ _Optional, Default=""_
Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -141,6 +135,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.certauthfilepath=/my/ca.crt
```
@@ -152,12 +152,6 @@ _Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -167,6 +161,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.namespaces=default,production
```
@@ -186,12 +186,6 @@ See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-
Because the label selector is applied to all Traefik Custom Resources, they all must match the filter.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -199,6 +193,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.labelselector="app=traefik"
```
@@ -212,12 +212,6 @@ Value of `kubernetes.io/ingress.class` annotation that identifies resource objec
If the parameter is set, only resources containing an annotation with the same value are processed.
Otherwise, resources missing the annotation, having an empty value, or the value `traefik` are processed.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -225,6 +219,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.ingressclass=traefik-internal
```
@@ -241,12 +241,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesCRD]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -254,6 +248,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
throttleDuration = "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.throttleDuration=10s
```
@@ -268,12 +268,6 @@ If the parameter is set to `false`, IngressRoutes are not able to reference any
Please note that the default value for this option will be set to `false` in a future version.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@@ -281,6 +275,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.allowCrossNamespace=false
```

104
docs/content/providers/kubernetes-gateway.md
View File

@@ -6,23 +6,15 @@ The Kubernetes Gateway API, The Experimental Way.
Gateway API is the evolution of Kubernetes APIs that relate to `Services`, such as `Ingress`.
The Gateway API project is part of Kubernetes, working under SIG-NETWORK.
The Kubernetes Gateway provider is a Traefik implementation of the [Service APIs](https://kubernetes-sigs.github.io/gateway-api/)
The Kubernetes Gateway provider is a Traefik implementation of the [Gateway API](https://gateway-api.sigs.k8s.io/)
specifications from the Kubernetes Special Interest Groups (SIGs).
This provider is proposed as an experimental feature and partially supports the Service APIs [v0.1.0](https://github.com/kubernetes-sigs/service-apis/releases/tag/v0.1.0) specification.
This provider is proposed as an experimental feature and partially supports the Gateway API [v0.2.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.2.0) specification.
!!! warning "Enabling The Experimental Kubernetes Gateway Provider"
Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration.
```toml tab="File (TOML)"
[experimental]
kubernetesGateway = true
[providers.kubernetesGateway]
#...
```
```yaml tab="File (YAML)"
experimental:
kubernetesGateway: true
@@ -32,6 +24,14 @@ This provider is proposed as an experimental feature and partially supports the
#...
```
```toml tab="File (TOML)"
[experimental]
kubernetesGateway = true
[providers.kubernetesGateway]
#...
```
```bash tab="CLI"
--experimental.kubernetesgateway=true --providers.kubernetesgateway=true #...
```
@@ -71,9 +71,9 @@ This provider is proposed as an experimental feature and partially supports the
--8<-- "content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml"
```
The Kubernetes Service APIs project provides several [guides](https://kubernetes-sigs.github.io/gateway-api/guides/) on how to use the APIs.
The Kubernetes Gateway API project provides several guides on how to use the APIs.
These guides can help you to go further than the example above.
The [getting started guide](https://kubernetes-sigs.github.io/gateway-api/getting-started/) details how to install the CRDs from their repository.
The [getting started guide](https://gateway-api.sigs.k8s.io/guides/getting-started/) details how to install the CRDs from their repository.
!!! note ""
@@ -81,9 +81,9 @@ The [getting started guide](https://kubernetes-sigs.github.io/gateway-api/gettin
For now, the Traefik Gateway Provider can be used while following the below guides:
* [Simple Gateway](https://kubernetes-sigs.github.io/gateway-api/simple-gateway/)
* [HTTP routing](https://kubernetes-sigs.github.io/gateway-api/http-routing/)
* [TLS](https://kubernetes-sigs.github.io/gateway-api/tls/) (Partial support: only on listeners with terminate mode)
* [Simple Gateway](https://gateway-api.sigs.k8s.io/guides/simple-gateway/)
* [HTTP routing](https://gateway-api.sigs.k8s.io/guides/http-routing/)
* [TLS](https://gateway-api.sigs.k8s.io/guides/tls/) (Partial support: only on listeners with terminate mode)
## Resource Configuration
@@ -91,7 +91,7 @@ When using Kubernetes Gateway API as a provider, Traefik uses Kubernetes
[Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
to retrieve its routing configuration.
All concepts can be found in the official API concepts [documentation](https://kubernetes-sigs.github.io/gateway-api/api-overview/).
All concepts can be found in the official API concepts [documentation](https://gateway-api.sigs.k8s.io/concepts/api-overview/).
Traefik implements the following resources:
* `GatewayClass` defines a set of Gateways that share a common configuration and behaviour.
@@ -117,12 +117,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@@ -130,6 +124,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.endpoint=http://localhost:8080
```
@@ -140,12 +140,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@@ -153,6 +147,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.token=mytoken
```
@@ -164,12 +164,6 @@ _Optional, Default=""_
Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@@ -177,6 +171,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.certauthfilepath=/my/ca.crt
```
@@ -188,12 +188,6 @@ _Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@@ -203,6 +197,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.namespaces=default,production
```
@@ -216,12 +216,6 @@ If left empty, Traefik processes all GatewayClass objects in the configured name
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
labelselector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@@ -229,6 +223,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
labelselector = "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.labelselector="app=traefik"
```
@@ -245,12 +245,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesGateway]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@@ -258,6 +252,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
throttleDuration = "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.throttleDuration=10s
```

128
docs/content/providers/kubernetes-ingress.md
View File

@@ -14,15 +14,15 @@ See the dedicated section in [routing](../routing/providers/kubernetes-ingress.m
You can enable the provider in the static configuration:
```toml tab="File (TOML)"
[providers.kubernetesIngress]
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress: {}
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
```
```bash tab="CLI"
--providers.kubernetesingress=true
```
@@ -95,12 +95,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -108,6 +102,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.endpoint=http://localhost:8080
```
@@ -118,12 +118,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -131,6 +125,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.token=mytoken
```
@@ -142,12 +142,6 @@ _Optional, Default=""_
Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -155,6 +149,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.certauthfilepath=/my/ca.crt
```
@@ -166,12 +166,6 @@ _Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -181,6 +175,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.namespaces=default,production
```
@@ -194,12 +194,6 @@ If left empty, Traefik processes all Ingress objects in the configured namespace
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -207,6 +201,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.labelselector="app=traefik"
```
@@ -254,12 +254,6 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
servicePort: 80
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -267,6 +261,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressclass=traefik-internal
```
@@ -279,12 +279,6 @@ _Optional, Default: ""_
Hostname used for Kubernetes Ingress endpoints.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
hostname = "example.net"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -293,6 +287,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
hostname = "example.net"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.hostname=example.net
```
@@ -303,12 +303,6 @@ _Optional, Default: ""_
IP used for Kubernetes Ingress endpoints.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
ip = "1.2.3.4"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -317,6 +311,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
ip = "1.2.3.4"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.ip=1.2.3.4
```
@@ -328,12 +328,6 @@ _Optional, Default: ""_
Published Kubernetes Service to copy status from.
Format: `namespace/servicename`.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
publishedService = "namespace/foo-service"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -342,6 +336,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
publishedService = "namespace/foo-service"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
```
@@ -358,12 +358,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesIngress]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@@ -371,6 +365,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
throttleDuration = "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.throttleDuration=10s
```

234
docs/content/providers/marathon.md
View File

@@ -11,15 +11,15 @@ For additional information, refer to [Marathon user guide](../user-guides/marath
Enabling the Marathon provider
```toml tab="File (TOML)"
[providers.marathon]
```
```yaml tab="File (YAML)"
providers:
marathon: {}
```
```toml tab="File (TOML)"
[providers.marathon]
```
```bash tab="CLI"
--providers.marathon=true
```
@@ -61,12 +61,6 @@ _Optional_
Enables Marathon basic authentication.
```toml tab="File (TOML)"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -75,6 +69,12 @@ providers:
httpBasicPassword: bar
```
```toml tab="File (TOML)"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```bash tab="CLI"
--providers.marathon.basic.httpbasicauthuser=foo
--providers.marathon.basic.httpbasicpassword=bar
@@ -88,12 +88,6 @@ Datacenter Operating System (DCOS) Token for DCOS environment.
If set, it overrides the Authorization header.
```toml tab="File (TOML)"
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```toml tab="File (YAML)"
providers:
marathon:
@@ -101,6 +95,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```bash tab="CLI"
--providers.marathon.dcosToken=xxxxxx
```
@@ -119,12 +119,6 @@ and can include [sprig template functions](http://masterminds.github.io/sprig/).
The app ID can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this Marathon application.
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -132,6 +126,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@@ -147,19 +147,19 @@ when trying to open a TCP connection to a Marathon master.
The value of `dialerTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```toml tab="File (YAML)"
```yaml tab="File (YAML)"
providers:
marathon:
dialerTimeout: "10s"
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.dialerTimeout=10s
```
@@ -172,19 +172,19 @@ Marathon server endpoint.
You can optionally specify multiple endpoints.
```toml tab="File (TOML)"
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```toml tab="File (YAML)"
```yaml tab="File (YAML)"
providers:
marathon:
endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```bash tab="CLI"
--providers.marathon.endpoint=http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080
```
@@ -199,12 +199,6 @@ If set to `false`, applications that do not have a `traefik.enable=true` label a
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -212,6 +206,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.marathon.exposedByDefault=false
# ...
@@ -274,12 +274,6 @@ In addition, to match against Marathon constraints, the function `MarathonConstr
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -287,6 +281,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI"
--providers.marathon.constraints=Label(`a.label.name`,`foo`)
# ...
@@ -300,12 +300,6 @@ By default, the task IP address (as returned by the Marathon API) is used as bac
otherwise, the name of the host running the task is used.
The latter behavior can be enforced by setting this option to `true`.
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -313,6 +307,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```bash tab="CLI"
--providers.marathon.forceTaskHostname=true
# ...
@@ -326,12 +326,6 @@ Set the TCP Keep Alive duration for the Marathon HTTP Client.
The value of `keepAlive` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -339,6 +333,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```bash tab="CLI"
--providers.marathon.keepAlive=30s
# ...
@@ -354,12 +354,6 @@ Note that the checks are only valid during deployments.
See the Marathon guide for details.
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -367,6 +361,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```bash tab="CLI"
--providers.marathon.respectReadinessChecks=true
# ...
@@ -382,12 +382,6 @@ from a Marathon master.
The value of `responseHeaderTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -395,6 +389,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout=66s
# ...
@@ -408,11 +408,6 @@ _Optional_
Certificate Authority used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -420,6 +415,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.marathon.tls.ca=path/to/ca.crt
```
@@ -436,11 +436,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.marathon.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -448,6 +443,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.marathon.tls]
caOptional = true
```
```bash tab="CLI"
--providers.marathon.tls.caOptional=true
```
@@ -456,12 +456,6 @@ providers:
Public certificate used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -470,6 +464,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key
@@ -479,12 +479,6 @@ providers:
Private certificate used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -493,6 +487,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key
@@ -502,11 +502,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Marathon accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.marathon.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -514,6 +509,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.marathon.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.marathon.tls.insecureSkipVerify=true
```
@@ -528,12 +528,6 @@ when waiting for the TLS handshake to complete.
The value of `tlsHandshakeTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -541,6 +535,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout=10s
# ...
@@ -552,12 +552,6 @@ _Optional, Default=false_
Displays additional provider logs when available.
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -565,6 +559,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```bash tab="CLI"
--providers.marathon.trace=true
# ...
@@ -576,12 +576,6 @@ _Optional, Default=true_
When set to `true`, watches for Marathon changes.
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@@ -589,6 +583,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```bash tab="CLI"
--providers.marathon.watch=false
# ...

24
docs/content/providers/overview.md
View File

@@ -49,12 +49,6 @@ separator, and the provider name.
Declaring the add-foo-prefix in the file provider.
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```
```yaml tab="File (YAML)"
http:
middlewares:
@@ -63,6 +57,12 @@ separator, and the provider name.
prefix: "/foo"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```
Using the add-foo-prefix middleware from other providers:
```yaml tab="Docker"
@@ -133,7 +133,7 @@ Below is the list of the currently supported providers in Traefik.
| [ECS](./ecs.md) | Orchestrator | Label |
| [Marathon](./marathon.md) | Orchestrator | Label |
| [Rancher](./rancher.md) | Orchestrator | Label |
| [File](./file.md) | Manual | TOML/YAML format |
| [File](./file.md) | Manual | YAML/TOML format |
| [Consul](./consul.md) | KV | KV |
| [Etcd](./etcd.md) | KV | KV |
| [ZooKeeper](./zookeeper.md) | KV | KV |
@@ -169,16 +169,16 @@ but the throttling algorithm applies to each of them independently.
The value of `providers.providersThrottleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers]
providers.providersThrottleDuration = 10s
```
```yaml tab="File (YAML)"
providers:
providersThrottleDuration: 10s
```
```toml tab="File (TOML)"
[providers]
providers.providersThrottleDuration = 10s
```
```bash tab="CLI"
--providers.providersThrottleDuration=10s
```

100
docs/content/providers/rancher.md
View File

@@ -18,15 +18,15 @@ Attach labels to your services and let Traefik do the rest!
Enabling the Rancher provider
```toml tab="File (TOML)"
[providers.rancher]
```
```yaml tab="File (YAML)"
providers:
rancher: {}
```
```toml tab="File (TOML)"
[providers.rancher]
```
```bash tab="CLI"
--providers.rancher=true
```
@@ -48,14 +48,14 @@ See the dedicated section in [routing](../routing/providers/rancher.md).
For an overview of all the options that can be set with the Rancher provider, see the following snippets:
```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml"
```
```yaml tab="File (YAML)"
--8<-- "content/providers/rancher.yml"
```
```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml"
```
```bash tab="CLI"
--8<-- "content/providers/rancher.txt"
```
@@ -69,12 +69,6 @@ If set to `false`, services that do not have a `traefik.enable=true` label are i
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@@ -82,6 +76,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.rancher.exposedByDefault=false
# ...
@@ -102,12 +102,6 @@ and the template has access to all the labels defined on this container.
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@@ -115,6 +109,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@@ -126,12 +126,6 @@ _Optional, Default=true_
Filter out services with unhealthy states and inactive states.
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@@ -139,6 +133,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```bash tab="CLI"
--providers.rancher.enableServiceHealthFilter=false
# ...
@@ -150,12 +150,6 @@ _Optional, Default=15_
Defines the polling interval (in seconds).
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@@ -163,6 +157,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```bash tab="CLI"
--providers.rancher.refreshSeconds=30
# ...
@@ -175,12 +175,6 @@ _Optional, Default=false_
Poll the Rancher metadata service for changes every `rancher.refreshSeconds`,
which is less accurate than the default long polling technique which provides near instantaneous updates to Traefik.
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@@ -188,6 +182,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```bash tab="CLI"
--providers.rancher.intervalPoll=true
# ...
@@ -199,12 +199,6 @@ _Optional, Default="/latest"_
Prefix used for accessing the Rancher metadata service.
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@@ -212,6 +206,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```bash tab="CLI"
--providers.rancher.prefix=/test
# ...
@@ -262,12 +262,6 @@ the usual boolean logic, as shown in examples below.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@@ -275,6 +269,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI"
--providers.rancher.constraints=Label(`a.label.name`,`foo`)
# ...

98
docs/content/providers/redis.md
View File

@@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:6379"_
Defines how to access to Redis.
```toml tab="File (TOML)"
[providers.redis]
endpoints = ["127.0.0.1:6379"]
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -29,6 +24,11 @@ providers:
- "127.0.0.1:6379"
```
```toml tab="File (TOML)"
[providers.redis]
endpoints = ["127.0.0.1:6379"]
```
```bash tab="CLI"
--providers.redis.endpoints=127.0.0.1:6379
```
@@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.redis]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
redis:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.redis]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.redis.rootkey=traefik
```
@@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect with Redis.
```toml tab="File (TOML)"
[providers.redis]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.redis]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.redis.username=foo
```
@@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password to connect with Redis.
```toml tab="File (TOML)"
[providers.redis]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.redis]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.redis.password=foo
```
@@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.redis.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.redis.tls.ca=path/to/ca.crt
```
@@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.redis.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.redis.tls]
caOptional = true
```
```bash tab="CLI"
--providers.redis.tls.caOptional=true
```
@@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.redis.tls.cert=path/to/foo.cert
--providers.redis.tls.key=path/to/foo.key
@@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.redis.tls.cert=path/to/foo.cert
--providers.redis.tls.key=path/to/foo.key
@@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.redis.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
redis:
@@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.redis.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.redis.tls.insecureSkipVerify=true
```

98
docs/content/providers/zookeeper.md
View File

@@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2181"_
Defines how to access to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
endpoints = ["127.0.0.1:2181"]
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -29,6 +24,11 @@ providers:
- "127.0.0.1:2181"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
endpoints = ["127.0.0.1:2181"]
```
```bash tab="CLI"
--providers.zookeeper.endpoints=127.0.0.1:2181
```
@@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.zooKeeper]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.zookeeper.rootkey=traefik
```
@@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect with ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.zookeeper.username=foo
```
@@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password to connect with ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.zookeeper.password=foo
```
@@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.zookeeper.tls.ca=path/to/ca.crt
```
@@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
caOptional = true
```
```bash tab="CLI"
--providers.zookeeper.tls.caOptional=true
```
@@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.zookeeper.tls.cert=path/to/foo.cert
--providers.zookeeper.tls.key=path/to/foo.key
@@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.zookeeper.tls.cert=path/to/foo.cert
--providers.zookeeper.tls.key=path/to/foo.key
@@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Zookeeper accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.zookeeper.tls.insecureSkipVerify=true
```

8
docs/content/reference/dynamic-configuration/file.md
View File

@@ -3,10 +3,10 @@
Dynamic configuration with files
{: .subtitle }
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/dynamic-configuration/file.yaml"
```
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```

28
docs/content/reference/dynamic-configuration/networking.x-k8s.io_gatewayclasses.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: gatewayclasses.networking.x-k8s.io
spec:
@@ -25,7 +25,7 @@ spec:
name: v1alpha1
schema:
openAPIV3Schema:
description: "GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n GatewayClass is a Cluster level resource. \n Support: Core."
description: "GatewayClass describes a class of Gateways available to the user for creating Gateway resources. \n GatewayClass is a Cluster level resource."
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
@@ -36,14 +36,14 @@ spec:
metadata:
type: object
spec:
description: Spec for this GatewayClass.
description: Spec defines the desired state of GatewayClass.
properties:
controller:
description: "Controller is a domain/path string that indicates the controller that is managing Gateways of this class. \n Example: \"acme.io/gateway-controller\". \n This field is not mutable and cannot be empty. \n The format of this field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). \n Support: Core"
maxLength: 253
type: string
parametersRef:
description: "ParametersRef is a controller-specific resource containing the configuration parameters corresponding to this class. This is optional if the controller does not require any additional configuration. \n Parameters resources are implementation specific custom resources. These resources must be cluster-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Custom"
description: "ParametersRef is a reference to a resource that contains the configuration parameters corresponding to the GatewayClass. This is optional if the controller does not require any additional configuration. \n ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap, or an implementation-specific custom resource. The resource can be cluster-scoped or namespace-scoped. \n If the referent cannot be found, the GatewayClass's \"InvalidParameters\" status condition will be true. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -60,6 +60,18 @@ spec:
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace is the namespace of the referent. This field is required when scope is set to "Namespace" and ignored when scope is set to "Cluster".
maxLength: 253
minLength: 1
type: string
scope:
default: Cluster
description: Scope represents if the referent is a Cluster or Namespace scoped resource. This may be set to "Cluster" or "Namespace".
enum:
- Cluster
- Namespace
type: string
required:
- group
- kind
@@ -74,9 +86,9 @@ spec:
- lastTransitionTime: "1970-01-01T00:00:00Z"
message: Waiting for controller
reason: Waiting
status: Unknown
type: InvalidParameters
description: Status of the GatewayClass.
status: "False"
type: Admitted
description: Status defines the current state of GatewayClass.
properties:
conditions:
default:
@@ -85,7 +97,7 @@ spec:
reason: Waiting
status: "False"
type: Admitted
description: Conditions is the current status from the controller for this GatewayClass.
description: "Conditions is the current status from the controller for this GatewayClass. \n Controllers should prefer to publish conditions using values of GatewayClassConditionType for the type of each Condition."
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:

32
docs/content/reference/dynamic-configuration/networking.x-k8s.io_gateways.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: gateways.networking.x-k8s.io
spec:
@@ -36,7 +36,7 @@ spec:
metadata:
type: object
spec:
description: "GatewaySpec defines the desired state of Gateway. \n Not all possible combinations of options specified in the Spec are valid. Some invalid configurations can be caught synchronously via a webhook, but there are many cases that will require asynchronous signaling via the GatewayStatus block."
description: Spec defines the desired state of Gateway.
properties:
addresses:
description: "Addresses requested for this gateway. This is optional and behavior can depend on the GatewayClass. If a value is set in the spec and the requested address is invalid, the GatewayClass MUST indicate this in the associated entry in GatewayStatus.Addresses. \n If no Addresses are specified, the GatewayClass may schedule the Gateway in an implementation-defined manner, assigning an appropriate set of Addresses. \n The GatewayClass MUST bind all Listeners to every GatewayAddress that it assigns to the Gateway. \n Support: Core"
@@ -45,13 +45,13 @@ spec:
properties:
type:
default: IPAddress
description: "Type of the Address. This is either \"IPAddress\" or \"NamedAddress\". \n Support: Extended"
description: "Type of the address. \n Support: Extended"
enum:
- IPAddress
- NamedAddress
type: string
value:
description: 'Value. Examples: "1.2.3.4", "128::1", "my-ip-address". Validity of the values will depend on `Type` and support by the controller.'
description: "Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
maxLength: 253
minLength: 1
type: string
@@ -71,7 +71,7 @@ spec:
description: Listener embodies the concept of a logical endpoint where a Gateway can accept network connections. Each listener in a Gateway must have a unique combination of Hostname, Port, and Protocol. This will be enforced by a validating webhook.
properties:
hostname:
description: "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified or \"*\", all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching. \n Hostname is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: \n 1. IP literals are not allowed. 2. The `:` delimiter is not respected because ports are not allowed. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.example.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. \n Support: Core"
description: "Hostname specifies the virtual hostname to match for protocol types that define this concept. When unspecified, \"\", or `*`, all hostnames are matched. This field can be omitted for protocols that don't require hostname based matching. \n Hostname is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: \n 1. IP literals are not allowed. 2. The `:` delimiter is not respected because ports are not allowed. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). The wildcard character `*` must appear by itself as the first DNS label and matches only a single label. \n Support: Core"
maxLength: 253
minLength: 1
type: string
@@ -94,7 +94,7 @@ spec:
minLength: 1
type: string
kind:
description: "Kind is the kind of the route resource to select. \n Kind MUST correspond to kinds of routes that are compatible with the application protocol specified in the Listener's Protocol field. \n If an implementation does not support or recognize this resource type, it SHOULD raise a \"ConditionInvalidRoutes\" condition for the affected Listener. \n Support: Core"
description: "Kind is the kind of the route resource to select. \n Kind MUST correspond to kinds of routes that are compatible with the application protocol specified in the Listener's Protocol field. \n If an implementation does not support or recognize this resource type, it SHOULD set the \"ResolvedRefs\" condition to false for this listener with the \"InvalidRoutesRef\" reason. \n Support: Core"
type: string
namespaces:
default:
@@ -102,6 +102,7 @@ spec:
description: "Namespaces indicates in which namespaces Routes should be selected for this Gateway. This is restricted to the namespace of this Gateway by default. \n Support: Core"
properties:
from:
default: Same
description: "From indicates where Routes will be selected for this Gateway. Possible values are: * All: Routes in all namespaces may be used by this Gateway. * Selector: Routes in namespaces selected by the selector may be used by this Gateway. * Same: Only Routes in the same namespace may be used by this Gateway. \n Support: Core"
enum:
- All
@@ -140,7 +141,7 @@ spec:
type: object
type: object
selector:
description: "Selector specifies a set of route labels used for selecting routes to associate with the Gateway. If RouteSelector is defined, only routes matching the RouteSelector are associated with the Gateway. An empty RouteSelector matches all routes. \n Support: Core"
description: "Selector specifies a set of route labels used for selecting routes to associate with the Gateway. If this Selector is defined, only routes matching the Selector are associated with the Gateway. An empty Selector matches all routes. \n Support: Core"
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
@@ -176,7 +177,7 @@ spec:
description: "TLS is the TLS configuration for the Listener. This field is required if the Protocol field is \"HTTPS\" or \"TLS\" and ignored otherwise. \n The association of SNIs to Certificate defined in GatewayTLSConfig is defined based on the Hostname field for this listener. \n The GatewayClass MUST use the longest matching SNI out of all available certificates for any TLS handshake. \n Support: Core"
properties:
certificateRef:
description: 'CertificateRef is the reference to Kubernetes object that contain a TLS certificate and private key. This certificate MUST be used for TLS handshakes for the domain this GatewayTLSConfig is associated with. If an entry in this list omits or specifies the empty string for both the group and the resource, the resource defaults to "secrets". An implementation may support other resources (for example, resource "mycertificates" in group "networking.acme.io"). Support: Core (Kubernetes Secrets) Support: Implementation-specific (Other resource types)'
description: "CertificateRef is the reference to Kubernetes object that contain a TLS certificate and private key. This certificate MUST be used for TLS handshakes for the domain this GatewayTLSConfig is associated with. \n This field is required when mode is set to \"Terminate\" (default) and optional otherwise. \n If an entry in this list omits or specifies the empty string for both the group and the resource, the resource defaults to \"secrets\". An implementation may support other resources (for example, resource \"mycertificates\" in group \"networking.acme.io\"). \n Support: Core (Kubernetes Secrets) \n Support: Implementation-specific (Other resource types)"
properties:
group:
description: Group is the group of the referent.
@@ -199,7 +200,8 @@ spec:
- name
type: object
mode:
description: 'Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can''t decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRef field is ignored in this mode.'
default: Terminate
description: "Mode defines the TLS behavior for the TLS session initiated by the client. There are two possible modes: - Terminate: The TLS session between the downstream client and the Gateway is terminated at the Gateway. This mode requires certificateRef to be set. - Passthrough: The TLS session is NOT terminated by the Gateway. This implies that the Gateway can't decipher the TLS stream except for the ClientHello message of the TLS protocol. CertificateRef field is ignored in this mode. \n Support: Core"
enum:
- Terminate
- Passthrough
@@ -207,12 +209,12 @@ spec:
options:
additionalProperties:
type: string
description: "Options are a list of key/value pairs to give extended options to the provider. \n There variation among providers as to how ciphersuites are expressed. If there is a common subset for expressing ciphers then it will make sense to loft that as a core API construct. \n Support: Implementation-specific."
description: "Options are a list of key/value pairs to give extended options to the provider. \n There variation among providers as to how ciphersuites are expressed. If there is a common subset for expressing ciphers then it will make sense to loft that as a core API construct. \n Support: Implementation-specific"
type: object
routeOverride:
default:
certificate: Deny
description: "RouteOverride dictates if TLS settings can be configured via Routes or not. \n CertificateRef must be defined even if `routeOverride.certificate` is set to 'Allow' as it will be used as the default certificate for the listener."
description: "RouteOverride dictates if TLS settings can be configured via Routes or not. \n CertificateRef must be defined even if `routeOverride.certificate` is set to 'Allow' as it will be used as the default certificate for the listener. \n Support: Core"
properties:
certificate:
default: Deny
@@ -221,8 +223,6 @@ spec:
- Allow
- Deny
type: string
required:
- certificate
type: object
type: object
required:
@@ -245,7 +245,7 @@ spec:
reason: NotReconciled
status: "False"
type: Scheduled
description: GatewayStatus defines the observed state of Gateway.
description: Status defines the current state of Gateway.
properties:
addresses:
description: "Addresses lists the IP addresses that have actually been bound to the Gateway. These addresses may differ from the addresses in the Spec, e.g. if the Gateway automatically assigns an address from a reserved pool. \n These addresses should all be of type \"IPAddress\"."
@@ -254,13 +254,13 @@ spec:
properties:
type:
default: IPAddress
description: "Type of the Address. This is either \"IPAddress\" or \"NamedAddress\". \n Support: Extended"
description: "Type of the address. \n Support: Extended"
enum:
- IPAddress
- NamedAddress
type: string
value:
description: 'Value. Examples: "1.2.3.4", "128::1", "my-ip-address". Validity of the values will depend on `Type` and support by the controller.'
description: "Value of the address. The validity of the values will depend on the type and support by the controller. \n Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
maxLength: 253
minLength: 1
type: string

70
docs/content/reference/dynamic-configuration/networking.x-k8s.io_httproutes.yaml
View File

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: httproutes.networking.x-k8s.io
spec:
@@ -34,7 +34,7 @@ spec:
metadata:
type: object
spec:
description: HTTPRouteSpec defines the desired state of HTTPRoute
description: Spec defines the desired state of HTTPRoute.
properties:
gateways:
default:
@@ -71,7 +71,7 @@ spec:
type: array
type: object
hostnames:
description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: \n 1. IPs are not allowed. 2. The `:` delimiter is not respected because ports are not allowed. \n Incoming requests are matched against the hostnames before the HTTPRoute rules. If no hostname is specified, traffic is routed based on the HTTPRouteRules. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. \"*.example.com\"). The wildcard character '*' must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == \"*\"). Requests will be matched against the Host field in the following order: 1. If Host is precise, the request matches this rule if the http host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the http host header is to equal to the suffix (removing the first label) of the wildcard rule. \n Support: Core"
description: "Hostnames defines a set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. Hostname is the fully qualified domain name of a network host, as defined by RFC 3986. Note the following deviations from the \"host\" part of the URI as defined in the RFC: \n 1. IPs are not allowed. 2. The `:` delimiter is not respected because ports are not allowed. \n Incoming requests are matched against the hostnames before the HTTPRoute rules. If no hostname is specified, traffic is routed based on the HTTPRouteRules. \n Hostname can be \"precise\" which is a domain name without the terminating dot of a network host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain name prefixed with a single wildcard label (e.g. `*.example.com`). The wildcard character `*` must appear by itself as the first DNS label and matches only a single label. You cannot have a wildcard label by itself (e.g. Host == `*`). Requests will be matched against the Host field in the following order: \n 1. If Host is precise, the request matches this rule if the HTTP Host header is equal to Host. 2. If Host is a wildcard, then the request matches this rule if the HTTP Host header is to equal to the suffix (removing the first label) of the wildcard rule. \n Support: Core"
items:
description: Hostname is used to specify a hostname that should be matched.
maxLength: 253
@@ -80,12 +80,17 @@ spec:
maxItems: 16
type: array
rules:
default:
- matches:
- path:
type: Prefix
value: /
description: Rules are a list of HTTP matchers, filters and actions.
items:
description: HTTPRouteRule defines semantics for matching an HTTP request based on conditions, optionally executing additional processing steps, and forwarding the request to an API object.
properties:
filters:
description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or custom conformance. \n Support: core"
description: "Filters define the filters that are applied to requests that match this rule. \n The effects of ordering of multiple behaviors are currently unspecified. This can change in the future based on feedback during the alpha stage. \n Conformance-levels at this level are defined based on the type of filter: \n - ALL core filters MUST be supported by all implementations. - Implementers are encouraged to support extended filters. - Implementation-specific custom filters have no API guarantees across implementations. \n Specifying a core filter multiple times has unspecified or custom conformance. \n Support: Core"
items:
description: 'HTTPRouteFilter defines additional processing steps that must be completed during the request or response lifecycle. HTTPRouteFilters are meant as an extension point to express additional processing that may be done in Gateway implementations. Some examples include request or response modification, implementing authentication strategies, rate-limiting, and traffic shaping. API guarantee/conformance is defined based on the type of the filter. TODO(hbagdi): re-render CRDs once controller-tools supports union tags: - https://github.com/kubernetes-sigs/controller-tools/pull/298 - https://github.com/kubernetes-sigs/controller-tools/issues/461'
properties:
@@ -118,14 +123,19 @@ spec:
add:
additionalProperties:
type: string
description: "Add adds the given header (name, value) to the request before the action. \n Input: GET /foo HTTP/1.1 \n Config: add: {\"my-header\": \"foo\"} \n Output: GET /foo HTTP/1.1 my-header: foo \n Support: Extended"
description: "Add adds the given header (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar \n Support: Extended"
type: object
remove:
description: "Remove the given header(s) from the HTTP request before the action. The value of RemoveHeader is a list of HTTP header names. Note that the header names are case-insensitive [RFC-2616 4.2]. \n Input: GET /foo HTTP/1.1 My-Header1: ABC My-Header2: DEF My-Header2: GHI \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 My-Header2: DEF \n Support: Extended"
description: "Remove the given header(s) from the HTTP request before the action. The value of RemoveHeader is a list of HTTP header names. Note that the header names are case-insensitive [RFC-2616 4.2]. \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar \n Support: Extended"
items:
type: string
maxItems: 16
type: array
set:
additionalProperties:
type: string
description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: bar \n Support: Extended"
type: object
type: object
requestMirror:
description: "RequestMirror defines a schema for a filter that mirrors requests. \n Support: Extended"
@@ -154,7 +164,7 @@ spec:
- name
type: object
port:
description: Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field.
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. \n If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName."
format: int32
maximum: 65535
minimum: 1
@@ -163,8 +173,6 @@ spec:
description: "ServiceName refers to the name of the Service to mirror matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Core"
maxLength: 253
type: string
required:
- port
type: object
type:
description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Custom: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior."
@@ -184,7 +192,7 @@ spec:
description: HTTPRouteForwardTo defines how a HTTPRoute should forward a request.
properties:
backendRef:
description: "BackendRef is a reference to a backend to forward matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the route must be dropped from the Gateway. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DroppedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
description: "BackendRef is a reference to a backend to forward matched requests to. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the route must be dropped from the Gateway. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -240,14 +248,19 @@ spec:
add:
additionalProperties:
type: string
description: "Add adds the given header (name, value) to the request before the action. \n Input: GET /foo HTTP/1.1 \n Config: add: {\"my-header\": \"foo\"} \n Output: GET /foo HTTP/1.1 my-header: foo \n Support: Extended"
description: "Add adds the given header (name, value) to the request before the action. It appends to any existing values associated with the header name. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: add: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: foo my-header: bar \n Support: Extended"
type: object
remove:
description: "Remove the given header(s) from the HTTP request before the action. The value of RemoveHeader is a list of HTTP header names. Note that the header names are case-insensitive [RFC-2616 4.2]. \n Input: GET /foo HTTP/1.1 My-Header1: ABC My-Header2: DEF My-Header2: GHI \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 My-Header2: DEF \n Support: Extended"
description: "Remove the given header(s) from the HTTP request before the action. The value of RemoveHeader is a list of HTTP header names. Note that the header names are case-insensitive [RFC-2616 4.2]. \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: bar my-header3: baz \n Config: remove: [\"my-header1\", \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: bar \n Support: Extended"
items:
type: string
maxItems: 16
type: array
set:
additionalProperties:
type: string
description: "Set overwrites the request with the given header (name, value) before the action. \n Input: GET /foo HTTP/1.1 my-header: foo \n Config: set: {\"my-header\": \"bar\"} \n Output: GET /foo HTTP/1.1 my-header: bar \n Support: Extended"
type: object
type: object
requestMirror:
description: "RequestMirror defines a schema for a filter that mirrors requests. \n Support: Extended"
@@ -276,7 +289,7 @@ spec:
- name
type: object
port:
description: Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field.
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. \n If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName."
format: int32
maximum: 65535
minimum: 1
@@ -285,8 +298,6 @@ spec:
description: "ServiceName refers to the name of the Service to mirror matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Core"
maxLength: 253
type: string
required:
- port
type: object
type:
description: "Type identifies the type of filter to apply. As with other API fields, types are classified into three conformance levels: \n - Core: Filter types and their corresponding configuration defined by \"Support: Core\" in this package, e.g. \"RequestHeaderModifier\". All implementations must support core filters. \n - Extended: Filter types and their corresponding configuration defined by \"Support: Extended\" in this package, e.g. \"RequestMirror\". Implementers are encouraged to support extended filters. \n - Custom: Filters that are defined and supported by specific vendors. In the future, filters showing convergence in behavior across multiple implementations will be considered for inclusion in extended or core conformance levels. Filter-specific configuration for such filters is specified using the ExtensionRef field. `Type` should be set to \"ExtensionRef\" for custom filters. \n Implementers are encouraged to define custom implementation types to extend the core API with implementation-specific behavior."
@@ -301,13 +312,13 @@ spec:
maxItems: 16
type: array
port:
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. \n Support: Core"
description: "Port specifies the destination port number to use for the backend referenced by the ServiceName or BackendRef field. If unspecified, the destination port in the request is used when forwarding to a backendRef or serviceName. \n Support: Core"
format: int32
maximum: 65535
minimum: 1
type: integer
serviceName:
description: "ServiceName refers to the name of the Service to forward matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the route must be dropped from the Gateway. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DroppedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n The protocol to use should be specified with the AppProtocol field on Service resources. This field was introduced in Kubernetes 1.18. If using an earlier version of Kubernetes, a `networking.x-k8s.io/app-protocol` annotation on the BackendPolicy resource may be used to define the protocol. If the AppProtocol field is available, this annotation should not be used. The AppProtocol field, when populated, takes precedence over the annotation in the BackendPolicy resource. For custom backends, it is encouraged to add a semantically-equivalent field in the Custom Resource Definition. \n Support: Core"
description: "ServiceName refers to the name of the Service to forward matched requests to. When specified, this takes the place of BackendRef. If both BackendRef and ServiceName are specified, ServiceName will be given precedence. \n If the referent cannot be found, the route must be dropped from the Gateway. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n The protocol to use should be specified with the AppProtocol field on Service resources. This field was introduced in Kubernetes 1.18. If using an earlier version of Kubernetes, a `networking.x-k8s.io/app-protocol` annotation on the BackendPolicy resource may be used to define the protocol. If the AppProtocol field is available, this annotation should not be used. The AppProtocol field, when populated, takes precedence over the annotation in the BackendPolicy resource. For custom backends, it is encouraged to add a semantically-equivalent field in the Custom Resource Definition. \n Support: Core"
maxLength: 253
type: string
weight:
@@ -317,22 +328,20 @@ spec:
maximum: 1000000
minimum: 0
type: integer
required:
- port
type: object
maxItems: 4
maxItems: 16
type: array
matches:
default:
- path:
type: Prefix
value: /
description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: values: version: \"2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request should satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: \"2\"` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n A client request may match multiple HTTP route rules. Matching precedence MUST be determined in order of the following criteria, continuing on ties: * The longest matching hostname. * The longest matching path. * The largest number of header matches * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * The Route appearing first in alphabetical order (namespace/name) for example, foo/bar is given precedence over foo/baz."
description: "Matches define conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. \n For example, take the following matches configuration: \n ``` matches: - path: value: \"/foo\" headers: values: version: \"2\" - path: value: \"/v2/foo\" ``` \n For a request to match against this rule, a request should satisfy EITHER of the two conditions: \n - path prefixed with `/foo` AND contains the header `version: \"2\"` - path prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch on how to specify multiple match conditions that should be ANDed together. \n If no matches are specified, the default is a prefix path match on \"/\", which has the effect of matching every HTTP request. \n A client request may match multiple HTTP route rules. Matching precedence MUST be determined in order of the following criteria, continuing on ties: \n * The longest matching hostname. * The longest matching path. * The largest number of header matches * The oldest Route based on creation timestamp. For example, a Route with a creation timestamp of \"2020-09-08 01:02:03\" is given precedence over a Route with a creation timestamp of \"2020-09-08 01:02:04\". * The Route appearing first in alphabetical order (namespace/name) for example, foo/bar is given precedence over foo/baz."
items:
description: "HTTPRouteMatch defines the predicate used to match requests to a given action. Multiple match types are ANDed together, i.e. the match will evaluate to true only if all conditions are satisfied. \n For example, the match below will match a HTTP request only if its path starts with `/foo` AND it contains the `version: \"1\"` header: \n ``` match: path: value: \"/foo\" headers: values: version: \"1\" ```"
properties:
extensionRef:
description: "ExtensionRef is an optional, implementation-specific extension to the \"match\" behavior. For example, resource \"myroutematcher\" in group \"networking.acme.io\". If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: custom"
description: "ExtensionRef is an optional, implementation-specific extension to the \"match\" behavior. For example, resource \"myroutematcher\" in group \"networking.acme.io\". If the referent cannot be found, the rule is not included in the route. The controller should raise the \"ResolvedRefs\" condition on the Gateway with the \"DegradedRoutes\" reason. The gateway status for this route should be updated with a condition that describes the error more specifically. \n Support: Custom"
properties:
group:
description: Group is the group of the referent.
@@ -359,7 +368,7 @@ spec:
properties:
type:
default: Exact
description: "Type specifies how to match against the value of the header. \n Support: core (Exact) Support: custom (RegularExpression, ImplementationSpecific) \n Since RegularExpression PathType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect. \n HTTP Header name matching MUST be case-insensitive (RFC 2616 - section 4.2)."
description: "Type specifies how to match against the value of the header. \n Support: Core (Exact) \n Support: Custom (RegularExpression, ImplementationSpecific) \n Since RegularExpression PathType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect. \n HTTP Header name matching MUST be case-insensitive (RFC 2616 - section 4.2)."
enum:
- Exact
- RegularExpression
@@ -381,7 +390,7 @@ spec:
properties:
type:
default: Prefix
description: "Type specifies how to match against the path Value. \n Support: core (Exact, Prefix) Support: custom (RegularExpression, ImplementationSpecific) \n Since RegularExpression PathType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
description: "Type specifies how to match against the path Value. \n Support: Core (Exact, Prefix) \n Support: Custom (RegularExpression, ImplementationSpecific) \n Since RegularExpression PathType has custom conformance, implementations can support POSIX, PCRE or any other dialects of regular expressions. Please read the implementation's documentation to determine the supported dialect."
enum:
- Exact
- Prefix
@@ -400,13 +409,12 @@ spec:
type: array
type: object
maxItems: 16
minItems: 1
type: array
tls:
description: "TLS defines the TLS certificate to use for Hostnames defined in this Route. This configuration only takes effect if the AllowRouteOverride field is set to true in the associated Gateway resource. \n Collisions can happen if multiple HTTPRoutes define a TLS certificate for the same hostname. In such a case, conflict resolution guiding principles apply, specificallly, if hostnames are same and two different certificates are specified then the certificate in the oldest resource wins. \n Please note that HTTP Route-selection takes place after the TLS Handshake (ClientHello). Due to this, TLS certificate defined here will take precedence even if the request has the potential to match multiple routes (in case multiple HTTPRoutes share the same hostname). \n Support: Core"
description: "TLS defines the TLS certificate to use for Hostnames defined in this Route. This configuration only takes effect if the AllowRouteOverride field is set to true in the associated Gateway resource. \n Collisions can happen if multiple HTTPRoutes define a TLS certificate for the same hostname. In such a case, conflict resolution guiding principles apply, specifically, if hostnames are same and two different certificates are specified then the certificate in the oldest resource wins. \n Please note that HTTP Route-selection takes place after the TLS Handshake (ClientHello). Due to this, TLS certificate defined here will take precedence even if the request has the potential to match multiple routes (in case multiple HTTPRoutes share the same hostname). \n Support: Core"
properties:
certificateRef:
description: 'CertificateRef refers to a Kubernetes object that contains a TLS certificate and private key. This certificate MUST be used for TLS handshakes for the domain this RouteTLSConfig is associated with. If an entry in this list omits or specifies the empty string for both the group and kind, the resource defaults to "secrets". An implementation may support other resources (for example, resource "mycertificates" in group "networking.acme.io"). Support: Core (Kubernetes Secrets) Support: Implementation-specific (Other resource types)'
description: "CertificateRef refers to a Kubernetes object that contains a TLS certificate and private key. This certificate MUST be used for TLS handshakes for the domain this RouteTLSConfig is associated with. If an entry in this list omits or specifies the empty string for both the group and kind, the resource defaults to \"secrets\". An implementation may support other resources (for example, resource \"mycertificates\" in group \"networking.acme.io\"). \n Support: Core (Kubernetes Secrets) \n Support: Implementation-specific (Other resource types)"
properties:
group:
description: Group is the group of the referent.
@@ -431,19 +439,17 @@ spec:
required:
- certificateRef
type: object
required:
- rules
type: object
status:
description: HTTPRouteStatus defines the observed state of HTTPRoute.
description: Status defines the current state of HTTPRoute.
properties:
gateways:
description: "Gateways is a list of the Gateways that are associated with the route, and the status of the route with respect to each of these Gateways. When a Gateway selects this route, the controller that manages the Gateway should add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route is modified. \n A maximum of 100 Gateways will be represented in this list. If this list is full, there may be additional Gateways using this Route that are not included in the list."
description: "Gateways is a list of Gateways that are associated with the route, and the status of the route with respect to each Gateway. When a Gateway selects this route, the controller that manages the Gateway must add an entry to this list when the controller first sees the route and should update the entry as appropriate when the route is modified. \n A maximum of 100 Gateways will be represented in this list. If this list is full, there may be additional Gateways using this Route that are not included in the list. An empty list means the route has not been admitted by any Gateway."
items:
description: RouteGatewayStatus describes the status of a route with respect to an associated Gateway.
properties:
conditions:
description: Conditions describes the status of the route with respect to the Gateway. For example, the "Admitted" condition indicates whether the route has been admitted or rejected by the Gateway, and why. Note that the route's availability is also subject to the Gateway's own status conditions and listener status.
description: Conditions describes the status of the route with respect to the Gateway. The "Admitted" condition must always be specified by controllers to indicate whether the route has been admitted or rejected by the Gateway, and why. Note that the route's availability is also subject to the Gateway's own status conditions and listener status.
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:

11
docs/content/reference/static-configuration/cli-ref.md
View File

@@ -184,7 +184,7 @@ plugin's module name.
plugin's version.
`--global.checknewversion`:
Periodically check if a new version has been released. (Default: ```false```)
Periodically check if a new version has been released. (Default: ```true```)
`--global.sendanonymoususage`:
Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
@@ -294,6 +294,9 @@ Prefix to use for metrics collection. (Default: ```traefik```)
`--metrics.statsd.pushinterval`:
StatsD push interval. (Default: ```10```)
`--pilot.dashboard`:
Enable Traefik Pilot in the dashboard. (Default: ```true```)
`--pilot.token`:
Traefik Pilot token.
@@ -514,7 +517,7 @@ KV Username
Enable debug logging of generated configuration template. (Default: ```false```)
`--providers.file.directory`:
Load dynamic configuration from one or more .toml or .yml files in a directory.
Load dynamic configuration from one or more .yml or .toml files in a directory.
`--providers.file.filename`:
Load dynamic configuration from a file.
@@ -694,7 +697,7 @@ Display additional provider logs. (Default: ```false```)
Watch provider. (Default: ```true```)
`--providers.providersthrottleduration`:
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```0```)
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```2```)
`--providers.rancher`:
Enable Rancher backend with default settings. (Default: ```false```)
@@ -802,7 +805,7 @@ The amount of time to wait for a server's response headers after fully writing t
Disable SSL certificate verification. (Default: ```false```)
`--serverstransport.maxidleconnsperhost`:
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```0```)
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```200```)
`--serverstransport.rootcas`:
Add cert file for self-signed certificate.

11
docs/content/reference/static-configuration/env-ref.md
View File

@@ -184,7 +184,7 @@ plugin's module name.
plugin's version.
`TRAEFIK_GLOBAL_CHECKNEWVERSION`:
Periodically check if a new version has been released. (Default: ```false```)
Periodically check if a new version has been released. (Default: ```true```)
`TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:
Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
@@ -294,6 +294,9 @@ Prefix to use for metrics collection. (Default: ```traefik```)
`TRAEFIK_METRICS_STATSD_PUSHINTERVAL`:
StatsD push interval. (Default: ```10```)
`TRAEFIK_PILOT_DASHBOARD`:
Enable Traefik Pilot in the dashboard. (Default: ```true```)
`TRAEFIK_PILOT_TOKEN`:
Traefik Pilot token.
@@ -514,7 +517,7 @@ KV Username
Enable debug logging of generated configuration template. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DIRECTORY`:
Load dynamic configuration from one or more .toml or .yml files in a directory.
Load dynamic configuration from one or more .yml or .toml files in a directory.
`TRAEFIK_PROVIDERS_FILE_FILENAME`:
Load dynamic configuration from a file.
@@ -694,7 +697,7 @@ Display additional provider logs. (Default: ```false```)
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_PROVIDERSTHROTTLEDURATION`:
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```0```)
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```2```)
`TRAEFIK_PROVIDERS_RANCHER`:
Enable Rancher backend with default settings. (Default: ```false```)
@@ -802,7 +805,7 @@ The amount of time to wait for a server's response headers after fully writing t
Disable SSL certificate verification. (Default: ```false```)
`TRAEFIK_SERVERSTRANSPORT_MAXIDLECONNSPERHOST`:
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```0```)
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```200```)
`TRAEFIK_SERVERSTRANSPORT_ROOTCAS`:
Add cert file for self-signed certificate.

8
docs/content/reference/static-configuration/file.md
View File

@@ -1,9 +1,9 @@
# Static Configuration: File
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/static-configuration/file.yaml"
```
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```

1
docs/content/reference/static-configuration/file.toml
View File

@@ -378,6 +378,7 @@
[pilot]
token = "foobar"
dashboard = true
[experimental]
kubernetesGateway = true

1
docs/content/reference/static-configuration/file.yaml
View File

@@ -399,6 +399,7 @@ certificatesResolvers:
tlsChallenge: {}
pilot:
token: foobar
dashboard: true
experimental:
kubernetesGateway: true
plugins:

618
docs/content/routing/entrypoints.md
View File

@@ -13,20 +13,20 @@ and whether to listen for TCP or UDP.
??? example "Port 80 only"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@@ -34,28 +34,28 @@ and whether to listen for TCP or UDP.
We define an `entrypoint` called `web` that will listen on port `80`.
??? example "Port 80 & 443"
??? example "Port 80 & 443"
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@@ -63,17 +63,10 @@ and whether to listen for TCP or UDP.
```
- Two entrypoints are defined: one called `web`, and the other called `websecure`.
- `web` listens on port `80`, and `websecure` on port `443`.
- `web` listens on port `80`, and `websecure` on port `443`.
??? example "UDP on port 1704"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.streaming]
address = ":1704/udp"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -81,6 +74,13 @@ and whether to listen for TCP or UDP.
address: ":1704/udp"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.streaming]
address = ":1704/udp"
```
```bash tab="CLI"
## Static configuration
--entryPoints.streaming.address=:1704/udp
@@ -91,31 +91,10 @@ and whether to listen for TCP or UDP.
### General
EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
They can be defined by using a file (TOML or YAML) or CLI arguments.
They can be defined by using a file (YAML or TOML) or CLI arguments.
??? info "See the complete reference for the list of available options"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888" # same as ":8888/tcp"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.name.proxyProtocol]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
[entryPoints.name.forwardedHeaders]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -140,7 +119,28 @@ They can be defined by using a file (TOML or YAML) or CLI arguments.
- "127.0.0.1"
- "192.168.0.1"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888" # same as ":8888/tcp"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.name.proxyProtocol]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
[entryPoints.name.forwardedHeaders]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888 # same as :8888/tcp
@@ -170,15 +170,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
??? example "Both TCP and UDP on Port 3179"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.tcpep]
address = ":3179"
[entryPoints.udpep]
address = ":3179/udp"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -188,6 +179,15 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
address: ":3179/udp"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.tcpep]
address = ":3179"
[entryPoints.udpep]
address = ":3179/udp"
```
```bash tab="CLI"
## Static configuration
--entryPoints.tcpep.address=:3179
@@ -196,13 +196,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
??? example "Listen on Specific IP Addresses Only"
```toml tab="File (TOML)"
[entryPoints.specificIPv4]
address = "192.168.2.7:8888"
[entryPoints.specificIPv6]
address = "[2001:db8::1]:8888"
```
```yaml tab="File (yaml)"
entryPoints:
specificIPv4:
@@ -210,12 +203,19 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
specificIPv6:
address: "[2001:db8::1]:8888"
```
```toml tab="File (TOML)"
[entryPoints.specificIPv4]
address = "192.168.2.7:8888"
[entryPoints.specificIPv6]
address = "[2001:db8::1]:8888"
```
```bash tab="CLI"
--entrypoints.specificIPv4.address=192.168.2.7:8888
--entrypoints.specificIPv6.address=[2001:db8::1]:8888
```
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
### Forwarded Headers
@@ -223,19 +223,9 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`).
??? info "`forwardedHeaders.trustedIPs`"
Trusting Forwarded Headers from specific IPs.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -246,7 +236,17 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
- "127.0.0.1/32"
- "192.168.1.7"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@@ -254,19 +254,9 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
```
??? info "`forwardedHeaders.insecure`"
Insecure Mode (Always Trusting Forwarded Headers).
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
insecure = true
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -275,7 +265,17 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
forwardedHeaders:
insecure: true
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
insecure = true
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@@ -290,25 +290,15 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
Setting them has no effect for UDP entryPoints.
??? info "`transport.respondingTimeouts.readTimeout`"
_Optional, Default=0s_
`readTimeout` is the maximum duration for reading the entire request, including the body.
`readTimeout` is the maximum duration for reading the entire request, including the body.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -318,24 +308,7 @@ Setting them has no effect for UDP entryPoints.
respondingTimeouts:
readTimeout: 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
```
??? info "`transport.respondingTimeouts.writeTimeout`"
_Optional, Default=0s_
`writeTimeout` is the maximum duration before timing out writes of the response.
It covers the time from the end of the request header read to the end of the response write.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
@@ -343,9 +316,26 @@ Setting them has no effect for UDP entryPoints.
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
writeTimeout = 42
readTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
```
??? info "`transport.respondingTimeouts.writeTimeout`"
_Optional, Default=0s_
`writeTimeout` is the maximum duration before timing out writes of the response.
It covers the time from the end of the request header read to the end of the response write.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -355,23 +345,7 @@ Setting them has no effect for UDP entryPoints.
respondingTimeouts:
writeTimeout: 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
```
??? info "`transport.respondingTimeouts.idleTimeout`"
_Optional, Default=180s_
`idleTimeout` is the maximum duration an idle (keep-alive) connection will remain idle before closing itself.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
@@ -379,9 +353,25 @@ Setting them has no effect for UDP entryPoints.
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
idleTimeout = 42
writeTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
```
??? info "`transport.respondingTimeouts.idleTimeout`"
_Optional, Default=180s_
`idleTimeout` is the maximum duration an idle (keep-alive) connection will remain idle before closing itself.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -391,7 +381,17 @@ Setting them has no effect for UDP entryPoints.
respondingTimeouts:
idleTimeout: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
idleTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
@@ -403,27 +403,17 @@ Setting them has no effect for UDP entryPoints.
Controls the behavior of Traefik during the shutdown phase.
??? info "`lifeCycle.requestAcceptGraceTimeout`"
_Optional, Default=0s_
Duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `graceTimeOut` option).
This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
The zero duration disables the request accepting grace period, i.e., Traefik will immediately proceed to the grace period.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -433,25 +423,7 @@ Controls the behavior of Traefik during the shutdown phase.
lifeCycle:
requestAcceptGraceTimeout: 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
```
??? info "`lifeCycle.graceTimeOut`"
_Optional, Default=10s_
Duration to give active requests a chance to finish before Traefik stops.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
!!! warning "In this time frame no new requests are accepted."
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
@@ -459,9 +431,27 @@ Controls the behavior of Traefik during the shutdown phase.
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
graceTimeOut = 42
requestAcceptGraceTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
```
??? info "`lifeCycle.graceTimeOut`"
_Optional, Default=10s_
Duration to give active requests a chance to finish before Traefik stops.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
!!! warning "In this time frame no new requests are accepted."
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -471,7 +461,17 @@ Controls the behavior of Traefik during the shutdown phase.
lifeCycle:
graceTimeOut: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
graceTimeOut = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
@@ -486,20 +486,10 @@ If Proxy Protocol header parsing is enabled for the entry point, this entry poin
If the Proxy Protocol header is passed, then the version is determined automatically.
??? info "`proxyProtocol.trustedIPs`"
??? info "`proxyProtocol.trustedIPs`"
Enabling Proxy Protocol with Trusted IPs.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -510,7 +500,17 @@ If the Proxy Protocol header is passed, then the version is determined automatic
- "127.0.0.1/32"
- "192.168.1.7"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7
@@ -521,20 +521,10 @@ If the Proxy Protocol header is passed, then the version is determined automatic
??? info "`proxyProtocol.insecure`"
Insecure Mode (Testing Environment Only).
In a test environments, you can configure Traefik to trust every incoming connection.
Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
insecure = true
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@@ -543,7 +533,17 @@ If the Proxy Protocol header is passed, then the version is determined automatic
proxyProtocol:
insecure: true
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
insecure = true
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure
@@ -561,21 +561,7 @@ This whole section is dedicated to options, keyed by entry point, that will appl
### Redirection
??? example "HTTPS redirection (80 to 443)"
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)"
entryPoints:
web:
@@ -585,11 +571,25 @@ This whole section is dedicated to options, keyed by entry point, that will appl
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
```
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entryPoint.to=websecure
@@ -602,22 +602,14 @@ This whole section is dedicated to options, keyed by entry point, that will appl
This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`) or an explicit port (`:443`).
??? info "`entryPoint.to`"
_Required_
The target element, it can be:
- an entry point name (ex: `websecure`)
- a port (`:443`)
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
to = "websecure"
```
```yaml tab="File (YAML)"
entryPoints:
foo:
@@ -627,26 +619,25 @@ This section is a convenience to enable (permanent) redirecting of all incoming
entryPoint:
to: websecure
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.to=websecure
```
??? info "`entryPoint.scheme`"
_Optional, Default="https"_
The redirection target scheme.
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
scheme = "https"
to = "websecure"
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.to=websecure
```
??? info "`entryPoint.scheme`"
_Optional, Default="https"_
The redirection target scheme.
```yaml tab="File (YAML)"
entryPoints:
foo:
@@ -657,16 +648,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
# ...
scheme: https
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.scheme=https
```
??? info "`entryPoint.permanent`"
_Optional, Default=true_
To apply a permanent redirection.
```toml tab="File (TOML)"
[entryPoints.foo]
@@ -674,9 +655,19 @@ This section is a convenience to enable (permanent) redirecting of all incoming
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
permanent = true
scheme = "https"
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.scheme=https
```
??? info "`entryPoint.permanent`"
_Optional, Default=true_
To apply a permanent redirection.
```yaml tab="File (YAML)"
entryPoints:
foo:
@@ -687,16 +678,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
# ...
permanent: true
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.permanent=true
```
??? info "`entryPoint.priority`"
_Optional, Default=1_
Priority of the generated router.
```toml tab="File (TOML)"
[entryPoints.foo]
@@ -704,9 +685,19 @@ This section is a convenience to enable (permanent) redirecting of all incoming
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
priority = 10
permanent = true
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.permanent=true
```
??? info "`entryPoint.priority`"
_Optional, Default=1_
Priority of the generated router.
```yaml tab="File (YAML)"
entryPoints:
foo:
@@ -717,7 +708,16 @@ This section is a convenience to enable (permanent) redirecting of all incoming
# ...
priority: 10
```
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
priority = 10
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.priority=10
```
@@ -726,14 +726,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point.
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
middlewares = ["auth@file", "strip@file"]
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
@@ -744,6 +736,14 @@ entryPoints:
- strip@file
```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
middlewares = ["auth@file", "strip@file"]
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.middlewares=auth@file,strip@file
@@ -757,21 +757,6 @@ If a TLS section (i.e. any of its fields) is user-defined, then the default conf
The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls).
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
options = "foobar"
certResolver = "leresolver"
[[entryPoints.websecure.http.tls.domains]]
main = "example.com"
sans = ["foo.example.com", "bar.example.com"]
[[entryPoints.websecure.http.tls.domains]]
main = "test.com"
sans = ["foo.test.com", "bar.test.com"]
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
@@ -791,6 +776,21 @@ entryPoints:
- bar.test.com
```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
options = "foobar"
certResolver = "leresolver"
[[entryPoints.websecure.http.tls.domains]]
main = "example.com"
sans = ["foo.example.com", "bar.example.com"]
[[entryPoints.websecure.http.tls.domains]]
main = "test.com"
sans = ["foo.test.com", "bar.test.com"]
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.options=foobar
@@ -802,15 +802,7 @@ entryPoints:
```
??? example "Let's Encrypt"
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "leresolver"
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
@@ -819,7 +811,15 @@ entryPoints:
tls:
certResolver: leresolver
```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "leresolver"
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.certResolver=leresolver

246
docs/content/routing/overview.md
View File

@@ -26,18 +26,6 @@ In the process, Traefik will make sure that the user is authenticated (using the
Static configuration:
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)"
entryPoints:
web:
@@ -50,6 +38,18 @@ providers:
directory: /path/to/dynamic/conf
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081
@@ -60,30 +60,6 @@ providers:
Dynamic configuration:
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
```
```yaml tab="YAML"
# http routing section
http:
@@ -112,6 +88,30 @@ http:
- url: http://private/whoami-service
```
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
```
!!! info ""
In this example, we use the [file provider](../providers/file.md).
@@ -125,7 +125,18 @@ http:
??? example "Adding a TCP route for TLS requests on whoami.example.com"
**Static Configuration**
```yaml tab="File (YAML)"
entryPoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in file
file:
directory: /path/to/dynamic/conf
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
@@ -137,64 +148,17 @@ http:
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)"
entryPoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in file
file:
directory: /path/to/dynamic/conf
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081
# Enable the file provider to define routers / middlewares / services in file
--providers.file.directory=/path/to/dynamic/conf
```
**Dynamic Configuration**
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
[tcp]
[tcp.routers]
[tcp.routers.to-whoami-tcp]
rule = "HostSNI(`whoami-tcp.example.com`)"
service = "whoami-tcp"
[tcp.routers.to-whoami-tcp.tls]
[tcp.services]
[tcp.services.whoami-tcp.loadBalancer]
[[tcp.services.whoami-tcp.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
```yaml tab="YAML"
# http routing section
http:
@@ -237,6 +201,42 @@ http:
- address: xx.xx.xx.xx:xx
```
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
[tcp]
[tcp.routers]
[tcp.routers.to-whoami-tcp]
rule = "HostSNI(`whoami-tcp.example.com`)"
service = "whoami-tcp"
[tcp.routers.to-whoami-tcp.tls]
[tcp.services]
[tcp.services.whoami-tcp.loadBalancer]
[[tcp.services.whoami-tcp.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
## Transport configuration
Most of what happens to the connection between the clients and Traefik,
@@ -254,18 +254,18 @@ _Optional, Default=false_
`insecureSkipVerify` disables SSL certificate verification.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
insecureSkipVerify = true
```
```bash tab="CLI"
## Static configuration
--serversTransport.insecureSkipVerify=true
@@ -278,12 +278,6 @@ _Optional_
`rootCAs` is the list of certificates (as file paths, or data bytes)
that will be set as Root Certificate Authorities when using a self-signed TLS certificate.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
rootCAs = ["foo.crt", "bar.crt"]
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@@ -292,6 +286,12 @@ serversTransport:
- bar.crt
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
rootCAs = ["foo.crt", "bar.crt"]
```
```bash tab="CLI"
## Static configuration
--serversTransport.rootCAs=foo.crt,bar.crt
@@ -303,18 +303,18 @@ _Optional, Default=2_
If non-zero, `maxIdleConnsPerHost` controls the maximum idle (keep-alive) connections to keep per-host.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
maxIdleConnsPerHost = 7
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
maxIdleConnsPerHost: 7
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
maxIdleConnsPerHost = 7
```
```bash tab="CLI"
## Static configuration
--serversTransport.maxIdleConnsPerHost=7
@@ -331,12 +331,6 @@ _Optional, Default=30s_
`dialTimeout` is the maximum duration allowed for a connection to a backend server to be established.
Zero means no timeout.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
dialTimeout = "1s"
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@@ -344,6 +338,12 @@ serversTransport:
dialTimeout: 1s
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
dialTimeout = "1s"
```
```bash tab="CLI"
## Static configuration
--serversTransport.forwardingTimeouts.dialTimeout=1s
@@ -358,12 +358,6 @@ after fully writing the request (including its body, if any).
This time does not include the time to read the response body.
Zero means no timeout.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
responseHeaderTimeout = "1s"
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@@ -371,6 +365,12 @@ serversTransport:
responseHeaderTimeout: 1s
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
responseHeaderTimeout = "1s"
```
```bash tab="CLI"
## Static configuration
--serversTransport.forwardingTimeouts.responseHeaderTimeout=1s
@@ -384,12 +384,6 @@ _Optional, Default=90s_
will remain idle before closing itself.
Zero means no limit.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
idleConnTimeout = "1s"
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@@ -397,6 +391,12 @@ serversTransport:
idleConnTimeout: 1s
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
idleConnTimeout = "1s"
```
```bash tab="CLI"
## Static configuration
--serversTransport.forwardingTimeouts.idleConnTimeout=1s

3
docs/content/routing/providers/consul-catalog.md
View File

@@ -132,10 +132,11 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
??? info "`traefik.http.services.<service_name>.loadbalancer.serverstransport`"
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.
See [serverstransport](../services/index.md#serverstransport) for more information.
```yaml
traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar
traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar@file
```
??? info "`traefik.http.services.<service_name>.loadbalancer.passhostheader`"

35
docs/content/routing/providers/docker.md
View File

@@ -13,15 +13,15 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider
```toml tab="File (TOML)"
[providers.docker]
```
```yaml tab="File (YAML)"
providers:
docker: {}
```
```toml tab="File (TOML)"
[providers.docker]
```
```bash tab="CLI"
--providers.docker=true
```
@@ -82,15 +82,6 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider (Swarm Mode)
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```yaml tab="File (YAML)"
providers:
docker:
@@ -101,6 +92,15 @@ Attach labels to your containers and let Traefik do the rest!
swarmMode: true
```
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```bash tab="CLI"
# swarm classic (1.12-)
# --providers.docker.endpoint=tcp://127.0.0.1:2375
@@ -266,7 +266,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
!!! warning "The character `@` is not authorized in the service name `<service_name>`."
??? info "`traefik.http.services.<service_name>.loadbalancer.server.port`"
Registers a port.
Useful when the container exposes multiples ports.
@@ -287,10 +287,11 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
??? info "`traefik.http.services.<service_name>.loadbalancer.serverstransport`"
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.
See [serverstransport](../services/index.md#serverstransport) for more information.
```yaml
- "traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar"
- "traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar@file"
```
??? info "`traefik.http.services.<service_name>.loadbalancer.passhostheader`"
@@ -398,9 +399,9 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
```
??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`"
See [sticky sessions](../services/index.md#sticky-sessions) for more information.
```yaml
- "traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none"
```

Some files were not shown because too many files have changed in this diff Show More