2018-05-16 17:48:03 +00:00
# File Provider
2017-08-25 19:32:33 +00:00
2018-10-17 14:24:04 +00:00
Traefik can be configured with a file.
2018-01-29 13:36:03 +00:00
## Reference
```toml
2018-03-15 21:22:03 +00:00
[file]
2018-01-29 13:36:03 +00:00
# Backends
[backends]
[backends.backend1]
[backends.backend1.servers]
[backends.backend1.servers.server0]
url = "http://10.10.10.1:80"
weight = 1
[backends.backend1.servers.server1]
url = "http://10.10.10.2:80"
weight = 2
# ...
[backends.backend1.circuitBreaker]
expression = "NetworkErrorRatio() > 0.5"
2018-10-29 17:42:03 +00:00
[backends.backend1.responseForwarding]
flushInterval = "10ms"
2018-01-29 13:36:03 +00:00
[backends.backend1.loadBalancer]
method = "drr"
[backends.backend1.loadBalancer.stickiness]
cookieName = "foobar"
[backends.backend1.maxConn]
amount = 10
extractorfunc = "request.host"
[backends.backend1.healthCheck]
path = "/health"
port = 88
interval = "30s"
2018-09-27 18:16:03 +00:00
timeout = "5s"
2018-05-14 10:08:03 +00:00
scheme = "http"
hostname = "myhost.com"
[backends.backend1.healthcheck.headers]
My-Custom-Header = "foo"
My-Header = "bar"
2018-01-29 13:36:03 +00:00
[backends.backend2]
# ...
# Frontends
[frontends]
[frontends.frontend1]
entryPoints = ["http", "https"]
backend = "backend1"
passHostHeader = true
priority = 42
2018-07-02 09:52:04 +00:00
2018-08-29 09:36:03 +00:00
[frontends.frontend1.passTLSClientCert]
# Pass the escaped pem in a `X-Forwarded-Ssl-Client-Cert` header
pem = true
# Pass the escaped client cert infos selected below in a `X-Forwarded-Ssl-Client-Cert-Infos` header
# The unescaped header is like `Subject="C=%s,ST=%s,L=%s,O=%s,CN=%s",NB=%d,NA=%d,SAN=%s`
# It there is more than one certificates, their are separated by a `;`
[frontends.frontend-server.passTLSClientCert.infos]
notBefore = true
notAfter = true
[frontends.frontend-server.passTLSClientCert.infos.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
2018-07-02 09:52:04 +00:00
[frontends.frontend1.auth]
headerField = "X-WebAuth-User"
[frontends.frontend1.auth.basic]
2018-07-16 11:52:03 +00:00
removeHeader = true
2018-07-02 09:52:04 +00:00
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
usersFile = "/path/to/.htpasswd"
[frontends.frontend1.auth.digest]
2018-07-16 11:52:03 +00:00
removeHeader = true
2018-07-02 09:52:04 +00:00
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
usersFile = "/path/to/.htdigest"
[frontends.frontend1.auth.forward]
address = "https://authserver.com/auth"
trustForwardHeader = true
authResponseHeaders = ["X-Auth-User"]
[frontends.frontend1.auth.forward.tls]
2018-07-03 08:02:03 +00:00
ca = "path/to/local.crt"
2018-07-02 09:52:04 +00:00
caOptional = true
cert = "path/to/foo.cert"
key = "path/to/foo.key"
insecureSkipVerify = true
2018-03-23 16:40:04 +00:00
[frontends.frontend1.whiteList]
sourceRange = ["10.42.0.0/16", "152.89.1.33/32", "afed:be44::/16"]
2018-08-24 14:20:03 +00:00
[frontends.frontend1.whiteList.IPStrategy]
depth = 6
excludedIPs = ["152.89.1.33/32", "afed:be44::/16"]
2018-01-29 13:36:03 +00:00
[frontends.frontend1.routes]
[frontends.frontend1.routes.route0]
rule = "Host:test.localhost"
[frontends.frontend1.routes.Route1]
rule = "Method:GET"
# ...
[frontends.frontend1.headers]
allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"]
SSLRedirect = true
SSLTemporaryRedirect = true
SSLHost = "foobar"
STSSeconds = 42
STSIncludeSubdomains = true
STSPreload = true
forceSTSHeader = true
frameDeny = true
customFrameOptionsValue = "foobar"
contentTypeNosniff = true
browserXSSFilter = true
contentSecurityPolicy = "foobar"
publicKey = "foobar"
referrerPolicy = "foobar"
isDevelopment = true
[frontends.frontend1.headers.customRequestHeaders]
X-Foo-Bar-01 = "foobar"
X-Foo-Bar-02 = "foobar"
# ...
[frontends.frontend1.headers.customResponseHeaders]
X-Foo-Bar-03 = "foobar"
X-Foo-Bar-04 = "foobar"
# ...
[frontends.frontend1.headers.SSLProxyHeaders]
X-Foo-Bar-05 = "foobar"
X-Foo-Bar-06 = "foobar"
# ...
[frontends.frontend1.errors]
[frontends.frontend1.errors.errorPage0]
status = ["500-599"]
backend = "error"
query = "/{status}.html"
[frontends.frontend1.errors.errorPage1]
status = ["404", "403"]
backend = "error"
query = "/{status}.html"
# ...
[frontends.frontend1.ratelimit]
extractorfunc = "client.ip"
[frontends.frontend1.ratelimit.rateset.rateset1]
period = "10s"
average = 100
burst = 200
[frontends.frontend1.ratelimit.rateset.rateset2]
period = "3s"
average = 5
burst = 10
# ...
[frontends.frontend1.redirect]
entryPoint = "https"
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/$1"
2018-01-31 18:10:04 +00:00
permanent = true
2018-01-29 13:36:03 +00:00
[frontends.frontend2]
# ...
# HTTPS certificates
[[tls]]
entryPoints = ["https"]
[tls.certificate]
certFile = "path/to/my.cert"
keyFile = "path/to/my.key"
[[tls]]
# ...
```
2018-04-24 16:58:03 +00:00
## Configuration Mode
2017-09-11 17:10:04 +00:00
2018-04-24 16:58:03 +00:00
You have two choices:
2017-09-11 17:10:04 +00:00
2018-10-17 14:24:04 +00:00
- [Rules in Traefik configuration file ](/configuration/backends/file/#rules-in-traefik-configuration-file )
2018-04-24 16:58:03 +00:00
- [Rules in dedicated files ](/configuration/backends/file/#rules-in-dedicated-files )
2017-08-25 19:32:33 +00:00
2018-10-17 14:24:04 +00:00
To enable the file backend, you must either pass the `--file` option to the Traefik binary or put the `[file]` section (with or without inner settings) in the configuration file.
2017-12-05 01:30:02 +00:00
2018-10-17 14:24:04 +00:00
The configuration file allows managing both backends/frontends and HTTPS certificates (which are not [Let's Encrypt ](https://letsencrypt.org ) certificates generated through Traefik).
2017-11-09 11:16:03 +00:00
2018-10-17 14:24:04 +00:00
TOML templating can be used if rules are not defined in the Traefik configuration file.
2018-04-24 16:58:03 +00:00
2018-10-17 14:24:04 +00:00
### Rules in Traefik Configuration File
2017-08-26 10:12:44 +00:00
Add your configuration at the end of the global configuration file `traefik.toml` :
2017-08-25 19:32:33 +00:00
```toml
defaultEntryPoints = ["http", "https"]
2017-09-05 13:58:03 +00:00
2017-08-25 19:32:33 +00:00
[entryPoints]
[entryPoints.http]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[entryPoints.https]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[file]
# rules
[backends]
[backends.backend1]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[backends.backend2]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[frontends]
[frontends.frontend1]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[frontends.frontend2]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[frontends.frontend3]
2018-01-29 13:36:03 +00:00
# ...
2017-11-09 11:16:03 +00:00
# HTTPS certificate
2018-01-23 15:30:07 +00:00
[[tls]]
2018-01-29 13:36:03 +00:00
# ...
2018-01-23 15:30:07 +00:00
[[tls]]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
```
2017-11-09 11:16:03 +00:00
!!! note
2018-01-24 10:57:06 +00:00
If `tls.entryPoints` is not defined, the certificate is attached to all the `defaultEntryPoints` with a TLS configuration.
2017-12-08 10:02:03 +00:00
!!! note
Adding certificates directly to the entryPoint is still maintained but certificates declared in this way cannot be managed dynamically.
2017-11-09 11:16:03 +00:00
It's recommended to use the file provider to declare certificates.
2018-04-24 16:58:03 +00:00
!!! warning
2018-10-17 14:24:04 +00:00
TOML templating cannot be used if rules are defined in the Traefik configuration file.
2018-04-24 16:58:03 +00:00
### Rules in Dedicated Files
2018-10-17 14:24:04 +00:00
Traefik allows defining rules in one or more separate files.
2017-08-26 10:12:44 +00:00
2018-04-24 16:58:03 +00:00
#### One Separate File
You have to specify the file path in the `file.filename` option.
2017-08-25 19:32:33 +00:00
```toml
# traefik.toml
2018-01-29 13:36:03 +00:00
defaultEntryPoints = ["http", "https"]
2017-08-25 19:32:33 +00:00
[entryPoints]
[entryPoints.http]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[entryPoints.https]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[file]
2018-01-29 13:36:03 +00:00
filename = "rules.toml"
2018-04-24 16:58:03 +00:00
watch = true
2017-08-25 19:32:33 +00:00
```
2018-10-17 14:24:04 +00:00
The option `file.watch` allows Traefik to watch file changes automatically.
2018-04-24 16:58:03 +00:00
#### Multiple Separated Files
You could have multiple `.toml` files in a directory (and recursively in its sub-directories):
```toml
[file]
directory = "/path/to/config/"
watch = true
```
2018-10-17 14:24:04 +00:00
The option `file.watch` allows Traefik to watch file changes automatically.
2018-04-24 16:58:03 +00:00
#### Separate Files Content
If you are defining rules in one or more separate files, you can use two formats.
##### Simple Format
Backends, Frontends and TLS certificates are defined one at time, as described in the file `rules.toml` :
2017-08-25 19:32:33 +00:00
```toml
# rules.toml
[backends]
[backends.backend1]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[backends.backend2]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[frontends]
[frontends.frontend1]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[frontends.frontend2]
2018-01-29 13:36:03 +00:00
# ...
2017-08-25 19:32:33 +00:00
[frontends.frontend3]
2018-01-29 13:36:03 +00:00
# ...
2017-11-09 11:16:03 +00:00
# HTTPS certificate
2018-01-23 15:30:07 +00:00
[[tls]]
2018-01-29 13:36:03 +00:00
# ...
2018-01-23 15:30:07 +00:00
[[tls]]
2018-01-29 13:36:03 +00:00
# ...
```
2017-08-25 19:32:33 +00:00
2018-04-24 16:58:03 +00:00
##### TOML Templating
2017-08-26 10:12:44 +00:00
2018-04-24 16:58:03 +00:00
!!! warning
TOML templating can only be used **if rules are defined in one or more separate files** .
2018-10-17 14:24:04 +00:00
Templating will not work in the Traefik configuration file.
2017-09-07 10:02:03 +00:00
2018-10-17 14:24:04 +00:00
Traefik allows using TOML templating.
2017-08-25 19:32:33 +00:00
2018-04-24 16:58:03 +00:00
Thus, it's possible to define easily lot of Backends, Frontends and TLS certificates as described in the file `template-rules.toml` :
2017-08-25 19:32:33 +00:00
```toml
2018-04-24 16:58:03 +00:00
# template-rules.toml
[backends]
{{ range $i, $e := until 100 }}
[backends.backend{{ $e }}]
#...
{{ end }}
[frontends]
{{ range $i, $e := until 100 }}
[frontends.frontend{{ $e }}]
#...
{{ end }}
# HTTPS certificate
{{ range $i, $e := until 100 }}
[[tls]]
#...
{{ end }}
2017-08-25 19:32:33 +00:00
```