2016-03-22 16:25:57 +00:00
# Global configuration
## Main section
```toml
# traefik.toml
################################################################
# Global configuration
################################################################
# Traefik logs file
# If not defined, logs to stdout
#
# Optional
#
# traefikLogsFile = "log/traefik.log"
# Access logs file
#
# Optional
#
# accessLogsFile = "log/access.log"
# Log level
#
# Optional
# Default: "ERROR"
#
# logLevel = "ERROR"
# Backends throttle duration: minimum duration between 2 events from providers
# before applying a new configuration. It avoids unnecessary reloads if multiples events
# are sent in a short amount of time.
#
# Optional
# Default: "2s"
#
# ProvidersThrottleDuration = "5s"
# If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
# If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value.
#
# Optional
# Default: http.DefaultMaxIdleConnsPerHost
#
# MaxIdleConnsPerHost = 200
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
# defaultEntryPoints = ["http", "https"]
```
## Entrypoints definition
```toml
# Entrypoints definition
#
# Optional
# Default:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
#
# To redirect an http entrypoint to an https entrypoint (with SNI support):
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.http.redirect]
# entryPoint = "https"
# [entryPoints.https]
# address = ":443"
# [entryPoints.https.tls]
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.com.cert"
# KeyFile = "integration/fixtures/https/snitest.com.key"
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.org.cert"
# KeyFile = "integration/fixtures/https/snitest.org.key"
#
# To redirect an entrypoint rewriting the URL:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.http.redirect]
# regex = "^http://localhost/(.*)"
# replacement = "http://mydomain/$1"
2016-04-15 14:27:40 +00:00
2016-04-19 08:00:33 +00:00
[entryPoints]
2016-04-15 14:27:40 +00:00
[entryPoints.http]
address = ":80"
2016-03-22 16:25:57 +00:00
```
## Retry configuration
```toml
# Enable retry sending request if network error
#
# Optional
#
2016-04-15 14:27:40 +00:00
[retry]
2016-03-22 16:25:57 +00:00
# Number of attempts
#
# Optional
# Default: (number servers in backend) -1
#
# attempts = 3
# Sets the maximum request body to be stored in memory in Mo
#
# Optional
# Default: 2
#
# maxMem = 3
```
## ACME (Let's Encrypt) configuration
```toml
2016-04-18 16:31:45 +00:00
# Sample entrypoint configuration when using ACME
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
2016-03-22 16:25:57 +00:00
# Enable ACME (Let's Encrypt): automatic SSL
#
# Optional
#
2016-04-15 14:27:40 +00:00
[acme]
2016-03-22 16:25:57 +00:00
# Email address used for registration
#
# Required
#
2016-04-15 14:27:40 +00:00
email = "test@traefik.io"
2016-03-22 16:25:57 +00:00
# File used for certificates storage.
# WARNING, if you use Traefik in Docker, don't forget to mount this file as a volume.
#
# Required
#
2016-04-15 14:27:40 +00:00
storageFile = "acme.json"
2016-03-22 16:25:57 +00:00
# Entrypoint to proxy acme challenge to.
2016-04-13 08:11:36 +00:00
# WARNING, must point to an entrypoint on port 443
2016-03-22 16:25:57 +00:00
#
# Required
#
2016-04-15 14:27:40 +00:00
entryPoint = "https"
2016-03-22 16:25:57 +00:00
# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
# WARNING, Take note that Let's Encrypt have rate limiting: https://community.letsencrypt.org/t/quick-start-guide/1631
#
# Optional
#
# onDemand = true
# CA server to use
# Uncomment the line to run on the staging let's encrypt server
# Leave comment to go to prod
#
# Optional
#
# caServer = "https://acme-staging.api.letsencrypt.org/directory"
# Domains list
# You can provide SANs (alternative domains) to each main domain
2016-04-18 16:31:45 +00:00
# All domains must have A/AAAA records pointing to Traefik
2016-03-22 16:25:57 +00:00
# WARNING, Take note that Let's Encrypt have rate limiting: https://community.letsencrypt.org/t/quick-start-guide/1631
# Each domain & SANs will lead to a certificate request.
#
# [[acme.domains]]
# main = "local1.com"
# sans = ["test1.local1.com", "test2.local1.com"]
# [[acme.domains]]
# main = "local2.com"
# sans = ["test1.local2.com", "test2x.local2.com"]
# [[acme.domains]]
# main = "local3.com"
# [[acme.domains]]
# main = "local4.com"
2016-04-15 14:27:40 +00:00
[[acme.domains]]
main = "local1.com"
sans = ["test1.local1.com", "test2.local1.com"]
[[acme.domains]]
main = "local3.com"
[[acme.domains]]
main = "local4.com"
2016-03-22 16:25:57 +00:00
```
2016-05-20 14:43:56 +00:00
## Constraints
In a micro-service architecture, with a central service discovery, setting constraints limits Træfɪ k scope to a smaller number of routes.
Træfɪ k filters services according to service attributes/tags set in your configuration backends.
Supported backends:
- Consul Catalog
Supported filters:
- ```tag```
```
# Constraints definition
#
# Optional
#
# Simple matching constraint
# constraints = ["tag==api"]
# Simple mismatching constraint
# constraints = ["tag!=api"]
# Globbing
# constraints = ["tag==us-*"]
# Backend-specific constraint
# [consulCatalog]
# endpoint = 127.0.0.1:8500
# constraints = ["tag==api"]
# Multiple constraints
# - "tag==" must match with at least one tag
# - "tag!=" must match with none of tags
# constraints = ["tag!=us-*", "tag!=asia-*"]
# [consulCatalog]
# endpoint = 127.0.0.1:8500
# constraints = ["tag==api", "tag!=v*-beta"]
```
2016-03-22 16:25:57 +00:00
# Configuration backends
## File backend
Like any other reverse proxy, Træfɪ k can be configured with a file. You have two choices:
- simply add your configuration at the end of the global configuration file `traefik.toml` :
```toml
# traefik.toml
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
[file]
# rules
[backends]
[backends.backend1]
[backends.backend1.circuitbreaker]
expression = "NetworkErrorRatio() > 0.5"
[backends.backend1.servers.server1]
url = "http://172.17.0.2:80"
weight = 10
[backends.backend1.servers.server2]
url = "http://172.17.0.3:80"
weight = 1
[backends.backend2]
2016-04-13 08:11:36 +00:00
[backends.backend1.maxconn]
amount = 10
extractorfunc = "request.host"
2016-03-22 16:25:57 +00:00
[backends.backend2.LoadBalancer]
method = "drr"
[backends.backend2.servers.server1]
url = "http://172.17.0.4:80"
weight = 1
[backends.backend2.servers.server2]
url = "http://172.17.0.5:80"
weight = 2
[frontends]
[frontends.frontend1]
backend = "backend2"
[frontends.frontend1.routes.test_1]
rule = "Host:test.localhost"
[frontends.frontend2]
backend = "backend1"
passHostHeader = true
entrypoints = ["https"] # overrides defaultEntryPoints
[frontends.frontend2.routes.test_1]
rule = "Host:{subdomain:[a-z]+}.localhost"
[frontends.frontend3]
entrypoints = ["http", "https"] # overrides defaultEntryPoints
backend = "backend2"
rule = "Path:/test"
```
2016-04-21 22:38:44 +00:00
- or put your rules in a separate file, for example `rules.toml` :
2016-03-22 16:25:57 +00:00
```toml
# traefik.toml
logLevel = "DEBUG"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
[file]
filename = "rules.toml"
```
```toml
# rules.toml
[backends]
[backends.backend1]
[backends.backend1.circuitbreaker]
expression = "NetworkErrorRatio() > 0.5"
[backends.backend1.servers.server1]
url = "http://172.17.0.2:80"
weight = 10
[backends.backend1.servers.server2]
url = "http://172.17.0.3:80"
weight = 1
[backends.backend2]
2016-04-13 08:11:36 +00:00
[backends.backend1.maxconn]
amount = 10
extractorfunc = "request.host"
2016-03-22 16:25:57 +00:00
[backends.backend2.LoadBalancer]
method = "drr"
[backends.backend2.servers.server1]
url = "http://172.17.0.4:80"
weight = 1
[backends.backend2.servers.server2]
url = "http://172.17.0.5:80"
weight = 2
[frontends]
[frontends.frontend1]
backend = "backend2"
[frontends.frontend1.routes.test_1]
rule = "Host:test.localhost"
[frontends.frontend2]
backend = "backend1"
passHostHeader = true
entrypoints = ["https"] # overrides defaultEntryPoints
[frontends.frontend2.routes.test_1]
rule = "Host:{subdomain:[a-z]+}.localhost"
[frontends.frontend3]
entrypoints = ["http", "https"] # overrides defaultEntryPoints
backend = "backend2"
rule = "Path:/test"
```
If you want Træfɪ k to watch file changes automatically, just add:
```toml
[file]
watch = true
```
## API backend
Træfik can be configured using a restful api.
To enable it:
```toml
[web]
address = ":8080"
# SSL certificate and key used
#
# Optional
#
# CertFile = "traefik.crt"
# KeyFile = "traefik.key"
#
# Set REST API to read-only mode
#
# Optional
# ReadOnly = false
```
- `/` : provides a simple HTML frontend of Træfik
![Web UI Providers ](img/web.frontend.png )
![Web UI Health ](img/traefik-health.png )
- `/health` : `GET` json metrics
```sh
$ curl -s "http://localhost:8080/health" | jq .
{
// Træfɪ k PID
"pid": 2458,
// Træfɪ k server uptime (formated time)
"uptime": "39m6.885931127s",
// Træfɪ k server uptime in seconds
"uptime_sec": 2346.885931127,
// current server date
"time": "2015-10-07 18:32:24.362238909 +0200 CEST",
// current server date in seconds
"unixtime": 1444235544,
// count HTTP response status code in realtime
"status_code_count": {
"502": 1
},
// count HTTP response status code since Træfɪ k started
"total_status_code_count": {
"200": 7,
"404": 21,
"502": 13
},
// count HTTP response
"count": 1,
// count HTTP response
"total_count": 41,
// sum of all response time (formated time)
"total_response_time": "35.456865605s",
// sum of all response time in seconds
"total_response_time_sec": 35.456865605,
// average response time (formated time)
"average_response_time": "864.8016ms",
// average response time in seconds
"average_response_time_sec": 0.8648016000000001
}
```
- `/api` : `GET` configuration for all providers
```sh
$ curl -s "http://localhost:8080/api" | jq .
{
"file": {
"frontends": {
"frontend2": {
"routes": {
"test_2": {
"rule": "Path:/test"
}
},
"backend": "backend1"
},
"frontend1": {
"routes": {
"test_1": {
"rule": "Host:test.localhost"
}
},
"backend": "backend2"
}
},
"backends": {
"backend2": {
"loadBalancer": {
"method": "drr"
},
"servers": {
"server2": {
"weight": 2,
"URL": "http://172.17.0.5:80"
},
"server1": {
"weight": 1,
"url": "http://172.17.0.4:80"
}
}
},
"backend1": {
"loadBalancer": {
"method": "wrr"
},
"circuitBreaker": {
"expression": "NetworkErrorRatio() > 0.5"
},
"servers": {
"server2": {
"weight": 1,
"url": "http://172.17.0.3:80"
},
"server1": {
"weight": 10,
"url": "http://172.17.0.2:80"
}
}
}
}
}
}
```
- `/api/providers` : `GET` providers
- `/api/providers/{provider}` : `GET` or `PUT` provider
- `/api/providers/{provider}/backends` : `GET` backends
- `/api/providers/{provider}/backends/{backend}` : `GET` a backend
- `/api/providers/{provider}/backends/{backend}/servers` : `GET` servers in a backend
- `/api/providers/{provider}/backends/{backend}/servers/{server}` : `GET` a server in a backend
- `/api/providers/{provider}/frontends` : `GET` frontends
- `/api/providers/{provider}/frontends/{frontend}` : `GET` a frontend
- `/api/providers/{provider}/frontends/{frontend}/routes` : `GET` routes in a frontend
- `/api/providers/{provider}/frontends/{frontend}/routes/{route}` : `GET` a route in a frontend
## Docker backend
Træfɪ k can be configured to use Docker as a backend configuration:
```toml
################################################################
# Docker configuration backend
################################################################
# Enable Docker configuration backend
#
# Optional
#
[docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
#
endpoint = "unix:///var/run/docker.sock"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Required
#
domain = "docker.localhost"
# Enable watch docker changes
#
# Optional
#
watch = true
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "docker.tmpl"
# Enable docker TLS connection
#
# [docker.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
# key = "/etc/ssl/docker.key"
# insecureskipverify = true
```
Labels can be used on containers to override default behaviour:
- `traefik.backend=foo` : assign the container to `foo` backend
- `traefik.port=80` : register this port. Useful when the container exposes multiples ports.
- `traefik.protocol=https` : override the default `http` protocol
- `traefik.weight=10` : assign this weight to the container
- `traefik.enable=false` : disable this container in Træfɪ k
2016-04-13 19:12:49 +00:00
- `traefik.frontend.rule=Host:test.traefik.io` : override the default frontend rule (Default: `Host:{containerName}.{domain}` ).
2016-03-22 16:25:57 +00:00
- `traefik.frontend.passHostHeader=true` : forward client `Host` header to the backend.
- `traefik.frontend.entryPoints=http,https` : assign this frontend to entry points `http` and `https` . Overrides `defaultEntryPoints` .
* `traefik.domain=traefik.localhost` : override the default domain
## Marathon backend
Træfɪ k can be configured to use Marathon as a backend configuration:
```toml
################################################################
# Mesos/Marathon configuration backend
################################################################
# Enable Marathon configuration backend
#
# Optional
#
[marathon]
# Marathon server endpoint.
# You can also specify multiple endpoint for Marathon:
# endpoint := "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
#
# Required
#
endpoint = "http://127.0.0.1:8080"
# Enable watch Marathon changes
#
# Optional
#
watch = true
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on an application.
#
# Required
#
domain = "marathon.localhost"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "marathon.tmpl"
# Expose Marathon apps by default in traefik
#
# Optional
# Default: false
#
# ExposedByDefault = true
# Enable Marathon basic authentication
#
# Optional
#
# [marathon.basic]
# httpBasicAuthUser = "foo"
# httpBasicPassword = "bar"
# TLS client configuration. https://golang.org/pkg/crypto/tls/#Config
#
# Optional
#
# [marathon.TLS]
# InsecureSkipVerify = true
```
Labels can be used on containers to override default behaviour:
- `traefik.backend=foo` : assign the application to `foo` backend
- `traefik.portIndex=1` : register port by index in the application's ports array. Useful when the application exposes multiple ports.
- `traefik.port=80` : register the explicit application port value. Cannot be used alongside `traefik.portIndex` .
- `traefik.protocol=https` : override the default `http` protocol
- `traefik.weight=10` : assign this weight to the application
- `traefik.enable=false` : disable this application in Træfɪ k
2016-04-13 19:12:49 +00:00
- `traefik.frontend.rule=Host:test.traefik.io` : override the default frontend rule (Default: `Host:{containerName}.{domain}` ).
2016-03-22 16:25:57 +00:00
- `traefik.frontend.passHostHeader=true` : forward client `Host` header to the backend.
- `traefik.frontend.entryPoints=http,https` : assign this frontend to entry points `http` and `https` . Overrides `defaultEntryPoints` .
2016-05-17 10:50:06 +00:00
- `traefik.domain=traefik.localhost` : override the default domain
2016-03-22 16:25:57 +00:00
2016-04-20 11:43:37 +00:00
## Kubernetes Ingress backend
Træfɪ k can be configured to use Kubernetes Ingress as a backend configuration:
```toml
################################################################
# Kubernetes Ingress configuration backend
################################################################
# Enable Kubernetes Ingress configuration backend
#
# Optional
#
[kubernetes]
# Kubernetes server endpoint
#
# When deployed as a replication controller in Kubernetes,
# Traefik will use env variable KUBERNETES_SERVICE_HOST
# and KUBERNETES_SERVICE_PORT_HTTPS as endpoint
# Secure token will be found in /var/run/secrets/kubernetes.io/serviceaccount/token
# and SSL CA cert in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
#
# Optional
#
# endpoint = "http://localhost:8080"
2016-04-28 00:23:55 +00:00
# namespaces = ["default","production"]
2016-04-20 11:43:37 +00:00
```
2016-05-17 10:50:06 +00:00
Annotations can be used on containers to override default behaviour for the whole Ingress resource:
- `traefik.frontend.rule.type: PathPrefixStrip` : override the default frontend rule (Default: `Host:{containerName}.{domain}` ).
2016-04-20 11:43:37 +00:00
You can find here an example [ingress ](https://raw.githubusercontent.com/containous/traefik/master/examples/k8s.ingress.yaml ) and [replication controller ](https://raw.githubusercontent.com/containous/traefik/master/examples/k8s.rc.yaml ).
2016-03-22 16:25:57 +00:00
## Consul backend
Træfɪ k can be configured to use Consul as a backend configuration:
```toml
################################################################
# Consul KV configuration backend
################################################################
# Enable Consul KV configuration backend
#
# Optional
#
[consul]
# Consul server endpoint
#
# Required
#
endpoint = "127.0.0.1:8500"
# Enable watch Consul changes
#
# Optional
#
watch = true
# Prefix used for KV store.
#
# Optional
#
prefix = "traefik"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "consul.tmpl"
# Enable consul TLS connection
#
# Optional
#
# [consul.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/consul.crt"
# key = "/etc/ssl/consul.key"
# insecureskipverify = true
```
Please refer to the [Key Value storage structure ](#key-value-storage-structure ) section to get documentation en traefik KV structure.
## Consul catalog backend
Træfɪ k can be configured to use service discovery catalog of Consul as a backend configuration:
```toml
################################################################
# Consul Catalog configuration backend
################################################################
# Enable Consul Catalog configuration backend
#
# Optional
#
[consulCatalog]
# Consul server endpoint
#
# Required
#
endpoint = "127.0.0.1:8500"
# Default domain used.
#
# Optional
#
domain = "consul.localhost"
2016-04-12 07:49:37 +00:00
# Prefix for Consul catalog tags
#
# Optional
#
prefix = "traefik"
2016-05-20 14:43:56 +00:00
# Constraint on Consul catalog tags
#
# Optional
#
constraints = ["tag==api", "tag==he*ld"]
# Matching with containers having this tag: "traefik.tags=api,helloworld"
2016-03-22 16:25:57 +00:00
```
This backend will create routes matching on hostname based on the service name
used in consul.
2016-04-12 07:49:37 +00:00
Additional settings can be defined using Consul Catalog tags:
2016-04-13 19:12:49 +00:00
2016-04-12 07:49:37 +00:00
- ```traefik.enable=false```: disable this container in Træfɪ k
- ```traefik.protocol=https```: override the default `http` protocol
- ```traefik.backend.weight=10```: assign this weight to the container
- ```traefik.backend.circuitbreaker=NetworkErrorRatio() > 0.5```
- ```traefik.backend.loadbalancer=drr```: override the default load balancing mode
2016-04-13 19:12:49 +00:00
- ```traefik.frontend.rule=Host:test.traefik.io```: override the default frontend rule (Default: `Host:{containerName}.{domain}` ).
2016-04-12 07:49:37 +00:00
- ```traefik.frontend.passHostHeader=true```: forward client `Host` header to the backend.
- ```traefik.frontend.entryPoints=http,https```: assign this frontend to entry points `http` and `https` . Overrides `defaultEntryPoints` .
2016-03-22 16:25:57 +00:00
## Etcd backend
Træfɪ k can be configured to use Etcd as a backend configuration:
```toml
################################################################
# Etcd configuration backend
################################################################
# Enable Etcd configuration backend
#
# Optional
#
2016-04-15 14:27:40 +00:00
[etcd]
2016-03-22 16:25:57 +00:00
# Etcd server endpoint
#
# Required
#
2016-04-15 14:27:40 +00:00
endpoint = "127.0.0.1:4001"
2016-03-22 16:25:57 +00:00
# Enable watch Etcd changes
#
# Optional
#
2016-04-15 14:27:40 +00:00
watch = true
2016-03-22 16:25:57 +00:00
# Prefix used for KV store.
#
# Optional
#
2016-04-15 14:27:40 +00:00
prefix = "/traefik"
2016-03-22 16:25:57 +00:00
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "etcd.tmpl"
# Enable etcd TLS connection
#
# Optional
#
# [etcd.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/etcd.crt"
# key = "/etc/ssl/etcd.key"
# insecureskipverify = true
```
Please refer to the [Key Value storage structure ](#key-value-storage-structure ) section to get documentation en traefik KV structure.
## Zookeeper backend
Træfɪ k can be configured to use Zookeeper as a backend configuration:
```toml
################################################################
# Zookeeper configuration backend
################################################################
# Enable Zookeeperconfiguration backend
#
# Optional
#
2016-04-15 14:27:40 +00:00
[zookeeper]
2016-03-22 16:25:57 +00:00
# Zookeeper server endpoint
#
# Required
#
2016-04-15 14:27:40 +00:00
endpoint = "127.0.0.1:2181"
2016-03-22 16:25:57 +00:00
# Enable watch Zookeeper changes
#
# Optional
#
2016-04-15 14:27:40 +00:00
watch = true
2016-03-22 16:25:57 +00:00
# Prefix used for KV store.
#
# Optional
#
2016-04-15 14:27:40 +00:00
prefix = "/traefik"
2016-03-22 16:25:57 +00:00
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "zookeeper.tmpl"
```
Please refer to the [Key Value storage structure ](#key-value-storage-structure ) section to get documentation en traefik KV structure.
## BoltDB backend
Træfɪ k can be configured to use BoltDB as a backend configuration:
```toml
################################################################
# BoltDB configuration backend
################################################################
# Enable BoltDB configuration backend
#
# Optional
#
2016-04-15 14:27:40 +00:00
[boltdb]
2016-03-22 16:25:57 +00:00
# BoltDB file
#
# Required
#
2016-04-15 14:27:40 +00:00
endpoint = "/my.db"
2016-03-22 16:25:57 +00:00
# Enable watch BoltDB changes
#
# Optional
#
2016-04-15 14:27:40 +00:00
watch = true
2016-03-22 16:25:57 +00:00
# Prefix used for KV store.
#
# Optional
#
2016-04-15 14:27:40 +00:00
prefix = "/traefik"
2016-03-22 16:25:57 +00:00
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "boltdb.tmpl"
```
Please refer to the [Key Value storage structure ](#key-value-storage-structure ) section to get documentation en traefik KV structure.
## Key-value storage structure
The Keys-Values structure should look (using `prefix = "/traefik"` ):
- backend 1
| Key | Value |
|--------------------------------------------------------|-----------------------------|
| `/traefik/backends/backend1/circuitbreaker/expression` | `NetworkErrorRatio() > 0.5` |
| `/traefik/backends/backend1/servers/server1/url` | `http://172.17.0.2:80` |
| `/traefik/backends/backend1/servers/server1/weight` | `10` |
| `/traefik/backends/backend1/servers/server2/url` | `http://172.17.0.3:80` |
| `/traefik/backends/backend1/servers/server2/weight` | `1` |
- backend 2
| Key | Value |
|-----------------------------------------------------|------------------------|
2016-04-13 08:11:36 +00:00
| `/traefik/backends/backend2/maxconn/amount` | `10` |
| `/traefik/backends/backend2/maxconn/extractorfunc` | `request.host` |
2016-03-22 16:25:57 +00:00
| `/traefik/backends/backend2/loadbalancer/method` | `drr` |
| `/traefik/backends/backend2/servers/server1/url` | `http://172.17.0.4:80` |
| `/traefik/backends/backend2/servers/server1/weight` | `1` |
| `/traefik/backends/backend2/servers/server2/url` | `http://172.17.0.5:80` |
| `/traefik/backends/backend2/servers/server2/weight` | `2` |
- frontend 1
| Key | Value |
|---------------------------------------------------|-----------------------|
| `/traefik/frontends/frontend1/backend` | `backend2` |
| `/traefik/frontends/frontend1/routes/test_1/rule` | `Host:test.localhost` |
- frontend 2
| Key | Value |
|----------------------------------------------------|--------------|
| `/traefik/frontends/frontend2/backend` | `backend1` |
| `/traefik/frontends/frontend2/passHostHeader` | `true` |
| `/traefik/frontends/frontend2/entrypoints` | `http,https` |
2016-04-15 14:00:27 +00:00
| `/traefik/frontends/frontend2/routes/test_2/rule` | `PathPrefix:/test` |
2016-03-22 16:25:57 +00:00
## Atomic configuration changes
The [Etcd ](https://github.com/coreos/etcd/issues/860 ) and [Consul ](https://github.com/hashicorp/consul/issues/886 ) backends do not support updating multiple keys atomically. As a result, it may be possible for Træfɪ k to read an intermediate configuration state despite judicious use of the `--providersThrottleDuration` flag. To solve this problem, Træfɪ k supports a special key called `/traefik/alias` . If set, Træfɪ k use the value as an alternative key prefix.
Given the key structure below, Træfɪ k will use the `http://172.17.0.2:80` as its only backend (frontend keys have been omitted for brevity).
| Key | Value |
|-------------------------------------------------------------------------|-----------------------------|
| `/traefik/alias` | `/traefik_configurations/1` |
| `/traefik_configurations/1/backends/backend1/servers/server1/url` | `http://172.17.0.2:80` |
| `/traefik_configurations/1/backends/backend1/servers/server1/weight` | `10` |
When an atomic configuration change is required, you may write a new configuration at an alternative prefix. Here, although the `/traefik_configurations/2/...` keys have been set, the old configuration is still active because the `/traefik/alias` key still points to `/traefik_configurations/1` :
| Key | Value |
|-------------------------------------------------------------------------|-----------------------------|
| `/traefik/alias` | `/traefik_configurations/1` |
| `/traefik_configurations/1/backends/backend1/servers/server1/url` | `http://172.17.0.2:80` |
| `/traefik_configurations/1/backends/backend1/servers/server1/weight` | `10` |
| `/traefik_configurations/2/backends/backend1/servers/server1/url` | `http://172.17.0.2:80` |
| `/traefik_configurations/2/backends/backend1/servers/server1/weight` | `5` |
| `/traefik_configurations/2/backends/backend1/servers/server2/url` | `http://172.17.0.3:80` |
| `/traefik_configurations/2/backends/backend1/servers/server2/weight` | `5` |
Once the `/traefik/alias` key is updated, the new `/traefik_configurations/2` configuration becomes active atomically. Here, we have a 50% balance between the `http://172.17.0.3:80` and the `http://172.17.0.4:80` hosts while no traffic is sent to the `172.17.0.2:80` host:
| Key | Value |
|-------------------------------------------------------------------------|-----------------------------|
| `/traefik/alias` | `/traefik_configurations/2` |
| `/traefik_configurations/1/backends/backend1/servers/server1/url` | `http://172.17.0.2:80` |
| `/traefik_configurations/1/backends/backend1/servers/server1/weight` | `10` |
| `/traefik_configurations/2/backends/backend1/servers/server1/url` | `http://172.17.0.3:80` |
| `/traefik_configurations/2/backends/backend1/servers/server1/weight` | `5` |
| `/traefik_configurations/2/backends/backend1/servers/server2/url` | `http://172.17.0.4:80` |
| `/traefik_configurations/2/backends/backend1/servers/server2/weight` | `5` |
Note that Træfɪ k *will not watch for key changes in the `/traefik_configurations` prefix* . It will only watch for changes in the `/traefik` prefix. Further, if the `/traefik/alias` key is set, all other sibling keys with the `/traefik` prefix are ignored.