2019-02-26 13:50:07 +00:00
# Services
Configuring How to Reach the Services
{: .subtitle }
2019-03-14 08:30:04 +00:00
![services ](../../assets/img/services.png )
2019-02-26 13:50:07 +00:00
2019-10-28 14:50:06 +00:00
The `Services` are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
2019-02-26 13:50:07 +00:00
2019-10-28 14:50:06 +00:00
## Configuration Examples
2019-02-26 13:50:07 +00:00
2019-03-14 08:30:04 +00:00
??? example "Declaring an HTTP Service with Two Servers -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
2019-07-01 09:30:05 +00:00
[http.services.my-service.loadBalancer]
[[http.services.my-service.loadBalancer.servers]]
2019-10-28 14:50:06 +00:00
url = "http://< private-ip-server-1 > :< private-port-server-1 > /"
2019-07-01 09:30:05 +00:00
[[http.services.my-service.loadBalancer.servers]]
2019-10-28 14:50:06 +00:00
url = "http://< private-ip-server-2 > :< private-port-server-2 > /"
2019-07-01 09:30:05 +00:00
```
2019-10-28 14:50:06 +00:00
2019-07-01 09:30:05 +00:00
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
my-service:
loadBalancer:
servers:
2019-10-28 14:50:06 +00:00
- url: "http://< private-ip-server-1 > :< private-port-server-1 > /"
- url: "http://< private-ip-server-2 > :< private-port-server-2 > /"
2019-02-26 13:50:07 +00:00
```
2019-03-14 08:30:04 +00:00
??? example "Declaring a TCP Service with Two Servers -- Using the [File Provider ](../../providers/file.md )"
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[tcp.services]
2019-07-01 09:30:05 +00:00
[tcp.services.my-service.loadBalancer]
[[tcp.services.my-service.loadBalancer.servers]]
2019-10-28 14:50:06 +00:00
address = "< private-ip-server-1 > :< private-port-server-1 > "
2019-07-01 09:30:05 +00:00
[[tcp.services.my-service.loadBalancer.servers]]
2019-10-28 14:50:06 +00:00
address = "< private-ip-server-2 > :< private-port-server-2 > "
2019-07-01 09:30:05 +00:00
```
2019-10-28 14:50:06 +00:00
2019-07-01 09:30:05 +00:00
```yaml tab="YAML"
tcp:
services:
my-service:
2019-10-28 14:50:06 +00:00
loadBalancer:
2019-07-01 09:30:05 +00:00
servers:
2019-10-28 14:50:06 +00:00
- address: "< private-ip-server-1 > :< private-port-server-1 > "
- address: "< private-ip-server-2 > :< private-port-server-2 > "
2019-03-14 08:30:04 +00:00
```
2020-02-11 00:26:04 +00:00
??? example "Declaring a UDP Service with Two Servers -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
## Dynamic configuration
[udp.services]
[udp.services.my-service.loadBalancer]
[[udp.services.my-service.loadBalancer.servers]]
address = "< private-ip-server-1 > :< private-port-server-1 > "
[[udp.services.my-service.loadBalancer.servers]]
address = "< private-ip-server-2 > :< private-port-server-2 > "
```
```yaml tab="YAML"
udp:
services:
my-service:
loadBalancer:
servers:
- address: "< private-ip-server-1 > :< private-port-server-1 > "
- address: "< private-ip-server-2 > :< private-port-server-2 > "
```
2019-03-14 08:30:04 +00:00
## Configuring HTTP Services
2019-02-26 13:50:07 +00:00
2019-08-26 08:30:05 +00:00
### Servers Load Balancer
2019-02-26 13:50:07 +00:00
2019-10-28 14:50:06 +00:00
The load balancers are able to load balance the requests between multiple instances of your programs.
Each service has a load-balancer, even if there is only one server to forward traffic to.
2019-02-26 13:50:07 +00:00
2019-03-14 08:30:04 +00:00
??? example "Declaring a Service with Two Servers (with Load Balancing) -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
2019-07-01 09:30:05 +00:00
[http.services.my-service.loadBalancer]
[[http.services.my-service.loadBalancer.servers]]
url = "http://private-ip-server-1/"
[[http.services.my-service.loadBalancer.servers]]
url = "http://private-ip-server-2/"
```
```yaml tab="YAML"
http:
services:
my-service:
loadBalancer:
servers:
- url: "http://private-ip-server-1/"
- url: "http://private-ip-server-2/"
2019-02-26 13:50:07 +00:00
```
#### Servers
Servers declare a single instance of your program.
2019-10-28 14:50:06 +00:00
The `url` option point to a specific instance.
2019-02-26 13:50:07 +00:00
2019-09-23 12:32:04 +00:00
!!! info ""
2019-10-28 14:50:06 +00:00
Paths in the servers' `url` have no effect.
2019-02-26 13:50:07 +00:00
If you want the requests to be sent to a specific path on your servers,
2019-03-14 08:30:04 +00:00
configure your [`routers` ](../routers/index.md ) to use a corresponding [middleware ](../../middlewares/overview.md ) (e.g. the [AddPrefix ](../../middlewares/addprefix.md ) or [ReplacePath ](../../middlewares/replacepath.md )) middlewares.
??? example "A Service with One Server -- Using the [File Provider ](../../providers/file.md )"
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
2019-07-01 09:30:05 +00:00
[http.services.my-service.loadBalancer]
[[http.services.my-service.loadBalancer.servers]]
url = "http://private-ip-server-1/"
```
2019-10-28 14:50:06 +00:00
2019-07-01 09:30:05 +00:00
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
my-service:
loadBalancer:
servers:
2019-09-13 09:30:05 +00:00
- url: "http://private-ip-server-1/"
2019-02-26 13:50:07 +00:00
```
#### Load-balancing
2019-06-05 20:18:06 +00:00
For now, only round robin load balancing is supported:
2019-02-26 13:50:07 +00:00
2019-06-05 20:18:06 +00:00
??? example "Load Balancing -- Using the [File Provider ](../../providers/file.md )"
2019-03-14 08:30:04 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
2019-07-01 09:30:05 +00:00
[http.services.my-service.loadBalancer]
[[http.services.my-service.loadBalancer.servers]]
url = "http://private-ip-server-1/"
[[http.services.my-service.loadBalancer.servers]]
url = "http://private-ip-server-2/"
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
my-service:
loadBalancer:
servers:
- url: "http://private-ip-server-1/"
- url: "http://private-ip-server-2/"
2019-02-26 13:50:07 +00:00
```
#### Sticky sessions
2019-10-28 14:50:06 +00:00
2020-03-17 11:34:04 +00:00
When sticky sessions are enabled, a cookie is set on the initial request and response to let the client know which server handles the first response.
On subsequent requests, to keep the session alive with the same server, the client should resend the same cookie.
!!! info "Stickiness on multiple levels"
When chaining or mixing load-balancers (e.g. a load-balancer of servers is one of the "children" of a load-balancer of services), for stickiness to work all the way, the option needs to be specified at all required levels. Which means the client needs to send a cookie with as many key/value pairs as there are sticky levels.
2019-02-26 13:50:07 +00:00
2019-09-23 12:32:04 +00:00
!!! info "Stickiness & Unhealthy Servers"
2019-10-28 14:50:06 +00:00
2019-02-26 13:50:07 +00:00
If the server specified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
2019-10-28 14:50:06 +00:00
!!! info "Cookie Name"
2019-02-26 13:50:07 +00:00
The default cookie name is an abbreviation of a sha1 (ex: `_1d52e` ).
2020-03-23 10:24:05 +00:00
!!! info "Secure & HTTPOnly & SameSite flags"
2019-06-12 22:42:06 +00:00
2020-03-23 10:24:05 +00:00
By default, the affinity cookie is created without those flags.
One however can change that through configuration.
`SameSite` can be `none` , `lax` , `strict` or empty.
2019-06-12 22:42:06 +00:00
2019-09-23 12:32:04 +00:00
??? example "Adding Stickiness -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
[http.services.my-service]
2019-08-26 08:30:05 +00:00
[http.services.my-service.loadBalancer.sticky.cookie]
2019-07-01 09:30:05 +00:00
```
2019-10-28 14:50:06 +00:00
2019-07-01 09:30:05 +00:00
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
my-service:
loadBalancer:
2019-08-26 08:30:05 +00:00
sticky:
cookie: {}
2019-02-26 13:50:07 +00:00
```
2019-09-23 12:32:04 +00:00
??? example "Adding Stickiness with custom Options -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
[http.services.my-service]
2019-08-26 08:30:05 +00:00
[http.services.my-service.loadBalancer.sticky.cookie]
name = "my_sticky_cookie_name"
secure = true
httpOnly = true
2020-03-23 10:24:05 +00:00
sameSite = "none"
2019-07-01 09:30:05 +00:00
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
my-service:
loadBalancer:
2019-08-26 08:30:05 +00:00
sticky:
cookie:
name: my_sticky_cookie_name
secure: true
httpOnly: true
2019-02-26 13:50:07 +00:00
```
2020-03-17 11:34:04 +00:00
??? example "Setting Stickiness on all the required levels -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
## Dynamic configuration
[http.services]
[http.services.wrr1]
[http.services.wrr1.weighted.sticky.cookie]
name = "lvl1"
[[http.services.wrr1.weighted.services]]
name = "whoami1"
weight = 1
[[http.services.wrr1.weighted.services]]
name = "whoami2"
weight = 1
[http.services.whoami1]
[http.services.whoami1.loadBalancer]
[http.services.whoami1.loadBalancer.sticky.cookie]
name = "lvl2"
[[http.services.whoami1.loadBalancer.servers]]
url = "http://127.0.0.1:8081"
[[http.services.whoami1.loadBalancer.servers]]
url = "http://127.0.0.1:8082"
[http.services.whoami2]
[http.services.whoami2.loadBalancer]
[http.services.whoami2.loadBalancer.sticky.cookie]
name = "lvl2"
[[http.services.whoami2.loadBalancer.servers]]
url = "http://127.0.0.1:8083"
[[http.services.whoami2.loadBalancer.servers]]
url = "http://127.0.0.1:8084"
```
```yaml tab="YAML"
## Dynamic configuration
http:
services:
wrr1:
weighted:
sticky:
cookie:
name: lvl1
services:
- name: whoami1
weight: 1
- name: whoami2
weight: 1
whoami1:
loadBalancer:
sticky:
cookie:
name: lvl2
servers:
- url: http://127.0.0.1:8081
- url: http://127.0.0.1:8082
whoami2:
loadBalancer:
sticky:
cookie:
name: lvl2
servers:
- url: http://127.0.0.1:8083
- url: http://127.0.0.1:8084
```
To keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:
```
curl -b "lvl1=whoami1; lvl2=http://127.0.0.1:8081" http://localhost:8000
```
2019-02-26 13:50:07 +00:00
#### Health Check
2019-07-01 09:30:05 +00:00
Configure health check to remove unhealthy servers from the load balancing rotation.
2019-02-26 13:50:07 +00:00
Traefik will consider your servers healthy as long as they return status codes between `2XX` and `3XX` to the health check requests (carried out every `interval` ).
Below are the available options for the health check mechanism:
2019-07-01 09:30:05 +00:00
- `path` is appended to the server URL to set the health check endpoint.
- `scheme` , if defined, will replace the server URL `scheme` for the health check endpoint
2020-09-08 08:54:04 +00:00
- `hostname` , if defined, will apply `Host` header `hostname` to the health check request.
2019-07-01 09:30:05 +00:00
- `port` , if defined, will replace the server URL `port` for the health check endpoint.
- `interval` defines the frequency of the health check calls.
- `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy).
- `headers` defines custom headers to be sent to the health check endpoint.
2020-02-26 16:28:04 +00:00
- `followRedirects` defines whether redirects should be followed during the health check calls (default: true).
2019-02-26 13:50:07 +00:00
2019-09-23 12:32:04 +00:00
!!! info "Interval & Timeout Format"
2019-02-26 13:50:07 +00:00
Interval and timeout are to be given in a format understood by [time.ParseDuration ](https://golang.org/pkg/time/#ParseDuration ).
The interval must be greater than the timeout. If configuration doesn't reflect this, the interval will be set to timeout + 1 second.
2019-09-23 12:32:04 +00:00
!!! info "Recovering Servers"
2019-10-28 14:50:06 +00:00
Traefik keeps monitoring the health of unhealthy servers.
2021-02-22 19:28:05 +00:00
If a server has recovered (returning `2xx` -> `3xx` responses again), it will be added back to the load balancer rotation pool.
2019-02-26 13:50:07 +00:00
2020-04-07 15:16:03 +00:00
!!! warning "Health check in Kubernetes"
The Traefik health check is not available for `kubernetesCRD` and `kubernetesIngress` providers because Kubernetes
2020-04-07 16:38:04 +00:00
already has a health check mechanism.
2020-04-07 15:16:03 +00:00
Unhealthy pods will be removed by kubernetes. (cf [liveness documentation ](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-http-request ))
2019-07-01 09:30:05 +00:00
??? example "Custom Interval & Timeout -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
2019-10-07 08:14:04 +00:00
[http.services.Service-1]
2019-07-01 09:30:05 +00:00
[http.services.Service-1.loadBalancer.healthCheck]
path = "/health"
interval = "10s"
timeout = "3s"
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
2019-10-07 08:14:04 +00:00
services:
2019-07-01 09:30:05 +00:00
Service-1:
loadBalancer:
healthCheck:
path: /health
interval: "10s"
timeout: "3s"
2019-02-26 13:50:07 +00:00
```
2019-07-01 09:30:05 +00:00
??? example "Custom Port -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
[http.services.Service-1]
2019-07-01 09:30:05 +00:00
[http.services.Service-1.loadBalancer.healthCheck]
path = "/health"
port = 8080
```
2019-10-28 14:50:06 +00:00
2019-07-01 09:30:05 +00:00
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
Service-1:
loadBalancer:
healthCheck:
path: /health
port: 8080
2019-02-26 13:50:07 +00:00
```
2019-07-01 09:30:05 +00:00
??? example "Custom Scheme -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
[http.services.Service-1]
2019-07-01 09:30:05 +00:00
[http.services.Service-1.loadBalancer.healthCheck]
path = "/health"
scheme = "http"
```
2019-10-28 14:50:06 +00:00
2019-07-01 09:30:05 +00:00
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
Service-1:
loadBalancer:
healthCheck:
path: /health
scheme: http
2019-02-26 13:50:07 +00:00
```
2019-07-01 09:30:05 +00:00
??? example "Additional HTTP Headers -- Using the [File Provider ](../../providers/file.md )"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[http.services]
2019-07-01 09:30:05 +00:00
[http.services.Service-1]
[http.services.Service-1.loadBalancer.healthCheck]
path = "/health"
2019-02-26 13:50:07 +00:00
2019-07-01 09:30:05 +00:00
[http.services.Service-1.loadBalancer.healthCheck.headers]
My-Custom-Header = "foo"
My-Header = "bar"
2019-02-26 13:50:07 +00:00
```
2019-10-28 14:50:06 +00:00
2019-07-01 09:30:05 +00:00
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
http:
services:
Service-1:
loadBalancer:
healthCheck:
path: /health
headers:
My-Custom-Header: foo
My-Header: bar
```
2019-09-30 09:26:06 +00:00
#### Pass Host Header
The `passHostHeader` allows to forward client Host header to server.
By default, `passHostHeader` is true.
??? example "Don't forward the host header -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
## Dynamic configuration
[http.services]
[http.services.Service01]
[http.services.Service01.loadBalancer]
passHostHeader = false
```
2019-10-28 14:50:06 +00:00
2019-09-30 09:26:06 +00:00
```yaml tab="YAML"
## Dynamic configuration
http:
services:
Service01:
loadBalancer:
passHostHeader: false
```
2019-10-28 10:04:05 +00:00
2020-09-11 13:40:03 +00:00
#### ServersTransport
2021-02-01 12:58:03 +00:00
`serversTransport` allows to reference a [ServersTransport ](./index.md#serverstransport_1 ) configuration for the communication between Traefik and your servers.
2020-09-11 13:40:03 +00:00
??? example "Specify a transport -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
## Dynamic configuration
[http.services]
[http.services.Service01]
[http.services.Service01.loadBalancer]
serversTransport = "mytransport"
```
```yaml tab="YAML"
## Dynamic configuration
http:
services:
Service01:
loadBalancer:
2021-02-15 11:04:04 +00:00
serversTransport: mytransport
2020-09-11 13:40:03 +00:00
```
!!! info default serversTransport
If no serversTransport is specified, the `default@internal` will be used.
The `default@internal` serversTransport is created from the [static configuration ](../overview.md#transport-configuration ).
2019-10-01 11:26:04 +00:00
#### Response Forwarding
This section is about configuring how Traefik forwards the response from the backend server to the client.
Below are the available options for the Response Forwarding mechanism:
- `FlushInterval` specifies the interval in between flushes to the client while copying the response body.
It is a duration in milliseconds, defaulting to 100.
A negative value means to flush immediately after each write to the client.
The FlushInterval is ignored when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
2019-10-28 14:50:06 +00:00
2019-10-01 11:26:04 +00:00
??? example "Using a custom FlushInterval -- Using the [File Provider ](../../providers/file.md )"
2019-09-30 09:26:06 +00:00
2019-10-01 11:26:04 +00:00
```toml tab="TOML"
## Dynamic configuration
[http.services]
[http.services.Service-1]
[http.services.Service-1.loadBalancer.responseForwarding]
flushInterval = "1s"
```
2019-10-28 14:50:06 +00:00
2019-10-01 11:26:04 +00:00
```yaml tab="YAML"
## Dynamic configuration
http:
services:
Service-1:
loadBalancer:
responseForwarding:
flushInterval: 1s
```
2019-10-28 10:04:05 +00:00
2020-09-11 13:40:03 +00:00
### ServersTransport
ServersTransport allows to configure the transport between Traefik and your servers.
#### `ServerName`
_Optional_
`serverName` configure the server name that will be used for SNI.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport]
serverName = "myhost"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
serverName: "myhost"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
serverName: "test"
```
#### `Certificates`
_Optional_
`certificates` is the list of certificates (as file paths, or data bytes)
that will be set as client certificates for mTLS.
```toml tab="File (TOML)"
## Dynamic configuration
[[http.serversTransports.mytransport.certificates]]
certFile = "foo.crt"
keyFile = "bar.crt"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
2021-01-26 08:20:04 +00:00
certificates:
2020-09-11 13:40:03 +00:00
- certFile: foo.crt
keyFile: bar.crt
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
certificatesSecrets:
- mycert
---
apiVersion: v1
kind: Secret
metadata:
name: mycert
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
```
#### `insecureSkipVerify`
_Optional_
`insecureSkipVerify` disables SSL certificate verification.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
insecureSkipVerify: true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
insecureSkipVerify: true
```
#### `rootCAs`
_Optional_
`rootCAs` is the list of certificates (as file paths, or data bytes)
that will be set as Root Certificate Authorities when using a self-signed TLS certificate.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport]
rootCAs = ["foo.crt", "bar.crt"]
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
rootCAs:
- foo.crt
- bar.crt
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
rootCAsSecrets:
- myca
---
apiVersion: v1
kind: Secret
metadata:
name: myca
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
```
#### `maxIdleConnsPerHost`
_Optional, Default=2_
If non-zero, `maxIdleConnsPerHost` controls the maximum idle (keep-alive) connections to keep per-host.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport]
maxIdleConnsPerHost = 7
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
maxIdleConnsPerHost: 7
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
maxIdleConnsPerHost: 7
```
#### `forwardingTimeouts`
`forwardingTimeouts` is about a number of timeouts relevant to when forwarding requests to the backend servers.
##### `forwardingTimeouts.dialTimeout`
_Optional, Default=30s_
`dialTimeout` is the maximum duration allowed for a connection to a backend server to be established.
Zero means no timeout.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport.forwardingTimeouts]
dialTimeout = "1s"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
forwardingTimeouts:
dialTimeout: "1s"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
forwardingTimeouts:
dialTimeout: "1s"
```
##### `forwardingTimeouts.responseHeaderTimeout`
_Optional, Default=0s_
`responseHeaderTimeout` , if non-zero, specifies the amount of time to wait for a server's response headers
after fully writing the request (including its body, if any).
This time does not include the time to read the response body.
Zero means no timeout.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport.forwardingTimeouts]
responseHeaderTimeout = "1s"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
forwardingTimeouts:
responseHeaderTimeout: "1s"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
forwardingTimeouts:
responseHeaderTimeout: "1s"
```
##### `forwardingTimeouts.idleConnTimeout`
_Optional, Default=90s_
`idleConnTimeout` , is the maximum amount of time an idle (keep-alive) connection
will remain idle before closing itself.
Zero means no limit.
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport.forwardingTimeouts]
idleConnTimeout = "1s"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
forwardingTimeouts:
idleConnTimeout: "1s"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
forwardingTimeouts:
idleConnTimeout: "1s"
```
2019-08-26 08:30:05 +00:00
### Weighted Round Robin (service)
The WRR is able to load balance the requests between multiple services based on weights.
This strategy is only available to load balance between [services ](./index.md ) and not between [servers ](./index.md#servers ).
2019-12-10 15:12:06 +00:00
!!! info "Supported Providers"
This strategy can be defined currently with the [File ](../../providers/file.md ) or [IngressRoute ](../../providers/kubernetes-crd.md ) providers.
2019-08-26 08:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-08-26 08:30:05 +00:00
[http.services]
2019-09-12 08:18:04 +00:00
[http.services.app]
[[http.services.app.weighted.services]]
2019-08-26 08:30:05 +00:00
name = "appv1"
weight = 3
2019-09-12 08:18:04 +00:00
[[http.services.app.weighted.services]]
2019-08-26 08:30:05 +00:00
name = "appv2"
weight = 1
[http.services.appv1]
[http.services.appv1.loadBalancer]
[[http.services.appv1.loadBalancer.servers]]
url = "http://private-ip-server-1/"
[http.services.appv2]
[http.services.appv2.loadBalancer]
[[http.services.appv2.loadBalancer.servers]]
url = "http://private-ip-server-2/"
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-08-26 08:30:05 +00:00
http:
services:
2019-09-12 08:18:04 +00:00
app:
2019-08-26 08:30:05 +00:00
weighted:
services:
- name: appv1
weight: 3
- name: appv2
weight: 1
appv1:
loadBalancer:
servers:
- url: "http://private-ip-server-1/"
appv2:
loadBalancer:
servers:
- url: "http://private-ip-server-2/"
```
2019-08-26 17:00:04 +00:00
### Mirroring (service)
The mirroring is able to mirror requests sent to a service to other services.
2020-03-05 17:03:08 +00:00
Please note that by default the whole request is buffered in memory while it is being mirrored.
See the maxBodySize option in the example below for how to modify this behaviour.
2019-08-26 17:00:04 +00:00
2019-12-10 15:12:06 +00:00
!!! info "Supported Providers"
This strategy can be defined currently with the [File ](../../providers/file.md ) or [IngressRoute ](../../providers/kubernetes-crd.md ) providers.
2019-08-26 17:00:04 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-08-26 17:00:04 +00:00
[http.services]
2019-09-12 08:18:04 +00:00
[http.services.mirrored-api]
[http.services.mirrored-api.mirroring]
service = "appv1"
2020-03-05 17:03:08 +00:00
# maxBodySize is the maximum size in bytes allowed for the body of the request.
# If the body is larger, the request is not mirrored.
# Default value is -1, which means unlimited size.
maxBodySize = 1024
2019-09-12 08:18:04 +00:00
[[http.services.mirrored-api.mirroring.mirrors]]
name = "appv2"
2019-08-26 17:00:04 +00:00
percent = 10
2019-09-12 08:18:04 +00:00
[http.services.appv1]
[http.services.appv1.loadBalancer]
2019-08-26 17:00:04 +00:00
[[http.services.appv1.loadBalancer.servers]]
url = "http://private-ip-server-1/"
2019-09-12 08:18:04 +00:00
[http.services.appv2]
[http.services.appv2.loadBalancer]
[[http.services.appv2.loadBalancer.servers]]
2019-08-26 17:00:04 +00:00
url = "http://private-ip-server-2/"
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-08-26 17:00:04 +00:00
http:
services:
2019-09-12 08:18:04 +00:00
mirrored-api:
2019-08-26 17:00:04 +00:00
mirroring:
2019-09-12 08:18:04 +00:00
service: appv1
2020-03-05 17:03:08 +00:00
# maxBodySize is the maximum size allowed for the body of the request.
# If the body is larger, the request is not mirrored.
# Default value is -1, which means unlimited size.
2020-09-23 09:38:03 +00:00
maxBodySize: 1024
2019-08-26 17:00:04 +00:00
mirrors:
2019-09-12 08:18:04 +00:00
- name: appv2
2019-08-26 17:00:04 +00:00
percent: 10
2019-09-12 08:18:04 +00:00
appv1:
2019-08-26 17:00:04 +00:00
loadBalancer:
servers:
- url: "http://private-ip-server-1/"
2019-09-12 08:18:04 +00:00
appv2:
2019-08-26 17:00:04 +00:00
loadBalancer:
servers:
- url: "http://private-ip-server-2/"
```
2019-03-14 08:30:04 +00:00
## Configuring TCP Services
### General
2019-09-13 18:00:06 +00:00
Each of the fields of the service section represents a kind of service.
Which means, that for each specified service, one of the fields, and only one,
has to be enabled to define what kind of service is created.
Currently, the two available kinds are `LoadBalancer` , and `Weighted` .
2019-03-14 08:30:04 +00:00
2019-09-13 18:00:06 +00:00
### Servers Load Balancer
2019-03-14 08:30:04 +00:00
2019-09-13 18:00:06 +00:00
The servers load balancer is in charge of balancing the requests between the servers of the same service.
2019-03-14 08:30:04 +00:00
??? example "Declaring a Service with Two Servers -- Using the [File Provider ](../../providers/file.md )"
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[tcp.services]
2019-07-01 09:30:05 +00:00
[tcp.services.my-service.loadBalancer]
[[tcp.services.my-service.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
[[tcp.services.my-service.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
tcp:
services:
my-service:
loadBalancer:
servers:
- address: "xx.xx.xx.xx:xx"
- address: "xx.xx.xx.xx:xx"
2019-03-14 08:30:04 +00:00
```
#### Servers
Servers declare a single instance of your program.
The `address` option (IP:Port) point to a specific instance.
??? example "A Service with One Server -- Using the [File Provider ](../../providers/file.md )"
2019-07-01 09:30:05 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-03-14 08:30:04 +00:00
[tcp.services]
2019-07-01 09:30:05 +00:00
[tcp.services.my-service.loadBalancer]
[[tcp.services.my-service.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-07-01 09:30:05 +00:00
tcp:
services:
my-service:
loadBalancer:
servers:
2019-10-11 15:20:05 +00:00
- address: "xx.xx.xx.xx:xx"
2019-03-14 08:30:04 +00:00
```
2019-09-13 15:46:04 +00:00
2020-11-17 12:04:04 +00:00
#### PROXY Protocol
Traefik supports [PROXY Protocol ](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt ) version 1 and 2 on TCP Services.
It can be enabled by setting `proxyProtocol` on the load balancer.
Below are the available options for the PROXY protocol:
- `version` specifies the version of the protocol to be used. Either `1` or `2` .
!!! info "Version"
Specifying a version is optional. By default the version 2 will be used.
??? example "A Service with Proxy Protocol v1 -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
## Dynamic configuration
[tcp.services]
[tcp.services.my-service.loadBalancer]
[tcp.services.my-service.loadBalancer.proxyProtocol]
version = 1
```
```yaml tab="YAML"
## Dynamic configuration
tcp:
services:
my-service:
loadBalancer:
proxyProtocol:
version: 1
```
2019-09-13 15:46:04 +00:00
#### Termination Delay
As a proxy between a client and a server, it can happen that either side (e.g. client side) decides to terminate its writing capability on the connection (i.e. issuance of a FIN packet).
The proxy needs to propagate that intent to the other side, and so when that happens, it also does the same on its connection with the other side (e.g. backend side).
However, if for some reason (bad implementation, or malicious intent) the other side does not eventually do the same as well,
the connection would stay half-open, which would lock resources for however long.
To that end, as soon as the proxy enters this termination sequence, it sets a deadline on fully terminating the connections on both sides.
The termination delay controls that deadline.
It is a duration in milliseconds, defaulting to 100.
A negative value means an infinite deadline (i.e. the connection is never fully terminated by the proxy itself).
??? example "A Service with a termination delay -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-09-13 15:46:04 +00:00
[tcp.services]
[tcp.services.my-service.loadBalancer]
[[tcp.services.my-service.loadBalancer]]
terminationDelay = 200
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-09-13 15:46:04 +00:00
tcp:
services:
my-service:
loadBalancer:
terminationDelay: 200
```
2019-09-13 18:00:06 +00:00
2019-09-23 12:32:04 +00:00
### Weighted Round Robin
2019-09-13 18:00:06 +00:00
The Weighted Round Robin (alias `WRR` ) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights.
This strategy is only available to load balance between [services ](./index.md ) and not between [servers ](./index.md#servers ).
2019-12-10 15:12:06 +00:00
!!! info "Supported Providers"
This strategy can be defined currently with the [File ](../../providers/file.md ) or [IngressRoute ](../../providers/kubernetes-crd.md ) providers.
2019-09-13 18:00:06 +00:00
```toml tab="TOML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-09-13 18:00:06 +00:00
[tcp.services]
[tcp.services.app]
[[tcp.services.app.weighted.services]]
name = "appv1"
weight = 3
[[tcp.services.app.weighted.services]]
name = "appv2"
weight = 1
[tcp.services.appv1]
[tcp.services.appv1.loadBalancer]
[[tcp.services.appv1.loadBalancer.servers]]
2019-11-08 13:28:05 +00:00
address = "private-ip-server-1:8080/"
2019-09-13 18:00:06 +00:00
[tcp.services.appv2]
[tcp.services.appv2.loadBalancer]
[[tcp.services.appv2.loadBalancer.servers]]
2019-11-08 13:28:05 +00:00
address = "private-ip-server-2:8080/"
2019-09-13 18:00:06 +00:00
```
```yaml tab="YAML"
2019-09-23 12:32:04 +00:00
## Dynamic configuration
2019-09-13 18:00:06 +00:00
tcp:
services:
app:
weighted:
services:
- name: appv1
weight: 3
- name: appv2
weight: 1
appv1:
loadBalancer:
servers:
- address: "xxx.xxx.xxx.xxx:8080"
appv2:
loadBalancer:
servers:
- address: "xxx.xxx.xxx.xxx:8080"
```
2020-02-11 00:26:04 +00:00
## Configuring UDP Services
### General
Each of the fields of the service section represents a kind of service.
Which means, that for each specified service, one of the fields, and only one,
has to be enabled to define what kind of service is created.
Currently, the two available kinds are `LoadBalancer` , and `Weighted` .
### Servers Load Balancer
The servers load balancer is in charge of balancing the requests between the servers of the same service.
??? example "Declaring a Service with Two Servers -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
## Dynamic configuration
[udp.services]
[udp.services.my-service.loadBalancer]
[[udp.services.my-service.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
[[udp.services.my-service.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
```yaml tab="YAML"
## Dynamic configuration
udp:
services:
my-service:
loadBalancer:
servers:
- address: "xx.xx.xx.xx:xx"
- address: "xx.xx.xx.xx:xx"
```
#### Servers
The Servers field defines all the servers that are part of this load-balancing group,
i.e. each address (IP:Port) on which an instance of the service's program is deployed.
??? example "A Service with One Server -- Using the [File Provider ](../../providers/file.md )"
```toml tab="TOML"
## Dynamic configuration
[udp.services]
[udp.services.my-service.loadBalancer]
[[udp.services.my-service.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
```yaml tab="YAML"
## Dynamic configuration
udp:
services:
my-service:
loadBalancer:
servers:
- address: "xx.xx.xx.xx:xx"
```
### Weighted Round Robin
The Weighted Round Robin (alias `WRR` ) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights.
This strategy is only available to load balance between [services ](./index.md ) and not between [servers ](./index.md#servers ).
This strategy can only be defined with [File ](../../providers/file.md ).
```toml tab="TOML"
## Dynamic configuration
[udp.services]
[udp.services.app]
[[udp.services.app.weighted.services]]
name = "appv1"
weight = 3
[[udp.services.app.weighted.services]]
name = "appv2"
weight = 1
[udp.services.appv1]
[udp.services.appv1.loadBalancer]
[[udp.services.appv1.loadBalancer.servers]]
address = "private-ip-server-1:8080/"
[udp.services.appv2]
[udp.services.appv2.loadBalancer]
[[udp.services.appv2.loadBalancer.servers]]
address = "private-ip-server-2:8080/"
```
```yaml tab="YAML"
## Dynamic configuration
udp:
services:
app:
weighted:
services:
- name: appv1
weight: 3
- name: appv2
weight: 1
appv1:
loadBalancer:
servers:
- address: "xxx.xxx.xxx.xxx:8080"
appv2:
loadBalancer:
servers:
- address: "xxx.xxx.xxx.xxx:8080"
```