2017-08-25 16:10:03 +02:00
package configuration
2015-09-07 10:38:58 +02:00
2015-09-25 11:44:19 +02:00
import (
2016-06-27 12:19:14 +02:00
"crypto/tls"
2016-01-23 17:41:56 +01:00
"fmt"
2017-06-23 15:15:07 +02:00
"io/ioutil"
2016-06-27 12:19:14 +02:00
"os"
2016-05-03 16:52:14 +02:00
"strings"
"time"
2016-08-05 11:02:46 -03:00
2017-03-27 11:51:53 +02:00
"github.com/containous/flaeg"
2016-08-05 11:02:46 -03:00
"github.com/containous/traefik/acme"
2017-10-16 12:46:03 +02:00
"github.com/containous/traefik/log"
2017-04-17 12:50:02 +02:00
"github.com/containous/traefik/provider/boltdb"
"github.com/containous/traefik/provider/consul"
2017-04-15 15:49:53 +02:00
"github.com/containous/traefik/provider/docker"
2017-04-17 12:50:02 +02:00
"github.com/containous/traefik/provider/dynamodb"
"github.com/containous/traefik/provider/ecs"
"github.com/containous/traefik/provider/etcd"
"github.com/containous/traefik/provider/eureka"
"github.com/containous/traefik/provider/file"
"github.com/containous/traefik/provider/kubernetes"
"github.com/containous/traefik/provider/marathon"
"github.com/containous/traefik/provider/mesos"
"github.com/containous/traefik/provider/rancher"
2017-08-25 16:10:03 +02:00
"github.com/containous/traefik/provider/web"
2017-04-17 12:50:02 +02:00
"github.com/containous/traefik/provider/zk"
2016-08-05 11:02:46 -03:00
"github.com/containous/traefik/types"
2015-09-25 11:44:19 +02:00
)
2017-08-18 15:34:04 +02:00
const (
// DefaultHealthCheckInterval is the default health check interval.
DefaultHealthCheckInterval = 30 * time . Second
// DefaultDialTimeout when connecting to a backend server.
DefaultDialTimeout = 30 * time . Second
2017-08-25 16:10:03 +02:00
2017-08-18 15:34:04 +02:00
// DefaultIdleTimeout before closing an idle connection.
DefaultIdleTimeout = 180 * time . Second
)
2017-03-24 09:36:33 +01:00
2015-11-06 18:11:57 +01:00
// GlobalConfiguration holds global configuration (with providers, etc.).
// It's populated from the traefik configuration file passed as an argument to the binary.
2015-09-10 15:13:35 +02:00
type GlobalConfiguration struct {
2017-10-02 10:32:02 +02:00
GraceTimeOut flaeg . Duration ` short:"g" description:"Duration to give active requests a chance to finish before Traefik stops" export:"true" `
Debug bool ` short:"d" description:"Enable debug mode" export:"true" `
CheckNewVersion bool ` description:"Periodically check if a new version has been released" export:"true" `
AccessLogsFile string ` description:"(Deprecated) Access logs file" export:"true" ` // Deprecated
AccessLog * types . AccessLog ` description:"Access log settings" export:"true" `
TraefikLogsFile string ` description:"Traefik logs file. Stdout is used when omitted or empty" export:"true" `
LogLevel string ` short:"l" description:"Log level" export:"true" `
EntryPoints EntryPoints ` description:"Entrypoints definition using format: --entryPoints='Name:http Address::8000 Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'" export:"true" `
Cluster * types . Cluster ` description:"Enable clustering" export:"true" `
Constraints types . Constraints ` description:"Filter services by constraint, matching with service tags" export:"true" `
ACME * acme . ACME ` description:"Enable ACME (Let's Encrypt): automatic SSL" export:"true" `
DefaultEntryPoints DefaultEntryPoints ` description:"Entrypoints to be used by frontends that do not specify any entrypoint" export:"true" `
ProvidersThrottleDuration flaeg . Duration ` description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time." export:"true" `
MaxIdleConnsPerHost int ` description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used" export:"true" `
IdleTimeout flaeg . Duration ` description:"(Deprecated) maximum amount of time an idle (keep-alive) connection will remain idle before closing itself." export:"true" ` // Deprecated
InsecureSkipVerify bool ` description:"Disable SSL certificate verification" export:"true" `
RootCAs RootCAs ` description:"Add cert file for self-signed certificate" `
Retry * Retry ` description:"Enable retry sending request if network error" export:"true" `
HealthCheck * HealthCheckConfig ` description:"Health check parameters" export:"true" `
RespondingTimeouts * RespondingTimeouts ` description:"Timeouts for incoming requests to the Traefik instance" export:"true" `
ForwardingTimeouts * ForwardingTimeouts ` description:"Timeouts for requests forwarded to the backend servers" export:"true" `
Docker * docker . Provider ` description:"Enable Docker backend with default settings" export:"true" `
File * file . Provider ` description:"Enable File backend with default settings" export:"true" `
Web * web . Provider ` description:"Enable Web backend with default settings" export:"true" `
Marathon * marathon . Provider ` description:"Enable Marathon backend with default settings" export:"true" `
Consul * consul . Provider ` description:"Enable Consul backend with default settings" export:"true" `
ConsulCatalog * consul . CatalogProvider ` description:"Enable Consul catalog backend with default settings" export:"true" `
Etcd * etcd . Provider ` description:"Enable Etcd backend with default settings" export:"true" `
Zookeeper * zk . Provider ` description:"Enable Zookeeper backend with default settings" export:"true" `
Boltdb * boltdb . Provider ` description:"Enable Boltdb backend with default settings" export:"true" `
Kubernetes * kubernetes . Provider ` description:"Enable Kubernetes backend with default settings" export:"true" `
Mesos * mesos . Provider ` description:"Enable Mesos backend with default settings" export:"true" `
Eureka * eureka . Provider ` description:"Enable Eureka backend with default settings" export:"true" `
ECS * ecs . Provider ` description:"Enable ECS backend with default settings" export:"true" `
Rancher * rancher . Provider ` description:"Enable Rancher backend with default settings" export:"true" `
DynamoDB * dynamodb . Provider ` description:"Enable DynamoDB backend with default settings" export:"true" `
2015-09-10 15:13:35 +02:00
}
2017-10-23 14:48:03 +01:00
// SetEffectiveConfiguration adds missing configuration parameters derived from existing ones.
// It also takes care of maintaining backwards compatibility.
func ( gc * GlobalConfiguration ) SetEffectiveConfiguration ( ) {
if len ( gc . EntryPoints ) == 0 {
gc . EntryPoints = map [ string ] * EntryPoint { "http" : {
Address : ":80" ,
ForwardedHeaders : & ForwardedHeaders { Insecure : true } ,
} }
gc . DefaultEntryPoints = [ ] string { "http" }
}
// ForwardedHeaders must be remove in the next breaking version
for entryPointName := range gc . EntryPoints {
entryPoint := gc . EntryPoints [ entryPointName ]
if entryPoint . ForwardedHeaders == nil {
entryPoint . ForwardedHeaders = & ForwardedHeaders { Insecure : true }
}
}
if gc . Rancher != nil {
// Ensure backwards compatibility for now
if len ( gc . Rancher . AccessKey ) > 0 ||
len ( gc . Rancher . Endpoint ) > 0 ||
len ( gc . Rancher . SecretKey ) > 0 {
if gc . Rancher . API == nil {
gc . Rancher . API = & rancher . APIConfiguration {
AccessKey : gc . Rancher . AccessKey ,
SecretKey : gc . Rancher . SecretKey ,
Endpoint : gc . Rancher . Endpoint ,
}
}
log . Warn ( "Deprecated configuration found: rancher.[accesskey|secretkey|endpoint]. " +
"Please use rancher.api.[accesskey|secretkey|endpoint] instead." )
}
if gc . Rancher . Metadata != nil && len ( gc . Rancher . Metadata . Prefix ) == 0 {
gc . Rancher . Metadata . Prefix = "latest"
}
}
if gc . Debug {
gc . LogLevel = "DEBUG"
}
if gc . Web != nil && ( gc . Web . Path == "" || ! strings . HasSuffix ( gc . Web . Path , "/" ) ) {
gc . Web . Path += "/"
}
}
2016-01-29 20:34:17 +01:00
// DefaultEntryPoints holds default entry points
type DefaultEntryPoints [ ] string
// String is the method to format the flag's value, part of the flag.Value interface.
// The String method's output will be used in diagnostics.
func ( dep * DefaultEntryPoints ) String ( ) string {
2016-05-27 11:13:34 +02:00
return strings . Join ( * dep , "," )
2016-01-29 20:34:17 +01:00
}
// Set is the method to set the flag value, part of the flag.Value interface.
// Set's argument is a string to be parsed to set the flag.
// It's a comma-separated list, so we split it.
func ( dep * DefaultEntryPoints ) Set ( value string ) error {
entrypoints := strings . Split ( value , "," )
if len ( entrypoints ) == 0 {
2017-05-26 17:03:14 +02:00
return fmt . Errorf ( "bad DefaultEntryPoints format: %s" , value )
2016-01-29 20:34:17 +01:00
}
for _ , entrypoint := range entrypoints {
* dep = append ( * dep , entrypoint )
}
return nil
}
2016-05-03 16:52:14 +02:00
// Get return the EntryPoints map
2016-08-16 19:13:18 +02:00
func ( dep * DefaultEntryPoints ) Get ( ) interface { } {
return DefaultEntryPoints ( * dep )
}
2016-05-03 16:52:14 +02:00
// SetValue sets the EntryPoints map with val
func ( dep * DefaultEntryPoints ) SetValue ( val interface { } ) {
* dep = DefaultEntryPoints ( val . ( DefaultEntryPoints ) )
}
2016-01-29 20:34:17 +01:00
// Type is type of the struct
func ( dep * DefaultEntryPoints ) Type ( ) string {
2017-06-23 15:15:07 +02:00
return "defaultentrypoints"
}
// RootCAs hold the CA we want to have in root
type RootCAs [ ] FileOrContent
// FileOrContent hold a file path or content
type FileOrContent string
func ( f FileOrContent ) String ( ) string {
return string ( f )
}
func ( f FileOrContent ) Read ( ) ( [ ] byte , error ) {
var content [ ] byte
if _ , err := os . Stat ( f . String ( ) ) ; err == nil {
content , err = ioutil . ReadFile ( f . String ( ) )
if err != nil {
return nil , err
}
} else {
content = [ ] byte ( f )
}
return content , nil
}
// String is the method to format the flag's value, part of the flag.Value interface.
// The String method's output will be used in diagnostics.
func ( r * RootCAs ) String ( ) string {
sliceOfString := make ( [ ] string , len ( [ ] FileOrContent ( * r ) ) )
for key , value := range * r {
sliceOfString [ key ] = value . String ( )
}
return strings . Join ( sliceOfString , "," )
}
// Set is the method to set the flag value, part of the flag.Value interface.
// Set's argument is a string to be parsed to set the flag.
// It's a comma-separated list, so we split it.
func ( r * RootCAs ) Set ( value string ) error {
rootCAs := strings . Split ( value , "," )
if len ( rootCAs ) == 0 {
return fmt . Errorf ( "bad RootCAs format: %s" , value )
}
for _ , rootCA := range rootCAs {
* r = append ( * r , FileOrContent ( rootCA ) )
}
return nil
}
// Get return the EntryPoints map
func ( r * RootCAs ) Get ( ) interface { } {
return RootCAs ( * r )
}
// SetValue sets the EntryPoints map with val
func ( r * RootCAs ) SetValue ( val interface { } ) {
* r = RootCAs ( val . ( RootCAs ) )
}
// Type is type of the struct
func ( r * RootCAs ) Type ( ) string {
return "rootcas"
2016-01-29 20:34:17 +01:00
}
// EntryPoints holds entry points configuration of the reverse proxy (ip, port, TLS...)
type EntryPoints map [ string ] * EntryPoint
// String is the method to format the flag's value, part of the flag.Value interface.
// The String method's output will be used in diagnostics.
func ( ep * EntryPoints ) String ( ) string {
2016-05-25 17:06:34 +02:00
return fmt . Sprintf ( "%+v" , * ep )
2016-01-29 20:34:17 +01:00
}
// Set is the method to set the flag value, part of the flag.Value interface.
// Set's argument is a string to be parsed to set the flag.
// It's a comma-separated list, so we split it.
func ( ep * EntryPoints ) Set ( value string ) error {
2017-10-13 15:04:02 +02:00
result := parseEntryPointsConfiguration ( value )
2017-09-15 20:56:04 +02:00
2017-08-25 16:10:03 +02:00
var configTLS * TLS
2017-10-13 15:04:02 +02:00
if len ( result [ "tls" ] ) > 0 {
2016-01-29 20:34:17 +01:00
certs := Certificates { }
2017-10-13 15:04:02 +02:00
if err := certs . Set ( result [ "tls" ] ) ; err != nil {
2016-03-22 01:32:02 +01:00
return err
}
2017-08-25 16:10:03 +02:00
configTLS = & TLS {
2016-01-29 20:34:17 +01:00
Certificates : certs ,
}
2017-10-13 15:04:02 +02:00
} else if len ( result [ "tls_acme" ] ) > 0 {
2017-08-25 16:10:03 +02:00
configTLS = & TLS {
2016-07-05 10:54:58 +02:00
Certificates : Certificates { } ,
}
2016-01-29 20:34:17 +01:00
}
2017-10-13 15:04:02 +02:00
if len ( result [ "ca" ] ) > 0 {
files := strings . Split ( result [ "ca" ] , "," )
2017-08-25 16:10:03 +02:00
configTLS . ClientCAFiles = files
2016-06-15 22:38:40 +02:00
}
2016-01-29 20:34:17 +01:00
var redirect * Redirect
2017-10-13 15:04:02 +02:00
if len ( result [ "redirect_entrypoint" ] ) > 0 || len ( result [ "redirect_regex" ] ) > 0 || len ( result [ "redirect_replacement" ] ) > 0 {
2016-01-29 20:34:17 +01:00
redirect = & Redirect {
2017-10-13 15:04:02 +02:00
EntryPoint : result [ "redirect_entrypoint" ] ,
Regex : result [ "redirect_regex" ] ,
Replacement : result [ "redirect_replacement" ] ,
2016-01-29 20:34:17 +01:00
}
}
2017-07-08 19:21:14 +09:00
whiteListSourceRange := [ ] string { }
2017-10-13 15:04:02 +02:00
if len ( result [ "whitelistsourcerange" ] ) > 0 {
whiteListSourceRange = strings . Split ( result [ "whitelistsourcerange" ] , "," )
2017-07-08 19:21:14 +09:00
}
2017-10-13 15:04:02 +02:00
compress := toBool ( result , "compress" )
2017-10-10 14:50:03 +02:00
var proxyProtocol * ProxyProtocol
2017-10-16 12:46:03 +02:00
ppTrustedIPs := result [ "proxyprotocol_trustedips" ]
if len ( result [ "proxyprotocol_insecure" ] ) > 0 || len ( ppTrustedIPs ) > 0 {
2017-10-10 14:50:03 +02:00
proxyProtocol = & ProxyProtocol {
2017-10-16 12:46:03 +02:00
Insecure : toBool ( result , "proxyprotocol_insecure" ) ,
2017-10-10 14:50:03 +02:00
}
2017-10-16 12:46:03 +02:00
if len ( ppTrustedIPs ) > 0 {
proxyProtocol . TrustedIPs = strings . Split ( ppTrustedIPs , "," )
}
}
// TODO must be changed to false by default in the next breaking version.
forwardedHeaders := & ForwardedHeaders { Insecure : true }
if _ , ok := result [ "forwardedheaders_insecure" ] ; ok {
forwardedHeaders . Insecure = toBool ( result , "forwardedheaders_insecure" )
}
fhTrustedIPs := result [ "forwardedheaders_trustedips" ]
if len ( fhTrustedIPs ) > 0 {
// TODO must be removed in the next breaking version.
forwardedHeaders . Insecure = toBool ( result , "forwardedheaders_insecure" )
forwardedHeaders . TrustedIPs = strings . Split ( fhTrustedIPs , "," )
}
if proxyProtocol != nil && proxyProtocol . Insecure {
log . Warn ( "ProxyProtocol.Insecure:true is dangerous. Please use 'ProxyProtocol.TrustedIPs:IPs' and remove 'ProxyProtocol.Insecure:true'" )
2017-10-10 14:50:03 +02:00
}
2017-08-25 21:32:03 +02:00
2017-10-13 15:04:02 +02:00
( * ep ) [ result [ "name" ] ] = & EntryPoint {
Address : result [ "address" ] ,
2017-08-25 16:10:03 +02:00
TLS : configTLS ,
2017-07-08 19:21:14 +09:00
Redirect : redirect ,
Compress : compress ,
WhitelistSourceRange : whiteListSourceRange ,
2017-09-15 20:56:04 +02:00
ProxyProtocol : proxyProtocol ,
2017-10-16 12:46:03 +02:00
ForwardedHeaders : forwardedHeaders ,
2016-01-29 20:34:17 +01:00
}
return nil
}
2017-10-13 15:04:02 +02:00
func parseEntryPointsConfiguration ( raw string ) map [ string ] string {
sections := strings . Fields ( raw )
config := make ( map [ string ] string )
for _ , part := range sections {
field := strings . SplitN ( part , ":" , 2 )
name := strings . ToLower ( strings . Replace ( field [ 0 ] , "." , "_" , - 1 ) )
if len ( field ) > 1 {
config [ name ] = field [ 1 ]
} else {
if strings . EqualFold ( name , "TLS" ) {
config [ "tls_acme" ] = "TLS"
} else {
config [ name ] = ""
}
2017-09-15 20:56:04 +02:00
}
}
2017-10-13 15:04:02 +02:00
return config
2017-09-15 20:56:04 +02:00
}
func toBool ( conf map [ string ] string , key string ) bool {
if val , ok := conf [ key ] ; ok {
return strings . EqualFold ( val , "true" ) ||
strings . EqualFold ( val , "enable" ) ||
strings . EqualFold ( val , "on" )
}
return false
}
2016-05-03 16:52:14 +02:00
// Get return the EntryPoints map
2016-08-16 19:13:18 +02:00
func ( ep * EntryPoints ) Get ( ) interface { } {
return EntryPoints ( * ep )
}
2016-05-03 16:52:14 +02:00
// SetValue sets the EntryPoints map with val
func ( ep * EntryPoints ) SetValue ( val interface { } ) {
* ep = EntryPoints ( val . ( EntryPoints ) )
}
2016-01-29 20:34:17 +01:00
// Type is type of the struct
func ( ep * EntryPoints ) Type ( ) string {
2017-06-23 15:15:07 +02:00
return "entrypoints"
2016-05-31 09:54:42 +02:00
}
2016-01-29 20:34:17 +01:00
// EntryPoint holds an entry point configuration of the reverse proxy (ip, port, TLS...)
type EntryPoint struct {
2017-07-08 19:21:14 +09:00
Network string
Address string
2017-10-02 10:32:02 +02:00
TLS * TLS ` export:"true" `
Redirect * Redirect ` export:"true" `
Auth * types . Auth ` export:"true" `
2017-07-08 19:21:14 +09:00
WhitelistSourceRange [ ] string
2017-10-16 12:46:03 +02:00
Compress bool ` export:"true" `
ProxyProtocol * ProxyProtocol ` export:"true" `
ForwardedHeaders * ForwardedHeaders ` export:"true" `
2016-01-29 20:34:17 +01:00
}
// Redirect configures a redirection of an entry point to another, or to an URL
type Redirect struct {
EntryPoint string
Regex string
Replacement string
}
// TLS configures TLS for an entry point
type TLS struct {
2017-10-02 10:32:02 +02:00
MinVersion string ` export:"true" `
2016-09-20 00:06:06 -06:00
CipherSuites [ ] string
2016-06-15 22:38:40 +02:00
Certificates Certificates
ClientCAFiles [ ] string
2016-01-29 20:34:17 +01:00
}
2017-08-25 16:10:03 +02:00
// MinVersion Map of allowed TLS minimum versions
var MinVersion = map [ string ] uint16 {
2016-09-20 00:06:06 -06:00
` VersionTLS10 ` : tls . VersionTLS10 ,
` VersionTLS11 ` : tls . VersionTLS11 ,
` VersionTLS12 ` : tls . VersionTLS12 ,
}
2017-08-25 16:10:03 +02:00
// CipherSuites Map of TLS CipherSuites from crypto/tls
2017-03-13 00:18:00 -05:00
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
2017-08-25 16:10:03 +02:00
var CipherSuites = map [ string ] uint16 {
2017-03-13 00:18:00 -05:00
` TLS_RSA_WITH_RC4_128_SHA ` : tls . TLS_RSA_WITH_RC4_128_SHA ,
` TLS_RSA_WITH_3DES_EDE_CBC_SHA ` : tls . TLS_RSA_WITH_3DES_EDE_CBC_SHA ,
` TLS_RSA_WITH_AES_128_CBC_SHA ` : tls . TLS_RSA_WITH_AES_128_CBC_SHA ,
` TLS_RSA_WITH_AES_256_CBC_SHA ` : tls . TLS_RSA_WITH_AES_256_CBC_SHA ,
` TLS_RSA_WITH_AES_128_CBC_SHA256 ` : tls . TLS_RSA_WITH_AES_128_CBC_SHA256 ,
` TLS_RSA_WITH_AES_128_GCM_SHA256 ` : tls . TLS_RSA_WITH_AES_128_GCM_SHA256 ,
` TLS_RSA_WITH_AES_256_GCM_SHA384 ` : tls . TLS_RSA_WITH_AES_256_GCM_SHA384 ,
` TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ` : tls . TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ,
` TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ` : tls . TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ,
` TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ` : tls . TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ,
` TLS_ECDHE_RSA_WITH_RC4_128_SHA ` : tls . TLS_ECDHE_RSA_WITH_RC4_128_SHA ,
` TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ` : tls . TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ,
` TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ` : tls . TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ,
` TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ` : tls . TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ,
` TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ` : tls . TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ,
` TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ` : tls . TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ,
` TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ` : tls . TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ,
` TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ` : tls . TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ,
` TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ` : tls . TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,
` TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ` : tls . TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ,
` TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 ` : tls . TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 ,
` TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 ` : tls . TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 ,
2016-09-20 00:06:06 -06:00
}
2016-01-13 22:46:44 +01:00
// Certificates defines traefik certificates type
2016-07-13 17:18:55 +02:00
// Certs and Keys could be either a file path, or the file content itself
2016-01-13 22:46:44 +01:00
type Certificates [ ] Certificate
2016-06-27 12:19:14 +02:00
//CreateTLSConfig creates a TLS config from Certificate structures
func ( certs * Certificates ) CreateTLSConfig ( ) ( * tls . Config , error ) {
config := & tls . Config { }
config . Certificates = [ ] tls . Certificate { }
certsSlice := [ ] Certificate ( * certs )
for _ , v := range certsSlice {
var err error
2017-06-23 15:15:07 +02:00
certContent , err := v . CertFile . Read ( )
if err != nil {
return nil , err
2016-06-27 12:19:14 +02:00
}
2017-06-23 15:15:07 +02:00
keyContent , err := v . KeyFile . Read ( )
if err != nil {
return nil , err
}
2017-10-02 10:32:02 +02:00
cert , err := tls . X509KeyPair ( certContent , keyContent )
2017-06-23 15:15:07 +02:00
if err != nil {
return nil , err
}
2016-06-27 12:19:14 +02:00
config . Certificates = append ( config . Certificates , cert )
}
return config , nil
}
2016-01-13 22:46:44 +01:00
// String is the method to format the flag's value, part of the flag.Value interface.
// The String method's output will be used in diagnostics.
func ( certs * Certificates ) String ( ) string {
if len ( * certs ) == 0 {
return ""
}
2016-10-21 13:41:11 +02:00
var result [ ] string
for _ , certificate := range * certs {
2017-06-23 15:15:07 +02:00
result = append ( result , certificate . CertFile . String ( ) + "," + certificate . KeyFile . String ( ) )
2016-10-21 13:41:11 +02:00
}
return strings . Join ( result , ";" )
2016-01-13 22:46:44 +01:00
}
// Set is the method to set the flag value, part of the flag.Value interface.
// Set's argument is a string to be parsed to set the flag.
// It's a comma-separated list, so we split it.
func ( certs * Certificates ) Set ( value string ) error {
2016-10-21 13:41:11 +02:00
certificates := strings . Split ( value , ";" )
for _ , certificate := range certificates {
files := strings . Split ( certificate , "," )
if len ( files ) != 2 {
2017-05-26 17:03:14 +02:00
return fmt . Errorf ( "bad certificates format: %s" , value )
2016-10-21 13:41:11 +02:00
}
* certs = append ( * certs , Certificate {
2017-06-23 15:15:07 +02:00
CertFile : FileOrContent ( files [ 0 ] ) ,
KeyFile : FileOrContent ( files [ 1 ] ) ,
2016-10-21 13:41:11 +02:00
} )
2016-01-13 22:46:44 +01:00
}
return nil
}
// Type is type of the struct
func ( certs * Certificates ) Type ( ) string {
2017-06-23 15:15:07 +02:00
return "certificates"
2016-01-13 22:46:44 +01:00
}
2015-11-21 02:59:49 +01:00
// Certificate holds a SSL cert/key pair
2016-07-13 17:18:55 +02:00
// Certs and Key could be either a file path, or the file content itself
2015-11-21 02:59:49 +01:00
type Certificate struct {
2017-06-23 15:15:07 +02:00
CertFile FileOrContent
KeyFile FileOrContent
2015-11-21 02:59:49 +01:00
}
2016-03-29 22:25:32 +02:00
// Retry contains request retry config
type Retry struct {
2017-10-02 10:32:02 +02:00
Attempts int ` description:"Number of attempts" export:"true" `
2016-03-29 22:25:32 +02:00
}
2017-03-24 09:36:33 +01:00
// HealthCheckConfig contains health check configuration parameters.
type HealthCheckConfig struct {
2017-10-02 10:32:02 +02:00
Interval flaeg . Duration ` description:"Default periodicity of enabled health checks" export:"true" `
2017-03-24 09:36:33 +01:00
}
2017-08-18 15:34:04 +02:00
// RespondingTimeouts contains timeout configurations for incoming requests to the Traefik instance.
type RespondingTimeouts struct {
2017-10-02 10:32:02 +02:00
ReadTimeout flaeg . Duration ` description:"ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set" export:"true" `
WriteTimeout flaeg . Duration ` description:"WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set" export:"true" `
IdleTimeout flaeg . Duration ` description:"IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. Defaults to 180 seconds. If zero, no timeout is set" export:"true" `
2017-08-18 15:34:04 +02:00
}
// ForwardingTimeouts contains timeout configurations for forwarding requests to the backend servers.
type ForwardingTimeouts struct {
2017-10-02 10:32:02 +02:00
DialTimeout flaeg . Duration ` description:"The amount of time to wait until a connection to a backend server can be established. Defaults to 30 seconds. If zero, no timeout exists" export:"true" `
ResponseHeaderTimeout flaeg . Duration ` description:"The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists" export:"true" `
2017-08-18 15:34:04 +02:00
}
2017-10-10 14:50:03 +02:00
// ProxyProtocol contains Proxy-Protocol configuration
type ProxyProtocol struct {
2017-10-16 12:46:03 +02:00
Insecure bool
TrustedIPs [ ] string
}
// ForwardedHeaders Trust client forwarding headers
type ForwardedHeaders struct {
Insecure bool
2017-10-10 14:50:03 +02:00
TrustedIPs [ ] string
}