baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
traefik/docs/configuration/backends/docker.md

352 lines
35 KiB
Markdown
Raw Normal View History

fix Docker labels documentation render.
2017-12-01 08:36:02 +00:00
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
# Docker Backend
Refactor doc pages
2017-08-25 19:32:33 +00:00
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
Træfik can be configured to use Docker as a backend configuration.
## Docker
Refactor doc pages
2017-08-25 19:32:33 +00:00
```toml
################################################################
# Docker configuration backend
################################################################
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Enable Docker configuration backend.
Refactor doc pages
2017-08-25 19:32:33 +00:00
[docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
#
endpoint = "unix:///var/run/docker.sock"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Required
#
domain = "docker.localhost"
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Enable watch docker changes.
Refactor doc pages
2017-08-25 19:32:33 +00:00
#
# Optional
#
watch = true
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Override default configuration template.
# For advanced users :)
Refactor doc pages
2017-08-25 19:32:33 +00:00
#
# Optional
#
# filename = "docker.tmpl"
Segment labels: Docker
2018-03-23 12:30:03 +00:00
# Override template version
# For advanced users :)
#
# Optional
# - "1": previous template version (must be used only with older custom templates, see "filename")
# - "2": current template version (must be used to force template version when "filename" is used)
#
# templateVersion = "2"
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Expose containers by default in Traefik.
# If set to false, containers that don't have `traefik.enable=true` will be ignored.
Refactor doc pages
2017-08-25 19:32:33 +00:00
#
# Optional
# Default: true
#
exposedbydefault = true
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Use the IP address from the binded port instead of the inner network one.
# For specific use-case :)
Refactor doc pages
2017-08-25 19:32:33 +00:00
#
# Optional
# Default: false
#
usebindportip = true
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Use Swarm Mode services as data provider.
Refactor doc pages
2017-08-25 19:32:33 +00:00
#
# Optional
# Default: false
#
swarmmode = false
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Enable docker TLS connection.
Refactor doc pages
2017-08-25 19:32:33 +00:00
#
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
# Optional
#
Refactor doc pages
2017-08-25 19:32:33 +00:00
# [docker.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
# key = "/etc/ssl/docker.key"
# insecureskipverify = true
```
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
## Docker Swarm Mode
```toml
################################################################
# Docker Swarmmode configuration backend
################################################################
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Enable Docker configuration backend.
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
[docker]
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Docker server endpoint.
# Can be a tcp or a unix socket endpoint.
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
#
# Required
# Default: "unix:///var/run/docker.sock"
#
endpoint = "tcp://127.0.0.1:2375"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a services.
#
# Optional
# Default: ""
#
domain = "docker.localhost"
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Enable watch docker changes.
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
#
# Optional
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Default: true
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
#
watch = true
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Use Docker Swarm Mode as data provider.
#
# Optional
# Default: false
#
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
swarmmode = true
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Override default configuration template.
# For advanced users :)
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
#
# Optional
#
# filename = "docker.tmpl"
Segment labels: Docker
2018-03-23 12:30:03 +00:00
# Override template version
# For advanced users :)
#
# Optional
# - "1": previous template version (must be used only with older custom templates, see "filename")
# - "2": current template version (must be used to force template version when "filename" is used)
#
# templateVersion = "2"
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Expose services by default in Traefik.
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
#
# Optional
# Default: true
#
exposedbydefault = false
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# Enable docker TLS connection.
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
#
# Optional
#
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
# [docker.tls]
doc: structural review - user-guide review. - add DataDog and StatD configuration. - sync sample.toml and doc. - split entry points doc. - Deprecated.
2017-08-26 10:12:44 +00:00
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
# key = "/etc/ssl/docker.key"
# insecureskipverify = true
```
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
Segments Labels: Rancher & Marathon
2018-03-26 13:32:04 +00:00
## Labels: overriding default behavior
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
Segments Labels: Rancher & Marathon
2018-03-26 13:32:04 +00:00
### Using Docker with Swarm Mode
Add a note on how to add label to a docker compose file
2018-01-04 09:34:03 +00:00
Miss-leading Docker backend documentation
2018-03-22 09:22:04 +00:00
If you use a compose file with the Swarm mode, labels should be defined in the `deploy` part of your service.
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/#labels-1)).
Add a note on how to add label to a docker compose file
2018-01-04 09:34:03 +00:00
```yaml
version: "3"
services:
whoami:
deploy:
labels:
traefik.docker.network: traefik
```
Segments Labels: Rancher & Marathon
2018-03-26 13:32:04 +00:00
### Using Docker Compose
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
Merge branch 'v1.5' into master
2018-03-22 11:46:51 +00:00
If you are intending to use only Docker Compose commands (e.g. `docker-compose up --scale whoami=2 -d`), labels should be under your service, otherwise they will be ignored.
Miss-leading Docker backend documentation
2018-03-22 09:22:04 +00:00
```yaml
version: "3"
services:
whoami:
labels:
traefik.docker.network: traefik
```
Refactor doc pages
2017-08-25 19:32:33 +00:00
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
### On Containers
Merge branch 'v1.5' into master
2018-03-22 11:46:51 +00:00
Labels can be used on containers to override default behavior.
Ability to use "X-Forwarded-For" as a source of IP for white list.
2018-03-23 16:40:04 +00:00
| Label | Description |
|------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.docker.network` | Set the docker network to use for connections to this container. [1] |
| `traefik.enable=false` | Disable this container in Træfik |
| `traefik.port=80` | Register this port. Useful when the container exposes multiples ports. |
| `traefik.protocol=https` | Override the default `http` protocol |
| `traefik.weight=10` | Assign this weight to the container |
| `traefik.backend=foo` | Give the name `foo` to the generated backend for this container. |
| `traefik.backend.buffering.maxRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
| `traefik.backend.buffering.maxResponseBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
| `traefik.backend.buffering.memRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
| `traefik.backend.buffering.memResponseBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
| `traefik.backend.buffering.retryExpression=EXPR` | See [buffering](/configuration/commons/#buffering) section. |
| `traefik.backend.circuitbreaker.expression=EXPR` | Create a [circuit breaker](/basics/#backends) to be used against the backend |
| `traefik.backend.healthcheck.path=/health` | Enable health check for the backend, hitting the container at `path`. |
| `traefik.backend.healthcheck.port=8080` | Allow to use a different port for the health check. |
| `traefik.backend.healthcheck.interval=1s` | Define the health check interval. |
| `traefik.backend.loadbalancer.method=drr` | Override the default `wrr` load balancer algorithm |
| `traefik.backend.loadbalancer.stickiness=true` | Enable backend sticky sessions |
| `traefik.backend.loadbalancer.stickiness.cookieName=NAME` | Manually set the cookie name for sticky sessions |
| `traefik.backend.loadbalancer.sticky=true` | Enable backend sticky sessions (DEPRECATED) |
| `traefik.backend.loadbalancer.swarm=true` | Use Swarm's inbuilt load balancer (only relevant under Swarm Mode). |
| `traefik.backend.maxconn.amount=10` | Set a maximum number of connections to the backend.<br>Must be used in conjunction with the below label to take effect. |
| `traefik.backend.maxconn.extractorfunc=client.ip` | Set the function to be used against the request to determine what to limit maximum connections to the backend by.<br>Must be used in conjunction with the above label to take effect. |
| `traefik.frontend.auth.basic=EXPR` | Sets basic authentication for that frontend in CSV format: `User:Hash,User:Hash` |
| `traefik.frontend.entryPoints=http,https` | Assign this frontend to entry points `http` and `https`.<br>Overrides `defaultEntryPoints` |
| `traefik.frontend.errors.<name>.backend=NAME` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
| `traefik.frontend.errors.<name>.query=PATH` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
| `traefik.frontend.errors.<name>.status=RANGE` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
| `traefik.frontend.passHostHeader=true` | Forward client `Host` header to the backend. |
| `traefik.frontend.passTLSCert=true` | Forward TLS Client certificates to the backend. |
| `traefik.frontend.priority=10` | Override default frontend priority |
| `traefik.frontend.rateLimit.extractorFunc=EXP` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.frontend.rateLimit.rateSet.<name>.period=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.frontend.rateLimit.rateSet.<name>.average=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.frontend.rateLimit.rateSet.<name>.burst=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.frontend.redirect.entryPoint=https` | Enables Redirect to another entryPoint for that frontend (e.g. HTTPS) |
| `traefik.frontend.redirect.regex=^http://localhost/(.*)` | Redirect to another URL for that frontend.<br>Must be set with `traefik.frontend.redirect.replacement`. |
| `traefik.frontend.redirect.replacement=http://mydomain/$1` | Redirect to another URL for that frontend.<br>Must be set with `traefik.frontend.redirect.regex`. |
| `traefik.frontend.redirect.permanent=true` | Return 301 instead of 302. |
| `traefik.frontend.rule=EXPR` | Override the default frontend rule. Default: `Host:{containerName}.{domain}` or `Host:{service}.{project_name}.{domain}` if you are using `docker-compose`. |
| `traefik.frontend.whiteList.sourceRange=RANGE` | List of IP-Ranges which are allowed to access.<br>An unset or empty list allows all Source-IPs to access.<br>If one of the Net-Specifications are invalid, the whole list is invalid and allows all Source-IPs to access. |
| `traefik.frontend.whiteList.useXForwardedFor=true` | Use `X-Forwarded-For` header as valid source of IP for the white list. |
Miss-leading Docker backend documentation
2018-03-22 09:22:04 +00:00
[1] `traefik.docker.network`:
If a container is linked to several networks, be sure to set the proper network name (you can check with `docker inspect <container_id>`) otherwise it will randomly pick one (depending on how docker is returning them).
For instance when deploying docker `stack` from compose files, the compose defined networks will be prefixed with the `stack` name.
Or if your service references external network use it's name instead.
Enhance documentation readability.
2017-09-11 17:10:04 +00:00
Split security labels and custom labels documentation.
2018-02-16 15:04:05 +00:00
#### Custom Headers
| Label | Description |
|-------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.frontend.headers.customRequestHeaders=EXPR ` | Provides the container with custom request headers that will be appended to each request forwarded to the container.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
| `traefik.frontend.headers.customResponseHeaders=EXPR` | Appends the headers to each response returned by the container, before forwarding the response to the client.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
Add docker security headers via labels
2017-11-22 18:40:04 +00:00
#### Security Headers
fix Docker labels documentation render.
2017-12-01 08:36:02 +00:00
| Label | Description |
|----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
doc(docker): order labels.
2017-12-16 11:42:57 +00:00
| `traefik.frontend.headers.allowedHosts=EXPR` | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2` |
| `traefik.frontend.headers.hostsProxyHeaders=EXPR ` | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2` |
fix Docker labels documentation render.
2017-12-01 08:36:02 +00:00
| `traefik.frontend.headers.SSLRedirect=true` | Forces the frontend to redirect to SSL if a non-SSL request is sent. |
| `traefik.frontend.headers.SSLTemporaryRedirect=true` | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301. |
| `traefik.frontend.headers.SSLHost=HOST` | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request. |
doc(docker): order labels.
2017-12-16 11:42:57 +00:00
| `traefik.frontend.headers.SSLProxyHeaders=EXPR` | Header combinations that would signify a proper SSL Request (Such as `X-Forwarded-For:https`).<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
fix Docker labels documentation render.
2017-12-01 08:36:02 +00:00
| `traefik.frontend.headers.STSSeconds=315360000` | Sets the max-age of the STS header. |
| `traefik.frontend.headers.STSIncludeSubdomains=true` | Adds the `IncludeSubdomains` section of the STS header. |
| `traefik.frontend.headers.STSPreload=true` | Adds the preload flag to the STS header. |
| `traefik.frontend.headers.forceSTSHeader=false` | Adds the STS header to non-SSL requests. |
| `traefik.frontend.headers.frameDeny=false` | Adds the `X-Frame-Options` header with the value of `DENY`. |
| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
New option in secure middleware
2018-03-02 13:24:03 +00:00
| `traefik.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
fix Docker labels documentation render.
2017-12-01 08:36:02 +00:00
| `traefik.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
| `traefik.frontend.headers.isDevelopment=false` | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
Segment labels: Docker
2018-03-23 12:30:03 +00:00
### On containers with Multiple Ports (segment labels)
Segment labels are used to define routes to a container exposing multiple ports.
A segment is a group of labels that apply to a port exposed by a container.
You can define as many segments as ports exposed in a container.
Refactor doc pages
2017-08-25 19:32:33 +00:00
Segment labels: Docker
2018-03-23 12:30:03 +00:00
Segment labels override the default behavior.
Refactor doc pages
2017-08-25 19:32:33 +00:00
Support regex redirect by frontend
2017-12-15 10:48:03 +00:00
| Label | Description |
|---------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------|
Segment labels: Docker
2018-03-23 12:30:03 +00:00
| `traefik.<segment_name>.port=PORT` | Overrides `traefik.port`. If several ports need to be exposed, the segment labels could be used. |
| `traefik.<segment_name>.protocol` | Overrides `traefik.protocol`. |
| `traefik.<segment_name>.weight` | Assign this segment weight. Overrides `traefik.weight`. |
| `traefik.<segment_name>.frontend.auth.basic` | Sets a Basic Auth for that frontend |
| `traefik.<segment_name>.frontend.backend=BACKEND` | Assign this segment frontend to `BACKEND`. Default is to assign to the segment backend. |
| `traefik.<segment_name>.frontend.entryPoints` | Overrides `traefik.frontend.entrypoints` |
| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
| `traefik.<segment_name>.frontend.errors.<name>.query=PATH` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
| `traefik.<segment_name>.frontend.passHostHeader` | Overrides `traefik.frontend.passHostHeader`. |
| `traefik.<segment_name>.frontend.passTLSCert` | Overrides `traefik.frontend.passTLSCert`. |
| `traefik.<segment_name>.frontend.priority` | Overrides `traefik.frontend.priority`. |
| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
| `traefik.<segment_name>.frontend.redirect.entryPoint=https` | Overrides `traefik.frontend.redirect.entryPoint`. |
| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)` | Overrides `traefik.frontend.redirect.regex`. |
| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Overrides `traefik.frontend.redirect.replacement`. |
| `traefik.<segment_name>.frontend.redirect.permanent=true` | Return 301 instead of 302. |
| `traefik.<segment_name>.frontend.rule` | Overrides `traefik.frontend.rule`. |
Ability to use "X-Forwarded-For" as a source of IP for white list.
2018-03-23 16:40:04 +00:00
| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE` | Overrides `traefik.frontend.whiteList.sourceRange`. |
| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true` | Overrides `traefik.frontend.whiteList.useXForwardedFor`. |
Refactor doc pages
2017-08-25 19:32:33 +00:00
Split security labels and custom labels documentation.
2018-02-16 15:04:05 +00:00
#### Custom Headers
| Label | Description |
|----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
Segment labels: Docker
2018-03-23 12:30:03 +00:00
| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | Provides the container with custom request headers that will be appended to each request forwarded to the container.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | Appends the headers to each response returned by the container, before forwarding the response to the client.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
Split security labels and custom labels documentation.
2018-02-16 15:04:05 +00:00
Custom headers by service labels for docker backends
2017-12-06 21:26:03 +00:00
#### Security Headers
| Label | Description |
|-------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
Segment labels: Docker
2018-03-23 12:30:03 +00:00
| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR` | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2` |
| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR ` | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2` |
| `traefik.<segment_name>.frontend.headers.SSLRedirect=true` | Forces the frontend to redirect to SSL if a non-SSL request is sent. |
| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true` | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301. |
| `traefik.<segment_name>.frontend.headers.SSLHost=HOST` | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request. |
| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR` | Header combinations that would signify a proper SSL Request (Such as `X-Forwarded-For:https`).<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000` | Sets the max-age of the STS header. |
| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true` | Adds the `IncludeSubdomains` section of the STS header. |
| `traefik.<segment_name>.frontend.headers.STSPreload=true` | Adds the preload flag to the STS header. |
| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false` | Adds the STS header to non-SSL requests. |
| `traefik.<segment_name>.frontend.headers.frameDeny=false` | Adds the `X-Frame-Options` header with the value of `DENY`. |
| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value. |
| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true` | Adds the `X-Content-Type-Options` header with the value `nosniff`. |
| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true` | Adds the X-XSS-Protection header with the value `1; mode=block`. |
| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE` | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option. |
| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE` | Adds CSP Header with the custom value. |
| `traefik.<segment_name>.frontend.headers.publicKey=VALUE` | Adds pinned HTST public key header. |
| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE` | Adds referrer policy header. |
| `traefik.<segment_name>.frontend.headers.isDevelopment=false` | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
Make the traefik.port label optional when using service labels in Docker containers.
2017-10-30 14:10:05 +00:00
!!! note
Segment labels: Docker
2018-03-23 12:30:03 +00:00
If a label is defined both as a `container label` and a `segment label` (for example `traefik.<segment_name>.port=PORT` and `traefik.port=PORT` ), the `segment label` is used to defined the `<segment_name>` property (`port` in the example).
Add a note on how to add label to a docker compose file
2018-01-04 09:34:03 +00:00
Segment labels: Docker
2018-03-23 12:30:03 +00:00
It's possible to mix `container labels` and `segment labels`, in this case `container labels` are used as default value for missing `segment labels` but no frontends are going to be created with the `container labels`.
Add a note on how to add label to a docker compose file
2018-01-04 09:34:03 +00:00
Make the traefik.port label optional when using service labels in Docker containers.
2017-10-30 14:10:05 +00:00
More details in this [example](/user-guide/docker-and-lets-encrypt/#labels).
doc: Material Theme.
2017-08-28 12:33:07 +00:00
!!! warning
Add a note on how to add label to a docker compose file
2018-01-04 09:34:03 +00:00
When running inside a container, Træfik will need network access through:
doc: Material Theme.
2017-08-28 12:33:07 +00:00
Fix whitespaces
2017-09-07 10:02:03 +00:00
`docker network connect <network> <traefik-container>`
Reference in a new issue Copy permalink