2018-05-16 11:48:03 -06:00
# File Provider
2017-08-25 15:32:33 -04:00
2018-01-29 14:36:03 +01:00
Træfik can be configured with a file.
## Reference
```toml
2018-03-15 22:22:03 +01:00
[file]
2018-01-29 14:36:03 +01:00
# Backends
[backends]
[backends.backend1]
[backends.backend1.servers]
[backends.backend1.servers.server0]
url = "http://10.10.10.1:80"
weight = 1
[backends.backend1.servers.server1]
url = "http://10.10.10.2:80"
weight = 2
# ...
[backends.backend1.circuitBreaker]
expression = "NetworkErrorRatio() > 0.5"
[backends.backend1.loadBalancer]
method = "drr"
[backends.backend1.loadBalancer.stickiness]
cookieName = "foobar"
[backends.backend1.maxConn]
amount = 10
extractorfunc = "request.host"
[backends.backend1.healthCheck]
path = "/health"
port = 88
interval = "30s"
2018-05-14 12:08:03 +02:00
scheme = "http"
hostname = "myhost.com"
[backends.backend1.healthcheck.headers]
My-Custom-Header = "foo"
My-Header = "bar"
2018-01-29 14:36:03 +01:00
[backends.backend2]
# ...
# Frontends
[frontends]
[frontends.frontend1]
entryPoints = ["http", "https"]
backend = "backend1"
passHostHeader = true
priority = 42
2018-07-02 11:52:04 +02:00
2018-08-29 11:36:03 +02:00
[frontends.frontend1.passTLSClientCert]
# Pass the escaped pem in a `X-Forwarded-Ssl-Client-Cert` header
pem = true
# Pass the escaped client cert infos selected below in a `X-Forwarded-Ssl-Client-Cert-Infos` header
# The unescaped header is like `Subject="C=%s,ST=%s,L=%s,O=%s,CN=%s",NB=%d,NA=%d,SAN=%s`
# It there is more than one certificates, their are separated by a `;`
[frontends.frontend-server.passTLSClientCert.infos]
notBefore = true
notAfter = true
[frontends.frontend-server.passTLSClientCert.infos.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
2018-07-02 11:52:04 +02:00
[frontends.frontend1.auth]
headerField = "X-WebAuth-User"
[frontends.frontend1.auth.basic]
2018-07-16 13:52:03 +02:00
removeHeader = true
2018-07-02 11:52:04 +02:00
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
usersFile = "/path/to/.htpasswd"
[frontends.frontend1.auth.digest]
2018-07-16 13:52:03 +02:00
removeHeader = true
2018-07-02 11:52:04 +02:00
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
usersFile = "/path/to/.htdigest"
[frontends.frontend1.auth.forward]
address = "https://authserver.com/auth"
trustForwardHeader = true
authResponseHeaders = ["X-Auth-User"]
[frontends.frontend1.auth.forward.tls]
2018-07-03 10:02:03 +02:00
ca = "path/to/local.crt"
2018-07-02 11:52:04 +02:00
caOptional = true
cert = "path/to/foo.cert"
key = "path/to/foo.key"
insecureSkipVerify = true
2018-03-23 17:40:04 +01:00
[frontends.frontend1.whiteList]
sourceRange = ["10.42.0.0/16", "152.89.1.33/32", "afed:be44::/16"]
2018-08-24 16:20:03 +02:00
[frontends.frontend1.whiteList.IPStrategy]
depth = 6
excludedIPs = ["152.89.1.33/32", "afed:be44::/16"]
2018-01-29 14:36:03 +01:00
[frontends.frontend1.routes]
[frontends.frontend1.routes.route0]
rule = "Host:test.localhost"
[frontends.frontend1.routes.Route1]
rule = "Method:GET"
# ...
[frontends.frontend1.headers]
allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"]
SSLRedirect = true
SSLTemporaryRedirect = true
SSLHost = "foobar"
STSSeconds = 42
STSIncludeSubdomains = true
STSPreload = true
forceSTSHeader = true
frameDeny = true
customFrameOptionsValue = "foobar"
contentTypeNosniff = true
browserXSSFilter = true
contentSecurityPolicy = "foobar"
publicKey = "foobar"
referrerPolicy = "foobar"
isDevelopment = true
[frontends.frontend1.headers.customRequestHeaders]
X-Foo-Bar-01 = "foobar"
X-Foo-Bar-02 = "foobar"
# ...
[frontends.frontend1.headers.customResponseHeaders]
X-Foo-Bar-03 = "foobar"
X-Foo-Bar-04 = "foobar"
# ...
[frontends.frontend1.headers.SSLProxyHeaders]
X-Foo-Bar-05 = "foobar"
X-Foo-Bar-06 = "foobar"
# ...
[frontends.frontend1.errors]
[frontends.frontend1.errors.errorPage0]
status = ["500-599"]
backend = "error"
query = "/{status}.html"
[frontends.frontend1.errors.errorPage1]
status = ["404", "403"]
backend = "error"
query = "/{status}.html"
# ...
[frontends.frontend1.ratelimit]
extractorfunc = "client.ip"
[frontends.frontend1.ratelimit.rateset.rateset1]
period = "10s"
average = 100
burst = 200
[frontends.frontend1.ratelimit.rateset.rateset2]
period = "3s"
average = 5
burst = 10
# ...
[frontends.frontend1.redirect]
entryPoint = "https"
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/$1"
2018-01-31 19:10:04 +01:00
permanent = true
2018-01-29 14:36:03 +01:00
[frontends.frontend2]
# ...
# HTTPS certificates
[[tls]]
entryPoints = ["https"]
[tls.certificate]
certFile = "path/to/my.cert"
keyFile = "path/to/my.key"
[[tls]]
# ...
```
2018-04-24 18:58:03 +02:00
## Configuration Mode
2017-09-11 19:10:04 +02:00
2018-04-24 18:58:03 +02:00
You have two choices:
2017-09-11 19:10:04 +02:00
2018-04-24 18:58:03 +02:00
- [Rules in Træfik configuration file ](/configuration/backends/file/#rules-in-trfik-configuration-file )
- [Rules in dedicated files ](/configuration/backends/file/#rules-in-dedicated-files )
2017-08-25 15:32:33 -04:00
2017-12-05 04:30:02 +03:00
To enable the file backend, you must either pass the `--file` option to the Træfik binary or put the `[file]` section (with or without inner settings) in the configuration file.
2017-11-09 12:16:03 +01:00
The configuration file allows managing both backends/frontends and HTTPS certificates (which are not [Let's Encrypt ](https://letsencrypt.org ) certificates generated through Træfik).
2018-04-24 18:58:03 +02:00
TOML templating can be used if rules are not defined in the Træfik configuration file.
### Rules in Træfik Configuration File
2017-08-26 12:12:44 +02:00
Add your configuration at the end of the global configuration file `traefik.toml` :
2017-08-25 15:32:33 -04:00
```toml
defaultEntryPoints = ["http", "https"]
2017-09-05 15:58:03 +02:00
2017-08-25 15:32:33 -04:00
[entryPoints]
[entryPoints.http]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[entryPoints.https]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[file]
# rules
[backends]
[backends.backend1]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[backends.backend2]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[frontends]
[frontends.frontend1]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[frontends.frontend2]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[frontends.frontend3]
2018-01-29 14:36:03 +01:00
# ...
2017-11-09 12:16:03 +01:00
# HTTPS certificate
2018-01-23 16:30:07 +01:00
[[tls]]
2018-01-29 14:36:03 +01:00
# ...
2018-01-23 16:30:07 +01:00
[[tls]]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
```
2017-11-09 12:16:03 +01:00
!!! note
2018-01-24 11:57:06 +01:00
If `tls.entryPoints` is not defined, the certificate is attached to all the `defaultEntryPoints` with a TLS configuration.
2017-12-08 11:02:03 +01:00
!!! note
Adding certificates directly to the entryPoint is still maintained but certificates declared in this way cannot be managed dynamically.
2017-11-09 12:16:03 +01:00
It's recommended to use the file provider to declare certificates.
2018-04-24 18:58:03 +02:00
!!! warning
TOML templating cannot be used if rules are defined in the Træfik configuration file.
### Rules in Dedicated Files
Træfik allows defining rules in one or more separate files.
2017-08-26 12:12:44 +02:00
2018-04-24 18:58:03 +02:00
#### One Separate File
You have to specify the file path in the `file.filename` option.
2017-08-25 15:32:33 -04:00
```toml
# traefik.toml
2018-01-29 14:36:03 +01:00
defaultEntryPoints = ["http", "https"]
2017-08-25 15:32:33 -04:00
[entryPoints]
[entryPoints.http]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[entryPoints.https]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[file]
2018-01-29 14:36:03 +01:00
filename = "rules.toml"
2018-04-24 18:58:03 +02:00
watch = true
2017-08-25 15:32:33 -04:00
```
2018-04-24 18:58:03 +02:00
The option `file.watch` allows Træfik to watch file changes automatically.
#### Multiple Separated Files
You could have multiple `.toml` files in a directory (and recursively in its sub-directories):
```toml
[file]
directory = "/path/to/config/"
watch = true
```
The option `file.watch` allows Træfik to watch file changes automatically.
#### Separate Files Content
If you are defining rules in one or more separate files, you can use two formats.
##### Simple Format
Backends, Frontends and TLS certificates are defined one at time, as described in the file `rules.toml` :
2017-08-25 15:32:33 -04:00
```toml
# rules.toml
[backends]
[backends.backend1]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[backends.backend2]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[frontends]
[frontends.frontend1]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[frontends.frontend2]
2018-01-29 14:36:03 +01:00
# ...
2017-08-25 15:32:33 -04:00
[frontends.frontend3]
2018-01-29 14:36:03 +01:00
# ...
2017-11-09 12:16:03 +01:00
# HTTPS certificate
2018-01-23 16:30:07 +01:00
[[tls]]
2018-01-29 14:36:03 +01:00
# ...
2018-01-23 16:30:07 +01:00
[[tls]]
2018-01-29 14:36:03 +01:00
# ...
```
2017-08-25 15:32:33 -04:00
2018-04-24 18:58:03 +02:00
##### TOML Templating
2017-08-26 12:12:44 +02:00
2018-04-24 18:58:03 +02:00
!!! warning
TOML templating can only be used **if rules are defined in one or more separate files** .
Templating will not work in the Træfik configuration file.
2017-09-07 03:02:03 -07:00
2018-04-24 18:58:03 +02:00
Træfik allows using TOML templating.
2017-08-25 15:32:33 -04:00
2018-04-24 18:58:03 +02:00
Thus, it's possible to define easily lot of Backends, Frontends and TLS certificates as described in the file `template-rules.toml` :
2017-08-25 15:32:33 -04:00
```toml
2018-04-24 18:58:03 +02:00
# template-rules.toml
[backends]
{{ range $i, $e := until 100 }}
[backends.backend{{ $e }}]
#...
{{ end }}
[frontends]
{{ range $i, $e := until 100 }}
[frontends.frontend{{ $e }}]
#...
{{ end }}
# HTTPS certificate
{{ range $i, $e := until 100 }}
[[tls]]
#...
{{ end }}
2017-08-25 15:32:33 -04:00
```