Merge branch v2.0 to master.
This commit is contained in:
commit
11f04a453e
752 changed files with 13542 additions and 265800 deletions
2
.github/ISSUE_TEMPLATE.md
vendored
2
.github/ISSUE_TEMPLATE.md
vendored
|
@ -76,7 +76,7 @@ Add more configuration information here.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
|
||||||
### If applicable, please paste the log output at DEBUG level (`--logLevel=DEBUG` switch)
|
### If applicable, please paste the log output at DEBUG level (`--log.level=DEBUG` switch)
|
||||||
|
|
||||||
```
|
```
|
||||||
(paste your output here)
|
(paste your output here)
|
||||||
|
|
2
.github/ISSUE_TEMPLATE/Bug_report.md
vendored
2
.github/ISSUE_TEMPLATE/Bug_report.md
vendored
|
@ -81,7 +81,7 @@ Add more configuration information here.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
|
|
||||||
### If applicable, please paste the log output in DEBUG level (`--logLevel=DEBUG` switch)
|
### If applicable, please paste the log output in DEBUG level (`--log.level=DEBUG` switch)
|
||||||
|
|
||||||
```
|
```
|
||||||
(paste your output here)
|
(paste your output here)
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
[run]
|
[run]
|
||||||
deadline = "10m"
|
deadline = "10m"
|
||||||
skip-files = [
|
skip-files = []
|
||||||
"^old/.*",
|
|
||||||
]
|
|
||||||
|
|
||||||
[linters-settings]
|
[linters-settings]
|
||||||
|
|
||||||
|
@ -52,12 +50,6 @@
|
||||||
[[issues.exclude-rules]]
|
[[issues.exclude-rules]]
|
||||||
path = ".+_test.go"
|
path = ".+_test.go"
|
||||||
linters = ["goconst"]
|
linters = ["goconst"]
|
||||||
[[issues.exclude-rules]]
|
|
||||||
path = "provider/label/internal/.+_test.go"
|
|
||||||
text = "U1000: field `(foo|fuu)` is unused"
|
|
||||||
[[issues.exclude-rules]]
|
|
||||||
path = "middlewares/recovery/recovery.go"
|
|
||||||
text = "`logger` can be `github.com/containous/traefik/vendor/github.com/stretchr/testify/assert.TestingT`"
|
|
||||||
[[issues.exclude-rules]]
|
[[issues.exclude-rules]]
|
||||||
path = "integration/.+_test.go"
|
path = "integration/.+_test.go"
|
||||||
text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
|
text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
|
||||||
|
@ -68,23 +60,26 @@
|
||||||
path = "integration/grpc_test.go"
|
path = "integration/grpc_test.go"
|
||||||
text = "Error return value of `closer` is not checked"
|
text = "Error return value of `closer` is not checked"
|
||||||
[[issues.exclude-rules]]
|
[[issues.exclude-rules]]
|
||||||
path = "provider/kubernetes/builder_(endpoint|service)_test.go"
|
path = "pkg/h2c/h2c.go"
|
||||||
|
text = "Error return value of `rw.Write` is not checked"
|
||||||
|
[[issues.exclude-rules]]
|
||||||
|
path = "pkg/middlewares/recovery/recovery.go"
|
||||||
|
text = "`logger` can be `github.com/containous/traefik/vendor/github.com/stretchr/testify/assert.TestingT`"
|
||||||
|
[[issues.exclude-rules]]
|
||||||
|
path = "pkg/provider/docker/builder_test.go"
|
||||||
text = "(U1000: func )?`(.+)` is unused"
|
text = "(U1000: func )?`(.+)` is unused"
|
||||||
[[issues.exclude-rules]]
|
[[issues.exclude-rules]]
|
||||||
path = "provider/docker/builder_test.go"
|
path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
|
||||||
text = "(U1000: func )?`(.+)` is unused"
|
text = "(U1000: func )?`(.+)` is unused"
|
||||||
|
[[issues.exclude-rules]]
|
||||||
|
path = "pkg/provider/label/internal/.+_test.go"
|
||||||
|
text = "U1000: field `(foo|fuu)` is unused"
|
||||||
|
[[issues.exclude-rules]]
|
||||||
|
path = "pkg/server/service/bufferpool.go"
|
||||||
|
text = "SA6002: argument should be pointer-like to avoid allocations"
|
||||||
[[issues.exclude-rules]]
|
[[issues.exclude-rules]]
|
||||||
path = "cmd/configuration.go"
|
path = "cmd/configuration.go"
|
||||||
text = "string `traefik` has (\\d) occurrences, make it a constant"
|
text = "string `traefik` has (\\d) occurrences, make it a constant"
|
||||||
[[issues.exclude-rules]]
|
|
||||||
path = "h2c/h2c.go"
|
|
||||||
text = "Error return value of `rw.Write` is not checked"
|
|
||||||
[[issues.exclude-rules]]
|
|
||||||
path = "server/service/bufferpool.go"
|
|
||||||
text = "SA6002: argument should be pointer-like to avoid allocations"
|
|
||||||
[[issues.exclude-rules]] # FIXME must be fixed
|
|
||||||
path = "acme/.+.go"
|
|
||||||
text = "(assignment copies lock value to domainsCerts|literal copies lock value from)"
|
|
||||||
[[issues.exclude-rules]] # FIXME must be fixed
|
[[issues.exclude-rules]] # FIXME must be fixed
|
||||||
path = "cmd/context.go"
|
path = "cmd/context.go"
|
||||||
text = "S1000: should use a simple channel send/receive instead of `select` with a single case"
|
text = "S1000: should use a simple channel send/receive instead of `select` with a single case"
|
||||||
|
|
|
@ -51,5 +51,8 @@ archive:
|
||||||
- LICENSE.md
|
- LICENSE.md
|
||||||
- CHANGELOG.md
|
- CHANGELOG.md
|
||||||
|
|
||||||
|
checksum:
|
||||||
|
name_template: "{{ .ProjectName }}_v{{ .Version }}_checksums.txt"
|
||||||
|
|
||||||
release:
|
release:
|
||||||
disable: true
|
disable: true
|
||||||
|
|
|
@ -28,7 +28,7 @@ before_deploy:
|
||||||
if [ "$TRAVIS_TAG" ]; then
|
if [ "$TRAVIS_TAG" ]; then
|
||||||
make release-packages;
|
make release-packages;
|
||||||
fi;
|
fi;
|
||||||
curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" v1.7.0
|
curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${STRUCTOR_VERSION}
|
||||||
structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/containous/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug;
|
structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/containous/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
61
CHANGELOG.md
61
CHANGELOG.md
|
@ -1,5 +1,41 @@
|
||||||
# Change Log
|
# Change Log
|
||||||
|
|
||||||
|
## [v2.0.0-alpha4](https://github.com/containous/traefik/tree/v2.0.0-alpha4) (2019-04-17)
|
||||||
|
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha3...v2.0.0-alpha4)
|
||||||
|
|
||||||
|
**Enhancements:**
|
||||||
|
- **[logs]** log.loglevel becomes log.level in configuration ([#4775](https://github.com/containous/traefik/pull/4775) by [juliens](https://github.com/juliens))
|
||||||
|
- **[marathon,tcp]** Handle TCP in the marathon provider ([#4728](https://github.com/containous/traefik/pull/4728) by [juliens](https://github.com/juliens))
|
||||||
|
- **[middleware]** Enable CORS configuration ([#3809](https://github.com/containous/traefik/pull/3809) by [dtomcej](https://github.com/dtomcej))
|
||||||
|
- **[rancher]** Add Rancher provider ([#4647](https://github.com/containous/traefik/pull/4647) by [SantoDE](https://github.com/SantoDE))
|
||||||
|
- **[tracing]** Update tracing dependencies ([#4721](https://github.com/containous/traefik/pull/4721) by [ldez](https://github.com/ldez))
|
||||||
|
|
||||||
|
**Bug fixes:**
|
||||||
|
- **[docker]** Insensitive case for allow-empty value. ([#4745](https://github.com/containous/traefik/pull/4745) by [ldez](https://github.com/ldez))
|
||||||
|
- **[middleware]** Fix response modifier initial building ([#4719](https://github.com/containous/traefik/pull/4719) by [mpl](https://github.com/mpl))
|
||||||
|
- **[middleware]** Set X-Forwarded-* headers ([#4707](https://github.com/containous/traefik/pull/4707) by [mpl](https://github.com/mpl))
|
||||||
|
- **[tcp]** Fix EOF error ([#4733](https://github.com/containous/traefik/pull/4733) by [juliens](https://github.com/juliens))
|
||||||
|
|
||||||
|
**Documentation:**
|
||||||
|
- **[acme]** Use the same case every where for entryPoints. ([#4764](https://github.com/containous/traefik/pull/4764) by [ldez](https://github.com/ldez))
|
||||||
|
- **[docker]** Fix two minor nits in Traefik 2.0 docs ([#4692](https://github.com/containous/traefik/pull/4692) by [cfra](https://github.com/cfra))
|
||||||
|
- **[k8s,k8s/crd]** k8s static configuration explanation ([#4767](https://github.com/containous/traefik/pull/4767) by [ldez](https://github.com/ldez))
|
||||||
|
- **[marathon]** Enhance Marathon documentation ([#4776](https://github.com/containous/traefik/pull/4776) by [ldez](https://github.com/ldez))
|
||||||
|
- **[middleware,k8s,k8s/crd]** Fix typo: middleware -> middlewares. ([#4781](https://github.com/containous/traefik/pull/4781) by [ldez](https://github.com/ldez))
|
||||||
|
- **[middleware]** Adds middlewares examples for k8s. ([#4713](https://github.com/containous/traefik/pull/4713) by [ldez](https://github.com/ldez))
|
||||||
|
- **[middleware]** Remove invalid commas. ([#4706](https://github.com/containous/traefik/pull/4706) by [ldez](https://github.com/ldez))
|
||||||
|
- **[middleware]** Fix doc about removing headers ([#4708](https://github.com/containous/traefik/pull/4708) by [mpl](https://github.com/mpl))
|
||||||
|
- **[middleware]** Update the middleware documentation ([#4729](https://github.com/containous/traefik/pull/4729) by [jbdoumenjou](https://github.com/jbdoumenjou))
|
||||||
|
- **[tracing]** Fix typo in tracing docs ([#4737](https://github.com/containous/traefik/pull/4737) by [timoschwarzer](https://github.com/timoschwarzer))
|
||||||
|
- Improve the Documentation with a Reference Section ([#4714](https://github.com/containous/traefik/pull/4714) by [jbdoumenjou](https://github.com/jbdoumenjou))
|
||||||
|
- Adds a note in traefik.sample.toml ([#4757](https://github.com/containous/traefik/pull/4757) by [ldez](https://github.com/ldez))
|
||||||
|
- Update to v2.0 readme links ([#4700](https://github.com/containous/traefik/pull/4700) by [karnthis](https://github.com/karnthis))
|
||||||
|
- Remove dumpcerts.sh ([#4783](https://github.com/containous/traefik/pull/4783) by [ldez](https://github.com/ldez))
|
||||||
|
|
||||||
|
**Misc:**
|
||||||
|
- Cherry pick v1.7 into v2.0 ([#4787](https://github.com/containous/traefik/pull/4787) by [ldez](https://github.com/ldez))
|
||||||
|
- Cherry pick v1.7 into v2.0 ([#4695](https://github.com/containous/traefik/pull/4695) by [jbdoumenjou](https://github.com/jbdoumenjou))
|
||||||
|
|
||||||
## [v2.0.0-alpha3](https://github.com/containous/traefik/tree/v2.0.0-alpha3) (2019-03-29)
|
## [v2.0.0-alpha3](https://github.com/containous/traefik/tree/v2.0.0-alpha3) (2019-03-29)
|
||||||
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha2...v2.0.0-alpha3)
|
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha2...v2.0.0-alpha3)
|
||||||
|
|
||||||
|
@ -129,6 +165,23 @@
|
||||||
- Merge v1.7.0-rc4 into master ([#3867](https://github.com/containous/traefik/pull/3867) by [ldez](https://github.com/ldez))
|
- Merge v1.7.0-rc4 into master ([#3867](https://github.com/containous/traefik/pull/3867) by [ldez](https://github.com/ldez))
|
||||||
- Merge v1.7.0-rc2 into master ([#3634](https://github.com/containous/traefik/pull/3634) by [ldez](https://github.com/ldez))
|
- Merge v1.7.0-rc2 into master ([#3634](https://github.com/containous/traefik/pull/3634) by [ldez](https://github.com/ldez))
|
||||||
|
|
||||||
|
## [v1.7.10](https://github.com/containous/traefik/tree/v1.7.10) (2019-03-28)
|
||||||
|
[All Commits](https://github.com/containous/traefik/compare/v1.7.9...v1.7.10)
|
||||||
|
|
||||||
|
**Bug fixes:**
|
||||||
|
- **[acme]** fix: update lego. ([#4670](https://github.com/containous/traefik/pull/4670) by [ldez](https://github.com/ldez))
|
||||||
|
- **[acme]** Migrate to go-acme/lego. ([#4577](https://github.com/containous/traefik/pull/4577) by [ldez](https://github.com/ldez))
|
||||||
|
- **[authentication,middleware]** Reorder Auth and TLSClientHeaders middleware ([#4557](https://github.com/containous/traefik/pull/4557) by [tomberek](https://github.com/tomberek))
|
||||||
|
- **[k8s/ingress]** Support external name service on global default backend ([#4564](https://github.com/containous/traefik/pull/4564) by [kippandrew](https://github.com/kippandrew))
|
||||||
|
- **[k8s/ingress]** Loop through service ports for global backend ([#4486](https://github.com/containous/traefik/pull/4486) by [dtomcej](https://github.com/dtomcej))
|
||||||
|
- **[k8s]** Add entrypoints prefix in kubernetes frontend/backend id ([#4679](https://github.com/containous/traefik/pull/4679) by [juliens](https://github.com/juliens))
|
||||||
|
- **[websocket]** Exclude websocket connections from Average Response Time ([#4313](https://github.com/containous/traefik/pull/4313) by [siyu6974](https://github.com/siyu6974))
|
||||||
|
- **[middleware]** Added support for configuring trace headers for DataDog tracing ([#4516](https://github.com/containous/traefik/pull/4516) by [aantono](https://github.com/aantono))
|
||||||
|
|
||||||
|
**Documentation:**
|
||||||
|
- **[acme]** Add _FILE Environment Variable Documentation ([#4643](https://github.com/containous/traefik/pull/4643) by [dargmuesli](https://github.com/dargmuesli))
|
||||||
|
- **[docker]** Add TraefikEE as security workaround ([#4606](https://github.com/containous/traefik/pull/4606) by [emilevauge](https://github.com/emilevauge))
|
||||||
|
|
||||||
## [v1.7.9](https://github.com/containous/traefik/tree/v1.7.9) (2019-02-11)
|
## [v1.7.9](https://github.com/containous/traefik/tree/v1.7.9) (2019-02-11)
|
||||||
[All Commits](https://github.com/containous/traefik/compare/v1.7.8...v1.7.9)
|
[All Commits](https://github.com/containous/traefik/compare/v1.7.8...v1.7.9)
|
||||||
|
|
||||||
|
@ -154,7 +207,7 @@
|
||||||
- **[acme]** Updates lego. ([#4376](https://github.com/containous/traefik/pull/4376) by [ldez](https://github.com/ldez))
|
- **[acme]** Updates lego. ([#4376](https://github.com/containous/traefik/pull/4376) by [ldez](https://github.com/ldez))
|
||||||
- **[docker]** Fixes docker swarm mode refresh second for KV. ([#4420](https://github.com/containous/traefik/pull/4420) by [ldez](https://github.com/ldez))
|
- **[docker]** Fixes docker swarm mode refresh second for KV. ([#4420](https://github.com/containous/traefik/pull/4420) by [ldez](https://github.com/ldez))
|
||||||
- **[ecs]** Generic awsvpc support, not just Fargate ([#4360](https://github.com/containous/traefik/pull/4360) by [maartenvanderhoef](https://github.com/maartenvanderhoef))
|
- **[ecs]** Generic awsvpc support, not just Fargate ([#4360](https://github.com/containous/traefik/pull/4360) by [maartenvanderhoef](https://github.com/maartenvanderhoef))
|
||||||
- **[ecs]** Cache exising task definitions to avoid rate limiting ([#4177](https://github.com/containous/traefik/pull/4177) by [hwhelan-CB](https://github.com/hwhelan-CB))
|
- **[ecs]** Cache existing task definitions to avoid rate limiting ([#4177](https://github.com/containous/traefik/pull/4177) by [hwhelan-CB](https://github.com/hwhelan-CB))
|
||||||
- **[tls]** Check for dynamic tls updates on configuration preload ([#4022](https://github.com/containous/traefik/pull/4022) by [ffilippopoulos](https://github.com/ffilippopoulos))
|
- **[tls]** Check for dynamic tls updates on configuration preload ([#4022](https://github.com/containous/traefik/pull/4022) by [ffilippopoulos](https://github.com/ffilippopoulos))
|
||||||
- **[tracing]** Support Datadog tracer priority sampling ([#4359](https://github.com/containous/traefik/pull/4359) by [jcassee](https://github.com/jcassee))
|
- **[tracing]** Support Datadog tracer priority sampling ([#4359](https://github.com/containous/traefik/pull/4359) by [jcassee](https://github.com/jcassee))
|
||||||
- Update to Go 1.11.5 [CVE-2019-6486](https://nvd.nist.gov/vuln/detail/CVE-2019-6486)
|
- Update to Go 1.11.5 [CVE-2019-6486](https://nvd.nist.gov/vuln/detail/CVE-2019-6486)
|
||||||
|
@ -279,7 +332,7 @@
|
||||||
**Bug fixes:**
|
**Bug fixes:**
|
||||||
- **[acme]** DNS challenge Cloudflare auth zone ([#4042](https://github.com/containous/traefik/pull/4042) by [ldez](https://github.com/ldez))
|
- **[acme]** DNS challenge Cloudflare auth zone ([#4042](https://github.com/containous/traefik/pull/4042) by [ldez](https://github.com/ldez))
|
||||||
- **[acme]** ACME DNS challenges ([#3998](https://github.com/containous/traefik/pull/3998) by [ldez](https://github.com/ldez))
|
- **[acme]** ACME DNS challenges ([#3998](https://github.com/containous/traefik/pull/3998) by [ldez](https://github.com/ldez))
|
||||||
- **[acme]** Don't initalize ACME provider if storage is empty ([#3988](https://github.com/containous/traefik/pull/3988) by [nmengin](https://github.com/nmengin))
|
- **[acme]** Don't initialize ACME provider if storage is empty ([#3988](https://github.com/containous/traefik/pull/3988) by [nmengin](https://github.com/nmengin))
|
||||||
- **[acme]** Fix: acme DNS providers ([#4021](https://github.com/containous/traefik/pull/4021) by [ldez](https://github.com/ldez))
|
- **[acme]** Fix: acme DNS providers ([#4021](https://github.com/containous/traefik/pull/4021) by [ldez](https://github.com/ldez))
|
||||||
- **[acme]** Prevent some malformed errors in LE. ([#4015](https://github.com/containous/traefik/pull/4015) by [ldez](https://github.com/ldez))
|
- **[acme]** Prevent some malformed errors in LE. ([#4015](https://github.com/containous/traefik/pull/4015) by [ldez](https://github.com/ldez))
|
||||||
- **[authentication,consulcatalog,docker,ecs,etcd,kv,marathon,mesos,rancher]** Add the AuthResponseHeaders to the labels ([#3973](https://github.com/containous/traefik/pull/3973) by [Crypto89](https://github.com/Crypto89))
|
- **[authentication,consulcatalog,docker,ecs,etcd,kv,marathon,mesos,rancher]** Add the AuthResponseHeaders to the labels ([#3973](https://github.com/containous/traefik/pull/3973) by [Crypto89](https://github.com/Crypto89))
|
||||||
|
@ -354,7 +407,7 @@
|
||||||
- **[healthcheck]** Support all 2xx HTTP status code for health check. ([#3362](https://github.com/containous/traefik/pull/3362) by [ldez](https://github.com/ldez))
|
- **[healthcheck]** Support all 2xx HTTP status code for health check. ([#3362](https://github.com/containous/traefik/pull/3362) by [ldez](https://github.com/ldez))
|
||||||
- **[healthcheck]** Add HTTP headers to healthcheck. ([#3047](https://github.com/containous/traefik/pull/3047) by [zetaab](https://github.com/zetaab))
|
- **[healthcheck]** Add HTTP headers to healthcheck. ([#3047](https://github.com/containous/traefik/pull/3047) by [zetaab](https://github.com/zetaab))
|
||||||
- **[k8s]** Add more k8s tests ([#3491](https://github.com/containous/traefik/pull/3491) by [dtomcej](https://github.com/dtomcej))
|
- **[k8s]** Add more k8s tests ([#3491](https://github.com/containous/traefik/pull/3491) by [dtomcej](https://github.com/dtomcej))
|
||||||
- **[k8s]** Substitude hardcoded "<namespace>/<name>" with k8s ListerGetter ([#3470](https://github.com/containous/traefik/pull/3470) by [yue9944882](https://github.com/yue9944882))
|
- **[k8s]** Substitute hardcoded "<namespace>/<name>" with k8s ListerGetter ([#3470](https://github.com/containous/traefik/pull/3470) by [yue9944882](https://github.com/yue9944882))
|
||||||
- **[k8s]** Custom frontend name for test helper ([#3444](https://github.com/containous/traefik/pull/3444) by [ldez](https://github.com/ldez))
|
- **[k8s]** Custom frontend name for test helper ([#3444](https://github.com/containous/traefik/pull/3444) by [ldez](https://github.com/ldez))
|
||||||
- **[k8s]** Add annotation to allow modifiers to be used properly in kubernetes ([#3481](https://github.com/containous/traefik/pull/3481) by [dtomcej](https://github.com/dtomcej))
|
- **[k8s]** Add annotation to allow modifiers to be used properly in kubernetes ([#3481](https://github.com/containous/traefik/pull/3481) by [dtomcej](https://github.com/dtomcej))
|
||||||
- **[k8s]** Create Global Backend Ingress ([#3404](https://github.com/containous/traefik/pull/3404) by [dtomcej](https://github.com/dtomcej))
|
- **[k8s]** Create Global Backend Ingress ([#3404](https://github.com/containous/traefik/pull/3404) by [dtomcej](https://github.com/dtomcej))
|
||||||
|
@ -651,7 +704,7 @@
|
||||||
- **[healthcheck]** Support all 2xx HTTP status code for health check. ([#3362](https://github.com/containous/traefik/pull/3362) by [ldez](https://github.com/ldez))
|
- **[healthcheck]** Support all 2xx HTTP status code for health check. ([#3362](https://github.com/containous/traefik/pull/3362) by [ldez](https://github.com/ldez))
|
||||||
- **[healthcheck]** Add HTTP headers to healthcheck. ([#3047](https://github.com/containous/traefik/pull/3047) by [zetaab](https://github.com/zetaab))
|
- **[healthcheck]** Add HTTP headers to healthcheck. ([#3047](https://github.com/containous/traefik/pull/3047) by [zetaab](https://github.com/zetaab))
|
||||||
- **[k8s]** Add more k8s tests ([#3491](https://github.com/containous/traefik/pull/3491) by [dtomcej](https://github.com/dtomcej))
|
- **[k8s]** Add more k8s tests ([#3491](https://github.com/containous/traefik/pull/3491) by [dtomcej](https://github.com/dtomcej))
|
||||||
- **[k8s]** Substitude hardcoded "<namespace>/<name>" with k8s ListerGetter ([#3470](https://github.com/containous/traefik/pull/3470) by [yue9944882](https://github.com/yue9944882))
|
- **[k8s]** Substitute hardcoded "<namespace>/<name>" with k8s ListerGetter ([#3470](https://github.com/containous/traefik/pull/3470) by [yue9944882](https://github.com/yue9944882))
|
||||||
- **[k8s]** Custom frontend name for test helper ([#3444](https://github.com/containous/traefik/pull/3444) by [ldez](https://github.com/ldez))
|
- **[k8s]** Custom frontend name for test helper ([#3444](https://github.com/containous/traefik/pull/3444) by [ldez](https://github.com/ldez))
|
||||||
- **[k8s]** Add annotation to allow modifiers to be used properly in kubernetes ([#3481](https://github.com/containous/traefik/pull/3481) by [dtomcej](https://github.com/dtomcej))
|
- **[k8s]** Add annotation to allow modifiers to be used properly in kubernetes ([#3481](https://github.com/containous/traefik/pull/3481) by [dtomcej](https://github.com/dtomcej))
|
||||||
- **[k8s]** Create Global Backend Ingress ([#3404](https://github.com/containous/traefik/pull/3404) by [dtomcej](https://github.com/dtomcej))
|
- **[k8s]** Create Global Backend Ingress ([#3404](https://github.com/containous/traefik/pull/3404) by [dtomcej](https://github.com/dtomcej))
|
||||||
|
|
304
Gopkg.lock
generated
304
Gopkg.lock
generated
|
@ -9,22 +9,6 @@
|
||||||
revision = "056a55f54a6cc77b440b31a56a5e7c3982d32811"
|
revision = "056a55f54a6cc77b440b31a56a5e7c3982d32811"
|
||||||
version = "v0.22.0"
|
version = "v0.22.0"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
branch = "master"
|
|
||||||
digest = "1:24afd6a7be85997c981693ddcc5f7b37fd3ed5cb119901e14737b9635b944cfb"
|
|
||||||
name = "github.com/ArthurHlt/go-eureka-client"
|
|
||||||
packages = ["eureka"]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "9d0a49cbd39aa3634ae1977e9f519a262b10adaf"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
branch = "master"
|
|
||||||
digest = "1:922aa650254d0678003e182aeb75f6b094a0bfc40a87d198859d511cdafcfa8a"
|
|
||||||
name = "github.com/ArthurHlt/gominlog"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "72eebf980f467d3ab3a8b4ddf660f664911ce519"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:59f6c2fd10ad014d2907eaa48a19070d5e7af35624328a4fbbf93b7b1c4a19e8"
|
digest = "1:59f6c2fd10ad014d2907eaa48a19070d5e7af35624328a4fbbf93b7b1c4a19e8"
|
||||||
name = "github.com/Azure/azure-sdk-for-go"
|
name = "github.com/Azure/azure-sdk-for-go"
|
||||||
|
@ -70,17 +54,6 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "a368813c5e648fee92e5f6c30e3944ff9d5e8895"
|
revision = "a368813c5e648fee92e5f6c30e3944ff9d5e8895"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
branch = "master"
|
|
||||||
digest = "1:28e560d27a06cbebacd86531439aafa31c6da990607ca5a085d0005af325697f"
|
|
||||||
name = "github.com/BurntSushi/ty"
|
|
||||||
packages = [
|
|
||||||
".",
|
|
||||||
"fun",
|
|
||||||
]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "6add9cd6ad42d389d6ead1dde60b4ad71e46fd74"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:ab7fee312bbdc8070d0325d841de8704cc78bf032b076200f1458659b74b8ed6"
|
digest = "1:ab7fee312bbdc8070d0325d841de8704cc78bf032b076200f1458659b74b8ed6"
|
||||||
name = "github.com/JamesClonk/vultr"
|
name = "github.com/JamesClonk/vultr"
|
||||||
|
@ -88,6 +61,14 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "2fd0705ce648e602e6c9c57329a174270a4f6688"
|
revision = "2fd0705ce648e602e6c9c57329a174270a4f6688"
|
||||||
|
|
||||||
|
[[projects]]
|
||||||
|
digest = "1:25870183293a3fb61cc9afd060a61d63a486f091db72af01a8ea3449f5ca530d"
|
||||||
|
name = "github.com/Masterminds/goutils"
|
||||||
|
packages = ["."]
|
||||||
|
pruneopts = "NUT"
|
||||||
|
revision = "41ac8693c5c10a92ea1ff5ac3a7f95646f6123b0"
|
||||||
|
version = "v1.1.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:0ce2a409217f52078c6b8642993deb1025940cded6d5054047c1d5c7379f753c"
|
digest = "1:0ce2a409217f52078c6b8642993deb1025940cded6d5054047c1d5c7379f753c"
|
||||||
name = "github.com/Masterminds/semver"
|
name = "github.com/Masterminds/semver"
|
||||||
|
@ -97,11 +78,12 @@
|
||||||
version = "v1.2.2"
|
version = "v1.2.2"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:a49472e7d73071005f436b7da85567220f24bb26fbfccbec45d2cd1359d4c67d"
|
digest = "1:876a1121171c083c4e3a4789683d02a40c0f644c8190da521d15b59799f556d6"
|
||||||
name = "github.com/Masterminds/sprig"
|
name = "github.com/Masterminds/sprig"
|
||||||
packages = ["."]
|
packages = ["."]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "e039e20e500c2c025d9145be375e27cf42a94174"
|
revision = "9f8fceff796fb9f4e992cd2bece016be0121ab74"
|
||||||
|
version = "2.19.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:915c86626dfd65f8105c48b2972d29f34fd77ff16b31157147cb8ebbddeebbe3"
|
digest = "1:915c86626dfd65f8105c48b2972d29f34fd77ff16b31157147cb8ebbddeebbe3"
|
||||||
|
@ -161,15 +143,11 @@
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
digest = "1:d4ad87edcd6f6b6cfd1bfe8da6dd090e00901601c9270aa2928842402a361475"
|
digest = "1:28be1959f81e9a6dec3058768a4c4535cf73fcd6e171d21688ad0a7fdf49d43a"
|
||||||
name = "github.com/abronan/valkeyrie"
|
name = "github.com/abronan/valkeyrie"
|
||||||
packages = [
|
packages = [
|
||||||
".",
|
".",
|
||||||
"store",
|
"store",
|
||||||
"store/boltdb",
|
|
||||||
"store/consul",
|
|
||||||
"store/etcd/v3",
|
|
||||||
"store/zookeeper",
|
|
||||||
]
|
]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "063d875e3c5fd734fa2aa12fac83829f62acfc70"
|
revision = "063d875e3c5fd734fa2aa12fac83829f62acfc70"
|
||||||
|
@ -207,20 +185,12 @@
|
||||||
version = "1.27.7"
|
version = "1.27.7"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:975108e8d4f5dab096fc991326e96a5716ee8d02e5e7386bb4796171afc4ab9a"
|
digest = "1:b39cf81d5f440b9c0757a25058432d33af867e5201109bf53621356d9dab4b73"
|
||||||
name = "github.com/aokoli/goutils"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "3391d3790d23d03408670993e957e8f408993c34"
|
|
||||||
version = "v1.0.1"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:9752dad5e89cd779096bf2477a4ded16bea7ac62de453c8d6b4bf841d51a8512"
|
|
||||||
name = "github.com/apache/thrift"
|
name = "github.com/apache/thrift"
|
||||||
packages = ["lib/go/thrift"]
|
packages = ["lib/go/thrift"]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "b2a4d4ae21c789b689dd162deb819665567f481c"
|
revision = "384647d290e2e4a55a14b1b7ef1b7e66293a2c33"
|
||||||
version = "0.10.0"
|
version = "v0.12.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
|
@ -231,7 +201,7 @@
|
||||||
revision = "48572f11356f1843b694f21a290d4f1006bc5e47"
|
revision = "48572f11356f1843b694f21a290d4f1006bc5e47"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:bfb036834a43e76abd318f0db39b0bbec6f7865680c1e443475c0297250a89ed"
|
digest = "1:9991a3fc14d9de52a55cdb5a5f1f237140684eab050251ecfaaafa239a8ab5c9"
|
||||||
name = "github.com/aws/aws-sdk-go"
|
name = "github.com/aws/aws-sdk-go"
|
||||||
packages = [
|
packages = [
|
||||||
"aws",
|
"aws",
|
||||||
|
@ -254,7 +224,6 @@
|
||||||
"internal/sdkrand",
|
"internal/sdkrand",
|
||||||
"internal/shareddefaults",
|
"internal/shareddefaults",
|
||||||
"private/protocol",
|
"private/protocol",
|
||||||
"private/protocol/ec2query",
|
|
||||||
"private/protocol/json/jsonutil",
|
"private/protocol/json/jsonutil",
|
||||||
"private/protocol/jsonrpc",
|
"private/protocol/jsonrpc",
|
||||||
"private/protocol/query",
|
"private/protocol/query",
|
||||||
|
@ -262,11 +231,6 @@
|
||||||
"private/protocol/rest",
|
"private/protocol/rest",
|
||||||
"private/protocol/restxml",
|
"private/protocol/restxml",
|
||||||
"private/protocol/xml/xmlutil",
|
"private/protocol/xml/xmlutil",
|
||||||
"service/dynamodb",
|
|
||||||
"service/dynamodb/dynamodbattribute",
|
|
||||||
"service/dynamodb/dynamodbiface",
|
|
||||||
"service/ec2",
|
|
||||||
"service/ecs",
|
|
||||||
"service/lightsail",
|
"service/lightsail",
|
||||||
"service/route53",
|
"service/route53",
|
||||||
"service/sts",
|
"service/sts",
|
||||||
|
@ -350,29 +314,6 @@
|
||||||
revision = "7a9987c3a6d46be84e141a5c3191347ec10af17d"
|
revision = "7a9987c3a6d46be84e141a5c3191347ec10af17d"
|
||||||
version = "v3.1.2"
|
version = "v3.1.2"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:4e9c9d51ef5c98f2a71d6fa56a22f0bb8a4463656f9591ba24ebff2c21bcbd1f"
|
|
||||||
name = "github.com/coreos/bbolt"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "32c383e75ce054674c53b5a07e55de85332aee14"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:f07fcc19d52f5d9f559573c6b625142bc4b018fd275029c020d06d2bad6f6c8c"
|
|
||||||
name = "github.com/coreos/etcd"
|
|
||||||
packages = [
|
|
||||||
"auth/authpb",
|
|
||||||
"clientv3",
|
|
||||||
"clientv3/concurrency",
|
|
||||||
"etcdserver/api/v3rpc/rpctypes",
|
|
||||||
"etcdserver/etcdserverpb",
|
|
||||||
"mvcc/mvccpb",
|
|
||||||
"pkg/types",
|
|
||||||
]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "70c8726202dd91e482fb4029fd14af1d4ed1d5af"
|
|
||||||
version = "v3.3.5"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:fa91847d50d3f656fc2d2d608b9749b97d77528e8988ad8001f957640545e91e"
|
digest = "1:fa91847d50d3f656fc2d2d608b9749b97d77528e8988ad8001f957640545e91e"
|
||||||
name = "github.com/coreos/go-systemd"
|
name = "github.com/coreos/go-systemd"
|
||||||
|
@ -543,15 +484,6 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1"
|
revision = "9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
branch = "master"
|
|
||||||
digest = "1:2de676f0b5c5d051ae4343503760069de753c995a3cb3b01544a4924c65a93aa"
|
|
||||||
name = "github.com/docker/leadership"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "a2e096d9fe0af5b4c37dd37aea719bc9c2e5eec6"
|
|
||||||
source = "github.com/containous/leadership"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
digest = "1:9b26bdc6b9952f728f61f510a48875c38974591c69b0afa77dcfe466c6162e9e"
|
digest = "1:9b26bdc6b9952f728f61f510a48875c38974591c69b0afa77dcfe466c6162e9e"
|
||||||
|
@ -635,13 +567,6 @@
|
||||||
revision = "0a91ac8209d6a805f259ff881d0c2654221d0346"
|
revision = "0a91ac8209d6a805f259ff881d0c2654221d0346"
|
||||||
version = "v0.14.3"
|
version = "v0.14.3"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:b0d5e98ac0f0a509eb320f542e748582d637aae09e74538212e9712d1e71064b"
|
|
||||||
name = "github.com/fatih/color"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "62e9147c64a1ed519147b62a56a14e83e2be02c1"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:aa3ed0a71c4e66e4ae6486bf97a3f4cab28edc78df2e50c5ad01dc7d91604b88"
|
digest = "1:aa3ed0a71c4e66e4ae6486bf97a3f4cab28edc78df2e50c5ad01dc7d91604b88"
|
||||||
name = "github.com/fatih/structs"
|
name = "github.com/fatih/structs"
|
||||||
|
@ -673,8 +598,7 @@
|
||||||
revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee"
|
revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
digest = "1:a04af13190b67ff69cf8fcd79ee133a24c4a7a900cacbc296261dd43f3fbde5c"
|
||||||
digest = "1:7dcfb91047873eb70b3a20ed5c400c4d05d9c1e73c9dac0e71ec0d44589d208a"
|
|
||||||
name = "github.com/go-acme/lego"
|
name = "github.com/go-acme/lego"
|
||||||
packages = [
|
packages = [
|
||||||
"acme",
|
"acme",
|
||||||
|
@ -712,6 +636,7 @@
|
||||||
"providers/dns/dnsmadeeasy",
|
"providers/dns/dnsmadeeasy",
|
||||||
"providers/dns/dnsmadeeasy/internal",
|
"providers/dns/dnsmadeeasy/internal",
|
||||||
"providers/dns/dnspod",
|
"providers/dns/dnspod",
|
||||||
|
"providers/dns/dode",
|
||||||
"providers/dns/dreamhost",
|
"providers/dns/dreamhost",
|
||||||
"providers/dns/duckdns",
|
"providers/dns/duckdns",
|
||||||
"providers/dns/dyn",
|
"providers/dns/dyn",
|
||||||
|
@ -758,7 +683,8 @@
|
||||||
"registration",
|
"registration",
|
||||||
]
|
]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "0c87df143e630a1c50b4c36c8fbdda6cd993ebba"
|
revision = "aaecc1ca7254190b71c5f01f57ee3bb6701bc937"
|
||||||
|
version = "v2.4.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "fork-containous"
|
branch = "fork-containous"
|
||||||
|
@ -821,12 +747,10 @@
|
||||||
version = "v1.5.4"
|
version = "v1.5.4"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:b518b9be1fc76244e246afe09113e3dd6246073b444787d30883877b82a0b90d"
|
digest = "1:6689652ec1f6e30455551da19c707f2bfac75e4df5c7bbe3f0ad7b49b9aa2cfc"
|
||||||
name = "github.com/gogo/protobuf"
|
name = "github.com/gogo/protobuf"
|
||||||
packages = [
|
packages = [
|
||||||
"gogoproto",
|
|
||||||
"proto",
|
"proto",
|
||||||
"protoc-gen-gogo/descriptor",
|
|
||||||
"sortkeys",
|
"sortkeys",
|
||||||
]
|
]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
|
@ -971,29 +895,6 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "2bcd89a1743fd4b373f7370ce8ddc14dfbd18229"
|
revision = "2bcd89a1743fd4b373f7370ce8ddc14dfbd18229"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:c3f14b698c0f5c5729896489f4b526f519d1d2522e697d63f532901d0e183dff"
|
|
||||||
name = "github.com/hashicorp/consul"
|
|
||||||
packages = ["api"]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "9a494b5fb9c86180a5702e29c485df1507a47198"
|
|
||||||
version = "v1.0.6"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:7b699584752575e81e3f4e8b00cfb3e5d6fa5419d5d212ef925e02c798847464"
|
|
||||||
name = "github.com/hashicorp/go-cleanhttp"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "3573b8b52aa7b37b9358d966a898feb387f62437"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
branch = "master"
|
|
||||||
digest = "1:cdb5ce76cd7af19e3d2d5ba9b6458a2ee804f0d376711215dd3df5f51100d423"
|
|
||||||
name = "github.com/hashicorp/go-rootcerts"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "6bb64b370b90e7ef1fa532be9e591a81c3493e00"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:f7b3db9cb74d13f6a7cf84b3801e68585745eacaf7d40cc10ecc4734c30503d3"
|
digest = "1:f7b3db9cb74d13f6a7cf84b3801e68585745eacaf7d40cc10ecc4734c30503d3"
|
||||||
name = "github.com/hashicorp/go-version"
|
name = "github.com/hashicorp/go-version"
|
||||||
|
@ -1013,18 +914,12 @@
|
||||||
revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3"
|
revision = "0fb14efe8c47ae851c0034ed7a448854d3d34cf3"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:c6552ffc71f7586a9ea624c6b2bdab87a47d9bd52889e3baf5fbf200425a85e2"
|
digest = "1:dc54242755f5b6721dd880843de6e45fe234838ea9149ec8249951880fd5802f"
|
||||||
name = "github.com/hashicorp/serf"
|
|
||||||
packages = ["coordinate"]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "19f2c401e122352c047a84d6584dd51e2fb8fcc4"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:45e66b20393507035c6a7d15bef5ffe8faf5b083621c1284d9824cc052776de5"
|
|
||||||
name = "github.com/huandu/xstrings"
|
name = "github.com/huandu/xstrings"
|
||||||
packages = ["."]
|
packages = ["."]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "3959339b333561bf62a38b424fd41517c2c90f40"
|
revision = "f02667b379e2fb5916c3cda2cf31e0eb885d79f8"
|
||||||
|
version = "v1.2.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
|
@ -1192,20 +1087,6 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "c1c17f74874f2a5ea48bfb06b5459d4ef2689749"
|
revision = "c1c17f74874f2a5ea48bfb06b5459d4ef2689749"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:4953945f4fdc12cb7aa0263710534fb64b35a85e4047570fdf1cb03284055f0d"
|
|
||||||
name = "github.com/mattn/go-colorable"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "5411d3eea5978e6cdc258b30de592b60df6aba96"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:89e4861dccb76fd84b7de2d88791cc8d23e125805397db27195b4dd83c459713"
|
|
||||||
name = "github.com/mattn/go-isatty"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "57fdcb988a5c543893cc61bce354a6e24ab70022"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
digest = "1:5985ef4caf91ece5d54817c11ea25f182697534f8ae6521eadcd628c142ac4b6"
|
digest = "1:5985ef4caf91ece5d54817c11ea25f182697534f8ae6521eadcd628c142ac4b6"
|
||||||
|
@ -1214,37 +1095,6 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "c12348ce28de40eed0136aa2b644d0ee0650e56c"
|
revision = "c12348ce28de40eed0136aa2b644d0ee0650e56c"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:337c4007f8ecd8092927c3f9d3c7e391a9e7222aa579dd07a6008379d92d61f6"
|
|
||||||
name = "github.com/mesos/mesos-go"
|
|
||||||
packages = [
|
|
||||||
"detector",
|
|
||||||
"detector/zoo",
|
|
||||||
"mesosproto",
|
|
||||||
"mesosutil",
|
|
||||||
"upid",
|
|
||||||
]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "068d5470506e3780189fe607af40892814197c5e"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
branch = "master"
|
|
||||||
digest = "1:940a93ac88a908ef0908939181ab048c4172ba7babd32d896ac8b1ef5c1f9036"
|
|
||||||
name = "github.com/mesosphere/mesos-dns"
|
|
||||||
packages = [
|
|
||||||
"detect",
|
|
||||||
"errorutil",
|
|
||||||
"logging",
|
|
||||||
"models",
|
|
||||||
"records",
|
|
||||||
"records/labels",
|
|
||||||
"records/state",
|
|
||||||
"util",
|
|
||||||
]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "b47dc4c19f215e98da687b15b4c64e70f629bea5"
|
|
||||||
source = "https://github.com/containous/mesos-dns.git"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:b83995756f9b1a24c518d40052d80f524f0a9024ee0479d8a8e91ec2548074d1"
|
digest = "1:b83995756f9b1a24c518d40052d80f524f0a9024ee0479d8a8e91ec2548074d1"
|
||||||
name = "github.com/miekg/dns"
|
name = "github.com/miekg/dns"
|
||||||
|
@ -1395,7 +1245,7 @@
|
||||||
version = "v1.0.0"
|
version = "v1.0.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:7da29c22bcc5c2ffb308324377dc00b5084650348c2799e573ed226d8cc9faf0"
|
digest = "1:6846140b3f116579680eefdc17145f2bcf064b68deb9febf86b4419a454049af"
|
||||||
name = "github.com/opentracing/opentracing-go"
|
name = "github.com/opentracing/opentracing-go"
|
||||||
packages = [
|
packages = [
|
||||||
".",
|
".",
|
||||||
|
@ -1403,12 +1253,12 @@
|
||||||
"log",
|
"log",
|
||||||
]
|
]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "1949ddbfd147afd4d964a9f00b24eb291e0e7c38"
|
revision = "659c90643e714681897ec2521c60567dd21da733"
|
||||||
version = "v1.0.2"
|
version = "v1.1.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:07c44a0ce6012eafd2f05b715d30852d576aeda7798b8760a2ff51b1e90eb753"
|
digest = "1:0f4793617dc898d3ee99fe1abab076d3976a9d17d14f8327af2dc3f1ec0fd92c"
|
||||||
name = "github.com/openzipkin/zipkin-go-opentracing"
|
name = "github.com/openzipkin-contrib/zipkin-go-opentracing"
|
||||||
packages = [
|
packages = [
|
||||||
".",
|
".",
|
||||||
"flag",
|
"flag",
|
||||||
|
@ -1418,7 +1268,8 @@
|
||||||
"wire",
|
"wire",
|
||||||
]
|
]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "1f5c07e90700ae93ddcba0c7af7d9c7201646ccc"
|
revision = "f0f479ad013a498e4cbfb369414e5d3880903779"
|
||||||
|
version = "v0.3.5"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:b52f6b7059f06a11ab6ab039714dda0d93878d9227f84c84ca9b6f046bfb5fef"
|
digest = "1:b52f6b7059f06a11ab6ab039714dda0d93878d9227f84c84ca9b6f046bfb5fef"
|
||||||
|
@ -1540,20 +1391,13 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "a1dba9ce8baed984a2495b658c82687f8157b98f"
|
revision = "a1dba9ce8baed984a2495b658c82687f8157b98f"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:f140e414b284a500b812b26bda8b9a5110aa110f0473ec97e79f3245000c730a"
|
|
||||||
name = "github.com/rancher/go-rancher"
|
|
||||||
packages = ["v2"]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "52e2f489534007ae843065468c5a1920d542afa4"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "containous-fork"
|
branch = "containous-fork"
|
||||||
digest = "1:4e63da6276e18c5e12eadef1ec3cabd437698bef5e60ffdce7a75b492cd1c14e"
|
digest = "1:f103263e55945772fcb058736a03dfc2796c6a14b99b1684b8e88327c0fa0f75"
|
||||||
name = "github.com/rancher/go-rancher-metadata"
|
name = "github.com/rancher/go-rancher-metadata"
|
||||||
packages = ["metadata"]
|
packages = ["metadata"]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "e937e8308985dfd3bc157cc8a284454f0cbf4fef"
|
revision = "c6a65f8b7a28edc424e85732df4cd1c215843a99"
|
||||||
source = "github.com/containous/go-rancher-metadata"
|
source = "github.com/containous/go-rancher-metadata"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
|
@ -1584,13 +1428,6 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "306ea89b6ef19334614f7b0fc5aa19595022bb8c"
|
revision = "306ea89b6ef19334614f7b0fc5aa19595022bb8c"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:142520cf3c9bb85449dd0000f820b8c604531587ee654793c54909be7dabadac"
|
|
||||||
name = "github.com/samuel/go-zookeeper"
|
|
||||||
packages = ["zk"]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "1d7be4effb13d2d908342d349d71a284a7542693"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:6bc0652ea6e39e22ccd522458b8bdd8665bf23bdc5a20eec90056e4dc7e273ca"
|
digest = "1:6bc0652ea6e39e22ccd522458b8bdd8665bf23bdc5a20eec90056e4dc7e273ca"
|
||||||
name = "github.com/satori/go.uuid"
|
name = "github.com/satori/go.uuid"
|
||||||
|
@ -1600,12 +1437,12 @@
|
||||||
version = "v1.2.0"
|
version = "v1.2.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:01252cd79aac70f16cac02a72a1067dd136e0ad6d5b597d0129cf74c739fd8d1"
|
digest = "1:bb9033d47c116ea3b981ff159bdef73df8351b0b9700da2066339b97211b1bf0"
|
||||||
name = "github.com/sirupsen/logrus"
|
name = "github.com/sirupsen/logrus"
|
||||||
packages = ["."]
|
packages = ["."]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "a67f783a3814b8729bd2dac5780b5f78f8dbd64d"
|
revision = "dae0fa8d5b0c810a8ab733fbd5510c7cae84eca4"
|
||||||
version = "v1.1.0"
|
version = "v1.4.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:9d8420bbf131d1618bde6530af37c3799340d3762cc47210c1d9532a4c3a2779"
|
digest = "1:9d8420bbf131d1618bde6530af37c3799340d3762cc47210c1d9532a4c3a2779"
|
||||||
|
@ -1644,11 +1481,11 @@
|
||||||
revision = "c4434f09ec131ecf30f986d5dcb1636508bfa49a"
|
revision = "c4434f09ec131ecf30f986d5dcb1636508bfa49a"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:c269070c7f286c941392076d6c42a4a7a062356f7083a48bd202397e877a965e"
|
digest = "1:84b9a5318d8ce3b8a9b1509bf15734f4f9dcd4decf9d9e9c7346a16c7b64d49e"
|
||||||
name = "github.com/thoas/stats"
|
name = "github.com/thoas/stats"
|
||||||
packages = ["."]
|
packages = ["."]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "152b5d051953fdb6e45f14b6826962aadc032324"
|
revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
|
@ -1682,14 +1519,7 @@
|
||||||
revision = "1dc93a7db3567a5ccf865106afac88278ba940cf"
|
revision = "1dc93a7db3567a5ccf865106afac88278ba940cf"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:9b2996458a2f7d1f3e0ebf08152acfe8c1106f3fe855d08121c5ee7d801a063f"
|
digest = "1:dc5b63bdf6fd3b22c970e06ad4fb686f6d08104f50f414644d5ac5e267a7934a"
|
||||||
name = "github.com/tv42/zbase32"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "03389da7e0bf9844767f82690f4d68fc097a1306"
|
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:7d3a890e525da3b7014d26dd1d4a0e4d31a479995007cd11989ad31db132e66c"
|
|
||||||
name = "github.com/uber/jaeger-client-go"
|
name = "github.com/uber/jaeger-client-go"
|
||||||
packages = [
|
packages = [
|
||||||
".",
|
".",
|
||||||
|
@ -1712,16 +1542,18 @@
|
||||||
"zipkin",
|
"zipkin",
|
||||||
]
|
]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "1a782e2da844727691fef1757c72eb190c2909f0"
|
revision = "2f47546e3facd43297739439600bcf43f44cce5d"
|
||||||
version = "v2.15.0"
|
source = "github.com/jaegertracing/jaeger-client-go"
|
||||||
|
version = "v2.16.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:0f09db8429e19d57c8346ad76fbbc679341fa86073d3b8fb5ac919f0357d8f4c"
|
digest = "1:c9d69a04f7fa171f50360bbcc32196b4de8ab8837ef772f6302d0140a1e3e7f6"
|
||||||
name = "github.com/uber/jaeger-lib"
|
name = "github.com/uber/jaeger-lib"
|
||||||
packages = ["metrics"]
|
packages = ["metrics"]
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "ed3a127ec5fef7ae9ea95b01b542c47fbd999ce5"
|
revision = "0e30338a695636fe5bcf7301e8030ce8dd2a8530"
|
||||||
version = "v1.5.0"
|
source = "github.com/jaegertracing/jaeger-lib"
|
||||||
|
version = "v2.0.0"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:fb6d90081ae53fdb35d0fffa7d82a555df936bbc6db9a93126795655b2317604"
|
digest = "1:fb6d90081ae53fdb35d0fffa7d82a555df936bbc6db9a93126795655b2317604"
|
||||||
|
@ -1738,13 +1570,6 @@
|
||||||
pruneopts = "NUT"
|
pruneopts = "NUT"
|
||||||
revision = "a1cf62cc2159fff407728f118c41aece76c397fa"
|
revision = "a1cf62cc2159fff407728f118c41aece76c397fa"
|
||||||
|
|
||||||
[[projects]]
|
|
||||||
digest = "1:e84e99d5f369afaa9a5c41f55b57fa03047ecd3bac2a65861607882693ceea81"
|
|
||||||
name = "github.com/urfave/negroni"
|
|
||||||
packages = ["."]
|
|
||||||
pruneopts = "NUT"
|
|
||||||
revision = "490e6a555d47ca891a89a150d0c1ef3922dfffe9"
|
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:a68c3f55d44d225da4f22ffbed2d8572d267cb19aaa1d60537769034ac66bc01"
|
digest = "1:a68c3f55d44d225da4f22ffbed2d8572d267cb19aaa1d60537769034ac66bc01"
|
||||||
name = "github.com/vdemeester/shakers"
|
name = "github.com/vdemeester/shakers"
|
||||||
|
@ -1956,7 +1781,7 @@
|
||||||
revision = "09f6ed296fc66555a25fe4ce95173148778dfa85"
|
revision = "09f6ed296fc66555a25fe4ce95173148778dfa85"
|
||||||
|
|
||||||
[[projects]]
|
[[projects]]
|
||||||
digest = "1:a893d24a604ae6f45f2d6e00ae9e817476e110e2dd5455152b35bb720ca2f626"
|
digest = "1:a840929a3a2d91282dc853cbd5f586069c14ae373247fb7d4cb4fa02b285326e"
|
||||||
name = "google.golang.org/grpc"
|
name = "google.golang.org/grpc"
|
||||||
packages = [
|
packages = [
|
||||||
".",
|
".",
|
||||||
|
@ -1971,7 +1796,6 @@
|
||||||
"encoding/proto",
|
"encoding/proto",
|
||||||
"grpclb/grpc_lb_v1/messages",
|
"grpclb/grpc_lb_v1/messages",
|
||||||
"grpclog",
|
"grpclog",
|
||||||
"health/grpc_health_v1",
|
|
||||||
"internal",
|
"internal",
|
||||||
"keepalive",
|
"keepalive",
|
||||||
"metadata",
|
"metadata",
|
||||||
|
@ -2348,29 +2172,12 @@
|
||||||
analyzer-name = "dep"
|
analyzer-name = "dep"
|
||||||
analyzer-version = 1
|
analyzer-version = 1
|
||||||
input-imports = [
|
input-imports = [
|
||||||
"github.com/ArthurHlt/go-eureka-client/eureka",
|
|
||||||
"github.com/BurntSushi/toml",
|
"github.com/BurntSushi/toml",
|
||||||
"github.com/BurntSushi/ty/fun",
|
|
||||||
"github.com/Masterminds/sprig",
|
"github.com/Masterminds/sprig",
|
||||||
"github.com/NYTimes/gziphandler",
|
"github.com/NYTimes/gziphandler",
|
||||||
"github.com/abbot/go-http-auth",
|
"github.com/abbot/go-http-auth",
|
||||||
"github.com/abronan/valkeyrie",
|
|
||||||
"github.com/abronan/valkeyrie/store",
|
"github.com/abronan/valkeyrie/store",
|
||||||
"github.com/abronan/valkeyrie/store/boltdb",
|
|
||||||
"github.com/abronan/valkeyrie/store/consul",
|
|
||||||
"github.com/abronan/valkeyrie/store/etcd/v3",
|
|
||||||
"github.com/abronan/valkeyrie/store/zookeeper",
|
|
||||||
"github.com/armon/go-proxyproto",
|
"github.com/armon/go-proxyproto",
|
||||||
"github.com/aws/aws-sdk-go/aws",
|
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials",
|
|
||||||
"github.com/aws/aws-sdk-go/aws/defaults",
|
|
||||||
"github.com/aws/aws-sdk-go/aws/ec2metadata",
|
|
||||||
"github.com/aws/aws-sdk-go/aws/session",
|
|
||||||
"github.com/aws/aws-sdk-go/service/dynamodb",
|
|
||||||
"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute",
|
|
||||||
"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbiface",
|
|
||||||
"github.com/aws/aws-sdk-go/service/ec2",
|
|
||||||
"github.com/aws/aws-sdk-go/service/ecs",
|
|
||||||
"github.com/cenkalti/backoff",
|
"github.com/cenkalti/backoff",
|
||||||
"github.com/containous/alice",
|
"github.com/containous/alice",
|
||||||
"github.com/containous/flaeg",
|
"github.com/containous/flaeg",
|
||||||
|
@ -2390,7 +2197,6 @@
|
||||||
"github.com/docker/docker/pkg/namesgenerator",
|
"github.com/docker/docker/pkg/namesgenerator",
|
||||||
"github.com/docker/go-connections/nat",
|
"github.com/docker/go-connections/nat",
|
||||||
"github.com/docker/go-connections/sockets",
|
"github.com/docker/go-connections/sockets",
|
||||||
"github.com/docker/leadership",
|
|
||||||
"github.com/eapache/channels",
|
"github.com/eapache/channels",
|
||||||
"github.com/elazarl/go-bindata-assetfs",
|
"github.com/elazarl/go-bindata-assetfs",
|
||||||
"github.com/gambol99/go-marathon",
|
"github.com/gambol99/go-marathon",
|
||||||
|
@ -2414,40 +2220,27 @@
|
||||||
"github.com/golang/protobuf/proto",
|
"github.com/golang/protobuf/proto",
|
||||||
"github.com/google/go-github/github",
|
"github.com/google/go-github/github",
|
||||||
"github.com/gorilla/websocket",
|
"github.com/gorilla/websocket",
|
||||||
"github.com/hashicorp/consul/api",
|
|
||||||
"github.com/hashicorp/go-version",
|
"github.com/hashicorp/go-version",
|
||||||
"github.com/influxdata/influxdb/client/v2",
|
"github.com/influxdata/influxdb/client/v2",
|
||||||
"github.com/instana/go-sensor",
|
"github.com/instana/go-sensor",
|
||||||
"github.com/libkermit/compose/check",
|
"github.com/libkermit/compose/check",
|
||||||
"github.com/libkermit/docker",
|
"github.com/libkermit/docker",
|
||||||
"github.com/libkermit/docker-check",
|
"github.com/libkermit/docker-check",
|
||||||
"github.com/mesos/mesos-go/detector",
|
|
||||||
"github.com/mesos/mesos-go/detector/zoo",
|
|
||||||
"github.com/mesos/mesos-go/upid",
|
|
||||||
"github.com/mesosphere/mesos-dns/detect",
|
|
||||||
"github.com/mesosphere/mesos-dns/logging",
|
|
||||||
"github.com/mesosphere/mesos-dns/records",
|
|
||||||
"github.com/mesosphere/mesos-dns/records/state",
|
|
||||||
"github.com/mesosphere/mesos-dns/util",
|
|
||||||
"github.com/miekg/dns",
|
"github.com/miekg/dns",
|
||||||
"github.com/mitchellh/copystructure",
|
"github.com/mitchellh/copystructure",
|
||||||
"github.com/mitchellh/hashstructure",
|
"github.com/mitchellh/hashstructure",
|
||||||
"github.com/mitchellh/mapstructure",
|
|
||||||
"github.com/mvdan/xurls",
|
"github.com/mvdan/xurls",
|
||||||
"github.com/ogier/pflag",
|
"github.com/ogier/pflag",
|
||||||
"github.com/opentracing/opentracing-go",
|
"github.com/opentracing/opentracing-go",
|
||||||
"github.com/opentracing/opentracing-go/ext",
|
"github.com/opentracing/opentracing-go/ext",
|
||||||
"github.com/opentracing/opentracing-go/log",
|
"github.com/opentracing/opentracing-go/log",
|
||||||
"github.com/openzipkin/zipkin-go-opentracing",
|
"github.com/openzipkin-contrib/zipkin-go-opentracing",
|
||||||
"github.com/patrickmn/go-cache",
|
"github.com/patrickmn/go-cache",
|
||||||
"github.com/pkg/errors",
|
|
||||||
"github.com/prometheus/client_golang/prometheus",
|
"github.com/prometheus/client_golang/prometheus",
|
||||||
"github.com/prometheus/client_golang/prometheus/promhttp",
|
"github.com/prometheus/client_golang/prometheus/promhttp",
|
||||||
"github.com/prometheus/client_model/go",
|
"github.com/prometheus/client_model/go",
|
||||||
"github.com/rancher/go-rancher-metadata/metadata",
|
"github.com/rancher/go-rancher-metadata/metadata",
|
||||||
"github.com/rancher/go-rancher/v2",
|
|
||||||
"github.com/ryanuber/go-glob",
|
"github.com/ryanuber/go-glob",
|
||||||
"github.com/satori/go.uuid",
|
|
||||||
"github.com/sirupsen/logrus",
|
"github.com/sirupsen/logrus",
|
||||||
"github.com/stretchr/testify/assert",
|
"github.com/stretchr/testify/assert",
|
||||||
"github.com/stretchr/testify/mock",
|
"github.com/stretchr/testify/mock",
|
||||||
|
@ -2460,7 +2253,6 @@
|
||||||
"github.com/uber/jaeger-lib/metrics",
|
"github.com/uber/jaeger-lib/metrics",
|
||||||
"github.com/unrolled/render",
|
"github.com/unrolled/render",
|
||||||
"github.com/unrolled/secure",
|
"github.com/unrolled/secure",
|
||||||
"github.com/urfave/negroni",
|
|
||||||
"github.com/vdemeester/shakers",
|
"github.com/vdemeester/shakers",
|
||||||
"github.com/vulcand/oxy/buffer",
|
"github.com/vulcand/oxy/buffer",
|
||||||
"github.com/vulcand/oxy/cbreaker",
|
"github.com/vulcand/oxy/cbreaker",
|
||||||
|
|
59
Gopkg.toml
59
Gopkg.toml
|
@ -36,17 +36,17 @@ required = [
|
||||||
non-go = false
|
non-go = false
|
||||||
unused-packages = false
|
unused-packages = false
|
||||||
|
|
||||||
[[constraint]]
|
#[[constraint]]
|
||||||
branch = "master"
|
# branch = "master"
|
||||||
name = "github.com/ArthurHlt/go-eureka-client"
|
# name = "github.com/ArthurHlt/go-eureka-client"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
name = "github.com/BurntSushi/toml"
|
name = "github.com/BurntSushi/toml"
|
||||||
|
|
||||||
[[constraint]]
|
#[[constraint]]
|
||||||
branch = "master"
|
# branch = "master"
|
||||||
name = "github.com/BurntSushi/ty"
|
# name = "github.com/BurntSushi/ty"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
|
@ -61,9 +61,9 @@ required = [
|
||||||
branch = "master"
|
branch = "master"
|
||||||
name = "github.com/armon/go-proxyproto"
|
name = "github.com/armon/go-proxyproto"
|
||||||
|
|
||||||
[[constraint]]
|
#[[constraint]]
|
||||||
name = "github.com/aws/aws-sdk-go"
|
# name = "github.com/aws/aws-sdk-go"
|
||||||
version = "1.13.11"
|
# version = "1.13.11"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/cenkalti/backoff"
|
name = "github.com/cenkalti/backoff"
|
||||||
|
@ -85,18 +85,19 @@ required = [
|
||||||
name = "github.com/containous/staert"
|
name = "github.com/containous/staert"
|
||||||
version = "3.1.2"
|
version = "3.1.2"
|
||||||
|
|
||||||
#[[constraint]]
|
[[constraint]]
|
||||||
# name = "github.com/containous/traefik-extra-service-fabric"
|
name = "github.com/thoas/stats"
|
||||||
# version = "1.3.0"
|
# related to https://github.com/thoas/stats/pull/32
|
||||||
|
revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/coreos/go-systemd"
|
name = "github.com/coreos/go-systemd"
|
||||||
version = "14.0.0"
|
version = "14.0.0"
|
||||||
|
|
||||||
[[constraint]]
|
#[[constraint]]
|
||||||
branch = "master"
|
# branch = "master"
|
||||||
name = "github.com/docker/leadership"
|
# name = "github.com/docker/leadership"
|
||||||
source = "github.com/containous/leadership"
|
# source = "github.com/containous/leadership"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/eapache/channels"
|
name = "github.com/eapache/channels"
|
||||||
|
@ -124,9 +125,9 @@ required = [
|
||||||
branch = "master"
|
branch = "master"
|
||||||
name = "github.com/gorilla/websocket"
|
name = "github.com/gorilla/websocket"
|
||||||
|
|
||||||
[[constraint]]
|
#[[constraint]]
|
||||||
name = "github.com/hashicorp/consul"
|
# name = "github.com/hashicorp/consul"
|
||||||
version = "1.0.6"
|
# version = "1.0.6"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/influxdata/influxdb"
|
name = "github.com/influxdata/influxdb"
|
||||||
|
@ -140,9 +141,9 @@ required = [
|
||||||
branch = "master"
|
branch = "master"
|
||||||
name = "github.com/abronan/valkeyrie"
|
name = "github.com/abronan/valkeyrie"
|
||||||
|
|
||||||
[[constraint]]
|
#[[constraint]]
|
||||||
name = "github.com/mesosphere/mesos-dns"
|
# name = "github.com/mesosphere/mesos-dns"
|
||||||
source = "https://github.com/containous/mesos-dns.git"
|
# source = "https://github.com/containous/mesos-dns.git"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/opentracing/opentracing-go"
|
name = "github.com/opentracing/opentracing-go"
|
||||||
|
@ -158,8 +159,8 @@ required = [
|
||||||
name = "github.com/ryanuber/go-glob"
|
name = "github.com/ryanuber/go-glob"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/satori/go.uuid"
|
name = "github.com/Masterminds/sprig"
|
||||||
version = "1.1.0"
|
version = "2.19.0"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
branch = "master"
|
branch = "master"
|
||||||
|
@ -171,11 +172,13 @@ required = [
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/uber/jaeger-client-go"
|
name = "github.com/uber/jaeger-client-go"
|
||||||
version = "2.15.0"
|
source = "github.com/jaegertracing/jaeger-client-go"
|
||||||
|
version = "2.16.0"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "github.com/uber/jaeger-lib"
|
name = "github.com/uber/jaeger-lib"
|
||||||
version = "1.3.0"
|
source = "github.com/jaegertracing/jaeger-lib"
|
||||||
|
version = "2.0.0"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
branch = "v1"
|
branch = "v1"
|
||||||
|
@ -190,9 +193,9 @@ required = [
|
||||||
name = "github.com/vulcand/oxy"
|
name = "github.com/vulcand/oxy"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
branch = "master"
|
# branch = "master"
|
||||||
name = "github.com/go-acme/lego"
|
name = "github.com/go-acme/lego"
|
||||||
# version = "2.4.0"
|
version = "2.4.0"
|
||||||
|
|
||||||
[[constraint]]
|
[[constraint]]
|
||||||
name = "google.golang.org/grpc"
|
name = "google.golang.org/grpc"
|
||||||
|
|
6
Makefile
6
Makefile
|
@ -93,7 +93,11 @@ test-integration: $(PRE_TARGET)
|
||||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh generate binary test-integration
|
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh generate binary test-integration
|
||||||
TEST_HOST=1 ./script/make.sh test-integration
|
TEST_HOST=1 ./script/make.sh test-integration
|
||||||
|
|
||||||
## Validate code, vendor
|
## Validate code and docs
|
||||||
|
validate-files: $(PRE_TARGET)
|
||||||
|
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
|
||||||
|
|
||||||
|
## Validate code, docs, and vendor
|
||||||
validate: $(PRE_TARGET)
|
validate: $(PRE_TARGET)
|
||||||
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
|
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
|
||||||
|
|
||||||
|
|
|
@ -98,6 +98,8 @@ You can access the simple HTML frontend of Traefik.
|
||||||
You can find the complete documentation at [https://docs.traefik.io](https://docs.traefik.io).
|
You can find the complete documentation at [https://docs.traefik.io](https://docs.traefik.io).
|
||||||
A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
|
A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
|
||||||
|
|
||||||
|
:warning: If you're testing out v2, please ensure you are using the [v2 documentation](https://docs.traefik.io/v2.0/).
|
||||||
|
|
||||||
## Support
|
## Support
|
||||||
|
|
||||||
To get community support, you can:
|
To get community support, you can:
|
||||||
|
@ -128,6 +130,8 @@ git clone https://github.com/containous/traefik
|
||||||
|
|
||||||
## Introductory Videos
|
## Introductory Videos
|
||||||
|
|
||||||
|
:warning: Please be aware that these videos are for v1.X. The old configurations for Traefik v1.X are NOT compatible with Traefik v2. If you're testing out v2, please ensure you are using a [v2 configuration](https://docs.traefik.io/v2.0/).
|
||||||
|
|
||||||
Here is a talk given by [Emile Vauge](https://github.com/emilevauge) at GopherCon 2017.
|
Here is a talk given by [Emile Vauge](https://github.com/emilevauge) at GopherCon 2017.
|
||||||
You will learn Traefik basics in less than 10 minutes.
|
You will learn Traefik basics in less than 10 minutes.
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
FROM golang:1.12-alpine
|
FROM golang:1.12-alpine
|
||||||
|
|
||||||
RUN apk --update upgrade \
|
RUN apk --update upgrade \
|
||||||
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar \
|
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
|
||||||
&& rm -rf /var/cache/apk/*
|
&& update-ca-certificates \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
# Download golangci-lint and misspell binary to bin folder in $GOPATH
|
# Download golangci-lint and misspell binary to bin folder in $GOPATH
|
||||||
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.15.0 \
|
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.15.0 \
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
"github.com/containous/traefik/pkg/provider/file"
|
"github.com/containous/traefik/pkg/provider/file"
|
||||||
"github.com/containous/traefik/pkg/provider/kubernetes/ingress"
|
"github.com/containous/traefik/pkg/provider/kubernetes/ingress"
|
||||||
"github.com/containous/traefik/pkg/provider/marathon"
|
"github.com/containous/traefik/pkg/provider/marathon"
|
||||||
|
"github.com/containous/traefik/pkg/provider/rancher"
|
||||||
"github.com/containous/traefik/pkg/provider/rest"
|
"github.com/containous/traefik/pkg/provider/rest"
|
||||||
"github.com/containous/traefik/pkg/tracing/datadog"
|
"github.com/containous/traefik/pkg/tracing/datadog"
|
||||||
"github.com/containous/traefik/pkg/tracing/instana"
|
"github.com/containous/traefik/pkg/tracing/instana"
|
||||||
|
@ -172,12 +173,22 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
|
||||||
// default Kubernetes
|
// default Kubernetes
|
||||||
var defaultKubernetes ingress.Provider
|
var defaultKubernetes ingress.Provider
|
||||||
|
|
||||||
|
// default Rancher
|
||||||
|
var defaultRancher rancher.Provider
|
||||||
|
defaultRancher.Watch = true
|
||||||
|
defaultRancher.ExposedByDefault = true
|
||||||
|
defaultRancher.EnableServiceHealthFilter = true
|
||||||
|
defaultRancher.RefreshSeconds = 15
|
||||||
|
defaultRancher.DefaultRule = rancher.DefaultTemplateRule
|
||||||
|
defaultRancher.Prefix = "latest"
|
||||||
|
|
||||||
defaultProviders := static.Providers{
|
defaultProviders := static.Providers{
|
||||||
File: &defaultFile,
|
File: &defaultFile,
|
||||||
Docker: &defaultDocker,
|
Docker: &defaultDocker,
|
||||||
Rest: &defaultRest,
|
Rest: &defaultRest,
|
||||||
Marathon: &defaultMarathon,
|
Marathon: &defaultMarathon,
|
||||||
Kubernetes: &defaultKubernetes,
|
Kubernetes: &defaultKubernetes,
|
||||||
|
Rancher: &defaultRancher,
|
||||||
}
|
}
|
||||||
|
|
||||||
return &TraefikConfiguration{
|
return &TraefikConfiguration{
|
||||||
|
|
|
@ -94,7 +94,7 @@ func main() {
|
||||||
// traefik Command init
|
// traefik Command init
|
||||||
traefikCmd := &flaeg.Command{
|
traefikCmd := &flaeg.Command{
|
||||||
Name: "traefik",
|
Name: "traefik",
|
||||||
Description: `traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
|
Description: `Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
|
||||||
Complete documentation is available at https://traefik.io`,
|
Complete documentation is available at https://traefik.io`,
|
||||||
Config: traefikConfiguration,
|
Config: traefikConfiguration,
|
||||||
DefaultPointersConfig: traefikPointersConfiguration,
|
DefaultPointersConfig: traefikPointersConfiguration,
|
||||||
|
@ -317,7 +317,7 @@ func configureLogging(staticConfiguration *static.Configuration) {
|
||||||
// otherwise.
|
// otherwise.
|
||||||
var levelStr string
|
var levelStr string
|
||||||
if staticConfiguration.Log != nil {
|
if staticConfiguration.Log != nil {
|
||||||
levelStr = strings.ToLower(staticConfiguration.Log.LogLevel)
|
levelStr = strings.ToLower(staticConfiguration.Log.Level)
|
||||||
}
|
}
|
||||||
if levelStr == "" {
|
if levelStr == "" {
|
||||||
levelStr = "error"
|
levelStr = "error"
|
||||||
|
|
|
@ -1,171 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
# Copyright (c) 2017 Brian 'redbeard' Harrington <redbeard@dead-city.org>
|
|
||||||
#
|
|
||||||
# dumpcerts.sh - A simple utility to explode a Traefik acme.json file into a
|
|
||||||
# directory of certificates and a private key
|
|
||||||
#
|
|
||||||
# Usage - dumpcerts.sh /etc/traefik/acme.json /etc/ssl/
|
|
||||||
#
|
|
||||||
# Dependencies -
|
|
||||||
# util-linux
|
|
||||||
# openssl
|
|
||||||
# jq
|
|
||||||
# The MIT License (MIT)
|
|
||||||
#
|
|
||||||
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
||||||
# of this software and associated documentation files (the "Software"), to deal
|
|
||||||
# in the Software without restriction, including without limitation the rights
|
|
||||||
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
||||||
# copies of the Software, and to permit persons to whom the Software is
|
|
||||||
# furnished to do so, subject to the following conditions:
|
|
||||||
#
|
|
||||||
# The above copyright notice and this permission notice shall be included in
|
|
||||||
# all copies or substantial portions of the Software.
|
|
||||||
#
|
|
||||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
||||||
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
||||||
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
||||||
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
||||||
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
||||||
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
||||||
# THE SOFTWARE.
|
|
||||||
|
|
||||||
# Exit codes:
|
|
||||||
# 1 - A component is missing or could not be read
|
|
||||||
# 2 - There was a problem reading acme.json
|
|
||||||
# 4 - The destination certificate directory does not exist
|
|
||||||
# 8 - Missing private key
|
|
||||||
|
|
||||||
set -o errexit
|
|
||||||
set -o pipefail
|
|
||||||
set -o nounset
|
|
||||||
|
|
||||||
USAGE="$(basename "$0") <path to acme> <destination cert directory>"
|
|
||||||
|
|
||||||
# Platform variations
|
|
||||||
case "$(uname)" in
|
|
||||||
'Linux')
|
|
||||||
# On Linux, -d should always work. --decode does not work with Alpine's busybox-binary
|
|
||||||
CMD_DECODE_BASE64="base64 -d"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# Max OS-X supports --decode and -D, but --decode may be supported by other platforms as well.
|
|
||||||
CMD_DECODE_BASE64="base64 --decode"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Allow us to exit on a missing jq binary
|
|
||||||
exit_jq() {
|
|
||||||
echo "
|
|
||||||
You must have the binary 'jq' to use this.
|
|
||||||
jq is available at: https://stedolan.github.io/jq/download/
|
|
||||||
|
|
||||||
${USAGE}" >&2
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
bad_acme() {
|
|
||||||
echo "
|
|
||||||
There was a problem parsing your acme.json file.
|
|
||||||
|
|
||||||
${USAGE}" >&2
|
|
||||||
exit 2
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ $# -ne 2 ]; then
|
|
||||||
echo "
|
|
||||||
Insufficient number of parameters.
|
|
||||||
|
|
||||||
${USAGE}" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
readonly acmefile="${1}"
|
|
||||||
readonly certdir="${2%/}"
|
|
||||||
|
|
||||||
if [ ! -r "${acmefile}" ]; then
|
|
||||||
echo "
|
|
||||||
There was a problem reading from '${acmefile}'
|
|
||||||
We need to read this file to explode the JSON bundle... exiting.
|
|
||||||
|
|
||||||
${USAGE}" >&2
|
|
||||||
exit 2
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if [ ! -d "${certdir}" ]; then
|
|
||||||
echo "
|
|
||||||
Path ${certdir} does not seem to be a directory
|
|
||||||
We need a directory in which to explode the JSON bundle... exiting.
|
|
||||||
|
|
||||||
${USAGE}" >&2
|
|
||||||
exit 4
|
|
||||||
fi
|
|
||||||
|
|
||||||
jq=$(command -v jq) || exit_jq
|
|
||||||
|
|
||||||
priv=$(${jq} -e -r '.Account.PrivateKey' "${acmefile}") || bad_acme
|
|
||||||
|
|
||||||
if [ ! -n "${priv}" ]; then
|
|
||||||
echo "
|
|
||||||
There didn't seem to be a private key in ${acmefile}.
|
|
||||||
Please ensure that there is a key in this file and try again." >&2
|
|
||||||
exit 8
|
|
||||||
fi
|
|
||||||
|
|
||||||
# If they do not exist, create the needed subdirectories for our assets
|
|
||||||
# and place each in a variable for later use, normalizing the path
|
|
||||||
mkdir -p "${certdir}"/{certs,private}
|
|
||||||
|
|
||||||
pdir="${certdir}/private/"
|
|
||||||
cdir="${certdir}/certs/"
|
|
||||||
|
|
||||||
# Save the existing umask, change the default mode to 600, then
|
|
||||||
# after writing the private key switch it back to the default
|
|
||||||
oldumask=$(umask)
|
|
||||||
umask 177
|
|
||||||
trap 'umask ${oldumask}' EXIT
|
|
||||||
|
|
||||||
# traefik stores the private key in stripped base64 format but the certificates
|
|
||||||
# bundled as a base64 object without stripping headers. This normalizes the
|
|
||||||
# headers and formatting.
|
|
||||||
#
|
|
||||||
# In testing this out it was a balance between the following mechanisms:
|
|
||||||
# gawk:
|
|
||||||
# echo ${priv} | awk 'BEGIN {print "-----BEGIN RSA PRIVATE KEY-----"}
|
|
||||||
# {gsub(/.{64}/,"&\n")}1
|
|
||||||
# END {print "-----END RSA PRIVATE KEY-----"}' > "${pdir}/letsencrypt.key"
|
|
||||||
#
|
|
||||||
# openssl:
|
|
||||||
# echo -e "-----BEGIN RSA PRIVATE KEY-----\n${priv}\n-----END RSA PRIVATE KEY-----" \
|
|
||||||
# | openssl rsa -inform pem -out "${pdir}/letsencrypt.key"
|
|
||||||
#
|
|
||||||
# and sed:
|
|
||||||
# echo "-----BEGIN RSA PRIVATE KEY-----" > "${pdir}/letsencrypt.key"
|
|
||||||
# echo ${priv} | sed -E 's/(.{64})/\1\n/g' >> "${pdir}/letsencrypt.key"
|
|
||||||
# sed -i '$ d' "${pdir}/letsencrypt.key"
|
|
||||||
# echo "-----END RSA PRIVATE KEY-----" >> "${pdir}/letsencrypt.key"
|
|
||||||
# openssl rsa -noout -in "${pdir}/letsencrypt.key" -check # To check if the key is valid
|
|
||||||
|
|
||||||
# In the end, openssl was chosen because most users will need this script
|
|
||||||
# *because* of openssl combined with the fact that it will refuse to write the
|
|
||||||
# key if it does not parse out correctly. The other mechanisms were left as
|
|
||||||
# comments so that the user can choose the mechanism most appropriate to them.
|
|
||||||
echo -e "-----BEGIN RSA PRIVATE KEY-----\n${priv}\n-----END RSA PRIVATE KEY-----" \
|
|
||||||
| openssl rsa -inform pem -out "${pdir}/letsencrypt.key"
|
|
||||||
|
|
||||||
# Process the certificates for each of the domains in acme.json
|
|
||||||
domains=$(jq -r '.Certificates[].Domain.Main' ${acmefile}) || bad_acme
|
|
||||||
for domain in $domains; do
|
|
||||||
# Traefik stores a cert bundle for each domain. Within this cert
|
|
||||||
# bundle there is both proper the certificate and the Let's Encrypt CA
|
|
||||||
echo "Extracting cert bundle for ${domain}"
|
|
||||||
cert=$(jq -e -r --arg domain "$domain" '.Certificates[] |
|
|
||||||
select (.Domain.Main == $domain )| .Certificate' ${acmefile}) || bad_acme
|
|
||||||
echo "${cert}" | ${CMD_DECODE_BASE64} > "${cdir}/${domain}.crt"
|
|
||||||
|
|
||||||
echo "Extracting private key for ${domain}"
|
|
||||||
key=$(jq -e -r --arg domain "$domain" '.Certificates[] |
|
|
||||||
select (.Domain.Main == $domain )| .Key' ${acmefile}) || bad_acme
|
|
||||||
echo "${key}" | ${CMD_DECODE_BASE64} > "${pdir}/${domain}.key"
|
|
||||||
done
|
|
|
@ -5,5 +5,6 @@
|
||||||
"MD013": false,
|
"MD013": false,
|
||||||
"MD026": false,
|
"MD026": false,
|
||||||
"MD033": false,
|
"MD033": false,
|
||||||
"MD034": false
|
"MD034": false,
|
||||||
|
"MD036": false
|
||||||
}
|
}
|
||||||
|
|
BIN
docs/content/assets/img/providers/rancher.png
Normal file
BIN
docs/content/assets/img/providers/rancher.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.2 KiB |
|
@ -58,7 +58,7 @@ PRE_TARGET= make test-unit
|
||||||
|
|
||||||
### Method 2: Using `go`
|
### Method 2: Using `go`
|
||||||
|
|
||||||
You need `go` v1.9+.
|
You need `go` v1.12+.
|
||||||
|
|
||||||
!!! tip "Source Directory"
|
!!! tip "Source Directory"
|
||||||
|
|
||||||
|
|
|
@ -50,8 +50,8 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
|
||||||
??? example "Original configuration"
|
??? example "Original configuration"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
@ -80,8 +80,8 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
|
||||||
??? example "Resulting Obfuscated Configuration"
|
??? example "Resulting Obfuscated Configuration"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -5,7 +5,8 @@ Everything You Need to Know
|
||||||
|
|
||||||
## Edge Router
|
## Edge Router
|
||||||
|
|
||||||
Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request: it knows all the logic and every rule that determine which services handle which requests (based on the [path](../../routing/routers/#rule), the [host](../../routing/routers/#rule), [headers](../../routing/routers/#rule), [and so on](../../routing/routers/#rule) ...).
|
Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
|
||||||
|
it knows all the logic and every rule that determine which services handle which requests (based on the [path](../routing/routers/index.md#rule), the [host](../routing/routers/index.md#rule), [headers](../routing/routers/index.md#rule), [and so on](../routing/routers/index.md#rule) ...).
|
||||||
|
|
||||||
![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png)
|
![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png)
|
||||||
|
|
||||||
|
@ -18,7 +19,7 @@ Deploying your services, you attach information that tell Traefik the characteri
|
||||||
![Decentralized Configuration](../assets/img/traefik-concepts-2.png)
|
![Decentralized Configuration](../assets/img/traefik-concepts-2.png)
|
||||||
|
|
||||||
It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
|
It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
|
||||||
The opposite is true: when you remove a service from your infrastructure, the route will disapear accordingly.
|
The opposite is true: when you remove a service from your infrastructure, the route will disappear accordingly.
|
||||||
|
|
||||||
You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules.
|
You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules.
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ This configuration can change and is seamlessly hot-reloaded, without any reques
|
||||||
|
|
||||||
## The Dynamic Configuration
|
## The Dynamic Configuration
|
||||||
|
|
||||||
Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): wether an orchestrator, a service registry, or a plain old configuration file. Since this configuration is specific to your infrastructure choices, we invite you to refer to the [dedicated section of this documentation](../providers/overview.md).
|
Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file. Since this configuration is specific to your infrastructure choices, we invite you to refer to the [dedicated section of this documentation](../providers/overview.md).
|
||||||
|
|
||||||
!!! Note
|
!!! Note
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,8 @@ Where Every Technical Word finds its Definition`
|
||||||
- [ ] Routers
|
- [ ] Routers
|
||||||
- [ ] Middleware
|
- [ ] Middleware
|
||||||
- [ ] Service
|
- [ ] Service
|
||||||
- [ ] Static Configuration
|
- [ ] [Static configuration](getting-started/configuration-overview.md#the-static-configuration)
|
||||||
- [ ] Dynamic Configuration
|
- [ ] [Dynamic configuration](getting-started/configuration-overview.md#the-dynamic-configuration)
|
||||||
- [ ] ACME
|
- [ ] ACME
|
||||||
- [ ] TraefikEE
|
- [ ] TraefikEE
|
||||||
- [ ] Tracing
|
- [ ] Tracing
|
||||||
|
|
|
@ -13,11 +13,11 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
|
||||||
??? example "Enabling ACME"
|
??? example "Enabling ACME"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.http-tls]
|
[entryPoints.http-tls]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
|
|
||||||
[acme] # every router with TLS enabled will now be able to use ACME for its certificates
|
[acme] # every router with TLS enabled will now be able to use ACME for its certificates
|
||||||
|
@ -31,11 +31,11 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
|
||||||
??? example "Configuring Wildcard Certificates"
|
??? example "Configuring Wildcard Certificates"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.http-tls]
|
[entryPoints.http-tls]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
|
|
||||||
[acme]
|
[acme]
|
||||||
|
@ -49,9 +49,13 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
|
||||||
sans = ["mydomain.com"]
|
sans = ["mydomain.com"]
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! note "Configuration Reference"
|
??? note "Configuration Reference"
|
||||||
|
|
||||||
There are many available options for ACME. For a quick glance at what's possible, browse the [configuration reference](../reference/acme.md).
|
There are many available options for ACME. For a quick glance at what's possible, browse the configuration reference:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
--8<-- "content/https-tls/ref-acme.toml"
|
||||||
|
```
|
||||||
|
|
||||||
## The Different ACME Challenges
|
## The Different ACME Challenges
|
||||||
|
|
||||||
|
@ -112,6 +116,9 @@ Here is a list of supported `providers`, that can automate the DNS verification,
|
||||||
along with the required environment variables and their [wildcard & root domain support](#wildcard-domains).
|
along with the required environment variables and their [wildcard & root domain support](#wildcard-domains).
|
||||||
Do not hesitate to complete it.
|
Do not hesitate to complete it.
|
||||||
|
|
||||||
|
Every lego environment variable can be overridden by their respective `_FILE` counterpart, which should have a filepath to a file that contains the secret as its value.
|
||||||
|
For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used to provide a Cloudflare API email address as a Docker secret named `traefik_cf-api-email`.
|
||||||
|
|
||||||
| Provider Name | Provider Code | Environment Variables | Wildcard & Root Domain Support |
|
| Provider Name | Provider Code | Environment Variables | Wildcard & Root Domain Support |
|
||||||
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|
|
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|
|
||||||
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | Not tested yet |
|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | Not tested yet |
|
||||||
|
@ -127,6 +134,7 @@ Do not hesitate to complete it.
|
||||||
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | YES |
|
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | YES |
|
||||||
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | Not tested yet |
|
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | Not tested yet |
|
||||||
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | Not tested yet |
|
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | Not tested yet |
|
||||||
|
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | YES |
|
||||||
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | YES |
|
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | YES |
|
||||||
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | YES |
|
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | YES |
|
||||||
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | Not tested yet |
|
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | Not tested yet |
|
||||||
|
@ -138,7 +146,7 @@ Do not hesitate to complete it.
|
||||||
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | Not tested yet |
|
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | Not tested yet |
|
||||||
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | Not tested yet |
|
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | Not tested yet |
|
||||||
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | YES |
|
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | YES |
|
||||||
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | Not tested yet |
|
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | YES |
|
||||||
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | YES |
|
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | YES |
|
||||||
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | Not tested yet |
|
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | Not tested yet |
|
||||||
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | YES |
|
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | YES |
|
||||||
|
@ -209,9 +217,6 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
|
||||||
!!! note "Double Wildcard Certificates"
|
!!! note "Double Wildcard Certificates"
|
||||||
It is not possible to request a double wildcard certificate for a domain (for example `*.*.local.com`).
|
It is not possible to request a double wildcard certificate for a domain (for example `*.*.local.com`).
|
||||||
|
|
||||||
Due to an ACME limitation it is not possible to define wildcards in SANs (alternative domains).
|
|
||||||
Thus, the wildcard domain has to be defined as a main domain.
|
|
||||||
|
|
||||||
Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed.
|
Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed.
|
||||||
In this case the generated DNS TXT record for both domains is the same.
|
In this case the generated DNS TXT record for both domains is the same.
|
||||||
Even though this behavior is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant,
|
Even though this behavior is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant,
|
||||||
|
@ -322,7 +327,7 @@ storage = "traefik/acme/account"
|
||||||
Because key-value stores have limited entry size, the certificates list is compressed _before_ it is saved.
|
Because key-value stores have limited entry size, the certificates list is compressed _before_ it is saved.
|
||||||
For example, it is possible to store up to _approximately_ 100 ACME certificates in Consul.
|
For example, it is possible to store up to _approximately_ 100 ACME certificates in Consul.
|
||||||
|
|
||||||
## Fallbacks
|
## Fallback
|
||||||
|
|
||||||
If Let's Encrypt is not reachable, the following certificates will apply:
|
If Let's Encrypt is not reachable, the following certificates will apply:
|
||||||
|
|
||||||
|
|
150
docs/content/https-tls/ref-acme.toml
Normal file
150
docs/content/https-tls/ref-acme.toml
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
# Enable ACME (Let's Encrypt): automatic SSL.
|
||||||
|
[acme]
|
||||||
|
|
||||||
|
# Email address used for registration.
|
||||||
|
#
|
||||||
|
# Required
|
||||||
|
#
|
||||||
|
email = "test@traefik.io"
|
||||||
|
|
||||||
|
# File used for certificates storage.
|
||||||
|
#
|
||||||
|
# Optional (Deprecated)
|
||||||
|
#
|
||||||
|
#storageFile = "acme.json"
|
||||||
|
|
||||||
|
# File or key used for certificates storage.
|
||||||
|
#
|
||||||
|
# Required
|
||||||
|
#
|
||||||
|
storage = "acme.json"
|
||||||
|
# or `storage = "traefik/acme/account"` if using KV store.
|
||||||
|
|
||||||
|
# Deprecated, replaced by [acme.dnsChallenge].
|
||||||
|
#
|
||||||
|
# Optional.
|
||||||
|
#
|
||||||
|
# dnsProvider = "digitalocean"
|
||||||
|
|
||||||
|
# Deprecated, replaced by [acme.dnsChallenge.delayBeforeCheck].
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: 0
|
||||||
|
#
|
||||||
|
# delayDontCheckDNS = 0
|
||||||
|
|
||||||
|
# If true, display debug log messages from the acme client library.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: false
|
||||||
|
#
|
||||||
|
# acmeLogging = true
|
||||||
|
|
||||||
|
# If true, override certificates in key-value store when using storeconfig.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: false
|
||||||
|
#
|
||||||
|
# overrideCertificates = true
|
||||||
|
|
||||||
|
# Deprecated. Enable on demand certificate generation.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: false
|
||||||
|
#
|
||||||
|
# onDemand = true
|
||||||
|
|
||||||
|
# Enable certificate generation on frontends host rules.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: false
|
||||||
|
#
|
||||||
|
# onHostRule = true
|
||||||
|
|
||||||
|
# CA server to use.
|
||||||
|
# Uncomment the line to use Let's Encrypt's staging server,
|
||||||
|
# leave commented to go to prod.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
|
#
|
||||||
|
# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
|
|
||||||
|
# KeyType to use.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: "RSA4096"
|
||||||
|
#
|
||||||
|
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
|
||||||
|
#
|
||||||
|
# KeyType = "RSA4096"
|
||||||
|
|
||||||
|
# Use a TLS-ALPN-01 ACME challenge.
|
||||||
|
#
|
||||||
|
# Optional (but recommended)
|
||||||
|
#
|
||||||
|
[acme.tlsChallenge]
|
||||||
|
|
||||||
|
# Use a HTTP-01 ACME challenge.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# [acme.httpChallenge]
|
||||||
|
|
||||||
|
# EntryPoint to use for the HTTP-01 challenges.
|
||||||
|
#
|
||||||
|
# Required
|
||||||
|
#
|
||||||
|
# entryPoint = "http"
|
||||||
|
|
||||||
|
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
|
||||||
|
# Note: mandatory for wildcard certificate generation.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
# [acme.dnsChallenge]
|
||||||
|
|
||||||
|
# DNS provider used.
|
||||||
|
#
|
||||||
|
# Required
|
||||||
|
#
|
||||||
|
# provider = "digitalocean"
|
||||||
|
|
||||||
|
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
|
||||||
|
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
|
||||||
|
# Useful if internal networks block external DNS queries.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: 0
|
||||||
|
#
|
||||||
|
# delayBeforeCheck = 0
|
||||||
|
|
||||||
|
# Use following DNS servers to resolve the FQDN authority.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: empty
|
||||||
|
#
|
||||||
|
# resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
|
||||||
|
|
||||||
|
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
|
||||||
|
#
|
||||||
|
# NOT RECOMMENDED:
|
||||||
|
# Increase the risk of reaching Let's Encrypt's rate limits.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
# Default: false
|
||||||
|
#
|
||||||
|
# disablePropagationCheck = true
|
||||||
|
|
||||||
|
# Domains list.
|
||||||
|
# Only domains defined here can generate wildcard certificates.
|
||||||
|
# The certificates for these domains are negotiated at traefik startup only.
|
||||||
|
#
|
||||||
|
# [[acme.domains]]
|
||||||
|
# main = "local1.com"
|
||||||
|
# sans = ["test1.local1.com", "test2.local1.com"]
|
||||||
|
# [[acme.domains]]
|
||||||
|
# main = "local2.com"
|
||||||
|
# [[acme.domains]]
|
||||||
|
# main = "*.local3.com"
|
||||||
|
# sans = ["local3.com", "test1.test1.local3.com"]
|
|
@ -12,17 +12,30 @@ The AddPrefix middleware updates the URL Path of the request before forwarding i
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Prefixing with /foo
|
# Prefixing with /foo
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.add-bar.addprefix.prefix=/foo"
|
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Kubernetes"
|
```yaml tab="Kubernetes"
|
||||||
|
# Prefixing with /foo
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: addprefix
|
name: add-foo
|
||||||
spec:
|
spec:
|
||||||
addprefix:
|
addPrefix:
|
||||||
prefix: /bar
|
prefix: /foo
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.add-foo.addprefix.prefix": "/foo"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Prefixing with /foo
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
|
@ -34,6 +47,6 @@ spec:
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### prefix
|
### `prefix`
|
||||||
|
|
||||||
`prefix` is the string to add before the current path in the requested URL. It should include the leading slash (`/`).
|
`prefix` is the string to add before the current path in the requested URL. It should include the leading slash (`/`).
|
||||||
|
|
|
@ -12,15 +12,42 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Declaring the user list
|
# Declaring the user list
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.declared-users-only.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-auth
|
||||||
|
spec:
|
||||||
|
basicAuth:
|
||||||
|
users:
|
||||||
|
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
|
||||||
|
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-auth.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Declaring the user list
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
# Declaring the user list
|
# Declaring the user list
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.basicauth]
|
[http.middlewares.test-auth.basicauth]
|
||||||
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
users = [
|
||||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||||
|
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||||
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
@ -33,7 +60,7 @@ Passwords must be encoded using MD5, SHA1, or BCrypt.
|
||||||
|
|
||||||
Use `htpasswd` to generate the passwords.
|
Use `htpasswd` to generate the passwords.
|
||||||
|
|
||||||
### users
|
### `users`
|
||||||
|
|
||||||
The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.
|
The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.
|
||||||
|
|
||||||
|
@ -41,7 +68,7 @@ The `users` option is an array of authorized users. Each user will be declared u
|
||||||
|
|
||||||
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
||||||
|
|
||||||
### usersFile
|
### `usersFile`
|
||||||
|
|
||||||
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
|
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
|
||||||
|
|
||||||
|
@ -58,22 +85,36 @@ The file content is a list of `name:encoded-password`.
|
||||||
|
|
||||||
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
||||||
|
|
||||||
### realm
|
### `realm`
|
||||||
|
|
||||||
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
|
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
|
||||||
|
|
||||||
### headerField
|
### `headerField`
|
||||||
|
|
||||||
You can customize the header field for the authenticated user using the `headerField`option.
|
You can customize the header field for the authenticated user using the `headerField`option.
|
||||||
|
|
||||||
??? example "File -- Passing Authenticated Users to Services Via Headers"
|
```yaml tab="Docker"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares.my-auth.basicauth]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
usersFile = "path-to-file.ext"
|
kind: Middleware
|
||||||
headerField = "X-WebAuth-User" # header for the authenticated user
|
metadata:
|
||||||
```
|
name: my-auth
|
||||||
|
spec:
|
||||||
|
basicAuth:
|
||||||
|
# ...
|
||||||
|
headerField: X-WebAuth-User
|
||||||
|
```
|
||||||
|
|
||||||
### removeHeader
|
```toml tab="File"
|
||||||
|
[http.middlewares.my-auth.basicauth]
|
||||||
|
# ...
|
||||||
|
headerField = "X-WebAuth-User"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `removeHeader`
|
||||||
|
|
||||||
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
|
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
|
||||||
|
|
|
@ -16,39 +16,62 @@ This can help services deal with large data (multipart/form-data for example), a
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Sets the maximum request body to 2Mb
|
# Sets the maximum request body to 2Mb
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.2Mb-memory.buffering.maxRequestBodyBytes=250000",
|
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=250000"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Sets the maximum request body to 2Mb
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: limit
|
||||||
|
spec:
|
||||||
|
buffering:
|
||||||
|
maxRequestBodyBytes: 250000
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.limit.buffering.maxRequestBodyBytes": "250000"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Sets the maximum request body to 2Mb
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=250000"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
# Sets the maximum request body to 2Mb
|
# Sets the maximum request body to 2Mb
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.2Mb-limit.buffering]
|
[http.middlewares.limit.buffering]
|
||||||
maxRequestBodyBytes = 250000
|
maxRequestBodyBytes = 250000
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### maxRequestBodyBytes
|
### `maxRequestBodyBytes`
|
||||||
|
|
||||||
With the `maxRequestBodyBytes` option, you can configure the maximum allowed body size for the request (in Bytes).
|
With the `maxRequestBodyBytes` option, you can configure the maximum allowed body size for the request (in Bytes).
|
||||||
|
|
||||||
If the request exceeds the allowed size, the request is not forwarded to the service and the client gets a `413 (Request Entity Too Large) response.
|
If the request exceeds the allowed size, the request is not forwarded to the service and the client gets a `413 (Request Entity Too Large) response.
|
||||||
|
|
||||||
### memRequestBodyBytes
|
### `memRequestBodyBytes`
|
||||||
|
|
||||||
You can configure a thresold (in Bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.
|
You can configure a thresold (in Bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.
|
||||||
|
|
||||||
### maxResponseBodyBytes
|
### `maxResponseBodyBytes`
|
||||||
|
|
||||||
With the `maxReesponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes).
|
With the `maxReesponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes).
|
||||||
|
|
||||||
If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `413 (Request Entity Too Large) response` instead.
|
If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `413 (Request Entity Too Large) response` instead.
|
||||||
|
|
||||||
### memResponseBodyBytes
|
### `memResponseBodyBytes`
|
||||||
|
|
||||||
You can configure a thresold (in Bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.
|
You can configure a thresold (in Bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.
|
||||||
|
|
||||||
### retryExpression
|
### `retryExpression`
|
||||||
|
|
||||||
You can have the Buffering middleware replay the request with the help of the `retryExpression` option.
|
You can have the Buffering middleware replay the request with the help of the `retryExpression` option.
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Chain
|
# Chain
|
||||||
|
|
||||||
When One Isn't Enougth
|
When One Isn't Enough
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
|
||||||
![Chain](../assets/img/middleware/chain.png)
|
![Chain](../assets/img/middleware/chain.png)
|
||||||
|
@ -10,31 +10,129 @@ It makes reusing the same groups easier.
|
||||||
|
|
||||||
## Configuration Example
|
## Configuration Example
|
||||||
|
|
||||||
??? example "A Chain for WhiteList, BasicAuth, and HTTPS"
|
Example "A Chain for WhiteList, BasicAuth, and HTTPS"
|
||||||
|
|
||||||
```toml
|
```yaml tab="Docker"
|
||||||
# ...
|
labels:
|
||||||
[http.routers]
|
- "traefik.http.routers.router1.service=service1"
|
||||||
[http.routers.router1]
|
- "traefik.http.routers.router1.middlewares=secured"
|
||||||
service = "service1"
|
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
|
||||||
middlewares = ["secured"]
|
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||||
rule = "Host: mydomain"
|
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||||
|
- "traefik.http.middlewares.https-only.schemeredirect.scheme=https"
|
||||||
|
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||||
|
- "http.services.service1.loadbalancer.server.port=80"
|
||||||
|
```
|
||||||
|
|
||||||
[http.middlewares]
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares.secured.Chain]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
middlewares = ["https-only", "known-ips", "auth-users"]
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: test
|
||||||
|
namespace: default
|
||||||
|
|
||||||
[http.middlewares.auth-users.BasicAuth]
|
spec:
|
||||||
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
|
entryPoints:
|
||||||
[http.middlewares.https-only.SchemeRedirect]
|
- web
|
||||||
scheme = "https"
|
|
||||||
[http.middlewares.known-ips.ipWhiteList]
|
|
||||||
sourceRange = ["192.168.1.7", "x.x.x.x", "x.x.x.x"]
|
|
||||||
|
|
||||||
[http.services]
|
routes:
|
||||||
[http.services.service1]
|
- match: Host(`mydomain`)
|
||||||
[http.services.service1.LoadBalancer]
|
kind: Rule
|
||||||
[[http.services.service1.LoadBalancer.Servers]]
|
services:
|
||||||
URL = "http://127.0.0.1:80"
|
- name: whoami
|
||||||
Weight = 1
|
port: 80
|
||||||
```
|
middlewares:
|
||||||
|
- name: secured
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: secured
|
||||||
|
spec:
|
||||||
|
chain:
|
||||||
|
middlewares:
|
||||||
|
- https-only
|
||||||
|
- known-ips
|
||||||
|
- auth-users
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: auth-users
|
||||||
|
spec:
|
||||||
|
basicAuth:
|
||||||
|
users:
|
||||||
|
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: https-only
|
||||||
|
spec:
|
||||||
|
schemeRedirect:
|
||||||
|
scheme: https
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: known-ips
|
||||||
|
spec:
|
||||||
|
ipWhiteList:
|
||||||
|
sourceRange:
|
||||||
|
- 192.168.1.7
|
||||||
|
- 127.0.0.1/32
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.routers.router1.service": "service1",
|
||||||
|
"traefik.http.routers.router1.middlewares": "secured",
|
||||||
|
"traefik.http.routers.router1.rule": "Host(`mydomain`)",
|
||||||
|
"traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
|
||||||
|
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||||
|
"traefik.http.middlewares.https-only.schemeredirect.scheme": "https",
|
||||||
|
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
|
||||||
|
"http.services.service1.loadbalancer.server.port": "80"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.routers.router1.service=service1"
|
||||||
|
- "traefik.http.routers.router1.middlewares=secured"
|
||||||
|
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
|
||||||
|
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||||
|
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||||
|
- "traefik.http.middlewares.https-only.schemeredirect.scheme=https"
|
||||||
|
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||||
|
- "http.services.service1.loadbalancer.server.port=80"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
# ...
|
||||||
|
[http.routers]
|
||||||
|
[http.routers.router1]
|
||||||
|
service = "service1"
|
||||||
|
middlewares = ["secured"]
|
||||||
|
rule = "Host(`mydomain`)"
|
||||||
|
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.secured.Chain]
|
||||||
|
middlewares = ["https-only", "known-ips", "auth-users"]
|
||||||
|
|
||||||
|
[http.middlewares.auth-users.BasicAuth]
|
||||||
|
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
|
||||||
|
|
||||||
|
[http.middlewares.https-only.SchemeRedirect]
|
||||||
|
scheme = "https"
|
||||||
|
|
||||||
|
[http.middlewares.known-ips.ipWhiteList]
|
||||||
|
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
|
||||||
|
|
||||||
|
[http.services]
|
||||||
|
[http.services.service1]
|
||||||
|
[http.services.service1.LoadBalancer]
|
||||||
|
[[http.services.service1.LoadBalancer.Servers]]
|
||||||
|
URL = "http://127.0.0.1:80"
|
||||||
|
Weight = 1
|
||||||
|
```
|
||||||
|
|
|
@ -29,10 +29,33 @@ labels:
|
||||||
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
|
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Latency Check
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: latency-check
|
||||||
|
spec:
|
||||||
|
circuitBreaker:
|
||||||
|
expression: LatencyAtQuantileMS(50.0) > 100
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.latency-check.circuitbreaker.expression": "LatencyAtQuantileMS(50.0) > 100"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Latency Check
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
|
||||||
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
# Latency Check
|
# Latency Check
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.latency-check.circuitbreaker]
|
[http.middlewares.latency-check.circuitBreaker]
|
||||||
expression = "LatencyAtQuantileMS(50.0) > 100"
|
expression = "LatencyAtQuantileMS(50.0) > 100"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -52,11 +75,14 @@ At specified intervals (`checkPeriod`), it will evaluate `expression` to decide
|
||||||
|
|
||||||
### Open
|
### Open
|
||||||
|
|
||||||
While open, the fallback mechanism takes over the normal service calls for a duration of `FallbackDuration`. After this duration, it will enter the recovering state.
|
While open, the fallback mechanism takes over the normal service calls for a duration of `FallbackDuration`.
|
||||||
|
After this duration, it will enter the recovering state.
|
||||||
|
|
||||||
### Recovering
|
### Recovering
|
||||||
|
|
||||||
While recovering, the circuit breaker will progressively send requests to your service again (in a linear way, for `RecoveryDuration`). If your service fails during recovery, the circuit breaker becomes open again. If the service operates normally during the whole recovering duration, then the circuit breaker returns to close.
|
While recovering, the circuit breaker will progressively send requests to your service again (in a linear way, for `RecoveryDuration`).
|
||||||
|
If your service fails during recovery, the circuit breaker becomes open again.
|
||||||
|
If the service operates normally during the whole recovering duration, then the circuit breaker returns to close.
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
|
@ -70,11 +96,11 @@ The `expression` can check three different metrics:
|
||||||
- The status code ratio (`ResponseCodeRatio`)
|
- The status code ratio (`ResponseCodeRatio`)
|
||||||
- The latency at quantile, in milliseconds (`LatencyAtQuantileMS`)
|
- The latency at quantile, in milliseconds (`LatencyAtQuantileMS`)
|
||||||
|
|
||||||
#### NetworkErrorRatio
|
#### `NetworkErrorRatio`
|
||||||
|
|
||||||
If you want the circuit breaker to trigger at a 30% ratio of network errors, the expression will be `NetworkErrorRatio() > 0.30`
|
If you want the circuit breaker to trigger at a 30% ratio of network errors, the expression will be `NetworkErrorRatio() > 0.30`
|
||||||
|
|
||||||
#### ResponseCodeRatio
|
#### `ResponseCodeRatio`
|
||||||
|
|
||||||
You can trigger the circuit breaker based on the ratio of a given range of status codes.
|
You can trigger the circuit breaker based on the ratio of a given range of status codes.
|
||||||
|
|
||||||
|
@ -89,11 +115,11 @@ The operation that will be computed is sum(`to` -> `from`) / sum (`dividedByFrom
|
||||||
|
|
||||||
For example, the expression `ResponseCodeRatio(500, 600, 0, 600) > 0.25` will trigger the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX).
|
For example, the expression `ResponseCodeRatio(500, 600, 0, 600) > 0.25` will trigger the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX).
|
||||||
|
|
||||||
#### LatencyAtQuantileMS
|
#### `LatencyAtQuantileMS`
|
||||||
|
|
||||||
You can trigger the circuit breaker when a given proportion of your requests become too slow.
|
You can trigger the circuit breaker when a given proportion of your requests become too slow.
|
||||||
|
|
||||||
For example, the expression `LatencyAtQuantileMS(50.0) > 100` will trigger the circuit breaker when the median lantency (quantile 50) reaches 100MS.
|
For example, the expression `LatencyAtQuantileMS(50.0) > 100` will trigger the circuit breaker when the median latency (quantile 50) reaches 100MS.
|
||||||
|
|
||||||
!!! Note
|
!!! Note
|
||||||
|
|
||||||
|
@ -106,7 +132,7 @@ You can combine multiple metrics using operators in your expression.
|
||||||
Supported operators are:
|
Supported operators are:
|
||||||
|
|
||||||
- AND (`&&`)
|
- AND (`&&`)
|
||||||
- OR (`||)
|
- OR (`||`)
|
||||||
|
|
||||||
For example, `ResponseCodeRatio(500, 600, 0, 600) > 0.30 || NetworkErrorRatio() > 0.10` triggers the circuit breaker when 30% of the requests return a 5XX status code, or when the ratio of network errors reaches 10%.
|
For example, `ResponseCodeRatio(500, 600, 0, 600) > 0.30 || NetworkErrorRatio() > 0.10` triggers the circuit breaker when 30% of the requests return a 5XX status code, or when the ratio of network errors reaches 10%.
|
||||||
|
|
||||||
|
@ -126,15 +152,15 @@ Here is the list of supported operators:
|
||||||
|
|
||||||
The fallback mechanism returns a `HTTP 503 Service Unavailable` to the client (instead of calling the target service). This behavior cannot be configured.
|
The fallback mechanism returns a `HTTP 503 Service Unavailable` to the client (instead of calling the target service). This behavior cannot be configured.
|
||||||
|
|
||||||
### CheckPeriod
|
### `CheckPeriod`
|
||||||
|
|
||||||
The interval used to evaluate `expression` and decide if the state of the circuit breaker must change. By default, `CheckPeriod` is 100Ms. This value cannot be configured.
|
The interval used to evaluate `expression` and decide if the state of the circuit breaker must change. By default, `CheckPeriod` is 100Ms. This value cannot be configured.
|
||||||
|
|
||||||
### FallbackDuration
|
### `FallbackDuration`
|
||||||
|
|
||||||
By default, `FallbackDuration` is 10 seconds. This value cannot be configured.
|
By default, `FallbackDuration` is 10 seconds. This value cannot be configured.
|
||||||
|
|
||||||
### RecoveringDuration
|
### `RecoveringDuration`
|
||||||
|
|
||||||
The duration of the recovering mode (recovering state).
|
The duration of the recovering mode (recovering state).
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,19 @@ The Compress middleware enables the gzip compression.
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Enable gzip compression
|
# Enable gzip compression
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.test-compress.compress=true",
|
- "traefik.http.middlewares.test-compress.compress=true"
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-compress.compress": "true"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Enable gzip compression
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-compress.compress=true"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
|
|
|
@ -11,14 +11,40 @@ The DigestAuth middleware is a quick way to restrict access to your services to
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.declared-users-only.digestauth.usersFile=path-to-file.ext",
|
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Declaring the user list
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-auth
|
||||||
|
spec:
|
||||||
|
digestAuth:
|
||||||
|
users:
|
||||||
|
- test:traefik:a2688e031edb4be6a3797f3882655c05
|
||||||
|
- test2:traefik:518845800f9e2bfb1f1f740ec24f074e
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-auth.digestauth.users": "test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.digestauth]
|
[http.middlewares.test-auth.digestAuth]
|
||||||
users = ["test:traefik:a2688e031edb4be6a3797f3882655c05",
|
users = [
|
||||||
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
|
"test:traefik:a2688e031edb4be6a3797f3882655c05",
|
||||||
|
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
|
||||||
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! tip
|
!!! tip
|
||||||
|
@ -27,7 +53,7 @@ labels:
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### Users
|
### `Users`
|
||||||
|
|
||||||
The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.
|
The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.
|
||||||
|
|
||||||
|
@ -35,7 +61,7 @@ The `users` option is an array of authorized users. Each user will be declared u
|
||||||
|
|
||||||
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
||||||
|
|
||||||
### UsersFile
|
### `UsersFile`
|
||||||
|
|
||||||
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
|
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
|
||||||
|
|
||||||
|
@ -52,22 +78,43 @@ The file content is a list of `name:realm:encoded-password`.
|
||||||
|
|
||||||
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
||||||
|
|
||||||
### Realm
|
### `Realm`
|
||||||
|
|
||||||
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
|
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
|
||||||
|
|
||||||
### HeaderField
|
### `HeaderField`
|
||||||
|
|
||||||
You can customize the header field for the authenticated user using the `headerField`option.
|
You can customize the header field for the authenticated user using the `headerField`option.
|
||||||
|
|
||||||
??? example "File -- Passing Authenticated Users to Services Via Headers"
|
Example "File -- Passing Authenticated User to Services Via Headers"
|
||||||
|
|
||||||
```toml
|
```yaml tab="Docker"
|
||||||
[http.middlewares.my-auth.digestauth]
|
labels:
|
||||||
usersFile = "path-to-file.ext"
|
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
|
||||||
headerField = "X-WebAuth-User" # header for the authenticated user
|
```
|
||||||
```
|
|
||||||
|
|
||||||
### RemoveHeader
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: my-auth
|
||||||
|
spec:
|
||||||
|
digestAuth:
|
||||||
|
# ...
|
||||||
|
headerField: X-WebAuth-User
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[http.middlewares.my-auth.digestAuth]
|
||||||
|
# ...
|
||||||
|
headerField = "X-WebAuth-User"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `RemoveHeader`
|
||||||
|
|
||||||
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
|
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
|
||||||
|
|
|
@ -15,23 +15,47 @@ The ErrorPage middleware returns a custom page in lieu of the default, according
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Dynamic Custom Error Page for 5XX Status Code
|
# Dynamic Custom Error Page for 5XX Status Code
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.test-errorpage.errors.status=500-599",
|
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
|
||||||
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError",
|
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
|
||||||
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html",
|
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-errorpage
|
||||||
|
spec:
|
||||||
|
errors:
|
||||||
|
status:
|
||||||
|
- 500-599
|
||||||
|
service: serviceError
|
||||||
|
query: /{status}.html
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-errorpage.errors.status": "500-599",
|
||||||
|
"traefik.http.middlewares.test-errorpage.errors.service": "serviceError",
|
||||||
|
"traefik.http.middlewares.test-errorpage.errors.query": "/{status}.html"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Dynamic Custom Error Page for 5XX Status Code
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
|
||||||
|
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
|
||||||
|
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
# Custom Error Page for 5XX
|
# Custom Error Page for 5XX
|
||||||
[http.routers]
|
|
||||||
[http.routers.router1]
|
|
||||||
Service = "my-service"
|
|
||||||
Rule = Host(`my-domain`)
|
|
||||||
|
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.5XX-errors.Errors]
|
[http.middlewares.test-errorpage.Errors]
|
||||||
status = ["500-599"]
|
status = ["500-599"]
|
||||||
service = "error-handler-service"
|
service = "serviceError"
|
||||||
query = "/error.html"
|
query = "/{status}.html"
|
||||||
|
|
||||||
[http.services]
|
[http.services]
|
||||||
# ... definition of error-handler-service and my-service
|
# ... definition of error-handler-service and my-service
|
||||||
|
@ -42,7 +66,7 @@ labels:
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### status
|
### `status`
|
||||||
|
|
||||||
The `status` that will trigger the error page.
|
The `status` that will trigger the error page.
|
||||||
|
|
||||||
|
@ -52,10 +76,10 @@ The status code ranges are inclusive (`500-599` will trigger with every code bet
|
||||||
|
|
||||||
You can define either a status code like `500` or ranges with a syntax like `500-599`.
|
You can define either a status code like `500` or ranges with a syntax like `500-599`.
|
||||||
|
|
||||||
### service
|
### `service`
|
||||||
|
|
||||||
The service that will serve the new requested error page.
|
The service that will serve the new requested error page.
|
||||||
|
|
||||||
### query
|
### `query`
|
||||||
|
|
||||||
The URL for the error page (hosted by `service`). You can use `{status}` in the query, that will be replaced by the received status code.
|
The URL for the error page (hosted by `service`). You can use `{status}` in the query, that will be replaced by the received status code.
|
||||||
|
|
|
@ -11,21 +11,6 @@ Otherwise, the response from the authentication server is returned.
|
||||||
|
|
||||||
## Configuration Examples
|
## Configuration Examples
|
||||||
|
|
||||||
```toml tab="File"
|
|
||||||
# Forward authentication to authserver.com
|
|
||||||
[http.middlewares]
|
|
||||||
[http.middlewares.test-auth.forwardauth]
|
|
||||||
address = "https://authserver.com/auth"
|
|
||||||
trustForwardHeader = true
|
|
||||||
authResponseHeaders = ["X-Auth-User", "X-Secret"]
|
|
||||||
|
|
||||||
[http.middlewares.test-auth.forwardauth.tls]
|
|
||||||
ca = "path/to/local.crt"
|
|
||||||
caOptional = true
|
|
||||||
cert = "path/to/foo.cert"
|
|
||||||
key = "path/to/foo.key"
|
|
||||||
```
|
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Forward authentication to authserver.com
|
# Forward authentication to authserver.com
|
||||||
labels:
|
labels:
|
||||||
|
@ -39,20 +24,80 @@ labels:
|
||||||
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
|
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-auth
|
||||||
|
spec:
|
||||||
|
forwardAuth:
|
||||||
|
address: https://authserver.com/auth
|
||||||
|
trustForwardHeader: true
|
||||||
|
authResponseHeaders:
|
||||||
|
- X-Auth-User
|
||||||
|
- X-Secret
|
||||||
|
tls:
|
||||||
|
ca: path/to/local.crt
|
||||||
|
caOptional: true
|
||||||
|
cert: path/to/foo.cert
|
||||||
|
key: path/to/foo.key
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.Address": "https://authserver.com/auth",
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders": "X-Auth-User,X-Secret",
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA": "path/to/local.crt",
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional": "true",
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert": "path/to/foo.cert",
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify": "true",
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key": "path/to/foo.key",
|
||||||
|
"traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader": "true"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Forward authentication to authserver.com
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
|
||||||
|
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Forward authentication to authserver.com
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
|
address = "https://authserver.com/auth"
|
||||||
|
trustForwardHeader = true
|
||||||
|
authResponseHeaders = ["X-Auth-User", "X-Secret"]
|
||||||
|
|
||||||
|
[http.middlewares.test-auth.forwardauth.tls]
|
||||||
|
ca = "path/to/local.crt"
|
||||||
|
caOptional = true
|
||||||
|
cert = "path/to/foo.cert"
|
||||||
|
key = "path/to/foo.key"
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### address
|
### `address`
|
||||||
|
|
||||||
The `address` option defines the authentication server address.
|
The `address` option defines the authentication server address.
|
||||||
|
|
||||||
### trustForwardHeader
|
### `trustForwardHeader`
|
||||||
|
|
||||||
Set the `trustForwardHeader` option to true to trust all the existing X-Forwarded-* headers.
|
Set the `trustForwardHeader` option to true to trust all the existing X-Forwarded-* headers.
|
||||||
|
|
||||||
### authResponseHeaders
|
### `authResponseHeaders`
|
||||||
|
|
||||||
The `authResponseHeaders` option is the list of the headers to copy from the authentication server to the request.
|
The `authResponseHeaders` option is the list of the headers to copy from the authentication server to the request.
|
||||||
|
|
||||||
### tls
|
### `tls`
|
||||||
|
|
||||||
The `tls` option is the tls configuration from Traefik to the authentication server.
|
The `tls` option is the tls configuration from Traefik to the authentication server.
|
||||||
|
|
|
@ -14,11 +14,35 @@ The Headers middleware can manage the requests/responses headers.
|
||||||
Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response-Header` to the response
|
Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response-Header` to the response
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
a-container:
|
|
||||||
image: a-container-image
|
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test",
|
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
|
||||||
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True",
|
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: testHeader
|
||||||
|
spec:
|
||||||
|
headers:
|
||||||
|
CustomRequestHeaders:
|
||||||
|
X-Script-Name: "test"
|
||||||
|
CustomResponseHeaders:
|
||||||
|
X-Custom-Response-Header: "True"
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name": "test",
|
||||||
|
"traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header": "True"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
|
@ -32,52 +56,121 @@ labels:
|
||||||
|
|
||||||
### Adding and Removing Headers
|
### Adding and Removing Headers
|
||||||
|
|
||||||
`X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request, and the `X-Custom-Response-Header` header removed from the response.
|
`X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request,
|
||||||
|
and the `X-Custom-Response-Header` header removed from the response.
|
||||||
|
|
||||||
??? example "File"
|
Please note that is not possible to remove headers through the use of Docker labels for now.
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
[http.middlewares.testHeader.headers]
|
kind: Middleware
|
||||||
[http.middlewares.testHeader.headers.CustomRequestHeaders]
|
metadata:
|
||||||
X-Script-Name = "test"
|
name: testHeader
|
||||||
[http.middlewares.testHeader.headers.CustomResponseHeaders]
|
spec:
|
||||||
X-Custom-Response-Header = "True"
|
headers:
|
||||||
```
|
CustomRequestHeaders:
|
||||||
|
X-Script-Name: "test" # Adds
|
||||||
|
X-Custom-Request-Header: "" # Removes
|
||||||
|
CustomResponseHeaders:
|
||||||
|
X-Custom-Response-Header: "" # Removes
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Docker"
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
|
||||||
|
```
|
||||||
|
|
||||||
```yml
|
```toml tab="File"
|
||||||
a-container:
|
[http.middlewares]
|
||||||
image: a-container-image
|
[http.middlewares.testHeader.headers]
|
||||||
labels:
|
[http.middlewares.testHeader.headers.CustomRequestHeaders]
|
||||||
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test",
|
X-Script-Name = "test" # Adds
|
||||||
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True",
|
X-Custom-Request-Header = "" # Removes
|
||||||
```
|
[http.middlewares.testHeader.headers.CustomResponseHeaders]
|
||||||
|
X-Custom-Response-Header = "" # Removes
|
||||||
|
```
|
||||||
|
|
||||||
### Using Security Headers
|
### Using Security Headers
|
||||||
|
|
||||||
Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured per frontend in a similar manner to the custom headers above.
|
Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured per frontend in a similar manner to the custom headers above.
|
||||||
This functionality allows for some easy security features to quickly be set.
|
This functionality allows for some easy security features to quickly be set.
|
||||||
|
|
||||||
??? example "File"
|
```yaml tab="Docker"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
[http.middlewares.testHeader.headers]
|
kind: Middleware
|
||||||
FrameDeny = true
|
metadata:
|
||||||
SSLRedirect = true
|
name: testHeader
|
||||||
```
|
spec:
|
||||||
|
headers:
|
||||||
|
FrameDeny: "true"
|
||||||
|
SSLRedirect: "true"
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Docker"
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
|
||||||
|
```
|
||||||
|
|
||||||
```yml
|
```toml tab="File"
|
||||||
a-container:
|
[http.middlewares]
|
||||||
image: a-container-image
|
[http.middlewares.testHeader.headers]
|
||||||
labels:
|
FrameDeny = true
|
||||||
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true",
|
SSLRedirect = true
|
||||||
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true",
|
```
|
||||||
```
|
|
||||||
|
### CORS Headers
|
||||||
|
|
||||||
|
CORS (Cross-Origin Resource Sharing) headers can be added and configured per frontend in a similar manner to the custom headers above.
|
||||||
|
This functionality allows for more advanced security features to quickly be set.
|
||||||
|
|
||||||
|
```yaml tab="Docker"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: testHeader
|
||||||
|
spec:
|
||||||
|
headers:
|
||||||
|
AccessControlAllowMethods:
|
||||||
|
- "GET"
|
||||||
|
- "OPTIONS"
|
||||||
|
- "PUT"
|
||||||
|
AccessControlAllowOrigin: "origin-list-or-null"
|
||||||
|
AccessControlMaxAge: 100
|
||||||
|
AddVaryHeader: "true"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
|
||||||
|
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.testHeader.headers]
|
||||||
|
AccessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
|
||||||
|
AccessControlAllowOrigin = "origin-list-or-null"
|
||||||
|
AccessControlMaxAge = 100
|
||||||
|
AddVaryHeader = true
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
|
@ -89,87 +182,123 @@ This functionality allows for some easy security features to quickly be set.
|
||||||
!!! note
|
!!! note
|
||||||
The detailed documentation for the security headers can be found in [unrolled/secure](https://github.com/unrolled/secure#available-options).
|
The detailed documentation for the security headers can be found in [unrolled/secure](https://github.com/unrolled/secure#available-options).
|
||||||
|
|
||||||
### customRequestHeaders
|
### `customRequestHeaders`
|
||||||
|
|
||||||
The `customRequestHeaders` option lists the Header names and values to apply to the request.
|
The `customRequestHeaders` option lists the Header names and values to apply to the request.
|
||||||
|
|
||||||
### allowedHosts
|
### `customResponseHeaders`
|
||||||
|
|
||||||
|
The `customResponseHeaders` option lists the Header names and values to apply to the response.
|
||||||
|
|
||||||
|
### `accessControlAllowCredentials`
|
||||||
|
|
||||||
|
The `accessControlAllowCredentials` indicates whether the request can include user credentials.
|
||||||
|
|
||||||
|
### `accessControlAllowHeaders`
|
||||||
|
|
||||||
|
The `accessControlAllowHeaders` indicates which header field names can be used as part of the request.
|
||||||
|
|
||||||
|
### `accessControlAllowMethods`
|
||||||
|
|
||||||
|
The `accessControlAllowMethods` indicates which methods can be used during requests.
|
||||||
|
|
||||||
|
### `accessControlAllowOrigin`
|
||||||
|
|
||||||
|
The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values. The three options for this value are:
|
||||||
|
|
||||||
|
- `origin-list-or-null`
|
||||||
|
- `*`
|
||||||
|
- `null`
|
||||||
|
|
||||||
|
### `accessControlExposeHeaders`
|
||||||
|
|
||||||
|
The `accessControlExposeHeaders` indicates which headers are safe to expose to the api of a CORS API specification.
|
||||||
|
|
||||||
|
### `accessControlMaxAge`
|
||||||
|
|
||||||
|
The `accessControlMaxAge` indicates how long a preflight request can be cached.
|
||||||
|
|
||||||
|
### `addVaryHeader`
|
||||||
|
|
||||||
|
The `addVaryHeader` is used in conjunction with `accessControlAllowOrigin` to determine whether the vary header should be added or modified to demonstrate that server responses can differ beased on the value of the origin header.
|
||||||
|
|
||||||
|
### `allowedHosts`
|
||||||
|
|
||||||
The `allowedHosts` option lists fully qualified domain names that are allowed.
|
The `allowedHosts` option lists fully qualified domain names that are allowed.
|
||||||
|
|
||||||
### hostsProxyHeaders
|
### `hostsProxyHeaders`
|
||||||
|
|
||||||
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
|
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
|
||||||
|
|
||||||
### sslRedirect
|
### `sslRedirect`
|
||||||
|
|
||||||
The `sslRedirect` is set to true, then only allow https requests.
|
The `sslRedirect` is set to true, then only allow https requests.
|
||||||
|
|
||||||
### sslTemporaryRedirect
|
### `sslTemporaryRedirect`
|
||||||
|
|
||||||
Set the `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
|
Set the `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
|
||||||
|
|
||||||
### sslHost
|
### `sslHost`
|
||||||
|
|
||||||
The `SSLHost` option is the host name that is used to redirect http requests to https.
|
The `SSLHost` option is the host name that is used to redirect http requests to https.
|
||||||
|
|
||||||
### sslProxyHeaders
|
### `sslProxyHeaders`
|
||||||
|
|
||||||
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request. Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
|
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request. Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
|
||||||
|
|
||||||
### sslForceHost
|
### `sslForceHost`
|
||||||
|
|
||||||
Set `sslForceHost` to true and set SSLHost to forced requests to use `SSLHost` even the ones that are already using SSL.
|
Set `sslForceHost` to true and set SSLHost to forced requests to use `SSLHost` even the ones that are already using SSL.
|
||||||
|
|
||||||
### stsSeconds
|
### `stsSeconds`
|
||||||
|
|
||||||
The `stsSeconds` is the max-age of the Strict-Transport-Security header. If set to 0, would NOT include the header.
|
The `stsSeconds` is the max-age of the Strict-Transport-Security header. If set to 0, would NOT include the header.
|
||||||
|
|
||||||
### stsIncludeSubdomains
|
### `stsIncludeSubdomains`
|
||||||
|
|
||||||
The `stsIncludeSubdomains` is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header.
|
The `stsIncludeSubdomains` is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header.
|
||||||
|
|
||||||
### stsPreload
|
### `stsPreload`
|
||||||
|
|
||||||
Set `STSPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
|
Set `STSPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
|
||||||
|
|
||||||
### forceSTSHeader
|
### `forceSTSHeader`
|
||||||
|
|
||||||
Set `ForceSTSHeader` to true, to add the STS header even when the connection is HTTP.
|
Set `ForceSTSHeader` to true, to add the STS header even when the connection is HTTP.
|
||||||
|
|
||||||
### frameDeny
|
### `frameDeny`
|
||||||
|
|
||||||
Set `frameDeny` to true to add the `X-Frame-Options` header with the value of `DENY`.
|
Set `frameDeny` to true to add the `X-Frame-Options` header with the value of `DENY`.
|
||||||
|
|
||||||
### customFrameOptionsValue
|
### `customFrameOptionsValue`
|
||||||
|
|
||||||
The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value. This overrides the FrameDeny option.
|
The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value. This overrides the FrameDeny option.
|
||||||
|
|
||||||
### contentTypeNosniff
|
### `contentTypeNosniff`
|
||||||
|
|
||||||
Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`.
|
Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`.
|
||||||
|
|
||||||
### browserXssFilter
|
### `browserXssFilter`
|
||||||
|
|
||||||
Set `BrowserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
|
Set `BrowserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
|
||||||
|
|
||||||
### customBrowserXSSValue
|
### `customBrowserXSSValue`
|
||||||
|
|
||||||
The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the BrowserXssFilter option.
|
The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the BrowserXssFilter option.
|
||||||
|
|
||||||
### contentSecurityPolicy
|
### `contentSecurityPolicy`
|
||||||
|
|
||||||
The `contentSecurityPolicy` option allows the `Content-Security-Policy` header value to be set with a custom value.
|
The `contentSecurityPolicy` option allows the `Content-Security-Policy` header value to be set with a custom value.
|
||||||
|
|
||||||
### publicKey
|
### `publicKey`
|
||||||
|
|
||||||
The `publicKey` implements HPKP to prevent MITM attacks with forged certificates.
|
The `publicKey` implements HPKP to prevent MITM attacks with forged certificates.
|
||||||
|
|
||||||
### referrerPolicy
|
### `referrerPolicy`
|
||||||
|
|
||||||
The `referrerPolicy` allows sites to control when browsers will pass the Referer header to other sites.
|
The `referrerPolicy` allows sites to control when browsers will pass the Referer header to other sites.
|
||||||
|
|
||||||
### isDevelopment
|
### `isDevelopment`
|
||||||
|
|
||||||
Set `isDevelopment` to true when developing. The AllowedHosts, SSL, and STS options can cause some unwanted effects. Usually testing happens on http, not https, and on localhost, not your production domain.
|
Set `isDevelopment` to true when developing. The AllowedHosts, SSL, and STS options can cause some unwanted effects. Usually testing happens on http, not https, and on localhost, not your production domain.
|
||||||
If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as false.
|
If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as false.
|
||||||
|
|
|
@ -12,7 +12,31 @@ IPWhitelist accepts / refuses requests based on the client IP.
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Accepts request from defined IP
|
# Accepts request from defined IP
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.Middleware9.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
|
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-ipwhitelist
|
||||||
|
spec:
|
||||||
|
ipWhiteList:
|
||||||
|
sourceRange:
|
||||||
|
- 127.0.0.1/32
|
||||||
|
- 192.168.1.7
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange": "127.0.0.1/32,192.168.1.7"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Accepts request from defined IP
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
|
@ -24,19 +48,19 @@ labels:
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### sourceRange
|
### `sourceRange`
|
||||||
|
|
||||||
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs).
|
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs).
|
||||||
|
|
||||||
### ipStrategy
|
### `ipStrategy`
|
||||||
|
|
||||||
The `ipStrategy` option defines two parameters that sets how Traefik will determine the client IP: `depth`, and `excludedIPs`.
|
The `ipStrategy` option defines two parameters that sets how Traefik will determine the client IP: `depth`, and `excludedIPs`.
|
||||||
|
|
||||||
#### ipStrategy.depth
|
#### `ipStrategy.depth`
|
||||||
|
|
||||||
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
|
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
|
||||||
|
|
||||||
!!! note "Examples of Depth & X-Forwaded-For"
|
!!! note "Examples of Depth & X-Forwarded-For"
|
||||||
|
|
||||||
If `depth` was equal to 2, and the request `X-Forwarded-For` header was `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP would be `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting would be `"12.0.0.1"` (`depth=2`).
|
If `depth` was equal to 2, and the request `X-Forwarded-For` header was `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP would be `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting would be `"12.0.0.1"` (`depth=2`).
|
||||||
|
|
||||||
|
@ -48,9 +72,37 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||||
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
|
||||||
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
|
||||||
|
|
||||||
??? example "File -- Whitelisting Based on `X-Forwarded-For` with `depth=2`"
|
```yaml tab="Docker"
|
||||||
|
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
|
||||||
|
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
|
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: testIPwhitelist
|
||||||
|
spec:
|
||||||
|
ipWhiteList:
|
||||||
|
SourceRange:
|
||||||
|
- 127.0.0.1/32
|
||||||
|
- 192.168.1.7
|
||||||
|
ipstrategy:
|
||||||
|
depth: 2
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
|
||||||
|
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-ipwhitelist.ipWhiteList]
|
[http.middlewares.test-ipwhitelist.ipWhiteList]
|
||||||
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
||||||
|
@ -58,26 +110,16 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||||
depth = 2
|
depth = 2
|
||||||
```
|
```
|
||||||
|
|
||||||
??? example "Docker -- Whitelisting Based on `X-Forwarded-For` with `depth=2`"
|
|
||||||
|
|
||||||
```yml
|
|
||||||
a-container:
|
|
||||||
image: a-container-image
|
|
||||||
labels:
|
|
||||||
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
|
|
||||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
|
|
||||||
```
|
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
|
|
||||||
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
||||||
- `depth` is ignored if its value is is lesser than or equal to 0.
|
- `depth` is ignored if its value is is lesser than or equal to 0.
|
||||||
|
|
||||||
#### ipStrategy.excludedIPs
|
#### `ipStrategy.excludedIPs`
|
||||||
|
|
||||||
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
|
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
|
||||||
|
|
||||||
!!! note "Examples of ExcludedIPs & X-Forwaded-For"
|
!!! note "Examples of ExcludedIPs & X-Forwarded-For"
|
||||||
|
|
||||||
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|
||||||
|-----------------------------------------|-----------------------|--------------|
|
|-----------------------------------------|-----------------------|--------------|
|
||||||
|
@ -90,20 +132,36 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||||
!!! important
|
!!! important
|
||||||
If `depth` is specified, `excludedIPs` is ignored.
|
If `depth` is specified, `excludedIPs` is ignored.
|
||||||
|
|
||||||
??? example "File -- Exclude from `X-Forwarded-For`"
|
```yaml tab="Docker"
|
||||||
|
# Exclude from `X-Forwarded-For`
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares]
|
# Exclude from `X-Forwarded-For`
|
||||||
[http.middlewares.test-ipwhitelist.ipWhiteList]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
|
kind: Middleware
|
||||||
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
|
metadata:
|
||||||
```
|
name: test-ipwhitelist
|
||||||
|
spec:
|
||||||
|
ipWhiteList:
|
||||||
|
ipstrategy:
|
||||||
|
excludedIPs:
|
||||||
|
- 127.0.0.1/32
|
||||||
|
- 192.168.1.7
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Docker -- Exclude from `X-Forwarded-For`"
|
```yaml tab="Rancher"
|
||||||
|
# Exclude from `X-Forwarded-For`
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
|
||||||
|
```
|
||||||
|
|
||||||
```yml
|
```toml tab="File"
|
||||||
a-container:
|
# Exclude from `X-Forwarded-For`
|
||||||
image: a-container-image
|
[http.middlewares]
|
||||||
labels:
|
[http.middlewares.test-ipwhitelist.ipWhiteList]
|
||||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
|
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
|
||||||
```
|
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
|
||||||
|
```
|
||||||
|
|
|
@ -15,6 +15,28 @@ labels:
|
||||||
- "traefik.http.middlewares.test-maxconn.maxconn.amount=10"
|
- "traefik.http.middlewares.test-maxconn.maxconn.amount=10"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: addprefix
|
||||||
|
spec:
|
||||||
|
addPrefix:
|
||||||
|
prefix: /bar
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-maxconn.maxconn.amount": "10"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Limiting to 10 simultaneous connections
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-maxconn.maxconn.amount=10"
|
||||||
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
# Limiting to 10 simultaneous connections
|
# Limiting to 10 simultaneous connections
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
|
@ -24,7 +46,7 @@ labels:
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### amount
|
### `amount`
|
||||||
|
|
||||||
The `amount` option defines the maximum amount of allowed simultaneous connections.
|
The `amount` option defines the maximum amount of allowed simultaneous connections.
|
||||||
The middleware will return an `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `extractorfunc` strategy).
|
The middleware will return an `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `extractorfunc` strategy).
|
||||||
|
|
|
@ -18,7 +18,7 @@ Pieces of middleware can be combined in chains to fit every scenario.
|
||||||
whoami:
|
whoami:
|
||||||
image: containous/whoami # A container that exposes an API to show its IP address
|
image: containous/whoami # A container that exposes an API to show its IP address
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo",
|
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Kubernetes"
|
```yaml tab="Kubernetes"
|
||||||
|
@ -55,10 +55,22 @@ spec:
|
||||||
# more fields...
|
# more fields...
|
||||||
routes:
|
routes:
|
||||||
# more fields...
|
# more fields...
|
||||||
middleware:
|
middlewares:
|
||||||
- name: stripprefix
|
- name: stripprefix
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# As a Rancher Label
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
|
||||||
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
# As Toml Configuration File
|
# As Toml Configuration File
|
||||||
[providers]
|
[providers]
|
||||||
|
@ -111,7 +123,7 @@ If you use multiple `providers` and wish to reference a middleware declared in a
|
||||||
|
|
||||||
labels:
|
labels:
|
||||||
# Attach file.add-foo-prefix middleware (declared in file)
|
# Attach file.add-foo-prefix middleware (declared in file)
|
||||||
- "traefik.http.routers.middlewares=file.add-foo-prefix",
|
- "traefik.http.routers.middlewares=file.add-foo-prefix"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Available Middlewares
|
## Available Middlewares
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# TODO - PassTLSClientCert
|
# PassTLSClientCert
|
||||||
|
|
||||||
Adding Client Certificates in a Header
|
Adding Client Certificates in a Header
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
@ -14,7 +14,29 @@ Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
|
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.Middleware11.passtlsclientcert.pem=true"
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: addprefix
|
||||||
|
spec:
|
||||||
|
passtlsclientcert:
|
||||||
|
pem: true
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem": "true"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
|
@ -48,6 +70,58 @@ labels:
|
||||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-passtlsclientcert
|
||||||
|
spec:
|
||||||
|
passtlsclientcert:
|
||||||
|
info:
|
||||||
|
notAfter: true
|
||||||
|
notBefore: true
|
||||||
|
sans: true
|
||||||
|
subject:
|
||||||
|
country: true
|
||||||
|
province: true
|
||||||
|
locality: true
|
||||||
|
organization: true
|
||||||
|
commonName: true
|
||||||
|
serialNumber: true
|
||||||
|
domainComponent: true
|
||||||
|
issuer:
|
||||||
|
country: true
|
||||||
|
province: true
|
||||||
|
locality: true
|
||||||
|
organization: true
|
||||||
|
commonName: true
|
||||||
|
serialNumber: true
|
||||||
|
domainComponent: true
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
|
||||||
|
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
|
||||||
|
```
|
||||||
|
|
||||||
```toml tab="File"
|
```toml tab="File"
|
||||||
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
|
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
|
@ -80,8 +154,8 @@ labels:
|
||||||
|
|
||||||
PassTLSClientCert can add two headers to the request:
|
PassTLSClientCert can add two headers to the request:
|
||||||
|
|
||||||
* `X-Forwarded-Tls-Client-Cert` that contains the escaped pem.
|
- `X-Forwarded-Tls-Client-Cert` that contains the escaped pem.
|
||||||
* `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string.
|
- `X-Forwarded-Tls-Client-Cert-Info` that contains all the selected certificate information in an escaped string.
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
The headers are filled with escaped string so it can be safely placed inside a URL query.
|
The headers are filled with escaped string so it can be safely placed inside a URL query.
|
||||||
|
@ -192,9 +266,10 @@ In the following example, you can see a complete certificate. We will use each p
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
```
|
```
|
||||||
|
|
||||||
### pem
|
### `pem`
|
||||||
|
|
||||||
The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escape certificate.
|
The `pem` option sets the `X-Forwarded-Tls-Client-Cert` header with the escape certificate.
|
||||||
|
|
||||||
In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters :
|
In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` delimiters :
|
||||||
|
|
||||||
??? example "The data used by the pem option"
|
??? example "The data used by the pem option"
|
||||||
|
@ -243,10 +318,16 @@ In the example, it is the part between `-----BEGIN CERTIFICATE-----` and `-----E
|
||||||
The delimiters and `\n` will be removed.
|
The delimiters and `\n` will be removed.
|
||||||
If there are more than one certificate, they are separated by a "`;`".
|
If there are more than one certificate, they are separated by a "`;`".
|
||||||
|
|
||||||
### info
|
!!! note "`X-Forwarded-Tls-Client-Cert` value could exceed the web server header size limit"
|
||||||
|
|
||||||
|
The header size limit of web servers is commonly between 4kb and 8kb.
|
||||||
|
You could change the server configuration to allow bigger header or use the `info` option with the needed field(s).
|
||||||
|
|
||||||
|
### `info`
|
||||||
|
|
||||||
The `info` option select the specific client certificate details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
|
The `info` option select the specific client certificate details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
|
||||||
The value of the header will be an escaped concatenation of all the selected certificate details.
|
The value of the header will be an escaped concatenation of all the selected certificate details.
|
||||||
|
|
||||||
The following example shows an unescaped result that uses all the available fields:
|
The following example shows an unescaped result that uses all the available fields:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
@ -257,9 +338,10 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
|
||||||
|
|
||||||
If there are more than one certificate, they are separated by a `;`.
|
If there are more than one certificate, they are separated by a `;`.
|
||||||
|
|
||||||
#### info.notafter
|
#### `info.notafter`
|
||||||
|
|
||||||
Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part.
|
Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part.
|
||||||
|
|
||||||
The data are taken from the following certificate part:
|
The data are taken from the following certificate part:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
@ -273,7 +355,7 @@ The escape `notafter` info part will be like:
|
||||||
NA=1607166616
|
NA=1607166616
|
||||||
```
|
```
|
||||||
|
|
||||||
#### info.notbefore
|
#### `info.notbefore`
|
||||||
|
|
||||||
Set the `info.notafter` option to `true` to add the `Not Before` information from the `Validity` part.
|
Set the `info.notafter` option to `true` to add the `Not Before` information from the `Validity` part.
|
||||||
|
|
||||||
|
@ -290,9 +372,10 @@ The escape `notafter` info part will be like:
|
||||||
NB=1544094616
|
NB=1544094616
|
||||||
```
|
```
|
||||||
|
|
||||||
#### info.sans
|
#### `info.sans`
|
||||||
|
|
||||||
Set the `info.sans` option to `true` to add the `Subject Alternative Name` information from the `Subject Alternative Name` part.
|
Set the `info.sans` option to `true` to add the `Subject Alternative Name` information from the `Subject Alternative Name` part.
|
||||||
|
|
||||||
The data are taken from the following certificate part:
|
The data are taken from the following certificate part:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
@ -310,7 +393,7 @@ SAN=*.cheese.org,*.cheese.net,*.cheese.com,test@cheese.org,test@cheese.net,10.0.
|
||||||
|
|
||||||
All the SANs data are separated by a `,`.
|
All the SANs data are separated by a `,`.
|
||||||
|
|
||||||
#### info.subject
|
#### `info.subject`
|
||||||
|
|
||||||
The `info.subject` select the specific client certificate subject details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
|
The `info.subject` select the specific client certificate subject details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
|
||||||
|
|
||||||
|
@ -320,7 +403,7 @@ The data are taken from the following certificate part :
|
||||||
Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
|
Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.subject.country
|
##### `info.subject.country`
|
||||||
|
|
||||||
Set the `info.subject.country` option to true to add the `country` information into the subject.
|
Set the `info.subject.country` option to true to add the `country` information into the subject.
|
||||||
The data are taken from the subject part with the `C` key.
|
The data are taken from the subject part with the `C` key.
|
||||||
|
@ -330,7 +413,7 @@ The escape country info in the subject part will be like :
|
||||||
C=FR,C=US
|
C=FR,C=US
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.subject.province
|
##### `info.subject.province`
|
||||||
|
|
||||||
Set the `info.subject.province` option to true to add the `province` information into the subject.
|
Set the `info.subject.province` option to true to add the `province` information into the subject.
|
||||||
|
|
||||||
|
@ -342,7 +425,7 @@ The escape province info in the subject part will be like :
|
||||||
ST=Cheese org state,ST=Cheese com state
|
ST=Cheese org state,ST=Cheese com state
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.subject.locality
|
##### `info.subject.locality`
|
||||||
|
|
||||||
Set the `info.subject.locality` option to true to add the `locality` information into the subject.
|
Set the `info.subject.locality` option to true to add the `locality` information into the subject.
|
||||||
|
|
||||||
|
@ -354,7 +437,7 @@ The escape locality info in the subject part will be like :
|
||||||
L=TOULOUSE,L=LYON
|
L=TOULOUSE,L=LYON
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.subject.organization
|
##### `info.subject.organization`
|
||||||
|
|
||||||
Set the `info.subject.organization` option to true to add the `organization` information into the subject.
|
Set the `info.subject.organization` option to true to add the `organization` information into the subject.
|
||||||
|
|
||||||
|
@ -366,31 +449,31 @@ The escape organization info in the subject part will be like :
|
||||||
O=Cheese,O=Cheese 2
|
O=Cheese,O=Cheese 2
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.subject.commonname
|
##### `info.subject.commonname`
|
||||||
|
|
||||||
Set the `info.subject.commonname` option to true to add the `commonname` information into the subject.
|
Set the `info.subject.commonname` option to true to add the `commonname` information into the subject.
|
||||||
|
|
||||||
The data are taken from the subject part with the `CN` key.
|
The data are taken from the subject part with the `CN` key.
|
||||||
|
|
||||||
The escape commonname info in the subject part will be like :
|
The escape common name info in the subject part will be like :
|
||||||
|
|
||||||
```text
|
```text
|
||||||
CN=*.cheese.com
|
CN=*.cheese.com
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.subject.serialnumber
|
##### `info.subject.serialnumber`
|
||||||
|
|
||||||
Set the `info.subject.serialnumber` option to true to add the `serialnumber` information into the subject.
|
Set the `info.subject.serialnumber` option to true to add the `serialnumber` information into the subject.
|
||||||
|
|
||||||
The data are taken from the subject part with the `SN` key.
|
The data are taken from the subject part with the `SN` key.
|
||||||
|
|
||||||
The escape serialnumber info in the subject part will be like :
|
The escape serial number info in the subject part will be like :
|
||||||
|
|
||||||
```text
|
```text
|
||||||
SN=1234567890
|
SN=1234567890
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.subject.domaincomponent
|
##### `info.subject.domaincomponent`
|
||||||
|
|
||||||
Set the `info.subject.domaincomponent` option to true to add the `domaincomponent` information into the subject.
|
Set the `info.subject.domaincomponent` option to true to add the `domaincomponent` information into the subject.
|
||||||
|
|
||||||
|
@ -402,7 +485,7 @@ The escape domaincomponent info in the subject part will be like :
|
||||||
DC=org,DC=cheese
|
DC=org,DC=cheese
|
||||||
```
|
```
|
||||||
|
|
||||||
#### info.issuer
|
#### `info.issuer`
|
||||||
|
|
||||||
The `info.issuer` select the specific client certificate issuer details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
|
The `info.issuer` select the specific client certificate issuer details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
|
||||||
|
|
||||||
|
@ -412,7 +495,7 @@ The data are taken from the following certificate part :
|
||||||
Issuer: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=Simple Signing CA, CN=Simple Signing CA 2, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Signing State, ST=Signing State 2/emailAddress=simple@signing.com/emailAddress=simple2@signing.com
|
Issuer: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=Simple Signing CA, CN=Simple Signing CA 2, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Signing State, ST=Signing State 2/emailAddress=simple@signing.com/emailAddress=simple2@signing.com
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.issuer.country
|
##### `info.issuer.country`
|
||||||
|
|
||||||
Set the `info.issuer.country` option to true to add the `country` information into the issuer.
|
Set the `info.issuer.country` option to true to add the `country` information into the issuer.
|
||||||
The data are taken from the issuer part with the `C` key.
|
The data are taken from the issuer part with the `C` key.
|
||||||
|
@ -422,7 +505,7 @@ The escape country info in the issuer part will be like :
|
||||||
C=FR,C=US
|
C=FR,C=US
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.issuer.province
|
##### `info.issuer.province`
|
||||||
|
|
||||||
Set the `info.issuer.province` option to true to add the `province` information into the issuer.
|
Set the `info.issuer.province` option to true to add the `province` information into the issuer.
|
||||||
|
|
||||||
|
@ -434,7 +517,7 @@ The escape province info in the issuer part will be like :
|
||||||
ST=Signing State,ST=Signing State 2
|
ST=Signing State,ST=Signing State 2
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.issuer.locality
|
##### `info.issuer.locality`
|
||||||
|
|
||||||
Set the `info.issuer.locality` option to true to add the `locality` information into the issuer.
|
Set the `info.issuer.locality` option to true to add the `locality` information into the issuer.
|
||||||
|
|
||||||
|
@ -446,7 +529,7 @@ The escape locality info in the issuer part will be like :
|
||||||
L=TOULOUSE,L=LYON
|
L=TOULOUSE,L=LYON
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.issuer.organization
|
##### `info.issuer.organization`
|
||||||
|
|
||||||
Set the `info.issuer.organization` option to true to add the `organization` information into the issuer.
|
Set the `info.issuer.organization` option to true to add the `organization` information into the issuer.
|
||||||
|
|
||||||
|
@ -458,37 +541,37 @@ The escape organization info in the issuer part will be like :
|
||||||
O=Cheese,O=Cheese 2
|
O=Cheese,O=Cheese 2
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.issuer.commonname
|
##### `info.issuer.commonname`
|
||||||
|
|
||||||
Set the `info.issuer.commonname` option to true to add the `commonname` information into the issuer.
|
Set the `info.issuer.commonname` option to true to add the `commonname` information into the issuer.
|
||||||
|
|
||||||
The data are taken from the issuer part with the `CN` key.
|
The data are taken from the issuer part with the `CN` key.
|
||||||
|
|
||||||
The escape commonname info in the issuer part will be like :
|
The escape common name info in the issuer part will be like :
|
||||||
|
|
||||||
```text
|
```text
|
||||||
CN=Simple Signing CA 2
|
CN=Simple Signing CA 2
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.issuer.serialnumber
|
##### `info.issuer.serialnumber`
|
||||||
|
|
||||||
Set the `info.issuer.serialnumber` option to true to add the `serialnumber` information into the issuer.
|
Set the `info.issuer.serialnumber` option to true to add the `serialnumber` information into the issuer.
|
||||||
|
|
||||||
The data are taken from the issuer part with the `SN` key.
|
The data are taken from the issuer part with the `SN` key.
|
||||||
|
|
||||||
The escape serialnumber info in the issuer part will be like :
|
The escape serial number info in the issuer part will be like :
|
||||||
|
|
||||||
```text
|
```text
|
||||||
SN=1234567890
|
SN=1234567890
|
||||||
```
|
```
|
||||||
|
|
||||||
##### info.issuer.domaincomponent
|
##### `info.issuer.domaincomponent`
|
||||||
|
|
||||||
Set the `info.issuer.domaincomponent` option to true to add the `domaincomponent` information into the issuer.
|
Set the `info.issuer.domaincomponent` option to true to add the `domaincomponent` information into the issuer.
|
||||||
|
|
||||||
The data are taken from the issuer part with the `DC` key.
|
The data are taken from the issuer part with the `DC` key.
|
||||||
|
|
||||||
The escape domaincomponent info in the issuer part will be like :
|
The escape domain component info in the issuer part will be like :
|
||||||
|
|
||||||
```text
|
```text
|
||||||
DC=org,DC=cheese
|
DC=org,DC=cheese
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# TODO -- RateLimit
|
# RateLimit
|
||||||
|
|
||||||
Protection from Too Many Calls
|
Protection from Too Many Calls
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
@ -9,42 +9,87 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r
|
||||||
|
|
||||||
## Configuration Example
|
## Configuration Example
|
||||||
|
|
||||||
??? example "Limit to 100 requests every 10 seconds (with a possible burst of 200)"
|
```yaml tab="Docker"
|
||||||
|
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
|
||||||
|
# These can "burst" up to 10 and 200 in each period, respectively.
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10"
|
||||||
|
|
||||||
```toml
|
```
|
||||||
[http.middlewares]
|
|
||||||
[http.middlewares.fair-ratelimit.ratelimit]
|
|
||||||
extractorfunc = "client.ip"
|
|
||||||
|
|
||||||
[http.middlewares.fair-ratelimit.ratelimit.rateset1]
|
```yaml tab="Kubernetes"
|
||||||
period = "10s"
|
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
|
||||||
average = 100
|
# These can "burst" up to 10 and 200 in each period, respectively.
|
||||||
burst = 200
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
```
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-ratelimit
|
||||||
|
spec:
|
||||||
|
rateLimit:
|
||||||
|
extractorfunc = "client.ip"
|
||||||
|
rate0:
|
||||||
|
period = "10s"
|
||||||
|
average = 100
|
||||||
|
burst = 200
|
||||||
|
rate1:
|
||||||
|
period = "3s"
|
||||||
|
average = 5
|
||||||
|
burst = 10
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Combine multiple limits"
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc": "client.ip",
|
||||||
|
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period": "10s",
|
||||||
|
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average": "100",
|
||||||
|
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst": "200",
|
||||||
|
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period": "3s",
|
||||||
|
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average": "5",
|
||||||
|
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst": "10"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Rancher"
|
||||||
[http.middlewares]
|
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
|
||||||
[http.middlewares.fair-ratelimit.ratelimit]
|
# These can "burst" up to 10 and 200 in each period, respectively.
|
||||||
extractorfunc = "client.ip"
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5"
|
||||||
|
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10"
|
||||||
|
|
||||||
[http.middlewares.fair-ratelimit.ratelimit.rateset1]
|
```
|
||||||
period = "10s"
|
|
||||||
average = 100
|
|
||||||
burst = 200
|
|
||||||
|
|
||||||
[http.middlewares.fair-ratelimit.ratelimit.rateset2]
|
```toml tab="File"
|
||||||
period = "3s"
|
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
|
||||||
average = 5
|
# These can "burst" up to 10 and 200 in each period, respectively.
|
||||||
burst = 10
|
[http.middlewares]
|
||||||
```
|
[http.middlewares.test-ratelimit.ratelimit]
|
||||||
|
extractorfunc = "client.ip"
|
||||||
|
|
||||||
Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. These can "burst" up to 10 and 200 in each period, respectively.
|
[http.middlewares.test-ratelimit.ratelimit.rate0]
|
||||||
|
period = "10s"
|
||||||
|
average = 100
|
||||||
|
burst = 200
|
||||||
|
|
||||||
|
[http.middlewares.test-ratelimit.ratelimit.rate1]
|
||||||
|
period = "3s"
|
||||||
|
average = 5
|
||||||
|
burst = 10
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### extractorfunc
|
### `extractorfunc`
|
||||||
|
|
||||||
The `extractorfunc` option defines the strategy used to categorize requests.
|
The `extractorfunc` option defines the strategy used to categorize requests.
|
||||||
|
|
||||||
|
@ -54,12 +99,12 @@ The possible values are:
|
||||||
- `client.ip` categorizes requests based on the client ip.
|
- `client.ip` categorizes requests based on the client ip.
|
||||||
- `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.
|
- `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.
|
||||||
|
|
||||||
### ratelimit (multiple values)
|
### `ratelimit`
|
||||||
|
|
||||||
You can combine multiple ratelimit.
|
You can combine multiple rate limits.
|
||||||
The ratelimit will trigger with the first reached limit.
|
The rate limit will trigger with the first reached limit.
|
||||||
|
|
||||||
Each ratelimit has 3 options, `period`, `average`, and `burst`.
|
Each rate limit has 3 options, `period`, `average`, and `burst`.
|
||||||
|
|
||||||
The rate limit will allow an average of `average` requests every `period`, with a maximum of `burst` request on that period.
|
The rate limit will allow an average of `average` requests every `period`, with a maximum of `burst` request on that period.
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# TODO - RedirectRegex
|
# RedirectRegex
|
||||||
|
|
||||||
Redirecting the Client to a Different Location
|
Redirecting the Client to a Different Location
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
@ -9,34 +9,56 @@ RegexRedirect redirect a request from an url to another with regex matching and
|
||||||
|
|
||||||
## Configuration Examples
|
## Configuration Examples
|
||||||
|
|
||||||
??? example "File -- Redirect with domain replacement"
|
```yaml tab="Docker"
|
||||||
|
# Redirect with domain replacement
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
|
||||||
|
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$1"
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares]
|
# Redirect with domain replacement
|
||||||
[http.middlewares.test-redirectregex.redirectregex]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
regex = "^http://localhost/(.*)"
|
kind: Middleware
|
||||||
replacement = "http://mydomain/$1"
|
metadata:
|
||||||
```
|
name: test-redirectregex
|
||||||
|
spec:
|
||||||
|
redirectRegex:
|
||||||
|
regex: ^http://localhost/(.*)
|
||||||
|
replacement: http://mydomain/$1
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Docker -- Redirect with domain replacement"
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-redirectregex.redirectregex.regex": "^http://localhost/(.*)",
|
||||||
|
"traefik.http.middlewares.test-redirectregex.redirectregex.replacement": "http://mydomain/$1"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
```yml
|
```yaml tab="Rancher"
|
||||||
a-container:
|
# Redirect with domain replacement
|
||||||
image: a-container-image
|
labels:
|
||||||
labels:
|
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
|
||||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
|
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$1"
|
||||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$1"
|
```
|
||||||
```
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Redirect with domain replacement
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-redirectregex.redirectregex]
|
||||||
|
regex = "^http://localhost/(.*)"
|
||||||
|
replacement = "http://mydomain/$1"
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### permanent
|
### `permanent`
|
||||||
|
|
||||||
Set the `permanent` option to `true` to apply a permanent redirection.
|
Set the `permanent` option to `true` to apply a permanent redirection.
|
||||||
|
|
||||||
### regex
|
### `regex`
|
||||||
|
|
||||||
The `Regex` option is the regular expression to match and capture elements form the request URL.
|
The `Regex` option is the regular expression to match and capture elements from the request URL.
|
||||||
|
|
||||||
!!! warning
|
!!! warning
|
||||||
|
|
||||||
|
@ -46,7 +68,7 @@ The `Regex` option is the regular expression to match and capture elements form
|
||||||
|
|
||||||
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||||
|
|
||||||
### replacement
|
### `replacement`
|
||||||
|
|
||||||
The `replacement` option defines how to modify the URl to have the new target URL.
|
The `replacement` option defines how to modify the URl to have the new target URL.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# TODO - RedirectScheme
|
# RedirectScheme
|
||||||
|
|
||||||
Redirecting the Client to a Different Scheme/Port
|
Redirecting the Client to a Different Scheme/Port
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
@ -9,33 +9,52 @@ RegexRedirect redirect request from a scheme to another.
|
||||||
|
|
||||||
## Configuration Examples
|
## Configuration Examples
|
||||||
|
|
||||||
??? example "File -- Redirect to https"
|
```yaml tab="Docker"
|
||||||
|
# Redirect to https
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares]
|
# Redirect to https
|
||||||
[http.middlewares.test-redirectscheme.redirectscheme]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
scheme = "https"
|
kind: Middleware
|
||||||
```
|
metadata:
|
||||||
|
name: test-redirectscheme
|
||||||
|
spec:
|
||||||
|
redirectScheme:
|
||||||
|
scheme: https
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Docker -- Redirect to https"
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme": "https"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
```yml
|
```yaml tab="Rancher"
|
||||||
a-container:
|
# Redirect to https
|
||||||
image: a-container-image
|
labels:
|
||||||
labels:
|
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
|
||||||
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
|
```
|
||||||
```
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Redirect to https
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-redirectscheme.redirectscheme]
|
||||||
|
scheme = "https"
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
### permanent
|
### `permanent`
|
||||||
|
|
||||||
Set the `permanent` option to `true` to apply a permanent redirection.
|
Set the `permanent` option to `true` to apply a permanent redirection.
|
||||||
|
|
||||||
### scheme
|
### `scheme`
|
||||||
|
|
||||||
The `scheme` option defines the scheme of the new url.
|
The `scheme` option defines the scheme of the new url.
|
||||||
|
|
||||||
### port
|
### `port`
|
||||||
|
|
||||||
The `port` option defines the port of the new url.
|
The `port` option defines the port of the new url.
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# TODO -- ReplacePath
|
# ReplacePath
|
||||||
|
|
||||||
Updating the Path Before Forwarding the Request
|
Updating the Path Before Forwarding the Request
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
@ -9,22 +9,41 @@ Replace the path of the request url.
|
||||||
|
|
||||||
## Configuration Examples
|
## Configuration Examples
|
||||||
|
|
||||||
??? example "File -- Replace the path by /foo"
|
```yaml tab="Docker"
|
||||||
|
# Replace the path by /foo
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
|
||||||
|
```
|
||||||
|
|
||||||
```toml
|
```yaml tab="Kubernetes"
|
||||||
[http.middlewares]
|
# Replace the path by /foo
|
||||||
[http.middlewares.test-replacepath.ReplacePath]
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
path = "/foo"
|
kind: Middleware
|
||||||
```
|
metadata:
|
||||||
|
name: test-replacepath
|
||||||
|
spec:
|
||||||
|
replacePath:
|
||||||
|
path: /foo
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Docker --Replace the path by /foo"
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-replacepath.replacepath.path": "/foo"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
```yaml
|
```yaml tab="Rancher"
|
||||||
a-container:
|
# Replace the path by /foo
|
||||||
image: a-container-image
|
labels:
|
||||||
labels:
|
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
|
||||||
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
|
```
|
||||||
```
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Replace the path by /foo
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-replacepath.ReplacePath]
|
||||||
|
path = "/foo"
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
|
@ -32,9 +51,9 @@ Replace the path of the request url.
|
||||||
|
|
||||||
The ReplacePath middleware will:
|
The ReplacePath middleware will:
|
||||||
|
|
||||||
* replace the actual path by the specified one.
|
- replace the actual path by the specified one.
|
||||||
* store the original path in a `X-Replaced-Path` header.
|
- store the original path in a `X-Replaced-Path` header.
|
||||||
|
|
||||||
### path
|
### `path`
|
||||||
|
|
||||||
The `path` option defines the path to use as replacement in the request url.
|
The `path` option defines the path to use as replacement in the request url.
|
||||||
|
|
|
@ -1,4 +1,76 @@
|
||||||
# TODO -- ReplacePathRegex
|
# ReplacePathRegex
|
||||||
|
|
||||||
Updating the Path Before Forwarding the Request (Using a Regex)
|
Updating the Path Before Forwarding the Request (Using a Regex)
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
|
||||||
|
`TODO: add schema`
|
||||||
|
|
||||||
|
The ReplaceRegex replace a path from an url to another with regex matching and replacement.
|
||||||
|
|
||||||
|
## Configuration Examples
|
||||||
|
|
||||||
|
```yaml tab="Docker"
|
||||||
|
# Replace path with regex
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
|
||||||
|
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Replace path with regex
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-replacepathregex
|
||||||
|
spec:
|
||||||
|
replacePathRegex:
|
||||||
|
regex: ^/foo/(.*)
|
||||||
|
replacement: /bar/$1
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-replacepathregex.replacepathregex.regex": "^/foo/(.*)",
|
||||||
|
"traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement": "/bar/$1"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Replace path with regex
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
|
||||||
|
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Redirect with domain replacement
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-replacepathregex.replacePathRegex]
|
||||||
|
regex = "^/foo/(.*)"
|
||||||
|
replacement = "/bar/$1"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration Options
|
||||||
|
|
||||||
|
### General
|
||||||
|
|
||||||
|
The ReplacePathRegex middleware will:
|
||||||
|
|
||||||
|
- replace the matching path by the specified one.
|
||||||
|
- store the original path in a `X-Replaced-Path` header.
|
||||||
|
|
||||||
|
### `regex`
|
||||||
|
|
||||||
|
The `Regex` option is the regular expression to match and capture the path from the request URL.
|
||||||
|
|
||||||
|
!!! warning
|
||||||
|
|
||||||
|
Care should be taken when defining replacement expand variables: `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax.
|
||||||
|
|
||||||
|
!!! tip
|
||||||
|
|
||||||
|
Regular expressions and replacements can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||||
|
|
||||||
|
### `replacement`
|
||||||
|
|
||||||
|
The `replacement` option defines how to modify the path to have the new target path.
|
||||||
|
|
|
@ -1,20 +1,54 @@
|
||||||
# TODO -- Retry
|
# Retry
|
||||||
|
|
||||||
Retrying until it Succeeds
|
Retrying until it Succeeds
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
|
||||||
## Old Content
|
`TODO: add schema`
|
||||||
|
|
||||||
## Retry Configuration
|
Retry to send request on attempt failure.
|
||||||
|
|
||||||
```toml
|
## Configuration Examples
|
||||||
# Enable retry sending request if network error
|
|
||||||
[retry]
|
|
||||||
|
|
||||||
# Number of attempts
|
```yaml tab="Docker"
|
||||||
#
|
# Retry to send request 4 times
|
||||||
# Optional
|
labels:
|
||||||
# Default: (number servers in backend) -1
|
- "traefik.http.middlewares.test-retry.retry.attempts=4"
|
||||||
#
|
|
||||||
# attempts = 3
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Retry to send request 4 times
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-retry
|
||||||
|
spec:
|
||||||
|
retry:
|
||||||
|
attempts: 4
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-retry.retry.attempts": "4"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Retry to send request 4 times
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-retry.retry.attempts=4"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Retry to send request 4 times
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-retry.Retry]
|
||||||
|
attempts = 4
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration Options
|
||||||
|
|
||||||
|
### `attempts`
|
||||||
|
|
||||||
|
_mandatory_
|
||||||
|
|
||||||
|
The `attempts` option defines how many times to try sending the request.
|
|
@ -1,13 +1,72 @@
|
||||||
# TODO -- StripPrefix
|
# StripPrefix
|
||||||
|
|
||||||
Removing Prefixes From the Path Before Forwarding the Request
|
Removing Prefixes From the Path Before Forwarding the Request
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
|
||||||
## OldContent
|
`TODO: add schema`
|
||||||
|
|
||||||
|
Remove the specified prefixes from the URL path.
|
||||||
|
|
||||||
|
## Configuration Examples
|
||||||
|
|
||||||
|
```yaml tab="Docker"
|
||||||
|
# Replace the path by /foo
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Replace the path by /foo
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-stripprefix
|
||||||
|
spec:
|
||||||
|
StripPrefix:
|
||||||
|
prefixes: "foobar, fiibar"
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "foobar, fiibar"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Replace the path by /foo
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Replace the path by /foo
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-stripprefix.StripPrefix]
|
||||||
|
prefixes: "foobar, fiibar"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration Options
|
||||||
|
|
||||||
|
### General
|
||||||
|
|
||||||
|
The StripPrefix middleware will:
|
||||||
|
|
||||||
|
- strip the matching path prefix.
|
||||||
|
- store the matching path prefix in a `X-Forwarded-Prefix` header.
|
||||||
|
|
||||||
|
!!! tip
|
||||||
|
|
||||||
|
Use a `StripPrefix` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
|
||||||
|
|
||||||
|
### `prefixes`
|
||||||
|
|
||||||
|
The `prefixes` option defines the prefixes to strip from the request URL.
|
||||||
|
|
||||||
|
For instance, `/products` would match `/products` but also `/products/shoes` and `/products/shirts`.
|
||||||
|
|
||||||
Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
|
|
||||||
For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`.
|
|
||||||
Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
|
Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
|
||||||
|
|
||||||
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
|
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
|
||||||
Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend).
|
Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend).
|
||||||
The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically.
|
|
||||||
|
The `X-Forwarded-Prefix` header can be queried to build such URLs dynamically.
|
||||||
|
|
|
@ -1,13 +1,77 @@
|
||||||
# TODO -- StripPrefix
|
# StripPrefix
|
||||||
|
|
||||||
Removing Prefixes From the Path Before Forwarding the Request (Using a Regex)
|
Removing Prefixes From the Path Before Forwarding the Request (Using a Regex)
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
|
||||||
## OldContent
|
`TODO: add schema`
|
||||||
|
|
||||||
|
Remove the matching prefixes from the URL path.
|
||||||
|
|
||||||
|
## Configuration Examples
|
||||||
|
|
||||||
|
```yaml tab="Docker"
|
||||||
|
# Replace the path by /foo
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)",
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Kubernetes"
|
||||||
|
# Replace the path by /foo
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: Middleware
|
||||||
|
metadata:
|
||||||
|
name: test-stripprefixregex
|
||||||
|
spec:
|
||||||
|
StripPrefixRegex:
|
||||||
|
regex: "^/foo/(.*)"
|
||||||
|
```
|
||||||
|
|
||||||
|
```json tab="Marathon"
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex": "^/foo/(.*)"
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
# Replace the path by /foo
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)",
|
||||||
|
```
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
# Replace the path by /foo
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.test-stripprefixregex.StripPrefixRegex]
|
||||||
|
regex: "^/foo/(.*)"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration Options
|
||||||
|
|
||||||
|
### General
|
||||||
|
|
||||||
|
The StripPrefixRegex middleware will:
|
||||||
|
|
||||||
|
- strip the matching path prefix.
|
||||||
|
- store the matching path prefix in a `X-Forwarded-Prefix` header.
|
||||||
|
|
||||||
|
!!! tip
|
||||||
|
|
||||||
|
Use a `StripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
|
||||||
|
|
||||||
|
### `regex`
|
||||||
|
|
||||||
|
The `regex` option is the regular expression to match the path prefix from the request URL.
|
||||||
|
|
||||||
|
!!! tip
|
||||||
|
|
||||||
|
Regular expressions can be tested using online tools such as [Go Playground](https://play.golang.org/p/mWU9p-wk2ru) or the [Regex101](https://regex101.com/r/58sIgx/2).
|
||||||
|
|
||||||
|
For instance, `/products` would match `/products` but also `/products/shoes` and `/products/shirts`.
|
||||||
|
|
||||||
Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
|
|
||||||
For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`.
|
|
||||||
Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
|
Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
|
||||||
|
|
||||||
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
|
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
|
||||||
|
|
||||||
Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend).
|
Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend).
|
||||||
The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically.
|
|
||||||
|
The `X-Forwarded-Prefix` header can be queried to build such URLs dynamically.
|
||||||
|
|
|
@ -37,9 +37,9 @@ You can configure a file path instead using the `filePath` option.
|
||||||
|
|
||||||
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
|
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
|
||||||
|
|
||||||
#### logLevel
|
#### log level
|
||||||
|
|
||||||
By default, the `logLevel` is set to `error`, but you can choose amongst `debug`, `panic`, `fatal`, `error`, `warn`, and `info`.
|
By default, the `level` is set to `error`, but you can choose amongst `debug`, `panic`, `fatal`, `error`, `warn`, and `info`.
|
||||||
|
|
||||||
## Log Rotation
|
## Log Rotation
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,7 @@ The tracing system allows developers to visualize call flows in their infrastruc
|
||||||
|
|
||||||
Traefik uses OpenTracing, an open standard designed for distributed tracing.
|
Traefik uses OpenTracing, an open standard designed for distributed tracing.
|
||||||
|
|
||||||
Traefik supports three tracing backends: Jaeger, Zipkin, DataDog, and Instana.
|
Traefik supports four tracing backends: Jaeger, Zipkin, DataDog, and Instana.
|
||||||
|
|
||||||
## Configuration Reference
|
## Configuration Reference
|
||||||
|
|
||||||
|
|
|
@ -14,11 +14,11 @@ Checking the Health of Your Traefik Instances
|
||||||
??? example "Enabling /ping on a dedicated EntryPoint"
|
??? example "Enabling /ping on a dedicated EntryPoint"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.ping]
|
[entryPoints.ping]
|
||||||
address = ":8082"
|
address = ":8082"
|
||||||
|
|
||||||
[ping]
|
[ping]
|
||||||
|
|
|
@ -63,9 +63,9 @@ Attach labels to your containers and let Traefik do the rest!
|
||||||
## Provider Configuration Options
|
## Provider Configuration Options
|
||||||
|
|
||||||
!!! tip "Browse the Reference"
|
!!! tip "Browse the Reference"
|
||||||
If you're in a hurry, maybe you'd rather go through the [Docker Reference](../reference/providers/docker.md).
|
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/docker.md) configuration references.
|
||||||
|
|
||||||
### endpoint
|
### `endpoint`
|
||||||
|
|
||||||
Traefik requires access to the docker socket to get its dynamic configuration.
|
Traefik requires access to the docker socket to get its dynamic configuration.
|
||||||
|
|
||||||
|
@ -140,7 +140,9 @@ Traefik requires access to the docker socket to get its dynamic configuration.
|
||||||
endpoint = "unix:///var/run/docker.sock"
|
endpoint = "unix:///var/run/docker.sock"
|
||||||
```
|
```
|
||||||
|
|
||||||
### usebindportip (_Optional_, _Default=false_)
|
### `usebindportip`
|
||||||
|
|
||||||
|
_Optional, Default=false_
|
||||||
|
|
||||||
Traefik routes requests to the IP/Port of the matching container.
|
Traefik routes requests to the IP/Port of the matching container.
|
||||||
When setting `usebindportip=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port.
|
When setting `usebindportip=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port.
|
||||||
|
@ -163,29 +165,42 @@ If it can't find such a binding, Traefik falls back on the internal network IP o
|
||||||
!!! note
|
!!! note
|
||||||
In the above table, ExtIp stands for "external IP found in the binding", IntIp stands for "internal network container's IP", ExtPort stands for "external Port found in the binding", and IntPort stands for "internal network container's port."
|
In the above table, ExtIp stands for "external IP found in the binding", IntIp stands for "internal network container's IP", ExtPort stands for "external Port found in the binding", and IntPort stands for "internal network container's port."
|
||||||
|
|
||||||
### exposedByDefault (_Optional_, _Default=true_)
|
### `exposedByDefault`
|
||||||
|
|
||||||
|
_Optional, Default=true_
|
||||||
|
|
||||||
Expose containers by default through Traefik.
|
Expose containers by default through Traefik.
|
||||||
If set to false, containers that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
|
If set to false, containers that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
|
||||||
|
|
||||||
### network (_Optional_)
|
### `network`
|
||||||
|
|
||||||
|
_Optional_
|
||||||
|
|
||||||
Defines a default docker network to use for connections to all containers.
|
Defines a default docker network to use for connections to all containers.
|
||||||
|
|
||||||
This option can be overridden on a container basis with the `traefik.docker.network` label.
|
This option can be overridden on a container basis with the `traefik.docker.network` label.
|
||||||
|
|
||||||
### domain (_Optional_, _Default=docker.localhost_)
|
### `defaultRule`
|
||||||
|
|
||||||
This is the default base domain used for the router rules.
|
_Optional, Default=Host(`{{ normalize .Name }}`)_
|
||||||
|
|
||||||
This option can be overridden on a container basis with the
|
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
|
||||||
`traefik.domain` label.
|
It must be a valid [Go template](https://golang.org/pkg/text/template/),
|
||||||
|
augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
|
||||||
|
The container service name can be accessed as the Name identifier,
|
||||||
|
and the template has access to all the labels defined on this container.
|
||||||
|
|
||||||
### swarmMode (_Optional_, _Default=false_)
|
``defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"``
|
||||||
|
|
||||||
|
### `swarmMode`
|
||||||
|
|
||||||
|
_Optional, Default=false_
|
||||||
|
|
||||||
Activates the Swarm Mode.
|
Activates the Swarm Mode.
|
||||||
|
|
||||||
### swarmModeRefreshSeconds (_Optional_, _Default=15_)
|
### `swarmModeRefreshSeconds`
|
||||||
|
|
||||||
|
_Optional, Default=15_
|
||||||
|
|
||||||
Defines the polling interval (in seconds) in Swarm Mode.
|
Defines the polling interval (in seconds) in Swarm Mode.
|
||||||
|
|
||||||
|
@ -195,11 +210,12 @@ Defines the polling interval (in seconds) in Swarm Mode.
|
||||||
|
|
||||||
Traefik creates, for each container, a corresponding [service](../routing/services/index.md) and [router](../routing/routers/index.md).
|
Traefik creates, for each container, a corresponding [service](../routing/services/index.md) and [router](../routing/routers/index.md).
|
||||||
|
|
||||||
The Service automatically gets a server per instance of the container, and the router gets a default rule attached to it, based on the container name.
|
The Service automatically gets a server per instance of the container,
|
||||||
|
and the router automatically gets a rule defined by defaultRule (if no rule for it was defined in labels).
|
||||||
|
|
||||||
### Routers
|
### Routers
|
||||||
|
|
||||||
To update the configuration of the Router automatically attached to the container, add labels starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change. For example, to change the rule, you could add the label `traefik.http.routers.my-container.rule=Host(my-domain)`.
|
To update the configuration of the Router automatically attached to the container, add labels starting with `traefik.http.routers.{name-of-your-choice}.` and followed by the option you want to change. For example, to change the rule, you could add the label `traefik.http.routers.my-container.rule=Host(my-domain)`.
|
||||||
|
|
||||||
Every [Router](../routing/routers/index.md) parameter can be updated this way.
|
Every [Router](../routing/routers/index.md) parameter can be updated this way.
|
||||||
|
|
||||||
|
@ -211,7 +227,7 @@ Every [Service](../routing/services/index.md) parameter can be updated this way.
|
||||||
|
|
||||||
### Middleware
|
### Middleware
|
||||||
|
|
||||||
You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{name-of-your-choice}.`, followed by the middleware type/options. For example, to declare a middleware [`schemeredirect`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.schemeredirect.scheme: https`.
|
You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{name-of-your-choice}.`, followed by the middleware type/options. For example, to declare a middleware [`redirectscheme`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.redirectscheme.scheme: https`.
|
||||||
|
|
||||||
??? example "Declaring and Referencing a Middleware"
|
??? example "Declaring and Referencing a Middleware"
|
||||||
|
|
||||||
|
@ -251,17 +267,17 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
|
|
||||||
### Specific Options
|
### Specific Options
|
||||||
|
|
||||||
#### traefik.enable
|
#### `traefik.enable`
|
||||||
|
|
||||||
You can tell Traefik to consider (or not) the container by setting `traefik.enable` to true or false.
|
You can tell Traefik to consider (or not) the container by setting `traefik.enable` to true or false.
|
||||||
|
|
||||||
This option overrides the value of `exposedByDefault`.
|
This option overrides the value of `exposedByDefault`.
|
||||||
|
|
||||||
#### traefik.tags
|
#### `traefik.tags`
|
||||||
|
|
||||||
Sets the tags for [constraints filtering](./overview.md#constraints-configuration).
|
Sets the tags for [constraints filtering](./overview.md#constraints-configuration).
|
||||||
|
|
||||||
#### traefik.docker.network
|
#### `traefik.docker.network`
|
||||||
|
|
||||||
Overrides the default docker network to use for connections to the container.
|
Overrides the default docker network to use for connections to the container.
|
||||||
|
|
||||||
|
@ -269,3 +285,10 @@ If a container is linked to several networks, be sure to set the proper network
|
||||||
|
|
||||||
!!! warning
|
!!! warning
|
||||||
When deploying a stack from a compose file `stack`, the networks defined are prefixed with `stack`.
|
When deploying a stack from a compose file `stack`, the networks defined are prefixed with `stack`.
|
||||||
|
|
||||||
|
#### `traefik.docker.lbswarm`
|
||||||
|
|
||||||
|
Enables Swarm's inbuilt load balancer (only relevant in Swarm Mode).
|
||||||
|
|
||||||
|
If you enable this option, Traefik will use the virtual IP provided by docker swarm instead of the containers IPs.
|
||||||
|
Which means that Traefik will not perform any kind of load balancing and will delegate this task to swarm.
|
||||||
|
|
|
@ -28,7 +28,7 @@ You can write these configuration elements:
|
||||||
# Add the router
|
# Add the router
|
||||||
[http.routers]
|
[http.routers]
|
||||||
[http.routers.router0]
|
[http.routers.router0]
|
||||||
entrypoints = ["web"]
|
entryPoints = ["web"]
|
||||||
middlewares = ["my-basic-auth"]
|
middlewares = ["my-basic-auth"]
|
||||||
service = "service-foo"
|
service = "service-foo"
|
||||||
rule = "Path(`foo`)"
|
rule = "Path(`foo`)"
|
||||||
|
@ -56,9 +56,9 @@ You can write these configuration elements:
|
||||||
## Provider Configuration Options
|
## Provider Configuration Options
|
||||||
|
|
||||||
!!! tip "Browse the Reference"
|
!!! tip "Browse the Reference"
|
||||||
If you're in a hurry, maybe you'd rather go through the [File Reference](../reference/providers/file.md).
|
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/file.md) configuration references.
|
||||||
|
|
||||||
### filename (_Optional_)
|
### `filename` (_Optional_)
|
||||||
|
|
||||||
Defines the path of the configuration file.
|
Defines the path of the configuration file.
|
||||||
|
|
||||||
|
@ -68,7 +68,7 @@ Defines the path of the configuration file.
|
||||||
filename = "rules.toml"
|
filename = "rules.toml"
|
||||||
```
|
```
|
||||||
|
|
||||||
### directory (_Optional_)
|
### `directory` (_Optional_)
|
||||||
|
|
||||||
Defines the directory that contains the configuration files.
|
Defines the directory that contains the configuration files.
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ Defines the directory that contains the configuration files.
|
||||||
directory = "/path/to/config"
|
directory = "/path/to/config"
|
||||||
```
|
```
|
||||||
|
|
||||||
### watch (_Optional_)
|
### `watch` (_Optional_)
|
||||||
|
|
||||||
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
|
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
|
||||||
It works with both the `filename` and the `directory` options.
|
It works with both the `filename` and the `directory` options.
|
||||||
|
|
|
@ -13,7 +13,133 @@ it would manage access to a cluster services by supporting the [Ingress](https:/
|
||||||
However, as the community expressed the need to benefit from Traefik features without resorting to (lots of) annotations,
|
However, as the community expressed the need to benefit from Traefik features without resorting to (lots of) annotations,
|
||||||
we ended up writing a [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) (alias CRD in the following) for an IngressRoute type, defined below, in order to provide a better way to configure access to a Kubernetes cluster.
|
we ended up writing a [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) (alias CRD in the following) for an IngressRoute type, defined below, in order to provide a better way to configure access to a Kubernetes cluster.
|
||||||
|
|
||||||
## Traefik IngressRoute definition
|
## Provider Configuration
|
||||||
|
|
||||||
|
### `endpoint`
|
||||||
|
|
||||||
|
_Optional, Default=empty_
|
||||||
|
|
||||||
|
The Kubernetes server endpoint as URL.
|
||||||
|
|
||||||
|
When deployed into Kubernetes, Traefik will read the environment variables `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` or `KUBECONFIG` to construct the endpoint.
|
||||||
|
|
||||||
|
The access token will be looked up in `/var/run/secrets/kubernetes.io/serviceaccount/token` and the SSL CA certificate in `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
|
||||||
|
Both are provided mounted automatically when deployed inside Kubernetes.
|
||||||
|
|
||||||
|
The endpoint may be specified to override the environment variable values inside a cluster.
|
||||||
|
|
||||||
|
When the environment variables are not found, Traefik will try to connect to the Kubernetes API server with an external-cluster client.
|
||||||
|
In this case, the endpoint is required.
|
||||||
|
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[Providers.KubernetesCRD]
|
||||||
|
endpoint = "http://localhost:8080"
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.kubernetescrd
|
||||||
|
--providers.kubernetescrd.endpoint="http://localhost:8080"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `token`
|
||||||
|
|
||||||
|
_Optional, Default=empty_
|
||||||
|
|
||||||
|
Bearer token used for the Kubernetes client configuration.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[Providers.KubernetesCRD]
|
||||||
|
token = "mytoken"
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.kubernetescrd
|
||||||
|
--providers.kubernetescrd.token="mytoken"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `certAuthFilePath`
|
||||||
|
|
||||||
|
_Optional, Default=empty_
|
||||||
|
|
||||||
|
Path to the certificate authority file.
|
||||||
|
Used for the Kubernetes client configuration.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[Providers.KubernetesCRD]
|
||||||
|
certAuthFilePath = "/my/ca.crt"
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.kubernetescrd
|
||||||
|
--providers.kubernetescrd.certauthfilepath="/my/ca.crt"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `namespaces`
|
||||||
|
|
||||||
|
_Optional, Default: all namespaces (empty array)_
|
||||||
|
|
||||||
|
Array of namespaces to watch.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[Providers.KubernetesCRD]
|
||||||
|
namespaces = ["default", "production"]
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.kubernetescrd
|
||||||
|
--providers.kubernetescrd.namespaces="default,production"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `labelselector`
|
||||||
|
|
||||||
|
_Optional,Default: empty (process all Ingresses)_
|
||||||
|
|
||||||
|
By default, Traefik processes all Ingress objects in the configured namespaces.
|
||||||
|
A label selector can be defined to filter on specific Ingress objects only.
|
||||||
|
|
||||||
|
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[Providers.KubernetesCRD]
|
||||||
|
labelselector = "A and not B"
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.kubernetescrd
|
||||||
|
--providers.kubernetescrd.labelselector="A and not B"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `ingressClass`
|
||||||
|
|
||||||
|
_Optional, Default: empty_
|
||||||
|
|
||||||
|
Value of `kubernetes.io/ingress.class` annotation that identifies Ingress objects to be processed.
|
||||||
|
|
||||||
|
If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
|
||||||
|
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[Providers.KubernetesCRD]
|
||||||
|
ingressClass = "traefik-internal"
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.kubernetescrd
|
||||||
|
--providers.kubernetescrd.ingressclass="traefik-internal"
|
||||||
|
```
|
||||||
|
|
||||||
|
## Resource Configuration
|
||||||
|
|
||||||
|
If you're in a hurry, maybe you'd rather go through the [dynamic](../reference/dynamic-configuration/kubernetes-crd.md) configuration reference.
|
||||||
|
|
||||||
|
### Traefik IngressRoute definition
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
--8<-- "content/providers/crd_ingress_route.yml"
|
--8<-- "content/providers/crd_ingress_route.yml"
|
||||||
|
@ -28,7 +154,7 @@ metadata:
|
||||||
name: ingressroutefoo.crd
|
name: ingressroutefoo.crd
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
entrypoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
# Match is the rule corresponding to an underlying router.
|
# Match is the rule corresponding to an underlying router.
|
||||||
|
@ -46,7 +172,7 @@ spec:
|
||||||
port: 80
|
port: 80
|
||||||
```
|
```
|
||||||
|
|
||||||
## Middleware
|
### Middleware
|
||||||
|
|
||||||
Additionally, to allow for the use of middlewares in an `IngressRoute`, we defined the CRD below for the `Middleware` kind.
|
Additionally, to allow for the use of middlewares in an `IngressRoute`, we defined the CRD below for the `Middleware` kind.
|
||||||
|
|
||||||
|
@ -63,7 +189,7 @@ metadata:
|
||||||
name: stripprefix
|
name: stripprefix
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
stripprefix:
|
stripPrefix:
|
||||||
prefixes:
|
prefixes:
|
||||||
- /stripit
|
- /stripit
|
||||||
|
|
||||||
|
@ -74,7 +200,7 @@ metadata:
|
||||||
name: ingressroutebar.crd
|
name: ingressroutebar.crd
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
entrypoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`) && PathPrefix(`/stripit`)
|
- match: Host(`bar.com`) && PathPrefix(`/stripit`)
|
||||||
|
@ -86,7 +212,7 @@ spec:
|
||||||
- name: stripprefix
|
- name: stripprefix
|
||||||
```
|
```
|
||||||
|
|
||||||
## TLS
|
### TLS
|
||||||
|
|
||||||
To allow for TLS, we made use of the `Secret` kind, as it was already defined, and it can be directly used in an `IngressRoute`:
|
To allow for TLS, we made use of the `Secret` kind, as it was already defined, and it can be directly used in an `IngressRoute`:
|
||||||
|
|
||||||
|
@ -119,10 +245,6 @@ spec:
|
||||||
secretName: supersecret
|
secretName: supersecret
|
||||||
```
|
```
|
||||||
|
|
||||||
## Full reference example
|
|
||||||
|
|
||||||
[Traefik IngressRoute Reference](../reference/providers/kubernetescrd.md).
|
|
||||||
|
|
||||||
## Further
|
## Further
|
||||||
|
|
||||||
Also see the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt.
|
Also see the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt.
|
||||||
|
|
325
docs/content/providers/marathon.md
Normal file
325
docs/content/providers/marathon.md
Normal file
|
@ -0,0 +1,325 @@
|
||||||
|
# Traefik & Marathon
|
||||||
|
|
||||||
|
Traefik can be configured to use Marathon as a provider.
|
||||||
|
{: .subtitle }
|
||||||
|
|
||||||
|
See also [Marathon user guide](../user-guides/marathon.md).
|
||||||
|
|
||||||
|
## Configuration Examples
|
||||||
|
|
||||||
|
??? example "Configuring Marathon & Deploying / Exposing Applications"
|
||||||
|
|
||||||
|
Enabling the marathon provider
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[providers.marathon]
|
||||||
|
endpoint = "http://127.0.0.1:8080"
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.marathon
|
||||||
|
--providers.marathon.endpoint="http://127.0.0.1:8080"
|
||||||
|
```
|
||||||
|
|
||||||
|
Attaching labels to marathon applications
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"id": "/whoami",
|
||||||
|
"container": {
|
||||||
|
"type": "DOCKER",
|
||||||
|
"docker": {
|
||||||
|
"image": "containous/whoami",
|
||||||
|
"network": "BRIDGE",
|
||||||
|
"portMappings": [
|
||||||
|
{
|
||||||
|
"containerPort": 80,
|
||||||
|
"hostPort": 0,
|
||||||
|
"protocol": "tcp"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.Routers.app.Rule": "PathPrefix(`/app`)"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Provider Configuration Options
|
||||||
|
|
||||||
|
!!! tip "Browse the Reference"
|
||||||
|
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/marathon.md) configuration references.
|
||||||
|
|
||||||
|
### `basic`
|
||||||
|
|
||||||
|
_Optional_
|
||||||
|
|
||||||
|
Enables Marathon basic authentication.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[marathon.basic]
|
||||||
|
httpBasicAuthUser = "foo"
|
||||||
|
httpBasicPassword = "bar"
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.marathon
|
||||||
|
--providers.marathon.basic.httpbasicauthuser="foo"
|
||||||
|
--providers.marathon.basic.httpbasicpassword="bar"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `dcosToken`
|
||||||
|
|
||||||
|
_Optional_
|
||||||
|
|
||||||
|
DCOSToken for DCOS environment.
|
||||||
|
|
||||||
|
If set, it overrides the Authorization header.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[marathon]
|
||||||
|
dcosToken = "xxxxxx"
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.marathon
|
||||||
|
--providers.marathon.dcosToken="xxxxxx"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `defaultRule`
|
||||||
|
|
||||||
|
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
|
||||||
|
|
||||||
|
For a given application if no routing rule was defined by a label, it is defined by this defaultRule instead.
|
||||||
|
|
||||||
|
It must be a valid [Go template](https://golang.org/pkg/text/template/),
|
||||||
|
augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
|
||||||
|
|
||||||
|
The app ID can be accessed as the Name identifier,
|
||||||
|
and the template has access to all the labels defined on this Marathon application.
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[marathon]
|
||||||
|
defaultRule = ""
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.marathon
|
||||||
|
--providers.marathon.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `dialerTimeout`
|
||||||
|
|
||||||
|
_Optional, Default=5s_
|
||||||
|
|
||||||
|
Overrides DialerTimeout.
|
||||||
|
|
||||||
|
Amount of time the Marathon provider should wait before timing out,
|
||||||
|
when trying to open a TCP connection to a Marathon master.
|
||||||
|
|
||||||
|
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration),
|
||||||
|
or directly as a number of seconds.
|
||||||
|
|
||||||
|
### `endpoint`
|
||||||
|
|
||||||
|
_Optional, Default=http://127.0.0.1:8080_
|
||||||
|
|
||||||
|
Marathon server endpoint.
|
||||||
|
|
||||||
|
You can optionally specify multiple endpoints:
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[marathon]
|
||||||
|
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
|
||||||
|
# ...
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.marathon
|
||||||
|
--providers.marathon.endpoint="http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
|
||||||
|
```
|
||||||
|
|
||||||
|
### `exposedByDefault`
|
||||||
|
|
||||||
|
_Optional, Default=true_
|
||||||
|
|
||||||
|
Exposes Marathon applications by default through Traefik.
|
||||||
|
|
||||||
|
If set to false, applications that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
|
||||||
|
|
||||||
|
### `filterMarathonConstraints`
|
||||||
|
|
||||||
|
_Optional, Default=false_
|
||||||
|
|
||||||
|
Enables filtering using Marathon constraints.
|
||||||
|
|
||||||
|
If enabled, Traefik will take into account Marathon constraints, as defined in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html).
|
||||||
|
|
||||||
|
Each individual constraint will be treated as a verbatim compounded tag,
|
||||||
|
e.g. "rack_id:CLUSTER:rack-1", with all constraint groups concatenated together using ":".
|
||||||
|
|
||||||
|
### `forceTaskHostname`
|
||||||
|
|
||||||
|
_Optional, Default=false_
|
||||||
|
|
||||||
|
By default, a task's IP address (as returned by the Marathon API) is used as backend server if an IP-per-task configuration can be found;
|
||||||
|
otherwise, the name of the host running the task is used.
|
||||||
|
The latter behavior can be enforced by enabling this switch.
|
||||||
|
|
||||||
|
### `keepAlive`
|
||||||
|
|
||||||
|
_Optional, Default=10s_
|
||||||
|
|
||||||
|
Set the TCP Keep Alive interval for the Marathon HTTP Client.
|
||||||
|
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration),
|
||||||
|
or directly as a number of seconds.
|
||||||
|
|
||||||
|
### `respectReadinessChecks`
|
||||||
|
|
||||||
|
_Optional, Default=false_
|
||||||
|
|
||||||
|
Applications may define readiness checks which are probed by Marathon during deployments periodically, and these check results are exposed via the API.
|
||||||
|
Enabling respectReadinessChecks causes Traefik to filter out tasks whose readiness checks have not succeeded.
|
||||||
|
Note that the checks are only valid at deployment times.
|
||||||
|
|
||||||
|
See the Marathon guide for details.
|
||||||
|
|
||||||
|
### `responseHeaderTimeout`
|
||||||
|
|
||||||
|
_Optional, Default=60s_
|
||||||
|
|
||||||
|
Overrides ResponseHeaderTimeout.
|
||||||
|
Amount of time the Marathon provider should wait before timing out,
|
||||||
|
when waiting for the first response header from a Marathon master.
|
||||||
|
|
||||||
|
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration), or directly as a number of seconds.
|
||||||
|
|
||||||
|
### `TLS`
|
||||||
|
|
||||||
|
_Optional_
|
||||||
|
|
||||||
|
TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config).
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[marathon.TLS]
|
||||||
|
CA = "/etc/ssl/ca.crt"
|
||||||
|
Cert = "/etc/ssl/marathon.cert"
|
||||||
|
Key = "/etc/ssl/marathon.key"
|
||||||
|
insecureSkipVerify = true
|
||||||
|
```
|
||||||
|
|
||||||
|
```txt tab="CLI"
|
||||||
|
--providers.marathon.tls
|
||||||
|
--providers.marathon.tls.ca="/etc/ssl/ca.crt"
|
||||||
|
--providers.marathon.tls.cert="/etc/ssl/marathon.cert"
|
||||||
|
--providers.marathon.tls.key="/etc/ssl/marathon.key"
|
||||||
|
--providers.marathon.tls.insecureskipverify=true
|
||||||
|
```
|
||||||
|
|
||||||
|
### `TLSHandshakeTimeout`
|
||||||
|
|
||||||
|
_Optional, Default=5s_
|
||||||
|
|
||||||
|
Overrides TLSHandshakeTimeout.
|
||||||
|
Amount of time the Marathon provider should wait before timing out,
|
||||||
|
when waiting for the TLS handshake to complete.
|
||||||
|
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration),
|
||||||
|
or directly as a number of seconds.
|
||||||
|
|
||||||
|
### `trace`
|
||||||
|
|
||||||
|
_Optional, Default=false_
|
||||||
|
|
||||||
|
Displays additional provider logs (if available).
|
||||||
|
|
||||||
|
### `watch`
|
||||||
|
|
||||||
|
_Optional, Default=true_
|
||||||
|
|
||||||
|
Enables watching for Marathon changes.
|
||||||
|
|
||||||
|
## Routing Configuration Options
|
||||||
|
|
||||||
|
### General
|
||||||
|
|
||||||
|
Traefik creates, for each Marathon application, a corresponding [service](../routing/services/index.md) and [router](../routing/routers/index.md).
|
||||||
|
|
||||||
|
The Service automatically gets a server per instance of the application,
|
||||||
|
and the router automatically gets a rule defined by defaultRule (if no rule for it was defined in labels).
|
||||||
|
|
||||||
|
### Routers
|
||||||
|
|
||||||
|
To update the configuration of the Router automatically attached to the application,
|
||||||
|
add labels starting with `traefik.HTTP.Routers.{router-name-of-your-choice}.` and followed by the option you want to change.
|
||||||
|
For example, to change the routing rule, you could add the label ```traefik.HTTP.Routers.Routername.Rule=Host(`my-domain`)```.
|
||||||
|
|
||||||
|
Every [Router](../routing/routers/index.md) parameter can be updated this way.
|
||||||
|
|
||||||
|
### Services
|
||||||
|
|
||||||
|
To update the configuration of the Service automatically attached to the container,
|
||||||
|
add labels starting with `traefik.HTTP.Services.{service-name-of-your-choice}.`, followed by the option you want to change.
|
||||||
|
For example, to change the load balancer method, you'd add the label `traefik.HTTP.Services.Servicename.LoadBalancer.Method=drr`.
|
||||||
|
|
||||||
|
Every [Service](../routing/services/index.md) parameter can be updated this way.
|
||||||
|
|
||||||
|
### Middleware
|
||||||
|
|
||||||
|
You can declare pieces of middleware using labels starting with `traefik.HTTP.Middlewares.{middleware-name-of-your-choice}.`, followed by the middleware type/options.
|
||||||
|
For example, to declare a middleware [`schemeredirect`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.HTTP.Middlewares.my-redirect.RedirectScheme.Scheme: https`.
|
||||||
|
|
||||||
|
??? example "Declaring and Referencing a Middleware"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
...
|
||||||
|
"labels": {
|
||||||
|
"traefik.http.middlewares.my-redirect.schemeredirect.scheme": "https",
|
||||||
|
"traefik.http.routers.middlewares": "my-redirect"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! warning "Conflicts in Declaration"
|
||||||
|
|
||||||
|
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
|
||||||
|
|
||||||
|
### TCP
|
||||||
|
|
||||||
|
You can declare TCP Routers and/or Services using labels.
|
||||||
|
|
||||||
|
??? example "Declaring TCP Routers and Services"
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
...
|
||||||
|
"labels": {
|
||||||
|
"traefik.tcp.routers.my-router.rule": "HostSNI(`my-host.com`)",
|
||||||
|
"traefik.tcp.routers.my-router.tls": "true",
|
||||||
|
"traefik.tcp.services.my-service.loadbalancer.server.port": "4123"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! warning "TCP and HTTP"
|
||||||
|
|
||||||
|
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (as it would by default if no TCP Router/Service is defined).
|
||||||
|
Both a TCP Router/Service and an HTTP Router/Service can be created for the same application, but it has to be done explicitly in the config.
|
||||||
|
|
||||||
|
### Specific Options
|
||||||
|
|
||||||
|
#### `traefik.enable`
|
||||||
|
|
||||||
|
Setting this option controls whether Traefik exposes the application.
|
||||||
|
It overrides the value of `exposedByDefault`.
|
||||||
|
|
||||||
|
#### `traefik.tags`
|
||||||
|
|
||||||
|
Sets the tags for [constraints filtering](./overview.md#constraints-configuration).
|
||||||
|
|
||||||
|
#### `traefik.marathon.ipadressidx`
|
||||||
|
|
||||||
|
If a task has several IP addresses, this option specifies which one, in the list of available addresses, to select.
|
|
@ -31,12 +31,16 @@ Below is the list of the currently supported providers in Traefik.
|
||||||
| [Docker](./docker.md) | Orchestrator | Label |
|
| [Docker](./docker.md) | Orchestrator | Label |
|
||||||
| [File](./file.md) | Orchestrator | Custom Annotation |
|
| [File](./file.md) | Orchestrator | Custom Annotation |
|
||||||
| [Kubernetes](kubernetes-crd.md) | Orchestrator | Custom Resource |
|
| [Kubernetes](kubernetes-crd.md) | Orchestrator | Custom Resource |
|
||||||
| Marathon (not yet documented) | Orchestrator | Label |
|
| [Marathon](marathon.md) | Orchestrator | Label |
|
||||||
|
|
||||||
!!! note "More Providers"
|
!!! note "More Providers"
|
||||||
|
|
||||||
The current version of Traefik is in development and doesn't support (yet) every provider. See the previous version (1.7) for more providers.
|
The current version of Traefik is in development and doesn't support (yet) every provider. See the previous version (1.7) for more providers.
|
||||||
|
|
||||||
|
<!--
|
||||||
|
TODO (document TCP VS HTTP dynamic configuration)
|
||||||
|
-->
|
||||||
|
|
||||||
## Constraints Configuration
|
## Constraints Configuration
|
||||||
|
|
||||||
If you want to limit the scope of Traefik service discovery, you can set constraints.
|
If you want to limit the scope of Traefik service discovery, you can set constraints.
|
||||||
|
|
177
docs/content/providers/rancher.md
Normal file
177
docs/content/providers/rancher.md
Normal file
|
@ -0,0 +1,177 @@
|
||||||
|
# Traefik & Rancher
|
||||||
|
|
||||||
|
A Story of Labels, Services & Container
|
||||||
|
{: .subtitle }
|
||||||
|
|
||||||
|
![Rancher](../assets/img/providers/rancher.png)
|
||||||
|
|
||||||
|
Attach labels to your services and let Traefik do the rest!
|
||||||
|
|
||||||
|
## Configuration Examples
|
||||||
|
|
||||||
|
??? example "Configuring Docker & Deploying / Exposing Services"
|
||||||
|
|
||||||
|
Enabling the rancher provider
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[provider.rancher]
|
||||||
|
```
|
||||||
|
|
||||||
|
Attaching labels to services
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
labels:
|
||||||
|
- traefik.http.services.my-service.rule=Host(my-domain)
|
||||||
|
```
|
||||||
|
|
||||||
|
## Provider Configuration Options
|
||||||
|
|
||||||
|
!!! tip "Browse the Reference"
|
||||||
|
If you're in a hurry, maybe you'd rather go through the configuration reference:
|
||||||
|
|
||||||
|
```toml
|
||||||
|
################################################################
|
||||||
|
# Rancher Provider
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
# Enable Docker Provider.
|
||||||
|
[rancher]
|
||||||
|
|
||||||
|
# The default host rule for all services.
|
||||||
|
#
|
||||||
|
# Optionnal
|
||||||
|
#
|
||||||
|
DefaultRule = "unix:///var/run/docker.sock"
|
||||||
|
|
||||||
|
# Expose Rancher services by default in Traefik.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
ExposedByDefault = "docker.localhost"
|
||||||
|
|
||||||
|
# Enable watch docker changes.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
watch = true
|
||||||
|
|
||||||
|
# Filter services with unhealthy states and inactive states.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
EnableServiceHealthFilter = true
|
||||||
|
|
||||||
|
# Defines the polling interval (in seconds).
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
RefreshSeconds = true
|
||||||
|
|
||||||
|
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
IntervalPoll = false
|
||||||
|
|
||||||
|
# Prefix used for accessing the Rancher metadata service
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
Prefix = 15
|
||||||
|
```
|
||||||
|
|
||||||
|
### `ExposedByDefault`
|
||||||
|
|
||||||
|
_Optional, Default=true_
|
||||||
|
|
||||||
|
Expose Rancher services by default in Traefik.
|
||||||
|
If set to false, services that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
|
||||||
|
|
||||||
|
### `DefaultRule`
|
||||||
|
|
||||||
|
_Optional_
|
||||||
|
|
||||||
|
The default host rule for all services.
|
||||||
|
|
||||||
|
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
|
||||||
|
|
||||||
|
### `EnableServiceHealthFilter`
|
||||||
|
|
||||||
|
_Optional, Default=true_
|
||||||
|
|
||||||
|
Filter services with unhealthy states and inactive states.
|
||||||
|
|
||||||
|
### `RefreshSeconds`
|
||||||
|
|
||||||
|
_Optional, Default=15_
|
||||||
|
|
||||||
|
Defines the polling interval (in seconds).
|
||||||
|
|
||||||
|
### `IntervalPoll`
|
||||||
|
|
||||||
|
_Optional, Default=false_
|
||||||
|
|
||||||
|
Poll the Rancher metadata service for changes every `rancher.refreshSeconds`,
|
||||||
|
which is less accurate than the default long polling technique which will provide near instantaneous updates to Traefik.
|
||||||
|
|
||||||
|
### `Prefix`
|
||||||
|
|
||||||
|
_Optional, Default=/latest_
|
||||||
|
|
||||||
|
Prefix used for accessing the Rancher metadata service
|
||||||
|
|
||||||
|
### General
|
||||||
|
|
||||||
|
Traefik creates, for each rancher service, a corresponding [service](../routing/services/index.md) and [router](../routing/routers/index.md).
|
||||||
|
|
||||||
|
The Service automatically gets a server per container in this rancher service, and the router gets a default rule attached to it, based on the service name.
|
||||||
|
|
||||||
|
### Routers
|
||||||
|
|
||||||
|
To update the configuration of the Router automatically attached to the container, add labels starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.
|
||||||
|
For example, to change the rule, you could add the label `traefik.http.routers.my-container.rule=Host(my-domain)`.
|
||||||
|
|
||||||
|
Every [Router](../routing/routers/index.md) parameter can be updated this way.
|
||||||
|
|
||||||
|
### Services
|
||||||
|
|
||||||
|
To update the configuration of the Service automatically attached to the container, add labels starting with `traefik.http.services.{name-of-your-choice}.`,
|
||||||
|
followed by the option you want to change. For example, to change the load balancer method,
|
||||||
|
you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.method=drr`.
|
||||||
|
|
||||||
|
Every [Service](../routing/services/index.md) parameter can be updated this way.
|
||||||
|
|
||||||
|
### Middleware
|
||||||
|
|
||||||
|
You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{name-of-your-choice}.`, followed by the middleware type/options.
|
||||||
|
For example, to declare a middleware [`schemeredirect`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.schemeredirect.scheme: https`.
|
||||||
|
|
||||||
|
??? example "Declaring and Referencing a Middleware"
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# ...
|
||||||
|
labels:
|
||||||
|
- traefik.http.middlewares.my-redirect.schemeredirect.scheme=https
|
||||||
|
- traefik.http.routers.middlewares=my-redirect
|
||||||
|
```
|
||||||
|
|
||||||
|
!!! warning "Conflicts in Declaration"
|
||||||
|
|
||||||
|
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
|
||||||
|
|
||||||
|
### Specific Options
|
||||||
|
|
||||||
|
#### `traefik.enable`
|
||||||
|
|
||||||
|
You can tell Traefik to consider (or not) the container by setting `traefik.enable` to true or false.
|
||||||
|
|
||||||
|
This option overrides the value of `exposedByDefault`.
|
||||||
|
|
||||||
|
#### `traefik.tags`
|
||||||
|
|
||||||
|
Sets the tags for [constraints filtering](./overview.md#constraints-configuration).
|
||||||
|
|
||||||
|
#### Port Lookup
|
||||||
|
|
||||||
|
Traefik is now capable of detecting the port to use, by following the default rancher flow.
|
||||||
|
That means, if you just expose lets say port :1337 on the rancher ui, traefik will pick up this port and use it.
|
|
@ -1,166 +0,0 @@
|
||||||
# ACME - Reference
|
|
||||||
|
|
||||||
Every Options for ACME
|
|
||||||
{: .subtitle}
|
|
||||||
|
|
||||||
## TOML
|
|
||||||
|
|
||||||
```toml
|
|
||||||
# Sample entrypoint configuration when using ACME.
|
|
||||||
[entrypoints]
|
|
||||||
[entrypoints.web]
|
|
||||||
address = ":80"
|
|
||||||
[entrypoints.web-secure]
|
|
||||||
address = ":443"
|
|
||||||
|
|
||||||
# Enable ACME (Let's Encrypt): automatic SSL.
|
|
||||||
[acme]
|
|
||||||
|
|
||||||
# Email address used for registration.
|
|
||||||
#
|
|
||||||
# Required
|
|
||||||
#
|
|
||||||
email = "test@traefik.io"
|
|
||||||
|
|
||||||
# File used for certificates storage.
|
|
||||||
#
|
|
||||||
# Optional (Deprecated)
|
|
||||||
#
|
|
||||||
#storageFile = "acme.json"
|
|
||||||
|
|
||||||
# File or key used for certificates storage.
|
|
||||||
#
|
|
||||||
# Required
|
|
||||||
#
|
|
||||||
storage = "acme.json"
|
|
||||||
# or `storage = "traefik/acme/account"` if using KV store.
|
|
||||||
|
|
||||||
# Deprecated, replaced by [acme.dnsChallenge].
|
|
||||||
#
|
|
||||||
# Optional.
|
|
||||||
#
|
|
||||||
# dnsProvider = "digitalocean"
|
|
||||||
|
|
||||||
# Deprecated, replaced by [acme.dnsChallenge.delayBeforeCheck].
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: 0
|
|
||||||
#
|
|
||||||
# delayDontCheckDNS = 0
|
|
||||||
|
|
||||||
# If true, display debug log messages from the acme client library.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
# acmeLogging = true
|
|
||||||
|
|
||||||
# If true, override certificates in key-value store when using storeconfig.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
# overrideCertificates = true
|
|
||||||
|
|
||||||
# Deprecated. Enable on demand certificate generation.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
# onDemand = true
|
|
||||||
|
|
||||||
# Enable certificate generation on frontends host rules.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
# onHostRule = true
|
|
||||||
|
|
||||||
# CA server to use.
|
|
||||||
# Uncomment the line to use Let's Encrypt's staging server,
|
|
||||||
# leave commented to go to prod.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: "https://acme-v02.api.letsencrypt.org/directory"
|
|
||||||
#
|
|
||||||
# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
|
|
||||||
|
|
||||||
# KeyType to use.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: "RSA4096"
|
|
||||||
#
|
|
||||||
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
|
|
||||||
#
|
|
||||||
# KeyType = "RSA4096"
|
|
||||||
|
|
||||||
# Use a TLS-ALPN-01 ACME challenge.
|
|
||||||
#
|
|
||||||
# Optional (but recommended)
|
|
||||||
#
|
|
||||||
[acme.tlsChallenge]
|
|
||||||
|
|
||||||
# Use a HTTP-01 ACME challenge.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
# [acme.httpChallenge]
|
|
||||||
|
|
||||||
# EntryPoint to use for the HTTP-01 challenges.
|
|
||||||
#
|
|
||||||
# Required
|
|
||||||
#
|
|
||||||
# entryPoint = "http"
|
|
||||||
|
|
||||||
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
|
|
||||||
# Note: mandatory for wildcard certificate generation.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
# [acme.dnsChallenge]
|
|
||||||
|
|
||||||
# DNS provider used.
|
|
||||||
#
|
|
||||||
# Required
|
|
||||||
#
|
|
||||||
# provider = "digitalocean"
|
|
||||||
|
|
||||||
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
|
|
||||||
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
|
|
||||||
# Useful if internal networks block external DNS queries.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: 0
|
|
||||||
#
|
|
||||||
# delayBeforeCheck = 0
|
|
||||||
|
|
||||||
# Use following DNS servers to resolve the FQDN authority.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: empty
|
|
||||||
#
|
|
||||||
# resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
|
|
||||||
|
|
||||||
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
|
|
||||||
#
|
|
||||||
# NOT RECOMMENDED:
|
|
||||||
# Increase the risk of reaching Let's Encrypt's rate limits.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
# disablePropagationCheck = true
|
|
||||||
|
|
||||||
# Domains list.
|
|
||||||
# Only domains defined here can generate wildcard certificates.
|
|
||||||
# The certificates for these domains are negotiated at traefik startup only.
|
|
||||||
#
|
|
||||||
# [[acme.domains]]
|
|
||||||
# main = "local1.com"
|
|
||||||
# sans = ["test1.local1.com", "test2.local1.com"]
|
|
||||||
# [[acme.domains]]
|
|
||||||
# main = "local2.com"
|
|
||||||
# [[acme.domains]]
|
|
||||||
# main = "*.local3.com"
|
|
||||||
# sans = ["local3.com", "test1.test1.local3.com"]
|
|
||||||
```
|
|
8
docs/content/reference/dynamic-configuration/docker.md
Normal file
8
docs/content/reference/dynamic-configuration/docker.md
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# Docker Configuration Reference
|
||||||
|
|
||||||
|
Dynamic configuration with Docker Labels
|
||||||
|
{: .subtitle }
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
--8<-- "content/reference/dynamic-configuration/labels.yml"
|
||||||
|
```
|
8
docs/content/reference/dynamic-configuration/file.md
Normal file
8
docs/content/reference/dynamic-configuration/file.md
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# File Configuration Reference
|
||||||
|
|
||||||
|
Dynamic configuration with toml files
|
||||||
|
{: .subtitle }
|
||||||
|
|
||||||
|
```toml
|
||||||
|
--8<-- "content/reference/dynamic-configuration/file.toml"
|
||||||
|
```
|
265
docs/content/reference/dynamic-configuration/file.toml
Normal file
265
docs/content/reference/dynamic-configuration/file.toml
Normal file
|
@ -0,0 +1,265 @@
|
||||||
|
[HTTP]
|
||||||
|
|
||||||
|
[HTTP.Routers]
|
||||||
|
|
||||||
|
[HTTP.Routers.Router0]
|
||||||
|
EntryPoints = ["foobar", "foobar"]
|
||||||
|
Middlewares = ["foobar", "foobar"]
|
||||||
|
Service = "foobar"
|
||||||
|
Rule = "foobar"
|
||||||
|
priority = 42
|
||||||
|
[HTTP.Routers.Router0.tls]
|
||||||
|
|
||||||
|
[HTTP.Middlewares]
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware0.AddPrefix]
|
||||||
|
Prefix = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware1.StripPrefix]
|
||||||
|
Prefixes = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware2.StripPrefixRegex]
|
||||||
|
Regex = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware3.ReplacePath]
|
||||||
|
Path = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware4.ReplacePathRegex]
|
||||||
|
Regex = "foobar"
|
||||||
|
Replacement = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware5.Chain]
|
||||||
|
Middlewares = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware6.IPWhiteList]
|
||||||
|
SourceRange = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware7.IPWhiteList.IPStrategy]
|
||||||
|
Depth = 42
|
||||||
|
ExcludedIPs = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware8.Headers]
|
||||||
|
AccessControlAllowCredentials = true
|
||||||
|
AccessControlAllowHeaders = ["foobar", "foobar"]
|
||||||
|
AccessControlAllowMethods = ["foobar", "foobar"]
|
||||||
|
AccessControlAllowOrigin = "foobar"
|
||||||
|
AccessControlExposeHeaders = ["foobar", "foobar"]
|
||||||
|
AccessControlMaxAge = 42
|
||||||
|
AddVaryHeader = true
|
||||||
|
AllowedHosts = ["foobar", "foobar"]
|
||||||
|
HostsProxyHeaders = ["foobar", "foobar"]
|
||||||
|
SSLRedirect = true
|
||||||
|
SSLTemporaryRedirect = true
|
||||||
|
SSLHost = "foobar"
|
||||||
|
SSLForceHost = true
|
||||||
|
STSSeconds = 42
|
||||||
|
STSIncludeSubdomains = true
|
||||||
|
STSPreload = true
|
||||||
|
ForceSTSHeader = true
|
||||||
|
FrameDeny = true
|
||||||
|
CustomFrameOptionsValue = "foobar"
|
||||||
|
ContentTypeNosniff = true
|
||||||
|
BrowserXSSFilter = true
|
||||||
|
CustomBrowserXSSValue = "foobar"
|
||||||
|
ContentSecurityPolicy = "foobar"
|
||||||
|
PublicKey = "foobar"
|
||||||
|
ReferrerPolicy = "foobar"
|
||||||
|
IsDevelopment = true
|
||||||
|
[HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders]
|
||||||
|
name0 = "foobar"
|
||||||
|
name1 = "foobar"
|
||||||
|
[HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders]
|
||||||
|
name0 = "foobar"
|
||||||
|
name1 = "foobar"
|
||||||
|
[HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders]
|
||||||
|
name0 = "foobar"
|
||||||
|
name1 = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware9.Errors]
|
||||||
|
Status = ["foobar", "foobar"]
|
||||||
|
Service = "foobar"
|
||||||
|
Query = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware10.RateLimit]
|
||||||
|
ExtractorFunc = "foobar"
|
||||||
|
[HTTP.Middlewares.Middleware10.RateLimit.RateSet]
|
||||||
|
[HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate0]
|
||||||
|
Period = 42
|
||||||
|
Average = 42
|
||||||
|
Burst = 42
|
||||||
|
[HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate1]
|
||||||
|
Period = 42
|
||||||
|
Average = 42
|
||||||
|
Burst = 42
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware11.RedirectRegex]
|
||||||
|
Regex = "foobar"
|
||||||
|
Replacement = "foobar"
|
||||||
|
Permanent = true
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware12.RedirectScheme]
|
||||||
|
Scheme = "foobar"
|
||||||
|
Port = "foobar"
|
||||||
|
Permanent = true
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware13.BasicAuth]
|
||||||
|
Users = ["foobar", "foobar"]
|
||||||
|
UsersFile = "foobar"
|
||||||
|
Realm = "foobar"
|
||||||
|
RemoveHeader = true
|
||||||
|
HeaderField = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware14.DigestAuth]
|
||||||
|
Users = ["foobar", "foobar"]
|
||||||
|
UsersFile = "foobar"
|
||||||
|
RemoveHeader = true
|
||||||
|
Realm = "foobar"
|
||||||
|
HeaderField = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware15.ForwardAuth]
|
||||||
|
Address = "foobar"
|
||||||
|
TrustForwardHeader = true
|
||||||
|
AuthResponseHeaders = ["foobar", "foobar"]
|
||||||
|
[HTTP.Middlewares.Middleware15.ForwardAuth.TLS]
|
||||||
|
CA = "foobar"
|
||||||
|
CAOptional = true
|
||||||
|
Cert = "foobar"
|
||||||
|
Key = "foobar"
|
||||||
|
InsecureSkipVerify = true
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware16.MaxConn]
|
||||||
|
Amount = 42
|
||||||
|
ExtractorFunc = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware17.Buffering]
|
||||||
|
MaxRequestBodyBytes = 42
|
||||||
|
MemRequestBodyBytes = 42
|
||||||
|
MaxResponseBodyBytes = 42
|
||||||
|
MemResponseBodyBytes = 42
|
||||||
|
RetryExpression = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware18.CircuitBreaker]
|
||||||
|
Expression = "foobar"
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware19.Compress]
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware20.PassTLSClientCert]
|
||||||
|
PEM = true
|
||||||
|
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info]
|
||||||
|
NotAfter = true
|
||||||
|
NotBefore = true
|
||||||
|
Sans = true
|
||||||
|
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Subject]
|
||||||
|
Country = true
|
||||||
|
Province = true
|
||||||
|
Locality = true
|
||||||
|
Organization = true
|
||||||
|
CommonName = true
|
||||||
|
SerialNumber = true
|
||||||
|
DomainComponent = true
|
||||||
|
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Issuer]
|
||||||
|
Country = true
|
||||||
|
Province = true
|
||||||
|
Locality = true
|
||||||
|
Organization = true
|
||||||
|
CommonName = true
|
||||||
|
SerialNumber = true
|
||||||
|
DomainComponent = true
|
||||||
|
|
||||||
|
[HTTP.Middlewares.Middleware21.Retry]
|
||||||
|
Attempts = 42
|
||||||
|
|
||||||
|
[HTTP.Services]
|
||||||
|
[HTTP.Services.Service0]
|
||||||
|
[HTTP.Services.Service0.LoadBalancer]
|
||||||
|
Method = "foobar"
|
||||||
|
PassHostHeader = true
|
||||||
|
|
||||||
|
[[HTTP.Services.Service0.LoadBalancer.Servers]]
|
||||||
|
URL = "foobar"
|
||||||
|
Weight = 42
|
||||||
|
|
||||||
|
[HTTP.Services.Service0.LoadBalancer.Stickiness]
|
||||||
|
CookieName = "foobar"
|
||||||
|
|
||||||
|
[[HTTP.Services.Service0.LoadBalancer.Servers]]
|
||||||
|
URL = "foobar"
|
||||||
|
Weight = 42
|
||||||
|
|
||||||
|
[HTTP.Services.Service0.LoadBalancer.HealthCheck]
|
||||||
|
Scheme = "foobar"
|
||||||
|
Path = "foobar"
|
||||||
|
Port = 42
|
||||||
|
Interval = "foobar"
|
||||||
|
Timeout = "foobar"
|
||||||
|
Hostname = "foobar"
|
||||||
|
[HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers]
|
||||||
|
name0 = "foobar"
|
||||||
|
name1 = "foobar"
|
||||||
|
[HTTP.Services.Service0.LoadBalancer.ResponseForwarding]
|
||||||
|
FlushInterval = "foobar"
|
||||||
|
|
||||||
|
[TCP]
|
||||||
|
|
||||||
|
[TCP.Routers]
|
||||||
|
|
||||||
|
[TCP.Routers.TCPRouter0]
|
||||||
|
EntryPoints = ["foobar", "foobar"]
|
||||||
|
Service = "foobar"
|
||||||
|
Rule = "foobar"
|
||||||
|
[TCP.Routers.TCPRouter0.tls]
|
||||||
|
passthrough = true
|
||||||
|
|
||||||
|
[TCP.Services]
|
||||||
|
|
||||||
|
[TCP.Services.TCPService0]
|
||||||
|
[TCP.Services.TCPService0.LoadBalancer]
|
||||||
|
Method = "foobar"
|
||||||
|
|
||||||
|
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
|
||||||
|
Address = "foobar"
|
||||||
|
Weight = 42
|
||||||
|
|
||||||
|
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
|
||||||
|
Address = "foobar"
|
||||||
|
Weight = 42
|
||||||
|
|
||||||
|
[[TLS]]
|
||||||
|
Stores = ["foobar", "foobar"]
|
||||||
|
[TLS.Certificate]
|
||||||
|
CertFile = "foobar"
|
||||||
|
KeyFile = "foobar"
|
||||||
|
|
||||||
|
[[TLS]]
|
||||||
|
Stores = ["foobar", "foobar"]
|
||||||
|
[TLS.Certificate]
|
||||||
|
CertFile = "foobar"
|
||||||
|
KeyFile = "foobar"
|
||||||
|
|
||||||
|
[TLSOptions]
|
||||||
|
|
||||||
|
[TLSOptions.TLS0]
|
||||||
|
MinVersion = "foobar"
|
||||||
|
CipherSuites = ["foobar", "foobar"]
|
||||||
|
SniStrict = true
|
||||||
|
[TLSOptions.TLS0.ClientCA]
|
||||||
|
Files = ["foobar", "foobar"]
|
||||||
|
Optional = true
|
||||||
|
[TLSOptions.TLS1]
|
||||||
|
MinVersion = "foobar"
|
||||||
|
CipherSuites = ["foobar", "foobar"]
|
||||||
|
SniStrict = true
|
||||||
|
[TLSOptions.TLS1.ClientCA]
|
||||||
|
Files = ["foobar", "foobar"]
|
||||||
|
Optional = true
|
||||||
|
|
||||||
|
[TLSStores]
|
||||||
|
|
||||||
|
[TLSStores.Store0]
|
||||||
|
[TLSStores.Store0.DefaultCertificate]
|
||||||
|
CertFile = "foobar"
|
||||||
|
KeyFile = "foobar"
|
||||||
|
[TLSStores.Store1]
|
||||||
|
[TLSStores.Store1.DefaultCertificate]
|
||||||
|
CertFile = "foobar"
|
||||||
|
KeyFile = "foobar"
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Kubernetes Configuration Reference
|
||||||
|
|
||||||
|
Dynamic configuration with Kubernetes Custom Resource
|
||||||
|
{: .subtitle }
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
--8<-- "content/reference/dynamic-configuration/kubernetes-crd.yml"
|
||||||
|
```
|
|
@ -0,0 +1,71 @@
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: ingressroutes.traefik.containo.us
|
||||||
|
|
||||||
|
spec:
|
||||||
|
group: traefik.containo.us
|
||||||
|
version: v1alpha1
|
||||||
|
names:
|
||||||
|
kind: IngressRoute
|
||||||
|
plural: ingressroutes
|
||||||
|
singular: ingressroute
|
||||||
|
scope: Namespaced
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1beta1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: middlewares.traefik.containo.us
|
||||||
|
spec:
|
||||||
|
group: traefik.containo.us
|
||||||
|
version: v1alpha1
|
||||||
|
names:
|
||||||
|
kind: Middleware
|
||||||
|
plural: middlewares
|
||||||
|
singular: middleware
|
||||||
|
scope: Namespaced
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
kind: IngressRoute
|
||||||
|
metadata:
|
||||||
|
name: ingressroute.crd
|
||||||
|
spec:
|
||||||
|
entryPoints:
|
||||||
|
- web
|
||||||
|
- web-secure
|
||||||
|
routes:
|
||||||
|
- match: Host(`foo.com`) && PathPrefix(`/bar`)
|
||||||
|
kind: Rule
|
||||||
|
priority: 12
|
||||||
|
# defining several services is possible and allowed, but for now the servers of
|
||||||
|
# all the services (for a given route) get merged altogether under the same
|
||||||
|
# load-balancing strategy.
|
||||||
|
services:
|
||||||
|
- name: s1
|
||||||
|
port: 80
|
||||||
|
healthCheck:
|
||||||
|
path: /health
|
||||||
|
host: baz.com
|
||||||
|
intervalSeconds: 7
|
||||||
|
timeoutSeconds: 60
|
||||||
|
# strategy defines the load balancing strategy between the servers. It defaults
|
||||||
|
# to Round Robin, and for now only Round Robin is supported anyway.
|
||||||
|
strategy: RoundRobin
|
||||||
|
- name: s2
|
||||||
|
port: 433
|
||||||
|
healthCheck:
|
||||||
|
path: /health
|
||||||
|
host: baz.com
|
||||||
|
intervalSeconds: 7
|
||||||
|
timeoutSeconds: 60
|
||||||
|
- match: PathPrefix(`/misc`)
|
||||||
|
services:
|
||||||
|
- name: s3
|
||||||
|
port: 80
|
||||||
|
middlewares:
|
||||||
|
- name: stripprefix
|
||||||
|
- name: addprefix
|
||||||
|
tls:
|
||||||
|
secretName: supersecret
|
159
docs/content/reference/dynamic-configuration/labels.yml
Normal file
159
docs/content/reference/dynamic-configuration/labels.yml
Normal file
|
@ -0,0 +1,159 @@
|
||||||
|
labels:
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware0.AddPrefix.Prefix=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.HeaderField=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Realm=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.RemoveHeader=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Users=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.UsersFile=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxRequestBodyBytes=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxResponseBodyBytes=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemRequestBodyBytes=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemResponseBodyBytes=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware2.Buffering.RetryExpression=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware3.Chain.Middlewares=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware4.CircuitBreaker.Expression=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.HeaderField=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Realm=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.RemoveHeader=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Users=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.UsersFile=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware6.Errors.Query=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware6.Errors.Service=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware6.Errors.Status=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.Address=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TrustForwardHeader=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowCredentials=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowHeaders=X-foobar, X-fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowMethods=GET, PUT"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowOrigin=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlExposeHeaders=X-foobar, X-fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlMaxAge=200"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AddVaryHeader=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.AllowedHosts=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.BrowserXSSFilter=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentSecurityPolicy=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentTypeNosniff=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomBrowserXSSValue=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomFrameOptionsValue=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name0=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name1=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name0=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name1=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.ForceSTSHeader=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.FrameDeny=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.HostsProxyHeaders=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.Amount=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.ExtractorFunc=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotAfter=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotBefore=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Sans=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Country=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Province=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Locality=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Organization=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.CommonName=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.SerialNumber=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.DomainComponent=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Country=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Province=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Locality=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Organization=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.CommonName=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.SerialNumber=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.DomainComponent=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.PEM=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.ExtractorFunc=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Average=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Burst=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Period=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Average=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Burst=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Period=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Regex=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Replacement=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Permanent=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Scheme=https"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Port=80"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Permanent=true"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware14.ReplacePath.Path=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Regex=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Replacement=foobar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware16.Retry.Attempts=42"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Middlewares.Middleware19.Compress=true"
|
||||||
|
- "traefik.HTTP.Routers.Router0.EntryPoints=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Routers.Router0.Middlewares=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Routers.Router0.Priority=42"
|
||||||
|
- "traefik.HTTP.Routers.Router0.Rule=foobar"
|
||||||
|
- "traefik.HTTP.Routers.Router0.Service=foobar"
|
||||||
|
- "traefik.HTTP.Routers.Router0.TLS=true"
|
||||||
|
- "traefik.HTTP.Routers.Router1.EntryPoints=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Routers.Router1.Middlewares=foobar, fiibar"
|
||||||
|
- "traefik.HTTP.Routers.Router1.Priority=42"
|
||||||
|
- "traefik.HTTP.Routers.Router1.Rule=foobar"
|
||||||
|
- "traefik.HTTP.Routers.Router1.Service=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name1=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Hostname=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Interval=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Path=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Port=42"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Scheme=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Timeout=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.Method=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.PassHostHeader=true"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Port=8080"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Scheme=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Weight=42"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.Stickiness.CookieName=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name0=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name1=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Hostname=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Interval=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Path=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Port=42"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Scheme=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Timeout=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.Method=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.PassHostHeader=true"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Port=8080"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0=foobar"
|
||||||
|
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Weight=42"
|
||||||
|
- "traefik.TCP.Routers.Router0.Rule=foobar"
|
||||||
|
- "traefik.TCP.Routers.Router0.EntryPoints=foobar, fiibar"
|
||||||
|
- "traefik.TCP.Routers.Router0.Service=foobar"
|
||||||
|
- "traefik.TCP.Routers.Router0.TLS.Passthrough=false"
|
||||||
|
- "traefik.TCP.Routers.Router1.Rule=foobar"
|
||||||
|
- "traefik.TCP.Routers.Router1.EntryPoints=foobar, fiibar"
|
||||||
|
- "traefik.TCP.Routers.Router1.Service=foobar"
|
||||||
|
- "traefik.TCP.Routers.Router1.TLS.Passthrough=false"
|
||||||
|
- "traefik.TCP.Services.Service0.LoadBalancer.Method=foobar"
|
||||||
|
- "traefik.TCP.Services.Service0.LoadBalancer.server.Port=42"
|
||||||
|
- "traefik.TCP.Services.Service0.LoadBalancer.server.Weight=42"
|
||||||
|
- "traefik.TCP.Services.Service1.LoadBalancer.Method=foobar"
|
||||||
|
- "traefik.TCP.Services.Service1.LoadBalancer.server.Port=42"
|
||||||
|
- "traefik.TCP.Services.Service1.LoadBalancer.server.Weight=42"
|
8
docs/content/reference/dynamic-configuration/marathon.md
Normal file
8
docs/content/reference/dynamic-configuration/marathon.md
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
# Marathon Configuration Reference
|
||||||
|
|
||||||
|
Dynamic configuration with Marathon Labels
|
||||||
|
{: .subtitle }
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
--8<-- "content/reference/dynamic-configuration/labels.yml"
|
||||||
|
```
|
|
@ -1,35 +0,0 @@
|
||||||
# EntryPoints - Reference
|
|
||||||
|
|
||||||
Every Options for EntryPoints
|
|
||||||
{: .subtitle}
|
|
||||||
|
|
||||||
## TOML
|
|
||||||
|
|
||||||
```toml
|
|
||||||
# ...
|
|
||||||
|
|
||||||
[entrypoints]
|
|
||||||
[entrypoints.web]
|
|
||||||
address = ":80"
|
|
||||||
|
|
||||||
[entrypoints.web.proxyProtocol]
|
|
||||||
insecure = true
|
|
||||||
trustedIPs = ["10.10.10.1", "10.10.10.2"]
|
|
||||||
|
|
||||||
[entrypoints.web.forwardedHeaders]
|
|
||||||
trustedIPs = ["10.10.10.1", "10.10.10.2"]
|
|
||||||
insecure = false
|
|
||||||
|
|
||||||
[entrypoints.web-secure]
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
## CLI
|
|
||||||
|
|
||||||
```ini
|
|
||||||
Name:foo
|
|
||||||
Address::80
|
|
||||||
ProxyProtocol.TrustedIPs:192.168.0.1
|
|
||||||
ProxyProtocol.Insecure:true
|
|
||||||
ForwardedHeaders.TrustedIPs:10.0.0.3/24,20.0.0.3/24
|
|
||||||
```
|
|
|
@ -1,53 +0,0 @@
|
||||||
# Logs - Reference
|
|
||||||
|
|
||||||
## TOML
|
|
||||||
|
|
||||||
```toml
|
|
||||||
logLevel = "INFO"
|
|
||||||
|
|
||||||
[traefikLog]
|
|
||||||
filePath = "/path/to/traefik.log"
|
|
||||||
format = "json"
|
|
||||||
|
|
||||||
[accessLog]
|
|
||||||
filePath = "/path/to/access.log"
|
|
||||||
format = "json"
|
|
||||||
|
|
||||||
[accessLog.filters]
|
|
||||||
statusCodes = ["200", "300-302"]
|
|
||||||
retryAttempts = true
|
|
||||||
minDuration = "10ms"
|
|
||||||
|
|
||||||
[accessLog.fields]
|
|
||||||
defaultMode = "keep"
|
|
||||||
[accessLog.fields.names]
|
|
||||||
"ClientUsername" = "drop"
|
|
||||||
# ...
|
|
||||||
|
|
||||||
[accessLog.fields.headers]
|
|
||||||
defaultMode = "keep"
|
|
||||||
[accessLog.fields.headers.names]
|
|
||||||
"User-Agent" = "redact"
|
|
||||||
"Authorization" = "drop"
|
|
||||||
"Content-Type" = "keep"
|
|
||||||
# ...
|
|
||||||
```
|
|
||||||
|
|
||||||
## CLI
|
|
||||||
|
|
||||||
For more information about the CLI, see the documentation about [Traefik command](../../operations/cli).
|
|
||||||
|
|
||||||
```shell
|
|
||||||
--logLevel="DEBUG"
|
|
||||||
--traefikLog.filePath="/path/to/traefik.log"
|
|
||||||
--traefikLog.format="json"
|
|
||||||
--accessLog.filePath="/path/to/access.log"
|
|
||||||
--accessLog.format="json"
|
|
||||||
--accessLog.filters.statusCodes="200,300-302"
|
|
||||||
--accessLog.filters.retryAttempts="true"
|
|
||||||
--accessLog.filters.minDuration="10ms"
|
|
||||||
--accessLog.fields.defaultMode="keep"
|
|
||||||
--accessLog.fields.names="Username=drop Hostname=drop"
|
|
||||||
--accessLog.fields.headers.defaultMode="keep"
|
|
||||||
--accessLog.fields.headers.names="User-Agent=redact Authorization=drop Content-Type=keep"
|
|
||||||
```
|
|
|
@ -1,180 +0,0 @@
|
||||||
# Docker -- Reference
|
|
||||||
|
|
||||||
## Docker
|
|
||||||
|
|
||||||
```toml
|
|
||||||
################################################################
|
|
||||||
# Docker Provider
|
|
||||||
################################################################
|
|
||||||
|
|
||||||
# Enable Docker Provider.
|
|
||||||
[docker]
|
|
||||||
|
|
||||||
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
|
|
||||||
#
|
|
||||||
# Required
|
|
||||||
#
|
|
||||||
endpoint = "unix:///var/run/docker.sock"
|
|
||||||
|
|
||||||
# Default base domain used for the frontend rules.
|
|
||||||
# Can be overridden by setting the "traefik.domain" label on a container.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
domain = "docker.localhost"
|
|
||||||
|
|
||||||
# Enable watch docker changes.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
watch = true
|
|
||||||
|
|
||||||
# Override default configuration template.
|
|
||||||
# For advanced users :)
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
# filename = "docker.tmpl"
|
|
||||||
|
|
||||||
# Override template version
|
|
||||||
# For advanced users :)
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# - "1": previous template version (must be used only with older custom templates, see "filename")
|
|
||||||
# - "2": current template version (must be used to force template version when "filename" is used)
|
|
||||||
#
|
|
||||||
# templateVersion = 2
|
|
||||||
|
|
||||||
# Expose containers by default in Traefik.
|
|
||||||
# If set to false, containers that don't have `traefik.enable=true` will be ignored.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: true
|
|
||||||
#
|
|
||||||
exposedByDefault = true
|
|
||||||
|
|
||||||
# Use the IP address from the binded port instead of the inner network one.
|
|
||||||
#
|
|
||||||
# In case no IP address is attached to the binded port (or in case
|
|
||||||
# there is no bind), the inner network one will be used as a fallback.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
usebindportip = true
|
|
||||||
|
|
||||||
# Use Swarm Mode services as data provider.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
swarmMode = false
|
|
||||||
|
|
||||||
# Polling interval (in seconds) for Swarm Mode.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: 15
|
|
||||||
#
|
|
||||||
swarmModeRefreshSeconds = 15
|
|
||||||
|
|
||||||
# Define a default docker network to use for connections to all containers.
|
|
||||||
# Can be overridden by the traefik.docker.network label.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
network = "web"
|
|
||||||
|
|
||||||
# Enable docker TLS connection.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
# [docker.tls]
|
|
||||||
# ca = "/etc/ssl/ca.crt"
|
|
||||||
# cert = "/etc/ssl/docker.crt"
|
|
||||||
# key = "/etc/ssl/docker.key"
|
|
||||||
# insecureSkipVerify = true
|
|
||||||
```
|
|
||||||
|
|
||||||
## Docker Swarm Mode
|
|
||||||
|
|
||||||
```toml
|
|
||||||
################################################################
|
|
||||||
# Docker Swarm Mode Provider
|
|
||||||
################################################################
|
|
||||||
|
|
||||||
# Enable Docker Provider.
|
|
||||||
[docker]
|
|
||||||
|
|
||||||
# Docker server endpoint.
|
|
||||||
# Can be a tcp or a unix socket endpoint.
|
|
||||||
#
|
|
||||||
# Required
|
|
||||||
# Default: "unix:///var/run/docker.sock"
|
|
||||||
#
|
|
||||||
# swarm classic (1.12-)
|
|
||||||
# endpoint = "tcp://127.0.0.1:2375"
|
|
||||||
# docker swarm mode (1.12+)
|
|
||||||
endpoint = "tcp://127.0.0.1:2377"
|
|
||||||
|
|
||||||
# Default base domain used for the frontend rules.
|
|
||||||
# Can be overridden by setting the "traefik.domain" label on a services.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: ""
|
|
||||||
#
|
|
||||||
domain = "docker.localhost"
|
|
||||||
|
|
||||||
# Enable watch docker changes.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: true
|
|
||||||
#
|
|
||||||
watch = true
|
|
||||||
|
|
||||||
# Use Docker Swarm Mode as data provider.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: false
|
|
||||||
#
|
|
||||||
swarmMode = true
|
|
||||||
|
|
||||||
# Define a default docker network to use for connections to all containers.
|
|
||||||
# Can be overridden by the traefik.docker.network label.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
network = "web"
|
|
||||||
|
|
||||||
# Override default configuration template.
|
|
||||||
# For advanced users :)
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
# filename = "docker.tmpl"
|
|
||||||
|
|
||||||
# Override template version
|
|
||||||
# For advanced users :)
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# - "1": previous template version (must be used only with older custom templates, see "filename")
|
|
||||||
# - "2": current template version (must be used to force template version when "filename" is used)
|
|
||||||
#
|
|
||||||
# templateVersion = 2
|
|
||||||
|
|
||||||
# Expose services by default in Traefik.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
# Default: true
|
|
||||||
#
|
|
||||||
exposedByDefault = false
|
|
||||||
|
|
||||||
# Enable docker TLS connection.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
# [docker.tls]
|
|
||||||
# ca = "/etc/ssl/ca.crt"
|
|
||||||
# cert = "/etc/ssl/docker.crt"
|
|
||||||
# key = "/etc/ssl/docker.key"
|
|
||||||
# insecureSkipVerify = true
|
|
||||||
```
|
|
|
@ -1,261 +0,0 @@
|
||||||
# File -- Reference
|
|
||||||
|
|
||||||
## File
|
|
||||||
|
|
||||||
```toml
|
|
||||||
################################################################
|
|
||||||
# File Provider
|
|
||||||
################################################################
|
|
||||||
|
|
||||||
[providers]
|
|
||||||
|
|
||||||
# Enable File Provider.
|
|
||||||
[providers.file]
|
|
||||||
|
|
||||||
# Define one separated configuration file.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
filename = "my-conf.toml"
|
|
||||||
|
|
||||||
# Define directory that contains a set of configuration files.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
directory = "/path/to/config"
|
|
||||||
|
|
||||||
# Enable watch file changes.
|
|
||||||
#
|
|
||||||
# Optional
|
|
||||||
#
|
|
||||||
watch = true
|
|
||||||
|
|
||||||
[http]
|
|
||||||
|
|
||||||
[http.routers]
|
|
||||||
|
|
||||||
[http.routers.router0]
|
|
||||||
entrypoints = ["foo", "bar"]
|
|
||||||
middlewares = ["foo", "bar"]
|
|
||||||
service = "service-foo"
|
|
||||||
rule = "Path(`foo`)"
|
|
||||||
priority = 42
|
|
||||||
[http.routers.router0.tls]
|
|
||||||
|
|
||||||
[http.middlewares]
|
|
||||||
|
|
||||||
[http.middlewares.my-add-prefix.AddPrefix]
|
|
||||||
prefix = "/foo"
|
|
||||||
|
|
||||||
[http.middlewares.my-strip-prefix.StripPrefix]
|
|
||||||
prefixes = ["/foo", "/bar"]
|
|
||||||
|
|
||||||
[http.middlewares.my-strip-prefix-regex.StripPrefixRegex]
|
|
||||||
regex = ["/foo/api/", "/bar/{category}/{id:[0-9]+}/"]
|
|
||||||
|
|
||||||
[http.middlewares.my-replace-path.ReplacePath]
|
|
||||||
path = "/foo"
|
|
||||||
|
|
||||||
[http.middlewares.my-replace-path-regex.ReplacePathRegex]
|
|
||||||
regex = "foo/(.*)"
|
|
||||||
replacement = "/foobar/$1"
|
|
||||||
|
|
||||||
[http.middlewares.my-chain.Chain]
|
|
||||||
middlewares = ["my-add-prefix", "my-basic-auth"]
|
|
||||||
|
|
||||||
[http.middlewares.Middleware0.IPWhiteList]
|
|
||||||
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
|
||||||
[http.middlewares.Middleware0.IPWhiteList.IPStrategy]
|
|
||||||
depth = 2
|
|
||||||
excludedIPs = ["127.0.0.1/16", "192.168.1.7"]
|
|
||||||
|
|
||||||
[http.middlewares.my-headers.Headers]
|
|
||||||
allowedHosts = ["foobar", "foobar"]
|
|
||||||
hostsProxyHeaders = ["foobar", "foobar"]
|
|
||||||
sslRedirect = true
|
|
||||||
sslTemporaryRedirect = true
|
|
||||||
sslHost = "foobar"
|
|
||||||
sslForceHost = true
|
|
||||||
stsSeconds = 42
|
|
||||||
stsIncludeSubdomains = true
|
|
||||||
stsPreload = true
|
|
||||||
forceSTSHeader = true
|
|
||||||
frameDeny = true
|
|
||||||
customFrameOptionsValue = "foobar"
|
|
||||||
contentTypeNosniff = true
|
|
||||||
browserXSSFilter = true
|
|
||||||
customBrowserXSSValue = "foobar"
|
|
||||||
contentSecurityPolicy = "foobar"
|
|
||||||
publicKey = "foobar"
|
|
||||||
referrerPolicy = "foobar"
|
|
||||||
isDevelopment = true
|
|
||||||
[http.middlewares.my-headers.Headers.CustomRequestHeaders]
|
|
||||||
X-Script-Name = "foo"
|
|
||||||
[http.middlewares.my-headers.Headers.CustomResponseHeaders]
|
|
||||||
X-Custom-Response-Header = "True"
|
|
||||||
[http.middlewares.my-headers.Headers.SSLProxyHeaders]
|
|
||||||
X-Forwarded-Proto = "https"
|
|
||||||
|
|
||||||
[http.middlewares.my-errors.Errors]
|
|
||||||
status = ["400-404", "500-599"]
|
|
||||||
service = "foo-errors-service"
|
|
||||||
query = "/error.html"
|
|
||||||
|
|
||||||
[http.middlewares.my-rate-limit.RateLimit]
|
|
||||||
extractorFunc = "client.ip"
|
|
||||||
[http.middlewares.Middleware0.RateLimit.RateSet]
|
|
||||||
|
|
||||||
[http.middlewares.Middleware0.RateLimit.RateSet.Rate0]
|
|
||||||
period = 10
|
|
||||||
average = 100
|
|
||||||
burst = 200
|
|
||||||
|
|
||||||
[http.middlewares.my-redirect-regex.RedirectRegex]
|
|
||||||
regex = "^http://localhost/(.*)"
|
|
||||||
replacement = "http://mydomain/$1"
|
|
||||||
permanent = true
|
|
||||||
|
|
||||||
[http.middlewares.my-redirect-scheme.RedirectScheme]
|
|
||||||
scheme = "https"
|
|
||||||
port = "8443"
|
|
||||||
permanent = true
|
|
||||||
|
|
||||||
[http.middlewares.my-basic-auth.BasicAuth]
|
|
||||||
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
|
||||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
|
||||||
usersFile = "etc/traefik/.htpasswd"
|
|
||||||
realm = "myRealm"
|
|
||||||
removeHeader = true
|
|
||||||
headerField = "X-WebAuth-User"
|
|
||||||
|
|
||||||
[http.middlewares.my-digest-auth.DigestAuth]
|
|
||||||
users = ["test:traefik:a2688e031edb4be6a3797f3882655c05", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
|
|
||||||
usersFile = "etc/traefik/.htdigest"
|
|
||||||
removeHeader = true
|
|
||||||
realm = "traefik"
|
|
||||||
headerField = "X-WebAuth-User"
|
|
||||||
|
|
||||||
[http.middlewares.my-forward-auth.ForwardAuth]
|
|
||||||
address = "https://myauth.server:443"
|
|
||||||
trustForwardHeader = true
|
|
||||||
authResponseHeaders = ["X-Forwarded-Foo", "X-Forwarded-Bar"]
|
|
||||||
[http.middlewares.my-forward-auth.ForwardAuth.TLS]
|
|
||||||
ca = "/etc/traefik/crt/ca.pem"
|
|
||||||
caOptional = true
|
|
||||||
cert = "/etc/traefik/crt/cert.pem"
|
|
||||||
key = "/etc/traefik/crt/cert.key"
|
|
||||||
insecureSkipVerify = true
|
|
||||||
|
|
||||||
[http.middlewares.my-maxconn.MaxConn]
|
|
||||||
amount = 10
|
|
||||||
extractorFunc = "request.host"
|
|
||||||
|
|
||||||
[http.middlewares.my-buffering.Buffering]
|
|
||||||
maxRequestBodyBytes = 25000
|
|
||||||
memRequestBodyBytes = 25000
|
|
||||||
maxResponseBodyBytes = 25000
|
|
||||||
memResponseBodyBytes = 25000
|
|
||||||
retryExpression = "foobar"
|
|
||||||
|
|
||||||
[http.middlewares.my-circuit-breaker.CircuitBreaker]
|
|
||||||
Expression = "LatencyAtQuantileMS(50.0) > 100"
|
|
||||||
|
|
||||||
[http.middlewares.my-compress.Compress]
|
|
||||||
|
|
||||||
[http.middlewares.my-pass-tls-client-cert.PassTLSClientCert]
|
|
||||||
pem = true
|
|
||||||
[http.middlewares.Middleware0.PassTLSClientCert.Info]
|
|
||||||
notAfter = true
|
|
||||||
notBefore = true
|
|
||||||
sans = true
|
|
||||||
[http.middlewares.Middleware0.PassTLSClientCert.Info.Subject]
|
|
||||||
country = true
|
|
||||||
province = true
|
|
||||||
locality = true
|
|
||||||
organization = true
|
|
||||||
commonName = true
|
|
||||||
serialNumber = true
|
|
||||||
domainComponent = true
|
|
||||||
[http.middlewares.Middleware0.PassTLSClientCert.Info.Issuer]
|
|
||||||
country = true
|
|
||||||
province = true
|
|
||||||
locality = true
|
|
||||||
organization = true
|
|
||||||
commonName = true
|
|
||||||
serialNumber = true
|
|
||||||
domainComponent = true
|
|
||||||
|
|
||||||
[http.middlewares.my-retry.Retry]
|
|
||||||
attempts = 4
|
|
||||||
|
|
||||||
[http.services]
|
|
||||||
|
|
||||||
[http.services.service0]
|
|
||||||
[http.services.service0.LoadBalancer]
|
|
||||||
method = "wrr"
|
|
||||||
passHostHeader = true
|
|
||||||
[http.services.service0.LoadBalancer.Stickiness]
|
|
||||||
cookieName = "my-stickiness-cookie-name"
|
|
||||||
[[http.services.service0.LoadBalancer.Servers]]
|
|
||||||
url = "http://foo/"
|
|
||||||
weight = 30
|
|
||||||
[[http.services.service0.LoadBalancer.Servers]]
|
|
||||||
url = "http://bar/"
|
|
||||||
weight = 70
|
|
||||||
[http.services.service0.LoadBalancer.HealthCheck]
|
|
||||||
scheme = "https"
|
|
||||||
path = "/health"
|
|
||||||
port = 9443
|
|
||||||
interval = "10s"
|
|
||||||
timeout = "30s"
|
|
||||||
hostname = "foobar"
|
|
||||||
[http.services.service0.LoadBalancer.HealthCheck.Headers]
|
|
||||||
My-Custom-Header = "foobar"
|
|
||||||
[http.services.service0.LoadBalancer.ResponseForwarding]
|
|
||||||
flushInterval = "4s"
|
|
||||||
|
|
||||||
[tcp]
|
|
||||||
|
|
||||||
[tcp.routers]
|
|
||||||
[tcp.routers.tcpRouter0]
|
|
||||||
entryPoints = ["foobar", "foobar"]
|
|
||||||
service = "foobar"
|
|
||||||
rule = "foobar"
|
|
||||||
[tcp.routers.tcpRouter0.tlst]
|
|
||||||
passthrough = true
|
|
||||||
|
|
||||||
[tcp.services]
|
|
||||||
[tcp.services.tcpService0]
|
|
||||||
[tcp.services.tcpService0.tcpLoadBalancer]
|
|
||||||
method = "foobar"
|
|
||||||
[[tcp.services.tcpService0.tcpLoadBalancer.Servers]]
|
|
||||||
address = "foobar"
|
|
||||||
weight = 42
|
|
||||||
[[tcp.services.tcpService0.tcpLoadBalancer.Servers]]
|
|
||||||
address = "foobar"
|
|
||||||
weight = 42
|
|
||||||
|
|
||||||
[[tls]]
|
|
||||||
Store = ["my-store-foo", "my-store-bar"]
|
|
||||||
[tls.Certificate]
|
|
||||||
certFile = "/etc/traefik/cert.pem"
|
|
||||||
keyFile = "/etc/traefik/cert.key"
|
|
||||||
|
|
||||||
|
|
||||||
[tlsconfig]
|
|
||||||
[tlsconfig.TLS0]
|
|
||||||
minVersion = "VersionTLS12"
|
|
||||||
cipherSuites = [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384"]
|
|
||||||
[tlsconfig.TLS0.ClientCA]
|
|
||||||
files = ["/etc/traefik/ca-foo.pem", "/etc/traefik/ca-bar.pem"]
|
|
||||||
optional = true
|
|
||||||
|
|
||||||
[tlsstore]
|
|
||||||
[tlsstore.my-store-foo]
|
|
||||||
sniStrict = true
|
|
||||||
[tlsstore.my-store-foo.DefaultCertificate]
|
|
||||||
certFile = "/etc/traefik/cert.pem"
|
|
||||||
keyFile = "/etc/traefik/cert.key"
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
|
@ -1,81 +0,0 @@
|
||||||
# Kubernetes -- Reference
|
|
||||||
|
|
||||||
## Kubernetes
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
################################################################
|
|
||||||
# Kubernetes Provider
|
|
||||||
################################################################
|
|
||||||
|
|
||||||
apiVersion: apiextensions.k8s.io/v1beta1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
name: ingressroutes.traefik.containo.us
|
|
||||||
|
|
||||||
spec:
|
|
||||||
group: traefik.containo.us
|
|
||||||
version: v1alpha1
|
|
||||||
names:
|
|
||||||
kind: IngressRoute
|
|
||||||
plural: ingressroutes
|
|
||||||
singular: ingressroute
|
|
||||||
scope: Namespaced
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1beta1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
name: middlewares.traefik.containo.us
|
|
||||||
spec:
|
|
||||||
group: traefik.containo.us
|
|
||||||
version: v1alpha1
|
|
||||||
names:
|
|
||||||
kind: Middleware
|
|
||||||
plural: middlewares
|
|
||||||
singular: middleware
|
|
||||||
scope: Namespaced
|
|
||||||
|
|
||||||
---
|
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
|
||||||
kind: IngressRoute
|
|
||||||
metadata:
|
|
||||||
name: ingressroute.crd
|
|
||||||
spec:
|
|
||||||
entrypoints:
|
|
||||||
- web
|
|
||||||
- web-secure
|
|
||||||
routes:
|
|
||||||
- match: Host(`foo.com`) && PathPrefix(`/bar`)
|
|
||||||
kind: Rule
|
|
||||||
priority: 12
|
|
||||||
# defining several services is possible and allowed, but for now the servers of
|
|
||||||
# all the services (for a given route) get merged altogether under the same
|
|
||||||
# load-balancing strategy.
|
|
||||||
services:
|
|
||||||
- name: s1
|
|
||||||
port: 80
|
|
||||||
healthcheck:
|
|
||||||
path: /health
|
|
||||||
host: baz.com
|
|
||||||
intervalseconds: 7
|
|
||||||
timeoutseconds: 60
|
|
||||||
# strategy defines the load balancing strategy between the servers. It defaults
|
|
||||||
# to Round Robin, and for now only Round Robin is supported anyway.
|
|
||||||
strategy: RoundRobin
|
|
||||||
- name: s2
|
|
||||||
port: 433
|
|
||||||
healthcheck:
|
|
||||||
path: /health
|
|
||||||
host: baz.com
|
|
||||||
intervalseconds: 7
|
|
||||||
timeoutseconds: 60
|
|
||||||
- match: PathPrefix(`/misc`)
|
|
||||||
services:
|
|
||||||
- name: s3
|
|
||||||
port: 80
|
|
||||||
middleware:
|
|
||||||
- name: stripprefix
|
|
||||||
- name: addprefix
|
|
||||||
tls:
|
|
||||||
secretName: supersecret
|
|
||||||
```
|
|
13
docs/content/reference/static-configuration.md
Normal file
13
docs/content/reference/static-configuration.md
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# Static Configuration
|
||||||
|
|
||||||
|
## File
|
||||||
|
|
||||||
|
```toml
|
||||||
|
--8<-- "content/reference/static-configuration.toml"
|
||||||
|
```
|
||||||
|
|
||||||
|
## CLI
|
||||||
|
|
||||||
|
```txt
|
||||||
|
--8<-- "content/reference/static-configuration.txt"
|
||||||
|
```
|
238
docs/content/reference/static-configuration.toml
Normal file
238
docs/content/reference/static-configuration.toml
Normal file
|
@ -0,0 +1,238 @@
|
||||||
|
[Global]
|
||||||
|
Debug = true
|
||||||
|
CheckNewVersion = true
|
||||||
|
SendAnonymousUsage = true
|
||||||
|
|
||||||
|
[ServersTransport]
|
||||||
|
InsecureSkipVerify = true
|
||||||
|
RootCAs = ["foobar", "foobar"]
|
||||||
|
MaxIdleConnsPerHost = 42
|
||||||
|
[ServersTransport.ForwardingTimeouts]
|
||||||
|
DialTimeout = 42
|
||||||
|
ResponseHeaderTimeout = 42
|
||||||
|
|
||||||
|
[EntryPoints]
|
||||||
|
|
||||||
|
[EntryPoints.EntryPoint0]
|
||||||
|
Address = "foobar"
|
||||||
|
[EntryPoints.EntryPoint0.Transport]
|
||||||
|
[EntryPoints.EntryPoint0.Transport.LifeCycle]
|
||||||
|
RequestAcceptGraceTimeout = 42
|
||||||
|
GraceTimeOut = 42
|
||||||
|
[EntryPoints.EntryPoint0.Transport.RespondingTimeouts]
|
||||||
|
ReadTimeout = 42
|
||||||
|
WriteTimeout = 42
|
||||||
|
IdleTimeout = 42
|
||||||
|
[EntryPoints.EntryPoint0.ProxyProtocol]
|
||||||
|
Insecure = true
|
||||||
|
TrustedIPs = ["foobar", "foobar"]
|
||||||
|
[EntryPoints.EntryPoint0.ForwardedHeaders]
|
||||||
|
Insecure = true
|
||||||
|
TrustedIPs = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[Providers]
|
||||||
|
|
||||||
|
ProvidersThrottleDuration = 42
|
||||||
|
[Providers.Docker]
|
||||||
|
Watch = true
|
||||||
|
Endpoint = "foobar"
|
||||||
|
DefaultRule = "foobar"
|
||||||
|
ExposedByDefault = true
|
||||||
|
UseBindPortIP = true
|
||||||
|
SwarmMode = true
|
||||||
|
Network = "foobar"
|
||||||
|
SwarmModeRefreshSeconds = 42
|
||||||
|
|
||||||
|
[[Providers.Docker.Constraints]]
|
||||||
|
Key = "foobar"
|
||||||
|
MustMatch = true
|
||||||
|
Regex = "foobar"
|
||||||
|
|
||||||
|
[[Providers.Docker.Constraints]]
|
||||||
|
Key = "foobar"
|
||||||
|
MustMatch = true
|
||||||
|
Regex = "foobar"
|
||||||
|
[Providers.Docker.TLS]
|
||||||
|
CA = "foobar"
|
||||||
|
CAOptional = true
|
||||||
|
Cert = "foobar"
|
||||||
|
Key = "foobar"
|
||||||
|
InsecureSkipVerify = true
|
||||||
|
[Providers.File]
|
||||||
|
Directory = "foobar"
|
||||||
|
Watch = true
|
||||||
|
Filename = "foobar"
|
||||||
|
DebugLogGeneratedTemplate = true
|
||||||
|
TraefikFile = "foobar"
|
||||||
|
[Providers.Marathon]
|
||||||
|
Trace = true
|
||||||
|
Watch = true
|
||||||
|
Endpoint = "foobar"
|
||||||
|
DefaultRule = "foobar"
|
||||||
|
ExposedByDefault = true
|
||||||
|
DCOSToken = "foobar"
|
||||||
|
FilterMarathonConstraints = true
|
||||||
|
DialerTimeout = 42
|
||||||
|
ResponseHeaderTimeout = 42
|
||||||
|
TLSHandshakeTimeout = 42
|
||||||
|
KeepAlive = 42
|
||||||
|
ForceTaskHostname = true
|
||||||
|
RespectReadinessChecks = true
|
||||||
|
|
||||||
|
[[Providers.Marathon.Constraints]]
|
||||||
|
Key = "foobar"
|
||||||
|
MustMatch = true
|
||||||
|
Regex = "foobar"
|
||||||
|
|
||||||
|
[[Providers.Marathon.Constraints]]
|
||||||
|
Key = "foobar"
|
||||||
|
MustMatch = true
|
||||||
|
Regex = "foobar"
|
||||||
|
[Providers.Marathon.TLS]
|
||||||
|
CA = "foobar"
|
||||||
|
CAOptional = true
|
||||||
|
Cert = "foobar"
|
||||||
|
Key = "foobar"
|
||||||
|
InsecureSkipVerify = true
|
||||||
|
[Providers.Marathon.Basic]
|
||||||
|
HTTPBasicAuthUser = "foobar"
|
||||||
|
HTTPBasicPassword = "foobar"
|
||||||
|
[Providers.Kubernetes]
|
||||||
|
Endpoint = "foobar"
|
||||||
|
Token = "foobar"
|
||||||
|
CertAuthFilePath = "foobar"
|
||||||
|
DisablePassHostHeaders = true
|
||||||
|
Namespaces = ["foobar", "foobar"]
|
||||||
|
LabelSelector = "foobar"
|
||||||
|
IngressClass = "foobar"
|
||||||
|
[Providers.Kubernetes.IngressEndpoint]
|
||||||
|
IP = "foobar"
|
||||||
|
Hostname = "foobar"
|
||||||
|
PublishedService = "foobar"
|
||||||
|
[Providers.KubernetesCRD]
|
||||||
|
Endpoint = "foobar"
|
||||||
|
Token = "foobar"
|
||||||
|
CertAuthFilePath = "foobar"
|
||||||
|
DisablePassHostHeaders = true
|
||||||
|
Namespaces = ["foobar", "foobar"]
|
||||||
|
LabelSelector = "foobar"
|
||||||
|
IngressClass = "foobar"
|
||||||
|
[Providers.Rest]
|
||||||
|
EntryPoint = "foobar"
|
||||||
|
|
||||||
|
[API]
|
||||||
|
EntryPoint = "foobar"
|
||||||
|
Dashboard = true
|
||||||
|
Middlewares = ["foobar", "foobar"]
|
||||||
|
[API.Statistics]
|
||||||
|
RecentErrors = 42
|
||||||
|
|
||||||
|
[Metrics]
|
||||||
|
[Metrics.Prometheus]
|
||||||
|
Buckets = [42.0, 42.0]
|
||||||
|
EntryPoint = "foobar"
|
||||||
|
Middlewares = ["foobar", "foobar"]
|
||||||
|
[Metrics.Datadog]
|
||||||
|
Address = "foobar"
|
||||||
|
PushInterval = "foobar"
|
||||||
|
[Metrics.StatsD]
|
||||||
|
Address = "foobar"
|
||||||
|
PushInterval = "foobar"
|
||||||
|
[Metrics.InfluxDB]
|
||||||
|
Address = "foobar"
|
||||||
|
Protocol = "foobar"
|
||||||
|
PushInterval = "foobar"
|
||||||
|
Database = "foobar"
|
||||||
|
RetentionPolicy = "foobar"
|
||||||
|
Username = "foobar"
|
||||||
|
Password = "foobar"
|
||||||
|
|
||||||
|
[Ping]
|
||||||
|
EntryPoint = "foobar"
|
||||||
|
Middlewares = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[Log]
|
||||||
|
Level = "foobar"
|
||||||
|
FilePath = "foobar"
|
||||||
|
Format = "foobar"
|
||||||
|
|
||||||
|
[AccessLog]
|
||||||
|
FilePath = "foobar"
|
||||||
|
Format = "foobar"
|
||||||
|
BufferingSize = 42
|
||||||
|
[AccessLog.Filters]
|
||||||
|
StatusCodes = ["foobar", "foobar"]
|
||||||
|
RetryAttempts = true
|
||||||
|
MinDuration = 42
|
||||||
|
[AccessLog.Fields]
|
||||||
|
DefaultMode = "foobar"
|
||||||
|
[AccessLog.Fields.Names]
|
||||||
|
name0 = "foobar"
|
||||||
|
name1 = "foobar"
|
||||||
|
[AccessLog.Fields.Headers]
|
||||||
|
DefaultMode = "foobar"
|
||||||
|
[AccessLog.Fields.Headers.Names]
|
||||||
|
name0 = "foobar"
|
||||||
|
name1 = "foobar"
|
||||||
|
|
||||||
|
[Tracing]
|
||||||
|
Backend = "foobar"
|
||||||
|
ServiceName = "foobar"
|
||||||
|
SpanNameLimit = 42
|
||||||
|
[Tracing.Jaeger]
|
||||||
|
SamplingServerURL = "foobar"
|
||||||
|
SamplingType = "foobar"
|
||||||
|
SamplingParam = 42.0
|
||||||
|
LocalAgentHostPort = "foobar"
|
||||||
|
Gen128Bit = true
|
||||||
|
Propagation = "foobar"
|
||||||
|
TraceContextHeaderName = "foobar"
|
||||||
|
[Tracing.Zipkin]
|
||||||
|
HTTPEndpoint = "foobar"
|
||||||
|
SameSpan = true
|
||||||
|
ID128Bit = true
|
||||||
|
Debug = true
|
||||||
|
SampleRate = 42.0
|
||||||
|
[Tracing.DataDog]
|
||||||
|
LocalAgentHostPort = "foobar"
|
||||||
|
GlobalTag = "foobar"
|
||||||
|
Debug = true
|
||||||
|
PrioritySampling = true
|
||||||
|
TraceIDHeaderName = "foobar"
|
||||||
|
ParentIDHeaderName = "foobar"
|
||||||
|
SamplingPriorityHeaderName = "foobar"
|
||||||
|
BagagePrefixHeaderName = "foobar"
|
||||||
|
[Tracing.Instana]
|
||||||
|
LocalAgentHost = "foobar"
|
||||||
|
LocalAgentPort = 42
|
||||||
|
Level = "foobar"
|
||||||
|
|
||||||
|
[HostResolver]
|
||||||
|
CnameFlattening = true
|
||||||
|
ResolvConfig = "foobar"
|
||||||
|
ResolvDepth = 42
|
||||||
|
|
||||||
|
[ACME]
|
||||||
|
Email = "foobar"
|
||||||
|
ACMELogging = true
|
||||||
|
CAServer = "foobar"
|
||||||
|
Storage = "foobar"
|
||||||
|
EntryPoint = "foobar"
|
||||||
|
KeyType = "foobar"
|
||||||
|
OnHostRule = true
|
||||||
|
[ACME.DNSChallenge]
|
||||||
|
Provider = "foobar"
|
||||||
|
DelayBeforeCheck = 42
|
||||||
|
Resolvers = ["foobar", "foobar"]
|
||||||
|
DisablePropagationCheck = true
|
||||||
|
[ACME.HTTPChallenge]
|
||||||
|
EntryPoint = "foobar"
|
||||||
|
[ACME.TLSChallenge]
|
||||||
|
|
||||||
|
[[ACME.Domains]]
|
||||||
|
Main = "foobar"
|
||||||
|
SANs = ["foobar", "foobar"]
|
||||||
|
|
||||||
|
[[ACME.Domains]]
|
||||||
|
Main = "foobar"
|
||||||
|
SANs = ["foobar", "foobar"]
|
203
docs/content/reference/static-configuration.txt
Normal file
203
docs/content/reference/static-configuration.txt
Normal file
|
@ -0,0 +1,203 @@
|
||||||
|
--accesslog Access log settings (default "false")
|
||||||
|
--accesslog.bufferingsize Number of access log lines to process in a buffered way. Default 0. (default "0")
|
||||||
|
--accesslog.fields AccessLogFields (default "false")
|
||||||
|
--accesslog.fields.defaultmode Default mode for fields: keep | drop (default "keep")
|
||||||
|
--accesslog.fields.headers Headers to keep, drop or redact (default "false")
|
||||||
|
--accesslog.fields.headers.defaultmode Default mode for fields: keep | drop | redact (default "keep")
|
||||||
|
--accesslog.fields.headers.names Override mode for headers (default "map[]")
|
||||||
|
--accesslog.fields.names Override mode for fields (default "map[]")
|
||||||
|
--accesslog.filepath Access log file path. Stdout is used when omitted or empty
|
||||||
|
--accesslog.filters Access log filters, used to keep only specific access logs (default "false")
|
||||||
|
--accesslog.filters.minduration Keep access logs when request took longer than the specified duration (default "0s")
|
||||||
|
--accesslog.filters.retryattempts Keep access logs when at least one retry happened (default "false")
|
||||||
|
--accesslog.filters.statuscodes Keep access logs with status codes in the specified range (default "[]")
|
||||||
|
--accesslog.format Access log format: json | common (default "common")
|
||||||
|
--acme Enable ACME (Let's Encrypt): automatic SSL (default "false")
|
||||||
|
--acme.acmelogging Enable debug logging of ACME actions. (default "false")
|
||||||
|
--acme.caserver CA server to use.
|
||||||
|
--acme.dnschallenge Activate DNS-01 Challenge (default "false")
|
||||||
|
--acme.dnschallenge.delaybeforecheck Assume DNS propagates after a delay in seconds rather than finding and querying (default "0s")
|
||||||
|
nameservers.
|
||||||
|
--acme.dnschallenge.disablepropagationcheck Disable the DNS propagation checks before notifying ACME that the DNS challenge (default "false")
|
||||||
|
is ready. [not recommended]
|
||||||
|
--acme.dnschallenge.provider Use a DNS-01 based challenge provider rather than HTTPS.
|
||||||
|
--acme.dnschallenge.resolvers Use following DNS servers to resolve the FQDN authority.
|
||||||
|
--acme.domains CN and SANs (alternative domains) to each main domain using format: (default "[]")
|
||||||
|
--acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No
|
||||||
|
SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge
|
||||||
|
--acme.email Email address used for registration
|
||||||
|
--acme.entrypoint EntryPoint to use.
|
||||||
|
--acme.httpchallenge Activate HTTP-01 Challenge (default "false")
|
||||||
|
--acme.httpchallenge.entrypoint HTTP challenge EntryPoint
|
||||||
|
--acme.keytype KeyType used for generating certificate private key. Allow value 'EC256',
|
||||||
|
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. Default to 'RSA4096'
|
||||||
|
--acme.onhostrule Enable certificate generation on frontends Host rules. (default "false")
|
||||||
|
--acme.storage Storage to use.
|
||||||
|
--acme.tlschallenge Activate TLS-ALPN-01 Challenge (default "false")
|
||||||
|
--api Enable api/dashboard (default "false")
|
||||||
|
--api.dashboard Activate dashboard (default "true")
|
||||||
|
--api.entrypoint EntryPoint (default "traefik")
|
||||||
|
--api.middlewares Middleware list
|
||||||
|
--api.statistics Enable more detailed statistics (default "true")
|
||||||
|
--api.statistics.recenterrors Number of recent errors logged (default "10")
|
||||||
|
-c, --configfile Configuration file to use (TOML).
|
||||||
|
--entrypoints Entrypoints definition using format: --entryPoints='Name:http Address::8000 (default "map[]")
|
||||||
|
Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442
|
||||||
|
TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'
|
||||||
|
--global Global configuration options (default "true")
|
||||||
|
--global.checknewversion Periodically check if a new version has been released (default "true")
|
||||||
|
-d, --global.debug Enable debug mode (default "false")
|
||||||
|
--global.sendanonymoususage send periodically anonymous usage statistics (default "false")
|
||||||
|
--hostresolver Enable CNAME Flattening (default "false")
|
||||||
|
--hostresolver.cnameflattening A flag to enable/disable CNAME flattening (default "false")
|
||||||
|
--hostresolver.resolvconfig resolv.conf used for DNS resolving (default "/etc/resolv.conf")
|
||||||
|
--hostresolver.resolvdepth The maximal depth of DNS recursive resolving (default "5")
|
||||||
|
--log Traefik log settings (default "false")
|
||||||
|
--log.filepath Traefik log file path. Stdout is used when omitted or empty
|
||||||
|
--log.format Traefik log format: json | common (default "common")
|
||||||
|
--log.level Log level set to traefik logs.
|
||||||
|
--metrics Enable a metrics exporter (default "false")
|
||||||
|
--metrics.datadog DataDog metrics exporter type (default "false")
|
||||||
|
--metrics.datadog.address DataDog's address (default "localhost:8125")
|
||||||
|
--metrics.datadog.pushinterval DataDog push interval (default "10s")
|
||||||
|
--metrics.influxdb InfluxDB metrics exporter type (default "false")
|
||||||
|
--metrics.influxdb.address InfluxDB address (default "localhost:8089")
|
||||||
|
--metrics.influxdb.database InfluxDB database used when protocol is http
|
||||||
|
--metrics.influxdb.password InfluxDB password (only with http)
|
||||||
|
--metrics.influxdb.protocol InfluxDB address protocol (udp or http) (default "udp")
|
||||||
|
--metrics.influxdb.pushinterval InfluxDB push interval (default "10s")
|
||||||
|
--metrics.influxdb.retentionpolicy InfluxDB retention policy used when protocol is http
|
||||||
|
--metrics.influxdb.username InfluxDB username (only with http)
|
||||||
|
--metrics.prometheus Prometheus metrics exporter type (default "false")
|
||||||
|
--metrics.prometheus.buckets Buckets for latency metrics (default "[0.1 0.3 1.2 5]")
|
||||||
|
--metrics.prometheus.entrypoint EntryPoint (default "traefik")
|
||||||
|
--metrics.prometheus.middlewares Middlewares
|
||||||
|
--metrics.statsd StatsD metrics exporter type (default "false")
|
||||||
|
--metrics.statsd.address StatsD address (default "localhost:8125")
|
||||||
|
--metrics.statsd.pushinterval StatsD push interval (default "10s")
|
||||||
|
--ping Enable ping (default "false")
|
||||||
|
--ping.entrypoint Ping entryPoint (default "traefik")
|
||||||
|
--ping.middlewares Middleware list
|
||||||
|
--providers Providers configuration (default "false")
|
||||||
|
--providers.docker Enable Docker backend with default settings (default "false")
|
||||||
|
--providers.docker.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
|
||||||
|
--providers.docker.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
|
||||||
|
--providers.docker.endpoint Docker server endpoint. Can be a tcp or a unix socket endpoint (default "unix:///var/run/docker.sock")
|
||||||
|
--providers.docker.exposedbydefault Expose containers by default (default "true")
|
||||||
|
--providers.docker.network Default Docker network used
|
||||||
|
--providers.docker.swarmmode Use Docker on Swarm Mode (default "false")
|
||||||
|
--providers.docker.swarmmoderefreshseconds Polling interval for swarm mode (in seconds) (default "15")
|
||||||
|
--providers.docker.tls Enable Docker TLS support (default "false")
|
||||||
|
--providers.docker.tls.ca TLS CA
|
||||||
|
--providers.docker.tls.caoptional TLS CA.Optional (default "false")
|
||||||
|
--providers.docker.tls.cert TLS cert
|
||||||
|
--providers.docker.tls.insecureskipverify TLS insecure skip verify (default "false")
|
||||||
|
--providers.docker.tls.key TLS key
|
||||||
|
--providers.docker.usebindportip Use the ip address from the bound port, rather than from the inner network (default "false")
|
||||||
|
--providers.docker.watch Watch provider (default "true")
|
||||||
|
--providers.file Enable File backend with default settings (default "true")
|
||||||
|
--providers.file.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
|
||||||
|
--providers.file.directory Load configuration from one or more .toml files in a directory
|
||||||
|
--providers.file.filename Override default configuration template. For advanced users :)
|
||||||
|
--providers.file.watch Watch provider (default "true")
|
||||||
|
--providers.kubernetes Enable Kubernetes backend with default settings (default "true")
|
||||||
|
--providers.kubernetes.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
|
||||||
|
--providers.kubernetes.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
|
||||||
|
--providers.kubernetes.endpoint Kubernetes server endpoint (required for external cluster client)
|
||||||
|
--providers.kubernetes.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
|
||||||
|
--providers.kubernetes.ingressendpoint Kubernetes Ingress Endpoint (default "false")
|
||||||
|
--providers.kubernetes.ingressendpoint.hostname Hostname used for Kubernetes Ingress endpoints
|
||||||
|
--providers.kubernetes.ingressendpoint.ip IP used for Kubernetes Ingress endpoints
|
||||||
|
--providers.kubernetes.ingressendpoint.publishedservice Published Kubernetes Service to copy status from
|
||||||
|
--providers.kubernetes.labelselector Kubernetes Ingress label selector to use
|
||||||
|
--providers.kubernetes.namespaces Kubernetes namespaces (default "[]")
|
||||||
|
--providers.kubernetes.token Kubernetes bearer token (not needed for in-cluster client)
|
||||||
|
--providers.kubernetescrd Enable Kubernetes backend with default settings (default "false")
|
||||||
|
--providers.kubernetescrd.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
|
||||||
|
--providers.kubernetescrd.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
|
||||||
|
--providers.kubernetescrd.endpoint Kubernetes server endpoint (required for external cluster client)
|
||||||
|
--providers.kubernetescrd.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
|
||||||
|
--providers.kubernetescrd.labelselector Kubernetes label selector to use
|
||||||
|
--providers.kubernetescrd.namespaces Kubernetes namespaces (default "[]")
|
||||||
|
--providers.kubernetescrd.token Kubernetes bearer token (not needed for in-cluster client)
|
||||||
|
--providers.marathon Enable Marathon backend with default settings (default "false")
|
||||||
|
--providers.marathon.basic Enable basic authentication (default "false")
|
||||||
|
--providers.marathon.basic.httpbasicauthuser Basic authentication User
|
||||||
|
--providers.marathon.basic.httpbasicpassword Basic authentication Password
|
||||||
|
--providers.marathon.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
|
||||||
|
--providers.marathon.dcostoken DCOSToken for DCOS environment, This will override the Authorization header
|
||||||
|
--providers.marathon.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
|
||||||
|
--providers.marathon.dialertimeout Set a dialer timeout for Marathon (default "5s")
|
||||||
|
--providers.marathon.endpoint Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080")
|
||||||
|
--providers.marathon.exposedbydefault Expose Marathon apps by default (default "true")
|
||||||
|
--providers.marathon.filtermarathonconstraints Enable use of Marathon constraints in constraint filtering (default "false")
|
||||||
|
--providers.marathon.forcetaskhostname Force to use the task's hostname. (default "false")
|
||||||
|
--providers.marathon.keepalive Set a TCP Keep Alive time in seconds (default "10s")
|
||||||
|
--providers.marathon.respectreadinesschecks Filter out tasks with non-successful readiness checks during deployments (default "false")
|
||||||
|
--providers.marathon.responseheadertimeout Set a response header timeout for Marathon (default "1m0s")
|
||||||
|
--providers.marathon.tls Enable TLS support (default "false")
|
||||||
|
--providers.marathon.tls.ca TLS CA
|
||||||
|
--providers.marathon.tls.caoptional TLS CA.Optional (default "false")
|
||||||
|
--providers.marathon.tls.cert TLS cert
|
||||||
|
--providers.marathon.tls.insecureskipverify TLS insecure skip verify (default "false")
|
||||||
|
--providers.marathon.tls.key TLS key
|
||||||
|
--providers.marathon.tlshandshaketimeout Set a TLS handhsake timeout for Marathon (default "5s")
|
||||||
|
--providers.marathon.trace Display additional provider logs. (default "false")
|
||||||
|
--providers.marathon.watch Watch provider (default "true")
|
||||||
|
--providers.providersthrottleduration Backends throttle duration: minimum duration between 2 events from providers (default "2s")
|
||||||
|
before applying a new configuration. It avoids unnecessary reloads if multiples
|
||||||
|
events are sent in a short amount of time.
|
||||||
|
--providers.rancher Enable Rancher backend with default settings (default "true")
|
||||||
|
--providers.rancher.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
|
||||||
|
--providers.rancher.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
|
||||||
|
--providers.rancher.exposedbydefault Expose containers by default (default "true")
|
||||||
|
--providers.rancher.intervalpoll Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate) (default "false")
|
||||||
|
--providers.rancher.prefix Prefix used for accessing the Rancher metadata service (default "latest")
|
||||||
|
--providers.rancher.watch Watch provider (default "true")
|
||||||
|
--providers.rest Enable Rest backend with default settings (default "true")
|
||||||
|
--providers.rest.entrypoint EntryPoint (default "traefik")
|
||||||
|
--serverstransport Servers default transport (default "true")
|
||||||
|
--serverstransport.forwardingtimeouts Timeouts for requests forwarded to the backend servers (default "true")
|
||||||
|
--serverstransport.forwardingtimeouts.dialtimeout The amount of time to wait until a connection to a backend server can be (default "0s")
|
||||||
|
established. Defaults to 30 seconds. If zero, no timeout exists
|
||||||
|
--serverstransport.forwardingtimeouts.responseheadertimeout The amount of time to wait for a server's response headers after fully writing (default "0s")
|
||||||
|
the request (including its body, if any). If zero, no timeout exists
|
||||||
|
--serverstransport.insecureskipverify Disable SSL certificate verification (default "false")
|
||||||
|
--serverstransport.maxidleconnsperhost If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, (default "200")
|
||||||
|
DefaultMaxIdleConnsPerHost is used
|
||||||
|
--serverstransport.rootcas Add cert file for self-signed certificate
|
||||||
|
--tracing OpenTracing configuration (default "false")
|
||||||
|
--tracing.backend Selects the tracking backend ('jaeger','zipkin','datadog','instana'). (default "jaeger")
|
||||||
|
--tracing.datadog Settings for DataDog (default "false")
|
||||||
|
--tracing.datadog.bagageprefixheadername specifies the header name prefix that will be used to store baggage items in a
|
||||||
|
map.
|
||||||
|
--tracing.datadog.debug Enable DataDog debug. (default "false")
|
||||||
|
--tracing.datadog.globaltag Key:Value tag to be set on all the spans.
|
||||||
|
--tracing.datadog.localagenthostport Set datadog-agent's host:port that the reporter will used. Defaults to (default "localhost:8126")
|
||||||
|
localhost:8126
|
||||||
|
--tracing.datadog.parentidheadername Specifies the header name that will be used to store the parent ID.
|
||||||
|
--tracing.datadog.prioritysampling Enable priority sampling. When using distributed tracing, this option must be (default "false")
|
||||||
|
enabled in order to get all the parts of a distributed trace sampled.
|
||||||
|
--tracing.datadog.samplingpriorityheadername Specifies the header name that will be used to store the sampling priority.
|
||||||
|
--tracing.datadog.traceidheadername Specifies the header name that will be used to store the trace ID.
|
||||||
|
--tracing.instana Settings for Instana (default "false")
|
||||||
|
--tracing.instana.localagenthost Set instana-agent's host that the reporter will used. (default "localhost")
|
||||||
|
--tracing.instana.localagentport Set instana-agent's port that the reporter will used. (default "42699")
|
||||||
|
--tracing.instana.loglevel Set instana-agent's log level. ('error','warn','info','debug') (default "info")
|
||||||
|
--tracing.jaeger Settings for jaeger (default "false")
|
||||||
|
--tracing.jaeger.gen128bit generate 128 bit span IDs. (default "false")
|
||||||
|
--tracing.jaeger.localagenthostport set jaeger-agent's host:port that the reporter will used. (default "127.0.0.1:6831")
|
||||||
|
--tracing.jaeger.propagation which propgation format to use (jaeger/b3). (default "jaeger")
|
||||||
|
--tracing.jaeger.samplingparam set the sampling parameter. (default "1")
|
||||||
|
--tracing.jaeger.samplingserverurl set the sampling server url. (default "http://localhost:5778/sampling")
|
||||||
|
--tracing.jaeger.samplingtype set the sampling type. (default "const")
|
||||||
|
--tracing.jaeger.tracecontextheadername set the header to use for the trace-id. (default "uber-trace-id")
|
||||||
|
--tracing.servicename Set the name for this service (default "traefik")
|
||||||
|
--tracing.spannamelimit Set the maximum character limit for Span names (default 0 = no limit) (default "0")
|
||||||
|
--tracing.zipkin Settings for zipkin (default "false")
|
||||||
|
--tracing.zipkin.debug Enable Zipkin debug. (default "false")
|
||||||
|
--tracing.zipkin.httpendpoint HTTP Endpoint to report traces to. (default "http://localhost:9411/api/v1/spans")
|
||||||
|
--tracing.zipkin.id128bit Use Zipkin 128 bit root span IDs. (default "true")
|
||||||
|
--tracing.zipkin.samespan Use Zipkin SameSpan RPC style traces. (default "false")
|
||||||
|
--tracing.zipkin.samplerate The rate between 0.0 and 1.0 of requests to trace. (default "1")
|
||||||
|
-h, --help Print Help (this message) and exit
|
|
@ -5,7 +5,7 @@ Opening Connections for Incoming Requests
|
||||||
|
|
||||||
![EntryPoints](../assets/img/entrypoints.png)
|
![EntryPoints](../assets/img/entrypoints.png)
|
||||||
|
|
||||||
Entrypoints are the network entry points into Traefik.
|
EntryPoints are the network entry points into Traefik.
|
||||||
They define the port which will receive the requests (whether HTTP or TCP).
|
They define the port which will receive the requests (whether HTTP or TCP).
|
||||||
|
|
||||||
## Configuration Examples
|
## Configuration Examples
|
||||||
|
@ -13,8 +13,8 @@ They define the port which will receive the requests (whether HTTP or TCP).
|
||||||
??? example "Port 80 only"
|
??? example "Port 80 only"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -23,11 +23,11 @@ They define the port which will receive the requests (whether HTTP or TCP).
|
||||||
??? example "Port 80 & 443"
|
??? example "Port 80 & 443"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
address = ":443"
|
address = ":443"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -38,7 +38,45 @@ They define the port which will receive the requests (whether HTTP or TCP).
|
||||||
|
|
||||||
### General
|
### General
|
||||||
|
|
||||||
Entrypoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). You can define them using a toml file, CLI arguments, or a key-value store. See the [complete reference](../reference/entrypoints.md) for the list of available options.
|
EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
|
||||||
|
You can define them using a toml file, CLI arguments, or a key-value store.
|
||||||
|
|
||||||
|
See the complete reference for the list of available options:
|
||||||
|
|
||||||
|
```toml tab="File"
|
||||||
|
[EntryPoints]
|
||||||
|
|
||||||
|
[EntryPoints.EntryPoint0]
|
||||||
|
Address = "foobar"
|
||||||
|
[EntryPoints.EntryPoint0.Transport]
|
||||||
|
[EntryPoints.EntryPoint0.Transport.LifeCycle]
|
||||||
|
RequestAcceptGraceTimeout = 42
|
||||||
|
GraceTimeOut = 42
|
||||||
|
[EntryPoints.EntryPoint0.Transport.RespondingTimeouts]
|
||||||
|
ReadTimeout = 42
|
||||||
|
WriteTimeout = 42
|
||||||
|
IdleTimeout = 42
|
||||||
|
[EntryPoints.EntryPoint0.ProxyProtocol]
|
||||||
|
Insecure = true
|
||||||
|
TrustedIPs = ["foobar", "foobar"]
|
||||||
|
[EntryPoints.EntryPoint0.ForwardedHeaders]
|
||||||
|
Insecure = true
|
||||||
|
TrustedIPs = ["foobar", "foobar"]
|
||||||
|
```
|
||||||
|
|
||||||
|
```ini tab="CLI"
|
||||||
|
Name:EntryPoint0
|
||||||
|
Address:foobar
|
||||||
|
Transport.LifeCycle.RequestAcceptGraceTimeout:42
|
||||||
|
Transport.LifeCycle.GraceTimeOut:42
|
||||||
|
Transport.RespondingTimeouts.ReadTimeout:42
|
||||||
|
Transport.RespondingTimeouts.WriteTimeout:42
|
||||||
|
Transport.RespondingTimeouts.IdleTimeout:42
|
||||||
|
ProxyProtocol.Insecure:true
|
||||||
|
ProxyProtocol.TrustedIPs:foobar,foobar
|
||||||
|
ForwardedHeaders.Insecure:true
|
||||||
|
ForwardedHeaders.TrustedIPs:foobar,foobar
|
||||||
|
```
|
||||||
|
|
||||||
??? example "Using the CLI"
|
??? example "Using the CLI"
|
||||||
|
|
||||||
|
@ -50,7 +88,7 @@ Entrypoints are part of the [static configuration](../getting-started/configurat
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
The whitespace character (` `) is the option separator, and the comma (`,`) is the value separator for lists.
|
The whitespace character (` `) is the option separator, and the comma (`,`) is the value separator for lists inside an option.
|
||||||
The option names are case-insensitive.
|
The option names are case-insensitive.
|
||||||
|
|
||||||
!!! warning "Using Docker Compose Files"
|
!!! warning "Using Docker Compose Files"
|
||||||
|
@ -80,11 +118,11 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
|
||||||
??? example "Enabling Proxy Protocol with Trusted IPs"
|
??? example "Enabling Proxy Protocol with Trusted IPs"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.web.proxyProtocol]
|
[entryPoints.web.proxyProtocol]
|
||||||
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
|
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -95,11 +133,11 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
|
||||||
In a test environments, you can configure Traefik to trust every incoming connection. Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
|
In a test environments, you can configure Traefik to trust every incoming connection. Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.web.proxyProtocol]
|
[entryPoints.web.proxyProtocol]
|
||||||
insecure = true
|
insecure = true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -115,21 +153,21 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
|
||||||
??? example "Trusting Forwarded Headers from specific IPs"
|
??? example "Trusting Forwarded Headers from specific IPs"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.web.forwardedHeaders]
|
[entryPoints.web.forwardedHeaders]
|
||||||
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
|
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
|
||||||
```
|
```
|
||||||
|
|
||||||
??? example "Insecure Mode -- Always Trusting Forwarded Headers"
|
??? example "Insecure Mode -- Always Trusting Forwarded Headers"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
|
|
||||||
[entrypoints.web.forwardedHeaders]
|
[entryPoints.web.forwardedHeaders]
|
||||||
insecure = true
|
insecure = true
|
||||||
```
|
```
|
||||||
|
|
|
@ -25,8 +25,8 @@ Below is an example of a full configuration file for the [file provider](../prov
|
||||||
In the process, Traefik will make sure that the user is authenticated (using the [BasicAuth middleware](../middlewares/basicauth.md)).
|
In the process, Traefik will make sure that the user is authenticated (using the [BasicAuth middleware](../middlewares/basicauth.md)).
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":8081" # Listen on port 8081 for incoming requests
|
address = ":8081" # Listen on port 8081 for incoming requests
|
||||||
|
|
||||||
[providers]
|
[providers]
|
||||||
|
@ -62,8 +62,8 @@ In the process, Traefik will make sure that the user is authenticated (using the
|
||||||
??? example "Adding a TCP route for TLS requests on whoami.traefik.io"
|
??? example "Adding a TCP route for TLS requests on whoami.traefik.io"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":8081" # Listen on port 8081 for incoming requests
|
address = ":8081" # Listen on port 8081 for incoming requests
|
||||||
|
|
||||||
[providers]
|
[providers]
|
||||||
|
|
|
@ -32,16 +32,16 @@ In the process, routers may use pieces of [middleware](../../middlewares/overvie
|
||||||
??? example "Forwarding all (non-tls) requests on port 3306 to a database service"
|
??? example "Forwarding all (non-tls) requests on port 3306 to a database service"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.mysql-default]
|
[entryPoints.mysql-default]
|
||||||
address = ":80"
|
address = ":80"
|
||||||
[entrypoints.mysql-default]
|
[entryPoints.mysql-default]
|
||||||
address = ":3306"
|
address = ":3306"
|
||||||
|
|
||||||
[tcp]
|
[tcp]
|
||||||
[tcp.routers]
|
[tcp.routers]
|
||||||
[tcp.routers.to-database]
|
[tcp.routers.to-database]
|
||||||
entrypoints = ["mysql-default"]
|
entryPoints = ["mysql-default"]
|
||||||
rule = "HostSNI(`*`)" # Catch every request (only available rule for non-tls routers. See below.)
|
rule = "HostSNI(`*`)" # Catch every request (only available rule for non-tls routers. See below.)
|
||||||
service = "database"
|
service = "database"
|
||||||
```
|
```
|
||||||
|
@ -56,12 +56,12 @@ If you want to limit the router scope to a set of entrypoint, set the entrypoint
|
||||||
??? example "Listens to Every EntryPoint"
|
??? example "Listens to Every EntryPoint"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
# ...
|
# ...
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
# ...
|
# ...
|
||||||
[entrypoints.other]
|
[entryPoints.other]
|
||||||
# ...
|
# ...
|
||||||
|
|
||||||
[http.routers]
|
[http.routers]
|
||||||
|
@ -74,12 +74,12 @@ If you want to limit the router scope to a set of entrypoint, set the entrypoint
|
||||||
??? example "Listens to Specific EntryPoints"
|
??? example "Listens to Specific EntryPoints"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
# ...
|
# ...
|
||||||
[entrypoint.web-secure]
|
[entryPoints.web-secure]
|
||||||
# ...
|
# ...
|
||||||
[entrypoint.other]
|
[entryPoints.other]
|
||||||
# ...
|
# ...
|
||||||
|
|
||||||
[http.routers]
|
[http.routers]
|
||||||
|
@ -211,12 +211,12 @@ If you want to limit the router scope to a set of entrypoints, set the entrypoin
|
||||||
??? example "Listens to Every EntryPoint"
|
??? example "Listens to Every EntryPoint"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
# ...
|
# ...
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
# ...
|
# ...
|
||||||
[entrypoints.other]
|
[entryPoints.other]
|
||||||
# ...
|
# ...
|
||||||
|
|
||||||
[tcp.routers]
|
[tcp.routers]
|
||||||
|
@ -230,12 +230,12 @@ If you want to limit the router scope to a set of entrypoints, set the entrypoin
|
||||||
??? example "Listens to Specific EntryPoints"
|
??? example "Listens to Specific EntryPoints"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
# ...
|
# ...
|
||||||
[entrypoint.web-secure]
|
[entryPoints.web-secure]
|
||||||
# ...
|
# ...
|
||||||
[entrypoint.other]
|
[entryPoints.other]
|
||||||
# ...
|
# ...
|
||||||
|
|
||||||
[tcp.routers]
|
[tcp.routers]
|
||||||
|
|
|
@ -3,7 +3,7 @@ kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
name: simpleingressroute
|
name: simpleingressroute
|
||||||
spec:
|
spec:
|
||||||
entrypoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`your.domain.com`) && PathPrefix(`/notls`)
|
- match: Host(`your.domain.com`) && PathPrefix(`/notls`)
|
||||||
|
@ -18,7 +18,7 @@ kind: IngressRoute
|
||||||
metadata:
|
metadata:
|
||||||
name: ingressroutetls
|
name: ingressroutetls
|
||||||
spec:
|
spec:
|
||||||
entrypoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`your.domain.com`) && PathPrefix(`/tls`)
|
- match: Host(`your.domain.com`) && PathPrefix(`/tls`)
|
||||||
|
|
|
@ -16,7 +16,7 @@ In the following, the Kubernetes resources defined in YAML configuration files c
|
||||||
- the first, and usual way, is simply with the `kubectl apply` command.
|
- the first, and usual way, is simply with the `kubectl apply` command.
|
||||||
- the second, which can be used for this tutorial, is to directly place the files in the directory used by the k3s docker image for such inputs (`/var/lib/rancher/k3s/server/manifests`).
|
- the second, which can be used for this tutorial, is to directly place the files in the directory used by the k3s docker image for such inputs (`/var/lib/rancher/k3s/server/manifests`).
|
||||||
|
|
||||||
## k3s Docker-compose Configuration ##
|
## k3s Docker-compose Configuration
|
||||||
|
|
||||||
Our starting point is the docker-compose configuration file, to start the k3s cluster.
|
Our starting point is the docker-compose configuration file, to start the k3s cluster.
|
||||||
You can start it with:
|
You can start it with:
|
||||||
|
@ -29,11 +29,11 @@ docker-compose -f k3s.yml up
|
||||||
--8<-- "content/user-guides/crd-acme/k3s.yml"
|
--8<-- "content/user-guides/crd-acme/k3s.yml"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Cluster Resources ##
|
## Cluster Resources
|
||||||
|
|
||||||
Let's now have a look (in the order they should be applied, if using `kubectl apply`) at all the required resources for the full setup.
|
Let's now have a look (in the order they should be applied, if using `kubectl apply`) at all the required resources for the full setup.
|
||||||
|
|
||||||
### IngressRoute Definition ###
|
### IngressRoute Definition
|
||||||
|
|
||||||
First, the definition of the `IngressRoute` and the `Middleware` kinds.
|
First, the definition of the `IngressRoute` and the `Middleware` kinds.
|
||||||
Also note the RBAC authorization resources; they'll be referenced through the `serviceAccountName` of the deployment, later on.
|
Also note the RBAC authorization resources; they'll be referenced through the `serviceAccountName` of the deployment, later on.
|
||||||
|
@ -42,7 +42,7 @@ Also note the RBAC authorization resources; they'll be referenced through the `s
|
||||||
--8<-- "content/user-guides/crd-acme/01-crd.yml"
|
--8<-- "content/user-guides/crd-acme/01-crd.yml"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Services ###
|
### Services
|
||||||
|
|
||||||
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/containous/whoami).
|
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/containous/whoami).
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ Then, the services. One for Traefik itself, and one for the app it routes for, i
|
||||||
--8<-- "content/user-guides/crd-acme/02-services.yml"
|
--8<-- "content/user-guides/crd-acme/02-services.yml"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Deployments ###
|
### Deployments
|
||||||
|
|
||||||
Next, the deployments, i.e. the actual pods behind the services.
|
Next, the deployments, i.e. the actual pods behind the services.
|
||||||
Again, one pod for Traefik, and one for the whoami app.
|
Again, one pod for Traefik, and one for the whoami app.
|
||||||
|
@ -59,7 +59,7 @@ Again, one pod for Traefik, and one for the whoami app.
|
||||||
--8<-- "content/user-guides/crd-acme/03-deployments.yml"
|
--8<-- "content/user-guides/crd-acme/03-deployments.yml"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Port Forwarding ###
|
### Port Forwarding
|
||||||
|
|
||||||
Now, as an exception to what we said above, please note that you should not let the ingressRoute resources below be applied automatically to your cluster.
|
Now, as an exception to what we said above, please note that you should not let the ingressRoute resources below be applied automatically to your cluster.
|
||||||
The reason is, as soon as the ACME provider of Traefik detects we have TLS routers, it will try to generate the certificates for the corresponding domains.
|
The reason is, as soon as the ACME provider of Traefik detects we have TLS routers, it will try to generate the certificates for the corresponding domains.
|
||||||
|
@ -74,7 +74,7 @@ Also, and this is out of the scope if this guide, please note that because of th
|
||||||
In which case you can use tricks such as elevating caps of `kubectl` with `setcaps`, or using `authbind`, or setting up a NAT between your host and the WAN.
|
In which case you can use tricks such as elevating caps of `kubectl` with `setcaps`, or using `authbind`, or setting up a NAT between your host and the WAN.
|
||||||
Look it up.
|
Look it up.
|
||||||
|
|
||||||
### Traefik Routers ###
|
### Traefik Routers
|
||||||
|
|
||||||
We can now finally apply the actual ingressRoutes, with:
|
We can now finally apply the actual ingressRoutes, with:
|
||||||
|
|
||||||
|
|
120
docs/content/user-guides/marathon.md
Normal file
120
docs/content/user-guides/marathon.md
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
# Marathon
|
||||||
|
|
||||||
|
This guide explains how to integrate Marathon and operate the cluster in a reliable way from Traefik's standpoint.
|
||||||
|
|
||||||
|
## Host detection
|
||||||
|
|
||||||
|
Marathon offers multiple ways to run (Docker-containerized) applications, the most popular ones being
|
||||||
|
|
||||||
|
- BRIDGE-networked containers with dynamic high ports exposed
|
||||||
|
- HOST-networked containers with host machine ports
|
||||||
|
- containers with dedicated IP addresses ([IP-per-task](https://mesosphere.github.io/marathon/docs/ip-per-task.html)).
|
||||||
|
|
||||||
|
Traefik tries to detect the configured mode and route traffic to the right IP addresses. It is possible to force using task hosts with the `forceTaskHostname` option.
|
||||||
|
|
||||||
|
## Port detection
|
||||||
|
|
||||||
|
Traefik also attempts to determine the right port (which is a [non-trivial matter in Marathon](https://mesosphere.github.io/marathon/docs/ports.html)).
|
||||||
|
Following is the order by which Traefik tries to identify the port (the first one that yields a positive result will be used):
|
||||||
|
|
||||||
|
1. A arbitrary port specified through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=8080`
|
||||||
|
1. The task port (possibly indexed through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=index:0` label, otherwise the first one).
|
||||||
|
1. The port from the application's `portDefinitions` field (possibly indexed through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=index:0` label, otherwise the first one).
|
||||||
|
1. The port from the application's `ipAddressPerTask` field (possibly indexed through the `traefik.HTTP.Services.ServiceName.LoadBalancer.server.Port=index:0` label, otherwise the first one).
|
||||||
|
|
||||||
|
## Achieving high availability
|
||||||
|
|
||||||
|
### Scenarios
|
||||||
|
|
||||||
|
There are three scenarios where the availability of a Marathon application could be impaired along with the risk of losing or failing requests:
|
||||||
|
|
||||||
|
- During the startup phase when Traefik already routes requests to the backend even though it has not completed its bootstrapping process yet.
|
||||||
|
- During the shutdown phase when Traefik still routes requests to the backend while the backend is already terminating.
|
||||||
|
- During a failure of the application when Traefik has not yet identified the backend as being erroneous.
|
||||||
|
|
||||||
|
The first two scenarios are common with every rolling upgrade of an application (i.e. a new version release or configuration update).
|
||||||
|
|
||||||
|
The following sub-sections describe how to resolve or mitigate each scenario.
|
||||||
|
|
||||||
|
#### Startup
|
||||||
|
|
||||||
|
It is possible to define [readiness checks](https://mesosphere.github.io/marathon/docs/readiness-checks.html) (available since Marathon version 1.1) per application and have Marathon take these into account during the startup phase.
|
||||||
|
|
||||||
|
The idea is that each application provides an HTTP endpoint that Marathon queries periodically during an ongoing deployment in order to mark the associated readiness check result as successful if and only if the endpoint returns a response within the configured HTTP code range.
|
||||||
|
As long as the check keeps failing, Marathon will not proceed with the deployment (within the configured upgrade strategy bounds).
|
||||||
|
|
||||||
|
Beginning with version 1.4, Traefik respects readiness check results if the Traefik option is set and checks are configured on the applications accordingly.
|
||||||
|
|
||||||
|
!!! note
|
||||||
|
Due to the way readiness check results are currently exposed by the Marathon API, ready tasks may be taken into rotation with a small delay.
|
||||||
|
It is on the order of one readiness check timeout interval (as configured on the application specifiation) and guarantees that non-ready tasks do not receive traffic prematurely.
|
||||||
|
|
||||||
|
If readiness checks are not possible, a current mitigation strategy is to enable [retries](../middlewares/retry.md) and make sure that a sufficient number of healthy application tasks exist so that one retry will likely hit one of those.
|
||||||
|
Apart from its probabilistic nature, the workaround comes at the price of increased latency.
|
||||||
|
|
||||||
|
#### Shutdown
|
||||||
|
|
||||||
|
It is possible to install a [termination handler](https://mesosphere.github.io/marathon/docs/health-checks.html) (available since Marathon version 1.3) with each application whose responsibility it is to delay the shutdown process long enough until the backend has been taken out of load-balancing rotation with reasonable confidence (i.e., Traefik has received an update from the Marathon event bus, recomputes the available Marathon backends, and applies the new configuration).
|
||||||
|
Specifically, each termination handler should install a signal handler listening for a SIGTERM signal and implement the following steps on signal reception:
|
||||||
|
|
||||||
|
1. Disable Keep-Alive HTTP connections.
|
||||||
|
1. Keep accepting HTTP requests for a certain period of time.
|
||||||
|
1. Stop accepting new connections.
|
||||||
|
1. Finish serving any in-flight requests.
|
||||||
|
1. Shut down.
|
||||||
|
|
||||||
|
Traefik already ignores Marathon tasks whose state does not match `TASK_RUNNING`; since terminating tasks transition into the `TASK_KILLING` and eventually `TASK_KILLED` state, there is nothing further that needs to be done on Traefik's end.
|
||||||
|
|
||||||
|
How long HTTP requests should continue to be accepted in step 2 depends on how long Traefik needs to receive and process the Marathon configuration update.
|
||||||
|
Under regular operational conditions, it should be on the order of seconds, with 10 seconds possibly being a good default value.
|
||||||
|
|
||||||
|
Again, configuring Traefik to do retries (as discussed in the previous section) can serve as a decent workaround strategy.
|
||||||
|
Paired with termination handlers, they would cover for those cases where either the termination sequence or Traefik cannot complete their part of the orchestration process in time.
|
||||||
|
|
||||||
|
#### Failure
|
||||||
|
|
||||||
|
A failing application always happens unexpectedly, and hence, it is very difficult or even impossible to rule out the adversal effects categorically.
|
||||||
|
|
||||||
|
Failure reasons vary broadly and could stretch from unacceptable slowness, a task crash, or a network split.
|
||||||
|
|
||||||
|
There are two mitigaton efforts:
|
||||||
|
|
||||||
|
1. Configure [Marathon health checks](https://mesosphere.github.io/marathon/docs/health-checks.html) on each application.
|
||||||
|
2. Configure Traefik health checks (possibly via the `traefik.HTTP.Services.YourServiceName.LoadBalancer.HealthCheck.*` labels) and make sure they probe with proper frequency.
|
||||||
|
|
||||||
|
The Marathon health check makes sure that applications once deemed dysfunctional are being rescheduled to different slaves.
|
||||||
|
However, they might take a while to get triggered and the follow-up processes to complete.
|
||||||
|
|
||||||
|
For that reason, the Treafik health check provides an additional check that responds more rapidly and does not require a configuration reload to happen.
|
||||||
|
Additionally, it protects from cases that the Marathon health check may not be able to cover, such as a network split.
|
||||||
|
|
||||||
|
### (Non-)Alternatives
|
||||||
|
|
||||||
|
There are a few alternatives of varying quality that are frequently asked for.
|
||||||
|
|
||||||
|
The remaining section is going to explore them along with a benefit/cost trade-off.
|
||||||
|
|
||||||
|
#### Reusing Marathon health checks
|
||||||
|
|
||||||
|
It may seem obvious to reuse the Marathon health checks as a signal to Traefik whether an application should be taken into load-balancing rotation or not.
|
||||||
|
|
||||||
|
Apart from the increased latency a failing health check may have, a major problem with this is is that Marathon does not persist the health check results.
|
||||||
|
Consequently, if a master re-election occurs in the Marathon clusters, all health check results will revert to the _unknown_ state, effectively causing all applications inside the cluster to become unavailable and leading to a complete cluster failure.
|
||||||
|
Re-elections do not only happen during regular maintenance work (often requiring rolling upgrades of the Marathon nodes) but also when the Marathon leader fails spontaneously.
|
||||||
|
As such, there is no way to handle this situation deterministically.
|
||||||
|
|
||||||
|
Finally, Marathon health checks are not mandatory (the default is to use the task state as reported by Mesos), so requiring them for Traefik would raise the entry barrier for Marathon users.
|
||||||
|
|
||||||
|
Traefik used to use the health check results as a strict requirement but moved away from it as [users reported the dramatic consequences](https://github.com/containous/traefik/issues/653).
|
||||||
|
|
||||||
|
#### Draining
|
||||||
|
|
||||||
|
Another common approach is to let a proxy drain backends that are supposed to shut down.
|
||||||
|
That is, once a backend is supposed to shut down, Traefik would stop forwarding requests.
|
||||||
|
|
||||||
|
On the plus side, this would not require any modifications to the application in question.
|
||||||
|
However, implementing this fully within Traefik seems like a non-trivial undertaking.
|
||||||
|
|
||||||
|
Additionally, the approach is less flexible compared to a custom termination handler since only the latter allows for the implementation of custom termination sequences that go beyond simple request draining (e.g., persisting a snapshot state to disk prior to terminating).
|
||||||
|
|
||||||
|
The feature is currently not implemented; a request for draining in general is at [issue 41](https://github.com/containous/traefik/issues/41).
|
|
@ -66,12 +66,6 @@ markdown_extensions:
|
||||||
|
|
||||||
# Page tree
|
# Page tree
|
||||||
nav:
|
nav:
|
||||||
- '': 'providers/kubernetes-ingress.md'
|
|
||||||
- '': 'reference/acme.md'
|
|
||||||
- '': 'reference/providers/docker.md'
|
|
||||||
- '': 'reference/providers/file.md'
|
|
||||||
- '': 'reference/providers/kubernetescrd.md'
|
|
||||||
- '': 'reference/entrypoints.md'
|
|
||||||
- 'Welcome': 'index.md'
|
- 'Welcome': 'index.md'
|
||||||
- 'Getting Started':
|
- 'Getting Started':
|
||||||
- 'Concepts' : 'getting-started/concepts.md'
|
- 'Concepts' : 'getting-started/concepts.md'
|
||||||
|
@ -80,8 +74,11 @@ nav:
|
||||||
- 'Configuration Discovery':
|
- 'Configuration Discovery':
|
||||||
- 'Overview': 'providers/overview.md'
|
- 'Overview': 'providers/overview.md'
|
||||||
- 'Docker': 'providers/docker.md'
|
- 'Docker': 'providers/docker.md'
|
||||||
- 'File': 'providers/file.md'
|
|
||||||
- 'Kubernetes IngressRoute': 'providers/kubernetes-crd.md'
|
- 'Kubernetes IngressRoute': 'providers/kubernetes-crd.md'
|
||||||
|
# - 'Kubernetes Ingress': 'providers/kubernetes-ingress.md'
|
||||||
|
- 'Rancher': 'providers/rancher.md'
|
||||||
|
- 'File': 'providers/file.md'
|
||||||
|
- 'Marathon': 'providers/marathon.md'
|
||||||
- 'Routing & Load Balancing':
|
- 'Routing & Load Balancing':
|
||||||
- 'Overview': 'routing/overview.md'
|
- 'Overview': 'routing/overview.md'
|
||||||
- 'Entrypoints': 'routing/entrypoints.md'
|
- 'Entrypoints': 'routing/entrypoints.md'
|
||||||
|
@ -124,6 +121,7 @@ nav:
|
||||||
- 'Tracing': 'observability/tracing.md'
|
- 'Tracing': 'observability/tracing.md'
|
||||||
- 'User Guides':
|
- 'User Guides':
|
||||||
- 'Kubernetes and Let''s Encrypt': 'user-guides/crd-acme/index.md'
|
- 'Kubernetes and Let''s Encrypt': 'user-guides/crd-acme/index.md'
|
||||||
|
- 'Marathon': 'user-guides/marathon.md'
|
||||||
- 'Contributing':
|
- 'Contributing':
|
||||||
- 'Thank You!': 'contributing/thank-you.md'
|
- 'Thank You!': 'contributing/thank-you.md'
|
||||||
- 'Submitting Issues': 'contributing/submitting-issues.md'
|
- 'Submitting Issues': 'contributing/submitting-issues.md'
|
||||||
|
@ -134,3 +132,9 @@ nav:
|
||||||
- 'Advocating': 'contributing/advocating.md'
|
- 'Advocating': 'contributing/advocating.md'
|
||||||
- 'Maintainers': 'contributing/maintainers.md'
|
- 'Maintainers': 'contributing/maintainers.md'
|
||||||
- 'Glossary': 'glossary.md'
|
- 'Glossary': 'glossary.md'
|
||||||
|
- 'References':
|
||||||
|
- 'Static Configuration': 'reference/static-configuration.md'
|
||||||
|
- 'Dynamic Configuration':
|
||||||
|
- 'Docker': 'reference/dynamic-configuration/docker.md'
|
||||||
|
- 'Kubernetes CRD': 'reference/dynamic-configuration/kubernetes-crd.md'
|
||||||
|
- 'File': 'reference/dynamic-configuration/file.md'
|
||||||
|
|
|
@ -15,8 +15,9 @@ RUN npm run build
|
||||||
FROM golang:1.12-alpine as gobuild
|
FROM golang:1.12-alpine as gobuild
|
||||||
|
|
||||||
RUN apk --update upgrade \
|
RUN apk --update upgrade \
|
||||||
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar \
|
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
|
||||||
&& rm -rf /var/cache/apk/*
|
&& update-ca-certificates \
|
||||||
|
&& rm -rf /var/cache/apk/*
|
||||||
|
|
||||||
RUN mkdir -p /usr/local/bin \
|
RUN mkdir -p /usr/local/bin \
|
||||||
&& curl -fsSL -o /usr/local/bin/go-bindata https://github.com/containous/go-bindata/releases/download/v1.0.0/go-bindata \
|
&& curl -fsSL -o /usr/local/bin/go-bindata https://github.com/containous/go-bindata/releases/download/v1.0.0/go-bindata \
|
||||||
|
@ -33,7 +34,8 @@ RUN ./script/make.sh generate binary
|
||||||
## IMAGE
|
## IMAGE
|
||||||
FROM scratch
|
FROM scratch
|
||||||
|
|
||||||
COPY script/ca-certificates.crt /etc/ssl/certs/
|
COPY --from=gobuild /usr/share/zoneinfo /usr/share/zoneinfo
|
||||||
|
COPY --from=gobuild /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||||
COPY --from=gobuild /go/src/github.com/containous/traefik/dist/traefik /
|
COPY --from=gobuild /go/src/github.com/containous/traefik/dist/traefik /
|
||||||
|
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
|
|
@ -1,24 +1,24 @@
|
||||||
[log]
|
|
||||||
logLevel = "ERROR"
|
|
||||||
filePath = "traefik.log"
|
|
||||||
|
|
||||||
[global]
|
[global]
|
||||||
checkNewVersion = false
|
checkNewVersion = false
|
||||||
sendAnonymousUsage = false
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
|
[log]
|
||||||
|
level = "ERROR"
|
||||||
|
filePath = "traefik.log"
|
||||||
|
|
||||||
[accessLog]
|
[accessLog]
|
||||||
filePath = "access.log"
|
filePath = "access.log"
|
||||||
|
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":8000"
|
address = ":8000"
|
||||||
[entrypoints.frontendRedirect]
|
[entryPoints.frontendRedirect]
|
||||||
address = ":8005"
|
address = ":8005"
|
||||||
[entrypoints.httpFrontendAuth]
|
[entryPoints.httpFrontendAuth]
|
||||||
address = ":8006"
|
address = ":8006"
|
||||||
[entrypoints.httpRateLimit]
|
[entryPoints.httpRateLimit]
|
||||||
address = ":8007"
|
address = ":8007"
|
||||||
[entrypoints.digestAuth]
|
[entryPoints.digestAuth]
|
||||||
address = ":8008"
|
address = ":8008"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = "{{ .PortHTTP }}"
|
address = "{{ .PortHTTP }}"
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
address = "{{ .PortHTTPS }}"
|
address = "{{ .PortHTTPS }}"
|
||||||
|
|
||||||
[acme]
|
[acme]
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = "{{ .PortHTTP }}"
|
address = "{{ .PortHTTP }}"
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
address = "{{ .PortHTTPS }}"
|
address = "{{ .PortHTTPS }}"
|
||||||
|
|
||||||
[acme]
|
[acme]
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = "{{ .PortHTTP }}"
|
address = "{{ .PortHTTP }}"
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
address = "{{ .PortHTTPS }}"
|
address = "{{ .PortHTTPS }}"
|
||||||
|
|
||||||
[acme]
|
[acme]
|
||||||
|
|
|
@ -1,18 +1,22 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = "{{ .PortHTTP }}"
|
address = "{{ .PortHTTP }}"
|
||||||
|
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
address = "{{ .PortHTTPS }}"
|
address = "{{ .PortHTTPS }}"
|
||||||
|
|
||||||
[entrypoints.traefik]
|
[entryPoints.traefik]
|
||||||
address = ":9000"
|
address = ":9000"
|
||||||
# FIXME
|
# FIXME
|
||||||
# [entrypoints.traefik.tls]
|
# [entryPoints.traefik.tls]
|
||||||
# [entrypoints.traefik.tls.DefaultCertificate]
|
# [entryPoints.traefik.tls.DefaultCertificate]
|
||||||
# certFile = "fixtures/acme/ssl/wildcard.crt"
|
# certFile = "fixtures/acme/ssl/wildcard.crt"
|
||||||
# keyFile = "fixtures/acme/ssl/wildcard.key"
|
# keyFile = "fixtures/acme/ssl/wildcard.key"
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
|
[global]
|
||||||
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[log]
|
[log]
|
||||||
logLevel = "DEBUG"
|
level = "DEBUG"
|
||||||
|
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web]
|
[entryPoints.web]
|
||||||
address = ":8000"
|
address = ":8000"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = ":8000"
|
address = ":8000"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = ":8080"
|
address = ":8080"
|
||||||
|
|
||||||
[providers]
|
[providers]
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = ":8080"
|
address = ":8080"
|
||||||
|
|
||||||
[providers]
|
[providers]
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = ":8000"
|
address = ":8000"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = ":8000"
|
address = ":8000"
|
||||||
|
|
||||||
[providers]
|
[providers]
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
|
[global]
|
||||||
[entrypoints]
|
checkNewVersion = false
|
||||||
[entrypoints.web]
|
sendAnonymousUsage = false
|
||||||
address = ":8000"
|
|
||||||
|
|
||||||
[log]
|
[log]
|
||||||
logLevel = "DEBUG"
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
|
address = ":8000"
|
||||||
|
|
||||||
[providers]
|
[providers]
|
||||||
[providers.file]
|
[providers.file]
|
||||||
|
|
|
@ -1,11 +1,15 @@
|
||||||
|
[global]
|
||||||
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
|
[log]
|
||||||
|
level = "DEBUG"
|
||||||
|
|
||||||
[serversTransport]
|
[serversTransport]
|
||||||
rootCAs = [ """{{ .CertContent }}""" ]
|
rootCAs = [ """{{ .CertContent }}""" ]
|
||||||
|
|
||||||
[global]
|
[entryPoints]
|
||||||
debug = true
|
[entryPoints.web-secure]
|
||||||
|
|
||||||
[entrypoints]
|
|
||||||
[entrypoints.web-secure]
|
|
||||||
address = ":4443"
|
address = ":4443"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
[global]
|
[global]
|
||||||
debug = true
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
address = ":8081"
|
address = ":8081"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,8 +1,12 @@
|
||||||
[global]
|
[global]
|
||||||
debug = true
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.web-secure]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web-secure]
|
||||||
address = ":4443"
|
address = ":4443"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,15 @@
|
||||||
|
[global]
|
||||||
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
|
[log]
|
||||||
|
level = "DEBUG"
|
||||||
|
|
||||||
[serversTransport]
|
[serversTransport]
|
||||||
insecureSkipVerify = true
|
insecureSkipVerify = true
|
||||||
|
|
||||||
[global]
|
[entryPoints]
|
||||||
debug = true
|
[entryPoints.web-secure]
|
||||||
|
|
||||||
[entrypoints]
|
|
||||||
[entrypoints.web-secure]
|
|
||||||
address = ":4443"
|
address = ":4443"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,8 +1,15 @@
|
||||||
|
[global]
|
||||||
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
|
[log]
|
||||||
|
level = "DEBUG"
|
||||||
|
|
||||||
[serversTransport]
|
[serversTransport]
|
||||||
rootCAs = [ """{{ .CertContent }}""" ]
|
rootCAs = [ """{{ .CertContent }}""" ]
|
||||||
|
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
address = ":4443"
|
address = ":4443"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,9 +1,15 @@
|
||||||
|
[global]
|
||||||
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
|
[log]
|
||||||
|
level = "DEBUG"
|
||||||
|
|
||||||
[serversTransport]
|
[serversTransport]
|
||||||
rootCAs = [ """{{ .CertContent }}""" ]
|
rootCAs = [ """{{ .CertContent }}""" ]
|
||||||
|
|
||||||
[entrypoints]
|
[entryPoints]
|
||||||
[entrypoints.web-secure]
|
[entryPoints.web-secure]
|
||||||
address = ":4443"
|
address = ":4443"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
24
integration/fixtures/headers/basic.toml
Normal file
24
integration/fixtures/headers/basic.toml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
[global]
|
||||||
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
|
[log]
|
||||||
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
|
address = ":8000"
|
||||||
|
|
||||||
|
[providers]
|
||||||
|
[providers.file]
|
||||||
|
|
||||||
|
[http.routers]
|
||||||
|
[http.routers.router1]
|
||||||
|
rule = "Host(`test.localhost`)"
|
||||||
|
service = "service1"
|
||||||
|
|
||||||
|
[http.services]
|
||||||
|
[http.services.service1.loadbalancer]
|
||||||
|
[[http.services.service1.loadbalancer.servers]]
|
||||||
|
url = "http://172.17.0.2:80"
|
||||||
|
weight = 1
|
31
integration/fixtures/headers/cors.toml
Normal file
31
integration/fixtures/headers/cors.toml
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
[global]
|
||||||
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
|
[log]
|
||||||
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.web]
|
||||||
|
address = ":8000"
|
||||||
|
|
||||||
|
[providers]
|
||||||
|
[providers.file]
|
||||||
|
|
||||||
|
[http.routers]
|
||||||
|
[http.routers.router1]
|
||||||
|
rule = "Host(`test.localhost`)"
|
||||||
|
service = "service1"
|
||||||
|
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.cors.Headers]
|
||||||
|
AccessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
|
||||||
|
AccessControlAllowOrigin = "origin-list-or-null"
|
||||||
|
AccessControlMaxAge = 100
|
||||||
|
AddVaryHeader = true
|
||||||
|
|
||||||
|
[http.services]
|
||||||
|
[http.services.service1.loadbalancer]
|
||||||
|
[[http.services.service1.loadbalancer.servers]]
|
||||||
|
url = "http://172.17.0.2:80"
|
||||||
|
weight = 1
|
|
@ -1,10 +1,14 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.http1]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.http1]
|
||||||
address = ":8000"
|
address = ":8000"
|
||||||
[entrypoints.http2]
|
[entryPoints.http2]
|
||||||
address = ":9000"
|
address = ":9000"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
[log]
|
[global]
|
||||||
logLevel = "DEBUG"
|
checkNewVersion = false
|
||||||
|
sendAnonymousUsage = false
|
||||||
|
|
||||||
[entrypoints]
|
[log]
|
||||||
[entrypoints.http1]
|
level = "DEBUG"
|
||||||
|
|
||||||
|
[entryPoints]
|
||||||
|
[entryPoints.http1]
|
||||||
address = ":8000"
|
address = ":8000"
|
||||||
[entrypoints.http2]
|
[entryPoints.http2]
|
||||||
address = ":9000"
|
address = ":9000"
|
||||||
|
|
||||||
[api]
|
[api]
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue