From 17480abe857b25dca95198261a1de5edd9d6ca4a Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 23 Sep 2019 17:00:06 +0200 Subject: [PATCH] YAML I love you --- docs/content/https/acme.md | 4 +- docs/content/https/tls.md | 36 +-- docs/content/middlewares/addprefix.md | 4 +- docs/content/middlewares/basicauth.md | 26 +-- docs/content/middlewares/buffering.md | 24 +- docs/content/middlewares/chain.md | 48 ++-- docs/content/middlewares/circuitbreaker.md | 4 +- docs/content/middlewares/compress.md | 4 +- docs/content/middlewares/digestauth.md | 22 +- docs/content/middlewares/errorpages.md | 16 +- docs/content/middlewares/forwardauth.md | 52 ++--- docs/content/middlewares/headers.md | 14 +- docs/content/middlewares/inflightreq.md | 36 +-- docs/content/middlewares/ipwhitelist.md | 44 ++-- docs/content/middlewares/overview.md | 6 +- docs/content/middlewares/passtlsclientcert.md | 72 +++--- docs/content/middlewares/ratelimit.md | 34 +-- docs/content/middlewares/redirectregex.md | 9 +- docs/content/middlewares/redirectscheme.md | 4 +- docs/content/middlewares/replacepath.md | 4 +- docs/content/middlewares/replacepathregex.md | 8 +- docs/content/middlewares/retry.md | 6 +- docs/content/middlewares/stripprefix.md | 12 +- docs/content/middlewares/stripprefixregex.md | 8 +- docs/content/migration/v1-to-v2.md | 38 +-- docs/content/observability/access-logs.md | 4 +- .../observability/metrics/prometheus.md | 8 +- docs/content/operations/api.md | 17 +- docs/content/providers/kubernetes-ingress.md | 26 +-- .../reference/dynamic-configuration/file.yaml | 216 +++++++++--------- docs/content/routing/entrypoints.md | 16 +- docs/content/routing/providers/docker.md | 3 +- docs/content/routing/providers/marathon.md | 97 +++++++- docs/content/routing/providers/rancher.md | 113 +++++++++ docs/content/routing/routers/index.md | 26 +-- docs/content/user-guides/grpc.md | 2 +- docs/mkdocs.yml | 2 +- 37 files changed, 636 insertions(+), 429 deletions(-) diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index 4d7dae917..ce690d748 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -303,8 +303,8 @@ certificatesResolvers: dnsChallenge: # ... resolvers: - - "1.1.1.1:53" - - "8.8.8.8:53" + - "1.1.1.1:53" + - "8.8.8.8:53" ``` ```bash tab="CLI" diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index c6d3d8efa..5ea0859e0 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -30,10 +30,10 @@ To add / remove TLS certificates, even when Traefik is already running, their de tls: certificates: - - certFile: /path/to/domain.cert - keyFile: /path/to/domain.key - - certFile: /path/to/other-domain.cert - keyFile: /path/to/other-domain.key + - certFile: /path/to/domain.cert + keyFile: /path/to/domain.key + - certFile: /path/to/other-domain.cert + keyFile: /path/to/other-domain.key ``` !!! important "Restriction" @@ -88,14 +88,14 @@ In the `tls.certificates` section, a list of stores can then be specified to ind tls: certificates: - - certFile: /path/to/domain.cert - keyFile: /path/to/domain.key - stores: - - default - # Note that since no store is defined, - # the certificate below will be stored in the `default` store. - - certFile: /path/to/other-domain.cert - keyFile: /path/to/other-domain.key + - certFile: /path/to/domain.cert + keyFile: /path/to/domain.key + stores: + - default + # Note that since no store is defined, + # the certificate below will be stored in the `default` store. + - certFile: /path/to/other-domain.cert + keyFile: /path/to/other-domain.key ``` !!! important "Restriction" @@ -203,8 +203,8 @@ tls: options: default: cipherSuites: - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_256_GCM_SHA384 ``` ```yaml tab="Kubernetes" @@ -216,8 +216,8 @@ metadata: spec: cipherSuites: - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_256_GCM_SHA384 ``` !!! important "TLS 1.3" @@ -293,8 +293,8 @@ tls: clientAuth: # in PEM format. each file can contain multiple CAs. caFiles: - - tests/clientca1.crt - - tests/clientca2.crt + - tests/clientca1.crt + - tests/clientca2.crt clientAuthType: RequireAndVerifyClientCert ``` diff --git a/docs/content/middlewares/addprefix.md b/docs/content/middlewares/addprefix.md index 220b7dccc..c41cd1d40 100644 --- a/docs/content/middlewares/addprefix.md +++ b/docs/content/middlewares/addprefix.md @@ -12,7 +12,7 @@ The AddPrefix middleware updates the URL Path of the request before forwarding i ```yaml tab="Docker" # Prefixing with /foo labels: -- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" + - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" ``` ```yaml tab="Kubernetes" @@ -35,7 +35,7 @@ spec: ```yaml tab="Rancher" # Prefixing with /foo labels: -- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" + - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/basicauth.md b/docs/content/middlewares/basicauth.md index 40d7461cd..3225457ec 100644 --- a/docs/content/middlewares/basicauth.md +++ b/docs/content/middlewares/basicauth.md @@ -16,7 +16,7 @@ The BasicAuth middleware is a quick way to restrict access to your services to k # To create user:password pair, it's possible to use this command: # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g labels: -- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" + - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" ``` ```yaml tab="Kubernetes" @@ -39,7 +39,7 @@ spec: ```yaml tab="Rancher" # Declaring the user list labels: -- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" + - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` ```toml tab="File (TOML)" @@ -59,8 +59,8 @@ http: test-auth: basicAuth: users: - - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` ## Configuration Options @@ -89,7 +89,7 @@ The `users` option is an array of authorized users. Each user will be declared u # To create user:password pair, it's possible to use this command: # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g labels: -- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" + - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" ``` ```yaml tab="Kubernetes" @@ -124,7 +124,7 @@ data: ```yaml tab="Rancher" # Declaring the user list labels: -- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" + - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` ```toml tab="File (TOML)" @@ -144,8 +144,8 @@ http: test-auth: basicAuth: users: - - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` ### `usersFile` @@ -161,7 +161,7 @@ The file content is a list of `name:encoded-password`. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile" + - "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile" ``` ```yaml tab="Kubernetes" @@ -224,7 +224,7 @@ You can customize the realm for the authentication with the `realm` option. The ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm" + - "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm" ``` ```yaml tab="Kubernetes" @@ -268,7 +268,7 @@ You can define a header field to store the authenticated user using the `headerF ```yaml tab="Docker" labels: -- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User" + - "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User" ``` ```yaml tab="Kubernetes" @@ -309,7 +309,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.basicauth.removeheader=true" + - "traefik.http.middlewares.test-auth.basicauth.removeheader=true" ``` ```yaml tab="Kubernetes" @@ -330,7 +330,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.basicauth.removeheader=true" + - "traefik.http.middlewares.test-auth.basicauth.removeheader=true" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/buffering.md b/docs/content/middlewares/buffering.md index d03c78026..c30a1054b 100644 --- a/docs/content/middlewares/buffering.md +++ b/docs/content/middlewares/buffering.md @@ -16,7 +16,7 @@ This can help services deal with large data (multipart/form-data for example), a ```yaml tab="Docker" # Sets the maximum request body to 2Mb labels: -- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" ``` ```yaml tab="Kubernetes" @@ -39,7 +39,7 @@ spec: ```yaml tab="Rancher" # Sets the maximum request body to 2Mb labels: -- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" ``` ```toml tab="File (TOML)" @@ -68,7 +68,7 @@ If the request exceeds the allowed size, it is not forwarded to the service and ```yaml tab="Docker" labels: -- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" ``` ```yaml tab="Kubernetes" @@ -89,7 +89,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" ``` ```toml tab="File (TOML)" @@ -112,7 +112,7 @@ You can configure a threshold (in Bytes) from which the request will be buffered ```yaml tab="Docker" labels: -- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" ``` ```yaml tab="Kubernetes" @@ -133,7 +133,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" ``` ```toml tab="File (TOML)" @@ -158,7 +158,7 @@ If the response exceeds the allowed size, it is not forwarded to the client. The ```yaml tab="Docker" labels: -- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" ``` ```yaml tab="Kubernetes" @@ -179,7 +179,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" ``` ```toml tab="File (TOML)" @@ -202,7 +202,7 @@ You can configure a threshold (in Bytes) from which the response will be buffere ```yaml tab="Docker" labels: -- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" ``` ```yaml tab="Kubernetes" @@ -223,7 +223,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" + - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" ``` ```toml tab="File (TOML)" @@ -248,7 +248,7 @@ You can have the Buffering middleware replay the request with the help of the `r ```yaml tab="Docker" labels: - - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" + - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" ``` ```yaml tab="Kubernetes" @@ -269,7 +269,7 @@ You can have the Buffering middleware replay the request with the help of the `r ```yaml tab="Rancher" labels: - - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" + - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/chain.md b/docs/content/middlewares/chain.md index 3d7b6d53c..5afb07cd9 100644 --- a/docs/content/middlewares/chain.md +++ b/docs/content/middlewares/chain.md @@ -14,14 +14,14 @@ Example "A Chain for WhiteList, BasicAuth, and HTTPS" ```yaml tab="Docker" labels: -- "traefik.http.routers.router1.service=service1" -- "traefik.http.routers.router1.middlewares=secured" -- "traefik.http.routers.router1.rule=Host(`mydomain`)" -- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" -- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" -- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" -- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" -- "http.services.service1.loadbalancer.server.port=80" + - "traefik.http.routers.router1.service=service1" + - "traefik.http.routers.router1.middlewares=secured" + - "traefik.http.routers.router1.rule=Host(`mydomain`)" + - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" + - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" + - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" + - "http.services.service1.loadbalancer.server.port=80" ``` ```yaml tab="Kubernetes" @@ -98,14 +98,14 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.routers.router1.service=service1" -- "traefik.http.routers.router1.middlewares=secured" -- "traefik.http.routers.router1.rule=Host(`mydomain`)" -- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" -- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" -- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" -- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" -- "http.services.service1.loadbalancer.server.port=80" + - "traefik.http.routers.router1.service=service1" + - "traefik.http.routers.router1.middlewares=secured" + - "traefik.http.routers.router1.rule=Host(`mydomain`)" + - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" + - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "traefik.http.middlewares.https-only.redirectscheme.scheme=https" + - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" + - "http.services.service1.loadbalancer.server.port=80" ``` ```toml tab="File (TOML)" @@ -143,21 +143,21 @@ http: router1: service: service1 middlewares: - - secured + - secured rule: "Host(`mydomain`)" middlewares: secured: chain: middlewares: - - https-only - - known-ips - - auth-users + - https-only + - known-ips + - auth-users auth-users: basicAuth: users: - - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" https-only: redirectScheme: @@ -166,12 +166,12 @@ http: known-ips: ipWhiteList: sourceRange: - - "192.168.1.7" - - "127.0.0.1/32" + - "192.168.1.7" + - "127.0.0.1/32" services: service1: loadBalancer: servers: - - url: "http://127.0.0.1:80" + - url: "http://127.0.0.1:80" ``` diff --git a/docs/content/middlewares/circuitbreaker.md b/docs/content/middlewares/circuitbreaker.md index cc0a4445e..8d64cd427 100644 --- a/docs/content/middlewares/circuitbreaker.md +++ b/docs/content/middlewares/circuitbreaker.md @@ -31,7 +31,7 @@ To assess if your system is healthy, the circuit breaker constantly monitors the ```yaml tab="Docker" # Latency Check labels: -- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" + - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" ``` ```yaml tab="Kubernetes" @@ -54,7 +54,7 @@ spec: ```yaml tab="Rancher" # Latency Check labels: -- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" + - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/compress.md b/docs/content/middlewares/compress.md index b6c0a6680..f17457526 100644 --- a/docs/content/middlewares/compress.md +++ b/docs/content/middlewares/compress.md @@ -12,7 +12,7 @@ The Compress middleware enables the gzip compression. ```yaml tab="Docker" # Enable gzip compression labels: -- "traefik.http.middlewares.test-compress.compress=true" + - "traefik.http.middlewares.test-compress.compress=true" ``` ```yaml tab="Kubernetes" @@ -34,7 +34,7 @@ spec: ```yaml tab="Rancher" # Enable gzip compression labels: -- "traefik.http.middlewares.test-compress.compress=true" + - "traefik.http.middlewares.test-compress.compress=true" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/digestauth.md b/docs/content/middlewares/digestauth.md index 6091b5240..ce8eab6c1 100644 --- a/docs/content/middlewares/digestauth.md +++ b/docs/content/middlewares/digestauth.md @@ -12,7 +12,7 @@ The DigestAuth middleware is a quick way to restrict access to your services to ```yaml tab="Docker" # Declaring the user list labels: -- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" + - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` ```yaml tab="Kubernetes" @@ -35,7 +35,7 @@ spec: ```yaml tab="Rancher" # Declaring the user list labels: -- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" + - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` ```toml tab="File (TOML)" @@ -55,8 +55,8 @@ http: test-auth: digestAuth: users: - - "test:traefik:a2688e031edb4be6a3797f3882655c05" - - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" + - "test:traefik:a2688e031edb4be6a3797f3882655c05" + - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` ## Configuration Options @@ -76,7 +76,7 @@ The `users` option is an array of authorized users. Each user will be declared u ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" + - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` ```yaml tab="Kubernetes" @@ -108,7 +108,7 @@ data: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" + - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` ```toml tab="File (TOML)" @@ -126,8 +126,8 @@ http: test-auth: digestAuth: users: - - "test:traefik:a2688e031edb4be6a3797f3882655c05" - - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" + - "test:traefik:a2688e031edb4be6a3797f3882655c05" + - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` ### `usersFile` @@ -143,7 +143,7 @@ The file content is a list of `name:realm:encoded-password`. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile" + - "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile" ``` ```yaml tab="Kubernetes" @@ -206,7 +206,7 @@ You can customize the realm for the authentication with the `realm` option. The ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm" + - "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm" ``` ```yaml tab="Kubernetes" @@ -296,7 +296,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.digestauth.removeheader=true" + - "traefik.http.middlewares.test-auth.digestauth.removeheader=true" ``` ```yaml tab="Kubernetes" diff --git a/docs/content/middlewares/errorpages.md b/docs/content/middlewares/errorpages.md index 276e04c88..8fde1a01f 100644 --- a/docs/content/middlewares/errorpages.md +++ b/docs/content/middlewares/errorpages.md @@ -15,9 +15,9 @@ The ErrorPage middleware returns a custom page in lieu of the default, according ```yaml tab="Docker" # Dynamic Custom Error Page for 5XX Status Code labels: -- "traefik.http.middlewares.test-errorpage.errors.status=500-599" -- "traefik.http.middlewares.test-errorpage.errors.service=serviceError" -- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" + - "traefik.http.middlewares.test-errorpage.errors.status=500-599" + - "traefik.http.middlewares.test-errorpage.errors.service=serviceError" + - "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" ``` ```yaml tab="Kubernetes" @@ -28,7 +28,7 @@ metadata: spec: errors: status: - - 500-599 + - 500-599 query: /{status}.html service: name: whoami @@ -46,9 +46,9 @@ spec: ```yaml tab="Rancher" # Dynamic Custom Error Page for 5XX Status Code labels: -- "traefik.http.middlewares.test-errorpage.errors.status=500-599" -- "traefik.http.middlewares.test-errorpage.errors.service=serviceError" -- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" + - "traefik.http.middlewares.test-errorpage.errors.status=500-599" + - "traefik.http.middlewares.test-errorpage.errors.service=serviceError" + - "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" ``` ```toml tab="File (TOML)" @@ -70,7 +70,7 @@ http: test-errorpage: errors: status: - - "500-599" + - "500-599" service: serviceError query: "/{status}.html" diff --git a/docs/content/middlewares/forwardauth.md b/docs/content/middlewares/forwardauth.md index 98ac65a79..fd8324756 100644 --- a/docs/content/middlewares/forwardauth.md +++ b/docs/content/middlewares/forwardauth.md @@ -14,7 +14,7 @@ Otherwise, the response from the authentication server is returned. ```yaml tab="Docker" # Forward authentication to authserver.com labels: -- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" + - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" ``` ```yaml tab="Kubernetes" @@ -37,7 +37,7 @@ spec: ```yaml tab="Rancher" # Forward authentication to authserver.com labels: -- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" + - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" ``` ```toml tab="File (TOML)" @@ -64,7 +64,7 @@ The `address` option defines the authentication server address. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" + - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" ``` ```yaml tab="Kubernetes" @@ -85,7 +85,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" + - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" ``` ```toml tab="File (TOML)" @@ -108,7 +108,7 @@ Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwa ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" + - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" ``` ```yaml tab="Kubernetes" @@ -130,7 +130,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" + - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" ``` ```toml tab="File (TOML)" @@ -155,7 +155,7 @@ The `authResponseHeaders` option is the list of the headers to copy from the aut ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" + - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" ``` ```yaml tab="Kubernetes" @@ -167,8 +167,8 @@ spec: forwardAuth: address: https://authserver.com/auth authResponseHeaders: - - X-Auth-User - - X-Secret + - X-Auth-User + - X-Secret ``` ```json tab="Marathon" @@ -179,7 +179,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" + - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" ``` ```toml tab="File (TOML)" @@ -196,8 +196,8 @@ http: forwardAuth: address: "https://authserver.com/auth" authResponseHeaders: - - "X-Auth-User" - - "X-Secret" + - "X-Auth-User" + - "X-Secret" ``` ### `tls` @@ -210,7 +210,7 @@ Certificate Authority used for the secured connection to the authentication serv ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" + - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" ``` ```yaml tab="Kubernetes" @@ -243,7 +243,7 @@ data: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" + - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" ``` ```toml tab="File (TOML)" @@ -275,7 +275,7 @@ Requires `tls.ca` to be defined. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" + - "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" ``` ```yaml tab="Kubernetes" @@ -298,7 +298,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" + - "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" ``` ```toml tab="File (TOML)" @@ -325,8 +325,8 @@ Public certificate used for the secured connection to the authentication server. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" -- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" + - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" + - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" ``` ```yaml tab="Kubernetes" @@ -361,8 +361,8 @@ data: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" -- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" + - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" + - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" ``` ```toml tab="File (TOML)" @@ -394,8 +394,8 @@ Private certificate used for the secure connection to the authentication server. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" -- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" + - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" + - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" ``` ```yaml tab="Kubernetes" @@ -430,8 +430,8 @@ data: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" -- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" + - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" + - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" ``` ```toml tab="File (TOML)" @@ -463,7 +463,7 @@ If `insecureSkipVerify` is `true`, TLS for the connection to authentication serv ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true" + - "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true" ``` ```yaml tab="Kubernetes" @@ -485,7 +485,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true" + - "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/headers.md b/docs/content/middlewares/headers.md index 80301e608..05c713a63 100644 --- a/docs/content/middlewares/headers.md +++ b/docs/content/middlewares/headers.md @@ -15,8 +15,8 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response ```yaml tab="Docker" labels: -- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test" -- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value" + - "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test" + - "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value" ``` ```yaml tab="Kubernetes" @@ -41,8 +41,8 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test" -- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value" + - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test" + - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value" ``` ```toml tab="File (TOML)" @@ -236,9 +236,9 @@ http: testHeader: headers: accessControlAllowMethod: - - GET - - OPTIONS - - PUT + - GET + - OPTIONS + - PUT accessControlAllowOrigin: "origin-list-or-null" accessControlMaxAge: 100 addVaryHeader: true diff --git a/docs/content/middlewares/inflightreq.md b/docs/content/middlewares/inflightreq.md index 15890907f..5f0d2623a 100644 --- a/docs/content/middlewares/inflightreq.md +++ b/docs/content/middlewares/inflightreq.md @@ -11,7 +11,7 @@ To proactively prevent services from being overwhelmed with high load, a limit o ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" + - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" ``` ```yaml tab="Kubernetes" @@ -33,7 +33,7 @@ spec: ```yaml tab="Rancher" # Limiting to 10 simultaneous connections labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" + - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" ``` ```toml tab="File (TOML)" @@ -61,7 +61,7 @@ The middleware will return an `HTTP 429 Too Many Requests` if there are already ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" + - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" ``` ```yaml tab="Kubernetes" @@ -83,7 +83,7 @@ spec: ```yaml tab="Rancher" # Limiting to 10 simultaneous connections labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" + - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" ``` ```toml tab="File (TOML)" @@ -131,7 +131,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" ``` ```yaml tab="Kubernetes" @@ -148,7 +148,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" ``` ```json tab="Marathon" @@ -192,7 +192,7 @@ http: ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" @@ -209,17 +209,17 @@ spec: - 192.168.1.7 ``` -```yaml tab="Rancher" -labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" -``` - ```json tab="Marathon" "labels": { "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" } ``` +```yaml tab="Rancher" +labels: + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" +``` + ```toml tab="File (TOML)" [http.middlewares] [http.middlewares.test-inflightreq.inflightreq] @@ -235,8 +235,8 @@ http: sourceCriterion: ipStrategy: excludedIPs: - - "127.0.0.1/32" - - "192.168.1.7" + - "127.0.0.1/32" + - "192.168.1.7" ``` #### `sourceCriterion.requestHeaderName` @@ -245,7 +245,7 @@ Requests having the same value for the given header are grouped as coming from t ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" ``` ```yaml tab="Kubernetes" @@ -261,7 +261,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" ``` ```json tab="Marathon" @@ -292,7 +292,7 @@ Whether to consider the request host as the source. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" ``` ```yaml tab="Kubernetes" @@ -308,7 +308,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" + - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" ``` ```json tab="Marathon" diff --git a/docs/content/middlewares/ipwhitelist.md b/docs/content/middlewares/ipwhitelist.md index 7bc4014b6..271a7b123 100644 --- a/docs/content/middlewares/ipwhitelist.md +++ b/docs/content/middlewares/ipwhitelist.md @@ -12,7 +12,7 @@ IPWhitelist accepts / refuses requests based on the client IP. ```yaml tab="Docker" # Accepts request from defined IP labels: -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" @@ -23,8 +23,8 @@ metadata: spec: ipWhiteList: sourceRange: - - 127.0.0.1/32 - - 192.168.1.7 + - 127.0.0.1/32 + - 192.168.1.7 ``` ```json tab="Marathon" @@ -36,7 +36,7 @@ spec: ```yaml tab="Rancher" # Accepts request from defined IP labels: -- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` ```toml tab="File (TOML)" @@ -53,8 +53,8 @@ http: test-ipwhitelist: ipWhiteList: sourceRange: - - "127.0.0.1/32" - - "192.168.1.7" + - "127.0.0.1/32" + - "192.168.1.7" ``` ## Configuration Options @@ -76,8 +76,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th ```yaml tab="Docker" # Whitelisting Based on `X-Forwarded-For` with `depth=2` labels: - - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" + - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" ``` ```yaml tab="Kubernetes" @@ -89,8 +89,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th spec: ipWhiteList: sourceRange: - - 127.0.0.1/32 - - 192.168.1.7 + - 127.0.0.1/32 + - 192.168.1.7 ipStrategy: depth: 2 ``` @@ -98,14 +98,14 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th ```yaml tab="Rancher" # Whitelisting Based on `X-Forwarded-For` with `depth=2` labels: - - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" + - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2" + "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", + "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2" } ``` @@ -125,8 +125,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th test-ipwhitelist: ipWhiteList: sourceRange: - - "127.0.0.1/32" - - "192.168.1.7" + - "127.0.0.1/32" + - "192.168.1.7" ipStrategy: depth: 2 ``` @@ -164,19 +164,19 @@ spec: ipWhiteList: ipStrategy: excludedIPs: - - 127.0.0.1/32 - - 192.168.1.7 + - 127.0.0.1/32 + - 192.168.1.7 ``` ```yaml tab="Rancher" # Exclude from `X-Forwarded-For` labels: - - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" "labels": { - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" + "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" } ``` @@ -196,8 +196,8 @@ http: ipWhiteList: ipStrategy: excludedIPs: - - "127.0.0.1/32" - - "192.168.1.7" + - "127.0.0.1/32" + - "192.168.1.7" ``` `excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list. diff --git a/docs/content/middlewares/overview.md b/docs/content/middlewares/overview.md index fc90847dd..51b9fb1f0 100644 --- a/docs/content/middlewares/overview.md +++ b/docs/content/middlewares/overview.md @@ -60,7 +60,7 @@ spec: routes: # more fields... middlewares: - - name: stripprefix + - name: stripprefix ``` ```json tab="Marathon" @@ -106,7 +106,7 @@ http: router1: service: myService middlewares: - - "foo-add-prefix" + - "foo-add-prefix" rule: "Host(`example.com`)" middlewares: @@ -118,7 +118,7 @@ http: service1: loadBalancer: servers: - - url: "http://127.0.0.1:80" + - url: "http://127.0.0.1:80" ``` ## Provider Namespace diff --git a/docs/content/middlewares/passtlsclientcert.md b/docs/content/middlewares/passtlsclientcert.md index 6bb2ccfb8..511adac35 100644 --- a/docs/content/middlewares/passtlsclientcert.md +++ b/docs/content/middlewares/passtlsclientcert.md @@ -16,7 +16,7 @@ Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. ```yaml tab="Docker" # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. labels: -- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" ``` ```yaml tab="Kubernetes" @@ -38,7 +38,7 @@ spec: ```yaml tab="Rancher" # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. labels: -- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" ``` ```toml tab="File (TOML)" @@ -62,23 +62,23 @@ http: ```yaml tab="Docker" # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header labels: - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" ``` ```yaml tab="Kubernetes" @@ -114,23 +114,23 @@ http: ```yaml tab="Rancher" # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header labels: - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true" - - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true" + - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" ``` ```json tab="Marathon" diff --git a/docs/content/middlewares/ratelimit.md b/docs/content/middlewares/ratelimit.md index 8d37b2104..2c3e74c36 100644 --- a/docs/content/middlewares/ratelimit.md +++ b/docs/content/middlewares/ratelimit.md @@ -11,8 +11,8 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r # Here, an average of 100 requests per second is allowed. # In addition, a burst of 50 requests is allowed. labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" -- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" + - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" + - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" ``` ```yaml tab="Kubernetes" @@ -39,8 +39,8 @@ spec: # Here, an average of 100 requests per second is allowed. # In addition, a burst of 50 requests is allowed. labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" -- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" + - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" + - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" ``` ```toml tab="File (TOML)" @@ -72,7 +72,7 @@ It defaults to 0, which means no rate limiting. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" + - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" ``` ```yaml tab="Kubernetes" @@ -93,7 +93,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" + - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" ``` ```toml tab="File (TOML)" @@ -117,7 +117,7 @@ It defaults to 1. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" + - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" ``` ```yaml tab="Kubernetes" @@ -138,7 +138,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" + - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" ``` @@ -187,7 +187,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```yaml tab="Kubernetes" @@ -206,7 +206,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" + - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` ```json tab="Marathon" @@ -230,8 +230,8 @@ http: sourceCriterion: ipStrategy: excludedIPs: - - "127.0.0.1/32" - - "192.168.1.7" + - "127.0.0.1/32" + - "192.168.1.7" ``` `excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list. @@ -254,7 +254,7 @@ Requests having the same value for the given header are grouped as coming from t ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" + - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" ``` ```yaml tab="Kubernetes" @@ -270,7 +270,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" + - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" ``` ```json tab="Marathon" @@ -301,7 +301,7 @@ Whether to consider the request host as the source. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" + - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" ``` ```yaml tab="Kubernetes" @@ -317,7 +317,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" + - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" ``` ```json tab="Marathon" @@ -340,4 +340,4 @@ http: rateLimit: sourceCriterion: requestHost: true -``` \ No newline at end of file +``` diff --git a/docs/content/middlewares/redirectregex.md b/docs/content/middlewares/redirectregex.md index 6dd1ae3cf..9121fc55b 100644 --- a/docs/content/middlewares/redirectregex.md +++ b/docs/content/middlewares/redirectregex.md @@ -15,8 +15,8 @@ RegexRedirect redirect a request from an url to another with regex matching and # Redirect with domain replacement # Note: all dollar signs need to be doubled for escaping. labels: -- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)" -- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" + - "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)" + - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" ``` ```yaml tab="Kubernetes" @@ -42,8 +42,8 @@ spec: # Redirect with domain replacement # Note: all dollar signs need to be doubled for escaping. labels: -- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)" -- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" + - "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)" + - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" ``` ```toml tab="File (TOML)" @@ -85,4 +85,3 @@ The `regex` option is the regular expression to match and capture elements from ### `replacement` The `replacement` option defines how to modify the URL to have the new target URL. - \ No newline at end of file diff --git a/docs/content/middlewares/redirectscheme.md b/docs/content/middlewares/redirectscheme.md index f4af47a16..e430885a1 100644 --- a/docs/content/middlewares/redirectscheme.md +++ b/docs/content/middlewares/redirectscheme.md @@ -14,7 +14,7 @@ RegexRedirect redirect request from a scheme to another. ```yaml tab="Docker" # Redirect to https labels: -- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" + - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" ``` ```yaml tab="Kubernetes" @@ -37,7 +37,7 @@ spec: ```yaml tab="Rancher" # Redirect to https labels: -- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" + - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/replacepath.md b/docs/content/middlewares/replacepath.md index f2e03d552..25e15cb68 100644 --- a/docs/content/middlewares/replacepath.md +++ b/docs/content/middlewares/replacepath.md @@ -14,7 +14,7 @@ Replace the path of the request url. ```yaml tab="Docker" # Replace the path by /foo labels: -- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" + - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" ``` ```yaml tab="Kubernetes" @@ -37,7 +37,7 @@ spec: ```yaml tab="Rancher" # Replace the path by /foo labels: -- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" + - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/replacepathregex.md b/docs/content/middlewares/replacepathregex.md index a58e302a9..9a88d976e 100644 --- a/docs/content/middlewares/replacepathregex.md +++ b/docs/content/middlewares/replacepathregex.md @@ -14,8 +14,8 @@ The ReplaceRegex replace a path from an url to another with regex matching and r ```yaml tab="Docker" # Replace path with regex labels: -- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" -- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" + - "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" + - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" ``` ```yaml tab="Kubernetes" @@ -40,8 +40,8 @@ spec: ```yaml tab="Rancher" # Replace path with regex labels: -- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" -- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" + - "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" + - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" ``` ```toml tab="File (TOML)" diff --git a/docs/content/middlewares/retry.md b/docs/content/middlewares/retry.md index b61b362f2..12c42fb44 100644 --- a/docs/content/middlewares/retry.md +++ b/docs/content/middlewares/retry.md @@ -15,7 +15,7 @@ To be clear, as soon as the server answers, the middleware stops retrying, regar ```yaml tab="Docker" # Retry to send request 4 times labels: -- "traefik.http.middlewares.test-retry.retry.attempts=4" + - "traefik.http.middlewares.test-retry.retry.attempts=4" ``` ```yaml tab="Kubernetes" @@ -38,7 +38,7 @@ spec: ```yaml tab="Rancher" # Retry to send request 4 times labels: -- "traefik.http.middlewares.test-retry.retry.attempts=4" + - "traefik.http.middlewares.test-retry.retry.attempts=4" ``` ```toml tab="File (TOML)" @@ -63,4 +63,4 @@ http: _mandatory_ -The `attempts` option defines how many times the request should be retried. \ No newline at end of file +The `attempts` option defines how many times the request should be retried. diff --git a/docs/content/middlewares/stripprefix.md b/docs/content/middlewares/stripprefix.md index 2b3515ccb..f34ab014c 100644 --- a/docs/content/middlewares/stripprefix.md +++ b/docs/content/middlewares/stripprefix.md @@ -14,7 +14,7 @@ Remove the specified prefixes from the URL path. ```yaml tab="Docker" # Strip prefix /foobar and /fiibar labels: -- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" + - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" ``` ```yaml tab="Kubernetes" @@ -26,8 +26,8 @@ metadata: spec: stripPrefix: prefixes: - - /foobar - - /fiibar + - /foobar + - /fiibar ``` ```json tab="Marathon" @@ -39,7 +39,7 @@ spec: ```yaml tab="Rancher" # Strip prefix /foobar and /fiibar labels: -- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" + - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" ``` ```toml tab="File (TOML)" @@ -56,8 +56,8 @@ http: test-stripprefix: stripPrefix: prefixes: - - "/foobar" - - "/fiibar" + - "/foobar" + - "/fiibar" ``` ## Configuration Options diff --git a/docs/content/middlewares/stripprefixregex.md b/docs/content/middlewares/stripprefixregex.md index f73184650..7d45f1e1e 100644 --- a/docs/content/middlewares/stripprefixregex.md +++ b/docs/content/middlewares/stripprefixregex.md @@ -9,7 +9,7 @@ Remove the matching prefixes from the URL path. ```yaml tab="Docker" labels: -- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" + - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" ``` ```yaml tab="Kubernetes" @@ -20,7 +20,7 @@ metadata: spec: stripPrefixRegex: regex: - - "/foo/[a-z0-9]+/[0-9]+/" + - "/foo/[a-z0-9]+/[0-9]+/" ``` ```json tab="Marathon" @@ -31,7 +31,7 @@ spec: ```yaml tab="Rancher" labels: -- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" + - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" ``` ```toml tab="File (TOML)" @@ -46,7 +46,7 @@ http: test-stripprefixregex: stripPrefixRegex: regex: - - "/foo/[a-z0-9]+/[0-9]+/" + - "/foo/[a-z0-9]+/[0-9]+/" ``` ## Configuration Options diff --git a/docs/content/migration/v1-to-v2.md b/docs/content/migration/v1-to-v2.md index ca37b52c6..19096245d 100644 --- a/docs/content/migration/v1-to-v2.md +++ b/docs/content/migration/v1-to-v2.md @@ -167,21 +167,21 @@ Then any router can refer to an instance of the wanted middleware. rule: "Host(`test.localhost`) && PathPrefix(`/test`)" service: my-service middlewares: - - auth + - auth services: my-service: loadBalancer: servers: - - url: http://10.10.10.1:80 - - url: http://10.10.10.2:80 + - url: http://10.10.10.1:80 + - url: http://10.10.10.2:80 middlewares: auth: basicAuth: users: - - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` ## TLS configuration is now dynamic, per router. @@ -261,8 +261,8 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o myTLSOptions: minVersion: VersionTLS13 cipherSuites: - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_256_GCM_SHA384 ``` ```yaml tab="K8s IngressRoute" @@ -290,11 +290,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o entryPoints: - web routes: - - match: Host(`bar.com`) - kind: Rule - services: - - name: whoami - port: 80 + - match: Host(`bar.com`) + kind: Rule + services: + - name: whoami + port: 80 tls: options: name: mytlsoption @@ -464,15 +464,15 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd router0: rule: "Host(`foo.com`)" entryPoints: - - web + - web middlewares: - - redirect + - redirect service: my-service router1: rule: "Host(`foo.com`)" entryPoints: - - web-secure + - web-secure service: my-service tls: {} @@ -480,8 +480,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd my-service: loadBalancer: servers: - - url: http://10.10.10.1:80 - - url: http://10.10.10.2:80 + - url: http://10.10.10.1:80 + - url: http://10.10.10.2:80 middlewares: redirect: @@ -490,8 +490,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd tls: certificates: - - certFile: /app/certs/server/server.pem - keyFile: /app/certs/server/server.pem + - certFile: /app/certs/server/server.pem + keyFile: /app/certs/server/server.pem ``` ## ACME (LetsEncrypt) diff --git a/docs/content/observability/access-logs.md b/docs/content/observability/access-logs.md index 50f448f94..418532f74 100644 --- a/docs/content/observability/access-logs.md +++ b/docs/content/observability/access-logs.md @@ -95,8 +95,8 @@ accessLog: format: json filters: statusCodes: - - "200" - - "300-302" + - "200" + - "300-302" retryAttempts: true minDuration: "10ms" ``` diff --git a/docs/content/observability/metrics/prometheus.md b/docs/content/observability/metrics/prometheus.md index 13c3b17b8..634c34877 100644 --- a/docs/content/observability/metrics/prometheus.md +++ b/docs/content/observability/metrics/prometheus.md @@ -32,10 +32,10 @@ Buckets for latency metrics. metrics: prometheus: buckets: - - 0.1 - - 0.3 - - 1.2 - - 5.0 + - 0.1 + - 0.3 + - 1.2 + - 5.0 ``` ```bash tab="CLI" diff --git a/docs/content/operations/api.md b/docs/content/operations/api.md index 4508a00a5..39e41c3c3 100644 --- a/docs/content/operations/api.md +++ b/docs/content/operations/api.md @@ -40,6 +40,7 @@ api: {} And then you will be able to reference it like this: ```yaml tab="Docker" +labels: - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - "traefik.http.routers.api.service=api@internal" - "traefik.http.routers.api.middlewares=auth" @@ -59,9 +60,9 @@ And then you will be able to reference it like this: # Declaring the user list labels: - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - - "traefik.http.routers.api.service=api@internal" - - "traefik.http.routers.api.middlewares=auth" - - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" + - "traefik.http.routers.api.service=api@internal" + - "traefik.http.routers.api.middlewares=auth" + - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" ``` ```toml tab="File (TOML)" @@ -72,9 +73,9 @@ labels: [http.middlewares.auth.basicAuth] users = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", - ] + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] ``` ```yaml tab="File (YAML)" @@ -89,8 +90,8 @@ http: auth: basicAuth: users: - - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` ### `insecure` diff --git a/docs/content/providers/kubernetes-ingress.md b/docs/content/providers/kubernetes-ingress.md index 17c7da7a2..9bf6f34af 100644 --- a/docs/content/providers/kubernetes-ingress.md +++ b/docs/content/providers/kubernetes-ingress.md @@ -34,17 +34,17 @@ metadata: spec: rules: - - host: foo.com - http: - paths: - - path: /bar - backend: - serviceName: service1 - servicePort: 80 - - path: /foo - backend: - serviceName: service1 - servicePort: 80 + - host: foo.com + http: + paths: + - path: /bar + backend: + serviceName: service1 + servicePort: 80 + - path: /foo + backend: + serviceName: service1 + servicePort: 80 ``` ## Provider Configuration @@ -165,8 +165,8 @@ _Optional, Default: all namespaces (empty array)_ providers: kubernetesIngress: namespaces: - - "default" - - "production" + - "default" + - "production" # ... ``` diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index 3c2eb98a4..e8ab878b7 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -2,11 +2,11 @@ http: routers: Router0: entryPoints: - - foobar - - foobar + - foobar + - foobar middlewares: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar priority: 42 @@ -14,21 +14,21 @@ http: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar Router1: entryPoints: - - foobar - - foobar + - foobar + - foobar middlewares: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar priority: 42 @@ -36,14 +36,14 @@ http: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar services: Service01: loadBalancer: @@ -53,8 +53,8 @@ http: secure: true httpOnly: true servers: - - url: foobar - - url: foobar + - url: foobar + - url: foobar healthCheck: scheme: foobar path: foobar @@ -72,17 +72,17 @@ http: mirroring: service: foobar mirrors: - - name: foobar - percent: 42 - - name: foobar - percent: 42 + - name: foobar + percent: 42 + - name: foobar + percent: 42 Service03: weighted: services: - - name: foobar - weight: 42 - - name: foobar - weight: 42 + - name: foobar + weight: 42 + - name: foobar + weight: 42 sticky: cookie: name: foobar @@ -95,8 +95,8 @@ http: Middleware01: basicAuth: users: - - foobar - - foobar + - foobar + - foobar usersFile: foobar realm: foobar removeHeader: true @@ -111,8 +111,8 @@ http: Middleware03: chain: middlewares: - - foobar - - foobar + - foobar + - foobar Middleware04: circuitBreaker: expression: foobar @@ -121,8 +121,8 @@ http: Middleware06: digestAuth: users: - - foobar - - foobar + - foobar + - foobar usersFile: foobar removeHeader: true realm: foobar @@ -130,8 +130,8 @@ http: Middleware07: errors: status: - - foobar - - foobar + - foobar + - foobar service: foobar query: foobar Middleware08: @@ -145,8 +145,8 @@ http: insecureSkipVerify: true trustForwardHeader: true authResponseHeaders: - - foobar - - foobar + - foobar + - foobar Middleware09: headers: customRequestHeaders: @@ -157,23 +157,23 @@ http: name1: foobar accessControlAllowCredentials: true accessControlAllowHeaders: - - foobar - - foobar + - foobar + - foobar accessControlAllowMethods: - - foobar - - foobar + - foobar + - foobar accessControlAllowOrigin: foobar accessControlExposeHeaders: - - foobar - - foobar + - foobar + - foobar accessControlMaxAge: 42 addVaryHeader: true allowedHosts: - - foobar - - foobar + - foobar + - foobar hostsProxyHeaders: - - foobar - - foobar + - foobar + - foobar sslRedirect: true sslTemporaryRedirect: true sslHost: foobar @@ -198,13 +198,13 @@ http: Middleware10: ipWhiteList: sourceRange: - - foobar - - foobar + - foobar + - foobar ipStrategy: depth: 42 excludedIPs: - - foobar - - foobar + - foobar + - foobar Middleware11: inFlightReq: amount: 42 @@ -212,8 +212,8 @@ http: ipstrategy: depth: 42 excludedIPs: - - foobar - - foobar + - foobar + - foobar requestHeaderName: foobar requestHost: true Middleware12: @@ -247,8 +247,8 @@ http: ipstrategy: depth: 42 excludedIPs: - - foobar - - foobar + - foobar + - foobar requestHeaderName: foobar requestHost: true Middleware14: @@ -274,19 +274,19 @@ http: Middleware19: stripPrefix: prefixes: - - foobar - - foobar + - foobar + - foobar Middleware20: stripPrefixRegex: regex: - - foobar - - foobar + - foobar + - foobar tcp: routers: TCPRouter0: entryPoints: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar tls: @@ -294,18 +294,18 @@ tcp: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar TCPRouter1: entryPoints: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar tls: @@ -313,60 +313,60 @@ tcp: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar services: TCPService0: loadBalancer: terminationDelay: 100 servers: - - address: foobar - - address: foobar + - address: foobar + - address: foobar TCPService1: loadBalancer: terminationDelay: 100 servers: - - address: foobar - - address: foobar + - address: foobar + - address: foobar tls: certificates: - - certFile: foobar - keyFile: foobar - stores: - - foobar - - foobar - - certFile: foobar - keyFile: foobar - stores: - - foobar - - foobar + - certFile: foobar + keyFile: foobar + stores: + - foobar + - foobar + - certFile: foobar + keyFile: foobar + stores: + - foobar + - foobar options: Options0: minVersion: foobar cipherSuites: - - foobar - - foobar + - foobar + - foobar clientAuth: caFiles: - - foobar - - foobar + - foobar + - foobar clientAuthType: foobar sniStrict: true Options1: minVersion: foobar cipherSuites: - - foobar - - foobar + - foobar + - foobar clientAuth: caFiles: - - foobar - - foobar + - foobar + - foobar clientAuthType: foobar sniStrict: true stores: diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index 026e3b1dd..1f2354acb 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -110,13 +110,13 @@ You can define them using a toml file, CLI arguments, or a key-value store. proxyProtocol: insecure: true trustedIPs: - - "127.0.0.1" - - "192.168.0.1" + - "127.0.0.1" + - "192.168.0.1" forwardedHeaders: insecure: true trustedIPs: - - "127.0.0.1" - - "192.168.0.1" + - "127.0.0.1" + - "192.168.0.1" ``` ```bash tab="CLI" @@ -158,8 +158,8 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward address: ":80" forwardedHeaders: trustedIPs: - - "127.0.0.1/32" - - "192.168.1.7" + - "127.0.0.1/32" + - "192.168.1.7" ``` ```bash tab="CLI" @@ -421,8 +421,8 @@ If the Proxy Protocol header is passed, then the version is determined automatic address: ":80" proxyProtocol: trustedIPs: - - "127.0.0.1/32" - - "192.168.1.7" + - "127.0.0.1/32" + - "192.168.1.7" ``` ```bash tab="CLI" diff --git a/docs/content/routing/providers/docker.md b/docs/content/routing/providers/docker.md index d4bdbffd1..52347640d 100644 --- a/docs/content/routing/providers/docker.md +++ b/docs/content/routing/providers/docker.md @@ -446,7 +446,8 @@ You can declare TCP Routers and/or Services using labels. ``` ??? info "`traefik.tcp.services..loadbalancer.terminationdelay`" - + + See [termination delay](../services/index.md#termination-delay) for more information. ```yaml - "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100" diff --git a/docs/content/routing/providers/marathon.md b/docs/content/routing/providers/marathon.md index c3a30418d..3fbad1408 100644 --- a/docs/content/routing/providers/marathon.md +++ b/docs/content/routing/providers/marathon.md @@ -276,8 +276,101 @@ You can declare TCP Routers and/or Services using labels. !!! warning "TCP and HTTP" - If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (as it would by default if no TCP Router/Service is defined). - Both a TCP Router/Service and an HTTP Router/Service can be created for the same application, but it has to be done explicitly in the config. + If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined). + You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually). + +#### TCP Routers + +??? info "`traefik.tcp.routers..entrypoints`" + + See [entry points](../routers/index.md#entrypoints_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.entrypoints": "ep1,ep2" + ``` + + +??? info "`traefik.tcp.routers..rule`" + + See [rule](../routers/index.md#rule_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.rule": "HostSNI(`myhost.com`)" + ``` + +??? info "`traefik.tcp.routers..service`" + + See [service](../routers/index.md#services) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.service": "myservice" + ``` + +??? info "`traefik.tcp.routers..tls`" + + See [TLS](../routers/index.md#tls_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.tls": "true + ``` + +??? info "`traefik.tcp.routers..tls.certresolver`" + + See [certResolver](../routers/index.md#certresolver_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.tls.certresolver": "myresolver" + ``` + +??? info "`traefik.tcp.routers..tls.domains[n].main`" + + See [domains](../routers/index.md#domains_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.tls.domains[0].main": "foobar.com" + ``` + +??? info "`traefik.tcp.routers..tls.domains[n].sans`" + + See [domains](../routers/index.md#domains_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com" + ``` + +??? info "`traefik.tcp.routers..tls.options`" + + See [options](../routers/index.md#options_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.tls.options": "mysoptions" + ``` + +??? info "`traefik.tcp.routers..tls.passthrough`" + + See [TLS](../routers/index.md#tls_1) for more information. + + ```json + "traefik.tcp.routers.mytcprouter.tls.passthrough": "true" + ``` + +#### TCP Services + +??? info "`traefik.tcp.services..loadbalancer.server.port`" + + Registers a port of the application. + + ```json + "traefik.tcp.services.mytcpservice.loadbalancer.server.port": "423" + ``` + +??? info "`traefik.tcp.services..loadbalancer.terminationdelay`" + + See [termination delay](../services/index.md#termination-delay) for more information. + + ```json + "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay": "100" + ``` ### Specific Provider Options diff --git a/docs/content/routing/providers/rancher.md b/docs/content/routing/providers/rancher.md index 6beef3b30..9c4804b91 100644 --- a/docs/content/routing/providers/rancher.md +++ b/docs/content/routing/providers/rancher.md @@ -262,6 +262,119 @@ More information about available middlewares in the dedicated [middlewares secti If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared. +### TCP + +You can declare TCP Routers and/or Services using labels. + +??? example "Declaring TCP Routers and Services" + + ```yaml + services: + my-container: + # ... + labels: + - "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)" + - "traefik.tcp.routers.my-router.tls=true" + - "traefik.tcp.services.my-service.loadbalancer.server.port=4123" + ``` + +!!! warning "TCP and HTTP" + + If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined). + You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually). + +#### TCP Routers + +??? info "`traefik.tcp.routers..entrypoints`" + + See [entry points](../routers/index.md#entrypoints_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2" + ``` + +??? info "`traefik.tcp.routers..rule`" + + See [rule](../routers/index.md#rule_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)" + ``` + +??? info "`traefik.tcp.routers..service`" + + See [service](../routers/index.md#services) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.service=myservice" + ``` + +??? info "`traefik.tcp.routers..tls`" + + See [TLS](../routers/index.md#tls_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.tls=true" + ``` + +??? info "`traefik.tcp.routers..tls.certresolver`" + + See [certResolver](../routers/index.md#certresolver_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver" + ``` + +??? info "`traefik.tcp.routers..tls.domains[n].main`" + + See [domains](../routers/index.md#domains_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com" + ``` + +??? info "`traefik.tcp.routers..tls.domains[n].sans`" + + See [domains](../routers/index.md#domains_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com" + ``` + +??? info "`traefik.tcp.routers..tls.options`" + + See [options](../routers/index.md#options_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.tls.options=mysoptions" + ``` + +??? info "`traefik.tcp.routers..tls.passthrough`" + + See [TLS](../routers/index.md#tls_1) for more information. + + ```yaml + - "traefik.tcp.routers.mytcprouter.tls.passthrough=true" + ``` + +#### TCP Services + +??? info "`traefik.tcp.services..loadbalancer.server.port`" + + Registers a port of the application. + + ```yaml + - "traefik.tcp.services.mytcpservice.loadbalancer.server.port=423" + ``` + +??? info "`traefik.tcp.services..loadbalancer.terminationdelay`" + + See [termination delay](../services/index.md#termination-delay) for more information. + + ```yaml + - "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100" + ``` + ### Specific Provider Options #### `traefik.enable` diff --git a/docs/content/routing/routers/index.md b/docs/content/routing/routers/index.md index 3ddc440b6..bf717a8a1 100644 --- a/docs/content/routing/routers/index.md +++ b/docs/content/routing/routers/index.md @@ -50,7 +50,7 @@ In the process, routers may use pieces of [middleware](../../middlewares/overvie routers: to-database: entryPoints: - - "mysql" + - "mysql" # Catch every request (only available rule for non-tls routers. See below.) rule: "HostSNI(`*`)" service: database @@ -164,8 +164,8 @@ If you want to limit the router scope to a set of entry points, set the `entryPo Router-1: # won't listen to entry point web entryPoints: - - "websecure" - - "other" + - "websecure" + - "other" rule: "Host(`traefik.io`)" service: "service-1" ``` @@ -415,8 +415,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied foo: minVersion: VersionTLS12 cipherSuites: - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_RSA_WITH_AES_256_GCM_SHA384 ``` !!! important "Conflicting TLS Options" @@ -510,8 +510,8 @@ http: tls: certResolver: "bar" domains: - - main: "snitest.com" - sans: "*.snitest.com" + - main: "snitest.com" + sans: "*.snitest.com" ``` [ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates. @@ -627,8 +627,8 @@ If you want to limit the router scope to a set of entry points, set the entry po Router-1: # won't listen to entry point web entryPoints: - - "websecure" - - "other" + - "websecure" + - "other" rule: "HostSNI(`traefik.io`)" service: "service-1" # will route TLS requests (and ignore non tls requests) @@ -787,8 +787,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied foo: minVersion: VersionTLS12 cipherSuites: - - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - - "TLS_RSA_WITH_AES_256_GCM_SHA384" + - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + - "TLS_RSA_WITH_AES_256_GCM_SHA384" ``` #### `certResolver` @@ -839,6 +839,6 @@ tcp: tls: certResolver: "bar" domains: - - main: "snitest.com" - sans: "*.snitest.com" + - main: "snitest.com" + sans: "*.snitest.com" ``` diff --git a/docs/content/user-guides/grpc.md b/docs/content/user-guides/grpc.md index bbc70673f..271dc0468 100644 --- a/docs/content/user-guides/grpc.md +++ b/docs/content/user-guides/grpc.md @@ -143,7 +143,7 @@ entryPoints: serversTransport: # For secure connection on backend.local rootCAs: - - ./backend.cert + - ./backend.cert providers: file: diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 968158389..3a111788c 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -87,9 +87,9 @@ nav: - 'Services': 'routing/services/index.md' - 'Providers': - 'Docker': 'routing/providers/docker.md' + - 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md' - 'Rancher': 'routing/providers/rancher.md' - 'Marathon': 'routing/providers/marathon.md' - - 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md' - 'HTTPS & TLS': - 'Overview': 'https/overview.md' - 'TLS': 'https/tls.md'