YAML I love you

This commit is contained in:
Michael 2019-09-23 17:00:06 +02:00 committed by Traefiker Bot
parent bfde17b4d7
commit 17480abe85
37 changed files with 636 additions and 429 deletions

View file

@ -303,8 +303,8 @@ certificatesResolvers:
dnsChallenge: dnsChallenge:
# ... # ...
resolvers: resolvers:
- "1.1.1.1:53" - "1.1.1.1:53"
- "8.8.8.8:53" - "8.8.8.8:53"
``` ```
```bash tab="CLI" ```bash tab="CLI"

View file

@ -30,10 +30,10 @@ To add / remove TLS certificates, even when Traefik is already running, their de
tls: tls:
certificates: certificates:
- certFile: /path/to/domain.cert - certFile: /path/to/domain.cert
keyFile: /path/to/domain.key keyFile: /path/to/domain.key
- certFile: /path/to/other-domain.cert - certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key keyFile: /path/to/other-domain.key
``` ```
!!! important "Restriction" !!! important "Restriction"
@ -88,14 +88,14 @@ In the `tls.certificates` section, a list of stores can then be specified to ind
tls: tls:
certificates: certificates:
- certFile: /path/to/domain.cert - certFile: /path/to/domain.cert
keyFile: /path/to/domain.key keyFile: /path/to/domain.key
stores: stores:
- default - default
# Note that since no store is defined, # Note that since no store is defined,
# the certificate below will be stored in the `default` store. # the certificate below will be stored in the `default` store.
- certFile: /path/to/other-domain.cert - certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key keyFile: /path/to/other-domain.key
``` ```
!!! important "Restriction" !!! important "Restriction"
@ -203,8 +203,8 @@ tls:
options: options:
default: default:
cipherSuites: cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_256_GCM_SHA384
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -216,8 +216,8 @@ metadata:
spec: spec:
cipherSuites: cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_256_GCM_SHA384
``` ```
!!! important "TLS 1.3" !!! important "TLS 1.3"
@ -293,8 +293,8 @@ tls:
clientAuth: clientAuth:
# in PEM format. each file can contain multiple CAs. # in PEM format. each file can contain multiple CAs.
caFiles: caFiles:
- tests/clientca1.crt - tests/clientca1.crt
- tests/clientca2.crt - tests/clientca2.crt
clientAuthType: RequireAndVerifyClientCert clientAuthType: RequireAndVerifyClientCert
``` ```

View file

@ -12,7 +12,7 @@ The AddPrefix middleware updates the URL Path of the request before forwarding i
```yaml tab="Docker" ```yaml tab="Docker"
# Prefixing with /foo # Prefixing with /foo
labels: labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -35,7 +35,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Prefixing with /foo # Prefixing with /foo
labels: labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -16,7 +16,7 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
# To create user:password pair, it's possible to use this command: # To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -39,7 +39,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Declaring the user list # Declaring the user list
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -59,8 +59,8 @@ http:
test-auth: test-auth:
basicAuth: basicAuth:
users: users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
## Configuration Options ## Configuration Options
@ -89,7 +89,7 @@ The `users` option is an array of authorized users. Each user will be declared u
# To create user:password pair, it's possible to use this command: # To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -124,7 +124,7 @@ data:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Declaring the user list # Declaring the user list
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -144,8 +144,8 @@ http:
test-auth: test-auth:
basicAuth: basicAuth:
users: users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
### `usersFile` ### `usersFile`
@ -161,7 +161,7 @@ The file content is a list of `name:encoded-password`.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile" - "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -224,7 +224,7 @@ You can customize the realm for the authentication with the `realm` option. The
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm" - "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -268,7 +268,7 @@ You can define a header field to store the authenticated user using the `headerF
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User" - "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -309,7 +309,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true" - "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -330,7 +330,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true" - "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -16,7 +16,7 @@ This can help services deal with large data (multipart/form-data for example), a
```yaml tab="Docker" ```yaml tab="Docker"
# Sets the maximum request body to 2Mb # Sets the maximum request body to 2Mb
labels: labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -39,7 +39,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Sets the maximum request body to 2Mb # Sets the maximum request body to 2Mb
labels: labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -68,7 +68,7 @@ If the request exceeds the allowed size, it is not forwarded to the service and
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -89,7 +89,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -112,7 +112,7 @@ You can configure a threshold (in Bytes) from which the request will be buffered
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -133,7 +133,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -158,7 +158,7 @@ If the response exceeds the allowed size, it is not forwarded to the client. The
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -179,7 +179,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -202,7 +202,7 @@ You can configure a threshold (in Bytes) from which the response will be buffere
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -223,7 +223,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -248,7 +248,7 @@ You can have the Buffering middleware replay the request with the help of the `r
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -269,7 +269,7 @@ You can have the Buffering middleware replay the request with the help of the `r
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -14,14 +14,14 @@ Example "A Chain for WhiteList, BasicAuth, and HTTPS"
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.routers.router1.service=service1" - "traefik.http.routers.router1.service=service1"
- "traefik.http.routers.router1.middlewares=secured" - "traefik.http.routers.router1.middlewares=secured"
- "traefik.http.routers.router1.rule=Host(`mydomain`)" - "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80" - "http.services.service1.loadbalancer.server.port=80"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -98,14 +98,14 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.routers.router1.service=service1" - "traefik.http.routers.router1.service=service1"
- "traefik.http.routers.router1.middlewares=secured" - "traefik.http.routers.router1.middlewares=secured"
- "traefik.http.routers.router1.rule=Host(`mydomain`)" - "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80" - "http.services.service1.loadbalancer.server.port=80"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -143,21 +143,21 @@ http:
router1: router1:
service: service1 service: service1
middlewares: middlewares:
- secured - secured
rule: "Host(`mydomain`)" rule: "Host(`mydomain`)"
middlewares: middlewares:
secured: secured:
chain: chain:
middlewares: middlewares:
- https-only - https-only
- known-ips - known-ips
- auth-users - auth-users
auth-users: auth-users:
basicAuth: basicAuth:
users: users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
https-only: https-only:
redirectScheme: redirectScheme:
@ -166,12 +166,12 @@ http:
known-ips: known-ips:
ipWhiteList: ipWhiteList:
sourceRange: sourceRange:
- "192.168.1.7" - "192.168.1.7"
- "127.0.0.1/32" - "127.0.0.1/32"
services: services:
service1: service1:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://127.0.0.1:80" - url: "http://127.0.0.1:80"
``` ```

View file

@ -31,7 +31,7 @@ To assess if your system is healthy, the circuit breaker constantly monitors the
```yaml tab="Docker" ```yaml tab="Docker"
# Latency Check # Latency Check
labels: labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -54,7 +54,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Latency Check # Latency Check
labels: labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -12,7 +12,7 @@ The Compress middleware enables the gzip compression.
```yaml tab="Docker" ```yaml tab="Docker"
# Enable gzip compression # Enable gzip compression
labels: labels:
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -34,7 +34,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Enable gzip compression # Enable gzip compression
labels: labels:
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -12,7 +12,7 @@ The DigestAuth middleware is a quick way to restrict access to your services to
```yaml tab="Docker" ```yaml tab="Docker"
# Declaring the user list # Declaring the user list
labels: labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -35,7 +35,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Declaring the user list # Declaring the user list
labels: labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -55,8 +55,8 @@ http:
test-auth: test-auth:
digestAuth: digestAuth:
users: users:
- "test:traefik:a2688e031edb4be6a3797f3882655c05" - "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
## Configuration Options ## Configuration Options
@ -76,7 +76,7 @@ The `users` option is an array of authorized users. Each user will be declared u
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -108,7 +108,7 @@ data:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -126,8 +126,8 @@ http:
test-auth: test-auth:
digestAuth: digestAuth:
users: users:
- "test:traefik:a2688e031edb4be6a3797f3882655c05" - "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
### `usersFile` ### `usersFile`
@ -143,7 +143,7 @@ The file content is a list of `name:realm:encoded-password`.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile" - "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -206,7 +206,7 @@ You can customize the realm for the authentication with the `realm` option. The
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm" - "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -296,7 +296,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true" - "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"

View file

@ -15,9 +15,9 @@ The ErrorPage middleware returns a custom page in lieu of the default, according
```yaml tab="Docker" ```yaml tab="Docker"
# Dynamic Custom Error Page for 5XX Status Code # Dynamic Custom Error Page for 5XX Status Code
labels: labels:
- "traefik.http.middlewares.test-errorpage.errors.status=500-599" - "traefik.http.middlewares.test-errorpage.errors.status=500-599"
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError" - "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" - "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -28,7 +28,7 @@ metadata:
spec: spec:
errors: errors:
status: status:
- 500-599 - 500-599
query: /{status}.html query: /{status}.html
service: service:
name: whoami name: whoami
@ -46,9 +46,9 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Dynamic Custom Error Page for 5XX Status Code # Dynamic Custom Error Page for 5XX Status Code
labels: labels:
- "traefik.http.middlewares.test-errorpage.errors.status=500-599" - "traefik.http.middlewares.test-errorpage.errors.status=500-599"
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError" - "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" - "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -70,7 +70,7 @@ http:
test-errorpage: test-errorpage:
errors: errors:
status: status:
- "500-599" - "500-599"
service: serviceError service: serviceError
query: "/{status}.html" query: "/{status}.html"

View file

@ -14,7 +14,7 @@ Otherwise, the response from the authentication server is returned.
```yaml tab="Docker" ```yaml tab="Docker"
# Forward authentication to authserver.com # Forward authentication to authserver.com
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -37,7 +37,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Forward authentication to authserver.com # Forward authentication to authserver.com
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -64,7 +64,7 @@ The `address` option defines the authentication server address.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -85,7 +85,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth" - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -108,7 +108,7 @@ Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwa
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -130,7 +130,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -155,7 +155,7 @@ The `authResponseHeaders` option is the list of the headers to copy from the aut
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -167,8 +167,8 @@ spec:
forwardAuth: forwardAuth:
address: https://authserver.com/auth address: https://authserver.com/auth
authResponseHeaders: authResponseHeaders:
- X-Auth-User - X-Auth-User
- X-Secret - X-Secret
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -179,7 +179,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -196,8 +196,8 @@ http:
forwardAuth: forwardAuth:
address: "https://authserver.com/auth" address: "https://authserver.com/auth"
authResponseHeaders: authResponseHeaders:
- "X-Auth-User" - "X-Auth-User"
- "X-Secret" - "X-Secret"
``` ```
### `tls` ### `tls`
@ -210,7 +210,7 @@ Certificate Authority used for the secured connection to the authentication serv
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -243,7 +243,7 @@ data:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -275,7 +275,7 @@ Requires `tls.ca` to be defined.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" - "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -298,7 +298,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" - "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -325,8 +325,8 @@ Public certificate used for the secured connection to the authentication server.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -361,8 +361,8 @@ data:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -394,8 +394,8 @@ Private certificate used for the secure connection to the authentication server.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -430,8 +430,8 @@ data:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert" - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -463,7 +463,7 @@ If `insecureSkipVerify` is `true`, TLS for the connection to authentication serv
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true" - "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -485,7 +485,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true" - "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -15,8 +15,8 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test" - "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value" - "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -41,8 +41,8 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test" - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value" - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -236,9 +236,9 @@ http:
testHeader: testHeader:
headers: headers:
accessControlAllowMethod: accessControlAllowMethod:
- GET - GET
- OPTIONS - OPTIONS
- PUT - PUT
accessControlAllowOrigin: "origin-list-or-null" accessControlAllowOrigin: "origin-list-or-null"
accessControlMaxAge: 100 accessControlMaxAge: 100
addVaryHeader: true addVaryHeader: true

View file

@ -11,7 +11,7 @@ To proactively prevent services from being overwhelmed with high load, a limit o
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -33,7 +33,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Limiting to 10 simultaneous connections # Limiting to 10 simultaneous connections
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -61,7 +61,7 @@ The middleware will return an `HTTP 429 Too Many Requests` if there are already
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -83,7 +83,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Limiting to 10 simultaneous connections # Limiting to 10 simultaneous connections
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -131,7 +131,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -148,7 +148,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -192,7 +192,7 @@ http:
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -209,17 +209,17 @@ spec:
- 192.168.1.7 - 192.168.1.7
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
} }
``` ```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[http.middlewares] [http.middlewares]
[http.middlewares.test-inflightreq.inflightreq] [http.middlewares.test-inflightreq.inflightreq]
@ -235,8 +235,8 @@ http:
sourceCriterion: sourceCriterion:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
#### `sourceCriterion.requestHeaderName` #### `sourceCriterion.requestHeaderName`
@ -245,7 +245,7 @@ Requests having the same value for the given header are grouped as coming from t
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -261,7 +261,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -292,7 +292,7 @@ Whether to consider the request host as the source.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -308,7 +308,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
``` ```
```json tab="Marathon" ```json tab="Marathon"

View file

@ -12,7 +12,7 @@ IPWhitelist accepts / refuses requests based on the client IP.
```yaml tab="Docker" ```yaml tab="Docker"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -23,8 +23,8 @@ metadata:
spec: spec:
ipWhiteList: ipWhiteList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -36,7 +36,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -53,8 +53,8 @@ http:
test-ipwhitelist: test-ipwhitelist:
ipWhiteList: ipWhiteList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
## Configuration Options ## Configuration Options
@ -76,8 +76,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker" ```yaml tab="Docker"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -89,8 +89,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
spec: spec:
ipWhiteList: ipWhiteList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
ipStrategy: ipStrategy:
depth: 2 depth: 2
``` ```
@ -98,14 +98,14 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Rancher" ```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2" "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
} }
``` ```
@ -125,8 +125,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
test-ipwhitelist: test-ipwhitelist:
ipWhiteList: ipWhiteList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
ipStrategy: ipStrategy:
depth: 2 depth: 2
``` ```
@ -164,19 +164,19 @@ spec:
ipWhiteList: ipWhiteList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
} }
``` ```
@ -196,8 +196,8 @@ http:
ipWhiteList: ipWhiteList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list. `excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.

View file

@ -60,7 +60,7 @@ spec:
routes: routes:
# more fields... # more fields...
middlewares: middlewares:
- name: stripprefix - name: stripprefix
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -106,7 +106,7 @@ http:
router1: router1:
service: myService service: myService
middlewares: middlewares:
- "foo-add-prefix" - "foo-add-prefix"
rule: "Host(`example.com`)" rule: "Host(`example.com`)"
middlewares: middlewares:
@ -118,7 +118,7 @@ http:
service1: service1:
loadBalancer: loadBalancer:
servers: servers:
- url: "http://127.0.0.1:80" - url: "http://127.0.0.1:80"
``` ```
## Provider Namespace ## Provider Namespace

View file

@ -16,7 +16,7 @@ Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
```yaml tab="Docker" ```yaml tab="Docker"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
labels: labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -38,7 +38,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
labels: labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -62,23 +62,23 @@ http:
```yaml tab="Docker" ```yaml tab="Docker"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
labels: labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -114,23 +114,23 @@ http:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
labels: labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
``` ```
```json tab="Marathon" ```json tab="Marathon"

View file

@ -11,8 +11,8 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r
# Here, an average of 100 requests per second is allowed. # Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed. # In addition, a burst of 50 requests is allowed.
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -39,8 +39,8 @@ spec:
# Here, an average of 100 requests per second is allowed. # Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed. # In addition, a burst of 50 requests is allowed.
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -72,7 +72,7 @@ It defaults to 0, which means no rate limiting.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -93,7 +93,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -117,7 +117,7 @@ It defaults to 1.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -138,7 +138,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
``` ```
@ -187,7 +187,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -206,7 +206,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -230,8 +230,8 @@ http:
sourceCriterion: sourceCriterion:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list. `excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
@ -254,7 +254,7 @@ Requests having the same value for the given header are grouped as coming from t
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -270,7 +270,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -301,7 +301,7 @@ Whether to consider the request host as the source.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -317,7 +317,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
``` ```
```json tab="Marathon" ```json tab="Marathon"

View file

@ -15,8 +15,8 @@ RegexRedirect redirect a request from an url to another with regex matching and
# Redirect with domain replacement # Redirect with domain replacement
# Note: all dollar signs need to be doubled for escaping. # Note: all dollar signs need to be doubled for escaping.
labels: labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)" - "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -42,8 +42,8 @@ spec:
# Redirect with domain replacement # Redirect with domain replacement
# Note: all dollar signs need to be doubled for escaping. # Note: all dollar signs need to be doubled for escaping.
labels: labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)" - "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -85,4 +85,3 @@ The `regex` option is the regular expression to match and capture elements from
### `replacement` ### `replacement`
The `replacement` option defines how to modify the URL to have the new target URL. The `replacement` option defines how to modify the URL to have the new target URL.

View file

@ -14,7 +14,7 @@ RegexRedirect redirect request from a scheme to another.
```yaml tab="Docker" ```yaml tab="Docker"
# Redirect to https # Redirect to https
labels: labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -37,7 +37,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Redirect to https # Redirect to https
labels: labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -14,7 +14,7 @@ Replace the path of the request url.
```yaml tab="Docker" ```yaml tab="Docker"
# Replace the path by /foo # Replace the path by /foo
labels: labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -37,7 +37,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Replace the path by /foo # Replace the path by /foo
labels: labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -14,8 +14,8 @@ The ReplaceRegex replace a path from an url to another with regex matching and r
```yaml tab="Docker" ```yaml tab="Docker"
# Replace path with regex # Replace path with regex
labels: labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" - "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -40,8 +40,8 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Replace path with regex # Replace path with regex
labels: labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)" - "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -15,7 +15,7 @@ To be clear, as soon as the server answers, the middleware stops retrying, regar
```yaml tab="Docker" ```yaml tab="Docker"
# Retry to send request 4 times # Retry to send request 4 times
labels: labels:
- "traefik.http.middlewares.test-retry.retry.attempts=4" - "traefik.http.middlewares.test-retry.retry.attempts=4"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -38,7 +38,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Retry to send request 4 times # Retry to send request 4 times
labels: labels:
- "traefik.http.middlewares.test-retry.retry.attempts=4" - "traefik.http.middlewares.test-retry.retry.attempts=4"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"

View file

@ -14,7 +14,7 @@ Remove the specified prefixes from the URL path.
```yaml tab="Docker" ```yaml tab="Docker"
# Strip prefix /foobar and /fiibar # Strip prefix /foobar and /fiibar
labels: labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -26,8 +26,8 @@ metadata:
spec: spec:
stripPrefix: stripPrefix:
prefixes: prefixes:
- /foobar - /foobar
- /fiibar - /fiibar
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -39,7 +39,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
# Strip prefix /foobar and /fiibar # Strip prefix /foobar and /fiibar
labels: labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -56,8 +56,8 @@ http:
test-stripprefix: test-stripprefix:
stripPrefix: stripPrefix:
prefixes: prefixes:
- "/foobar" - "/foobar"
- "/fiibar" - "/fiibar"
``` ```
## Configuration Options ## Configuration Options

View file

@ -9,7 +9,7 @@ Remove the matching prefixes from the URL path.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -20,7 +20,7 @@ metadata:
spec: spec:
stripPrefixRegex: stripPrefixRegex:
regex: regex:
- "/foo/[a-z0-9]+/[0-9]+/" - "/foo/[a-z0-9]+/[0-9]+/"
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -31,7 +31,7 @@ spec:
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -46,7 +46,7 @@ http:
test-stripprefixregex: test-stripprefixregex:
stripPrefixRegex: stripPrefixRegex:
regex: regex:
- "/foo/[a-z0-9]+/[0-9]+/" - "/foo/[a-z0-9]+/[0-9]+/"
``` ```
## Configuration Options ## Configuration Options

View file

@ -167,21 +167,21 @@ Then any router can refer to an instance of the wanted middleware.
rule: "Host(`test.localhost`) && PathPrefix(`/test`)" rule: "Host(`test.localhost`) && PathPrefix(`/test`)"
service: my-service service: my-service
middlewares: middlewares:
- auth - auth
services: services:
my-service: my-service:
loadBalancer: loadBalancer:
servers: servers:
- url: http://10.10.10.1:80 - url: http://10.10.10.1:80
- url: http://10.10.10.2:80 - url: http://10.10.10.2:80
middlewares: middlewares:
auth: auth:
basicAuth: basicAuth:
users: users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
## TLS configuration is now dynamic, per router. ## TLS configuration is now dynamic, per router.
@ -261,8 +261,8 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
myTLSOptions: myTLSOptions:
minVersion: VersionTLS13 minVersion: VersionTLS13
cipherSuites: cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_256_GCM_SHA384
``` ```
```yaml tab="K8s IngressRoute" ```yaml tab="K8s IngressRoute"
@ -290,11 +290,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
entryPoints: entryPoints:
- web - web
routes: routes:
- match: Host(`bar.com`) - match: Host(`bar.com`)
kind: Rule kind: Rule
services: services:
- name: whoami - name: whoami
port: 80 port: 80
tls: tls:
options: options:
name: mytlsoption name: mytlsoption
@ -464,15 +464,15 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
router0: router0:
rule: "Host(`foo.com`)" rule: "Host(`foo.com`)"
entryPoints: entryPoints:
- web - web
middlewares: middlewares:
- redirect - redirect
service: my-service service: my-service
router1: router1:
rule: "Host(`foo.com`)" rule: "Host(`foo.com`)"
entryPoints: entryPoints:
- web-secure - web-secure
service: my-service service: my-service
tls: {} tls: {}
@ -480,8 +480,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
my-service: my-service:
loadBalancer: loadBalancer:
servers: servers:
- url: http://10.10.10.1:80 - url: http://10.10.10.1:80
- url: http://10.10.10.2:80 - url: http://10.10.10.2:80
middlewares: middlewares:
redirect: redirect:
@ -490,8 +490,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
tls: tls:
certificates: certificates:
- certFile: /app/certs/server/server.pem - certFile: /app/certs/server/server.pem
keyFile: /app/certs/server/server.pem keyFile: /app/certs/server/server.pem
``` ```
## ACME (LetsEncrypt) ## ACME (LetsEncrypt)

View file

@ -95,8 +95,8 @@ accessLog:
format: json format: json
filters: filters:
statusCodes: statusCodes:
- "200" - "200"
- "300-302" - "300-302"
retryAttempts: true retryAttempts: true
minDuration: "10ms" minDuration: "10ms"
``` ```

View file

@ -32,10 +32,10 @@ Buckets for latency metrics.
metrics: metrics:
prometheus: prometheus:
buckets: buckets:
- 0.1 - 0.1
- 0.3 - 0.3
- 1.2 - 1.2
- 5.0 - 5.0
``` ```
```bash tab="CLI" ```bash tab="CLI"

View file

@ -40,6 +40,7 @@ api: {}
And then you will be able to reference it like this: And then you will be able to reference it like this:
```yaml tab="Docker" ```yaml tab="Docker"
labels:
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal" - "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth" - "traefik.http.routers.api.middlewares=auth"
@ -59,9 +60,9 @@ And then you will be able to reference it like this:
# Declaring the user list # Declaring the user list
labels: labels:
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)" - "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal" - "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth" - "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -72,9 +73,9 @@ labels:
[http.middlewares.auth.basicAuth] [http.middlewares.auth.basicAuth]
users = [ users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
] ]
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
@ -89,8 +90,8 @@ http:
auth: auth:
basicAuth: basicAuth:
users: users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
### `insecure` ### `insecure`

View file

@ -34,17 +34,17 @@ metadata:
spec: spec:
rules: rules:
- host: foo.com - host: foo.com
http: http:
paths: paths:
- path: /bar - path: /bar
backend: backend:
serviceName: service1 serviceName: service1
servicePort: 80 servicePort: 80
- path: /foo - path: /foo
backend: backend:
serviceName: service1 serviceName: service1
servicePort: 80 servicePort: 80
``` ```
## Provider Configuration ## Provider Configuration
@ -165,8 +165,8 @@ _Optional, Default: all namespaces (empty array)_
providers: providers:
kubernetesIngress: kubernetesIngress:
namespaces: namespaces:
- "default" - "default"
- "production" - "production"
# ... # ...
``` ```

View file

@ -2,11 +2,11 @@ http:
routers: routers:
Router0: Router0:
entryPoints: entryPoints:
- foobar - foobar
- foobar - foobar
middlewares: middlewares:
- foobar - foobar
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
priority: 42 priority: 42
@ -14,21 +14,21 @@ http:
options: foobar options: foobar
certResolver: foobar certResolver: foobar
domains: domains:
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
Router1: Router1:
entryPoints: entryPoints:
- foobar - foobar
- foobar - foobar
middlewares: middlewares:
- foobar - foobar
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
priority: 42 priority: 42
@ -36,14 +36,14 @@ http:
options: foobar options: foobar
certResolver: foobar certResolver: foobar
domains: domains:
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
services: services:
Service01: Service01:
loadBalancer: loadBalancer:
@ -53,8 +53,8 @@ http:
secure: true secure: true
httpOnly: true httpOnly: true
servers: servers:
- url: foobar - url: foobar
- url: foobar - url: foobar
healthCheck: healthCheck:
scheme: foobar scheme: foobar
path: foobar path: foobar
@ -72,17 +72,17 @@ http:
mirroring: mirroring:
service: foobar service: foobar
mirrors: mirrors:
- name: foobar - name: foobar
percent: 42 percent: 42
- name: foobar - name: foobar
percent: 42 percent: 42
Service03: Service03:
weighted: weighted:
services: services:
- name: foobar - name: foobar
weight: 42 weight: 42
- name: foobar - name: foobar
weight: 42 weight: 42
sticky: sticky:
cookie: cookie:
name: foobar name: foobar
@ -95,8 +95,8 @@ http:
Middleware01: Middleware01:
basicAuth: basicAuth:
users: users:
- foobar - foobar
- foobar - foobar
usersFile: foobar usersFile: foobar
realm: foobar realm: foobar
removeHeader: true removeHeader: true
@ -111,8 +111,8 @@ http:
Middleware03: Middleware03:
chain: chain:
middlewares: middlewares:
- foobar - foobar
- foobar - foobar
Middleware04: Middleware04:
circuitBreaker: circuitBreaker:
expression: foobar expression: foobar
@ -121,8 +121,8 @@ http:
Middleware06: Middleware06:
digestAuth: digestAuth:
users: users:
- foobar - foobar
- foobar - foobar
usersFile: foobar usersFile: foobar
removeHeader: true removeHeader: true
realm: foobar realm: foobar
@ -130,8 +130,8 @@ http:
Middleware07: Middleware07:
errors: errors:
status: status:
- foobar - foobar
- foobar - foobar
service: foobar service: foobar
query: foobar query: foobar
Middleware08: Middleware08:
@ -145,8 +145,8 @@ http:
insecureSkipVerify: true insecureSkipVerify: true
trustForwardHeader: true trustForwardHeader: true
authResponseHeaders: authResponseHeaders:
- foobar - foobar
- foobar - foobar
Middleware09: Middleware09:
headers: headers:
customRequestHeaders: customRequestHeaders:
@ -157,23 +157,23 @@ http:
name1: foobar name1: foobar
accessControlAllowCredentials: true accessControlAllowCredentials: true
accessControlAllowHeaders: accessControlAllowHeaders:
- foobar - foobar
- foobar - foobar
accessControlAllowMethods: accessControlAllowMethods:
- foobar - foobar
- foobar - foobar
accessControlAllowOrigin: foobar accessControlAllowOrigin: foobar
accessControlExposeHeaders: accessControlExposeHeaders:
- foobar - foobar
- foobar - foobar
accessControlMaxAge: 42 accessControlMaxAge: 42
addVaryHeader: true addVaryHeader: true
allowedHosts: allowedHosts:
- foobar - foobar
- foobar - foobar
hostsProxyHeaders: hostsProxyHeaders:
- foobar - foobar
- foobar - foobar
sslRedirect: true sslRedirect: true
sslTemporaryRedirect: true sslTemporaryRedirect: true
sslHost: foobar sslHost: foobar
@ -198,13 +198,13 @@ http:
Middleware10: Middleware10:
ipWhiteList: ipWhiteList:
sourceRange: sourceRange:
- foobar - foobar
- foobar - foobar
ipStrategy: ipStrategy:
depth: 42 depth: 42
excludedIPs: excludedIPs:
- foobar - foobar
- foobar - foobar
Middleware11: Middleware11:
inFlightReq: inFlightReq:
amount: 42 amount: 42
@ -212,8 +212,8 @@ http:
ipstrategy: ipstrategy:
depth: 42 depth: 42
excludedIPs: excludedIPs:
- foobar - foobar
- foobar - foobar
requestHeaderName: foobar requestHeaderName: foobar
requestHost: true requestHost: true
Middleware12: Middleware12:
@ -247,8 +247,8 @@ http:
ipstrategy: ipstrategy:
depth: 42 depth: 42
excludedIPs: excludedIPs:
- foobar - foobar
- foobar - foobar
requestHeaderName: foobar requestHeaderName: foobar
requestHost: true requestHost: true
Middleware14: Middleware14:
@ -274,19 +274,19 @@ http:
Middleware19: Middleware19:
stripPrefix: stripPrefix:
prefixes: prefixes:
- foobar - foobar
- foobar - foobar
Middleware20: Middleware20:
stripPrefixRegex: stripPrefixRegex:
regex: regex:
- foobar - foobar
- foobar - foobar
tcp: tcp:
routers: routers:
TCPRouter0: TCPRouter0:
entryPoints: entryPoints:
- foobar - foobar
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
tls: tls:
@ -294,18 +294,18 @@ tcp:
options: foobar options: foobar
certResolver: foobar certResolver: foobar
domains: domains:
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
TCPRouter1: TCPRouter1:
entryPoints: entryPoints:
- foobar - foobar
- foobar - foobar
service: foobar service: foobar
rule: foobar rule: foobar
tls: tls:
@ -313,60 +313,60 @@ tcp:
options: foobar options: foobar
certResolver: foobar certResolver: foobar
domains: domains:
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
- main: foobar - main: foobar
sans: sans:
- foobar - foobar
- foobar - foobar
services: services:
TCPService0: TCPService0:
loadBalancer: loadBalancer:
terminationDelay: 100 terminationDelay: 100
servers: servers:
- address: foobar - address: foobar
- address: foobar - address: foobar
TCPService1: TCPService1:
loadBalancer: loadBalancer:
terminationDelay: 100 terminationDelay: 100
servers: servers:
- address: foobar - address: foobar
- address: foobar - address: foobar
tls: tls:
certificates: certificates:
- certFile: foobar - certFile: foobar
keyFile: foobar keyFile: foobar
stores: stores:
- foobar - foobar
- foobar - foobar
- certFile: foobar - certFile: foobar
keyFile: foobar keyFile: foobar
stores: stores:
- foobar - foobar
- foobar - foobar
options: options:
Options0: Options0:
minVersion: foobar minVersion: foobar
cipherSuites: cipherSuites:
- foobar - foobar
- foobar - foobar
clientAuth: clientAuth:
caFiles: caFiles:
- foobar - foobar
- foobar - foobar
clientAuthType: foobar clientAuthType: foobar
sniStrict: true sniStrict: true
Options1: Options1:
minVersion: foobar minVersion: foobar
cipherSuites: cipherSuites:
- foobar - foobar
- foobar - foobar
clientAuth: clientAuth:
caFiles: caFiles:
- foobar - foobar
- foobar - foobar
clientAuthType: foobar clientAuthType: foobar
sniStrict: true sniStrict: true
stores: stores:

View file

@ -110,13 +110,13 @@ You can define them using a toml file, CLI arguments, or a key-value store.
proxyProtocol: proxyProtocol:
insecure: true insecure: true
trustedIPs: trustedIPs:
- "127.0.0.1" - "127.0.0.1"
- "192.168.0.1" - "192.168.0.1"
forwardedHeaders: forwardedHeaders:
insecure: true insecure: true
trustedIPs: trustedIPs:
- "127.0.0.1" - "127.0.0.1"
- "192.168.0.1" - "192.168.0.1"
``` ```
```bash tab="CLI" ```bash tab="CLI"
@ -158,8 +158,8 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
address: ":80" address: ":80"
forwardedHeaders: forwardedHeaders:
trustedIPs: trustedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
```bash tab="CLI" ```bash tab="CLI"
@ -421,8 +421,8 @@ If the Proxy Protocol header is passed, then the version is determined automatic
address: ":80" address: ":80"
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
```bash tab="CLI" ```bash tab="CLI"

View file

@ -446,7 +446,8 @@ You can declare TCP Routers and/or Services using labels.
``` ```
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`" ??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
<!-- TODO doc terminationdelay in TCP services page -->
See [termination delay](../services/index.md#termination-delay) for more information.
```yaml ```yaml
- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100" - "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"

View file

@ -276,8 +276,101 @@ You can declare TCP Routers and/or Services using labels.
!!! warning "TCP and HTTP" !!! warning "TCP and HTTP"
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (as it would by default if no TCP Router/Service is defined). If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
Both a TCP Router/Service and an HTTP Router/Service can be created for the same application, but it has to be done explicitly in the config. You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
#### TCP Routers
??? info "`traefik.tcp.routers.<router_name>.entrypoints`"
See [entry points](../routers/index.md#entrypoints_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.entrypoints": "ep1,ep2"
```
??? info "`traefik.tcp.routers.<router_name>.rule`"
See [rule](../routers/index.md#rule_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.rule": "HostSNI(`myhost.com`)"
```
??? info "`traefik.tcp.routers.<router_name>.service`"
See [service](../routers/index.md#services) for more information.
```json
"traefik.tcp.routers.mytcprouter.service": "myservice"
```
??? info "`traefik.tcp.routers.<router_name>.tls`"
See [TLS](../routers/index.md#tls_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls": "true
```
??? info "`traefik.tcp.routers.<router_name>.tls.certresolver`"
See [certResolver](../routers/index.md#certresolver_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.certresolver": "myresolver"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].main`"
See [domains](../routers/index.md#domains_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.domains[0].main": "foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
See [domains](../routers/index.md#domains_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
See [options](../routers/index.md#options_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.options": "mysoptions"
```
??? info "`traefik.tcp.routers.<router_name>.tls.passthrough`"
See [TLS](../routers/index.md#tls_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.passthrough": "true"
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"
Registers a port of the application.
```json
"traefik.tcp.services.mytcpservice.loadbalancer.server.port": "423"
```
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
See [termination delay](../services/index.md#termination-delay) for more information.
```json
"traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay": "100"
```
### Specific Provider Options ### Specific Provider Options

View file

@ -262,6 +262,119 @@ More information about available middlewares in the dedicated [middlewares secti
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared. If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
### TCP
You can declare TCP Routers and/or Services using labels.
??? example "Declaring TCP Routers and Services"
```yaml
services:
my-container:
# ...
labels:
- "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
- "traefik.tcp.routers.my-router.tls=true"
- "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
```
!!! warning "TCP and HTTP"
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
#### TCP Routers
??? info "`traefik.tcp.routers.<router_name>.entrypoints`"
See [entry points](../routers/index.md#entrypoints_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2"
```
??? info "`traefik.tcp.routers.<router_name>.rule`"
See [rule](../routers/index.md#rule_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
```
??? info "`traefik.tcp.routers.<router_name>.service`"
See [service](../routers/index.md#services) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.service=myservice"
```
??? info "`traefik.tcp.routers.<router_name>.tls`"
See [TLS](../routers/index.md#tls_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls=true"
```
??? info "`traefik.tcp.routers.<router_name>.tls.certresolver`"
See [certResolver](../routers/index.md#certresolver_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].main`"
See [domains](../routers/index.md#domains_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
See [domains](../routers/index.md#domains_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
See [options](../routers/index.md#options_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.options=mysoptions"
```
??? info "`traefik.tcp.routers.<router_name>.tls.passthrough`"
See [TLS](../routers/index.md#tls_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.passthrough=true"
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"
Registers a port of the application.
```yaml
- "traefik.tcp.services.mytcpservice.loadbalancer.server.port=423"
```
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
See [termination delay](../services/index.md#termination-delay) for more information.
```yaml
- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"
```
### Specific Provider Options ### Specific Provider Options
#### `traefik.enable` #### `traefik.enable`

View file

@ -50,7 +50,7 @@ In the process, routers may use pieces of [middleware](../../middlewares/overvie
routers: routers:
to-database: to-database:
entryPoints: entryPoints:
- "mysql" - "mysql"
# Catch every request (only available rule for non-tls routers. See below.) # Catch every request (only available rule for non-tls routers. See below.)
rule: "HostSNI(`*`)" rule: "HostSNI(`*`)"
service: database service: database
@ -164,8 +164,8 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
Router-1: Router-1:
# won't listen to entry point web # won't listen to entry point web
entryPoints: entryPoints:
- "websecure" - "websecure"
- "other" - "other"
rule: "Host(`traefik.io`)" rule: "Host(`traefik.io`)"
service: "service-1" service: "service-1"
``` ```
@ -415,8 +415,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
foo: foo:
minVersion: VersionTLS12 minVersion: VersionTLS12
cipherSuites: cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_256_GCM_SHA384
``` ```
!!! important "Conflicting TLS Options" !!! important "Conflicting TLS Options"
@ -510,8 +510,8 @@ http:
tls: tls:
certResolver: "bar" certResolver: "bar"
domains: domains:
- main: "snitest.com" - main: "snitest.com"
sans: "*.snitest.com" sans: "*.snitest.com"
``` ```
[ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates. [ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
@ -627,8 +627,8 @@ If you want to limit the router scope to a set of entry points, set the entry po
Router-1: Router-1:
# won't listen to entry point web # won't listen to entry point web
entryPoints: entryPoints:
- "websecure" - "websecure"
- "other" - "other"
rule: "HostSNI(`traefik.io`)" rule: "HostSNI(`traefik.io`)"
service: "service-1" service: "service-1"
# will route TLS requests (and ignore non tls requests) # will route TLS requests (and ignore non tls requests)
@ -787,8 +787,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
foo: foo:
minVersion: VersionTLS12 minVersion: VersionTLS12
cipherSuites: cipherSuites:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_AES_256_GCM_SHA384"
``` ```
#### `certResolver` #### `certResolver`
@ -839,6 +839,6 @@ tcp:
tls: tls:
certResolver: "bar" certResolver: "bar"
domains: domains:
- main: "snitest.com" - main: "snitest.com"
sans: "*.snitest.com" sans: "*.snitest.com"
``` ```

View file

@ -143,7 +143,7 @@ entryPoints:
serversTransport: serversTransport:
# For secure connection on backend.local # For secure connection on backend.local
rootCAs: rootCAs:
- ./backend.cert - ./backend.cert
providers: providers:
file: file:

View file

@ -87,9 +87,9 @@ nav:
- 'Services': 'routing/services/index.md' - 'Services': 'routing/services/index.md'
- 'Providers': - 'Providers':
- 'Docker': 'routing/providers/docker.md' - 'Docker': 'routing/providers/docker.md'
- 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md'
- 'Rancher': 'routing/providers/rancher.md' - 'Rancher': 'routing/providers/rancher.md'
- 'Marathon': 'routing/providers/marathon.md' - 'Marathon': 'routing/providers/marathon.md'
- 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md'
- 'HTTPS & TLS': - 'HTTPS & TLS':
- 'Overview': 'https/overview.md' - 'Overview': 'https/overview.md'
- 'TLS': 'https/tls.md' - 'TLS': 'https/tls.md'