baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

YAML I love you

Browse source
This commit is contained in:
Michael 2019-09-23 17:00:06 +02:00 committed by Traefiker Bot
parent bfde17b4d7
commit 17480abe85
37 changed files with 636 additions and 429 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/content/https/acme.md
View file

@ -303,8 +303,8 @@ certificatesResolvers:
dnsChallenge:
# ...
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
- "1.1.1.1:53"
- "8.8.8.8:53"
```
```bash tab="CLI"

36
docs/content/https/tls.md
View file

@ -30,10 +30,10 @@ To add / remove TLS certificates, even when Traefik is already running, their de
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
```
!!! important "Restriction"
@ -88,14 +88,14 @@ In the `tls.certificates` section, a list of stores can then be specified to ind
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
stores:
- default
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
stores:
- default
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
```
!!! important "Restriction"
@ -203,8 +203,8 @@ tls:
options:
default:
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
```
```yaml tab="Kubernetes"
@ -216,8 +216,8 @@ metadata:
spec:
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
```
!!! important "TLS 1.3"
@ -293,8 +293,8 @@ tls:
clientAuth:
# in PEM format. each file can contain multiple CAs.
caFiles:
- tests/clientca1.crt
- tests/clientca2.crt
- tests/clientca1.crt
- tests/clientca2.crt
clientAuthType: RequireAndVerifyClientCert
```

4
docs/content/middlewares/addprefix.md
View file

@ -12,7 +12,7 @@ The AddPrefix middleware updates the URL Path of the request before forwarding i
```yaml tab="Docker"
# Prefixing with /foo
labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
```
```yaml tab="Kubernetes"
@ -35,7 +35,7 @@ spec:
```yaml tab="Rancher"
# Prefixing with /foo
labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
```
```toml tab="File (TOML)"

26
docs/content/middlewares/basicauth.md
View file

@ -16,7 +16,7 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="Kubernetes"
@ -39,7 +39,7 @@ spec:
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
@ -59,8 +59,8 @@ http:
test-auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
## Configuration Options
@ -89,7 +89,7 @@ The `users` option is an array of authorized users. Each user will be declared u
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="Kubernetes"
@ -124,7 +124,7 @@ data:
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
@ -144,8 +144,8 @@ http:
test-auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
### `usersFile`
@ -161,7 +161,7 @@ The file content is a list of `name:encoded-password`.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
```
```yaml tab="Kubernetes"
@ -224,7 +224,7 @@ You can customize the realm for the authentication with the `realm` option. The
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
```
```yaml tab="Kubernetes"
@ -268,7 +268,7 @@ You can define a header field to store the authenticated user using the `headerF
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
```
```yaml tab="Kubernetes"
@ -309,7 +309,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
```
```yaml tab="Kubernetes"
@ -330,7 +330,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
```
```toml tab="File (TOML)"

24
docs/content/middlewares/buffering.md
View file

@ -16,7 +16,7 @@ This can help services deal with large data (multipart/form-data for example), a
```yaml tab="Docker"
# Sets the maximum request body to 2Mb
labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```yaml tab="Kubernetes"
@ -39,7 +39,7 @@ spec:
```yaml tab="Rancher"
# Sets the maximum request body to 2Mb
labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
@ -68,7 +68,7 @@ If the request exceeds the allowed size, it is not forwarded to the service and
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```yaml tab="Kubernetes"
@ -89,7 +89,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
@ -112,7 +112,7 @@ You can configure a threshold (in Bytes) from which the request will be buffered
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
```
```yaml tab="Kubernetes"
@ -133,7 +133,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
@ -158,7 +158,7 @@ If the response exceeds the allowed size, it is not forwarded to the client. The
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
```
```yaml tab="Kubernetes"
@ -179,7 +179,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
```
```toml tab="File (TOML)"
@ -202,7 +202,7 @@ You can configure a threshold (in Bytes) from which the response will be buffere
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
```
```yaml tab="Kubernetes"
@ -223,7 +223,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
```
```toml tab="File (TOML)"
@ -248,7 +248,7 @@ You can have the Buffering middleware replay the request with the help of the `r
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
```
```yaml tab="Kubernetes"
@ -269,7 +269,7 @@ You can have the Buffering middleware replay the request with the help of the `r
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
```
```toml tab="File (TOML)"

48
docs/content/middlewares/chain.md
View file

@ -14,14 +14,14 @@ Example "A Chain for WhiteList, BasicAuth, and HTTPS"
```yaml tab="Docker"
labels:
- "traefik.http.routers.router1.service=service1"
- "traefik.http.routers.router1.middlewares=secured"
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
- "traefik.http.routers.router1.service=service1"
- "traefik.http.routers.router1.middlewares=secured"
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
```yaml tab="Kubernetes"
@ -98,14 +98,14 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.routers.router1.service=service1"
- "traefik.http.routers.router1.middlewares=secured"
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
- "traefik.http.routers.router1.service=service1"
- "traefik.http.routers.router1.middlewares=secured"
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
```toml tab="File (TOML)"
@ -143,21 +143,21 @@ http:
router1:
service: service1
middlewares:
- secured
- secured
rule: "Host(`mydomain`)"
middlewares:
secured:
chain:
middlewares:
- https-only
- known-ips
- auth-users
- https-only
- known-ips
- auth-users
auth-users:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
https-only:
redirectScheme:
@ -166,12 +166,12 @@ http:
known-ips:
ipWhiteList:
sourceRange:
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
services:
service1:
loadBalancer:
servers:
- url: "http://127.0.0.1:80"
- url: "http://127.0.0.1:80"
```

4
docs/content/middlewares/circuitbreaker.md
View file

@ -31,7 +31,7 @@ To assess if your system is healthy, the circuit breaker constantly monitors the
```yaml tab="Docker"
# Latency Check
labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
```
```yaml tab="Kubernetes"
@ -54,7 +54,7 @@ spec:
```yaml tab="Rancher"
# Latency Check
labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
```
```toml tab="File (TOML)"

4
docs/content/middlewares/compress.md
View file

@ -12,7 +12,7 @@ The Compress middleware enables the gzip compression.
```yaml tab="Docker"
# Enable gzip compression
labels:
- "traefik.http.middlewares.test-compress.compress=true"
- "traefik.http.middlewares.test-compress.compress=true"
```
```yaml tab="Kubernetes"
@ -34,7 +34,7 @@ spec:
```yaml tab="Rancher"
# Enable gzip compression
labels:
- "traefik.http.middlewares.test-compress.compress=true"
- "traefik.http.middlewares.test-compress.compress=true"
```
```toml tab="File (TOML)"

22
docs/content/middlewares/digestauth.md
View file

@ -12,7 +12,7 @@ The DigestAuth middleware is a quick way to restrict access to your services to
```yaml tab="Docker"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```yaml tab="Kubernetes"
@ -35,7 +35,7 @@ spec:
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
@ -55,8 +55,8 @@ http:
test-auth:
digestAuth:
users:
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
## Configuration Options
@ -76,7 +76,7 @@ The `users` option is an array of authorized users. Each user will be declared u
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```yaml tab="Kubernetes"
@ -108,7 +108,7 @@ data:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
@ -126,8 +126,8 @@ http:
test-auth:
digestAuth:
users:
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
### `usersFile`
@ -143,7 +143,7 @@ The file content is a list of `name:realm:encoded-password`.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
```
```yaml tab="Kubernetes"
@ -206,7 +206,7 @@ You can customize the realm for the authentication with the `realm` option. The
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
```
```yaml tab="Kubernetes"
@ -296,7 +296,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
```
```yaml tab="Kubernetes"

16
docs/content/middlewares/errorpages.md
View file

@ -15,9 +15,9 @@ The ErrorPage middleware returns a custom page in lieu of the default, according
```yaml tab="Docker"
# Dynamic Custom Error Page for 5XX Status Code
labels:
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
```
```yaml tab="Kubernetes"
@ -28,7 +28,7 @@ metadata:
spec:
errors:
status:
- 500-599
- 500-599
query: /{status}.html
service:
name: whoami
@ -46,9 +46,9 @@ spec:
```yaml tab="Rancher"
# Dynamic Custom Error Page for 5XX Status Code
labels:
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
```
```toml tab="File (TOML)"
@ -70,7 +70,7 @@ http:
test-errorpage:
errors:
status:
- "500-599"
- "500-599"
service: serviceError
query: "/{status}.html"

52
docs/content/middlewares/forwardauth.md
View file

@ -14,7 +14,7 @@ Otherwise, the response from the authentication server is returned.
```yaml tab="Docker"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
```
```yaml tab="Kubernetes"
@ -37,7 +37,7 @@ spec:
```yaml tab="Rancher"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
```
```toml tab="File (TOML)"
@ -64,7 +64,7 @@ The `address` option defines the authentication server address.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
```
```yaml tab="Kubernetes"
@ -85,7 +85,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
```
```toml tab="File (TOML)"
@ -108,7 +108,7 @@ Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwa
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```yaml tab="Kubernetes"
@ -130,7 +130,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```toml tab="File (TOML)"
@ -155,7 +155,7 @@ The `authResponseHeaders` option is the list of the headers to copy from the aut
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
```
```yaml tab="Kubernetes"
@ -167,8 +167,8 @@ spec:
forwardAuth:
address: https://authserver.com/auth
authResponseHeaders:
- X-Auth-User
- X-Secret
- X-Auth-User
- X-Secret
```
```json tab="Marathon"
@ -179,7 +179,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
```
```toml tab="File (TOML)"
@ -196,8 +196,8 @@ http:
forwardAuth:
address: "https://authserver.com/auth"
authResponseHeaders:
- "X-Auth-User"
- "X-Secret"
- "X-Auth-User"
- "X-Secret"
```
### `tls`
@ -210,7 +210,7 @@ Certificate Authority used for the secured connection to the authentication serv
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
```
```yaml tab="Kubernetes"
@ -243,7 +243,7 @@ data:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
```
```toml tab="File (TOML)"
@ -275,7 +275,7 @@ Requires `tls.ca` to be defined.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
```
```yaml tab="Kubernetes"
@ -298,7 +298,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
```
```toml tab="File (TOML)"
@ -325,8 +325,8 @@ Public certificate used for the secured connection to the authentication server.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```yaml tab="Kubernetes"
@ -361,8 +361,8 @@ data:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
@ -394,8 +394,8 @@ Private certificate used for the secure connection to the authentication server.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```yaml tab="Kubernetes"
@ -430,8 +430,8 @@ data:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
@ -463,7 +463,7 @@ If `insecureSkipVerify` is `true`, TLS for the connection to authentication serv
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
```
```yaml tab="Kubernetes"
@ -485,7 +485,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
```
```toml tab="File (TOML)"

14
docs/content/middlewares/headers.md
View file

@ -15,8 +15,8 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
```
```yaml tab="Kubernetes"
@ -41,8 +41,8 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
```
```toml tab="File (TOML)"
@ -236,9 +236,9 @@ http:
testHeader:
headers:
accessControlAllowMethod:
- GET
- OPTIONS
- PUT
- GET
- OPTIONS
- PUT
accessControlAllowOrigin: "origin-list-or-null"
accessControlMaxAge: 100
addVaryHeader: true

36
docs/content/middlewares/inflightreq.md
View file

@ -11,7 +11,7 @@ To proactively prevent services from being overwhelmed with high load, a limit o
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```yaml tab="Kubernetes"
@ -33,7 +33,7 @@ spec:
```yaml tab="Rancher"
# Limiting to 10 simultaneous connections
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```toml tab="File (TOML)"
@ -61,7 +61,7 @@ The middleware will return an `HTTP 429 Too Many Requests` if there are already
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```yaml tab="Kubernetes"
@ -83,7 +83,7 @@ spec:
```yaml tab="Rancher"
# Limiting to 10 simultaneous connections
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```toml tab="File (TOML)"
@ -131,7 +131,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
```
```yaml tab="Kubernetes"
@ -148,7 +148,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
```
```json tab="Marathon"
@ -192,7 +192,7 @@ http:
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
@ -209,17 +209,17 @@ spec:
- 192.168.1.7
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
@ -235,8 +235,8 @@ http:
sourceCriterion:
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
```
#### `sourceCriterion.requestHeaderName`
@ -245,7 +245,7 @@ Requests having the same value for the given header are grouped as coming from t
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
```
```yaml tab="Kubernetes"
@ -261,7 +261,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
```
```json tab="Marathon"
@ -292,7 +292,7 @@ Whether to consider the request host as the source.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
```
```yaml tab="Kubernetes"
@ -308,7 +308,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
```
```json tab="Marathon"

44
docs/content/middlewares/ipwhitelist.md
View file

@ -12,7 +12,7 @@ IPWhitelist accepts / refuses requests based on the client IP.
```yaml tab="Docker"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
@ -23,8 +23,8 @@ metadata:
spec:
ipWhiteList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
- 127.0.0.1/32
- 192.168.1.7
```
```json tab="Marathon"
@ -36,7 +36,7 @@ spec:
```yaml tab="Rancher"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
@ -53,8 +53,8 @@ http:
test-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
```
## Configuration Options
@ -76,8 +76,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```yaml tab="Kubernetes"
@ -89,8 +89,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
spec:
ipWhiteList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
- 127.0.0.1/32
- 192.168.1.7
ipStrategy:
depth: 2
```
@ -98,14 +98,14 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
}
```
@ -125,8 +125,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
test-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
ipStrategy:
depth: 2
```
@ -164,19 +164,19 @@ spec:
ipWhiteList:
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
- 127.0.0.1/32
- 192.168.1.7
```
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
@ -196,8 +196,8 @@ http:
ipWhiteList:
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
```
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.

6
docs/content/middlewares/overview.md
View file

@ -60,7 +60,7 @@ spec:
routes:
# more fields...
middlewares:
- name: stripprefix
- name: stripprefix
```
```json tab="Marathon"
@ -106,7 +106,7 @@ http:
router1:
service: myService
middlewares:
- "foo-add-prefix"
- "foo-add-prefix"
rule: "Host(`example.com`)"
middlewares:
@ -118,7 +118,7 @@ http:
service1:
loadBalancer:
servers:
- url: "http://127.0.0.1:80"
- url: "http://127.0.0.1:80"
```
## Provider Namespace

72
docs/content/middlewares/passtlsclientcert.md
View file

@ -16,7 +16,7 @@ Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
```yaml tab="Docker"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
```
```yaml tab="Kubernetes"
@ -38,7 +38,7 @@ spec:
```yaml tab="Rancher"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
```
```toml tab="File (TOML)"
@ -62,23 +62,23 @@ http:
```yaml tab="Docker"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
```
```yaml tab="Kubernetes"
@ -114,23 +114,23 @@ http:
```yaml tab="Rancher"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
```
```json tab="Marathon"

34
docs/content/middlewares/ratelimit.md
View file

@ -11,8 +11,8 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
```
```yaml tab="Kubernetes"
@ -39,8 +39,8 @@ spec:
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
```
```toml tab="File (TOML)"
@ -72,7 +72,7 @@ It defaults to 0, which means no rate limiting.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
```
```yaml tab="Kubernetes"
@ -93,7 +93,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
```
```toml tab="File (TOML)"
@ -117,7 +117,7 @@ It defaults to 1.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
```yaml tab="Kubernetes"
@ -138,7 +138,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
@ -187,7 +187,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
@ -206,7 +206,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
@ -230,8 +230,8 @@ http:
sourceCriterion:
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
```
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
@ -254,7 +254,7 @@ Requests having the same value for the given header are grouped as coming from t
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
```
```yaml tab="Kubernetes"
@ -270,7 +270,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
```
```json tab="Marathon"
@ -301,7 +301,7 @@ Whether to consider the request host as the source.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
```
```yaml tab="Kubernetes"
@ -317,7 +317,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
```
```json tab="Marathon"
@ -340,4 +340,4 @@ http:
rateLimit:
sourceCriterion:
requestHost: true
```
```

9
docs/content/middlewares/redirectregex.md
View file

@ -15,8 +15,8 @@ RegexRedirect redirect a request from an url to another with regex matching and
# Redirect with domain replacement
# Note: all dollar signs need to be doubled for escaping.
labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
```
```yaml tab="Kubernetes"
@ -42,8 +42,8 @@ spec:
# Redirect with domain replacement
# Note: all dollar signs need to be doubled for escaping.
labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
```
```toml tab="File (TOML)"
@ -85,4 +85,3 @@ The `regex` option is the regular expression to match and capture elements from
### `replacement`
The `replacement` option defines how to modify the URL to have the new target URL.

4
docs/content/middlewares/redirectscheme.md
View file

@ -14,7 +14,7 @@ RegexRedirect redirect request from a scheme to another.
```yaml tab="Docker"
# Redirect to https
labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
```
```yaml tab="Kubernetes"
@ -37,7 +37,7 @@ spec:
```yaml tab="Rancher"
# Redirect to https
labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
```
```toml tab="File (TOML)"

4
docs/content/middlewares/replacepath.md
View file

@ -14,7 +14,7 @@ Replace the path of the request url.
```yaml tab="Docker"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
```
```yaml tab="Kubernetes"
@ -37,7 +37,7 @@ spec:
```yaml tab="Rancher"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
```
```toml tab="File (TOML)"

8
docs/content/middlewares/replacepathregex.md
View file

@ -14,8 +14,8 @@ The ReplaceRegex replace a path from an url to another with regex matching and r
```yaml tab="Docker"
# Replace path with regex
labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
```
```yaml tab="Kubernetes"
@ -40,8 +40,8 @@ spec:
```yaml tab="Rancher"
# Replace path with regex
labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
```
```toml tab="File (TOML)"

6
docs/content/middlewares/retry.md
View file

@ -15,7 +15,7 @@ To be clear, as soon as the server answers, the middleware stops retrying, regar
```yaml tab="Docker"
# Retry to send request 4 times
labels:
- "traefik.http.middlewares.test-retry.retry.attempts=4"
- "traefik.http.middlewares.test-retry.retry.attempts=4"
```
```yaml tab="Kubernetes"
@ -38,7 +38,7 @@ spec:
```yaml tab="Rancher"
# Retry to send request 4 times
labels:
- "traefik.http.middlewares.test-retry.retry.attempts=4"
- "traefik.http.middlewares.test-retry.retry.attempts=4"
```
```toml tab="File (TOML)"
@ -63,4 +63,4 @@ http:
_mandatory_
The `attempts` option defines how many times the request should be retried.
The `attempts` option defines how many times the request should be retried.

12
docs/content/middlewares/stripprefix.md
View file

@ -14,7 +14,7 @@ Remove the specified prefixes from the URL path.
```yaml tab="Docker"
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
```
```yaml tab="Kubernetes"
@ -26,8 +26,8 @@ metadata:
spec:
stripPrefix:
prefixes:
- /foobar
- /fiibar
- /foobar
- /fiibar
```
```json tab="Marathon"
@ -39,7 +39,7 @@ spec:
```yaml tab="Rancher"
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
```
```toml tab="File (TOML)"
@ -56,8 +56,8 @@ http:
test-stripprefix:
stripPrefix:
prefixes:
- "/foobar"
- "/fiibar"
- "/foobar"
- "/fiibar"
```
## Configuration Options

8
docs/content/middlewares/stripprefixregex.md
View file

@ -9,7 +9,7 @@ Remove the matching prefixes from the URL path.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
```
```yaml tab="Kubernetes"
@ -20,7 +20,7 @@ metadata:
spec:
stripPrefixRegex:
regex:
- "/foo/[a-z0-9]+/[0-9]+/"
- "/foo/[a-z0-9]+/[0-9]+/"
```
```json tab="Marathon"
@ -31,7 +31,7 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
```
```toml tab="File (TOML)"
@ -46,7 +46,7 @@ http:
test-stripprefixregex:
stripPrefixRegex:
regex:
- "/foo/[a-z0-9]+/[0-9]+/"
- "/foo/[a-z0-9]+/[0-9]+/"
```
## Configuration Options

38
docs/content/migration/v1-to-v2.md
View file

@ -167,21 +167,21 @@ Then any router can refer to an instance of the wanted middleware.
rule: "Host(`test.localhost`) && PathPrefix(`/test`)"
service: my-service
middlewares:
- auth
- auth
services:
my-service:
loadBalancer:
servers:
- url: http://10.10.10.1:80
- url: http://10.10.10.2:80
- url: http://10.10.10.1:80
- url: http://10.10.10.2:80
middlewares:
auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
## TLS configuration is now dynamic, per router.
@ -261,8 +261,8 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
myTLSOptions:
minVersion: VersionTLS13
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
```
```yaml tab="K8s IngressRoute"
@ -290,11 +290,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
entryPoints:
- web
routes:
- match: Host(`bar.com`)
kind: Rule
services:
- name: whoami
port: 80
- match: Host(`bar.com`)
kind: Rule
services:
- name: whoami
port: 80
tls:
options:
name: mytlsoption
@ -464,15 +464,15 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
router0:
rule: "Host(`foo.com`)"
entryPoints:
- web
- web
middlewares:
- redirect
- redirect
service: my-service
router1:
rule: "Host(`foo.com`)"
entryPoints:
- web-secure
- web-secure
service: my-service
tls: {}
@ -480,8 +480,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
my-service:
loadBalancer:
servers:
- url: http://10.10.10.1:80
- url: http://10.10.10.2:80
- url: http://10.10.10.1:80
- url: http://10.10.10.2:80
middlewares:
redirect:
@ -490,8 +490,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
tls:
certificates:
- certFile: /app/certs/server/server.pem
keyFile: /app/certs/server/server.pem
- certFile: /app/certs/server/server.pem
keyFile: /app/certs/server/server.pem
```
## ACME (LetsEncrypt)

4
docs/content/observability/access-logs.md
View file

@ -95,8 +95,8 @@ accessLog:
format: json
filters:
statusCodes:
- "200"
- "300-302"
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"
```

8
docs/content/observability/metrics/prometheus.md
View file

@ -32,10 +32,10 @@ Buckets for latency metrics.
metrics:
prometheus:
buckets:
- 0.1
- 0.3
- 1.2
- 5.0
- 0.1
- 0.3
- 1.2
- 5.0
```
```bash tab="CLI"

17
docs/content/operations/api.md
View file

@ -40,6 +40,7 @@ api: {}
And then you will be able to reference it like this:
```yaml tab="Docker"
labels:
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
@ -59,9 +60,9 @@ And then you will be able to reference it like this:
# Declaring the user list
labels:
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
@ -72,9 +73,9 @@ labels:
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
@ -89,8 +90,8 @@ http:
auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
### `insecure`

26
docs/content/providers/kubernetes-ingress.md
View file

@ -34,17 +34,17 @@ metadata:
spec:
rules:
- host: foo.com
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- path: /foo
backend:
serviceName: service1
servicePort: 80
- host: foo.com
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- path: /foo
backend:
serviceName: service1
servicePort: 80
```
## Provider Configuration
@ -165,8 +165,8 @@ _Optional, Default: all namespaces (empty array)_
providers:
kubernetesIngress:
namespaces:
- "default"
- "production"
- "default"
- "production"
# ...
```

216
docs/content/reference/dynamic-configuration/file.yaml
View file

@ -2,11 +2,11 @@ http:
routers:
Router0:
entryPoints:
- foobar
- foobar
- foobar
- foobar
middlewares:
- foobar
- foobar
- foobar
- foobar
service: foobar
rule: foobar
priority: 42
@ -14,21 +14,21 @@ http:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
Router1:
entryPoints:
- foobar
- foobar
- foobar
- foobar
middlewares:
- foobar
- foobar
- foobar
- foobar
service: foobar
rule: foobar
priority: 42
@ -36,14 +36,14 @@ http:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
services:
Service01:
loadBalancer:
@ -53,8 +53,8 @@ http:
secure: true
httpOnly: true
servers:
- url: foobar
- url: foobar
- url: foobar
- url: foobar
healthCheck:
scheme: foobar
path: foobar
@ -72,17 +72,17 @@ http:
mirroring:
service: foobar
mirrors:
- name: foobar
percent: 42
- name: foobar
percent: 42
- name: foobar
percent: 42
- name: foobar
percent: 42
Service03:
weighted:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
- name: foobar
weight: 42
- name: foobar
weight: 42
sticky:
cookie:
name: foobar
@ -95,8 +95,8 @@ http:
Middleware01:
basicAuth:
users:
- foobar
- foobar
- foobar
- foobar
usersFile: foobar
realm: foobar
removeHeader: true
@ -111,8 +111,8 @@ http:
Middleware03:
chain:
middlewares:
- foobar
- foobar
- foobar
- foobar
Middleware04:
circuitBreaker:
expression: foobar
@ -121,8 +121,8 @@ http:
Middleware06:
digestAuth:
users:
- foobar
- foobar
- foobar
- foobar
usersFile: foobar
removeHeader: true
realm: foobar
@ -130,8 +130,8 @@ http:
Middleware07:
errors:
status:
- foobar
- foobar
- foobar
- foobar
service: foobar
query: foobar
Middleware08:
@ -145,8 +145,8 @@ http:
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- foobar
- foobar
- foobar
- foobar
Middleware09:
headers:
customRequestHeaders:
@ -157,23 +157,23 @@ http:
name1: foobar
accessControlAllowCredentials: true
accessControlAllowHeaders:
- foobar
- foobar
- foobar
- foobar
accessControlAllowMethods:
- foobar
- foobar
- foobar
- foobar
accessControlAllowOrigin: foobar
accessControlExposeHeaders:
- foobar
- foobar
- foobar
- foobar
accessControlMaxAge: 42
addVaryHeader: true
allowedHosts:
- foobar
- foobar
- foobar
- foobar
hostsProxyHeaders:
- foobar
- foobar
- foobar
- foobar
sslRedirect: true
sslTemporaryRedirect: true
sslHost: foobar
@ -198,13 +198,13 @@ http:
Middleware10:
ipWhiteList:
sourceRange:
- foobar
- foobar
- foobar
- foobar
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
- foobar
- foobar
Middleware11:
inFlightReq:
amount: 42
@ -212,8 +212,8 @@ http:
ipstrategy:
depth: 42
excludedIPs:
- foobar
- foobar
- foobar
- foobar
requestHeaderName: foobar
requestHost: true
Middleware12:
@ -247,8 +247,8 @@ http:
ipstrategy:
depth: 42
excludedIPs:
- foobar
- foobar
- foobar
- foobar
requestHeaderName: foobar
requestHost: true
Middleware14:
@ -274,19 +274,19 @@ http:
Middleware19:
stripPrefix:
prefixes:
- foobar
- foobar
- foobar
- foobar
Middleware20:
stripPrefixRegex:
regex:
- foobar
- foobar
- foobar
- foobar
tcp:
routers:
TCPRouter0:
entryPoints:
- foobar
- foobar
- foobar
- foobar
service: foobar
rule: foobar
tls:
@ -294,18 +294,18 @@ tcp:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
TCPRouter1:
entryPoints:
- foobar
- foobar
- foobar
- foobar
service: foobar
rule: foobar
tls:
@ -313,60 +313,60 @@ tcp:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
services:
TCPService0:
loadBalancer:
terminationDelay: 100
servers:
- address: foobar
- address: foobar
- address: foobar
- address: foobar
TCPService1:
loadBalancer:
terminationDelay: 100
servers:
- address: foobar
- address: foobar
- address: foobar
- address: foobar
tls:
certificates:
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
options:
Options0:
minVersion: foobar
cipherSuites:
- foobar
- foobar
- foobar
- foobar
clientAuth:
caFiles:
- foobar
- foobar
- foobar
- foobar
clientAuthType: foobar
sniStrict: true
Options1:
minVersion: foobar
cipherSuites:
- foobar
- foobar
- foobar
- foobar
clientAuth:
caFiles:
- foobar
- foobar
- foobar
- foobar
clientAuthType: foobar
sniStrict: true
stores:

16
docs/content/routing/entrypoints.md
View file

@ -110,13 +110,13 @@ You can define them using a toml file, CLI arguments, or a key-value store.
proxyProtocol:
insecure: true
trustedIPs:
- "127.0.0.1"
- "192.168.0.1"
- "127.0.0.1"
- "192.168.0.1"
forwardedHeaders:
insecure: true
trustedIPs:
- "127.0.0.1"
- "192.168.0.1"
- "127.0.0.1"
- "192.168.0.1"
```
```bash tab="CLI"
@ -158,8 +158,8 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
address: ":80"
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
```
```bash tab="CLI"
@ -421,8 +421,8 @@ If the Proxy Protocol header is passed, then the version is determined automatic
address: ":80"
proxyProtocol:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- "127.0.0.1/32"
- "192.168.1.7"
```
```bash tab="CLI"

3
docs/content/routing/providers/docker.md
View file

@ -446,7 +446,8 @@ You can declare TCP Routers and/or Services using labels.
```
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
<!-- TODO doc terminationdelay in TCP services page -->
See [termination delay](../services/index.md#termination-delay) for more information.
```yaml
- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"

97
docs/content/routing/providers/marathon.md
View file

@ -276,8 +276,101 @@ You can declare TCP Routers and/or Services using labels.
!!! warning "TCP and HTTP"
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (as it would by default if no TCP Router/Service is defined).
Both a TCP Router/Service and an HTTP Router/Service can be created for the same application, but it has to be done explicitly in the config.
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
#### TCP Routers
??? info "`traefik.tcp.routers.<router_name>.entrypoints`"
See [entry points](../routers/index.md#entrypoints_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.entrypoints": "ep1,ep2"
```
??? info "`traefik.tcp.routers.<router_name>.rule`"
See [rule](../routers/index.md#rule_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.rule": "HostSNI(`myhost.com`)"
```
??? info "`traefik.tcp.routers.<router_name>.service`"
See [service](../routers/index.md#services) for more information.
```json
"traefik.tcp.routers.mytcprouter.service": "myservice"
```
??? info "`traefik.tcp.routers.<router_name>.tls`"
See [TLS](../routers/index.md#tls_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls": "true
```
??? info "`traefik.tcp.routers.<router_name>.tls.certresolver`"
See [certResolver](../routers/index.md#certresolver_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.certresolver": "myresolver"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].main`"
See [domains](../routers/index.md#domains_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.domains[0].main": "foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
See [domains](../routers/index.md#domains_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
See [options](../routers/index.md#options_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.options": "mysoptions"
```
??? info "`traefik.tcp.routers.<router_name>.tls.passthrough`"
See [TLS](../routers/index.md#tls_1) for more information.
```json
"traefik.tcp.routers.mytcprouter.tls.passthrough": "true"
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"
Registers a port of the application.
```json
"traefik.tcp.services.mytcpservice.loadbalancer.server.port": "423"
```
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
See [termination delay](../services/index.md#termination-delay) for more information.
```json
"traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay": "100"
```
### Specific Provider Options

113
docs/content/routing/providers/rancher.md
View file

@ -262,6 +262,119 @@ More information about available middlewares in the dedicated [middlewares secti
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
### TCP
You can declare TCP Routers and/or Services using labels.
??? example "Declaring TCP Routers and Services"
```yaml
services:
my-container:
# ...
labels:
- "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
- "traefik.tcp.routers.my-router.tls=true"
- "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
```
!!! warning "TCP and HTTP"
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
#### TCP Routers
??? info "`traefik.tcp.routers.<router_name>.entrypoints`"
See [entry points](../routers/index.md#entrypoints_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2"
```
??? info "`traefik.tcp.routers.<router_name>.rule`"
See [rule](../routers/index.md#rule_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
```
??? info "`traefik.tcp.routers.<router_name>.service`"
See [service](../routers/index.md#services) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.service=myservice"
```
??? info "`traefik.tcp.routers.<router_name>.tls`"
See [TLS](../routers/index.md#tls_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls=true"
```
??? info "`traefik.tcp.routers.<router_name>.tls.certresolver`"
See [certResolver](../routers/index.md#certresolver_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].main`"
See [domains](../routers/index.md#domains_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
See [domains](../routers/index.md#domains_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
```
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
See [options](../routers/index.md#options_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.options=mysoptions"
```
??? info "`traefik.tcp.routers.<router_name>.tls.passthrough`"
See [TLS](../routers/index.md#tls_1) for more information.
```yaml
- "traefik.tcp.routers.mytcprouter.tls.passthrough=true"
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"
Registers a port of the application.
```yaml
- "traefik.tcp.services.mytcpservice.loadbalancer.server.port=423"
```
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
See [termination delay](../services/index.md#termination-delay) for more information.
```yaml
- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"
```
### Specific Provider Options
#### `traefik.enable`

26
docs/content/routing/routers/index.md
View file

@ -50,7 +50,7 @@ In the process, routers may use pieces of [middleware](../../middlewares/overvie
routers:
to-database:
entryPoints:
- "mysql"
- "mysql"
# Catch every request (only available rule for non-tls routers. See below.)
rule: "HostSNI(`*`)"
service: database
@ -164,8 +164,8 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
Router-1:
# won't listen to entry point web
entryPoints:
- "websecure"
- "other"
- "websecure"
- "other"
rule: "Host(`traefik.io`)"
service: "service-1"
```
@ -415,8 +415,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
foo:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
```
!!! important "Conflicting TLS Options"
@ -510,8 +510,8 @@ http:
tls:
certResolver: "bar"
domains:
- main: "snitest.com"
sans: "*.snitest.com"
- main: "snitest.com"
sans: "*.snitest.com"
```
[ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
@ -627,8 +627,8 @@ If you want to limit the router scope to a set of entry points, set the entry po
Router-1:
# won't listen to entry point web
entryPoints:
- "websecure"
- "other"
- "websecure"
- "other"
rule: "HostSNI(`traefik.io`)"
service: "service-1"
# will route TLS requests (and ignore non tls requests)
@ -787,8 +787,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
foo:
minVersion: VersionTLS12
cipherSuites:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_RSA_WITH_AES_256_GCM_SHA384"
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_RSA_WITH_AES_256_GCM_SHA384"
```
#### `certResolver`
@ -839,6 +839,6 @@ tcp:
tls:
certResolver: "bar"
domains:
- main: "snitest.com"
sans: "*.snitest.com"
- main: "snitest.com"
sans: "*.snitest.com"
```

2
docs/content/user-guides/grpc.md
View file

@ -143,7 +143,7 @@ entryPoints:
serversTransport:
# For secure connection on backend.local
rootCAs:
- ./backend.cert
- ./backend.cert
providers:
file:

2
docs/mkdocs.yml
View file

@ -87,9 +87,9 @@ nav:
- 'Services': 'routing/services/index.md'
- 'Providers':
- 'Docker': 'routing/providers/docker.md'
- 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md'
- 'Rancher': 'routing/providers/rancher.md'
- 'Marathon': 'routing/providers/marathon.md'
- 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md'
- 'HTTPS & TLS':
- 'Overview': 'https/overview.md'
- 'TLS': 'https/tls.md'