Fix some documentation issues
This commit is contained in:
parent
10acbb8d92
commit
261e7c1744
13 changed files with 40 additions and 40 deletions
|
@ -79,10 +79,6 @@ Passwords must be encoded using MD5, SHA1, or BCrypt.
|
||||||
|
|
||||||
The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.
|
The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.
|
||||||
|
|
||||||
!!! Note
|
|
||||||
|
|
||||||
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
|
|
||||||
|
|
||||||
### `usersFile`
|
### `usersFile`
|
||||||
|
|
||||||
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
|
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
|
||||||
|
@ -106,7 +102,7 @@ You can customize the realm for the authentication with the `realm` option. The
|
||||||
|
|
||||||
### `headerField`
|
### `headerField`
|
||||||
|
|
||||||
You can customize the header field for the authenticated user using the `headerField`option.
|
You can define a header field to store the authenticated user using the `headerField`option.
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
|
|
|
@ -132,7 +132,7 @@ For example, the expression `LatencyAtQuantileMS(50.0) > 100` will trigger the c
|
||||||
|
|
||||||
!!! Note
|
!!! Note
|
||||||
|
|
||||||
You must provide a float number (with the leading .0) for the quantile value
|
You must provide a float number (with the trailing .0) for the quantile value
|
||||||
|
|
||||||
#### Using multiple metrics
|
#### Using multiple metrics
|
||||||
|
|
||||||
|
@ -153,7 +153,6 @@ Here is the list of supported operators:
|
||||||
- Greater or equal than (`>=`)
|
- Greater or equal than (`>=`)
|
||||||
- Lesser than (`<`)
|
- Lesser than (`<`)
|
||||||
- Lesser or equal than (`<=`)
|
- Lesser or equal than (`<=`)
|
||||||
- Not (`!`)
|
|
||||||
- Equal (`==`)
|
- Equal (`==`)
|
||||||
- Not Equal (`!=`)
|
- Not Equal (`!=`)
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,6 @@ http:
|
||||||
|
|
||||||
Responses are compressed when:
|
Responses are compressed when:
|
||||||
|
|
||||||
* The response body is larger than `512` bytes.
|
* The response body is larger than `1400` bytes.
|
||||||
* The `Accept-Encoding` request header contains `gzip`.
|
* The `Accept-Encoding` request header contains `gzip`.
|
||||||
* The response is not already compressed, i.e. the `Content-Encoding` response header is not already set.
|
* The response is not already compressed, i.e. the `Content-Encoding` response header is not already set.
|
||||||
|
|
|
@ -77,7 +77,7 @@ http:
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
In this example, the error page URL is based on the status code (`query=/{status}.html)`.
|
In this example, the error page URL is based on the status code (`query=/{status}.html`).
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
|
||||||
|
|
|
@ -70,7 +70,12 @@ http:
|
||||||
`X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request,
|
`X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request,
|
||||||
and the `X-Custom-Response-Header` header removed from the response.
|
and the `X-Custom-Response-Header` header removed from the response.
|
||||||
|
|
||||||
Please note that is not possible to remove headers through the use of labels (Docker, Rancher, Marathon, ...) for now.
|
Please note that it is not possible to remove headers through the use of labels (Docker, Rancher, Marathon, ...) for now.
|
||||||
|
|
||||||
|
```yaml tab="Docker"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
|
||||||
|
```
|
||||||
|
|
||||||
```yaml tab="Kubernetes"
|
```yaml tab="Kubernetes"
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
|
@ -86,17 +91,17 @@ spec:
|
||||||
X-Custom-Response-Header: "" # Removes
|
X-Custom-Response-Header: "" # Removes
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Rancher"
|
|
||||||
labels:
|
|
||||||
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
|
|
||||||
```
|
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
"labels": {
|
"labels": {
|
||||||
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
|
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
|
||||||
|
```
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.testHeader.headers]
|
[http.middlewares.testHeader.headers]
|
||||||
|
@ -121,7 +126,7 @@ http:
|
||||||
|
|
||||||
### Using Security Headers
|
### Using Security Headers
|
||||||
|
|
||||||
Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured per frontend in a similar manner to the custom headers above.
|
Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured in a manner similar to the custom headers above.
|
||||||
This functionality allows for some easy security features to quickly be set.
|
This functionality allows for some easy security features to quickly be set.
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
|
@ -141,12 +146,6 @@ spec:
|
||||||
sslRedirect: "true"
|
sslRedirect: "true"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Rancher"
|
|
||||||
labels:
|
|
||||||
- "traefik.http.middlewares.testheader.headers.framedeny=true"
|
|
||||||
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
|
|
||||||
```
|
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
"labels": {
|
"labels": {
|
||||||
"traefik.http.middlewares.testheader.headers.framedeny": "true",
|
"traefik.http.middlewares.testheader.headers.framedeny": "true",
|
||||||
|
@ -154,6 +153,12 @@ labels:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testheader.headers.framedeny=true"
|
||||||
|
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
|
||||||
|
```
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.testHeader.headers]
|
[http.middlewares.testHeader.headers]
|
||||||
|
@ -172,7 +177,7 @@ http:
|
||||||
|
|
||||||
### CORS Headers
|
### CORS Headers
|
||||||
|
|
||||||
CORS (Cross-Origin Resource Sharing) headers can be added and configured per frontend in a similar manner to the custom headers above.
|
CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
|
||||||
This functionality allows for more advanced security features to quickly be set.
|
This functionality allows for more advanced security features to quickly be set.
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
|
@ -199,14 +204,6 @@ spec:
|
||||||
addVaryHeader: "true"
|
addVaryHeader: "true"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Rancher"
|
|
||||||
labels:
|
|
||||||
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
|
|
||||||
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
|
|
||||||
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
|
|
||||||
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
|
|
||||||
```
|
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
"labels": {
|
"labels": {
|
||||||
"traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
|
"traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
|
||||||
|
@ -216,6 +213,14 @@ labels:
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
```yaml tab="Rancher"
|
||||||
|
labels:
|
||||||
|
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
|
||||||
|
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
|
||||||
|
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
|
||||||
|
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
|
||||||
|
```
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.testHeader.headers]
|
[http.middlewares.testHeader.headers]
|
||||||
|
|
|
@ -74,7 +74,7 @@ The `ipStrategy` option defines two parameters that sets how Traefik will determ
|
||||||
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
|
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
|
||||||
|
|
||||||
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
||||||
- `depth` is ignored if its value is is lesser than or equal to 0.
|
- `depth` is ignored if its value is lesser than or equal to 0.
|
||||||
|
|
||||||
!!! note "Example of Depth & X-Forwarded-For"
|
!!! note "Example of Depth & X-Forwarded-For"
|
||||||
|
|
||||||
|
|
|
@ -144,7 +144,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||||
!!! note
|
!!! note
|
||||||
|
|
||||||
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
||||||
- `depth` is ignored if its value is is lesser than or equal to 0.
|
- `depth` is ignored if its value is lesser than or equal to 0.
|
||||||
|
|
||||||
#### `ipStrategy.excludedIPs`
|
#### `ipStrategy.excludedIPs`
|
||||||
|
|
||||||
|
|
|
@ -219,7 +219,7 @@ PassTLSClientCert can add two headers to the request:
|
||||||
!!! note
|
!!! note
|
||||||
The headers are filled with escaped string so it can be safely placed inside a URL query.
|
The headers are filled with escaped string so it can be safely placed inside a URL query.
|
||||||
|
|
||||||
In the following example, you can see a complete certificate. We will use each part of it to explains the middleware options.
|
In the following example, you can see a complete certificate. We will use each part of it to explain the middleware options.
|
||||||
|
|
||||||
??? example "A complete client tls certificate"
|
??? example "A complete client tls certificate"
|
||||||
|
|
||||||
|
|
|
@ -171,7 +171,7 @@ The `ipStrategy` option defines two parameters that sets how Traefik will determ
|
||||||
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
|
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
|
||||||
|
|
||||||
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
|
||||||
- `depth` is ignored if its value is is lesser than or equal to 0.
|
- `depth` is ignored if its value is lesser than or equal to 0.
|
||||||
|
|
||||||
!!! note "Example of Depth & X-Forwarded-For"
|
!!! note "Example of Depth & X-Forwarded-For"
|
||||||
|
|
||||||
|
|
|
@ -477,7 +477,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
# ...
|
# ...
|
||||||
labels:
|
labels:
|
||||||
- traefik.tcp.routers.my-router.rule="HostSNI(`my-host.com`)"
|
- traefik.tcp.routers.my-router.rule="HostSNI(`my-host.com`)"
|
||||||
- traefik.tcp.routers.my-router.rule.tls="true"
|
- traefik.tcp.routers.my-router.tls="true"
|
||||||
- traefik.tcp.services.my-service.loadbalancer.server.port="4123"
|
- traefik.tcp.services.my-service.loadbalancer.server.port="4123"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
@ -46,7 +46,7 @@ You can write these configuration elements:
|
||||||
entryPoints = ["web"]
|
entryPoints = ["web"]
|
||||||
middlewares = ["my-basic-auth"]
|
middlewares = ["my-basic-auth"]
|
||||||
service = "service-foo"
|
service = "service-foo"
|
||||||
rule = "Path(`foo`)"
|
rule = "Path(`/foo`)"
|
||||||
|
|
||||||
# Add the middleware
|
# Add the middleware
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
|
@ -75,7 +75,7 @@ You can write these configuration elements:
|
||||||
middlewares:
|
middlewares:
|
||||||
- my-basic-auth
|
- my-basic-auth
|
||||||
service: service-foo
|
service: service-foo
|
||||||
rule: Path(`foo`)
|
rule: Path(`/foo`)
|
||||||
|
|
||||||
# Add the middleware
|
# Add the middleware
|
||||||
middlewares:
|
middlewares:
|
||||||
|
|
|
@ -216,7 +216,7 @@ The table below lists all the available matchers:
|
||||||
| ```Host(`domain-1`, ...)``` | Check if the request domain targets one of the given `domains`. |
|
| ```Host(`domain-1`, ...)``` | Check if the request domain targets one of the given `domains`. |
|
||||||
| ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`. |
|
| ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`. |
|
||||||
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
|
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
|
||||||
| ```Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
|
| ```Path(`/path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
|
||||||
| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
|
| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
|
||||||
| ```Query(`foo=bar`, `bar=baz`)``` | Match` Query String parameters. It accepts a sequence of key=value pairs. |
|
| ```Query(`foo=bar`, `bar=baz`)``` | Match` Query String parameters. It accepts a sequence of key=value pairs. |
|
||||||
|
|
||||||
|
|
|
@ -98,7 +98,7 @@ The remaining section is going to explore them along with a benefit/cost trade-o
|
||||||
|
|
||||||
It may seem obvious to reuse the Marathon health checks as a signal to Traefik whether an application should be taken into load-balancing rotation or not.
|
It may seem obvious to reuse the Marathon health checks as a signal to Traefik whether an application should be taken into load-balancing rotation or not.
|
||||||
|
|
||||||
Apart from the increased latency a failing health check may have, a major problem with this is is that Marathon does not persist the health check results.
|
Apart from the increased latency a failing health check may have, a major problem with this is that Marathon does not persist the health check results.
|
||||||
Consequently, if a master re-election occurs in the Marathon clusters, all health check results will revert to the _unknown_ state, effectively causing all applications inside the cluster to become unavailable and leading to a complete cluster failure.
|
Consequently, if a master re-election occurs in the Marathon clusters, all health check results will revert to the _unknown_ state, effectively causing all applications inside the cluster to become unavailable and leading to a complete cluster failure.
|
||||||
Re-elections do not only happen during regular maintenance work (often requiring rolling upgrades of the Marathon nodes) but also when the Marathon leader fails spontaneously.
|
Re-elections do not only happen during regular maintenance work (often requiring rolling upgrades of the Marathon nodes) but also when the Marathon leader fails spontaneously.
|
||||||
As such, there is no way to handle this situation deterministically.
|
As such, there is no way to handle this situation deterministically.
|
||||||
|
|
Loading…
Reference in a new issue