diff --git a/docs/.markdownlint.json b/docs/.markdownlint.json index c32e197fd..0f5b86211 100644 --- a/docs/.markdownlint.json +++ b/docs/.markdownlint.json @@ -5,5 +5,6 @@ "MD013": false, "MD026": false, "MD033": false, - "MD034": false + "MD034": false, + "MD036": false } diff --git a/docs/content/glossary.md b/docs/content/glossary.md index f18bdcd85..ab645e458 100644 --- a/docs/content/glossary.md +++ b/docs/content/glossary.md @@ -9,8 +9,8 @@ Where Every Technical Word finds its Definition` - [ ] Routers - [ ] Middleware - [ ] Service -- [ ] Static Configuration -- [ ] Dynamic Configuration +- [ ] [Static configuration](getting-started/configuration-overview.md#the-static-configuration) +- [ ] [Dynamic configuration](getting-started/configuration-overview.md#the-dynamic-configuration) - [ ] ACME - [ ] TraefikEE - [ ] Tracing diff --git a/docs/content/https-tls/acme.md b/docs/content/https-tls/acme.md index cb6236bb7..d8992cca9 100644 --- a/docs/content/https-tls/acme.md +++ b/docs/content/https-tls/acme.md @@ -49,9 +49,13 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom sans = ["mydomain.com"] ``` -!!! note "Configuration Reference" - - There are many available options for ACME. For a quick glance at what's possible, browse the [configuration reference](../reference/acme.md). +??? note "Configuration Reference" + + There are many available options for ACME. For a quick glance at what's possible, browse the configuration reference: + + ```toml + --8<-- "content/https-tls/ref-acme.toml" + ``` ## The Different ACME Challenges diff --git a/docs/content/https-tls/ref-acme.toml b/docs/content/https-tls/ref-acme.toml new file mode 100644 index 000000000..4cc44f8e7 --- /dev/null +++ b/docs/content/https-tls/ref-acme.toml @@ -0,0 +1,150 @@ +# Enable ACME (Let's Encrypt): automatic SSL. +[acme] + +# Email address used for registration. +# +# Required +# +email = "test@traefik.io" + +# File used for certificates storage. +# +# Optional (Deprecated) +# +#storageFile = "acme.json" + +# File or key used for certificates storage. +# +# Required +# +storage = "acme.json" +# or `storage = "traefik/acme/account"` if using KV store. + +# Deprecated, replaced by [acme.dnsChallenge]. +# +# Optional. +# +# dnsProvider = "digitalocean" + +# Deprecated, replaced by [acme.dnsChallenge.delayBeforeCheck]. +# +# Optional +# Default: 0 +# +# delayDontCheckDNS = 0 + +# If true, display debug log messages from the acme client library. +# +# Optional +# Default: false +# +# acmeLogging = true + +# If true, override certificates in key-value store when using storeconfig. +# +# Optional +# Default: false +# +# overrideCertificates = true + +# Deprecated. Enable on demand certificate generation. +# +# Optional +# Default: false +# +# onDemand = true + +# Enable certificate generation on frontends host rules. +# +# Optional +# Default: false +# +# onHostRule = true + +# CA server to use. +# Uncomment the line to use Let's Encrypt's staging server, +# leave commented to go to prod. +# +# Optional +# Default: "https://acme-v02.api.letsencrypt.org/directory" +# +# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" + +# KeyType to use. +# +# Optional +# Default: "RSA4096" +# +# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192" +# +# KeyType = "RSA4096" + +# Use a TLS-ALPN-01 ACME challenge. +# +# Optional (but recommended) +# +[acme.tlsChallenge] + +# Use a HTTP-01 ACME challenge. +# +# Optional +# +# [acme.httpChallenge] + + # EntryPoint to use for the HTTP-01 challenges. + # + # Required + # + # entryPoint = "http" + +# Use a DNS-01 ACME challenge rather than HTTP-01 challenge. +# Note: mandatory for wildcard certificate generation. +# +# Optional +# +# [acme.dnsChallenge] + + # DNS provider used. + # + # Required + # + # provider = "digitalocean" + + # By default, the provider will verify the TXT DNS challenge record before letting ACME verify. + # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds. + # Useful if internal networks block external DNS queries. + # + # Optional + # Default: 0 + # + # delayBeforeCheck = 0 + + # Use following DNS servers to resolve the FQDN authority. + # + # Optional + # Default: empty + # + # resolvers = ["1.1.1.1:53", "8.8.8.8:53"] + + # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. + # + # NOT RECOMMENDED: + # Increase the risk of reaching Let's Encrypt's rate limits. + # + # Optional + # Default: false + # + # disablePropagationCheck = true + +# Domains list. +# Only domains defined here can generate wildcard certificates. +# The certificates for these domains are negotiated at traefik startup only. +# +# [[acme.domains]] +# main = "local1.com" +# sans = ["test1.local1.com", "test2.local1.com"] +# [[acme.domains]] +# main = "local2.com" +# [[acme.domains]] +# main = "*.local3.com" +# sans = ["local3.com", "test1.test1.local3.com"] \ No newline at end of file diff --git a/docs/content/providers/docker.md b/docs/content/providers/docker.md index 53d8c3480..218ef553c 100644 --- a/docs/content/providers/docker.md +++ b/docs/content/providers/docker.md @@ -63,9 +63,9 @@ Attach labels to your containers and let Traefik do the rest! ## Provider Configuration Options !!! tip "Browse the Reference" - If you're in a hurry, maybe you'd rather go through the [Docker Reference](../reference/providers/docker.md). + If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/docker.md) configuration references. -### endpoint +### `endpoint` Traefik requires access to the docker socket to get its dynamic configuration. @@ -140,7 +140,9 @@ Traefik requires access to the docker socket to get its dynamic configuration. endpoint = "unix:///var/run/docker.sock" ``` -### usebindportip (_Optional_, _Default=false_) +### `usebindportip` + +_Optional, Default=false_ Traefik routes requests to the IP/Port of the matching container. When setting `usebindportip=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port. @@ -163,29 +165,39 @@ If it can't find such a binding, Traefik falls back on the internal network IP o !!! note In the above table, ExtIp stands for "external IP found in the binding", IntIp stands for "internal network container's IP", ExtPort stands for "external Port found in the binding", and IntPort stands for "internal network container's port." -### exposedByDefault (_Optional_, _Default=true_) +### `exposedByDefault` + +_Optional, Default=true_ Expose containers by default through Traefik. If set to false, containers that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration. -### network (_Optional_) +### `network` + +_Optional_ Defines a default docker network to use for connections to all containers. This option can be overridden on a container basis with the `traefik.docker.network` label. -### domain (_Optional_, _Default=docker.localhost_) +### `domain` + +_Optional_ This is the default base domain used for the router rules. This option can be overridden on a container basis with the `traefik.domain` label. -### swarmMode (_Optional_, _Default=false_) +### `swarmMode` + +_Optional, Default=false_ Activates the Swarm Mode. -### swarmModeRefreshSeconds (_Optional_, _Default=15_) +### `swarmModeRefreshSeconds` + +_Optional, Default=15_ Defines the polling interval (in seconds) in Swarm Mode. @@ -251,17 +263,17 @@ You can declare TCP Routers and/or Services using labels. ### Specific Options -#### traefik.enable +#### `traefik.enable` You can tell Traefik to consider (or not) the container by setting `traefik.enable` to true or false. This option overrides the value of `exposedByDefault`. -#### traefik.tags +#### `traefik.tags` Sets the tags for [constraints filtering](./overview.md#constraints-configuration). -#### traefik.docker.network +#### `traefik.docker.network` Overrides the default docker network to use for connections to the container. diff --git a/docs/content/providers/file.md b/docs/content/providers/file.md index c31e3cdea..e098f77fc 100644 --- a/docs/content/providers/file.md +++ b/docs/content/providers/file.md @@ -56,9 +56,9 @@ You can write these configuration elements: ## Provider Configuration Options !!! tip "Browse the Reference" - If you're in a hurry, maybe you'd rather go through the [File Reference](../reference/providers/file.md). - -### filename (_Optional_) + If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/file.md) configuration references. + +### `filename` (_Optional_) Defines the path of the configuration file. @@ -68,7 +68,7 @@ Defines the path of the configuration file. filename = "rules.toml" ``` -### directory (_Optional_) +### `directory` (_Optional_) Defines the directory that contains the configuration files. @@ -78,7 +78,7 @@ Defines the directory that contains the configuration files. directory = "/path/to/config" ``` -### watch (_Optional_) +### `watch` (_Optional_) Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. diff --git a/docs/content/providers/kubernetes-crd.md b/docs/content/providers/kubernetes-crd.md index 6e4398027..f3c629872 100644 --- a/docs/content/providers/kubernetes-crd.md +++ b/docs/content/providers/kubernetes-crd.md @@ -121,7 +121,7 @@ spec: ## Full reference example -[Traefik IngressRoute Reference](../reference/providers/kubernetescrd.md). +If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/kubernetes-crd.md) configuration references. ## Further diff --git a/docs/content/reference/acme.md b/docs/content/reference/acme.md deleted file mode 100644 index b8bb0e819..000000000 --- a/docs/content/reference/acme.md +++ /dev/null @@ -1,166 +0,0 @@ -# ACME - Reference - -Every Options for ACME -{: .subtitle} - -## TOML - -```toml - # Sample entrypoint configuration when using ACME. - [entrypoints] - [entrypoints.web] - address = ":80" - [entrypoints.web-secure] - address = ":443" - - # Enable ACME (Let's Encrypt): automatic SSL. - [acme] - - # Email address used for registration. - # - # Required - # - email = "test@traefik.io" - - # File used for certificates storage. - # - # Optional (Deprecated) - # - #storageFile = "acme.json" - - # File or key used for certificates storage. - # - # Required - # - storage = "acme.json" - # or `storage = "traefik/acme/account"` if using KV store. - - # Deprecated, replaced by [acme.dnsChallenge]. - # - # Optional. - # - # dnsProvider = "digitalocean" - - # Deprecated, replaced by [acme.dnsChallenge.delayBeforeCheck]. - # - # Optional - # Default: 0 - # - # delayDontCheckDNS = 0 - - # If true, display debug log messages from the acme client library. - # - # Optional - # Default: false - # - # acmeLogging = true - - # If true, override certificates in key-value store when using storeconfig. - # - # Optional - # Default: false - # - # overrideCertificates = true - - # Deprecated. Enable on demand certificate generation. - # - # Optional - # Default: false - # - # onDemand = true - - # Enable certificate generation on frontends host rules. - # - # Optional - # Default: false - # - # onHostRule = true - - # CA server to use. - # Uncomment the line to use Let's Encrypt's staging server, - # leave commented to go to prod. - # - # Optional - # Default: "https://acme-v02.api.letsencrypt.org/directory" - # - # caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" - - # KeyType to use. - # - # Optional - # Default: "RSA4096" - # - # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192" - # - # KeyType = "RSA4096" - - # Use a TLS-ALPN-01 ACME challenge. - # - # Optional (but recommended) - # - [acme.tlsChallenge] - - # Use a HTTP-01 ACME challenge. - # - # Optional - # - # [acme.httpChallenge] - - # EntryPoint to use for the HTTP-01 challenges. - # - # Required - # - # entryPoint = "http" - - # Use a DNS-01 ACME challenge rather than HTTP-01 challenge. - # Note: mandatory for wildcard certificate generation. - # - # Optional - # - # [acme.dnsChallenge] - - # DNS provider used. - # - # Required - # - # provider = "digitalocean" - - # By default, the provider will verify the TXT DNS challenge record before letting ACME verify. - # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds. - # Useful if internal networks block external DNS queries. - # - # Optional - # Default: 0 - # - # delayBeforeCheck = 0 - - # Use following DNS servers to resolve the FQDN authority. - # - # Optional - # Default: empty - # - # resolvers = ["1.1.1.1:53", "8.8.8.8:53"] - - # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. - # - # NOT RECOMMENDED: - # Increase the risk of reaching Let's Encrypt's rate limits. - # - # Optional - # Default: false - # - # disablePropagationCheck = true - - # Domains list. - # Only domains defined here can generate wildcard certificates. - # The certificates for these domains are negotiated at traefik startup only. - # - # [[acme.domains]] - # main = "local1.com" - # sans = ["test1.local1.com", "test2.local1.com"] - # [[acme.domains]] - # main = "local2.com" - # [[acme.domains]] - # main = "*.local3.com" - # sans = ["local3.com", "test1.test1.local3.com"] -``` diff --git a/docs/content/reference/dynamic-configuration/docker.md b/docs/content/reference/dynamic-configuration/docker.md new file mode 100644 index 000000000..720bc24e8 --- /dev/null +++ b/docs/content/reference/dynamic-configuration/docker.md @@ -0,0 +1,8 @@ +# Docker Configuration Reference + +Dynamic configuration with Docker Labels +{: .subtitle } + +```yaml +--8<-- "content/reference/dynamic-configuration/docker.yml" +``` diff --git a/docs/content/reference/dynamic-configuration/docker.yml b/docs/content/reference/dynamic-configuration/docker.yml new file mode 100644 index 000000000..3a8a8592f --- /dev/null +++ b/docs/content/reference/dynamic-configuration/docker.yml @@ -0,0 +1,145 @@ +labels: +- "traefik.HTTP.Middlewares.Middleware0.AddPrefix.Prefix=foobar" +- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.HeaderField=foobar" +- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Realm=foobar" +- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.RemoveHeader=true" +- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Users=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.UsersFile=foobar" +- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxRequestBodyBytes=42" +- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxResponseBodyBytes=42" +- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemRequestBodyBytes=42" +- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemResponseBodyBytes=42" +- "traefik.HTTP.Middlewares.Middleware2.Buffering.RetryExpression=foobar" +- "traefik.HTTP.Middlewares.Middleware3.Chain.Middlewares=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware4.CircuitBreaker.Expression=foobar" +- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.HeaderField=foobar" +- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Realm=foobar" +- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.RemoveHeader=true" +- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Users=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.UsersFile=foobar" +- "traefik.HTTP.Middlewares.Middleware6.Errors.Query=foobar" +- "traefik.HTTP.Middlewares.Middleware6.Errors.Service=foobar" +- "traefik.HTTP.Middlewares.Middleware6.Errors.Status=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.Address=foobar" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA=foobar" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional=true" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert=foobar" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify=true" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key=foobar" +- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TrustForwardHeader=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowCredentials=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowHeaders=X-foobar, X-fiibar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowMethods=GET, PUT" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowOrigin=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlExposeHeaders=X-foobar, X-fiibar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlMaxAge=200" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AddVaryHeader=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.AllowedHosts=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.BrowserXSSFilter=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentSecurityPolicy=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentTypeNosniff=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomBrowserXSSValue=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomFrameOptionsValue=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name0=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name1=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name0=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name1=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.ForceSTSHeader=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.FrameDeny=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.HostsProxyHeaders=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1=foobar" +- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload=true" +- "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds=42" +- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth=42" +- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware10.MaxConn.Amount=42" +- "traefik.HTTP.Middlewares.Middleware10.MaxConn.ExtractorFunc=foobar" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotAfter=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotBefore=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Sans=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Country=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Province=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Locality=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Organization=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.CommonName=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.SerialNumber=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.DomainComponent=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Country=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Province=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Locality=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Organization=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.CommonName=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.SerialNumber=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.DomainComponent=true" +- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.PEM=true" +- "traefik.HTTP.Middlewares.Middleware12.RateLimit.ExtractorFunc=foobar" +- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Average=42" +- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Burst=42" +- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Period=42" +- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Average=42" +- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Burst=42" +- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Period=42" +- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Regex=foobar" +- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Replacement=foobar" +- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Permanent=true" +- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Scheme=https" +- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Port=80" +- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Permanent=true" +- "traefik.HTTP.Middlewares.Middleware14.ReplacePath.Path=foobar" +- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Regex=foobar" +- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Replacement=foobar" +- "traefik.HTTP.Middlewares.Middleware16.Retry.Attempts=42" +- "traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex=foobar, fiibar" +- "traefik.HTTP.Middlewares.Middleware19.Compress=true" +- "traefik.HTTP.Routers.Router0.EntryPoints=foobar, fiibar" +- "traefik.HTTP.Routers.Router0.Middlewares=foobar, fiibar" +- "traefik.HTTP.Routers.Router0.Priority=42" +- "traefik.HTTP.Routers.Router0.Rule=foobar" +- "traefik.HTTP.Routers.Router0.Service=foobar" +- "traefik.HTTP.Routers.Router0.TLS=true" +- "traefik.HTTP.Routers.Router1.EntryPoints=foobar, fiibar" +- "traefik.HTTP.Routers.Router1.Middlewares=foobar, fiibar" +- "traefik.HTTP.Routers.Router1.Priority=42" +- "traefik.HTTP.Routers.Router1.Rule=foobar" +- "traefik.HTTP.Routers.Router1.Service=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name1=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Hostname=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Interval=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Path=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Port=42" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Scheme=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Timeout=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.Method=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.PassHostHeader=true" +- "traefik.HTTP.Services.Service0.LoadBalancer.ResponseForwarding.FlushInterval=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.server.Port=8080" +- "traefik.HTTP.Services.Service0.LoadBalancer.server.Scheme=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.server.Weight=42" +- "traefik.HTTP.Services.Service0.LoadBalancer.Stickiness.CookieName=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name0=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name1=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Hostname=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Interval=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Path=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Port=42" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Scheme=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Timeout=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.Method=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.PassHostHeader=true" +- "traefik.HTTP.Services.Service1.LoadBalancer.ResponseForwarding.FlushInterval=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.server.Port=8080" +- "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme=foobar" +- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0=foobar" +- "traefik.HTTP.Services.Service1.LoadBalancer.server.Weight=42" diff --git a/docs/content/reference/dynamic-configuration/file.md b/docs/content/reference/dynamic-configuration/file.md new file mode 100644 index 000000000..8afa5796e --- /dev/null +++ b/docs/content/reference/dynamic-configuration/file.md @@ -0,0 +1,8 @@ +# File Configuration Reference + +Dynamic configuration with toml files +{: .subtitle } + +```toml +--8<-- "content/reference/dynamic-configuration/file.toml" +``` diff --git a/docs/content/reference/dynamic-configuration/file.toml b/docs/content/reference/dynamic-configuration/file.toml new file mode 100644 index 000000000..a88ada9ee --- /dev/null +++ b/docs/content/reference/dynamic-configuration/file.toml @@ -0,0 +1,265 @@ +[HTTP] + + [HTTP.Routers] + + [HTTP.Routers.Router0] + EntryPoints = ["foobar", "foobar"] + Middlewares = ["foobar", "foobar"] + Service = "foobar" + Rule = "foobar" + priority = 42 + [HTTP.Routers.Router0.tls] + + [HTTP.Middlewares] + + [HTTP.Middlewares.Middleware0.AddPrefix] + Prefix = "foobar" + + [HTTP.Middlewares.Middleware1.StripPrefix] + Prefixes = ["foobar", "foobar"] + + [HTTP.Middlewares.Middleware2.StripPrefixRegex] + Regex = ["foobar", "foobar"] + + [HTTP.Middlewares.Middleware3.ReplacePath] + Path = "foobar" + + [HTTP.Middlewares.Middleware4.ReplacePathRegex] + Regex = "foobar" + Replacement = "foobar" + + [HTTP.Middlewares.Middleware5.Chain] + Middlewares = ["foobar", "foobar"] + + [HTTP.Middlewares.Middleware6.IPWhiteList] + SourceRange = ["foobar", "foobar"] + + [HTTP.Middlewares.Middleware7.IPWhiteList.IPStrategy] + Depth = 42 + ExcludedIPs = ["foobar", "foobar"] + + [HTTP.Middlewares.Middleware8.Headers] + AccessControlAllowCredentials = true + AccessControlAllowHeaders = ["foobar", "foobar"] + AccessControlAllowMethods = ["foobar", "foobar"] + AccessControlAllowOrigin = "foobar" + AccessControlExposeHeaders = ["foobar", "foobar"] + AccessControlMaxAge = 42 + AddVaryHeader = true + AllowedHosts = ["foobar", "foobar"] + HostsProxyHeaders = ["foobar", "foobar"] + SSLRedirect = true + SSLTemporaryRedirect = true + SSLHost = "foobar" + SSLForceHost = true + STSSeconds = 42 + STSIncludeSubdomains = true + STSPreload = true + ForceSTSHeader = true + FrameDeny = true + CustomFrameOptionsValue = "foobar" + ContentTypeNosniff = true + BrowserXSSFilter = true + CustomBrowserXSSValue = "foobar" + ContentSecurityPolicy = "foobar" + PublicKey = "foobar" + ReferrerPolicy = "foobar" + IsDevelopment = true + [HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders] + name0 = "foobar" + name1 = "foobar" + [HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders] + name0 = "foobar" + name1 = "foobar" + [HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders] + name0 = "foobar" + name1 = "foobar" + + [HTTP.Middlewares.Middleware9.Errors] + Status = ["foobar", "foobar"] + Service = "foobar" + Query = "foobar" + + [HTTP.Middlewares.Middleware10.RateLimit] + ExtractorFunc = "foobar" + [HTTP.Middlewares.Middleware10.RateLimit.RateSet] + [HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate0] + Period = 42 + Average = 42 + Burst = 42 + [HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate1] + Period = 42 + Average = 42 + Burst = 42 + + [HTTP.Middlewares.Middleware11.RedirectRegex] + Regex = "foobar" + Replacement = "foobar" + Permanent = true + + [HTTP.Middlewares.Middleware12.RedirectScheme] + Scheme = "foobar" + Port = "foobar" + Permanent = true + + [HTTP.Middlewares.Middleware13.BasicAuth] + Users = ["foobar", "foobar"] + UsersFile = "foobar" + Realm = "foobar" + RemoveHeader = true + HeaderField = "foobar" + + [HTTP.Middlewares.Middleware14.DigestAuth] + Users = ["foobar", "foobar"] + UsersFile = "foobar" + RemoveHeader = true + Realm = "foobar" + HeaderField = "foobar" + + [HTTP.Middlewares.Middleware15.ForwardAuth] + Address = "foobar" + TrustForwardHeader = true + AuthResponseHeaders = ["foobar", "foobar"] + [HTTP.Middlewares.Middleware15.ForwardAuth.TLS] + CA = "foobar" + CAOptional = true + Cert = "foobar" + Key = "foobar" + InsecureSkipVerify = true + + [HTTP.Middlewares.Middleware16.MaxConn] + Amount = 42 + ExtractorFunc = "foobar" + + [HTTP.Middlewares.Middleware17.Buffering] + MaxRequestBodyBytes = 42 + MemRequestBodyBytes = 42 + MaxResponseBodyBytes = 42 + MemResponseBodyBytes = 42 + RetryExpression = "foobar" + + [HTTP.Middlewares.Middleware18.CircuitBreaker] + Expression = "foobar" + + [HTTP.Middlewares.Middleware19.Compress] + + [HTTP.Middlewares.Middleware20.PassTLSClientCert] + PEM = true + [HTTP.Middlewares.Middleware20.PassTLSClientCert.Info] + NotAfter = true + NotBefore = true + Sans = true + [HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Subject] + Country = true + Province = true + Locality = true + Organization = true + CommonName = true + SerialNumber = true + DomainComponent = true + [HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Issuer] + Country = true + Province = true + Locality = true + Organization = true + CommonName = true + SerialNumber = true + DomainComponent = true + + [HTTP.Middlewares.Middleware21.Retry] + Attempts = 42 + + [HTTP.Services] + [HTTP.Services.Service0] + [HTTP.Services.Service0.LoadBalancer] + Method = "foobar" + PassHostHeader = true + + [[HTTP.Services.Service0.LoadBalancer.Servers]] + URL = "foobar" + Weight = 42 + + [HTTP.Services.Service0.LoadBalancer.Stickiness] + CookieName = "foobar" + + [[HTTP.Services.Service0.LoadBalancer.Servers]] + URL = "foobar" + Weight = 42 + + [HTTP.Services.Service0.LoadBalancer.HealthCheck] + Scheme = "foobar" + Path = "foobar" + Port = 42 + Interval = "foobar" + Timeout = "foobar" + Hostname = "foobar" + [HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers] + name0 = "foobar" + name1 = "foobar" + [HTTP.Services.Service0.LoadBalancer.ResponseForwarding] + FlushInterval = "foobar" + +[TCP] + + [TCP.Routers] + + [TCP.Routers.TCPRouter0] + EntryPoints = ["foobar", "foobar"] + Service = "foobar" + Rule = "foobar" + [TCP.Routers.TCPRouter0.tls] + passthrough = true + + [TCP.Services] + + [TCP.Services.TCPService0] + [TCP.Services.TCPService0.LoadBalancer] + Method = "foobar" + + [[TCP.Services.TCPService0.LoadBalancer.Servers]] + Address = "foobar" + Weight = 42 + + [[TCP.Services.TCPService0.LoadBalancer.Servers]] + Address = "foobar" + Weight = 42 + +[[TLS]] + Stores = ["foobar", "foobar"] + [TLS.Certificate] + CertFile = "foobar" + KeyFile = "foobar" + +[[TLS]] + Stores = ["foobar", "foobar"] + [TLS.Certificate] + CertFile = "foobar" + KeyFile = "foobar" + +[TLSOptions] + + [TLSOptions.TLS0] + MinVersion = "foobar" + CipherSuites = ["foobar", "foobar"] + SniStrict = true + [TLSOptions.TLS0.ClientCA] + Files = ["foobar", "foobar"] + Optional = true + [TLSOptions.TLS1] + MinVersion = "foobar" + CipherSuites = ["foobar", "foobar"] + SniStrict = true + [TLSOptions.TLS1.ClientCA] + Files = ["foobar", "foobar"] + Optional = true + +[TLSStores] + + [TLSStores.Store0] + [TLSStores.Store0.DefaultCertificate] + CertFile = "foobar" + KeyFile = "foobar" + [TLSStores.Store1] + [TLSStores.Store1.DefaultCertificate] + CertFile = "foobar" + KeyFile = "foobar" diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd.md b/docs/content/reference/dynamic-configuration/kubernetes-crd.md new file mode 100644 index 000000000..c130e84e1 --- /dev/null +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.md @@ -0,0 +1,8 @@ +# Kubernetes Configuration Reference + +Dynamic configuration with Kubernetes Custom Resource +{: .subtitle } + +```yaml +--8<-- "content/reference/dynamic-configuration/kubernetes-crd.yml" +``` diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd.yml b/docs/content/reference/dynamic-configuration/kubernetes-crd.yml new file mode 100644 index 000000000..04bfdd2af --- /dev/null +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.yml @@ -0,0 +1,71 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutes.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRoute + plural: ingressroutes + singular: ingressroute + scope: Namespaced + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: Middleware + plural: middlewares + singular: middleware + scope: Namespaced + +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: ingressroute.crd +spec: + entrypoints: + - web + - web-secure + routes: + - match: Host(`foo.com`) && PathPrefix(`/bar`) + kind: Rule + priority: 12 + # defining several services is possible and allowed, but for now the servers of + # all the services (for a given route) get merged altogether under the same + # load-balancing strategy. + services: + - name: s1 + port: 80 + healthcheck: + path: /health + host: baz.com + intervalseconds: 7 + timeoutseconds: 60 + # strategy defines the load balancing strategy between the servers. It defaults + # to Round Robin, and for now only Round Robin is supported anyway. + strategy: RoundRobin + - name: s2 + port: 433 + healthcheck: + path: /health + host: baz.com + intervalseconds: 7 + timeoutseconds: 60 + - match: PathPrefix(`/misc`) + services: + - name: s3 + port: 80 + middleware: + - name: stripprefix + - name: addprefix + tls: + secretName: supersecret \ No newline at end of file diff --git a/docs/content/reference/entrypoints.md b/docs/content/reference/entrypoints.md deleted file mode 100644 index b4ccd0e0d..000000000 --- a/docs/content/reference/entrypoints.md +++ /dev/null @@ -1,35 +0,0 @@ -# EntryPoints - Reference - -Every Options for EntryPoints -{: .subtitle} - -## TOML - -```toml -# ... - -[entrypoints] - [entrypoints.web] - address = ":80" - - [entrypoints.web.proxyProtocol] - insecure = true - trustedIPs = ["10.10.10.1", "10.10.10.2"] - - [entrypoints.web.forwardedHeaders] - trustedIPs = ["10.10.10.1", "10.10.10.2"] - insecure = false - - [entrypoints.web-secure] - # ... -``` - -## CLI - -```ini -Name:foo -Address::80 -ProxyProtocol.TrustedIPs:192.168.0.1 -ProxyProtocol.Insecure:true -ForwardedHeaders.TrustedIPs:10.0.0.3/24,20.0.0.3/24 -``` diff --git a/docs/content/reference/logs.md b/docs/content/reference/logs.md deleted file mode 100644 index 3bd91bc21..000000000 --- a/docs/content/reference/logs.md +++ /dev/null @@ -1,53 +0,0 @@ -# Logs - Reference - -## TOML - -```toml -logLevel = "INFO" - -[traefikLog] - filePath = "/path/to/traefik.log" - format = "json" - -[accessLog] - filePath = "/path/to/access.log" - format = "json" - - [accessLog.filters] - statusCodes = ["200", "300-302"] - retryAttempts = true - minDuration = "10ms" - - [accessLog.fields] - defaultMode = "keep" - [accessLog.fields.names] - "ClientUsername" = "drop" - # ... - - [accessLog.fields.headers] - defaultMode = "keep" - [accessLog.fields.headers.names] - "User-Agent" = "redact" - "Authorization" = "drop" - "Content-Type" = "keep" - # ... -``` - -## CLI - -For more information about the CLI, see the documentation about [Traefik command](../../operations/cli). - -```shell ---logLevel="DEBUG" ---traefikLog.filePath="/path/to/traefik.log" ---traefikLog.format="json" ---accessLog.filePath="/path/to/access.log" ---accessLog.format="json" ---accessLog.filters.statusCodes="200,300-302" ---accessLog.filters.retryAttempts="true" ---accessLog.filters.minDuration="10ms" ---accessLog.fields.defaultMode="keep" ---accessLog.fields.names="Username=drop Hostname=drop" ---accessLog.fields.headers.defaultMode="keep" ---accessLog.fields.headers.names="User-Agent=redact Authorization=drop Content-Type=keep" -``` diff --git a/docs/content/reference/providers/docker.md b/docs/content/reference/providers/docker.md deleted file mode 100644 index 7cbb8e673..000000000 --- a/docs/content/reference/providers/docker.md +++ /dev/null @@ -1,180 +0,0 @@ -# Docker -- Reference - -## Docker - -```toml -################################################################ -# Docker Provider -################################################################ - -# Enable Docker Provider. -[docker] - -# Docker server endpoint. Can be a tcp or a unix socket endpoint. -# -# Required -# -endpoint = "unix:///var/run/docker.sock" - -# Default base domain used for the frontend rules. -# Can be overridden by setting the "traefik.domain" label on a container. -# -# Optional -# -domain = "docker.localhost" - -# Enable watch docker changes. -# -# Optional -# -watch = true - -# Override default configuration template. -# For advanced users :) -# -# Optional -# -# filename = "docker.tmpl" - -# Override template version -# For advanced users :) -# -# Optional -# - "1": previous template version (must be used only with older custom templates, see "filename") -# - "2": current template version (must be used to force template version when "filename" is used) -# -# templateVersion = 2 - -# Expose containers by default in Traefik. -# If set to false, containers that don't have `traefik.enable=true` will be ignored. -# -# Optional -# Default: true -# -exposedByDefault = true - -# Use the IP address from the bound port instead of the inner network one. -# -# In case no IP address is attached to the bound port (or in case -# there is no bind), the inner network one will be used as a fallback. -# -# Optional -# Default: false -# -usebindportip = true - -# Use Swarm Mode services as data provider. -# -# Optional -# Default: false -# -swarmMode = false - -# Polling interval (in seconds) for Swarm Mode. -# -# Optional -# Default: 15 -# -swarmModeRefreshSeconds = 15 - -# Define a default docker network to use for connections to all containers. -# Can be overridden by the traefik.docker.network label. -# -# Optional -# -network = "web" - -# Enable docker TLS connection. -# -# Optional -# -# [docker.tls] -# ca = "/etc/ssl/ca.crt" -# cert = "/etc/ssl/docker.crt" -# key = "/etc/ssl/docker.key" -# insecureSkipVerify = true -``` - -## Docker Swarm Mode - -```toml -################################################################ -# Docker Swarm Mode Provider -################################################################ - -# Enable Docker Provider. -[docker] - -# Docker server endpoint. -# Can be a tcp or a unix socket endpoint. -# -# Required -# Default: "unix:///var/run/docker.sock" -# -# swarm classic (1.12-) -# endpoint = "tcp://127.0.0.1:2375" -# docker swarm mode (1.12+) -endpoint = "tcp://127.0.0.1:2377" - -# Default base domain used for the frontend rules. -# Can be overridden by setting the "traefik.domain" label on a services. -# -# Optional -# Default: "" -# -domain = "docker.localhost" - -# Enable watch docker changes. -# -# Optional -# Default: true -# -watch = true - -# Use Docker Swarm Mode as data provider. -# -# Optional -# Default: false -# -swarmMode = true - -# Define a default docker network to use for connections to all containers. -# Can be overridden by the traefik.docker.network label. -# -# Optional -# -network = "web" - -# Override default configuration template. -# For advanced users :) -# -# Optional -# -# filename = "docker.tmpl" - -# Override template version -# For advanced users :) -# -# Optional -# - "1": previous template version (must be used only with older custom templates, see "filename") -# - "2": current template version (must be used to force template version when "filename" is used) -# -# templateVersion = 2 - -# Expose services by default in Traefik. -# -# Optional -# Default: true -# -exposedByDefault = false - -# Enable docker TLS connection. -# -# Optional -# -# [docker.tls] -# ca = "/etc/ssl/ca.crt" -# cert = "/etc/ssl/docker.crt" -# key = "/etc/ssl/docker.key" -# insecureSkipVerify = true -``` \ No newline at end of file diff --git a/docs/content/reference/providers/file.md b/docs/content/reference/providers/file.md deleted file mode 100644 index 78242ca07..000000000 --- a/docs/content/reference/providers/file.md +++ /dev/null @@ -1,268 +0,0 @@ -# File -- Reference - -## File - -```toml -################################################################ -# File Provider -################################################################ - -[providers] - - # Enable File Provider. - [providers.file] - - # Define one separated configuration file. - # - # Optional - # - filename = "my-conf.toml" - - # Define directory that contains a set of configuration files. - # - # Optional - # - directory = "/path/to/config" - - # Enable watch file changes. - # - # Optional - # - watch = true - - [http] - - [http.routers] - - [http.routers.router0] - entrypoints = ["foo", "bar"] - middlewares = ["foo", "bar"] - service = "service-foo" - rule = "Path(`foo`)" - priority = 42 - [http.routers.router0.tls] - - [http.middlewares] - - [http.middlewares.my-add-prefix.AddPrefix] - prefix = "/foo" - - [http.middlewares.my-strip-prefix.StripPrefix] - prefixes = ["/foo", "/bar"] - - [http.middlewares.my-strip-prefix-regex.StripPrefixRegex] - regex = ["/foo/api/", "/bar/{category}/{id:[0-9]+}/"] - - [http.middlewares.my-replace-path.ReplacePath] - path = "/foo" - - [http.middlewares.my-replace-path-regex.ReplacePathRegex] - regex = "foo/(.*)" - replacement = "/foobar/$1" - - [http.middlewares.my-chain.Chain] - middlewares = ["my-add-prefix", "my-basic-auth"] - - [http.middlewares.Middleware0.IPWhiteList] - sourceRange = ["127.0.0.1/32", "192.168.1.7"] - [http.middlewares.Middleware0.IPWhiteList.IPStrategy] - depth = 2 - excludedIPs = ["127.0.0.1/16", "192.168.1.7"] - - [http.middlewares.my-headers.Headers] - accessControlAllowCredentials = true - accessControlAllowHeaders = ["X-foobar", "X-fiibar"] - accessControlAllowMethods = ["GET", "PUT"] - accessControlAllowOrigin = "*" - accessControlExposeHeaders = ["X-foobar", "X-fiibar"] - accessControlMaxAge = 200 - addVaryHeader = true - allowedHosts = ["foobar", "foobar"] - hostsProxyHeaders = ["foobar", "foobar"] - sslRedirect = true - sslTemporaryRedirect = true - sslHost = "foobar" - sslForceHost = true - stsSeconds = 42 - stsIncludeSubdomains = true - stsPreload = true - forceSTSHeader = true - frameDeny = true - customFrameOptionsValue = "foobar" - contentTypeNosniff = true - browserXSSFilter = true - customBrowserXSSValue = "foobar" - contentSecurityPolicy = "foobar" - publicKey = "foobar" - referrerPolicy = "foobar" - isDevelopment = true - [http.middlewares.my-headers.Headers.CustomRequestHeaders] - X-Script-Name = "foo" - [http.middlewares.my-headers.Headers.CustomResponseHeaders] - X-Custom-Response-Header = "True" - [http.middlewares.my-headers.Headers.SSLProxyHeaders] - X-Forwarded-Proto = "https" - - [http.middlewares.my-errors.Errors] - status = ["400-404", "500-599"] - service = "foo-errors-service" - query = "/error.html" - - [http.middlewares.my-rate-limit.RateLimit] - extractorFunc = "client.ip" - [http.middlewares.Middleware0.RateLimit.RateSet] - - [http.middlewares.Middleware0.RateLimit.RateSet.Rate0] - period = 10 - average = 100 - burst = 200 - - [http.middlewares.my-redirect-regex.RedirectRegex] - regex = "^http://localhost/(.*)" - replacement = "http://mydomain/$1" - permanent = true - - [http.middlewares.my-redirect-scheme.RedirectScheme] - scheme = "https" - port = "8443" - permanent = true - - [http.middlewares.my-basic-auth.BasicAuth] - users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] - usersFile = "etc/traefik/.htpasswd" - realm = "myRealm" - removeHeader = true - headerField = "X-WebAuth-User" - - [http.middlewares.my-digest-auth.DigestAuth] - users = ["test:traefik:a2688e031edb4be6a3797f3882655c05", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"] - usersFile = "etc/traefik/.htdigest" - removeHeader = true - realm = "traefik" - headerField = "X-WebAuth-User" - - [http.middlewares.my-forward-auth.ForwardAuth] - address = "https://myauth.server:443" - trustForwardHeader = true - authResponseHeaders = ["X-Forwarded-Foo", "X-Forwarded-Bar"] - [http.middlewares.my-forward-auth.ForwardAuth.TLS] - ca = "/etc/traefik/crt/ca.pem" - caOptional = true - cert = "/etc/traefik/crt/cert.pem" - key = "/etc/traefik/crt/cert.key" - insecureSkipVerify = true - - [http.middlewares.my-maxconn.MaxConn] - amount = 10 - extractorFunc = "request.host" - - [http.middlewares.my-buffering.Buffering] - maxRequestBodyBytes = 25000 - memRequestBodyBytes = 25000 - maxResponseBodyBytes = 25000 - memResponseBodyBytes = 25000 - retryExpression = "foobar" - - [http.middlewares.my-circuit-breaker.CircuitBreaker] - Expression = "LatencyAtQuantileMS(50.0) > 100" - - [http.middlewares.my-compress.Compress] - - [http.middlewares.my-pass-tls-client-cert.PassTLSClientCert] - pem = true - [http.middlewares.Middleware0.PassTLSClientCert.Info] - notAfter = true - notBefore = true - sans = true - [http.middlewares.Middleware0.PassTLSClientCert.Info.Subject] - country = true - province = true - locality = true - organization = true - commonName = true - serialNumber = true - domainComponent = true - [http.middlewares.Middleware0.PassTLSClientCert.Info.Issuer] - country = true - province = true - locality = true - organization = true - commonName = true - serialNumber = true - domainComponent = true - - [http.middlewares.my-retry.Retry] - attempts = 4 - - [http.services] - - [http.services.service0] - [http.services.service0.LoadBalancer] - method = "wrr" - passHostHeader = true - [http.services.service0.LoadBalancer.Stickiness] - cookieName = "my-stickiness-cookie-name" - [[http.services.service0.LoadBalancer.Servers]] - url = "http://foo/" - weight = 30 - [[http.services.service0.LoadBalancer.Servers]] - url = "http://bar/" - weight = 70 - [http.services.service0.LoadBalancer.HealthCheck] - scheme = "https" - path = "/health" - port = 9443 - interval = "10s" - timeout = "30s" - hostname = "foobar" - [http.services.service0.LoadBalancer.HealthCheck.Headers] - My-Custom-Header = "foobar" - [http.services.service0.LoadBalancer.ResponseForwarding] - flushInterval = "4s" - - [tcp] - - [tcp.routers] - [tcp.routers.tcpRouter0] - entryPoints = ["foobar", "foobar"] - service = "foobar" - rule = "foobar" - [tcp.routers.tcpRouter0.tlst] - passthrough = true - - [tcp.services] - [tcp.services.tcpService0] - [tcp.services.tcpService0.tcpLoadBalancer] - method = "foobar" - [[tcp.services.tcpService0.tcpLoadBalancer.Servers]] - address = "foobar" - weight = 42 - [[tcp.services.tcpService0.tcpLoadBalancer.Servers]] - address = "foobar" - weight = 42 - - [[tls]] - Store = ["my-store-foo", "my-store-bar"] - [tls.Certificate] - certFile = "/etc/traefik/cert.pem" - keyFile = "/etc/traefik/cert.key" - - - [tlsconfig] - [tlsconfig.TLS0] - minVersion = "VersionTLS12" - cipherSuites = [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384"] - [tlsconfig.TLS0.ClientCA] - files = ["/etc/traefik/ca-foo.pem", "/etc/traefik/ca-bar.pem"] - optional = true - - [tlsstore] - [tlsstore.my-store-foo] - sniStrict = true - [tlsstore.my-store-foo.DefaultCertificate] - certFile = "/etc/traefik/cert.pem" - keyFile = "/etc/traefik/cert.key" - -``` - diff --git a/docs/content/reference/providers/kubernetescrd.md b/docs/content/reference/providers/kubernetescrd.md deleted file mode 100644 index b9fedf5af..000000000 --- a/docs/content/reference/providers/kubernetescrd.md +++ /dev/null @@ -1,81 +0,0 @@ -# Kubernetes -- Reference - -## Kubernetes - -```yaml -################################################################ -# Kubernetes Provider -################################################################ - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ingressroutes.traefik.containo.us - -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: IngressRoute - plural: ingressroutes - singular: ingressroute - scope: Namespaced - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: middlewares.traefik.containo.us -spec: - group: traefik.containo.us - version: v1alpha1 - names: - kind: Middleware - plural: middlewares - singular: middleware - scope: Namespaced - ---- -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: ingressroute.crd -spec: - entrypoints: - - web - - web-secure - routes: - - match: Host(`foo.com`) && PathPrefix(`/bar`) - kind: Rule - priority: 12 - # defining several services is possible and allowed, but for now the servers of - # all the services (for a given route) get merged altogether under the same - # load-balancing strategy. - services: - - name: s1 - port: 80 - healthcheck: - path: /health - host: baz.com - intervalseconds: 7 - timeoutseconds: 60 - # strategy defines the load balancing strategy between the servers. It defaults - # to Round Robin, and for now only Round Robin is supported anyway. - strategy: RoundRobin - - name: s2 - port: 433 - healthcheck: - path: /health - host: baz.com - intervalseconds: 7 - timeoutseconds: 60 - - match: PathPrefix(`/misc`) - services: - - name: s3 - port: 80 - middleware: - - name: stripprefix - - name: addprefix - tls: - secretName: supersecret -``` \ No newline at end of file diff --git a/docs/content/reference/static-configuration.md b/docs/content/reference/static-configuration.md new file mode 100644 index 000000000..0101746b3 --- /dev/null +++ b/docs/content/reference/static-configuration.md @@ -0,0 +1,13 @@ +# Static Configuration + +## File + +```toml +--8<-- "content/reference/static-configuration.toml" +``` + +## CLI + +```txt +--8<-- "content/reference/static-configuration.txt" +``` diff --git a/docs/content/reference/static-configuration.toml b/docs/content/reference/static-configuration.toml new file mode 100644 index 000000000..5f77395b5 --- /dev/null +++ b/docs/content/reference/static-configuration.toml @@ -0,0 +1,238 @@ +[Global] + Debug = true + CheckNewVersion = true + SendAnonymousUsage = true + +[ServersTransport] + InsecureSkipVerify = true + RootCAs = ["foobar", "foobar"] + MaxIdleConnsPerHost = 42 + [ServersTransport.ForwardingTimeouts] + DialTimeout = 42 + ResponseHeaderTimeout = 42 + +[EntryPoints] + + [EntryPoints.EntryPoint0] + Address = "foobar" + [EntryPoints.EntryPoint0.Transport] + [EntryPoints.EntryPoint0.Transport.LifeCycle] + RequestAcceptGraceTimeout = 42 + GraceTimeOut = 42 + [EntryPoints.EntryPoint0.Transport.RespondingTimeouts] + ReadTimeout = 42 + WriteTimeout = 42 + IdleTimeout = 42 + [EntryPoints.EntryPoint0.ProxyProtocol] + Insecure = true + TrustedIPs = ["foobar", "foobar"] + [EntryPoints.EntryPoint0.ForwardedHeaders] + Insecure = true + TrustedIPs = ["foobar", "foobar"] + +[Providers] + + ProvidersThrottleDuration = 42 + [Providers.Docker] + Watch = true + Endpoint = "foobar" + DefaultRule = "foobar" + ExposedByDefault = true + UseBindPortIP = true + SwarmMode = true + Network = "foobar" + SwarmModeRefreshSeconds = 42 + + [[Providers.Docker.Constraints]] + Key = "foobar" + MustMatch = true + Regex = "foobar" + + [[Providers.Docker.Constraints]] + Key = "foobar" + MustMatch = true + Regex = "foobar" + [Providers.Docker.TLS] + CA = "foobar" + CAOptional = true + Cert = "foobar" + Key = "foobar" + InsecureSkipVerify = true + [Providers.File] + Directory = "foobar" + Watch = true + Filename = "foobar" + DebugLogGeneratedTemplate = true + TraefikFile = "foobar" + [Providers.Marathon] + Trace = true + Watch = true + Endpoint = "foobar" + DefaultRule = "foobar" + ExposedByDefault = true + DCOSToken = "foobar" + FilterMarathonConstraints = true + DialerTimeout = 42 + ResponseHeaderTimeout = 42 + TLSHandshakeTimeout = 42 + KeepAlive = 42 + ForceTaskHostname = true + RespectReadinessChecks = true + + [[Providers.Marathon.Constraints]] + Key = "foobar" + MustMatch = true + Regex = "foobar" + + [[Providers.Marathon.Constraints]] + Key = "foobar" + MustMatch = true + Regex = "foobar" + [Providers.Marathon.TLS] + CA = "foobar" + CAOptional = true + Cert = "foobar" + Key = "foobar" + InsecureSkipVerify = true + [Providers.Marathon.Basic] + HTTPBasicAuthUser = "foobar" + HTTPBasicPassword = "foobar" + [Providers.Kubernetes] + Endpoint = "foobar" + Token = "foobar" + CertAuthFilePath = "foobar" + DisablePassHostHeaders = true + Namespaces = ["foobar", "foobar"] + LabelSelector = "foobar" + IngressClass = "foobar" + [Providers.Kubernetes.IngressEndpoint] + IP = "foobar" + Hostname = "foobar" + PublishedService = "foobar" + [Providers.KubernetesCRD] + Endpoint = "foobar" + Token = "foobar" + CertAuthFilePath = "foobar" + DisablePassHostHeaders = true + Namespaces = ["foobar", "foobar"] + LabelSelector = "foobar" + IngressClass = "foobar" + [Providers.Rest] + EntryPoint = "foobar" + +[API] + EntryPoint = "foobar" + Dashboard = true + Middlewares = ["foobar", "foobar"] + [API.Statistics] + RecentErrors = 42 + +[Metrics] + [Metrics.Prometheus] + Buckets = [42.0, 42.0] + EntryPoint = "foobar" + Middlewares = ["foobar", "foobar"] + [Metrics.Datadog] + Address = "foobar" + PushInterval = "foobar" + [Metrics.StatsD] + Address = "foobar" + PushInterval = "foobar" + [Metrics.InfluxDB] + Address = "foobar" + Protocol = "foobar" + PushInterval = "foobar" + Database = "foobar" + RetentionPolicy = "foobar" + Username = "foobar" + Password = "foobar" + +[Ping] + EntryPoint = "foobar" + Middlewares = ["foobar", "foobar"] + +[Log] + LogLevel = "foobar" + FilePath = "foobar" + Format = "foobar" + +[AccessLog] + FilePath = "foobar" + Format = "foobar" + BufferingSize = 42 + [AccessLog.Filters] + StatusCodes = ["foobar", "foobar"] + RetryAttempts = true + MinDuration = 42 + [AccessLog.Fields] + DefaultMode = "foobar" + [AccessLog.Fields.Names] + name0 = "foobar" + name1 = "foobar" + [AccessLog.Fields.Headers] + DefaultMode = "foobar" + [AccessLog.Fields.Headers.Names] + name0 = "foobar" + name1 = "foobar" + +[Tracing] + Backend = "foobar" + ServiceName = "foobar" + SpanNameLimit = 42 + [Tracing.Jaeger] + SamplingServerURL = "foobar" + SamplingType = "foobar" + SamplingParam = 42.0 + LocalAgentHostPort = "foobar" + Gen128Bit = true + Propagation = "foobar" + TraceContextHeaderName = "foobar" + [Tracing.Zipkin] + HTTPEndpoint = "foobar" + SameSpan = true + ID128Bit = true + Debug = true + SampleRate = 42.0 + [Tracing.DataDog] + LocalAgentHostPort = "foobar" + GlobalTag = "foobar" + Debug = true + PrioritySampling = true + TraceIDHeaderName = "foobar" + ParentIDHeaderName = "foobar" + SamplingPriorityHeaderName = "foobar" + BagagePrefixHeaderName = "foobar" + [Tracing.Instana] + LocalAgentHost = "foobar" + LocalAgentPort = 42 + LogLevel = "foobar" + +[HostResolver] + CnameFlattening = true + ResolvConfig = "foobar" + ResolvDepth = 42 + +[ACME] + Email = "foobar" + ACMELogging = true + CAServer = "foobar" + Storage = "foobar" + EntryPoint = "foobar" + KeyType = "foobar" + OnHostRule = true + [ACME.DNSChallenge] + Provider = "foobar" + DelayBeforeCheck = 42 + Resolvers = ["foobar", "foobar"] + DisablePropagationCheck = true + [ACME.HTTPChallenge] + EntryPoint = "foobar" + [ACME.TLSChallenge] + + [[ACME.Domains]] + Main = "foobar" + SANs = ["foobar", "foobar"] + + [[ACME.Domains]] + Main = "foobar" + SANs = ["foobar", "foobar"] diff --git a/docs/content/reference/static-configuration.txt b/docs/content/reference/static-configuration.txt new file mode 100644 index 000000000..64ba67008 --- /dev/null +++ b/docs/content/reference/static-configuration.txt @@ -0,0 +1,196 @@ +--accesslog Access log settings (default "false") +--accesslog.bufferingsize Number of access log lines to process in a buffered way. Default 0. (default "0") +--accesslog.fields AccessLogFields (default "false") +--accesslog.fields.defaultmode Default mode for fields: keep | drop (default "keep") +--accesslog.fields.headers Headers to keep, drop or redact (default "false") +--accesslog.fields.headers.defaultmode Default mode for fields: keep | drop | redact (default "keep") +--accesslog.fields.headers.names Override mode for headers (default "map[]") +--accesslog.fields.names Override mode for fields (default "map[]") +--accesslog.filepath Access log file path. Stdout is used when omitted or empty +--accesslog.filters Access log filters, used to keep only specific access logs (default "false") +--accesslog.filters.minduration Keep access logs when request took longer than the specified duration (default "0s") +--accesslog.filters.retryattempts Keep access logs when at least one retry happened (default "false") +--accesslog.filters.statuscodes Keep access logs with status codes in the specified range (default "[]") +--accesslog.format Access log format: json | common (default "common") +--acme Enable ACME (Let's Encrypt): automatic SSL (default "false") +--acme.acmelogging Enable debug logging of ACME actions. (default "false") +--acme.caserver CA server to use. +--acme.dnschallenge Activate DNS-01 Challenge (default "false") +--acme.dnschallenge.delaybeforecheck Assume DNS propagates after a delay in seconds rather than finding and querying (default "0s") + nameservers. +--acme.dnschallenge.disablepropagationcheck Disable the DNS propagation checks before notifying ACME that the DNS challenge (default "false") + is ready. [not recommended] +--acme.dnschallenge.provider Use a DNS-01 based challenge provider rather than HTTPS. +--acme.dnschallenge.resolvers Use following DNS servers to resolve the FQDN authority. +--acme.domains CN and SANs (alternative domains) to each main domain using format: (default "[]") + --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No + SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge +--acme.email Email address used for registration +--acme.entrypoint EntryPoint to use. +--acme.httpchallenge Activate HTTP-01 Challenge (default "false") +--acme.httpchallenge.entrypoint HTTP challenge EntryPoint +--acme.keytype KeyType used for generating certificate private key. Allow value 'EC256', + 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. Default to 'RSA4096' +--acme.onhostrule Enable certificate generation on frontends Host rules. (default "false") +--acme.storage Storage to use. +--acme.tlschallenge Activate TLS-ALPN-01 Challenge (default "false") +--api Enable api/dashboard (default "false") +--api.dashboard Activate dashboard (default "true") +--api.entrypoint EntryPoint (default "traefik") +--api.middlewares Middleware list +--api.statistics Enable more detailed statistics (default "true") +--api.statistics.recenterrors Number of recent errors logged (default "10") +-c, --configfile Configuration file to use (TOML). +--entrypoints Entrypoints definition using format: --entryPoints='Name:http Address::8000 (default "map[]") + Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 + TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key' +--global Global configuration options (default "true") +--global.checknewversion Periodically check if a new version has been released (default "true") +-d, --global.debug Enable debug mode (default "false") +--global.sendanonymoususage send periodically anonymous usage statistics (default "false") +--hostresolver Enable CNAME Flattening (default "false") +--hostresolver.cnameflattening A flag to enable/disable CNAME flattening (default "false") +--hostresolver.resolvconfig resolv.conf used for DNS resolving (default "/etc/resolv.conf") +--hostresolver.resolvdepth The maximal depth of DNS recursive resolving (default "5") +--log Traefik log settings (default "false") +--log.filepath Traefik log file path. Stdout is used when omitted or empty +--log.format Traefik log format: json | common (default "common") +--log.loglevel Log level set to traefik logs. +--metrics Enable a metrics exporter (default "false") +--metrics.datadog DataDog metrics exporter type (default "false") +--metrics.datadog.address DataDog's address (default "localhost:8125") +--metrics.datadog.pushinterval DataDog push interval (default "10s") +--metrics.influxdb InfluxDB metrics exporter type (default "false") +--metrics.influxdb.address InfluxDB address (default "localhost:8089") +--metrics.influxdb.database InfluxDB database used when protocol is http +--metrics.influxdb.password InfluxDB password (only with http) +--metrics.influxdb.protocol InfluxDB address protocol (udp or http) (default "udp") +--metrics.influxdb.pushinterval InfluxDB push interval (default "10s") +--metrics.influxdb.retentionpolicy InfluxDB retention policy used when protocol is http +--metrics.influxdb.username InfluxDB username (only with http) +--metrics.prometheus Prometheus metrics exporter type (default "false") +--metrics.prometheus.buckets Buckets for latency metrics (default "[0.1 0.3 1.2 5]") +--metrics.prometheus.entrypoint EntryPoint (default "traefik") +--metrics.prometheus.middlewares Middlewares +--metrics.statsd StatsD metrics exporter type (default "false") +--metrics.statsd.address StatsD address (default "localhost:8125") +--metrics.statsd.pushinterval StatsD push interval (default "10s") +--ping Enable ping (default "false") +--ping.entrypoint Ping entryPoint (default "traefik") +--ping.middlewares Middleware list +--providers Providers configuration (default "false") +--providers.docker Enable Docker backend with default settings (default "false") +--providers.docker.constraints Filter services by constraint, matching with Traefik tags. (default "[]") +--providers.docker.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)") +--providers.docker.endpoint Docker server endpoint. Can be a tcp or a unix socket endpoint (default "unix:///var/run/docker.sock") +--providers.docker.exposedbydefault Expose containers by default (default "true") +--providers.docker.network Default Docker network used +--providers.docker.swarmmode Use Docker on Swarm Mode (default "false") +--providers.docker.swarmmoderefreshseconds Polling interval for swarm mode (in seconds) (default "15") +--providers.docker.tls Enable Docker TLS support (default "false") +--providers.docker.tls.ca TLS CA +--providers.docker.tls.caoptional TLS CA.Optional (default "false") +--providers.docker.tls.cert TLS cert +--providers.docker.tls.insecureskipverify TLS insecure skip verify (default "false") +--providers.docker.tls.key TLS key +--providers.docker.usebindportip Use the ip address from the bound port, rather than from the inner network (default "false") +--providers.docker.watch Watch provider (default "true") +--providers.file Enable File backend with default settings (default "true") +--providers.file.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false") +--providers.file.directory Load configuration from one or more .toml files in a directory +--providers.file.filename Override default configuration template. For advanced users :) +--providers.file.watch Watch provider (default "true") +--providers.kubernetes Enable Kubernetes backend with default settings (default "true") +--providers.kubernetes.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client) +--providers.kubernetes.disablepasshostheaders Kubernetes disable PassHost Headers (default "false") +--providers.kubernetes.endpoint Kubernetes server endpoint (required for external cluster client) +--providers.kubernetes.ingressclass Value of kubernetes.io/ingress.class annotation to watch for +--providers.kubernetes.ingressendpoint Kubernetes Ingress Endpoint (default "false") +--providers.kubernetes.ingressendpoint.hostname Hostname used for Kubernetes Ingress endpoints +--providers.kubernetes.ingressendpoint.ip IP used for Kubernetes Ingress endpoints +--providers.kubernetes.ingressendpoint.publishedservice Published Kubernetes Service to copy status from +--providers.kubernetes.labelselector Kubernetes Ingress label selector to use +--providers.kubernetes.namespaces Kubernetes namespaces (default "[]") +--providers.kubernetes.token Kubernetes bearer token (not needed for in-cluster client) +--providers.kubernetescrd Enable Kubernetes backend with default settings (default "false") +--providers.kubernetescrd.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client) +--providers.kubernetescrd.disablepasshostheaders Kubernetes disable PassHost Headers (default "false") +--providers.kubernetescrd.endpoint Kubernetes server endpoint (required for external cluster client) +--providers.kubernetescrd.ingressclass Value of kubernetes.io/ingress.class annotation to watch for +--providers.kubernetescrd.labelselector Kubernetes label selector to use +--providers.kubernetescrd.namespaces Kubernetes namespaces (default "[]") +--providers.kubernetescrd.token Kubernetes bearer token (not needed for in-cluster client) +--providers.marathon Enable Marathon backend with default settings (default "false") +--providers.marathon.basic Enable basic authentication (default "false") +--providers.marathon.basic.httpbasicauthuser Basic authentication User +--providers.marathon.basic.httpbasicpassword Basic authentication Password +--providers.marathon.constraints Filter services by constraint, matching with Traefik tags. (default "[]") +--providers.marathon.dcostoken DCOSToken for DCOS environment, This will override the Authorization header +--providers.marathon.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)") +--providers.marathon.dialertimeout Set a dialer timeout for Marathon (default "5s") +--providers.marathon.endpoint Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080") +--providers.marathon.exposedbydefault Expose Marathon apps by default (default "true") +--providers.marathon.filtermarathonconstraints Enable use of Marathon constraints in constraint filtering (default "false") +--providers.marathon.forcetaskhostname Force to use the task's hostname. (default "false") +--providers.marathon.keepalive Set a TCP Keep Alive time in seconds (default "10s") +--providers.marathon.respectreadinesschecks Filter out tasks with non-successful readiness checks during deployments (default "false") +--providers.marathon.responseheadertimeout Set a response header timeout for Marathon (default "1m0s") +--providers.marathon.tls Enable TLS support (default "false") +--providers.marathon.tls.ca TLS CA +--providers.marathon.tls.caoptional TLS CA.Optional (default "false") +--providers.marathon.tls.cert TLS cert +--providers.marathon.tls.insecureskipverify TLS insecure skip verify (default "false") +--providers.marathon.tls.key TLS key +--providers.marathon.tlshandshaketimeout Set a TLS handhsake timeout for Marathon (default "5s") +--providers.marathon.trace Display additional provider logs. (default "false") +--providers.marathon.watch Watch provider (default "true") +--providers.providersthrottleduration Backends throttle duration: minimum duration between 2 events from providers (default "2s") + before applying a new configuration. It avoids unnecessary reloads if multiples + events are sent in a short amount of time. +--providers.rest Enable Rest backend with default settings (default "true") +--providers.rest.entrypoint EntryPoint (default "traefik") +--serverstransport Servers default transport (default "true") +--serverstransport.forwardingtimeouts Timeouts for requests forwarded to the backend servers (default "true") +--serverstransport.forwardingtimeouts.dialtimeout The amount of time to wait until a connection to a backend server can be (default "0s") + established. Defaults to 30 seconds. If zero, no timeout exists +--serverstransport.forwardingtimeouts.responseheadertimeout The amount of time to wait for a server's response headers after fully writing (default "0s") + the request (including its body, if any). If zero, no timeout exists +--serverstransport.insecureskipverify Disable SSL certificate verification (default "false") +--serverstransport.maxidleconnsperhost If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, (default "200") + DefaultMaxIdleConnsPerHost is used +--serverstransport.rootcas Add cert file for self-signed certificate +--tracing OpenTracing configuration (default "false") +--tracing.backend Selects the tracking backend ('jaeger','zipkin','datadog','instana'). (default "jaeger") +--tracing.datadog Settings for DataDog (default "false") +--tracing.datadog.bagageprefixheadername specifies the header name prefix that will be used to store baggage items in a + map. +--tracing.datadog.debug Enable DataDog debug. (default "false") +--tracing.datadog.globaltag Key:Value tag to be set on all the spans. +--tracing.datadog.localagenthostport Set datadog-agent's host:port that the reporter will used. Defaults to (default "localhost:8126") + localhost:8126 +--tracing.datadog.parentidheadername Specifies the header name that will be used to store the parent ID. +--tracing.datadog.prioritysampling Enable priority sampling. When using distributed tracing, this option must be (default "false") + enabled in order to get all the parts of a distributed trace sampled. +--tracing.datadog.samplingpriorityheadername Specifies the header name that will be used to store the sampling priority. +--tracing.datadog.traceidheadername Specifies the header name that will be used to store the trace ID. +--tracing.instana Settings for Instana (default "false") +--tracing.instana.localagenthost Set instana-agent's host that the reporter will used. (default "localhost") +--tracing.instana.localagentport Set instana-agent's port that the reporter will used. (default "42699") +--tracing.instana.loglevel Set instana-agent's log level. ('error','warn','info','debug') (default "info") +--tracing.jaeger Settings for jaeger (default "false") +--tracing.jaeger.gen128bit generate 128 bit span IDs. (default "false") +--tracing.jaeger.localagenthostport set jaeger-agent's host:port that the reporter will used. (default "127.0.0.1:6831") +--tracing.jaeger.propagation which propgation format to use (jaeger/b3). (default "jaeger") +--tracing.jaeger.samplingparam set the sampling parameter. (default "1") +--tracing.jaeger.samplingserverurl set the sampling server url. (default "http://localhost:5778/sampling") +--tracing.jaeger.samplingtype set the sampling type. (default "const") +--tracing.jaeger.tracecontextheadername set the header to use for the trace-id. (default "uber-trace-id") +--tracing.servicename Set the name for this service (default "traefik") +--tracing.spannamelimit Set the maximum character limit for Span names (default 0 = no limit) (default "0") +--tracing.zipkin Settings for zipkin (default "false") +--tracing.zipkin.debug Enable Zipkin debug. (default "false") +--tracing.zipkin.httpendpoint HTTP Endpoint to report traces to. (default "http://localhost:9411/api/v1/spans") +--tracing.zipkin.id128bit Use Zipkin 128 bit root span IDs. (default "true") +--tracing.zipkin.samespan Use Zipkin SameSpan RPC style traces. (default "false") +--tracing.zipkin.samplerate The rate between 0.0 and 1.0 of requests to trace. (default "1") +-h, --help Print Help (this message) and exit \ No newline at end of file diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index ce4fecfca..3de56a723 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -5,7 +5,7 @@ Opening Connections for Incoming Requests ![EntryPoints](../assets/img/entrypoints.png) -Entrypoints are the network entry points into Traefik. +EntryPoints are the network entry points into Traefik. They define the port which will receive the requests (whether HTTP or TCP). ## Configuration Examples @@ -38,7 +38,45 @@ They define the port which will receive the requests (whether HTTP or TCP). ### General -Entrypoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). You can define them using a toml file, CLI arguments, or a key-value store. See the [complete reference](../reference/entrypoints.md) for the list of available options. +EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). +You can define them using a toml file, CLI arguments, or a key-value store. + +See the complete reference for the list of available options: + +```toml tab="File" +[EntryPoints] + + [EntryPoints.EntryPoint0] + Address = "foobar" + [EntryPoints.EntryPoint0.Transport] + [EntryPoints.EntryPoint0.Transport.LifeCycle] + RequestAcceptGraceTimeout = 42 + GraceTimeOut = 42 + [EntryPoints.EntryPoint0.Transport.RespondingTimeouts] + ReadTimeout = 42 + WriteTimeout = 42 + IdleTimeout = 42 + [EntryPoints.EntryPoint0.ProxyProtocol] + Insecure = true + TrustedIPs = ["foobar", "foobar"] + [EntryPoints.EntryPoint0.ForwardedHeaders] + Insecure = true + TrustedIPs = ["foobar", "foobar"] +``` + +```ini tab="CLI" +Name:EntryPoint0 +Address:foobar +Transport.LifeCycle.RequestAcceptGraceTimeout:42 +Transport.LifeCycle.GraceTimeOut:42 +Transport.RespondingTimeouts.ReadTimeout:42 +Transport.RespondingTimeouts.WriteTimeout:42 +Transport.RespondingTimeouts.IdleTimeout:42 +ProxyProtocol.Insecure:true +ProxyProtocol.TrustedIPs:foobar,foobar +ForwardedHeaders.Insecure:true +ForwardedHeaders.TrustedIPs:foobar,foobar +``` ??? example "Using the CLI" @@ -50,7 +88,7 @@ Entrypoints are part of the [static configuration](../getting-started/configurat ``` !!! note - The whitespace character (` `) is the option separator, and the comma (`,`) is the value separator for lists. + The whitespace character (` `) is the option separator, and the comma (`,`) is the value separator for lists inside an option. The option names are case-insensitive. !!! warning "Using Docker Compose Files" diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 34e069940..2b1066c8d 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -66,12 +66,6 @@ markdown_extensions: # Page tree nav: - - '': 'providers/kubernetes-ingress.md' - - '': 'reference/acme.md' - - '': 'reference/providers/docker.md' - - '': 'reference/providers/file.md' - - '': 'reference/providers/kubernetescrd.md' - - '': 'reference/entrypoints.md' - 'Welcome': 'index.md' - 'Getting Started': - 'Concepts' : 'getting-started/concepts.md' @@ -82,6 +76,7 @@ nav: - 'Docker': 'providers/docker.md' - 'File': 'providers/file.md' - 'Kubernetes IngressRoute': 'providers/kubernetes-crd.md' +# - 'Kubernetes Ingress': 'providers/kubernetes-ingress.md' - 'Routing & Load Balancing': - 'Overview': 'routing/overview.md' - 'Entrypoints': 'routing/entrypoints.md' @@ -134,3 +129,9 @@ nav: - 'Advocating': 'contributing/advocating.md' - 'Maintainers': 'contributing/maintainers.md' - 'Glossary': 'glossary.md' + - 'References': + - 'Static Configuration': 'reference/static-configuration.md' + - 'Dynamic Configuration': + - 'Docker': 'reference/dynamic-configuration/docker.md' + - 'Kubernetes CRD': 'reference/dynamic-configuration/kubernetes-crd.md' + - 'File': 'reference/dynamic-configuration/file.md'