doc: Use neutral domains.
This commit is contained in:
parent
f4007a342c
commit
5adf74e6ce
37 changed files with 294 additions and 294 deletions
|
@ -79,7 +79,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
|
||||||
address = ":443"
|
address = ":443"
|
||||||
|
|
||||||
[certificatesResolvers.myresolver.acme]
|
[certificatesResolvers.myresolver.acme]
|
||||||
email = "your-email@your-domain.org"
|
email = "your-email@example.com"
|
||||||
storage = "acme.json"
|
storage = "acme.json"
|
||||||
[certificatesResolvers.myresolver.acme.httpChallenge]
|
[certificatesResolvers.myresolver.acme.httpChallenge]
|
||||||
# used during the challenge
|
# used during the challenge
|
||||||
|
@ -97,7 +97,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
myresolver:
|
myresolver:
|
||||||
acme:
|
acme:
|
||||||
email: your-email@your-domain.org
|
email: your-email@example.com
|
||||||
storage: acme.json
|
storage: acme.json
|
||||||
httpChallenge:
|
httpChallenge:
|
||||||
# used during the challenge
|
# used during the challenge
|
||||||
|
@ -108,7 +108,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
|
||||||
--entryPoints.web.address=:80
|
--entryPoints.web.address=:80
|
||||||
--entryPoints.websecure.address=:443
|
--entryPoints.websecure.address=:443
|
||||||
# ...
|
# ...
|
||||||
--certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
|
--certificatesResolvers.myresolver.acme.email=your-email@example.com
|
||||||
--certificatesResolvers.myresolver.acme.storage=acme.json
|
--certificatesResolvers.myresolver.acme.storage=acme.json
|
||||||
# used during the challenge
|
# used during the challenge
|
||||||
--certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
|
--certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
|
||||||
|
@ -118,20 +118,20 @@ Please check the [configuration examples below](#configuration-examples) for mor
|
||||||
|
|
||||||
??? example "Single Domain from Router's Rule Example"
|
??? example "Single Domain from Router's Rule Example"
|
||||||
|
|
||||||
* A certificate for the domain `company.com` is requested:
|
* A certificate for the domain `example.com` is requested:
|
||||||
|
|
||||||
--8<-- "content/https/include-acme-single-domain-example.md"
|
--8<-- "content/https/include-acme-single-domain-example.md"
|
||||||
|
|
||||||
??? example "Multiple Domains from Router's Rule Example"
|
??? example "Multiple Domains from Router's Rule Example"
|
||||||
|
|
||||||
* A certificate for the domains `company.com` (main) and `blog.company.org`
|
* A certificate for the domains `example.com` (main) and `blog.example.org`
|
||||||
is requested:
|
is requested:
|
||||||
|
|
||||||
--8<-- "content/https/include-acme-multiple-domains-from-rule-example.md"
|
--8<-- "content/https/include-acme-multiple-domains-from-rule-example.md"
|
||||||
|
|
||||||
??? example "Multiple Domains from Router's `tls.domain` Example"
|
??? example "Multiple Domains from Router's `tls.domain` Example"
|
||||||
|
|
||||||
* A certificate for the domains `company.com` (main) and `*.company.org` (SAN)
|
* A certificate for the domains `example.com` (main) and `*.example.org` (SAN)
|
||||||
is requested:
|
is requested:
|
||||||
|
|
||||||
--8<-- "content/https/include-acme-multiple-domains-example.md"
|
--8<-- "content/https/include-acme-multiple-domains-example.md"
|
||||||
|
|
|
@ -2,23 +2,23 @@
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
|
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
- traefik.http.routers.blog.tls.domains[0].main=company.org
|
- traefik.http.routers.blog.tls.domains[0].main=example.org
|
||||||
- traefik.http.routers.blog.tls.domains[0].sans=*.company.org
|
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Docker (Swarm)"
|
```yaml tab="Docker (Swarm)"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
|
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
|
||||||
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
|
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
- traefik.http.routers.blog.tls.domains[0].main=company.org
|
- traefik.http.routers.blog.tls.domains[0].main=example.org
|
||||||
- traefik.http.routers.blog.tls.domains[0].sans=*.company.org
|
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Kubernetes"
|
```yaml tab="Kubernetes"
|
||||||
|
@ -30,7 +30,7 @@ spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`company.com`) && Path(`/blog`)
|
- match: Host(`example.com`) && Path(`/blog`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: blog
|
- name: blog
|
||||||
|
@ -38,18 +38,18 @@ spec:
|
||||||
tls:
|
tls:
|
||||||
certResolver: myresolver
|
certResolver: myresolver
|
||||||
domains:
|
domains:
|
||||||
- main: company.org
|
- main: example.org
|
||||||
sans:
|
sans:
|
||||||
- *.company.org
|
- *.example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
labels: {
|
labels: {
|
||||||
"traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
|
"traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
|
||||||
"traefik.http.routers.blog.tls": "true",
|
"traefik.http.routers.blog.tls": "true",
|
||||||
"traefik.http.routers.blog.tls.certresolver": "myresolver",
|
"traefik.http.routers.blog.tls.certresolver": "myresolver",
|
||||||
"traefik.http.routers.blog.tls.domains[0].main": "company.com",
|
"traefik.http.routers.blog.tls.domains[0].main": "example.com",
|
||||||
"traefik.http.routers.blog.tls.domains[0].sans": "*.company.com",
|
"traefik.http.routers.blog.tls.domains[0].sans": "*.example.com",
|
||||||
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
|
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
@ -57,23 +57,23 @@ labels: {
|
||||||
```yaml tab="Rancher"
|
```yaml tab="Rancher"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
|
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
- traefik.http.routers.blog.tls.domains[0].main=company.org
|
- traefik.http.routers.blog.tls.domains[0].main=example.org
|
||||||
- traefik.http.routers.blog.tls.domains[0].sans=*.company.org
|
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
[http.routers]
|
[http.routers]
|
||||||
[http.routers.blog]
|
[http.routers.blog]
|
||||||
rule = "Host(`company.com`) && Path(`/blog`)"
|
rule = "Host(`example.com`) && Path(`/blog`)"
|
||||||
[http.routers.blog.tls]
|
[http.routers.blog.tls]
|
||||||
certResolver = "myresolver" # From static configuration
|
certResolver = "myresolver" # From static configuration
|
||||||
[[http.routers.blog.tls.domains]]
|
[[http.routers.blog.tls.domains]]
|
||||||
main = "company.org"
|
main = "example.org"
|
||||||
sans = ["*.company.org"]
|
sans = ["*.example.org"]
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
```yaml tab="File (YAML)"
|
||||||
|
@ -81,11 +81,11 @@ labels:
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
blog:
|
blog:
|
||||||
rule: "Host(`company.com`) && Path(`/blog`)"
|
rule: "Host(`example.com`) && Path(`/blog`)"
|
||||||
tls:
|
tls:
|
||||||
certResolver: myresolver
|
certResolver: myresolver
|
||||||
domains:
|
domains:
|
||||||
- main: "company.org"
|
- main: "example.org"
|
||||||
sans:
|
sans:
|
||||||
- "*.company.org"
|
- "*.example.org"
|
||||||
```
|
```
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
|
- traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
```
|
```
|
||||||
|
@ -11,7 +11,7 @@ labels:
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
|
- traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
|
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
|
||||||
|
@ -26,7 +26,7 @@ spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: (Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
|
- match: (Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: blog
|
- name: blog
|
||||||
|
@ -37,7 +37,7 @@ spec:
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
labels: {
|
labels: {
|
||||||
"traefik.http.routers.blog.rule": "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)",
|
"traefik.http.routers.blog.rule": "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)",
|
||||||
"traefik.http.routers.blog.tls": "true",
|
"traefik.http.routers.blog.tls": "true",
|
||||||
"traefik.http.routers.blog.tls.certresolver": "myresolver",
|
"traefik.http.routers.blog.tls.certresolver": "myresolver",
|
||||||
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
|
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
|
||||||
|
@ -47,7 +47,7 @@ labels: {
|
||||||
```yaml tab="Rancher"
|
```yaml tab="Rancher"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
|
- traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
```
|
```
|
||||||
|
@ -56,7 +56,7 @@ labels:
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
[http.routers]
|
[http.routers]
|
||||||
[http.routers.blog]
|
[http.routers.blog]
|
||||||
rule = "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
|
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
|
||||||
[http.routers.blog.tls]
|
[http.routers.blog.tls]
|
||||||
certResolver = "myresolver"
|
certResolver = "myresolver"
|
||||||
```
|
```
|
||||||
|
@ -66,7 +66,7 @@ labels:
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
blog:
|
blog:
|
||||||
rule: "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
|
rule: "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
|
||||||
tls:
|
tls:
|
||||||
certResolver: myresolver
|
certResolver: myresolver
|
||||||
```
|
```
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
|
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
```
|
```
|
||||||
|
@ -11,7 +11,7 @@ labels:
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
|
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
|
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
|
||||||
|
@ -26,7 +26,7 @@ spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`company.com`) && Path(`/blog`)
|
- match: Host(`example.com`) && Path(`/blog`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: blog
|
- name: blog
|
||||||
|
@ -37,7 +37,7 @@ spec:
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
labels: {
|
labels: {
|
||||||
"traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
|
"traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
|
||||||
"traefik.http.routers.blog.tls": "true",
|
"traefik.http.routers.blog.tls": "true",
|
||||||
"traefik.http.routers.blog.tls.certresolver": "myresolver",
|
"traefik.http.routers.blog.tls.certresolver": "myresolver",
|
||||||
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
|
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
|
||||||
|
@ -47,7 +47,7 @@ labels: {
|
||||||
```yaml tab="Rancher"
|
```yaml tab="Rancher"
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
|
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
|
||||||
- traefik.http.routers.blog.tls=true
|
- traefik.http.routers.blog.tls=true
|
||||||
- traefik.http.routers.blog.tls.certresolver=myresolver
|
- traefik.http.routers.blog.tls.certresolver=myresolver
|
||||||
```
|
```
|
||||||
|
@ -56,7 +56,7 @@ labels:
|
||||||
## Dynamic configuration
|
## Dynamic configuration
|
||||||
[http.routers]
|
[http.routers]
|
||||||
[http.routers.blog]
|
[http.routers.blog]
|
||||||
rule = "Host(`company.com`) && Path(`/blog`)"
|
rule = "Host(`example.com`) && Path(`/blog`)"
|
||||||
[http.routers.blog.tls]
|
[http.routers.blog.tls]
|
||||||
certResolver = "myresolver"
|
certResolver = "myresolver"
|
||||||
```
|
```
|
||||||
|
@ -66,7 +66,7 @@ labels:
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
blog:
|
blog:
|
||||||
rule: "Host(`company.com`) && Path(`/blog`)"
|
rule: "Host(`example.com`) && Path(`/blog`)"
|
||||||
tls:
|
tls:
|
||||||
certResolver: myresolver
|
certResolver: myresolver
|
||||||
```
|
```
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
#
|
#
|
||||||
# Required
|
# Required
|
||||||
#
|
#
|
||||||
email = "test@traefik.io"
|
email = "test@example.com"
|
||||||
|
|
||||||
# File or key used for certificates storage.
|
# File or key used for certificates storage.
|
||||||
#
|
#
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
#
|
#
|
||||||
# Required
|
# Required
|
||||||
#
|
#
|
||||||
--certificatesResolvers.myresolver.acme.email=test@traefik.io
|
--certificatesResolvers.myresolver.acme.email=test@example.com
|
||||||
|
|
||||||
# File or key used for certificates storage.
|
# File or key used for certificates storage.
|
||||||
#
|
#
|
||||||
|
|
|
@ -7,7 +7,7 @@ certificatesResolvers:
|
||||||
#
|
#
|
||||||
# Required
|
# Required
|
||||||
#
|
#
|
||||||
email: "test@traefik.io"
|
email: "test@example.com"
|
||||||
|
|
||||||
# File or key used for certificates storage.
|
# File or key used for certificates storage.
|
||||||
#
|
#
|
||||||
|
|
|
@ -12,53 +12,53 @@ Otherwise, the response from the authentication server is returned.
|
||||||
## Configuration Examples
|
## Configuration Examples
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Forward authentication to authserver.com
|
# Forward authentication to example.com
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Kubernetes"
|
```yaml tab="Kubernetes"
|
||||||
# Forward authentication to authserver.com
|
# Forward authentication to example.com
|
||||||
apiVersion: traefik.containo.us/v1alpha1
|
apiVersion: traefik.containo.us/v1alpha1
|
||||||
kind: Middleware
|
kind: Middleware
|
||||||
metadata:
|
metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Consul Catalog"
|
```yaml tab="Consul Catalog"
|
||||||
# Forward authentication to authserver.com
|
# Forward authentication to example.com
|
||||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
"labels": {
|
"labels": {
|
||||||
"traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
|
"traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Rancher"
|
```yaml tab="Rancher"
|
||||||
# Forward authentication to authserver.com
|
# Forward authentication to example.com
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
# Forward authentication to authserver.com
|
# Forward authentication to example.com
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
```yaml tab="File (YAML)"
|
||||||
# Forward authentication to authserver.com
|
# Forward authentication to example.com
|
||||||
http:
|
http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Configuration Options
|
## Configuration Options
|
||||||
|
@ -69,7 +69,7 @@ The `address` option defines the authentication server address.
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Kubernetes"
|
```yaml tab="Kubernetes"
|
||||||
|
@ -79,28 +79,28 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Consul Catalog"
|
```yaml tab="Consul Catalog"
|
||||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
"labels": {
|
"labels": {
|
||||||
"traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
|
"traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Rancher"
|
```yaml tab="Rancher"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="File (YAML)"
|
```yaml tab="File (YAML)"
|
||||||
|
@ -108,7 +108,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
```
|
```
|
||||||
|
|
||||||
### `trustForwardHeader`
|
### `trustForwardHeader`
|
||||||
|
@ -127,7 +127,7 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
trustForwardHeader: true
|
trustForwardHeader: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -149,7 +149,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
trustForwardHeader = true
|
trustForwardHeader = true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -158,7 +158,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
trustForwardHeader: true
|
trustForwardHeader: true
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -178,7 +178,7 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
authResponseHeaders:
|
authResponseHeaders:
|
||||||
- X-Auth-User
|
- X-Auth-User
|
||||||
- X-Secret
|
- X-Secret
|
||||||
|
@ -202,7 +202,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
authResponseHeaders = ["X-Auth-User", "X-Secret"]
|
authResponseHeaders = ["X-Auth-User", "X-Secret"]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -211,7 +211,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
authResponseHeaders:
|
authResponseHeaders:
|
||||||
- "X-Auth-User"
|
- "X-Auth-User"
|
||||||
- "X-Secret"
|
- "X-Secret"
|
||||||
|
@ -237,7 +237,7 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
tls:
|
tls:
|
||||||
caSecret: mycasercret
|
caSecret: mycasercret
|
||||||
|
|
||||||
|
@ -270,7 +270,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
[http.middlewares.test-auth.forwardAuth.tls]
|
[http.middlewares.test-auth.forwardAuth.tls]
|
||||||
ca = "path/to/local.crt"
|
ca = "path/to/local.crt"
|
||||||
```
|
```
|
||||||
|
@ -280,7 +280,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
tls:
|
tls:
|
||||||
ca: "path/to/local.crt"
|
ca: "path/to/local.crt"
|
||||||
```
|
```
|
||||||
|
@ -306,7 +306,7 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
tls:
|
tls:
|
||||||
caOptional: true
|
caOptional: true
|
||||||
```
|
```
|
||||||
|
@ -329,7 +329,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
[http.middlewares.test-auth.forwardAuth.tls]
|
[http.middlewares.test-auth.forwardAuth.tls]
|
||||||
caOptional = true
|
caOptional = true
|
||||||
```
|
```
|
||||||
|
@ -339,7 +339,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
tls:
|
tls:
|
||||||
caOptional: true
|
caOptional: true
|
||||||
```
|
```
|
||||||
|
@ -361,7 +361,7 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
tls:
|
tls:
|
||||||
certSecret: mytlscert
|
certSecret: mytlscert
|
||||||
|
|
||||||
|
@ -398,7 +398,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
[http.middlewares.test-auth.forwardAuth.tls]
|
[http.middlewares.test-auth.forwardAuth.tls]
|
||||||
cert = "path/to/foo.cert"
|
cert = "path/to/foo.cert"
|
||||||
key = "path/to/foo.key"
|
key = "path/to/foo.key"
|
||||||
|
@ -409,7 +409,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
tls:
|
tls:
|
||||||
cert: "path/to/foo.cert"
|
cert: "path/to/foo.cert"
|
||||||
key: "path/to/foo.key"
|
key: "path/to/foo.key"
|
||||||
|
@ -435,7 +435,7 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
tls:
|
tls:
|
||||||
certSecret: mytlscert
|
certSecret: mytlscert
|
||||||
|
|
||||||
|
@ -472,7 +472,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
[http.middlewares.test-auth.forwardAuth.tls]
|
[http.middlewares.test-auth.forwardAuth.tls]
|
||||||
cert = "path/to/foo.cert"
|
cert = "path/to/foo.cert"
|
||||||
key = "path/to/foo.key"
|
key = "path/to/foo.key"
|
||||||
|
@ -483,7 +483,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
tls:
|
tls:
|
||||||
cert: "path/to/foo.cert"
|
cert: "path/to/foo.cert"
|
||||||
key: "path/to/foo.key"
|
key: "path/to/foo.key"
|
||||||
|
@ -508,7 +508,7 @@ metadata:
|
||||||
name: test-auth
|
name: test-auth
|
||||||
spec:
|
spec:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: https://authserver.com/auth
|
address: https://example.com/auth
|
||||||
tls:
|
tls:
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
```
|
```
|
||||||
|
@ -531,7 +531,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[http.middlewares]
|
[http.middlewares]
|
||||||
[http.middlewares.test-auth.forwardAuth]
|
[http.middlewares.test-auth.forwardAuth]
|
||||||
address = "https://authserver.com/auth"
|
address = "https://example.com/auth"
|
||||||
[http.middlewares.test-auth.forwardAuth.tls]
|
[http.middlewares.test-auth.forwardAuth.tls]
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
```
|
```
|
||||||
|
@ -541,7 +541,7 @@ http:
|
||||||
middlewares:
|
middlewares:
|
||||||
test-auth:
|
test-auth:
|
||||||
forwardAuth:
|
forwardAuth:
|
||||||
address: "https://authserver.com/auth"
|
address: "https://example.com/auth"
|
||||||
tls:
|
tls:
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
```
|
```
|
||||||
|
|
|
@ -188,7 +188,7 @@ then you'll have to append to the middleware name, the `@` separator, followed b
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`)
|
- match: Host(`example.com`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
|
|
@ -265,7 +265,7 @@ In the following example, you can see a complete certificate. We will use each p
|
||||||
Validity
|
Validity
|
||||||
Not Before: Dec 6 11:10:16 2018 GMT
|
Not Before: Dec 6 11:10:16 2018 GMT
|
||||||
Not After : Dec 5 11:10:16 2020 GMT
|
Not After : Dec 5 11:10:16 2020 GMT
|
||||||
Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
|
Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.example.org, CN=*.example.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@example.org/emailAddress=cert@sexample.com
|
||||||
Subject Public Key Info:
|
Subject Public Key Info:
|
||||||
Public Key Algorithm: rsaEncryption
|
Public Key Algorithm: rsaEncryption
|
||||||
RSA Public-Key: (2048 bit)
|
RSA Public-Key: (2048 bit)
|
||||||
|
@ -302,7 +302,7 @@ In the following example, you can see a complete certificate. We will use each p
|
||||||
keyid:1E:52:A2:E8:54:D5:37:EB:D5:A8:1D:E4:C2:04:1D:37:E2:F7:70:03
|
keyid:1E:52:A2:E8:54:D5:37:EB:D5:A8:1D:E4:C2:04:1D:37:E2:F7:70:03
|
||||||
|
|
||||||
X509v3 Subject Alternative Name:
|
X509v3 Subject Alternative Name:
|
||||||
DNS:*.cheese.org, DNS:*.cheese.net, DNS:*.cheese.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@cheese.org, email:test@cheese.net
|
DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
|
||||||
Signature Algorithm: sha1WithRSAEncryption
|
Signature Algorithm: sha1WithRSAEncryption
|
||||||
76:6b:05:b0:0e:34:11:b1:83:99:91:dc:ae:1b:e2:08:15:8b:
|
76:6b:05:b0:0e:34:11:b1:83:99:91:dc:ae:1b:e2:08:15:8b:
|
||||||
16:b2:9b:27:1c:02:ac:b5:df:1b:d0:d0:75:a4:2b:2c:5c:65:
|
16:b2:9b:27:1c:02:ac:b5:df:1b:d0:d0:75:a4:2b:2c:5c:65:
|
||||||
|
@ -422,7 +422,7 @@ The value of the header will be an escaped concatenation of all the selected cer
|
||||||
The following example shows an unescaped result that uses all the available fields:
|
The following example shows an unescaped result that uses all the available fields:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=*.cheese.com";Issuer="DC=org,DC=cheese,C=FR,C=US,ST=Signing State,ST=Signing State 2,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=Simple Signing CA 2";NB="1544094616";NA="1607166616";SAN="*.cheese.org,*.cheese.net,*.cheese.com,test@cheese.org,test@cheese.net,10.0.1.0,10.0.1.2"
|
Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=*.example.com";Issuer="DC=org,DC=cheese,C=FR,C=US,ST=Signing State,ST=Signing State 2,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=Simple Signing CA 2";NB="1544094616";NA="1607166616";SAN="*.example.org,*.example.net,*.example.com,test@example.org,test@example.net,10.0.1.0,10.0.1.2"
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! info "Multiple certificates"
|
!!! info "Multiple certificates"
|
||||||
|
@ -471,13 +471,13 @@ The data are taken from the following certificate part:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
X509v3 Subject Alternative Name:
|
X509v3 Subject Alternative Name:
|
||||||
DNS:*.cheese.org, DNS:*.cheese.net, DNS:*.cheese.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@cheese.org, email:test@cheese.net
|
DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
|
||||||
```
|
```
|
||||||
|
|
||||||
The escape SANs info part will be like:
|
The escape SANs info part will be like:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
SAN="*.cheese.org,*.cheese.net,*.cheese.com,test@cheese.org,test@cheese.net,10.0.1.0,10.0.1.2"
|
SAN="*.example.org,*.example.net,*.example.com,test@example.org,test@example.net,10.0.1.0,10.0.1.2"
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! info "multiple values"
|
!!! info "multiple values"
|
||||||
|
@ -491,7 +491,7 @@ The `info.subject` select the specific client certificate subject details you wa
|
||||||
The data are taken from the following certificate part :
|
The data are taken from the following certificate part :
|
||||||
|
|
||||||
```text
|
```text
|
||||||
Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
|
Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.example.org, CN=*.example.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@example.org/emailAddress=cert@sexample.com
|
||||||
```
|
```
|
||||||
|
|
||||||
##### `info.subject.country`
|
##### `info.subject.country`
|
||||||
|
@ -549,7 +549,7 @@ The data are taken from the subject part with the `CN` key.
|
||||||
The escape common name info in the subject part will be like :
|
The escape common name info in the subject part will be like :
|
||||||
|
|
||||||
```text
|
```text
|
||||||
CN=*.cheese.com
|
CN=*.example.com
|
||||||
```
|
```
|
||||||
|
|
||||||
##### `info.subject.serialNumber`
|
##### `info.subject.serialNumber`
|
||||||
|
|
|
@ -97,7 +97,7 @@ Then any router can refer to an instance of the wanted middleware.
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.router0.rule=Host(`bar.com`) && PathPrefix(`/test`)"
|
- "traefik.http.routers.router0.rule=Host(`example.com`) && PathPrefix(`/test`)"
|
||||||
- "traefik.http.routers.router0.middlewares=auth"
|
- "traefik.http.routers.router0.middlewares=auth"
|
||||||
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||||
```
|
```
|
||||||
|
@ -225,7 +225,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||||
# dynamic configuration
|
# dynamic configuration
|
||||||
[http.routers]
|
[http.routers]
|
||||||
[http.routers.Router-1]
|
[http.routers.Router-1]
|
||||||
rule = "Host(`bar.com`)"
|
rule = "Host(`example.com`)"
|
||||||
service = "service-id"
|
service = "service-id"
|
||||||
# will terminate the TLS request
|
# will terminate the TLS request
|
||||||
[http.routers.Router-1.tls]
|
[http.routers.Router-1.tls]
|
||||||
|
@ -252,7 +252,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
Router-1:
|
Router-1:
|
||||||
rule: "Host(`bar.com`)"
|
rule: "Host(`example.com`)"
|
||||||
service: service-id
|
service: service-id
|
||||||
# will terminate the TLS request
|
# will terminate the TLS request
|
||||||
tls:
|
tls:
|
||||||
|
@ -301,7 +301,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`)
|
- match: Host(`example.com`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
@ -416,7 +416,7 @@ To apply a redirection:
|
||||||
entryPoints = ["web", "websecure"]
|
entryPoints = ["web", "websecure"]
|
||||||
[frontends.frontend1.routes]
|
[frontends.frontend1.routes]
|
||||||
[frontends.frontend1.routes.route0]
|
[frontends.frontend1.routes.route0]
|
||||||
rule = "Host:foo.com"
|
rule = "Host:example.net"
|
||||||
[frontends.frontend1.redirect]
|
[frontends.frontend1.redirect]
|
||||||
entryPoint = "websecure"
|
entryPoint = "websecure"
|
||||||
```
|
```
|
||||||
|
@ -425,11 +425,11 @@ To apply a redirection:
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
traefik.http.routers.app.rule: Host(`foo.com`)
|
traefik.http.routers.app.rule: Host(`example.net`)
|
||||||
traefik.http.routers.app.entrypoints: web
|
traefik.http.routers.app.entrypoints: web
|
||||||
traefik.http.routers.app.middlewares: https_redirect
|
traefik.http.routers.app.middlewares: https_redirect
|
||||||
|
|
||||||
traefik.http.routers.appsecured.rule: Host(`foo.com`)
|
traefik.http.routers.appsecured.rule: Host(`example.net`)
|
||||||
traefik.http.routers.appsecured.entrypoints: websecure
|
traefik.http.routers.appsecured.entrypoints: websecure
|
||||||
traefik.http.routers.appsecured.tls: true
|
traefik.http.routers.appsecured.tls: true
|
||||||
|
|
||||||
|
@ -447,7 +447,7 @@ To apply a redirection:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`foo.com`)
|
- match: Host(`example.net`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
@ -489,13 +489,13 @@ To apply a redirection:
|
||||||
|
|
||||||
[http.routers]
|
[http.routers]
|
||||||
[http.routers.router0]
|
[http.routers.router0]
|
||||||
rule = "Host(`foo.com`)"
|
rule = "Host(`example.net`)"
|
||||||
service = "my-service"
|
service = "my-service"
|
||||||
entrypoints = ["web"]
|
entrypoints = ["web"]
|
||||||
middlewares = ["https_redirect"]
|
middlewares = ["https_redirect"]
|
||||||
|
|
||||||
[http.routers.router1]
|
[http.routers.router1]
|
||||||
rule = "Host(`foo.com`)"
|
rule = "Host(`example.net`)"
|
||||||
service = "my-service"
|
service = "my-service"
|
||||||
entrypoints = ["websecure"]
|
entrypoints = ["websecure"]
|
||||||
[http.routers.router1.tls]
|
[http.routers.router1.tls]
|
||||||
|
@ -513,7 +513,7 @@ To apply a redirection:
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
router0:
|
router0:
|
||||||
rule: "Host(`foo.com`)"
|
rule: "Host(`example.net`)"
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
middlewares:
|
middlewares:
|
||||||
|
@ -521,7 +521,7 @@ To apply a redirection:
|
||||||
service: my-service
|
service: my-service
|
||||||
|
|
||||||
router1:
|
router1:
|
||||||
rule: "Host(`foo.com`)"
|
rule: "Host(`example.net`)"
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
service: my-service
|
service: my-service
|
||||||
|
@ -541,7 +541,7 @@ With the new core notions of v2 (introduced earlier in the section
|
||||||
transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
|
transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
|
||||||
after the routing step with [router rule `PathPrefix`](../routing/routers/index.md#rule).
|
after the routing step with [router rule `PathPrefix`](../routing/routers/index.md#rule).
|
||||||
|
|
||||||
Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin",
|
Use Case: Incoming requests to `http://example.org/admin` are forwarded to the webapplication "admin",
|
||||||
with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:
|
with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:
|
||||||
|
|
||||||
- First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
|
- First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
|
||||||
|
@ -553,7 +553,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.frontend.rule=Host:company.org;PathPrefixStrip:/admin"
|
- "traefik.frontend.rule=Host:example.org;PathPrefixStrip:/admin"
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml tab="Kubernetes Ingress"
|
```yaml tab="Kubernetes Ingress"
|
||||||
|
@ -566,7 +566,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
|
traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: company.org
|
- host: example.org
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /admin
|
- path: /admin
|
||||||
|
@ -578,14 +578,14 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[frontends.admin]
|
[frontends.admin]
|
||||||
[frontends.admin.routes.admin_1]
|
[frontends.admin.routes.admin_1]
|
||||||
rule = "Host:company.org;PathPrefixStrip:/admin"
|
rule = "Host:example.org;PathPrefixStrip:/admin"
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! info "v2"
|
!!! info "v2"
|
||||||
|
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.admin.rule=Host(`company.org`) && PathPrefix(`/admin`)"
|
- "traefik.http.routers.admin.rule=Host(`example.org`) && PathPrefix(`/admin`)"
|
||||||
- "traefik.http.routers.admin.middlewares=admin-stripprefix"
|
- "traefik.http.routers.admin.middlewares=admin-stripprefix"
|
||||||
- "traefik.http.middlewares.admin-stripprefix.stripprefix.prefixes=/admin"
|
- "traefik.http.middlewares.admin-stripprefix.stripprefix.prefixes=/admin"
|
||||||
```
|
```
|
||||||
|
@ -601,7 +601,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`company.org`) && PathPrefix(`/admin`)
|
- match: Host(`example.org`) && PathPrefix(`/admin`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: admin-svc
|
- name: admin-svc
|
||||||
|
@ -623,7 +623,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
# dynamic-conf.toml
|
# dynamic-conf.toml
|
||||||
|
|
||||||
[http.routers.router1]
|
[http.routers.router1]
|
||||||
rule = "Host(`company.org`) && PathPrefix(`/admin`)"
|
rule = "Host(`example.org`) && PathPrefix(`/admin`)"
|
||||||
service = "admin-svc"
|
service = "admin-svc"
|
||||||
entrypoints = ["web"]
|
entrypoints = ["web"]
|
||||||
middlewares = ["admin-stripprefix"]
|
middlewares = ["admin-stripprefix"]
|
||||||
|
@ -646,7 +646,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
service: admin-svc
|
service: admin-svc
|
||||||
middlewares:
|
middlewares:
|
||||||
- "admin-stripprefix"
|
- "admin-stripprefix"
|
||||||
rule: "Host(`company.org`) && PathPrefix(`/admin`)"
|
rule: "Host(`example.org`) && PathPrefix(`/admin`)"
|
||||||
|
|
||||||
middlewares:
|
middlewares:
|
||||||
admin-stripprefix:
|
admin-stripprefix:
|
||||||
|
@ -687,7 +687,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
[entryPoints.websecure.tls]
|
[entryPoints.websecure.tls]
|
||||||
|
|
||||||
[acme]
|
[acme]
|
||||||
email = "your-email-here@my-awesome-app.org"
|
email = "your-email-here@example.com"
|
||||||
storage = "acme.json"
|
storage = "acme.json"
|
||||||
entryPoint = "websecure"
|
entryPoint = "websecure"
|
||||||
onHostRule = true
|
onHostRule = true
|
||||||
|
@ -698,7 +698,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
--defaultentrypoints=websecure,web
|
--defaultentrypoints=websecure,web
|
||||||
--entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
|
--entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
|
||||||
--entryPoints=Name:websecure Address::443 TLS
|
--entryPoints=Name:websecure Address::443 TLS
|
||||||
--acme.email=your-email-here@my-awesome-app.org
|
--acme.email=your-email-here@example.com
|
||||||
--acme.storage=acme.json
|
--acme.storage=acme.json
|
||||||
--acme.entryPoint=websecure
|
--acme.entryPoint=websecure
|
||||||
--acme.onHostRule=true
|
--acme.onHostRule=true
|
||||||
|
@ -719,7 +719,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
certResolver = "myresolver"
|
certResolver = "myresolver"
|
||||||
|
|
||||||
[certificatesResolvers.myresolver.acme]
|
[certificatesResolvers.myresolver.acme]
|
||||||
email = "your-email@your-domain.org"
|
email = "your-email@example.com"
|
||||||
storage = "acme.json"
|
storage = "acme.json"
|
||||||
[certificatesResolvers.myresolver.acme.tlsChallenge]
|
[certificatesResolvers.myresolver.acme.tlsChallenge]
|
||||||
```
|
```
|
||||||
|
@ -738,7 +738,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
certificatesResolvers:
|
certificatesResolvers:
|
||||||
myresolver:
|
myresolver:
|
||||||
acme:
|
acme:
|
||||||
email: your-email@your-domain.org
|
email: your-email@example.com
|
||||||
storage: acme.json
|
storage: acme.json
|
||||||
tlsChallenge: {}
|
tlsChallenge: {}
|
||||||
```
|
```
|
||||||
|
@ -746,7 +746,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
|
||||||
```bash tab="CLI"
|
```bash tab="CLI"
|
||||||
--entrypoints.web.address=:80
|
--entrypoints.web.address=:80
|
||||||
--entrypoints.websecure.address=:443
|
--entrypoints.websecure.address=:443
|
||||||
--certificatesresolvers.myresolver.acme.email=your-email@your-domain.org
|
--certificatesresolvers.myresolver.acme.email=your-email@example.com
|
||||||
--certificatesresolvers.myresolver.acme.storage=acme.json
|
--certificatesresolvers.myresolver.acme.storage=acme.json
|
||||||
--certificatesresolvers.myresolver.acme.tlschallenge=true
|
--certificatesresolvers.myresolver.acme.tlschallenge=true
|
||||||
```
|
```
|
||||||
|
|
|
@ -50,21 +50,21 @@ And then define a routing configuration on Traefik itself with the
|
||||||
However, you can also use "path prefix" rule or any combination or rules.
|
However, you can also use "path prefix" rule or any combination or rules.
|
||||||
|
|
||||||
```bash tab="Host Rule"
|
```bash tab="Host Rule"
|
||||||
# Matches http://traefik.domain.com, http://traefik.domain.com/api
|
# Matches http://traefik.example.com, http://traefik.example.com/api
|
||||||
# or http://traefik.domain.com/hello
|
# or http://traefik.example.com/hello
|
||||||
rule = "Host(`traefik.domain.com`)"
|
rule = "Host(`traefik.example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash tab="Path Prefix Rule"
|
```bash tab="Path Prefix Rule"
|
||||||
# Matches http://api.traefik.domain.com/api or http://domain.com/api
|
# Matches http://api.traefik.example.com/api or http://example.com/api
|
||||||
# but does not match http://api.traefik.domain.com/hello
|
# but does not match http://api.traefik.example.com/hello
|
||||||
rule = "PathPrefix(`/api`)"
|
rule = "PathPrefix(`/api`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash tab="Combination of Rules"
|
```bash tab="Combination of Rules"
|
||||||
# Matches http://traefik.domain.com/api or http://traefik.domain.com/dashboard
|
# Matches http://traefik.example.com/api or http://traefik.example.com/dashboard
|
||||||
# but does not match http://traefik.domain.com/hello
|
# but does not match http://traefik.example.com/hello
|
||||||
rule = "Host(`traefik.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||||
```
|
```
|
||||||
|
|
||||||
### `insecure`
|
### `insecure`
|
||||||
|
|
|
@ -81,22 +81,22 @@ As underlined in the [documentation for the `api.dashboard` option](./api.md#das
|
||||||
the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
|
the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
|
||||||
the path prefixes `/api` and `/dashboard`.
|
the path prefixes `/api` and `/dashboard`.
|
||||||
|
|
||||||
We recommend to use a "Host Based rule" as ```Host(`traefik.domain.com`)``` to match everything on the host domain,
|
We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
|
||||||
or to make sure that the defined rule captures both prefixes:
|
or to make sure that the defined rule captures both prefixes:
|
||||||
|
|
||||||
```bash tab="Host Rule"
|
```bash tab="Host Rule"
|
||||||
# The dashboard can be accessed on http://traefik.domain.com/dashboard/
|
# The dashboard can be accessed on http://traefik.example.com/dashboard/
|
||||||
rule = "Host(`traefik.domain.com`)"
|
rule = "Host(`traefik.example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash tab="Path Prefix Rule"
|
```bash tab="Path Prefix Rule"
|
||||||
# The dashboard can be accessed on http://domain.com/dashboard/ or http://traefik.domain.com/dashboard/
|
# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
|
||||||
rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash tab="Combination of Rules"
|
```bash tab="Combination of Rules"
|
||||||
# The dashboard can be accessed on http://traefik.domain.com/dashboard/
|
# The dashboard can be accessed on http://traefik.example.com/dashboard/
|
||||||
rule = "Host(`traefik.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
|
||||||
```
|
```
|
||||||
|
|
||||||
## Insecure Mode
|
## Insecure Mode
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
```yaml tab="Docker"
|
```yaml tab="Docker"
|
||||||
# Dynamic Configuration
|
# Dynamic Configuration
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
|
- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
|
||||||
- "traefik.http.routers.api.service=api@internal"
|
- "traefik.http.routers.api.service=api@internal"
|
||||||
- "traefik.http.routers.api.middlewares=auth"
|
- "traefik.http.routers.api.middlewares=auth"
|
||||||
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||||
|
@ -11,7 +11,7 @@ labels:
|
||||||
# Dynamic Configuration
|
# Dynamic Configuration
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
|
- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
|
||||||
- "traefik.http.routers.api.service=api@internal"
|
- "traefik.http.routers.api.service=api@internal"
|
||||||
- "traefik.http.routers.api.middlewares=auth"
|
- "traefik.http.routers.api.middlewares=auth"
|
||||||
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||||
|
@ -26,7 +26,7 @@ metadata:
|
||||||
name: traefik-dashboard
|
name: traefik-dashboard
|
||||||
spec:
|
spec:
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`traefik.domain.com`)
|
- match: Host(`traefik.example.com`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: api@internal
|
- name: api@internal
|
||||||
|
@ -45,7 +45,7 @@ spec:
|
||||||
|
|
||||||
```yaml tab="Consul Catalog"
|
```yaml tab="Consul Catalog"
|
||||||
# Dynamic Configuration
|
# Dynamic Configuration
|
||||||
- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
|
- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
|
||||||
- "traefik.http.routers.api.service=api@internal"
|
- "traefik.http.routers.api.service=api@internal"
|
||||||
- "traefik.http.routers.api.middlewares=auth"
|
- "traefik.http.routers.api.middlewares=auth"
|
||||||
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||||
|
@ -53,7 +53,7 @@ spec:
|
||||||
|
|
||||||
```json tab="Marathon"
|
```json tab="Marathon"
|
||||||
"labels": {
|
"labels": {
|
||||||
"traefik.http.routers.api.rule": "Host(`traefik.domain.com`)",
|
"traefik.http.routers.api.rule": "Host(`traefik.example.com`)",
|
||||||
"traefik.http.routers.api.service": "api@internal",
|
"traefik.http.routers.api.service": "api@internal",
|
||||||
"traefik.http.routers.api.middlewares": "auth",
|
"traefik.http.routers.api.middlewares": "auth",
|
||||||
"traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
"traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||||
|
@ -63,7 +63,7 @@ spec:
|
||||||
```yaml tab="Rancher"
|
```yaml tab="Rancher"
|
||||||
# Dynamic Configuration
|
# Dynamic Configuration
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
|
- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
|
||||||
- "traefik.http.routers.api.service=api@internal"
|
- "traefik.http.routers.api.service=api@internal"
|
||||||
- "traefik.http.routers.api.middlewares=auth"
|
- "traefik.http.routers.api.middlewares=auth"
|
||||||
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||||
|
@ -72,7 +72,7 @@ labels:
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
# Dynamic Configuration
|
# Dynamic Configuration
|
||||||
[http.routers.my-api]
|
[http.routers.my-api]
|
||||||
rule = "Host(`traefik.domain.com`)"
|
rule = "Host(`traefik.example.com`)"
|
||||||
service = "api@internal"
|
service = "api@internal"
|
||||||
middlewares = ["auth"]
|
middlewares = ["auth"]
|
||||||
|
|
||||||
|
@ -88,7 +88,7 @@ labels:
|
||||||
http:
|
http:
|
||||||
routers:
|
routers:
|
||||||
api:
|
api:
|
||||||
rule: Host(`traefik.domain.com`)
|
rule: Host(`traefik.example.com`)
|
||||||
service: api@internal
|
service: api@internal
|
||||||
middlewares:
|
middlewares:
|
||||||
- auth
|
- auth
|
||||||
|
|
|
@ -29,7 +29,7 @@ Attach tags to your services and let Traefik do the rest!
|
||||||
Attaching tags to services
|
Attaching tags to services
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- traefik.http.services.my-service.rule=Host(`mydomain.com`)
|
- traefik.http.services.my-service.rule=Host(`example.com`)
|
||||||
```
|
```
|
||||||
|
|
||||||
## Routing Configuration
|
## Routing Configuration
|
||||||
|
|
|
@ -40,7 +40,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
|
||||||
my-container:
|
my-container:
|
||||||
# ...
|
# ...
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.my-container.rule=Host(`mydomain.com`)
|
- traefik.http.routers.my-container.rule=Host(`example.com`)
|
||||||
```
|
```
|
||||||
|
|
||||||
??? example "Configuring Docker Swarm & Deploying / Exposing Services"
|
??? example "Configuring Docker Swarm & Deploying / Exposing Services"
|
||||||
|
@ -79,13 +79,13 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
|
||||||
my-container:
|
my-container:
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.my-container.rule=Host(`mydomain.com`)
|
- traefik.http.routers.my-container.rule=Host(`example.com`)
|
||||||
- traefik.http.services.my-container-service.loadbalancer.server.port=8080
|
- traefik.http.services.my-container-service.loadbalancer.server.port=8080
|
||||||
```
|
```
|
||||||
|
|
||||||
## Routing Configuration
|
## Routing Configuration
|
||||||
|
|
||||||
When using Docker as a [provider](https://docs.traefik.io/providers/overview/),
|
When using Docker as a [provider](./overview.md),
|
||||||
Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.
|
Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.
|
||||||
|
|
||||||
See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.
|
See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.
|
||||||
|
|
|
@ -40,7 +40,7 @@ metadata:
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: foo.com
|
- host: example.net
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /bar
|
- path: /bar
|
||||||
|
@ -266,7 +266,7 @@ _Optional, Default: empty_
|
||||||
|
|
||||||
```toml tab="File (TOML)"
|
```toml tab="File (TOML)"
|
||||||
[providers.kubernetesIngress.ingressEndpoint]
|
[providers.kubernetesIngress.ingressEndpoint]
|
||||||
hostname = "foo.com"
|
hostname = "example.net"
|
||||||
# ...
|
# ...
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -274,12 +274,12 @@ _Optional, Default: empty_
|
||||||
providers:
|
providers:
|
||||||
kubernetesIngress:
|
kubernetesIngress:
|
||||||
ingressEndpoint:
|
ingressEndpoint:
|
||||||
hostname: "foo.com"
|
hostname: "example.net"
|
||||||
# ...
|
# ...
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash tab="CLI"
|
```bash tab="CLI"
|
||||||
--providers.kubernetesingress.ingressendpoint.hostname=foo.com
|
--providers.kubernetesingress.ingressendpoint.hostname=example.net
|
||||||
```
|
```
|
||||||
|
|
||||||
Hostname used for Kubernetes Ingress endpoints.
|
Hostname used for Kubernetes Ingress endpoints.
|
||||||
|
|
|
@ -35,7 +35,7 @@ Attach labels to your services and let Traefik do the rest!
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.services.my-service.rule=Host(`mydomain.com`)
|
- traefik.http.services.my-service.rule=Host(`example.com`)
|
||||||
```
|
```
|
||||||
|
|
||||||
## Routing Configuration
|
## Routing Configuration
|
||||||
|
|
|
@ -82,7 +82,7 @@ spec:
|
||||||
- web
|
- web
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`foo.com`) && PathPrefix(`/bar`)
|
- match: Host(`example.net`) && PathPrefix(`/bar`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
priority: 12
|
priority: 12
|
||||||
# defining several services is possible and allowed, but for now the servers of
|
# defining several services is possible and allowed, but for now the servers of
|
||||||
|
@ -147,7 +147,7 @@ spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- footcp
|
- footcp
|
||||||
routes:
|
routes:
|
||||||
- match: HostSNI(`bar.com`)
|
- match: HostSNI(`example.com`)
|
||||||
services:
|
services:
|
||||||
- name: whoamitcp
|
- name: whoamitcp
|
||||||
port: 8080
|
port: 8080
|
||||||
|
|
|
@ -66,7 +66,7 @@ Dynamic configuration:
|
||||||
[http.routers]
|
[http.routers]
|
||||||
# Define a connection between requests and services
|
# Define a connection between requests and services
|
||||||
[http.routers.to-whoami]
|
[http.routers.to-whoami]
|
||||||
rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
|
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
|
||||||
# If the rule matches, applies the middleware
|
# If the rule matches, applies the middleware
|
||||||
middlewares = ["test-user"]
|
middlewares = ["test-user"]
|
||||||
# If the rule matches, forward to the whoami service (declared below)
|
# If the rule matches, forward to the whoami service (declared below)
|
||||||
|
@ -90,7 +90,7 @@ http:
|
||||||
routers:
|
routers:
|
||||||
# Define a connection between requests and services
|
# Define a connection between requests and services
|
||||||
to-whoami:
|
to-whoami:
|
||||||
rule: "Host(`domain`) && PathPrefix(`/whoami/`)"
|
rule: "Host(`example.com`) && PathPrefix(`/whoami/`)"
|
||||||
# If the rule matches, applies the middleware
|
# If the rule matches, applies the middleware
|
||||||
middlewares:
|
middlewares:
|
||||||
- test-user
|
- test-user
|
||||||
|
@ -122,7 +122,7 @@ http:
|
||||||
In this example, we've defined routing rules for http requests only.
|
In this example, we've defined routing rules for http requests only.
|
||||||
Traefik also supports TCP requests. To add [TCP routers](./routers/index.md) and [TCP services](./services/index.md), declare them in a TCP section like in the following.
|
Traefik also supports TCP requests. To add [TCP routers](./routers/index.md) and [TCP services](./services/index.md), declare them in a TCP section like in the following.
|
||||||
|
|
||||||
??? example "Adding a TCP route for TLS requests on whoami.traefik.io"
|
??? example "Adding a TCP route for TLS requests on whoami.example.com"
|
||||||
|
|
||||||
**Static Configuration**
|
**Static Configuration**
|
||||||
|
|
||||||
|
@ -165,7 +165,7 @@ http:
|
||||||
[http.routers]
|
[http.routers]
|
||||||
# Define a connection between requests and services
|
# Define a connection between requests and services
|
||||||
[http.routers.to-whoami]
|
[http.routers.to-whoami]
|
||||||
rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
|
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
|
||||||
# If the rule matches, applies the middleware
|
# If the rule matches, applies the middleware
|
||||||
middlewares = ["test-user"]
|
middlewares = ["test-user"]
|
||||||
# If the rule matches, forward to the whoami service (declared below)
|
# If the rule matches, forward to the whoami service (declared below)
|
||||||
|
@ -185,7 +185,7 @@ http:
|
||||||
[tcp]
|
[tcp]
|
||||||
[tcp.routers]
|
[tcp.routers]
|
||||||
[tcp.routers.to-whoami-tcp]
|
[tcp.routers.to-whoami-tcp]
|
||||||
rule = "HostSNI(`whoami-tcp.traefik.io`)"
|
rule = "HostSNI(`whoami-tcp.example.com`)"
|
||||||
service = "whoami-tcp"
|
service = "whoami-tcp"
|
||||||
[tcp.routers.to-whoami-tcp.tls]
|
[tcp.routers.to-whoami-tcp.tls]
|
||||||
|
|
||||||
|
@ -202,7 +202,7 @@ http:
|
||||||
routers:
|
routers:
|
||||||
# Define a connection between requests and services
|
# Define a connection between requests and services
|
||||||
to-whoami:
|
to-whoami:
|
||||||
rule: Host(`domain`) && PathPrefix(`/whoami/`)
|
rule: Host(`example.com`) && PathPrefix(`/whoami/`)
|
||||||
# If the rule matches, applies the middleware
|
# If the rule matches, applies the middleware
|
||||||
middlewares:
|
middlewares:
|
||||||
- test-user
|
- test-user
|
||||||
|
@ -227,7 +227,7 @@ http:
|
||||||
routers:
|
routers:
|
||||||
to-whoami-tcp:
|
to-whoami-tcp:
|
||||||
service: whoami-tcp
|
service: whoami-tcp
|
||||||
rule: HostSNI(`whoami-tcp.traefik.io`)
|
rule: HostSNI(`whoami-tcp.example.com`)
|
||||||
|
|
||||||
services:
|
services:
|
||||||
whoami-tcp:
|
whoami-tcp:
|
||||||
|
|
|
@ -24,14 +24,14 @@ The Service automatically gets a server per instance in this consul Catalog serv
|
||||||
|
|
||||||
To update the configuration of the Router automatically attached to the service, add tags starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.
|
To update the configuration of the Router automatically attached to the service, add tags starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.
|
||||||
|
|
||||||
For example, to change the rule, you could add the tag ```traefik.http.routers.my-service.rule=Host(`mydomain.com`)```.
|
For example, to change the rule, you could add the tag ```traefik.http.routers.my-service.rule=Host(`example.com`)```.
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.rule`"
|
??? info "`traefik.http.routers.<router_name>.rule`"
|
||||||
|
|
||||||
See [rule](../routers/index.md#rule) for more information.
|
See [rule](../routers/index.md#rule) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.http.routers.myrouter.rule=Host(`mydomain.com`)
|
traefik.http.routers.myrouter.rule=Host(`example.com`)
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
||||||
|
@ -79,7 +79,7 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.http.routers.myrouter.tls.domains[0].main=foobar.com
|
traefik.http.routers.myrouter.tls.domains[0].main=example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -87,7 +87,7 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com
|
traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
||||||
|
@ -150,7 +150,7 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
|
||||||
See [health check](../services/index.md#health-check) for more information.
|
See [health check](../services/index.md#health-check) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com
|
traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
||||||
|
@ -271,7 +271,7 @@ You can declare TCP Routers and/or Services using tags.
|
||||||
??? example "Declaring TCP Routers and Services"
|
??? example "Declaring TCP Routers and Services"
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)
|
traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
|
||||||
traefik.tcp.routers.my-router.tls=true
|
traefik.tcp.routers.my-router.tls=true
|
||||||
traefik.tcp.services.my-service.loadbalancer.server.port=4123
|
traefik.tcp.services.my-service.loadbalancer.server.port=4123
|
||||||
```
|
```
|
||||||
|
@ -296,7 +296,7 @@ You can declare TCP Routers and/or Services using tags.
|
||||||
See [rule](../routers/index.md#rule_1) for more information.
|
See [rule](../routers/index.md#rule_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)
|
traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.service`"
|
??? info "`traefik.tcp.routers.<router_name>.service`"
|
||||||
|
@ -328,7 +328,7 @@ You can declare TCP Routers and/or Services using tags.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com
|
traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -336,7 +336,7 @@ You can declare TCP Routers and/or Services using tags.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com
|
traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
||||||
|
|
|
@ -34,12 +34,12 @@ Attach labels to your containers and let Traefik do the rest!
|
||||||
my-container:
|
my-container:
|
||||||
# ...
|
# ...
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.my-container.rule=Host(`mydomain.com`)
|
- traefik.http.routers.my-container.rule=Host(`example.com`)
|
||||||
```
|
```
|
||||||
|
|
||||||
??? example "Specify a Custom Port for the Container"
|
??? example "Specify a Custom Port for the Container"
|
||||||
|
|
||||||
Forward requests for `http://mydomain.com` to `http://<private IP of container>:12345`:
|
Forward requests for `http://example.com` to `http://<private IP of container>:12345`:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
version: "3"
|
version: "3"
|
||||||
|
@ -47,7 +47,7 @@ Attach labels to your containers and let Traefik do the rest!
|
||||||
my-container:
|
my-container:
|
||||||
# ...
|
# ...
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.my-container.rule=Host(`mydomain.com`)
|
- traefik.http.routers.my-container.rule=Host(`example.com`)
|
||||||
# Tell Traefik to use the port 12345 to connect to `my-container`
|
# Tell Traefik to use the port 12345 to connect to `my-container`
|
||||||
- traefik.http.services.my-service.loadbalancer.server.port=12345
|
- traefik.http.services.my-service.loadbalancer.server.port=12345
|
||||||
```
|
```
|
||||||
|
@ -94,7 +94,7 @@ Attach labels to your containers and let Traefik do the rest!
|
||||||
my-container:
|
my-container:
|
||||||
deploy:
|
deploy:
|
||||||
labels:
|
labels:
|
||||||
- traefik.http.routers.my-container.rule=Host(`mydomain.com`)
|
- traefik.http.routers.my-container.rule=Host(`example.com`)
|
||||||
- traefik.http.services.my-container-service.loadbalancer.server.port=8080
|
- traefik.http.services.my-container-service.loadbalancer.server.port=8080
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -127,7 +127,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
|
- "traefik.http.routers.myproxy.rule=Host(`example.net`)"
|
||||||
# service myservice gets automatically assigned to router myproxy
|
# service myservice gets automatically assigned to router myproxy
|
||||||
- "traefik.http.services.myservice.loadbalancer.server.port=80"
|
- "traefik.http.services.myservice.loadbalancer.server.port=80"
|
||||||
```
|
```
|
||||||
|
@ -140,7 +140,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
|
||||||
labels:
|
labels:
|
||||||
# no service specified or defined and yet one gets automatically created
|
# no service specified or defined and yet one gets automatically created
|
||||||
# and assigned to router myproxy.
|
# and assigned to router myproxy.
|
||||||
- "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
|
- "traefik.http.routers.myproxy.rule=Host(`example.net`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Routers
|
### Routers
|
||||||
|
@ -148,7 +148,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
|
||||||
To update the configuration of the Router automatically attached to the container,
|
To update the configuration of the Router automatically attached to the container,
|
||||||
add labels starting with `traefik.http.routers.<name-of-your-choice>.` and followed by the option you want to change.
|
add labels starting with `traefik.http.routers.<name-of-your-choice>.` and followed by the option you want to change.
|
||||||
|
|
||||||
For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`mydomain.com`)```.
|
For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`example.com`)```.
|
||||||
|
|
||||||
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
|
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
|
||||||
|
|
||||||
|
@ -157,7 +157,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
|
||||||
See [rule](../routers/index.md#rule) for more information.
|
See [rule](../routers/index.md#rule) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.routers.myrouter.rule=Host(`mydomain.com`)"
|
- "traefik.http.routers.myrouter.rule=Host(`example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
||||||
|
@ -205,7 +205,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.routers.myrouter.tls.domains[0].main=foobar.com"
|
- "traefik.http.routers.myrouter.tls.domains[0].main=example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -213,7 +213,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
|
- "traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
||||||
|
@ -283,7 +283,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
|
||||||
See [health check](../services/index.md#health-check) for more information.
|
See [health check](../services/index.md#health-check) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com"
|
- "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
||||||
|
@ -414,7 +414,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
my-container:
|
my-container:
|
||||||
# ...
|
# ...
|
||||||
labels:
|
labels:
|
||||||
- "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
|
- "traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)"
|
||||||
- "traefik.tcp.routers.my-router.tls=true"
|
- "traefik.tcp.routers.my-router.tls=true"
|
||||||
- "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
|
- "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
|
||||||
```
|
```
|
||||||
|
@ -439,7 +439,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [rule](../routers/index.md#rule_1) for more information.
|
See [rule](../routers/index.md#rule_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
|
- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.service`"
|
??? info "`traefik.tcp.routers.<router_name>.service`"
|
||||||
|
@ -471,7 +471,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
|
- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -479,7 +479,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
|
- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
||||||
|
|
|
@ -321,7 +321,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
- foo
|
- foo
|
||||||
routes: # [2]
|
routes: # [2]
|
||||||
- kind: Rule
|
- kind: Rule
|
||||||
match: Host(`test.domain.com`) # [3]
|
match: Host(`test.example.com`) # [3]
|
||||||
priority: 10 # [4]
|
priority: 10 # [4]
|
||||||
middlewares: # [5]
|
middlewares: # [5]
|
||||||
- name: middleware1 # [6]
|
- name: middleware1 # [6]
|
||||||
|
@ -349,10 +349,10 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
namespace: default # [13]
|
namespace: default # [13]
|
||||||
certResolver: foo # [14]
|
certResolver: foo # [14]
|
||||||
domains: # [15]
|
domains: # [15]
|
||||||
- main: foo.com # [16]
|
- main: example.net # [16]
|
||||||
sans: # [17]
|
sans: # [17]
|
||||||
- a.foo.com
|
- a.example.net
|
||||||
- b.foo.com
|
- b.example.net
|
||||||
```
|
```
|
||||||
|
|
||||||
| Ref | Attribute | Purpose |
|
| Ref | Attribute | Purpose |
|
||||||
|
@ -389,7 +389,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- kind: Rule
|
- kind: Rule
|
||||||
match: Host(`test.domain.com`)
|
match: Host(`test.example.com`)
|
||||||
middlewares:
|
middlewares:
|
||||||
- name: middleware1
|
- name: middleware1
|
||||||
namespace: default
|
namespace: default
|
||||||
|
@ -413,10 +413,10 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
tls:
|
tls:
|
||||||
certResolver: foo
|
certResolver: foo
|
||||||
domains:
|
domains:
|
||||||
- main: foo.com
|
- main: example.net
|
||||||
sans:
|
sans:
|
||||||
- a.foo.com
|
- a.example.net
|
||||||
- b.foo.com
|
- b.example.net
|
||||||
options:
|
options:
|
||||||
name: opt
|
name: opt
|
||||||
namespace: default
|
namespace: default
|
||||||
|
@ -494,7 +494,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
- foo
|
- foo
|
||||||
|
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`foo.com`)
|
- match: Host(`example.net`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: external-svc
|
- name: external-svc
|
||||||
|
@ -524,7 +524,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
- foo
|
- foo
|
||||||
|
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`foo.com`)
|
- match: Host(`example.net`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: external-svc
|
- name: external-svc
|
||||||
|
@ -555,7 +555,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
|
||||||
- foo
|
- foo
|
||||||
|
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`foo.com`)
|
- match: Host(`example.net`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: external-svc
|
- name: external-svc
|
||||||
|
@ -605,7 +605,7 @@ Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernete
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`) && PathPrefix(`/stripit`)
|
- match: Host(`example.com`) && PathPrefix(`/stripit`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
@ -664,7 +664,7 @@ More information in the dedicated server [load balancing](../services/index.md#l
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`) && PathPrefix(`/foo`)
|
- match: Host(`example.com`) && PathPrefix(`/foo`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: svc1
|
- name: svc1
|
||||||
|
@ -720,7 +720,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`) && PathPrefix(`/foo`)
|
- match: Host(`example.com`) && PathPrefix(`/foo`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: wrr1
|
- name: wrr1
|
||||||
|
@ -827,7 +827,7 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`) && PathPrefix(`/foo`)
|
- match: Host(`example.com`) && PathPrefix(`/foo`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: mirror1
|
- name: mirror1
|
||||||
|
@ -947,10 +947,10 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||||
namespace: default # [13]
|
namespace: default # [13]
|
||||||
certResolver: foo # [14]
|
certResolver: foo # [14]
|
||||||
domains: # [15]
|
domains: # [15]
|
||||||
- main: foo.com # [16]
|
- main: example.net # [16]
|
||||||
sans: # [17]
|
sans: # [17]
|
||||||
- a.foo.com
|
- a.example.net
|
||||||
- b.foo.com
|
- b.example.net
|
||||||
passthrough: false # [18]
|
passthrough: false # [18]
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -1001,10 +1001,10 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
|
||||||
tls:
|
tls:
|
||||||
certResolver: foo
|
certResolver: foo
|
||||||
domains:
|
domains:
|
||||||
- main: foo.com
|
- main: example.net
|
||||||
sans:
|
sans:
|
||||||
- a.foo.com
|
- a.example.net
|
||||||
- b.foo.com
|
- b.example.net
|
||||||
options:
|
options:
|
||||||
name: opt
|
name: opt
|
||||||
namespace: default
|
namespace: default
|
||||||
|
@ -1269,7 +1269,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`) && PathPrefix(`/stripit`)
|
- match: Host(`example.com`) && PathPrefix(`/stripit`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
@ -1366,7 +1366,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`bar.com`) && PathPrefix(`/stripit`)
|
- match: Host(`example.com`) && PathPrefix(`/stripit`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
|
|
@ -70,7 +70,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: mydomain.com
|
- host: example.com
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /bar
|
- path: /bar
|
||||||
|
@ -245,7 +245,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.ingress.kubernetes.io/router.tls.domains.0.main: foobar.com
|
traefik.ingress.kubernetes.io/router.tls.domains.0.main: example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.ingress.kubernetes.io/router.tls.domains.n.sans`"
|
??? info "`traefik.ingress.kubernetes.io/router.tls.domains.n.sans`"
|
||||||
|
@ -253,7 +253,7 @@ which in turn will create the resulting routers, services, handlers, etc.
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: test.foobar.com,dev.foobar.com
|
traefik.ingress.kubernetes.io/router.tls.domains.0.sans: test.example.org,dev.example.org
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.ingress.kubernetes.io/router.tls.options`"
|
??? info "`traefik.ingress.kubernetes.io/router.tls.options`"
|
||||||
|
@ -351,7 +351,7 @@ and will connect via TLS automatically.
|
||||||
|
|
||||||
spec:
|
spec:
|
||||||
rules:
|
rules:
|
||||||
- host: foo.com
|
- host: example.net
|
||||||
http:
|
http:
|
||||||
paths:
|
paths:
|
||||||
- path: /bar
|
- path: /bar
|
||||||
|
|
|
@ -20,7 +20,7 @@ A Story of key & values
|
||||||
|
|
||||||
| Key (Path) | Value |
|
| Key (Path) | Value |
|
||||||
|--------------------------------------|----------------------------|
|
|--------------------------------------|----------------------------|
|
||||||
| `traefik/http/routers/myrouter/rule` | ```Host(`mydomain.com`)``` |
|
| `traefik/http/routers/myrouter/rule` | ```Host(`example.com`)``` |
|
||||||
|
|
||||||
??? info "`traefik/http/routers/<router_name>/entrypoints`"
|
??? info "`traefik/http/routers/<router_name>/entrypoints`"
|
||||||
|
|
||||||
|
@ -69,18 +69,18 @@ A Story of key & values
|
||||||
|
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
| Key (Path) | Value |
|
| Key (Path) | Value |
|
||||||
|----------------------------------------------------|--------------|
|
|----------------------------------------------------|---------------|
|
||||||
| `traefik/http/routers/myrouter/tls/domains/0/main` | `foobar.com` |
|
| `traefik/http/routers/myrouter/tls/domains/0/main` | `example.org` |
|
||||||
|
|
||||||
??? info "`traefik/http/routers/<router_name>/tls/domains/<n>/sans/<n>`"
|
??? info "`traefik/http/routers/<router_name>/tls/domains/<n>/sans/<n>`"
|
||||||
|
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
| Key (Path) | Value |
|
| Key (Path) | Value |
|
||||||
|------------------------------------------------------|-------------------|
|
|------------------------------------------------------|--------------------|
|
||||||
| `traefik/http/routers/myrouter/tls/domains/0/sans/0` | `test.foobar.com` |
|
| `traefik/http/routers/myrouter/tls/domains/0/sans/0` | `test.example.org` |
|
||||||
| `traefik/http/routers/myrouter/tls/domains/0/sans/1` | `dev.foobar.com` |
|
| `traefik/http/routers/myrouter/tls/domains/0/sans/1` | `dev.example.org` |
|
||||||
|
|
||||||
??? info "`traefik/http/routers/<router_name>/tls/options`"
|
??? info "`traefik/http/routers/<router_name>/tls/options`"
|
||||||
|
|
||||||
|
@ -138,9 +138,9 @@ A Story of key & values
|
||||||
|
|
||||||
See [health check](../services/index.md#health-check) for more information.
|
See [health check](../services/index.md#health-check) for more information.
|
||||||
|
|
||||||
| Key (Path) | Value |
|
| Key (Path) | Value |
|
||||||
|---------------------------------------------------------------------|--------------|
|
|---------------------------------------------------------------------|---------------|
|
||||||
| `traefik/http/services/myservice/loadbalancer/healthcheck/hostname` | `foobar.com` |
|
| `traefik/http/services/myservice/loadbalancer/healthcheck/hostname` | `example.org` |
|
||||||
|
|
||||||
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/interval`"
|
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/interval`"
|
||||||
|
|
||||||
|
@ -301,7 +301,7 @@ You can declare TCP Routers and/or Services using KV.
|
||||||
|
|
||||||
| Key (Path) | Value |
|
| Key (Path) | Value |
|
||||||
|--------------------------------------|------------------------------|
|
|--------------------------------------|------------------------------|
|
||||||
| `traefik/tcp/routers/my-router/rule` | ```HostSNI(`my-host.com`)``` |
|
| `traefik/tcp/routers/my-router/rule` | ```HostSNI(`example.com`)``` |
|
||||||
|
|
||||||
??? info "`traefik/tcp/routers/<router_name>/service`"
|
??? info "`traefik/tcp/routers/<router_name>/service`"
|
||||||
|
|
||||||
|
@ -331,18 +331,18 @@ You can declare TCP Routers and/or Services using KV.
|
||||||
|
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
| Key (Path) | Value |
|
| Key (Path) | Value |
|
||||||
|------------------------------------------------------|--------------|
|
|------------------------------------------------------|---------------|
|
||||||
| `traefik/tcp/routers/mytcprouter/tls/domains/0/main` | `foobar.com` |
|
| `traefik/tcp/routers/mytcprouter/tls/domains/0/main` | `example.org` |
|
||||||
|
|
||||||
??? info "`traefik/tcp/routers/<router_name>/tls/domains/<n>/sans`"
|
??? info "`traefik/tcp/routers/<router_name>/tls/domains/<n>/sans`"
|
||||||
|
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
| Key (Path) | Value |
|
| Key (Path) | Value |
|
||||||
|--------------------------------------------------------|-------------------|
|
|--------------------------------------------------------|--------------------|
|
||||||
| `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0` | `test.foobar.com` |
|
| `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0` | `test.example.org` |
|
||||||
| `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1` | `dev.foobar.com` |
|
| `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1` | `dev.example.org` |
|
||||||
|
|
||||||
??? info "`traefik/tcp/routers/<router_name>/tls/options`"
|
??? info "`traefik/tcp/routers/<router_name>/tls/options`"
|
||||||
|
|
||||||
|
|
|
@ -29,7 +29,7 @@ and the router automatically gets a rule defined by defaultRule (if no rule for
|
||||||
|
|
||||||
```json
|
```json
|
||||||
labels: {
|
labels: {
|
||||||
"traefik.http.routers.myproxy.rule": "Host(`foo.com`)",
|
"traefik.http.routers.myproxy.rule": "Host(`example.net`)",
|
||||||
"traefik.http.services.myservice.loadbalancer.server.port": "80"
|
"traefik.http.services.myservice.loadbalancer.server.port": "80"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
@ -41,7 +41,7 @@ and the router automatically gets a rule defined by defaultRule (if no rule for
|
||||||
|
|
||||||
```json
|
```json
|
||||||
labels: {
|
labels: {
|
||||||
"traefik.http.routers.myproxy.rule": "Host(`foo.com`)"
|
"traefik.http.routers.myproxy.rule": "Host(`example.net`)"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -50,7 +50,7 @@ and the router automatically gets a rule defined by defaultRule (if no rule for
|
||||||
To update the configuration of the Router automatically attached to the application,
|
To update the configuration of the Router automatically attached to the application,
|
||||||
add labels starting with `traefik.http.routers.{router-name-of-your-choice}.` and followed by the option you want to change.
|
add labels starting with `traefik.http.routers.{router-name-of-your-choice}.` and followed by the option you want to change.
|
||||||
|
|
||||||
For example, to change the routing rule, you could add the label ```"traefik.http.routers.routername.rule": "Host(`mydomain.com`)"```.
|
For example, to change the routing rule, you could add the label ```"traefik.http.routers.routername.rule": "Host(`example.com`)"```.
|
||||||
|
|
||||||
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
|
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
|
||||||
|
|
||||||
|
@ -59,7 +59,7 @@ For example, to change the routing rule, you could add the label ```"traefik.htt
|
||||||
See [rule](../routers/index.md#rule) for more information.
|
See [rule](../routers/index.md#rule) for more information.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"traefik.http.routers.myrouter.rule": "Host(`mydomain.com`)"
|
"traefik.http.routers.myrouter.rule": "Host(`example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
||||||
|
@ -107,7 +107,7 @@ For example, to change the routing rule, you could add the label ```"traefik.htt
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"traefik.http.routers.myrouter.tls.domains[0].main": "foobar.com"
|
"traefik.http.routers.myrouter.tls.domains[0].main": "example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -115,7 +115,7 @@ For example, to change the routing rule, you could add the label ```"traefik.htt
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"traefik.http.routers.myrouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com"
|
"traefik.http.routers.myrouter.tls.domains[0].sans": "test.example.org,dev.example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
||||||
|
@ -181,7 +181,7 @@ For example, to change the passHostHeader behavior, you'd add the label `"traefi
|
||||||
See [health check](../services/index.md#health-check) for more information.
|
See [health check](../services/index.md#health-check) for more information.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"traefik.http.services.myservice.loadbalancer.healthcheck.hostname": "foobar.com"
|
"traefik.http.services.myservice.loadbalancer.healthcheck.hostname": "example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
||||||
|
@ -308,7 +308,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
{
|
{
|
||||||
...
|
...
|
||||||
"labels": {
|
"labels": {
|
||||||
"traefik.tcp.routers.my-router.rule": "HostSNI(`my-host.com`)",
|
"traefik.tcp.routers.my-router.rule": "HostSNI(`example.com`)",
|
||||||
"traefik.tcp.routers.my-router.tls": "true",
|
"traefik.tcp.routers.my-router.tls": "true",
|
||||||
"traefik.tcp.services.my-service.loadbalancer.server.port": "4123"
|
"traefik.tcp.services.my-service.loadbalancer.server.port": "4123"
|
||||||
}
|
}
|
||||||
|
@ -336,7 +336,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [rule](../routers/index.md#rule_1) for more information.
|
See [rule](../routers/index.md#rule_1) for more information.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"traefik.tcp.routers.mytcprouter.rule": "HostSNI(`myhost.com`)"
|
"traefik.tcp.routers.mytcprouter.rule": "HostSNI(`example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.service`"
|
??? info "`traefik.tcp.routers.<router_name>.service`"
|
||||||
|
@ -368,7 +368,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"traefik.tcp.routers.mytcprouter.tls.domains[0].main": "foobar.com"
|
"traefik.tcp.routers.mytcprouter.tls.domains[0].main": "example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -376,7 +376,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```json
|
```json
|
||||||
"traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com"
|
"traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.example.org,dev.example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
||||||
|
|
|
@ -35,7 +35,7 @@ The Service automatically gets a server per container in this rancher service, a
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
labels:
|
labels:
|
||||||
- "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
|
- "traefik.http.routers.myproxy.rule=Host(`example.net`)"
|
||||||
# service myservice gets automatically assigned to router myproxy
|
# service myservice gets automatically assigned to router myproxy
|
||||||
- "traefik.http.services.myservice.loadbalancer.server.port=80"
|
- "traefik.http.services.myservice.loadbalancer.server.port=80"
|
||||||
```
|
```
|
||||||
|
@ -48,14 +48,14 @@ The Service automatically gets a server per container in this rancher service, a
|
||||||
labels:
|
labels:
|
||||||
# no service specified or defined and yet one gets automatically created
|
# no service specified or defined and yet one gets automatically created
|
||||||
# and assigned to router myproxy.
|
# and assigned to router myproxy.
|
||||||
- "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
|
- "traefik.http.routers.myproxy.rule=Host(`example.net`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Routers
|
### Routers
|
||||||
|
|
||||||
To update the configuration of the Router automatically attached to the container, add labels starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.
|
To update the configuration of the Router automatically attached to the container, add labels starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.
|
||||||
|
|
||||||
For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`mydomain.com`)```.
|
For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`example.com`)```.
|
||||||
|
|
||||||
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
|
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
|
||||||
See [rule](../routers/index.md#rule) for more information.
|
See [rule](../routers/index.md#rule) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.routers.myrouter.rule=Host(`mydomain.com`)"
|
- "traefik.http.routers.myrouter.rule=Host(`example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
??? info "`traefik.http.routers.<router_name>.entrypoints`"
|
||||||
|
@ -112,7 +112,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.routers.myrouter.tls.domains[0].main=foobar.com"
|
- "traefik.http.routers.myrouter.tls.domains[0].main=example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -120,7 +120,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
|
||||||
See [domains](../routers/index.md#domains) for more information.
|
See [domains](../routers/index.md#domains) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
|
- "traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
??? info "`traefik.http.routers.<router_name>.tls.options`"
|
||||||
|
@ -187,7 +187,7 @@ you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.pa
|
||||||
See [health check](../services/index.md#health-check) for more information.
|
See [health check](../services/index.md#health-check) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com"
|
- "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
|
||||||
|
@ -314,7 +314,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
my-container:
|
my-container:
|
||||||
# ...
|
# ...
|
||||||
labels:
|
labels:
|
||||||
- "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
|
- "traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)"
|
||||||
- "traefik.tcp.routers.my-router.tls=true"
|
- "traefik.tcp.routers.my-router.tls=true"
|
||||||
- "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
|
- "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
|
||||||
```
|
```
|
||||||
|
@ -339,7 +339,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [rule](../routers/index.md#rule_1) for more information.
|
See [rule](../routers/index.md#rule_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
|
- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.service`"
|
??? info "`traefik.tcp.routers.<router_name>.service`"
|
||||||
|
@ -371,7 +371,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
|
- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
||||||
|
@ -379,7 +379,7 @@ You can declare TCP Routers and/or Services using labels.
|
||||||
See [domains](../routers/index.md#domains_1) for more information.
|
See [domains](../routers/index.md#domains_1) for more information.
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
|
- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org"
|
||||||
```
|
```
|
||||||
|
|
||||||
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
||||||
|
|
|
@ -101,7 +101,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
|
||||||
[http.routers]
|
[http.routers]
|
||||||
[http.routers.Router-1]
|
[http.routers.Router-1]
|
||||||
# By default, routers listen to every entry points
|
# By default, routers listen to every entry points
|
||||||
rule = "Host(`traefik.io`)"
|
rule = "Host(`example.com`)"
|
||||||
service = "service-1"
|
service = "service-1"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -111,7 +111,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
|
||||||
routers:
|
routers:
|
||||||
Router-1:
|
Router-1:
|
||||||
# By default, routers listen to every entry points
|
# By default, routers listen to every entry points
|
||||||
rule: "Host(`traefik.io`)"
|
rule: "Host(`example.com`)"
|
||||||
service: "service-1"
|
service: "service-1"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -156,7 +156,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
|
||||||
[http.routers.Router-1]
|
[http.routers.Router-1]
|
||||||
# won't listen to entry point web
|
# won't listen to entry point web
|
||||||
entryPoints = ["websecure", "other"]
|
entryPoints = ["websecure", "other"]
|
||||||
rule = "Host(`traefik.io`)"
|
rule = "Host(`example.com`)"
|
||||||
service = "service-1"
|
service = "service-1"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -169,7 +169,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- "websecure"
|
- "websecure"
|
||||||
- "other"
|
- "other"
|
||||||
rule: "Host(`traefik.io`)"
|
rule: "Host(`example.com`)"
|
||||||
service: "service-1"
|
service: "service-1"
|
||||||
```
|
```
|
||||||
|
|
||||||
|
@ -214,30 +214,30 @@ If the rule is verified, the router becomes active, calls middlewares, and then
|
||||||
|
|
||||||
Single quotes `'` are not accepted as values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).
|
Single quotes `'` are not accepted as values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).
|
||||||
|
|
||||||
!!! example "Host is traefik.io"
|
!!! example "Host is example.com"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
rule = "Host(`traefik.io`)"
|
rule = "Host(`example.com`)"
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! example "Host is traefik.io OR Host is containo.us AND path is /traefik"
|
!!! example "Host is example.com OR Host is example.org AND path is /traefik"
|
||||||
|
|
||||||
```toml
|
```toml
|
||||||
rule = "Host(`traefik.io`) || (Host(`containo.us`) && Path(`/traefik`))"
|
rule = "Host(`example.com`) || (Host(`example.org`) && Path(`/traefik`))"
|
||||||
```
|
```
|
||||||
|
|
||||||
The table below lists all the available matchers:
|
The table below lists all the available matchers:
|
||||||
|
|
||||||
| Rule | Description |
|
| Rule | Description |
|
||||||
|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
|
|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
|
||||||
| ```Headers(`key`, `value`)``` | Check if there is a key `key`defined in the headers, with the value `value` |
|
| ```Headers(`key`, `value`)``` | Check if there is a key `key`defined in the headers, with the value `value` |
|
||||||
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
|
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
|
||||||
| ```Host(`domain-1`, ...)``` | Check if the request domain targets one of the given `domains`. |
|
| ```Host(`example.com`, ...)``` | Check if the request domain targets one of the given `domains`. |
|
||||||
| ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`. |
|
| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Check if the request domain matches the given `regexp`. |
|
||||||
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
|
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
|
||||||
| ```Path(`/path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
|
| ```Path(`/path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
|
||||||
| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
|
| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
|
||||||
| ```Query(`foo=bar`, `bar=baz`)``` | Match Query String parameters. It accepts a sequence of key=value pairs. |
|
| ```Query(`foo=bar`, `bar=baz`)``` | Match Query String parameters. It accepts a sequence of key=value pairs. |
|
||||||
|
|
||||||
!!! important "Regexp Syntax"
|
!!! important "Regexp Syntax"
|
||||||
|
|
||||||
|
@ -580,7 +580,7 @@ http:
|
||||||
```
|
```
|
||||||
|
|
||||||
!!! info "Multiple Hosts in a Rule"
|
!!! info "Multiple Hosts in a Rule"
|
||||||
The rule ```Host(`test1.traefik.io`,`test2.traefik.io`)``` will request a certificate with the main domain `test1.traefik.io` and SAN `test2.traefik.io`.
|
The rule ```Host(`test1.example.com`,`test2.example.com`)``` will request a certificate with the main domain `test1.example.com` and SAN `test2.example.com`.
|
||||||
|
|
||||||
#### `domains`
|
#### `domains`
|
||||||
|
|
||||||
|
@ -654,7 +654,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
|
||||||
[tcp.routers]
|
[tcp.routers]
|
||||||
[tcp.routers.Router-1]
|
[tcp.routers.Router-1]
|
||||||
# By default, routers listen to every entrypoints
|
# By default, routers listen to every entrypoints
|
||||||
rule = "HostSNI(`traefik.io`)"
|
rule = "HostSNI(`example.com`)"
|
||||||
service = "service-1"
|
service = "service-1"
|
||||||
# will route TLS requests (and ignore non tls requests)
|
# will route TLS requests (and ignore non tls requests)
|
||||||
[tcp.routers.Router-1.tls]
|
[tcp.routers.Router-1.tls]
|
||||||
|
@ -667,7 +667,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
|
||||||
routers:
|
routers:
|
||||||
Router-1:
|
Router-1:
|
||||||
# By default, routers listen to every entrypoints
|
# By default, routers listen to every entrypoints
|
||||||
rule: "HostSNI(`traefik.io`)"
|
rule: "HostSNI(`example.com`)"
|
||||||
service: "service-1"
|
service: "service-1"
|
||||||
# will route TLS requests (and ignore non tls requests)
|
# will route TLS requests (and ignore non tls requests)
|
||||||
tls: {}
|
tls: {}
|
||||||
|
@ -716,7 +716,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
|
||||||
[tcp.routers.Router-1]
|
[tcp.routers.Router-1]
|
||||||
# won't listen to entry point web
|
# won't listen to entry point web
|
||||||
entryPoints = ["websecure", "other"]
|
entryPoints = ["websecure", "other"]
|
||||||
rule = "HostSNI(`traefik.io`)"
|
rule = "HostSNI(`example.com`)"
|
||||||
service = "service-1"
|
service = "service-1"
|
||||||
# will route TLS requests (and ignore non tls requests)
|
# will route TLS requests (and ignore non tls requests)
|
||||||
[tcp.routers.Router-1.tls]
|
[tcp.routers.Router-1.tls]
|
||||||
|
@ -731,7 +731,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- "websecure"
|
- "websecure"
|
||||||
- "other"
|
- "other"
|
||||||
rule: "HostSNI(`traefik.io`)"
|
rule: "HostSNI(`example.com`)"
|
||||||
service: "service-1"
|
service: "service-1"
|
||||||
# will route TLS requests (and ignore non tls requests)
|
# will route TLS requests (and ignore non tls requests)
|
||||||
tls: {}
|
tls: {}
|
||||||
|
|
|
@ -7,7 +7,7 @@ spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- web
|
- web
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`your.domain.com`) && PathPrefix(`/notls`)
|
- match: Host(`your.example.com`) && PathPrefix(`/notls`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
@ -23,7 +23,7 @@ spec:
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- websecure
|
- websecure
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`your.domain.com`) && PathPrefix(`/tls`)
|
- match: Host(`your.example.com`) && PathPrefix(`/tls`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: whoami
|
- name: whoami
|
||||||
|
|
|
@ -97,11 +97,11 @@ Give it a few seconds for the ACME TLS challenge to complete, and you should the
|
||||||
Both with or (just for fun, do not do that in production) without TLS:
|
Both with or (just for fun, do not do that in production) without TLS:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl [-k] https://your.domain.com/tls
|
curl [-k] https://your.example.com/tls
|
||||||
```
|
```
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
curl [-k] http://your.domain.com:8000/notls
|
curl [-k] http://your.example.com:8000/notls
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that you'll have to use `-k` as long as you're using the staging server of Let's Encrypt, since it is not an authorized certificate authority on systems where it hasn't been manually added.
|
Note that you'll have to use `-k` as long as you're using the staging server of Let's Encrypt, since it is not an authorized certificate authority on systems where it hasn't been manually added.
|
||||||
|
|
|
@ -15,7 +15,7 @@ services:
|
||||||
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
|
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
|
||||||
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
|
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
|
||||||
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
- "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
|
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
|
||||||
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
@ -35,6 +35,6 @@ services:
|
||||||
container_name: "simple-service"
|
container_name: "simple-service"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
|
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
|
||||||
- "traefik.http.routers.whoami.entrypoints=websecure"
|
- "traefik.http.routers.whoami.entrypoints=websecure"
|
||||||
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
||||||
|
|
|
@ -25,7 +25,7 @@ services:
|
||||||
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
|
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
|
||||||
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
|
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
|
||||||
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
- "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
|
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
|
||||||
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
@ -50,6 +50,6 @@ services:
|
||||||
container_name: "simple-service"
|
container_name: "simple-service"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
|
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
|
||||||
- "traefik.http.routers.whoami.entrypoints=websecure"
|
- "traefik.http.routers.whoami.entrypoints=websecure"
|
||||||
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
||||||
|
|
|
@ -32,8 +32,8 @@ For the DNS challenge, you'll need:
|
||||||
- "OVH_CONSUMER_KEY=[YOUR_OWN_VALUE]"
|
- "OVH_CONSUMER_KEY=[YOUR_OWN_VALUE]"
|
||||||
```
|
```
|
||||||
|
|
||||||
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
|
- Replace `postmaster@example.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
|
||||||
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
|
- Replace `whoami.example.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
|
||||||
- Optionally uncomment the following lines if you want to test/debug:
|
- Optionally uncomment the following lines if you want to test/debug:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -73,7 +73,7 @@ command:
|
||||||
# Tell which provider to use
|
# Tell which provider to use
|
||||||
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
|
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
|
||||||
# The email to provide to let's encrypt
|
# The email to provide to let's encrypt
|
||||||
- "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
|
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
|
||||||
```
|
```
|
||||||
|
|
||||||
- We provide the required configuration to our provider via environment variables:
|
- We provide the required configuration to our provider via environment variables:
|
||||||
|
@ -141,7 +141,7 @@ The point is to manage those secret files by another mean, and read them from th
|
||||||
|
|
||||||
!!! Note
|
!!! Note
|
||||||
|
|
||||||
Still think about changing `postmaster@mydomain.com` & `whoami.mydomain.com` by your own values.
|
Still think about changing `postmaster@example.com` & `whoami.example.com` by your own values.
|
||||||
|
|
||||||
Let's explain a bit what we just did:
|
Let's explain a bit what we just did:
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,7 @@ services:
|
||||||
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
|
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
|
||||||
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
||||||
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
- "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
|
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
|
||||||
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
@ -30,6 +30,6 @@ services:
|
||||||
container_name: "simple-service"
|
container_name: "simple-service"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
|
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
|
||||||
- "traefik.http.routers.whoami.entrypoints=websecure"
|
- "traefik.http.routers.whoami.entrypoints=websecure"
|
||||||
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
||||||
|
|
|
@ -18,8 +18,8 @@ For the HTTP challenge you will need:
|
||||||
--8<-- "content/user-guides/docker-compose/acme-http/docker-compose.yml"
|
--8<-- "content/user-guides/docker-compose/acme-http/docker-compose.yml"
|
||||||
```
|
```
|
||||||
|
|
||||||
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
|
- Replace `postmaster@example.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
|
||||||
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
|
- Replace `whoami.example.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
|
||||||
- Optionally uncomment the following lines if you want to test/debug:
|
- Optionally uncomment the following lines if you want to test/debug:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -59,7 +59,7 @@ command:
|
||||||
# Tell it to use our predefined entrypoint named "web"
|
# Tell it to use our predefined entrypoint named "web"
|
||||||
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
|
||||||
# The email to provide to let's encrypt
|
# The email to provide to let's encrypt
|
||||||
- "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
|
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
|
||||||
```
|
```
|
||||||
|
|
||||||
- We add a volume to store our certificates:
|
- We add a volume to store our certificates:
|
||||||
|
|
|
@ -13,7 +13,7 @@ services:
|
||||||
- "--entrypoints.websecure.address=:443"
|
- "--entrypoints.websecure.address=:443"
|
||||||
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
|
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
|
||||||
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
- "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
|
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
|
||||||
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
|
||||||
ports:
|
ports:
|
||||||
- "443:443"
|
- "443:443"
|
||||||
|
@ -27,6 +27,6 @@ services:
|
||||||
container_name: "simple-service"
|
container_name: "simple-service"
|
||||||
labels:
|
labels:
|
||||||
- "traefik.enable=true"
|
- "traefik.enable=true"
|
||||||
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
|
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
|
||||||
- "traefik.http.routers.whoami.entrypoints=websecure"
|
- "traefik.http.routers.whoami.entrypoints=websecure"
|
||||||
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
|
||||||
|
|
|
@ -18,8 +18,8 @@ For the TLS challenge you will need:
|
||||||
--8<-- "content/user-guides/docker-compose/acme-tls/docker-compose.yml"
|
--8<-- "content/user-guides/docker-compose/acme-tls/docker-compose.yml"
|
||||||
```
|
```
|
||||||
|
|
||||||
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
|
- Replace `postmaster@example.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
|
||||||
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
|
- Replace `whoami.example.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
|
||||||
- Optionally uncomment the following lines if you want to test/debug:
|
- Optionally uncomment the following lines if you want to test/debug:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
|
Loading…
Reference in a new issue