diff --git a/CHANGELOG.md b/CHANGELOG.md
index 62ef5602b..ab2a1245e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,30 @@
# Change Log
+## [v1.7.3](https://github.com/containous/traefik/tree/v1.7.3) (2018-10-15)
+[All Commits](https://github.com/containous/traefik/compare/v1.7.2...v1.7.3)
+
+**Enhancements:**
+- Improve the CLI help ([#3996](https://github.com/containous/traefik/pull/3996) by [dduportal](https://github.com/dduportal))
+
+**Bug fixes:**
+- **[acme]** DNS challenge Cloudflare auth zone ([#4042](https://github.com/containous/traefik/pull/4042) by [ldez](https://github.com/ldez))
+- **[acme]** ACME DNS challenges ([#3998](https://github.com/containous/traefik/pull/3998) by [ldez](https://github.com/ldez))
+- **[acme]** Don't initalize ACME provider if storage is empty ([#3988](https://github.com/containous/traefik/pull/3988) by [nmengin](https://github.com/nmengin))
+- **[acme]** Fix: acme DNS providers ([#4021](https://github.com/containous/traefik/pull/4021) by [ldez](https://github.com/ldez))
+- **[acme]** Prevent some malformed errors in LE. ([#4015](https://github.com/containous/traefik/pull/4015) by [ldez](https://github.com/ldez))
+- **[authentication,consulcatalog,docker,ecs,etcd,kv,marathon,mesos,rancher]** Add the AuthResponseHeaders to the labels ([#3973](https://github.com/containous/traefik/pull/3973) by [Crypto89](https://github.com/Crypto89))
+- **[docker]** usebindportip can fall back on the container ip / port ([#4018](https://github.com/containous/traefik/pull/4018) by [geraldcroes](https://github.com/geraldcroes))
+- **[k8s]** Avoid flapping of multiple Ingress definitions ([#3862](https://github.com/containous/traefik/pull/3862) by [rtreffer](https://github.com/rtreffer))
+- **[middleware,server]** Log stack on panic ([#4033](https://github.com/containous/traefik/pull/4033) by [ldez](https://github.com/ldez))
+- **[middleware,server]** Fix recover from panic handler ([#4031](https://github.com/containous/traefik/pull/4031) by [mmatur](https://github.com/mmatur))
+- **[server,websocket]** Fix update oxy ([#4009](https://github.com/containous/traefik/pull/4009) by [mmatur](https://github.com/mmatur))
+
+**Documentation:**
+- **[docker]** Add tags label to Docker provider documentation ([#3896](https://github.com/containous/traefik/pull/3896) by [artheus](https://github.com/artheus))
+- **[docker]** Added two examples with labels in docker-compose.yml ([#3891](https://github.com/containous/traefik/pull/3891) by [pascalandy](https://github.com/pascalandy))
+- **[k8s]** Move buffering annotation documentation to service ([#3991](https://github.com/containous/traefik/pull/3991) by [ldez](https://github.com/ldez))
+- Fix a typo ([#3995](https://github.com/containous/traefik/pull/3995) by [arnydo](https://github.com/arnydo))
+
## [v1.7.2](https://github.com/containous/traefik/tree/v1.7.2) (2018-10-04)
[All Commits](https://github.com/containous/traefik/compare/v1.7.1...v1.7.2)
diff --git a/Gopkg.lock b/Gopkg.lock
index 2aedc1b4d..ec392456e 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -258,6 +258,12 @@
packages = ["."]
revision = "2ea60e5f094469f9e65adb9cd103795b73ae743e"
+[[projects]]
+ name = "github.com/cloudflare/cloudflare-go"
+ packages = ["."]
+ revision = "1f9007fbecae20711133c60519338c41cef1ffb4"
+ version = "v0.8.5"
+
[[projects]]
branch = "master"
name = "github.com/codahale/hdrhistogram"
@@ -276,8 +282,8 @@
".",
"parse"
]
- revision = "b4c2f060875361c070ed2bc300c5929b82f5fa2e"
- version = "v1.1.2"
+ revision = "aad81c7ac7f49671a59b9ede8ab22436e132a302"
+ version = "v1.3.0"
[[projects]]
branch = "master"
@@ -626,6 +632,12 @@
packages = ["."]
revision = "1d0bd113de87027671077d3c71eb3ac5d7dbba72"
+[[projects]]
+ name = "github.com/go-resty/resty"
+ packages = ["."]
+ revision = "d4920dcf5b7689548a6db640278a9b35a5b48ec6"
+ version = "v1.9.1"
+
[[projects]]
name = "github.com/go-stack/stack"
packages = ["."]
@@ -802,7 +814,6 @@
revision = "9b66602d496a139e4722bdde32f0f1ac1c12d4a8"
[[projects]]
- branch = "master"
name = "github.com/jjcollinge/servicefabric"
packages = ["."]
revision = "8eebe170fa1ba25d3dfb928b3f86a7313b13b9fe"
@@ -862,6 +873,12 @@
packages = ["."]
revision = "1113af38e5916529ad7317b0fe12e273e6e92af5"
+[[projects]]
+ name = "github.com/linode/linodego"
+ packages = ["."]
+ revision = "d0d31d8ca62fa3f7e4526ca0ce95de81e4ed001e"
+ version = "v0.5.1"
+
[[projects]]
name = "github.com/mailgun/minheap"
packages = ["."]
@@ -1295,7 +1312,7 @@
"roundrobin",
"utils"
]
- revision = "fe51048067db50958154cd4040da878b10002a3a"
+ revision = "7d94d212f808222b72fd0b8bb171bfcd4e27ffca"
[[projects]]
name = "github.com/vulcand/predicate"
@@ -1339,6 +1356,7 @@
"providers/dns/dnsimple",
"providers/dns/dnsmadeeasy",
"providers/dns/dnspod",
+ "providers/dns/dreamhost",
"providers/dns/duckdns",
"providers/dns/dyn",
"providers/dns/exec",
@@ -1353,6 +1371,7 @@
"providers/dns/iij",
"providers/dns/lightsail",
"providers/dns/linode",
+ "providers/dns/linodev4",
"providers/dns/namecheap",
"providers/dns/namedotcom",
"providers/dns/netcup",
@@ -1365,10 +1384,11 @@
"providers/dns/rfc2136",
"providers/dns/route53",
"providers/dns/sakuracloud",
+ "providers/dns/stackpath",
"providers/dns/vegadns",
"providers/dns/vultr"
]
- revision = "621237d07213aa6dead90bdf6fd46251220fa669"
+ revision = "160d6fe60303699067faad57dc0b1e147ac499ef"
[[projects]]
branch = "master"
@@ -1403,6 +1423,7 @@
"ipv4",
"ipv6",
"proxy",
+ "publicsuffix",
"trace",
"websocket"
]
@@ -1413,6 +1434,7 @@
name = "golang.org/x/oauth2"
packages = [
".",
+ "clientcredentials",
"google",
"internal",
"jws",
@@ -1789,6 +1811,6 @@
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
- inputs-digest = "8eb11befb583dfb89320dd7b7aea9e54b40e0523e60e66ed418788394b873d44"
+ inputs-digest = "37e89a543fca153d166cc70fd7fed689f06d894140bf617f69f5f664ffee621e"
solver-name = "gps-cdcl"
solver-version = 1
diff --git a/Gopkg.toml b/Gopkg.toml
index 6e1a4eaab..cdb1c4781 100644
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -54,7 +54,7 @@
[[constraint]]
name = "github.com/containous/flaeg"
- version = "1.0.1"
+ version = "1.3.0"
[[constraint]]
branch = "master"
diff --git a/acme/acme.go b/acme/acme.go
index b1e56f65f..73f20b8ae 100644
--- a/acme/acme.go
+++ b/acme/acme.go
@@ -692,16 +692,25 @@ func searchUncheckedDomains(domains []string, certs map[string]*tls.Certificate)
}
func (a *ACME) getDomainsCertificates(domains []string) (*Certificate, error) {
- domains = fun.Map(types.CanonicalDomain, domains).([]string)
- log.Debugf("Loading ACME certificates %s...", domains)
+ var cleanDomains []string
+ for _, domain := range domains {
+ canonicalDomain := types.CanonicalDomain(domain)
+ cleanDomain := acme.UnFqdn(canonicalDomain)
+ if canonicalDomain != cleanDomain {
+ log.Warnf("FQDN detected, please remove the trailing dot: %s", canonicalDomain)
+ }
+ cleanDomains = append(cleanDomains, cleanDomain)
+ }
+
+ log.Debugf("Loading ACME certificates %s...", cleanDomains)
bundle := true
- certificate, err := a.client.ObtainCertificate(domains, bundle, nil, OSCPMustStaple)
+ certificate, err := a.client.ObtainCertificate(cleanDomains, bundle, nil, OSCPMustStaple)
if err != nil {
return nil, fmt.Errorf("cannot obtain certificates: %+v", err)
}
- log.Debugf("Loaded ACME certificates %s", domains)
+ log.Debugf("Loaded ACME certificates %s", cleanDomains)
return &Certificate{
Domain: certificate.Domain,
CertURL: certificate.CertURL,
diff --git a/autogen/gentemplates/gen.go b/autogen/gentemplates/gen.go
index 168c7c653..588fdebd2 100644
--- a/autogen/gentemplates/gen.go
+++ b/autogen/gentemplates/gen.go
@@ -162,6 +162,11 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]
[frontends."frontend-{{ $service.ServiceName }}".auth.forward]
address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
+ {{if $auth.Forward.AuthResponseHeaders }}
+ authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
+ "{{.}}",
+ {{end}}]
+ {{end}}
{{if $auth.Forward.TLS }}
[frontends."frontend-{{ $service.ServiceName }}".auth.forward.tls]
@@ -431,6 +436,11 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
[frontends."frontend-{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
+ {{if $auth.Forward.AuthResponseHeaders }}
+ authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
+ "{{.}}",
+ {{end}}]
+ {{end}}
{{if $auth.Forward.TLS }}
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
@@ -703,6 +713,11 @@ var _templatesEcsTmpl = []byte(`[backends]
[frontends."frontend-{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
+ {{if $auth.Forward.AuthResponseHeaders }}
+ authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
+ "{{.}}",
+ {{end}}]
+ {{end}}
{{if $auth.Forward.TLS }}
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
@@ -1230,6 +1245,11 @@ var _templatesKvTmpl = []byte(`[backends]
[frontends."{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
+ {{if $auth.Forward.AuthResponseHeaders }}
+ authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
+ "{{.}}",
+ {{end}}]
+ {{end}}
{{if $auth.Forward.TLS }}
[frontends."{{ $frontendName }}".auth.forward.tls]
@@ -1516,6 +1536,11 @@ var _templatesMarathonTmpl = []byte(`{{ $apps := .Applications }}
[frontends."{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
+ {{if $auth.Forward.AuthResponseHeaders }}
+ authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
+ "{{.}}",
+ {{end}}]
+ {{end}}
{{if $auth.Forward.TLS }}
[frontends."{{ $frontendName }}".auth.forward.tls]
@@ -1787,6 +1812,11 @@ var _templatesMesosTmpl = []byte(`[backends]
[frontends."frontend-{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
+ {{if $auth.Forward.AuthResponseHeaders }}
+ authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
+ "{{.}}",
+ {{end}}]
+ {{end}}
{{if $auth.Forward.TLS }}
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
@@ -2080,6 +2110,11 @@ var _templatesRancherTmpl = []byte(`{{ $backendServers := .Backends }}
[frontends."frontend-{{ $frontendName }}".auth.forward]
address = "{{ $auth.Forward.Address }}"
trustForwardHeader = {{ $auth.Forward.TrustForwardHeader }}
+ {{if $auth.Forward.AuthResponseHeaders }}
+ authResponseHeaders = [{{range $auth.Forward.AuthResponseHeaders }}
+ "{{.}}",
+ {{end}}]
+ {{end}}
{{if $auth.Forward.TLS }}
[frontends."frontend-{{ $frontendName }}".auth.forward.tls]
diff --git a/build.Dockerfile b/build.Dockerfile
index d7a279b5d..52b1b8bab 100644
--- a/build.Dockerfile
+++ b/build.Dockerfile
@@ -5,7 +5,7 @@ RUN apk --update upgrade \
&& rm -rf /var/cache/apk/*
RUN go get github.com/containous/go-bindata/... \
-&& go get github.com/golang/lint/golint \
+&& go get golang.org/x/lint/golint \
&& go get github.com/kisielk/errcheck \
&& go get github.com/client9/misspell/cmd/misspell
diff --git a/configuration/configuration.go b/configuration/configuration.go
index b20075042..4c3bb9ce3 100644
--- a/configuration/configuration.go
+++ b/configuration/configuration.go
@@ -34,6 +34,7 @@ import (
"github.com/containous/traefik/tls"
"github.com/containous/traefik/types"
"github.com/pkg/errors"
+ lego "github.com/xenolf/lego/acme"
)
const (
@@ -260,6 +261,17 @@ func (gc *GlobalConfiguration) initACMEProvider() {
gc.ACME.HTTPChallenge = nil
}
+ for _, domain := range gc.ACME.Domains {
+ if domain.Main != lego.UnFqdn(domain.Main) {
+ log.Warnf("FQDN detected, please remove the trailing dot: %s", domain.Main)
+ }
+ for _, san := range domain.SANs {
+ if san != lego.UnFqdn(san) {
+ log.Warnf("FQDN detected, please remove the trailing dot: %s", san)
+ }
+ }
+ }
+
if len(gc.ACME.DNSProvider) > 0 {
log.Warn("ACME.DNSProvider is deprecated, use ACME.DNSChallenge instead")
gc.ACME.DNSChallenge = &acmeprovider.DNSChallenge{Provider: gc.ACME.DNSProvider, DelayBeforeCheck: gc.ACME.DelayDontCheckDNS}
diff --git a/docs/configuration/acme.md b/docs/configuration/acme.md
index a4ae9d1b8..1a50f64c0 100644
--- a/docs/configuration/acme.md
+++ b/docs/configuration/acme.md
@@ -257,19 +257,20 @@ Here is a list of supported `provider`s, that can automate the DNS verification,
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | Not tested yet |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP` | Not tested yet |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | Not tested yet |
-| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CLOUDFLARE_EMAIL`, `CLOUDFLARE_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key` | YES |
+| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key` | YES |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | Not tested yet |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | YES |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | Not tested yet |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | Not tested yet |
| [DNSPod](http://www.dnspod.net/) | `dnspod` | `DNSPOD_API_KEY` | Not tested yet |
+| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | YES |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | Not tested yet |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | Not tested yet |
| External Program | `exec` | `EXEC_PATH` | Not tested yet |
| [Exoscale](https://www.exoscale.ch) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | YES |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | Not tested yet |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | Not tested yet |
-| [Gandi V5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | YES |
+| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | YES |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | Not tested yet |
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | Not tested yet |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, `GCE_SERVICE_ACCOUNT_FILE` | YES |
@@ -277,6 +278,7 @@ Here is a list of supported `provider`s, that can automate the DNS verification,
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | Not tested yet |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | Not tested yet |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | Not tested yet |
+| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | Not tested yet |
| manual | - | none, but you need to run Træfik interactively, turn on `acmeLogging` to see instructions and press Enter. | YES |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | YES |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | Not tested yet |
@@ -290,6 +292,7 @@ Here is a list of supported `provider`s, that can automate the DNS verification,
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | Not tested yet |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | YES |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | Not tested yet |
+| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | Not tested yet |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | Not tested yet |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | Not tested yet |
diff --git a/docs/configuration/backends/consulcatalog.md b/docs/configuration/backends/consulcatalog.md
index 09b201baa..170a089e6 100644
--- a/docs/configuration/backends/consulcatalog.md
+++ b/docs/configuration/backends/consulcatalog.md
@@ -125,6 +125,7 @@ Additional settings can be defined using Consul Catalog tags.
| `.frontend.auth.digest.users=EXPR` | Sets digest authentication to this frontend in CSV format: `User:Realm:Hash,User:Realm:Hash`. |
| `.frontend.auth.digest.usersfile=/path/.htdigest` | Sets digest authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
| `.frontend.auth.forward.address=https://example.com` | Sets the URL of the authentication server. |
+| `.frontend.auth.forward.authResponseHeaders=EXPR` | Sets the forward authentication authResponseHeaders in CSV format: `X-Auth-User,X-Auth-Header` |
| `.frontend.auth.forward.tls.ca=/path/ca.pem` | Sets the Certificate Authority (CA) for the TLS connection with the authentication server. |
| `.frontend.auth.forward.tls.caOptional=true` | Checks the certificates if present but do not force to be signed by a specified Certificate Authority (CA). |
| `.frontend.auth.forward.tls.cert=/path/server.pem` | Sets the Certificate for the TLS connection with the authentication server. |
diff --git a/docs/configuration/backends/docker.md b/docs/configuration/backends/docker.md
index 5fbb161d5..80555307e 100644
--- a/docs/configuration/backends/docker.md
+++ b/docs/configuration/backends/docker.md
@@ -57,7 +57,9 @@ watch = true
exposedByDefault = true
# Use the IP address from the binded port instead of the inner network one.
-# For specific use-case :)
+#
+# In case no IP address is attached to the binded port (or in case
+# there is no bind), the inner network one will be used as a fallback.
#
# Optional
# Default: false
@@ -213,6 +215,7 @@ Labels can be used on containers to override default behavior.
| `traefik.domain` | Sets the default base domain for the frontend rules. For more information, check the [Container Labels section's of the user guide "Let's Encrypt & Docker"](/user-guide/docker-and-lets-encrypt/#container-labels) |
| `traefik.enable=false` | Disables this container in Træfik. |
| `traefik.port=80` | Registers this port. Useful when the container exposes multiples ports. |
+| `traefik.tags=foo,bar,myTag` | Adds Træfik tags to the Docker container/service to be used in [constraints](/configuration/commons/#constraints). |
| `traefik.protocol=https` | Overrides the default `http` protocol |
| `traefik.weight=10` | Assigns this weight to the container |
| `traefik.backend=foo` | Gives the name `foo` to the generated backend for this container. |
@@ -244,6 +247,7 @@ Labels can be used on containers to override default behavior.
| `traefik.frontend.auth.digest.users=EXPR` | Sets the digest authentication to this frontend in CSV format: `User:Realm:Hash,User:Realm:Hash`. |
| `traefik.frontend.auth.digest.usersFile=/path/.htdigest` | Sets the digest authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
| `traefik.frontend.auth.forward.address=https://example.com` | Sets the URL of the authentication server. |
+| `traefik.frontend.auth.forward.authResponseHeaders=EXPR` | Sets the forward authentication authResponseHeaders in CSV format: `X-Auth-User,X-Auth-Header` |
| `traefik.frontend.auth.forward.tls.ca=/path/ca.pem` | Sets the Certificate Authority (CA) for the TLS connection with the authentication server. |
| `traefik.frontend.auth.forward.tls.caOptional=true` | Checks the certificates if present but do not force to be signed by a specified Certificate Authority (CA). |
| `traefik.frontend.auth.forward.tls.cert=/path/server.pem` | Sets the Certificate for the TLS connection with the authentication server. |
@@ -347,6 +351,7 @@ Segment labels override the default behavior.
| `traefik..frontend.auth.digest.users=EXPR` | Same as `traefik.frontend.auth.digest.users` |
| `traefik..frontend.auth.digest.usersFile=/path/.htdigest` | Same as `traefik.frontend.auth.digest.usersFile` |
| `traefik..frontend.auth.forward.address=https://example.com` | Same as `traefik.frontend.auth.forward.address` |
+| `traefik..frontend.auth.forward.authResponseHeaders=EXPR` | Same as `traefik.frontend.auth.forward.authResponseHeaders` |
| `traefik..frontend.auth.forward.tls.ca=/path/ca.pem` | Same as `traefik.frontend.auth.forward.tls.ca` |
| `traefik..frontend.auth.forward.tls.caOptional=true` | Same as `traefik.frontend.auth.forward.tls.caOptional` |
| `traefik..frontend.auth.forward.tls.cert=/path/server.pem` | Same as `traefik.frontend.auth.forward.tls.cert` |
@@ -428,3 +433,25 @@ Segment labels override the default behavior.
When running inside a container, Træfik will need network access through:
`docker network connect `
+
+## usebindportip
+
+The default behavior of Træfik is to route requests to the IP/Port of the matching container.
+When setting `usebindportip` to true, you tell Træfik to use the IP/Port attached to the container's binding instead of the inner network IP/Port.
+
+When used in conjunction with the `traefik.port` label (that tells Træfik to route requests to a specific port), Træfik tries to find a binding with `traefik.port` port to select the container. If it can't find such a binding, Træfik falls back on the internal network IP of the container, but still uses the `traefik.port` that is set in the label.
+
+Below is a recap of the behavior of `usebindportip` in different situations.
+
+| traefik.port label | Container's binding | Routes to |
+|--------------------|----------------------------------------------------|----------------|
+| - | - | IntIP:IntPort |
+| - | ExtPort:IntPort | IntIP:IntPort |
+| - | ExtIp:ExtPort:IntPort | ExtIp:ExtPort |
+| LblPort | - | IntIp:LblPort |
+| LblPort | ExtIp:ExtPort:LblPort | ExtIp:ExtPort |
+| LblPort | ExtIp:ExtPort:OtherPort | IntIp:LblPort |
+| LblPort | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
+
+!!! note
+ In the above table, ExtIp stands for "external IP found in the binding", IntIp stands for "internal network container's IP", ExtPort stands for "external Port found in the binding", and IntPort stands for "internal network container's port."
\ No newline at end of file
diff --git a/docs/configuration/backends/ecs.md b/docs/configuration/backends/ecs.md
index b5cc87f0c..aa57ce71b 100644
--- a/docs/configuration/backends/ecs.md
+++ b/docs/configuration/backends/ecs.md
@@ -164,6 +164,7 @@ Labels can be used on task containers to override default behavior:
| `traefik.frontend.auth.digest.users=EXPR` | Sets digest authentication to this frontend in CSV format: `User:Realm:Hash,User:Realm:Hash`. |
| `traefik.frontend.auth.digest.usersFile=/path/.htdigest` | Sets digest authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
| `traefik.frontend.auth.forward.address=https://example.com` | Sets the URL of the authentication server. |
+| `traefik.frontend.auth.forward.authResponseHeaders=EXPR` | Sets the forward authentication authResponseHeaders in CSV format: `X-Auth-User,X-Auth-Header` |
| `traefik.frontend.auth.forward.tls.ca=/path/ca.pem` | Sets the Certificate Authority (CA) for the TLS connection with the authentication server. |
| `traefik.frontend.auth.forward.tls.caOptional=true` | Checks the certificates if present but do not force to be signed by a specified Certificate Authority (CA). |
| `traefik.frontend.auth.forward.tls.cert=/path/server.pem` | Sets the Certificate for the TLS connection with the authentication server. |
@@ -258,6 +259,7 @@ Segment labels override the default behavior.
| `traefik..frontend.auth.digest.users=EXPR` | Same as `traefik.frontend.auth.digest.users` |
| `traefik..frontend.auth.digest.usersFile=/path/.htdigest` | Same as `traefik.frontend.auth.digest.usersFile` |
| `traefik..frontend.auth.forward.address=https://example.com` | Same as `traefik.frontend.auth.forward.address` |
+| `traefik..frontend.auth.forward.authResponseHeaders=EXPR` | Same as `traefik.frontend.auth.forward.authResponseHeaders` |
| `traefik..frontend.auth.forward.tls.ca=/path/ca.pem` | Same as `traefik.frontend.auth.forward.tls.ca` |
| `traefik..frontend.auth.forward.tls.caOptional=true` | Same as `traefik.frontend.auth.forward.tls.caOptional` |
| `traefik..frontend.auth.forward.tls.cert=/path/server.pem` | Same as `traefik.frontend.auth.forward.tls.cert` |
diff --git a/docs/configuration/backends/kubernetes.md b/docs/configuration/backends/kubernetes.md
index b1ca37196..b2d6ee142 100644
--- a/docs/configuration/backends/kubernetes.md
+++ b/docs/configuration/backends/kubernetes.md
@@ -170,7 +170,6 @@ The following general annotations are applicable on the Ingress object:
| `traefik.ingress.kubernetes.io/service-weights: ` | Set ingress backend weights specified as percentage or decimal numbers in YAML. (5) |
| `ingress.kubernetes.io/protocol: ` | Set the protocol Traefik will use to communicate with pods. |
-
<1> `traefik.ingress.kubernetes.io/error-pages` example:
```yaml
@@ -202,15 +201,8 @@ rateset:
burst: 18
```
-<3> `traefik.ingress.kubernetes.io/buffering` example:
-
-```yaml
-maxrequestbodybytes: 10485760
-memrequestbodybytes: 2097153
-maxresponsebodybytes: 10485761
-memresponsebodybytes: 2097152
-retryexpression: IsNetworkError() && Attempts() <= 2
-```
+<3> `traefik.ingress.kubernetes.io/rule-type`
+Note: `ReplacePath` is deprecated in this annotation, use the `traefik.ingress.kubernetes.io/request-modifier` annotation instead. Default: `PathPrefix`.
<4> `traefik.ingress.kubernetes.io/app-root`:
Non-root paths will not be affected by this annotation and handled normally.
@@ -259,13 +251,24 @@ The following annotations are applicable on the Service object associated with a
| Annotation | Description |
|--------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `traefik.ingress.kubernetes.io/buffering: ` | (1) See the [buffering](/configuration/commons/#buffering) section. |
| `traefik.ingress.kubernetes.io/affinity: "true"` | Enable backend sticky sessions. |
| `traefik.ingress.kubernetes.io/circuit-breaker-expression: ` | Set the circuit breaker expression for the backend. |
| `traefik.ingress.kubernetes.io/load-balancer-method: drr` | Override the default `wrr` load balancer algorithm. |
-| `traefik.ingress.kubernetes.io/max-conn-amount: "10"` | Set a maximum number of connections to the backend.
Must be used in conjunction with the below label to take effect. |
+| `traefik.ingress.kubernetes.io/max-conn-amount: "10"` | Sets the maximum number of simultaneous connections to the backend.
Must be used in conjunction with the label below to take effect. |
| `traefik.ingress.kubernetes.io/max-conn-extractor-func: client.ip` | Set the function to be used against the request to determine what to limit maximum connections to the backend by.
Must be used in conjunction with the above label to take effect. |
| `traefik.ingress.kubernetes.io/session-cookie-name: ` | Manually set the cookie name for sticky sessions. |
+<1> `traefik.ingress.kubernetes.io/buffering` example:
+
+```yaml
+maxrequestbodybytes: 10485760
+memrequestbodybytes: 2097153
+maxresponsebodybytes: 10485761
+memresponsebodybytes: 2097152
+retryexpression: IsNetworkError() && Attempts() <= 2
+```
+
!!! note
`traefik.ingress.kubernetes.io/` and `ingress.kubernetes.io/` are supported prefixes.
diff --git a/docs/configuration/backends/marathon.md b/docs/configuration/backends/marathon.md
index 2549963b3..df4e76da0 100644
--- a/docs/configuration/backends/marathon.md
+++ b/docs/configuration/backends/marathon.md
@@ -228,6 +228,7 @@ The following labels can be defined on Marathon applications. They adjust the be
| `traefik.frontend.auth.digest.users=EXPR` | Sets digest authentication to this frontend in CSV format: `User:Realm:Hash,User:Realm:Hash`. |
| `traefik.frontend.auth.digest.usersFile=/path/.htdigest` | Sets digest authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
| `traefik.frontend.auth.forward.address=https://example.com` | Sets the URL of the authentication server. |
+| `traefik.frontend.auth.forward.authResponseHeaders=EXPR` | Sets the forward authentication authResponseHeaders in CSV format: `X-Auth-User,X-Auth-Header` |
| `traefik.frontend.auth.forward.tls.ca=/path/ca.pem` | Sets the Certificate Authority (CA) for the TLS connection with the authentication server. |
| `traefik.frontend.auth.forward.tls.caOptional=true` | Checks the certificates if present but do not force to be signed by a specified Certificate Authority (CA). |
| `traefik.frontend.auth.forward.tls.cert=/path/server.pem` | Sets the Certificate for the TLS connection with the authentication server. |
@@ -308,60 +309,61 @@ You can define as many segments as ports exposed in an application.
Segment labels override the default behavior.
-| Label | Description |
-|------------------------------------------------------------------------------ |----------------------------------------------------------------|
-| `traefik..backend=BACKEND` | Same as `traefik.backend` |
-| `traefik..domain=DOMAIN` | Same as `traefik.domain` |
-| `traefik..portIndex=1` | Same as `traefik.portIndex` |
-| `traefik..port=PORT` | Same as `traefik.port` |
-| `traefik..protocol=http` | Same as `traefik.protocol` |
-| `traefik..weight=10` | Same as `traefik.weight` |
-| `traefik..frontend.auth.basic=EXPR` | Same as `traefik.frontend.auth.basic` |
-| `traefik..frontend.auth.basic.removeHeader=true` | Same as `traefik.frontend.auth.basic.removeHeader` |
-| `traefik..frontend.auth.basic.users=EXPR` | Same as `traefik.frontend.auth.basic.users` |
-| `traefik..frontend.auth.basic.usersFile=/path/.htpasswd` | Same as `traefik.frontend.auth.basic.usersFile` |
-| `traefik..frontend.auth.digest.removeHeader=true` | Same as `traefik.frontend.auth.digest.removeHeader` |
-| `traefik..frontend.auth.digest.users=EXPR` | Same as `traefik.frontend.auth.digest.users` |
-| `traefik..frontend.auth.digest.usersFile=/path/.htdigest` | Same as `traefik.frontend.auth.digest.usersFile` |
-| `traefik..frontend.auth.forward.address=https://example.com` | Same as `traefik.frontend.auth.forward.address` |
-| `traefik..frontend.auth.forward.tls.ca=/path/ca.pem` | Same as `traefik.frontend.auth.forward.tls.ca` |
-| `traefik..frontend.auth.forward.tls.caOptional=true` | Same as `traefik.frontend.auth.forward.tls.caOptional` |
-| `traefik..frontend.auth.forward.tls.cert=/path/server.pem` | Same as `traefik.frontend.auth.forward.tls.cert` |
-| `traefik..frontend.auth.forward.tls.insecureSkipVerify=true` | Same as `traefik.frontend.auth.forward.tls.insecureSkipVerify` |
-| `traefik..frontend.auth.forward.tls.key=/path/server.key` | Same as `traefik.frontend.auth.forward.tls.key` |
-| `traefik..frontend.auth.forward.trustForwardHeader=true` | Same as `traefik.frontend.auth.forward.trustForwardHeader` |
-| `traefik..frontend.auth.headerField=X-WebAuth-User` | Same as `traefik.frontend.auth.headerField` |
-| `traefik..frontend.auth.removeHeader=true` | Same as `traefik.frontend.auth.removeHeader` |
-| `traefik..frontend.entryPoints=https` | Same as `traefik.frontend.entryPoints` |
-| `traefik..frontend.errors..backend=NAME` | Same as `traefik.frontend.errors..backend` |
-| `traefik..frontend.errors..query=PATH` | Same as `traefik.frontend.errors..query` |
-| `traefik..frontend.errors..status=RANGE` | Same as `traefik.frontend.errors..status` |
-| `traefik..frontend.passHostHeader=true` | Same as `traefik.frontend.passHostHeader` |
-| `traefik..frontend.passTLSClientCert.infos.notAfter=true` | Same as `traefik.frontend.passTLSClientCert.infos.notAfter` |
-| `traefik..frontend.passTLSClientCert.infos.notBefore=true` | Same as `traefik.frontend.passTLSClientCert.infos.notBefore` |
-| `traefik..frontend.passTLSClientCert.infos.sans=true` | Same as `traefik.frontend.passTLSClientCert.infos.sans` |
-| `traefik..frontend.passTLSClientCert.infos.subject.commonName=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.commonName` |
-| `traefik..frontend.passTLSClientCert.infos.subject.country=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.country` |
-| `traefik..frontend.passTLSClientCert.infos.subject.locality=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.locality` |
-| `traefik..frontend.passTLSClientCert.infos.subject.organization=true`| Same as `traefik.frontend.passTLSClientCert.infos.subject.organization`|
-| `traefik..frontend.passTLSClientCert.infos.subject.province=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.province` |
-| `traefik..frontend.passTLSClientCert.infos.subject.serialNumber=true`| Same as `traefik.frontend.passTLSClientCert.infos.subject.serialNumber`|
-| `traefik..frontend.passTLSClientCert.pem=true` | Same as `traefik.frontend.passTLSClientCert.infos.pem` |
-| `traefik..frontend.passTLSCert=true` | Same as `traefik.frontend.passTLSCert` |
-| `traefik..frontend.priority=10` | Same as `traefik.frontend.priority` |
-| `traefik..frontend.rateLimit.extractorFunc=EXP` | Same as `traefik.frontend.rateLimit.extractorFunc` |
-| `traefik..frontend.rateLimit.rateSet..period=6` | Same as `traefik.frontend.rateLimit.rateSet..period` |
-| `traefik..frontend.rateLimit.rateSet..average=6` | Same as `traefik.frontend.rateLimit.rateSet..average` |
-| `traefik..frontend.rateLimit.rateSet..burst=6` | Same as `traefik.frontend.rateLimit.rateSet..burst` |
-| `traefik..frontend.redirect.entryPoint=https` | Same as `traefik.frontend.redirect.entryPoint` |
-| `traefik..frontend.redirect.regex=^http://localhost/(.*)` | Same as `traefik.frontend.redirect.regex` |
-| `traefik..frontend.redirect.replacement=http://mydomain/$1` | Same as `traefik.frontend.redirect.replacement` |
-| `traefik..frontend.redirect.permanent=true` | Same as `traefik.frontend.redirect.permanent` |
-| `traefik..frontend.rule=EXP` | Same as `traefik.frontend.rule` |
-| `traefik..frontend.whiteList.sourceRange=RANGE` | Same as `traefik.frontend.whiteList.sourceRange` |
-| `traefik..frontend.whiteList.ipStrategy=true` | Same as `traefik.frontend.whiteList.ipStrategy` |
-| `traefik..frontend.whiteList.ipStrategy.depth=5` | Same as `traefik.frontend.whiteList.ipStrategy.depth` |
-| `traefik..frontend.whiteList.ipStrategy.excludedIPs=127.0.0.1` | Same as `traefik.frontend.whiteList.ipStrategy.excludedIPs` |
+|| Label | Description |
+ |------------------------------------------------------------------------------------|------------------------------------------------------------------------|
+ | `traefik..backend=BACKEND` | Same as `traefik.backend` |
+ | `traefik..domain=DOMAIN` | Same as `traefik.domain` |
+ | `traefik..portIndex=1` | Same as `traefik.portIndex` |
+ | `traefik..port=PORT` | Same as `traefik.port` |
+ | `traefik..protocol=http` | Same as `traefik.protocol` |
+ | `traefik..weight=10` | Same as `traefik.weight` |
+ | `traefik..frontend.auth.basic=EXPR` | Same as `traefik.frontend.auth.basic` |
+ | `traefik..frontend.auth.basic.removeHeader=true` | Same as `traefik.frontend.auth.basic.removeHeader` |
+ | `traefik..frontend.auth.basic.users=EXPR` | Same as `traefik.frontend.auth.basic.users` |
+ | `traefik..frontend.auth.basic.usersFile=/path/.htpasswd` | Same as `traefik.frontend.auth.basic.usersFile` |
+ | `traefik..frontend.auth.digest.removeHeader=true` | Same as `traefik.frontend.auth.digest.removeHeader` |
+ | `traefik..frontend.auth.digest.users=EXPR` | Same as `traefik.frontend.auth.digest.users` |
+ | `traefik..frontend.auth.digest.usersFile=/path/.htdigest` | Same as `traefik.frontend.auth.digest.usersFile` |
+ | `traefik..frontend.auth.forward.address=https://example.com` | Same as `traefik.frontend.auth.forward.address` |
+ | `traefik..frontend.auth.forward.authResponseHeaders=EXPR` | Same as `traefik.frontend.auth.forward.authResponseHeaders` |
+ | `traefik..frontend.auth.forward.tls.ca=/path/ca.pem` | Same as `traefik.frontend.auth.forward.tls.ca` |
+ | `traefik..frontend.auth.forward.tls.caOptional=true` | Same as `traefik.frontend.auth.forward.tls.caOptional` |
+ | `traefik..frontend.auth.forward.tls.cert=/path/server.pem` | Same as `traefik.frontend.auth.forward.tls.cert` |
+ | `traefik..frontend.auth.forward.tls.insecureSkipVerify=true` | Same as `traefik.frontend.auth.forward.tls.insecureSkipVerify` |
+ | `traefik..frontend.auth.forward.tls.key=/path/server.key` | Same as `traefik.frontend.auth.forward.tls.key` |
+ | `traefik..frontend.auth.forward.trustForwardHeader=true` | Same as `traefik.frontend.auth.forward.trustForwardHeader` |
+ | `traefik..frontend.auth.headerField=X-WebAuth-User` | Same as `traefik.frontend.auth.headerField` |
+ | `traefik..frontend.auth.removeHeader=true` | Same as `traefik.frontend.auth.removeHeader` |
+ | `traefik..frontend.entryPoints=https` | Same as `traefik.frontend.entryPoints` |
+ | `traefik..frontend.errors..backend=NAME` | Same as `traefik.frontend.errors..backend` |
+ | `traefik..frontend.errors..query=PATH` | Same as `traefik.frontend.errors..query` |
+ | `traefik..frontend.errors..status=RANGE` | Same as `traefik.frontend.errors..status` |
+ | `traefik..frontend.passHostHeader=true` | Same as `traefik.frontend.passHostHeader` |
+ | `traefik..frontend.passTLSClientCert.infos.notAfter=true` | Same as `traefik.frontend.passTLSClientCert.infos.notAfter` |
+ | `traefik..frontend.passTLSClientCert.infos.notBefore=true` | Same as `traefik.frontend.passTLSClientCert.infos.notBefore` |
+ | `traefik..frontend.passTLSClientCert.infos.sans=true` | Same as `traefik.frontend.passTLSClientCert.infos.sans` |
+ | `traefik..frontend.passTLSClientCert.infos.subject.commonName=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.commonName` |
+ | `traefik..frontend.passTLSClientCert.infos.subject.country=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.country` |
+ | `traefik..frontend.passTLSClientCert.infos.subject.locality=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.locality` |
+ | `traefik..frontend.passTLSClientCert.infos.subject.organization=true`| Same as `traefik.frontend.passTLSClientCert.infos.subject.organization`|
+ | `traefik..frontend.passTLSClientCert.infos.subject.province=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.province` |
+ | `traefik..frontend.passTLSClientCert.infos.subject.serialNumber=true`| Same as `traefik.frontend.passTLSClientCert.infos.subject.serialNumber`|
+ | `traefik..frontend.passTLSClientCert.pem=true` | Same as `traefik.frontend.passTLSClientCert.infos.pem` |
+ | `traefik..frontend.passTLSCert=true` | Same as `traefik.frontend.passTLSCert` |
+ | `traefik..frontend.priority=10` | Same as `traefik.frontend.priority` |
+ | `traefik..frontend.rateLimit.extractorFunc=EXP` | Same as `traefik.frontend.rateLimit.extractorFunc` |
+ | `traefik..frontend.rateLimit.rateSet..period=6` | Same as `traefik.frontend.rateLimit.rateSet..period` |
+ | `traefik..frontend.rateLimit.rateSet..average=6` | Same as `traefik.frontend.rateLimit.rateSet..average` |
+ | `traefik..frontend.rateLimit.rateSet..burst=6` | Same as `traefik.frontend.rateLimit.rateSet..burst` |
+ | `traefik..frontend.redirect.entryPoint=https` | Same as `traefik.frontend.redirect.entryPoint` |
+ | `traefik..frontend.redirect.regex=^http://localhost/(.*)` | Same as `traefik.frontend.redirect.regex` |
+ | `traefik..frontend.redirect.replacement=http://mydomain/$1` | Same as `traefik.frontend.redirect.replacement` |
+ | `traefik..frontend.redirect.permanent=true` | Same as `traefik.frontend.redirect.permanent` |
+ | `traefik..frontend.rule=EXP` | Same as `traefik.frontend.rule` |
+ | `traefik..frontend.whiteList.sourceRange=RANGE` | Same as `traefik.frontend.whiteList.sourceRange` |
+ | `traefik..frontend.whiteList.ipStrategy=true` | Same as `traefik.frontend.whiteList.ipStrategy` |
+ | `traefik..frontend.whiteList.ipStrategy.depth=5` | Same as `traefik.frontend.whiteList.ipStrategy.depth` |
+ | `traefik..frontend.whiteList.ipStrategy.excludedIPs=127.0.0.1` | Same as `traefik.frontend.whiteList.ipStrategy.excludedIPs` |
#### Custom Headers
diff --git a/docs/configuration/backends/mesos.md b/docs/configuration/backends/mesos.md
index 1939b30e9..86ae4ccd1 100644
--- a/docs/configuration/backends/mesos.md
+++ b/docs/configuration/backends/mesos.md
@@ -106,55 +106,56 @@ domain = "mesos.localhost"
The following labels can be defined on Mesos tasks. They adjust the behavior for the entire application.
-| Label | Description |
-|-----------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `traefik.domain` | Sets the default domain for the frontend rules. |
-| `traefik.enable=false` | Disables this container in Træfik. |
-| `traefik.port=80` | Registers this port. Useful when the application exposes multiple ports. |
-| `traefik.portName=web` | Registers port by name in the application's ports array. Useful when the application exposes multiple ports. |
-| `traefik.portIndex=1` | Registers port by index in the application's ports array. Useful when the application exposes multiple ports. |
-| `traefik.protocol=https` | Overrides the default `http` protocol |
-| `traefik.weight=10` | Assigns this weight to the container |
-| `traefik.backend=foo` | Gives the name `foo` to the generated backend for this container. |
-| `traefik.backend.buffering.maxRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
-| `traefik.backend.buffering.maxResponseBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
-| `traefik.backend.buffering.memRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
-| `traefik.backend.buffering.memResponseBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
-| `traefik.backend.buffering.retryExpression=EXPR` | See [buffering](/configuration/commons/#buffering) section. |
-| `traefik.backend.circuitbreaker.expression=EXPR` | Creates a [circuit breaker](/basics/#backends) to be used against the backend |
-| `traefik.backend.healthcheck.path=/health` | Enables health check for the backend, hitting the container at `path`. |
-| `traefik.backend.healthcheck.interval=5s` | Defines the health check interval. (Default: 30s) |
-| `traefik.backend.healthcheck.timeout=3s` | Defines the health check request timeout. (Default: 5s) |
-| `traefik.backend.healthcheck.scheme=http` | Overrides the server URL scheme. |
-| `traefik.backend.healthcheck.port=8080` | Sets a different port for the health check. |
-| `traefik.backend.healthcheck.hostname=foobar.com` | Defines the health check hostname. |
-| `traefik.backend.healthcheck.headers=EXPR` | Defines the health check request headers
Format: HEADER:value||HEADER2:value2 |
-| `traefik.backend.loadbalancer.method=drr` | Overrides the default `wrr` load balancer algorithm |
-| `traefik.backend.loadbalancer.stickiness=true` | Enables backend sticky sessions |
-| `traefik.backend.loadbalancer.stickiness.cookieName=NAME` | Sets the cookie manually name for sticky sessions |
-| `traefik.backend.maxconn.amount=10` | Sets a maximum number of connections to the backend.
Must be used in conjunction with the below label to take effect. |
-| `traefik.backend.maxconn.extractorfunc=client.ip` | Sets the function to be used against the request to determine what to limit maximum connections to the backend by.
Must be used in conjunction with the above label to take effect. |
-| `traefik.frontend.auth.basic=EXPR` | Sets basic authentication to this frontend in CSV format: `User:Hash,User:Hash` (DEPRECATED). |
-| `traefik.frontend.auth.basic.users=EXPR` | Sets basic authentication to this frontend in CSV format: `User:Hash,User:Hash`. |
-| `traefik.frontend.auth.basic.removeHeader=true` | If set to `true`, removes the `Authorization` header. |
-| `traefik.frontend.auth.basic.usersFile=/path/.htpasswd` | Sets basic authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
-| `traefik.frontend.auth.digest.removeHeader=true` | If set to `true`, removes the `Authorization` header. |
-| `traefik.frontend.auth.digest.users=EXPR` | Sets digest authentication to this frontend in CSV format: `User:Realm:Hash,User:Realm:Hash`. |
-| `traefik.frontend.auth.digest.usersFile=/path/.htdigest` | Sets digest authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
-| `traefik.frontend.auth.forward.address=https://example.com` | Sets the URL of the authentication server. |
-| `traefik.frontend.auth.forward.tls.ca=/path/ca.pem` | Sets the Certificate Authority (CA) for the TLS connection with the authentication server. |
-| `traefik.frontend.auth.forward.tls.caOptional=true` | Checks the certificates if present but do not force to be signed by a specified Certificate Authority (CA). |
-| `traefik.frontend.auth.forward.tls.cert=/path/server.pem` | Sets the Certificate for the TLS connection with the authentication server. |
-| `traefik.frontend.auth.forward.tls.insecureSkipVerify=true` | If set to true invalid SSL certificates are accepted. |
-| `traefik.frontend.auth.forward.tls.key=/path/server.key` | Sets the Certificate for the TLS connection with the authentication server. |
-| `traefik.frontend.auth.forward.trustForwardHeader=true` | Trusts X-Forwarded-* headers. |
-| `traefik.frontend.auth.headerField=X-WebAuth-User` | Sets the header used to pass the authenticated user to the application. |
-| `traefik.frontend.auth.removeHeader=true` | If set to true, removes the Authorization header. |
-| `traefik.frontend.entryPoints=http,https` | Assigns this frontend to entry points `http` and `https`.
Overrides `defaultEntryPoints` |
-| `traefik.frontend.errors..backend=NAME` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
-| `traefik.frontend.errors..query=PATH` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
-| `traefik.frontend.errors..status=RANGE` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
-| `traefik.frontend.passHostHeader=true` | Forwards client `Host` header to the backend. |
+| Label | Description |
+|---------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `traefik.domain` | Sets the default domain for the frontend rules. |
+| `traefik.enable=false` | Disables this container in Træfik. |
+| `traefik.port=80` | Registers this port. Useful when the application exposes multiple ports. |
+| `traefik.portName=web` | Registers port by name in the application's ports array. Useful when the application exposes multiple ports. |
+| `traefik.portIndex=1` | Registers port by index in the application's ports array. Useful when the application exposes multiple ports. |
+| `traefik.protocol=https` | Overrides the default `http` protocol |
+| `traefik.weight=10` | Assigns this weight to the container |
+| `traefik.backend=foo` | Gives the name `foo` to the generated backend for this container. |
+| `traefik.backend.buffering.maxRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
+| `traefik.backend.buffering.maxResponseBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
+| `traefik.backend.buffering.memRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
+| `traefik.backend.buffering.memResponseBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
+| `traefik.backend.buffering.retryExpression=EXPR` | See [buffering](/configuration/commons/#buffering) section. |
+| `traefik.backend.circuitbreaker.expression=EXPR` | Creates a [circuit breaker](/basics/#backends) to be used against the backend |
+| `traefik.backend.healthcheck.path=/health` | Enables health check for the backend, hitting the container at `path`. |
+| `traefik.backend.healthcheck.interval=5s` | Defines the health check interval. (Default: 30s) |
+| `traefik.backend.healthcheck.timeout=3s` | Defines the health check request timeout. (Default: 5s) |
+| `traefik.backend.healthcheck.scheme=http` | Overrides the server URL scheme. |
+| `traefik.backend.healthcheck.port=8080` | Sets a different port for the health check. |
+| `traefik.backend.healthcheck.hostname=foobar.com` | Defines the health check hostname. |
+| `traefik.backend.healthcheck.headers=EXPR` | Defines the health check request headers
Format: HEADER:value||HEADER2:value2 |
+| `traefik.backend.loadbalancer.method=drr` | Overrides the default `wrr` load balancer algorithm |
+| `traefik.backend.loadbalancer.stickiness=true` | Enables backend sticky sessions |
+| `traefik.backend.loadbalancer.stickiness.cookieName=NAME` | Sets the cookie manually name for sticky sessions |
+| `traefik.backend.maxconn.amount=10` | Sets a maximum number of connections to the backend.
Must be used in conjunction with the below label to take effect. |
+| `traefik.backend.maxconn.extractorfunc=client.ip` | Sets the function to be used against the request to determine what to limit maximum connections to the backend by.
Must be used in conjunction with the above label to take effect. |
+| `traefik.frontend.auth.basic=EXPR` | Sets basic authentication to this frontend in CSV format: `User:Hash,User:Hash` (DEPRECATED). |
+| `traefik.frontend.auth.basic.users=EXPR` | Sets basic authentication to this frontend in CSV format: `User:Hash,User:Hash`. |
+| `traefik.frontend.auth.basic.removeHeader=true` | If set to `true`, removes the `Authorization` header. |
+| `traefik.frontend.auth.basic.usersFile=/path/.htpasswd` | Sets basic authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
+| `traefik.frontend.auth.digest.removeHeader=true` | If set to `true`, removes the `Authorization` header. |
+| `traefik.frontend.auth.digest.users=EXPR` | Sets digest authentication to this frontend in CSV format: `User:Realm:Hash,User:Realm:Hash`. |
+| `traefik.frontend.auth.digest.usersFile=/path/.htdigest` | Sets digest authentication with an external file; if users and usersFile are provided, both are merged, with external file contents having precedence. |
+| `traefik.frontend.auth.forward.address=https://example.com` | Sets the URL of the authentication server. |
+| `traefik.frontend.auth.forward.authResponseHeaders=EXPR` | Sets the forward authentication authResponseHeaders in CSV format: `X-Auth-User,X-Auth-Header` |
+| `traefik.frontend.auth.forward.tls.ca=/path/ca.pem` | Sets the Certificate Authority (CA) for the TLS connection with the authentication server. |
+| `traefik.frontend.auth.forward.tls.caOptional=true` | Checks the certificates if present but do not force to be signed by a specified Certificate Authority (CA). |
+| `traefik.frontend.auth.forward.tls.cert=/path/server.pem` | Sets the Certificate for the TLS connection with the authentication server. |
+| `traefik.frontend.auth.forward.tls.insecureSkipVerify=true` | If set to true invalid SSL certificates are accepted. |
+| `traefik.frontend.auth.forward.tls.key=/path/server.key` | Sets the Certificate for the TLS connection with the authentication server. |
+| `traefik.frontend.auth.forward.trustForwardHeader=true` | Trusts X-Forwarded-* headers. |
+| `traefik.frontend.auth.headerField=X-WebAuth-User` | Sets the header used to pass the authenticated user to the application. |
+| `traefik.frontend.auth.removeHeader=true` | If set to true, removes the Authorization header. |
+| `traefik.frontend.entryPoints=http,https` | Assigns this frontend to entry points `http` and `https`.
Overrides `defaultEntryPoints` |
+| `traefik.frontend.errors..backend=NAME` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
+| `traefik.frontend.errors..query=PATH` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
+| `traefik.frontend.errors..status=RANGE` | See [custom error pages](/configuration/commons/#custom-error-pages) section. |
+| `traefik.frontend.passHostHeader=true` | Forwards client `Host` header to the backend. |
| `traefik.frontend.passTLSClientCert.infos.notAfter=true` | Add the noAfter field in a escaped client infos in the `X-Forwarded-Ssl-Client-Cert-Infos` header. |
| `traefik.frontend.passTLSClientCert.infos.notBefore=true` | Add the noBefore field in a escaped client infos in the `X-Forwarded-Ssl-Client-Cert-Infos` header. |
| `traefik.frontend.passTLSClientCert.infos.sans=true` | Add the sans field in a escaped client infos in the `X-Forwarded-Ssl-Client-Cert-Infos` header. |
@@ -165,21 +166,21 @@ The following labels can be defined on Mesos tasks. They adjust the behavior for
| `traefik.frontend.passTLSClientCert.infos.subject.province=true` | Add the subject.province field in a escaped client infos in the `X-Forwarded-Ssl-Client-Cert-Infos` header. |
| `traefik.frontend.passTLSClientCert.infos.subject.serialNumber=true`| Add the subject.serialNumber field in a escaped client infos in the `X-Forwarded-Ssl-Client-Cert-Infos` header. |
| `traefik.frontend.passTLSClientCert.pem=true` | Pass the escaped pem in the `X-Forwarded-Ssl-Client-Cert` header. |
-| `traefik.frontend.passTLSCert=true` | Forwards TLS Client certificates to the backend. |
-| `traefik.frontend.priority=10` | Overrides default frontend priority |
-| `traefik.frontend.rateLimit.extractorFunc=EXP` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
-| `traefik.frontend.rateLimit.rateSet..period=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
-| `traefik.frontend.rateLimit.rateSet..average=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
-| `traefik.frontend.rateLimit.rateSet..burst=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
-| `traefik.frontend.redirect.entryPoint=https` | Enables Redirect to another entryPoint to this frontend (e.g. HTTPS) |
-| `traefik.frontend.redirect.regex=^http://localhost/(.*)` | Redirects to another URL to this frontend.
Must be set with `traefik.frontend.redirect.replacement`. |
-| `traefik.frontend.redirect.replacement=http://mydomain/$1` | Redirects to another URL to this frontend.
Must be set with `traefik.frontend.redirect.regex`. |
-| `traefik.frontend.redirect.permanent=true` | Returns 301 instead of 302. |
-| `traefik.frontend.rule=EXPR` | Overrides the default frontend rule. Default: `Host:{discovery_name}.{domain}`. |
-| `traefik.frontend.whiteList.sourceRange=RANGE` | Sets a list of IP-Ranges which are allowed to access.
An unset or empty list allows all Source-IPs to access. If one of the Net-Specifications are invalid, the whole list is invalid and allows all Source-IPs to access. |
-| `traefik.frontend.whiteList.ipStrategy=true` | Uses the default IPStrategy.
Can be used when there is an existing `clientIPStrategy` but you want the remote address for whitelisting. |
-| `traefik.frontend.whiteList.ipStrategy.depth=5` | See [whitelist](/configuration/entrypoints/#white-listing) |
-| `traefik.frontend.whiteList.ipStrategy.excludedIPs=127.0.0.1` | See [whitelist](/configuration/entrypoints/#white-listing) |
+| `traefik.frontend.passTLSCert=true` | Forwards TLS Client certificates to the backend. |
+| `traefik.frontend.priority=10` | Overrides default frontend priority |
+| `traefik.frontend.rateLimit.extractorFunc=EXP` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
+| `traefik.frontend.rateLimit.rateSet..period=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
+| `traefik.frontend.rateLimit.rateSet..average=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
+| `traefik.frontend.rateLimit.rateSet..burst=6` | See [rate limiting](/configuration/commons/#rate-limiting) section. |
+| `traefik.frontend.redirect.entryPoint=https` | Enables Redirect to another entryPoint to this frontend (e.g. HTTPS) |
+| `traefik.frontend.redirect.regex=^http://localhost/(.*)` | Redirects to another URL to this frontend.
Must be set with `traefik.frontend.redirect.replacement`. |
+| `traefik.frontend.redirect.replacement=http://mydomain/$1` | Redirects to another URL to this frontend.
Must be set with `traefik.frontend.redirect.regex`. |
+| `traefik.frontend.redirect.permanent=true` | Returns 301 instead of 302. |
+| `traefik.frontend.rule=EXPR` | Overrides the default frontend rule. Default: `Host:{discovery_name}.{domain}`. |
+| `traefik.frontend.whiteList.sourceRange=RANGE` | Sets a list of IP-Ranges which are allowed to access.
An unset or empty list allows all Source-IPs to access. If one of the Net-Specifications are invalid, the whole list is invalid and allows all Source-IPs to access. |
+| `traefik.frontend.whiteList.ipStrategy=true` | Uses the default IPStrategy.
Can be used when there is an existing `clientIPStrategy` but you want the remote address for whitelisting. |
+| `traefik.frontend.whiteList.ipStrategy.depth=5` | See [whitelist](/configuration/entrypoints/#white-listing) |
+| `traefik.frontend.whiteList.ipStrategy.excludedIPs=127.0.0.1` | See [whitelist](/configuration/entrypoints/#white-listing) |
### Custom Headers
@@ -223,36 +224,37 @@ Additionally, if a segment name matches a named port, that port will be used unl
Segment labels override the default behavior.
-| Label | Description |
-|------------------------------------------------------------------------------|----------------------------------------------------------------|
-| `traefik..backend=BACKEND` | Same as `traefik.backend` |
-| `traefik..domain=DOMAIN` | Same as `traefik.domain` |
-| `traefik..portIndex=1` | Same as `traefik.portIndex` |
-| `traefik..portName=web` | Same as `traefik.portName` |
-| `traefik..port=PORT` | Same as `traefik.port` |
-| `traefik..protocol=http` | Same as `traefik.protocol` |
-| `traefik..weight=10` | Same as `traefik.weight` |
-| `traefik..frontend.auth.basic=EXPR` | Same as `traefik.frontend.auth.basic` |
-| `traefik..frontend.auth.basic.removeHeader=true` | Same as `traefik.frontend.auth.basic.removeHeader` |
-| `traefik..frontend.auth.basic.users=EXPR` | Same as `traefik.frontend.auth.basic.users` |
-| `traefik..frontend.auth.basic.usersFile=/path/.htpasswd` | Same as `traefik.frontend.auth.basic.usersFile` |
-| `traefik..frontend.auth.digest.removeHeader=true` | Same as `traefik.frontend.auth.digest.removeHeader` |
-| `traefik..frontend.auth.digest.users=EXPR` | Same as `traefik.frontend.auth.digest.users` |
-| `traefik..frontend.auth.digest.usersFile=/path/.htdigest` | Same as `traefik.frontend.auth.digest.usersFile` |
-| `traefik..frontend.auth.forward.address=https://example.com` | Same as `traefik.frontend.auth.forward.address` |
-| `traefik..frontend.auth.forward.tls.ca=/path/ca.pem` | Same as `traefik.frontend.auth.forward.tls.ca` |
-| `traefik..frontend.auth.forward.tls.caOptional=true` | Same as `traefik.frontend.auth.forward.tls.caOptional` |
-| `traefik..frontend.auth.forward.tls.cert=/path/server.pem` | Same as `traefik.frontend.auth.forward.tls.cert` |
-| `traefik..frontend.auth.forward.tls.insecureSkipVerify=true` | Same as `traefik.frontend.auth.forward.tls.insecureSkipVerify` |
-| `traefik..frontend.auth.forward.tls.key=/path/server.key` | Same as `traefik.frontend.auth.forward.tls.key` |
-| `traefik..frontend.auth.forward.trustForwardHeader=true` | Same as `traefik.frontend.auth.forward.trustForwardHeader` |
-| `traefik..frontend.auth.headerField=X-WebAuth-User` | Same as `traefik.frontend.auth.headerField` |
-| `traefik..frontend.auth.removeHeader=true` | Same as `traefik.frontend.auth.removeHeader` |
-| `traefik..frontend.entryPoints=https` | Same as `traefik.frontend.entryPoints` |
-| `traefik..frontend.errors..backend=NAME` | Same as `traefik.frontend.errors..backend` |
-| `traefik..frontend.errors..query=PATH` | Same as `traefik.frontend.errors..query` |
-| `traefik..frontend.errors..status=RANGE` | Same as `traefik.frontend.errors..status` |
-| `traefik..frontend.passHostHeader=true` | Same as `traefik.frontend.passHostHeader` |
+| Label | Description |
+|------------------------------------------------------------------------------------|------------------------------------------------------------------------|
+| `traefik..backend=BACKEND` | Same as `traefik.backend` |
+| `traefik..domain=DOMAIN` | Same as `traefik.domain` |
+| `traefik..portIndex=1` | Same as `traefik.portIndex` |
+| `traefik..portName=web` | Same as `traefik.portName` |
+| `traefik..port=PORT` | Same as `traefik.port` |
+| `traefik..protocol=http` | Same as `traefik.protocol` |
+| `traefik..weight=10` | Same as `traefik.weight` |
+| `traefik..frontend.auth.basic=EXPR` | Same as `traefik.frontend.auth.basic` |
+| `traefik..frontend.auth.basic.removeHeader=true` | Same as `traefik.frontend.auth.basic.removeHeader` |
+| `traefik..frontend.auth.basic.users=EXPR` | Same as `traefik.frontend.auth.basic.users` |
+| `traefik..frontend.auth.basic.usersFile=/path/.htpasswd` | Same as `traefik.frontend.auth.basic.usersFile` |
+| `traefik..frontend.auth.digest.removeHeader=true` | Same as `traefik.frontend.auth.digest.removeHeader` |
+| `traefik..frontend.auth.digest.users=EXPR` | Same as `traefik.frontend.auth.digest.users` |
+| `traefik..frontend.auth.digest.usersFile=/path/.htdigest` | Same as `traefik.frontend.auth.digest.usersFile` |
+| `traefik..frontend.auth.forward.address=https://example.com` | Same as `traefik.frontend.auth.forward.address` |
+| `traefik..frontend.auth.forward.authResponseHeaders=EXPR` | Same as `traefik.frontend.auth.forward.authResponseHeaders` |
+| `traefik..frontend.auth.forward.tls.ca=/path/ca.pem` | Same as `traefik.frontend.auth.forward.tls.ca` |
+| `traefik..frontend.auth.forward.tls.caOptional=true` | Same as `traefik.frontend.auth.forward.tls.caOptional` |
+| `traefik..frontend.auth.forward.tls.cert=/path/server.pem` | Same as `traefik.frontend.auth.forward.tls.cert` |
+| `traefik..frontend.auth.forward.tls.insecureSkipVerify=true` | Same as `traefik.frontend.auth.forward.tls.insecureSkipVerify` |
+| `traefik..frontend.auth.forward.tls.key=/path/server.key` | Same as `traefik.frontend.auth.forward.tls.key` |
+| `traefik..frontend.auth.forward.trustForwardHeader=true` | Same as `traefik.frontend.auth.forward.trustForwardHeader` |
+| `traefik..frontend.auth.headerField=X-WebAuth-User` | Same as `traefik.frontend.auth.headerField` |
+| `traefik..frontend.auth.removeHeader=true` | Same as `traefik.frontend.auth.removeHeader` |
+| `traefik..frontend.entryPoints=https` | Same as `traefik.frontend.entryPoints` |
+| `traefik..frontend.errors..backend=NAME` | Same as `traefik.frontend.errors..backend` |
+| `traefik..frontend.errors..query=PATH` | Same as `traefik.frontend.errors..query` |
+| `traefik..frontend.errors..status=RANGE` | Same as `traefik.frontend.errors..status` |
+| `traefik..frontend.passHostHeader=true` | Same as `traefik.frontend.passHostHeader` |
| `traefik..frontend.passTLSClientCert.infos.notAfter=true` | Same as `traefik.frontend.passTLSClientCert.infos.notAfter` |
| `traefik..frontend.passTLSClientCert.infos.notBefore=true` | Same as `traefik.frontend.passTLSClientCert.infos.notBefore` |
| `traefik..frontend.passTLSClientCert.infos.sans=true` | Same as `traefik.frontend.passTLSClientCert.infos.sans` |
@@ -263,21 +265,21 @@ Segment labels override the default behavior.
| `traefik..frontend.passTLSClientCert.infos.subject.province=true` | Same as `traefik.frontend.passTLSClientCert.infos.subject.province` |
| `traefik..frontend.passTLSClientCert.infos.subject.serialNumber=true`| Same as `traefik.frontend.passTLSClientCert.infos.subject.serialNumber`|
| `traefik..frontend.passTLSClientCert.pem=true` | Same as `traefik.frontend.passTLSClientCert.infos.pem` |
-| `traefik..frontend.passTLSCert=true` | Same as `traefik.frontend.passTLSCert` |
-| `traefik..frontend.priority=10` | Same as `traefik.frontend.priority` |
-| `traefik..frontend.rateLimit.extractorFunc=EXP` | Same as `traefik.frontend.rateLimit.extractorFunc` |
-| `traefik..frontend.rateLimit.rateSet..period=6` | Same as `traefik.frontend.rateLimit.rateSet..period` |
-| `traefik..frontend.rateLimit.rateSet..average=6` | Same as `traefik.frontend.rateLimit.rateSet..average` |
-| `traefik.