diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index 79b7e9698..75b8dbf0a 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -23,6 +23,8 @@ Certificates are requested for domain names retrieved from the router's [dynamic You can read more about this retrieval mechanism in the following section: [ACME Domain Definition](#domain-definition). +!!! warning "Defining an [ACME challenge type](#the-different-acme-challenges) is a requirement for a certificate resolver to be functional." + !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it." ??? note "Configuration Reference" @@ -158,6 +160,8 @@ When using LetsEncrypt with kubernetes, there are some known caveats with both t ## The Different ACME Challenges +!!! warning "Defining one ACME challenge is a requirement for a certificate resolver to be functional." + !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it." ### `tlsChallenge` @@ -329,6 +333,7 @@ For complete details, refer to your provider's _Additional configuration_ link. | [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) | | [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) | | [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) | +| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) | | [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) | | [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) | | [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) | @@ -387,11 +392,12 @@ For complete details, refer to your provider's _Additional configuration_ link. | HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) | | manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press Enter. | | -[^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/) -[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production) +[^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/). +[^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production). [^3]: [google/default.go](https://github.com/golang/oauth2/blob/36a7019397c4c86cf59eeab3bc0d188bac444277/google/default.go#L61-L76) [^4]: `docker stack` remark: there is no way to support terminal attached to container when deploying with `docker stack`, so you might need to run container with `docker run -it` to generate certificates using `manual` provider. [^5]: The `Global API Key` needs to be used, not the `Origin CA Key`. +[^6]: As explained in the [LEGO hurricane configuration](https://go-acme.github.io/lego/dns/hurricane/#credentials), each domain or wildcard (record name) needs a token. So each update of record name must be followed by an update of the `HURRICANE_TOKENS` variable, and a restart of Traefik. !!! info "`delayBeforeCheck`" By default, the `provider` verifies the TXT record _before_ letting ACME verify. diff --git a/docs/content/observability/metrics/datadog.md b/docs/content/observability/metrics/datadog.md index b52b35b65..326311293 100644 --- a/docs/content/observability/metrics/datadog.md +++ b/docs/content/observability/metrics/datadog.md @@ -118,7 +118,7 @@ metrics: ```toml tab="File (TOML)" [metrics] [metrics.datadog] - pushInterval = 10s + pushInterval = "10s" ``` ```bash tab="CLI" @@ -144,5 +144,5 @@ metrics: ``` ```bash tab="CLI" ---metrics.datadog.prefix="traefik" +--metrics.datadog.prefix=traefik ``` diff --git a/docs/content/observability/metrics/influxdb.md b/docs/content/observability/metrics/influxdb.md index 5aa1c9ebb..1cdc8d89e 100644 --- a/docs/content/observability/metrics/influxdb.md +++ b/docs/content/observability/metrics/influxdb.md @@ -69,7 +69,7 @@ InfluxDB database used when protocol is http. ```yaml tab="File (YAML)" metrics: influxDB: - database: "db" + database: db ``` ```toml tab="File (TOML)" @@ -91,7 +91,7 @@ InfluxDB retention policy used when protocol is http. ```yaml tab="File (YAML)" metrics: influxDB: - retentionPolicy: "two_hours" + retentionPolicy: two_hours ``` ```toml tab="File (TOML)" @@ -113,7 +113,7 @@ InfluxDB username (only with http). ```yaml tab="File (YAML)" metrics: influxDB: - username: "john" + username: john ``` ```toml tab="File (TOML)" @@ -135,7 +135,7 @@ InfluxDB password (only with http). ```yaml tab="File (YAML)" metrics: influxDB: - password: "secret" + password: secret ``` ```toml tab="File (TOML)" @@ -176,18 +176,18 @@ _Optional, Default=false_ Enable metrics on routers. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - addRoutersLabels = true -``` - ```yaml tab="File (YAML)" metrics: influxDB: addRoutersLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + addRoutersLabels = true +``` + ```bash tab="CLI" --metrics.influxdb.addrouterslabels=true ``` @@ -229,7 +229,7 @@ metrics: ```toml tab="File (TOML)" [metrics] [metrics.influxDB] - pushInterval = 10s + pushInterval = "10s" ``` ```bash tab="CLI" @@ -242,14 +242,6 @@ _Optional, Default={}_ Additional labels (influxdb tags) on all metrics. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - [metrics.influxDB.additionalLabels] - host = "example.com" - environment = "production" -``` - ```yaml tab="File (YAML)" metrics: influxDB: @@ -258,6 +250,14 @@ metrics: environment: production ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + [metrics.influxDB.additionalLabels] + host = "example.com" + environment = "production" +``` + ```bash tab="CLI" --metrics.influxdb.additionallabels.host=example.com --metrics.influxdb.additionallabels.environment=production ``` diff --git a/docs/content/observability/metrics/overview.md b/docs/content/observability/metrics/overview.md index 2cd109881..13ef7aa79 100644 --- a/docs/content/observability/metrics/overview.md +++ b/docs/content/observability/metrics/overview.md @@ -7,16 +7,16 @@ Traefik supports 4 metrics backends: - [Prometheus](./prometheus.md) - [StatsD](./statsd.md) -## Server Metrics +## Global Metrics | Metric | DataDog | InfluxDB | Prometheus | StatsD | |-------------------------------------------------------------------------|---------|----------|------------|--------| | [Configuration reloads](#configuration-reloads) | ✓ | ✓ | ✓ | ✓ | -| [Configuration reload failures](#configuration-reload-failures) | ✓ | ✓ | ✓ | ✓ | | [Last Configuration Reload Success](#last-configuration-reload-success) | ✓ | ✓ | ✓ | ✓ | -| [Last Configuration Reload Failure](#last-configuration-reload-failure) | ✓ | ✓ | ✓ | ✓ | +| [TLS certificates expiration](#tls-certificates-expiration) | ✓ | ✓ | ✓ | ✓ | ### Configuration Reloads + The total count of configuration reloads. ```dd tab="Datadog" @@ -36,27 +36,8 @@ traefik_config_reloads_total {prefix}.config.reload.total ``` -### Configuration Reload Failures -The total count of configuration reload failures. - -```dd tab="Datadog" -config.reload.total (with tag "failure" to true) -``` - -```influxdb tab="InfluxDB" -traefik.config.reload.total.failure -``` - -```prom tab="Prometheus" -traefik_config_reloads_failure_total -``` - -```statsd tab="StatsD" -# Default prefix: "traefik" -{prefix}.config.reload.total.failure -``` - ### Last Configuration Reload Success + The timestamp of the last configuration reload success. ```dd tab="Datadog" @@ -76,24 +57,27 @@ traefik_config_last_reload_success {prefix}.config.reload.lastSuccessTimestamp ``` -### Last Configuration Reload Failure -The timestamp of the last configuration reload failure. +### TLS certificates expiration + +The expiration date of certificates. + +Available labels: `cn`, `sans`, `serial`. ```dd tab="Datadog" -config.reload.lastFailureTimestamp +tls.certs.notAfterTimestamp ``` ```influxdb tab="InfluxDB" -traefik.config.reload.lastFailureTimestamp +traefik.tls.certs.notAfterTimestamp ``` ```prom tab="Prometheus" -traefik_config_last_reload_failure +traefik_tls_certs_not_after ``` ```statsd tab="StatsD" # Default prefix: "traefik" -{prefix}.config.reload.lastFailureTimestamp +{prefix}.tls.certs.notAfterTimestamp ``` ## EntryPoint Metrics @@ -101,12 +85,13 @@ traefik_config_last_reload_failure | Metric | DataDog | InfluxDB | Prometheus | StatsD | |-----------------------------------------------------------|---------|----------|------------|--------| | [HTTP Requests Count](#http-requests-count) | ✓ | ✓ | ✓ | ✓ | -| [HTTPS Requests Count](#https-requests-count) | | | ✓ | | +| [HTTPS Requests Count](#https-requests-count) | ✓ | ✓ | ✓ | ✓ | | [Request Duration Histogram](#request-duration-histogram) | ✓ | ✓ | ✓ | ✓ | | [Open Connections Count](#open-connections-count) | ✓ | ✓ | ✓ | ✓ | ### HTTP Requests Count -The total count of HTTP requests processed on an entrypoint. + +The total count of HTTP requests received by an entrypoint. Available labels: `code`, `method`, `protocol`, `entrypoint`. @@ -128,16 +113,31 @@ traefik_entrypoint_requests_total ``` ### HTTPS Requests Count -The total count of HTTPS requests processed on an entrypoint. + +The total count of HTTPS requests received by an entrypoint. Available labels: `tls_version`, `tls_cipher`, `entrypoint`. +```dd tab="Datadog" +entrypoint.request.tls.total +``` + +```influxdb tab="InfluxDB" +traefik.entrypoint.requests.tls.total +``` + ```prom tab="Prometheus" traefik_entrypoint_requests_tls_total ``` +```statsd tab="StatsD" +# Default prefix: "traefik" +{prefix}.entrypoint.request.tls.total +``` + ### Request Duration Histogram -Request process time duration histogram on an entrypoint. + +Request processing duration histogram on an entrypoint. Available labels: `code`, `method`, `protocol`, `entrypoint`. @@ -159,6 +159,7 @@ traefik_entrypoint_request_duration_seconds ``` ### Open Connections Count + The current count of open connections on an entrypoint. Available labels: `method`, `protocol`, `entrypoint`. @@ -180,18 +181,120 @@ traefik_entrypoint_open_connections {prefix}.entrypoint.connections.open ``` -## Service Metrics +## Router Metrics | Metric | DataDog | InfluxDB | Prometheus | StatsD | |-------------------------------------------------------------|---------|----------|------------|--------| | [HTTP Requests Count](#http-requests-count_1) | ✓ | ✓ | ✓ | ✓ | -| [HTTPS Requests Count](#https-requests-count_1) | | | ✓ | | +| [HTTPS Requests Count](#https-requests-count_1) | ✓ | ✓ | ✓ | ✓ | | [Request Duration Histogram](#request-duration-histogram_1) | ✓ | ✓ | ✓ | ✓ | | [Open Connections Count](#open-connections-count_1) | ✓ | ✓ | ✓ | ✓ | + +### HTTP Requests Count + +The total count of HTTP requests handled by a router. + +Available labels: `code`, `method`, `protocol`, `router`, `service`. + +```dd tab="Datadog" +router.request.total +``` + +```influxdb tab="InfluxDB" +traefik.router.requests.total +``` + +```prom tab="Prometheus" +traefik_router_requests_total +``` + +```statsd tab="StatsD" +# Default prefix: "traefik" +{prefix}.router.request.total +``` + +### HTTPS Requests Count + +The total count of HTTPS requests handled by a router. + +Available labels: `tls_version`, `tls_cipher`, `router`, `service`. + +```dd tab="Datadog" +router.request.tls.total +``` + +```influxdb tab="InfluxDB" +traefik.router.requests.tls.total +``` + +```prom tab="Prometheus" +traefik_router_requests_tls_total +``` + +```statsd tab="StatsD" +# Default prefix: "traefik" +{prefix}.router.request.tls.total +``` + +### Request Duration Histogram + +Request processing duration histogram on a router. + +Available labels: `code`, `method`, `protocol`, `router`, `service`. + +```dd tab="Datadog" +router.request.duration +``` + +```influxdb tab="InfluxDB" +traefik.router.request.duration +``` + +```prom tab="Prometheus" +traefik_router_request_duration_seconds +``` + +```statsd tab="StatsD" +# Default prefix: "traefik" +{prefix}.router.request.duration +``` + +### Open Connections Count + +The current count of open connections on a router. + +Available labels: `method`, `protocol`, `router`, `service`. + +```dd tab="Datadog" +router.connections.open +``` + +```influxdb tab="InfluxDB" +traefik.router.connections.open +``` + +```prom tab="Prometheus" +traefik_router_open_connections +``` + +```statsd tab="StatsD" +# Default prefix: "traefik" +{prefix}.router.connections.open +``` + +## Service Metrics + +| Metric | DataDog | InfluxDB | Prometheus | StatsD | +|-------------------------------------------------------------|---------|----------|------------|--------| +| [HTTP Requests Count](#http-requests-count_2) | ✓ | ✓ | ✓ | ✓ | +| [HTTPS Requests Count](#https-requests-count_2) | ✓ | ✓ | ✓ | ✓ | +| [Request Duration Histogram](#request-duration-histogram_2) | ✓ | ✓ | ✓ | ✓ | +| [Open Connections Count](#open-connections-count_2) | ✓ | ✓ | ✓ | ✓ | | [Requests Retries Count](#requests-retries-count) | ✓ | ✓ | ✓ | ✓ | | [Service Server UP](#service-server-up) | ✓ | ✓ | ✓ | ✓ | ### HTTP Requests Count + The total count of HTTP requests processed on a service. Available labels: `code`, `method`, `protocol`, `service`. @@ -214,16 +317,31 @@ traefik_service_requests_total ``` ### HTTPS Requests Count + The total count of HTTPS requests processed on a service. Available labels: `tls_version`, `tls_cipher`, `service`. +```dd tab="Datadog" +router.service.tls.total +``` + +```influxdb tab="InfluxDB" +traefik.service.requests.tls.total +``` + ```prom tab="Prometheus" traefik_service_requests_tls_total ``` +```statsd tab="StatsD" +# Default prefix: "traefik" +{prefix}.service.request.tls.total +``` + ### Request Duration Histogram -Request process time duration histogram on a service. + +Request processing duration histogram on a service. Available labels: `code`, `method`, `protocol`, `service`. @@ -245,6 +363,7 @@ traefik_service_request_duration_seconds ``` ### Open Connections Count + The current count of open connections on a service. Available labels: `method`, `protocol`, `service`. @@ -267,6 +386,7 @@ traefik_service_open_connections ``` ### Requests Retries Count + The count of requests retries on a service. Available labels: `service`. @@ -289,6 +409,7 @@ traefik_service_retries_total ``` ### Service Server UP + Current service's server status, described by a gauge with a value of 0 for a down server or a value of 1 for an up server. Available labels: `service`, `url`. diff --git a/docs/content/observability/metrics/prometheus.md b/docs/content/observability/metrics/prometheus.md index d4ac5e54a..012f1be9b 100644 --- a/docs/content/observability/metrics/prometheus.md +++ b/docs/content/observability/metrics/prometheus.md @@ -39,7 +39,7 @@ metrics: ``` ```bash tab="CLI" ---metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000 +--metrics.prometheus.buckets=0.1,0.3,1.2,5.0 ``` #### `addEntryPointsLabels` @@ -70,18 +70,18 @@ _Optional, Default=false_ Enable metrics on routers. -```toml tab="File (TOML)" -[metrics] - [metrics.prometheus] - addRoutersLabels = true -``` - ```yaml tab="File (YAML)" metrics: prometheus: addRoutersLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.prometheus] + addRoutersLabels = true +``` + ```bash tab="CLI" --metrics.prometheus.addrouterslabels=true ``` @@ -117,7 +117,7 @@ Entry point used to expose metrics. ```yaml tab="File (YAML)" entryPoints: metrics: - address: ":8082" + address: :8082 metrics: prometheus: diff --git a/docs/content/observability/metrics/statsd.md b/docs/content/observability/metrics/statsd.md index 4d310969a..cde0126b2 100644 --- a/docs/content/observability/metrics/statsd.md +++ b/docs/content/observability/metrics/statsd.md @@ -66,18 +66,18 @@ _Optional, Default=false_ Enable metrics on entry points. -```toml tab="File (TOML)" -[metrics] - [metrics.statsD] - addRoutersLabels = true -``` - ```yaml tab="File (YAML)" metrics: statsD: addRoutersLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.statsD] + addRoutersLabels = true +``` + ```bash tab="CLI" --metrics.statsd.addrouterslabels=true ``` @@ -119,7 +119,7 @@ metrics: ```toml tab="File (TOML)" [metrics] [metrics.statsD] - pushInterval = 10s + pushInterval = "10s" ``` ```bash tab="CLI" @@ -145,5 +145,5 @@ metrics: ``` ```bash tab="CLI" ---metrics.statsd.prefix="traefik" +--metrics.statsd.prefix=traefik ``` diff --git a/pkg/provider/acme/challenge_http.go b/pkg/provider/acme/challenge_http.go index 4a8cf1938..a6eaf32d9 100644 --- a/pkg/provider/acme/challenge_http.go +++ b/pkg/provider/acme/challenge_http.go @@ -103,7 +103,7 @@ func (c *ChallengeHTTP) ServeHTTP(rw http.ResponseWriter, req *http.Request) { func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string) []byte { logger := log.FromContext(ctx) - logger.Debugf("Retrieving the ACME challenge for token %s...", token) + logger.Debugf("Retrieving the ACME challenge for %s (token %q)...", domain, token) var result []byte @@ -112,13 +112,13 @@ func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string) defer c.lock.RUnlock() if _, ok := c.httpChallenges[token]; !ok { - return fmt.Errorf("cannot find challenge for token %s", token) + return fmt.Errorf("cannot find challenge for token %q (%s)", token, domain) } var ok bool result, ok = c.httpChallenges[token][domain] if !ok { - return fmt.Errorf("cannot find challenge for domain %s", domain) + return fmt.Errorf("cannot find challenge for %s (token %q)", domain, token) } return nil @@ -132,7 +132,7 @@ func (c *ChallengeHTTP) getTokenValue(ctx context.Context, token, domain string) ebo.MaxElapsedTime = 60 * time.Second err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify) if err != nil { - logger.Errorf("Cannot retrieve the ACME challenge for token %v: %v", token, err) + logger.Errorf("Cannot retrieve the ACME challenge for %s (token %q): %v", domain, token, err) return []byte{} }