Merge branch 'v2.0' into master.

This commit is contained in:
Fernandez Ludovic 2019-08-06 21:26:59 +02:00
commit 88ebac942e
1818 changed files with 97998 additions and 45158 deletions

View file

@ -36,8 +36,7 @@
"scopelint", "scopelint",
"gochecknoinits", "gochecknoinits",
"gochecknoglobals", "gochecknoglobals",
# uncomment when the CI will be updated "bodyclose", # Too many false-positive and panics.
# "bodyclose", # Too many false-positive and panics.
] ]
[issues] [issues]

View file

@ -1,17 +1,22 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -e set -e
export DOCKER_VERSION=17.03.1 for s in apache2 cassandra elasticsearch memcached mysql mongod postgresql sphinxsearch rethinkdb rabbitmq-server redis-server; do sudo service $s stop; done
sudo swapoff -a
# shellcheck source=/dev/null sudo dd if=/dev/zero of=/swapfile bs=1M count=3072
sudo mkswap /swapfile
sudo swapon /swapfile
sudo rm -rf /home/runner/.rbenv
#export DOCKER_VERSION=18.06.3
source .semaphoreci/vars source .semaphoreci/vars
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/"${PULL_REQUEST_NUMBER}".diff | patch --dry-run -p1 -R); fi echo ${SHOULD_TEST}
if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi
echo ${TEMP_STORAGE}
if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi echo ${SHOULD_TEST}
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi #if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
if [ -n "$SHOULD_TEST" ]; then docker version; fi if [ -n "$SHOULD_TEST" ]; then docker version; fi
if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi
if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/1.12/go"; fi
if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/1.12/go/pkg/tool/linux_amd64"; fi

View file

@ -1,5 +1,46 @@
# Change Log # Change Log
## [v2.0.0-beta1](https://github.com/containous/traefik/tree/v2.0.0-beta1) (2019-07-19)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha8...v2.0.0-beta1)
**Enhancements:**
- **[acme]** Certificate resolvers. ([#5116](https://github.com/containous/traefik/pull/5116) by [ldez](https://github.com/ldez))
- **[api,provider]** Enhance REST provider ([#5072](https://github.com/containous/traefik/pull/5072) by [dtomcej](https://github.com/dtomcej))
- **[api]** Deal with multiple errors and their criticality ([#5070](https://github.com/containous/traefik/pull/5070) by [mpl](https://github.com/mpl))
- **[api]** API: remove configuration of Entrypoint and Middlewares ([#5119](https://github.com/containous/traefik/pull/5119) by [mpl](https://github.com/mpl))
- **[api]** Improve API endpoints ([#5080](https://github.com/containous/traefik/pull/5080) by [ldez](https://github.com/ldez))
- **[api]** Manage status for TCP element in the endpoint overview. ([#5108](https://github.com/containous/traefik/pull/5108) by [ldez](https://github.com/ldez))
- **[file]** Restrict traefik.toml to static configuration. ([#5090](https://github.com/containous/traefik/pull/5090) by [ldez](https://github.com/ldez))
- **[k8s,k8s/crd]** Add scheme to IngressRoute. ([#5062](https://github.com/containous/traefik/pull/5062) by [ldez](https://github.com/ldez))
- **[k8s,k8s/ingress]** Renamed `kubernetes` provider in `kubernetesIngress` provider ([#5068](https://github.com/containous/traefik/pull/5068) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[logs]** Improve error on router without service. ([#5126](https://github.com/containous/traefik/pull/5126) by [ldez](https://github.com/ldez))
- **[metrics]** Add Metrics ([#5111](https://github.com/containous/traefik/pull/5111) by [mmatur](https://github.com/mmatur))
- **[middleware]** Disable RateLimit temporarily ([#5123](https://github.com/containous/traefik/pull/5123) by [juliens](https://github.com/juliens))
- **[tls]** TLSOptions: handle conflict: same host name, different TLS options ([#5056](https://github.com/containous/traefik/pull/5056) by [mpl](https://github.com/mpl))
- **[tls]** Expand Client Auth Type configuration ([#5078](https://github.com/containous/traefik/pull/5078) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[tracing]** Add Jaeger collector endpoint ([#5082](https://github.com/containous/traefik/pull/5082) by [rmfitzpatrick](https://github.com/rmfitzpatrick))
- **[webui]** refactor(webui): use @vue/cli to bootstrap new ui ([#5091](https://github.com/containous/traefik/pull/5091) by [Slashgear](https://github.com/Slashgear))
- **[webui]** feat(webui/dashboard): init new dashboard ([#5105](https://github.com/containous/traefik/pull/5105) by [Slashgear](https://github.com/Slashgear))
- Move dynamic config into a dedicated package. ([#5075](https://github.com/containous/traefik/pull/5075) by [ldez](https://github.com/ldez))
**Bug fixes:**
- **[file]** fix: TLS configuration from directory. ([#5118](https://github.com/containous/traefik/pull/5118) by [ldez](https://github.com/ldez))
- **[middleware]** Remove X-Forwarded-(Uri, Method, Tls-Client-Cert and Tls-Client-Cert-Info) from untrusted IP ([#5012](https://github.com/containous/traefik/pull/5012) by [stffabi](https://github.com/stffabi))
- **[middleware]** Properly add response headers for CORS ([#4857](https://github.com/containous/traefik/pull/4857) by [dtomcej](https://github.com/dtomcej))
**Documentation:**
- **[acme]** Lets encrypt documentation typo ([#5127](https://github.com/containous/traefik/pull/5127) by [juliens](https://github.com/juliens))
- **[docker,marathon]** Update Dynamic Configuration Reference for both Docker and Marathon ([#5100](https://github.com/containous/traefik/pull/5100) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s,k8s/ingress]** Add documentation about Kubernetes Ingress provider ([#5112](https://github.com/containous/traefik/pull/5112) by [mpl](https://github.com/mpl))
- **[k8s/crd]** user guide: fix a mistake in the deployment definition ([#5096](https://github.com/containous/traefik/pull/5096) by [ldez](https://github.com/ldez))
- **[middleware]** Fixed a typo in label. ([#5128](https://github.com/containous/traefik/pull/5128) by [jamct](https://github.com/jamct))
- **[provider]** Improve providers documentation. ([#5050](https://github.com/containous/traefik/pull/5050) by [ldez](https://github.com/ldez))
- **[tracing]** Improve tracing documentation ([#5102](https://github.com/containous/traefik/pull/5102) by [mmatur](https://github.com/mmatur))
- Add a basic Traefik install guide ([#5117](https://github.com/containous/traefik/pull/5117) by [jbdoumenjou](https://github.com/jbdoumenjou))
**Misc:**
- Cherry pick v1.7 into v2.0 ([#5115](https://github.com/containous/traefik/pull/5115) by [jbdoumenjou](https://github.com/jbdoumenjou))
## [v2.0.0-alpha8](https://github.com/containous/traefik/tree/v2.0.0-alpha8) (2019-07-01) ## [v2.0.0-alpha8](https://github.com/containous/traefik/tree/v2.0.0-alpha8) (2019-07-01)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha7...v2.0.0-alpha8) [All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha7...v2.0.0-alpha8)

300
Gopkg.lock generated
View file

@ -101,6 +101,14 @@
revision = "f533f7a102197536779ea3a8cb881d639e21ec5a" revision = "f533f7a102197536779ea3a8cb881d639e21ec5a"
version = "v0.4.2" version = "v0.4.2"
[[projects]]
digest = "1:6b6d999be55cc0e0704ed0ac4532175f1f71639fbda6d143dc86ac5a5d3bc87f"
name = "github.com/Microsoft/hcsshim"
packages = ["osversion"]
pruneopts = "NUT"
revision = "f92b8fb9c92e17da496af5a69e3ee13fbe9916e1"
version = "v0.8.6"
[[projects]] [[projects]]
branch = "master" branch = "master"
digest = "1:d484472e9af62758e3963ee4d8112d5da58cd61833d71e3c1d25165a96d4518a" digest = "1:d484472e9af62758e3963ee4d8112d5da58cd61833d71e3c1d25165a96d4518a"
@ -109,14 +117,6 @@
pruneopts = "NUT" pruneopts = "NUT"
revision = "289a3b81f5aedc99f8d6eb0f67827c142f1310d8" revision = "289a3b81f5aedc99f8d6eb0f67827c142f1310d8"
[[projects]]
digest = "1:1b532462adeb680f8526152d0bc1baa203ce6b63b13070b9f9bd5812ef74dfce"
name = "github.com/Nvveen/Gotty"
packages = ["."]
pruneopts = "NUT"
revision = "a8b993ba6abdb0e0c12b0125c603323a71c7790c"
source = "github.com/ijc25/Gotty"
[[projects]] [[projects]]
branch = "master" branch = "master"
digest = "1:a4068a93355ba3cff0a719425713123d23c90010cb4d023b40c679a22465736d" digest = "1:a4068a93355ba3cff0a719425713123d23c90010cb4d023b40c679a22465736d"
@ -278,11 +278,16 @@
[[projects]] [[projects]]
branch = "master" branch = "master"
digest = "1:fc8dbcc2a5de7c093e167828ebbdf551641761d2ad75431d3a167d467a264115" digest = "1:835fc727705e8cf858ea44ad9bd872ff826d1c6b019598e0f9a64c9b942a947b"
name = "github.com/containerd/continuity" name = "github.com/containerd/continuity"
packages = ["pathdriver"] packages = [
"fs",
"pathdriver",
"syscallx",
"sysx",
]
pruneopts = "NUT" pruneopts = "NUT"
revision = "b2b946a77f5973f420514090d6f6dd58b08303f0" revision = "aaeac12a7ffcd198ae25440a9dff125c2e2703a7"
[[projects]] [[projects]]
branch = "containous-fork" branch = "containous-fork"
@ -357,25 +362,27 @@
version = "v0.21.0" version = "v0.21.0"
[[projects]] [[projects]]
digest = "1:cf7cba074c4d2f8e2a5cc2f10b1f6762c86cff2e39917b9f9a6dbd7df57fe9c9" digest = "1:067906552492b3c4a94057ba33279ad1af906a701be3b7d6a92a9478c25fc24f"
name = "github.com/docker/cli" name = "github.com/docker/cli"
packages = [ packages = [
"cli/command/image/build", "cli/command/image/build",
"cli/config", "cli/config",
"cli/config/configfile", "cli/config/configfile",
"cli/config/credentials", "cli/config/credentials",
"cli/config/types",
"opts", "opts",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "6b63d7b96a41055baddc3fa71f381c7f60bd5d8e" revision = "5b38d82aa0767e32f53b5821a9a5044f20eeef29"
version = "v19.03.1"
[[projects]] [[projects]]
digest = "1:85d8985e29b9a55ed2ede89e90c4418cf7e7b0e539cf0e00088f2bd9754c028c" digest = "1:26a1d70717dac8c37ae869d86103b9d72b71a6faf383a5e9b5b7e602c9b9743b"
name = "github.com/docker/distribution" name = "github.com/docker/distribution"
packages = [ packages = [
".", ".",
"context",
"digestset", "digestset",
"metrics",
"reference", "reference",
"registry/api/errcode", "registry/api/errcode",
"registry/api/v2", "registry/api/v2",
@ -385,13 +392,13 @@
"registry/client/transport", "registry/client/transport",
"registry/storage/cache", "registry/storage/cache",
"registry/storage/cache/memory", "registry/storage/cache/memory",
"uuid",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c" revision = "2461543d988979529609e8cb6fca9ca190dc48da"
version = "v2.7.1"
[[projects]] [[projects]]
digest = "1:2e4c2b6359d0344ddafb04133bea7a6ff1b8d4db1ab6ee02a43dab1f6b25b337" digest = "1:c2ec28361058cb8c28c4a9b9a505fb403e227b1476f24a3006de5135643dd0bb"
name = "github.com/docker/docker" name = "github.com/docker/docker"
packages = [ packages = [
"api", "api",
@ -413,6 +420,7 @@
"builder/dockerignore", "builder/dockerignore",
"builder/remotecontext/git", "builder/remotecontext/git",
"client", "client",
"errdefs",
"pkg/archive", "pkg/archive",
"pkg/fileutils", "pkg/fileutils",
"pkg/homedir", "pkg/homedir",
@ -437,15 +445,16 @@
"registry/resumable", "registry/resumable",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "7848b8beb9d38a98a78b75f78e05f8d2255f9dfe" revision = "fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b"
source = "github.com/docker/engine"
version = "v19.03.1"
[[projects]] [[projects]]
digest = "1:82d43dbea74bc51ed1a8beab6dc3ea09185da574e7ab6a96e3804e9b9d55fd2a" digest = "1:8866486038791fe65ea1abf660041423954b1f3fb99ea6a0ad8424422e943458"
name = "github.com/docker/docker-credential-helpers" name = "github.com/docker/docker-credential-helpers"
packages = [ packages = [
"client", "client",
"credentials", "credentials",
"pass",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1" revision = "d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1"
@ -463,6 +472,14 @@
revision = "3ede32e2033de7505e6500d6c868c2b9ed9f169d" revision = "3ede32e2033de7505e6500d6c868c2b9ed9f169d"
version = "v0.3.0" version = "v0.3.0"
[[projects]]
branch = "master"
digest = "1:c49ecccb8abda39a5a48a99267d6abfdf37f59f1c7fdbcbe04b3b9afc3ab625d"
name = "github.com/docker/go-metrics"
packages = ["."]
pruneopts = "NUT"
revision = "b84716841b82eab644a0c64fc8b42d480e49add5"
[[projects]] [[projects]]
digest = "1:9d8fe33c2e1aa01c76db67f285ffdb7dbdb5c5d90d9deb296526d67b9798ce7b" digest = "1:9d8fe33c2e1aa01c76db67f285ffdb7dbdb5c5d90d9deb296526d67b9798ce7b"
name = "github.com/docker/go-units" name = "github.com/docker/go-units"
@ -472,7 +489,7 @@
[[projects]] [[projects]]
branch = "master" branch = "master"
digest = "1:9b26bdc6b9952f728f61f510a48875c38974591c69b0afa77dcfe466c6162e9e" digest = "1:374db732c8336336840f94794cb57aa9bb55d5840e76dae8142a7d15272cc126"
name = "github.com/docker/libcompose" name = "github.com/docker/libcompose"
packages = [ packages = [
"config", "config",
@ -497,7 +514,7 @@
"yaml", "yaml",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "57bd716502dcbe1799f026148016022b0f3b989c" revision = "eac9fe1b8b032d757f9e281a19a62195622a5a11"
[[projects]] [[projects]]
digest = "1:5f4c34ef3ef56be4a7f57cc43d8d219930cbcc82fdff174518703200ad165c0e" digest = "1:5f4c34ef3ef56be4a7f57cc43d8d219930cbcc82fdff174518703200ad165c0e"
@ -545,6 +562,14 @@
pruneopts = "NUT" pruneopts = "NUT"
revision = "30f82fa23fd844bd5bb1e5f216db87fd77b5eb43" revision = "30f82fa23fd844bd5bb1e5f216db87fd77b5eb43"
[[projects]]
digest = "1:4304cca260ab815326ca42d9c28fb843342748267034c51963e13f5e54e727d1"
name = "github.com/evanphx/json-patch"
packages = ["."]
pruneopts = "NUT"
revision = "026c730a0dcc5d11f93f1cf1cc65b01247ea7b6f"
version = "v4.5.0"
[[projects]] [[projects]]
digest = "1:6f26e34204ddad638d25456c6443c2763aa38954558226722c253e08e9f491fa" digest = "1:6f26e34204ddad638d25456c6443c2763aa38954558226722c253e08e9f491fa"
name = "github.com/exoscale/egoscale" name = "github.com/exoscale/egoscale"
@ -576,13 +601,6 @@
pruneopts = "NUT" pruneopts = "NUT"
revision = "99a156b96fb2f9dbe6465affa51bbdccdd37174d" revision = "99a156b96fb2f9dbe6465affa51bbdccdd37174d"
[[projects]]
digest = "1:abfe129dc92b16fbf0cc9d6336096a2823151756f62072a700eb10754141b38e"
name = "github.com/ghodss/yaml"
packages = ["."]
pruneopts = "NUT"
revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee"
[[projects]] [[projects]]
digest = "1:d82b2dc81c551e7c15f31523a2cc8ee9121b39cfbf63174d98a0bc8edf2d3c5e" digest = "1:d82b2dc81c551e7c15f31523a2cc8ee9121b39cfbf63174d98a0bc8edf2d3c5e"
name = "github.com/go-acme/lego" name = "github.com/go-acme/lego"
@ -701,7 +719,7 @@
version = "v1.41.0" version = "v1.41.0"
[[projects]] [[projects]]
digest = "1:9e53c5e9ee65a2c587d6ade11761ef2f976abfcd9599c5016b7046e63c1f7fb2" digest = "1:bed40e7a58536b77890de9fc4911a1322a31cd2495bbcad8446d182063eb1ae4"
name = "github.com/go-kit/kit" name = "github.com/go-kit/kit"
packages = [ packages = [
"log", "log",
@ -716,8 +734,8 @@
"util/conn", "util/conn",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "ca4112baa34cb55091301bdc13b1420a122b1b9e" revision = "150a65a7ec6156b4b640c1fd55f26fd3d475d656"
version = "v0.7.0" version = "v0.9.0"
[[projects]] [[projects]]
digest = "1:341a7df38da99fe91ed40e4008c13cc5d02dcc98ed1a094360cb7d5df26d6d26" digest = "1:341a7df38da99fe91ed40e4008c13cc5d02dcc98ed1a094360cb7d5df26d6d26"
@ -735,14 +753,6 @@
revision = "d4920dcf5b7689548a6db640278a9b35a5b48ec6" revision = "d4920dcf5b7689548a6db640278a9b35a5b48ec6"
version = "v1.9.1" version = "v1.9.1"
[[projects]]
digest = "1:8cf58169eb0a8c009ed3a4c36486980d602ab4cc4e478130493d6cd0404f889b"
name = "github.com/go-stack/stack"
packages = ["."]
pruneopts = "NUT"
revision = "54be5f394ed2c3e19dac9134a40a95ba5a017f7b"
version = "v1.5.4"
[[projects]] [[projects]]
digest = "1:6689652ec1f6e30455551da19c707f2bfac75e4df5c7bbe3f0ad7b49b9aa2cfc" digest = "1:6689652ec1f6e30455551da19c707f2bfac75e4df5c7bbe3f0ad7b49b9aa2cfc"
name = "github.com/gogo/protobuf" name = "github.com/gogo/protobuf"
@ -754,13 +764,6 @@
revision = "909568be09de550ed094403c2bf8a261b5bb730a" revision = "909568be09de550ed094403c2bf8a261b5bb730a"
version = "v0.3" version = "v0.3"
[[projects]]
digest = "1:78b8040ece2ff622580def2708b9eb0b2857711b6744c475439bf337e9c677ea"
name = "github.com/golang/glog"
packages = ["."]
pruneopts = "NUT"
revision = "44145f04b68cf362d9c4df2182967c2275eaefed"
[[projects]] [[projects]]
digest = "1:2d0636a8c490d2272dd725db26f74a537111b99b9dbdda0d8b98febe63702aa4" digest = "1:2d0636a8c490d2272dd725db26f74a537111b99b9dbdda0d8b98febe63702aa4"
name = "github.com/golang/protobuf" name = "github.com/golang/protobuf"
@ -784,12 +787,18 @@
revision = "553a641470496b2327abcac10b36396bd98e45c9" revision = "553a641470496b2327abcac10b36396bd98e45c9"
[[projects]] [[projects]]
branch = "master" digest = "1:bf40199583e5143d1472fc34d10d6f4b69d97572142acf343b3e43136da40823"
digest = "1:245bd4eb633039cd66106a5d340ae826d87f4e36a8602fcc940e14176fd26ea7" name = "github.com/google/go-cmp"
name = "github.com/google/btree" packages = [
packages = ["."] "cmp",
"cmp/internal/diff",
"cmp/internal/flags",
"cmp/internal/function",
"cmp/internal/value",
]
pruneopts = "NUT" pruneopts = "NUT"
revision = "e89373fe6b4a7413d7acd6da1725b83ef713e6e4" revision = "6f77996f0c42f7b84e5a2b252227263f93432e9b"
version = "v0.3.0"
[[projects]] [[projects]]
digest = "1:7e49319ff995ba7b1c89845b02908d609db90879192e0f24d6338fd715043e50" digest = "1:7e49319ff995ba7b1c89845b02908d609db90879192e0f24d6338fd715043e50"
@ -881,17 +890,6 @@
revision = "0bd13642feb8f57acc0d8e3a568edc34e05a74b9" revision = "0bd13642feb8f57acc0d8e3a568edc34e05a74b9"
version = "1.1.3" version = "1.1.3"
[[projects]]
branch = "master"
digest = "1:7fdf3223c7372d1ced0b98bf53457c5e89d89aecbad9a77ba9fcc6e01f9e5621"
name = "github.com/gregjones/httpcache"
packages = [
".",
"diskcache",
]
pruneopts = "NUT"
revision = "2bcd89a1743fd4b373f7370ce8ddc14dfbd18229"
[[projects]] [[projects]]
digest = "1:f7b3db9cb74d13f6a7cf84b3801e68585745eacaf7d40cc10ecc4734c30503d3" digest = "1:f7b3db9cb74d13f6a7cf84b3801e68585745eacaf7d40cc10ecc4734c30503d3"
name = "github.com/hashicorp/go-version" name = "github.com/hashicorp/go-version"
@ -938,16 +936,16 @@
version = "0.2.4" version = "0.2.4"
[[projects]] [[projects]]
digest = "1:9813d5a93abcc5690fa5830bf7186c835493516986be7a2b11b46e7b12e13317" branch = "master"
name = "github.com/influxdata/influxdb" digest = "1:50708c8fc92aec981df5c446581cf9f90ba9e2a5692118e0ce75d4534aaa14a2"
name = "github.com/influxdata/influxdb1-client"
packages = [ packages = [
"client/v2",
"models", "models",
"pkg/escape", "pkg/escape",
"v2",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "2d474a3089bcfce6b472779be9470a1f0ef3d5e4" revision = "8ff2fc3824fcb533795f9a2f233275f0bb18d6c5"
version = "v1.3.7"
[[projects]] [[projects]]
digest = "1:78efd72f12ed0244e5fbe82bd0ecdbaf3e21402ee9176525ef1138a2fc0d3b17" digest = "1:78efd72f12ed0244e5fbe82bd0ecdbaf3e21402ee9176525ef1138a2fc0d3b17"
@ -1175,6 +1173,14 @@
revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd" revision = "4b7aa43c6742a2c18fdef89dd197aaae7dac7ccd"
version = "1.0.1" version = "1.0.1"
[[projects]]
branch = "master"
digest = "1:946bf1e858c4884cc82907463b0579dfd3b84e1b541bd49808d2bcfcb9452be0"
name = "github.com/morikuni/aec"
packages = ["."]
pruneopts = "NUT"
revision = "39771216ff4c63d11f5e604076f9c45e8be1067b"
[[projects]] [[projects]]
digest = "1:7bb97a5f80a2429fa605e176e16cf682cbb5ac681f421a06efb4e3b8efae6e5f" digest = "1:7bb97a5f80a2429fa605e176e16cf682cbb5ac681f421a06efb4e3b8efae6e5f"
name = "github.com/mvdan/xurls" name = "github.com/mvdan/xurls"
@ -1306,22 +1312,6 @@
revision = "a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0" revision = "a3647f8e31d79543b2d0f0ae2fe5c379d72cedc0"
version = "v2.1.0" version = "v2.1.0"
[[projects]]
branch = "master"
digest = "1:3bf17a6e6eaa6ad24152148a631d18662f7212e21637c2699bff3369b7f00fa2"
name = "github.com/petar/GoLLRB"
packages = ["llrb"]
pruneopts = "NUT"
revision = "53be0d36a84c2a886ca057d34b6aa4468df9ccb4"
[[projects]]
digest = "1:6c6d91dc326ed6778783cff869c49fb2f61303cdd2ebbcf90abe53505793f3b6"
name = "github.com/peterbourgon/diskv"
packages = ["."]
pruneopts = "NUT"
revision = "5f041e8faa004a95c88a202771f4cc3e991971e6"
version = "v2.0.1"
[[projects]] [[projects]]
digest = "1:44c66ad69563dbe3f8e76d7d6cad21a03626e53f1875b5ab163ded419e01ca7a" digest = "1:44c66ad69563dbe3f8e76d7d6cad21a03626e53f1875b5ab163ded419e01ca7a"
name = "github.com/philhofer/fwd" name = "github.com/philhofer/fwd"
@ -1362,14 +1352,16 @@
version = "v1.0.0" version = "v1.0.0"
[[projects]] [[projects]]
digest = "1:d05ebef91c056e176dc4dfe905002bd3dd7b1dc8703b53bf6e88761053236a75" digest = "1:097cc61836050f45cbb712ae3bb45d66fba464c16b8fac09907fa3c1f753eff6"
name = "github.com/prometheus/client_golang" name = "github.com/prometheus/client_golang"
packages = [ packages = [
"prometheus", "prometheus",
"prometheus/internal",
"prometheus/promhttp", "prometheus/promhttp",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "08fd2e12372a66e68e30523c7642e0cbc3e4fbde" revision = "4ab88e80c249ed361d3299e2930427d9ac43ef8d"
version = "v1.0.0"
[[projects]] [[projects]]
digest = "1:32d10bdfa8f09ecf13598324dba86ab891f11db3c538b6a34d1c3b5b99d7c36b" digest = "1:32d10bdfa8f09ecf13598324dba86ab891f11db3c538b6a34d1c3b5b99d7c36b"
@ -1379,7 +1371,7 @@
revision = "6f3806018612930941127f2a7c6c453ba2c527d2" revision = "6f3806018612930941127f2a7c6c453ba2c527d2"
[[projects]] [[projects]]
digest = "1:65f12bb82877d6e049a41b5feec5f79f11e3e0ea5748f677d68f206ac408c403" digest = "1:d03ca24670416dc8fccc78b05d6736ec655416ca7db0a028e8fb92cfdfe3b55e"
name = "github.com/prometheus/common" name = "github.com/prometheus/common"
packages = [ packages = [
"expfmt", "expfmt",
@ -1387,17 +1379,19 @@
"model", "model",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "49fee292b27bfff7f354ee0f64e1bc4850462edf" revision = "31bed53e4047fd6c510e43a941f90cb31be0972a"
version = "v0.6.0"
[[projects]] [[projects]]
digest = "1:60d19aad385900a8aa4a755524e68965fcb31b444ec30e673812e06c98674f2e" digest = "1:19305fc369377c111c865a7a01e11c675c57c52a932353bbd4ea360bd5b72d99"
name = "github.com/prometheus/procfs" name = "github.com/prometheus/procfs"
packages = [ packages = [
".", ".",
"xfs", "internal/fs",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "a1dba9ce8baed984a2495b658c82687f8157b98f" revision = "3f98efb27840a48a7a2898ec80be07674d19f9c8"
version = "v0.0.3"
[[projects]] [[projects]]
branch = "containous-fork" branch = "containous-fork"
@ -1558,11 +1552,11 @@
[[projects]] [[projects]]
branch = "v1" branch = "v1"
digest = "1:60888cead16f066c948c078258b27f2885dce91cb6aadacf545b62a1ae1d08cb" digest = "1:ca2fa30e83e743bf24f13fbfa883e228955748ab59785b6ae9bd8a55a05bd157"
name = "github.com/unrolled/secure" name = "github.com/unrolled/secure"
packages = ["."] packages = ["."]
pruneopts = "NUT" pruneopts = "NUT"
revision = "a1cf62cc2159fff407728f118c41aece76c397fa" revision = "716474489ad3d350e961ec6de19a6ab24e40f006"
[[projects]] [[projects]]
digest = "1:a68c3f55d44d225da4f22ffbed2d8572d267cb19aaa1d60537769034ac66bc01" digest = "1:a68c3f55d44d225da4f22ffbed2d8572d267cb19aaa1d60537769034ac66bc01"
@ -1614,11 +1608,12 @@
revision = "e02fc20de94c78484cd5ffb007f8af96be030a45" revision = "e02fc20de94c78484cd5ffb007f8af96be030a45"
[[projects]] [[projects]]
digest = "1:60e24d485a33cb9bffc041de6a5f1596b8ef8d9a9bb9e9f3834c72fd5a96e76a" digest = "1:5185937abbca299da07bcbeb4e38dfa186c09fbf60042c3d07e0073a0634a78f"
name = "github.com/xeipuuv/gojsonschema" name = "github.com/xeipuuv/gojsonschema"
packages = ["."] packages = ["."]
pruneopts = "NUT" pruneopts = "NUT"
revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70" revision = "f971f3cd73b2899de6923801c147f075263e0c50"
version = "v1.1.0"
[[projects]] [[projects]]
digest = "1:aafe0319af5410fb19a23a575ea6ee4b14253e122ef87f936bac65ea1e6b280c" digest = "1:aafe0319af5410fb19a23a575ea6ee4b14253e122ef87f936bac65ea1e6b280c"
@ -1717,6 +1712,14 @@
pruneopts = "NUT" pruneopts = "NUT"
revision = "ec22f46f877b4505e0117eeaab541714644fdd28" revision = "ec22f46f877b4505e0117eeaab541714644fdd28"
[[projects]]
branch = "master"
digest = "1:b521f10a2d8fa85c04a8ef4e62f2d1e14d303599a55d64dabf9f5a02f84d35eb"
name = "golang.org/x/sync"
packages = ["errgroup"]
pruneopts = "NUT"
revision = "112230192c580c3556b8cee6403af37a4fc5f28c"
[[projects]] [[projects]]
digest = "1:51bfac9fe01b6a949bfed6db70b00bada281f0d64e5296ec644163aa977bfee0" digest = "1:51bfac9fe01b6a949bfed6db70b00bada281f0d64e5296ec644163aa977bfee0"
name = "golang.org/x/sys" name = "golang.org/x/sys"
@ -1857,7 +1860,7 @@
version = "v1.20.1" version = "v1.20.1"
[[projects]] [[projects]]
digest = "1:b49eceff862a3048ec28dad1fce40bcbdc1703119dbad35d7e5f1beb4f9a4527" digest = "1:d732242a429138da899dfecea82b3c65b4157bdf0b5317c229d9c559b6c3450e"
name = "gopkg.in/DataDog/dd-trace-go.v1" name = "gopkg.in/DataDog/dd-trace-go.v1"
packages = [ packages = [
"ddtrace", "ddtrace",
@ -1866,10 +1869,12 @@
"ddtrace/opentracer", "ddtrace/opentracer",
"ddtrace/tracer", "ddtrace/tracer",
"internal/globalconfig", "internal/globalconfig",
"internal/log",
"internal/version",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "c19e9e56d5b5b71b6507ce1b0ec06d85aa3705a1" revision = "8d2998bc69008aa4553846ac9a044aa730bd4ce4"
version = "v1.14.0" version = "v1.15.0"
[[projects]] [[projects]]
digest = "1:c970218a20933dd0a2eb2006de922217fa9276f57d25009b2a934eb1c50031cc" digest = "1:c970218a20933dd0a2eb2006de922217fa9276f57d25009b2a934eb1c50031cc"
@ -1924,39 +1929,47 @@
version = "v2.1.4" version = "v2.1.4"
[[projects]] [[projects]]
digest = "1:302ad18387350c3d9792da66de666f76d2ca8c62c47dd6b9434269c7cfa18971" digest = "1:18108594151654e9e696b27b181b953f9a90b16bf14d253dd1b397b025a1487f"
name = "gopkg.in/yaml.v2" name = "gopkg.in/yaml.v2"
packages = ["."] packages = ["."]
pruneopts = "NUT" pruneopts = "NUT"
revision = "53feefa2559fb8dfa8d81baad31be332c97d6c77" revision = "51d6538a90f86fe93ac480b35f37b2be17fef232"
version = "v2.2.2"
[[projects]] [[projects]]
digest = "1:b1c6723e934087c2fa159e1c6a309c3c5c0b9a7d209c2ba6028f21240ebe7606" digest = "1:759855d98a898d7d6a091b89b9c85c03d6efd673c44e15561d716543f4e88f31"
name = "k8s.io/api" name = "k8s.io/api"
packages = [ packages = [
"admissionregistration/v1alpha1",
"admissionregistration/v1beta1", "admissionregistration/v1beta1",
"apps/v1", "apps/v1",
"apps/v1beta1", "apps/v1beta1",
"apps/v1beta2", "apps/v1beta2",
"auditregistration/v1alpha1",
"authentication/v1", "authentication/v1",
"authentication/v1beta1", "authentication/v1beta1",
"authorization/v1", "authorization/v1",
"authorization/v1beta1", "authorization/v1beta1",
"autoscaling/v1", "autoscaling/v1",
"autoscaling/v2beta1", "autoscaling/v2beta1",
"autoscaling/v2beta2",
"batch/v1", "batch/v1",
"batch/v1beta1", "batch/v1beta1",
"batch/v2alpha1", "batch/v2alpha1",
"certificates/v1beta1", "certificates/v1beta1",
"coordination/v1",
"coordination/v1beta1",
"core/v1", "core/v1",
"events/v1beta1", "events/v1beta1",
"extensions/v1beta1", "extensions/v1beta1",
"networking/v1", "networking/v1",
"networking/v1beta1",
"node/v1alpha1",
"node/v1beta1",
"policy/v1beta1", "policy/v1beta1",
"rbac/v1", "rbac/v1",
"rbac/v1alpha1", "rbac/v1alpha1",
"rbac/v1beta1", "rbac/v1beta1",
"scheduling/v1",
"scheduling/v1alpha1", "scheduling/v1alpha1",
"scheduling/v1beta1", "scheduling/v1beta1",
"settings/v1alpha1", "settings/v1alpha1",
@ -1965,11 +1978,11 @@
"storage/v1beta1", "storage/v1beta1",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "e86510ea3fe79b17eda7b8b3bb5cf8811d3af968" revision = "b59d8169aab578b59c8d331a0e8cf6c56fae5fa0"
version = "kubernetes-1.11.7" version = "kubernetes-1.15.1"
[[projects]] [[projects]]
digest = "1:1fa62171c3cf8abf9933ec87c1a00881f8f086a5928b2a8481c469ab67cb4104" digest = "1:155388665cbca8ef2eea33692deacce31f5ee2029a1e5c50a83908e4e2fafc4f"
name = "k8s.io/apimachinery" name = "k8s.io/apimachinery"
packages = [ packages = [
"pkg/api/errors", "pkg/api/errors",
@ -2001,6 +2014,7 @@
"pkg/util/intstr", "pkg/util/intstr",
"pkg/util/json", "pkg/util/json",
"pkg/util/mergepatch", "pkg/util/mergepatch",
"pkg/util/naming",
"pkg/util/net", "pkg/util/net",
"pkg/util/runtime", "pkg/util/runtime",
"pkg/util/sets", "pkg/util/sets",
@ -2015,32 +2029,37 @@
"third_party/forked/golang/reflect", "third_party/forked/golang/reflect",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "1525e4dadd2df06debdeb27ee24ac7db5b6413b1" revision = "1799e75a07195de9460b8ef7300883499f12127b"
version = "kubernetes-1.11.7" version = "kubernetes-1.15.1"
[[projects]] [[projects]]
digest = "1:b557d722202c63ce865634b8adc42b7d283b7d71bd52c7becf525abc04b8bed9" digest = "1:dca55f4df9d801b3ed52459f9df1d4def74e5a5c55a3f976c614bd972913a56d"
name = "k8s.io/client-go" name = "k8s.io/client-go"
packages = [ packages = [
"discovery", "discovery",
"discovery/fake", "discovery/fake",
"informers", "informers",
"informers/admissionregistration", "informers/admissionregistration",
"informers/admissionregistration/v1alpha1",
"informers/admissionregistration/v1beta1", "informers/admissionregistration/v1beta1",
"informers/apps", "informers/apps",
"informers/apps/v1", "informers/apps/v1",
"informers/apps/v1beta1", "informers/apps/v1beta1",
"informers/apps/v1beta2", "informers/apps/v1beta2",
"informers/auditregistration",
"informers/auditregistration/v1alpha1",
"informers/autoscaling", "informers/autoscaling",
"informers/autoscaling/v1", "informers/autoscaling/v1",
"informers/autoscaling/v2beta1", "informers/autoscaling/v2beta1",
"informers/autoscaling/v2beta2",
"informers/batch", "informers/batch",
"informers/batch/v1", "informers/batch/v1",
"informers/batch/v1beta1", "informers/batch/v1beta1",
"informers/batch/v2alpha1", "informers/batch/v2alpha1",
"informers/certificates", "informers/certificates",
"informers/certificates/v1beta1", "informers/certificates/v1beta1",
"informers/coordination",
"informers/coordination/v1",
"informers/coordination/v1beta1",
"informers/core", "informers/core",
"informers/core/v1", "informers/core/v1",
"informers/events", "informers/events",
@ -2050,6 +2069,10 @@
"informers/internalinterfaces", "informers/internalinterfaces",
"informers/networking", "informers/networking",
"informers/networking/v1", "informers/networking/v1",
"informers/networking/v1beta1",
"informers/node",
"informers/node/v1alpha1",
"informers/node/v1beta1",
"informers/policy", "informers/policy",
"informers/policy/v1beta1", "informers/policy/v1beta1",
"informers/rbac", "informers/rbac",
@ -2057,6 +2080,7 @@
"informers/rbac/v1alpha1", "informers/rbac/v1alpha1",
"informers/rbac/v1beta1", "informers/rbac/v1beta1",
"informers/scheduling", "informers/scheduling",
"informers/scheduling/v1",
"informers/scheduling/v1alpha1", "informers/scheduling/v1alpha1",
"informers/scheduling/v1beta1", "informers/scheduling/v1beta1",
"informers/settings", "informers/settings",
@ -2067,54 +2091,68 @@
"informers/storage/v1beta1", "informers/storage/v1beta1",
"kubernetes", "kubernetes",
"kubernetes/scheme", "kubernetes/scheme",
"kubernetes/typed/admissionregistration/v1alpha1",
"kubernetes/typed/admissionregistration/v1beta1", "kubernetes/typed/admissionregistration/v1beta1",
"kubernetes/typed/apps/v1", "kubernetes/typed/apps/v1",
"kubernetes/typed/apps/v1beta1", "kubernetes/typed/apps/v1beta1",
"kubernetes/typed/apps/v1beta2", "kubernetes/typed/apps/v1beta2",
"kubernetes/typed/auditregistration/v1alpha1",
"kubernetes/typed/authentication/v1", "kubernetes/typed/authentication/v1",
"kubernetes/typed/authentication/v1beta1", "kubernetes/typed/authentication/v1beta1",
"kubernetes/typed/authorization/v1", "kubernetes/typed/authorization/v1",
"kubernetes/typed/authorization/v1beta1", "kubernetes/typed/authorization/v1beta1",
"kubernetes/typed/autoscaling/v1", "kubernetes/typed/autoscaling/v1",
"kubernetes/typed/autoscaling/v2beta1", "kubernetes/typed/autoscaling/v2beta1",
"kubernetes/typed/autoscaling/v2beta2",
"kubernetes/typed/batch/v1", "kubernetes/typed/batch/v1",
"kubernetes/typed/batch/v1beta1", "kubernetes/typed/batch/v1beta1",
"kubernetes/typed/batch/v2alpha1", "kubernetes/typed/batch/v2alpha1",
"kubernetes/typed/certificates/v1beta1", "kubernetes/typed/certificates/v1beta1",
"kubernetes/typed/coordination/v1",
"kubernetes/typed/coordination/v1beta1",
"kubernetes/typed/core/v1", "kubernetes/typed/core/v1",
"kubernetes/typed/events/v1beta1", "kubernetes/typed/events/v1beta1",
"kubernetes/typed/extensions/v1beta1", "kubernetes/typed/extensions/v1beta1",
"kubernetes/typed/networking/v1", "kubernetes/typed/networking/v1",
"kubernetes/typed/networking/v1beta1",
"kubernetes/typed/node/v1alpha1",
"kubernetes/typed/node/v1beta1",
"kubernetes/typed/policy/v1beta1", "kubernetes/typed/policy/v1beta1",
"kubernetes/typed/rbac/v1", "kubernetes/typed/rbac/v1",
"kubernetes/typed/rbac/v1alpha1", "kubernetes/typed/rbac/v1alpha1",
"kubernetes/typed/rbac/v1beta1", "kubernetes/typed/rbac/v1beta1",
"kubernetes/typed/scheduling/v1",
"kubernetes/typed/scheduling/v1alpha1", "kubernetes/typed/scheduling/v1alpha1",
"kubernetes/typed/scheduling/v1beta1", "kubernetes/typed/scheduling/v1beta1",
"kubernetes/typed/settings/v1alpha1", "kubernetes/typed/settings/v1alpha1",
"kubernetes/typed/storage/v1", "kubernetes/typed/storage/v1",
"kubernetes/typed/storage/v1alpha1", "kubernetes/typed/storage/v1alpha1",
"kubernetes/typed/storage/v1beta1", "kubernetes/typed/storage/v1beta1",
"listers/admissionregistration/v1alpha1",
"listers/admissionregistration/v1beta1", "listers/admissionregistration/v1beta1",
"listers/apps/v1", "listers/apps/v1",
"listers/apps/v1beta1", "listers/apps/v1beta1",
"listers/apps/v1beta2", "listers/apps/v1beta2",
"listers/auditregistration/v1alpha1",
"listers/autoscaling/v1", "listers/autoscaling/v1",
"listers/autoscaling/v2beta1", "listers/autoscaling/v2beta1",
"listers/autoscaling/v2beta2",
"listers/batch/v1", "listers/batch/v1",
"listers/batch/v1beta1", "listers/batch/v1beta1",
"listers/batch/v2alpha1", "listers/batch/v2alpha1",
"listers/certificates/v1beta1", "listers/certificates/v1beta1",
"listers/coordination/v1",
"listers/coordination/v1beta1",
"listers/core/v1", "listers/core/v1",
"listers/events/v1beta1", "listers/events/v1beta1",
"listers/extensions/v1beta1", "listers/extensions/v1beta1",
"listers/networking/v1", "listers/networking/v1",
"listers/networking/v1beta1",
"listers/node/v1alpha1",
"listers/node/v1beta1",
"listers/policy/v1beta1", "listers/policy/v1beta1",
"listers/rbac/v1", "listers/rbac/v1",
"listers/rbac/v1alpha1", "listers/rbac/v1alpha1",
"listers/rbac/v1beta1", "listers/rbac/v1beta1",
"listers/scheduling/v1",
"listers/scheduling/v1alpha1", "listers/scheduling/v1alpha1",
"listers/scheduling/v1beta1", "listers/scheduling/v1beta1",
"listers/settings/v1alpha1", "listers/settings/v1alpha1",
@ -2139,20 +2177,19 @@
"tools/pager", "tools/pager",
"tools/reference", "tools/reference",
"transport", "transport",
"util/buffer",
"util/cert", "util/cert",
"util/connrotation", "util/connrotation",
"util/flowcontrol", "util/flowcontrol",
"util/homedir", "util/homedir",
"util/integer", "util/keyutil",
"util/retry", "util/retry",
] ]
pruneopts = "NUT" pruneopts = "NUT"
revision = "7d04d0e2a0a1a4d4a1cd6baa432a2301492e4e65" revision = "8e956561bbf57253b1d19c449d0f24e8cb18d467"
version = "v8.0.0" version = "kubernetes-1.15.1"
[[projects]] [[projects]]
digest = "1:7320216e50843bfc1092d20b535a20683abc967e0eba38441c85c3265da10a34" digest = "1:f41480fd8c5f54b13326ee0f2ee398d5734789b790dbc4db57f9b08a0d63139a"
name = "k8s.io/code-generator" name = "k8s.io/code-generator"
packages = [ packages = [
"cmd/client-gen", "cmd/client-gen",
@ -2173,11 +2210,12 @@
"cmd/lister-gen", "cmd/lister-gen",
"cmd/lister-gen/args", "cmd/lister-gen/args",
"cmd/lister-gen/generators", "cmd/lister-gen/generators",
"pkg/namer",
"pkg/util", "pkg/util",
] ]
pruneopts = "T" pruneopts = "T"
revision = "f8cba74510f397bac80157a6c4ccb0ffbc31b9d0" revision = "18da4a14b22b17d2fa761e50037fabfbacec225b"
version = "kubernetes-1.11.7" version = "kubernetes-1.15.1"
[[projects]] [[projects]]
branch = "master" branch = "master"
@ -2212,6 +2250,26 @@
pruneopts = "NUT" pruneopts = "NUT"
revision = "15615b16d372105f0c69ff47dfe7402926a65aaa" revision = "15615b16d372105f0c69ff47dfe7402926a65aaa"
[[projects]]
branch = "master"
digest = "1:2d3f59daa4b479ff4e100a2e1d8fea6780040fdadc177869531fe4cc29407f55"
name = "k8s.io/utils"
packages = [
"buffer",
"integer",
"trace",
]
pruneopts = "NUT"
revision = "581e00157fb1a0435d4fac54a52d1ca1e481d60e"
[[projects]]
digest = "1:8730e0150dfb2b7e173890c8b9868e7a273082ef8e39f4940e3506a481cf895c"
name = "sigs.k8s.io/yaml"
packages = ["."]
pruneopts = "NUT"
revision = "fd68e9863619f6ec2fdd8625fe1f02e7c877e480"
version = "v1.1.0"
[solve-meta] [solve-meta]
analyzer-name = "dep" analyzer-name = "dep"
analyzer-version = 1 analyzer-version = 1
@ -2241,6 +2299,7 @@
"github.com/docker/go-connections/sockets", "github.com/docker/go-connections/sockets",
"github.com/eapache/channels", "github.com/eapache/channels",
"github.com/elazarl/go-bindata-assetfs", "github.com/elazarl/go-bindata-assetfs",
"github.com/fatih/structs",
"github.com/gambol99/go-marathon", "github.com/gambol99/go-marathon",
"github.com/go-acme/lego/certcrypto", "github.com/go-acme/lego/certcrypto",
"github.com/go-acme/lego/certificate", "github.com/go-acme/lego/certificate",
@ -2263,7 +2322,7 @@
"github.com/google/go-github/github", "github.com/google/go-github/github",
"github.com/gorilla/websocket", "github.com/gorilla/websocket",
"github.com/hashicorp/go-version", "github.com/hashicorp/go-version",
"github.com/influxdata/influxdb/client/v2", "github.com/influxdata/influxdb1-client/v2",
"github.com/instana/go-sensor", "github.com/instana/go-sensor",
"github.com/libkermit/compose/check", "github.com/libkermit/compose/check",
"github.com/libkermit/docker", "github.com/libkermit/docker",
@ -2321,6 +2380,7 @@
"k8s.io/apimachinery/pkg/runtime/serializer", "k8s.io/apimachinery/pkg/runtime/serializer",
"k8s.io/apimachinery/pkg/types", "k8s.io/apimachinery/pkg/types",
"k8s.io/apimachinery/pkg/util/intstr", "k8s.io/apimachinery/pkg/util/intstr",
"k8s.io/apimachinery/pkg/util/runtime",
"k8s.io/apimachinery/pkg/watch", "k8s.io/apimachinery/pkg/watch",
"k8s.io/client-go/discovery", "k8s.io/client-go/discovery",
"k8s.io/client-go/discovery/fake", "k8s.io/client-go/discovery/fake",

View file

@ -111,7 +111,11 @@ required = [
[[constraint]] [[constraint]]
name = "github.com/go-kit/kit" name = "github.com/go-kit/kit"
version = "0.7.0" version = "v0.9.0"
[[constraint]]
name = "github.com/prometheus/client_golang"
version = "v1.0.0"
[[constraint]] [[constraint]]
branch = "master" branch = "master"
@ -121,10 +125,6 @@ required = [
# name = "github.com/hashicorp/consul" # name = "github.com/hashicorp/consul"
# version = "1.0.6" # version = "1.0.6"
[[constraint]]
name = "github.com/influxdata/influxdb"
version = "1.3.7"
#[[constraint]] #[[constraint]]
# branch = "master" # branch = "master"
# name = "github.com/jjcollinge/servicefabric" # name = "github.com/jjcollinge/servicefabric"
@ -203,19 +203,19 @@ required = [
[[constraint]] [[constraint]]
name = "k8s.io/client-go" name = "k8s.io/client-go"
version = "8.0.0" # 8.0.0 version = "kubernetes-1.15.1" # kubernetes-1.15.1
[[constraint]] [[constraint]]
name = "k8s.io/code-generator" name = "k8s.io/code-generator"
version = "kubernetes-1.11.7" version = "kubernetes-1.15.1" # "kubernetes-1.15.1"
[[constraint]] [[constraint]]
name = "k8s.io/api" name = "k8s.io/api"
version = "kubernetes-1.11.7" # "kubernetes-1.11.7" version = "kubernetes-1.15.1" # "kubernetes-1.15.1"
[[constraint]] [[constraint]]
name = "k8s.io/apimachinery" name = "k8s.io/apimachinery"
version = "kubernetes-1.11.7" # "kubernetes-1.11.7" version = "kubernetes-1.15.1" # "kubernetes-1.15.1"
[[override]] [[override]]
name = "github.com/json-iterator/go" name = "github.com/json-iterator/go"
@ -235,28 +235,29 @@ required = [
[[constraint]] [[constraint]]
name = "github.com/docker/docker" name = "github.com/docker/docker"
revision = "7848b8beb9d38a98a78b75f78e05f8d2255f9dfe" source = "github.com/docker/engine"
version = "v19.03.1"
[[override]] [[override]]
name = "github.com/docker/docker" name = "github.com/docker/docker"
revision = "7848b8beb9d38a98a78b75f78e05f8d2255f9dfe" source = "github.com/docker/engine"
version = "v19.03.1"
[[override]] [[override]]
name = "github.com/docker/cli" name = "github.com/docker/cli"
revision = "6b63d7b96a41055baddc3fa71f381c7f60bd5d8e" version = "v19.03.1"
[[override]] [[override]]
name = "github.com/docker/distribution" name = "github.com/docker/distribution"
revision = "edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c" version = "v2.7.1"
[[override]] [[override]]
branch = "master" branch = "master"
name = "github.com/docker/libcompose" name = "github.com/docker/libcompose"
[[override]] [[override]]
name = "github.com/Nvveen/Gotty" name = "github.com/xeipuuv/gojsonschema"
revision = "a8b993ba6abdb0e0c12b0125c603323a71c7790c" version = "v1.1.0"
source = "github.com/ijc25/Gotty"
[[override]] [[override]]
# ALWAYS keep this override # ALWAYS keep this override
@ -273,7 +274,7 @@ required = [
[[constraint]] [[constraint]]
name = "gopkg.in/DataDog/dd-trace-go.v1" name = "gopkg.in/DataDog/dd-trace-go.v1"
version = "1.13.0" version = "1.15.0"
[[constraint]] [[constraint]]
name = "github.com/instana/go-sensor" name = "github.com/instana/go-sensor"
@ -282,3 +283,7 @@ required = [
[[constraint]] [[constraint]]
name = "github.com/ExpediaDotCom/haystack-client-go" name = "github.com/ExpediaDotCom/haystack-client-go"
version = "0.2.3" version = "0.2.3"
[[constraint]]
name = "gopkg.in/yaml.v2"
version = "v2.2.2"

View file

@ -58,7 +58,7 @@ build-webui-image:
generate-webui: build-webui-image generate-webui: build-webui-image
if [ ! -d "static" ]; then \ if [ ! -d "static" ]; then \
mkdir -p static; \ mkdir -p static; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build; \ docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build:nc; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ../static; \ docker run --rm -v "$$PWD/static":'/src/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ../static; \
echo 'For more informations show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \ echo 'For more informations show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \
fi fi

View file

@ -6,15 +6,15 @@ RUN apk --update upgrade \
&& rm -rf /var/cache/apk/* && rm -rf /var/cache/apk/*
# Download golangci-lint and misspell binary to bin folder in $GOPATH # Download golangci-lint and misspell binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.15.0 \ RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.17.1 \
&& go get github.com/client9/misspell/cmd/misspell && go get github.com/client9/misspell/cmd/misspell
# Download goreleaser binary to bin folder in $GOPATH # Download goreleaser binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh RUN curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh
# Which docker version to test on # Which docker version to test on
ARG DOCKER_VERSION=17.03.2 ARG DOCKER_VERSION=18.09.7
ARG DEP_VERSION=0.5.0 ARG DEP_VERSION=0.5.4
# Download go-bindata binary to bin folder in $GOPATH # Download go-bindata binary to bin folder in $GOPATH
RUN mkdir -p /usr/local/bin \ RUN mkdir -p /usr/local/bin \
@ -28,7 +28,7 @@ RUN mkdir -p /usr/local/bin \
# Download docker # Download docker
RUN mkdir -p /usr/local/bin \ RUN mkdir -p /usr/local/bin \
&& curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}-ce.tgz \ && curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
| tar -xzC /usr/local/bin --transform 's#^.+/##x' | tar -xzC /usr/local/bin --transform 's#^.+/##x'
WORKDIR /go/src/github.com/containous/traefik WORKDIR /go/src/github.com/containous/traefik

View file

@ -24,7 +24,7 @@ func NewCmd(traefikConfiguration *static.Configuration, loaders []cli.ResourceLo
func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error { func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error {
return func(_ []string) error { return func(_ []string) error {
traefikConfiguration.SetEffectiveConfiguration("") traefikConfiguration.SetEffectiveConfiguration()
resp, errPing := Do(*traefikConfiguration) resp, errPing := Do(*traefikConfiguration)
if resp != nil { if resp != nil {
@ -51,7 +51,7 @@ func Do(staticConfiguration static.Configuration) (*http.Response, error) {
return nil, errors.New("please enable `ping` to use health check") return nil, errors.New("please enable `ping` to use health check")
} }
pingEntryPoint, ok := staticConfiguration.EntryPoints[staticConfiguration.Ping.EntryPoint] pingEntryPoint, ok := staticConfiguration.EntryPoints["traefik"]
if !ok { if !ok {
return nil, errors.New("missing `ping` entrypoint") return nil, errors.New("missing `ping` entrypoint")
} }

View file

@ -17,9 +17,10 @@ import (
cmdVersion "github.com/containous/traefik/cmd/version" cmdVersion "github.com/containous/traefik/cmd/version"
"github.com/containous/traefik/pkg/cli" "github.com/containous/traefik/pkg/cli"
"github.com/containous/traefik/pkg/collector" "github.com/containous/traefik/pkg/collector"
"github.com/containous/traefik/pkg/config" "github.com/containous/traefik/pkg/config/dynamic"
"github.com/containous/traefik/pkg/config/static" "github.com/containous/traefik/pkg/config/static"
"github.com/containous/traefik/pkg/log" "github.com/containous/traefik/pkg/log"
"github.com/containous/traefik/pkg/provider/acme"
"github.com/containous/traefik/pkg/provider/aggregator" "github.com/containous/traefik/pkg/provider/aggregator"
"github.com/containous/traefik/pkg/safe" "github.com/containous/traefik/pkg/safe"
"github.com/containous/traefik/pkg/server" "github.com/containous/traefik/pkg/server"
@ -53,7 +54,7 @@ Complete documentation is available at https://traefik.io`,
Configuration: tConfig, Configuration: tConfig,
Resources: loaders, Resources: loaders,
Run: func(_ []string) error { Run: func(_ []string) error {
return runCmd(&tConfig.Configuration, cli.GetConfigFile(loaders)) return runCmd(&tConfig.Configuration)
}, },
} }
@ -78,7 +79,7 @@ Complete documentation is available at https://traefik.io`,
os.Exit(0) os.Exit(0)
} }
func runCmd(staticConfiguration *static.Configuration, configFile string) error { func runCmd(staticConfiguration *static.Configuration) error {
configureLogging(staticConfiguration) configureLogging(staticConfiguration)
http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
@ -87,8 +88,10 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
log.WithoutContext().Errorf("Could not set roundrobin default weight: %v", err) log.WithoutContext().Errorf("Could not set roundrobin default weight: %v", err)
} }
staticConfiguration.SetEffectiveConfiguration(configFile) staticConfiguration.SetEffectiveConfiguration()
staticConfiguration.ValidateConfiguration() if err := staticConfiguration.ValidateConfiguration(); err != nil {
return err
}
log.WithoutContext().Infof("Traefik version %s built on %s", version.Version, version.BuildDate) log.WithoutContext().Infof("Traefik version %s built on %s", version.Version, version.BuildDate)
@ -112,15 +115,9 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
providerAggregator := aggregator.NewProviderAggregator(*staticConfiguration.Providers) providerAggregator := aggregator.NewProviderAggregator(*staticConfiguration.Providers)
acmeProvider, err := staticConfiguration.InitACMEProvider() tlsManager := traefiktls.NewManager()
if err != nil {
log.WithoutContext().Errorf("Unable to initialize ACME provider: %v", err) acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager)
} else if acmeProvider != nil {
if err := providerAggregator.AddProvider(acmeProvider); err != nil {
log.WithoutContext().Errorf("Unable to add ACME provider to the providers list: %v", err)
acmeProvider = nil
}
}
serverEntryPointsTCP := make(server.TCPEntryPoints) serverEntryPointsTCP := make(server.TCPEntryPoints)
for entryPointName, config := range staticConfiguration.EntryPoints { for entryPointName, config := range staticConfiguration.EntryPoints {
@ -129,27 +126,31 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
if err != nil { if err != nil {
return fmt.Errorf("error while building entryPoint %s: %v", entryPointName, err) return fmt.Errorf("error while building entryPoint %s: %v", entryPointName, err)
} }
serverEntryPointsTCP[entryPointName].RouteAppenderFactory = router.NewRouteAppenderFactory(*staticConfiguration, entryPointName, acmeProvider) serverEntryPointsTCP[entryPointName].RouteAppenderFactory = router.NewRouteAppenderFactory(*staticConfiguration, entryPointName, acmeProviders)
} }
tlsManager := traefiktls.NewManager()
if acmeProvider != nil {
acmeProvider.SetTLSManager(tlsManager)
if acmeProvider.TLSChallenge != nil &&
acmeProvider.HTTPChallenge == nil &&
acmeProvider.DNSChallenge == nil {
tlsManager.TLSAlpnGetter = acmeProvider.GetTLSALPNCertificate
}
}
svr := server.NewServer(*staticConfiguration, providerAggregator, serverEntryPointsTCP, tlsManager) svr := server.NewServer(*staticConfiguration, providerAggregator, serverEntryPointsTCP, tlsManager)
if acmeProvider != nil && acmeProvider.OnHostRule { resolverNames := map[string]struct{}{}
acmeProvider.SetConfigListenerChan(make(chan config.Configuration))
svr.AddListener(acmeProvider.ListenConfiguration) for _, p := range acmeProviders {
resolverNames[p.ResolverName] = struct{}{}
svr.AddListener(p.ListenConfiguration)
} }
svr.AddListener(func(config dynamic.Configuration) {
for rtName, rt := range config.HTTP.Routers {
if rt.TLS == nil || rt.TLS.CertResolver == "" {
continue
}
if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
log.WithoutContext().Errorf("the router %s uses a non-existent resolver: %s", rtName, rt.TLS.CertResolver)
}
}
})
ctx := cmd.ContextWithSignal(context.Background()) ctx := cmd.ContextWithSignal(context.Background())
if staticConfiguration.Ping != nil { if staticConfiguration.Ping != nil {
@ -196,6 +197,40 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
return nil return nil
} }
// initACMEProvider creates an acme provider from the ACME part of globalConfiguration
func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager) []*acme.Provider {
challengeStore := acme.NewLocalChallengeStore()
localStores := map[string]*acme.LocalStore{}
var resolvers []*acme.Provider
for name, resolver := range c.CertificatesResolvers {
if resolver.ACME != nil {
if localStores[resolver.ACME.Storage] == nil {
localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
}
p := &acme.Provider{
Configuration: resolver.ACME,
Store: localStores[resolver.ACME.Storage],
ChallengeStore: challengeStore,
ResolverName: name,
}
if err := providerAggregator.AddProvider(p); err != nil {
log.WithoutContext().Errorf("Unable to add ACME provider to the providers list: %v", err)
continue
}
p.SetTLSManager(tlsManager)
if p.TLSChallenge != nil {
tlsManager.TLSAlpnGetter = p.GetTLSALPNCertificate
}
p.SetConfigListenerChan(make(chan dynamic.Configuration))
resolvers = append(resolvers, p)
}
}
return resolvers
}
func configureLogging(staticConfiguration *static.Configuration) { func configureLogging(staticConfiguration *static.Configuration) {
// configure default log flags // configure default log flags
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags) stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)

View file

@ -123,7 +123,7 @@ If you happen to update the provider's templates (located in `/templates`), you
The [dep](https://github.com/golang/dep) command is not required for building; The [dep](https://github.com/golang/dep) command is not required for building;
however, it is necessary if you need to update the dependencies (i.e., add, update, or remove third-party packages). however, it is necessary if you need to update the dependencies (i.e., add, update, or remove third-party packages).
You need [dep](https://github.com/golang/dep) >= 0.5.0. You need [dep](https://github.com/golang/dep) >= 0.5.4.
If you want to add a dependency, use `dep ensure -add` to have [dep](https://github.com/golang/dep) put it into the vendor folder and update the dep manifest/lock files (`Gopkg.toml` and `Gopkg.lock`, respectively). If you want to add a dependency, use `dep ensure -add` to have [dep](https://github.com/golang/dep) put it into the vendor folder and update the dep manifest/lock files (`Gopkg.toml` and `Gopkg.lock`, respectively).

View file

@ -9,20 +9,25 @@ Understanding how you use Traefik is very important to us: it helps us improve t
For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases. For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
!!! warning !!! warning
During the alpha stage only, leaving this option unset will not prevent Traefik from running but will generate an error log indicating that it enables data collection by default. During the beta stage only, leaving this option unset will not prevent Traefik from running but will generate an error log indicating that it enables data collection by default.
??? example "Enabling Data Collection with TOML" !!! example "Enabling Data Collection"
```toml ```toml tab="File (TOML)"
[global] [global]
# Send anonymous usage data # Send anonymous usage data
sendAnonymousUsage = true sendAnonymousUsage = true
``` ```
??? example "Enabling Data Collection with the CLI" ```yaml tab="File (YAML)"
global:
# Send anonymous usage data
sendAnonymousUsage: true
```
```bash ```bash tab="CLI"
./traefik --sendAnonymousUsage=true # Send anonymous usage data
--global.sendAnonymousUsage
``` ```
## Collected Data ## Collected Data

View file

@ -0,0 +1,70 @@
# Install Traefik
You can install Traefik with the following flavors:
* [Use the official Docker image](./#use-the-official-docker-image)
* [Use the binary distribution](./#use-the-binary-distribution)
* [Compile your binary from the sources](./#compile-your-binary-from-the-sources)
## Use the Official Docker Image
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.0/traefik.sample.toml):
```shell
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.0
```
For more details, go to the [Docker provider documentation](../providers/docker.md)
!!! tip
* Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v2.0.0`
* Docker images comes in 2 flavors: scratch based or alpine based.
* All the orchestrator using docker images could fetch the official Traefik docker image.
## Use the Binary Distribution
Grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page.
??? tip "Check the integrity of the downloaded file"
```bash tab="Linux"
# Compare this value to the one found in traefik-${traefik_version}_checksums.txt
sha256sum ./traefik_${traefik_version}_linux_${arch}.tar.gz
```
```bash tab="macOS"
# Compare this value to the one found in traefik-${traefik_version}_checksums.txt
shasum -a256 ./traefik_${traefik_version}_darwin_amd64.tar.gz
```
```powershell tab="Windows PowerShell"
# Compare this value to the one found in traefik-${traefik_version}_checksums.txt
Get-FileHash ./traefik_${traefik_version}_windows_${arch}.zip -Algorithm SHA256
```
??? tip "Extract the downloaded archive"
```bash tab="Linux"
tar -zxvf traefik_${traefik_version}_linux_${arch}.tar.gz
```
```bash tab="macOS"
tar -zxvf ./traefik_${traefik_version}_darwin_amd64.tar.gz
```
```powershell tab="Windows PowerShell"
Expand-Archive traefik_${traefik_version}_windows_${arch}.zip
```
And run it:
```bash
./traefik --help
```
## Compile your Binary from the Sources
All the details are available in the [Contributing Guide](../contributing/building-testing.md)

View file

@ -12,83 +12,48 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
??? example "Enabling ACME" ??? example "Enabling ACME"
```toml tab="TOML" ```toml tab="File (TOML)"
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
address = ":80" address = ":80"
[entryPoints.http-tls] [entryPoints.web-secure]
address = ":443" address = ":443"
# every router with TLS enabled will now be able to use ACME for its certificates [certificatesResolvers.sample.acme]
[acme]
email = "your-email@your-domain.org" email = "your-email@your-domain.org"
storage = "acme.json" storage = "acme.json"
# dynamic generation based on the Host() & HostSNI() matchers
onHostRule = true
[acme.httpChallenge] [acme.httpChallenge]
# used during the challenge # used during the challenge
entryPoint = "web" entryPoint = "web"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
http-tls: web-secure:
address: ":443" address: ":443"
# every router with TLS enabled will now be able to use ACME for its certificates certificatesResolvers:
sample:
acme: acme:
email: your-email@your-domain.org email: your-email@your-domain.org
storage: acme.json storage: acme.json
# dynamic generation based on the Host() & HostSNI() matchers
onHostRule: true
httpChallenge: httpChallenge:
# used during the challenge # used during the challenge
entryPoint: web entryPoint: web
``` ```
??? example "Configuring Wildcard Certificates" ```bash tab="CLI"
--entryPoints.web.address=":80"
```toml tab="TOML" --entryPoints.websecure.address=":443"
[entryPoints] # ...
[entryPoints.web] --certificatesResolvers.sample.acme.email: your-email@your-domain.org
address = ":80" --certificatesResolvers.sample.acme.storage: acme.json
# used during the challenge
[entryPoints.http-tls] --certificatesResolvers.sample.acme.httpChallenge.entryPoint: web
address = ":443"
[acme]
email = "your-email@your-domain.org"
storage = "acme.json"
[acme.dnsChallenge]
provider = "xxx"
[[acme.domains]]
main = "*.mydomain.com"
sans = ["mydomain.com"]
```
```yaml tab="YAML"
entryPoints:
web:
address: ":80"
http-tls:
address: ":443"
acme:
email: your-email@your-domain.org
storage: acme.json
dnsChallenge:
provide: xxx
domains:
- main: "*.mydomain.com"
sans:
- mydomain.com
``` ```
??? note "Configuration Reference" ??? note "Configuration Reference"
@ -96,14 +61,18 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
There are many available options for ACME. There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference: For a quick glance at what's possible, browse the configuration reference:
```toml tab="TOML" ```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml" --8<-- "content/https/ref-acme.toml"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml" --8<-- "content/https/ref-acme.yaml"
``` ```
```bash tab="CLI"
--8<-- "content/https/ref-acme.txt"
```
## Automatic Renewals ## Automatic Renewals
Traefik automatically tracks the expiry date of ACME certificates it generates. Traefik automatically tracks the expiry date of ACME certificates it generates.
@ -124,37 +93,69 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
??? example "Configuring the `tlsChallenge`" ??? example "Configuring the `tlsChallenge`"
```toml tab="TOML" ```toml tab="File (TOML)"
[acme] [certificatesResolvers.sample.acme]
[acme.tlsChallenge] # ...
[certificatesResolvers.sample.acme.tlsChallenge]
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
certificatesResolvers:
sample:
acme: acme:
# ...
tlsChallenge: {} tlsChallenge: {}
``` ```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.tlsChallenge=true
```
### `httpChallenge` ### `httpChallenge`
Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning an HTTP resource under a well-known URI. Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning an HTTP resource under a well-known URI.
As described on the Let's Encrypt [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72), As described on the Let's Encrypt [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72),
when using the `HTTP-01` challenge, `acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80. when using the `HTTP-01` challenge, `certificatesResolvers.sample.acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80.
??? example "Using an EntryPoint Called http for the `httpChallenge`" ??? example "Using an EntryPoint Called http for the `httpChallenge`"
```toml tab="TOML" ```toml tab="File (TOML)"
[acme] [entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[certificatesResolvers.sample.acme]
# ... # ...
[acme.httpChallenge] [certificatesResolvers.sample.acme.httpChallenge]
entryPoint = "http" entryPoint = "web"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
certificatesResolvers:
sample:
acme: acme:
# ... # ...
httpChallenge: httpChallenge:
entryPoint: http entryPoint: web
```
```bash tab="CLI"
--entryPoints.web.address=":80"
--entryPoints.websecure.address=":443"
# ...
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
``` ```
!!! note !!! note
@ -166,16 +167,18 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider" ??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
```toml tab="TOML" ```toml tab="File (TOML)"
[acme] [certificatesResolvers.sample.acme]
# ... # ...
[acme.dnsChallenge] [certificatesResolvers.sample.acme.dnsChallenge]
provider = "digitalocean" provider = "digitalocean"
delayBeforeCheck = 0 delayBeforeCheck = 0
# ... # ...
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
certificatesResolvers:
sample:
acme: acme:
# ... # ...
dnsChallenge: dnsChallenge:
@ -184,6 +187,13 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
# ... # ...
``` ```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.dnsChallenge.provider=digitalocean
--certificatesResolvers.sample.acme.dnsChallenge.delayBeforeCheck=0
# ...
```
!!! important !!! important
A `provider` is mandatory. A `provider` is mandatory.
@ -199,7 +209,7 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
| Provider Name | Provider Code | Environment Variables | | | Provider Name | Provider Code | Environment Variables | |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------| |-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) | | [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.vultr.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) | | [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) | | [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) | | [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) | | [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
@ -230,7 +240,7 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) | | [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) | | [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linodev4) | | [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linodev4) |
| manual | - | none, but you need to run Traefik interactively [^4], turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | | | manual | - | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) | | [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) | | [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) | | [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
@ -268,15 +278,17 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
Use custom DNS servers to resolve the FQDN authority. Use custom DNS servers to resolve the FQDN authority.
```toml tab="TOML" ```toml tab="File (TOML)"
[acme] [certificatesResolvers.sample.acme]
# ... # ...
[acme.dnsChallenge] [certificatesResolvers.sample.acme.dnsChallenge]
# ... # ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"] resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
certificatesResolvers:
sample:
acme: acme:
# ... # ...
dnsChallenge: dnsChallenge:
@ -286,147 +298,68 @@ acme:
- "8.8.8.8:53" - "8.8.8.8:53"
``` ```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.dnsChallenge.resolvers:="1.1.1.1:53,8.8.8.8:53"
```
#### Wildcard Domains #### Wildcard Domains
[ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates. [ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](#dnschallenge). As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](#dnschallenge).
```toml tab="TOML"
[acme]
# ...
[[acme.domains]]
main = "*.local1.com"
sans = ["local1.com"]
# ...
```
```yaml tab="YAML"
acme:
# ...
domains:
- main: "*.local1.com"
sans:
- local1.com
# ...
```
!!! note "Double Wildcard Certificates"
It is not possible to request a double wildcard certificate for a domain (for example `*.*.local.com`).
Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed.
In this case the generated DNS TXT record for both domains is the same.
Even though this behavior is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant,
it can lead to problems as all DNS providers keep DNS records cached for a given time (TTL) and this TTL can be greater than the challenge timeout making the `DNS-01` challenge fail.
The Traefik ACME client library [LEGO](https://github.com/go-acme/lego) supports some but not all DNS providers to work around this issue.
The [Supported `provider` table](#providers) indicates if they allow generating certificates for a wildcard domain and its root domain.
## Known Domains, SANs
You can set SANs (alternative domains) for each main domain.
Every domain must have A/AAAA records pointing to Traefik.
Each domain & SAN will lead to a certificate request.
```toml tab="TOML"
[acme]
# ...
[[acme.domains]]
main = "local1.com"
sans = ["test1.local1.com", "test2.local1.com"]
[[acme.domains]]
main = "local2.com"
[[acme.domains]]
main = "*.local3.com"
sans = ["local3.com", "test1.test1.local3.com"]
# ...
```
```yaml tab="YAML"
acme:
# ...
domains:
- main: "local1.com"
sans:
- "test1.local1.com"
- "test2.local1.com"
- main: "local2.com"
- main: "*.local3.com"
sans:
- "local3.com"
- "test1.test1.local3.com"
# ...
```
!!! important
The certificates for the domains listed in `acme.domains` are negotiated at Traefik startup only.
!!! note
Wildcard certificates can only be verified through a `DNS-01` challenge.
## `caServer` ## `caServer`
??? example "Using the Let's Encrypt staging server" ??? example "Using the Let's Encrypt staging server"
```toml tab="TOML" ```toml tab="File (TOML)"
[acme] [certificatesResolvers.sample.acme]
# ... # ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ... # ...
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
certificatesResolvers:
sample:
acme: acme:
# ... # ...
caServer: https://acme-staging-v02.api.letsencrypt.org/directory caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# ... # ...
``` ```
## `onHostRule` ```bash tab="CLI"
Enable certificate generation on [routers](../routing/routers/index.md) `Host` & `HostSNI` rules.
This will request a certificate from Let's Encrypt for each router with a Host rule.
```toml tab="TOML"
[acme]
# ... # ...
onHostRule = true --certificatesResolvers.sample.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
# ... # ...
``` ```
```yaml tab="YAML"
acme:
# ...
onHostRule: true
# ...
```
!!! note "Multiple Hosts in a Rule"
The rule `Host(test1.traefik.io,test2.traefik.io)` will request a certificate with the main domain `test1.traefik.io` and SAN `test2.traefik.io`.
!!! warning
`onHostRule` option can not be used to generate wildcard certificates. Refer to [wildcard generation](#wildcard-domains) for further information.
## `storage` ## `storage`
The `storage` option sets the location where your ACME certificates are saved to. The `storage` option sets the location where your ACME certificates are saved to.
```toml tab="TOML" ```toml tab="File (TOML)"
[acme] [certificatesResolvers.sample.acme]
# ... # ...
storage = "acme.json" storage = "acme.json"
# ... # ...
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
acme certificatesResolvers:
sample:
acme:
# ... # ...
storage: acme.json storage: acme.json
# ... # ...
``` ```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.storage=acme.json
# ...
```
The value can refer to some kinds of storage: The value can refer to some kinds of storage:
- a JSON file - a JSON file

View file

@ -1,5 +1,5 @@
# Enable ACME (Let's Encrypt): automatic SSL. # Enable ACME (Let's Encrypt): automatic SSL.
[acme] [certificatesResolvers.sample.acme]
# Email address used for registration. # Email address used for registration.
# #
@ -13,27 +13,6 @@ email = "test@traefik.io"
# #
storage = "acme.json" storage = "acme.json"
# If true, display debug log messages from the acme client library.
#
# Optional
# Default: false
#
# acmeLogging = true
# If true, override certificates in key-value store when using storeconfig.
#
# Optional
# Default: false
#
# overrideCertificates = true
# Enable certificate generation on routers host rules.
#
# Optional
# Default: false
#
# onHostRule = true
# CA server to use. # CA server to use.
# Uncomment the line to use Let's Encrypt's staging server, # Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod. # leave commented to go to prod.
@ -50,19 +29,19 @@ storage = "acme.json"
# #
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192" # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
# #
# KeyType = "RSA4096" # keyType = "RSA4096"
# Use a TLS-ALPN-01 ACME challenge. # Use a TLS-ALPN-01 ACME challenge.
# #
# Optional (but recommended) # Optional (but recommended)
# #
[acme.tlsChallenge] [certificatesResolvers.sample.acme.tlsChallenge]
# Use a HTTP-01 ACME challenge. # Use a HTTP-01 ACME challenge.
# #
# Optional # Optional
# #
# [acme.httpChallenge] # [certificatesResolvers.sample.acme.httpChallenge]
# EntryPoint to use for the HTTP-01 challenges. # EntryPoint to use for the HTTP-01 challenges.
# #
@ -75,7 +54,7 @@ storage = "acme.json"
# #
# Optional # Optional
# #
# [acme.dnsChallenge] # [certificatesResolvers.sample.acme.dnsChallenge]
# DNS provider used. # DNS provider used.
# #
@ -108,16 +87,3 @@ storage = "acme.json"
# Default: false # Default: false
# #
# disablePropagationCheck = true # disablePropagationCheck = true
# Domains list.
# Only domains defined here can generate wildcard certificates.
# The certificates for these domains are negotiated at traefik startup only.
#
# [[acme.domains]]
# main = "local1.com"
# sans = ["test1.local1.com", "test2.local1.com"]
# [[acme.domains]]
# main = "local2.com"
# [[acme.domains]]
# main = "*.local3.com"
# sans = ["local3.com", "test1.test1.local3.com"]

View file

@ -0,0 +1,88 @@
# Enable ACME (Let's Encrypt): automatic SSL.
# Email address used for registration.
#
# Required
#
--certificatesResolvers.sample.acme.email="test@traefik.io"
# File or key used for certificates storage.
#
# Required
#
--certificatesResolvers.sample.acme.storage="acme.json"
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod.
#
# Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory"
#
--certificatesResolvers.sample.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
# KeyType to use.
#
# Optional
# Default: "RSA4096"
#
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
#
--certificatesResolvers.sample.acme.keyType=RSA4096
# Use a TLS-ALPN-01 ACME challenge.
#
# Optional (but recommended)
#
--certificatesResolvers.sample.acme.tlsChallenge=true
# Use a HTTP-01 ACME challenge.
#
# Optional
#
--certificatesResolvers.sample.acme.httpChallenge=true
# EntryPoint to use for the HTTP-01 challenges.
#
# Required
#
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation.
#
# Optional
#
--certificatesResolvers.sample.acme.dnsChallenge=true
# DNS provider used.
#
# Required
#
--certificatesResolvers.sample.acme.dnsChallenge.provider=digitalocean
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
# Useful if internal networks block external DNS queries.
#
# Optional
# Default: 0
#
--certificatesResolvers.sample.acme.dnsChallenge.delayBeforeCheck=0
# Use following DNS servers to resolve the FQDN authority.
#
# Optional
# Default: empty
#
--certificatesResolvers.sample.acme.dnsChallenge.resolvers="1.1.1.1:53,8.8.8.8:53"
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
#
# NOT RECOMMENDED:
# Increase the risk of reaching Let's Encrypt's rate limits.
#
# Optional
# Default: false
#
--certificatesResolvers.sample.acme.dnsChallenge.disablePropagationCheck=true

View file

@ -1,3 +1,5 @@
certificatesResolvers:
sample:
# Enable ACME (Let's Encrypt): automatic SSL. # Enable ACME (Let's Encrypt): automatic SSL.
acme: acme:
@ -13,27 +15,6 @@ acme:
# #
storage: "acme.json" storage: "acme.json"
# If true, display debug log messages from the acme client library.
#
# Optional
# Default: false
#
# acmeLogging: true
# If true, override certificates in key-value store when using storeconfig.
#
# Optional
# Default: false
#
# overrideCertificates: true
# Enable certificate generation on routers host rules.
#
# Optional
# Default: false
#
# onHostRule: true
# CA server to use. # CA server to use.
# Uncomment the line to use Let's Encrypt's staging server, # Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod. # leave commented to go to prod.
@ -50,7 +31,7 @@ acme:
# #
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192" # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
# #
# KeyType: RSA4096 # keyType: RSA4096
# Use a TLS-ALPN-01 ACME challenge. # Use a TLS-ALPN-01 ACME challenge.
# #
@ -110,18 +91,3 @@ acme:
# Default: false # Default: false
# #
# disablePropagationCheck: true # disablePropagationCheck: true
# Domains list.
# Only domains defined here can generate wildcard certificates.
# The certificates for these domains are negotiated at traefik startup only.
#
# domains:
# - main: "local1.com"
# sans:
# - "test1.local1.com"
# - "test2.local1.com"
# - main: "local2.com"
# - main: "*.local3.com"
# sans:
# - "local3.com"
# - "test1.test1.local3.com"

View file

@ -35,7 +35,7 @@ tls:
!!! important "File Provider Only" !!! important "File Provider Only"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions. In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
In its current alpha version, it is the only available method to configure the certificates (as well as the options and the stores). In its current beta version, it is the only available method to configure the certificates (as well as the options and the stores).
## Certificates Stores ## Certificates Stores
@ -52,9 +52,9 @@ tls:
default: {} default: {}
``` ```
!!! important "Alpha restriction" !!! important "Beta restriction"
During the alpha version, any store definition other than the default one (named `default`) will be ignored, During the beta version, any store definition other than the default one (named `default`) will be ignored,
and there is thefore only one globally available TLS store. and there is thefore only one globally available TLS store.
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored: In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
@ -85,9 +85,9 @@ tls:
keyFile: /path/to/other-domain.key keyFile: /path/to/other-domain.key
``` ```
!!! important "Alpha restriction" !!! important "Beta restriction"
During the alpha version, the `stores` list will actually be ignored and automatically set to `["default"]`. During the beta version, the `stores` list will actually be ignored and automatically set to `["default"]`.
### Default Certificate ### Default Certificate
@ -139,35 +139,39 @@ tls:
minVersion: VersionTLS13 minVersion: VersionTLS13
``` ```
### Mutual Authentication ### Client Authentication (mTLS)
Traefik supports both optional and strict (which is the default) mutual authentication, though the `ClientCA.files` section. Traefik supports mutual authentication, through the `ClientAuth` section.
If present, connections from clients without a certificate will be rejected.
For clients with a certificate, the `optional` option governs the behaviour as follows: For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `ClientAuth.caFiles`.
- When `optional = false`, Traefik accepts connections only from clients presenting a certificate signed by a CA listed in `ClientCA.files`. The `ClientAuth.clientAuthType` option governs the behaviour as follows:
- When `optional = true`, Traefik authorizes connections from clients presenting a certificate signed by an unknown CA.
- `NoClientCert`: disregards any client certificate.
- `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `ClientAuth.caFiles`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `ClientAuth.caFiles`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `ClientAuth.caFiles`.
```toml tab="TOML" ```toml tab="TOML"
[tls.options] [tls.options]
[tls.options.default] [tls.options.default]
[tls.options.default.clientCA] [tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs. # in PEM format. each file can contain multiple CAs.
files = ["tests/clientca1.crt", "tests/clientca2.crt"] caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
optional = false clientAuthType = "RequireAndVerifyClientCert"
``` ```
```yaml tab="YAML" ```yaml tab="YAML"
tls: tls:
options: options:
default: default:
clientCA: clientAuth:
# in PEM format. each file can contain multiple CAs. # in PEM format. each file can contain multiple CAs.
files: caFiles:
- tests/clientca1.crt - tests/clientca1.crt
- tests/clientca2.crt - tests/clientca2.crt
optional: false clientAuthType: RequireAndVerifyClientCert
``` ```
### Cipher Suites ### Cipher Suites

View file

@ -1,2 +1,2 @@
!!! info "More On Entrypoints" !!! info "More On Entry Points"
Learn more about entry points and their configuration options in the dedicated section. Learn more about entry points and their configuration options in the dedicated section.

View file

@ -38,13 +38,22 @@ labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Prefixing with /foo # Prefixing with /foo
[http.middlewares] [http.middlewares]
[http.middlewares.add-foo.addPrefix] [http.middlewares.add-foo.addPrefix]
prefix = "/foo" prefix = "/foo"
``` ```
```yaml tab="File (YAML)"
# Prefixing with /foo
http:
middlewares:
add-foo:
addPrefix:
prefix: "/foo"
```
## Configuration Options ## Configuration Options
### `prefix` ### `prefix`

View file

@ -44,7 +44,7 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Declaring the user list # Declaring the user list
[http.middlewares] [http.middlewares]
[http.middlewares.test-auth.basicAuth] [http.middlewares.test-auth.basicAuth]
@ -54,6 +54,17 @@ labels:
] ]
``` ```
```yaml tab="File (YAML)"
# Declaring the user list
http:
middlewares:
test-auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
## Configuration Options ## Configuration Options
### General ### General
@ -119,12 +130,21 @@ spec:
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
[http.middlewares.my-auth.basicAuth] [http.middlewares.my-auth.basicAuth]
# ... # ...
headerField = "X-WebAuth-User" headerField = "X-WebAuth-User"
``` ```
```yaml tab="File (YAML)"
http:
middlewares:
my-auth:
basicAuth:
# ...
headerField: "X-WebAuth-User"
```
### `removeHeader` ### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.) Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)

View file

@ -42,13 +42,22 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=250000" - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=250000"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Sets the maximum request body to 2Mb # Sets the maximum request body to 2Mb
[http.middlewares] [http.middlewares]
[http.middlewares.limit.buffering] [http.middlewares.limit.buffering]
maxRequestBodyBytes = 250000 maxRequestBodyBytes = 250000
``` ```
```yaml tab="File (YAML)"
# Sets the maximum request body to 2Mb
http:
middlewares:
limit:
buffering:
maxRequestBodyBytes: 250000
```
## Configuration Options ## Configuration Options
### `maxRequestBodyBytes` ### `maxRequestBodyBytes`
@ -77,7 +86,7 @@ You can have the Buffering middleware replay the request with the help of the `r
!!! example "Retries once in case of a network error" !!! example "Retries once in case of a network error"
``` ```toml
retryExpression = "IsNetworkError() && Attempts() < 2" retryExpression = "IsNetworkError() && Attempts() < 2"
``` ```

View file

@ -108,7 +108,7 @@ labels:
- "http.services.service1.loadbalancer.server.port=80" - "http.services.service1.loadbalancer.server.port=80"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# ... # ...
[http.routers] [http.routers]
[http.routers.router1] [http.routers.router1]
@ -135,3 +135,43 @@ labels:
[[http.services.service1.loadBalancer.servers]] [[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80" url = "http://127.0.0.1:80"
``` ```
```yaml tab="File (YAML)"
# ...
http:
routers:
router1:
service: service1
middlewares:
- secured
rule: "Host(`mydomain`)"
middlewares:
secured:
chain:
middlewares:
- https-only
- known-ips
- auth-users
auth-users:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
https-only:
redirectScheme:
scheme: https
known-ips:
ipWhiteList:
sourceRange:
- "192.168.1.7"
- "127.0.0.1/32"
services:
service1:
loadBalancer:
servers:
- url: "http://127.0.0.1:80"
```

View file

@ -52,13 +52,22 @@ labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Latency Check # Latency Check
[http.middlewares] [http.middlewares]
[http.middlewares.latency-check.circuitBreaker] [http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100" expression = "LatencyAtQuantileMS(50.0) > 100"
``` ```
```yaml tab="File (YAML)"
# Latency Check
http:
middlewares:
latency-check:
circuitBreaker:
expression: "LatencyAtQuantileMS(50.0) > 100"
```
## Possible States ## Possible States
There are three possible states for your circuit breaker: There are three possible states for your circuit breaker:

View file

@ -37,12 +37,20 @@ labels:
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Enable gzip compression # Enable gzip compression
[http.middlewares] [http.middlewares]
[http.middlewares.test-compress.compress] [http.middlewares.test-compress.compress]
``` ```
```yaml tab="File (YAML)"
# Enable gzip compression
http:
middlewares:
test-compress:
compress: {}
```
## Notes ## Notes
Responses are compressed when: Responses are compressed when:

View file

@ -38,7 +38,7 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
[http.middlewares] [http.middlewares]
[http.middlewares.test-auth.digestAuth] [http.middlewares.test-auth.digestAuth]
users = [ users = [
@ -47,6 +47,16 @@ labels:
] ]
``` ```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
digestAuth:
users:
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
!!! tip !!! tip
Use `htdigest` to generate passwords. Use `htdigest` to generate passwords.
@ -115,12 +125,21 @@ labels:
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth] [http.middlewares.my-auth.digestAuth]
# ... # ...
headerField = "X-WebAuth-User" headerField = "X-WebAuth-User"
``` ```
```yaml tab="File (YAML)"
http:
middlewares:
my-auth:
digestAuth:
# ...
headerField: "X-WebAuth-User"
```
### `removeHeader` ### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.) Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)

View file

@ -49,7 +49,7 @@ labels:
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" - "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Custom Error Page for 5XX # Custom Error Page for 5XX
[http.middlewares] [http.middlewares]
[http.middlewares.test-errorpage.errors] [http.middlewares.test-errorpage.errors]
@ -61,6 +61,21 @@ labels:
# ... definition of error-handler-service and my-service # ... definition of error-handler-service and my-service
``` ```
```yaml tab="File (YAML)"
# Custom Error Page for 5XX
http:
middlewares:
test-errorpage:
errors:
status:
- "500-599"
service: serviceError
query: "/{status}.html"
[http.services]
# ... definition of error-handler-service and my-service
```
!!! note !!! note
In this example, the error page URL is based on the status code (`query=/{status}.html)`. In this example, the error page URL is based on the status code (`query=/{status}.html)`.

View file

@ -69,7 +69,7 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Forward authentication to authserver.com # Forward authentication to authserver.com
[http.middlewares] [http.middlewares]
[http.middlewares.test-auth.forwardAuth] [http.middlewares.test-auth.forwardAuth]
@ -84,6 +84,24 @@ labels:
key = "path/to/foo.key" key = "path/to/foo.key"
``` ```
```yaml tab="File (YAML)"
# Forward authentication to authserver.com
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
trustForwardHeader: true
authResponseHeaders:
- "X-Auth-User"
- "X-Secret"
tls:
ca: "path/to/local.crt"
caOptional: true
cert: "path/to/foo.cert"
key: "path/to/foo.key"
```
## Configuration Options ## Configuration Options
### `address` ### `address`

View file

@ -16,7 +16,7 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test" - "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=True" - "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -29,29 +29,40 @@ spec:
customRequestHeaders: customRequestHeaders:
X-Script-Name: "test" X-Script-Name: "test"
customResponseHeaders: customResponseHeaders:
X-Custom-Response-Header: "True" X-Custom-Response-Header: "value"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test", "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
"traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "True" "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "value"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test" - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=True" - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders] [http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" X-Script-Name = "test"
[http.middlewares.testHeader.headers.customResponseHeaders] [http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "True" X-Custom-Response-Header = "value"
```
```yaml tab="File (YAML)"
http:
middlewares:
testHeader:
headers:
customRequestHeaders:
X-Script-Name: "test"
customResponseHeaders:
X-Custom-Response-Header: "value"
``` ```
### Adding and Removing Headers ### Adding and Removing Headers
@ -86,7 +97,7 @@ labels:
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders] [http.middlewares.testHeader.headers.customRequestHeaders]
@ -96,6 +107,18 @@ labels:
X-Custom-Response-Header = "" # Removes X-Custom-Response-Header = "" # Removes
``` ```
```yaml tab="File (YAML)"
http:
middlewares:
testHeader:
headers:
customRequestHeaders:
X-Script-Name: "test" # Adds
X-Custom-Request-Header: "" # Removes
customResponseHeaders:
X-Custom-Response-Header: "" # Removes
```
### Using Security Headers ### Using Security Headers
Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured per frontend in a similar manner to the custom headers above. Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured per frontend in a similar manner to the custom headers above.
@ -131,13 +154,22 @@ labels:
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]
FrameDeny = true FrameDeny = true
SSLRedirect = true SSLRedirect = true
``` ```
```yaml tab="File (YAML)"
http:
middlewares:
testHeader:
headers:
FrameDeny: true
SSLRedirect: true
```
### CORS Headers ### CORS Headers
CORS (Cross-Origin Resource Sharing) headers can be added and configured per frontend in a similar manner to the custom headers above. CORS (Cross-Origin Resource Sharing) headers can be added and configured per frontend in a similar manner to the custom headers above.
@ -184,7 +216,7 @@ labels:
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
[http.middlewares] [http.middlewares]
[http.middlewares.testHeader.headers] [http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"] accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
@ -193,6 +225,20 @@ labels:
addVaryHeader = true addVaryHeader = true
``` ```
```yaml tab="File (YAML)"
http:
middlewares:
testHeader:
headers:
accessControlAllowMethod:
- GET
- OPTIONS
- PUT
accessControlAllowOrigin: "origin-list-or-null"
accessControlMaxAge: 100
addVaryHeader: true
```
## Configuration Options ## Configuration Options
### General ### General
@ -324,6 +370,10 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates
The `referrerPolicy` allows sites to control when browsers will pass the Referer header to other sites. The `referrerPolicy` allows sites to control when browsers will pass the Referer header to other sites.
### `featurePolicy`
The `featurePolicy` allows sites to control browser features.
### `isDevelopment` ### `isDevelopment`
Set `isDevelopment` to true when developing. Set `isDevelopment` to true when developing.

View file

@ -39,13 +39,24 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Accepts request from defined IP # Accepts request from defined IP
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
``` ```
```yaml tab="File (YAML)"
# Accepts request from defined IP
http:
middlewares:
test-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.7"
```
## Configuration Options ## Configuration Options
### `sourceRange` ### `sourceRange`
@ -108,7 +119,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipwhitelist.ipWhiteList]
@ -117,6 +128,19 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
depth = 2 depth = 2
``` ```
```yaml tab="File (YAML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
http:
middlewares:
test-ipwhitelist:
ipWhiteList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.7"
ipStrategy:
depth: 2
```
!!! note !!! note
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty. - If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
@ -171,10 +195,22 @@ labels:
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipwhitelist.ipWhiteList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"] excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
``` ```
```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For`
http:
middlewares:
test-ipwhitelist:
ipWhiteList:
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
```

View file

@ -37,23 +37,32 @@ labels:
- "traefik.http.middlewares.test-maxconn.maxconn.amount=10" - "traefik.http.middlewares.test-maxconn.maxconn.amount=10"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections # Limiting to 10 simultaneous connections
[http.middlewares] [http.middlewares]
[http.middlewares.test-maxconn.maxConn] [http.middlewares.test-maxconn.maxConn]
amount = 10 amount = 10
``` ```
```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections
http:
middlewares:
test-maxconn:
maxConn:
amount: 10
```
## Configuration Options ## Configuration Options
### `amount` ### `amount`
The `amount` option defines the maximum amount of allowed simultaneous connections. The `amount` option defines the maximum amount of allowed simultaneous connections.
The middleware will return an `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `extractorfunc` strategy). The middleware will return an `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `extractorFunc` strategy).
### extractorfunc ### `extractorFunc`
The `extractorfunc` defines the strategy used to categorize requests. The `extractorFunc` defines the strategy used to categorize requests.
The possible values are: The possible values are:

View file

@ -22,7 +22,7 @@ whoami:
# Create a middleware named `foo-add-prefix` # Create a middleware named `foo-add-prefix`
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo" - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# Apply the middleware named `foo-add-prefix` to the router named `router1` # Apply the middleware named `foo-add-prefix` to the router named `router1`
- "traefik.http.router.router1.middlewares=foo-add-prefix@docker" - "traefik.http.routers.router1.middlewares=foo-add-prefix@docker"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@ -79,11 +79,8 @@ labels:
- "traefik.http.router.router1.middlewares=foo-add-prefix@rancher" - "traefik.http.router.router1.middlewares=foo-add-prefix@rancher"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# As Toml Configuration File # As TOML Configuration File
[providers]
[providers.file]
[http.routers] [http.routers]
[http.routers.router1] [http.routers.router1]
service = "myService" service = "myService"
@ -102,6 +99,28 @@ labels:
url = "http://127.0.0.1:80" url = "http://127.0.0.1:80"
``` ```
```yaml tab="File (YAML)"
# As YAML Configuration File
http:
routers:
router1:
service: myService
middlewares:
- "foo-add-prefix"
rule: "Host(`example.com`)"
middlewares:
foo-add-prefix:
addPrefix:
prefix: "/foo"
services:
service1:
loadBalancer:
servers:
- url: "http://127.0.0.1:80"
```
## Provider Namespace ## Provider Namespace
When you declare a middleware, it lives in its provider namespace. When you declare a middleware, it lives in its provider namespace.
@ -127,15 +146,20 @@ and therefore this specification would be ignored even if present.
Declaring the add-foo-prefix in the file provider. Declaring the add-foo-prefix in the file provider.
```toml ```toml tab="File (TOML)"
[providers]
[providers.file]
[http.middlewares] [http.middlewares]
[http.middlewares.add-foo-prefix.addPrefix] [http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo" prefix = "/foo"
``` ```
```yaml tab="File (YAML)"
http:
middlewares:
add-foo-prefix:
addPrefix:
prefix: "/foo"
```
Using the add-foo-prefix middleware from other providers: Using the add-foo-prefix middleware from other providers:
```yaml tab="Docker" ```yaml tab="Docker"

View file

@ -39,13 +39,22 @@ labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares] [http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert] [http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true pem = true
``` ```
```yaml tab="File (YAML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
http:
middlewares:
test-passtlsclientcert:
passTLSClientCert:
pem: true
```
??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header" ??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header"
```yaml tab="Docker" ```yaml tab="Docker"
@ -144,7 +153,7 @@ labels:
} }
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares] [http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert] [http.middlewares.test-passtlsclientcert.passTLSClientCert]
@ -170,6 +179,34 @@ labels:
domainComponent = true domainComponent = true
``` ```
```yaml tab="File (YAML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
http:
middlewares:
test-passtlsclientcert:
passTLSClientCert:
info:
notAfter: true
notBefore: true
sans: true
subject:
country: true
province: true
locality: true
organization: true
commonName: true
serialNumber: true
domainComponent: true
issuer:
country: true
province: true
locality: true
organization: true
commonName: true
serialNumber: true
domainComponent: true
```
## Configuration Options ## Configuration Options
### General ### General

View file

@ -1,5 +1,8 @@
# RateLimit # RateLimit
!!! warning
This middleware is disable for now.
Protection from Too Many Calls Protection from Too Many Calls
{: .subtitle } {: .subtitle }
@ -70,12 +73,12 @@ labels:
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds. # Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively. # These can "burst" up to 10 and 200 in each period, respectively.
[http.middlewares] [http.middlewares]
[http.middlewares.test-ratelimit.rateLimit] [http.middlewares.test-ratelimit.rateLimit]
extractorfunc = "client.ip" extractorFunc = "client.ip"
[http.middlewares.test-ratelimit.rateLimit.rateSet.rate0] [http.middlewares.test-ratelimit.rateLimit.rateSet.rate0]
period = "10s" period = "10s"
@ -88,11 +91,30 @@ labels:
burst = 10 burst = 10
``` ```
```yaml tab="File (YAML)"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
http:
middlewares:
test-ratelimit:
rateLimit:
extractorFunc: "client.ip"
rateSet:
rate0:
period: "10s"
average: 100
burst: 200
rate1:
period: "3s"
average: 5
burst: 10
```
## Configuration Options ## Configuration Options
### `extractorfunc` ### `extractorFunc`
The `extractorfunc` option defines the strategy used to categorize requests. The `extractorFunc` option defines the strategy used to categorize requests.
The possible values are: The possible values are:

View file

@ -42,7 +42,7 @@ labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$1" - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$1"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Redirect with domain replacement # Redirect with domain replacement
[http.middlewares] [http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex] [http.middlewares.test-redirectregex.redirectRegex]
@ -50,6 +50,16 @@ labels:
replacement = "http://mydomain/$1" replacement = "http://mydomain/$1"
``` ```
```yaml tab="File (YAML)"
# Redirect with domain replacement
http:
middlewares:
test-redirectregex:
redirectRegex:
regex: "^http://localhost/(.*)"
replacement: "http://mydomain/$1"
```
## Configuration Options ## Configuration Options
### `permanent` ### `permanent`

View file

@ -38,13 +38,22 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Redirect to https # Redirect to https
[http.middlewares] [http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme] [http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https" scheme = "https"
``` ```
```yaml tab="File (YAML)"
# Redirect to https
http:
middlewares:
test-redirectscheme:
redirectScheme:
scheme: https
```
## Configuration Options ## Configuration Options
### `permanent` ### `permanent`

View file

@ -38,13 +38,22 @@ labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Replace the path by /foo # Replace the path by /foo
[http.middlewares] [http.middlewares]
[http.middlewares.test-replacepath.replacePath] [http.middlewares.test-replacepath.replacePath]
path = "/foo" path = "/foo"
``` ```
```yaml tab="File (YAML)"
# Replace the path by /foo
http:
middlewares:
test-replacepath:
replacePath:
path: "/foo"
```
## Configuration Options ## Configuration Options
### General ### General

View file

@ -42,7 +42,7 @@ labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Redirect with domain replacement # Redirect with domain replacement
[http.middlewares] [http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex] [http.middlewares.test-replacepathregex.replacePathRegex]
@ -50,6 +50,16 @@ labels:
replacement = "/bar/$1" replacement = "/bar/$1"
``` ```
```yaml tab="File (YAML)"
# Redirect with domain replacement
http:
middlewares:
test-replacepathregex:
replacePathRegex:
regex: "^/foo/(.*)"
replacement: "/bar/$1"
```
## Configuration Options ## Configuration Options
### General ### General

View file

@ -38,13 +38,22 @@ labels:
- "traefik.http.middlewares.test-retry.retry.attempts=4" - "traefik.http.middlewares.test-retry.retry.attempts=4"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Retry to send request 4 times # Retry to send request 4 times
[http.middlewares] [http.middlewares]
[http.middlewares.test-retry.retry] [http.middlewares.test-retry.retry]
attempts = 4 attempts = 4
``` ```
```yaml tab="File (YAML)"
# Retry to send request 4 times
http:
middlewares:
test-retry:
retry:
attempts: 4
```
## Configuration Options ## Configuration Options
### `attempts` ### `attempts`

View file

@ -40,13 +40,24 @@ labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar"
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Strip prefix /foobar and /fiibar # Strip prefix /foobar and /fiibar
[http.middlewares] [http.middlewares]
[http.middlewares.test-stripprefix.stripPrefix] [http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"] prefixes = ["/foobar", "/fiibar"]
``` ```
```yaml tab="File (YAML)"
# Strip prefix /foobar and /fiibar
http:
middlewares:
test-stripprefix:
stripPrefix:
prefixes:
- "/foobar"
- "/fiibar"
```
## Configuration Options ## Configuration Options
### General ### General

View file

@ -38,10 +38,19 @@ labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)", - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)",
``` ```
```toml tab="File" ```toml tab="File (TOML)"
# Replace the path by /foo # Replace the path by /foo
[http.middlewares] [http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex] [http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = "^/foo/(.*)"
```
```yaml tab="File (YAML)"
# Replace the path by /foo
http:
middlewares:
test-stripprefixregex:
stripPrefixRegex:
regex: "^/foo/(.*)" regex: "^/foo/(.*)"
``` ```

View file

@ -9,12 +9,16 @@ By default, logs are written to stdout, in text format.
To enable the access logs: To enable the access logs:
```toml tab="File" ```toml tab="File (TOML)"
[accessLog] [accessLog]
``` ```
```yaml tab="File (YAML)"
accessLog: {}
```
```bash tab="CLI" ```bash tab="CLI"
--accesslog --accesslog=true
``` ```
### `filePath` ### `filePath`
@ -41,16 +45,23 @@ To write the logs in an asynchronous fashion, specify a `bufferingSize` option.
This option represents the number of log lines Traefik will keep in memory before writing them to the selected output. This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.
In some cases, this option can greatly help performances. In some cases, this option can greatly help performances.
```toml tab="File" ```toml tab="File (TOML)"
# Configuring a buffer of 100 lines # Configuring a buffer of 100 lines
[accessLog] [accessLog]
filePath = "/path/to/access.log" filePath = "/path/to/access.log"
bufferingSize = 100 bufferingSize = 100
``` ```
```yaml tab="File (YAML)"
# Configuring a buffer of 100 lines
accessLog:
filePath: "/path/to/access.log"
bufferingSize: 100
```
```bash tab="CLI" ```bash tab="CLI"
# Configuring a buffer of 100 lines # Configuring a buffer of 100 lines
--accesslog --accesslog=true
--accesslog.filepath="/path/to/access.log" --accesslog.filepath="/path/to/access.log"
--accesslog.bufferingsize=100 --accesslog.bufferingsize=100
``` ```
@ -66,7 +77,7 @@ The available filters are:
- `retryAttempts`, to keep the access logs when at least one retry has happened - `retryAttempts`, to keep the access logs when at least one retry has happened
- `minDuration`, to keep access logs when requests take longer than the specified duration - `minDuration`, to keep access logs when requests take longer than the specified duration
```toml tab="File" ```toml tab="File (TOML)"
# Configuring Multiple Filters # Configuring Multiple Filters
[accessLog] [accessLog]
filePath = "/path/to/access.log" filePath = "/path/to/access.log"
@ -78,9 +89,22 @@ format = "json"
minDuration = "10ms" minDuration = "10ms"
``` ```
```yaml tab="File (YAML)"
# Configuring Multiple Filters
accessLog:
filePath: "/path/to/access.log"
format: json
filters:
statusCodes:
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"
```
```bash tab="CLI" ```bash tab="CLI"
# Configuring Multiple Filters # Configuring Multiple Filters
--accesslog --accesslog=true
--accesslog.filepath="/path/to/access.log" --accesslog.filepath="/path/to/access.log"
--accesslog.format="json" --accesslog.format="json"
--accesslog.filters.statuscodes="200, 300-302" --accesslog.filters.statuscodes="200, 300-302"
@ -100,7 +124,7 @@ Each field can be set to:
The `defaultMode` for `fields.header` is `drop`. The `defaultMode` for `fields.header` is `drop`.
```toml tab="File" ```toml tab="File (TOML)"
# Limiting the Logs to Specific Fields # Limiting the Logs to Specific Fields
[accessLog] [accessLog]
filePath = "/path/to/access.log" filePath = "/path/to/access.log"
@ -121,9 +145,27 @@ The `defaultMode` for `fields.header` is `drop`.
"Content-Type" = "keep" "Content-Type" = "keep"
``` ```
```yaml tab="File (YAML)"
# Limiting the Logs to Specific Fields
accessLog:
filePath: "/path/to/access.log"
format: json
fields:
defaultMode: keep
fields:
names:
ClientUsername: drop
headers:
defaultMode: keep
names:
- User-Agent: redact
- Authorization: drop
- Content-Type: keep
```
```bash tab="CLI" ```bash tab="CLI"
# Limiting the Logs to Specific Fields # Limiting the Logs to Specific Fields
--accesslog --accesslog=true
--accesslog.filepath="/path/to/access.log" --accesslog.filepath="/path/to/access.log"
--accesslog.format="json" --accesslog.format="json"
--accesslog.fields.defaultmode="keep" --accesslog.fields.defaultmode="keep"

View file

@ -16,12 +16,18 @@ Traefik logs concern everything that happens to Traefik itself (startup, configu
By default, the logs are written to the standard output. By default, the logs are written to the standard output.
You can configure a file path instead using the `filePath` option. You can configure a file path instead using the `filePath` option.
```toml tab="File" ```toml tab="File (TOML)"
# Writing Logs to a File # Writing Logs to a File
[log] [log]
filePath = "/path/to/traefik.log" filePath = "/path/to/traefik.log"
``` ```
```yaml tab="File (YAML)"
# Writing Logs to a File
log:
filePath: "/path/to/traefik.log"
```
```bash tab="CLI" ```bash tab="CLI"
# Writing Logs to a File # Writing Logs to a File
--log.filePath="/path/to/traefik.log" --log.filePath="/path/to/traefik.log"
@ -31,13 +37,20 @@ You can configure a file path instead using the `filePath` option.
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option. By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
```toml tab="File" ```toml tab="File (TOML)"
# Writing Logs to a File, in JSON # Writing Logs to a File, in JSON
[log] [log]
filePath = "/path/to/log-file.log" filePath = "/path/to/log-file.log"
format = "json" format = "json"
``` ```
```yaml tab="File (YAML)"
# Writing Logs to a File, in JSON
log:
filePath: "/path/to/log-file.log"
format: json
```
```bash tab="CLI" ```bash tab="CLI"
# Writing Logs to a File, in JSON # Writing Logs to a File, in JSON
--log.filePath="/path/to/traefik.log" --log.filePath="/path/to/traefik.log"
@ -48,11 +61,16 @@ By default, the logs use a text format (`common`), but you can also ask for the
By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`. By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
```toml tab="File" ```toml tab="File (TOML)"
[log] [log]
level = "DEBUG" level = "DEBUG"
``` ```
```yaml tab="File (YAML)"
log:
level: DEBUG
```
```bash tab="CLI" ```bash tab="CLI"
--log.level="DEBUG" --log.level="DEBUG"
``` ```

View file

@ -0,0 +1,106 @@
# DataDog
To enable the DataDog:
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
```
```yaml tab="File (YAML)"
metrics:
dataDog: {}
```
```bash tab="CLI"
--metrics.datadog=true
```
#### `address`
_Required, Default="127.0.0.1:8125"_
Address instructs exporter to send metrics to datadog-agent at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
address = "127.0.0.1:8125"
```
```yaml tab="File (YAML)"
metrics:
dataDog:
address: 127.0.0.1:8125
```
```bash tab="CLI"
--metrics.datadog.address="127.0.0.1:8125"
```
#### `addEntryPointsLabels`
_Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
dataDog:
addEntryPointsLabels: true
```
```bash tab="CLI"
--metrics.datadog.addEntryPointsLabels=true
```
#### `addServicesLabels`
_Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
dataDog:
addServicesLabels: true
```
```bash tab="CLI"
--metrics.datadog.addServicesLabels=true
```
#### `pushInterval`
_Optional, Default=10s_
The interval used by the exporter to push metrics to datadog-agent.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
dataDog:
pushInterval: 10s
```
```bash tab="CLI"
--metrics.datadog.pushInterval=10s
```

View file

@ -0,0 +1,215 @@
# InfluxDB
To enable the InfluxDB:
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
```
```yaml tab="File (YAML)"
metrics:
influxdb: {}
```
```bash tab="CLI"
--metrics.influxdb=true
```
#### `address`
_Required, Default="localhost:8089"_
Address instructs exporter to send metrics to influxdb at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
address = "localhost:8089"
```
```yaml tab="File (YAML)"
metrics:
influxdb:
address: localhost:8089
```
```bash tab="CLI"
--metrics.influxdb.address="localhost:8089"
```
#### `protocol`
_Required, Default="udp"_
InfluxDB's address protocol (udp or http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
protocol = "upd"
```
```yaml tab="File (YAML)"
metrics:
influxdb:
protocol: udp
```
```bash tab="CLI"
--metrics.influxdb.protocol="udp"
```
#### `database`
_Optional, Default=""_
InfluxDB database used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
database = ""
```
```yaml tab="File (YAML)"
metrics:
influxdb:
database: ""
```
```bash tab="CLI"
--metrics.influxdb.database=""
```
#### `retentionPolicy`
_Optional, Default=""_
InfluxDB retention policy used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
retentionPolicy = ""
```
```yaml tab="File (YAML)"
metrics:
influxdb:
retentionPolicy: ""
```
```bash tab="CLI"
--metrics.influxdb.retentionPolicy=""
```
#### `username`
_Optional, Default=""_
InfluxDB username (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
username = ""
```
```yaml tab="File (YAML)"
metrics:
influxdb:
username: ""
```
```bash tab="CLI"
--metrics.influxdb.username=""
```
#### `password`
_Optional, Default=""_
InfluxDB password (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
password = ""
```
```yaml tab="File (YAML)"
metrics:
influxdb:
password: ""
```
```bash tab="CLI"
--metrics.influxdb.password=""
```
#### `addEntryPointsLabels`
_Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
influxdb:
addEntryPointsLabels: true
```
```bash tab="CLI"
--metrics.influxdb.addEntryPointsLabels=true
```
#### `addServicesLabels`
_Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
influxdb:
addServicesLabels: true
```
```bash tab="CLI"
--metrics.influxdb.addServicesLabels=true
```
#### `pushInterval`
_Optional, Default=10s_
The interval used by the exporter to push metrics to influxdb.
```toml tab="File (TOML)"
[metrics]
[metrics.influxdb]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
influxdb:
pushInterval: 10s
```
```bash tab="CLI"
--metrics.influxdb.pushInterval=10s
```

View file

@ -0,0 +1,26 @@
# Metrics
Metrics system
{: .subtitle }
Traefik supports 4 metrics backends:
- [DataDog](./datadog.md)
- [InfluxDB](./influxdb.md)
- [Prometheus](./prometheus.md)
- [StatsD](./statsd.md)
## Configuration
To enable metrics:
```toml tab="File (TOML)"
[metrics]
```
```yaml tab="File (YAML)"
metrics: {}
```
```bash tab="CLI"
--metrics=true
```

View file

@ -0,0 +1,87 @@
# Prometheus
To enable the Prometheus:
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
```
```yaml tab="File (YAML)"
metrics:
prometheus: {}
```
```bash tab="CLI"
--metrics.prometheus=true
```
#### `buckets`
_Optional, Default="0.100000, 0.300000, 1.200000, 5.000000"_
Buckets for latency metrics.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
```
```yaml tab="File (YAML)"
metrics:
prometheus:
buckets:
- 0.1
- 0.3
- 1.2
- 5.0
```
```bash tab="CLI"
--metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000
```
#### `addEntryPointsLabels`
_Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
addEntryPointsLabels: true
```
```bash tab="CLI"
--metrics.prometheus.addEntryPointsLabels=true
```
#### `addServicesLabels`
_Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
addServicesLabels: true
```
```bash tab="CLI"
--metrics.prometheus.addServicesLabels=true
```

View file

@ -0,0 +1,105 @@
# StatsD
To enable the Statsd:
```toml tab="File (TOML)"
[metrics]
[metrics.statsd]
```
```yaml tab="File (YAML)"
metrics:
statsd: {}
```
```bash tab="CLI"
--metrics.statsd=true
```
#### `address`
_Required, Default="localhost:8125"_
Address instructs exporter to send metrics to statsd at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.statsd]
address = "localhost:8125"
```
```yaml tab="File (YAML)"
metrics:
statsd:
address: localhost:8125
```
```bash tab="CLI"
--metrics.statsd.address="localhost:8125"
```
#### `addEntryPointsLabels`
_Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.statsd]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
statsd:
addEntryPointsLabels: true
```
```bash tab="CLI"
--metrics.statsd.addEntryPointsLabels=true
```
#### `addServicesLabels`
_Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.statsd]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
statsd:
addServicesLabels: true
```
```bash tab="CLI"
--metrics.statsd.addServicesLabels=true
```
#### `pushInterval`
_Optional, Default=10s_
The interval used by the exporter to push metrics to statsD.
```toml tab="File (TOML)"
[metrics]
[metrics.statsd]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
statsd:
pushInterval: 10s
```
```bash tab="CLI"
--metrics.statsd.pushInterval=10s
```

View file

@ -2,14 +2,18 @@
To enable the DataDog: To enable the DataDog:
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.dataDog] [tracing.dataDog]
``` ```
```yaml tab="File (YAML)"
tracing:
dataDog: {}
```
```bash tab="CLI" ```bash tab="CLI"
--tracing --tracing.datadog=true
--tracing.datadog
``` ```
#### `localAgentHostPort` #### `localAgentHostPort`
@ -18,14 +22,19 @@ _Required, Default="127.0.0.1:8126"_
Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address. Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.dataDog] [tracing.dataDog]
localAgentHostPort = "127.0.0.1:8126" localAgentHostPort = "127.0.0.1:8126"
``` ```
```yaml tab="File (YAML)"
tracing:
dataDog:
localAgentHostPort: 127.0.0.1:8126
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.datadog.localAgentHostPort="127.0.0.1:8126" --tracing.datadog.localAgentHostPort="127.0.0.1:8126"
``` ```
@ -35,14 +44,19 @@ _Optional, Default=false_
Enable DataDog debug. Enable DataDog debug.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.dataDog] [tracing.dataDog]
debug = true debug = true
``` ```
```yaml tab="File (YAML)"
tracing:
dataDog:
debug: true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.datadog.debug=true --tracing.datadog.debug=true
``` ```
@ -52,14 +66,19 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces. Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.dataDog] [tracing.dataDog]
globalTag = "sample" globalTag = "sample"
``` ```
```yaml tab="File (YAML)"
tracing:
dataDog:
globalTag: sample
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.datadog.globalTag="sample" --tracing.datadog.globalTag="sample"
``` ```
@ -70,13 +89,18 @@ _Optional, Default=false_
Enable priority sampling. When using distributed tracing, Enable priority sampling. When using distributed tracing,
this option must be enabled in order to get all the parts of a distributed trace sampled. this option must be enabled in order to get all the parts of a distributed trace sampled.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.dataDog] [tracing.dataDog]
prioritySampling = true prioritySampling = true
``` ```
```yaml tab="File (YAML)"
tracing:
dataDog:
prioritySampling: true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.datadog.prioritySampling=true --tracing.datadog.prioritySampling=true
``` ```

View file

@ -2,14 +2,18 @@
To enable the Haystack: To enable the Haystack:
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
``` ```
```yaml tab="File (YAML)"
tracing:
haystack: {}
```
```bash tab="CLI" ```bash tab="CLI"
--tracing --tracing.haystack=true
--tracing.haystack
``` ```
#### `localAgentHost` #### `localAgentHost`
@ -18,14 +22,19 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to haystack-agent at this address. Local Agent Host instructs reporter to send spans to haystack-agent at this address.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
localAgentHost = "127.0.0.1" localAgentHost = "127.0.0.1"
``` ```
```yaml tab="File (YAML)"
tracing:
haystack:
localAgentHost: 127.0.0.1
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.haystack.localAgentHost="127.0.0.1" --tracing.haystack.localAgentHost="127.0.0.1"
``` ```
@ -35,14 +44,19 @@ _Require, Default=42699_
Local Agent port instructs reporter to send spans to the haystack-agent at this port. Local Agent port instructs reporter to send spans to the haystack-agent at this port.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
localAgentPort = 42699 localAgentPort = 42699
``` ```
```yaml tab="File (YAML)"
tracing:
haystack:
localAgentPort: 42699
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.haystack.localAgentPort=42699 --tracing.haystack.localAgentPort=42699
``` ```
@ -52,14 +66,19 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces. Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
globalTag = "sample:test" globalTag = "sample:test"
``` ```
```yaml tab="File (YAML)"
tracing:
haystack:
globalTag: sample:test
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.haystack.globalTag="sample:test" --tracing.haystack.globalTag="sample:test"
``` ```
@ -69,14 +88,19 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the trace ID. Specifies the header name that will be used to store the trace ID.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
traceIDHeaderName = "sample" traceIDHeaderName = "sample"
``` ```
```yaml tab="File (YAML)"
tracing:
haystack:
traceIDHeaderName: sample
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.haystack.traceIDHeaderName="sample" --tracing.haystack.traceIDHeaderName="sample"
``` ```
@ -86,14 +110,19 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the span ID. Specifies the header name that will be used to store the span ID.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
parentIDHeaderName = "sample" parentIDHeaderName = "sample"
``` ```
```yaml tab="File (YAML)"
tracing:
haystack:
parentIDHeaderName: "sample"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.haystack.parentIDHeaderName="sample" --tracing.haystack.parentIDHeaderName="sample"
``` ```
@ -103,15 +132,20 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces. Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
spanIDHeaderName = "sample:test" spanIDHeaderName = "sample:test"
``` ```
```yaml tab="File (YAML)"
tracing:
haystack:
spanIDHeaderName: "sample:test"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing --tracing.haystack.spanIDHeaderName=sample:test
--tracing.haystack.spanIDHeaderName="sample:test"
``` ```
#### `baggagePrefixHeaderName` #### `baggagePrefixHeaderName`
@ -120,13 +154,19 @@ _Optional, Default=empty_
Specifies the header name prefix that will be used to store baggage items in a map. Specifies the header name prefix that will be used to store baggage items in a map.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.haystack] [tracing.haystack]
baggagePrefixHeaderName = "sample" baggagePrefixHeaderName = "sample"
``` ```
```yaml tab="File (YAML)"
tracing:
haystack:
baggagePrefixHeaderName: "sample"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.haystack.baggagePrefixHeaderName="sample" --tracing.haystack.baggagePrefixHeaderName="sample"
``` ```

View file

@ -2,14 +2,18 @@
To enable the Instana: To enable the Instana:
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.instana] [tracing.instana]
``` ```
```yaml tab="File (YAML)"
tracing:
instana: {}
```
```bash tab="CLI" ```bash tab="CLI"
--tracing --tracing.instana=true
--tracing.instana
``` ```
#### `localAgentHost` #### `localAgentHost`
@ -18,14 +22,19 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to instana-agent at this address. Local Agent Host instructs reporter to send spans to instana-agent at this address.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.instana] [tracing.instana]
localAgentHost = "127.0.0.1" localAgentHost = "127.0.0.1"
``` ```
```yaml tab="File (YAML)"
tracing:
instana:
localAgentHost: 127.0.0.1
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.instana.localAgentHost="127.0.0.1" --tracing.instana.localAgentHost="127.0.0.1"
``` ```
@ -35,14 +44,19 @@ _Require, Default=42699_
Local Agent port instructs reporter to send spans to the instana-agent at this port. Local Agent port instructs reporter to send spans to the instana-agent at this port.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.instana] [tracing.instana]
localAgentPort = 42699 localAgentPort = 42699
``` ```
```yaml tab="File (YAML)"
tracing:
instana:
localAgentPort: 42699
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.instana.localAgentPort=42699 --tracing.instana.localAgentPort=42699
``` ```
@ -59,13 +73,18 @@ Valid values for logLevel field are:
- `debug` - `debug`
- `info` - `info`
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.instana] [tracing.instana]
logLevel = "info" logLevel = "info"
``` ```
```yaml tab="File (YAML)"
tracing:
instana:
logLevel: info
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.instana.logLevel="info" --tracing.instana.logLevel="info"
``` ```

View file

@ -2,18 +2,23 @@
To enable the Jaeger: To enable the Jaeger:
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger: {}
```
```bash tab="CLI" ```bash tab="CLI"
--tracing --tracing.jaeger=true
--tracing.jaeger
``` ```
!!! warning !!! warning
Traefik is only able to send data over the compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent). Traefik is able to send data over the compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent)
or a [Jaeger collector](https://www.jaegertracing.io/docs/deployment/#collectors).
#### `samplingServerURL` #### `samplingServerURL`
@ -21,14 +26,19 @@ _Required, Default="http://localhost:5778/sampling"_
Sampling Server URL is the address of jaeger-agent's HTTP sampling server. Sampling Server URL is the address of jaeger-agent's HTTP sampling server.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling" samplingServerURL = "http://localhost:5778/sampling"
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingServerURL: http://localhost:5778/sampling
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.jaeger.samplingServerURL="http://localhost:5778/sampling" --tracing.jaeger.samplingServerURL="http://localhost:5778/sampling"
``` ```
@ -38,14 +48,19 @@ _Required, Default="const"_
Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`. Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
samplingType = "const" samplingType = "const"
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingType: const
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.jaeger.samplingType="const" --tracing.jaeger.samplingType="const"
``` ```
@ -61,14 +76,19 @@ Valid values for Param field are:
- for `probabilistic` sampler, a probability between 0 and 1 - for `probabilistic` sampler, a probability between 0 and 1
- for `rateLimiting` sampler, the number of spans per second - for `rateLimiting` sampler, the number of spans per second
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
samplingParam = 1.0 samplingParam = 1.0
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingParam: 1.0
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.jaeger.samplingParam="1.0" --tracing.jaeger.samplingParam="1.0"
``` ```
@ -78,14 +98,19 @@ _Required, Default="127.0.0.1:6831"_
Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address. Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831" localAgentHostPort = "127.0.0.1:6831"
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger:
localAgentHostPort: 127.0.0.1:6831
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.jaeger.localAgentHostPort="127.0.0.1:6831" --tracing.jaeger.localAgentHostPort="127.0.0.1:6831"
``` ```
@ -95,14 +120,19 @@ _Optional, Default=false_
Generate 128-bit trace IDs, compatible with OpenCensus. Generate 128-bit trace IDs, compatible with OpenCensus.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
gen128Bit = true gen128Bit = true
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger:
gen128Bit: true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.jaeger.gen128Bit --tracing.jaeger.gen128Bit
``` ```
@ -116,14 +146,19 @@ This can be either:
- `jaeger`, jaeger's default trace header. - `jaeger`, jaeger's default trace header.
- `b3`, compatible with OpenZipkin - `b3`, compatible with OpenZipkin
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
propagation = "jaeger" propagation = "jaeger"
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger:
propagation: jaeger
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.jaeger.propagation="jaeger" --tracing.jaeger.propagation="jaeger"
``` ```
@ -134,13 +169,88 @@ _Required, Default="uber-trace-id"_
Trace Context Header Name is the http header name used to propagate tracing context. Trace Context Header Name is the http header name used to propagate tracing context.
This must be in lower-case to avoid mismatches when decoding incoming headers. This must be in lower-case to avoid mismatches when decoding incoming headers.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.jaeger] [tracing.jaeger]
traceContextHeaderName = "uber-trace-id" traceContextHeaderName = "uber-trace-id"
``` ```
```yaml tab="File (YAML)"
tracing:
jaeger:
traceContextHeaderName: uber-trace-id
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.jaeger.traceContextHeaderName="uber-trace-id" --tracing.jaeger.traceContextHeaderName="uber-trace-id"
``` ```
### `collector`
#### `endpoint`
_Optional, Default=""_
Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
collector:
endpoint: http://127.0.0.1:14268/api/traces?format=jaeger.thrift
```
```bash tab="CLI"
--tracing.jaeger.collector.endpoint="http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
#### `user`
_Optional, Default=""_
User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
user = "my-user"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
collector:
user: my-user
```
```bash tab="CLI"
--tracing.jaeger.collector.user="my-user"
```
#### `password`
_Optional, Default=""_
Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
password = "my-password"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
collector:
password: my-password
```
```bash tab="CLI"
--tracing.jaeger.collector.password="my-password"
```

View file

@ -21,12 +21,16 @@ By default, Traefik uses Jaeger as tracing backend.
To enable the tracing: To enable the tracing:
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
``` ```
```yaml tab="File (YAML)"
tracing: {}
```
```bash tab="CLI" ```bash tab="CLI"
--tracing --tracing=true
``` ```
### Common Options ### Common Options
@ -37,13 +41,17 @@ _Required, Default="traefik"_
Service name used in selected backend. Service name used in selected backend.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
serviceName = "traefik" serviceName = "traefik"
``` ```
```yaml tab="File (YAML)"
tracing:
serviceName: traefik
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.serviceName="traefik" --tracing.serviceName="traefik"
``` ```
@ -56,12 +64,16 @@ This can prevent certain tracing providers to drop traces that exceed their leng
`0` means no truncation will occur. `0` means no truncation will occur.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
spanNameLimit = 150 spanNameLimit = 150
``` ```
```yaml tab="File (YAML)"
tracing:
spanNameLimit: 150
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.spanNameLimit=150 --tracing.spanNameLimit=150
``` ```

View file

@ -2,14 +2,18 @@
To enable the Zipkin: To enable the Zipkin:
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.zipkin] [tracing.zipkin]
``` ```
```yaml tab="File (YAML)"
tracing:
zipkin: {}
```
```bash tab="CLI" ```bash tab="CLI"
--tracing --tracing.zipkin=true
--tracing.zipkin
``` ```
#### `httpEndpoint` #### `httpEndpoint`
@ -18,14 +22,19 @@ _Required, Default="http://localhost:9411/api/v1/spans"_
Zipkin HTTP endpoint used to send data. Zipkin HTTP endpoint used to send data.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.zipkin] [tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v1/spans" httpEndpoint = "http://localhost:9411/api/v1/spans"
``` ```
```yaml tab="File (YAML)"
tracing:
zipkin:
httpEndpoint: http://localhost:9411/api/v1/spans
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.zipkin.httpEndpoint="http://localhost:9411/api/v1/spans" --tracing.zipkin.httpEndpoint="http://localhost:9411/api/v1/spans"
``` ```
@ -35,14 +44,19 @@ _Optional, Default=false_
Enable Zipkin debug. Enable Zipkin debug.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.zipkin] [tracing.zipkin]
debug = true debug = true
``` ```
```yaml tab="File (YAML)"
tracing:
zipkin:
debug: true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.zipkin.debug=true --tracing.zipkin.debug=true
``` ```
@ -52,14 +66,19 @@ _Optional, Default=false_
Use Zipkin SameSpan RPC style traces. Use Zipkin SameSpan RPC style traces.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.zipkin] [tracing.zipkin]
sameSpan = true sameSpan = true
``` ```
```yaml tab="File (YAML)"
tracing:
zipkin:
sameSpan: true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.zipkin.sameSpan=true --tracing.zipkin.sameSpan=true
``` ```
@ -69,14 +88,19 @@ _Optional, Default=true_
Use Zipkin 128 bit root span IDs. Use Zipkin 128 bit root span IDs.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.zipkin] [tracing.zipkin]
id128Bit = false id128Bit = false
``` ```
```yaml tab="File (YAML)"
tracing:
zipkin:
id128Bit: false
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.zipkin.id128Bit=false --tracing.zipkin.id128Bit=false
``` ```
@ -86,13 +110,18 @@ _Required, Default=1.0_
The rate between 0.0 and 1.0 of requests to trace. The rate between 0.0 and 1.0 of requests to trace.
```toml tab="File" ```toml tab="File (TOML)"
[tracing] [tracing]
[tracing.zipkin] [tracing.zipkin]
sampleRate = 0.2 sampleRate = 0.2
``` ```
```yaml tab="File (YAML)"
tracing:
zipkin:
sampleRate: 0.2
```
```bash tab="CLI" ```bash tab="CLI"
--tracing
--tracing.zipkin.sampleRate="0.2" --tracing.zipkin.sampleRate="0.2"
``` ```

View file

@ -1,5 +1,8 @@
# API # API
!!! important
In the beta version, you can't configure middlewares (basic authentication or white listing) anymore, but as security is important, this will change before the RC version.
Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc. Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc.
As with all features of Traefik, this handler can be enabled with the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). As with all features of Traefik, this handler can be enabled with the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
@ -14,24 +17,28 @@ In production, it should be at least secured by authentication and authorization
A good sane default (non exhaustive) set of recommendations A good sane default (non exhaustive) set of recommendations
would be to apply the following protection mechanisms: would be to apply the following protection mechanisms:
* At the application level:
securing with middlewares such as [basic authentication](../middlewares/basicauth.md) or [white listing](../middlewares/ipwhitelist.md).
* At the transport level: * At the transport level:
NOT publicly exposing the API's port, NOT publicly exposing the API's port,
keeping it restricted to internal networks keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks). (as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
!!! important
In the beta version, you can't configure middlewares (basic authentication or white listing) anymore, but as security is important, this will change before the RC version.
## Configuration ## Configuration
To enable the API handler: To enable the API handler:
```toml tab="File" ```toml tab="File (TOML)"
[api] [api]
``` ```
```yaml tab="File (YAML)"
api: {}
```
```bash tab="CLI" ```bash tab="CLI"
--api --api=true
``` ```
### `dashboard` ### `dashboard`
@ -40,44 +47,18 @@ _Optional, Default=true_
Enable the dashboard. More about the dashboard features [here](./dashboard.md). Enable the dashboard. More about the dashboard features [here](./dashboard.md).
```toml tab="File" ```toml tab="File (TOML)"
[api] [api]
dashboard = true dashboard = true
``` ```
```bash tab="CLI" ```yaml tab="File (YAML)"
--api.dashboard api:
``` dashboard: true
### `entrypoint`
_Optional, Default="traefik"_
The entry point that the API handler will be bound to.
The default ("traefik") is an internal entry point (which is always defined).
```toml tab="File"
[api]
entrypoint = "web"
``` ```
```bash tab="CLI" ```bash tab="CLI"
--api.entrypoint="web" --api.dashboard=true
```
### `middlewares`
_Optional, Default=empty_
The list of [middlewares](../middlewares/overview.md) applied to the API handler.
```toml tab="File"
[api]
middlewares = ["api-auth", "api-prefix"]
```
```bash tab="CLI"
--api.middlewares="api-auth,api-prefix"
``` ```
### `debug` ### `debug`
@ -86,11 +67,16 @@ _Optional, Default=false_
Enable additional endpoints for debugging and profiling, served under `/debug/`. Enable additional endpoints for debugging and profiling, served under `/debug/`.
```toml tab="File" ```toml tab="File (TOML)"
[api] [api]
debug = true debug = true
``` ```
```yaml tab="File (YAML)"
api:
debug: true
```
```bash tab="CLI" ```bash tab="CLI"
--api.debug=true --api.debug=true
``` ```
@ -111,6 +97,8 @@ All the following endpoints must be accessed with a `GET` HTTP request.
| `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name`. | | `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name`. |
| `/api/tcp/services` | Lists all the TCP services information. | | `/api/tcp/services` | Lists all the TCP services information. |
| `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name`. | | `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name`. |
| `/api/entrypoints` | Lists all the entry points information. |
| `/api/entrypoints/{name}` | Returns the information of the entry point specified by `name`. |
| `/api/version` | Returns information about Traefik version. | | `/api/version` | Returns information about Traefik version. |
| `/debug/vars` | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. | | `/debug/vars` | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
| `/debug/pprof/` | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. | | `/debug/pprof/` | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. |
@ -118,51 +106,3 @@ All the following endpoints must be accessed with a `GET` HTTP request.
| `/debug/pprof/profile` | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. | | `/debug/pprof/profile` | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. |
| `/debug/pprof/symbol` | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. | | `/debug/pprof/symbol` | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. |
| `/debug/pprof/trace` | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. | | `/debug/pprof/trace` | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. |
## Common Configuration Use Cases
### Address / Port
You can define a custom address/port like this:
```toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.foo]
address = ":8082"
[entryPoints.bar]
address = ":8083"
[ping]
entryPoint = "foo"
[api]
entryPoint = "bar"
```
In the above example, you would access a service at /foo, an api endpoint, or the health-check as follows:
* Service: `http://hostname:80/foo`
* API: `http://hostname:8083/api/http/routers`
* Ping URL: `http://hostname:8082/ping`
### Authentication
To restrict access to the API handler, one can add authentication with the [basic auth middleware](../middlewares/basicauth.md).
```toml
[api]
middlewares=["api-auth"]
```
```toml
[http.middlewares]
[http.middlewares.api-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

View file

@ -29,18 +29,7 @@ By default, the dashboard is available on `/` on port `:8080`.
To enable the dashboard, you need to enable Traefik's API. To enable the dashboard, you need to enable Traefik's API.
??? example "Using the Command Line" ```toml tab="File (TOML)"
| Option | Values | Default Value |
| --------------- | --------------- | --------------------: |
| --api | \[true\|false\] | false |
| --api.dashboard | \[true\|false\] | true when api is true |
{!more-on-command-line.md!}
??? example "Using the Configuration File"
```toml
[api] [api]
# Dashboard # Dashboard
# #
@ -50,17 +39,29 @@ To enable the dashboard, you need to enable Traefik's API.
dashboard = true dashboard = true
``` ```
```yaml tab="File (YAML)"
api:
# Dashboard
#
# Optional
# Default: true
#
dashboard: true
```
```bash tab="CLI"
# Dashboard
#
# Optional
# Default: true
#
--api.dashboard=true
```
{!more-on-command-line.md!}
{!more-on-configuration-file.md!} {!more-on-configuration-file.md!}
??? example "Using a Key/Value Store"
| Key | Values | Default Value |
| ------------- | --------------- | --------------------: |
| api | \[true\|false\] | false |
| api.dashboard | \[true\|false\] | true when api is true |
{!more-on-key-value-store.md!}
!!! tip "Did You Know?" !!! tip "Did You Know?"
The API provides more features than the Dashboard. The API provides more features than the Dashboard.
To learn more about it, refer to the `Traefik's API documentation`(TODO: add doc and link). To learn more about it, refer to the `Traefik's API documentation`(TODO: add doc and link).

View file

@ -7,22 +7,16 @@ Checking the Health of Your Traefik Instances
??? example "Enabling /ping" ??? example "Enabling /ping"
```toml ```toml tab="File (TOML)"
[ping] [ping]
``` ```
??? example "Enabling /ping on a dedicated EntryPoint" ```yaml tab="File (YAML)"
ping: {}
```
```toml ```bash tab="CLI"
[entryPoints] --ping=true
[entryPoints.web]
address = ":80"
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
``` ```
| Path | Method | Description | | Path | Method | Description |
@ -32,5 +26,3 @@ Checking the Health of Your Traefik Instances
## Configuration Options ## Configuration Options
The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`. The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`.
You can customize the `entryPoint` where the `/ping` is active with the `entryPoint` option (default value: `traefik`)

View file

@ -16,9 +16,17 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider Enabling the docker provider
```toml ```toml tab="File (TOML)"
[providers.docker] [providers.docker]
endpoint = "unix:///var/run/docker.sock" ```
```yaml tab="File (YAML)"
providers:
docker: {}
```
```bash tab="CLI"
--providers.docker=true
``` ```
Attaching labels to containers (in your docker compose file) Attaching labels to containers (in your docker compose file)
@ -36,7 +44,7 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider (Swarm Mode) Enabling the docker provider (Swarm Mode)
```toml ```toml tab="File (TOML)"
[providers.docker] [providers.docker]
# swarm classic (1.12-) # swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375" # endpoint = "tcp://127.0.0.1:2375"
@ -45,6 +53,21 @@ Attach labels to your containers and let Traefik do the rest!
swarmMode = true swarmMode = true
``` ```
```yaml tab="File (YAML)"
providers:
docker:
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint: "tcp://127.0.0.1:2375"
swarmMode: true
```
```bash tab="CLI"
--providers.docker.endpoint="tcp://127.0.0.1:2375"
--providers.docker.swarmMode=true
```
Attach labels to services (not to containers) while in Swarm mode (in your docker compose file) Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
```yaml ```yaml
@ -67,6 +90,23 @@ Attach labels to your containers and let Traefik do the rest!
### `endpoint` ### `endpoint`
_Required, Default="unix:///var/run/docker.sock"_
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```yaml tab="File (YAML)"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
```
```bash tab="CLI"
--providers.docker.endpoint="unix:///var/run/docker.sock"
```
Traefik requires access to the docker socket to get its dynamic configuration. Traefik requires access to the docker socket to get its dynamic configuration.
??? warning "Security Notes" ??? warning "Security Notes"
@ -94,14 +134,10 @@ Traefik requires access to the docker socket to get its dynamic configuration.
It allows different implementation levels of the [AAA (Authentication, Authorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_security)), depending on your security assessment: It allows different implementation levels of the [AAA (Authentication, Authorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_security)), depending on your security assessment:
- Authentication with Client Certificates as described in ["Protect the Docker daemon socket."](https://docs.docker.com/engine/security/https/) - Authentication with Client Certificates as described in ["Protect the Docker daemon socket."](https://docs.docker.com/engine/security/https/)
- Authorization with the [Docker Authorization Plugin Mechanism](https://docs.docker.com/engine/extend/plugins_authorization/) - Authorization with the [Docker Authorization Plugin Mechanism](https://docs.docker.com/engine/extend/plugins_authorization/)
- Accounting at networking level, by exposing the socket only inside a Docker private network, only available for Traefik. - Accounting at networking level, by exposing the socket only inside a Docker private network, only available for Traefik.
- Accounting at container level, by exposing the socket on a another container than Traefik's. - Accounting at container level, by exposing the socket on a another container than Traefik's.
With Swarm mode, it allows scheduling of Traefik on worker nodes, with only the "socket exposer" container on the manager nodes. With Swarm mode, it allows scheduling of Traefik on worker nodes, with only the "socket exposer" container on the manager nodes.
- Accounting at kernel level, by enforcing kernel calls with mechanisms like [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux), to only allows an identified set of actions for Traefik's process (or the "socket exposer" process). - Accounting at kernel level, by enforcing kernel calls with mechanisms like [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux), to only allows an identified set of actions for Traefik's process (or the "socket exposer" process).
??? tip "Additional Resources" ??? tip "Additional Resources"
@ -133,19 +169,48 @@ Traefik requires access to the docker socket to get its dynamic configuration.
We specify the docker.sock in traefik's configuration file. We specify the docker.sock in traefik's configuration file.
```toml ```toml tab="File (TOML)"
# ...
[providers]
[providers.docker] [providers.docker]
endpoint = "unix:///var/run/docker.sock" endpoint = "unix:///var/run/docker.sock"
# ...
``` ```
### `usebindportip` ```yaml tab="File (YAML)"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint="unix:///var/run/docker.sock"
# ...
```
### `useBindPortIP`
_Optional, Default=false_ _Optional, Default=false_
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
useBindPortIP: true
# ...
```
```bash tab="CLI"
--providers.docker.useBindPortIP=true
# ...
```
Traefik routes requests to the IP/Port of the matching container. Traefik routes requests to the IP/Port of the matching container.
When setting `usebindportip=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port. When setting `useBindPortIP=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port.
When used in conjunction with the `traefik.http.services.XXX.loadbalancer.server.port` label (that tells Traefik to route requests to a specific port), When used in conjunction with the `traefik.http.services.XXX.loadbalancer.server.port` label (that tells Traefik to route requests to a specific port),
Traefik tries to find a binding on port `traefik.http.services.XXX.loadbalancer.server.port`. Traefik tries to find a binding on port `traefik.http.services.XXX.loadbalancer.server.port`.
@ -171,12 +236,50 @@ but still uses the `traefik.http.services.XXX.loadbalancer.server.port` that is
_Optional, Default=true_ _Optional, Default=true_
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
exposedByDefault: false
# ...
```
```bash tab="CLI"
--providers.docker.exposedByDefault=false
# ...
```
Expose containers by default through Traefik. Expose containers by default through Traefik.
If set to false, containers that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration. If set to false, containers that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `network` ### `network`
_Optional_ _Optional, Default=empty_
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
network: test
# ...
```
```bash tab="CLI"
--providers.docker.network=test
# ...
```
Defines a default docker network to use for connections to all containers. Defines a default docker network to use for connections to all containers.
@ -186,39 +289,100 @@ This option can be overridden on a container basis with the `traefik.docker.netw
_Optional, Default=```Host(`{{ normalize .Name }}`)```_ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.docker.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead. For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/), It must be a valid [Go template](https://golang.org/pkg/text/template/),
augmented with the [sprig template functions](http://masterminds.github.io/sprig/). augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
The container service name can be accessed as the `Name` identifier, The container service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container. and the template has access to all the labels defined on this container.
```toml tab="File"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.docker
--providers.docker.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
### `swarmMode` ### `swarmMode`
_Optional, Default=false_ _Optional, Default=false_
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
swarmMode: true
# ...
```
```bash tab="CLI"
--providers.docker.swarmMode=true
# ...
```
Activates the Swarm Mode. Activates the Swarm Mode.
### `swarmModeRefreshSeconds` ### `swarmModeRefreshSeconds`
_Optional, Default=15_ _Optional, Default=15_
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
swarmModeRefreshSeconds: "30s"
# ...
```
```bash tab="CLI"
--providers.docker.swarmModeRefreshSeconds=30s
# ...
```
Defines the polling interval (in seconds) in Swarm Mode. Defines the polling interval (in seconds) in Swarm Mode.
### `constraints` ### `constraints`
_Optional, Default=""_ _Optional, Default=""_
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`, `foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
constraints: "Label(`a.label.name`, `foo`)"
# ...
```
```bash tab="CLI"
--providers.docker.constraints="Label(`a.label.name`, `foo`)"
# ...
```
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
That is to say, if none of the container's labels match the expression, no route for the container is created. That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included. If the expression is empty, all detected containers are included.
@ -257,6 +421,8 @@ The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp(
constraints = "LabelRegexp(`a.label.name`, `a.+`)" constraints = "LabelRegexp(`a.label.name`, `a.+`)"
``` ```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
## Routing Configuration Options ## Routing Configuration Options
### General ### General

View file

@ -6,7 +6,6 @@ Good Old Configuration File
The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file. The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file.
You can write these configuration elements: You can write these configuration elements:
* At the end of the main Traefik configuration file (by default: `traefik.toml`/`traefik.yml`/`traefik.yaml`).
* In [a dedicated file](#filename) * In [a dedicated file](#filename)
* In [several dedicated files](#directory) * In [several dedicated files](#directory)
@ -22,13 +21,19 @@ You can write these configuration elements:
Enabling the file provider: Enabling the file provider:
```toml tab="TOML" ```toml tab="File (TOML)"
[providers.file] [providers.file]
filename = "/my/path/to/dynamic-conf.toml"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
providers: providers:
file: {} file:
filename: "/my/path/to/dynamic-conf.yml"
```
```bash tab="CLI"
--providers.file.filename=/my/path/to/dynamic_conf.toml
``` ```
Declaring Routers, Middlewares & Services: Declaring Routers, Middlewares & Services:
@ -102,16 +107,20 @@ _Optional_
Defines the path of the configuration file. Defines the path of the configuration file.
```toml tab="TOML" ```toml tab="File (TOML)"
[providers] [providers]
[providers.file] [providers.file]
filename = "rules.toml" filename = "dynamic_conf.toml"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
providers: providers:
file: file:
filename: rules.yaml filename: dynamic_conf.yml
```
```bash tab="CLI"
--providers.file.filename=dynamic_conf.toml
``` ```
### `directory` ### `directory`
@ -120,18 +129,22 @@ _Optional_
Defines the directory that contains the configuration files. Defines the directory that contains the configuration files.
```toml tab="TOML" ```toml tab="File (TOML)"
[providers] [providers]
[providers.file] [providers.file]
directory = "/path/to/config" directory = "/path/to/config"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
providers: providers:
file: file:
directory: /path/to/config directory: /path/to/config
``` ```
```bash tab="CLI"
--providers.file.directory=/path/to/config
```
### `watch` ### `watch`
_Optional_ _Optional_
@ -139,20 +152,25 @@ _Optional_
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
It works with both the `filename` and the `directory` options. It works with both the `filename` and the `directory` options.
```toml tab="TOML" ```toml tab="File (TOML)"
[providers] [providers]
[providers.file] [providers.file]
filename = "rules.toml" filename = "dynamic_conf.toml"
watch = true watch = true
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
providers: providers:
file: file:
filename: rules.yml filename: dynamic_conf.yml
watch: true watch: true
``` ```
```bash tab="CLI"
--providers.file.filename=dynamic_conf.toml
--providers.file.watch=true
```
### Go Templating ### Go Templating
!!! warning !!! warning

View file

@ -3,12 +3,7 @@
The Kubernetes Ingress Controller, The Custom Resource Way. The Kubernetes Ingress Controller, The Custom Resource Way.
{: .subtitle } {: .subtitle }
<!-- Traefik used to support Kubernetes only through the [Kubernetes Ingress provider](./kubernetes-ingress.md), which is a Kubernetes Ingress controller in the strict sense of the term.
TODO (Link "Kubernetes Ingress controller" to ./kubernetes-ingress.md)
-->
The Traefik Kubernetes provider used to be a Kubernetes Ingress controller in the strict sense of the term; that is to say,
it would manage access to a cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
However, as the community expressed the need to benefit from Traefik features without resorting to (lots of) annotations, However, as the community expressed the need to benefit from Traefik features without resorting to (lots of) annotations,
we ended up writing a [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) (alias CRD in the following) for an IngressRoute type, defined below, in order to provide a better way to configure access to a Kubernetes cluster. we ended up writing a [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) (alias CRD in the following) for an IngressRoute type, defined below, in order to provide a better way to configure access to a Kubernetes cluster.
@ -19,6 +14,23 @@ we ended up writing a [Custom Resource Definition](https://kubernetes.io/docs/co
_Optional, Default=empty_ _Optional, Default=empty_
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.endpoint="http://localhost:8080"
```
The Kubernetes server endpoint as URL. The Kubernetes server endpoint as URL.
When deployed into Kubernetes, Traefik will read the environment variables `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` or `KUBECONFIG` to construct the endpoint. When deployed into Kubernetes, Traefik will read the environment variables `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` or `KUBECONFIG` to construct the endpoint.
@ -32,109 +44,130 @@ When the environment variables are not found, Traefik will try to connect to the
In this case, the endpoint is required. In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
--providers.kubernetescrd.endpoint="http://localhost:8080"
```
### `token` ### `token`
_Optional, Default=empty_ _Optional, Default=empty_
Bearer token used for the Kubernetes client configuration. ```toml tab="File (TOML)"
```toml tab="File"
[providers.kubernetesCRD] [providers.kubernetesCRD]
token = "mytoken" token = "mytoken"
# ... # ...
``` ```
```txt tab="CLI" ```yaml tab="File (YAML)"
--providers.kubernetescrd providers:
kubernetesCRD:
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.token="mytoken" --providers.kubernetescrd.token="mytoken"
``` ```
Bearer token used for the Kubernetes client configuration.
### `certAuthFilePath` ### `certAuthFilePath`
_Optional, Default=empty_ _Optional, Default=empty_
Path to the certificate authority file. ```toml tab="File (TOML)"
Used for the Kubernetes client configuration.
```toml tab="File"
[providers.kubernetesCRD] [providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt" certAuthFilePath = "/my/ca.crt"
# ... # ...
``` ```
```txt tab="CLI" ```yaml tab="File (YAML)"
--providers.kubernetescrd providers:
kubernetesCRD:
certAuthFilePath: "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.certauthfilepath="/my/ca.crt" --providers.kubernetescrd.certauthfilepath="/my/ca.crt"
``` ```
Path to the certificate authority file.
Used for the Kubernetes client configuration.
### `namespaces` ### `namespaces`
_Optional, Default: all namespaces (empty array)_ _Optional, Default: all namespaces (empty array)_
Array of namespaces to watch. ```toml tab="File (TOML)"
```toml tab="File"
[providers.kubernetesCRD] [providers.kubernetesCRD]
namespaces = ["default", "production"] namespaces = ["default", "production"]
# ... # ...
``` ```
```txt tab="CLI" ```yaml tab="File (YAML)"
--providers.kubernetescrd providers:
kubernetesCRD:
namespaces:
- "default"
- "production"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.namespaces="default,production" --providers.kubernetescrd.namespaces="default,production"
``` ```
Array of namespaces to watch.
### `labelselector` ### `labelselector`
_Optional,Default: empty (process all Ingresses)_ _Optional,Default: empty (process all Ingresses)_
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "A and not B"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
labelselector: "A and not B"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.labelselector="A and not B"
```
By default, Traefik processes all Ingress objects in the configured namespaces. By default, Traefik processes all Ingress objects in the configured namespaces.
A label selector can be defined to filter on specific Ingress objects only. A label selector can be defined to filter on specific Ingress objects only.
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File"
[providers.kubernetesCRD]
labelselector = "A and not B"
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
--providers.kubernetescrd.labelselector="A and not B"
```
### `ingressClass` ### `ingressClass`
_Optional, Default: empty_ _Optional, Default: empty_
Value of `kubernetes.io/ingress.class` annotation that identifies Ingress objects to be processed. ```toml tab="File (TOML)"
If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
```toml tab="File"
[providers.kubernetesCRD] [providers.kubernetesCRD]
ingressClass = "traefik-internal" ingressClass = "traefik-internal"
# ... # ...
``` ```
```txt tab="CLI" ```yaml tab="File (YAML)"
--providers.kubernetescrd providers:
kubernetesCRD:
ingressClass: "traefik-internal"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.ingressclass="traefik-internal" --providers.kubernetescrd.ingressclass="traefik-internal"
``` ```
Value of `kubernetes.io/ingress.class` annotation that identifies Ingress objects to be processed.
If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
## Resource Configuration ## Resource Configuration
If you're in a hurry, maybe you'd rather go through the [dynamic](../reference/dynamic-configuration/kubernetes-crd.md) configuration reference. If you're in a hurry, maybe you'd rather go through the [dynamic](../reference/dynamic-configuration/kubernetes-crd.md) configuration reference.
@ -258,7 +291,7 @@ metadata:
namespace: default namespace: default
spec: spec:
minversion: VersionTLS12 minVersion: VersionTLS12
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1

View file

@ -1,6 +1,310 @@
# Traefik & Kubernetes # Traefik & Kubernetes
Kubernetes Ingress. The Kubernetes Ingress Controller.
{: .subtitle } {: .subtitle }
TODO The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; that is to say,
it manages access to a cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
## Enabling and using the provider
As usual, the provider is enabled through the static configuration:
```toml tab="File (TOML)"
[providers.kubernetesIngress]
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress: {}
```
```bash tab="CLI"
--providers.kubernetesingress=true
```
The provider then watches for incoming ingresses events, such as the example below, and derives the corresponding dynamic configuration from it, which in turn will create the resulting routers, services, handlers, etc.
```yaml tab="File (YAML)"
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: "foo"
namespace: production
spec:
rules:
- host: foo.com
http:
paths:
- path: /bar
backend:
serviceName: service1
servicePort: 80
- path: /foo
backend:
serviceName: service1
servicePort: 80
```
## Provider Configuration Options
!!! tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration/overview.md) configuration reference.
### `endpoint`
_Optional, Default=empty_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.endpoint="http://localhost:8080"
```
The Kubernetes server endpoint as URL, which is only used when the behavior based on environment variables described below does not apply.
When deployed into Kubernetes, Traefik reads the environment variables `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` or `KUBECONFIG` to construct the endpoint.
The access token is looked up in `/var/run/secrets/kubernetes.io/serviceaccount/token` and the SSL CA certificate in `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
They are both provided automatically as mounts in the pod where Traefik is deployed.
When the environment variables are not found, Traefik tries to connect to the Kubernetes API server with an external-cluster client.
In which case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
### `token`
_Optional, Default=empty_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.token="mytoken"
```
Bearer token used for the Kubernetes client configuration.
### `certAuthFilePath`
_Optional, Default=empty_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
certAuthFilePath: "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.certauthfilepath="/my/ca.crt"
```
Path to the certificate authority file.
Used for the Kubernetes client configuration.
### `disablePassHostHeaders`
_Optional, Default=false_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
disablePassHostHeaders = true
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
disablePassHostHeaders: true
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.disablepasshostheaders=true
```
Whether to disable PassHost Headers.
### `namespaces`
_Optional, Default: all namespaces (empty array)_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
namespaces:
- "default"
- "production"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.namespaces="default,production"
```
Array of namespaces to watch.
### `labelSelector`
_Optional,Default: empty (process all Ingresses)_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "A and not B"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
labelselector: "A and not B"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.labelselector="A and not B"
```
By default, Traefik processes all Ingress objects in the configured namespaces.
A label selector can be defined to filter on specific Ingress objects only.
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
### `ingressClass`
_Optional, Default: empty_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
ingressClass: "traefik-internal"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressclass="traefik-internal"
```
Value of `kubernetes.io/ingress.class` annotation that identifies Ingress objects to be processed.
If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
Otherwise, Ingresses missing the annotation, having an empty value, or with the value `traefik` are processed.
### `ingressEndpoint`
#### `hostname`
_Optional, Default: empty_
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
hostname = "foo.com"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
ingressEndpoint:
hostname: "foo.com"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.hostname="foo.com"
```
Hostname used for Kubernetes Ingress endpoints.
#### `ip`
_Optional, Default: empty_
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
ip = "1.2.3.4"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
ingressEndpoint:
ip: "1.2.3.4"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.ip="1.2.3.4"
```
IP used for Kubernetes Ingress endpoints.
#### `publishedService`
_Optional, Default: empty_
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
publishedService = "foo-service"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
ingressEndpoint:
publishedService: "foo-service"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.publishedservice="foo-service"
```
Published Kubernetes Service to copy status from.
## Further
If one wants to know more about the various aspects of the Ingress spec that Traefik supports, many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

View file

@ -11,14 +11,17 @@ See also [Marathon user guide](../user-guides/marathon.md).
Enabling the marathon provider Enabling the marathon provider
```toml tab="File" ```toml tab="File (TOML)"
[providers.marathon] [providers.marathon]
endpoint = "http://127.0.0.1:8080"
``` ```
```txt tab="CLI" ```yaml tab="File (YAML)"
--providers.marathon providers:
--providers.marathon.endpoint="http://127.0.0.1:8080" marathon: {}
```
```bash tab="CLI"
--providers.marathon=true
``` ```
Attaching labels to marathon applications Attaching labels to marathon applications
@ -55,43 +58,74 @@ See also [Marathon user guide](../user-guides/marathon.md).
_Optional_ _Optional_
Enables Marathon basic authentication. ```toml tab="File (TOML)"
```toml tab="File"
[providers.marathon.basic] [providers.marathon.basic]
httpBasicAuthUser = "foo" httpBasicAuthUser = "foo"
httpBasicPassword = "bar" httpBasicPassword = "bar"
``` ```
```txt tab="CLI" ```yaml tab="File (YAML)"
--providers.marathon providers:
marathon:
basic:
httpBasicAuthUser: foo
httpBasicPassword: bar
```
```bash tab="CLI"
--providers.marathon.basic.httpbasicauthuser="foo" --providers.marathon.basic.httpbasicauthuser="foo"
--providers.marathon.basic.httpbasicpassword="bar" --providers.marathon.basic.httpbasicpassword="bar"
``` ```
Enables Marathon basic authentication.
### `dcosToken` ### `dcosToken`
_Optional_ _Optional_
DCOSToken for DCOS environment. ```toml tab="File (TOML)"
If set, it overrides the Authorization header.
```toml tab="File"
[providers.marathon] [providers.marathon]
dcosToken = "xxxxxx" dcosToken = "xxxxxx"
# ... # ...
``` ```
```txt tab="CLI" ```toml tab="File (YAML)"
--providers.marathon providers:
marathon:
dcosToken: "xxxxxx"
# ...
```
```bash tab="CLI"
--providers.marathon.dcosToken="xxxxxx" --providers.marathon.dcosToken="xxxxxx"
``` ```
DCOSToken for DCOS environment.
If set, it overrides the Authorization header.
### `defaultRule` ### `defaultRule`
_Optional, Default=```Host(`{{ normalize .Name }}`)```_ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.marathon.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
For a given application if no routing rule was defined by a label, it is defined by this defaultRule instead. For a given application if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/), It must be a valid [Go template](https://golang.org/pkg/text/template/),
@ -100,21 +134,27 @@ augmented with the [sprig template functions](http://masterminds.github.io/sprig
The app ID can be accessed as the Name identifier, The app ID can be accessed as the Name identifier,
and the template has access to all the labels defined on this Marathon application. and the template has access to all the labels defined on this Marathon application.
```toml tab="File"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.marathon
--providers.marathon.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
### `dialerTimeout` ### `dialerTimeout`
_Optional, Default=5s_ _Optional, Default=5s_
```toml tab="File (TOML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```toml tab="File (YAML)"
providers:
marathon:
dialerTimeout: "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.dialerTimeout=10s
```
Overrides DialerTimeout. Overrides DialerTimeout.
Amount of time the Marathon provider should wait before timing out, Amount of time the Marathon provider should wait before timing out,
@ -127,33 +167,77 @@ or directly as a number of seconds.
_Optional, Default=http://127.0.0.1:8080_ _Optional, Default=http://127.0.0.1:8080_
Marathon server endpoint. ```toml tab="File (TOML)"
You can optionally specify multiple endpoints:
```toml tab="File"
[providers.marathon] [providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080" endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ... # ...
``` ```
```txt tab="CLI" ```toml tab="File (YAML)"
--providers.marathon providers:
marathon:
endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```bash tab="CLI"
--providers.marathon.endpoint="http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080" --providers.marathon.endpoint="http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
``` ```
Marathon server endpoint.
You can optionally specify multiple endpoints:
### `exposedByDefault` ### `exposedByDefault`
_Optional, Default=true_ _Optional, Default=true_
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
exposedByDefault: false
# ...
```
```bash tab="CLI"
--providers.marathon.exposedByDefault=false
# ...
```
Exposes Marathon applications by default through Traefik. Exposes Marathon applications by default through Traefik.
If set to false, applications that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration. If set to false, applications that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `constraints` ### `constraints`
_Optional, Default=""_ _Optional, Default=""_
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`, `foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
constraints: "Label(`a.label.name`, `foo`)"
# ...
```
```bash tab="CLI"
--providers.marathon.constraints="Label(`a.label.name`, `foo`)"
# ...
```
Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application. Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application.
That is to say, if none of the application's labels match the expression, no route for the application is created. That is to say, if none of the application's labels match the expression, no route for the application is created.
In addition, the expression also matched against the application's constraints, such as described in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html). In addition, the expression also matched against the application's constraints, such as described in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html).
@ -204,10 +288,30 @@ In addition, to match against marathon constraints, the function `MarathonConstr
constraints = "MarathonConstraint(`A:B:C`) && Label(`a.label.name`, `value`)" constraints = "MarathonConstraint(`A:B:C`) && Label(`a.label.name`, `value`)"
``` ```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `forceTaskHostname` ### `forceTaskHostname`
_Optional, Default=false_ _Optional, Default=false_
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
forceTaskHostname: true
# ...
```
```bash tab="CLI"
--providers.marathon.forceTaskHostname=true
# ...
```
By default, a task's IP address (as returned by the Marathon API) is used as backend server if an IP-per-task configuration can be found; By default, a task's IP address (as returned by the Marathon API) is used as backend server if an IP-per-task configuration can be found;
otherwise, the name of the host running the task is used. otherwise, the name of the host running the task is used.
The latter behavior can be enforced by enabling this switch. The latter behavior can be enforced by enabling this switch.
@ -216,6 +320,24 @@ The latter behavior can be enforced by enabling this switch.
_Optional, Default=10s_ _Optional, Default=10s_
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
keepAlive: "30s"
# ...
```
```bash tab="CLI"
--providers.marathon.keepAlive=30s
# ...
```
Set the TCP Keep Alive interval for the Marathon HTTP Client. Set the TCP Keep Alive interval for the Marathon HTTP Client.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration), Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration),
or directly as a number of seconds. or directly as a number of seconds.
@ -224,6 +346,24 @@ or directly as a number of seconds.
_Optional, Default=false_ _Optional, Default=false_
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
respectReadinessChecks: true
# ...
```
```bash tab="CLI"
--providers.marathon.respectReadinessChecks=true
# ...
```
Applications may define readiness checks which are probed by Marathon during deployments periodically, and these check results are exposed via the API. Applications may define readiness checks which are probed by Marathon during deployments periodically, and these check results are exposed via the API.
Enabling respectReadinessChecks causes Traefik to filter out tasks whose readiness checks have not succeeded. Enabling respectReadinessChecks causes Traefik to filter out tasks whose readiness checks have not succeeded.
Note that the checks are only valid at deployment times. Note that the checks are only valid at deployment times.
@ -234,6 +374,24 @@ See the Marathon guide for details.
_Optional, Default=60s_ _Optional, Default=60s_
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
responseHeaderTimeout: "66s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout="66s"
# ...
```
Overrides ResponseHeaderTimeout. Overrides ResponseHeaderTimeout.
Amount of time the Marathon provider should wait before timing out, Amount of time the Marathon provider should wait before timing out,
when waiting for the first response header from a Marathon master. when waiting for the first response header from a Marathon master.
@ -244,9 +402,7 @@ Can be provided in a format supported by [time.ParseDuration](https://golang.org
_Optional_ _Optional_
TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config). ```toml tab="File (TOML)"
```toml tab="File"
[providers.marathon.tls] [providers.marathon.tls]
ca = "/etc/ssl/ca.crt" ca = "/etc/ssl/ca.crt"
cert = "/etc/ssl/marathon.cert" cert = "/etc/ssl/marathon.cert"
@ -254,19 +410,49 @@ TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Confi
insecureSkipVerify = true insecureSkipVerify = true
``` ```
```txt tab="CLI" ```yaml tab="File (YAML)"
--providers.marathon.tls providers:
marathon
tls:
ca: "/etc/ssl/ca.crt"
cert: "/etc/ssl/marathon.cert"
key: "/etc/ssl/marathon.key"
insecureSkipVerify: true
```
```bash tab="CLI"
--providers.marathon.tls.ca="/etc/ssl/ca.crt" --providers.marathon.tls.ca="/etc/ssl/ca.crt"
--providers.marathon.tls.cert="/etc/ssl/marathon.cert" --providers.marathon.tls.cert="/etc/ssl/marathon.cert"
--providers.marathon.tls.key="/etc/ssl/marathon.key" --providers.marathon.tls.key="/etc/ssl/marathon.key"
--providers.marathon.tls.insecureskipverify=true --providers.marathon.tls.insecureskipverify=true
``` ```
### `TLSHandshakeTimeout` TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config).
### `tlsHandshakeTimeout`
_Optional, Default=5s_ _Optional, Default=5s_
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
responseHeaderTimeout: "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout="10s"
# ...
```
Overrides TLSHandshakeTimeout. Overrides TLSHandshakeTimeout.
Amount of time the Marathon provider should wait before timing out, Amount of time the Marathon provider should wait before timing out,
when waiting for the TLS handshake to complete. when waiting for the TLS handshake to complete.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration), Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration),
@ -276,12 +462,48 @@ or directly as a number of seconds.
_Optional, Default=false_ _Optional, Default=false_
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
trace: true
# ...
```
```bash tab="CLI"
--providers.marathon.trace=true
# ...
```
Displays additional provider logs (if available). Displays additional provider logs (if available).
### `watch` ### `watch`
_Optional, Default=true_ _Optional, Default=true_
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
watch: false
# ...
```
```bash tab="CLI"
--providers.marathon.watch=false
# ...
```
Enables watching for Marathon changes. Enables watching for Marathon changes.
## Routing Configuration Options ## Routing Configuration Options

View file

@ -18,10 +18,19 @@ Attach labels to your services and let Traefik do the rest!
Enabling the rancher provider Enabling the rancher provider
```toml ```toml tab="File (TOML)"
[providers.rancher] [providers.rancher]
``` ```
```yaml tab="File (YAML)"
providers:
rancher: {}
```
```bash tab="CLI"
--providers.rancher=true
```
Attaching labels to services Attaching labels to services
```yaml ```yaml
@ -34,21 +43,69 @@ Attach labels to your services and let Traefik do the rest!
??? tip "Browse the Reference" ??? tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the configuration reference: If you're in a hurry, maybe you'd rather go through the configuration reference:
```toml ```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml" --8<-- "content/providers/rancher.toml"
``` ```
### `ExposedByDefault` ```yaml tab="File (YAML)"
--8<-- "content/providers/rancher.yml"
```
```bash tab="CLI"
--8<-- "content/providers/rancher.txt"
```
List of all available labels for the [dynamic](../reference/dynamic-configuration/rancher.md) configuration references.
### `exposedByDefault`
_Optional, Default=true_ _Optional, Default=true_
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
exposedByDefault: false
# ...
```
```bash tab="CLI"
--providers.rancher.exposedByDefault=false
# ...
```
Expose Rancher services by default in Traefik. Expose Rancher services by default in Traefik.
If set to false, services that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration. If set to false, services that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
### `DefaultRule` See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `defaultRule`
_Optional, Default=```Host(`{{ normalize .Name }}`)```_ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
The default host rule for all services. The default host rule for all services.
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead. For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
@ -57,48 +114,127 @@ augmented with the [sprig template functions](http://masterminds.github.io/sprig
The service name can be accessed as the `Name` identifier, The service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container. and the template has access to all the labels defined on this container.
```toml tab="File"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.rancher
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label. This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
### `EnableServiceHealthFilter` ### `enableServiceHealthFilter`
_Optional, Default=true_ _Optional, Default=true_
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
enableServiceHealthFilter: false
# ...
```
```bash tab="CLI"
--providers.rancher.enableServiceHealthFilter=false
# ...
```
Filter services with unhealthy states and inactive states. Filter services with unhealthy states and inactive states.
### `RefreshSeconds` ### `refreshSeconds`
_Optional, Default=15_ _Optional, Default=15_
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
refreshSeconds: 30
# ...
```
```bash tab="CLI"
--providers.rancher.refreshSeconds=30
# ...
```
Defines the polling interval (in seconds). Defines the polling interval (in seconds).
### `IntervalPoll` ### `intervalPoll`
_Optional, Default=false_ _Optional, Default=false_
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
intervalPoll: true
# ...
```
```bash tab="CLI"
--providers.rancher.intervalPoll=true
# ...
```
Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, Poll the Rancher metadata service for changes every `rancher.refreshSeconds`,
which is less accurate than the default long polling technique which will provide near instantaneous updates to Traefik. which is less accurate than the default long polling technique which will provide near instantaneous updates to Traefik.
### `Prefix` ### `prefix`
_Optional, Default=/latest_ _Optional, Default=/latest_
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
prefix: "/test"
# ...
```
```bash tab="CLI"
--providers.rancher.prefix="/test"
# ...
```
Prefix used for accessing the Rancher metadata service Prefix used for accessing the Rancher metadata service
### `constraints` ### `constraints`
_Optional, Default=""_ _Optional, Default=""_
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`, `foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
constraints: "Label(`a.label.name`, `foo`)"
# ...
```
```bash tab="CLI"
--providers.rancher.constraints="Label(`a.label.name`, `foo`)"
# ...
```
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
That is to say, if none of the container's labels match the expression, no route for the container is created. That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included. If the expression is empty, all detected containers are included.
@ -137,6 +273,8 @@ The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp(
constraints = "LabelRegexp(`a.label.name`, `a.+`)" constraints = "LabelRegexp(`a.label.name`, `a.+`)"
``` ```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
## Routing Configuration Options ## Routing Configuration Options
### General ### General

View file

@ -11,7 +11,7 @@
enableServiceHealthFilter = true enableServiceHealthFilter = true
# Defines the polling interval (in seconds). # Defines the polling interval (in seconds).
refreshSeconds = true refreshSeconds = 15
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
intervalPoll = false intervalPoll = false

View file

@ -0,0 +1,20 @@
# Enable Rancher Provider.
--providers.rancher=true
# Expose Rancher services by default in Traefik.
--providers.rancher.exposedByDefault=true
# Enable watch Rancher changes.
--providers.rancher.watch=true
# Filter services with unhealthy states and inactive states.
--providers.rancher.enableServiceHealthFilter=true
# Defines the polling interval (in seconds).
--providers.rancher.refreshSeconds=15
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
--providers.rancher.intervalPoll=false
# Prefix used for accessing the Rancher metadata service
--providers.rancher.prefix="/latest"

View file

@ -0,0 +1,21 @@
# Enable Rancher Provider.
providers:
rancher:
# Expose Rancher services by default in Traefik.
exposedByDefault: true
# Enable watch Rancher changes.
watch: true
# Filter services with unhealthy states and inactive states.
enableServiceHealthFilter: true
# Defines the polling interval (in seconds).
refreshSeconds: 15
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
intervalPoll: false
# Prefix used for accessing the Rancher metadata service
prefix: "/latest"

View file

@ -0,0 +1,178 @@
- "traefik.http.middlewares.middleware00.addprefix.prefix=foobar"
- "traefik.http.middlewares.middleware01.basicauth.headerfield=foobar"
- "traefik.http.middlewares.middleware01.basicauth.realm=foobar"
- "traefik.http.middlewares.middleware01.basicauth.removeheader=true"
- "traefik.http.middlewares.middleware01.basicauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware01.basicauth.usersfile=foobar"
- "traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.memrequestbodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.memresponsebodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.retryexpression=foobar"
- "traefik.http.middlewares.middleware03.chain.middlewares=foobar, foobar"
- "traefik.http.middlewares.middleware04.circuitbreaker.expression=foobar"
- "traefik.http.middlewares.middleware05.compress=true"
- "traefik.http.middlewares.middleware06.digestauth.headerfield=foobar"
- "traefik.http.middlewares.middleware06.digestauth.realm=foobar"
- "traefik.http.middlewares.middleware06.digestauth.removeheader=true"
- "traefik.http.middlewares.middleware06.digestauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware06.digestauth.usersfile=foobar"
- "traefik.http.middlewares.middleware07.errors.query=foobar"
- "traefik.http.middlewares.middleware07.errors.service=foobar"
- "traefik.http.middlewares.middleware07.errors.status=foobar, foobar"
- "traefik.http.middlewares.middleware08.forwardauth.address=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.authresponseheaders=foobar, foobar"
- "traefik.http.middlewares.middleware08.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware08.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware08.forwardauth.tls.key=foobar"
- "traefik.http.middlewares.middleware08.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.middleware09.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.middleware09.headers.accesscontrolallowheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolallowmethods=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolalloworigin=foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolexposeheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.accesscontrolmaxage=42"
- "traefik.http.middlewares.middleware09.headers.addvaryheader=true"
- "traefik.http.middlewares.middleware09.headers.allowedhosts=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.browserxssfilter=true"
- "traefik.http.middlewares.middleware09.headers.contentsecuritypolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.contenttypenosniff=true"
- "traefik.http.middlewares.middleware09.headers.custombrowserxssvalue=foobar"
- "traefik.http.middlewares.middleware09.headers.customframeoptionsvalue=foobar"
- "traefik.http.middlewares.middleware09.headers.customrequestheaders.name0=foobar"
- "traefik.http.middlewares.middleware09.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware09.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware09.headers.framedeny=true"
- "traefik.http.middlewares.middleware09.headers.hostsproxyheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.isdevelopment=true"
- "traefik.http.middlewares.middleware09.headers.publickey=foobar"
- "traefik.http.middlewares.middleware09.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware09.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware09.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware09.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.sslredirect=true"
- "traefik.http.middlewares.middleware09.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware09.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware09.headers.stspreload=true"
- "traefik.http.middlewares.middleware09.headers.stsseconds=42"
- "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware10.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware11.maxconn.amount=42"
- "traefik.http.middlewares.middleware11.maxconn.extractorfunc=foobar"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.pem=true"
- "traefik.http.middlewares.middleware13.redirectregex.permanent=true"
- "traefik.http.middlewares.middleware13.redirectregex.regex=foobar"
- "traefik.http.middlewares.middleware13.redirectregex.replacement=foobar"
- "traefik.http.middlewares.middleware14.redirectscheme.permanent=true"
- "traefik.http.middlewares.middleware14.redirectscheme.port=foobar"
- "traefik.http.middlewares.middleware14.redirectscheme.scheme=foobar"
- "traefik.http.middlewares.middleware15.replacepath.path=foobar"
- "traefik.http.middlewares.middleware16.replacepathregex.regex=foobar"
- "traefik.http.middlewares.middleware16.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware17.retry.attempts=42"
- "traefik.http.middlewares.middleware18.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware19.stripprefixregex.regex=foobar, foobar"
- "traefik.http.routers.router0.entrypoints=foobar, foobar"
- "traefik.http.routers.router0.middlewares=foobar, foobar"
- "traefik.http.routers.router0.priority=42"
- "traefik.http.routers.router0.rule=foobar"
- "traefik.http.routers.router0.service=foobar"
- "traefik.http.routers.router0.tls=true"
- "traefik.http.routers.router0.tls.certresolver=foobar"
- "traefik.http.routers.router0.tls.domains[0].main=foobar"
- "traefik.http.routers.router0.tls.domains[0].sans=foobar, foobar"
- "traefik.http.routers.router0.tls.domains[1].main=foobar"
- "traefik.http.routers.router0.tls.domains[1].sans=foobar, foobar"
- "traefik.http.routers.router0.tls.options=foobar"
- "traefik.http.routers.router1.entrypoints=foobar, foobar"
- "traefik.http.routers.router1.middlewares=foobar, foobar"
- "traefik.http.routers.router1.priority=42"
- "traefik.http.routers.router1.rule=foobar"
- "traefik.http.routers.router1.service=foobar"
- "traefik.http.routers.router1.tls=true"
- "traefik.http.routers.router1.tls.certresolver=foobar"
- "traefik.http.routers.router1.tls.domains[0].main=foobar"
- "traefik.http.routers.router1.tls.domains[0].sans=foobar, foobar"
- "traefik.http.routers.router1.tls.domains[1].main=foobar"
- "traefik.http.routers.router1.tls.domains[1].sans=foobar, foobar"
- "traefik.http.routers.router1.tls.options=foobar"
- "traefik.http.services.service0.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.service0.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.service0.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.service0.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.service0.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.service0.loadbalancer.healthcheck.port=42"
- "traefik.http.services.service0.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.service0.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.service0.loadbalancer.passhostheader=true"
- "traefik.http.services.service0.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.service0.loadbalancer.stickiness=true"
- "traefik.http.services.service0.loadbalancer.stickiness.cookiename=foobar"
- "traefik.http.services.service0.loadbalancer.stickiness.httponlycookie=true"
- "traefik.http.services.service0.loadbalancer.stickiness.securecookie=true"
- "traefik.http.services.service0.loadbalancer.server.port=foobar"
- "traefik.http.services.service0.loadbalancer.server.scheme=foobar"
- "traefik.http.services.service1.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.service1.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.service1.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.service1.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.service1.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.service1.loadbalancer.healthcheck.port=42"
- "traefik.http.services.service1.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.service1.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.service1.loadbalancer.passhostheader=true"
- "traefik.http.services.service1.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.service1.loadbalancer.stickiness=true"
- "traefik.http.services.service1.loadbalancer.stickiness.cookiename=foobar"
- "traefik.http.services.service1.loadbalancer.stickiness.httponlycookie=true"
- "traefik.http.services.service1.loadbalancer.stickiness.securecookie=true"
- "traefik.http.services.service1.loadbalancer.server.port=foobar"
- "traefik.http.services.service1.loadbalancer.server.scheme=foobar"
- "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.rule=foobar"
- "traefik.tcp.routers.tcprouter0.service=foobar"
- "traefik.tcp.routers.tcprouter0.tls=true"
- "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
- "traefik.tcp.routers.tcprouter0.tls.domains[0].main=foobar"
- "traefik.tcp.routers.tcprouter0.tls.domains[0].sans=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.tls.domains[1].main=foobar"
- "traefik.tcp.routers.tcprouter0.tls.domains[1].sans=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.tls.options=foobar"
- "traefik.tcp.routers.tcprouter0.tls.passthrough=true"
- "traefik.tcp.routers.tcprouter1.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.rule=foobar"
- "traefik.tcp.routers.tcprouter1.service=foobar"
- "traefik.tcp.routers.tcprouter1.tls=true"
- "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
- "traefik.tcp.routers.tcprouter1.tls.domains[0].main=foobar"
- "traefik.tcp.routers.tcprouter1.tls.domains[0].sans=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.tls.domains[1].main=foobar"
- "traefik.tcp.routers.tcprouter1.tls.domains[1].sans=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.tls.options=foobar"
- "traefik.tcp.routers.tcprouter1.tls.passthrough=true"
- "traefik.tcp.services.tcpservice0.loadbalancer.server.port=foobar"
- "traefik.tcp.services.tcpservice1.loadbalancer.server.port=foobar"

View file

@ -6,5 +6,7 @@ Dynamic configuration with Docker Labels
The labels are case insensitive. The labels are case insensitive.
```yaml ```yaml
--8<-- "content/reference/dynamic-configuration/labels.yml" labels:
--8<-- "content/reference/dynamic-configuration/docker.yml"
--8<-- "content/reference/dynamic-configuration/docker-labels.yml"
``` ```

View file

@ -0,0 +1,3 @@
- "traefik.enable=true"
- "traefik.docker.network=foobar"
- "traefik.docker.lbswarm=true"

View file

@ -7,126 +7,135 @@
rule = "foobar" rule = "foobar"
priority = 42 priority = 42
[http.routers.Router0.tls] [http.routers.Router0.tls]
options = "TLS0" options = "foobar"
[http.middlewares] certResolver = "foobar"
[http.middlewares.Middleware0]
[http.middlewares.Middleware0.addPrefix] [[http.routers.Router0.tls.domains]]
prefix = "foobar" main = "foobar"
[http.middlewares.Middleware1] sans = ["foobar", "foobar"]
[http.middlewares.Middleware1.stripPrefix]
prefixes = ["foobar", "foobar"] [[http.routers.Router0.tls.domains]]
[http.middlewares.Middleware10] main = "foobar"
[http.middlewares.Middleware10.rateLimit] sans = ["foobar", "foobar"]
extractorFunc = "foobar" [http.routers.Router1]
[http.middlewares.Middleware10.rateLimit.rateSet] entryPoints = ["foobar", "foobar"]
[http.middlewares.Middleware10.rateLimit.rateSet.Rate0] middlewares = ["foobar", "foobar"]
period = 42 service = "foobar"
average = 42 rule = "foobar"
burst = 42 priority = 42
[http.middlewares.Middleware10.rateLimit.rateSet.Rate1] [http.routers.Router1.tls]
period = 42 options = "foobar"
average = 42 certResolver = "foobar"
burst = 42
[http.middlewares.Middleware11] [[http.routers.Router1.tls.domains]]
[http.middlewares.Middleware11.redirectRegex] main = "foobar"
regex = "foobar" sans = ["foobar", "foobar"]
replacement = "foobar"
permanent = true [[http.routers.Router1.tls.domains]]
[http.middlewares.Middleware12] main = "foobar"
[http.middlewares.Middleware12.redirectScheme] sans = ["foobar", "foobar"]
[http.services]
[http.services.Service0]
[http.services.Service0.loadBalancer]
passHostHeader = true
[http.services.Service0.loadBalancer.stickiness]
cookieName = "foobar"
secureCookie = true
httpOnlyCookie = true
[[http.services.Service0.loadBalancer.servers]]
url = "foobar"
[[http.services.Service0.loadBalancer.servers]]
url = "foobar"
[http.services.Service0.loadBalancer.healthCheck]
scheme = "foobar" scheme = "foobar"
port = "foobar" path = "foobar"
permanent = true port = 42
[http.middlewares.Middleware13] interval = "foobar"
[http.middlewares.Middleware13.basicAuth] timeout = "foobar"
hostname = "foobar"
[http.services.Service0.loadBalancer.healthCheck.headers]
name0 = "foobar"
name1 = "foobar"
[http.services.Service0.loadBalancer.responseForwarding]
flushInterval = "foobar"
[http.services.Service1]
[http.services.Service1.loadBalancer]
passHostHeader = true
[http.services.Service1.loadBalancer.stickiness]
cookieName = "foobar"
secureCookie = true
httpOnlyCookie = true
[[http.services.Service1.loadBalancer.servers]]
url = "foobar"
[[http.services.Service1.loadBalancer.servers]]
url = "foobar"
[http.services.Service1.loadBalancer.healthCheck]
scheme = "foobar"
path = "foobar"
port = 42
interval = "foobar"
timeout = "foobar"
hostname = "foobar"
[http.services.Service1.loadBalancer.healthCheck.headers]
name0 = "foobar"
name1 = "foobar"
[http.services.Service1.loadBalancer.responseForwarding]
flushInterval = "foobar"
[http.middlewares]
[http.middlewares.Middleware00]
[http.middlewares.Middleware00.addPrefix]
prefix = "foobar"
[http.middlewares.Middleware01]
[http.middlewares.Middleware01.basicAuth]
users = ["foobar", "foobar"] users = ["foobar", "foobar"]
usersFile = "foobar" usersFile = "foobar"
realm = "foobar" realm = "foobar"
removeHeader = true removeHeader = true
headerField = "foobar" headerField = "foobar"
[http.middlewares.Middleware14] [http.middlewares.Middleware02]
[http.middlewares.Middleware14.digestAuth] [http.middlewares.Middleware02.buffering]
users = ["foobar", "foobar"]
usersFile = "foobar"
removeHeader = true
realm = "foobar"
headerField = "foobar"
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.forwardAuth]
address = "foobar"
trustForwardHeader = true
authResponseHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware15.forwardAuth.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.maxConn]
amount = 42
extractorFunc = "foobar"
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.buffering]
maxRequestBodyBytes = 42 maxRequestBodyBytes = 42
memRequestBodyBytes = 42 memRequestBodyBytes = 42
maxResponseBodyBytes = 42 maxResponseBodyBytes = 42
memResponseBodyBytes = 42 memResponseBodyBytes = 42
retryExpression = "foobar" retryExpression = "foobar"
[http.middlewares.Middleware18] [http.middlewares.Middleware03]
[http.middlewares.Middleware18.circuitBreaker] [http.middlewares.Middleware03.chain]
expression = "foobar"
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.compress]
[http.middlewares.Middleware2]
[http.middlewares.Middleware2.stripPrefixRegex]
regex = ["foobar", "foobar"]
[http.middlewares.Middleware20]
[http.middlewares.Middleware20.passTLSClientCert]
pem = true
[http.middlewares.Middleware20.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.Middleware20.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware20.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware21]
[http.middlewares.Middleware21.retry]
attemps = 42
[http.middlewares.Middleware3]
[http.middlewares.Middleware3.replacePath]
path = "foobar"
[http.middlewares.Middleware4]
[http.middlewares.Middleware4.replacePathRegex]
regex = "foobar"
replacement = "foobar"
[http.middlewares.Middleware5]
[http.middlewares.Middleware5.chain]
middlewares = ["foobar", "foobar"] middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware6] [http.middlewares.Middleware04]
[http.middlewares.Middleware6.ipWhiteList] [http.middlewares.Middleware04.circuitBreaker]
sourceRange = ["foobar", "foobar"] expression = "foobar"
[http.middlewares.Middleware7] [http.middlewares.Middleware05]
[http.middlewares.Middleware7.ipWhiteList] [http.middlewares.Middleware05.compress]
[http.middlewares.Middleware7.ipWhiteList.ipStrategy] [http.middlewares.Middleware06]
depth = 42 [http.middlewares.Middleware06.digestAuth]
excludedIPs = ["foobar", "foobar"] users = ["foobar", "foobar"]
[http.middlewares.Middleware8] usersFile = "foobar"
[http.middlewares.Middleware8.headers] removeHeader = true
realm = "foobar"
headerField = "foobar"
[http.middlewares.Middleware07]
[http.middlewares.Middleware07.errors]
status = ["foobar", "foobar"]
service = "foobar"
query = "foobar"
[http.middlewares.Middleware08]
[http.middlewares.Middleware08.forwardAuth]
address = "foobar"
trustForwardHeader = true
authResponseHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware08.forwardAuth.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[http.middlewares.Middleware09]
[http.middlewares.Middleware09.headers]
accessControlAllowCredentials = true accessControlAllowCredentials = true
accessControlAllowHeaders = ["foobar", "foobar"] accessControlAllowHeaders = ["foobar", "foobar"]
accessControlAllowMethods = ["foobar", "foobar"] accessControlAllowMethods = ["foobar", "foobar"]
@ -152,45 +161,76 @@
contentSecurityPolicy = "foobar" contentSecurityPolicy = "foobar"
publicKey = "foobar" publicKey = "foobar"
referrerPolicy = "foobar" referrerPolicy = "foobar"
featurePolicy = "foobar"
isDevelopment = true isDevelopment = true
[http.middlewares.Middleware8.headers.customRequestHeaders] [http.middlewares.Middleware09.headers.customRequestHeaders]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[http.middlewares.Middleware8.headers.customResponseHeaders] [http.middlewares.Middleware09.headers.customResponseHeaders]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[http.middlewares.Middleware8.headers.sslProxyHeaders] [http.middlewares.Middleware09.headers.sslProxyHeaders]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[http.middlewares.Middleware9] [http.middlewares.Middleware10]
[http.middlewares.Middleware9.errors] [http.middlewares.Middleware10.ipWhiteList]
status = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
service = "foobar" [http.middlewares.Middleware10.ipWhiteList.ipStrategy]
query = "foobar" depth = 42
[http.services] excludedIPs = ["foobar", "foobar"]
[http.services.Service0] [http.middlewares.Middleware11]
[http.services.Service0.loadBalancer] [http.middlewares.Middleware11.maxConn]
passHostHeader = true amount = 42
[http.services.Service0.loadBalancer.stickiness] extractorFunc = "foobar"
cookieName = "foobar" [http.middlewares.Middleware12]
[http.middlewares.Middleware12.passTLSClientCert]
[[http.services.Service0.loadBalancer.servers]] pem = true
url = "foobar" [http.middlewares.Middleware12.passTLSClientCert.info]
notAfter = true
[[http.services.Service0.loadBalancer.servers]] notBefore = true
url = "foobar" sans = true
[http.services.Service0.loadBalancer.healthCheck] [http.middlewares.Middleware12.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware12.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware13]
[http.middlewares.Middleware13.redirectRegex]
regex = "foobar"
replacement = "foobar"
permanent = true
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.redirectScheme]
scheme = "foobar" scheme = "foobar"
port = "foobar"
permanent = true
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.replacePath]
path = "foobar" path = "foobar"
port = 42 [http.middlewares.Middleware16]
interval = "foobar" [http.middlewares.Middleware16.replacePathRegex]
timeout = "foobar" regex = "foobar"
hostname = "foobar" replacement = "foobar"
[http.services.Service0.loadBalancer.healthCheck.headers] [http.middlewares.Middleware17]
name0 = "foobar" [http.middlewares.Middleware17.retry]
name1 = "foobar" attempts = 42
[http.services.Service0.loadBalancer.responseForwarding] [http.middlewares.Middleware18]
flushInterval = "foobar" [http.middlewares.Middleware18.stripPrefix]
prefixes = ["foobar", "foobar"]
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.stripPrefixRegex]
regex = ["foobar", "foobar"]
[tcp] [tcp]
[tcp.routers] [tcp.routers]
@ -200,7 +240,32 @@
rule = "foobar" rule = "foobar"
[tcp.routers.TCPRouter0.tls] [tcp.routers.TCPRouter0.tls]
passthrough = true passthrough = true
options = "TLS1" options = "foobar"
certResolver = "foobar"
[[tcp.routers.TCPRouter0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[tcp.routers.TCPRouter0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[tcp.routers.TCPRouter1]
entryPoints = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
[tcp.routers.TCPRouter1.tls]
passthrough = true
options = "foobar"
certResolver = "foobar"
[[tcp.routers.TCPRouter1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[tcp.routers.TCPRouter1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[tcp.services] [tcp.services]
[tcp.services.TCPService0] [tcp.services.TCPService0]
[tcp.services.TCPService0.loadBalancer] [tcp.services.TCPService0.loadBalancer]
@ -210,6 +275,14 @@
[[tcp.services.TCPService0.loadBalancer.servers]] [[tcp.services.TCPService0.loadBalancer.servers]]
address = "foobar" address = "foobar"
[tcp.services.TCPService1]
[tcp.services.TCPService1.loadBalancer]
[[tcp.services.TCPService1.loadBalancer.servers]]
address = "foobar"
[[tcp.services.TCPService1.loadBalancer.servers]]
address = "foobar"
[tls] [tls]
@ -223,20 +296,20 @@
keyFile = "foobar" keyFile = "foobar"
stores = ["foobar", "foobar"] stores = ["foobar", "foobar"]
[tls.options] [tls.options]
[tls.options.TLS0] [tls.options.Options0]
minVersion = "foobar" minVersion = "foobar"
cipherSuites = ["foobar", "foobar"] cipherSuites = ["foobar", "foobar"]
sniStrict = true sniStrict = true
[tls.options.TLS0.clientCA] [tls.options.Options0.clientAuth]
files = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]
optional = true clientAuthType = "foobar"
[tls.options.TLS1] [tls.options.Options1]
minVersion = "foobar" minVersion = "foobar"
cipherSuites = ["foobar", "foobar"] cipherSuites = ["foobar", "foobar"]
sniStrict = true sniStrict = true
[tls.options.TLS1.clientCA] [tls.options.Options1.clientAuth]
files = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]
optional = true clientAuthType = "foobar"
[tls.stores] [tls.stores]
[tls.stores.Store0] [tls.stores.Store0]
[tls.stores.Store0.defaultCertificate] [tls.stores.Store0.defaultCertificate]

View file

@ -10,46 +10,145 @@ http:
service: foobar service: foobar
rule: foobar rule: foobar
priority: 42 priority: 42
tls: {} tls:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
Router1:
entryPoints:
- foobar
- foobar
middlewares: middlewares:
Middleware0: - foobar
- foobar
service: foobar
rule: foobar
priority: 42
tls:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
services:
Service0:
loadBalancer:
stickiness:
cookieName: foobar
secureCookie: true
httpOnlyCookie: true
servers:
- url: foobar
- url: foobar
healthCheck:
scheme: foobar
path: foobar
port: 42
interval: foobar
timeout: foobar
hostname: foobar
headers:
name0: foobar
name1: foobar
passHostHeader: true
responseForwarding:
flushInterval: foobar
Service1:
loadBalancer:
stickiness:
cookieName: foobar
secureCookie: true
httpOnlyCookie: true
servers:
- url: foobar
- url: foobar
healthCheck:
scheme: foobar
path: foobar
port: 42
interval: foobar
timeout: foobar
hostname: foobar
headers:
name0: foobar
name1: foobar
passHostHeader: true
responseForwarding:
flushInterval: foobar
middlewares:
Middleware00:
addPrefix: addPrefix:
prefix: foobar prefix: foobar
Middleware1: Middleware01:
stripPrefix: basicAuth:
prefixes: users:
- foobar - foobar
- foobar - foobar
Middleware2: usersFile: foobar
stripPrefixRegex: realm: foobar
regex: removeHeader: true
- foobar headerField: foobar
- foobar Middleware02:
Middleware3: buffering:
replacePath: maxRequestBodyBytes: 42
path: foobar memRequestBodyBytes: 42
Middleware4: maxResponseBodyBytes: 42
replacePathRegex: memResponseBodyBytes: 42
regex: foobar retryExpression: foobar
replacement: foobar Middleware03:
Middleware5:
chain: chain:
middlewares: middlewares:
- foobar - foobar
- foobar - foobar
Middleware6: Middleware04:
ipWhiteList: circuitBreaker:
sourceRange: expression: foobar
Middleware05:
compress: {}
Middleware06:
digestAuth:
users:
- foobar - foobar
- foobar - foobar
Middleware7: usersFile: foobar
ipWhiteList: removeHeader: true
ipStrategy: realm: foobar
depth: 42 headerField: foobar
excludedIPs: Middleware07:
errors:
status:
- foobar - foobar
- foobar - foobar
Middleware8: service: foobar
query: foobar
Middleware08:
forwardAuth:
address: foobar
tls:
ca: foobar
caOptional: true
cert: foobar
key: foobar
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- foobar
- foobar
Middleware09:
headers: headers:
customRequestHeaders: customRequestHeaders:
name0: foobar name0: foobar
@ -95,84 +194,23 @@ http:
contentSecurityPolicy: foobar contentSecurityPolicy: foobar
publicKey: foobar publicKey: foobar
referrerPolicy: foobar referrerPolicy: foobar
featurePolicy: foobar
isDevelopment: true isDevelopment: true
Middleware9:
errors:
status:
- foobar
- foobar
service: foobar
query: foobar
Middleware10: Middleware10:
rateLimit: ipWhiteList:
rateSet: sourceRange:
Rate0: - foobar
period: 42000000000 - foobar
average: 42 ipStrategy:
burst: 42 depth: 42
Rate1: excludedIPs:
period: 42000000000 - foobar
average: 42 - foobar
burst: 42
extractorFunc: foobar
Middleware11: Middleware11:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware12:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware13:
basicAuth:
users:
- foobar
- foobar
usersFile: foobar
realm: foobar
removeHeader: true
headerField: foobar
Middleware14:
digestAuth:
users:
- foobar
- foobar
usersFile: foobar
removeHeader: true
realm: foobar
headerField: foobar
Middleware15:
forwardAuth:
address: foobar
tls:
ca: foobar
caOptional: true
cert: foobar
key: foobar
insecureSkipVerify: true
trustForwardHeader: true
authResponseHeaders:
- foobar
- foobar
Middleware16:
maxConn: maxConn:
amount: 42 amount: 42
extractorFunc: foobar extractorFunc: foobar
Middleware17: Middleware12:
buffering:
maxRequestBodyBytes: 42
memRequestBodyBytes: 42
maxResponseBodyBytes: 42
memResponseBodyBytes: 42
retryExpression: foobar
Middleware18:
circuitBreaker:
expression: foobar
Middleware19:
compress: {}
Middleware20:
passTLSClientCert: passTLSClientCert:
pem: true pem: true
info: info:
@ -195,30 +233,36 @@ http:
commonName: true commonName: true
serialNumber: true serialNumber: true
domainComponent: true domainComponent: true
Middleware21: Middleware13:
retry: redirectRegex:
attemps: 42 regex: foobar
services: replacement: foobar
Service0: permanent: true
loadBalancer: Middleware14:
stickiness: redirectScheme:
cookieName: foobar
servers:
- url: foobar
- url: foobar
healthCheck:
scheme: foobar scheme: foobar
port: foobar
permanent: true
Middleware15:
replacePath:
path: foobar path: foobar
port: 42 Middleware16:
interval: foobar replacePathRegex:
timeout: foobar regex: foobar
hostname: foobar replacement: foobar
headers: Middleware17:
name0: foobar retry:
name1: foobar attempts: 42
passHostHeader: true Middleware18:
responseForwarding: stripPrefix:
flushInterval: foobar prefixes:
- foobar
- foobar
Middleware19:
stripPrefixRegex:
regex:
- foobar
- foobar
tcp: tcp:
routers: routers:
TCPRouter0: TCPRouter0:
@ -229,12 +273,47 @@ tcp:
rule: foobar rule: foobar
tls: tls:
passthrough: true passthrough: true
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
TCPRouter1:
entryPoints:
- foobar
- foobar
service: foobar
rule: foobar
tls:
passthrough: true
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
services: services:
TCPService0: TCPService0:
loadBalancer: loadBalancer:
servers: servers:
- address: foobar - address: foobar
- address: foobar - address: foobar
TCPService1:
loadBalancer:
servers:
- address: foobar
- address: foobar
tls: tls:
certificates: certificates:
- certFile: foobar - certFile: foobar
@ -248,27 +327,27 @@ tls:
- foobar - foobar
- foobar - foobar
options: options:
TLS0: Options0:
minVersion: foobar minVersion: foobar
cipherSuites: cipherSuites:
- foobar - foobar
- foobar - foobar
clientCA: clientAuth:
files: caFiles:
- foobar - foobar
- foobar - foobar
optional: true clientAuthType: foobar
sniStrict: true sniStrict: true
TLS1: Options1:
minVersion: foobar minVersion: foobar
cipherSuites: cipherSuites:
- foobar - foobar
- foobar - foobar
clientCA: clientAuth:
files: caFiles:
- foobar - foobar
- foobar - foobar
optional: true clientAuthType: foobar
sniStrict: true sniStrict: true
stores: stores:
Store0: Store0:

View file

@ -97,6 +97,12 @@ spec:
middlewares: middlewares:
- name: stripprefix - name: stripprefix
- name: addprefix - name: addprefix
- match: PathPrefix(`/misc`)
services:
- name: s3
port: 8443
# scheme allow to override the scheme for the service. (ex: https or h2c)
scheme: https
# use an empty tls object for TLS with Let's Encrypt # use an empty tls object for TLS with Let's Encrypt
tls: tls:
secretName: supersecret secretName: supersecret

View file

@ -1,154 +0,0 @@
labels:
- "traefik.http.middlewares.Middleware0.addprefix.prefix=foobar"
- "traefik.http.middlewares.Middleware1.basicauth.headerfield=foobar"
- "traefik.http.middlewares.Middleware1.basicauth.realm=foobar"
- "traefik.http.middlewares.Middleware1.basicauth.removeheader=true"
- "traefik.http.middlewares.Middleware1.basicauth.users=foobar, fiibar"
- "traefik.http.middlewares.Middleware1.basicauth.usersfile=foobar"
- "traefik.http.middlewares.Middleware2.buffering.maxrequestbodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.maxresponsebodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.memrequestbodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.memresponsebodybytes=42"
- "traefik.http.middlewares.Middleware2.buffering.retryexpression=foobar"
- "traefik.http.middlewares.Middleware3.chain.middlewares=foobar, fiibar"
- "traefik.http.middlewares.Middleware4.circuitbreaker.expression=foobar"
- "traefik.http.middlewares.Middleware5.digestauth.headerfield=foobar"
- "traefik.http.middlewares.Middleware5.digestauth.realm=foobar"
- "traefik.http.middlewares.Middleware5.digestauth.removeheader=true"
- "traefik.http.middlewares.Middleware5.digestauth.users=foobar, fiibar"
- "traefik.http.middlewares.Middleware5.digestauth.usersfile=foobar"
- "traefik.http.middlewares.Middleware6.errors.query=foobar"
- "traefik.http.middlewares.Middleware6.errors.service=foobar"
- "traefik.http.middlewares.Middleware6.errors.status=foobar, fiibar"
- "traefik.http.middlewares.Middleware7.forwardauth.address=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.authresponseheaders=foobar, fiibar"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.Middleware7.forwardauth.tls.key=foobar"
- "traefik.http.middlewares.Middleware7.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowheaders=x-foobar, x-fiibar"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolallowmethods=get, put"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolalloworigin=foobar"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolexposeheaders=x-foobar, x-fiibar"
- "traefik.http.middlewares.Middleware8.headers.accesscontrolmaxage=200"
- "traefik.http.middlewares.Middleware8.headers.addvaryheader=true"
- "traefik.http.middlewares.Middleware8.headers.allowedhosts=foobar, fiibar"
- "traefik.http.middlewares.Middleware8.headers.browserxssfilter=true"
- "traefik.http.middlewares.Middleware8.headers.contentsecuritypolicy=foobar"
- "traefik.http.middlewares.Middleware8.headers.contenttypenosniff=true"
- "traefik.http.middlewares.Middleware8.headers.custombrowserxssvalue=foobar"
- "traefik.http.middlewares.Middleware8.headers.customframeoptionsvalue=foobar"
- "traefik.http.middlewares.Middleware8.headers.customrequestheaders.name0=foobar"
- "traefik.http.middlewares.Middleware8.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.Middleware8.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.Middleware8.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.Middleware8.headers.forcestsheader=true"
- "traefik.http.middlewares.Middleware8.headers.framedeny=true"
- "traefik.http.middlewares.Middleware8.headers.hostsproxyheaders=foobar, fiibar"
- "traefik.http.middlewares.Middleware8.headers.isdevelopment=true"
- "traefik.http.middlewares.Middleware8.headers.publickey=foobar"
- "traefik.http.middlewares.Middleware8.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslforcehost=true"
- "traefik.http.middlewares.Middleware8.headers.sslhost=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.Middleware8.headers.sslredirect=true"
- "traefik.http.middlewares.Middleware8.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.Middleware8.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.Middleware8.headers.stspreload=true"
- "traefik.http.middlewares.Middleware8.headers.stsseconds=42"
- "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.Middleware9.ipwhitelist.ipstrategy.excludedips=foobar, fiibar"
- "traefik.http.middlewares.Middleware9.ipwhitelist.sourcerange=foobar, fiibar"
- "traefik.http.middlewares.Middleware10.maxconn.amount=42"
- "traefik.http.middlewares.Middleware10.maxconn.extractorfunc=foobar"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.Middleware11.passtlsclientcert.pem=true"
- "traefik.http.middlewares.Middleware12.ratelimit.extractorfunc=foobar"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.average=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.burst=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate0.period=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.average=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.burst=42"
- "traefik.http.middlewares.Middleware12.ratelimit.rateset.rate1.period=42"
- "traefik.http.middlewares.Middleware13.redirectregex.regex=foobar"
- "traefik.http.middlewares.Middleware13.redirectregex.replacement=foobar"
- "traefik.http.middlewares.Middleware13.redirectregex.permanent=true"
- "traefik.http.middlewares.Middleware13b.redirectscheme.scheme=https"
- "traefik.http.middlewares.Middleware13b.redirectscheme.port=80"
- "traefik.http.middlewares.Middleware13b.redirectscheme.permanent=true"
- "traefik.http.middlewares.Middleware14.replacepath.path=foobar"
- "traefik.http.middlewares.Middleware15.replacepathregex.regex=foobar"
- "traefik.http.middlewares.Middleware15.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.Middleware16.retry.attempts=42"
- "traefik.http.middlewares.Middleware17.stripprefix.prefixes=foobar, fiibar"
- "traefik.http.middlewares.Middleware18.stripprefixregex.regex=foobar, fiibar"
- "traefik.http.middlewares.Middleware19.compress=true"
- "traefik.http.routers.Router0.entrypoints=foobar, fiibar"
- "traefik.http.routers.Router0.middlewares=foobar, fiibar"
- "traefik.http.routers.Router0.priority=42"
- "traefik.http.routers.Router0.rule=foobar"
- "traefik.http.routers.Router0.service=foobar"
- "traefik.http.routers.Router0.tls=true"
- "traefik.http.routers.Router0.tls.options=foo"
- "traefik.http.routers.Router1.entrypoints=foobar, fiibar"
- "traefik.http.routers.Router1.middlewares=foobar, fiibar"
- "traefik.http.routers.Router1.priority=42"
- "traefik.http.routers.Router1.rule=foobar"
- "traefik.http.routers.Router1.service=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.port=42"
- "traefik.http.services.Service0.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.Service0.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.Service0.loadbalancer.passhostheader=true"
- "traefik.http.services.Service0.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.Service0.loadbalancer.server.port=8080"
- "traefik.http.services.Service0.loadbalancer.server.scheme=foobar"
- "traefik.http.services.Service0.loadbalancer.stickiness.cookiename=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.port=42"
- "traefik.http.services.Service1.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.Service1.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.Service1.loadbalancer.passhostheader=true"
- "traefik.http.services.Service1.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.Service1.loadbalancer.server.port=8080"
- "traefik.http.services.Service1.loadbalancer.server.scheme=foobar"
- "traefik.tcp.routers.Router0.rule=foobar"
- "traefik.tcp.routers.Router0.entrypoints=foobar, fiibar"
- "traefik.tcp.routers.Router0.service=foobar"
- "traefik.tcp.routers.Router0.tls.passthrough=false"
- "traefik.tcp.routers.Router0.tls.options=bar"
- "traefik.tcp.routers.Router1.rule=foobar"
- "traefik.tcp.routers.Router1.entrypoints=foobar, fiibar"
- "traefik.tcp.routers.Router1.service=foobar"
- "traefik.tcp.routers.Router1.tls.passthrough=false"
- "traefik.tcp.routers.Router1.tls.options=foobar"
- "traefik.tcp.services.Service0.loadbalancer.server.port=42"
- "traefik.tcp.services.Service1.loadbalancer.server.port=42"

View file

@ -0,0 +1,178 @@
"traefik.http.middlewares.middleware00.addprefix.prefix": "foobar",
"traefik.http.middlewares.middleware01.basicauth.headerfield": "foobar",
"traefik.http.middlewares.middleware01.basicauth.realm": "foobar",
"traefik.http.middlewares.middleware01.basicauth.removeheader": "true",
"traefik.http.middlewares.middleware01.basicauth.users": "foobar, foobar",
"traefik.http.middlewares.middleware01.basicauth.usersfile": "foobar",
"traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes": "42",
"traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes": "42",
"traefik.http.middlewares.middleware02.buffering.memrequestbodybytes": "42",
"traefik.http.middlewares.middleware02.buffering.memresponsebodybytes": "42",
"traefik.http.middlewares.middleware02.buffering.retryexpression": "foobar",
"traefik.http.middlewares.middleware03.chain.middlewares": "foobar, foobar",
"traefik.http.middlewares.middleware04.circuitbreaker.expression": "foobar",
"traefik.http.middlewares.middleware05.compress": "true",
"traefik.http.middlewares.middleware06.digestauth.headerfield": "foobar",
"traefik.http.middlewares.middleware06.digestauth.realm": "foobar",
"traefik.http.middlewares.middleware06.digestauth.removeheader": "true",
"traefik.http.middlewares.middleware06.digestauth.users": "foobar, foobar",
"traefik.http.middlewares.middleware06.digestauth.usersfile": "foobar",
"traefik.http.middlewares.middleware07.errors.query": "foobar",
"traefik.http.middlewares.middleware07.errors.service": "foobar",
"traefik.http.middlewares.middleware07.errors.status": "foobar, foobar",
"traefik.http.middlewares.middleware08.forwardauth.address": "foobar",
"traefik.http.middlewares.middleware08.forwardauth.authresponseheaders": "foobar, foobar",
"traefik.http.middlewares.middleware08.forwardauth.tls.ca": "foobar",
"traefik.http.middlewares.middleware08.forwardauth.tls.caoptional": "true",
"traefik.http.middlewares.middleware08.forwardauth.tls.cert": "foobar",
"traefik.http.middlewares.middleware08.forwardauth.tls.insecureskipverify": "true",
"traefik.http.middlewares.middleware08.forwardauth.tls.key": "foobar",
"traefik.http.middlewares.middleware08.forwardauth.trustforwardheader": "true",
"traefik.http.middlewares.middleware09.headers.accesscontrolallowcredentials": "true",
"traefik.http.middlewares.middleware09.headers.accesscontrolallowheaders": "foobar, foobar",
"traefik.http.middlewares.middleware09.headers.accesscontrolallowmethods": "foobar, foobar",
"traefik.http.middlewares.middleware09.headers.accesscontrolalloworigin": "foobar",
"traefik.http.middlewares.middleware09.headers.accesscontrolexposeheaders": "foobar, foobar",
"traefik.http.middlewares.middleware09.headers.accesscontrolmaxage": "42",
"traefik.http.middlewares.middleware09.headers.addvaryheader": "true",
"traefik.http.middlewares.middleware09.headers.allowedhosts": "foobar, foobar",
"traefik.http.middlewares.middleware09.headers.browserxssfilter": "true",
"traefik.http.middlewares.middleware09.headers.contentsecuritypolicy": "foobar",
"traefik.http.middlewares.middleware09.headers.contenttypenosniff": "true",
"traefik.http.middlewares.middleware09.headers.custombrowserxssvalue": "foobar",
"traefik.http.middlewares.middleware09.headers.customframeoptionsvalue": "foobar",
"traefik.http.middlewares.middleware09.headers.customrequestheaders.name0": "foobar",
"traefik.http.middlewares.middleware09.headers.customrequestheaders.name1": "foobar",
"traefik.http.middlewares.middleware09.headers.customresponseheaders.name0": "foobar",
"traefik.http.middlewares.middleware09.headers.customresponseheaders.name1": "foobar",
"traefik.http.middlewares.middleware09.headers.forcestsheader": "true",
"traefik.http.middlewares.middleware09.headers.framedeny": "true",
"traefik.http.middlewares.middleware09.headers.hostsproxyheaders": "foobar, foobar",
"traefik.http.middlewares.middleware09.headers.isdevelopment": "true",
"traefik.http.middlewares.middleware09.headers.publickey": "foobar",
"traefik.http.middlewares.middleware09.headers.referrerpolicy": "foobar",
"traefik.http.middlewares.middleware09.headers.featurepolicy": "foobar",
"traefik.http.middlewares.middleware09.headers.sslforcehost": "true",
"traefik.http.middlewares.middleware09.headers.sslhost": "foobar",
"traefik.http.middlewares.middleware09.headers.sslproxyheaders.name0": "foobar",
"traefik.http.middlewares.middleware09.headers.sslproxyheaders.name1": "foobar",
"traefik.http.middlewares.middleware09.headers.sslredirect": "true",
"traefik.http.middlewares.middleware09.headers.ssltemporaryredirect": "true",
"traefik.http.middlewares.middleware09.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.middleware09.headers.stspreload": "true",
"traefik.http.middlewares.middleware09.headers.stsseconds": "42",
"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware10.ipwhitelist.sourcerange": "foobar, foobar",
"traefik.http.middlewares.middleware11.maxconn.amount": "42",
"traefik.http.middlewares.middleware11.maxconn.extractorfunc": "foobar",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.locality": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.organization": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.province": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.serialnumber": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.notafter": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.notbefore": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.sans": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.commonname": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.country": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.domaincomponent": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.locality": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.organization": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.province": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.serialnumber": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.pem": "true",
"traefik.http.middlewares.middleware13.redirectregex.permanent": "true",
"traefik.http.middlewares.middleware13.redirectregex.regex": "foobar",
"traefik.http.middlewares.middleware13.redirectregex.replacement": "foobar",
"traefik.http.middlewares.middleware14.redirectscheme.permanent": "true",
"traefik.http.middlewares.middleware14.redirectscheme.port": "foobar",
"traefik.http.middlewares.middleware14.redirectscheme.scheme": "foobar",
"traefik.http.middlewares.middleware15.replacepath.path": "foobar",
"traefik.http.middlewares.middleware16.replacepathregex.regex": "foobar",
"traefik.http.middlewares.middleware16.replacepathregex.replacement": "foobar",
"traefik.http.middlewares.middleware17.retry.attempts": "42",
"traefik.http.middlewares.middleware18.stripprefix.prefixes": "foobar, foobar",
"traefik.http.middlewares.middleware19.stripprefixregex.regex": "foobar, foobar",
"traefik.http.routers.router0.entrypoints": "foobar, foobar",
"traefik.http.routers.router0.middlewares": "foobar, foobar",
"traefik.http.routers.router0.priority": "42",
"traefik.http.routers.router0.rule": "foobar",
"traefik.http.routers.router0.service": "foobar",
"traefik.http.routers.router0.tls": "true",
"traefik.http.routers.router0.tls.certresolver": "foobar",
"traefik.http.routers.router0.tls.domains[0].main": "foobar",
"traefik.http.routers.router0.tls.domains[0].sans": "foobar, foobar",
"traefik.http.routers.router0.tls.domains[1].main": "foobar",
"traefik.http.routers.router0.tls.domains[1].sans": "foobar, foobar",
"traefik.http.routers.router0.tls.options": "foobar",
"traefik.http.routers.router1.entrypoints": "foobar, foobar",
"traefik.http.routers.router1.middlewares": "foobar, foobar",
"traefik.http.routers.router1.priority": "42",
"traefik.http.routers.router1.rule": "foobar",
"traefik.http.routers.router1.service": "foobar",
"traefik.http.routers.router1.tls": "true",
"traefik.http.routers.router1.tls.certresolver": "foobar",
"traefik.http.routers.router1.tls.domains[0].main": "foobar",
"traefik.http.routers.router1.tls.domains[0].sans": "foobar, foobar",
"traefik.http.routers.router1.tls.domains[1].main": "foobar",
"traefik.http.routers.router1.tls.domains[1].sans": "foobar, foobar",
"traefik.http.routers.router1.tls.options": "foobar",
"traefik.http.services.service0.loadbalancer.healthcheck.headers.name0": "foobar",
"traefik.http.services.service0.loadbalancer.healthcheck.headers.name1": "foobar",
"traefik.http.services.service0.loadbalancer.healthcheck.hostname": "foobar",
"traefik.http.services.service0.loadbalancer.healthcheck.interval": "foobar",
"traefik.http.services.service0.loadbalancer.healthcheck.path": "foobar",
"traefik.http.services.service0.loadbalancer.healthcheck.port": "42",
"traefik.http.services.service0.loadbalancer.healthcheck.scheme": "foobar",
"traefik.http.services.service0.loadbalancer.healthcheck.timeout": "foobar",
"traefik.http.services.service0.loadbalancer.passhostheader": "true",
"traefik.http.services.service0.loadbalancer.responseforwarding.flushinterval": "foobar",
"traefik.http.services.service0.loadbalancer.stickiness": "true",
"traefik.http.services.service0.loadbalancer.stickiness.cookiename": "foobar",
"traefik.http.services.service0.loadbalancer.stickiness.httponlycookie": "true",
"traefik.http.services.service0.loadbalancer.stickiness.securecookie": "true",
"traefik.http.services.service0.loadbalancer.server.port": "foobar",
"traefik.http.services.service0.loadbalancer.server.scheme": "foobar",
"traefik.http.services.service1.loadbalancer.healthcheck.headers.name0": "foobar",
"traefik.http.services.service1.loadbalancer.healthcheck.headers.name1": "foobar",
"traefik.http.services.service1.loadbalancer.healthcheck.hostname": "foobar",
"traefik.http.services.service1.loadbalancer.healthcheck.interval": "foobar",
"traefik.http.services.service1.loadbalancer.healthcheck.path": "foobar",
"traefik.http.services.service1.loadbalancer.healthcheck.port": "42",
"traefik.http.services.service1.loadbalancer.healthcheck.scheme": "foobar",
"traefik.http.services.service1.loadbalancer.healthcheck.timeout": "foobar",
"traefik.http.services.service1.loadbalancer.passhostheader": "true",
"traefik.http.services.service1.loadbalancer.responseforwarding.flushinterval": "foobar",
"traefik.http.services.service1.loadbalancer.stickiness": "true",
"traefik.http.services.service1.loadbalancer.stickiness.cookiename": "foobar",
"traefik.http.services.service1.loadbalancer.stickiness.httponlycookie": "true",
"traefik.http.services.service1.loadbalancer.stickiness.securecookie": "true",
"traefik.http.services.service1.loadbalancer.server.port": "foobar",
"traefik.http.services.service1.loadbalancer.server.scheme": "foobar",
"traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.rule": "foobar",
"traefik.tcp.routers.tcprouter0.service": "foobar",
"traefik.tcp.routers.tcprouter0.tls": "true",
"traefik.tcp.routers.tcprouter0.tls.certresolver": "foobar",
"traefik.tcp.routers.tcprouter0.tls.domains[0].main": "foobar",
"traefik.tcp.routers.tcprouter0.tls.domains[0].sans": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.tls.domains[1].main": "foobar",
"traefik.tcp.routers.tcprouter0.tls.domains[1].sans": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.tls.options": "foobar",
"traefik.tcp.routers.tcprouter0.tls.passthrough": "true",
"traefik.tcp.routers.tcprouter1.entrypoints": "foobar, foobar",
"traefik.tcp.routers.tcprouter1.rule": "foobar",
"traefik.tcp.routers.tcprouter1.service": "foobar",
"traefik.tcp.routers.tcprouter1.tls": "true",
"traefik.tcp.routers.tcprouter1.tls.certresolver": "foobar",
"traefik.tcp.routers.tcprouter1.tls.domains[0].main": "foobar",
"traefik.tcp.routers.tcprouter1.tls.domains[0].sans": "foobar, foobar",
"traefik.tcp.routers.tcprouter1.tls.domains[1].main": "foobar",
"traefik.tcp.routers.tcprouter1.tls.domains[1].sans": "foobar, foobar",
"traefik.tcp.routers.tcprouter1.tls.options": "foobar",
"traefik.tcp.routers.tcprouter1.tls.passthrough": "true",
"traefik.tcp.services.tcpservice0.loadbalancer.server.port": "foobar",
"traefik.tcp.services.tcpservice1.loadbalancer.server.port": "foobar"

View file

@ -0,0 +1,2 @@
"traefik.enable": "true",
"traefik.marathon.ipaddressidx": "42",

View file

@ -3,6 +3,9 @@
Dynamic configuration with Marathon Labels Dynamic configuration with Marathon Labels
{: .subtitle } {: .subtitle }
```yaml ```json
--8<-- "content/reference/dynamic-configuration/labels.yml" "labels": {
--8<-- "content/reference/dynamic-configuration/marathon.json"
--8<-- "content/reference/dynamic-configuration/marathon-labels.json"
}
``` ```

View file

@ -0,0 +1,12 @@
# Rancher Configuration Reference
Dynamic configuration with Rancher Labels
{: .subtitle }
The labels are case insensitive.
```yaml
labels:
--8<-- "content/reference/dynamic-configuration/rancher.yml"
--8<-- "content/reference/dynamic-configuration/docker-labels.yml"
```

View file

@ -0,0 +1 @@
- "traefik.enable=true"

View file

@ -0,0 +1,577 @@
<!--
CODE GENERATED AUTOMATICALLY
THIS FILE MUST NOT BE EDITED BY HAND
-->
`--accesslog`:
Access log settings. (Default: ```false```)
`--accesslog.bufferingsize`:
Number of access log lines to process in a buffered way. (Default: ```0```)
`--accesslog.fields.defaultmode`:
Default mode for fields: keep | drop (Default: ```keep```)
`--accesslog.fields.headers.defaultmode`:
Default mode for fields: keep | drop | redact (Default: ```drop```)
`--accesslog.fields.headers.names.<name>`:
Override mode for headers
`--accesslog.fields.names.<name>`:
Override mode for fields
`--accesslog.filepath`:
Access log file path. Stdout is used when omitted or empty.
`--accesslog.filters.minduration`:
Keep access logs when request took longer than the specified duration. (Default: ```0```)
`--accesslog.filters.retryattempts`:
Keep access logs when at least one retry happened. (Default: ```false```)
`--accesslog.filters.statuscodes`:
Keep access logs with status codes in the specified range.
`--accesslog.format`:
Access log format: json | common (Default: ```common```)
`--api`:
Enable api/dashboard. (Default: ```false```)
`--api.dashboard`:
Activate dashboard. (Default: ```true```)
`--api.debug`:
Enable additional endpoints for debugging and profiling. (Default: ```false```)
`--certificatesresolvers.<name>`:
Certificates resolvers configuration. (Default: ```false```)
`--certificatesresolvers.<name>.acme.caserver`:
CA server to use. (Default: ```https://acme-v02.api.letsencrypt.org/directory```)
`--certificatesresolvers.<name>.acme.dnschallenge`:
Activate DNS-01 Challenge. (Default: ```false```)
`--certificatesresolvers.<name>.acme.dnschallenge.delaybeforecheck`:
Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. (Default: ```0```)
`--certificatesresolvers.<name>.acme.dnschallenge.disablepropagationcheck`:
Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] (Default: ```false```)
`--certificatesresolvers.<name>.acme.dnschallenge.provider`:
Use a DNS-01 based challenge provider rather than HTTPS.
`--certificatesresolvers.<name>.acme.dnschallenge.resolvers`:
Use following DNS servers to resolve the FQDN authority.
`--certificatesresolvers.<name>.acme.email`:
Email address used for registration.
`--certificatesresolvers.<name>.acme.httpchallenge`:
Activate HTTP-01 Challenge. (Default: ```false```)
`--certificatesresolvers.<name>.acme.httpchallenge.entrypoint`:
HTTP challenge EntryPoint
`--certificatesresolvers.<name>.acme.keytype`:
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
`--certificatesresolvers.<name>.acme.storage`:
Storage to use. (Default: ```acme.json```)
`--certificatesresolvers.<name>.acme.tlschallenge`:
Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`--entrypoints.<name>`:
Entry points definition. (Default: ```false```)
`--entrypoints.<name>.address`:
Entry point address.
`--entrypoints.<name>.forwardedheaders.insecure`:
Trust all forwarded headers. (Default: ```false```)
`--entrypoints.<name>.forwardedheaders.trustedips`:
Trust only forwarded headers from selected IPs.
`--entrypoints.<name>.proxyprotocol`:
Proxy-Protocol configuration. (Default: ```false```)
`--entrypoints.<name>.proxyprotocol.insecure`:
Trust all. (Default: ```false```)
`--entrypoints.<name>.proxyprotocol.trustedips`:
Trust only selected IPs.
`--entrypoints.<name>.transport.lifecycle.gracetimeout`:
Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```)
`--entrypoints.<name>.transport.lifecycle.requestacceptgracetimeout`:
Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. (Default: ```0```)
`--entrypoints.<name>.transport.respondingtimeouts.idletimeout`:
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
`--entrypoints.<name>.transport.respondingtimeouts.readtimeout`:
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
`--entrypoints.<name>.transport.respondingtimeouts.writetimeout`:
WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
`--global.checknewversion`:
Periodically check if a new version has been released. (Default: ```false```)
`--global.sendanonymoususage`:
Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
`--hostresolver`:
Enable CNAME Flattening. (Default: ```false```)
`--hostresolver.cnameflattening`:
A flag to enable/disable CNAME flattening (Default: ```false```)
`--hostresolver.resolvconfig`:
resolv.conf used for DNS resolving (Default: ```/etc/resolv.conf```)
`--hostresolver.resolvdepth`:
The maximal depth of DNS recursive resolving (Default: ```5```)
`--log`:
Traefik log settings. (Default: ```false```)
`--log.filepath`:
Traefik log file path. Stdout is used when omitted or empty.
`--log.format`:
Traefik log format: json | common (Default: ```common```)
`--log.level`:
Log level set to traefik logs. (Default: ```ERROR```)
`--metrics.datadog`:
DataDog metrics exporter type. (Default: ```false```)
`--metrics.datadog.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```)
`--metrics.datadog.address`:
DataDog's address. (Default: ```localhost:8125```)
`--metrics.datadog.addserviceslabels`:
Enable metrics on services. (Default: ```true```)
`--metrics.datadog.pushinterval`:
DataDog push interval. (Default: ```10```)
`--metrics.influxdb`:
InfluxDB metrics exporter type. (Default: ```false```)
`--metrics.influxdb.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```)
`--metrics.influxdb.address`:
InfluxDB address. (Default: ```localhost:8089```)
`--metrics.influxdb.addserviceslabels`:
Enable metrics on services. (Default: ```true```)
`--metrics.influxdb.database`:
InfluxDB database used when protocol is http.
`--metrics.influxdb.password`:
InfluxDB password (only with http).
`--metrics.influxdb.protocol`:
InfluxDB address protocol (udp or http). (Default: ```udp```)
`--metrics.influxdb.pushinterval`:
InfluxDB push interval. (Default: ```10```)
`--metrics.influxdb.retentionpolicy`:
InfluxDB retention policy used when protocol is http.
`--metrics.influxdb.username`:
InfluxDB username (only with http).
`--metrics.prometheus`:
Prometheus metrics exporter type. (Default: ```false```)
`--metrics.prometheus.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```)
`--metrics.prometheus.addserviceslabels`:
Enable metrics on services. (Default: ```true```)
`--metrics.prometheus.buckets`:
Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```)
`--metrics.statsd`:
StatsD metrics exporter type. (Default: ```false```)
`--metrics.statsd.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```)
`--metrics.statsd.address`:
StatsD address. (Default: ```localhost:8125```)
`--metrics.statsd.addserviceslabels`:
Enable metrics on services. (Default: ```true```)
`--metrics.statsd.pushinterval`:
StatsD push interval. (Default: ```10```)
`--ping`:
Enable ping. (Default: ```true```)
`--providers.docker`:
Enable Docker backend with default settings. (Default: ```false```)
`--providers.docker.constraints`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`--providers.docker.defaultrule`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`--providers.docker.endpoint`:
Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: ```unix:///var/run/docker.sock```)
`--providers.docker.exposedbydefault`:
Expose containers by default. (Default: ```true```)
`--providers.docker.network`:
Default Docker network used.
`--providers.docker.swarmmode`:
Use Docker on Swarm Mode. (Default: ```false```)
`--providers.docker.swarmmoderefreshseconds`:
Polling interval for swarm mode. (Default: ```15```)
`--providers.docker.tls.ca`:
TLS CA
`--providers.docker.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.docker.tls.cert`:
TLS cert
`--providers.docker.tls.insecureskipverify`:
TLS insecure skip verify (Default: ```false```)
`--providers.docker.tls.key`:
TLS key
`--providers.docker.usebindportip`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`--providers.docker.watch`:
Watch provider. (Default: ```true```)
`--providers.file.debugloggeneratedtemplate`:
Enable debug logging of generated configuration template. (Default: ```false```)
`--providers.file.directory`:
Load configuration from one or more .toml files in a directory.
`--providers.file.filename`:
Override default configuration template. For advanced users :)
`--providers.file.watch`:
Watch provider. (Default: ```true```)
`--providers.kubernetescrd`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`--providers.kubernetescrd.certauthfilepath`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`--providers.kubernetescrd.disablepasshostheaders`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`--providers.kubernetescrd.endpoint`:
Kubernetes server endpoint (required for external cluster client).
`--providers.kubernetescrd.ingressclass`:
Value of kubernetes.io/ingress.class annotation to watch for.
`--providers.kubernetescrd.labelselector`:
Kubernetes label selector to use.
`--providers.kubernetescrd.namespaces`:
Kubernetes namespaces.
`--providers.kubernetescrd.token`:
Kubernetes bearer token (not needed for in-cluster client).
`--providers.kubernetesingress`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`--providers.kubernetesingress.certauthfilepath`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`--providers.kubernetesingress.disablepasshostheaders`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`--providers.kubernetesingress.endpoint`:
Kubernetes server endpoint (required for external cluster client).
`--providers.kubernetesingress.ingressclass`:
Value of kubernetes.io/ingress.class annotation to watch for.
`--providers.kubernetesingress.ingressendpoint.hostname`:
Hostname used for Kubernetes Ingress endpoints.
`--providers.kubernetesingress.ingressendpoint.ip`:
IP used for Kubernetes Ingress endpoints.
`--providers.kubernetesingress.ingressendpoint.publishedservice`:
Published Kubernetes Service to copy status from.
`--providers.kubernetesingress.labelselector`:
Kubernetes Ingress label selector to use.
`--providers.kubernetesingress.namespaces`:
Kubernetes namespaces.
`--providers.kubernetesingress.token`:
Kubernetes bearer token (not needed for in-cluster client).
`--providers.marathon`:
Enable Marathon backend with default settings. (Default: ```false```)
`--providers.marathon.basic.httpbasicauthuser`:
Basic authentication User.
`--providers.marathon.basic.httpbasicpassword`:
Basic authentication Password.
`--providers.marathon.constraints`:
Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application.
`--providers.marathon.dcostoken`:
DCOSToken for DCOS environment, This will override the Authorization header.
`--providers.marathon.defaultrule`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`--providers.marathon.dialertimeout`:
Set a dialer timeout for Marathon. (Default: ```5```)
`--providers.marathon.endpoint`:
Marathon server endpoint. You can also specify multiple endpoint for Marathon. (Default: ```http://127.0.0.1:8080```)
`--providers.marathon.exposedbydefault`:
Expose Marathon apps by default. (Default: ```true```)
`--providers.marathon.forcetaskhostname`:
Force to use the task's hostname. (Default: ```false```)
`--providers.marathon.keepalive`:
Set a TCP Keep Alive time. (Default: ```10```)
`--providers.marathon.respectreadinesschecks`:
Filter out tasks with non-successful readiness checks during deployments. (Default: ```false```)
`--providers.marathon.responseheadertimeout`:
Set a response header timeout for Marathon. (Default: ```60```)
`--providers.marathon.tls.ca`:
TLS CA
`--providers.marathon.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.marathon.tls.cert`:
TLS cert
`--providers.marathon.tls.insecureskipverify`:
TLS insecure skip verify (Default: ```false```)
`--providers.marathon.tls.key`:
TLS key
`--providers.marathon.tlshandshaketimeout`:
Set a TLS handshake timeout for Marathon. (Default: ```5```)
`--providers.marathon.trace`:
Display additional provider logs. (Default: ```false```)
`--providers.marathon.watch`:
Watch provider. (Default: ```true```)
`--providers.providersthrottleduration`:
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```0```)
`--providers.rancher`:
Enable Rancher backend with default settings. (Default: ```false```)
`--providers.rancher.constraints`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`--providers.rancher.defaultrule`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`--providers.rancher.enableservicehealthfilter`:
Filter services with unhealthy states and inactive states. (Default: ```true```)
`--providers.rancher.exposedbydefault`:
Expose containers by default. (Default: ```true```)
`--providers.rancher.intervalpoll`:
Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate). (Default: ```false```)
`--providers.rancher.prefix`:
Prefix used for accessing the Rancher metadata service. (Default: ```latest```)
`--providers.rancher.refreshseconds`:
Defines the polling interval in seconds. (Default: ```15```)
`--providers.rancher.watch`:
Watch provider. (Default: ```true```)
`--providers.rest`:
Enable Rest backend with default settings. (Default: ```true```)
`--serverstransport.forwardingtimeouts.dialtimeout`:
The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
`--serverstransport.forwardingtimeouts.idleconntimeout`:
The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself (Default: ```90```)
`--serverstransport.forwardingtimeouts.responseheadertimeout`:
The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. (Default: ```0```)
`--serverstransport.insecureskipverify`:
Disable SSL certificate verification. (Default: ```false```)
`--serverstransport.maxidleconnsperhost`:
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```0```)
`--serverstransport.rootcas`:
Add cert file for self-signed certificate.
`--tracing`:
OpenTracing configuration. (Default: ```false```)
`--tracing.datadog`:
Settings for DataDog. (Default: ```false```)
`--tracing.datadog.bagageprefixheadername`:
Specifies the header name prefix that will be used to store baggage items in a map.
`--tracing.datadog.debug`:
Enable DataDog debug. (Default: ```false```)
`--tracing.datadog.globaltag`:
Key:Value tag to be set on all the spans.
`--tracing.datadog.localagenthostport`:
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
`--tracing.datadog.parentidheadername`:
Specifies the header name that will be used to store the parent ID.
`--tracing.datadog.prioritysampling`:
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
`--tracing.datadog.samplingpriorityheadername`:
Specifies the header name that will be used to store the sampling priority.
`--tracing.datadog.traceidheadername`:
Specifies the header name that will be used to store the trace ID.
`--tracing.haystack`:
Settings for Haystack. (Default: ```false```)
`--tracing.haystack.baggageprefixheadername`:
Specifies the header name prefix that will be used to store baggage items in a map.
`--tracing.haystack.globaltag`:
Key:Value tag to be set on all the spans.
`--tracing.haystack.localagenthost`:
Set haystack-agent's host that the reporter will used. (Default: ```LocalAgentHost```)
`--tracing.haystack.localagentport`:
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
`--tracing.haystack.parentidheadername`:
Specifies the header name that will be used to store the parent ID.
`--tracing.haystack.spanidheadername`:
Specifies the header name that will be used to store the span ID.
`--tracing.haystack.traceidheadername`:
Specifies the header name that will be used to store the trace ID.
`--tracing.instana`:
Settings for Instana. (Default: ```false```)
`--tracing.instana.localagenthost`:
Set instana-agent's host that the reporter will used. (Default: ```localhost```)
`--tracing.instana.localagentport`:
Set instana-agent's port that the reporter will used. (Default: ```42699```)
`--tracing.instana.loglevel`:
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
`--tracing.jaeger`:
Settings for Jaeger. (Default: ```false```)
`--tracing.jaeger.collector.endpoint`:
Instructs reporter to send spans to jaeger-collector at this URL.
`--tracing.jaeger.collector.password`:
Password for basic http authentication when sending spans to jaeger-collector.
`--tracing.jaeger.collector.user`:
User for basic http authentication when sending spans to jaeger-collector.
`--tracing.jaeger.gen128bit`:
Generate 128 bit span IDs. (Default: ```false```)
`--tracing.jaeger.localagenthostport`:
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
`--tracing.jaeger.propagation`:
Which propagation format to use (jaeger/b3). (Default: ```jaeger```)
`--tracing.jaeger.samplingparam`:
Set the sampling parameter. (Default: ```1.000000```)
`--tracing.jaeger.samplingserverurl`:
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
`--tracing.jaeger.samplingtype`:
Set the sampling type. (Default: ```const```)
`--tracing.jaeger.tracecontextheadername`:
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
`--tracing.servicename`:
Set the name for this service. (Default: ```traefik```)
`--tracing.spannamelimit`:
Set the maximum character limit for Span names (default 0 = no limit). (Default: ```0```)
`--tracing.zipkin`:
Settings for Zipkin. (Default: ```false```)
`--tracing.zipkin.debug`:
Enable Zipkin debug. (Default: ```false```)
`--tracing.zipkin.httpendpoint`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v1/spans```)
`--tracing.zipkin.id128bit`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)
`--tracing.zipkin.samespan`:
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
`--tracing.zipkin.samplerate`:
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

View file

@ -1,5 +1,4 @@
# Static Configuration: CLI # Static Configuration: CLI
```txt --8<-- "content/reference/static-configuration/cli-ref.md"
--8<-- "content/reference/static-configuration/cli.txt"
```

View file

@ -1,609 +0,0 @@
--accesslog (Default: "false")
Access log settings.
--accesslog.bufferingsize (Default: "0")
Number of access log lines to process in a buffered way.
--accesslog.fields.defaultmode (Default: "keep")
Default mode for fields: keep | drop
--accesslog.fields.headers.defaultmode (Default: "keep")
Default mode for fields: keep | drop | redact
--accesslog.fields.headers.names.<name> (Default: "")
Override mode for headers
--accesslog.fields.names.<name> (Default: "")
Override mode for fields
--accesslog.filepath (Default: "")
Access log file path. Stdout is used when omitted or empty.
--accesslog.filters.minduration (Default: "0")
Keep access logs when request took longer than the specified duration.
--accesslog.filters.retryattempts (Default: "false")
Keep access logs when at least one retry happened.
--accesslog.filters.statuscodes (Default: "")
Keep access logs with status codes in the specified range.
--accesslog.format (Default: "common")
Access log format: json | common
--acme.acmelogging (Default: "false")
Enable debug logging of ACME actions.
--acme.caserver (Default: "https://acme-v02.api.letsencrypt.org/directory")
CA server to use.
--acme.dnschallenge (Default: "false")
Activate DNS-01 Challenge.
--acme.dnschallenge.delaybeforecheck (Default: "0")
Assume DNS propagates after a delay in seconds rather than finding and querying
nameservers.
--acme.dnschallenge.disablepropagationcheck (Default: "false")
Disable the DNS propagation checks before notifying ACME that the DNS challenge
is ready. [not recommended]
--acme.dnschallenge.provider (Default: "")
Use a DNS-01 based challenge provider rather than HTTPS.
--acme.dnschallenge.resolvers (Default: "")
Use following DNS servers to resolve the FQDN authority.
--acme.domains (Default: "")
The list of domains for which certificates are generated on startup. Wildcard
domains only accepted with DNSChallenge.
--acme.domains[n].main (Default: "")
Default subject name.
--acme.domains[n].sans (Default: "")
Subject alternative names.
--acme.email (Default: "")
Email address used for registration.
--acme.entrypoint (Default: "")
EntryPoint to use.
--acme.httpchallenge (Default: "false")
Activate HTTP-01 Challenge.
--acme.httpchallenge.entrypoint (Default: "")
HTTP challenge EntryPoint
--acme.keytype (Default: "RSA4096")
KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
--acme.onhostrule (Default: "false")
Enable certificate generation on router Host rules.
--acme.storage (Default: "acme.json")
Storage to use.
--acme.tlschallenge (Default: "true")
Activate TLS-ALPN-01 Challenge.
--api (Default: "false")
Enable api/dashboard.
--api.dashboard (Default: "true")
Activate dashboard.
--api.debug (Default: "false")
Enable additional endpoints for debugging and profiling.
--api.entrypoint (Default: "traefik")
The entry point that the API handler will be bound to.
--api.middlewares (Default: "")
Middleware list.
--api.statistics (Default: "false")
Enable more detailed statistics.
--api.statistics.recenterrors (Default: "10")
Number of recent errors logged.
--configfile (Default: "")
Configuration file to use. If specified all other flags are ignored.
--entrypoints.<name> (Default: "false")
Entry points definition.
--entrypoints.<name>.address (Default: "")
Entry point address.
--entrypoints.<name>.forwardedheaders.insecure (Default: "false")
Trust all forwarded headers.
--entrypoints.<name>.forwardedheaders.trustedips (Default: "")
Trust only forwarded headers from selected IPs.
--entrypoints.<name>.proxyprotocol (Default: "false")
Proxy-Protocol configuration.
--entrypoints.<name>.proxyprotocol.insecure (Default: "false")
Trust all.
--entrypoints.<name>.proxyprotocol.trustedips (Default: "")
Trust only selected IPs.
--entrypoints.<name>.transport.lifecycle.gracetimeout (Default: "10")
Duration to give active requests a chance to finish before Traefik stops.
--entrypoints.<name>.transport.lifecycle.requestacceptgracetimeout (Default: "0")
Duration to keep accepting requests before Traefik initiates the graceful
shutdown procedure.
--entrypoints.<name>.transport.respondingtimeouts.idletimeout (Default: "180")
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will
remain idle before closing itself. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.readtimeout (Default: "0")
ReadTimeout is the maximum duration for reading the entire request, including
the body. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.writetimeout (Default: "0")
WriteTimeout is the maximum duration before timing out writes of the response.
If zero, no timeout is set.
--global.checknewversion (Default: "true")
Periodically check if a new version has been released.
--global.sendanonymoususage
Periodically send anonymous usage statistics. If the option is not specified, it
will be enabled by default.
--hostresolver (Default: "false")
Enable CNAME Flattening.
--hostresolver.cnameflattening (Default: "false")
A flag to enable/disable CNAME flattening
--hostresolver.resolvconfig (Default: "/etc/resolv.conf")
resolv.conf used for DNS resolving
--hostresolver.resolvdepth (Default: "5")
The maximal depth of DNS recursive resolving
--log (Default: "false")
Traefik log settings.
--log.filepath (Default: "")
Traefik log file path. Stdout is used when omitted or empty.
--log.format (Default: "common")
Traefik log format: json | common
--log.level (Default: "ERROR")
Log level set to traefik logs.
--metrics.datadog (Default: "false")
DataDog metrics exporter type.
--metrics.datadog.address (Default: "localhost:8125")
DataDog's address.
--metrics.datadog.pushinterval (Default: "10")
DataDog push interval.
--metrics.influxdb (Default: "false")
InfluxDB metrics exporter type.
--metrics.influxdb.address (Default: "localhost:8089")
InfluxDB address.
--metrics.influxdb.database (Default: "")
InfluxDB database used when protocol is http.
--metrics.influxdb.password (Default: "")
InfluxDB password (only with http).
--metrics.influxdb.protocol (Default: "udp")
InfluxDB address protocol (udp or http).
--metrics.influxdb.pushinterval (Default: "10")
InfluxDB push interval.
--metrics.influxdb.retentionpolicy (Default: "")
InfluxDB retention policy used when protocol is http.
--metrics.influxdb.username (Default: "")
InfluxDB username (only with http).
--metrics.prometheus (Default: "false")
Prometheus metrics exporter type.
--metrics.prometheus.buckets (Default: "0.100000, 0.300000, 1.200000, 5.000000")
Buckets for latency metrics.
--metrics.prometheus.entrypoint (Default: "traefik")
EntryPoint.
--metrics.prometheus.middlewares (Default: "")
Middlewares.
--metrics.statsd (Default: "false")
StatsD metrics exporter type.
--metrics.statsd.address (Default: "localhost:8125")
StatsD address.
--metrics.statsd.pushinterval (Default: "10")
StatsD push interval.
--ping (Default: "false")
Enable ping.
--ping.entrypoint (Default: "traefik")
Ping entryPoint.
--ping.middlewares (Default: "")
Middleware list.
--providers.docker (Default: "false")
Enable Docker backend with default settings.
--providers.docker.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.docker.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.docker.endpoint (Default: "unix:///var/run/docker.sock")
Docker server endpoint. Can be a tcp or a unix socket endpoint.
--providers.docker.exposedbydefault (Default: "true")
Expose containers by default.
--providers.docker.network (Default: "")
Default Docker network used.
--providers.docker.swarmmode (Default: "false")
Use Docker on Swarm Mode.
--providers.docker.swarmmoderefreshseconds (Default: "15")
Polling interval for swarm mode.
--providers.docker.tls.ca (Default: "")
TLS CA
--providers.docker.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.docker.tls.cert (Default: "")
TLS cert
--providers.docker.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.docker.tls.key (Default: "")
TLS key
--providers.docker.usebindportip (Default: "false")
Use the ip address from the bound port, rather than from the inner network.
--providers.docker.watch (Default: "true")
Watch provider.
--providers.file (Default: "false")
Enable File backend with default settings.
--providers.file.debugloggeneratedtemplate (Default: "false")
Enable debug logging of generated configuration template.
--providers.file.directory (Default: "")
Load configuration from one or more .toml files in a directory.
--providers.file.filename (Default: "")
Override default configuration template. For advanced users :)
--providers.file.watch (Default: "true")
Watch provider.
--providers.kubernetes (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetes.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetes.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetes.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetes.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetes.ingressendpoint.hostname (Default: "")
Hostname used for Kubernetes Ingress endpoints.
--providers.kubernetes.ingressendpoint.ip (Default: "")
IP used for Kubernetes Ingress endpoints.
--providers.kubernetes.ingressendpoint.publishedservice (Default: "")
Published Kubernetes Service to copy status from.
--providers.kubernetes.labelselector (Default: "")
Kubernetes Ingress label selector to use.
--providers.kubernetes.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetes.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.kubernetescrd (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetescrd.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetescrd.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetescrd.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetescrd.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetescrd.labelselector (Default: "")
Kubernetes label selector to use.
--providers.kubernetescrd.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetescrd.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.marathon (Default: "false")
Enable Marathon backend with default settings.
--providers.marathon.basic.httpbasicauthuser (Default: "")
Basic authentication User.
--providers.marathon.basic.httpbasicpassword (Default: "")
Basic authentication Password.
--providers.marathon.constraints (Default: "")
Constraints is an expression that Traefik matches against the application's
labels to determine whether to create any route for that application.
--providers.marathon.dcostoken (Default: "")
DCOSToken for DCOS environment, This will override the Authorization header.
--providers.marathon.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.marathon.dialertimeout (Default: "5")
Set a dialer timeout for Marathon.
--providers.marathon.endpoint (Default: "http://127.0.0.1:8080")
Marathon server endpoint. You can also specify multiple endpoint for Marathon.
--providers.marathon.exposedbydefault (Default: "true")
Expose Marathon apps by default.
--providers.marathon.forcetaskhostname (Default: "false")
Force to use the task's hostname.
--providers.marathon.keepalive (Default: "10")
Set a TCP Keep Alive time.
--providers.marathon.respectreadinesschecks (Default: "false")
Filter out tasks with non-successful readiness checks during deployments.
--providers.marathon.responseheadertimeout (Default: "60")
Set a response header timeout for Marathon.
--providers.marathon.tls.ca (Default: "")
TLS CA
--providers.marathon.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.marathon.tls.cert (Default: "")
TLS cert
--providers.marathon.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.marathon.tls.key (Default: "")
TLS key
--providers.marathon.tlshandshaketimeout (Default: "5")
Set a TLS handshake timeout for Marathon.
--providers.marathon.trace (Default: "false")
Display additional provider logs.
--providers.marathon.watch (Default: "true")
Watch provider.
--providers.providersthrottleduration (Default: "2")
Backends throttle duration: minimum duration between 2 events from providers
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--providers.rancher (Default: "false")
Enable Rancher backend with default settings.
--providers.rancher.constraints (Default: "")
Constraints is an expression that Traefik matches against the container's labels
to determine whether to create any route for that container.
--providers.rancher.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.rancher.enableservicehealthfilter (Default: "true")
Filter services with unhealthy states and inactive states.
--providers.rancher.exposedbydefault (Default: "true")
Expose containers by default.
--providers.rancher.intervalpoll (Default: "false")
Poll the Rancher metadata service every 'rancher.refreshseconds' (less
accurate).
--providers.rancher.prefix (Default: "latest")
Prefix used for accessing the Rancher metadata service.
--providers.rancher.refreshseconds (Default: "15")
Defines the polling interval in seconds.
--providers.rancher.watch (Default: "true")
Watch provider.
--providers.rest (Default: "false")
Enable Rest backend with default settings.
--providers.rest.entrypoint (Default: "traefik")
EntryPoint.
--serverstransport.forwardingtimeouts.dialtimeout (Default: "30")
The amount of time to wait until a connection to a backend server can be
established. If zero, no timeout exists.
--serverstransport.forwardingtimeouts.responseheadertimeout (Default: "0")
The amount of time to wait for a server's response headers after fully writing
the request (including its body, if any). If zero, no timeout exists.
--serverstransport.forwardingtimeouts.idleconntimeout (Default: "90s")
The maximum period for which an idle HTTP keep-alive connection to a backend
server will remain open before closing itself.
--serverstransport.insecureskipverify (Default: "false")
Disable SSL certificate verification.
--serverstransport.maxidleconnsperhost (Default: "200")
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero,
DefaultMaxIdleConnsPerHost is used
--serverstransport.rootcas (Default: "")
Add cert file for self-signed certificate.
--tracing (Default: "false")
OpenTracing configuration.
--tracing.datadog (Default: "false")
Settings for DataDog.
--tracing.datadog.bagageprefixheadername (Default: "")
Specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.datadog.debug (Default: "false")
Enable DataDog debug.
--tracing.datadog.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport (Default: "localhost:8126")
Set datadog-agent's host:port that the reporter will used.
--tracing.datadog.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.datadog.prioritysampling (Default: "false")
Enable priority sampling. When using distributed tracing, this option must be
enabled in order to get all the parts of a distributed trace sampled.
--tracing.datadog.samplingpriorityheadername (Default: "")
Specifies the header name that will be used to store the sampling priority.
--tracing.datadog.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.haystack (Default: "false")
Settings for Haystack.
--tracing.haystack.baggageprefixheadername (Default: "")
Specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.haystack.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.haystack.localagenthost (Default: "LocalAgentHost")
Set haystack-agent's host that the reporter will used.
--tracing.haystack.localagentport (Default: "35000")
Set haystack-agent's port that the reporter will used.
--tracing.haystack.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.haystack.spanidheadername (Default: "")
Specifies the header name that will be used to store the span ID.
--tracing.haystack.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.instana (Default: "false")
Settings for Instana.
--tracing.instana.localagenthost (Default: "localhost")
Set instana-agent's host that the reporter will used.
--tracing.instana.localagentport (Default: "42699")
Set instana-agent's port that the reporter will used.
--tracing.instana.loglevel (Default: "info")
Set instana-agent's log level. ('error','warn','info','debug')
--tracing.jaeger (Default: "false")
Settings for jaeger.
--tracing.jaeger.gen128bit (Default: "false")
Generate 128 bit span IDs.
--tracing.jaeger.localagenthostport (Default: "127.0.0.1:6831")
Set jaeger-agent's host:port that the reporter will used.
--tracing.jaeger.propagation (Default: "jaeger")
Which propgation format to use (jaeger/b3).
--tracing.jaeger.samplingparam (Default: "1.000000")
Set the sampling parameter.
--tracing.jaeger.samplingserverurl (Default: "http://localhost:5778/sampling")
Set the sampling server url.
--tracing.jaeger.samplingtype (Default: "const")
Set the sampling type.
--tracing.jaeger.tracecontextheadername (Default: "uber-trace-id")
Set the header to use for the trace-id.
--tracing.servicename (Default: "traefik")
Set the name for this service.
--tracing.spannamelimit (Default: "0")
Set the maximum character limit for Span names (default 0 = no limit).
--tracing.zipkin (Default: "false")
Settings for zipkin.
--tracing.zipkin.debug (Default: "false")
Enable Zipkin debug.
--tracing.zipkin.httpendpoint (Default: "http://localhost:9411/api/v1/spans")
HTTP Endpoint to report traces to.
--tracing.zipkin.id128bit (Default: "true")
Use Zipkin 128 bit root span IDs.
--tracing.zipkin.samespan (Default: "false")
Use Zipkin SameSpan RPC style traces.
--tracing.zipkin.samplerate (Default: "1.000000")
The rate between 0.0 and 1.0 of requests to trace.

View file

@ -0,0 +1,577 @@
<!--
CODE GENERATED AUTOMATICALLY
THIS FILE MUST NOT BE EDITED BY HAND
-->
`TRAEFIK_ACCESSLOG`:
Access log settings. (Default: ```false```)
`TRAEFIK_ACCESSLOG_BUFFERINGSIZE`:
Number of access log lines to process in a buffered way. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FIELDS_DEFAULTMODE`:
Default mode for fields: keep | drop (Default: ```keep```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_DEFAULTMODE`:
Default mode for fields: keep | drop | redact (Default: ```drop```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_NAMES_<NAME>`:
Override mode for headers
`TRAEFIK_ACCESSLOG_FIELDS_NAMES_<NAME>`:
Override mode for fields
`TRAEFIK_ACCESSLOG_FILEPATH`:
Access log file path. Stdout is used when omitted or empty.
`TRAEFIK_ACCESSLOG_FILTERS_MINDURATION`:
Keep access logs when request took longer than the specified duration. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FILTERS_RETRYATTEMPTS`:
Keep access logs when at least one retry happened. (Default: ```false```)
`TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES`:
Keep access logs with status codes in the specified range.
`TRAEFIK_ACCESSLOG_FORMAT`:
Access log format: json | common (Default: ```common```)
`TRAEFIK_API`:
Enable api/dashboard. (Default: ```false```)
`TRAEFIK_API_DASHBOARD`:
Activate dashboard. (Default: ```true```)
`TRAEFIK_API_DEBUG`:
Enable additional endpoints for debugging and profiling. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>`:
Certificates resolvers configuration. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_CASERVER`:
CA server to use. (Default: ```https://acme-v02.api.letsencrypt.org/directory```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE`:
Activate DNS-01 Challenge. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE_DELAYBEFORECHECK`:
Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. (Default: ```0```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE_DISABLEPROPAGATIONCHECK`:
Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE_PROVIDER`:
Use a DNS-01 based challenge provider rather than HTTPS.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_DNSCHALLENGE_RESOLVERS`:
Use following DNS servers to resolve the FQDN authority.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_EMAIL`:
Email address used for registration.
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_HTTPCHALLENGE`:
Activate HTTP-01 Challenge. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_HTTPCHALLENGE_ENTRYPOINT`:
HTTP challenge EntryPoint
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_KEYTYPE`:
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_STORAGE`:
Storage to use. (Default: ```acme.json```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_TLSCHALLENGE`:
Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`TRAEFIK_ENTRYPOINTS_<NAME>`:
Entry points definition. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_ADDRESS`:
Entry point address.
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_INSECURE`:
Trust all forwarded headers. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_TRUSTEDIPS`:
Trust only forwarded headers from selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL`:
Proxy-Protocol configuration. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_INSECURE`:
Trust all. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`:
Trust only selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_GRACETIMEOUT`:
Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_REQUESTACCEPTGRACETIMEOUT`:
Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT`:
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT`:
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:
WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_GLOBAL_CHECKNEWVERSION`:
Periodically check if a new version has been released. (Default: ```false```)
`TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:
Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
`TRAEFIK_HOSTRESOLVER`:
Enable CNAME Flattening. (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_CNAMEFLATTENING`:
A flag to enable/disable CNAME flattening (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_RESOLVCONFIG`:
resolv.conf used for DNS resolving (Default: ```/etc/resolv.conf```)
`TRAEFIK_HOSTRESOLVER_RESOLVDEPTH`:
The maximal depth of DNS recursive resolving (Default: ```5```)
`TRAEFIK_LOG`:
Traefik log settings. (Default: ```false```)
`TRAEFIK_LOG_FILEPATH`:
Traefik log file path. Stdout is used when omitted or empty.
`TRAEFIK_LOG_FORMAT`:
Traefik log format: json | common (Default: ```common```)
`TRAEFIK_LOG_LEVEL`:
Log level set to traefik logs. (Default: ```ERROR```)
`TRAEFIK_METRICS_DATADOG`:
DataDog metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_DATADOG_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_DATADOG_ADDRESS`:
DataDog's address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_DATADOG_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_DATADOG_PUSHINTERVAL`:
DataDog push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB`:
InfluxDB metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_INFLUXDB_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_INFLUXDB_ADDRESS`:
InfluxDB address. (Default: ```localhost:8089```)
`TRAEFIK_METRICS_INFLUXDB_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_INFLUXDB_DATABASE`:
InfluxDB database used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_PASSWORD`:
InfluxDB password (only with http).
`TRAEFIK_METRICS_INFLUXDB_PROTOCOL`:
InfluxDB address protocol (udp or http). (Default: ```udp```)
`TRAEFIK_METRICS_INFLUXDB_PUSHINTERVAL`:
InfluxDB push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB_RETENTIONPOLICY`:
InfluxDB retention policy used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_USERNAME`:
InfluxDB username (only with http).
`TRAEFIK_METRICS_PROMETHEUS`:
Prometheus metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_PROMETHEUS_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_PROMETHEUS_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_PROMETHEUS_BUCKETS`:
Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```)
`TRAEFIK_METRICS_STATSD`:
StatsD metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_STATSD_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_STATSD_ADDRESS`:
StatsD address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_STATSD_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_STATSD_PUSHINTERVAL`:
StatsD push interval. (Default: ```10```)
`TRAEFIK_PING`:
Enable ping. (Default: ```true```)
`TRAEFIK_PROVIDERS_DOCKER`:
Enable Docker backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`TRAEFIK_PROVIDERS_DOCKER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_DOCKER_ENDPOINT`:
Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: ```unix:///var/run/docker.sock```)
`TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_DOCKER_NETWORK`:
Default Docker network used.
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODE`:
Use Docker on Swarm Mode. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODEREFRESHSECONDS`:
Polling interval for swarm mode. (Default: ```15```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_DOCKER_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_DOCKER_USEBINDPORTIP`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_FILE_DEBUGLOGGENERATEDTEMPLATE`:
Enable debug logging of generated configuration template. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DIRECTORY`:
Load configuration from one or more .toml files in a directory.
`TRAEFIK_PROVIDERS_FILE_FILENAME`:
Override default configuration template. For advanced users :)
`TRAEFIK_PROVIDERS_FILE_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_LABELSELECTOR`:
Kubernetes label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_INGRESSENDPOINT_HOSTNAME`:
Hostname used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_INGRESSENDPOINT_IP`:
IP used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_INGRESSENDPOINT_PUBLISHEDSERVICE`:
Published Kubernetes Service to copy status from.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_LABELSELECTOR`:
Kubernetes Ingress label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_MARATHON`:
Enable Marathon backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICAUTHUSER`:
Basic authentication User.
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICPASSWORD`:
Basic authentication Password.
`TRAEFIK_PROVIDERS_MARATHON_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application.
`TRAEFIK_PROVIDERS_MARATHON_DCOSTOKEN`:
DCOSToken for DCOS environment, This will override the Authorization header.
`TRAEFIK_PROVIDERS_MARATHON_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_MARATHON_DIALERTIMEOUT`:
Set a dialer timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_ENDPOINT`:
Marathon server endpoint. You can also specify multiple endpoint for Marathon. (Default: ```http://127.0.0.1:8080```)
`TRAEFIK_PROVIDERS_MARATHON_EXPOSEDBYDEFAULT`:
Expose Marathon apps by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_MARATHON_FORCETASKHOSTNAME`:
Force to use the task's hostname. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_KEEPALIVE`:
Set a TCP Keep Alive time. (Default: ```10```)
`TRAEFIK_PROVIDERS_MARATHON_RESPECTREADINESSCHECKS`:
Filter out tasks with non-successful readiness checks during deployments. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_RESPONSEHEADERTIMEOUT`:
Set a response header timeout for Marathon. (Default: ```60```)
`TRAEFIK_PROVIDERS_MARATHON_TLSHANDSHAKETIMEOUT`:
Set a TLS handshake timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_MARATHON_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_MARATHON_TRACE`:
Display additional provider logs. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_PROVIDERSTHROTTLEDURATION`:
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```0```)
`TRAEFIK_PROVIDERS_RANCHER`:
Enable Rancher backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`TRAEFIK_PROVIDERS_RANCHER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_RANCHER_ENABLESERVICEHEALTHFILTER`:
Filter services with unhealthy states and inactive states. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_INTERVALPOLL`:
Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate). (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_PREFIX`:
Prefix used for accessing the Rancher metadata service. (Default: ```latest```)
`TRAEFIK_PROVIDERS_RANCHER_REFRESHSECONDS`:
Defines the polling interval in seconds. (Default: ```15```)
`TRAEFIK_PROVIDERS_RANCHER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_REST`:
Enable Rest backend with default settings. (Default: ```true```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT`:
The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_IDLECONNTIMEOUT`:
The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself (Default: ```90```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_RESPONSEHEADERTIMEOUT`:
The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_INSECURESKIPVERIFY`:
Disable SSL certificate verification. (Default: ```false```)
`TRAEFIK_SERVERSTRANSPORT_MAXIDLECONNSPERHOST`:
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_ROOTCAS`:
Add cert file for self-signed certificate.
`TRAEFIK_TRACING`:
OpenTracing configuration. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG`:
Settings for DataDog. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_BAGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`:
Enable DataDog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_DATADOG_LOCALAGENTHOSTPORT`:
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
`TRAEFIK_TRACING_DATADOG_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_DATADOG_PRIORITYSAMPLING`:
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_SAMPLINGPRIORITYHEADERNAME`:
Specifies the header name that will be used to store the sampling priority.
`TRAEFIK_TRACING_DATADOG_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_HAYSTACK`:
Settings for Haystack. (Default: ```false```)
`TRAEFIK_TRACING_HAYSTACK_BAGGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_HAYSTACK_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTHOST`:
Set haystack-agent's host that the reporter will used. (Default: ```LocalAgentHost```)
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTPORT`:
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
`TRAEFIK_TRACING_HAYSTACK_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_HAYSTACK_SPANIDHEADERNAME`:
Specifies the header name that will be used to store the span ID.
`TRAEFIK_TRACING_HAYSTACK_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_INSTANA`:
Settings for Instana. (Default: ```false```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTHOST`:
Set instana-agent's host that the reporter will used. (Default: ```localhost```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTPORT`:
Set instana-agent's port that the reporter will used. (Default: ```42699```)
`TRAEFIK_TRACING_INSTANA_LOGLEVEL`:
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
`TRAEFIK_TRACING_JAEGER`:
Settings for Jaeger. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_COLLECTOR_ENDPOINT`:
Instructs reporter to send spans to jaeger-collector at this URL.
`TRAEFIK_TRACING_JAEGER_COLLECTOR_PASSWORD`:
Password for basic http authentication when sending spans to jaeger-collector.
`TRAEFIK_TRACING_JAEGER_COLLECTOR_USER`:
User for basic http authentication when sending spans to jaeger-collector.
`TRAEFIK_TRACING_JAEGER_GEN128BIT`:
Generate 128 bit span IDs. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_LOCALAGENTHOSTPORT`:
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
`TRAEFIK_TRACING_JAEGER_PROPAGATION`:
Which propagation format to use (jaeger/b3). (Default: ```jaeger```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM`:
Set the sampling parameter. (Default: ```1.000000```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGSERVERURL`:
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGTYPE`:
Set the sampling type. (Default: ```const```)
`TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`:
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
`TRAEFIK_TRACING_SERVICENAME`:
Set the name for this service. (Default: ```traefik```)
`TRAEFIK_TRACING_SPANNAMELIMIT`:
Set the maximum character limit for Span names (default 0 = no limit). (Default: ```0```)
`TRAEFIK_TRACING_ZIPKIN`:
Settings for Zipkin. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_DEBUG`:
Enable Zipkin debug. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_HTTPENDPOINT`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v1/spans```)
`TRAEFIK_TRACING_ZIPKIN_ID128BIT`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)
`TRAEFIK_TRACING_ZIPKIN_SAMESPAN`:
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_SAMPLERATE`:
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

View file

@ -1,590 +1,3 @@
# Static Configuration: Environment variables # Static Configuration: Environment variables
`TRAEFIK_ACCESSLOG`: --8<-- "content/reference/static-configuration/env-ref.md"
Access log settings. (Default: ```false```)
`TRAEFIK_ACCESSLOG_BUFFERINGSIZE`:
Number of access log lines to process in a buffered way. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FIELDS_DEFAULTMODE`:
Default mode for fields: keep | drop (Default: ```keep```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_DEFAULTMODE`:
Default mode for fields: keep | drop | redact (Default: ```keep```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_NAMES_<NAME>`:
Override mode for headers
`TRAEFIK_ACCESSLOG_FIELDS_NAMES_<NAME>`:
Override mode for fields
`TRAEFIK_ACCESSLOG_FILEPATH`:
Access log file path. Stdout is used when omitted or empty.
`TRAEFIK_ACCESSLOG_FILTERS_MINDURATION`:
Keep access logs when request took longer than the specified duration. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FILTERS_RETRYATTEMPTS`:
Keep access logs when at least one retry happened. (Default: ```false```)
`TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES`:
Keep access logs with status codes in the specified range.
`TRAEFIK_ACCESSLOG_FORMAT`:
Access log format: json | common (Default: ```common```)
`TRAEFIK_ACME_ACMELOGGING`:
Enable debug logging of ACME actions. (Default: ```false```)
`TRAEFIK_ACME_CASERVER`:
CA server to use. (Default: ```https://acme-v02.api.letsencrypt.org/directory```)
`TRAEFIK_ACME_DNSCHALLENGE`:
Activate DNS-01 Challenge. (Default: ```false```)
`TRAEFIK_ACME_DNSCHALLENGE_DELAYBEFORECHECK`:
Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. (Default: ```0```)
`TRAEFIK_ACME_DNSCHALLENGE_DISABLEPROPAGATIONCHECK`:
Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] (Default: ```false```)
`TRAEFIK_ACME_DNSCHALLENGE_PROVIDER`:
Use a DNS-01 based challenge provider rather than HTTPS.
`TRAEFIK_ACME_DNSCHALLENGE_RESOLVERS`:
Use following DNS servers to resolve the FQDN authority.
`TRAEFIK_ACME_DOMAINS`:
The list of domains for which certificates are generated on startup. Wildcard domains only accepted with DNSChallenge.
`TRAEFIK_ACME_DOMAINS[n]_MAIN`:
Default subject name.
`TRAEFIK_ACME_DOMAINS[n]_SANS`:
Subject alternative names.
`TRAEFIK_ACME_EMAIL`:
Email address used for registration.
`TRAEFIK_ACME_ENTRYPOINT`:
EntryPoint to use.
`TRAEFIK_ACME_HTTPCHALLENGE`:
Activate HTTP-01 Challenge. (Default: ```false```)
`TRAEFIK_ACME_HTTPCHALLENGE_ENTRYPOINT`:
HTTP challenge EntryPoint
`TRAEFIK_ACME_KEYTYPE`:
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
`TRAEFIK_ACME_ONHOSTRULE`:
Enable certificate generation on router Host rules. (Default: ```false```)
`TRAEFIK_ACME_STORAGE`:
Storage to use. (Default: ```acme.json```)
`TRAEFIK_ACME_TLSCHALLENGE`:
Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`TRAEFIK_API`:
Enable api/dashboard. (Default: ```false```)
`TRAEFIK_API_DASHBOARD`:
Activate dashboard. (Default: ```true```)
`TRAEFIK_API_DEBUG`:
Enable additional endpoints for debugging and profiling. (Default: ```false```)
`TRAEFIK_API_ENTRYPOINT`:
The entry point that the API handler will be bound to. (Default: ```traefik```)
`TRAEFIK_API_MIDDLEWARES`:
Middleware list.
`TRAEFIK_API_STATISTICS`:
Enable more detailed statistics. (Default: ```false```)
`TRAEFIK_API_STATISTICS_RECENTERRORS`:
Number of recent errors logged. (Default: ```10```)
`TRAEFIK_CONFIGFILE`:
Configuration file to use. If specified all other flags are ignored. (Default: "")
`TRAEFIK_ENTRYPOINTS_<NAME>`:
Entry points definition. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_ADDRESS`:
Entry point address.
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_INSECURE`:
Trust all forwarded headers. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_TRUSTEDIPS`:
Trust only forwarded headers from selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL`:
Proxy-Protocol configuration. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_INSECURE`:
Trust all. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`:
Trust only selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_GRACETIMEOUT`:
Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_REQUESTACCEPTGRACETIMEOUT`:
Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT`:
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT`:
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:
WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_GLOBAL_CHECKNEWVERSION`:
Periodically check if a new version has been released. (Default: ```false```)
`TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:
Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default.
`TRAEFIK_HOSTRESOLVER`:
Enable CNAME Flattening. (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_CNAMEFLATTENING`:
A flag to enable/disable CNAME flattening (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_RESOLVCONFIG`:
resolv.conf used for DNS resolving (Default: ```/etc/resolv.conf```)
`TRAEFIK_HOSTRESOLVER_RESOLVDEPTH`:
The maximal depth of DNS recursive resolving (Default: ```5```)
`TRAEFIK_LOG`:
Traefik log settings. (Default: "false")
`TRAEFIK_LOG_FILEPATH`:
Traefik log file path. Stdout is used when omitted or empty.
`TRAEFIK_LOG_FORMAT`:
Traefik log format: json | common (Default: ```common```)
`TRAEFIK_LOG_LEVEL`:
Log level set to traefik logs. (Default: ```ERROR```)
`TRAEFIK_METRICS_DATADOG`:
DataDog metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_DATADOG_ADDRESS`:
DataDog's address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_DATADOG_PUSHINTERVAL`:
DataDog push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB`:
InfluxDB metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_INFLUXDB_ADDRESS`:
InfluxDB address. (Default: ```localhost:8089```)
`TRAEFIK_METRICS_INFLUXDB_DATABASE`:
InfluxDB database used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_PASSWORD`:
InfluxDB password (only with http).
`TRAEFIK_METRICS_INFLUXDB_PROTOCOL`:
InfluxDB address protocol (udp or http). (Default: ```udp```)
`TRAEFIK_METRICS_INFLUXDB_PUSHINTERVAL`:
InfluxDB push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB_RETENTIONPOLICY`:
InfluxDB retention policy used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_USERNAME`:
InfluxDB username (only with http).
`TRAEFIK_METRICS_PROMETHEUS`:
Prometheus metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_PROMETHEUS_BUCKETS`:
Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```)
`TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT`:
EntryPoint. (Default: ```traefik```)
`TRAEFIK_METRICS_PROMETHEUS_MIDDLEWARES`:
Middlewares.
`TRAEFIK_METRICS_STATSD`:
StatsD metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_STATSD_ADDRESS`:
StatsD address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_STATSD_PUSHINTERVAL`:
StatsD push interval. (Default: ```10```)
`TRAEFIK_PING`:
Enable ping. (Default: ```false```)
`TRAEFIK_PING_ENTRYPOINT`:
Ping entryPoint. (Default: ```traefik```)
`TRAEFIK_PING_MIDDLEWARES`:
Middleware list.
`TRAEFIK_PROVIDERS_DOCKER`:
Enable Docker backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`TRAEFIK_PROVIDERS_DOCKER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_DOCKER_ENDPOINT`:
Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: ```unix:///var/run/docker.sock```)
`TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_DOCKER_NETWORK`:
Default Docker network used.
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODE`:
Use Docker on Swarm Mode. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODEREFRESHSECONDS`:
Polling interval for swarm mode. (Default: ```15```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_DOCKER_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_DOCKER_USEBINDPORTIP`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_FILE`:
Enable File backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DEBUGLOGGENERATEDTEMPLATE`:
Enable debug logging of generated configuration template. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DIRECTORY`:
Load configuration from one or more .toml files in a directory.
`TRAEFIK_PROVIDERS_FILE_FILENAME`:
Override default configuration template. For advanced users :)
`TRAEFIK_PROVIDERS_FILE_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_KUBERNETES`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_LABELSELECTOR`:
Kubernetes label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETES_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_HOSTNAME`:
Hostname used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_IP`:
IP used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_PUBLISHEDSERVICE`:
Published Kubernetes Service to copy status from.
`TRAEFIK_PROVIDERS_KUBERNETES_LABELSELECTOR`:
Kubernetes Ingress label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETES_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETES_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_MARATHON`:
Enable Marathon backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICAUTHUSER`:
Basic authentication User.
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICPASSWORD`:
Basic authentication Password.
`TRAEFIK_PROVIDERS_MARATHON_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application.
`TRAEFIK_PROVIDERS_MARATHON_DCOSTOKEN`:
DCOSToken for DCOS environment, This will override the Authorization header.
`TRAEFIK_PROVIDERS_MARATHON_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_MARATHON_DIALERTIMEOUT`:
Set a dialer timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_ENDPOINT`:
Marathon server endpoint. You can also specify multiple endpoint for Marathon. (Default: ```http://127.0.0.1:8080```)
`TRAEFIK_PROVIDERS_MARATHON_EXPOSEDBYDEFAULT`:
Expose Marathon apps by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_MARATHON_FORCETASKHOSTNAME`:
Force to use the task's hostname. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_KEEPALIVE`:
Set a TCP Keep Alive time. (Default: ```10```)
`TRAEFIK_PROVIDERS_MARATHON_RESPECTREADINESSCHECKS`:
Filter out tasks with non-successful readiness checks during deployments. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_RESPONSEHEADERTIMEOUT`:
Set a response header timeout for Marathon. (Default: ```60```)
`TRAEFIK_PROVIDERS_MARATHON_TLSHANDSHAKETIMEOUT`:
Set a TLS handshake timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_MARATHON_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_MARATHON_TRACE`:
Display additional provider logs. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_PROVIDERSTHROTTLEDURATION`:
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```0```)
`TRAEFIK_PROVIDERS_RANCHER`:
Enable Rancher backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
`TRAEFIK_PROVIDERS_RANCHER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_RANCHER_ENABLESERVICEHEALTHFILTER`:
Filter services with unhealthy states and inactive states. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_INTERVALPOLL`:
Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate). (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_PREFIX`:
Prefix used for accessing the Rancher metadata service. (Default: ```latest```)
`TRAEFIK_PROVIDERS_RANCHER_REFRESHSECONDS`:
Defines the polling interval in seconds. (Default: ```15```)
`TRAEFIK_PROVIDERS_RANCHER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_REST`:
Enable Rest backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_REST_ENTRYPOINT`:
EntryPoint. (Default: ```traefik```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT`:
The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_RESPONSEHEADERTIMEOUT`:
The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_IDLECONNTIMEOUT`:
The maximum period for which an idle HTTP keep-alive connection to a backend
server will remain open before closing itself. (Default: ```90s```)
`TRAEFIK_SERVERSTRANSPORT_INSECURESKIPVERIFY`:
Disable SSL certificate verification. (Default: ```false```)
`TRAEFIK_SERVERSTRANSPORT_MAXIDLECONNSPERHOST`:
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_ROOTCAS`:
Add cert file for self-signed certificate.
`TRAEFIK_TRACING`:
OpenTracing configuration. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG`:
Settings for DataDog. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_BAGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`:
Enable DataDog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_DATADOG_LOCALAGENTHOSTPORT`:
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
`TRAEFIK_TRACING_DATADOG_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_DATADOG_PRIORITYSAMPLING`:
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_SAMPLINGPRIORITYHEADERNAME`:
Specifies the header name that will be used to store the sampling priority.
`TRAEFIK_TRACING_DATADOG_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_HAYSTACK`:
Settings for Haystack. (Default: ```false```)
`TRAEFIK_TRACING_HAYSTACK_BAGGAGEPREFIXHEADERNAME`:
specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_HAYSTACK_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTHOST`:
Set haystack-agent's host that the reporter will used. (Default: ```LocalAgentHost```)
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTPORT`:
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
`TRAEFIK_TRACING_HAYSTACK_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_HAYSTACK_SPANIDHEADERNAME`:
Specifies the header name that will be used to store the span ID.
`TRAEFIK_TRACING_HAYSTACK_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_INSTANA`:
Settings for Instana. (Default: ```false```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTHOST`:
Set instana-agent's host that the reporter will used. (Default: ```localhost```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTPORT`:
Set instana-agent's port that the reporter will used. (Default: ```42699```)
`TRAEFIK_TRACING_INSTANA_LOGLEVEL`:
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
`TRAEFIK_TRACING_JAEGER`:
Settings for jaeger. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_GEN128BIT`:
Generate 128 bit span IDs. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_LOCALAGENTHOSTPORT`:
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
`TRAEFIK_TRACING_JAEGER_PROPAGATION`:
Which propgation format to use (jaeger/b3). (Default: ```jaeger```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM`:
Set the sampling parameter. (Default: ```1.000000```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGSERVERURL`:
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGTYPE`:
Set the sampling type. (Default: ```const```)
`TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`:
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
`TRAEFIK_TRACING_SERVICENAME`:
Set the name for this service. (Default: ```traefik```)
`TRAEFIK_TRACING_SPANNAMELIMIT`:
Set the maximum character limit for Span names (default 0 = no limit). (Default: ```0```)
`TRAEFIK_TRACING_ZIPKIN`:
Settings for zipkin. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_DEBUG`:
Enable Zipkin debug. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_HTTPENDPOINT`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v1/spans```)
`TRAEFIK_TRACING_ZIPKIN_ID128BIT`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)
`TRAEFIK_TRACING_ZIPKIN_SAMESPAN`:
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_SAMPLERATE`:
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

View file

@ -52,7 +52,6 @@
watch = true watch = true
filename = "foobar" filename = "foobar"
debugLogGeneratedTemplate = true debugLogGeneratedTemplate = true
traefikFile = "foobar"
[providers.marathon] [providers.marathon]
constraints = "foobar" constraints = "foobar"
trace = true trace = true
@ -76,7 +75,7 @@
[providers.marathon.basic] [providers.marathon.basic]
httpBasicAuthUser = "foobar" httpBasicAuthUser = "foobar"
httpBasicPassword = "foobar" httpBasicPassword = "foobar"
[providers.kubernetes] [providers.kubernetesIngress]
endpoint = "foobar" endpoint = "foobar"
token = "foobar" token = "foobar"
certAuthFilePath = "foobar" certAuthFilePath = "foobar"
@ -84,7 +83,7 @@
namespaces = ["foobar", "foobar"] namespaces = ["foobar", "foobar"]
labelSelector = "foobar" labelSelector = "foobar"
ingressClass = "foobar" ingressClass = "foobar"
[providers.kubernetes.ingressEndpoint] [providers.kubernetesIngress.ingressEndpoint]
ip = "foobar" ip = "foobar"
hostname = "foobar" hostname = "foobar"
publishedService = "foobar" publishedService = "foobar"
@ -97,7 +96,6 @@
labelSelector = "foobar" labelSelector = "foobar"
ingressClass = "foobar" ingressClass = "foobar"
[providers.rest] [providers.rest]
entryPoint = "foobar"
[providers.rancher] [providers.rancher]
constraints = "foobar" constraints = "foobar"
watch = true watch = true
@ -109,23 +107,24 @@
prefix = "foobar" prefix = "foobar"
[api] [api]
entryPoint = "foobar"
dashboard = true dashboard = true
middlewares = ["foobar", "foobar"] debug = true
[api.statistics]
recentErrors = 42
[metrics] [metrics]
[metrics.prometheus] [metrics.prometheus]
buckets = [42.0, 42.0] buckets = [42.0, 42.0]
entryPoint = "foobar" addEntryPointsLabels = true
middlewares = ["foobar", "foobar"] addServicesLabels = true
[metrics.dataDog] [metrics.dataDog]
address = "foobar" address = "foobar"
pushInterval = "10s" pushInterval = "10s"
addEntryPointsLabels = true
addServicesLabels = true
[metrics.statsD] [metrics.statsD]
address = "foobar" address = "foobar"
pushInterval = "10s" pushInterval = "10s"
addEntryPointsLabels = true
addServicesLabels = true
[metrics.influxDB] [metrics.influxDB]
address = "foobar" address = "foobar"
protocol = "foobar" protocol = "foobar"
@ -134,10 +133,10 @@
retentionPolicy = "foobar" retentionPolicy = "foobar"
username = "foobar" username = "foobar"
password = "foobar" password = "foobar"
addEntryPointsLabels = true
addServicesLabels = true
[ping] [ping]
entryPoint = "foobar"
middlewares = ["foobar", "foobar"]
[log] [log]
level = "foobar" level = "foobar"
@ -174,6 +173,10 @@
gen128Bit = true gen128Bit = true
propagation = "foobar" propagation = "foobar"
traceContextHeaderName = "foobar" traceContextHeaderName = "foobar"
[tracing.jaeger.collector]
endpoint = "foobar"
user = "foobar"
password = "foobar"
[tracing.zipkin] [tracing.zipkin]
httpEndpoint = "foobar" httpEndpoint = "foobar"
sameSpan = true sameSpan = true
@ -200,33 +203,39 @@
traceIDHeaderName = "foobar" traceIDHeaderName = "foobar"
parentIDHeaderName = "foobar" parentIDHeaderName = "foobar"
spanIDHeaderName = "foobar" spanIDHeaderName = "foobar"
baggagePrefixHeaderName = "foobar"
[hostResolver] [hostResolver]
cnameFlattening = true cnameFlattening = true
resolvConfig = "foobar" resolvConfig = "foobar"
resolvDepth = 42 resolvDepth = 42
[acme] [certificatesResolvers]
[certificatesResolvers.CertificateResolver0]
[certificatesResolvers.CertificateResolver0.acme]
email = "foobar" email = "foobar"
acmeLogging = true
caServer = "foobar" caServer = "foobar"
storage = "foobar" storage = "foobar"
entryPoint = "foobar"
keyType = "foobar" keyType = "foobar"
onHostRule = true [certificatesResolvers.CertificateResolver0.acme.dnsChallenge]
[acme.dnsChallenge]
provider = "foobar" provider = "foobar"
delayBeforeCheck = 42 delayBeforeCheck = 42
resolvers = ["foobar", "foobar"] resolvers = ["foobar", "foobar"]
disablePropagationCheck = true disablePropagationCheck = true
[acme.httpChallenge] [certificatesResolvers.CertificateResolver0.acme.httpChallenge]
entryPoint = "foobar" entryPoint = "foobar"
[acme.tlsChallenge] [certificatesResolvers.CertificateResolver0.acme.tlsChallenge]
[certificatesResolvers.CertificateResolver1]
[[acme.domains]] [certificatesResolvers.CertificateResolver1.acme]
main = "foobar" email = "foobar"
sans = ["foobar", "foobar"] caServer = "foobar"
storage = "foobar"
[[acme.domains]] keyType = "foobar"
main = "foobar" [certificatesResolvers.CertificateResolver1.acme.dnsChallenge]
sans = ["foobar", "foobar"] provider = "foobar"
delayBeforeCheck = 42
resolvers = ["foobar", "foobar"]
disablePropagationCheck = true
[certificatesResolvers.CertificateResolver1.acme.httpChallenge]
entryPoint = "foobar"
[certificatesResolvers.CertificateResolver1.acme.tlsChallenge]

View file

@ -8,20 +8,20 @@ serversTransport:
- foobar - foobar
maxIdleConnsPerHost: 42 maxIdleConnsPerHost: 42
forwardingTimeouts: forwardingTimeouts:
dialTimeout: 42000000000 dialTimeout: 42
responseHeaderTimeout: 42000000000 responseHeaderTimeout: 42
idleConnTimeout: 42000000000 idleConnTimeout: 42
entryPoints: entryPoints:
EntryPoint0: EntryPoint0:
address: foobar address: foobar
transport: transport:
lifeCycle: lifeCycle:
requestAcceptGraceTimeout: 42000000000 requestAcceptGraceTimeout: 42
graceTimeOut: 42000000000 graceTimeOut: 42
respondingTimeouts: respondingTimeouts:
readTimeout: 42000000000 readTimeout: 42
writeTimeout: 42000000000 writeTimeout: 42
idleTimeout: 42000000000 idleTimeout: 42
proxyProtocol: proxyProtocol:
insecure: true insecure: true
trustedIPs: trustedIPs:
@ -33,7 +33,7 @@ entryPoints:
- foobar - foobar
- foobar - foobar
providers: providers:
providersThrottleDuration: 42000000000 providersThrottleDuration: 42
docker: docker:
constraints: foobar constraints: foobar
watch: true watch: true
@ -49,13 +49,12 @@ providers:
useBindPortIP: true useBindPortIP: true
swarmMode: true swarmMode: true
network: foobar network: foobar
swarmModeRefreshSeconds: 42000000000 swarmModeRefreshSeconds: 42
file: file:
directory: foobar directory: foobar
watch: true watch: true
filename: foobar filename: foobar
debugLogGeneratedTemplate: true debugLogGeneratedTemplate: true
traefikFile: foobar
marathon: marathon:
constraints: foobar constraints: foobar
trace: true trace: true
@ -70,16 +69,16 @@ providers:
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
dialerTimeout: 42000000000 dialerTimeout: 42
responseHeaderTimeout: 42000000000 responseHeaderTimeout: 42
tlsHandshakeTimeout: 42000000000 tlsHandshakeTimeout: 42
keepAlive: 42000000000 keepAlive: 42
forceTaskHostname: true forceTaskHostname: true
basic: basic:
httpBasicAuthUser: foobar httpBasicAuthUser: foobar
httpBasicPassword: foobar httpBasicPassword: foobar
respectReadinessChecks: true respectReadinessChecks: true
kubernetes: kubernetesIngress:
endpoint: foobar endpoint: foobar
token: foobar token: foobar
certAuthFilePath: foobar certAuthFilePath: foobar
@ -103,8 +102,7 @@ providers:
- foobar - foobar
labelSelector: foobar labelSelector: foobar
ingressClass: foobar ingressClass: foobar
rest: rest: {}
entryPoint: foobar
rancher: rancher:
constraints: foobar constraints: foobar
watch: true watch: true
@ -115,41 +113,36 @@ providers:
intervalPoll: true intervalPoll: true
prefix: foobar prefix: foobar
api: api:
entryPoint: foobar
dashboard: true dashboard: true
statistics: debug: true
recentErrors: 42
middlewares:
- foobar
- foobar
metrics: metrics:
prometheus: prometheus:
buckets: buckets:
- 42 - 42
- 42 - 42
entryPoint: foobar addEntryPointsLabels: true
middlewares: addServicesLabels: true
- foobar
- foobar
dataDog: dataDog:
address: foobar address: foobar
pushInterval: 10000000000 pushInterval: 42
addEntryPointsLabels: true
addServicesLabels: true
statsD: statsD:
address: foobar address: foobar
pushInterval: 10000000000 pushInterval: 42
addEntryPointsLabels: true
addServicesLabels: true
influxDB: influxDB:
address: foobar address: foobar
protocol: foobar protocol: foobar
pushInterval: 10000000000 pushInterval: 42
database: foobar database: foobar
retentionPolicy: foobar retentionPolicy: foobar
username: foobar username: foobar
password: foobar password: foobar
ping: addEntryPointsLabels: true
entryPoint: foobar addServicesLabels: true
middlewares: ping: {}
- foobar
- foobar
log: log:
level: foobar level: foobar
filePath: foobar filePath: foobar
@ -162,7 +155,7 @@ accessLog:
- foobar - foobar
- foobar - foobar
retryAttempts: true retryAttempts: true
minDuration: 42000000000 minDuration: 42
fields: fields:
defaultMode: foobar defaultMode: foobar
names: names:
@ -185,6 +178,10 @@ tracing:
gen128Bit: true gen128Bit: true
propagation: foobar propagation: foobar
traceContextHeaderName: foobar traceContextHeaderName: foobar
collector:
endpoint: foobar
user: foobar
password: foobar
zipkin: zipkin:
httpEndpoint: foobar httpEndpoint: foobar
sameSpan: true sameSpan: true
@ -211,21 +208,21 @@ tracing:
traceIDHeaderName: foobar traceIDHeaderName: foobar
parentIDHeaderName: foobar parentIDHeaderName: foobar
spanIDHeaderName: foobar spanIDHeaderName: foobar
baggagePrefixHeaderName: foobar
hostResolver: hostResolver:
cnameFlattening: true cnameFlattening: true
resolvConfig: foobar resolvConfig: foobar
resolvDepth: 42 resolvDepth: 42
certificatesResolvers:
CertificateResolver0:
acme: acme:
email: foobar email: foobar
acmeLogging: true
caServer: foobar caServer: foobar
storage: foobar storage: foobar
entryPoint: foobar
keyType: foobar keyType: foobar
onHostRule: true
dnsChallenge: dnsChallenge:
provider: foobar provider: foobar
delayBeforeCheck: 42000000000 delayBeforeCheck: 42
resolvers: resolvers:
- foobar - foobar
- foobar - foobar
@ -233,12 +230,19 @@ acme:
httpChallenge: httpChallenge:
entryPoint: foobar entryPoint: foobar
tlsChallenge: {} tlsChallenge: {}
domains: CertificateResolver1:
- main: foobar acme:
sans: email: foobar
- foobar caServer: foobar
- foobar storage: foobar
- main: foobar keyType: foobar
sans: dnsChallenge:
provider: foobar
delayBeforeCheck: 42
resolvers:
- foobar - foobar
- foobar - foobar
disablePropagationCheck: true
httpChallenge:
entryPoint: foobar
tlsChallenge: {}

View file

@ -24,7 +24,7 @@ They define the port which will receive the requests (whether HTTP or TCP).
address: ":80" address: ":80"
``` ```
```ini tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
``` ```
@ -50,7 +50,7 @@ They define the port which will receive the requests (whether HTTP or TCP).
address: ":443" address: ":443"
``` ```
```ini tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.web-secure.address=:443 --entryPoints.web-secure.address=:443
``` ```
@ -113,7 +113,7 @@ entryPoints:
- "foobar" - "foobar"
``` ```
```ini tab="CLI" ```bash tab="CLI"
--entryPoints.EntryPoint0.address=:8888 --entryPoints.EntryPoint0.address=:8888
--entryPoints.EntryPoint0.transport.lifeCycle.requestAcceptGraceTimeout=42 --entryPoints.EntryPoint0.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.EntryPoint0.transport.lifeCycle.graceTimeOut=42 --entryPoints.EntryPoint0.transport.lifeCycle.graceTimeOut=42
@ -151,7 +151,7 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
- "192.168.1.7" - "192.168.1.7"
``` ```
```ini tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7 --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7
``` ```
@ -180,7 +180,7 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
insecure: true insecure: true
``` ```
```ini tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure --entryPoints.web.proxyProtocol.insecure
``` ```
@ -215,7 +215,7 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
- "192.168.1.7" - "192.168.1.7"
``` ```
```ini tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7 --entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7
``` ```
@ -239,7 +239,7 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
insecure: true insecure: true
``` ```
```ini tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure --entryPoints.web.forwardedHeaders.insecure
``` ```

View file

@ -26,7 +26,7 @@ In the process, Traefik will make sure that the user is authenticated (using the
Static configuration: Static configuration:
```toml tab="TOML" ```toml tab="File (TOML)"
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
# Listen on port 8081 for incoming requests # Listen on port 8081 for incoming requests
@ -35,9 +35,10 @@ Static configuration:
[providers] [providers]
# Enable the file provider to define routers / middlewares / services in a file # Enable the file provider to define routers / middlewares / services in a file
[providers.file] [providers.file]
filename = "dynamic_conf.toml"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
# Listen on port 8081 for incoming requests # Listen on port 8081 for incoming requests
@ -45,7 +46,16 @@ entryPoints:
providers: providers:
# Enable the file provider to define routers / middlewares / services in a file # Enable the file provider to define routers / middlewares / services in a file
file: {} file:
filename: dynamic_conf.yml
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081
# Enable the file provider to define routers / middlewares / services in a file
--providers.file.filename=dynamic_conf.toml
``` ```
Dynamic configuration: Dynamic configuration:
@ -116,7 +126,7 @@ http:
Static configuration: Static configuration:
```toml tab="TOML" ```toml tab="File (TOML)"
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
# Listen on port 8081 for incoming requests # Listen on port 8081 for incoming requests
@ -125,16 +135,26 @@ http:
[providers] [providers]
# Enable the file provider to define routers / middlewares / services in a file # Enable the file provider to define routers / middlewares / services in a file
[providers.file] [providers.file]
filename = "dynamic_conf.toml"
``` ```
```yaml tab="YAML" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
# Listen on port 8081 for incoming requests # Listen on port 8081 for incoming requests
address: :8081 address: :8081
providers: providers:
# Enable the file provider to define routers / middlewares / services in a file # Enable the file provider to define routers / middlewares / services in a file
file: {} file:
filename: dynamic_conf.yml
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=":8081"
# Enable the file provider to define routers / middlewares / services in a file
--providers.file.filename=dynamic_conf.toml
``` ```
Dynamic configuration: Dynamic configuration:

View file

@ -215,7 +215,7 @@ The table below lists all the available matchers:
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` | | ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
| ```Host(`domain-1`, ...)``` | Check if the request domain targets one of the given `domains`. | | ```Host(`domain-1`, ...)``` | Check if the request domain targets one of the given `domains`. |
| ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`. | | ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`. |
| `Method(methods, ...)` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) | | ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
| ```Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. | | ```Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. | | ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
| ```Query(`foo=bar`, `bar=baz`)``` | Match` Query String parameters. It accepts a sequence of key=value pairs. | | ```Query(`foo=bar`, `bar=baz`)``` | Match` Query String parameters. It accepts a sequence of key=value pairs. |
@ -288,10 +288,6 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
In the current version, with [ACME](../../https/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section. In the current version, with [ACME](../../https/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section.
!!! note "Passthrough"
On TCP routers, you can configure a passthrough option so that Traefik doesn't terminate the TLS connection.
!!! important "Routers for HTTP & HTTPS" !!! important "Routers for HTTP & HTTPS"
If you need to define the same route for both HTTP and HTTPS requests, you will need to define two different routers: one with the tls section, one without. If you need to define the same route for both HTTP and HTTPS requests, you will need to define two different routers: one with the tls section, one without.
@ -325,11 +321,17 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
service: service-id service: service-id
``` ```
#### `Options` #### `options`
The `Options` field enables fine-grained control of the TLS parameters. The `options` field enables fine-grained control of the TLS parameters.
It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `Host` rule is defined. It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `Host` rule is defined.
!!! note "Server Name Association"
Even though one might get the impression that a TLS options reference is mapped to a router, or a router rule, one should realize that it is actually mapped only to the host name found in the `Host` part of the rule. Of course, there could also be several `Host` parts in a rule, in which case the TLS options reference would be mapped to as many host names.
Another thing to keep in mind is: the TLS option is picked from the mapping mentioned above and based on the server name provided during the TLS handshake, and it all happens before routing actually occurs.
??? example "Configuring the TLS options" ??? example "Configuring the TLS options"
```toml tab="TOML" ```toml tab="TOML"
@ -369,6 +371,110 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
- TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_RSA_WITH_AES_256_GCM_SHA384
``` ```
!!! important "Conflicting TLS Options"
Since a TLS options reference is mapped to a host name, if a configuration introduces a situation where the same host name (from a `Host` rule) gets matched with two TLS options references, a conflict occurs, such as in the example below:
```toml tab="TOML"
[http.routers]
[http.routers.routerfoo]
rule = "Host(`snitest.com`) && Path(`/foo`)"
[http.routers.routerfoo.tls]
options = "foo"
[http.routers]
[http.routers.routerbar]
rule = "Host(`snitest.com`) && Path(`/bar`)"
[http.routers.routerbar.tls]
options = "bar"
```
```yaml tab="YAML"
http:
routers:
routerfoo:
rule: "Host(`snitest.com`) && Path(`/foo`)"
tls:
options: foo
routerbar:
rule: "Host(`snitest.com`) && Path(`/bar`)"
tls:
options: bar
```
If that happens, both mappings are discarded, and the host name (`snitest.com` in this case) for these routers gets associated with the default TLS options instead.
#### `certResolver`
If `certResolver` is defined, Traefik will try to generate certificates based on routers `Host` & `HostSNI` rules.
```toml tab="TOML"
[http.routers]
[http.routers.routerfoo]
rule = "Host(`snitest.com`) && Path(`/foo`)"
[http.routers.routerfoo.tls]
certResolver = "foo"
```
```yaml tab="YAML"
http:
routers:
routerfoo:
rule: "Host(`snitest.com`) && Path(`/foo`)"
tls:
certResolver: foo
```
!!! note "Multiple Hosts in a Rule"
The rule `Host(test1.traefik.io,test2.traefik.io)` will request a certificate with the main domain `test1.traefik.io` and SAN `test2.traefik.io`.
#### `domains`
You can set SANs (alternative domains) for each main domain.
Every domain must have A/AAAA records pointing to Traefik.
Each domain & SAN will lead to a certificate request.
```toml tab="TOML"
[http.routers]
[http.routers.routerbar]
rule = "Host(`snitest.com`) && Path(`/bar`)"
[http.routers.routerbar.tls]
certResolver = "bar"
[[http.routers.routerbar.tls.domains]]
main = "snitest.com"
sans = "*.snitest.com"
```
```yaml tab="YAML"
http:
routers:
routerbar:
rule: "Host(`snitest.com`) && Path(`/bar`)"
tls:
certResolver: "bar"
domains:
- main: "snitest.com"
sans: "*.snitest.com"
```
[ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](../../https/acme.md#dnschallenge).
Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed.
In this case the generated DNS TXT record for both domains is the same.
Even though this behavior is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant,
it can lead to problems as all DNS providers keep DNS records cached for a given time (TTL) and this TTL can be greater than the challenge timeout making the `DNS-01` challenge fail.
The Traefik ACME client library [LEGO](https://github.com/go-acme/lego) supports some but not all DNS providers to work around this issue.
The [Supported `provider` table](../../https/acme.md#providers) indicates if they allow generating certificates for a wildcard domain and its root domain.
!!! note
Wildcard certificates can only be verified through a [`DNS-01` challenge](../../https/acme.md#dnschallenge).
!!! note "Double Wildcard Certificates"
It is not possible to request a double wildcard certificate for a domain (for example `*.*.local.com`).
## Configuring TCP Routers ## Configuring TCP Routers
### General ### General
@ -553,9 +659,9 @@ Services are the target for the router.
In the current version, with [ACME](../../https/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section. In the current version, with [ACME](../../https/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section.
#### `Options` #### `options`
The `Options` field enables fine-grained control of the TLS parameters. The `options` field enables fine-grained control of the TLS parameters.
It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `HostSNI` rule is defined. It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `HostSNI` rule is defined.
??? example "Configuring the tls options" ??? example "Configuring the tls options"
@ -596,3 +702,51 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
- "TLS_RSA_WITH_AES_256_GCM_SHA384" - "TLS_RSA_WITH_AES_256_GCM_SHA384"
``` ```
#### `certResolver`
See [`certResolver` for HTTP router](./index.md#certresolver) for more information.
```toml tab="TOML"
[tcp.routers]
[tcp.routers.routerfoo]
rule = "HostSNI(`snitest.com`)"
[tcp.routers.routerfoo.tls]
certResolver = "foo"
```
```yaml tab="YAML"
tcp:
routers:
routerfoo:
rule: "HostSNI(`snitest.com`)"
tls:
certResolver: foo
```
#### `domains`
See [`domains` for HTTP router](./index.md#domains) for more information.
```toml tab="TOML"
[tcp.routers]
[tcp.routers.routerbar]
rule = "HostSNI(`snitest.com`)"
[tcp.routers.routerbar.tls]
certResolver = "bar"
[[tcp.routers.routerbar.tls.domains]]
main = "snitest.com"
sans = "*.snitest.com"
```
```yaml tab="YAML"
tcp:
routers:
routerbar:
rule: "HostSNI(`snitest.com`)"
tls:
certResolver: "bar"
domains:
- main: "snitest.com"
sans: "*.snitest.com"
```

View file

@ -42,6 +42,21 @@ spec:
singular: middleware singular: middleware
scope: Namespaced scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
--- ---
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
@ -97,6 +112,14 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- traefik.containo.us
resources:
- tlsoptions
verbs:
- get
- list
- watch
--- ---
kind: ClusterRoleBinding kind: ClusterRoleBinding

View file

@ -33,17 +33,13 @@ spec:
- --entrypoints.web.Address=:8000 - --entrypoints.web.Address=:8000
- --entrypoints.websecure.Address=:4443 - --entrypoints.websecure.Address=:4443
- --providers.kubernetescrd - --providers.kubernetescrd
- --providers.kubernetescrd.trace - --certificatesresolvers.default.acme.tlschallenge
- --acme - --certificatesresolvers.default.acme.email=foo@you.com
- --acme.acmelogging - --certificatesresolvers.default.acme.entrypoint=websecure
- --acme.tlschallenge - --certificatesresolvers.default.acme.storage=acme.json
- --acme.onhostrule
- --acme.email=foo@you.com
- --acme.entrypoint=websecure
- --acme.storage=acme.json
# Please note that this is the staging Let's Encrypt server. # Please note that this is the staging Let's Encrypt server.
# Once you get things working, you should remove that whole line altogether. # Once you get things working, you should remove that whole line altogether.
- --acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
ports: ports:
- name: web - name: web
containerPort: 8000 containerPort: 8000

View file

@ -26,5 +26,5 @@ spec:
services: services:
- name: whoami - name: whoami
port: 80 port: 80
# Please note the use of an empty TLS object to enable TLS with Let's Encrypt. tls:
tls: {} certResolver: default

View file

@ -0,0 +1,40 @@
version: "3.3"
services:
traefik:
image: "traefik:v2.0.0-beta1"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- "OVH_ENDPOINT=xxx"
- "OVH_APPLICATION_KEY=xxx"
- "OVH_APPLICATION_SECRET=xxx"
- "OVH_CONSUMER_KEY=xxx"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge"

View file

@ -0,0 +1,55 @@
version: "3.3"
secrets:
ovh_endpoint:
file: "./secrets/ovh_endpoint.secret"
ovh_application_key:
file: "./secrets/ovh_application_key.secret"
ovh_application_secret:
file: "./secrets/ovh_application_secret.secret"
ovh_consumer_key:
file: "./secrets/ovh_consumer_key.secret"
services:
traefik:
image: "traefik:v2.0.0-beta1"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
secrets:
- "ovh_endpoint"
- "ovh_application_key"
- "ovh_application_secret"
- "ovh_consumer_key"
environment:
- "OVH_ENDPOINT_FILE=/run/secrets/ovh_endpoint"
- "OVH_APPLICATION_KEY_FILE=/run/secrets/ovh_application_key"
- "OVH_APPLICATION_SECRET_FILE=/run/secrets/ovh_application_secret"
- "OVH_CONSUMER_KEY_FILE=/run/secrets/ovh_consumer_key"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge"

View file

@ -0,0 +1,183 @@
# Docker-compose with let's encrypt: DNS Challenge
This guide aim to demonstrate how to create a certificate with the let's encrypt DNS challenge to use https on a simple service exposed with Traefik.
Please also read the [basic example](../basic-example) for details on how to expose such a service.
## Prerequisite
For the DNS challenge, you'll need:
- A working [provider](https://docs.traefik.io/v2.0/https/acme/#providers) along with the credentials allowing to create and remove DNS records.
!!! info "Variables may vary depending on the Provider."
Please note this guide may vary depending on the provider you use.
The only things changing are the names of the variables you will need to define in order to configure your provider so it can create DNS records.
Please refer the [list of providers](../../../https/acme.md#providers) given right above and replace all the environment variables with the ones described in this documentation.
## Setup
- Create a `docker-compose.yml` file with the following content:
```yaml
--8<-- "content/user-guides/docker-compose/acme-dns/docker-compose.yml"
```
- Replace the environment variables by your own:
```yaml
environment:
- "OVH_ENDPOINT=[YOUR_OWN_VALUE]"
- "OVH_APPLICATION_KEY=[YOUR_OWN_VALUE]"
- "OVH_APPLICATION_SECRET=[YOUR_OWN_VALUE]"
- "OVH_CONSUMER_KEY=[YOUR_OWN_VALUE]"
```
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.mydnschallenge.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
- Optionally uncomment the following lines if you want to test/debug:
```yaml
#- "--log.level=DEBUG"
#- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
```
- Run `docker-compose up -d` within the folder where you created the previous file.
- Wait a bit and visit `https://your_own_domain` to confirm everything went fine.
!!! Note
If you uncommented the `acme.caserver` line, you will get an SSL error, but if you display the certificate and see it was emitted by `Fake LE Intermediate X1` then it means all is good.
(It is the staging environment intermediate certificate used by let's encrypt).
You can now safely comment the `acme.caserver` line, remove the `letsencrypt/acme.json` file and restart Traefik to issue a valid certificate.
## Explanation
What changed between the initial setup:
- We configure a second entry point for the https traffic:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entrypoints.websecure.address=:443"
ports:
- "443:443"
```
- We configure the DNS let's encrypt challenge:
```yaml
command:
# Enable a dns challenge named "mydnschallenge"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
# Tell which provider to use
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh"
# The email to provide to let's encrypt
- "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com"
```
- We provide the required configuration to our provider via environment variables:
```yaml
environment:
- "OVH_ENDPOINT=xxx"
- "OVH_APPLICATION_KEY=xxx"
- "OVH_APPLICATION_SECRET=xxx"
- "OVH_CONSUMER_KEY=xxx"
```
!!! Note
This is the step that may vary depending on the provider you use.
Just define the variables required by your provider.
(see the prerequisite for a list)
- We add a volume to store our certificates:
```yaml
volumes:
# Create a letsencrypt dir within the folder where the docker-compose file is
- "./letsencrypt:/letsencrypt"
command:
# Tell to store the certificate on a path under our volume
- "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
```
- We configure the `whoami` service to tell Traefik to use the certificate resolver named `mydnschallenge` we just configured:
```yaml
labels:
- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge" # Uses the Host rule to define which certificate to issue
```
## Use Secrets
To configure the provider, and avoid having the secrets exposed in plaintext within the docker-compose environment section,
you could use docker secrets.
The point is to manage those secret files by another mean, and read them from the `docker-compose.yml` file making the docker-compose file itself less sensitive.
- Create a directory named `secrets`, and create a file for each parameters required to configure you provider containing the value of the parameter:
for example, the `ovh_endpoint.secret` file contain `ovh-eu`
```text
./secrets
├── ovh_application_key.secret
├── ovh_application_secret.secret
├── ovh_consumer_key.secret
└── ovh_endpoint.secret
```
!!! Note
You could store those secrets anywhere on the server,
just make sure to use the proper path for the `file` directive fo the secrets definition in the `docker-compose.yml` file.
- Use this `docker-compose.yml` file:
```yaml
--8<-- "content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml"
```
!!! Note
Still think about changing `postmaster@mydomain.com` & `whoami.mydomain.com` by your own values.
Let's explain a bit what we just did:
- The following section allow to read files on the docker host, and expose those file under `/run/secrets/[NAME_OF_THE_SECRET]` within the container:
```yaml
secrets:
# secret name also used to name the file exposed within the container
ovh_endpoint:
# path on the host
file: "./secrets/ovh_endpoint.secret"
ovh_application_key:
file: "./secrets/ovh_application_key.secret"
ovh_application_secret:
file: "./secrets/ovh_application_secret.secret"
ovh_consumer_key:
file: "./secrets/ovh_consumer_key.secret"
services:
traefik:
# expose the predefined secret to the container by name
secrets:
- "ovh_endpoint"
- "ovh_application_key"
- "ovh_application_secret"
- "ovh_consumer_key"
```
- The environment variable within our `whoami` service are suffixed by `_FILE` which allow us to point to files containing the value, instead of exposing the value itself.
The acme client will read the content of those file to get the required configuration values.
```yaml
environment:
# expose the path to file provided by docker containing the value we want for OVH_ENDPOINT.
- "OVH_ENDPOINT_FILE=/run/secrets/ovh_endpoint"
- "OVH_APPLICATION_KEY_FILE=/run/secrets/ovh_application_key"
- "OVH_APPLICATION_SECRET_FILE=/run/secrets/ovh_application_secret"
- "OVH_CONSUMER_KEY_FILE=/run/secrets/ovh_consumer_key"
```

View file

@ -0,0 +1,35 @@
version: "3.3"
services:
traefik:
image: "traefik:v2.0.0-beta1"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myhttpchallenge.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- ":8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myhttpchallenge"

View file

@ -0,0 +1,83 @@
# Docker-compose with let's encrypt : HTTP Challenge
This guide aim to demonstrate how to create a certificate with the let's encrypt HTTP challenge to use https on a simple service exposed with Traefik.
Please also read the [basic example](../basic-example) for details on how to expose such a service.
## Prerequisite
For the HTTP challenge you will need:
- A publicly accessible host allowing connections on port `80` & `443` with docker & docker-compose installed.
- A DNS record with the domain you want to expose pointing to this host.
## Setup
- Create a `docker-compose.yml` on your remote server with the following content:
```yaml
--8<-- "content/user-guides/docker-compose/acme-http/docker-compose.yml"
```
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myhttpchallenge.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
- Optionally uncomment the following lines if you want to test/debug:
```yaml
#- "--log.level=DEBUG"
#- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
```
- Run `docker-compose up -d` within the folder where you created the previous file.
- Wait a bit and visit `https://your_own_domain` to confirm everything went fine.
!!! Note
If you uncommented the `acme.caserver` line, you will get an SSL error, but if you display the certificate and see it was emitted by `Fake LE Intermediate X1` then it means all is good.
(It is the staging environment intermediate certificate used by let's encrypt).
You can now safely comment the `acme.caserver` line, remove the `letsencrypt/acme.json` file and restart Traefik to issue a valid certificate.
## Explanation
What changed between the basic example:
- We configure a second entry point for the HTTPS traffic:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entrypoints.websecure.address=:443"
ports:
- "443:443"
```
- We configure the HTTPS let's encrypt challenge:
```yaml
command:
# Enable a http challenge named "myhttpchallenge"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true"
# Tell it to use our predefined entrypoint named "web"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web"
# The email to provide to let's encrypt
- "--certificatesresolvers.myhttpchallenge.acme.email=postmaster@mydomain.com"
```
- We add a volume to store our certificates:
```yaml
volumes:
# Create a letsencrypt dir within the folder where the docker-compose file is
- "./letsencrypt:/letsencrypt"
command:
# Tell to store the certificate on a path under our volume
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json"
```
- We configure the `whoami` service to tell Traefik to use the certificate resolver named `myhttpchallenge` we just configured:
```yaml
labels:
# Uses the Host rule to define which certificate to issue
- "traefik.http.routers.whoami.tls.certresolver=myhttpchallenge"
```

View file

@ -0,0 +1,32 @@
version: "3.3"
services:
traefik:
image: "traefik:v2.0.0-beta1"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
#- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mytlschallenge.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=mytlschallenge"

View file

@ -0,0 +1,79 @@
# Docker-compose with let's encrypt: TLS Challenge
This guide aim to demonstrate how to create a certificate with the let's encrypt TLS challenge to use https on a simple service exposed with Traefik.
Please also read the [basic example](../basic-example) for details on how to expose such a service.
## Prerequisite
For the TLS challenge you will need:
- A publicly accessible host allowing connections on port `443` with docker & docker-compose installed.
- A DNS record with the domain you want to expose pointing to this host.
## Setup
- Create a `docker-compose.yml` on your remote server with the following content:
```yaml
--8<-- "content/user-guides/docker-compose/acme-tls/docker-compose.yml"
```
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.mytlschallenge.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
- Optionally uncomment the following lines if you want to test/debug:
```yaml
#- "--log.level=DEBUG"
#- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
```
- Run `docker-compose up -d` within the folder where you created the previous file.
- Wait a bit and visit `https://your_own_domain` to confirm everything went fine.
!!! Note
If you uncommented the `acme.caserver` line, you will get an SSL error, but if you display the certificate and see it was emitted by `Fake LE Intermediate X1` then it means all is good.
(It is the staging environment intermediate certificate used by let's encrypt).
You can now safely comment the `acme.caserver` line, remove the `letsencrypt/acme.json` file and restart Traefik to issue a valid certificate.
## Explanation
What changed between the basic example:
- We replace the `web` entry point by one for the https traffic:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entrypoints.websecure.address=:443"
ports:
- "443:443"
```
- We configure the Https let's encrypt challenge:
```yaml
command:
# Enable a tls challenge named "mytlschallenge"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
```
- We add a volume to store our certificates:
```yaml
volumes:
# Create a letsencrypt dir within the folder where the docker-compose file is
- "./letsencrypt:/letsencrypt"
command:
# Tell to store the certificate on a path under our volume
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
```
- We configure the `whoami` service to tell Traefik to use the certificate resolver named `mytlschallenge` we just configured:
```yaml
labels:
# Uses the Host rule to define which certificate to issue
- "traefik.http.routers.whoami.tls.certresolver=mytlschallenge"
```

View file

@ -0,0 +1,26 @@
version: "3.3"
services:
traefik:
image: "traefik:v2.0.0-beta1"
container_name: "traefik"
command:
#- "--log.level=DEBUG"
- "--api=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
- "traefik.http.routers.whoami.entrypoints=web"

View file

@ -0,0 +1,90 @@
# Docker-compose basic example
In this section we quickly go over a basic docker-compose file exposing a simple service using the docker provider.
This will also be used as a starting point for the the other docker-compose guides.
## Setup
- Edit a `docker-compose.yml` file with the following content:
```yaml
--8<-- "content/user-guides/docker-compose/basic-example/docker-compose.yml"
```
- Replace `whoami.localhost` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
- Run `docker-compose up -d` within the folder where you created the previous file.
- Wait a bit and visit `http://your_own_domain` to confirm everything went fine.
You should see the output of the whoami service. Something similar to:
```text
Hostname: d7f919e54651
IP: 127.0.0.1
IP: 192.168.64.2
GET / HTTP/1.1
Host: whoami.localhost
User-Agent: curl/7.52.1
Accept: */*
Accept-Encoding: gzip
X-Forwarded-For: 192.168.64.1
X-Forwarded-Host: whoami.localhost
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Server: 7f0c797dbc51
X-Real-Ip: 192.168.64.1
```
## Details
- As an example we use [whoami](https://github.com/containous/whoami) (a tiny Go server that prints os information and HTTP request to output) which was used to define our `simple-service` container.
- We define an entry point, along with the exposure of the matching port within docker-compose, which basically allow us to "open and accept" HTTP traffic:
```yaml
command:
# Traefik will listen to incoming request on the port 80 (HTTP)
- "--entrypoints.web.address=:80"
ports:
- "80:80"
```
- We expose the Traefik API to be able to check the configuration if needed:
```yaml
command:
# Traefik will listen on port 8080 by default for API request.
- "--api=true"
ports:
- "8080:8080"
```
!!! Note
If you are working on a remote server, you can use the following command to display configuration (require `curl` & `jq`):
```bash
curl -s 127.0.0.1:8080/api/rawdata | jq .
```
- We allow Traefik to gather configuration from Docker:
```yaml
traefik:
command:
# Enabling docker provider
- "--providers.docker=true"
# Do not expose containers unless explicitly told so
- "--providers.docker.exposedbydefault=false"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
labels:
# Explicitly tell Traefik to expose this container
- "traefik.enable=true"
# The domain the service will respond to
- "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
# Allow request only from the predefined entry point named "web"
- "traefik.http.routers.whoami.entrypoints=web"
```

View file

@ -6,17 +6,40 @@ This section explains how to use Traefik as reverse proxy for gRPC application.
### Traefik Configuration ### Traefik Configuration
```toml tab="TOML" Static configuration:
## static configuration ##
```toml tab="File (TOML)"
[entryPoints] [entryPoints]
[entryPoints.http] [entryPoints.web]
address = ":80" address = ":80"
[api] [api]
[providers.file] [providers.file]
filename = "dynamic_conf.toml"
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: :80
providers:
file:
filename: dynamic_conf.yml
api: {}
```
```yaml tab="CLI"
--entryPoints.web.address=":80"
--providers.file.filename=dynamic_conf.toml
--api=true
```
`dynamic_conf.{toml,yml}`:
```toml tab="TOML"
## dynamic configuration ## ## dynamic configuration ##
[http] [http]
@ -34,17 +57,6 @@ This section explains how to use Traefik as reverse proxy for gRPC application.
``` ```
```yaml tab="YAML" ```yaml tab="YAML"
## static configuration ##
entryPoints:
http:
address: :80
providers:
file: {}
api: {}
## dynamic configuration ## ## dynamic configuration ##
http: http:
@ -105,11 +117,11 @@ Common Name (e.g. server FQDN or YOUR name) []: frontend.local
At last, we configure our Traefik instance to use both self-signed certificates. At last, we configure our Traefik instance to use both self-signed certificates.
```toml tab="TOML" Static configuration:
## static configuration ##
```toml tab="File (TOML)"
[entryPoints] [entryPoints]
[entryPoints.https] [entryPoints.websecure]
address = ":4443" address = ":4443"
@ -120,7 +132,37 @@ At last, we configure our Traefik instance to use both self-signed certificates.
[api] [api]
[provider.file] [provider.file]
filename = "dynamic_conf.toml"
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
address: :4443
serversTransport:
# For secure connection on backend.local
rootCAs:
- ./backend.cert
providers:
file:
filename: dynamic_conf.yml
api: {}
```
```yaml tab="CLI"
--entryPoints.websecure.address=":4443"
# For secure connection on backend.local
--serversTransport.rootCAs=./backend.cert
--providers.file.filename=dynamic_conf.toml
--api=true
```
`dynamic_conf.{toml,yml}`:
```toml tab="TOML"
## dynamic configuration ## ## dynamic configuration ##
[http] [http]
@ -146,22 +188,6 @@ At last, we configure our Traefik instance to use both self-signed certificates.
``` ```
```yaml tab="YAML" ```yaml tab="YAML"
## static configuration ##
entryPoints:
https:
address: :4443
serversTransport:
# For secure connection on backend.local
rootCAs:
- ./backend.cert
providers:
file: {}
api: {}
## dynamic configuration ## ## dynamic configuration ##
http: http:

Some files were not shown because too many files have changed in this diff Show more