baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch v2.0 into master

Browse source
This commit is contained in:
Fernandez Ludovic 2019-06-20 11:37:47 +02:00
commit 890d02638b
913 changed files with 71764 additions and 38720 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -11,6 +11,7 @@
/autogen/
/traefik
/traefik.toml
/traefik.yml
*.log
*.exe
cover.out

4
.golangci.toml
View file

@ -36,6 +36,8 @@
"scopelint",
"gochecknoinits",
"gochecknoglobals",
# uncomment when the CI will be updated
# "bodyclose", # Too many false-positive and panics.
]
[issues]
@ -72,7 +74,7 @@
path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
text = "(U1000: func )?`(.+)` is unused"
[[issues.exclude-rules]]
path = "pkg/provider/label/internal/.+_test.go"
path = "pkg/config/parser/.+_test.go"
text = "U1000: field `(foo|fuu)` is unused"
[[issues.exclude-rules]]
path = "pkg/server/service/bufferpool.go"

2
.semaphoreci/job2.sh
View file

@ -5,4 +5,4 @@ ci_retry make validate
if [ -n "$SHOULD_TEST" ]; then ci_retry make test-unit; fi
if [ -n "$SHOULD_TEST" ]; then make -j${N_MAKE_JOBS} crossbinary-default-parallel; fi
if [ -n "$SHOULD_TEST" ]; then make -j"${N_MAKE_JOBS}" crossbinary-default-parallel; fi

3
.semaphoreci/setup.sh
View file

@ -3,9 +3,10 @@ set -e
export DOCKER_VERSION=17.03.1
# shellcheck source=/dev/null
source .semaphoreci/vars
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R); fi
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/"${PULL_REQUEST_NUMBER}".diff | patch --dry-run -p1 -R); fi
if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi

5
.semaphoreci/vars
View file

@ -24,8 +24,8 @@ function ci_retry {
until [ $n -ge $NRETRY ]
do
"$@" && break
n=$[$n+1]
echo "$@ failed, attempt ${n}/${NRETRY}"
n=$((n+1))
echo "${*} failed, attempt ${n}/${NRETRY}"
sleep $NSLEEP
done
@ -34,4 +34,3 @@ function ci_retry {
}
export -f ci_retry

1
.travis.yml
View file

@ -38,7 +38,6 @@ deploy:
file: dist/traefik*
skip_cleanup: true
file_glob: true
draft: true
on:
repo: containous/traefik
tags: true

96
CHANGELOG.md
View file

@ -1,5 +1,101 @@
# Change Log
## [v2.0.0-alpha6](https://github.com/containous/traefik/tree/v2.0.0-alpha6) (2019-06-18)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha5...v2.0.0-alpha6)
**Bug fixes:**
- **[cli]** Don't allow non flag arguments by default. ([#4970](https://github.com/containous/traefik/pull/4970) by [ldez](https://github.com/ldez))
**Documentation:**
- **[middleware,k8s/crd]** doc: fix middleware names for CRD. ([#4966](https://github.com/containous/traefik/pull/4966) by [ldez](https://github.com/ldez))
- **[middleware]** Kubernetes CRD documentation fixes ([#4971](https://github.com/containous/traefik/pull/4971) by [orhanhenrik](https://github.com/orhanhenrik))
## [v2.0.0-alpha5](https://github.com/containous/traefik/tree/v2.0.0-alpha5) (2019-06-17)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha4...v2.0.0-alpha5)
**Enhancements:**
- **[acme]** Remove timeout/interval from the ACME Provider ([#4842](https://github.com/containous/traefik/pull/4842) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[api]** API: expose runtime representation ([#4841](https://github.com/containous/traefik/pull/4841) by [mpl](https://github.com/mpl))
- **[cli]** New static configuration loading system. ([#4935](https://github.com/containous/traefik/pull/4935) by [ldez](https://github.com/ldez))
- **[k8s,k8s/crd,tcp]** Add support for TCP (in kubernetes CRD) ([#4885](https://github.com/containous/traefik/pull/4885) by [mpl](https://github.com/mpl))
- **[server]** Rework loadbalancer support ([#4933](https://github.com/containous/traefik/pull/4933) by [juliens](https://github.com/juliens))
- **[sticky-session]** HttpOnly and Secure flags on the affinity cookie ([#4947](https://github.com/containous/traefik/pull/4947) by [gheibia](https://github.com/gheibia))
- **[tls]** Define TLS options on the Router configuration ([#4931](https://github.com/containous/traefik/pull/4931) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[tracing]** Added support for Haystack tracing ([#4555](https://github.com/containous/traefik/pull/4555) by [aantono](https://github.com/aantono))
**Bug fixes:**
- **[logs]** Fix typos in data collection message ([#4891](https://github.com/containous/traefik/pull/4891) by [mpl](https://github.com/mpl))
- **[middleware]** change doc references to scheme[Rr]edirect -> redirect[Ss]cheme ([#4959](https://github.com/containous/traefik/pull/4959) by [topiaruss](https://github.com/topiaruss))
- **[rules]** Allow matching with FQDN hosts with trailing periods ([#4763](https://github.com/containous/traefik/pull/4763) by [dtomcej](https://github.com/dtomcej))
- **[tcp]** Remove first byte wait when tcp catches all ([#4938](https://github.com/containous/traefik/pull/4938) by [juliens](https://github.com/juliens))
- **[tcp]** Don't add TCP proxy when error occurs during creation. ([#4858](https://github.com/containous/traefik/pull/4858) by [ldez](https://github.com/ldez))
**Documentation:**
- **[acme]** Add note about ACME renewal ([#4860](https://github.com/containous/traefik/pull/4860) by [dtomcej](https://github.com/dtomcej))
- **[docker]** Remove traefik.port from documentation ([#4886](https://github.com/containous/traefik/pull/4886) by [ldez](https://github.com/ldez))
- **[docker]** Clarify docs with labels in Swarm Mode ([#4847](https://github.com/containous/traefik/pull/4847) by [mikesir87](https://github.com/mikesir87))
- **[k8s]** Fix typo in the CRD documentation ([#4902](https://github.com/containous/traefik/pull/4902) by [llussy](https://github.com/llussy))
- **[middleware,provider]** fix the documentation about middleware labels. ([#4888](https://github.com/containous/traefik/pull/4888) by [ldez](https://github.com/ldez))
- **[middleware]** Review documentation ([#4798](https://github.com/containous/traefik/pull/4798) by [ldez](https://github.com/ldez))
- **[middleware]** compress link fixed ([#4817](https://github.com/containous/traefik/pull/4817) by [gato](https://github.com/gato))
- **[middleware]** Fix strip prefix documentation ([#4829](https://github.com/containous/traefik/pull/4829) by [mmatur](https://github.com/mmatur))
- **[middleware]** Fix Kubernetes Docs for Middlewares ([#4943](https://github.com/containous/traefik/pull/4943) by [HurricanKai](https://github.com/HurricanKai))
- **[middleware]** Correct typo in documentation on rate limiting ([#4939](https://github.com/containous/traefik/pull/4939) by [ableuler](https://github.com/ableuler))
- **[middleware]** docker-compose basic auth needs double dollar signs ([#4831](https://github.com/containous/traefik/pull/4831) by [muhlemmer](https://github.com/muhlemmer))
- **[middleware]** Adds a reference to the middleware overview. ([#4824](https://github.com/containous/traefik/pull/4824) by [ldez](https://github.com/ldez))
- **[middleware]** Update headers middleware docs for kubernetes crd ([#4955](https://github.com/containous/traefik/pull/4955) by [orhanhenrik](https://github.com/orhanhenrik))
- **[rancher]** fix: Rancher documentation. ([#4818](https://github.com/containous/traefik/pull/4818) by [ldez](https://github.com/ldez))
- **[rancher]** Specify that Rancher provider is for 1.x only ([#4923](https://github.com/containous/traefik/pull/4923) by [bradjones1](https://github.com/bradjones1))
- **[tls]** fix: typo in routing example. ([#4849](https://github.com/containous/traefik/pull/4849) by [ldez](https://github.com/ldez))
- Clarification of the correct pronunciation of the word "Traefik" ([#4834](https://github.com/containous/traefik/pull/4834) by [ylamlum-g4m](https://github.com/ylamlum-g4m))
- Fix typos in documentation ([#4884](https://github.com/containous/traefik/pull/4884) by [michael-k](https://github.com/michael-k))
- Entry points CLI description. ([#4896](https://github.com/containous/traefik/pull/4896) by [ldez](https://github.com/ldez))
- Improve the "reading path" for new contributors ([#4908](https://github.com/containous/traefik/pull/4908) by [dduportal](https://github.com/dduportal))
- Fixed spelling typo ([#4848](https://github.com/containous/traefik/pull/4848) by [mikesir87](https://github.com/mikesir87))
- Fixed readme misspelling ([#4882](https://github.com/containous/traefik/pull/4882) by [antondalgren](https://github.com/antondalgren))
- Minor fix in documentation ([#4811](https://github.com/containous/traefik/pull/4811) by [mmatur](https://github.com/mmatur))
- Add Mathieu Lonjaret to maintainers ([#4950](https://github.com/containous/traefik/pull/4950) by [emilevauge](https://github.com/emilevauge))
- Fix a typo in documentation ([#4794](https://github.com/containous/traefik/pull/4794) by [groovytron](https://github.com/groovytron))
**Misc:**
- Cherry pick v1.7 into v2.0 ([#4948](https://github.com/containous/traefik/pull/4948) by [ldez](https://github.com/ldez))
- Cherry pick v1.7 into v2.0 ([#4823](https://github.com/containous/traefik/pull/4823) by [ldez](https://github.com/ldez))
## [v1.7.12](https://github.com/containous/traefik/tree/v1.7.12) (2019-05-29)
[All Commits](https://github.com/containous/traefik/compare/v1.7.11...v1.7.12)
**Bug fixes:**
- **[acme]** Allow SANs for wildcards domain. ([#4821](https://github.com/containous/traefik/pull/4821) by [vizv](https://github.com/vizv))
- **[acme]** fix: update lego. ([#4910](https://github.com/containous/traefik/pull/4910) by [ldez](https://github.com/ldez))
- **[api,authentication]** Remove authentication hashes from API ([#4918](https://github.com/containous/traefik/pull/4918) by [ldez](https://github.com/ldez))
- **[consul]** Enhance KV logs. ([#4877](https://github.com/containous/traefik/pull/4877) by [ldez](https://github.com/ldez))
- **[k8s]** Fix kubernetes template for backend responseforwarding flushinterval setting ([#4901](https://github.com/containous/traefik/pull/4901) by [ravilr](https://github.com/ravilr))
- **[metrics]** Upgraded DataDog tracing library to 1.13.0 ([#4878](https://github.com/containous/traefik/pull/4878) by [aantono](https://github.com/aantono))
- **[server]** Add missing callback on close of hijacked connections ([#4900](https://github.com/containous/traefik/pull/4900) by [ravilr](https://github.com/ravilr))
**Documentation:**
- **[docker]** Docs: Troubleshooting help for Docker Swarm labels ([#4751](https://github.com/containous/traefik/pull/4751) by [gregberns](https://github.com/gregberns))
- **[logs]** Adds a log fields documentation. ([#4890](https://github.com/containous/traefik/pull/4890) by [ldez](https://github.com/ldez))
## [v1.7.11](https://github.com/containous/traefik/tree/v1.7.11) (2019-04-26)
[All Commits](https://github.com/containous/traefik/compare/v1.7.10...v1.7.11)
**Enhancements:**
- **[k8s,k8s/ingress]** Enhance k8s tests maintainability ([#4696](https://github.com/containous/traefik/pull/4696) by [ldez](https://github.com/ldez))
**Bug fixes:**
- **[acme]** fix: update lego. ([#4800](https://github.com/containous/traefik/pull/4800) by [ldez](https://github.com/ldez))
- **[authentication,middleware]** Forward all header values from forward auth response ([#4515](https://github.com/containous/traefik/pull/4515) by [ctas582](https://github.com/ctas582))
- **[cluster]** Remove usage of github.com/satori/go.uuid ([#4722](https://github.com/containous/traefik/pull/4722) by [aaslamin](https://github.com/aaslamin))
- **[kv]** Enhance KV client error management ([#4819](https://github.com/containous/traefik/pull/4819) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[tls]** Improve log message about redundant TLS certificate ([#4765](https://github.com/containous/traefik/pull/4765) by [mpl](https://github.com/mpl))
- **[tracing]** Update zipkin-go-opentracing. ([#4720](https://github.com/containous/traefik/pull/4720) by [ldez](https://github.com/ldez))
**Documentation:**
- **[acme]** Documentation Update: Hosting.de wildcard support tested ([#4747](https://github.com/containous/traefik/pull/4747) by [martinhoefling](https://github.com/martinhoefling))
- **[acme]** Update Wildcard Domain documentation ([#4682](https://github.com/containous/traefik/pull/4682) by [DWSR](https://github.com/DWSR))
- **[middleware]** Keep consistent order ([#4690](https://github.com/containous/traefik/pull/4690) by [maxifom](https://github.com/maxifom))
## [v2.0.0-alpha4](https://github.com/containous/traefik/tree/v2.0.0-alpha4) (2019-04-17)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-alpha3...v2.0.0-alpha4)

2
CONTRIBUTING.md
View file

@ -1,3 +1,3 @@
# Contributing
See https://docs.traefik.io.
See <https://docs.traefik.io/v2.0/contributing/thank-you/>.

187
Gopkg.lock generated
View file

@ -54,6 +54,14 @@
pruneopts = "NUT"
revision = "a368813c5e648fee92e5f6c30e3944ff9d5e8895"
[[projects]]
digest = "1:be4a03871fbc5250d19bcbc2d2b21c3c58fd97b048de64ec1ff4c8e3890d4f1b"
name = "github.com/ExpediaDotCom/haystack-client-go"
packages = ["."]
pruneopts = "NUT"
revision = "e7edbdf53a61a82ed143809088ed582312ff7e36"
version = "0.2.3"
[[projects]]
digest = "1:ab7fee312bbdc8070d0325d841de8704cc78bf032b076200f1458659b74b8ed6"
name = "github.com/JamesClonk/vultr"
@ -143,12 +151,9 @@
[[projects]]
branch = "master"
digest = "1:28be1959f81e9a6dec3058768a4c4535cf73fcd6e171d21688ad0a7fdf49d43a"
digest = "1:d37d0fa13c422a0b85981fe42ff8f176885921294cf0c3ce585c160669cc32bb"
name = "github.com/abronan/valkeyrie"
packages = [
".",
"store",
]
packages = ["store"]
pruneopts = "NUT"
revision = "063d875e3c5fd734fa2aa12fac83829f62acfc70"
@ -287,17 +292,6 @@
pruneopts = "NUT"
revision = "d83ebdd94cbdbcd9c6c6a22e1a0cde05e55d9d90"
[[projects]]
digest = "1:3cd675d508d3f9067704d36011c7a262fc0a0bf1ad0361a7d1e60a405d12941e"
name = "github.com/containous/flaeg"
packages = [
".",
"parse",
]
pruneopts = "NUT"
revision = "c93d194b807ef171c43344d60adad8b58217390a"
version = "v1.4.1"
[[projects]]
branch = "master"
digest = "1:3a789aa5487458c1fc913b47be763e5906e1524f1143acb8617287866184f9a7"
@ -306,14 +300,6 @@
pruneopts = "NUT"
revision = "c33f32e268983f989290677351b871b65da75ba5"
[[projects]]
digest = "1:a4f16a1b72349621b887bde88f458da518160abcb600eae3d591d8a2afa78bda"
name = "github.com/containous/staert"
packages = ["."]
pruneopts = "NUT"
revision = "7a9987c3a6d46be84e141a5c3191347ec10af17d"
version = "v3.1.2"
[[projects]]
digest = "1:fa91847d50d3f656fc2d2d608b9749b97d77528e8988ad8001f957640545e91e"
name = "github.com/coreos/go-systemd"
@ -598,7 +584,7 @@
revision = "73d445a93680fa1a78ae23a5839bad48f32ba1ee"
[[projects]]
digest = "1:a04af13190b67ff69cf8fcd79ee133a24c4a7a900cacbc296261dd43f3fbde5c"
digest = "1:d82b2dc81c551e7c15f31523a2cc8ee9121b39cfbf63174d98a0bc8edf2d3c5e"
name = "github.com/go-acme/lego"
packages = [
"acme",
@ -622,6 +608,7 @@
"providers/dns/alidns",
"providers/dns/auroradns",
"providers/dns/azure",
"providers/dns/bindman",
"providers/dns/bluecat",
"providers/dns/cloudflare",
"providers/dns/cloudns",
@ -640,6 +627,7 @@
"providers/dns/dreamhost",
"providers/dns/duckdns",
"providers/dns/dyn",
"providers/dns/easydns",
"providers/dns/exec",
"providers/dns/exoscale",
"providers/dns/fastdns",
@ -652,6 +640,7 @@
"providers/dns/httpreq",
"providers/dns/iij",
"providers/dns/inwx",
"providers/dns/joker",
"providers/dns/lightsail",
"providers/dns/linode",
"providers/dns/linodev4",
@ -683,8 +672,8 @@
"registration",
]
pruneopts = "NUT"
revision = "aaecc1ca7254190b71c5f01f57ee3bb6701bc937"
version = "v2.4.0"
revision = "01903cdfb9869df45cf5274c53226823a2532f2d"
version = "v2.6.0"
[[projects]]
branch = "fork-containous"
@ -695,6 +684,14 @@
revision = "ca0bf163426aa183d03fd4949101785c0347f273"
source = "github.com/containous/check"
[[projects]]
digest = "1:ea1d5bfdb4ec5c2ee48c97865e6de1a28fa8c4849a3f56b27d521aa619038e06"
name = "github.com/go-errors/errors"
packages = ["."]
pruneopts = "NUT"
revision = "a6af135bd4e28680facf08a3d206b454abc877a4"
version = "v1.0.1"
[[projects]]
digest = "1:5e92676b56ce4c69edf9ee1f6343c56f637e30af11b9d8b5edd1b6530f3fbc3d"
name = "github.com/go-ini/ini"
@ -765,7 +762,7 @@
revision = "44145f04b68cf362d9c4df2182967c2275eaefed"
[[projects]]
digest = "1:03e14cff610a8a58b774e36bd337fa979482be86aab01be81fb8bbd6d0f07fc8"
digest = "1:2d0636a8c490d2272dd725db26f74a537111b99b9dbdda0d8b98febe63702aa4"
name = "github.com/golang/protobuf"
packages = [
"proto",
@ -775,8 +772,8 @@
"ptypes/timestamp",
]
pruneopts = "NUT"
revision = "b4deda0973fb4c70b50d226b1af49f3da59f5265"
version = "v1.1.0"
revision = "b5d812f8a3706043e23a9cd5babf2e5423744d30"
version = "v1.3.1"
[[projects]]
branch = "master"
@ -1014,6 +1011,25 @@
pruneopts = "NUT"
revision = "b84e30acd515aadc4b783ad4ff83aff3299bdfe0"
[[projects]]
digest = "1:1082aeb059ff66b4fb6da53f9e7591726c6a81901f05ce48a470091784b23914"
name = "github.com/labbsr0x/bindman-dns-webhook"
packages = [
"src/client",
"src/types",
]
pruneopts = "NUT"
revision = "234ca2a50eebc2095f42a884709a6e9013366d86"
version = "v1.0.0"
[[projects]]
branch = "master"
digest = "1:ad2a63b2d6dfe7d66bf14c01f1171a3951abef6e0fb136170359c3f7c4f51615"
name = "github.com/labbsr0x/goh"
packages = ["gohclient"]
pruneopts = "NUT"
revision = "60aa50bcbca768de1b8d37d7185daab4cf023ed2"
[[projects]]
branch = "master"
digest = "1:5a96e1f04259484b3dd183ca95d1e7bff768b1bab36c530e308a8d56243b50c7"
@ -1190,14 +1206,6 @@
revision = "d8152159450570012552f924a0ae6ab3d8c617e0"
version = "v0.6.0"
[[projects]]
branch = "master"
digest = "1:95d27e49401b61dd203a4cf8237037bd6cd49599651f855ac1988c4ae27b090e"
name = "github.com/ogier/pflag"
packages = ["."]
pruneopts = "NUT"
revision = "45c278ab3607870051a2ea9040bb85fcb8557481"
[[projects]]
digest = "1:69e47979091e47a10e5ff0e2776ca71aa3e884238ce446bd71e246878ba0858d"
name = "github.com/opencontainers/go-digest"
@ -1416,17 +1424,18 @@
revision = "256dc444b735e061061cf46c809487313d5b0065"
[[projects]]
branch = "master"
digest = "1:fff470b0a7bbf05cfe8bfc73bfdf4d21eb009ea84e601f3d27781474e5da960f"
digest = "1:253f275bd72c42f8d234712d1574c8b222fe9b72838bfaca11b21ace9c0e3d0a"
name = "github.com/sacloud/libsacloud"
packages = [
".",
"api",
"sacloud",
"sacloud/ostype",
"utils/mutexkv",
]
pruneopts = "NUT"
revision = "306ea89b6ef19334614f7b0fc5aa19595022bb8c"
revision = "41c392dee98a83260abbe0fcd5c13beb7c75d103"
version = "v1.21.1"
[[projects]]
digest = "1:6bc0652ea6e39e22ccd522458b8bdd8665bf23bdc5a20eec90056e4dc7e273ca"
@ -1480,13 +1489,6 @@
pruneopts = "NUT"
revision = "c4434f09ec131ecf30f986d5dcb1636508bfa49a"
[[projects]]
digest = "1:84b9a5318d8ce3b8a9b1509bf15734f4f9dcd4decf9d9e9c7346a16c7b64d49e"
name = "github.com/thoas/stats"
packages = ["."]
pruneopts = "NUT"
revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
[[projects]]
branch = "master"
digest = "1:99ce99ce6d6d0cbc5f822cda92095906e01d5546d60999ac839ab008938e4e17"
@ -1580,7 +1582,7 @@
[[projects]]
branch = "master"
digest = "1:c878a802780168c80738d74607d14e7cb8765706990ae1260a3fd271c2c3b133"
digest = "1:d7ace03de79a9cec30e7a55cc16160602760470c5fe031b780dc2d84234d7f5a"
name = "github.com/vulcand/oxy"
packages = [
"buffer",
@ -1593,7 +1595,7 @@
"utils",
]
pruneopts = "NUT"
revision = "c34b0c501e43223bc816ac9b40b0ac29c44c8952"
revision = "3d629cff40b7040e0519628e7774ed11a95d9aff"
[[projects]]
digest = "1:ca6bac407fedc14fbeeba861dd33a821ba3a1624c10126ec6003b0a28d4139c5"
@ -1626,6 +1628,42 @@
pruneopts = "NUT"
revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70"
[[projects]]
digest = "1:aafe0319af5410fb19a23a575ea6ee4b14253e122ef87f936bac65ea1e6b280c"
name = "go.opencensus.io"
packages = [
".",
"internal",
"internal/tagencoding",
"metric/metricdata",
"metric/metricproducer",
"plugin/ochttp",
"plugin/ochttp/propagation/b3",
"resource",
"stats",
"stats/internal",
"stats/view",
"tag",
"trace",
"trace/internal",
"trace/propagation",
"trace/tracestate",
]
pruneopts = "NUT"
revision = "df6e2001952312404b06f5f6f03fcb4aec1648e5"
version = "v0.21.0"
[[projects]]
branch = "master"
digest = "1:02fe59517e10f9b400b500af8ac228c74cecb0cba7a5f438d8283edb97e14270"
name = "go.uber.org/ratelimit"
packages = [
".",
"internal/clock",
]
pruneopts = "NUT"
revision = "c15da02342779cb6dc027fc95ee2277787698f36"
[[projects]]
branch = "master"
digest = "1:30c1930f8c9fee79f3af60c8b7cd92edd12a4f22187f5527d53509b1a794f555"
@ -1687,15 +1725,14 @@
revision = "ec22f46f877b4505e0117eeaab541714644fdd28"
[[projects]]
branch = "master"
digest = "1:4e67fdd7a13cbdb3c0dff0a7505abbdf4f42b12b27da350d66bffdc700db2899"
digest = "1:51bfac9fe01b6a949bfed6db70b00bada281f0d64e5296ec644163aa977bfee0"
name = "golang.org/x/sys"
packages = [
"unix",
"windows",
]
pruneopts = "NUT"
revision = "fff93fa7cd278d84afc205751523809c464168ab"
revision = "1c9583448a9c3aa0f9a6a5241bf73c0bd8aafded"
[[projects]]
digest = "1:ca9ebfc1200ca7423d9778dba9cdd463704753541c99dc4896f15e0b8b2bf1e8"
@ -1744,16 +1781,21 @@
[[projects]]
branch = "master"
digest = "1:da32ebe70dd3ec97d2df26281b08b18d05c2f12491ae79f389813f6c8d3006b3"
digest = "1:70c173b8ecc111dd01dc07f0ada72c076e4ed91618ee559312ef8adf154cc539"
name = "google.golang.org/api"
packages = [
"dns/v1",
"gensupport",
"googleapi",
"googleapi/internal/uritemplates",
"googleapi/transport",
"internal",
"option",
"transport/http",
"transport/http/internal/propagation",
]
pruneopts = "NUT"
revision = "de943baf05a022a8f921b544b7827bacaba1aed5"
revision = "067bed655e9cbc26f4dbac8f8897b30756d90990"
[[projects]]
digest = "1:7206d98ec77c90c72ec2c405181a1dcf86965803b6dbc4f98ceab7a5047c37a9"
@ -1781,22 +1823,31 @@
revision = "09f6ed296fc66555a25fe4ce95173148778dfa85"
[[projects]]
digest = "1:a840929a3a2d91282dc853cbd5f586069c14ae373247fb7d4cb4fa02b285326e"
digest = "1:ffb498178a6bbe5a877e715cc85a40d5a712883d85f5bf05acf26dbd6c8f71e2"
name = "google.golang.org/grpc"
packages = [
".",
"balancer",
"balancer/base",
"balancer/roundrobin",
"channelz",
"binarylog/grpc_binarylog_v1",
"codes",
"connectivity",
"credentials",
"credentials/internal",
"encoding",
"encoding/proto",
"grpclb/grpc_lb_v1/messages",
"grpclog",
"internal",
"internal/backoff",
"internal/balancerload",
"internal/binarylog",
"internal/channelz",
"internal/envconfig",
"internal/grpcrand",
"internal/grpcsync",
"internal/syscall",
"internal/transport",
"keepalive",
"metadata",
"naming",
@ -1807,14 +1858,13 @@
"stats",
"status",
"tap",
"transport",
]
pruneopts = "NUT"
revision = "41344da2231b913fa3d983840a57a6b1b7b631a1"
version = "v1.12.0"
revision = "25c4f928eaa6d96443009bd842389fb4fa48664e"
version = "v1.20.1"
[[projects]]
digest = "1:b886012746f19e2a7c6c3901ea9f86e8a5e32ff2b4407086f4f3181269976957"
digest = "1:b49eceff862a3048ec28dad1fce40bcbdc1703119dbad35d7e5f1beb4f9a4527"
name = "gopkg.in/DataDog/dd-trace-go.v1"
packages = [
"ddtrace",
@ -1822,10 +1872,11 @@
"ddtrace/internal",
"ddtrace/opentracer",
"ddtrace/tracer",
"internal/globalconfig",
]
pruneopts = "NUT"
revision = "7fb2bce4b1ed6ab61f7a9e1be30dea56de19db7c"
version = "v1.8.0"
revision = "c19e9e56d5b5b71b6507ce1b0ec06d85aa3705a1"
version = "v1.14.0"
[[projects]]
digest = "1:c970218a20933dd0a2eb2006de922217fa9276f57d25009b2a934eb1c50031cc"
@ -2173,6 +2224,7 @@
analyzer-version = 1
input-imports = [
"github.com/BurntSushi/toml",
"github.com/ExpediaDotCom/haystack-client-go",
"github.com/Masterminds/sprig",
"github.com/NYTimes/gziphandler",
"github.com/abbot/go-http-auth",
@ -2180,10 +2232,7 @@
"github.com/armon/go-proxyproto",
"github.com/cenkalti/backoff",
"github.com/containous/alice",
"github.com/containous/flaeg",
"github.com/containous/flaeg/parse",
"github.com/containous/mux",
"github.com/containous/staert",
"github.com/coreos/go-systemd/daemon",
"github.com/davecgh/go-spew/spew",
"github.com/docker/docker/api/types",
@ -2230,12 +2279,12 @@
"github.com/mitchellh/copystructure",
"github.com/mitchellh/hashstructure",
"github.com/mvdan/xurls",
"github.com/ogier/pflag",
"github.com/opentracing/opentracing-go",
"github.com/opentracing/opentracing-go/ext",
"github.com/opentracing/opentracing-go/log",
"github.com/openzipkin-contrib/zipkin-go-opentracing",
"github.com/patrickmn/go-cache",
"github.com/pmezard/go-difflib/difflib",
"github.com/prometheus/client_golang/prometheus",
"github.com/prometheus/client_golang/prometheus/promhttp",
"github.com/prometheus/client_model/go",
@ -2246,7 +2295,6 @@
"github.com/stretchr/testify/mock",
"github.com/stretchr/testify/require",
"github.com/stvp/go-udp-testing",
"github.com/thoas/stats",
"github.com/uber/jaeger-client-go",
"github.com/uber/jaeger-client-go/config",
"github.com/uber/jaeger-client-go/zipkin",
@ -2271,6 +2319,7 @@
"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/opentracer",
"gopkg.in/DataDog/dd-trace-go.v1/ddtrace/tracer",
"gopkg.in/fsnotify.v1",
"gopkg.in/yaml.v2",
"k8s.io/api/core/v1",
"k8s.io/api/extensions/v1beta1",
"k8s.io/apimachinery/pkg/api/errors",

41
Gopkg.toml
View file

@ -69,10 +69,6 @@ required = [
name = "github.com/cenkalti/backoff"
version = "2.1.1"
[[constraint]]
name = "github.com/containous/flaeg"
version = "1.4.1"
[[constraint]]
branch = "master"
name = "github.com/containous/mux"
@ -81,14 +77,10 @@ required = [
branch = "containous-fork"
name = "github.com/containous/alice"
[[constraint]]
name = "github.com/containous/staert"
version = "3.1.2"
[[constraint]]
name = "github.com/thoas/stats"
# related to https://github.com/thoas/stats/pull/32
revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
#[[constraint]]
# name = "github.com/thoas/stats"
# # related to https://github.com/thoas/stats/pull/32
# revision = "4975baf6a358ed3ddaa42133996e1959f96c9300"
[[constraint]]
name = "github.com/coreos/go-systemd"
@ -137,9 +129,9 @@ required = [
# branch = "master"
# name = "github.com/jjcollinge/servicefabric"
[[constraint]]
branch = "master"
name = "github.com/abronan/valkeyrie"
#[[constraint]]
# branch = "master"
# name = "github.com/abronan/valkeyrie"
#[[constraint]]
# name = "github.com/mesosphere/mesos-dns"
@ -193,13 +185,20 @@ required = [
name = "github.com/vulcand/oxy"
[[constraint]]
# branch = "master"
name = "github.com/go-acme/lego"
version = "2.4.0"
version = "2.6.0"
[[constraint]]
name = "google.golang.org/grpc"
version = "1.5.2"
version = "1.13.0"
[[override]]
name = "golang.org/x/sys"
revision = "1c9583448a9c3aa0f9a6a5241bf73c0bd8aafded"
[[constraint]]
name = "github.com/golang/protobuf"
version = "v1.3.0"
[[constraint]]
name = "gopkg.in/fsnotify.v1"
@ -278,8 +277,12 @@ required = [
[[constraint]]
name = "gopkg.in/DataDog/dd-trace-go.v1"
version = "1.7.0"
version = "1.13.0"
[[constraint]]
name = "github.com/instana/go-sensor"
version = "1.4.12"
[[constraint]]
name = "github.com/ExpediaDotCom/haystack-client-go"
version = "0.2.3"

2
Makefile
View file

@ -96,10 +96,12 @@ test-integration: $(PRE_TARGET)
## Validate code and docs
validate-files: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
bash $(CURDIR)/script/validate-shell-script.sh
## Validate code, docs, and vendor
validate: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
bash $(CURDIR)/script/validate-shell-script.sh
## Clean up static directory and build a Docker Traefik image
build-image: binary

2
README.md
View file

@ -12,7 +12,7 @@
[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Traefik (pronounced _traffic_) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
Pointing Traefik at your orchestrator should be the _only_ configuration step you need.

190
cmd/configuration.go
View file

@ -3,40 +3,27 @@ package cmd
import (
"time"
"github.com/containous/flaeg/parse"
"github.com/containous/traefik/pkg/config/static"
"github.com/containous/traefik/pkg/middlewares/accesslog"
"github.com/containous/traefik/pkg/ping"
"github.com/containous/traefik/pkg/provider/docker"
"github.com/containous/traefik/pkg/provider/file"
"github.com/containous/traefik/pkg/provider/kubernetes/ingress"
"github.com/containous/traefik/pkg/provider/marathon"
"github.com/containous/traefik/pkg/provider/rancher"
"github.com/containous/traefik/pkg/provider/rest"
"github.com/containous/traefik/pkg/tracing/datadog"
"github.com/containous/traefik/pkg/tracing/instana"
"github.com/containous/traefik/pkg/tracing/jaeger"
"github.com/containous/traefik/pkg/tracing/zipkin"
"github.com/containous/traefik/pkg/types"
jaegercli "github.com/uber/jaeger-client-go"
)
// TraefikConfiguration holds GlobalConfiguration and other stuff
type TraefikConfiguration struct {
static.Configuration `mapstructure:",squash" export:"true"`
ConfigFile string `short:"c" description:"Configuration file to use (TOML)." export:"true"`
// TraefikCmdConfiguration wraps the static configuration and extra parameters.
type TraefikCmdConfiguration struct {
static.Configuration `export:"true"`
// ConfigFile is the path to the configuration file.
ConfigFile string `description:"Configuration file to use. If specified all other flags are ignored." export:"true"`
}
// NewTraefikConfiguration creates a TraefikConfiguration with default values
func NewTraefikConfiguration() *TraefikConfiguration {
return &TraefikConfiguration{
// NewTraefikConfiguration creates a TraefikCmdConfiguration with default values.
func NewTraefikConfiguration() *TraefikCmdConfiguration {
return &TraefikCmdConfiguration{
Configuration: static.Configuration{
Global: &static.Global{
CheckNewVersion: true,
},
EntryPoints: make(static.EntryPoints),
Providers: &static.Providers{
ProvidersThrottleDuration: parse.Duration(2 * time.Second),
ProvidersThrottleDuration: types.Duration(2 * time.Second),
},
ServersTransport: &static.ServersTransport{
MaxIdleConnsPerHost: 200,
@ -45,162 +32,3 @@ func NewTraefikConfiguration() *TraefikConfiguration {
ConfigFile: "",
}
}
// NewTraefikDefaultPointersConfiguration creates a TraefikConfiguration with pointers default values
func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
// default File
var defaultFile file.Provider
defaultFile.Watch = true
defaultFile.Filename = "" // needs equivalent to viper.ConfigFileUsed()
// default Ping
var defaultPing = ping.Handler{
EntryPoint: "traefik",
}
// default TraefikLog
defaultTraefikLog := types.TraefikLog{
Format: "common",
FilePath: "",
}
// default AccessLog
defaultAccessLog := types.AccessLog{
Format: accesslog.CommonFormat,
FilePath: "",
Filters: &types.AccessLogFilters{},
Fields: &types.AccessLogFields{
DefaultMode: types.AccessLogKeep,
Headers: &types.FieldHeaders{
DefaultMode: types.AccessLogKeep,
},
},
}
// default Tracing
defaultTracing := static.Tracing{
Backend: "jaeger",
ServiceName: "traefik",
SpanNameLimit: 0,
Jaeger: &jaeger.Config{
SamplingServerURL: "http://localhost:5778/sampling",
SamplingType: "const",
SamplingParam: 1.0,
LocalAgentHostPort: "127.0.0.1:6831",
Propagation: "jaeger",
Gen128Bit: false,
TraceContextHeaderName: jaegercli.TraceContextHeaderName,
},
Zipkin: &zipkin.Config{
HTTPEndpoint: "http://localhost:9411/api/v1/spans",
SameSpan: false,
ID128Bit: true,
Debug: false,
SampleRate: 1.0,
},
DataDog: &datadog.Config{
LocalAgentHostPort: "localhost:8126",
GlobalTag: "",
Debug: false,
PrioritySampling: false,
},
Instana: &instana.Config{
LocalAgentHost: "localhost",
LocalAgentPort: 42699,
LogLevel: "info",
},
}
// default ApiConfiguration
defaultAPI := static.API{
EntryPoint: "traefik",
Dashboard: true,
}
defaultAPI.Statistics = &types.Statistics{
RecentErrors: 10,
}
// default Metrics
defaultMetrics := types.Metrics{
Prometheus: &types.Prometheus{
Buckets: types.Buckets{0.1, 0.3, 1.2, 5},
EntryPoint: static.DefaultInternalEntryPointName,
},
Datadog: &types.Datadog{
Address: "localhost:8125",
PushInterval: "10s",
},
StatsD: &types.Statsd{
Address: "localhost:8125",
PushInterval: "10s",
},
InfluxDB: &types.InfluxDB{
Address: "localhost:8089",
Protocol: "udp",
PushInterval: "10s",
},
}
defaultResolver := types.HostResolverConfig{
CnameFlattening: false,
ResolvConfig: "/etc/resolv.conf",
ResolvDepth: 5,
}
var defaultDocker docker.Provider
defaultDocker.Watch = true
defaultDocker.ExposedByDefault = true
defaultDocker.Endpoint = "unix:///var/run/docker.sock"
defaultDocker.SwarmMode = false
defaultDocker.SwarmModeRefreshSeconds = 15
defaultDocker.DefaultRule = docker.DefaultTemplateRule
// default Rest
var defaultRest rest.Provider
defaultRest.EntryPoint = static.DefaultInternalEntryPointName
// default Marathon
var defaultMarathon marathon.Provider
defaultMarathon.Watch = true
defaultMarathon.Endpoint = "http://127.0.0.1:8080"
defaultMarathon.ExposedByDefault = true
defaultMarathon.DialerTimeout = parse.Duration(5 * time.Second)
defaultMarathon.ResponseHeaderTimeout = parse.Duration(60 * time.Second)
defaultMarathon.TLSHandshakeTimeout = parse.Duration(5 * time.Second)
defaultMarathon.KeepAlive = parse.Duration(10 * time.Second)
defaultMarathon.DefaultRule = marathon.DefaultTemplateRule
// default Kubernetes
var defaultKubernetes ingress.Provider
// default Rancher
var defaultRancher rancher.Provider
defaultRancher.Watch = true
defaultRancher.ExposedByDefault = true
defaultRancher.EnableServiceHealthFilter = true
defaultRancher.RefreshSeconds = 15
defaultRancher.DefaultRule = rancher.DefaultTemplateRule
defaultRancher.Prefix = "latest"
defaultProviders := static.Providers{
File: &defaultFile,
Docker: &defaultDocker,
Rest: &defaultRest,
Marathon: &defaultMarathon,
Kubernetes: &defaultKubernetes,
Rancher: &defaultRancher,
}
return &TraefikConfiguration{
Configuration: static.Configuration{
Providers: &defaultProviders,
Log: &defaultTraefikLog,
AccessLog: &defaultAccessLog,
Ping: &defaultPing,
API: &defaultAPI,
Metrics: &defaultMetrics,
Tracing: &defaultTracing,
HostResolver: &defaultResolver,
},
}
}

35
cmd/healthcheck/healthcheck.go
View file

@ -7,34 +7,34 @@ import (
"os"
"time"
"github.com/containous/flaeg"
"github.com/containous/traefik/cmd"
"github.com/containous/traefik/pkg/cli"
"github.com/containous/traefik/pkg/config/static"
)
// NewCmd builds a new HealthCheck command
func NewCmd(traefikConfiguration *cmd.TraefikConfiguration, traefikPointersConfiguration *cmd.TraefikConfiguration) *flaeg.Command {
return &flaeg.Command{
Name: "healthcheck",
Description: `Calls traefik /ping to check health (web provider must be enabled)`,
Config: traefikConfiguration,
DefaultPointersConfig: traefikPointersConfiguration,
Run: runCmd(traefikConfiguration),
Metadata: map[string]string{
"parseAllSources": "true",
},
// NewCmd builds a new HealthCheck command.
func NewCmd(traefikConfiguration *static.Configuration, loaders []cli.ResourceLoader) *cli.Command {
return &cli.Command{
Name: "healthcheck",
Description: `Calls Traefik /ping to check the health of Traefik (the API must be enabled).`,
Configuration: traefikConfiguration,
Run: runCmd(traefikConfiguration),
Resources: loaders,
}
}
func runCmd(traefikConfiguration *cmd.TraefikConfiguration) func() error {
return func() error {
traefikConfiguration.Configuration.SetEffectiveConfiguration(traefikConfiguration.ConfigFile)
func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error {
return func(_ []string) error {
traefikConfiguration.SetEffectiveConfiguration("")
resp, errPing := Do(traefikConfiguration.Configuration)
resp, errPing := Do(*traefikConfiguration)
if resp != nil {
resp.Body.Close()
}
if errPing != nil {
fmt.Printf("Error calling healthcheck: %s\n", errPing)
os.Exit(1)
}
if resp.StatusCode != http.StatusOK {
fmt.Printf("Bad healthcheck status: %s\n", resp.Status)
os.Exit(1)
@ -50,6 +50,7 @@ func Do(staticConfiguration static.Configuration) (*http.Response, error) {
if staticConfiguration.Ping == nil {
return nil, errors.New("please enable `ping` to use health check")
}
pingEntryPoint, ok := staticConfiguration.EntryPoints[staticConfiguration.Ping.EntryPoint]
if !ok {
return nil, errors.New("missing `ping` entrypoint")

150
cmd/storeconfig/storeconfig.go
View file

@ -1,150 +0,0 @@
package storeconfig
import (
"encoding/json"
"fmt"
stdlog "log"
"github.com/containous/flaeg"
"github.com/containous/staert"
"github.com/containous/traefik/cmd"
)
// NewCmd builds a new StoreConfig command
func NewCmd(traefikConfiguration *cmd.TraefikConfiguration, traefikPointersConfiguration *cmd.TraefikConfiguration) *flaeg.Command {
return &flaeg.Command{
Name: "storeconfig",
Description: `Stores the static traefik configuration into a Key-value stores. Traefik will not start.`,
Config: traefikConfiguration,
DefaultPointersConfig: traefikPointersConfiguration,
HideHelp: true, // TODO storeconfig
Metadata: map[string]string{
"parseAllSources": "true",
},
}
}
// Run store config in KV
func Run(kv *staert.KvSource, traefikConfiguration *cmd.TraefikConfiguration) func() error {
return func() error {
if kv == nil {
return fmt.Errorf("error using command storeconfig, no Key-value store defined")
}
fileConfig := traefikConfiguration.Providers.File
if fileConfig != nil {
traefikConfiguration.Providers.File = nil
if len(fileConfig.Filename) == 0 && len(fileConfig.Directory) == 0 {
fileConfig.Filename = traefikConfiguration.ConfigFile
}
}
jsonConf, err := json.Marshal(traefikConfiguration.Configuration)
if err != nil {
return err
}
stdlog.Printf("Storing configuration: %s\n", jsonConf)
err = kv.StoreConfig(traefikConfiguration.Configuration)
if err != nil {
return err
}
if fileConfig != nil {
jsonConf, err = json.Marshal(fileConfig)
if err != nil {
return err
}
stdlog.Printf("Storing file configuration: %s\n", jsonConf)
config, err := fileConfig.BuildConfiguration()
if err != nil {
return err
}
stdlog.Print("Writing config to KV")
err = kv.StoreConfig(config)
if err != nil {
return err
}
}
// if traefikConfiguration.Configuration.ACME != nil {
// account := &acme.Account{}
//
// accountInitialized, err := keyExists(kv, traefikConfiguration.Configuration.ACME.Storage)
// if err != nil && err != store.ErrKeyNotFound {
// return err
// }
//
// // Check to see if ACME account object is already in kv store
// if traefikConfiguration.Configuration.ACME.OverrideCertificates || !accountInitialized {
//
// // Stores the ACME Account into the KV Store
// // Certificates in KV Stores will be overridden
// meta := cluster.NewMetadata(account)
// err = meta.Marshall()
// if err != nil {
// return err
// }
//
// source := staert.KvSource{
// Store: kv,
// Prefix: traefikConfiguration.Configuration.ACME.Storage,
// }
//
// err = source.StoreConfig(meta)
// if err != nil {
// return err
// }
// }
// }
return nil
}
}
// func keyExists(source *staert.KvSource, key string) (bool, error) {
// list, err := source.List(key, nil)
// if err != nil {
// return false, err
// }
//
// return len(list) > 0, nil
// }
// CreateKvSource creates KvSource
// TLS support is enable for Consul and Etcd backends
func CreateKvSource(traefikConfiguration *cmd.TraefikConfiguration) (*staert.KvSource, error) {
var kv *staert.KvSource
// var kvStore store.Store
var err error
// TODO kv store
// switch {
// case traefikConfiguration.Providers.Consul != nil:
// kvStore, err = traefikConfiguration.Providers.Consul.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Consul.Prefix,
// }
// case traefikConfiguration.Providers.Etcd != nil:
// kvStore, err = traefikConfiguration.Providers.Etcd.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Etcd.Prefix,
// }
// case traefikConfiguration.Providers.Zookeeper != nil:
// kvStore, err = traefikConfiguration.Providers.Zookeeper.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Zookeeper.Prefix,
// }
// case traefikConfiguration.Providers.Boltdb != nil:
// kvStore, err = traefikConfiguration.Providers.Boltdb.CreateStore()
// kv = &staert.KvSource{
// Store: kvStore,
// Prefix: traefikConfiguration.Providers.Boltdb.Prefix,
// }
// }
return kv, err
}

170
cmd/traefik/traefik.go
View file

@ -4,38 +4,30 @@ import (
"context"
"encoding/json"
"fmt"
fmtlog "log"
stdlog "log"
"net/http"
"os"
"path/filepath"
"reflect"
"strings"
"time"
"github.com/cenkalti/backoff"
"github.com/containous/flaeg"
"github.com/containous/staert"
"github.com/containous/traefik/autogen/genstatic"
"github.com/containous/traefik/cmd"
"github.com/containous/traefik/cmd/healthcheck"
"github.com/containous/traefik/cmd/storeconfig"
cmdVersion "github.com/containous/traefik/cmd/version"
"github.com/containous/traefik/pkg/cli"
"github.com/containous/traefik/pkg/collector"
"github.com/containous/traefik/pkg/config"
"github.com/containous/traefik/pkg/config/static"
"github.com/containous/traefik/pkg/job"
"github.com/containous/traefik/pkg/log"
"github.com/containous/traefik/pkg/provider/aggregator"
"github.com/containous/traefik/pkg/provider/kubernetes/k8s"
"github.com/containous/traefik/pkg/safe"
"github.com/containous/traefik/pkg/server"
"github.com/containous/traefik/pkg/server/router"
traefiktls "github.com/containous/traefik/pkg/tls"
"github.com/containous/traefik/pkg/types"
"github.com/containous/traefik/pkg/version"
"github.com/coreos/go-systemd/daemon"
assetfs "github.com/elazarl/go-bindata-assetfs"
"github.com/ogier/pflag"
"github.com/sirupsen/logrus"
"github.com/vulcand/oxy/roundrobin"
)
@ -48,141 +40,38 @@ func init() {
os.Setenv("GODEBUG", goDebug+"tls13=1")
}
// sliceOfStrings is the parser for []string
type sliceOfStrings []string
// String is the method to format the flag's value, part of the flag.Value interface.
// The String method's output will be used in diagnostics.
func (s *sliceOfStrings) String() string {
return strings.Join(*s, ",")
}
// Set is the method to set the flag value, part of the flag.Value interface.
// Set's argument is a string to be parsed to set the flag.
// It's a comma-separated list, so we split it.
func (s *sliceOfStrings) Set(value string) error {
parts := strings.Split(value, ",")
if len(parts) == 0 {
return fmt.Errorf("bad []string format: %s", value)
}
for _, entrypoint := range parts {
*s = append(*s, entrypoint)
}
return nil
}
// Get return the []string
func (s *sliceOfStrings) Get() interface{} {
return *s
}
// SetValue sets the []string with val
func (s *sliceOfStrings) SetValue(val interface{}) {
*s = val.([]string)
}
// Type is type of the struct
func (s *sliceOfStrings) Type() string {
return "sliceOfStrings"
}
func main() {
// traefik config inits
traefikConfiguration := cmd.NewTraefikConfiguration()
traefikPointersConfiguration := cmd.NewTraefikDefaultPointersConfiguration()
tConfig := cmd.NewTraefikConfiguration()
// traefik Command init
traefikCmd := &flaeg.Command{
loaders := []cli.ResourceLoader{&cli.FileLoader{}, &cli.EnvLoader{}, &cli.FlagLoader{}}
cmdTraefik := &cli.Command{
Name: "traefik",
Description: `Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
Complete documentation is available at https://traefik.io`,
Config: traefikConfiguration,
DefaultPointersConfig: traefikPointersConfiguration,
Run: func() error {
return runCmd(&traefikConfiguration.Configuration, traefikConfiguration.ConfigFile)
Configuration: tConfig,
Resources: loaders,
Run: func(_ []string) error {
return runCmd(&tConfig.Configuration, cli.GetConfigFile(loaders))
},
}
// storeconfig Command init
storeConfigCmd := storeconfig.NewCmd(traefikConfiguration, traefikPointersConfiguration)
// init flaeg source
f := flaeg.New(traefikCmd, os.Args[1:])
// add custom parsers
f.AddParser(reflect.TypeOf(static.EntryPoints{}), &static.EntryPoints{})
f.AddParser(reflect.SliceOf(reflect.TypeOf("")), &sliceOfStrings{})
f.AddParser(reflect.TypeOf(traefiktls.FilesOrContents{}), &traefiktls.FilesOrContents{})
f.AddParser(reflect.TypeOf(types.Constraints{}), &types.Constraints{})
f.AddParser(reflect.TypeOf(k8s.Namespaces{}), &k8s.Namespaces{})
f.AddParser(reflect.TypeOf([]types.Domain{}), &types.Domains{})
f.AddParser(reflect.TypeOf(types.DNSResolvers{}), &types.DNSResolvers{})
f.AddParser(reflect.TypeOf(types.Buckets{}), &types.Buckets{})
f.AddParser(reflect.TypeOf(types.StatusCodes{}), &types.StatusCodes{})
f.AddParser(reflect.TypeOf(types.FieldNames{}), &types.FieldNames{})
f.AddParser(reflect.TypeOf(types.FieldHeaderNames{}), &types.FieldHeaderNames{})
// add commands
f.AddCommand(cmdVersion.NewCmd())
f.AddCommand(storeConfigCmd)
f.AddCommand(healthcheck.NewCmd(traefikConfiguration, traefikPointersConfiguration))
usedCmd, err := f.GetCommand()
err := cmdTraefik.AddCommand(healthcheck.NewCmd(&tConfig.Configuration, loaders))
if err != nil {
fmtlog.Println(err)
stdlog.Println(err)
os.Exit(1)
}
if _, err := f.Parse(usedCmd); err != nil {
if err == pflag.ErrHelp {
os.Exit(0)
}
fmtlog.Printf("Error parsing command: %s\n", err)
os.Exit(1)
}
// staert init
s := staert.NewStaert(traefikCmd)
// init TOML source
toml := staert.NewTomlSource("traefik", []string{traefikConfiguration.ConfigFile, "/etc/traefik/", "$HOME/.traefik/", "."})
// add sources to staert
s.AddSource(toml)
s.AddSource(f)
if _, err := s.LoadConfig(); err != nil {
fmtlog.Printf("Error reading TOML config file %s : %s\n", toml.ConfigFileUsed(), err)
os.Exit(1)
}
traefikConfiguration.ConfigFile = toml.ConfigFileUsed()
kv, err := storeconfig.CreateKvSource(traefikConfiguration)
err = cmdTraefik.AddCommand(cmdVersion.NewCmd())
if err != nil {
fmtlog.Printf("Error creating kv store: %s\n", err)
stdlog.Println(err)
os.Exit(1)
}
storeConfigCmd.Run = storeconfig.Run(kv, traefikConfiguration)
// if a KV Store is enable and no sub-command called in args
if kv != nil && usedCmd == traefikCmd {
s.AddSource(kv)
operation := func() error {
_, err := s.LoadConfig()
return err
}
notify := func(err error, time time.Duration) {
log.WithoutContext().Errorf("Load config error: %+v, retrying in %s", err, time)
}
err := backoff.RetryNotify(safe.OperationWithRecover(operation), job.NewBackOff(backoff.NewExponentialBackOff()), notify)
if err != nil {
fmtlog.Printf("Error loading configuration: %s\n", err)
os.Exit(1)
}
}
if err := s.Run(); err != nil {
fmtlog.Printf("Error running traefik: %s\n", err)
err = cli.Execute(cmdTraefik)
if err != nil {
stdlog.Println(err)
os.Exit(1)
}
@ -192,10 +81,6 @@ Complete documentation is available at https://traefik.io`,
func runCmd(staticConfiguration *static.Configuration, configFile string) error {
configureLogging(staticConfiguration)
if len(configFile) > 0 {
log.WithoutContext().Infof("Using TOML configuration file %s", configFile)
}
http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
if err := roundrobin.SetDefaultWeight(0); err != nil {
@ -289,7 +174,11 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
safe.Go(func() {
tick := time.Tick(t)
for range tick {
_, errHealthCheck := healthcheck.Do(*staticConfiguration)
resp, errHealthCheck := healthcheck.Do(*staticConfiguration)
if resp != nil {
resp.Body.Close()
}
if staticConfiguration.Ping == nil || errHealthCheck == nil {
if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok {
log.WithoutContext().Error("Fail to tick watchdog")
@ -309,22 +198,17 @@ func runCmd(staticConfiguration *static.Configuration, configFile string) error
func configureLogging(staticConfiguration *static.Configuration) {
// configure default log flags
fmtlog.SetFlags(fmtlog.Lshortfile | fmtlog.LstdFlags)
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
// configure log level
// an explicitly defined log level always has precedence. if none is
// given and debug mode is disabled, the default is ERROR, and DEBUG
// otherwise.
var levelStr string
if staticConfiguration.Log != nil {
levelStr := "error"
if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
levelStr = strings.ToLower(staticConfiguration.Log.Level)
}
if levelStr == "" {
levelStr = "error"
if staticConfiguration.Global.Debug {
levelStr = "debug"
}
}
level, err := logrus.ParseLevel(levelStr)
if err != nil {
log.WithoutContext().Errorf("Error getting level: %v", err)
@ -377,7 +261,7 @@ func checkNewVersion() {
func stats(staticConfiguration *static.Configuration) {
if staticConfiguration.Global.SendAnonymousUsage == nil {
log.WithoutContext().Error(`
You haven't specify the sendAnonymousUsage option, it will be enable by default.
You haven't specified the sendAnonymousUsage option, it will be enabled by default.
`)
sendAnonymousUsage := true
staticConfiguration.Global.SendAnonymousUsage = &sendAnonymousUsage

16
cmd/version/version.go
View file

@ -7,7 +7,7 @@ import (
"runtime"
"text/template"
"github.com/containous/flaeg"
"github.com/containous/traefik/pkg/cli"
"github.com/containous/traefik/pkg/version"
)
@ -18,19 +18,17 @@ Built: {{.BuildTime}}
OS/Arch: {{.Os}}/{{.Arch}}`
// NewCmd builds a new Version command
func NewCmd() *flaeg.Command {
return &flaeg.Command{
Name: "version",
Description: `Print version`,
Config: struct{}{},
DefaultPointersConfig: struct{}{},
Run: func() error {
func NewCmd() *cli.Command {
return &cli.Command{
Name: "version",
Description: `Shows the current Traefik version.`,
Configuration: nil,
Run: func(_ []string) error {
if err := GetPrint(os.Stdout); err != nil {
return err
}
fmt.Print("\n")
return nil
},
}
}

12
docs/content/contributing/building-testing.md
View file

@ -43,7 +43,7 @@ $ ls dist/
traefik*
```
The following targets can be executed outside Docker (we don't recommend that):
The following targets can be executed outside Docker by setting the variable `PRE_TARGET` to an empty string (we don't recommend that):
- `test-unit`
- `test-integration`
@ -61,24 +61,24 @@ PRE_TARGET= make test-unit
You need `go` v1.12+.
!!! tip "Source Directory"
It is recommended that you clone Traefik into the `~/go/src/github.com/containous/traefik` directory.
This is the official golang workspace hierarchy that will allow dependencies to be properly resolved.
!!! note "Environment"
Set your `GOPATH` and `PATH` variable to be set to `~/go` via:
```bash
export GOPATH=~/go
export PATH=$PATH:$GOPATH/bin
```
For convenience, add `GOPATH` and `PATH` to your `.bashrc` or `.bash_profile`
Verify your environment is setup properly by running `$ go env`.
Depending on your OS and environment, you should see an output similar to:
```bash
GOARCH="amd64"
GOBIN=""

2
docs/content/contributing/documentation.md
View file

@ -10,7 +10,7 @@ Let's see how.
### General
This [documentation](http://docs.traefik.io/) is built with [mkdocs](http://mkdocs.org/).
This [documentation](https://docs.traefik.io/) is built with [mkdocs](https://mkdocs.org/).
### Method 1: `Docker` and `make`

1
docs/content/contributing/maintainers.md
View file

@ -16,6 +16,7 @@
* Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
* Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
* Damien Duportal [@dduportal](https://github.com/dduportal)
* Mathieu Lonjaret [@mpl](https://github.com/mpl)
## Contributions Daily Meeting

2
docs/content/contributing/submitting-pull-requests.md
View file

@ -42,4 +42,4 @@ Help the readers focus on what matters, and help them understand the structure o
!!! tip "10 Tips for Better Pull Requests"
We enjoyed this article, maybe you will too! [10 tips for better pull requests](http://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).
We enjoyed this article, maybe you will too! [10 tips for better pull requests](https://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).

17
docs/content/contributing/thank-you.md
View file

@ -8,3 +8,20 @@ and wouldn't have become what it is today without the help of our [many contribu
not accounting for people having helped with issues, tests, comments, articles, ... or just enjoying it and letting others know.
So once again, thank you for your invaluable help on making Traefik such a good product.
!!! question "Where to Go Next?"
If you want to:
- Propose and idea, request a feature a report a bug,
read the page [Submitting Issues](./submitting-issues.md).
- Discover how to make an efficient contribution,
read the page [Submitting Pull Requests](./submitting-pull-requests.md).
- Learn how to build and test Traefik,
the page [Building and Testing](./building-testing.md) is for you.
- Contribute to the documentation,
read the related page [Documentation](./documentation.md).
- Understand how do we learn about Traefik usage,
read the [Data Collection](./data-collection.md) page.
- Spread the love about Traefik, please check the [Advocating](./advocating.md) page.
- Learn about who are the maintainers and how they work on the project,
read the [Maintainers](./maintainers.md) page.

2
docs/content/getting-started/concepts.md
View file

@ -14,7 +14,7 @@ it knows all the logic and every rule that determine which services handle which
Where traditionally edge routers (or reverse proxies) need a configuration file that contains every possible route to your services, Traefik gets them from the services themselves.
Deploying your services, you attach information that tell Traefik the characteristics of the requests the services can handle.
Deploying your services, you attach information that tells Traefik the characteristics of the requests the services can handle.
![Decentralized Configuration](../assets/img/traefik-concepts-2.png)

40
docs/content/getting-started/configuration-overview.md
View file

@ -33,31 +33,23 @@ Traefik gets its _dynamic configuration_ from [providers](../providers/overview.
## The Static Configuration
There are three different locations where you can define static configuration options in Traefik:
There are three different, mutually exclusive, ways to define static configuration options in Traefik:
- In a key-value store
- In the command-line arguments
- In a configuration file
- As environment variables
- In the command-line arguments
If you don't provide a value for a given option, default values apply.
These ways are evaluated in the order listed above.
!!! important "Precedence Order"
The following precedence order applies for configuration options: key-value > command-line > configuration file.
If no value was provided for a given option, a default value applies.
Moreover, if an option has sub-options, and any of these sub-options is not specified, a default value will apply as well.
It means that arguments override configuration file, and key-value store overrides arguments.
!!! important "Default Values"
Some root options are enablers: they set default values for all their children.
For example, the `--providers.docker` option enables the docker provider.
Once positioned, this option sets (and resets) all the default values under the root `providers.docker`.
If you define child options using a lesser precedence configuration source, they will be overwritten by the default values.
For example, the `--providers.docker` option is enough by itself to enable the docker provider, even though sub-options like `--providers.docker.endpoint` exist.
Once positioned, this option sets (and resets) all the default values of the sub-options of `--providers.docker`.
### Configuration File
At startup, Traefik searches for a file named `traefik.toml` in `/etc/traefik/`, `$HOME/.traefik/`, and `.` (_the working directory_).
At startup, Traefik searches for a file named `traefik.toml` in `/etc/traefik/`, `$XDG_CONFIG_HOME/`, `$HOME/.config/`, and `.` (_the working directory_).
You can override this using the `configFile` argument.
@ -67,16 +59,16 @@ traefik --configFile=foo/bar/myconfigfile.toml
### Arguments
Use `traefik --help` to get the list of the available arguments.
To get the list of all available arguments:
### Key-Value Stores
```bash
traefik --help
Traefik supports several Key-value stores:
# or
- [Consul](https://consul.io)
- [etcd](https://coreos.com/etcd/)
- [ZooKeeper](https://zookeeper.apache.org/)
- [boltdb](https://github.com/boltdb/bolt)
docker run traefik[:version] --help
# ex: docker run traefik:2.0 --help
```
## Available Configuration Options

2
docs/content/getting-started/quick-start.md
View file

@ -81,7 +81,7 @@ docker-compose up -d --scale whoami=2
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new instance of the container.
Finally, see that Traefik load-balances between the two instances of your services by running twice the following command:
Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:
```shell
curl -H Host:whoami.docker.localhost http://127.0.0.1

145
docs/content/https-tls/overview.md
View file

@ -1,145 +0,0 @@
# HTTPS & TLS
Traefik supports HTTPS & TLS, and is able to accept new certificates / updates over time (without being restarted).
TLS is enabled at the [router](../routing/routers/index.md) level, but some options are configured in dedicated sections (`tlsOptions` & `tlsStores`) described in this section.
## Configuration Example
??? example "Configuring a Default Certificate"
```toml
[tlsStores]
[tlsStores.default]
[tlsStores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
??? example "Configuring a Minimum TLS Version"
```toml
[tlsOptions]
[tlsOptions.default]
minVersion = "VersionTLS12"
```
??? example "Defining Certificates"
```toml
[[tls]]
[tls.certificate]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls]]
[tls.certificate]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "File Provider Only"
In the above example, we've used the [file provider](../providers/file.md) to handle the TLS configuration (tlsStores, tlsOptions, and TLS certificates).
In its current alpha version, it is the only available method to configure these elements.
Of course, these options are hot reloaded and can be updated at runtime (they belong to the [dynamic configuration](../getting-started/configuration-overview.md)).
## Configuration Options
### Dynamic Certificates
To add / remove TLS certificates while Traefik is running, the [file provider](../providers/file.md) supports Dynamic TLS certificates in its `[[tls]]` section.
!!! example "Defining Certificates"
```toml
[[tls]]
stores = ["default"]
[tls.certificate]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls]]
stores = ["default"]
[tls.certificate]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
??? note "Stores"
During the alpha version, the stores option will be ignored and be automatically set to ["default"].
### Mutual Authentication
Traefik supports both optional and non optional (defaut value) mutual authentication.
- When `optional = false`, Traefik accepts connections only from client presenting a certificate signed by a CA listed in `ClientCA.files`.
- When `optional = true`, Traefik authorizes connections from client presenting a certificate signed by an unknown CA.
!!! example "Non Optional Mutual Authentication"
In the following example, both `snitest.com` and `snitest.org` will require client certificates.
```toml
[tlsOptions]
[tlsOptions.default]
[tlsOptions.default.ClientCA]
files = ["tests/clientca1.crt", "tests/clientca2.crt"]
optional = false
```
??? note "ClientCA.files"
You can use a file per `CA:s`, or a single file containing multiple `CA:s` (in `PEM` format).
`ClientCA.files` is not optional: every client will have to present a valid certificate. (This requirement will apply to every server certificate declared in the entrypoint.)
### Minimum TLS Version
!!! example "Min TLS version & [cipherSuites](https://godoc.org/crypto/tls#pkg-constants)"
```toml
[tlsOptions]
[tlsOptions.default]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
```
### Strict SNI Checking
With strict SNI checking, Traefik won't allow connections without a matching certificate.
!!! example "Strict SNI"
```toml
[tlsOptions]
[tlsOptions.default]
sniStrict = true
```
### Default Certificate
Traefik can use a default certificate for connections without a SNI, or without a matching domain.
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
!!! example "Setting a Default Certificate"
```toml
[tlsStores]
[tlsStores.default]
[tlsStores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
??? note "Only One Default Certificate"
There can only be one `defaultCertificate` per tlsOptions.
??? note "Default TLS Store"
During the alpha version, there is only one globally available TLS Store (`default`).

127
docs/content/https-tls/acme.md → docs/content/https/acme.md
View file

@ -1,4 +1,4 @@
# ACME
# Let's Encrypt
Automatic HTTPS
{: .subtitle }
@ -54,9 +54,18 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
There are many available options for ACME. For a quick glance at what's possible, browse the configuration reference:
```toml
--8<-- "content/https-tls/ref-acme.toml"
--8<-- "content/https/ref-acme.toml"
```
## Automatic Renewals
Traefik automatically tracks the expiry date of ACME certificates it generates.
If there are less than 30 days remaining before the certificate expires, Traefik will attempt to rewnew it automatically.
!!! note
Certificates that are no longer used may still be renewed, as Traefik does not currently check if the certificate is being used before renewing.
## The Different ACME Challenges
### `tlsChallenge`
@ -119,63 +128,63 @@ Do not hesitate to complete it.
Every lego environment variable can be overridden by their respective `_FILE` counterpart, which should have a filepath to a file that contains the secret as its value.
For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used to provide a Cloudflare API email address as a Docker secret named `traefik_cf-api-email`.
| Provider Name | Provider Code | Environment Variables | Wildcard & Root Domain Support |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | Not tested yet |
| [Alibaba Cloud](https://www.vultr.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | Not tested yet |
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | Not tested yet |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | Not tested yet |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | Not tested yet |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | YES |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key` | YES |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | Not tested yet |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | YES |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | YES |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | YES |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | Not tested yet |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | Not tested yet |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | YES |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | YES |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | YES |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | Not tested yet |
| External Program | `exec` | `EXEC_PATH` | YES |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | YES |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | YES |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | Not tested yet |
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | YES |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | Not tested yet |
| [GoDaddy](https://godaddy.com/domains) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | Not tested yet |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | YES |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | YES |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | YES |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | Not tested yet |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | YES |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | Not tested yet |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | Not tested yet |
| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | Not tested yet |
| manual | - | none, but you need to run Traefik interactively [^4], turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | YES |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | YES |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | YES |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | Not tested yet |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | Not tested yet |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | Not tested yet |
| [Ns1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | Not tested yet |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | Not tested yet |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | YES |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | YES |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | YES |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | Not tested yet |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | Not tested yet |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | Not tested yet |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | YES |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | Not tested yet |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | YES |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | Not tested yet |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | YES |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | Not tested yet |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | YES |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | Not tested yet |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | YES |
| Provider Name | Provider Code | Environment Variables | |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.vultr.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` - The `Global API Key` needs to be used, not the `Origin CA Key` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/fastdns) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linodev4) |
| manual | - | none, but you need to run Traefik interactively [^4], turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Ns1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
[^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application)

16
docs/content/https/overview.md Normal file
View file

@ -0,0 +1,16 @@
# HTTPS & TLS
Overview
{: .subtitle }
Traefik supports HTTPS & TLS, which concerns roughly two parts of the configuration:
routers, and the TLS connection (and its underlying certificates).
When a router has to handle HTTPS traffic,
it should be specified with a `tls` field of the router definition.
See the TLS section of the [routers documentation](../routing/routers/index.md#tls).
The next sections of this documentation explain how to configure the TLS connection itself.
That is to say, how to obtain [TLS certificates](./tls.md#certificates-definition):
either through a definition in the dynamic configuration, or through [Let's Encrypt](./acme.md) (ACME).
And how to configure [TLS options](./tls.md#tls-options), and [certificates stores](./tls.md#certificates-stores).

0
docs/content/https-tls/ref-acme.toml → docs/content/https/ref-acme.toml
View file

140
docs/content/https/tls.md Normal file
View file

@ -0,0 +1,140 @@
# TLS
Transport Layer Security
{: .subtitle }
## Certificates Definition
### Automated
See the [Let's Encrypt](./acme.md) page.
### User defined
To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls]]` section:
```toml
[[tls]]
[tls.certificate]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls]]
[tls.certificate]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "File Provider Only"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
In its current alpha version, it is the only available method to configure the certificates (as well as the options and the stores).
## Certificates Stores
In Traefik, certificates are grouped together in certificates stores, which are defined as such:
```toml
[tlsStores]
[tlsStores.default]
```
!!! important "Alpha restriction"
During the alpha version, any store definition other than the default one (named `default`) will be ignored,
and there is thefore only one globally available TLS store.
In the `[[tls]]` section, a list of stores can then be specified to indicate where the certificates should be stored:
```toml
[[tls]]
stores = ["default"]
[tls.certificate]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
[tls.certificate]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Alpha restriction"
During the alpha version, the `stores` list will actually be ignored and automatically set to `["default"]`.
### Default Certificate
Traefik can use a default certificate for connections without a SNI, or without a matching domain.
This default certificate should be defined in a TLS store:
```toml
[tlsStores]
[tlsStores.default]
[tlsStores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
## TLS Options
The TLS options allow one to configure some parameters of the TLS connection.
### Minimum TLS Version
```toml
[tlsOptions]
[tlsOptions.default]
minVersion = "VersionTLS12"
[tlsOptions.mintls13]
minVersion = "VersionTLS13"
```
### Mutual Authentication
Traefik supports both optional and strict (which is the default) mutual authentication, though the `ClientCA.files` section.
If present, connections from clients without a certificate will be rejected.
For clients with a certificate, the `optional` option governs the behaviour as follows:
- When `optional = false`, Traefik accepts connections only from clients presenting a certificate signed by a CA listed in `ClientCA.files`.
- When `optional = true`, Traefik authorizes connections from clients presenting a certificate signed by an unknown CA.
```toml
[tlsOptions]
[tlsOptions.default]
[tlsOptions.default.ClientCA]
# in PEM format. each file can contain multiple CAs.
files = ["tests/clientca1.crt", "tests/clientca2.crt"]
optional = false
```
### Cipher Suites
See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
```toml
[tlsOptions]
[tlsOptions.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
```
### Strict SNI Checking
With strict SNI checking, Traefik won't allow connections from clients connections
that do not specify a server_name extension.
```toml
[tlsOptions]
[tlsOptions.default]
sniStrict = true
```

14
docs/content/middlewares/basicauth.md
View file

@ -11,8 +11,12 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
```yaml tab="Docker"
# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="Kubernetes"
@ -76,7 +80,7 @@ The file content is a list of `name:encoded-password`.
??? example "A file containing test/test and test2/test2"
```
```txt
test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
```
@ -109,6 +113,12 @@ spec:
headerField: X-WebAuth-User
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.my-auth.basicauth.headerField": "X-WebAuth-User"
}
```
```toml tab="File"
[http.middlewares.my-auth.basicauth]
# ...

11
docs/content/middlewares/chain.md
View file

@ -19,7 +19,7 @@ labels:
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.schemeredirect.scheme=https"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
@ -69,7 +69,7 @@ kind: Middleware
metadata:
name: https-only
spec:
schemeRedirect:
redirectScheme:
scheme: https
---
apiVersion: traefik.containo.us/v1alpha1
@ -90,7 +90,7 @@ spec:
"traefik.http.routers.router1.rule": "Host(`mydomain`)",
"traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"traefik.http.middlewares.https-only.schemeredirect.scheme": "https",
"traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32",
"http.services.service1.loadbalancer.server.port": "80"
}
@ -103,7 +103,7 @@ labels:
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.schemeredirect.scheme=https"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
- "http.services.service1.loadbalancer.server.port=80"
```
@ -123,7 +123,7 @@ labels:
[http.middlewares.auth-users.BasicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.SchemeRedirect]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
@ -134,5 +134,4 @@ labels:
[http.services.service1.LoadBalancer]
[[http.services.service1.LoadBalancer.Servers]]
URL = "http://127.0.0.1:80"
Weight = 1
```

10
docs/content/middlewares/compress.md
View file

@ -15,6 +15,16 @@ labels:
- "traefik.http.middlewares.test-compress.compress=true"
```
```yaml tab="Kubernetes"
# Enable gzip compression
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-compress
spec:
compress: {}
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-compress.compress": "true"

8
docs/content/middlewares/digestauth.md
View file

@ -69,7 +69,7 @@ The file content is a list of `name:realm:encoded-password`.
??? example "A file containing test/test and test2/test2"
```
```txt
test:traefik:a2688e031edb4be6a3797f3882655c05
test2:traefik:518845800f9e2bfb1f1f740ec24f074e
```
@ -109,6 +109,12 @@ labels:
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.my-auth.digestauth.headerField": "X-WebAuth-User"
}
```
```toml tab="File"
[http.middlewares.my-auth.digestAuth]
# ...

37
docs/content/middlewares/headers.md
View file

@ -26,9 +26,9 @@ metadata:
name: testHeader
spec:
headers:
CustomRequestHeaders:
customRequestHeaders:
X-Script-Name: "test"
CustomResponseHeaders:
customResponseHeaders:
X-Custom-Response-Header: "True"
```
@ -59,7 +59,7 @@ labels:
`X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request,
and the `X-Custom-Response-Header` header removed from the response.
Please note that is not possible to remove headers through the use of Docker labels for now.
Please note that is not possible to remove headers through the use of labels (Docker, Rancher, Marathon, ...) for now.
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
@ -68,17 +68,22 @@ metadata:
name: testHeader
spec:
headers:
CustomRequestHeaders:
customRequestHeaders:
X-Script-Name: "test" # Adds
X-Custom-Request-Header: "" # Removes
CustomResponseHeaders:
customResponseHeaders:
X-Custom-Response-Header: "" # Removes
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name": "test",
}
```
```toml tab="File"
@ -109,8 +114,8 @@ metadata:
name: testHeader
spec:
headers:
FrameDeny: "true"
SSLRedirect: "true"
frameDeny: "true"
sslRedirect: "true"
```
```yaml tab="Rancher"
@ -119,6 +124,13 @@ labels:
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.FrameDeny": "true",
"traefik.http.middlewares.testHeader.Headers.SSLRedirect": "true"
}
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]
@ -163,6 +175,15 @@ labels:
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods": "GET,OPTIONS,PUT",
"traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin": "origin-list-or-null",
"traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge": "100",
"traefik.http.middlewares.testHeader.Headers.AddVaryHeader": "true"
}
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]

13
docs/content/middlewares/ipwhitelist.md
View file

@ -101,6 +101,13 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
}
```
```toml tab="File"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
@ -158,6 +165,12 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs": "127.0.0.1/32, 192.168.1.7"
}
```
```toml tab="File"
# Exclude from `X-Forwarded-For`
[http.middlewares]

6
docs/content/middlewares/maxconnection.md
View file

@ -19,10 +19,10 @@ labels:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: addprefix
name: test-maxconn
spec:
addPrefix:
prefix: /bar
maxConn:
amount: 10
```
```json tab="Marathon"

11
docs/content/middlewares/overview.md
View file

@ -50,7 +50,7 @@ spec:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute.crd
name: ingressroute
spec:
# more fields...
routes:
@ -92,7 +92,6 @@ labels:
[[http.services.service1.LoadBalancer.Servers]]
URL = "http://127.0.0.1:80"
Weight = 1
```
## Advanced Configuration
@ -122,8 +121,8 @@ If you use multiple `providers` and wish to reference a middleware declared in a
image: your-docker-image
labels:
# Attach file.add-foo-prefix middleware (declared in file)
- "traefik.http.routers.middlewares=file.add-foo-prefix"
# Attach file@add-foo-prefix middleware (declared in file)
- "traefik.http.routers.my-container.middlewares=file@add-foo-prefix"
```
## Available Middlewares
@ -135,14 +134,14 @@ If you use multiple `providers` and wish to reference a middleware declared in a
| [Buffering](buffering.md) | Buffers the request/response | Request Lifecycle |
| [Chain](chain.md) | Combine multiple pieces of middleware | Middleware tool |
| [CircuitBreaker](circuitbreaker.md) | Stop calling unhealthy services | Request Lifecycle |
| [Compress](circuitbreaker.md) | Compress the response | Content Modifier |
| [Compress](compress.md) | Compress the response | Content Modifier |
| [DigestAuth](digestauth.md) | Adds Digest Authentication | Security, Authentication |
| [Errors](errorpages.md) | Define custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Authentication delegation | Security, Authentication |
| [Headers](headers.md) | Add / Update headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs | Security, Request lifecycle |
| [MaxConnection](maxconnection.md) | Limit the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | TODO | Security |
| [PassTLSClientCert](passtlsclientcert.md) | Adding Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limit the call frequency | Security, Request lifecycle |
| [RedirectScheme](redirectscheme.md) | Redirect easily the client elsewhere | Request lifecycle |
| [RedirectRegex](redirectregex.md) | Redirect the client elsewhere | Request lifecycle |

24
docs/content/middlewares/passtlsclientcert.md
View file

@ -121,7 +121,29 @@ labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province": "true",
"traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber": "true"
}
```
```toml tab="File"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]

23
docs/content/middlewares/ratelimit.md
View file

@ -32,15 +32,16 @@ metadata:
name: test-ratelimit
spec:
rateLimit:
extractorfunc = "client.ip"
rate0:
period = "10s"
average = 100
burst = 200
rate1:
period = "3s"
average = 5
burst = 10
extractorFunc: client.ip
rateset:
rate0:
period: 10s
average: 100
burst: 200
rate1:
period: 3s
average: 5
burst: 10
```
```json tab="Marathon"
@ -76,12 +77,12 @@ labels:
[http.middlewares.test-ratelimit.ratelimit]
extractorfunc = "client.ip"
[http.middlewares.test-ratelimit.ratelimit.rate0]
[http.middlewares.test-ratelimit.ratelimit.rateset.rate0]
period = "10s"
average = 100
burst = 200
[http.middlewares.test-ratelimit.ratelimit.rate1]
[http.middlewares.test-ratelimit.ratelimit.rateset.rate1]
period = "3s"
average = 5
burst = 10

22
docs/content/middlewares/stripprefix.md
View file

@ -10,39 +10,41 @@ Remove the specified prefixes from the URL path.
## Configuration Examples
```yaml tab="Docker"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar"
```
```yaml tab="Kubernetes"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-stripprefix
spec:
StripPrefix:
prefixes: "foobar, fiibar"
stripPrefix:
prefixes:
- /foobar
- /fiibar
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "foobar, fiibar"
"traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "/foobar, /fiibar"
}
```
```yaml tab="Rancher"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=foobar, fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar"
```
```toml tab="File"
# Replace the path by /foo
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.StripPrefix]
prefixes: "foobar, fiibar"
prefixes = ["/foobar", "/fiibar"]
```
## Configuration Options

4
docs/content/middlewares/stripprefixregex.md
View file

@ -1,4 +1,4 @@
# StripPrefix
# StripPrefixRegex
Removing Prefixes From the Path Before Forwarding the Request (Using a Regex)
{: .subtitle }
@ -22,7 +22,7 @@ kind: Middleware
metadata:
name: test-stripprefixregex
spec:
StripPrefixRegex:
stripPrefixRegex:
regex: "^/foo/(.*)"
```

64
docs/content/observability/access-logs.md
View file

@ -110,38 +110,38 @@ Each field can be set to:
??? list "Available Fields"
```ini
StartUTC
StartLocal
Duration
FrontendName
BackendName
BackendURL
BackendAddr
ClientAddr
ClientHost
ClientPort
ClientUsername
RequestAddr
RequestHost
RequestPort
RequestMethod
RequestPath
RequestProtocol
RequestLine
RequestContentSize
OriginDuration
OriginContentSize
OriginStatus
OriginStatusLine
DownstreamStatus
DownstreamStatusLine
DownstreamContentSize
RequestCount
GzipRatio
Overhead
RetryAttempts
```
| Field | Description |
|-------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `StartUTC` | The time at which request processing started. |
| `StartLocal` | The local time at which request processing started. |
| `Duration` | The total time taken by processing the response, including the origin server's time but not the log writing time. |
| `FrontendName` | The name of the Traefik frontend. |
| `BackendName` | The name of the Traefik backend. |
| `BackendURL` | The URL of the Traefik backend. |
| `BackendAddr` | The IP:port of the Traefik backend (extracted from `BackendURL`) |
| `ClientAddr` | The remote address in its original form (usually IP:port). |
| `ClientHost` | The remote IP address from which the client request was received. |
| `ClientPort` | The remote TCP port from which the client request was received. |
| `ClientUsername` | The username provided in the URL, if present. |
| `RequestAddr` | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API. |
| `RequestHost` | The HTTP Host server name (not including port). |
| `RequestPort` | The TCP port from the HTTP Host. |
| `RequestMethod` | The HTTP method. |
| `RequestPath` | The HTTP request URI, not including the scheme, host or port. |
| `RequestProtocol` | The version of HTTP requested. |
| `RequestLine` | `RequestMethod` + `RequestPath` + `RequestProtocol` |
| `RequestContentSize` | The number of bytes in the request entity (a.k.a. body) sent by the client. |
| `OriginDuration` | The time taken by the origin server ('upstream') to return its response. |
| `OriginContentSize` | The content length specified by the origin server, or 0 if unspecified. |
| `OriginStatus` | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent. |
| `OriginStatusLine` | `OriginStatus` + Status code explanation |
| `DownstreamStatus` | The HTTP status code returned to the client. |
| `DownstreamStatusLine` | `DownstreamStatus` + Status code explanation |
| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
| `RequestCount` | The number of requests received since the Traefik instance started. |
| `GzipRatio` | The response body compression ratio achieved. |
| `Overhead` | The processing time overhead caused by Traefik. |
| `RetryAttempts` | The amount of attempts the request was retried. |
## Log Rotation

168
docs/content/operations/api.md Normal file
View file

@ -0,0 +1,168 @@
# API
Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc.
As with all features of Traefik, this handler can be enabled with the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
## Security
Enabling the API in production is not recommended, because it will expose all configuration elements,
including sensitive data.
In production, it should be at least secured by authentication and authorizations.
A good sane default (non exhaustive) set of recommendations
would be to apply the following protection mechanisms:
* At the application level:
securing with middlewares such as [basic authentication](../middlewares/basicauth.md) or [white listing](../middlewares/ipwhitelist.md).
* At the transport level:
NOT publicly exposing the API's port,
keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
## Configuration
To enable the API handler:
```toml tab="File"
[api]
```
```bash tab="CLI"
--api
```
### `dashboard`
_Optional, Default=true_
Enable the dashboard. More about the dashboard features [here](./dashboard.md).
```toml tab="File"
[api]
dashboard = true
```
```bash tab="CLI"
--api.dashboard
```
### `entrypoint`
_Optional, Default="traefik"_
The entry point that the API handler will be bound to.
The default ("traefik") is an internal entry point (which is always defined).
```toml tab="File"
[api]
entrypoint = "web"
```
```bash tab="CLI"
--api.entrypoint="web"
```
### `middlewares`
_Optional, Default=empty_
The list of [middlewares](../middlewares/overview.md) applied to the API handler.
```toml tab="File"
[api]
middlewares = ["api-auth", "api-prefix"]
```
```bash tab="CLI"
--api.middlewares="api-auth,api-prefix"
```
### `debug`
_Optional, Default=false_
Enable additional endpoints for debugging and profiling, served under `/debug/`.
```toml tab="File"
[api]
debug = true
```
```bash tab="CLI"
--api.debug=true
```
## Endpoints
All the following endpoints must be accessed with a `GET` HTTP request.
| Path | Description |
|--------------------------------|-------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. |
| `/api/http/routers/{name}` | Returns the information of the HTTP router specified by `name`. |
| `/api/http/services` | Lists all the HTTP services information. |
| `/api/http/services/{name}` | Returns the information of the HTTP service specified by `name`. |
| `/api/http/middlewares` | Lists all the HTTP middlewares information. |
| `/api/http/middlewares/{name}` | Returns the information of the HTTP middleware specified by `name`. |
| `/api/tcp/routers` | Lists all the TCP routers information. |
| `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name`. |
| `/api/tcp/services` | Lists all the TCP services information. |
| `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name`. |
| `/api/version` | Returns information about Traefik version. |
| `/debug/vars` | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
| `/debug/pprof/` | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. |
| `/debug/pprof/cmdline` | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation. |
| `/debug/pprof/profile` | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. |
| `/debug/pprof/symbol` | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. |
| `/debug/pprof/trace` | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. |
## Common Configuration Use Cases
### Address / Port
You can define a custom address/port like this:
```toml
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.foo]
address = ":8082"
[entryPoints.bar]
address = ":8083"
[ping]
entryPoint = "foo"
[api]
entryPoint = "bar"
```
In the above example, you would access a service at /foo, an api endpoint, or the health-check as follows:
* Service: `http://hostname:80/foo`
* API: `http://hostname:8083/api/http/routers`
* Ping URL: `http://hostname:8082/ping`
### Authentication
To restrict access to the API handler, one can add authentication with the [basic auth middleware](../middlewares/basicauth.md).
```toml
[api]
middlewares=["api-auth"]
```
```toml
[http.middlewares]
[http.middlewares.api-auth.basicauth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

60
docs/content/operations/cli.md
View file

@ -6,48 +6,56 @@ The Traefik Command Line
## General
```bash
traefik [command] [--flag=flag_argument]
traefik [command] [flags] [arguments]
```
Available commands:
Use `traefik [command] --help` for help on any command.
- `version` : Print version
- `storeconfig` : Store the static Traefik configuration into a Key-value stores. Please refer to the `Store Traefik configuration`(TODO: add doc and link) section to get documentation on it.
- `healthcheck`: Calls Traefik `/ping` to check health.
Commands:
Each command can have additional flags.
- `healthcheck` Calls Traefik `/ping` to check the health of Traefik (the API must be enabled).
- `version` Shows the current Traefik version.
All those flags will be displayed with:
Flag's usage:
```bash
traefik [command] --help
# set flag_argument to flag(s)
traefik [--flag=flag_argument] [-f [flag_argument]]
# set true/false to boolean flag(s)
traefik [--flag[=true|false| ]] [-f [true|false| ]]
```
Each command is described at the beginning of the help section:
### healthcheck
```bash
traefik --help
Calls Traefik `/ping` to check the health of Traefik.
Its exit status is `0` if Traefik is healthy and `1` otherwise.
# or
docker run traefik[:version] --help
# ex: docker run traefik:1.5 --help
```
### Command: healthcheck
Checks the health of Traefik.
Its exit status is `0` if Traefik is healthy and `1` if it is unhealthy.
This can be used with Docker [HEALTHCHECK](https://docs.docker.com/engine/reference/builder/#healthcheck) instruction or any other health check orchestration mechanism.
This can be used with Docker [HEALTHCHECK](https://docs.docker.com/engine/reference/builder/#healthcheck) instruction
or any other health check orchestration mechanism.
!!! note
The [`ping` endpoint](../ping/) must be enabled to allow the `healthcheck` command to call `/ping`.
```bash
traefik healthcheck
```
Usage:
```bash
traefik healthcheck [command] [flags] [arguments]
```
Example:
```bash
$ traefik healthcheck
OK: http://:8082/ping
```
### version
Shows the current Traefik version.
Usage:
```bash
traefik version [command] [flags] [arguments]
```

15
docs/content/operations/debug-mode.md
View file

@ -1,15 +0,0 @@
# The Debug Mode
Getting More Information (Not For Production)
{: .subtitle }
The debug mode will make Traefik be _extremely_ verbose in its logs, and is NOT intended for production purposes.
## Configuration Example
??? example "TOML -- Enabling the Debug Mode"
```toml
[Global]
debug = true
```

15
docs/content/providers/crd_ingress_route.yml
View file

@ -11,3 +11,18 @@ spec:
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced

41
docs/content/providers/docker.md
View file

@ -45,7 +45,7 @@ Attach labels to your containers and let Traefik do the rest!
swarmMode = true
```
Attaching labels to containers (in your docker compose file)
Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
```yaml
version: "3"
@ -57,13 +57,13 @@ Attach labels to your containers and let Traefik do the rest!
```
!!! important "Labels in Docker Swarm Mode"
If you use a compose file with the Swarm mode, labels should be defined in the `deploy` part of your service.
While in Swarm Mode, Traefik uses labels found on services, not on individual containers. Therefore, if you use a compose file with Swarm Mode, labels should be defined in the `deploy` part of your service.
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/#labels-1)).
## Provider Configuration Options
!!! tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/docker.md) configuration references.
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration/overview.md) and the [dynamic](../reference/dynamic-configuration/docker.md) configuration references.
### `endpoint`
@ -86,7 +86,7 @@ Traefik requires access to the docker socket to get its dynamic configuration.
- [KubeCon EU 2018 Keynote, Running with Scissors, from Liz Rice](https://www.youtube.com/watch?v=ltrV-Qmh3oY)
- [Don't expose the Docker socket (not even to a container)](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container.html)
- [A thread on Stack Overflow about sharing the `/var/run/docker.sock` file](https://news.ycombinator.com/item?id=17983623)
- [To Dind or not to DinD](https://blog.loof.fr/2018/01/to-dind-or-not-do-dind.html)
- [To DinD or not to DinD](https://blog.loof.fr/2018/01/to-dind-or-not-do-dind.html)
??? tip "Security Compensation"
@ -147,12 +147,14 @@ _Optional, Default=false_
Traefik routes requests to the IP/Port of the matching container.
When setting `usebindportip=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port.
When used in conjunction with the `traefik.port` label (that tells Traefik to route requests to a specific port), Traefik tries to find a binding on port `traefik.port`.
If it can't find such a binding, Traefik falls back on the internal network IP of the container, but still uses the `traefik.port` that is set in the label.
When used in conjunction with the `traefik.http.services.XXX.loadbalancer.server.port` label (that tells Traefik to route requests to a specific port),
Traefik tries to find a binding on port `traefik.http.services.XXX.loadbalancer.server.port`.
If it can't find such a binding, Traefik falls back on the internal network IP of the container,
but still uses the `traefik.http.services.XXX.loadbalancer.server.port` that is set in the label.
??? example "Examples of `usebindportip` in different situations."
| traefik.port label | Container's binding | Routes to |
| port label | Container's binding | Routes to |
|--------------------|----------------------------------------------------|----------------|
| - | - | IntIP:IntPort |
| - | ExtPort:IntPort | IntIP:IntPort |
@ -182,15 +184,24 @@ This option can be overridden on a container basis with the `traefik.docker.netw
### `defaultRule`
_Optional, Default=Host(`{{ normalize .Name }}`)_
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/),
augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
The container service name can be accessed as the Name identifier,
The container service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container.
``defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"``
```toml tab="File"
[docker]
defaultRule = ""
# ...
```
```txt tab="CLI"
--providers.docker
--providers.docker.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
### `swarmMode`
@ -221,7 +232,7 @@ Every [Router](../routing/routers/index.md) parameter can be updated this way.
### Services
To update the configuration of the Service automatically attached to the container, add labels starting with `traefik.http.services.{name-of-your-choice}.`, followed by the option you want to change. For example, to change the load balancer method, you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.method=drr`.
To update the configuration of the Service automatically attached to the container, add labels starting with `traefik.http.services.{name-of-your-choice}.`, followed by the option you want to change. For example, to change the passhostheader behavior, you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false`.
Every [Service](../routing/services/index.md) parameter can be updated this way.
@ -236,14 +247,16 @@ You can declare pieces of middleware using labels starting with `traefik.http.mi
my-container:
# ...
labels:
- traefik.http.middlewares.my-redirect.schemeredirect.scheme=https
- traefik.http.routers.middlewares=my-redirect
- traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
- traefik.http.routers.my-container.middlewares=my-redirect
```
!!! warning "Conflicts in Declaration"
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### TCP
You can declare TCP Routers and/or Services using labels.
@ -262,7 +275,7 @@ You can declare TCP Routers and/or Services using labels.
!!! warning "TCP and HTTP"
If you declare a TCP Router/Service, it will prevent Traefik from automatically create an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
### Specific Options

22
docs/content/providers/file.md
View file

@ -7,8 +7,8 @@ The file provider lets you define the [dynamic configuration](./overview.md) in
You can write these configuration elements:
* At the end of the main Traefik configuration file (by default: `traefik.toml`).
* In [a dedicated file](#filename-optional)
* In [several dedicated files](#directory-optional)
* In [a dedicated file](#filename)
* In [several dedicated files](#directory)
!!! note
The file provider is the default format used throughout the documentation to show samples of the configuration for many features.
@ -44,21 +44,20 @@ You can write these configuration elements:
[http.services]
[http.services.service-foo]
[http.services.service-foo.LoadBalancer]
method = "wrr"
[[http.services.service-foo.LoadBalancer.Servers]]
url = "http://foo/"
weight = 30
[[http.services.service-foo.LoadBalancer.Servers]]
url = "http://bar/"
weight = 70
```
## Provider Configuration Options
!!! tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/file.md) configuration references.
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration/overview.md) and the [dynamic](../reference/dynamic-configuration/file.md) configuration references.
### `filename` (_Optional_)
### `filename`
_Optional_
Defines the path of the configuration file.
@ -68,7 +67,9 @@ Defines the path of the configuration file.
filename = "rules.toml"
```
### `directory` (_Optional_)
### `directory`
_Optional_
Defines the directory that contains the configuration files.
@ -78,7 +79,9 @@ Defines the directory that contains the configuration files.
directory = "/path/to/config"
```
### `watch` (_Optional_)
### `watch`
_Optional_
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
It works with both the `filename` and the `directory` options.
@ -145,5 +148,4 @@ Thus, it's possible to define easily lot of routers, services and TLS certificat
[TLSConfig.TLS{{ $e }}]
# ...
{{ end }}
```

26
docs/content/providers/kubernetes-crd.md
View file

@ -145,13 +145,13 @@ If you're in a hurry, maybe you'd rather go through the [dynamic](../reference/d
--8<-- "content/providers/crd_ingress_route.yml"
```
That `IngressRoute` kind can then be used to define an `IngressRoute` object, such as:
That `IngressRoute` kind can then be used to define an `IngressRoute` object, such as in:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutefoo.crd
name: ingressroutefoo
spec:
entryPoints:
@ -170,6 +170,22 @@ spec:
services:
- name: whoami
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcpfoo.crd
spec:
entryPoints:
- footcp
routes:
# Match is the rule corresponding to an underlying router.
- match: HostSNI(`*`)
services:
- name: whoamitcp
port: 8080
```
### Middleware
@ -197,7 +213,7 @@ spec:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar.crd
name: ingressroutebar
spec:
entryPoints:
@ -212,6 +228,8 @@ spec:
- name: stripprefix
```
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### TLS
To allow for TLS, we made use of the `Secret` kind, as it was already defined, and it can be directly used in an `IngressRoute`:
@ -230,7 +248,7 @@ data:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutetls.crd
name: ingressroutetls
spec:
entryPoints:

12
docs/content/providers/marathon.md
View file

@ -49,7 +49,7 @@ See also [Marathon user guide](../user-guides/marathon.md).
## Provider Configuration Options
!!! tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration.md) and the [dynamic](../reference/dynamic-configuration/marathon.md) configuration references.
If you're in a hurry, maybe you'd rather go through the [static](../reference/static-configuration/overview.md) and the [dynamic](../reference/dynamic-configuration/marathon.md) configuration references.
### `basic`
@ -262,14 +262,14 @@ Every [Router](../routing/routers/index.md) parameter can be updated this way.
To update the configuration of the Service automatically attached to the container,
add labels starting with `traefik.HTTP.Services.{service-name-of-your-choice}.`, followed by the option you want to change.
For example, to change the load balancer method, you'd add the label `traefik.HTTP.Services.Servicename.LoadBalancer.Method=drr`.
For example, to change the passhostheader behavior, you'd add the label `traefik.HTTP.Services.Servicename.LoadBalancer.PassHostHeader=false`.
Every [Service](../routing/services/index.md) parameter can be updated this way.
### Middleware
You can declare pieces of middleware using labels starting with `traefik.HTTP.Middlewares.{middleware-name-of-your-choice}.`, followed by the middleware type/options.
For example, to declare a middleware [`schemeredirect`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.HTTP.Middlewares.my-redirect.RedirectScheme.Scheme: https`.
For example, to declare a middleware [`redirectscheme`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.HTTP.Middlewares.my-redirect.RedirectScheme.Scheme: https`.
??? example "Declaring and Referencing a Middleware"
@ -277,8 +277,8 @@ For example, to declare a middleware [`schemeredirect`](../middlewares/redirects
{
...
"labels": {
"traefik.http.middlewares.my-redirect.schemeredirect.scheme": "https",
"traefik.http.routers.middlewares": "my-redirect"
"traefik.http.middlewares.my-redirect.redirectscheme.scheme": "https",
"traefik.http.routers.my-container.middlewares": "my-redirect"
}
}
```
@ -287,6 +287,8 @@ For example, to declare a middleware [`schemeredirect`](../middlewares/redirects
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### TCP
You can declare TCP Routers and/or Services using labels.

2
docs/content/providers/overview.md
View file

@ -43,7 +43,7 @@ Below is the list of the currently supported providers in Traefik.
## Constraints Configuration
If you want to limit the scope of Traefik service discovery, you can set constraints.
If you want to limit the scope of Traefik's service discovery, you can set constraints.
Doing so, Traefik will create routes for containers that match these constraints only.
??? example "Containers with the api Tag"

52
docs/content/providers/rancher.md
View file

@ -1,15 +1,20 @@
# Traefik & Rancher
A Story of Labels, Services & Container
A Story of Labels, Services & Containers
{: .subtitle }
![Rancher](../assets/img/providers/rancher.png)
Attach labels to your services and let Traefik do the rest!
!!! important
This provider is specific to Rancher 1.x.
Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query.
As such, Rancher 2.x users should utilize the [Kubernetes provider](./kubernetes-crd.md) directly.
## Configuration Examples
??? example "Configuring Docker & Deploying / Exposing Services"
??? example "Configuring Rancher & Deploying / Exposing Services"
Enabling the rancher provider
@ -34,22 +39,16 @@ Attach labels to your services and let Traefik do the rest!
# Rancher Provider
################################################################
# Enable Docker Provider.
# Enable Rancher Provider.
[rancher]
# The default host rule for all services.
#
# Optionnal
#
DefaultRule = "unix:///var/run/docker.sock"
# Expose Rancher services by default in Traefik.
#
# Optional
#
ExposedByDefault = "docker.localhost"
ExposedByDefault = "true"
# Enable watch docker changes.
# Enable watch Rancher changes.
#
# Optional
#
@ -89,10 +88,27 @@ If set to false, services that don't have a `traefik.enable=true` label will be
### `DefaultRule`
_Optional_
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
The default host rule for all services.
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/),
augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
The service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File"
[rancher]
defaultRule = ""
# ...
```
```txt tab="CLI"
--providers.rancher
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
### `EnableServiceHealthFilter`
@ -136,29 +152,31 @@ Every [Router](../routing/routers/index.md) parameter can be updated this way.
### Services
To update the configuration of the Service automatically attached to the container, add labels starting with `traefik.http.services.{name-of-your-choice}.`,
followed by the option you want to change. For example, to change the load balancer method,
you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.method=drr`.
followed by the option you want to change. For example, to change the passhostheader behavior,
you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false`.
Every [Service](../routing/services/index.md) parameter can be updated this way.
### Middleware
You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{name-of-your-choice}.`, followed by the middleware type/options.
For example, to declare a middleware [`schemeredirect`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.schemeredirect.scheme: https`.
For example, to declare a middleware [`redirectscheme`](../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.redirectscheme.scheme: https`.
??? example "Declaring and Referencing a Middleware"
```yaml
# ...
labels:
- traefik.http.middlewares.my-redirect.schemeredirect.scheme=https
- traefik.http.routers.middlewares=my-redirect
- traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
- traefik.http.routers.my-container.middlewares=my-redirect
```
!!! warning "Conflicts in Declaration"
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
More information about available middlewares in the dedicated [middlewares section](../middlewares/overview.md).
### Specific Options
#### `traefik.enable`

8
docs/content/reference/dynamic-configuration/file.toml
View file

@ -9,6 +9,7 @@
Rule = "foobar"
priority = 42
[HTTP.Routers.Router0.tls]
options = "TLS0"
[HTTP.Middlewares]
@ -172,19 +173,16 @@
[HTTP.Services]
[HTTP.Services.Service0]
[HTTP.Services.Service0.LoadBalancer]
Method = "foobar"
PassHostHeader = true
[[HTTP.Services.Service0.LoadBalancer.Servers]]
URL = "foobar"
Weight = 42
[HTTP.Services.Service0.LoadBalancer.Stickiness]
CookieName = "foobar"
[[HTTP.Services.Service0.LoadBalancer.Servers]]
URL = "foobar"
Weight = 42
[HTTP.Services.Service0.LoadBalancer.HealthCheck]
Scheme = "foobar"
@ -209,20 +207,18 @@
Rule = "foobar"
[TCP.Routers.TCPRouter0.tls]
passthrough = true
options = "TLS1"
[TCP.Services]
[TCP.Services.TCPService0]
[TCP.Services.TCPService0.LoadBalancer]
Method = "foobar"
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
Address = "foobar"
Weight = 42
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
Address = "foobar"
Weight = 42
[[TLS]]
Stores = ["foobar", "foobar"]

39
docs/content/reference/dynamic-configuration/kubernetes-crd.yml
View file

@ -26,11 +26,26 @@ spec:
singular: middleware
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute.crd
name: ingressroute
spec:
entryPoints:
- web
@ -67,5 +82,25 @@ spec:
middlewares:
- name: stripprefix
- name: addprefix
# use an empty tls object for TLS with Let's Encrypt
tls:
secretName: supersecret
secretName: supersecret
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: ingressroutetcp.crd
namespace: default
spec:
entryPoints:
- footcp
routes:
- match: HostSNI(`bar.com`)
services:
- name: whoamitcp
port: 8080
tls:
secretName: foosecret
passthrough: false

13
docs/content/reference/dynamic-configuration/labels.yml
View file

@ -109,11 +109,13 @@ labels:
- "traefik.HTTP.Routers.Router0.Rule=foobar"
- "traefik.HTTP.Routers.Router0.Service=foobar"
- "traefik.HTTP.Routers.Router0.TLS=true"
- "traefik.HTTP.Routers.Router0.TLS.options=foo"
- "traefik.HTTP.Routers.Router1.EntryPoints=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Middlewares=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Priority=42"
- "traefik.HTTP.Routers.Router1.Rule=foobar"
- "traefik.HTTP.Routers.Router1.Service=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name1=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Hostname=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Interval=foobar"
@ -121,12 +123,10 @@ labels:
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Port=42"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Timeout=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.Method=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.PassHostHeader=true"
- "traefik.HTTP.Services.Service0.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Port=8080"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Weight=42"
- "traefik.HTTP.Services.Service0.LoadBalancer.Stickiness.CookieName=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name0=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name1=foobar"
@ -136,24 +136,19 @@ labels:
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Port=42"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Scheme=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Timeout=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.Method=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.PassHostHeader=true"
- "traefik.HTTP.Services.Service1.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Port=8080"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Weight=42"
- "traefik.TCP.Routers.Router0.Rule=foobar"
- "traefik.TCP.Routers.Router0.EntryPoints=foobar, fiibar"
- "traefik.TCP.Routers.Router0.Service=foobar"
- "traefik.TCP.Routers.Router0.TLS.Passthrough=false"
- "traefik.TCP.Routers.Router0.TLS.options=bar"
- "traefik.TCP.Routers.Router1.Rule=foobar"
- "traefik.TCP.Routers.Router1.EntryPoints=foobar, fiibar"
- "traefik.TCP.Routers.Router1.Service=foobar"
- "traefik.TCP.Routers.Router1.TLS.Passthrough=false"
- "traefik.TCP.Services.Service0.LoadBalancer.Method=foobar"
- "traefik.TCP.Routers.Router1.TLS.options=foobar"
- "traefik.TCP.Services.Service0.LoadBalancer.server.Port=42"
- "traefik.TCP.Services.Service0.LoadBalancer.server.Weight=42"
- "traefik.TCP.Services.Service1.LoadBalancer.Method=foobar"
- "traefik.TCP.Services.Service1.LoadBalancer.server.Port=42"
- "traefik.TCP.Services.Service1.LoadBalancer.server.Weight=42"

13
docs/content/reference/static-configuration.md
View file

@ -1,13 +0,0 @@
# Static Configuration
## File
```toml
--8<-- "content/reference/static-configuration.toml"
```
## CLI
```txt
--8<-- "content/reference/static-configuration.txt"
```

203
docs/content/reference/static-configuration.txt
View file

@ -1,203 +0,0 @@
--accesslog Access log settings (default "false")
--accesslog.bufferingsize Number of access log lines to process in a buffered way. Default 0. (default "0")
--accesslog.fields AccessLogFields (default "false")
--accesslog.fields.defaultmode Default mode for fields: keep | drop (default "keep")
--accesslog.fields.headers Headers to keep, drop or redact (default "false")
--accesslog.fields.headers.defaultmode Default mode for fields: keep | drop | redact (default "keep")
--accesslog.fields.headers.names Override mode for headers (default "map[]")
--accesslog.fields.names Override mode for fields (default "map[]")
--accesslog.filepath Access log file path. Stdout is used when omitted or empty
--accesslog.filters Access log filters, used to keep only specific access logs (default "false")
--accesslog.filters.minduration Keep access logs when request took longer than the specified duration (default "0s")
--accesslog.filters.retryattempts Keep access logs when at least one retry happened (default "false")
--accesslog.filters.statuscodes Keep access logs with status codes in the specified range (default "[]")
--accesslog.format Access log format: json | common (default "common")
--acme Enable ACME (Let's Encrypt): automatic SSL (default "false")
--acme.acmelogging Enable debug logging of ACME actions. (default "false")
--acme.caserver CA server to use.
--acme.dnschallenge Activate DNS-01 Challenge (default "false")
--acme.dnschallenge.delaybeforecheck Assume DNS propagates after a delay in seconds rather than finding and querying (default "0s")
nameservers.
--acme.dnschallenge.disablepropagationcheck Disable the DNS propagation checks before notifying ACME that the DNS challenge (default "false")
is ready. [not recommended]
--acme.dnschallenge.provider Use a DNS-01 based challenge provider rather than HTTPS.
--acme.dnschallenge.resolvers Use following DNS servers to resolve the FQDN authority.
--acme.domains CN and SANs (alternative domains) to each main domain using format: (default "[]")
--acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No
SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge
--acme.email Email address used for registration
--acme.entrypoint EntryPoint to use.
--acme.httpchallenge Activate HTTP-01 Challenge (default "false")
--acme.httpchallenge.entrypoint HTTP challenge EntryPoint
--acme.keytype KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. Default to 'RSA4096'
--acme.onhostrule Enable certificate generation on frontends Host rules. (default "false")
--acme.storage Storage to use.
--acme.tlschallenge Activate TLS-ALPN-01 Challenge (default "false")
--api Enable api/dashboard (default "false")
--api.dashboard Activate dashboard (default "true")
--api.entrypoint EntryPoint (default "traefik")
--api.middlewares Middleware list
--api.statistics Enable more detailed statistics (default "true")
--api.statistics.recenterrors Number of recent errors logged (default "10")
-c, --configfile Configuration file to use (TOML).
--entrypoints Entrypoints definition using format: --entryPoints='Name:http Address::8000 (default "map[]")
Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442
TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'
--global Global configuration options (default "true")
--global.checknewversion Periodically check if a new version has been released (default "true")
-d, --global.debug Enable debug mode (default "false")
--global.sendanonymoususage send periodically anonymous usage statistics (default "false")
--hostresolver Enable CNAME Flattening (default "false")
--hostresolver.cnameflattening A flag to enable/disable CNAME flattening (default "false")
--hostresolver.resolvconfig resolv.conf used for DNS resolving (default "/etc/resolv.conf")
--hostresolver.resolvdepth The maximal depth of DNS recursive resolving (default "5")
--log Traefik log settings (default "false")
--log.filepath Traefik log file path. Stdout is used when omitted or empty
--log.format Traefik log format: json | common (default "common")
--log.level Log level set to traefik logs.
--metrics Enable a metrics exporter (default "false")
--metrics.datadog DataDog metrics exporter type (default "false")
--metrics.datadog.address DataDog's address (default "localhost:8125")
--metrics.datadog.pushinterval DataDog push interval (default "10s")
--metrics.influxdb InfluxDB metrics exporter type (default "false")
--metrics.influxdb.address InfluxDB address (default "localhost:8089")
--metrics.influxdb.database InfluxDB database used when protocol is http
--metrics.influxdb.password InfluxDB password (only with http)
--metrics.influxdb.protocol InfluxDB address protocol (udp or http) (default "udp")
--metrics.influxdb.pushinterval InfluxDB push interval (default "10s")
--metrics.influxdb.retentionpolicy InfluxDB retention policy used when protocol is http
--metrics.influxdb.username InfluxDB username (only with http)
--metrics.prometheus Prometheus metrics exporter type (default "false")
--metrics.prometheus.buckets Buckets for latency metrics (default "[0.1 0.3 1.2 5]")
--metrics.prometheus.entrypoint EntryPoint (default "traefik")
--metrics.prometheus.middlewares Middlewares
--metrics.statsd StatsD metrics exporter type (default "false")
--metrics.statsd.address StatsD address (default "localhost:8125")
--metrics.statsd.pushinterval StatsD push interval (default "10s")
--ping Enable ping (default "false")
--ping.entrypoint Ping entryPoint (default "traefik")
--ping.middlewares Middleware list
--providers Providers configuration (default "false")
--providers.docker Enable Docker backend with default settings (default "false")
--providers.docker.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.docker.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.docker.endpoint Docker server endpoint. Can be a tcp or a unix socket endpoint (default "unix:///var/run/docker.sock")
--providers.docker.exposedbydefault Expose containers by default (default "true")
--providers.docker.network Default Docker network used
--providers.docker.swarmmode Use Docker on Swarm Mode (default "false")
--providers.docker.swarmmoderefreshseconds Polling interval for swarm mode (in seconds) (default "15")
--providers.docker.tls Enable Docker TLS support (default "false")
--providers.docker.tls.ca TLS CA
--providers.docker.tls.caoptional TLS CA.Optional (default "false")
--providers.docker.tls.cert TLS cert
--providers.docker.tls.insecureskipverify TLS insecure skip verify (default "false")
--providers.docker.tls.key TLS key
--providers.docker.usebindportip Use the ip address from the bound port, rather than from the inner network (default "false")
--providers.docker.watch Watch provider (default "true")
--providers.file Enable File backend with default settings (default "true")
--providers.file.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--providers.file.directory Load configuration from one or more .toml files in a directory
--providers.file.filename Override default configuration template. For advanced users :)
--providers.file.watch Watch provider (default "true")
--providers.kubernetes Enable Kubernetes backend with default settings (default "true")
--providers.kubernetes.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
--providers.kubernetes.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
--providers.kubernetes.endpoint Kubernetes server endpoint (required for external cluster client)
--providers.kubernetes.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
--providers.kubernetes.ingressendpoint Kubernetes Ingress Endpoint (default "false")
--providers.kubernetes.ingressendpoint.hostname Hostname used for Kubernetes Ingress endpoints
--providers.kubernetes.ingressendpoint.ip IP used for Kubernetes Ingress endpoints
--providers.kubernetes.ingressendpoint.publishedservice Published Kubernetes Service to copy status from
--providers.kubernetes.labelselector Kubernetes Ingress label selector to use
--providers.kubernetes.namespaces Kubernetes namespaces (default "[]")
--providers.kubernetes.token Kubernetes bearer token (not needed for in-cluster client)
--providers.kubernetescrd Enable Kubernetes backend with default settings (default "false")
--providers.kubernetescrd.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
--providers.kubernetescrd.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
--providers.kubernetescrd.endpoint Kubernetes server endpoint (required for external cluster client)
--providers.kubernetescrd.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
--providers.kubernetescrd.labelselector Kubernetes label selector to use
--providers.kubernetescrd.namespaces Kubernetes namespaces (default "[]")
--providers.kubernetescrd.token Kubernetes bearer token (not needed for in-cluster client)
--providers.marathon Enable Marathon backend with default settings (default "false")
--providers.marathon.basic Enable basic authentication (default "false")
--providers.marathon.basic.httpbasicauthuser Basic authentication User
--providers.marathon.basic.httpbasicpassword Basic authentication Password
--providers.marathon.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.marathon.dcostoken DCOSToken for DCOS environment, This will override the Authorization header
--providers.marathon.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.marathon.dialertimeout Set a dialer timeout for Marathon (default "5s")
--providers.marathon.endpoint Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080")
--providers.marathon.exposedbydefault Expose Marathon apps by default (default "true")
--providers.marathon.filtermarathonconstraints Enable use of Marathon constraints in constraint filtering (default "false")
--providers.marathon.forcetaskhostname Force to use the task's hostname. (default "false")
--providers.marathon.keepalive Set a TCP Keep Alive time in seconds (default "10s")
--providers.marathon.respectreadinesschecks Filter out tasks with non-successful readiness checks during deployments (default "false")
--providers.marathon.responseheadertimeout Set a response header timeout for Marathon (default "1m0s")
--providers.marathon.tls Enable TLS support (default "false")
--providers.marathon.tls.ca TLS CA
--providers.marathon.tls.caoptional TLS CA.Optional (default "false")
--providers.marathon.tls.cert TLS cert
--providers.marathon.tls.insecureskipverify TLS insecure skip verify (default "false")
--providers.marathon.tls.key TLS key
--providers.marathon.tlshandshaketimeout Set a TLS handhsake timeout for Marathon (default "5s")
--providers.marathon.trace Display additional provider logs. (default "false")
--providers.marathon.watch Watch provider (default "true")
--providers.providersthrottleduration Backends throttle duration: minimum duration between 2 events from providers (default "2s")
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--providers.rancher Enable Rancher backend with default settings (default "true")
--providers.rancher.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.rancher.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.rancher.exposedbydefault Expose containers by default (default "true")
--providers.rancher.intervalpoll Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate) (default "false")
--providers.rancher.prefix Prefix used for accessing the Rancher metadata service (default "latest")
--providers.rancher.watch Watch provider (default "true")
--providers.rest Enable Rest backend with default settings (default "true")
--providers.rest.entrypoint EntryPoint (default "traefik")
--serverstransport Servers default transport (default "true")
--serverstransport.forwardingtimeouts Timeouts for requests forwarded to the backend servers (default "true")
--serverstransport.forwardingtimeouts.dialtimeout The amount of time to wait until a connection to a backend server can be (default "0s")
established. Defaults to 30 seconds. If zero, no timeout exists
--serverstransport.forwardingtimeouts.responseheadertimeout The amount of time to wait for a server's response headers after fully writing (default "0s")
the request (including its body, if any). If zero, no timeout exists
--serverstransport.insecureskipverify Disable SSL certificate verification (default "false")
--serverstransport.maxidleconnsperhost If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, (default "200")
DefaultMaxIdleConnsPerHost is used
--serverstransport.rootcas Add cert file for self-signed certificate
--tracing OpenTracing configuration (default "false")
--tracing.backend Selects the tracking backend ('jaeger','zipkin','datadog','instana'). (default "jaeger")
--tracing.datadog Settings for DataDog (default "false")
--tracing.datadog.bagageprefixheadername specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.datadog.debug Enable DataDog debug. (default "false")
--tracing.datadog.globaltag Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport Set datadog-agent's host:port that the reporter will used. Defaults to (default "localhost:8126")
localhost:8126
--tracing.datadog.parentidheadername Specifies the header name that will be used to store the parent ID.
--tracing.datadog.prioritysampling Enable priority sampling. When using distributed tracing, this option must be (default "false")
enabled in order to get all the parts of a distributed trace sampled.
--tracing.datadog.samplingpriorityheadername Specifies the header name that will be used to store the sampling priority.
--tracing.datadog.traceidheadername Specifies the header name that will be used to store the trace ID.
--tracing.instana Settings for Instana (default "false")
--tracing.instana.localagenthost Set instana-agent's host that the reporter will used. (default "localhost")
--tracing.instana.localagentport Set instana-agent's port that the reporter will used. (default "42699")
--tracing.instana.loglevel Set instana-agent's log level. ('error','warn','info','debug') (default "info")
--tracing.jaeger Settings for jaeger (default "false")
--tracing.jaeger.gen128bit generate 128 bit span IDs. (default "false")
--tracing.jaeger.localagenthostport set jaeger-agent's host:port that the reporter will used. (default "127.0.0.1:6831")
--tracing.jaeger.propagation which propgation format to use (jaeger/b3). (default "jaeger")
--tracing.jaeger.samplingparam set the sampling parameter. (default "1")
--tracing.jaeger.samplingserverurl set the sampling server url. (default "http://localhost:5778/sampling")
--tracing.jaeger.samplingtype set the sampling type. (default "const")
--tracing.jaeger.tracecontextheadername set the header to use for the trace-id. (default "uber-trace-id")
--tracing.servicename Set the name for this service (default "traefik")
--tracing.spannamelimit Set the maximum character limit for Span names (default 0 = no limit) (default "0")
--tracing.zipkin Settings for zipkin (default "false")
--tracing.zipkin.debug Enable Zipkin debug. (default "false")
--tracing.zipkin.httpendpoint HTTP Endpoint to report traces to. (default "http://localhost:9411/api/v1/spans")
--tracing.zipkin.id128bit Use Zipkin 128 bit root span IDs. (default "true")
--tracing.zipkin.samespan Use Zipkin SameSpan RPC style traces. (default "false")
--tracing.zipkin.samplerate The rate between 0.0 and 1.0 of requests to trace. (default "1")
-h, --help Print Help (this message) and exit

5
docs/content/reference/static-configuration/cli.md Normal file
View file

@ -0,0 +1,5 @@
# Static Configuration: CLI
```txt
--8<-- "content/reference/static-configuration/cli.txt"
```

636
docs/content/reference/static-configuration/cli.txt Normal file
View file

@ -0,0 +1,636 @@
--accesslog (Default: "false")
Access log settings.
--accesslog.bufferingsize (Default: "0")
Number of access log lines to process in a buffered way.
--accesslog.fields.defaultmode (Default: "keep")
Default mode for fields: keep | drop
--accesslog.fields.headers.defaultmode (Default: "keep")
Default mode for fields: keep | drop | redact
--accesslog.fields.headers.names.<name> (Default: "")
Override mode for headers
--accesslog.fields.names.<name> (Default: "")
Override mode for fields
--accesslog.filepath (Default: "")
Access log file path. Stdout is used when omitted or empty.
--accesslog.filters.minduration (Default: "0")
Keep access logs when request took longer than the specified duration.
--accesslog.filters.retryattempts (Default: "false")
Keep access logs when at least one retry happened.
--accesslog.filters.statuscodes (Default: "")
Keep access logs with status codes in the specified range.
--accesslog.format (Default: "common")
Access log format: json | common
--acme.acmelogging (Default: "false")
Enable debug logging of ACME actions.
--acme.caserver (Default: "https://acme-v02.api.letsencrypt.org/directory")
CA server to use.
--acme.dnschallenge (Default: "false")
Activate DNS-01 Challenge.
--acme.dnschallenge.delaybeforecheck (Default: "0")
Assume DNS propagates after a delay in seconds rather than finding and querying
nameservers.
--acme.dnschallenge.disablepropagationcheck (Default: "false")
Disable the DNS propagation checks before notifying ACME that the DNS challenge
is ready. [not recommended]
--acme.dnschallenge.provider (Default: "")
Use a DNS-01 based challenge provider rather than HTTPS.
--acme.dnschallenge.resolvers (Default: "")
Use following DNS servers to resolve the FQDN authority.
--acme.domains (Default: "")
The list of domains for which certificates are generated on startup. Wildcard
domains only accepted with DNSChallenge.
--acme.domains[n].main (Default: "")
Default subject name.
--acme.domains[n].sans (Default: "")
Subject alternative names.
--acme.email (Default: "")
Email address used for registration.
--acme.entrypoint (Default: "")
EntryPoint to use.
--acme.httpchallenge (Default: "false")
Activate HTTP-01 Challenge.
--acme.httpchallenge.entrypoint (Default: "")
HTTP challenge EntryPoint
--acme.keytype (Default: "RSA4096")
KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
--acme.onhostrule (Default: "false")
Enable certificate generation on router Host rules.
--acme.storage (Default: "acme.json")
Storage to use.
--acme.tlschallenge (Default: "true")
Activate TLS-ALPN-01 Challenge.
--api (Default: "false")
Enable api/dashboard.
--api.dashboard (Default: "true")
Activate dashboard.
--api.debug (Default: "false")
Enable additional endpoints for debugging and profiling.
--api.entrypoint (Default: "traefik")
The entry point that the API handler will be bound to.
--api.middlewares (Default: "")
Middleware list.
--api.statistics (Default: "false")
Enable more detailed statistics.
--api.statistics.recenterrors (Default: "10")
Number of recent errors logged.
--configfile (Default: "")
Configuration file to use. If specified all other flags are ignored.
--entrypoints.<name> (Default: "false")
Entry points definition.
--entrypoints.<name>.address (Default: "")
Entry point address.
--entrypoints.<name>.forwardedheaders.insecure (Default: "false")
Trust all forwarded headers.
--entrypoints.<name>.forwardedheaders.trustedips (Default: "")
Trust only forwarded headers from selected IPs.
--entrypoints.<name>.proxyprotocol (Default: "false")
Proxy-Protocol configuration.
--entrypoints.<name>.proxyprotocol.insecure (Default: "false")
Trust all.
--entrypoints.<name>.proxyprotocol.trustedips (Default: "")
Trust only selected IPs.
--entrypoints.<name>.transport.lifecycle.gracetimeout (Default: "10")
Duration to give active requests a chance to finish before Traefik stops.
--entrypoints.<name>.transport.lifecycle.requestacceptgracetimeout (Default: "0")
Duration to keep accepting requests before Traefik initiates the graceful
shutdown procedure.
--entrypoints.<name>.transport.respondingtimeouts.idletimeout (Default: "180")
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will
remain idle before closing itself. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.readtimeout (Default: "0")
ReadTimeout is the maximum duration for reading the entire request, including
the body. If zero, no timeout is set.
--entrypoints.<name>.transport.respondingtimeouts.writetimeout (Default: "0")
WriteTimeout is the maximum duration before timing out writes of the response.
If zero, no timeout is set.
--global.checknewversion (Default: "true")
Periodically check if a new version has been released.
--global.sendanonymoususage
Periodically send anonymous usage statistics. If the option is not specified, it
will be enabled by default.
--hostresolver (Default: "false")
Enable CNAME Flattening.
--hostresolver.cnameflattening (Default: "false")
A flag to enable/disable CNAME flattening
--hostresolver.resolvconfig (Default: "/etc/resolv.conf")
resolv.conf used for DNS resolving
--hostresolver.resolvdepth (Default: "5")
The maximal depth of DNS recursive resolving
--log.filepath (Default: "")
Traefik log file path. Stdout is used when omitted or empty.
--log.format (Default: "common")
Traefik log format: json | common
--log.level (Default: "ERROR")
Log level set to traefik logs.
--metrics.datadog (Default: "false")
DataDog metrics exporter type.
--metrics.datadog.address (Default: "localhost:8125")
DataDog's address.
--metrics.datadog.pushinterval (Default: "10")
DataDog push interval.
--metrics.influxdb (Default: "false")
InfluxDB metrics exporter type.
--metrics.influxdb.address (Default: "localhost:8089")
InfluxDB address.
--metrics.influxdb.database (Default: "")
InfluxDB database used when protocol is http.
--metrics.influxdb.password (Default: "")
InfluxDB password (only with http).
--metrics.influxdb.protocol (Default: "udp")
InfluxDB address protocol (udp or http).
--metrics.influxdb.pushinterval (Default: "10")
InfluxDB push interval.
--metrics.influxdb.retentionpolicy (Default: "")
InfluxDB retention policy used when protocol is http.
--metrics.influxdb.username (Default: "")
InfluxDB username (only with http).
--metrics.prometheus (Default: "false")
Prometheus metrics exporter type.
--metrics.prometheus.buckets (Default: "0.100000, 0.300000, 1.200000, 5.000000")
Buckets for latency metrics.
--metrics.prometheus.entrypoint (Default: "traefik")
EntryPoint.
--metrics.prometheus.middlewares (Default: "")
Middlewares.
--metrics.statsd (Default: "false")
StatsD metrics exporter type.
--metrics.statsd.address (Default: "localhost:8125")
StatsD address.
--metrics.statsd.pushinterval (Default: "10")
StatsD push interval.
--ping (Default: "false")
Enable ping.
--ping.entrypoint (Default: "traefik")
Ping entryPoint.
--ping.middlewares (Default: "")
Middleware list.
--providers.docker (Default: "false")
Enable Docker backend with default settings.
--providers.docker.constraints (Default: "")
Filter services by constraint, matching with Traefik tags.
--providers.docker.constraints[n].key (Default: "")
The provider label that will be matched against. In practice, it is always
'tag'.
--providers.docker.constraints[n].mustmatch (Default: "false")
Whether the matching operator is equals or not equals.
--providers.docker.constraints[n].value (Default: "")
The value that will be matched against.
--providers.docker.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.docker.endpoint (Default: "unix:///var/run/docker.sock")
Docker server endpoint. Can be a tcp or a unix socket endpoint.
--providers.docker.exposedbydefault (Default: "true")
Expose containers by default.
--providers.docker.network (Default: "")
Default Docker network used.
--providers.docker.swarmmode (Default: "false")
Use Docker on Swarm Mode.
--providers.docker.swarmmoderefreshseconds (Default: "15")
Polling interval for swarm mode.
--providers.docker.tls.ca (Default: "")
TLS CA
--providers.docker.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.docker.tls.cert (Default: "")
TLS cert
--providers.docker.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.docker.tls.key (Default: "")
TLS key
--providers.docker.usebindportip (Default: "false")
Use the ip address from the bound port, rather than from the inner network.
--providers.docker.watch (Default: "true")
Watch provider.
--providers.file (Default: "false")
Enable File backend with default settings.
--providers.file.debugloggeneratedtemplate (Default: "false")
Enable debug logging of generated configuration template.
--providers.file.directory (Default: "")
Load configuration from one or more .toml files in a directory.
--providers.file.filename (Default: "")
Override default configuration template. For advanced users :)
--providers.file.watch (Default: "true")
Watch provider.
--providers.kubernetes (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetes.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetes.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetes.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetes.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetes.ingressendpoint.hostname (Default: "")
Hostname used for Kubernetes Ingress endpoints.
--providers.kubernetes.ingressendpoint.ip (Default: "")
IP used for Kubernetes Ingress endpoints.
--providers.kubernetes.ingressendpoint.publishedservice (Default: "")
Published Kubernetes Service to copy status from.
--providers.kubernetes.labelselector (Default: "")
Kubernetes Ingress label selector to use.
--providers.kubernetes.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetes.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.kubernetescrd (Default: "false")
Enable Kubernetes backend with default settings.
--providers.kubernetescrd.certauthfilepath (Default: "")
Kubernetes certificate authority file path (not needed for in-cluster client).
--providers.kubernetescrd.disablepasshostheaders (Default: "false")
Kubernetes disable PassHost Headers.
--providers.kubernetescrd.endpoint (Default: "")
Kubernetes server endpoint (required for external cluster client).
--providers.kubernetescrd.ingressclass (Default: "")
Value of kubernetes.io/ingress.class annotation to watch for.
--providers.kubernetescrd.labelselector (Default: "")
Kubernetes label selector to use.
--providers.kubernetescrd.namespaces (Default: "")
Kubernetes namespaces.
--providers.kubernetescrd.token (Default: "")
Kubernetes bearer token (not needed for in-cluster client).
--providers.marathon (Default: "false")
Enable Marathon backend with default settings.
--providers.marathon.basic.httpbasicauthuser (Default: "")
Basic authentication User.
--providers.marathon.basic.httpbasicpassword (Default: "")
Basic authentication Password.
--providers.marathon.constraints (Default: "")
Filter services by constraint, matching with Traefik tags.
--providers.marathon.constraints[n].key (Default: "")
The provider label that will be matched against. In practice, it is always
'tag'.
--providers.marathon.constraints[n].mustmatch (Default: "false")
Whether the matching operator is equals or not equals.
--providers.marathon.constraints[n].value (Default: "")
The value that will be matched against.
--providers.marathon.dcostoken (Default: "")
DCOSToken for DCOS environment, This will override the Authorization header.
--providers.marathon.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.marathon.dialertimeout (Default: "5")
Set a dialer timeout for Marathon.
--providers.marathon.endpoint (Default: "http://127.0.0.1:8080")
Marathon server endpoint. You can also specify multiple endpoint for Marathon.
--providers.marathon.exposedbydefault (Default: "true")
Expose Marathon apps by default.
--providers.marathon.filtermarathonconstraints (Default: "false")
Enable use of Marathon constraints in constraint filtering.
--providers.marathon.forcetaskhostname (Default: "false")
Force to use the task's hostname.
--providers.marathon.keepalive (Default: "10")
Set a TCP Keep Alive time.
--providers.marathon.respectreadinesschecks (Default: "false")
Filter out tasks with non-successful readiness checks during deployments.
--providers.marathon.responseheadertimeout (Default: "60")
Set a response header timeout for Marathon.
--providers.marathon.tls.ca (Default: "")
TLS CA
--providers.marathon.tls.caoptional (Default: "false")
TLS CA.Optional
--providers.marathon.tls.cert (Default: "")
TLS cert
--providers.marathon.tls.insecureskipverify (Default: "false")
TLS insecure skip verify
--providers.marathon.tls.key (Default: "")
TLS key
--providers.marathon.tlshandshaketimeout (Default: "5")
Set a TLS handshake timeout for Marathon.
--providers.marathon.trace (Default: "false")
Display additional provider logs.
--providers.marathon.watch (Default: "true")
Watch provider.
--providers.providersthrottleduration (Default: "2")
Backends throttle duration: minimum duration between 2 events from providers
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--providers.rancher (Default: "false")
Enable Rancher backend with default settings.
--providers.rancher.constraints (Default: "")
Filter services by constraint, matching with Traefik tags.
--providers.rancher.constraints[n].key (Default: "")
The provider label that will be matched against. In practice, it is always
'tag'.
--providers.rancher.constraints[n].mustmatch (Default: "false")
Whether the matching operator is equals or not equals.
--providers.rancher.constraints[n].value (Default: "")
The value that will be matched against.
--providers.rancher.defaultrule (Default: "Host(`{{ normalize .Name }}`)")
Default rule.
--providers.rancher.enableservicehealthfilter (Default: "true")
Filter services with unhealthy states and inactive states.
--providers.rancher.exposedbydefault (Default: "true")
Expose containers by default.
--providers.rancher.intervalpoll (Default: "false")
Poll the Rancher metadata service every 'rancher.refreshseconds' (less
accurate).
--providers.rancher.prefix (Default: "latest")
Prefix used for accessing the Rancher metadata service.
--providers.rancher.refreshseconds (Default: "15")
Defines the polling interval in seconds.
--providers.rancher.watch (Default: "true")
Watch provider.
--providers.rest (Default: "false")
Enable Rest backend with default settings.
--providers.rest.entrypoint (Default: "traefik")
EntryPoint.
--serverstransport.forwardingtimeouts.dialtimeout (Default: "30")
The amount of time to wait until a connection to a backend server can be
established. If zero, no timeout exists.
--serverstransport.forwardingtimeouts.responseheadertimeout (Default: "0")
The amount of time to wait for a server's response headers after fully writing
the request (including its body, if any). If zero, no timeout exists.
--serverstransport.insecureskipverify (Default: "false")
Disable SSL certificate verification.
--serverstransport.maxidleconnsperhost (Default: "200")
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero,
DefaultMaxIdleConnsPerHost is used
--serverstransport.rootcas (Default: "")
Add cert file for self-signed certificate.
--tracing (Default: "false")
OpenTracing configuration.
--tracing.backend (Default: "jaeger")
Selects the tracking backend ('jaeger','zipkin','datadog','instana').
--tracing.datadog (Default: "false")
Settings for DataDog.
--tracing.datadog.bagageprefixheadername (Default: "")
Specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.datadog.debug (Default: "false")
Enable DataDog debug.
--tracing.datadog.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport (Default: "localhost:8126")
Set datadog-agent's host:port that the reporter will used.
--tracing.datadog.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.datadog.prioritysampling (Default: "false")
Enable priority sampling. When using distributed tracing, this option must be
enabled in order to get all the parts of a distributed trace sampled.
--tracing.datadog.samplingpriorityheadername (Default: "")
Specifies the header name that will be used to store the sampling priority.
--tracing.datadog.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.haystack (Default: "false")
Settings for Haystack.
--tracing.haystack.baggageprefixheadername (Default: "")
specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.haystack.globaltag (Default: "")
Key:Value tag to be set on all the spans.
--tracing.haystack.localagenthost (Default: "LocalAgentHost")
Set haystack-agent's host that the reporter will used.
--tracing.haystack.localagentport (Default: "35000")
Set haystack-agent's port that the reporter will used.
--tracing.haystack.parentidheadername (Default: "")
Specifies the header name that will be used to store the parent ID.
--tracing.haystack.spanidheadername (Default: "")
Specifies the header name that will be used to store the span ID.
--tracing.haystack.traceidheadername (Default: "")
Specifies the header name that will be used to store the trace ID.
--tracing.instana (Default: "false")
Settings for Instana.
--tracing.instana.localagenthost (Default: "localhost")
Set instana-agent's host that the reporter will used.
--tracing.instana.localagentport (Default: "42699")
Set instana-agent's port that the reporter will used.
--tracing.instana.loglevel (Default: "info")
Set instana-agent's log level. ('error','warn','info','debug')
--tracing.jaeger (Default: "false")
Settings for jaeger.
--tracing.jaeger.gen128bit (Default: "false")
Generate 128 bit span IDs.
--tracing.jaeger.localagenthostport (Default: "127.0.0.1:6831")
Set jaeger-agent's host:port that the reporter will used.
--tracing.jaeger.propagation (Default: "jaeger")
Which propgation format to use (jaeger/b3).
--tracing.jaeger.samplingparam (Default: "1.000000")
Set the sampling parameter.
--tracing.jaeger.samplingserverurl (Default: "http://localhost:5778/sampling")
Set the sampling server url.
--tracing.jaeger.samplingtype (Default: "const")
Set the sampling type.
--tracing.jaeger.tracecontextheadername (Default: "uber-trace-id")
Set the header to use for the trace-id.
--tracing.servicename (Default: "traefik")
Set the name for this service.
--tracing.spannamelimit (Default: "0")
Set the maximum character limit for Span names (default 0 = no limit).
--tracing.zipkin (Default: "false")
Settings for zipkin.
--tracing.zipkin.debug (Default: "false")
Enable Zipkin debug.
--tracing.zipkin.httpendpoint (Default: "http://localhost:9411/api/v1/spans")
HTTP Endpoint to report traces to.
--tracing.zipkin.id128bit (Default: "true")
Use Zipkin 128 bit root span IDs.
--tracing.zipkin.samespan (Default: "false")
Use Zipkin SameSpan RPC style traces.
--tracing.zipkin.samplerate (Default: "1.000000")
The rate between 0.0 and 1.0 of requests to trace.

616
docs/content/reference/static-configuration/env.md Normal file
View file

@ -0,0 +1,616 @@
# Static Configuration: Environment variables
`TRAEFIK_ACCESSLOG`:
Access log settings. (Default: ```false```)
`TRAEFIK_ACCESSLOG_BUFFERINGSIZE`:
Number of access log lines to process in a buffered way. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FIELDS_DEFAULTMODE`:
Default mode for fields: keep | drop (Default: ```keep```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_DEFAULTMODE`:
Default mode for fields: keep | drop | redact (Default: ```keep```)
`TRAEFIK_ACCESSLOG_FIELDS_HEADERS_NAMES_<NAME>`:
Override mode for headers
`TRAEFIK_ACCESSLOG_FIELDS_NAMES_<NAME>`:
Override mode for fields
`TRAEFIK_ACCESSLOG_FILEPATH`:
Access log file path. Stdout is used when omitted or empty.
`TRAEFIK_ACCESSLOG_FILTERS_MINDURATION`:
Keep access logs when request took longer than the specified duration. (Default: ```0```)
`TRAEFIK_ACCESSLOG_FILTERS_RETRYATTEMPTS`:
Keep access logs when at least one retry happened. (Default: ```false```)
`TRAEFIK_ACCESSLOG_FILTERS_STATUSCODES`:
Keep access logs with status codes in the specified range.
`TRAEFIK_ACCESSLOG_FORMAT`:
Access log format: json | common (Default: ```common```)
`TRAEFIK_ACME_ACMELOGGING`:
Enable debug logging of ACME actions. (Default: ```false```)
`TRAEFIK_ACME_CASERVER`:
CA server to use. (Default: ```https://acme-v02.api.letsencrypt.org/directory```)
`TRAEFIK_ACME_DNSCHALLENGE`:
Activate DNS-01 Challenge. (Default: ```false```)
`TRAEFIK_ACME_DNSCHALLENGE_DELAYBEFORECHECK`:
Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. (Default: ```0```)
`TRAEFIK_ACME_DNSCHALLENGE_DISABLEPROPAGATIONCHECK`:
Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] (Default: ```false```)
`TRAEFIK_ACME_DNSCHALLENGE_PROVIDER`:
Use a DNS-01 based challenge provider rather than HTTPS.
`TRAEFIK_ACME_DNSCHALLENGE_RESOLVERS`:
Use following DNS servers to resolve the FQDN authority.
`TRAEFIK_ACME_DOMAINS`:
The list of domains for which certificates are generated on startup. Wildcard domains only accepted with DNSChallenge.
`TRAEFIK_ACME_DOMAINS[n]_MAIN`:
Default subject name.
`TRAEFIK_ACME_DOMAINS[n]_SANS`:
Subject alternative names.
`TRAEFIK_ACME_EMAIL`:
Email address used for registration.
`TRAEFIK_ACME_ENTRYPOINT`:
EntryPoint to use.
`TRAEFIK_ACME_HTTPCHALLENGE`:
Activate HTTP-01 Challenge. (Default: ```false```)
`TRAEFIK_ACME_HTTPCHALLENGE_ENTRYPOINT`:
HTTP challenge EntryPoint
`TRAEFIK_ACME_KEYTYPE`:
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
`TRAEFIK_ACME_ONHOSTRULE`:
Enable certificate generation on router Host rules. (Default: ```false```)
`TRAEFIK_ACME_STORAGE`:
Storage to use. (Default: ```acme.json```)
`TRAEFIK_ACME_TLSCHALLENGE`:
Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`TRAEFIK_API`:
Enable api/dashboard. (Default: ```false```)
`TRAEFIK_API_DASHBOARD`:
Activate dashboard. (Default: ```true```)
`TRAEFIK_API_DEBUG`:
Enable additional endpoints for debugging and profiling. (Default: ```false```)
`TRAEFIK_API_ENTRYPOINT`:
The entry point that the API handler will be bound to. (Default: ```traefik```)
`TRAEFIK_API_MIDDLEWARES`:
Middleware list.
`TRAEFIK_API_STATISTICS`:
Enable more detailed statistics. (Default: ```false```)
`TRAEFIK_API_STATISTICS_RECENTERRORS`:
Number of recent errors logged. (Default: ```10```)
`TRAEFIK_CONFIGFILE`:
Configuration file to use. If specified all other flags are ignored. (Default: "")
`TRAEFIK_ENTRYPOINTS_<NAME>`:
Entry points definition. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_ADDRESS`:
Entry point address.
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_INSECURE`:
Trust all forwarded headers. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_TRUSTEDIPS`:
Trust only forwarded headers from selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL`:
Proxy-Protocol configuration. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_INSECURE`:
Trust all. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL_TRUSTEDIPS`:
Trust only selected IPs.
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_GRACETIMEOUT`:
Duration to give active requests a chance to finish before Traefik stops. (Default: ```10```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_LIFECYCLE_REQUESTACCEPTGRACETIMEOUT`:
Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_IDLETIMEOUT`:
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT`:
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:
WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
`TRAEFIK_GLOBAL_CHECKNEWVERSION`:
Periodically check if a new version has been released. (Default: ```false```)
`TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:
Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default.
`TRAEFIK_HOSTRESOLVER`:
Enable CNAME Flattening. (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_CNAMEFLATTENING`:
A flag to enable/disable CNAME flattening (Default: ```false```)
`TRAEFIK_HOSTRESOLVER_RESOLVCONFIG`:
resolv.conf used for DNS resolving (Default: ```/etc/resolv.conf```)
`TRAEFIK_HOSTRESOLVER_RESOLVDEPTH`:
The maximal depth of DNS recursive resolving (Default: ```5```)
`TRAEFIK_LOG_FILEPATH`:
Traefik log file path. Stdout is used when omitted or empty.
`TRAEFIK_LOG_FORMAT`:
Traefik log format: json | common (Default: ```common```)
`TRAEFIK_LOG_LEVEL`:
Log level set to traefik logs. (Default: ```ERROR```)
`TRAEFIK_METRICS_DATADOG`:
DataDog metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_DATADOG_ADDRESS`:
DataDog's address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_DATADOG_PUSHINTERVAL`:
DataDog push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB`:
InfluxDB metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_INFLUXDB_ADDRESS`:
InfluxDB address. (Default: ```localhost:8089```)
`TRAEFIK_METRICS_INFLUXDB_DATABASE`:
InfluxDB database used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_PASSWORD`:
InfluxDB password (only with http).
`TRAEFIK_METRICS_INFLUXDB_PROTOCOL`:
InfluxDB address protocol (udp or http). (Default: ```udp```)
`TRAEFIK_METRICS_INFLUXDB_PUSHINTERVAL`:
InfluxDB push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB_RETENTIONPOLICY`:
InfluxDB retention policy used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_USERNAME`:
InfluxDB username (only with http).
`TRAEFIK_METRICS_PROMETHEUS`:
Prometheus metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_PROMETHEUS_BUCKETS`:
Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```)
`TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT`:
EntryPoint. (Default: ```traefik```)
`TRAEFIK_METRICS_PROMETHEUS_MIDDLEWARES`:
Middlewares.
`TRAEFIK_METRICS_STATSD`:
StatsD metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_STATSD_ADDRESS`:
StatsD address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_STATSD_PUSHINTERVAL`:
StatsD push interval. (Default: ```10```)
`TRAEFIK_PING`:
Enable ping. (Default: ```false```)
`TRAEFIK_PING_ENTRYPOINT`:
Ping entryPoint. (Default: ```traefik```)
`TRAEFIK_PING_MIDDLEWARES`:
Middleware list.
`TRAEFIK_PROVIDERS_DOCKER`:
Enable Docker backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_CONSTRAINTS`:
Filter services by constraint, matching with Traefik tags.
`TRAEFIK_PROVIDERS_DOCKER_CONSTRAINTS[n]_KEY`:
The provider label that will be matched against. In practice, it is always 'tag'.
`TRAEFIK_PROVIDERS_DOCKER_CONSTRAINTS[n]_MUSTMATCH`:
Whether the matching operator is equals or not equals. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_CONSTRAINTS[n]_VALUE`:
The value that will be matched against.
`TRAEFIK_PROVIDERS_DOCKER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_DOCKER_ENDPOINT`:
Docker server endpoint. Can be a tcp or a unix socket endpoint. (Default: ```unix:///var/run/docker.sock```)
`TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_DOCKER_NETWORK`:
Default Docker network used.
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODE`:
Use Docker on Swarm Mode. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_SWARMMODEREFRESHSECONDS`:
Polling interval for swarm mode. (Default: ```15```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_DOCKER_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_DOCKER_USEBINDPORTIP`:
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_FILE`:
Enable File backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DEBUGLOGGENERATEDTEMPLATE`:
Enable debug logging of generated configuration template. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DIRECTORY`:
Load configuration from one or more .toml files in a directory.
`TRAEFIK_PROVIDERS_FILE_FILENAME`:
Override default configuration template. For advanced users :)
`TRAEFIK_PROVIDERS_FILE_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_KUBERNETES`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD`:
Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETESCRD_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_LABELSELECTOR`:
Kubernetes label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_CERTAUTHFILEPATH`:
Kubernetes certificate authority file path (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_DISABLEPASSHOSTHEADERS`:
Kubernetes disable PassHost Headers. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETES_ENDPOINT`:
Kubernetes server endpoint (required for external cluster client).
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSCLASS`:
Value of kubernetes.io/ingress.class annotation to watch for.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_HOSTNAME`:
Hostname used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_IP`:
IP used for Kubernetes Ingress endpoints.
`TRAEFIK_PROVIDERS_KUBERNETES_INGRESSENDPOINT_PUBLISHEDSERVICE`:
Published Kubernetes Service to copy status from.
`TRAEFIK_PROVIDERS_KUBERNETES_LABELSELECTOR`:
Kubernetes Ingress label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETES_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETES_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
`TRAEFIK_PROVIDERS_MARATHON`:
Enable Marathon backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICAUTHUSER`:
Basic authentication User.
`TRAEFIK_PROVIDERS_MARATHON_BASIC_HTTPBASICPASSWORD`:
Basic authentication Password.
`TRAEFIK_PROVIDERS_MARATHON_CONSTRAINTS`:
Filter services by constraint, matching with Traefik tags.
`TRAEFIK_PROVIDERS_MARATHON_CONSTRAINTS[n]_KEY`:
The provider label that will be matched against. In practice, it is always 'tag'.
`TRAEFIK_PROVIDERS_MARATHON_CONSTRAINTS[n]_MUSTMATCH`:
Whether the matching operator is equals or not equals. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_CONSTRAINTS[n]_VALUE`:
The value that will be matched against.
`TRAEFIK_PROVIDERS_MARATHON_DCOSTOKEN`:
DCOSToken for DCOS environment, This will override the Authorization header.
`TRAEFIK_PROVIDERS_MARATHON_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_MARATHON_DIALERTIMEOUT`:
Set a dialer timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_ENDPOINT`:
Marathon server endpoint. You can also specify multiple endpoint for Marathon. (Default: ```http://127.0.0.1:8080```)
`TRAEFIK_PROVIDERS_MARATHON_EXPOSEDBYDEFAULT`:
Expose Marathon apps by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_MARATHON_FILTERMARATHONCONSTRAINTS`:
Enable use of Marathon constraints in constraint filtering. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_FORCETASKHOSTNAME`:
Force to use the task's hostname. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_KEEPALIVE`:
Set a TCP Keep Alive time. (Default: ```10```)
`TRAEFIK_PROVIDERS_MARATHON_RESPECTREADINESSCHECKS`:
Filter out tasks with non-successful readiness checks during deployments. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_RESPONSEHEADERTIMEOUT`:
Set a response header timeout for Marathon. (Default: ```60```)
`TRAEFIK_PROVIDERS_MARATHON_TLSHANDSHAKETIMEOUT`:
Set a TLS handshake timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
TLS CA
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
TLS cert
`TRAEFIK_PROVIDERS_MARATHON_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_KEY`:
TLS key
`TRAEFIK_PROVIDERS_MARATHON_TRACE`:
Display additional provider logs. (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_PROVIDERSTHROTTLEDURATION`:
Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (Default: ```0```)
`TRAEFIK_PROVIDERS_RANCHER`:
Enable Rancher backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_CONSTRAINTS`:
Filter services by constraint, matching with Traefik tags.
`TRAEFIK_PROVIDERS_RANCHER_CONSTRAINTS[n]_KEY`:
The provider label that will be matched against. In practice, it is always 'tag'.
`TRAEFIK_PROVIDERS_RANCHER_CONSTRAINTS[n]_MUSTMATCH`:
Whether the matching operator is equals or not equals. (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_CONSTRAINTS[n]_VALUE`:
The value that will be matched against.
`TRAEFIK_PROVIDERS_RANCHER_DEFAULTRULE`:
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_RANCHER_ENABLESERVICEHEALTHFILTER`:
Filter services with unhealthy states and inactive states. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_RANCHER_INTERVALPOLL`:
Poll the Rancher metadata service every 'rancher.refreshseconds' (less accurate). (Default: ```false```)
`TRAEFIK_PROVIDERS_RANCHER_PREFIX`:
Prefix used for accessing the Rancher metadata service. (Default: ```latest```)
`TRAEFIK_PROVIDERS_RANCHER_REFRESHSECONDS`:
Defines the polling interval in seconds. (Default: ```15```)
`TRAEFIK_PROVIDERS_RANCHER_WATCH`:
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_REST`:
Enable Rest backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_REST_ENTRYPOINT`:
EntryPoint. (Default: ```traefik```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT`:
The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_RESPONSEHEADERTIMEOUT`:
The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_INSECURESKIPVERIFY`:
Disable SSL certificate verification. (Default: ```false```)
`TRAEFIK_SERVERSTRANSPORT_MAXIDLECONNSPERHOST`:
If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used (Default: ```0```)
`TRAEFIK_SERVERSTRANSPORT_ROOTCAS`:
Add cert file for self-signed certificate.
`TRAEFIK_TRACING`:
OpenTracing configuration. (Default: ```false```)
`TRAEFIK_TRACING_BACKEND`:
Selects the tracking backend ('jaeger','zipkin','datadog','instana'). (Default: ```jaeger```)
`TRAEFIK_TRACING_DATADOG`:
Settings for DataDog. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_BAGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`:
Enable DataDog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_DATADOG_LOCALAGENTHOSTPORT`:
Set datadog-agent's host:port that the reporter will used. (Default: ```localhost:8126```)
`TRAEFIK_TRACING_DATADOG_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_DATADOG_PRIORITYSAMPLING`:
Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_SAMPLINGPRIORITYHEADERNAME`:
Specifies the header name that will be used to store the sampling priority.
`TRAEFIK_TRACING_DATADOG_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_HAYSTACK`:
Settings for Haystack. (Default: ```false```)
`TRAEFIK_TRACING_HAYSTACK_BAGGAGEPREFIXHEADERNAME`:
specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_HAYSTACK_GLOBALTAG`:
Key:Value tag to be set on all the spans.
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTHOST`:
Set haystack-agent's host that the reporter will used. (Default: ```LocalAgentHost```)
`TRAEFIK_TRACING_HAYSTACK_LOCALAGENTPORT`:
Set haystack-agent's port that the reporter will used. (Default: ```35000```)
`TRAEFIK_TRACING_HAYSTACK_PARENTIDHEADERNAME`:
Specifies the header name that will be used to store the parent ID.
`TRAEFIK_TRACING_HAYSTACK_SPANIDHEADERNAME`:
Specifies the header name that will be used to store the span ID.
`TRAEFIK_TRACING_HAYSTACK_TRACEIDHEADERNAME`:
Specifies the header name that will be used to store the trace ID.
`TRAEFIK_TRACING_INSTANA`:
Settings for Instana. (Default: ```false```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTHOST`:
Set instana-agent's host that the reporter will used. (Default: ```localhost```)
`TRAEFIK_TRACING_INSTANA_LOCALAGENTPORT`:
Set instana-agent's port that the reporter will used. (Default: ```42699```)
`TRAEFIK_TRACING_INSTANA_LOGLEVEL`:
Set instana-agent's log level. ('error','warn','info','debug') (Default: ```info```)
`TRAEFIK_TRACING_JAEGER`:
Settings for jaeger. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_GEN128BIT`:
Generate 128 bit span IDs. (Default: ```false```)
`TRAEFIK_TRACING_JAEGER_LOCALAGENTHOSTPORT`:
Set jaeger-agent's host:port that the reporter will used. (Default: ```127.0.0.1:6831```)
`TRAEFIK_TRACING_JAEGER_PROPAGATION`:
Which propgation format to use (jaeger/b3). (Default: ```jaeger```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGPARAM`:
Set the sampling parameter. (Default: ```1.000000```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGSERVERURL`:
Set the sampling server url. (Default: ```http://localhost:5778/sampling```)
`TRAEFIK_TRACING_JAEGER_SAMPLINGTYPE`:
Set the sampling type. (Default: ```const```)
`TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`:
Set the header to use for the trace-id. (Default: ```uber-trace-id```)
`TRAEFIK_TRACING_SERVICENAME`:
Set the name for this service. (Default: ```traefik```)
`TRAEFIK_TRACING_SPANNAMELIMIT`:
Set the maximum character limit for Span names (default 0 = no limit). (Default: ```0```)
`TRAEFIK_TRACING_ZIPKIN`:
Settings for zipkin. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_DEBUG`:
Enable Zipkin debug. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_HTTPENDPOINT`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v1/spans```)
`TRAEFIK_TRACING_ZIPKIN_ID128BIT`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)
`TRAEFIK_TRACING_ZIPKIN_SAMESPAN`:
Use Zipkin SameSpan RPC style traces. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_SAMPLERATE`:
The rate between 0.0 and 1.0 of requests to trace. (Default: ```1.000000```)

7
docs/content/reference/static-configuration/file.md Normal file
View file

@ -0,0 +1,7 @@
# Static Configuration: File
## TOML
```toml
--8<-- "content/reference/static-configuration/file.toml"
```

42
docs/content/reference/static-configuration.toml → docs/content/reference/static-configuration/file.toml
View file

@ -1,5 +1,4 @@
[Global]
Debug = true
CheckNewVersion = true
SendAnonymousUsage = true
@ -31,8 +30,8 @@
TrustedIPs = ["foobar", "foobar"]
[Providers]
ProvidersThrottleDuration = 42
[Providers.Docker]
Watch = true
Endpoint = "foobar"
@ -52,18 +51,21 @@
Key = "foobar"
MustMatch = true
Regex = "foobar"
[Providers.Docker.TLS]
CA = "foobar"
CAOptional = true
Cert = "foobar"
Key = "foobar"
InsecureSkipVerify = true
[Providers.File]
Directory = "foobar"
Watch = true
Filename = "foobar"
DebugLogGeneratedTemplate = true
TraefikFile = "foobar"
[Providers.Marathon]
Trace = true
Watch = true
@ -88,6 +90,7 @@
Key = "foobar"
MustMatch = true
Regex = "foobar"
[Providers.Marathon.TLS]
CA = "foobar"
CAOptional = true
@ -97,6 +100,7 @@
[Providers.Marathon.Basic]
HTTPBasicAuthUser = "foobar"
HTTPBasicPassword = "foobar"
[Providers.Kubernetes]
Endpoint = "foobar"
Token = "foobar"
@ -109,6 +113,7 @@
IP = "foobar"
Hostname = "foobar"
PublishedService = "foobar"
[Providers.KubernetesCRD]
Endpoint = "foobar"
Token = "foobar"
@ -117,9 +122,29 @@
Namespaces = ["foobar", "foobar"]
LabelSelector = "foobar"
IngressClass = "foobar"
[Providers.Rest]
EntryPoint = "foobar"
[Providers.Rancher]
Watch = true
DefaultRule = "foobar"
ExposedByDefault = true
EnableServiceHealthFilter = true
RefreshSeconds = 42
IntervalPoll = true
Prefix = "foobar"
[[Providers.Rancher.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[[Providers.Rancher.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[API]
EntryPoint = "foobar"
Dashboard = true
@ -128,16 +153,20 @@
RecentErrors = 42
[Metrics]
[Metrics.Prometheus]
Buckets = [42.0, 42.0]
EntryPoint = "foobar"
Middlewares = ["foobar", "foobar"]
[Metrics.Datadog]
Address = "foobar"
PushInterval = "foobar"
[Metrics.StatsD]
Address = "foobar"
PushInterval = "foobar"
[Metrics.InfluxDB]
Address = "foobar"
Protocol = "foobar"
@ -179,6 +208,7 @@
Backend = "foobar"
ServiceName = "foobar"
SpanNameLimit = 42
[Tracing.Jaeger]
SamplingServerURL = "foobar"
SamplingType = "foobar"
@ -187,12 +217,14 @@
Gen128Bit = true
Propagation = "foobar"
TraceContextHeaderName = "foobar"
[Tracing.Zipkin]
HTTPEndpoint = "foobar"
SameSpan = true
ID128Bit = true
Debug = true
SampleRate = 42.0
[Tracing.DataDog]
LocalAgentHostPort = "foobar"
GlobalTag = "foobar"
@ -202,10 +234,11 @@
ParentIDHeaderName = "foobar"
SamplingPriorityHeaderName = "foobar"
BagagePrefixHeaderName = "foobar"
[Tracing.Instana]
LocalAgentHost = "foobar"
LocalAgentPort = 42
Level = "foobar"
LogLevel = "foobar"
[HostResolver]
CnameFlattening = true
@ -220,13 +253,16 @@
EntryPoint = "foobar"
KeyType = "foobar"
OnHostRule = true
[ACME.DNSChallenge]
Provider = "foobar"
DelayBeforeCheck = 42
Resolvers = ["foobar", "foobar"]
DisablePropagationCheck = true
[ACME.HTTPChallenge]
EntryPoint = "foobar"
[ACME.TLSChallenge]
[[ACME.Domains]]

5
docs/content/reference/static-configuration/overview.md Normal file
View file

@ -0,0 +1,5 @@
# Static Configuration
- [File](./file.md)
- [CLI](./cli.md)
- [Environment Variables](./env.md)

61
docs/content/routing/entrypoints.md
View file

@ -47,7 +47,7 @@ See the complete reference for the list of available options:
[EntryPoints]
[EntryPoints.EntryPoint0]
Address = "foobar"
Address = ":8888"
[EntryPoints.EntryPoint0.Transport]
[EntryPoints.EntryPoint0.Transport.LifeCycle]
RequestAcceptGraceTimeout = 42
@ -65,52 +65,18 @@ See the complete reference for the list of available options:
```
```ini tab="CLI"
Name:EntryPoint0
Address:foobar
Transport.LifeCycle.RequestAcceptGraceTimeout:42
Transport.LifeCycle.GraceTimeOut:42
Transport.RespondingTimeouts.ReadTimeout:42
Transport.RespondingTimeouts.WriteTimeout:42
Transport.RespondingTimeouts.IdleTimeout:42
ProxyProtocol.Insecure:true
ProxyProtocol.TrustedIPs:foobar,foobar
ForwardedHeaders.Insecure:true
ForwardedHeaders.TrustedIPs:foobar,foobar
--entryPoints.EntryPoint0.Address=:8888
--entryPoints.EntryPoint0.Transport.LifeCycle.RequestAcceptGraceTimeout=42
--entryPoints.EntryPoint0.Transport.LifeCycle.GraceTimeOut=42
--entryPoints.EntryPoint0.Transport.RespondingTimeouts.ReadTimeout=42
--entryPoints.EntryPoint0.Transport.RespondingTimeouts.WriteTimeout=42
--entryPoints.EntryPoint0.Transport.RespondingTimeouts.IdleTimeout=42
--entryPoints.EntryPoint0.ProxyProtocol.Insecure=true
--entryPoints.EntryPoint0.ProxyProtocol.TrustedIPs=foobar,foobar
--entryPoints.EntryPoint0.ForwardedHeaders.Insecure=true
--entryPoints.EntryPoint0.ForwardedHeaders.TrustedIPs=foobar,foobar
```
??? example "Using the CLI"
Here is an example of using the CLI to define `entrypoints`:
```shell
--entryPoints='Name:http Address::80'
--entryPoints='Name:https Address::443'
```
!!! note
The whitespace character (` `) is the option separator, and the comma (`,`) is the value separator for lists inside an option.
The option names are case-insensitive.
!!! warning "Using Docker Compose Files"
The syntax for passing arguments inside a docker compose file is a little different. Here are two examples.
```yaml
traefik:
image: traefik:v2.0 # The official v2.0 Traefik docker image
command:
- --defaultentrypoints=powpow
- "--entryPoints=Name:powpow Address::42 Compress:true"
```
or
```yaml
traefik:
image: traefik:v2.0 # The official v2.0 Traefik docker image
command: --defaultentrypoints=powpow --entryPoints='Name:powpow Address::42 Compress:true'
```
## ProxyProtocol
Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt).
@ -128,9 +94,10 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
IPs in `trustedIPs` only will lead to remote client address replacement: Declare load-balancer IPs or CIDR range here.
??? example "Insecure Mode -- Testing Environnement Only"
??? example "Insecure Mode -- Testing Environment Only"
In a test environments, you can configure Traefik to trust every incoming connection. Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
In a test environments, you can configure Traefik to trust every incoming connection.
Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
```toml
[entryPoints]

4
docs/content/routing/overview.md
View file

@ -3,7 +3,7 @@
What's Happening to the Requests?
{: .subtitle }
Let's zoom on Traefik's architecture and talk about the components that enable the routes to be created.
Let's zoom in on Traefik's architecture and talk about the components that enable the routes to be created.
First, when you start Traefik, you define [entrypoints](../entrypoints) (in their most basic forms, they are port numbers).
Then, connected to these entrypoints, [routers](../routers) analyze the incoming requests to see if they match a set of [rules](../routers#rule).
@ -14,7 +14,7 @@ If they do, the router might transform the request using pieces of [middleware](
## Clear Responsibilities
- [_Providers_](../providers/overview.md) discover the services that live on your infrastructure (their IP, health, ...)
- [_Entrypoints_](./entrypoints.md) listen for incomming traffic (ports, ...)
- [_Entrypoints_](./entrypoints.md) listen for incoming traffic (ports, ...)
- [_Routers_](./routers/index.md) analyse the requests (host, path, headers, SSL, ...)
- [_Services_](./services/index.md) forward the request to your services (load balancing, ...)
- [_Middlewares_](../middlewares/overview.md) may update the request or make decisions based on the request (authentication, rate limiting, headers, ...)

114
docs/content/routing/routers/index.md
View file

@ -51,7 +51,7 @@ In the process, routers may use pieces of [middleware](../../middlewares/overvie
### EntryPoints
If not specified, HTTP routers will accept requests from all defined entrypoints.
If you want to limit the router scope to a set of entrypoint, set the entrypoints option.
If you want to limit the router scope to a set of entrypoints, set the entrypoints option.
??? example "Listens to Every EntryPoint"
@ -92,7 +92,7 @@ If you want to limit the router scope to a set of entrypoint, set the entrypoint
### Rule
Rules are a set of matchers that determine if a particular request matches specific criteria.
If the rule is verified, then the router becomes active and calls middlewares, then forward the request to the service.
If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service.
??? example "Host is traefik.io"
@ -107,16 +107,16 @@ If the rule is verified, then the router becomes active and calls middlewares, t
```
The table below lists all the available matchers:
| Rule | Description |
|--------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| ``Headers(`key`, `value`)`` | Check if there is a key `key`defined in the headers, with the value `value` |
| ``HeadersRegexp(`key`, `regexp`)`` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
| ``Host(`domain-1`, ...)`` | Check if the request domain targets one of the given `domains`. |
| ``HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)`` | Check if the request domain matches the given `regexp`. |
| `Method(methods, ...)` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
| ``Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)`` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
| ``PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)`` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
| ``Query(`foo=bar`, `bar=baz`)`` | Match` Query String parameters. It accepts a sequence of key=value pairs. |
| Rule | Description |
|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| ```Headers(`key`, `value`)``` | Check if there is a key `key`defined in the headers, with the value `value` |
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
| ```Host(`domain-1`, ...)``` | Check if the request domain targets one of the given `domains`. |
| ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`. |
| `Method(methods, ...)` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
| ```Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
| ```Query(`foo=bar`, `bar=baz`)``` | Match` Query String parameters. It accepts a sequence of key=value pairs. |
!!! important "Regexp Syntax"
@ -156,7 +156,9 @@ Services are the target for the router.
### TLS
When specifying a TLS section, you tell Traefik that the current router is dedicated to HTTPS requests only (and that the router should ignore HTTP (non tls) requests).
#### General
When a TLS section is specified, it instructs Traefik that the current router is dedicated to HTTPS requests only (and that the router should ignore HTTP (non TLS) requests).
Traefik will terminate the SSL connections (meaning that it will send decrypted data to the services).
??? example "Configuring the router to accept HTTPS requests only"
@ -171,9 +173,8 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
!!! note "HTTPS & ACME"
In the current version, with [ACME](../../https-tls/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section.
In the near future, options will be available to enable fine-grain control of the TLS parameters.
In the current version, with [ACME](../../https/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section.
!!! note "Passthrough"
On TCP routers, you can configure a passthrough option so that Traefik doesn't terminate the TLS connection.
@ -186,27 +187,52 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
```toml
[http.routers]
[http.routers.Router-1-https]
[http.routers.my-https-router]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
[http.routers.Router-1.tls] # will terminate the TLS request
[http.routers.my-https-router.tls] # will terminate the TLS request
[http.routers.Router-1-http]
[http.routers.my-http-router]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
```
#### `Options`
The `Options` field enables fine-grained control of the TLS parameters.
It refers to a [tlsOptions](../../https/tls.md#tls-options) and will be applied only if a `Host` rule is defined.
??? example "Configuring the tls options"
```toml
[http.routers]
[http.routers.Router-1]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
[http.routers.Router-1.tls] # will terminate the TLS request
options = "foo"
[tlsOptions]
[tlsOptions.foo]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
```
## Configuring TCP Routers
### General
If both HTTP routers and TCP routers listen to the same entrypoints, the TCP routers will apply *before* the HTTP routers.
If both HTTP routers and TCP routers listen to the same entry points, the TCP routers will apply *before* the HTTP routers.
If no matching route is found for the TCP routers, then the HTTP routers will take over.
### EntryPoints
If not specified, TCP routers will accept requests from all defined entrypoints.
If you want to limit the router scope to a set of entrypoints, set the entrypoints option.
If not specified, TCP routers will accept requests from all defined entry points.
If you want to limit the router scope to a set of entry points, set the entry points option.
??? example "Listens to Every EntryPoint"
@ -248,9 +274,9 @@ If you want to limit the router scope to a set of entrypoints, set the entrypoin
### Rule
| Rule | Description |
|------------------------------|-------------------------------------------------------------------------|
| ``HostSNI(`domain-1`, ...)`` | Check if the Server Name Indication corresponds to the given `domains`. |
| Rule | Description |
|--------------------------------|-------------------------------------------------------------------------|
| ```HostSNI(`domain-1`, ...)``` | Check if the Server Name Indication corresponds to the given `domains`. |
!!! important "HostSNI & TLS"
@ -269,15 +295,17 @@ Services are the target for the router.
### TLS
When specifying a TLS section, you tell Traefik that the current router is dedicated to TLS requests only (and that the router should ignore non-tls requests).
By default, Traefik will terminate the SSL connections (meaning that it will send decrypted data to the services), but you can tell Traefik that the request should pass through (keeping the encrypted data) and be forwarded to the service "as is".
#### General
When a TLS section is specified, it instructs Traefik that the current router is dedicated to TLS requests only (and that the router should ignore non-TLS requests).
By default, Traefik will terminate the SSL connections (meaning that it will send decrypted data to the services), but Traefik can be configured in order to let the requests pass through (keeping the data encrypted), and be forwarded to the service "as is".
??? example "Configuring TLS Termination"
```toml
[tcp.routers]
[tcp.routers.Router-1]
rule = "Host(`foo-domain`)"
rule = "HostSNI(`foo-domain`)"
service = "service-id"
[tcp.routers.Router-1.tls] # will terminate the TLS request by default
```
@ -287,7 +315,7 @@ By default, Traefik will terminate the SSL connections (meaning that it will sen
```toml
[tcp.routers]
[tcp.routers.Router-1]
rule = "Host(`foo-domain`)"
rule = "HostSNI(`foo-domain`)"
service = "service-id"
[tcp.routers.Router-1.tls]
passthrough=true
@ -295,5 +323,29 @@ By default, Traefik will terminate the SSL connections (meaning that it will sen
!!! note "TLS & ACME"
In the current version, with [ACME](../../https-tls/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section.
In the near future, options will be available to enable fine-grain control of the TLS parameters.
In the current version, with [ACME](../../https/acme.md) enabled, automatic certificate generation will apply to every router declaring a TLS section.
#### `Options`
The `Options` field enables fine-grained control of the TLS parameters.
It refers to a [tlsOptions](../../https/tls.md#tls-options) and will be applied only if a `HostSNI` rule is defined.
??? example "Configuring the tls options"
```toml
[tcp.routers]
[tcp.routers.Router-1]
rule = "HostSNI(`foo-domain`)"
service = "service-id"
[tcp.routers.Router-1.tls] # will terminate the TLS request
options = "foo"
[tlsOptions]
[tlsOptions.foo]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
```

30
docs/content/routing/services/index.md
View file

@ -14,14 +14,11 @@ The `Services` are responsible for configuring how to reach the actual services
```toml
[http.services]
[http.services.my-service.LoadBalancer]
method = "wrr" # Load Balancing based on weights
[[http.services.my-service.LoadBalancer.servers]]
url = "http://private-ip-server-1/"
weight = 30 # 30% of the requests will go to that instance
[[http.services.my-service.LoadBalancer.servers]]
url = "http://private-ip-server-2/"
weight = 70 # 70% of the requests will go to that instance
```
??? example "Declaring a TCP Service with Two Servers -- Using the [File Provider](../../providers/file.md)"
@ -52,21 +49,17 @@ The load balancers are able to load balance the requests between multiple instan
```toml
[http.services]
[http.services.my-service.LoadBalancer]
method = "wrr" # Load Balancing based on weights
[[http.services.my-service.LoadBalancer.servers]]
url = "http://private-ip-server-1/"
weight = 50 # 50% of the requests will go to that instance
[[http.services.my-service.LoadBalancer.servers]]
url = "http://private-ip-server-2/"
weight = 50 # 50% of the requests will go to that instance
```
#### Servers
Servers declare a single instance of your program.
The `url` option point to a specific instance.
The `weight` option defines the weight of the server for the load balancing algorithm.
!!! note
Paths in the servers' `url` have no effet.
@ -80,28 +73,21 @@ The `weight` option defines the weight of the server for the load balancing algo
[http.services.my-service.LoadBalancer]
[[http.services.my-service.LoadBalancer.servers]]
url = "http://private-ip-server-1/"
weight = 1
```
#### Load-balancing
Various methods of load balancing are supported:
For now, only round robin load balancing is supported:
- `wrr`: Weighted Round Robin.
- `drr`: Dynamic Round Robin: increases weights on servers that perform better than others (rolls back to original weights when the server list is updated)
??? example "Load Balancing Using DRR -- Using the [File Provider](../../providers/file.md)"
??? example "Load Balancing -- Using the [File Provider](../../providers/file.md)"
```toml
[http.services]
[http.services.my-service.LoadBalancer]
method = "drr"
[[http.services.my-service.LoadBalancer.servers]]
url = "http://private-ip-server-1/"
weight = 1
[[http.services.my-service.LoadBalancer.servers]]
url = "http://private-ip-server-1/"
weight = 1
```
#### Sticky sessions
@ -117,12 +103,18 @@ On subsequent requests, the client is forwarded to the same server.
The default cookie name is an abbreviation of a sha1 (ex: `_1d52e`).
!!! note "Secure & HTTPOnly flags"
By default, the affinity cookie is created without those flags. One however can change that through configuration.
??? example "Adding Stickiness"
```toml
[http.services]
[http.services.my-service]
[http.services.my-service.LoadBalancer.stickiness]
secureCookie = true
httpOnlyCookie = true
```
??? example "Adding Stickiness with a Custom Cookie Name"
@ -132,6 +124,8 @@ On subsequent requests, the client is forwarded to the same server.
[http.services.my-service]
[http.services.my-service.LoadBalancer.stickiness]
cookieName = "my_stickiness_cookie_name"
secureCookie = true
httpOnlyCookie = true
```
#### Health Check
@ -239,7 +233,3 @@ The `address` option (IP:Port) point to a specific instance.
[[tcp.services.my-service.LoadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
!!! note "Weight"
The TCP LoadBalancer is currently a round robin only implementation and doesn't yet support weights.

23
docs/content/user-guides/crd-acme/01-crd.yml
View file

@ -12,6 +12,21 @@ spec:
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
@ -74,6 +89,14 @@ rules:
- get
- list
- watch
- apiGroups:
- traefik.containo.us
resources:
- ingressroutetcps
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding

4
docs/content/user-guides/crd-acme/03-deployments.yml
View file

@ -30,8 +30,8 @@ spec:
args:
- --api
- --accesslog
- --entrypoints=Name:web Address::8000
- --entrypoints=Name:websecure Address::4443
- --entrypoints.web.Address=:8000
- --entrypoints.websecure.Address=:4443
- --providers.kubernetescrd
- --providers.kubernetescrd.trace
- --acme

4
docs/content/user-guides/crd-acme/04-ingressroutes.yml
View file

@ -26,5 +26,5 @@ spec:
services:
- name: whoami
port: 80
tls:
secretName: ""
# Please note the use of an empty TLS object to enable TLS with Let's Encrypt.
tls: {}

4
docs/content/user-guides/crd-acme/k3s.yml
View file

@ -1,5 +1,5 @@
server:
image: rancher/k3s:v0.2.0
image: rancher/k3s:v0.5.0
command: server --disable-agent --no-deploy traefik
environment:
- K3S_CLUSTER_SECRET=somethingtotallyrandom
@ -17,7 +17,7 @@ server:
- 6443:6443
node:
image: rancher/k3s:v0.2.0
image: rancher/k3s:v0.5.0
privileged: true
links:
- server

13
docs/mkdocs.yml
View file

@ -85,8 +85,9 @@ nav:
- 'Routers': 'routing/routers/index.md'
- 'Services': 'routing/services/index.md'
- 'HTTPS & TLS':
- 'Overview': 'https-tls/overview.md'
- 'ACME': 'https-tls/acme.md'
- 'Overview': 'https/overview.md'
- 'TLS': 'https/tls.md'
- 'Let''s Encrypt': 'https/acme.md'
- 'Middlewares':
- 'Overview': 'middlewares/overview.md'
- 'AddPrefix': 'middlewares/addprefix.md'
@ -113,8 +114,8 @@ nav:
- 'Operations':
- 'CLI': 'operations/cli.md'
- 'Dashboard' : 'operations/dashboard.md'
- 'API': 'operations/api.md'
- 'Ping': 'operations/ping.md'
- 'Debug Mode': 'operations/debug-mode.md'
- 'Observability':
- 'Logs': 'observability/logs.md'
- 'Access Logs': 'observability/access-logs.md'
@ -133,7 +134,11 @@ nav:
- 'Maintainers': 'contributing/maintainers.md'
- 'Glossary': 'glossary.md'
- 'References':
- 'Static Configuration': 'reference/static-configuration.md'
- 'Static Configuration':
- 'Overview': 'reference/static-configuration/overview.md'
- 'File': 'reference/static-configuration/file.md'
- 'CLI': 'reference/static-configuration/cli.md'
- 'Environment variables': 'reference/static-configuration/env.md'
- 'Dynamic Configuration':
- 'Docker': 'reference/dynamic-configuration/docker.md'
- 'Kubernetes CRD': 'reference/dynamic-configuration/kubernetes-crd.md'

4
docs/theme/main.html vendored
View file

@ -19,9 +19,9 @@
</div>
{% endif %}
powered by
<a href="http://www.mkdocs.org" title="MkDocs">MkDocs</a>
<a href="https://www.mkdocs.org" title="MkDocs">MkDocs</a>
and
<a href="http://squidfunk.github.io/mkdocs-material/"
<a href="https://squidfunk.github.io/mkdocs-material/"
title="Material for MkDocs">
Material for MkDocs</a>
</div>

6
integration/access_log_test.go
View file

@ -581,7 +581,7 @@ func CheckAccessLogFormat(c *check.C, line string, i int) {
c.Assert(results, checker.HasLen, 14)
c.Assert(results[accesslog.OriginStatus], checker.Matches, `^(-|\d{3})$`)
c.Assert(results[accesslog.RequestCount], checker.Equals, fmt.Sprintf("%d", i+1))
c.Assert(results[accesslog.RouterName], checker.HasPrefix, "\"docker.rt-")
c.Assert(results[accesslog.RouterName], checker.HasPrefix, "\"docker@rt-")
c.Assert(results[accesslog.ServiceURL], checker.HasPrefix, "\"http://")
c.Assert(results[accesslog.Duration], checker.Matches, `^\d+ms$`)
}
@ -596,14 +596,14 @@ func checkAccessLogExactValues(c *check.C, line string, i int, v accessLogValue)
}
c.Assert(results[accesslog.OriginStatus], checker.Equals, v.code)
c.Assert(results[accesslog.RequestCount], checker.Equals, fmt.Sprintf("%d", i+1))
c.Assert(results[accesslog.RouterName], checker.Matches, `^"?(docker\.)?`+v.routerName+`.*$`)
c.Assert(results[accesslog.RouterName], checker.Matches, `^"?(docker@)?`+v.routerName+`.*$`)
c.Assert(results[accesslog.ServiceURL], checker.Matches, `^"?`+v.serviceURL+`.*$`)
c.Assert(results[accesslog.Duration], checker.Matches, `^\d+ms$`)
}
func waitForTraefik(c *check.C, containerName string) {
// Wait for Traefik to turn ready.
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/api/providers/docker/routers", nil)
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8080/api/rawdata", nil)
c.Assert(err, checker.IsNil)
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContains(containerName))

2
integration/acme_test.go
View file

@ -333,7 +333,7 @@ func (s *AcmeSuite) TestNoValidLetsEncryptServer(c *check.C) {
defer cmd.Process.Kill()
// Expected traefik works
err = try.GetRequest("http://127.0.0.1:8080/api/providers", 10*time.Second, try.StatusCodeIs(http.StatusOK))
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.StatusCodeIs(http.StatusOK))
c.Assert(err, checker.IsNil)
}

30
integration/docker_compose_test.go
View file

@ -62,27 +62,23 @@ func (s *DockerComposeSuite) TestComposeScale(c *check.C) {
_, err = try.ResponseUntilStatusCode(req, 1500*time.Millisecond, http.StatusOK)
c.Assert(err, checker.IsNil)
resp, err := http.Get("http://127.0.0.1:8080/api/providers/docker/services")
resp, err := http.Get("http://127.0.0.1:8080/api/rawdata")
c.Assert(err, checker.IsNil)
defer resp.Body.Close()
var services []api.ServiceRepresentation
err = json.NewDecoder(resp.Body).Decode(&services)
c.Assert(err, checker.IsNil)
// check that we have only one service with n servers
c.Assert(services, checker.HasLen, 1)
c.Assert(services[0].ID, checker.Equals, composeService+"_integrationtest"+composeProject)
c.Assert(services[0].LoadBalancer.Servers, checker.HasLen, serviceCount)
resp, err = http.Get("http://127.0.0.1:8080/api/providers/docker/routers")
c.Assert(err, checker.IsNil)
defer resp.Body.Close()
var routers []api.RouterRepresentation
err = json.NewDecoder(resp.Body).Decode(&routers)
var rtconf api.RunTimeRepresentation
err = json.NewDecoder(resp.Body).Decode(&rtconf)
c.Assert(err, checker.IsNil)
// check that we have only one router
c.Assert(routers, checker.HasLen, 1)
c.Assert(rtconf.Routers, checker.HasLen, 1)
// check that we have only one service with n servers
services := rtconf.Services
c.Assert(services, checker.HasLen, 1)
for k, v := range services {
c.Assert(k, checker.Equals, "docker@"+composeService+"_integrationtest"+composeProject)
c.Assert(v.LoadBalancer.Servers, checker.HasLen, serviceCount)
// We could break here, but we don't just to keep us honest.
}
}

6
integration/docker_test.go
View file

@ -315,7 +315,7 @@ func (s *DockerSuite) TestRestartDockerContainers(c *check.C) {
c.Assert(json.Unmarshal(body, &version), checker.IsNil)
c.Assert(version["Version"], checker.Equals, "swarm/1.0.0")
err = try.GetRequest("http://127.0.0.1:8080/api/providers/docker/services", 60*time.Second, try.BodyContains("powpow"))
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 60*time.Second, try.BodyContains("powpow"))
c.Assert(err, checker.IsNil)
s.stopAndRemoveContainerByName(c, "powpow")
@ -323,11 +323,11 @@ func (s *DockerSuite) TestRestartDockerContainers(c *check.C) {
time.Sleep(5 * time.Second)
err = try.GetRequest("http://127.0.0.1:8080/api/providers/docker/services", 10*time.Second, try.BodyContains("powpow"))
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 10*time.Second, try.BodyContains("powpow"))
c.Assert(err, checker.NotNil)
s.startContainerWithNameAndLabels(c, "powpow", "swarm:1.0.0", labels, "manage", "token://blabla")
err = try.GetRequest("http://127.0.0.1:8080/api/providers/docker/services", 60*time.Second, try.BodyContains("powpow"))
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 60*time.Second, try.BodyContains("powpow"))
c.Assert(err, checker.IsNil)
}

1
integration/fixtures/acme/acme_base.toml
View file

@ -46,7 +46,6 @@ level = "DEBUG"
[http.services.test.loadbalancer]
[[http.services.test.loadbalancer.servers]]
url = "http://127.0.0.1:9010"
weight = 1
[http.routers]
[http.routers.test]

1
integration/fixtures/acme/acme_tls.toml
View file

@ -46,7 +46,6 @@ level = "DEBUG"
[http.services.test.loadbalancer]
[[http.services.test.loadbalancer.servers]]
url = "http://127.0.0.1:9010"
weight = 1
[http.routers]
[http.routers.test]

1
integration/fixtures/acme/certificates.toml
View file

@ -2,7 +2,6 @@
[http.services.test.loadbalancer]
[[http.services.test.loadbalancer.servers]]
url = "http://127.0.0.1:9010"
weight = 1
[http.routers]
[http.routers.test]

2
integration/fixtures/docker/simple.toml
View file

@ -15,4 +15,4 @@ level = "DEBUG"
[providers.docker]
endpoint = "{{ .DockerHost }}"
defaultRule = "{{ .DefaultRule }}"
exposedByDefault = true
exposedByDefault = true

2
integration/fixtures/error_pages/error.toml
View file

@ -29,9 +29,7 @@ level = "DEBUG"
passHostHeader = true
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server1}}:8989474"
weight = 1
[http.services.error.loadbalancer]
[[http.services.error.loadbalancer.servers]]
url = "http://{{.Server2}}:80"
weight = 1

2
integration/fixtures/error_pages/simple.toml
View file

@ -29,9 +29,7 @@ level = "DEBUG"
passHostHeader = true
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server1}}:80"
weight = 1
[http.services.error.loadbalancer]
[[http.services.error.loadbalancer.servers]]
url = "http://{{.Server2}}:80"
weight = 1

1
integration/fixtures/file/dir/simple1.toml
View file

@ -7,4 +7,3 @@
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "http://172.17.0.2:80"
weight = 1

1
integration/fixtures/file/dir/simple2.toml
View file

@ -7,4 +7,3 @@
[http.services.service2.loadbalancer]
[[http.services.service2.loadbalancer.servers]]
url = "http://172.17.0.123:80"
weight = 1

27
integration/fixtures/file/simple-hosts.toml Normal file
View file

@ -0,0 +1,27 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.web]
address = ":8000"
[providers]
[providers.file]
[http.routers]
[http.routers.router1]
rule = "Host(`test.localhost`)"
service = "service1"
[http.routers.router2]
rule = "Host(`test.foo.localhost.`)"
service = "service1"
[http.services]
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
URL = "{{.Server}}"

7
integration/fixtures/file/simple.toml
View file

@ -30,17 +30,12 @@ level = "DEBUG"
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "http://172.17.0.2:80"
weight = 10
[[http.services.service1.loadbalancer.servers]]
url = "http://172.17.0.3:80"
weight = 1
[http.services.service2]
[http.services.service2.loadbalancer]
method = "drr"
[[http.services.service2.loadbalancer.servers]]
url = "http://172.17.0.4:80"
weight = 1
[[http.services.service2.loadbalancer.servers]]
url = "http://172.17.0.5:80"
weight = 2

1
integration/fixtures/grpc/config.toml
View file

@ -27,7 +27,6 @@ rootCAs = [ """{{ .CertContent }}""" ]
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "https://127.0.0.1:{{ .GRPCServerPort }}"
weight = 1
[tlsStores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""

1
integration/fixtures/grpc/config_h2c.toml
View file

@ -23,4 +23,3 @@ level = "DEBUG"
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "h2c://127.0.0.1:{{ .GRPCServerPort }}"
weight = 1

1
integration/fixtures/grpc/config_h2c_termination.toml
View file

@ -25,7 +25,6 @@ level = "DEBUG"
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "h2c://127.0.0.1:{{ .GRPCServerPort }}"
weight = 1
[tlsStores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""

1
integration/fixtures/grpc/config_insecure.toml
View file

@ -27,7 +27,6 @@ insecureSkipVerify = true
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "https://127.0.0.1:{{ .GRPCServerPort }}"
weight = 1
[tlsStores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""

1
integration/fixtures/grpc/config_retry.toml
View file

@ -34,7 +34,6 @@ rootCAs = [ """{{ .CertContent }}""" ]
flushInterval="1ms"
[[http.services.service1.loadbalancer.servers]]
url = "https://127.0.0.1:{{ .GRPCServerPort }}"
weight = 1
[tlsStores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""

34
integration/fixtures/grpc/config_with_flush.toml
View file

@ -1,34 +0,0 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[serversTransport]
rootCAs = [ """{{ .CertContent }}""" ]
[entryPoints]
[entryPoints.web-secure]
address = ":4443"
[api]
[providers]
[providers.file]
[http.routers]
[http.routers.router1]
rule = "Host(`127.0.0.1`)"
service = "service1"
[http.routers.router1.tls]
[http.services]
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "https://127.0.0.1:{{ .GRPCServerPort }}"
weight = 1
[tlsStores.default.DefaultCertificate]
certFile = """{{ .CertContent }}"""
keyFile = """{{ .KeyContent }}"""

1
integration/fixtures/headers/basic.toml
View file

@ -21,4 +21,3 @@ level = "DEBUG"
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "http://172.17.0.2:80"
weight = 1

1
integration/fixtures/headers/cors.toml
View file

@ -28,4 +28,3 @@ level = "DEBUG"
[http.services.service1.loadbalancer]
[[http.services.service1.loadbalancer.servers]]
url = "http://172.17.0.2:80"
weight = 1

36
integration/fixtures/healthcheck/multiple-entrypoints-wrr.toml
View file

@ -1,36 +0,0 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.http1]
address = ":8000"
[entryPoints.http2]
address = ":9000"
[api]
[providers]
[providers.file]
[http.routers]
[http.routers.router1]
service = "service1"
Rule = "Host(`test.localhost`)"
[http.services]
[http.services.service1.loadbalancer]
method = "wrr"
[http.services.service1.loadbalancer.healthcheck]
path = "/health"
interval = "1s"
timeout = "0.9s"
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server1}}:80"
weight = 1
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server2}}:80"
weight = 1

3
integration/fixtures/healthcheck/multiple-entrypoints-drr.toml → integration/fixtures/healthcheck/multiple-entrypoints.toml
View file

@ -23,14 +23,11 @@ level = "DEBUG"
[http.services]
[http.services.service1.loadbalancer]
method = "drr"
[http.services.service1.loadbalancer.healthcheck]
path = "/health"
interval = "1s"
timeout = "0.9s"
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server1}}:80"
weight = 1
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server2}}:80"
weight = 1

2
integration/fixtures/healthcheck/port_overload.toml
View file

@ -21,7 +21,6 @@ level = "DEBUG"
[http.services]
[http.services.service1.loadbalancer]
method = "drr"
[http.services.service1.loadbalancer.healthcheck]
path = "/health"
port = 80
@ -29,4 +28,3 @@ level = "DEBUG"
timeout = "0.9s"
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server1}}:81"
weight = 1

2
integration/fixtures/healthcheck/simple.toml
View file

@ -27,7 +27,5 @@ level = "DEBUG"
timeout = "0.9s"
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server1}}:80"
weight = 1
[[http.services.service1.loadbalancer.servers]]
url = "http://{{.Server2}}:80"
weight = 1

Some files were not shown because too many files have changed in this diff Show more