Enhance documentation.

This commit is contained in:
Ludovic Fernandez 2017-09-05 15:58:03 +02:00 committed by Traefiker
parent 732d73dd43
commit b0a0e16136
21 changed files with 676 additions and 434 deletions

View file

@ -91,30 +91,35 @@ Following is the list of existing modifier rules:
Matcher rules determine if a particular request should be forwarded to a backend. Matcher rules determine if a particular request should be forwarded to a backend.
Separate multiple rule values by `,` (comma) in order to enable ANY semantics (i.e., forward a request if any rule matches). Does not work for `Headers` and `HeadersRegexp`. Separate multiple rule values by `,` (comma) in order to enable ANY semantics (i.e., forward a request if any rule matches).
Does not work for `Headers` and `HeadersRegexp`.
Separate multiple rule values by `;` (semicolon) in order to enable ALL semantics (i.e., forward a request if all rules match). Separate multiple rule values by `;` (semicolon) in order to enable ALL semantics (i.e., forward a request if all rules match).
You can optionally enable `passHostHeader` to forward client `Host` header to the backend. You can also optionally enable `passTLSCert` to forward TLS Client certificates to the backend.
Following is the list of existing matcher rules along with examples: Following is the list of existing matcher rules along with examples:
- `Headers: Content-Type, application/json`: Match HTTP header. It accepts a comma-separated key/value pair where both key and value must be literals. | Matcher | Description |
- `HeadersRegexp: Content-Type, application/(text|json)`: Match HTTP header. It accepts a comma-separated key/value pair where the key must be a literal and the value may be a literal or a regular expression. |------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
- `Host: traefik.io, www.traefik.io`: Match request host. It accepts a sequence of literal hosts. | `Headers: Content-Type, application/json` | Match HTTP header. It accepts a comma-separated key/value pair where both key and value must be literals. |
- `HostRegexp: traefik.io, {subdomain:[a-z]+}.traefik.io`: Match request host. It accepts a sequence of literal and regular expression hosts. | `HeadersRegexp: Content-Type, application/(text/json)` | Match HTTP header. It accepts a comma-separated key/value pair where the key must be a literal and the value may be a literal or a regular expression. |
- `Method: GET, POST, PUT`: Match request HTTP method. It accepts a sequence of HTTP methods. | `Host: traefik.io, www.traefik.io` | Match request host. It accepts a sequence of literal hosts. |
- `Path: /products/, /articles/{category}/{id:[0-9]+}`: Match exact request path. It accepts a sequence of literal and regular expression paths. | `HostRegexp: traefik.io, {subdomain:[a-z]+}.traefik.io` | Match request host. It accepts a sequence of literal and regular expression hosts. |
- `PathStrip: /products/`: Match exact path and strip off the path prior to forwarding the request to the backend. It accepts a sequence of literal paths. | `Method: GET, POST, PUT` | Match request HTTP method. It accepts a sequence of HTTP methods. |
- `PathStripRegex: /articles/{category}/{id:[0-9]+}`: Match exact path and strip off the path prior to forwarding the request to the backend. It accepts a sequence of literal and regular expression paths. | `Path: /products/, /articles/{category}/{id:[0-9]+}` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
- `PathPrefix: /products/, /articles/{category}/{id:[0-9]+}`: Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. | `PathStrip: /products/` | Match exact path and strip off the path prior to forwarding the request to the backend. It accepts a sequence of literal paths. |
- `PathPrefixStrip: /products/`: Match request prefix path and strip off the path prefix prior to forwarding the request to the backend. It accepts a sequence of literal prefix paths. Starting with Traefik 1.3, the stripped prefix path will be available in the `X-Forwarded-Prefix` header. | `PathStripRegex: /articles/{category}/{id:[0-9]+}` | Match exact path and strip off the path prior to forwarding the request to the backend. It accepts a sequence of literal and regular expression paths. |
- `PathPrefixStripRegex: /articles/{category}/{id:[0-9]+}`: Match request prefix path and strip off the path prefix prior to forwarding the request to the backend. It accepts a sequence of literal and regular expression prefix paths. Starting with Traefik 1.3, the stripped prefix path will be available in the `X-Forwarded-Prefix` header. | `PathPrefix: /products/, /articles/{category}/{id:[0-9]+}` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
- `Query: foo=bar, bar=baz`: Match Query String parameters. It accepts a sequence of key=value pairs. | `PathPrefixStrip: /products/` | Match request prefix path and strip off the path prefix prior to forwarding the request to the backend. It accepts a sequence of literal prefix paths. Starting with Traefik 1.3, the stripped prefix path will be available in the `X-Forwarded-Prefix` header. |
| `PathPrefixStripRegex: /articles/{category}/{id:[0-9]+}` | Match request prefix path and strip off the path prefix prior to forwarding the request to the backend. It accepts a sequence of literal and regular expression prefix paths. Starting with Traefik 1.3, the stripped prefix path will be available in the `X-Forwarded-Prefix` header. |
| `Query: foo=bar, bar=baz` | Match Query String parameters. It accepts a sequence of key=value pairs. |
In order to use regular expressions with Host and Path matchers, you must declare an arbitrarily named variable followed by the colon-separated regular expression, all enclosed in curly braces. Any pattern supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used. Example: `/posts/{id:[0-9]+}`. In order to use regular expressions with Host and Path matchers, you must declare an arbitrarily named variable followed by the colon-separated regular expression, all enclosed in curly braces. Any pattern supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used (example: `/posts/{id:[0-9]+}`).
(Note that the variable has no special meaning; however, it is required by the gorilla/mux dependency which embeds the regular expression and defines the syntax.) !!! note
The variable has no special meaning; however, it is required by the [gorilla/mux](https://github.com/gorilla/mux) dependency which embeds the regular expression and defines the syntax.
You can optionally enable `passHostHeader` to forward client `Host` header to the backend.
You can also optionally enable `passTLSCert` to forward TLS Client certificates to the backend.
##### Path Matcher Usage Guidelines ##### Path Matcher Usage Guidelines
@ -122,12 +127,19 @@ This section explains when to use the various path matchers.
Use `Path` if your backend listens on the exact path only. For instance, `Path: /products` would match `/products` but not `/products/shoes`. Use `Path` if your backend listens on the exact path only. For instance, `Path: /products` would match `/products` but not `/products/shoes`.
Use a `*Prefix*` matcher if your backend listens on a particular base path but also serves requests on sub-paths. For instance, `PathPrefix: /products` would match `/products` but also `/products/shoes` and `/products/shirts`. Since the path is forwarded as-is, your backend is expected to listen on `/products`. Use a `*Prefix*` matcher if your backend listens on a particular base path but also serves requests on sub-paths.
For instance, `PathPrefix: /products` would match `/products` but also `/products/shoes` and `/products/shirts`.
Since the path is forwarded as-is, your backend is expected to listen on `/products`.
Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix. For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`. Since the path is stripped prior to forwarding, your backend is expected to listen on `/`. Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs. Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend). The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically. For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`.
Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs.
Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend).
The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically.
Instead of distinguishing your backends by path only, you can add a Host matcher to the mix. That way, namespacing of your backends happens on the basis of hosts in addition to paths. Instead of distinguishing your backends by path only, you can add a Host matcher to the mix.
That way, namespacing of your backends happens on the basis of hosts in addition to paths.
#### Examples #### Examples
@ -430,12 +442,12 @@ By default, Træfik will try to find a `traefik.toml` in the following places:
- `/etc/traefik/` - `/etc/traefik/`
- `$HOME/.traefik/` - `$HOME/.traefik/`
- `.` *the working directory* - `.` _the working directory_
You can override this by setting a `configFile` argument: You can override this by setting a `configFile` argument:
```bash ```bash
$ traefik --configFile=foo/bar/myconfigfile.toml traefik --configFile=foo/bar/myconfigfile.toml
``` ```
Please refer to the [global configuration](/configuration/commons) section to get documentation on it. Please refer to the [global configuration](/configuration/commons) section to get documentation on it.
@ -445,7 +457,7 @@ Please refer to the [global configuration](/configuration/commons) section to ge
Each argument (and command) is described in the help section: Each argument (and command) is described in the help section:
```bash ```bash
$ traefik --help traefik --help
``` ```
Note that all default values will be displayed as well. Note that all default values will be displayed as well.
@ -478,7 +490,12 @@ Please refer to the [configuration backends](/configuration/commons) section to
## Commands ## Commands
Usage: `traefik [command] [--flag=flag_argument]` ### traefik
Usage:
```bash
traefik [command] [--flag=flag_argument]
```
List of Træfik available commands with description :                                                              List of Træfik available commands with description :                                                             
@ -491,13 +508,13 @@ Each command may have related flags.
All those related flags will be displayed with : All those related flags will be displayed with :
```bash ```bash
$ traefik [command] --help traefik [command] --help
``` ```
Note that each command is described at the beginning of the help section: Note that each command is described at the beginning of the help section:
```bash ```bash
$ traefik --help traefik --help
``` ```
### Command: bug ### Command: bug
@ -505,7 +522,7 @@ $ traefik --help
Here is the easiest way to submit a pre-filled issue on [Træfik GitHub](https://github.com/containous/traefik). Here is the easiest way to submit a pre-filled issue on [Træfik GitHub](https://github.com/containous/traefik).
```bash ```bash
$ traefik bug traefik bug
``` ```
See https://www.youtube.com/watch?v=Lyz62L8m93I. See https://www.youtube.com/watch?v=Lyz62L8m93I.

View file

@ -8,9 +8,6 @@
[entryPoints.https.tls] [entryPoints.https.tls]
# Enable ACME (Let's Encrypt): automatic SSL # Enable ACME (Let's Encrypt): automatic SSL
#
# Optional
#
[acme] [acme]
# Email address used for registration # Email address used for registration
@ -104,22 +101,14 @@ entryPoint = "https"
# All domains must have A/AAAA records pointing to Traefik # All domains must have A/AAAA records pointing to Traefik
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits # WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
# Each domain & SANs will lead to a certificate request. # Each domain & SANs will lead to a certificate request.
#
# [[acme.domains]] # [[acme.domains]]
# main = "local1.com" # main = "local1.com"
# sans = ["test1.local1.com", "test2.local1.com"] # sans = ["test1.local1.com", "test2.local1.com"]
# [[acme.domains]] # [[acme.domains]]
# main = "local2.com" # main = "local2.com"
# sans = ["test1.local2.com", "test2x.local2.com"] # sans = ["test1.local2.com", "test2.local2.com"]
# [[acme.domains]] # [[acme.domains]]
# main = "local3.com" # main = "local3.com"
# [[acme.domains]] # [[acme.domains]]
# main = "local4.com" # main = "local4.com"
[[acme.domains]]
main = "local1.com"
sans = ["test1.local1.com", "test2.local1.com"]
[[acme.domains]]
main = "local3.com"
[[acme.domains]]
main = "local4.com"
``` ```

View file

@ -7,9 +7,8 @@ Like any other reverse proxy, Træfik can be configured with a file. You have th
Add your configuration at the end of the global configuration file `traefik.toml`: Add your configuration at the end of the global configuration file `traefik.toml`:
```toml ```toml
# traefik.toml
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"] defaultEntryPoints = ["http", "https"]
[entryPoints] [entryPoints]
[entryPoints.http] [entryPoints.http]
address = ":80" address = ":80"
@ -56,6 +55,7 @@ defaultEntryPoints = ["http", "https"]
backend = "backend2" backend = "backend2"
[frontends.frontend1.routes.test_1] [frontends.frontend1.routes.test_1]
rule = "Host:test.localhost" rule = "Host:test.localhost"
[frontends.frontend2] [frontends.frontend2]
backend = "backend1" backend = "backend1"
passHostHeader = true passHostHeader = true
@ -70,6 +70,7 @@ defaultEntryPoints = ["http", "https"]
entrypoints = ["https"] # overrides defaultEntryPoints entrypoints = ["https"] # overrides defaultEntryPoints
[frontends.frontend2.routes.test_1] [frontends.frontend2.routes.test_1]
rule = "Host:{subdomain:[a-z]+}.localhost" rule = "Host:{subdomain:[a-z]+}.localhost"
[frontends.frontend3] [frontends.frontend3]
entrypoints = ["http", "https"] # overrides defaultEntryPoints entrypoints = ["http", "https"] # overrides defaultEntryPoints
backend = "backend2" backend = "backend2"
@ -82,7 +83,6 @@ Put your rules in a separate file, for example `rules.toml`:
```toml ```toml
# traefik.toml # traefik.toml
logLevel = "DEBUG"
[entryPoints] [entryPoints]
[entryPoints.http] [entryPoints.http]
address = ":80" address = ":80"
@ -160,20 +160,3 @@ If you want Træfik to watch file changes automatically, just add:
[file] [file]
watch = true watch = true
``` ```
The configuration files can be also templates written using functions provided by [go template](https://golang.org/pkg/text/template/) as well as functions provided by the [sprig library](https://masterminds.github.io/sprig/), like this:
```tmpl
[backends]
[backends.backend1]
url = "http://firstserver"
[backends.backend2]
url = "http://secondserver"
{{$frontends := dict "frontend1" "backend1" "frontend2" "backend2"}}
[frontends]
{{range $frontend, $backend := $frontends}}
[frontends.{{$frontend}}]
backend = "{{$backend}}"
{{end}}
```

View file

@ -131,7 +131,7 @@ domain = "marathon.localhost"
Labels can be used on containers to override default behaviour: Labels can be used on containers to override default behaviour:
| Label | Description | | Label | Description |
|----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |-----------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.backend=foo` | assign the application to `foo` backend | | `traefik.backend=foo` | assign the application to `foo` backend |
| `traefik.backend.maxconn.amount=10` | set a maximum number of connections to the backend. Must be used in conjunction with the below label to take effect. | | `traefik.backend.maxconn.amount=10` | set a maximum number of connections to the backend. Must be used in conjunction with the below label to take effect. |
| `traefik.backend.maxconn.extractorfunc=client.ip` | set the function to be used against the request to determine what to limit maximum connections to the backend by. Must be used in conjunction with the above label to take effect. | | `traefik.backend.maxconn.extractorfunc=client.ip` | set the function to be used against the request to determine what to limit maximum connections to the backend by. Must be used in conjunction with the above label to take effect. |
@ -149,19 +149,19 @@ Labels can be used on containers to override default behaviour:
| `traefik.frontend.passHostHeader=true` | forward client `Host` header to the backend. | | `traefik.frontend.passHostHeader=true` | forward client `Host` header to the backend. |
| `traefik.frontend.priority=10` | override default frontend priority | | `traefik.frontend.priority=10` | override default frontend priority |
| `traefik.frontend.entryPoints=http,https` | assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`. | | `traefik.frontend.entryPoints=http,https` | assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`. |
| `traefik.frontend.auth.basic=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0` | Sets basic authentication for that frontend with the usernames and passwords test:test and test2:test2, respectively | | `traefik.frontend.auth.basic=EXPR` | Sets basic authentication for that frontend in CSV format: `User:Hash,User:Hash`. |
If several ports need to be exposed from a container, the services labels can be used: If several ports need to be exposed from a container, the services labels can be used:
| Label | Description | | Label | Description |
|-------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------| |--------------------------------------------------------|------------------------------------------------------------------------------------------------------|
| `traefik.<service-name>.port=443` | create a service binding with frontend/backend using this port. Overrides `traefik.port`. | | `traefik.<service-name>.port=443` | create a service binding with frontend/backend using this port. Overrides `traefik.port`. |
| `traefik.<service-name>.portIndex=1` | create a service binding with frontend/backend using this port index. Overrides `traefik.portIndex`. | | `traefik.<service-name>.portIndex=1` | create a service binding with frontend/backend using this port index. Overrides `traefik.portIndex`. |
| `traefik.<service-name>.protocol=https` | assign `https` protocol. Overrides `traefik.protocol`. | | `traefik.<service-name>.protocol=https` | assign `https` protocol. Overrides `traefik.protocol`. |
| `traefik.<service-name>.weight=10` | assign this service weight. Overrides `traefik.weight`. | | `traefik.<service-name>.weight=10` | assign this service weight. Overrides `traefik.weight`. |
| `traefik.<service-name>.frontend.backend=fooBackend` | assign this service frontend to `foobackend`. Default is to assign to the service backend. | | `traefik.<service-name>.frontend.backend=fooBackend` | assign this service frontend to `foobackend`. Default is to assign to the service backend. |
| `traefik.<service-name>.frontend.entryPoints=http` | assign this service entrypoints. Overrides `traefik.frontend.entrypoints`. | | `traefik.<service-name>.frontend.entryPoints=http` | assign this service entrypoints. Overrides `traefik.frontend.entrypoints`. |
| `traefik.<service-name>.frontend.auth.basic=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0` | Sets a Basic Auth for that frontend with the users test:test and test2:test2. | | `traefik.<service-name>.frontend.auth.basic=test:EXPR` | Sets basic authentication for that frontend in CSV format: `User:Hash,User:Hash` |
| `traefik.<service-name>.frontend.passHostHeader=true` | Forward client `Host` header to the backend. Overrides `traefik.frontend.passHostHeader`. | | `traefik.<service-name>.frontend.passHostHeader=true` | Forward client `Host` header to the backend. Overrides `traefik.frontend.passHostHeader`. |
| `traefik.<service-name>.frontend.priority=10` | assign the service frontend priority. Overrides `traefik.frontend.priority`. | | `traefik.<service-name>.frontend.priority=10` | assign the service frontend priority. Overrides `traefik.frontend.priority`. |
| `traefik.<service-name>.frontend.rule=Path:/foo` | assign the service frontend rule. Overrides `traefik.frontend.rule`. | | `traefik.<service-name>.frontend.rule=Path:/foo` | assign the service frontend rule. Overrides `traefik.frontend.rule`. |

View file

@ -22,27 +22,27 @@ domain = "rancher.localhost"
# Optional # Optional
# Default: true # Default: true
# #
Watch = true watch = true
# Polling interval (in seconds) # Polling interval (in seconds)
# #
# Optional # Optional
# #
RefreshSeconds = 15 refreshSeconds = 15
# Expose Rancher services by default in traefik # Expose Rancher services by default in traefik
# #
# Optional # Optional
# Default: true # Default: true
# #
ExposedByDefault = false exposedByDefault = false
# Filter services with unhealthy states and inactive states # Filter services with unhealthy states and inactive states
# #
# Optional # Optional
# Default: false # Default: false
# #
EnableServiceHealthFilter = true enableServiceHealthFilter = true
``` ```
## Rancher Metadata Service ## Rancher Metadata Service
@ -63,14 +63,14 @@ EnableServiceHealthFilter = true
# Optional # Optional
# Default: false # Default: false
# #
IntervalPoll = true intervalPoll = true
# Prefix used for accessing the Rancher metadata service # Prefix used for accessing the Rancher metadata service
# #
# Optional # Optional
# Default: "/latest" # Default: "/latest"
# #
Prefix = "/2016-07-29" prefix = "/2016-07-29"
``` ```
## Rancher API ## Rancher API
@ -86,17 +86,17 @@ Prefix = "/2016-07-29"
# Endpoint to use when connecting to the Rancher API # Endpoint to use when connecting to the Rancher API
# #
# Required # Required
Endpoint = "http://rancherserver.example.com/v1" endpoint = "http://rancherserver.example.com/v1"
# AccessKey to use when connecting to the Rancher API # AccessKey to use when connecting to the Rancher API
# #
# Required # Required
AccessKey = "XXXXXXXXXXXXXXXXXXXX" accessKey = "XXXXXXXXXXXXXXXXXXXX"
# SecretKey to use when connecting to the Rancher API # SecretKey to use when connecting to the Rancher API
# #
# Required # Required
SecretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" secretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
``` ```
!!! note !!! note
@ -110,7 +110,7 @@ SecretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Labels can be used on task containers to override default behaviour: Labels can be used on task containers to override default behaviour:
| Label | Description | | Label | Description |
|----------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------| |----------------------------------------------|------------------------------------------------------------------------------------------|
| `traefik.protocol=https` | override the default `http` protocol | | `traefik.protocol=https` | override the default `http` protocol |
| `traefik.weight=10` | assign this weight to the container | | `traefik.weight=10` | assign this weight to the container |
| `traefik.enable=false` | disable this container in Træfik | | `traefik.enable=false` | disable this container in Træfik |
@ -118,4 +118,4 @@ Labels can be used on task containers to override default behaviour:
| `traefik.frontend.passHostHeader=true` | forward client `Host` header to the backend. | | `traefik.frontend.passHostHeader=true` | forward client `Host` header to the backend. |
| `traefik.frontend.priority=10` | override default frontend priority | | `traefik.frontend.priority=10` | override default frontend priority |
| `traefik.frontend.entryPoints=http,https` | assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`. | | `traefik.frontend.entryPoints=http,https` | assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`. |
| `traefik.frontend.auth.basic=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0` | Sets basic authentication for that frontend with the usernames and passwords test:test and test2:test2, respectively | | `traefik.frontend.auth.basic=EXPR` | Sets basic authentication for that frontend in CSV format: `User:Hash,User:Hash`. |

View file

@ -32,21 +32,6 @@ address = ":8080"
# Enable more detailed statistics # Enable more detailed statistics
# [web.statistics] # [web.statistics]
# RecentErrors = 10 # RecentErrors = 10
# To enable basic auth on the webui
# with 2 user/pass: test:test and test2:test2
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
# [web.auth.basic]
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
# usersFile = "/path/to/.htpasswd"
# To enable digest auth on the webui
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
# You can use htdigest to generate those ones
# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
# [web.auth.digest]
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
# usersFile = "/path/to/.htdigest"
``` ```
## Web UI ## Web UI
@ -55,24 +40,65 @@ address = ":8080"
![Web UI Health](/img/traefik-health.png) ![Web UI Health](/img/traefik-health.png)
### Authentication
- Basic Authentication
Passwords can be encoded in MD5, SHA1 and BCrypt: you can use `htpasswd` to generate those ones.
Users can be specified directly in the toml file, or indirectly by referencing an external file;
if both are provided, the two are merged, with external file contents having precedence.
```toml
# To enable basic auth on the webui with 2 user/pass: test:test and test2:test2
[web.auth.basic]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "/path/to/.htpasswd"
```
- Digest Authentication
You can use `htdigest` to generate those ones.
Users can be specified directly in the toml file, or indirectly by referencing an external file;
if both are provided, the two are merged, with external file contents having precedence
```toml
# To enable digest auth on the webui with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
[web.auth.digest]
users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
usersFile = "/path/to/.htdigest"
```
## Metrics ## Metrics
You can enable Traefik to export internal metrics to different monitoring systems. You can enable Traefik to export internal metrics to different monitoring systems.
- Prometheus
```toml ```toml
# To enable Traefik to export internal metrics to Prometheus # To enable Traefik to export internal metrics to Prometheus
# [web.metrics.prometheus] [web.metrics.prometheus]
# Buckets=[0.1,0.3,1.2,5.0] Buckets=[0.1,0.3,1.2,5.0]
```
- DataDog
```toml
# DataDog metrics exporter type # DataDog metrics exporter type
# [web.metrics.datadog] [web.metrics.datadog]
# Address = "localhost:8125" Address = "localhost:8125"
# Pushinterval = "10s" Pushinterval = "10s"
```
- StatsD
```toml
# StatsD metrics exporter type # StatsD metrics exporter type
# [web.metrics.statsd] [web.metrics.statsd]
# Address = "localhost:8125" Address = "localhost:8125"
# Pushinterval = "10s" Pushinterval = "10s"
``` ```
## API ## API

View file

@ -3,10 +3,6 @@
## Main Section ## Main Section
```toml ```toml
################################################################
# Global configuration
################################################################
# Duration to give active requests a chance to finish before Traefik stops. # Duration to give active requests a chance to finish before Traefik stops.
# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). # Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
# If no units are provided, the value is parsed assuming seconds. # If no units are provided, the value is parsed assuming seconds.
@ -43,21 +39,6 @@
# #
# ProvidersThrottleDuration = "2s" # ProvidersThrottleDuration = "2s"
# IdleTimeout
#
# DEPRECATED - see [respondingTimeouts] section. In the case both settings are configured, the deprecated option will
# be overwritten.
#
# IdleTimeout is the maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
# This is set to enforce closing of stale client connections.
# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw
# values (digits). If no units are provided, the value is parsed assuming seconds.
#
# Optional
# Default: "180s"
#
# IdleTimeout = "360s"
# Controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost # Controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost
# from the Go standard library net/http module is used. # from the Go standard library net/http module is used.
# If you encounter 'too many open files' errors, you can either increase this # If you encounter 'too many open files' errors, you can either increase this
@ -70,6 +51,7 @@
# If set to true invalid SSL certificates are accepted for backends. # If set to true invalid SSL certificates are accepted for backends.
# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks. # Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
#
# Optional # Optional
# Default: false # Default: false
# #
@ -91,7 +73,8 @@
# defaultEntryPoints = ["http", "https"] # defaultEntryPoints = ["http", "https"]
``` ```
### Constraints
## Constraints
In a micro-service architecture, with a central service discovery, setting constraints limits Træfik scope to a smaller number of routes. In a micro-service architecture, with a central service discovery, setting constraints limits Træfik scope to a smaller number of routes.
@ -113,57 +96,63 @@ Supported filters:
- `tag` - `tag`
### Simple
```toml ```toml
# Constraints definition
#
# Optional
#
# Simple matching constraint # Simple matching constraint
# constraints = ["tag==api"] constraints = ["tag==api"]
# Simple mismatching constraint # Simple mismatching constraint
# constraints = ["tag!=api"] constraints = ["tag!=api"]
# Globbing # Globbing
# constraints = ["tag==us-*"] constraints = ["tag==us-*"]
```
### Multiple
```toml
# Multiple constraints # Multiple constraints
# - "tag==" must match with at least one tag # - "tag==" must match with at least one tag
# - "tag!=" must match with none of tags # - "tag!=" must match with none of tags
# constraints = ["tag!=us-*", "tag!=asia-*"] constraints = ["tag!=us-*", "tag!=asia-*"]
# Backend-specific constraint
# [consulCatalog]
# endpoint = 127.0.0.1:8500
# constraints = ["tag==api"]
# [consulCatalog]
# endpoint = 127.0.0.1:8500
# constraints = ["tag==api", "tag!=v*-beta"]
``` ```
## Traefik Logs ### Backend-specific
```toml
# Backend-specific constraint
[consulCatalog]
endpoint = "127.0.0.1:8500"
constraints = ["tag==api"]
[marathon]
endpoint = "127.0.0.1:8800"
constraints = ["tag==api", "tag!=v*-beta"]
```
## Logs Definition
### Traefik logs
```toml ```toml
# Traefik logs file # Traefik logs file
# If not defined, logs to stdout # If not defined, logs to stdout
# traefikLogsFile = "log/traefik.log"
# Optional
#
# traefikLogsFile = "log/traefik.log"
# Log level # Log level
# #
# Optional # Optional
# Default: "ERROR" # Default: "ERROR"
#
# Accepted values, in order of severity: "DEBUG", "INFO", "WARN", "ERROR", "FATAL", "PANIC" # Accepted values, in order of severity: "DEBUG", "INFO", "WARN", "ERROR", "FATAL", "PANIC"
# Messages at and above the selected level will be logged. # Messages at and above the selected level will be logged.
# #
# logLevel = "ERROR" logLevel = "ERROR"
``` ```
### Access Logs
## Access Log Definition
Access logs are written when `[accessLog]` is defined. Access logs are written when `[accessLog]` is defined.
By default it will write to stdout and produce logs in the textual Common Log Format (CLF), extended with additional fields. By default it will write to stdout and produce logs in the textual Common Log Format (CLF), extended with additional fields.
@ -176,14 +165,14 @@ To enable access logs using the default settings just add the `[accessLog]` entr
To write the logs into a logfile specify the `filePath`. To write the logs into a logfile specify the `filePath`.
```toml ```toml
[accessLog] [accessLog]
filePath = "/path/to/access.log" filePath = "/path/to/access.log"
``` ```
To write JSON format logs, specify `json` as the format: To write JSON format logs, specify `json` as the format:
```toml ```toml
[accessLog] [accessLog]
filePath = "/path/to/access.log" filePath = "/path/to/access.log"
format = "json" format = "json"
``` ```
Deprecated way (before 1.4): Deprecated way (before 1.4):
@ -191,12 +180,11 @@ Deprecated way (before 1.4):
# Access logs file # Access logs file
# #
# DEPRECATED - see [accessLog] lower down # DEPRECATED - see [accessLog] lower down
# Optional
# #
accessLogsFile = "log/access.log" accessLogsFile = "log/access.log"
``` ```
## Log Rotation ### Log Rotation
Traefik will close and reopen its log files, assuming they're configured, on receipt of a USR1 signal. Traefik will close and reopen its log files, assuming they're configured, on receipt of a USR1 signal.
This allows the logs to be rotated and processed by an external program, such as `logrotate`. This allows the logs to be rotated and processed by an external program, such as `logrotate`.
@ -239,166 +227,10 @@ Now the `500s.html` error page is returned for the configured code range.
The configured status code ranges are inclusive; that is, in the above example, the `500s.html` page will be returned for status codes `500` through, and including, `599`. The configured status code ranges are inclusive; that is, in the above example, the `500s.html` page will be returned for status codes `500` through, and including, `599`.
## Entry Points Definition
```toml
# Entrypoints definition
#
# Default:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
#
[entryPoints]
[entryPoints.http]
address = ":80"
```
### Redirect HTTP to HTTPS
```toml
# To redirect an http entrypoint to an https entrypoint (with SNI support):
#
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
```
### Rewriting URL
```toml
# To redirect an entrypoint rewriting the URL:
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/$1"
```
### TLS Mutual Authentication
```toml
# Only accept clients that present a certificate signed by a specified
# Certificate Authority (CA)
# ClientCAFiles can be configured with multiple CA:s in the same file or
# use multiple files containing one or several CA:s. The CA:s has to be in PEM format.
# All clients will be required to present a valid cert.
# The requirement will apply to all server certs in the entrypoint
# In the example below both snitest.com and snitest.org will require client certs
#
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
ClientCAFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
```
### Basic & Digest Authentication
```toml
# To enable basic auth on an entrypoint
#
# with 2 user/pass: test:test and test2:test2
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones.
# Users can be specified directly in the toml file, or indirectly by referencing an external file;
# if both are provided, the two are merged, with external file contents having precedence.
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.auth.basic]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "/path/to/.htpasswd"
```
```toml
# To enable digest auth on an entrypoint
#
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
# You can use htdigest to generate those ones
# Users can be specified directly in the toml file, or indirectly by referencing an external file;
# if both are provided, the two are merged, with external file contents having precedence
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.auth.basic]
users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
usersFile = "/path/to/.htdigest"
```
### Specify Minimum TLS Version
```toml
# To specify an https entrypoint with a minimum TLS version,
# and specifying an array of cipher suites (from crypto/tls):
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
CipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
```
### Compression
```toml
# To enable compression support using gzip format:
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
```
### Whitelisting
```toml
# To enable IP whitelisting at the entrypoint level:
[entryPoints]
[entryPoints.http]
address = ":80"
whiteListSourceRange = ["127.0.0.1/32"]
```
### ProxyProtocol Support
```toml
# To enable ProxyProtocol support (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt):
[entryPoints]
[entryPoints.http]
address = ":80"
proxyprotocol = true
```
## Retry Configuration ## Retry Configuration
```toml ```toml
# Enable retry sending request if network error # Enable retry sending request if network error
#
# Optional
#
[retry] [retry]
# Number of attempts # Number of attempts
@ -409,13 +241,11 @@ The configured status code ranges are inclusive; that is, in the above example,
# attempts = 3 # attempts = 3
``` ```
## Health Check Configuration ## Health Check Configuration
```toml ```toml
# Enable custom health check options. # Enable custom health check options.
#
# Optional
#
[healthcheck] [healthcheck]
# Set the default health check interval. Will only be effective if health check # Set the default health check interval. Will only be effective if health check
@ -431,13 +261,14 @@ The configured status code ranges are inclusive; that is, in the above example,
# interval = "30s" # interval = "30s"
``` ```
## Responding Timeouts
## Timeouts
### Responding Timeouts
`respondingTimeouts` are timeouts for incoming requests to the Traefik instance.
```toml ```toml
# respondingTimeouts are timeouts for incoming requests to the Traefik instance.
#
# Optional
#
[respondingTimeouts] [respondingTimeouts]
# readTimeout is the maximum duration for reading the entire request, including the body. # readTimeout is the maximum duration for reading the entire request, including the body.
@ -470,16 +301,13 @@ The configured status code ranges are inclusive; that is, in the above example,
# Default: "180s" # Default: "180s"
# #
# idleTimeout = "360s" # idleTimeout = "360s"
``` ```
## Forwarding Timeouts ### Forwarding Timeouts
`forwardingTimeouts` are timeouts for requests forwarded to the backend servers.
```toml ```toml
# forwardingTimeouts are timeouts for requests forwarded to the backend servers.
#
# Optional
#
[forwardingTimeouts] [forwardingTimeouts]
# dialTimeout is the amount of time to wait until a connection to a backend server can be established. # dialTimeout is the amount of time to wait until a connection to a backend server can be established.
@ -503,3 +331,79 @@ The configured status code ranges are inclusive; that is, in the above example,
# responseHeaderTimeout = "0s" # responseHeaderTimeout = "0s"
``` ```
### Idle Timeout (deprecated)
Use [respondingTimeouts](/configuration/commons/#responding-timeouts) instead of `IdleTimeout`.
In the case both settings are configured, the deprecated option will be overwritten.
`IdleTimeout` is the maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
This is set to enforce closing of stale client connections.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml
# IdleTimeout
#
# DEPRECATED - see [respondingTimeouts] section.
#
# Optional
# Default: "180s"
#
IdleTimeout = "360s"
```
## Override Default Configuration Template
!!! warning
For advanced users only.
Supported by all backends except: File backend, Web backend and DynamoDB backend.
```toml
[backend_name]
# Override default configuration template. For advanced users :)
#
# Optional
# Default: ""
#
filename = "custom_config_template.tpml"
# Enable debug logging of generated configuration template.
#
# Optional
# Default: false
#
debugLogGeneratedTemplate = true
```
Example:
```toml
[marathon]
filename = "my_custom_config_template.tpml"
```
The template files can be written using functions provided by:
- [go template](https://golang.org/pkg/text/template/)
- [sprig library](https://masterminds.github.io/sprig/)
Example:
```tmpl
[backends]
[backends.backend1]
url = "http://firstserver"
[backends.backend2]
url = "http://secondserver"
{{$frontends := dict "frontend1" "backend1" "frontend2" "backend2"}}
[frontends]
{{range $frontend, $backend := $frontends}}
[frontends.{{$frontend}}]
backend = "{{$backend}}"
{{end}}
```

View file

@ -0,0 +1,162 @@
# Entry Points Definition
```toml
# Entrypoints definition
#
# Default:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
#
[entryPoints]
[entryPoints.http]
address = ":80"
```
## Redirect HTTP to HTTPS
To redirect an http entrypoint to an https entrypoint (with SNI support).
```toml
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
```
## Rewriting URL
To redirect an entrypoint rewriting the URL.
```toml
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/$1"
```
## TLS Mutual Authentication
Only accept clients that present a certificate signed by a specified Certificate Authority (CA).
`ClientCAFiles` can be configured with multiple `CA:s` in the same file or use multiple files containing one or several `CA:s`.
The `CA:s` has to be in PEM format.
All clients will be required to present a valid cert.
The requirement will apply to all server certs in the entrypoint.
In the example below both `snitest.com` and `snitest.org` will require client certs
```toml
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
ClientCAFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
```
## Authentication
### Basic Authentication
Passwords can be encoded in MD5, SHA1 and BCrypt: you can use `htpasswd` to generate those ones.
Users can be specified directly in the toml file, or indirectly by referencing an external file;
if both are provided, the two are merged, with external file contents having precedence.
```toml
# To enable basic auth on an entrypoint with 2 user/pass: test:test and test2:test2
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.auth.basic]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "/path/to/.htpasswd"
```
### Digest Authentication
You can use `htdigest` to generate those ones.
Users can be specified directly in the toml file, or indirectly by referencing an external file;
if both are provided, the two are merged, with external file contents having precedence
```toml
# To enable digest auth on an entrypoint with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.auth.basic]
users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
usersFile = "/path/to/.htdigest"
```
## Specify Minimum TLS Version
To specify an https entrypoint with a minimum TLS version, and specifying an array of cipher suites (from crypto/tls).
```toml
[entryPoints]
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
CipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"]
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.com.cert"
KeyFile = "integration/fixtures/https/snitest.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "integration/fixtures/https/snitest.org.cert"
KeyFile = "integration/fixtures/https/snitest.org.key"
```
## Compression
To enable compression support using gzip format.
```toml
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
```
## Whitelisting
To enable IP whitelisting at the entrypoint level.
```toml
[entryPoints]
[entryPoints.http]
address = ":80"
whiteListSourceRange = ["127.0.0.1/32"]
```
## ProxyProtocol Support
To enable [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) support.
```toml
[entryPoints]
[entryPoints.http]
address = ":80"
proxyprotocol = true
```

View file

@ -125,9 +125,11 @@ networks:
Start it from within the `traefik` folder: Start it from within the `traefik` folder:
docker-compose up -d ```shell
docker-compose up -d
```
In a browser you may open `http://localhost:8080` to access Træfik's dashboard and observe the following magic. In a browser you may open [http://localhost:8080](http://localhost:8080) to access Træfik's dashboard and observe the following magic.
Now, create a folder named `test` and create a `docker-compose.yml` in it with this content: Now, create a folder named `test` and create a `docker-compose.yml` in it with this content:
@ -159,7 +161,10 @@ docker-compose scale whoami=2
Finally, test load-balancing between the two services `test_whoami_1` and `test_whoami_2`: Finally, test load-balancing between the two services `test_whoami_1` and `test_whoami_2`:
```shell ```shell
$ curl -H Host:whoami.docker.localhost http://127.0.0.1 curl -H Host:whoami.docker.localhost http://127.0.0.1
```
```yaml
Hostname: ef194d07634a Hostname: ef194d07634a
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -174,8 +179,13 @@ X-Forwarded-For: 172.17.0.1
X-Forwarded-Host: 172.17.0.4:80 X-Forwarded-Host: 172.17.0.4:80
X-Forwarded-Proto: http X-Forwarded-Proto: http
X-Forwarded-Server: dbb60406010d X-Forwarded-Server: dbb60406010d
```
$ curl -H Host:whoami.docker.localhost http://127.0.0.1 ```shell
curl -H Host:whoami.docker.localhost http://127.0.0.1
```
```yaml
Hostname: 6c3c5df0c79a Hostname: 6c3c5df0c79a
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1

104
docs/theme/partials/footer.html vendored Normal file
View file

@ -0,0 +1,104 @@
<!--
Copyright (c) 2016-2017 Martin Donath <martin.donath@squidfunk.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to
deal in the Software without restriction, including without limitation the
rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
-->
{% import "partials/language.html" as lang %}
<!-- Application footer -->
<footer class="md-footer">
<!-- Link to previous and/or next page -->
{% if page.previous_page or page.next_page %}
<!--<div class="md-footer-nav">-->
<!--<nav class="md-footer-nav__inner md-grid">-->
<!-- -->
<!-- Link to previous page -->
<!--{% if page.previous_page %}-->
<!--<a href="{{ page.previous_page.url }}"-->
<!--title="{{ page.previous_page.title }}"-->
<!--class="md-flex md-footer-nav__link md-footer-nav__link&#45;&#45;prev"-->
<!--rel="prev">-->
<!--<div class="md-flex__cell md-flex__cell&#45;&#45;shrink">-->
<!--<i class="md-icon md-icon&#45;&#45;arrow-back-->
<!--md-footer-nav__button"></i>-->
<!--</div>-->
<!--<div class="md-flex__cell md-flex__cell&#45;&#45;stretch-->
<!--md-footer-nav__title">-->
<!--<span class="md-flex__ellipsis">-->
<!--<span class="md-footer-nav__direction">-->
<!--{{ lang.t("footer.previous") }} -->
<!--</span>-->
<!--{{ page.previous_page.title }}-->
<!--</span>-->
<!--</div>-->
<!--</a>-->
<!--{% endif %}-->
<!-- -->
<!-- Link to next page -->
<!--{% if page.next_page %}-->
<!--<a href="{{ page.next_page.url }}" title="{{ page.next_page.title }}"-->
<!--class="md-flex md-footer-nav__link md-footer-nav__link&#45;&#45;next"-->
<!--rel="next">-->
<!--<div class="md-flex__cell md-flex__cell&#45;&#45;stretch-->
<!--md-footer-nav__title">-->
<!--<span class="md-flex__ellipsis">-->
<!--<span class="md-footer-nav__direction">-->
<!--{{ lang.t("footer.next") }}-->
<!--</span>-->
<!--{{ page.next_page.title }}-->
<!--</span>-->
<!--</div>-->
<!--<div class="md-flex__cell md-flex__cell&#45;&#45;shrink">-->
<!--<i class="md-icon md-icon&#45;&#45;arrow-forward-->
<!--md-footer-nav__button"></i>-->
<!--</div>-->
<!--</a>-->
<!--{% endif %}-->
<!--</nav>-->
<!--</div>-->
{% endif %}
<!-- Further information -->
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<!-- Copyright and theme information -->
<div class="md-footer-copyright">
{% if config.copyright %}
<div class="md-footer-copyright__highlight">
{{ config.copyright }}
</div>
{% endif %}
powered by
<a href="http://www.mkdocs.org" title="MkDocs">MkDocs</a>
and
<a href="http://squidfunk.github.io/mkdocs-material/"
title="Material for MkDocs">
Material for MkDocs</a>
</div>
<!-- Social links -->
{% block social %}
{% include "partials/social.html" %}
{% endblock %}
</div>
</div>
</footer>

View file

@ -18,18 +18,22 @@ In this example, we're going to use a single network called `web` where all cont
On the Docker host, run the following command: On the Docker host, run the following command:
`$ docker network create web` ```shell
docker network create web
```
Now, let's create a directory on the server where we will configure the rest of Traefik: Now, let's create a directory on the server where we will configure the rest of Traefik:
`$ mkdir -p /opt/traefik` ```shell
mkdir -p /opt/traefik
```
Within this directory, we're going to create 3 empty files: Within this directory, we're going to create 3 empty files:
```sh ```shell
$ touch /opt/traefik/docker-compose.yml touch /opt/traefik/docker-compose.yml
$ touch /opt/traefik/acme.json && chmod 600 /opt/traefik/acme.json touch /opt/traefik/acme.json && chmod 600 /opt/traefik/acme.json
$ touch /opt/traefik/traefik.toml touch /opt/traefik/traefik.toml
``` ```
The `docker-compose.yml` file will provide us with a simple, consistent and more importantly, a deterministic way to create Traefik. The `docker-compose.yml` file will provide us with a simple, consistent and more importantly, a deterministic way to create Traefik.
@ -104,7 +108,7 @@ This is the minimum configuration required to do the following:
- Enable the Docker configuration backend and listen for container events on the Docker unix socket we've mounted earlier. However, **new containers will not be exposed by Traefik by default, we'll get into this in a bit!** - Enable the Docker configuration backend and listen for container events on the Docker unix socket we've mounted earlier. However, **new containers will not be exposed by Traefik by default, we'll get into this in a bit!**
- Enable automatic request and configuration of SSL certificates using Let's Encrypt. These certificates will be stored in the `acme.json` file, which you can back-up yourself and store off-premises. - Enable automatic request and configuration of SSL certificates using Let's Encrypt. These certificates will be stored in the `acme.json` file, which you can back-up yourself and store off-premises.
Alright, let's boot the container. From the `/opt/traefik` directory, run `$ docker-compose up -d` which will create and start the Traefik container. Alright, let's boot the container. From the `/opt/traefik` directory, run `docker-compose up -d` which will create and start the Traefik container.
## Exposing Web Services to the Outside World ## Exposing Web Services to the Outside World

View file

@ -112,6 +112,7 @@ And there, the same global configuration in the Key-value Store (using `prefix =
| `/traefik/web/address` | `:8081` | | `/traefik/web/address` | `:8081` |
In case you are setting key values manually: In case you are setting key values manually:
- Remember to specify the indexes (`0`,`1`, `2`, ... ) under prefixes `/traefik/defaultentrypoints/` and `/traefik/entrypoints/https/tls/certificates/` in order to match the global configuration structure. - Remember to specify the indexes (`0`,`1`, `2`, ... ) under prefixes `/traefik/defaultentrypoints/` and `/traefik/entrypoints/https/tls/certificates/` in order to match the global configuration structure.
- Be careful to give the correct IP address and port on the key `/traefik/consul/endpoint`. - Be careful to give the correct IP address and port on the key `/traefik/consul/endpoint`.
@ -277,7 +278,10 @@ Træfik can watch the backends/frontends configuration changes and generate its
Note that only backends/frontends rules are dynamic, the rest of the Træfik configuration stay static. Note that only backends/frontends rules are dynamic, the rest of the Træfik configuration stay static.
The [Etcd](https://github.com/coreos/etcd/issues/860) and [Consul](https://github.com/hashicorp/consul/issues/886) backends do not support updating multiple keys atomically. As a result, it may be possible for Træfik to read an intermediate configuration state despite judicious use of the `--providersThrottleDuration` flag. To solve this problem, Træfik supports a special key called `/traefik/alias`. If set, Træfik use the value as an alternative key prefix. The [Etcd](https://github.com/coreos/etcd/issues/860) and [Consul](https://github.com/hashicorp/consul/issues/886) backends do not support updating multiple keys atomically.
As a result, it may be possible for Træfik to read an intermediate configuration state despite judicious use of the `--providersThrottleDuration` flag.
To solve this problem, Træfik supports a special key called `/traefik/alias`.
If set, Træfik use the value as an alternative key prefix.
Given the key structure below, Træfik will use the `http://172.17.0.2:80` as its only backend (frontend keys have been omitted for brevity). Given the key structure below, Træfik will use the `http://172.17.0.2:80` as its only backend (frontend keys have been omitted for brevity).
@ -287,7 +291,8 @@ Given the key structure below, Træfik will use the `http://172.17.0.2:80` as it
| `/traefik_configurations/1/backends/backend1/servers/server1/url` | `http://172.17.0.2:80` | | `/traefik_configurations/1/backends/backend1/servers/server1/url` | `http://172.17.0.2:80` |
| `/traefik_configurations/1/backends/backend1/servers/server1/weight` | `10` | | `/traefik_configurations/1/backends/backend1/servers/server1/weight` | `10` |
When an atomic configuration change is required, you may write a new configuration at an alternative prefix. Here, although the `/traefik_configurations/2/...` keys have been set, the old configuration is still active because the `/traefik/alias` key still points to `/traefik_configurations/1`: When an atomic configuration change is required, you may write a new configuration at an alternative prefix.
Here, although the `/traefik_configurations/2/...` keys have been set, the old configuration is still active because the `/traefik/alias` key still points to `/traefik_configurations/1`:
| Key | Value | | Key | Value |
|-------------------------------------------------------------------------|-----------------------------| |-------------------------------------------------------------------------|-----------------------------|
@ -299,7 +304,8 @@ When an atomic configuration change is required, you may write a new configurati
| `/traefik_configurations/2/backends/backend1/servers/server2/url` | `http://172.17.0.3:80` | | `/traefik_configurations/2/backends/backend1/servers/server2/url` | `http://172.17.0.3:80` |
| `/traefik_configurations/2/backends/backend1/servers/server2/weight` | `5` | | `/traefik_configurations/2/backends/backend1/servers/server2/weight` | `5` |
Once the `/traefik/alias` key is updated, the new `/traefik_configurations/2` configuration becomes active atomically. Here, we have a 50% balance between the `http://172.17.0.3:80` and the `http://172.17.0.4:80` hosts while no traffic is sent to the `172.17.0.2:80` host: Once the `/traefik/alias` key is updated, the new `/traefik_configurations/2` configuration becomes active atomically.
Here, we have a 50% balance between the `http://172.17.0.3:80` and the `http://172.17.0.4:80` hosts while no traffic is sent to the `172.17.0.2:80` host:
| Key | Value | | Key | Value |
|-------------------------------------------------------------------------|-----------------------------| |-------------------------------------------------------------------------|-----------------------------|
@ -320,7 +326,7 @@ Don't forget to [setup the connection between Træfik and Key-value store](/user
The static Træfik configuration in a key-value store can be automatically created and updated, using the [`storeconfig` subcommand](/basics/#commands). The static Træfik configuration in a key-value store can be automatically created and updated, using the [`storeconfig` subcommand](/basics/#commands).
```bash ```bash
$ traefik storeconfig [flags] ... traefik storeconfig [flags] ...
``` ```
This command is here only to automate the [process which upload the configuration into the Key-value store](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store). This command is here only to automate the [process which upload the configuration into the Key-value store](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store).
Træfik will not start but the [static configuration](/basics/#static-trfk-configuration) will be uploaded into the Key-value store. Træfik will not start but the [static configuration](/basics/#static-trfk-configuration) will be uploaded into the Key-value store.

View file

@ -1,8 +1,6 @@
# Docker Swarm (mode) cluster # Docker Swarm (mode) cluster
This section explains how to create a multi-host docker cluster with This section explains how to create a multi-host docker cluster with swarm mode using [docker-machine](https://docs.docker.com/machine) and how to deploy Træfik on it.
swarm mode using [docker-machine](https://docs.docker.com/machine) and
how to deploy Træfik on it.
The cluster consists of: The cluster consists of:
@ -59,6 +57,8 @@ Let's validate the cluster is up and running.
```shell ```shell
docker-machine ssh manager docker node ls docker-machine ssh manager docker node ls
```
```
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
2a770ov9vixeadep674265u1n worker1 Ready Active 2a770ov9vixeadep674265u1n worker1 Ready Active
dbi3or4q8ii8elbws70g4hkdh * manager Ready Active Leader dbi3or4q8ii8elbws70g4hkdh * manager Ready Active Leader
@ -129,6 +129,8 @@ Check that everything is scheduled and started:
```shell ```shell
docker-machine ssh manager "docker service ls" docker-machine ssh manager "docker service ls"
```
```
ID NAME REPLICAS IMAGE COMMAND ID NAME REPLICAS IMAGE COMMAND
ab046gpaqtln whoami0 1/1 emilevauge/whoami ab046gpaqtln whoami0 1/1 emilevauge/whoami
cgfg5ifzrpgm whoami1 1/1 emilevauge/whoami cgfg5ifzrpgm whoami1 1/1 emilevauge/whoami
@ -139,6 +141,8 @@ dtpl249tfghc traefik 1/1 traefik --docker --docker.swarmmode
```shell ```shell
curl -H Host:whoami0.traefik http://$(docker-machine ip manager) curl -H Host:whoami0.traefik http://$(docker-machine ip manager)
```
```yaml
Hostname: 8147a7746e7a Hostname: 8147a7746e7a
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -155,8 +159,11 @@ X-Forwarded-For: 192.168.99.1
X-Forwarded-Host: 10.0.9.3:80 X-Forwarded-Host: 10.0.9.3:80
X-Forwarded-Proto: http X-Forwarded-Proto: http
X-Forwarded-Server: 8fbc39271b4c X-Forwarded-Server: 8fbc39271b4c
```
```shell
curl -H Host:whoami1.traefik http://$(docker-machine ip manager) curl -H Host:whoami1.traefik http://$(docker-machine ip manager)
```
```yaml
Hostname: ba2c21488299 Hostname: ba2c21488299
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -179,6 +186,8 @@ Note that as Træfik is published, you can access it from any machine and not on
```shell ```shell
curl -H Host:whoami0.traefik http://$(docker-machine ip worker1) curl -H Host:whoami0.traefik http://$(docker-machine ip worker1)
```
```yaml
Hostname: 8147a7746e7a Hostname: 8147a7746e7a
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -195,8 +204,11 @@ X-Forwarded-For: 192.168.99.1
X-Forwarded-Host: 10.0.9.3:80 X-Forwarded-Host: 10.0.9.3:80
X-Forwarded-Proto: http X-Forwarded-Proto: http
X-Forwarded-Server: 8fbc39271b4c X-Forwarded-Server: 8fbc39271b4c
```
```shell
curl -H Host:whoami1.traefik http://$(docker-machine ip worker2) curl -H Host:whoami1.traefik http://$(docker-machine ip worker2)
```
```yaml
Hostname: ba2c21488299 Hostname: ba2c21488299
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -228,6 +240,8 @@ Check that we now have 5 replicas of each `whoami` service:
```shell ```shell
docker-machine ssh manager "docker service ls" docker-machine ssh manager "docker service ls"
```
```
ID NAME REPLICAS IMAGE COMMAND ID NAME REPLICAS IMAGE COMMAND
ab046gpaqtln whoami0 5/5 emilevauge/whoami ab046gpaqtln whoami0 5/5 emilevauge/whoami
cgfg5ifzrpgm whoami1 5/5 emilevauge/whoami cgfg5ifzrpgm whoami1 5/5 emilevauge/whoami
@ -239,6 +253,9 @@ Repeat the following command multiple times and note that the Hostname changes e
```shell ```shell
curl -H Host:whoami0.traefik http://$(docker-machine ip manager) curl -H Host:whoami0.traefik http://$(docker-machine ip manager)
```
```yaml
Hostname: 8147a7746e7a Hostname: 8147a7746e7a
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -261,6 +278,9 @@ Do the same against whoami1:
```shell ```shell
curl -H Host:whoami1.traefik http://$(docker-machine ip manager) curl -H Host:whoami1.traefik http://$(docker-machine ip manager)
```
```yaml
Hostname: ba2c21488299 Hostname: ba2c21488299
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -278,17 +298,16 @@ X-Forwarded-Host: 10.0.9.4:80
X-Forwarded-Proto: http X-Forwarded-Proto: http
X-Forwarded-Server: 8fbc39271b4c X-Forwarded-Server: 8fbc39271b4c
``` ```
Wait, I thought we added the sticky flag to whoami1? Traefik relies on a cookie to maintain stickyness so you'll need to test this with a browser. Wait, I thought we added the sticky flag to `whoami1`? Traefik relies on a cookie to maintain stickyness so you'll need to test this with a browser.
First you need to add whoami1.traefik to your hosts file: First you need to add `whoami1.traefik` to your hosts file:
```ssh ```shell
if [ -n "$(grep whoami1.traefik /etc/hosts)" ]; if [ -n "$(grep whoami1.traefik /etc/hosts)" ];
then then
echo "whoami1.traefik already exists (make sure the ip is current)"; echo "whoami1.traefik already exists (make sure the ip is current)";
else else
sudo -- sh -c -e "echo '$(docker-machine ip manager)\twhoami1.traefik' sudo -- sh -c -e "echo '$(docker-machine ip manager)\twhoami1.traefik' >> /etc/hosts";
>> /etc/hosts";
fi fi
``` ```

View file

@ -120,6 +120,8 @@ Check that everything is started:
```shell ```shell
docker ps docker ps
```
```
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ba2c21488299 emilevauge/whoami "/whoamI" 8 seconds ago Up 9 seconds 80/tcp mhs-demo1/whoami1 ba2c21488299 emilevauge/whoami "/whoamI" 8 seconds ago Up 9 seconds 80/tcp mhs-demo1/whoami1
8147a7746e7a emilevauge/whoami "/whoamI" 19 seconds ago Up 20 seconds 80/tcp mhs-demo0/whoami0 8147a7746e7a emilevauge/whoami "/whoamI" 19 seconds ago Up 20 seconds 80/tcp mhs-demo0/whoami0
@ -130,6 +132,8 @@ ba2c21488299 emilevauge/whoami "/whoamI" 8 seconds ago
```shell ```shell
curl -H Host:whoami0.traefik http://$(docker-machine ip mhs-demo0) curl -H Host:whoami0.traefik http://$(docker-machine ip mhs-demo0)
```
```yaml
Hostname: 8147a7746e7a Hostname: 8147a7746e7a
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1
@ -146,8 +150,12 @@ X-Forwarded-For: 192.168.99.1
X-Forwarded-Host: 10.0.9.3:80 X-Forwarded-Host: 10.0.9.3:80
X-Forwarded-Proto: http X-Forwarded-Proto: http
X-Forwarded-Server: 8fbc39271b4c X-Forwarded-Server: 8fbc39271b4c
```
```shell
curl -H Host:whoami1.traefik http://$(docker-machine ip mhs-demo0) curl -H Host:whoami1.traefik http://$(docker-machine ip mhs-demo0)
```
```yaml
Hostname: ba2c21488299 Hostname: ba2c21488299
IP: 127.0.0.1 IP: 127.0.0.1
IP: ::1 IP: ::1

View file

@ -32,17 +32,26 @@ extra:
i18n: i18n:
prev: 'Previous' prev: 'Previous'
next: 'Next' next: 'Next'
# version: 0.2.2 # Comment because the call of the CDN is very slow.
# author: # social:
# twitter: traefikproxy # - type: 'github'
# link: 'https://github.com/containous/traefik'
# - type: 'stack-overflow'
# link: 'https://stackoverflow.com/questions/tagged/traefik'
# - type: 'slack'
# link: 'https://traefik.herokuapp.com'
# - type: 'twitter'
# link: 'https://twitter.com/traefikproxy'
theme_dir: docs/theme/
extra_css: extra_css:
- styles/extra.css - theme/styles/extra.css
- styles/atom-one-light.css - theme/styles/atom-one-light.css
extra_javascript: extra_javascript:
- js/hljs/highlight.pack.js - theme/js/hljs/highlight.pack.js
- js/extra.js - theme/js/extra.js
markdown_extensions: markdown_extensions:
- admonition - admonition
@ -55,22 +64,23 @@ pages:
- Basics: basics.md - Basics: basics.md
- Configuration: - Configuration:
- 'Commons': 'configuration/commons.md' - 'Commons': 'configuration/commons.md'
- 'EntryPoints': 'configuration/entrypoints.md'
- 'Let''s Encrypt': 'configuration/acme.md' - 'Let''s Encrypt': 'configuration/acme.md'
- 'Web Backend': 'configuration/backends/web.md' - 'Backend: Web': 'configuration/backends/web.md'
- 'BoltDB Backend': 'configuration/backends/boltdb.md' - 'Backend: BoltDB': 'configuration/backends/boltdb.md'
- 'Consul Backend': 'configuration/backends/consul.md' - 'Backend: Consul': 'configuration/backends/consul.md'
- 'Docker Backend': 'configuration/backends/docker.md' - 'Backend: Docker': 'configuration/backends/docker.md'
- 'DynamoDB Backend': 'configuration/backends/dynamodb.md' - 'Backend: DynamoDB': 'configuration/backends/dynamodb.md'
- 'ECS Backend': 'configuration/backends/ecs.md' - 'Backend: ECS': 'configuration/backends/ecs.md'
- 'Etcd Backend': 'configuration/backends/etcd.md' - 'Backend: Etcd': 'configuration/backends/etcd.md'
- 'Eureka Backend': 'configuration/backends/eureka.md' - 'Backend: Eureka': 'configuration/backends/eureka.md'
- 'File Backend': 'configuration/backends/file.md' - 'Backend: File': 'configuration/backends/file.md'
- 'Kubernetes Ingress Backend': 'configuration/backends/kubernetes.md' - 'Backend: Kubernetes Ingress': 'configuration/backends/kubernetes.md'
- 'Marathon Backend': 'configuration/backends/marathon.md' - 'Backend: Marathon': 'configuration/backends/marathon.md'
- 'Mesos Backend': 'configuration/backends/mesos.md' - 'Backend: Mesos': 'configuration/backends/mesos.md'
- 'Rancher Backend': 'configuration/backends/rancher.md' - 'Backend: Rancher': 'configuration/backends/rancher.md'
- 'Zookeeper Backend': 'configuration/backends/zookeeper.md' - 'Backend: Zookeeper': 'configuration/backends/zookeeper.md'
- User Guide: - User Guides:
- 'Configuration Examples': 'user-guide/examples.md' - 'Configuration Examples': 'user-guide/examples.md'
- 'Swarm Cluster': 'user-guide/swarm.md' - 'Swarm Cluster': 'user-guide/swarm.md'
- 'Swarm Mode Cluster': 'user-guide/swarm-mode.md' - 'Swarm Mode Cluster': 'user-guide/swarm-mode.md'
@ -78,5 +88,5 @@ pages:
- 'Marathon': 'user-guide/marathon.md' - 'Marathon': 'user-guide/marathon.md'
- 'Key-value Store Configuration': 'user-guide/kv-config.md' - 'Key-value Store Configuration': 'user-guide/kv-config.md'
- 'Clustering/HA': 'user-guide/cluster.md' - 'Clustering/HA': 'user-guide/cluster.md'
- 'Getting Started with Docker & Lets Encrypt': 'user-guide/getting-started-with-docker-and-lets-encrypt.md' - 'Let''s Encrypt & Docker': 'user-guide/docker-and-lets-encrypt.md'
- Benchmarks: benchmarks.md - Benchmarks: benchmarks.md