Improve documentation.

This commit is contained in:
Ludovic Fernandez 2020-02-17 11:04:04 +01:00 committed by GitHub
parent d501c0786f
commit beec65938e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
26 changed files with 374 additions and 185 deletions

View file

@ -408,13 +408,13 @@ func stats(staticConfiguration *static.Configuration) {
logger.Info(`Stats collection is enabled.`) logger.Info(`Stats collection is enabled.`)
logger.Info(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`) logger.Info(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
logger.Info(`Help us improve Traefik by leaving this feature on :)`) logger.Info(`Help us improve Traefik by leaving this feature on :)`)
logger.Info(`More details on: https://docs.traefik.io/v2.0/contributing/data-collection/`) logger.Info(`More details on: https://docs.traefik.io/contributing/data-collection/`)
collect(staticConfiguration) collect(staticConfiguration)
} else { } else {
logger.Info(` logger.Info(`
Stats collection is disabled. Stats collection is disabled.
Help us improve Traefik by turning this feature on :) Help us improve Traefik by turning this feature on :)
More details on: https://docs.traefik.io/v2.0/contributing/data-collection/ More details on: https://docs.traefik.io/contributing/data-collection/
`) `)
} }
} }

View file

@ -74,7 +74,7 @@ traefik --help
# or # or
docker run traefik[:version] --help docker run traefik[:version] --help
# ex: docker run traefik:2.0 --help # ex: docker run traefik:2.1 --help
``` ```
All available arguments can also be found [here](../reference/static-configuration/cli.md). All available arguments can also be found [here](../reference/static-configuration/cli.md).

View file

@ -9,11 +9,11 @@ You can install Traefik with the following flavors:
## Use the Official Docker Image ## Use the Official Docker Image
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.0/traefik.sample.toml): Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.1/traefik.sample.toml):
```bash ```bash
docker run -d -p 8080:8080 -p 80:80 \ docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.0 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.1
``` ```
For more details, go to the [Docker provider documentation](../providers/docker.md) For more details, go to the [Docker provider documentation](../providers/docker.md)
@ -21,7 +21,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip !!! tip
* Prefer a fixed version than the latest that could be an unexpected version. * Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v2.0.0` ex: `traefik:v2.1.4`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine). * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image. * Any orchestrator using docker images can fetch the official Traefik docker image.

View file

@ -14,8 +14,8 @@ version: '3'
services: services:
reverse-proxy: reverse-proxy:
# The official v2.0 Traefik docker image # The official v2 Traefik docker image
image: traefik:v2.0 image: traefik:v2.1
# Enables the web UI and tells Traefik to listen to docker # Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker command: --api.insecure=true --providers.docker
ports: ports:

View file

@ -23,6 +23,25 @@ Certificates are requested for domain names retrieved from the router's [dynamic
You can read more about this retrieval mechanism in the following section: [ACME Domain Definition](#domain-definition). You can read more about this retrieval mechanism in the following section: [ACME Domain Definition](#domain-definition).
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? note "Configuration Reference"
There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference:
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml"
```
```bash tab="CLI"
--8<-- "content/https/ref-acme.txt"
```
## Domain Definition ## Domain Definition
Certificate resolvers request certificates for a set of the domain names Certificate resolvers request certificates for a set of the domain names
@ -59,10 +78,10 @@ Please check the [configuration examples below](#configuration-examples) for mor
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[certificatesResolvers.le.acme] [certificatesResolvers.myresolver.acme]
email = "your-email@your-domain.org" email = "your-email@your-domain.org"
storage = "acme.json" storage = "acme.json"
[certificatesResolvers.le.acme.httpChallenge] [certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge # used during the challenge
entryPoint = "web" entryPoint = "web"
``` ```
@ -76,7 +95,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
address: ":443" address: ":443"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
email: your-email@your-domain.org email: your-email@your-domain.org
storage: acme.json storage: acme.json
@ -89,31 +108,14 @@ Please check the [configuration examples below](#configuration-examples) for mor
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.websecure.address=:443 --entryPoints.websecure.address=:443
# ... # ...
--certificatesResolvers.le.acme.email=your-email@your-domain.org --certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
--certificatesResolvers.le.acme.storage=acme.json --certificatesResolvers.myresolver.acme.storage=acme.json
# used during the challenge # used during the challenge
--certificatesResolvers.le.acme.httpChallenge.entryPoint=web --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
``` ```
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it." !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? note "Configuration Reference"
There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference:
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml"
```
```bash tab="CLI"
--8<-- "content/https/ref-acme.txt"
```
??? example "Single Domain from Router's Rule Example" ??? example "Single Domain from Router's Rule Example"
* A certificate for the domain `company.com` is requested: * A certificate for the domain `company.com` is requested:
@ -164,14 +166,14 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
??? example "Configuring the `tlsChallenge`" ??? example "Configuring the `tlsChallenge`"
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[certificatesResolvers.le.acme] [certificatesResolvers.myresolver.acme]
# ... # ...
[certificatesResolvers.le.acme.tlsChallenge] [certificatesResolvers.myresolver.acme.tlsChallenge]
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
# ... # ...
tlsChallenge: {} tlsChallenge: {}
@ -179,7 +181,7 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesResolvers.le.acme.tlsChallenge=true --certificatesResolvers.myresolver.acme.tlsChallenge=true
``` ```
### `httpChallenge` ### `httpChallenge`
@ -187,7 +189,7 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning an HTTP resource under a well-known URI. Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning an HTTP resource under a well-known URI.
As described on the Let's Encrypt [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72), As described on the Let's Encrypt [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72),
when using the `HTTP-01` challenge, `certificatesResolvers.le.acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80. when using the `HTTP-01` challenge, `certificatesResolvers.myresolver.acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80.
??? example "Using an EntryPoint Called http for the `httpChallenge`" ??? example "Using an EntryPoint Called http for the `httpChallenge`"
@ -199,9 +201,9 @@ when using the `HTTP-01` challenge, `certificatesResolvers.le.acme.httpChallenge
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[certificatesResolvers.le.acme] [certificatesResolvers.myresolver.acme]
# ... # ...
[certificatesResolvers.le.acme.httpChallenge] [certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web" entryPoint = "web"
``` ```
@ -214,7 +216,7 @@ when using the `HTTP-01` challenge, `certificatesResolvers.le.acme.httpChallenge
address: ":443" address: ":443"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
# ... # ...
httpChallenge: httpChallenge:
@ -225,7 +227,7 @@ when using the `HTTP-01` challenge, `certificatesResolvers.le.acme.httpChallenge
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.websecure.address=:443 --entryPoints.websecure.address=:443
# ... # ...
--certificatesResolvers.le.acme.httpChallenge.entryPoint=web --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
``` ```
!!! info "" !!! info ""
@ -238,9 +240,9 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider" ??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[certificatesResolvers.le.acme] [certificatesResolvers.myresolver.acme]
# ... # ...
[certificatesResolvers.le.acme.dnsChallenge] [certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean" provider = "digitalocean"
delayBeforeCheck = 0 delayBeforeCheck = 0
# ... # ...
@ -248,7 +250,7 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
# ... # ...
dnsChallenge: dnsChallenge:
@ -259,8 +261,8 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesResolvers.le.acme.dnsChallenge.provider=digitalocean --certificatesResolvers.myresolver.acme.dnsChallenge.provider=digitalocean
--certificatesResolvers.le.acme.dnsChallenge.delayBeforeCheck=0 --certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=0
# ... # ...
``` ```
@ -358,16 +360,16 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
Use custom DNS servers to resolve the FQDN authority. Use custom DNS servers to resolve the FQDN authority.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[certificatesResolvers.le.acme] [certificatesResolvers.myresolver.acme]
# ... # ...
[certificatesResolvers.le.acme.dnsChallenge] [certificatesResolvers.myresolver.acme.dnsChallenge]
# ... # ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"] resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
# ... # ...
dnsChallenge: dnsChallenge:
@ -379,7 +381,7 @@ certificatesResolvers:
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesResolvers.le.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53 --certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
``` ```
#### Wildcard Domains #### Wildcard Domains
@ -394,7 +396,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
??? example "Using the Let's Encrypt staging server" ??? example "Using the Let's Encrypt staging server"
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[certificatesResolvers.le.acme] [certificatesResolvers.myresolver.acme]
# ... # ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ... # ...
@ -402,7 +404,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
# ... # ...
caServer: https://acme-staging-v02.api.letsencrypt.org/directory caServer: https://acme-staging-v02.api.letsencrypt.org/directory
@ -411,7 +413,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesResolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory --certificatesResolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# ... # ...
``` ```
@ -420,7 +422,7 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
The `storage` option sets the location where your ACME certificates are saved to. The `storage` option sets the location where your ACME certificates are saved to.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[certificatesResolvers.le.acme] [certificatesResolvers.myresolver.acme]
# ... # ...
storage = "acme.json" storage = "acme.json"
# ... # ...
@ -428,7 +430,7 @@ The `storage` option sets the location where your ACME certificates are saved to
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
# ... # ...
storage: acme.json storage: acme.json
@ -437,7 +439,7 @@ certificatesResolvers:
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesResolvers.le.acme.storage=acme.json --certificatesResolvers.myresolver.acme.storage=acme.json
# ... # ...
``` ```

View file

@ -4,7 +4,7 @@
labels: labels:
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`) - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=company.org - traefik.http.routers.blog.tls.domains[0].main=company.org
- traefik.http.routers.blog.tls.domains[0].sans=*.company.org - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
``` ```
@ -16,7 +16,7 @@ deploy:
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`) - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
- traefik.http.services.blog-svc.loadbalancer.server.port=8080" - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=company.org - traefik.http.routers.blog.tls.domains[0].main=company.org
- traefik.http.routers.blog.tls.domains[0].sans=*.company.org - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
``` ```
@ -36,14 +36,14 @@ spec:
- name: blog - name: blog
port: 8080 port: 8080
tls: tls:
certResolver: le certResolver: myresolver
``` ```
```json tab="Marathon" ```json tab="Marathon"
labels: { labels: {
"traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)", "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
"traefik.http.routers.blog.tls": "true", "traefik.http.routers.blog.tls": "true",
"traefik.http.routers.blog.tls.certresolver": "le", "traefik.http.routers.blog.tls.certresolver": "myresolver",
"traefik.http.routers.blog.tls.domains[0].main": "company.com", "traefik.http.routers.blog.tls.domains[0].main": "company.com",
"traefik.http.routers.blog.tls.domains[0].sans": "*.company.com", "traefik.http.routers.blog.tls.domains[0].sans": "*.company.com",
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080" "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
@ -55,7 +55,7 @@ labels: {
labels: labels:
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`) - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=company.org - traefik.http.routers.blog.tls.domains[0].main=company.org
- traefik.http.routers.blog.tls.domains[0].sans=*.company.org - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
``` ```
@ -66,7 +66,7 @@ labels:
[http.routers.blog] [http.routers.blog]
rule = "Host(`company.com`) && Path(`/blog`)" rule = "Host(`company.com`) && Path(`/blog`)"
[http.routers.blog.tls] [http.routers.blog.tls]
certResolver = "le" # From static configuration certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]] [[http.routers.blog.tls.domains]]
main = "company.org" main = "company.org"
sans = ["*.company.org"] sans = ["*.company.org"]
@ -79,7 +79,7 @@ http:
blog: blog:
rule: "Host(`company.com`) && Path(`/blog`)" rule: "Host(`company.com`) && Path(`/blog`)"
tls: tls:
certResolver: le certResolver: myresolver
domains: domains:
- main: "company.org" - main: "company.org"
sans: sans:

View file

@ -4,7 +4,7 @@
labels: labels:
- traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`) - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
``` ```
```yaml tab="Docker (Swarm)" ```yaml tab="Docker (Swarm)"
@ -13,7 +13,7 @@ deploy:
labels: labels:
- traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`) - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.services.blog-svc.loadbalancer.server.port=8080" - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
``` ```
@ -32,14 +32,14 @@ spec:
- name: blog - name: blog
port: 8080 port: 8080
tls: tls:
certresolver: le certresolver: myresolver
``` ```
```json tab="Marathon" ```json tab="Marathon"
labels: { labels: {
"traefik.http.routers.blog.rule": "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)", "traefik.http.routers.blog.rule": "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)",
"traefik.http.routers.blog.tls": "true", "traefik.http.routers.blog.tls": "true",
"traefik.http.routers.blog.tls.certresolver": "le", "traefik.http.routers.blog.tls.certresolver": "myresolver",
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080" "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
} }
``` ```
@ -49,7 +49,7 @@ labels: {
labels: labels:
- traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`) - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@ -58,7 +58,7 @@ labels:
[http.routers.blog] [http.routers.blog]
rule = "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)" rule = "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
[http.routers.blog.tls] [http.routers.blog.tls]
certResolver = "le" certResolver = "myresolver"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
@ -68,5 +68,5 @@ http:
blog: blog:
rule: "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)" rule: "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
tls: tls:
certResolver: le certResolver: myresolver
``` ```

View file

@ -4,7 +4,7 @@
labels: labels:
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`) - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
``` ```
```yaml tab="Docker (Swarm)" ```yaml tab="Docker (Swarm)"
@ -13,7 +13,7 @@ deploy:
labels: labels:
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`) - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.services.blog-svc.loadbalancer.server.port=8080" - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
``` ```
@ -32,14 +32,14 @@ spec:
- name: blog - name: blog
port: 8080 port: 8080
tls: tls:
certresolver: le certresolver: myresolver
``` ```
```json tab="Marathon" ```json tab="Marathon"
labels: { labels: {
"traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)", "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
"traefik.http.routers.blog.tls": "true", "traefik.http.routers.blog.tls": "true",
"traefik.http.routers.blog.tls.certresolver": "le", "traefik.http.routers.blog.tls.certresolver": "myresolver",
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080" "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
} }
``` ```
@ -49,7 +49,7 @@ labels: {
labels: labels:
- traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`) - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true - traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=le - traefik.http.routers.blog.tls.certresolver=myresolver
``` ```
```toml tab="Single Domain" ```toml tab="Single Domain"
@ -58,7 +58,7 @@ labels:
[http.routers.blog] [http.routers.blog]
rule = "Host(`company.com`) && Path(`/blog`)" rule = "Host(`company.com`) && Path(`/blog`)"
[http.routers.blog.tls] [http.routers.blog.tls]
certResolver = "le" certResolver = "myresolver"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
@ -68,5 +68,5 @@ http:
blog: blog:
rule: "Host(`company.com`) && Path(`/blog`)" rule: "Host(`company.com`) && Path(`/blog`)"
tls: tls:
certResolver: le certResolver: myresolver
``` ```

View file

@ -1,5 +1,5 @@
# Enable ACME (Let's Encrypt): automatic SSL. # Enable ACME (Let's Encrypt): automatic SSL.
[certificatesResolvers.sample.acme] [certificatesResolvers.myresolver.acme]
# Email address used for registration. # Email address used for registration.
# #
@ -35,13 +35,13 @@
# #
# Optional (but recommended) # Optional (but recommended)
# #
[certificatesResolvers.le.acme.tlsChallenge] [certificatesResolvers.myresolver.acme.tlsChallenge]
# Use a HTTP-01 ACME challenge. # Use a HTTP-01 ACME challenge.
# #
# Optional # Optional
# #
# [certificatesResolvers.le.acme.httpChallenge] # [certificatesResolvers.myresolver.acme.httpChallenge]
# EntryPoint to use for the HTTP-01 challenges. # EntryPoint to use for the HTTP-01 challenges.
# #
@ -54,7 +54,7 @@
# #
# Optional # Optional
# #
# [certificatesResolvers.le.acme.dnsChallenge] # [certificatesResolvers.myresolver.acme.dnsChallenge]
# DNS provider used. # DNS provider used.
# #

View file

@ -4,13 +4,13 @@
# #
# Required # Required
# #
--certificatesResolvers.le.acme.email=test@traefik.io --certificatesResolvers.myresolver.acme.email=test@traefik.io
# File or key used for certificates storage. # File or key used for certificates storage.
# #
# Required # Required
# #
--certificatesResolvers.le.acme.storage=acme.json --certificatesResolvers.myresolver.acme.storage=acme.json
# CA server to use. # CA server to use.
# Uncomment the line to use Let's Encrypt's staging server, # Uncomment the line to use Let's Encrypt's staging server,
@ -19,7 +19,7 @@
# Optional # Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory" # Default: "https://acme-v02.api.letsencrypt.org/directory"
# #
--certificatesResolvers.le.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory --certificatesResolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
# KeyType to use. # KeyType to use.
# #
@ -28,38 +28,38 @@
# #
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192" # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
# #
--certificatesResolvers.le.acme.keyType=RSA4096 --certificatesResolvers.myresolver.acme.keyType=RSA4096
# Use a TLS-ALPN-01 ACME challenge. # Use a TLS-ALPN-01 ACME challenge.
# #
# Optional (but recommended) # Optional (but recommended)
# #
--certificatesResolvers.le.acme.tlsChallenge=true --certificatesResolvers.myresolver.acme.tlsChallenge=true
# Use a HTTP-01 ACME challenge. # Use a HTTP-01 ACME challenge.
# #
# Optional # Optional
# #
--certificatesResolvers.le.acme.httpChallenge=true --certificatesResolvers.myresolver.acme.httpChallenge=true
# EntryPoint to use for the HTTP-01 challenges. # EntryPoint to use for the HTTP-01 challenges.
# #
# Required # Required
# #
--certificatesResolvers.le.acme.httpChallenge.entryPoint=web --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge. # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation. # Note: mandatory for wildcard certificate generation.
# #
# Optional # Optional
# #
--certificatesResolvers.le.acme.dnsChallenge=true --certificatesResolvers.myresolver.acme.dnsChallenge=true
# DNS provider used. # DNS provider used.
# #
# Required # Required
# #
--certificatesResolvers.le.acme.dnsChallenge.provider=digitalocean --certificatesResolvers.myresolver.acme.dnsChallenge.provider=digitalocean
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify. # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds. # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
@ -68,14 +68,14 @@
# Optional # Optional
# Default: 0 # Default: 0
# #
--certificatesResolvers.le.acme.dnsChallenge.delayBeforeCheck=0 --certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=0
# Use following DNS servers to resolve the FQDN authority. # Use following DNS servers to resolve the FQDN authority.
# #
# Optional # Optional
# Default: empty # Default: empty
# #
--certificatesResolvers.le.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53 --certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
# #
@ -85,4 +85,4 @@
# Optional # Optional
# Default: false # Default: false
# #
--certificatesResolvers.le.acme.dnsChallenge.disablePropagationCheck=true --certificatesResolvers.myresolver.acme.dnsChallenge.disablePropagationCheck=true

View file

@ -1,5 +1,5 @@
certificatesResolvers: certificatesResolvers:
le: myresolver:
# Enable ACME (Let's Encrypt): automatic SSL. # Enable ACME (Let's Encrypt): automatic SSL.
acme: acme:

View file

@ -11,6 +11,132 @@ RedirectScheme redirect request from a scheme to another.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker"
# Redirect to https
labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```yaml tab="Kubernetes"
# Redirect to https
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-redirectscheme
spec:
redirectScheme:
scheme: https
permanent: true
```
```yaml tab="Consul Catalog"
# Redirect to https
labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme": "https"
"traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent": "true"
}
```
```yaml tab="Rancher"
# Redirect to https
labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
permanent = true
```
```yaml tab="File (YAML)"
# Redirect to https
http:
middlewares:
test-redirectscheme:
redirectScheme:
scheme: https
permanent: true
```
## Configuration Options
### `permanent`
Set the `permanent` option to `true` to apply a permanent redirection.
```yaml tab="Docker"
# Redirect to https
labels:
# ...
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```yaml tab="Kubernetes"
# Redirect to https
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-redirectscheme
spec:
redirectScheme:
# ...
permanent: true
```
```yaml tab="Consul Catalog"
# Redirect to https
labels:
# ...
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent": "true"
}
```
```yaml tab="Rancher"
# Redirect to https
labels:
# ...
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
permanent = true
```
```yaml tab="File (YAML)"
# Redirect to https
http:
middlewares:
test-redirectscheme:
redirectScheme:
# ...
permanent: true
```
### `scheme`
The `scheme` option defines the scheme of the new url.
```yaml tab="Docker" ```yaml tab="Docker"
# Redirect to https # Redirect to https
labels: labels:
@ -31,7 +157,7 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Redirect to https # Redirect to https
labels: labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
``` ```
```json tab="Marathon" ```json tab="Marathon"
@ -62,16 +188,64 @@ http:
scheme: https scheme: https
``` ```
## Configuration Options
### `permanent`
Set the `permanent` option to `true` to apply a permanent redirection.
### `scheme`
The `scheme` option defines the scheme of the new url.
### `port` ### `port`
The `port` option defines the port of the new url. The `port` option defines the port of the new url.
```yaml tab="Docker"
# Redirect to https
labels:
# ...
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
```
```yaml tab="Kubernetes"
# Redirect to https
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-redirectscheme
spec:
redirectScheme:
# ...
port: 443
```
```yaml tab="Consul Catalog"
# Redirect to https
labels:
# ...
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-redirectscheme.redirectscheme.port": "443"
}
```
```yaml tab="Rancher"
# Redirect to https
labels:
# ...
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
port = 443
```
```yaml tab="File (YAML)"
# Redirect to https
http:
middlewares:
test-redirectscheme:
redirectScheme:
# ...
port: 443
```

View file

@ -681,7 +681,7 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
With the new core notions of v2 (introduced earlier in the section With the new core notions of v2 (introduced earlier in the section
["Frontends and Backends Are Dead... Long Live Routers, Middlewares, and Services"](#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services)), ["Frontends and Backends Are Dead... Long Live Routers, Middlewares, and Services"](#frontends-and-backends-are-dead-long-live-routers-middlewares-and-services)),
transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md), transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
after the routing step with [router rule `PathPrefix`](https://docs.traefik.io/v2.0/routing/routers/#rule). after the routing step with [router rule `PathPrefix`](../routing/routers/index.md#rule).
Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin", Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin",
with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must: with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:
@ -826,7 +826,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
entryPoint = "webs" entryPoint = "webs"
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.https.tls] [entryPoints.websecure.tls]
[acme] [acme]
email = "your-email-here@my-awesome-app.org" email = "your-email-here@my-awesome-app.org"
@ -859,10 +859,10 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[certificatesResolvers.sample.acme] [certificatesResolvers.myresolver.acme]
email = "your-email@your-domain.org" email = "your-email@your-domain.org"
storage = "acme.json" storage = "acme.json"
[certificatesResolvers.sample.acme.httpChallenge] [certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge # used during the challenge
entryPoint = "web" entryPoint = "web"
``` ```
@ -876,7 +876,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
address: ":443" address: ":443"
certificatesResolvers: certificatesResolvers:
sample: myresolver:
acme: acme:
email: your-email@your-domain.org email: your-email@your-domain.org
storage: acme.json storage: acme.json
@ -888,9 +888,9 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
```bash tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.websecure.address=:443 --entryPoints.websecure.address=:443
--certificatesResolvers.sample.acme.email=your-email@your-domain.org --certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
--certificatesResolvers.sample.acme.storage=acme.json --certificatesResolvers.myresolver.acme.storage=acme.json
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
``` ```
## Traefik Logs ## Traefik Logs

View file

@ -246,7 +246,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
services: services:
traefik: traefik:
image: traefik:v2.0 # The official v2.0 Traefik docker image image: traefik:v2.1 # The official v2 Traefik docker image
ports: ports:
- "80:80" - "80:80"
volumes: volumes:

View file

@ -23,7 +23,9 @@ providers:
--providers.kubernetesingress=true --providers.kubernetesingress=true
``` ```
The provider then watches for incoming ingresses events, such as the example below, and derives the corresponding dynamic configuration from it, which in turn will create the resulting routers, services, handlers, etc. The provider then watches for incoming ingresses events, such as the example below,
and derives the corresponding dynamic configuration from it,
which in turn will create the resulting routers, services, handlers, etc.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
kind: Ingress kind: Ingress
@ -49,17 +51,26 @@ spec:
## LetsEncrypt Support with the Ingress Provider ## LetsEncrypt Support with the Ingress Provider
By design, Traefik is a stateless application, meaning that it only derives its configuration from the environment it runs in, without additional configuration. By design, Traefik is a stateless application,
For this reason, users can run multiple instances of Traefik at the same time to achieve HA, as is a common pattern in the kubernetes ecosystem. meaning that it only derives its configuration from the environment it runs in,
without additional configuration.
For this reason, users can run multiple instances of Traefik at the same time to achieve HA,
as is a common pattern in the kubernetes ecosystem.
When using a single instance of Traefik with LetsEncrypt, no issues should be encountered, however this could be a single point of failure. When using a single instance of Traefik with LetsEncrypt, no issues should be encountered,
Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled, because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses. however this could be a single point of failure.
Previous versions of Traefik used a [KV store](https://docs.traefik.io/v1.7/configuration/acme/#storage) to attempt to achieve this, but due to sub-optimal performance was dropped as a feature in 2.0. Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled,
because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses.
Previous versions of Traefik used a [KV store](https://docs.traefik.io/v1.7/configuration/acme/#storage) to attempt to achieve this,
but due to sub-optimal performance was dropped as a feature in 2.0.
If you require LetsEncrypt with HA in a kubernetes environment, we recommend using [TraefikEE](https://containo.us/traefikee/) where distributed LetsEncrypt is a supported feature. If you require LetsEncrypt with HA in a kubernetes environment,
we recommend using [TraefikEE](https://containo.us/traefikee/) where distributed LetsEncrypt is a supported feature.
If you are wanting to continue to run Traefik Community Edition, LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html). If you are wanting to continue to run Traefik Community Edition,
When using Cert-Manager to manage certificates, it will create secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls). LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
When using Cert-Manager to manage certificates,
it will create secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
## Provider Configuration ## Provider Configuration
@ -93,7 +104,8 @@ They are both provided automatically as mounts in the pod where Traefik is deplo
When the environment variables are not found, Traefik tries to connect to the Kubernetes API server with an external-cluster client. When the environment variables are not found, Traefik tries to connect to the Kubernetes API server with an external-cluster client.
In which case, the endpoint is required. In which case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication
and authorization of the associated kubeconfig.
### `token` ### `token`
@ -339,4 +351,5 @@ providers:
## Further ## Further
If one wants to know more about the various aspects of the Ingress spec that Traefik supports, many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository. If one wants to know more about the various aspects of the Ingress spec that Traefik supports,
many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

View file

@ -26,19 +26,19 @@ spec:
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.0 image: traefik:v2.1
args: args:
- --api.insecure - --api.insecure
- --accesslog - --accesslog
- --entrypoints.web.Address=:8000 - --entrypoints.web.Address=:8000
- --entrypoints.websecure.Address=:4443 - --entrypoints.websecure.Address=:4443
- --providers.kubernetescrd - --providers.kubernetescrd
- --certificatesresolvers.default.acme.tlschallenge - --certificatesresolvers.myresolver.acme.tlschallenge
- --certificatesresolvers.default.acme.email=foo@you.com - --certificatesresolvers.myresolver.acme.email=foo@you.com
- --certificatesresolvers.default.acme.storage=acme.json - --certificatesresolvers.myresolver.acme.storage=acme.json
# Please note that this is the staging Let's Encrypt server. # Please note that this is the staging Let's Encrypt server.
# Once you get things working, you should remove that whole line altogether. # Once you get things working, you should remove that whole line altogether.
- --certificatesresolvers.default.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
ports: ports:
- name: web - name: web
containerPort: 8000 containerPort: 8000

View file

@ -29,4 +29,4 @@ spec:
- name: whoami - name: whoami
port: 80 port: 80
tls: tls:
certResolver: default certResolver: myresolver

View file

@ -26,5 +26,5 @@ node:
- K3S_CLUSTER_SECRET=somethingtotallyrandom - K3S_CLUSTER_SECRET=somethingtotallyrandom
volumes: volumes:
# this is where you would place a alternative traefik image (saved as a .tar file with # this is where you would place a alternative traefik image (saved as a .tar file with
# 'docker save'), if you want to use it, instead of the traefik:v2.0 image. # 'docker save'), if you want to use it, instead of the traefik:v2.1 image.
- /sowewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images - /sowewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.0.0-rc3" image: "traefik:v2.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
@ -12,11 +12,11 @@ services:
- "--providers.docker.exposedbydefault=false" - "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80" - "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true" - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh" - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com" - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
@ -37,4 +37,4 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)" - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge" - "traefik.http.routers.whoami.tls.certresolver=myresolver"

View file

@ -13,7 +13,7 @@ secrets:
services: services:
traefik: traefik:
image: "traefik:v2.0.0-rc3" image: "traefik:v2.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
@ -22,11 +22,11 @@ services:
- "--providers.docker.exposedbydefault=false" - "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80" - "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true" - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh" - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com" - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
@ -52,4 +52,4 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)" - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge" - "traefik.http.routers.whoami.tls.certresolver=myresolver"

View file

@ -7,7 +7,7 @@ Please also read the [basic example](../basic-example) for details on how to exp
For the DNS challenge, you'll need: For the DNS challenge, you'll need:
- A working [provider](https://docs.traefik.io/v2.0/https/acme/#providers) along with the credentials allowing to create and remove DNS records. - A working [provider](../../../https/acme.md#providers) along with the credentials allowing to create and remove DNS records.
!!! info "Variables may vary depending on the Provider." !!! info "Variables may vary depending on the Provider."
Please note this guide may vary depending on the provider you use. Please note this guide may vary depending on the provider you use.
@ -32,13 +32,13 @@ For the DNS challenge, you'll need:
- "OVH_CONSUMER_KEY=[YOUR_OWN_VALUE]" - "OVH_CONSUMER_KEY=[YOUR_OWN_VALUE]"
``` ```
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.mydnschallenge.acme.email` command line argument of the `traefik` service. - Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service. - Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
- Optionally uncomment the following lines if you want to test/debug: - Optionally uncomment the following lines if you want to test/debug:
```yaml ```yaml
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
#- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
``` ```
- Run `docker-compose up -d` within the folder where you created the previous file. - Run `docker-compose up -d` within the folder where you created the previous file.
@ -68,12 +68,12 @@ ports:
```yaml ```yaml
command: command:
# Enable a dns challenge named "mydnschallenge" # Enable a dns challenge named "myresolver"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true" - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
# Tell which provider to use # Tell which provider to use
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=ovh" - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
# The email to provide to let's encrypt # The email to provide to let's encrypt
- "--certificatesresolvers.mydnschallenge.acme.email=postmaster@mydomain.com" - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
``` ```
- We provide the required configuration to our provider via environment variables: - We provide the required configuration to our provider via environment variables:
@ -101,14 +101,14 @@ volumes:
command: command:
# Tell to store the certificate on a path under our volume # Tell to store the certificate on a path under our volume
- "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
``` ```
- We configure the `whoami` service to tell Traefik to use the certificate resolver named `mydnschallenge` we just configured: - We configure the `whoami` service to tell Traefik to use the certificate resolver named `myresolver` we just configured:
```yaml ```yaml
labels: labels:
- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge" # Uses the Host rule to define which certificate to issue - "traefik.http.routers.whoami.tls.certresolver=myresolver" # Uses the Host rule to define which certificate to issue
``` ```
## Use Secrets ## Use Secrets

View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.0.0-rc3" image: "traefik:v2.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
@ -12,11 +12,11 @@ services:
- "--providers.docker.exposedbydefault=false" - "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80" - "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myhttpchallenge.acme.email=postmaster@mydomain.com" - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
@ -32,4 +32,4 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)" - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myhttpchallenge" - "traefik.http.routers.whoami.tls.certresolver=myresolver"

View file

@ -18,13 +18,13 @@ For the HTTP challenge you will need:
--8<-- "content/user-guides/docker-compose/acme-http/docker-compose.yml" --8<-- "content/user-guides/docker-compose/acme-http/docker-compose.yml"
``` ```
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myhttpchallenge.acme.email` command line argument of the `traefik` service. - Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service. - Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
- Optionally uncomment the following lines if you want to test/debug: - Optionally uncomment the following lines if you want to test/debug:
```yaml ```yaml
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
#- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
``` ```
- Run `docker-compose up -d` within the folder where you created the previous file. - Run `docker-compose up -d` within the folder where you created the previous file.
@ -54,12 +54,12 @@ ports:
```yaml ```yaml
command: command:
# Enable a http challenge named "myhttpchallenge" # Enable a http challenge named "myresolver"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge=true" - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
# Tell it to use our predefined entrypoint named "web" # Tell it to use our predefined entrypoint named "web"
- "--certificatesresolvers.myhttpchallenge.acme.httpchallenge.entrypoint=web" - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
# The email to provide to let's encrypt # The email to provide to let's encrypt
- "--certificatesresolvers.myhttpchallenge.acme.email=postmaster@mydomain.com" - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
``` ```
- We add a volume to store our certificates: - We add a volume to store our certificates:
@ -71,13 +71,13 @@ volumes:
command: command:
# Tell to store the certificate on a path under our volume # Tell to store the certificate on a path under our volume
- "--certificatesresolvers.myhttpchallenge.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
``` ```
- We configure the `whoami` service to tell Traefik to use the certificate resolver named `myhttpchallenge` we just configured: - We configure the `whoami` service to tell Traefik to use the certificate resolver named `myresolver` we just configured:
```yaml ```yaml
labels: labels:
# Uses the Host rule to define which certificate to issue # Uses the Host rule to define which certificate to issue
- "traefik.http.routers.whoami.tls.certresolver=myhttpchallenge" - "traefik.http.routers.whoami.tls.certresolver=myresolver"
``` ```

View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.0.0-rc3" image: "traefik:v2.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
@ -11,10 +11,10 @@ services:
- "--providers.docker=true" - "--providers.docker=true"
- "--providers.docker.exposedbydefault=false" - "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443" - "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mytlschallenge.acme.email=postmaster@mydomain.com" - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports: ports:
- "443:443" - "443:443"
- "8080:8080" - "8080:8080"
@ -29,4 +29,4 @@ services:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)" - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure" - "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=mytlschallenge" - "traefik.http.routers.whoami.tls.certresolver=myresolver"

View file

@ -18,13 +18,13 @@ For the TLS challenge you will need:
--8<-- "content/user-guides/docker-compose/acme-tls/docker-compose.yml" --8<-- "content/user-guides/docker-compose/acme-tls/docker-compose.yml"
``` ```
- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.mytlschallenge.acme.email` command line argument of the `traefik` service. - Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service. - Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
- Optionally uncomment the following lines if you want to test/debug: - Optionally uncomment the following lines if you want to test/debug:
```yaml ```yaml
#- "--log.level=DEBUG" #- "--log.level=DEBUG"
#- "--certificatesresolvers.mytlschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
``` ```
- Run `docker-compose up -d` within the folder where you created the previous file. - Run `docker-compose up -d` within the folder where you created the previous file.
@ -54,8 +54,8 @@ ports:
```yaml ```yaml
command: command:
# Enable a tls challenge named "mytlschallenge" # Enable a tls challenge named "myresolver"
- "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
``` ```
- We add a volume to store our certificates: - We add a volume to store our certificates:
@ -67,13 +67,13 @@ volumes:
command: command:
# Tell to store the certificate on a path under our volume # Tell to store the certificate on a path under our volume
- "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
``` ```
- We configure the `whoami` service to tell Traefik to use the certificate resolver named `mytlschallenge` we just configured: - We configure the `whoami` service to tell Traefik to use the certificate resolver named `myresolver` we just configured:
```yaml ```yaml
labels: labels:
# Uses the Host rule to define which certificate to issue # Uses the Host rule to define which certificate to issue
- "traefik.http.routers.whoami.tls.certresolver=mytlschallenge" - "traefik.http.routers.whoami.tls.certresolver=myresolver"
``` ```

View file

@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.0.0-rc3" image: "traefik:v2.1"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"