baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changing default file format for the snippets from TOML to YAML

Browse source
This commit is contained in:
Tom Moulard 2021-06-19 00:08:08 +02:00 committed by GitHub
parent 99a23b0414
commit c9df233d24
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
79 changed files with 3965 additions and 3964 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
docs/content/contributing/data-collection.md
View file

@ -9,19 +9,19 @@ Understanding how you use Traefik is very important to us: it helps us improve t
For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases. For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
!!! example "Enabling Data Collection" !!! example "Enabling Data Collection"
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
global: global:
# Send anonymous usage data # Send anonymous usage data
sendAnonymousUsage: true sendAnonymousUsage: true
``` ```
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```bash tab="CLI" ```bash tab="CLI"
# Send anonymous usage data # Send anonymous usage data
--global.sendAnonymousUsage --global.sendAnonymousUsage
@ -45,49 +45,51 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
- an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed). - an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed).
!!! info !!! info
- We do not collect the dynamic configuration information (routers & services). - We do not collect the dynamic configuration information (routers & services).
- We do not collect this data to run advertising programs. - We do not collect this data to run advertising programs.
- We do not sell this data to third-parties. - We do not sell this data to third-parties.
### Example of Collected Data ### Example of Collected Data
```toml tab="Original configuration" ```yaml tab="Original configuration"
[entryPoints] entryPoints:
[entryPoints.web] web:
address = ":80" address: ":80"
[api] api: {}
[providers.docker] providers:
endpoint = "tcp://10.10.10.10:2375" docker:
exposedByDefault = true endpoint: "tcp://10.10.10.10:2375"
swarmMode = true exposedByDefault: true
swarmMode: true
[providers.docker.TLS] tls:
ca = "dockerCA" ca: dockerCA
cert = "dockerCert" cert: dockerCert
key = "dockerKey" key: dockerKey
insecureSkipVerify = true insecureSkipVerify: true
``` ```
```toml tab="Resulting Obfuscated Configuration" ```yaml tab="Resulting Obfuscated Configuration"
[entryPoints] entryPoints:
[entryPoints.web] web:
address = ":80" address: ":80"
[api] api: {}
[providers.docker] providers:
endpoint = "xxxx" docker:
exposedByDefault = true endpoint: "xxxx"
swarmMode = true exposedByDefault: true
swarmMode: true
[providers.docker.TLS] tls:
ca = "xxxx" ca: xxxx
cert = "xxxx" cert: xxxx
key = "xxxx" key: xxxx
insecureSkipVerify = true insecureSkipVerify: true
``` ```
## The Code for Data Collection ## The Code for Data Collection

20
docs/content/getting-started/configuration-overview.md
View file

@ -13,13 +13,13 @@ Configuration in Traefik can refer to two different things:
Elements in the _static configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often). Elements in the _static configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
The _dynamic configuration_ contains everything that defines how the requests are handled by your system. The _dynamic configuration_ contains everything that defines how the requests are handled by your system.
This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss. This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
!!! warning "Incompatible Configuration" !!! warning "Incompatible Configuration"
Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now.
If you are running v2, please ensure you are using a v2 configuration. If you are running v2, please ensure you are using a v2 configuration.
## The Dynamic Configuration ## The Dynamic Configuration
Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file. Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file.
@ -28,11 +28,11 @@ Since this configuration is specific to your infrastructure choices, we invite y
!!! info "" !!! info ""
In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers. In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers.
!!! info "HTTPS Certificates also belong to the dynamic configuration." !!! info "HTTPS Certificates also belong to the dynamic configuration."
You can add / update / remove them without restarting your Traefik instance. You can add / update / remove them without restarting your Traefik instance.
## The Static Configuration ## The Static Configuration
There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define static configuration options in Traefik: There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define static configuration options in Traefik:
@ -45,13 +45,13 @@ These ways are evaluated in the order listed above.
If no value was provided for a given option, a default value applies. If no value was provided for a given option, a default value applies.
Moreover, if an option has sub-options, and any of these sub-options is not specified, a default value will apply as well. Moreover, if an option has sub-options, and any of these sub-options is not specified, a default value will apply as well.
For example, the `--providers.docker` option is enough by itself to enable the docker provider, even though sub-options like `--providers.docker.endpoint` exist. For example, the `--providers.docker` option is enough by itself to enable the docker provider, even though sub-options like `--providers.docker.endpoint` exist.
Once positioned, this option sets (and resets) all the default values of the sub-options of `--providers.docker`. Once positioned, this option sets (and resets) all the default values of the sub-options of `--providers.docker`.
### Configuration File ### Configuration File
At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` or `traefik.yaml`) in: At startup, Traefik searches for a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:
- `/etc/traefik/` - `/etc/traefik/`
- `$XDG_CONFIG_HOME/` - `$XDG_CONFIG_HOME/`
@ -61,7 +61,7 @@ At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` o
You can override this using the `configFile` argument. You can override this using the `configFile` argument.
```bash ```bash
traefik --configFile=foo/bar/myconfigfile.toml traefik --configFile=foo/bar/myconfigfile.yml
``` ```
### Arguments ### Arguments

10
docs/content/getting-started/faq.md
View file

@ -35,7 +35,7 @@ Traefik returns a `404` response code in the following situations:
- An HTTPS request reaching an EntryPoint that has no HTTPS Router - An HTTPS request reaching an EntryPoint that has no HTTPS Router
- A request reaching an EntryPoint that has HTTP/HTTPS Routers that cannot be matched - A request reaching an EntryPoint that has HTTP/HTTPS Routers that cannot be matched
From Traefik's point of view, From Traefik's point of view,
every time a request cannot be matched with a router the correct response code is a `404 Not found`. every time a request cannot be matched with a router the correct response code is a `404 Not found`.
In this situation, the response code is not a `503 Service Unavailable` In this situation, the response code is not a `503 Service Unavailable`
@ -52,7 +52,7 @@ hence it's not possible to assume at any moment that a specific route should be
some delay. If known, the length of the delay MAY be indicated in a some delay. If known, the length of the delay MAY be indicated in a
Retry-After header. If no Retry-After is given, the client SHOULD Retry-After header. If no Retry-After is given, the client SHOULD
handle the response as it would for a 500 response. handle the response as it would for a 500 response.
Note: The existence of the 503 status code does not imply that a Note: The existence of the 503 status code does not imply that a
server must use it when becoming overloaded. Some servers may wish server must use it when becoming overloaded. Some servers may wish
to simply refuse the connection. to simply refuse the connection.
@ -66,7 +66,7 @@ Traefik returns a `502` response code when an error happens while contacting the
### `503 Service Unavailable` ### `503 Service Unavailable`
Traefik returns a `503` response code when a Router has been matched Traefik returns a `503` response code when a Router has been matched
but there are no servers ready to handle the request. but there are no servers ready to handle the request.
This situation is encountered when a service has been explicitly configured without servers, This situation is encountered when a service has been explicitly configured without servers,
@ -79,14 +79,14 @@ Sometimes, the `404` response code doesn't play well with other parties or servi
In these situations, you may want Traefik to always reply with a `503` response code, In these situations, you may want Traefik to always reply with a `503` response code,
instead of a `404` response code. instead of a `404` response code.
To achieve this behavior, a simple catchall router, To achieve this behavior, a simple catchall router,
with the lowest possible priority and routing to a service without servers, with the lowest possible priority and routing to a service without servers,
can handle all the requests when no other router has been matched. can handle all the requests when no other router has been matched.
The example below is a file provider only version (`yaml`) of what this configuration could look like: The example below is a file provider only version (`yaml`) of what this configuration could look like:
```yaml tab="Static configuration" ```yaml tab="Static configuration"
# traefik.yaml # traefik.yml
entrypoints: entrypoints:
web: web:

22
docs/content/getting-started/install-traefik.md
View file

@ -11,12 +11,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file: Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.yml) * [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml)
```bash ```bash
docker run -d -p 8080:8080 -p 80:80 \ docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.4 -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.4
``` ```
For more details, go to the [Docker provider documentation](../providers/docker.md) For more details, go to the [Docker provider documentation](../providers/docker.md)
@ -31,8 +31,8 @@ For more details, go to the [Docker provider documentation](../providers/docker.
## Use the Helm Chart ## Use the Helm Chart
!!! warning !!! warning
The Traefik Chart from The Traefik Chart from
[Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7). [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7).
Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/traefik/traefik-helm-chart>. Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/traefik/traefik-helm-chart>.
@ -61,7 +61,7 @@ helm install traefik traefik/traefik
``` ```
!!! tip "Helm Features" !!! tip "Helm Features"
All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported. All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
For instance, installing the chart in a dedicated namespace: For instance, installing the chart in a dedicated namespace:
@ -73,30 +73,30 @@ helm install traefik traefik/traefik
``` ```
??? example "Installing with Custom Values" ??? example "Installing with Custom Values"
You can customize the installation by specifying custom values, You can customize the installation by specifying custom values,
as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing).
{: #helm-custom-values } {: #helm-custom-values }
The values are not (yet) documented, but are self-explanatory: The values are not (yet) documented, but are self-explanatory:
you can look at the [default `values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities. you can look at the [default `values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
You can also set Traefik command line flags using `additionalArguments`. You can also set Traefik command line flags using `additionalArguments`.
Example of installation with logging set to `DEBUG`: Example of installation with logging set to `DEBUG`:
```bash tab="Using Helm CLI" ```bash tab="Using Helm CLI"
helm install --namespace=traefik-v2 \ helm install --namespace=traefik-v2 \
--set="additionalArguments={--log.level=DEBUG}" \ --set="additionalArguments={--log.level=DEBUG}" \
traefik traefik/traefik traefik traefik/traefik
``` ```
```yml tab="With a custom values file" ```yml tab="With a custom values file"
# File custom-values.yml # File custom-values.yml
## Install with "helm install --values=./custom-values.yml traefik traefik/traefik ## Install with "helm install --values=./custom-values.yml traefik traefik/traefik
additionalArguments: additionalArguments:
- "--log.level=DEBUG" - "--log.level=DEBUG"
``` ```
### Exposing the Traefik dashboard ### Exposing the Traefik dashboard
This HelmChart does not expose the Traefik dashboard by default, for security concerns. This HelmChart does not expose the Traefik dashboard by default, for security concerns.

232
docs/content/https/acme.md
View file

@ -13,7 +13,7 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
## Certificate Resolvers ## Certificate Resolvers
Traefik requires you to define "Certificate Resolvers" in the [static configuration](../getting-started/configuration-overview.md#the-static-configuration), Traefik requires you to define "Certificate Resolvers" in the [static configuration](../getting-started/configuration-overview.md#the-static-configuration),
which are responsible for retrieving certificates from an ACME server. which are responsible for retrieving certificates from an ACME server.
Then, each ["router"](../routing/routers/index.md) is configured to enable TLS, Then, each ["router"](../routing/routers/index.md) is configured to enable TLS,
@ -26,33 +26,33 @@ You can read more about this retrieval mechanism in the following section: [ACME
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it." !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? note "Configuration Reference" ??? note "Configuration Reference"
There are many available options for ACME. There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference: For a quick glance at what's possible, browse the configuration reference:
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml" --8<-- "content/https/ref-acme.yaml"
``` ```
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```bash tab="CLI" ```bash tab="CLI"
--8<-- "content/https/ref-acme.txt" --8<-- "content/https/ref-acme.txt"
``` ```
## Domain Definition ## Domain Definition
Certificate resolvers request certificates for a set of the domain names Certificate resolvers request certificates for a set of the domain names
inferred from routers, with the following logic: inferred from routers, with the following logic:
- If the router has a [`tls.domains`](../routing/routers/index.md#domains) option set, - If the router has a [`tls.domains`](../routing/routers/index.md#domains) option set,
then the certificate resolver uses the `main` (and optionally `sans`) option of `tls.domains` to know the domain names for this router. then the certificate resolver uses the `main` (and optionally `sans`) option of `tls.domains` to know the domain names for this router.
- If no [`tls.domains`](../routing/routers/index.md#domains) option is set, - If no [`tls.domains`](../routing/routers/index.md#domains) option is set,
then the certificate resolver uses the [router's rule](../routing/routers/index.md#rule), then the certificate resolver uses the [router's rule](../routing/routers/index.md#rule),
by checking the `Host()` matchers. by checking the `Host()` matchers.
Please note that [multiple `Host()` matchers can be used](../routing/routers/index.md#certresolver)) for specifying multiple domain names for this router. Please note that [multiple `Host()` matchers can be used](../routing/routers/index.md#certresolver)) for specifying multiple domain names for this router.
Please note that: Please note that:
@ -69,31 +69,15 @@ Please check the [configuration examples below](#configuration-examples) for mor
## Configuration Examples ## Configuration Examples
??? example "Enabling ACME" ??? example "Enabling ACME"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
websecure: websecure:
address: ":443" address: ":443"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
acme: acme:
@ -103,7 +87,23 @@ Please check the [configuration examples below](#configuration-examples) for mor
# used during the challenge # used during the challenge
entryPoint: web entryPoint: web
``` ```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.web.address=:80 --entrypoints.web.address=:80
--entrypoints.websecure.address=:443 --entrypoints.websecure.address=:443
@ -117,23 +117,23 @@ Please check the [configuration examples below](#configuration-examples) for mor
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it." !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? example "Single Domain from Router's Rule Example" ??? example "Single Domain from Router's Rule Example"
* A certificate for the domain `example.com` is requested: * A certificate for the domain `example.com` is requested:
--8<-- "content/https/include-acme-single-domain-example.md" --8<-- "content/https/include-acme-single-domain-example.md"
??? example "Multiple Domains from Router's Rule Example" ??? example "Multiple Domains from Router's Rule Example"
* A certificate for the domains `example.com` (main) and `blog.example.org` * A certificate for the domains `example.com` (main) and `blog.example.org`
is requested: is requested:
--8<-- "content/https/include-acme-multiple-domains-from-rule-example.md" --8<-- "content/https/include-acme-multiple-domains-from-rule-example.md"
??? example "Multiple Domains from Router's `tls.domain` Example" ??? example "Multiple Domains from Router's `tls.domain` Example"
* A certificate for the domains `example.com` (main) and `*.example.org` (SAN) * A certificate for the domains `example.com` (main) and `*.example.org` (SAN)
is requested: is requested:
--8<-- "content/https/include-acme-multiple-domains-example.md" --8<-- "content/https/include-acme-multiple-domains-example.md"
## Automatic Renewals ## Automatic Renewals
@ -165,12 +165,6 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
??? example "Configuring the `tlsChallenge`" ??? example "Configuring the `tlsChallenge`"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -178,7 +172,13 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
# ... # ...
tlsChallenge: {} tlsChallenge: {}
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.tlschallenge=true --certificatesresolvers.myresolver.acme.tlschallenge=true
@ -193,28 +193,14 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
??? example "Using an EntryPoint Called web for the `httpChallenge`" ??? example "Using an EntryPoint Called web for the `httpChallenge`"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
websecure: websecure:
address: ":443" address: ":443"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
acme: acme:
@ -222,7 +208,21 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
httpChallenge: httpChallenge:
entryPoint: web entryPoint: web
``` ```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.web.address=:80 --entrypoints.web.address=:80
--entrypoints.websecure.address=:443 --entrypoints.websecure.address=:443
@ -239,15 +239,6 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider" ??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -258,7 +249,16 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
delayBeforeCheck: 0 delayBeforeCheck: 0
# ... # ...
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean --certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
@ -270,7 +270,7 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
A `provider` is mandatory. A `provider` is mandatory.
#### `providers` #### `providers`
Here is a list of supported `providers`, that can automate the DNS verification, Here is a list of supported `providers`, that can automate the DNS verification,
along with the required environment variables and their [wildcard & root domain support](#wildcard-domains). along with the required environment variables and their [wildcard & root domain support](#wildcard-domains).
Do not hesitate to complete it. Do not hesitate to complete it.
@ -388,14 +388,6 @@ For complete details, refer to your provider's _Additional configuration_ link.
Use custom DNS servers to resolve the FQDN authority. Use custom DNS servers to resolve the FQDN authority.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -408,6 +400,14 @@ certificatesResolvers:
- "8.8.8.8:53" - "8.8.8.8:53"
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
@ -423,14 +423,6 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
- `kid`: Key identifier from External CA - `kid`: Key identifier from External CA
- `hmacEncoded`: HMAC key from External CA, should be in Base64 URL Encoding without padding format - `hmacEncoded`: HMAC key from External CA, should be in Base64 URL Encoding without padding format
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.eab]
kid = "abc-keyID-xyz"
hmacEncoded = "abc-hmac-xyz"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -441,6 +433,14 @@ certificatesResolvers:
hmacEncoded: abc-hmac-xyz hmacEncoded: abc-hmac-xyz
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.eab]
kid = "abc-keyID-xyz"
hmacEncoded = "abc-hmac-xyz"
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.eab.kid=abc-keyID-xyz --certificatesresolvers.myresolver.acme.eab.kid=abc-keyID-xyz
@ -460,13 +460,6 @@ The CA server to use:
??? example "Using the Let's Encrypt staging server" ??? example "Using the Let's Encrypt staging server"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -476,6 +469,13 @@ The CA server to use:
# ... # ...
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
@ -488,13 +488,6 @@ _Required, Default="acme.json"_
The `storage` option sets the location where your ACME certificates are saved to. The `storage` option sets the location where your ACME certificates are saved to.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
storage = "acme.json"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -504,6 +497,13 @@ certificatesResolvers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
storage = "acme.json"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.storage=acme.json --certificatesresolvers.myresolver.acme.storage=acme.json
@ -534,13 +534,6 @@ Preferred chain to use.
If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used. If no match, the default offered chain will be used.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
preferredChain = "ISRG Root X1"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -550,6 +543,13 @@ certificatesResolvers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
preferredChain = "ISRG Root X1"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1" --certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1"
@ -562,13 +562,6 @@ _Optional, Default="RSA4096"_
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
keyType = "RSA4096"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
@ -578,6 +571,13 @@ certificatesResolvers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
keyType = "RSA4096"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
# ... # ...
--certificatesresolvers.myresolver.acme.keyType="RSA4096" --certificatesresolvers.myresolver.acme.keyType="RSA4096"

24
docs/content/https/include-acme-multiple-domains-example.md
View file

@ -64,18 +64,6 @@ labels:
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
sans = ["*.example.org"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Dynamic configuration ## Dynamic configuration
http: http:
@ -89,3 +77,15 @@ http:
sans: sans:
- "*.example.org" - "*.example.org"
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
sans = ["*.example.org"]
```

18
docs/content/https/include-acme-multiple-domains-from-rule-example.md
View file

@ -52,15 +52,6 @@ labels:
- traefik.http.routers.blog.tls.certresolver=myresolver - traefik.http.routers.blog.tls.certresolver=myresolver
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Dynamic configuration ## Dynamic configuration
http: http:
@ -70,3 +61,12 @@ http:
tls: tls:
certResolver: myresolver certResolver: myresolver
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

18
docs/content/https/include-acme-single-domain-example.md
View file

@ -52,15 +52,6 @@ labels:
- traefik.http.routers.blog.tls.certresolver=myresolver - traefik.http.routers.blog.tls.certresolver=myresolver
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Dynamic configuration ## Dynamic configuration
http: http:
@ -70,3 +61,12 @@ http:
tls: tls:
certResolver: myresolver certResolver: myresolver
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

232
docs/content/https/tls.md
View file

@ -13,18 +13,6 @@ See the [Let's Encrypt](./acme.md) page.
To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section: To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section:
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls.certificates]]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -36,23 +24,28 @@ tls:
keyFile: /path/to/other-domain.key keyFile: /path/to/other-domain.key
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls.certificates]]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Restriction" !!! important "Restriction"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions. In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
It is the only available method to configure the certificates (as well as the options and the stores). It is the only available method to configure the certificates (as well as the options and the stores).
However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/). However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/).
## Certificates Stores ## Certificates Stores
In Traefik, certificates are grouped together in certificates stores, which are defined as such: In Traefik, certificates are grouped together in certificates stores, which are defined as such:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -61,6 +54,13 @@ tls:
default: {} default: {}
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
```
!!! important "Restriction" !!! important "Restriction"
Any store definition other than the default one (named `default`) will be ignored, Any store definition other than the default one (named `default`) will be ignored,
@ -68,21 +68,6 @@ tls:
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored: In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -98,6 +83,21 @@ tls:
keyFile: /path/to/other-domain.key keyFile: /path/to/other-domain.key
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Restriction" !!! important "Restriction"
The `stores` list will actually be ignored and automatically set to `["default"]`. The `stores` list will actually be ignored and automatically set to `["default"]`.
@ -107,16 +107,6 @@ tls:
Traefik can use a default certificate for connections without a SNI, or without a matching domain. Traefik can use a default certificate for connections without a SNI, or without a matching domain.
This default certificate should be defined in a TLS store: This default certificate should be defined in a TLS store:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -128,6 +118,16 @@ tls:
keyFile: path/to/cert.key keyFile: path/to/cert.key
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
If no default certificate is provided, Traefik generates and uses a self-signed certificate. If no default certificate is provided, Traefik generates and uses a self-signed certificate.
## TLS Options ## TLS Options
@ -155,18 +155,6 @@ The TLS options allow one to configure some parameters of the TLS connection.
### Minimum TLS Version ### Minimum TLS Version
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -179,6 +167,18 @@ tls:
minVersion: VersionTLS13 minVersion: VersionTLS13
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption kind: TLSOption
@ -206,18 +206,6 @@ We discourage the use of this setting to disable TLS1.3.
The recommended approach is to update the clients to support TLS1.3. The recommended approach is to update the clients to support TLS1.3.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
maxVersion = "VersionTLS13"
[tls.options.maxtls12]
maxVersion = "VersionTLS12"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -230,6 +218,18 @@ tls:
maxVersion: VersionTLS12 maxVersion: VersionTLS12
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
maxVersion = "VersionTLS13"
[tls.options.maxtls12]
maxVersion = "VersionTLS12"
```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption kind: TLSOption
@ -255,16 +255,6 @@ spec:
See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information. See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -275,6 +265,16 @@ tls:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption kind: TLSOption
@ -301,14 +301,6 @@ The names of the curves defined by [`crypto`](https://godoc.org/crypto/tls#Curve
See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information. See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
curvePreferences = ["CurveP521", "CurveP384"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -320,6 +312,14 @@ tls:
- CurveP384 - CurveP384
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
curvePreferences = ["CurveP521", "CurveP384"]
```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption kind: TLSOption
@ -338,14 +338,6 @@ spec:
With strict SNI checking enabled, Traefik won't allow connections from clients With strict SNI checking enabled, Traefik won't allow connections from clients
that do not specify a server_name extension or don't match any certificate configured on the tlsOption. that do not specify a server_name extension or don't match any certificate configured on the tlsOption.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -355,6 +347,14 @@ tls:
sniStrict: true sniStrict: true
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption kind: TLSOption
@ -371,14 +371,6 @@ spec:
This option allows the server to choose its most preferred cipher suite instead of the client's. This option allows the server to choose its most preferred cipher suite instead of the client's.
Please note that this is enabled automatically when `minVersion` or `maxVersion` are set. Please note that this is enabled automatically when `minVersion` or `maxVersion` are set.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -388,6 +380,14 @@ tls:
preferServerCipherSuites: true preferServerCipherSuites: true
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption kind: TLSOption
@ -404,25 +404,14 @@ spec:
Traefik supports mutual authentication, through the `clientAuth` section. Traefik supports mutual authentication, through the `clientAuth` section.
For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`. For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`.
The `clientAuth.clientAuthType` option governs the behaviour as follows: The `clientAuth.clientAuthType` option governs the behaviour as follows:
- `NoClientCert`: disregards any client certificate. - `NoClientCert`: disregards any client certificate.
- `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided. - `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`. - `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate. - `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`. - `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic configuration # Dynamic configuration
@ -438,6 +427,17 @@ tls:
clientAuthType: RequireAndVerifyClientCert clientAuthType: RequireAndVerifyClientCert
``` ```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption kind: TLSOption

18
docs/content/middlewares/addprefix.md
View file

@ -1,9 +1,9 @@
# Add Prefix # Add Prefix
Prefixing the Path Prefixing the Path
{: .subtitle } {: .subtitle }
![AddPrefix](../assets/img/middleware/addprefix.png) ![AddPrefix](../assets/img/middleware/addprefix.png)
The AddPrefix middleware updates the path of a request before forwarding it. The AddPrefix middleware updates the path of a request before forwarding it.
@ -43,13 +43,6 @@ labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
``` ```
```toml tab="File (TOML)"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Prefixing with /foo # Prefixing with /foo
http: http:
@ -59,6 +52,13 @@ http:
prefix: "/foo" prefix: "/foo"
``` ```
```toml tab="File (TOML)"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
## Configuration Options ## Configuration Options
### `prefix` ### `prefix`

102
docs/content/middlewares/basicauth.md
View file

@ -48,16 +48,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Declaring the user list # Declaring the user list
http: http:
@ -65,17 +55,27 @@ http:
test-auth: test-auth:
basicAuth: basicAuth:
users: users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
## Configuration Options ## Configuration Options
### General ### General
Passwords must be hashed using MD5, SHA1, or BCrypt. Passwords must be hashed using MD5, SHA1, or BCrypt.
!!! tip !!! tip
Use `htpasswd` to generate the passwords. Use `htpasswd` to generate the passwords.
@ -84,7 +84,7 @@ Passwords must be hashed using MD5, SHA1, or BCrypt.
The `users` option is an array of authorized users. Each user must be declared using the `name:hashed-password` format. The `users` option is an array of authorized users. Each user must be declared using the `name:hashed-password` format.
!!! note "" !!! note ""
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`. - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- For security reasons, the field `users` doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. - For security reasons, the field `users` doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@ -142,16 +142,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Declaring the user list # Declaring the user list
http: http:
@ -159,10 +149,20 @@ http:
test-auth: test-auth:
basicAuth: basicAuth:
users: users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
### `usersFile` ### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware. The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@ -170,9 +170,9 @@ The `usersFile` option is the path to an external file that contains the authori
The file content is a list of `name:hashed-password`. The file content is a list of `name:hashed-password`.
!!! note "" !!! note ""
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`. - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
@ -216,12 +216,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile" - "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -230,6 +224,12 @@ http:
usersFile: "/path/to/my/usersfile" usersFile: "/path/to/my/usersfile"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
usersFile = "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2" ??? example "A file containing test/test and test2/test2"
```txt ```txt
@ -239,7 +239,7 @@ http:
### `realm` ### `realm`
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`. You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
@ -271,12 +271,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm" - "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -285,6 +279,12 @@ http:
realm: "MyRealm" realm: "MyRealm"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
realm = "MyRealm"
```
### `headerField` ### `headerField`
You can define a header field to store the authenticated user using the `headerField`option. You can define a header field to store the authenticated user using the `headerField`option.
@ -315,12 +315,6 @@ spec:
} }
``` ```
```toml tab="File (TOML)"
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -330,6 +324,12 @@ http:
headerField: "X-WebAuth-User" headerField: "X-WebAuth-User"
``` ```
```toml tab="File (TOML)"
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```
### `removeHeader` ### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.) Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
@ -364,12 +364,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true" - "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -377,3 +371,9 @@ http:
basicAuth: basicAuth:
removeHeader: true removeHeader: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```

86
docs/content/middlewares/buffering.md
View file

@ -47,13 +47,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
``` ```
```toml tab="File (TOML)"
# Sets the maximum request body to 2MB
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Sets the maximum request body to 2MB # Sets the maximum request body to 2MB
http: http:
@ -63,6 +56,13 @@ http:
maxRequestBodyBytes: 2000000 maxRequestBodyBytes: 2000000
``` ```
```toml tab="File (TOML)"
# Sets the maximum request body to 2MB
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
## Configuration Options ## Configuration Options
### `maxRequestBodyBytes` ### `maxRequestBodyBytes`
@ -101,12 +101,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -115,6 +109,12 @@ http:
maxRequestBodyBytes: 2000000 maxRequestBodyBytes: 2000000
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
### `memRequestBodyBytes` ### `memRequestBodyBytes`
You can configure a threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option. You can configure a threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.
@ -149,12 +149,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -163,6 +157,12 @@ http:
memRequestBodyBytes: 2000000 memRequestBodyBytes: 2000000
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memRequestBodyBytes = 2000000
```
### `maxResponseBodyBytes` ### `maxResponseBodyBytes`
The `maxResponseBodyBytes` option configures the maximum allowed response size from the service (in bytes). The `maxResponseBodyBytes` option configures the maximum allowed response size from the service (in bytes).
@ -199,12 +199,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxResponseBodyBytes = 2000000
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -213,6 +207,12 @@ http:
maxResponseBodyBytes: 2000000 maxResponseBodyBytes: 2000000
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxResponseBodyBytes = 2000000
```
### `memResponseBodyBytes` ### `memResponseBodyBytes`
You can configure a threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option. You can configure a threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.
@ -247,12 +247,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memResponseBodyBytes = 2000000
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -261,17 +255,23 @@ http:
memResponseBodyBytes: 2000000 memResponseBodyBytes: 2000000
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memResponseBodyBytes = 2000000
```
### `retryExpression` ### `retryExpression`
You can have the Buffering middleware replay the request using `retryExpression`. You can have the Buffering middleware replay the request using `retryExpression`.
??? example "Retries once in the case of a network error" ??? example "Retries once in the case of a network error"
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
@ -281,28 +281,22 @@ You can have the Buffering middleware replay the request using `retryExpression`
buffering: buffering:
retryExpression: "IsNetworkError() && Attempts() < 2" retryExpression: "IsNetworkError() && Attempts() < 2"
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.limit.buffering.retryExpression": "IsNetworkError() && Attempts() < 2" "traefik.http.middlewares.limit.buffering.retryExpression": "IsNetworkError() && Attempts() < 2"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
labels: labels:
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
retryExpression = "IsNetworkError() && Attempts() < 2"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -311,6 +305,12 @@ You can have the Buffering middleware replay the request using `retryExpression`
retryExpression: "IsNetworkError() && Attempts() < 2" retryExpression: "IsNetworkError() && Attempts() < 2"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
retryExpression = "IsNetworkError() && Attempts() < 2"
```
The retry expression is defined as a logical combination of the functions below with the operators AND (`&&`) and OR (`||`). At least one function is required: The retry expression is defined as a logical combination of the functions below with the operators AND (`&&`) and OR (`||`). At least one function is required:
- `Attempts()` number of attempts (the first one counts) - `Attempts()` number of attempts (the first one counts)

56
docs/content/middlewares/chain.md
View file

@ -117,34 +117,6 @@ labels:
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
```toml tab="File (TOML)"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# ... # ...
http: http:
@ -184,3 +156,31 @@ http:
servers: servers:
- url: "http://127.0.0.1:80" - url: "http://127.0.0.1:80"
``` ```
```toml tab="File (TOML)"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```

14
docs/content/middlewares/circuitbreaker.md
View file

@ -59,13 +59,6 @@ labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
``` ```
```toml tab="File (TOML)"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Latency Check # Latency Check
http: http:
@ -75,6 +68,13 @@ http:
expression: "LatencyAtQuantileMS(50.0) > 100" expression: "LatencyAtQuantileMS(50.0) > 100"
``` ```
```toml tab="File (TOML)"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
## Possible States ## Possible States
There are three possible states for your circuit breaker: There are three possible states for your circuit breaker:

24
docs/content/middlewares/compress.md
View file

@ -42,12 +42,6 @@ labels:
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
```toml tab="File (TOML)"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.compress]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Enable gzip compression # Enable gzip compression
http: http:
@ -56,6 +50,12 @@ http:
compress: {} compress: {}
``` ```
```toml tab="File (TOML)"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.compress]
```
!!! info !!! info
Responses are compressed when the following criteria are all met: Responses are compressed when the following criteria are all met:
@ -108,12 +108,6 @@ labels:
- "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream" - "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-compress.compress]
excludedContentTypes = ["text/event-stream"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -122,3 +116,9 @@ http:
excludedContentTypes: excludedContentTypes:
- text/event-stream - text/event-stream
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-compress.compress]
excludedContentTypes = ["text/event-stream"]
```

15
docs/content/middlewares/contenttype.md
View file

@ -1,4 +1,3 @@
# ContentType # ContentType
Handling Content-Type auto-detection Handling Content-Type auto-detection
@ -62,13 +61,6 @@ labels:
- "traefik.http.middlewares.autodetect.contenttype.autodetect=false" - "traefik.http.middlewares.autodetect.contenttype.autodetect=false"
``` ```
```toml tab="File (TOML)"
# Disable auto-detection
[http.middlewares]
[http.middlewares.autodetect.contentType]
autoDetect=false
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Disable auto-detection # Disable auto-detection
http: http:
@ -78,6 +70,13 @@ http:
autoDetect: false autoDetect: false
``` ```
```toml tab="File (TOML)"
# Disable auto-detection
[http.middlewares]
[http.middlewares.autodetect.contentType]
autoDetect=false
```
## Configuration Options ## Configuration Options
### `autoDetect` ### `autoDetect`

88
docs/content/middlewares/digestauth.md
View file

@ -43,16 +43,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Declaring the user list # Declaring the user list
http: http:
@ -64,6 +54,16 @@ http:
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
## Configuration Options ## Configuration Options
!!! tip !!! tip
@ -120,15 +120,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -139,6 +130,15 @@ http:
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
### `usersFile` ### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware. The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@ -148,7 +148,7 @@ The file content is a list of `name:realm:encoded-password`.
!!! note "" !!! note ""
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`. - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
@ -192,12 +192,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile" - "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -206,6 +200,12 @@ http:
usersFile: "/path/to/my/usersfile" usersFile: "/path/to/my/usersfile"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
usersFile = "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2" ??? example "A file containing test/test and test2/test2"
```txt ```txt
@ -247,12 +247,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm" - "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -261,6 +255,12 @@ http:
realm: "MyRealm" realm: "MyRealm"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
realm = "MyRealm"
```
### `headerField` ### `headerField`
You can customize the header field for the authenticated user using the `headerField`option. You can customize the header field for the authenticated user using the `headerField`option.
@ -296,12 +296,6 @@ labels:
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User" - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
``` ```
```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth]
# ...
headerField = "X-WebAuth-User"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -311,6 +305,12 @@ http:
headerField: "X-WebAuth-User" headerField: "X-WebAuth-User"
``` ```
```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth]
# ...
headerField = "X-WebAuth-User"
```
### `removeHeader` ### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.) Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
@ -345,12 +345,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true" - "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
removeHeader = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -358,3 +352,9 @@ http:
digestAuth: digestAuth:
removeHeader: true removeHeader: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
removeHeader = true
```

24
docs/content/middlewares/errorpages.md
View file

@ -58,18 +58,6 @@ labels:
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" - "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
``` ```
```toml tab="File (TOML)"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"
[http.services]
# ... definition of error-handler-service and my-service
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Custom Error Page for 5XX # Custom Error Page for 5XX
http: http:
@ -81,6 +69,18 @@ http:
service: serviceError service: serviceError
query: "/{status}.html" query: "/{status}.html"
services:
# ... definition of error-handler-service and my-service
```
```toml tab="File (TOML)"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"
[http.services] [http.services]
# ... definition of error-handler-service and my-service # ... definition of error-handler-service and my-service
``` ```

168
docs/content/middlewares/forwardauth.md
View file

@ -45,13 +45,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth" - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
``` ```
```toml tab="File (TOML)"
# Forward authentication to example.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Forward authentication to example.com # Forward authentication to example.com
http: http:
@ -61,6 +54,13 @@ http:
address: "https://example.com/auth" address: "https://example.com/auth"
``` ```
```toml tab="File (TOML)"
# Forward authentication to example.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
## Forward-Request Headers ## Forward-Request Headers
The following request properties are provided to the forward-auth target endpoint as `X-Forwarded-` headers. The following request properties are provided to the forward-auth target endpoint as `X-Forwarded-` headers.
@ -91,7 +91,7 @@ metadata:
name: test-auth name: test-auth
spec: spec:
forwardAuth: forwardAuth:
address: https://example.com/auth address: https://example.com/auth
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
@ -109,12 +109,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth" - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -123,6 +117,12 @@ http:
address: "https://example.com/auth" address: "https://example.com/auth"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
### `trustForwardHeader` ### `trustForwardHeader`
Set the `trustForwardHeader` option to `true` to trust all `X-Forwarded-*` headers. Set the `trustForwardHeader` option to `true` to trust all `X-Forwarded-*` headers.
@ -158,13 +158,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
trustForwardHeader = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -174,6 +167,13 @@ http:
trustForwardHeader: true trustForwardHeader: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
trustForwardHeader = true
```
### `authResponseHeaders` ### `authResponseHeaders`
The `authResponseHeaders` option is the list of headers to copy from the authentication server response and set on The `authResponseHeaders` option is the list of headers to copy from the authentication server response and set on
@ -212,13 +212,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeaders = ["X-Auth-User", "X-Secret"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -230,6 +223,13 @@ http:
- "X-Secret" - "X-Secret"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeaders = ["X-Auth-User", "X-Secret"]
```
### `authResponseHeadersRegex` ### `authResponseHeadersRegex`
The `authResponseHeadersRegex` option is the regex to match headers to copy from the authentication server response and The `authResponseHeadersRegex` option is the regex to match headers to copy from the authentication server response and
@ -268,13 +268,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-" - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeadersRegex = "^X-"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -284,6 +277,13 @@ http:
authResponseHeadersRegex: "^X-" authResponseHeadersRegex: "^X-"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeadersRegex = "^X-"
```
### `authRequestHeaders` ### `authRequestHeaders`
The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server. The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server.
@ -323,13 +323,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader" - "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authRequestHeaders = "Accept,X-CustomHeader"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -341,6 +334,13 @@ http:
- "X-CustomHeader" - "X-CustomHeader"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authRequestHeaders = "Accept,X-CustomHeader"
```
### `tls` ### `tls`
The `tls` option is the TLS configuration from Traefik to the authentication server. The `tls` option is the TLS configuration from Traefik to the authentication server.
@ -391,14 +391,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -409,6 +401,14 @@ http:
ca: "path/to/local.crt" ca: "path/to/local.crt"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
```
#### `tls.caOptional` #### `tls.caOptional`
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server. The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server.
@ -453,14 +453,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" - "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -471,6 +463,14 @@ http:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
caOptional = true
```
#### `tls.cert` #### `tls.cert`
The public certificate used for the secure connection to the authentication server. The public certificate used for the secure connection to the authentication server.
@ -522,15 +522,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -542,6 +533,15 @@ http:
key: "path/to/foo.key" key: "path/to/foo.key"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
!!! info !!! info
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead. For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@ -597,15 +597,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -617,6 +608,15 @@ http:
key: "path/to/foo.key" key: "path/to/foo.key"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
!!! info !!! info
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead. For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@ -657,14 +657,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true" - "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -674,3 +666,11 @@ http:
tls: tls:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```

70
docs/content/middlewares/headers.md
View file

@ -50,15 +50,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value" - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "value"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -70,6 +61,15 @@ http:
X-Custom-Response-Header: "value" X-Custom-Response-Header: "value"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "value"
```
### Adding and Removing Headers ### Adding and Removing Headers
In the following example, requests are proxied with an extra `X-Script-Name` header while their `X-Custom-Request-Header` header gets stripped, In the following example, requests are proxied with an extra `X-Script-Name` header while their `X-Custom-Request-Header` header gets stripped,
@ -117,16 +117,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=" - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header="
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -139,6 +129,16 @@ http:
X-Custom-Response-Header: "" # Removes X-Custom-Response-Header: "" # Removes
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
```
### Using Security Headers ### Using Security Headers
Security-related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be managed similarly to custom headers as shown above. Security-related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be managed similarly to custom headers as shown above.
@ -179,13 +179,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.sslredirect=true" - "traefik.http.middlewares.testheader.headers.sslredirect=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
frameDeny = true
sslRedirect = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -195,6 +188,13 @@ http:
sslRedirect: true sslRedirect: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
frameDeny = true
sslRedirect = true
```
### CORS Headers ### CORS Headers
CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above. CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
@ -250,15 +250,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.addvaryheader=true" - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
accessControlMaxAge = 100
addVaryHeader = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -275,6 +266,15 @@ http:
addVaryHeader: true addVaryHeader: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
accessControlMaxAge = 100
addVaryHeader = true
```
## Configuration Options ## Configuration Options
### General ### General

84
docs/content/middlewares/inflightreq.md
View file

@ -41,13 +41,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
``` ```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections # Limiting to 10 simultaneous connections
http: http:
@ -57,6 +50,13 @@ http:
amount: 10 amount: 10
``` ```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
## Configuration Options ## Configuration Options
### `amount` ### `amount`
@ -96,13 +96,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
``` ```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections # Limiting to 10 simultaneous connections
http: http:
@ -112,6 +105,13 @@ http:
amount: 10 amount: 10
``` ```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
### `sourceCriterion` ### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source. The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
@ -171,13 +171,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -188,6 +181,13 @@ http:
depth: 2 depth: 2
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
depth = 2
```
##### `ipStrategy.excludedIPs` ##### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list. `excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
@ -238,13 +238,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -257,6 +250,13 @@ http:
- "192.168.1.7" - "192.168.1.7"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `sourceCriterion.requestHeaderName` #### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests. Name of the header used to group incoming requests.
@ -292,13 +292,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -308,6 +301,13 @@ http:
requestHeaderName: username requestHeaderName: username
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHeaderName = "username"
```
#### `sourceCriterion.requestHost` #### `sourceCriterion.requestHost`
Whether to consider the request host as the source. Whether to consider the request host as the source.
@ -343,13 +343,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -358,3 +351,10 @@ http:
sourceCriterion: sourceCriterion:
requestHost: true requestHost: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHost = true
```

48
docs/content/middlewares/ipwhitelist.md
View file

@ -44,13 +44,6 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)"
# Accepts request from defined IP
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Accepts request from defined IP # Accepts request from defined IP
http: http:
@ -62,6 +55,13 @@ http:
- "192.168.1.7" - "192.168.1.7"
``` ```
```toml tab="File (TOML)"
# Accepts request from defined IP
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
## Configuration Options ## Configuration Options
### `sourceRange` ### `sourceRange`
@ -131,15 +131,6 @@ labels:
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
``` ```
```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Whitelisting Based on `X-Forwarded-For` with `depth=2`
http: http:
@ -153,6 +144,15 @@ http:
depth: 2 depth: 2
``` ```
```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
```
#### `ipStrategy.excludedIPs` #### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list. `excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
@ -206,14 +206,6 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
http: http:
@ -225,3 +217,11 @@ http:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

40
docs/content/middlewares/overview.md
View file

@ -91,26 +91,6 @@ labels:
- "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher" - "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher"
``` ```
```toml tab="File (TOML)"
# As TOML Configuration File
[http.routers]
[http.routers.router1]
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# As YAML Configuration File # As YAML Configuration File
http: http:
@ -133,6 +113,26 @@ http:
- url: "http://127.0.0.1:80" - url: "http://127.0.0.1:80"
``` ```
```toml tab="File (TOML)"
# As TOML Configuration File
[http.routers]
[http.routers.router1]
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
## Available Middlewares ## Available Middlewares
| Middleware | Purpose | Area | | Middleware | Purpose | Area |

66
docs/content/middlewares/passtlsclientcert.md
View file

@ -46,13 +46,6 @@ labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
``` ```
```toml tab="File (TOML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
http: http:
@ -62,6 +55,13 @@ http:
pem: true pem: true
``` ```
```toml tab="File (TOML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header" ??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header"
```yaml tab="Docker" ```yaml tab="Docker"
@ -182,32 +182,6 @@ http:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
``` ```
```toml tab="File (TOML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
http: http:
@ -236,6 +210,32 @@ http:
domainComponent: true domainComponent: true
``` ```
```toml tab="File (TOML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
```
## Configuration Options ## Configuration Options
### General ### General

116
docs/content/middlewares/ratelimit.md
View file

@ -50,15 +50,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
``` ```
```toml tab="File (TOML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
burst = 50
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Here, an average of 100 requests per second is allowed. # Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed. # In addition, a burst of 50 requests is allowed.
@ -70,6 +61,15 @@ http:
burst: 50 burst: 50
``` ```
```toml tab="File (TOML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
burst = 50
```
## Configuration Options ## Configuration Options
### `average` ### `average`
@ -114,13 +114,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
``` ```
```toml tab="File (TOML)"
# 100 reqs/s
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# 100 reqs/s # 100 reqs/s
http: http:
@ -130,6 +123,13 @@ http:
average: 100 average: 100
``` ```
```toml tab="File (TOML)"
# 100 reqs/s
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
### `period` ### `period`
`period`, in combination with `average`, defines the actual maximum rate, such as: `period`, in combination with `average`, defines the actual maximum rate, such as:
@ -179,14 +179,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m" - "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
``` ```
```toml tab="File (TOML)"
# 6 reqs/minute
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 6
period = "1m"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# 6 reqs/minute # 6 reqs/minute
http: http:
@ -197,6 +189,14 @@ http:
period: 1m period: 1m
``` ```
```toml tab="File (TOML)"
# 6 reqs/minute
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 6
period = "1m"
```
### `burst` ### `burst`
`burst` is the maximum number of requests allowed to go through in the same arbitrarily small period of time. `burst` is the maximum number of requests allowed to go through in the same arbitrarily small period of time.
@ -233,12 +233,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -247,6 +241,12 @@ http:
burst: 100 burst: 100
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
### `sourceCriterion` ### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source. The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
@ -306,13 +306,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -323,6 +316,13 @@ http:
depth: 2 depth: 2
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
depth = 2
```
##### `ipStrategy.excludedIPs` ##### `ipStrategy.excludedIPs`
!!! important "Contrary to what the name might suggest, this option is _not_ about excluding an IP from the rate limiter, and therefore cannot be used to deactivate rate limiting for some IPs." !!! important "Contrary to what the name might suggest, this option is _not_ about excluding an IP from the rate limiter, and therefore cannot be used to deactivate rate limiting for some IPs."
@ -400,13 +400,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -419,6 +412,13 @@ http:
- "192.168.1.7" - "192.168.1.7"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `sourceCriterion.requestHeaderName` #### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests. Name of the header used to group incoming requests.
@ -454,13 +454,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -470,6 +463,13 @@ http:
requestHeaderName: username requestHeaderName: username
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
#### `sourceCriterion.requestHost` #### `sourceCriterion.requestHost`
Whether to consider the request host as the source. Whether to consider the request host as the source.
@ -505,13 +505,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -520,3 +513,10 @@ http:
sourceCriterion: sourceCriterion:
requestHost: true requestHost: true
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```

18
docs/content/middlewares/redirectregex.md
View file

@ -53,14 +53,6 @@ labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
``` ```
```toml tab="File (TOML)"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/${1}"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Redirect with domain replacement # Redirect with domain replacement
http: http:
@ -71,6 +63,14 @@ http:
replacement: "http://mydomain/${1}" replacement: "http://mydomain/${1}"
``` ```
```toml tab="File (TOML)"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/${1}"
```
## Configuration Options ## Configuration Options
!!! tip !!! tip
@ -84,7 +84,7 @@ Set the `permanent` option to `true` to apply a permanent redirection.
### `regex` ### `regex`
The `regex` option is the regular expression to match and capture elements from the request URL. The `regex` option is the regular expression to match and capture elements from the request URL.
### `replacement` ### `replacement`
The `replacement` option defines how to modify the URL to have the new target URL. The `replacement` option defines how to modify the URL to have the new target URL.

62
docs/content/middlewares/redirectscheme.md
View file

@ -51,14 +51,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
permanent = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Redirect to https # Redirect to https
http: http:
@ -69,6 +61,14 @@ http:
permanent: true permanent: true
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
permanent = true
```
## Configuration Options ## Configuration Options
### `permanent` ### `permanent`
@ -115,14 +115,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
permanent = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Redirect to https # Redirect to https
http: http:
@ -133,6 +125,14 @@ http:
permanent: true permanent: true
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
permanent = true
```
### `scheme` ### `scheme`
The `scheme` option defines the scheme of the new URL. The `scheme` option defines the scheme of the new URL.
@ -172,13 +172,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Redirect to https # Redirect to https
http: http:
@ -188,6 +181,13 @@ http:
scheme: https scheme: https
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```
### `port` ### `port`
The `port` option defines the port of the new URL. The `port` option defines the port of the new URL.
@ -232,14 +232,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443" - "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
port = 443
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Redirect to https # Redirect to https
http: http:
@ -250,4 +242,12 @@ http:
port: "443" port: "443"
``` ```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
port = 443
```
!!! info "Port in this configuration is a string, not a numeric value." !!! info "Port in this configuration is a string, not a numeric value."

14
docs/content/middlewares/replacepath.md
View file

@ -45,13 +45,6 @@ labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
``` ```
```toml tab="File (TOML)"
# Replace the path with /foo
[http.middlewares]
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Replace the path with /foo # Replace the path with /foo
http: http:
@ -61,6 +54,13 @@ http:
path: "/foo" path: "/foo"
``` ```
```toml tab="File (TOML)"
# Replace the path with /foo
[http.middlewares]
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
## Configuration Options ## Configuration Options
### General ### General

18
docs/content/middlewares/replacepathregex.md
View file

@ -50,14 +50,6 @@ labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
``` ```
```toml tab="File (TOML)"
# Replace path with regex
[http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex]
regex = "^/foo/(.*)"
replacement = "/bar/$1"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Replace path with regex # Replace path with regex
http: http:
@ -68,6 +60,14 @@ http:
replacement: "/bar/$1" replacement: "/bar/$1"
``` ```
```toml tab="File (TOML)"
# Replace path with regex
[http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex]
regex = "^/foo/(.*)"
replacement = "/bar/$1"
```
## Configuration Options ## Configuration Options
### General ### General
@ -84,7 +84,7 @@ The ReplacePathRegex middleware will:
### `regex` ### `regex`
The `regex` option is the regular expression to match and capture the path from the request URL. The `regex` option is the regular expression to match and capture the path from the request URL.
### `replacement` ### `replacement`
The `replacement` option defines the replacement path format, which can include captured variables. The `replacement` option defines the replacement path format, which can include captured variables.

16
docs/content/middlewares/retry.md
View file

@ -52,14 +52,6 @@ labels:
- "traefik.http.middlewares.test-retry.retry.initialinterval=100ms" - "traefik.http.middlewares.test-retry.retry.initialinterval=100ms"
``` ```
```toml tab="File (TOML)"
# Retry 4 times with exponential backoff
[http.middlewares]
[http.middlewares.test-retry.retry]
attempts = 4
initialInterval = "100ms"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Retry 4 times with exponential backoff # Retry 4 times with exponential backoff
http: http:
@ -70,6 +62,14 @@ http:
initialInterval: 100ms initialInterval: 100ms
``` ```
```toml tab="File (TOML)"
# Retry 4 times with exponential backoff
[http.middlewares]
[http.middlewares.test-retry.retry]
attempts = 4
initialInterval = "100ms"
```
## Configuration Options ## Configuration Options
### `attempts` ### `attempts`

28
docs/content/middlewares/stripprefix.md
View file

@ -47,13 +47,6 @@ labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
``` ```
```toml tab="File (TOML)"
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Strip prefix /foobar and /fiibar # Strip prefix /foobar and /fiibar
http: http:
@ -65,6 +58,13 @@ http:
- "/fiibar" - "/fiibar"
``` ```
```toml tab="File (TOML)"
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
## Configuration Options ## Configuration Options
### General ### General
@ -149,13 +149,6 @@ labels:
- "traefik.http.middlewares.example.stripprefix.forceSlash=false" - "traefik.http.middlewares.example.stripprefix.forceSlash=false"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -165,3 +158,10 @@ http:
- "/foobar" - "/foobar"
forceSlash: false forceSlash: false
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```

12
docs/content/middlewares/stripprefixregex.md
View file

@ -38,12 +38,6 @@ labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = ["/foo/[a-z0-9]+/[0-9]+/"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -53,6 +47,12 @@ http:
- "/foo/[a-z0-9]+/[0-9]+/" - "/foo/[a-z0-9]+/[0-9]+/"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = ["/foo/[a-z0-9]+/[0-9]+/"]
```
## Configuration Options ## Configuration Options
### General ### General

516
docs/content/migration/v1-to-v2.md
View file

@ -68,27 +68,27 @@ Then any router can refer to an instance of the wanted middleware.
[frontends.frontend1] [frontends.frontend1]
entryPoints = ["http"] entryPoints = ["http"]
backend = "backend1" backend = "backend1"
[frontends.frontend1.routes] [frontends.frontend1.routes]
[frontends.frontend1.routes.route0] [frontends.frontend1.routes.route0]
rule = "Host:test.localhost" rule = "Host:test.localhost"
[frontends.frontend1.routes.route0] [frontends.frontend1.routes.route0]
rule = "PathPrefix:/test" rule = "PathPrefix:/test"
[frontends.frontend1.auth] [frontends.frontend1.auth]
[frontends.frontend1.auth.basic] [frontends.frontend1.auth.basic]
users = [ users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
] ]
[backends] [backends]
[backends.backend1] [backends.backend1]
[backends.backend1.servers.server0] [backends.backend1.servers.server0]
url = "http://10.10.10.1:80" url = "http://10.10.10.1:80"
[backends.backend1.servers.server1] [backends.backend1.servers.server1]
url = "http://10.10.10.2:80" url = "http://10.10.10.2:80"
[backends.backend1.loadBalancer] [backends.backend1.loadBalancer]
method = "wrr" method = "wrr"
``` ```
@ -110,19 +110,19 @@ Then any router can refer to an instance of the wanted middleware.
metadata: metadata:
name: basicauth name: basicauth
namespace: foo namespace: foo
spec: spec:
basicAuth: basicAuth:
users: users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/ - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0 - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: ingressroutebar name: ingressroutebar
spec: spec:
entryPoints: entryPoints:
- http - http
@ -139,27 +139,6 @@ Then any router can refer to an instance of the wanted middleware.
namespace: foo namespace: foo
``` ```
```toml tab="File (TOML)"
[http.routers]
[http.routers.router0]
rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
middlewares = ["auth"]
service = "my-service"
[http.services]
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.1:80"
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.2:80"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
routers: routers:
@ -168,14 +147,14 @@ Then any router can refer to an instance of the wanted middleware.
service: my-service service: my-service
middlewares: middlewares:
- auth - auth
services: services:
my-service: my-service:
loadBalancer: loadBalancer:
servers: servers:
- url: http://10.10.10.1:80 - url: http://10.10.10.1:80
- url: http://10.10.10.2:80 - url: http://10.10.10.2:80
middlewares: middlewares:
auth: auth:
basicAuth: basicAuth:
@ -184,6 +163,27 @@ Then any router can refer to an instance of the wanted middleware.
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
[http.routers]
[http.routers.router0]
rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
middlewares = ["auth"]
service = "my-service"
[http.services]
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.1:80"
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.2:80"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
## TLS Configuration is Now Dynamic, per Router. ## TLS Configuration is Now Dynamic, per Router.
TLS parameters used to be specified in the static configuration, as an entryPoint field. TLS parameters used to be specified in the static configuration, as an entryPoint field.
@ -193,13 +193,13 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
!!! example "TLS on websecure entryPoint becomes TLS option on Router-1" !!! example "TLS on websecure entryPoint becomes TLS option on Router-1"
!!! info "v1" !!! info "v1"
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# static configuration # static configuration
[entryPoints] [entryPoints]
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.websecure.tls] [entryPoints.websecure.tls]
minVersion = "VersionTLS12" minVersion = "VersionTLS12"
cipherSuites = [ cipherSuites = [
@ -221,33 +221,6 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
!!! info "v2" !!! info "v2"
```toml tab="File (TOML)"
# dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`example.com`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
options = "myTLSOptions"
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[tls.options]
[tls.options.myTLSOptions]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
routers: routers:
@ -257,7 +230,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
# will terminate the TLS request # will terminate the TLS request
tls: tls:
options: myTLSOptions options: myTLSOptions
tls: tls:
certificates: certificates:
- certFile: /path/to/domain.cert - certFile: /path/to/domain.cert
@ -273,6 +246,33 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
``` ```
```toml tab="File (TOML)"
# dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`example.com`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
options = "myTLSOptions"
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[tls.options]
[tls.options.myTLSOptions]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
```
```yaml tab="K8s IngressRoute" ```yaml tab="K8s IngressRoute"
# The definitions below require the definitions for the TLSOption and IngressRoute kinds. # The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://doc.traefik.io/traefik/v2.3/reference/dynamic-configuration/kubernetes-crd/#definitions # https://doc.traefik.io/traefik/v2.3/reference/dynamic-configuration/kubernetes-crd/#definitions
@ -281,7 +281,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
metadata: metadata:
name: mytlsoption name: mytlsoption
namespace: default namespace: default
spec: spec:
minVersion: VersionTLS12 minVersion: VersionTLS12
cipherSuites: cipherSuites:
@ -290,13 +290,13 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: ingressroutebar name: ingressroutebar
spec: spec:
entryPoints: entryPoints:
- web - web
@ -322,7 +322,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
## HTTP to HTTPS Redirection is Now Configured on Routers ## HTTP to HTTPS Redirection is Now Configured on Routers
Previously on Traefik v1, the redirection was applied on an entry point or on a frontend. Previously on Traefik v1, the redirection was applied on an entry point or on a frontend.
With Traefik v2 it is applied on an entry point or a [Router](../routing/routers/index.md). With Traefik v2 it is applied on an entry point or a [Router](../routing/routers/index.md).
To apply a redirection: To apply a redirection:
@ -332,11 +332,11 @@ To apply a redirection:
!!! example "Global HTTP to HTTPS redirection" !!! example "Global HTTP to HTTPS redirection"
!!! info "v1" !!! info "v1"
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# static configuration # static configuration
defaultEntryPoints = ["web", "websecure"] defaultEntryPoints = ["web", "websecure"]
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
address = ":80" address = ":80"
@ -354,35 +354,11 @@ To apply a redirection:
``` ```
!!! info "v2" !!! info "v2"
```bash tab="CLI"
## static configuration
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--providers.docker=true
```
```toml tab="File (TOML)"
# traefik.toml
## static configuration
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# traefik.yaml # traefik.yml
## static configuration ## static configuration
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
@ -391,15 +367,39 @@ To apply a redirection:
entrypoint: entrypoint:
to: websecure to: websecure
scheme: https scheme: https
websecure: websecure:
address: ":443" address: ":443"
``` ```
```toml tab="File (TOML)"
# traefik.toml
## static configuration
[entryPoints.web]
address = ":80"
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```bash tab="CLI"
## static configuration
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--providers.docker=true
```
!!! example "HTTP to HTTPS redirection per domain" !!! example "HTTP to HTTPS redirection per domain"
!!! info "v1" !!! info "v1"
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
@ -408,9 +408,9 @@ To apply a redirection:
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.websecure.tls] [entryPoints.websecure.tls]
[file] [file]
[frontends] [frontends]
[frontends.frontend1] [frontends.frontend1]
entryPoints = ["web", "websecure"] entryPoints = ["web", "websecure"]
@ -428,11 +428,11 @@ To apply a redirection:
traefik.http.routers.app.rule: Host(`example.net`) traefik.http.routers.app.rule: Host(`example.net`)
traefik.http.routers.app.entrypoints: web traefik.http.routers.app.entrypoints: web
traefik.http.routers.app.middlewares: https_redirect traefik.http.routers.app.middlewares: https_redirect
traefik.http.routers.appsecured.rule: Host(`example.net`) traefik.http.routers.appsecured.rule: Host(`example.net`)
traefik.http.routers.appsecured.entrypoints: websecure traefik.http.routers.appsecured.entrypoints: websecure
traefik.http.routers.appsecured.tls: true traefik.http.routers.appsecured.tls: true
traefik.http.middlewares.https_redirect.redirectscheme.scheme: https traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
traefik.http.middlewares.https_redirect.redirectscheme.permanent: true traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
``` ```
@ -442,7 +442,7 @@ To apply a redirection:
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: http-redirect-ingressRoute name: http-redirect-ingressRoute
spec: spec:
entryPoints: entryPoints:
- web - web
@ -454,13 +454,13 @@ To apply a redirection:
port: 80 port: 80
middlewares: middlewares:
- name: https-redirect - name: https-redirect
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute kind: IngressRoute
metadata: metadata:
name: https-ingressRoute name: https-ingressRoute
spec: spec:
entryPoints: entryPoints:
- websecure - websecure
@ -471,7 +471,7 @@ To apply a redirection:
- name: whoami - name: whoami
port: 80 port: 80
tls: {} tls: {}
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
@ -483,33 +483,10 @@ To apply a redirection:
permanent: true permanent: true
``` ```
```toml tab="File (TOML)"
## dynamic configuration
# dynamic-conf.toml
[http.routers]
[http.routers.router0]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["web"]
middlewares = ["https_redirect"]
[http.routers.router1]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["websecure"]
[http.routers.router1.tls]
[http.middlewares]
[http.middlewares.https_redirect.redirectScheme]
scheme = "https"
permanent = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## dynamic configuration ## dynamic configuration
# dynamic-conf.yml # dynamic-conf.yml
http: http:
routers: routers:
router0: router0:
@ -519,14 +496,14 @@ To apply a redirection:
middlewares: middlewares:
- https_redirect - https_redirect
service: my-service service: my-service
router1: router1:
rule: "Host(`example.net`)" rule: "Host(`example.net`)"
entryPoints: entryPoints:
- websecure - websecure
service: my-service service: my-service
tls: {} tls: {}
middlewares: middlewares:
https-redirect: https-redirect:
redirectScheme: redirectScheme:
@ -534,6 +511,29 @@ To apply a redirection:
permanent: true permanent: true
``` ```
```toml tab="File (TOML)"
## dynamic configuration
# dynamic-conf.toml
[http.routers]
[http.routers.router0]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["web"]
middlewares = ["https_redirect"]
[http.routers.router1]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["websecure"]
[http.routers.router1.tls]
[http.middlewares]
[http.middlewares.https_redirect.redirectScheme]
scheme = "https"
permanent = true
```
## Strip and Rewrite Path Prefixes ## Strip and Rewrite Path Prefixes
With the new core notions of v2 (introduced earlier in the section With the new core notions of v2 (introduced earlier in the section
@ -619,23 +619,6 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
- /admin - /admin
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
# dynamic-conf.toml
[http.routers.router1]
rule = "Host(`example.org`) && PathPrefix(`/admin`)"
service = "admin-svc"
entrypoints = ["web"]
middlewares = ["admin-stripprefix"]
[http.middlewares]
[http.middlewares.admin-stripprefix.stripPrefix]
prefixes = ["/admin"]
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Dynamic Configuration ## Dynamic Configuration
# dynamic-conf.yml # dynamic-conf.yml
@ -652,12 +635,29 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
middlewares: middlewares:
admin-stripprefix: admin-stripprefix:
stripPrefix: stripPrefix:
prefixes: prefixes:
- "/admin" - "/admin"
# ... # ...
``` ```
```toml tab="File (TOML)"
## Dynamic configuration
# dynamic-conf.toml
[http.routers.router1]
rule = "Host(`example.org`) && PathPrefix(`/admin`)"
service = "admin-svc"
entrypoints = ["web"]
middlewares = ["admin-stripprefix"]
[http.middlewares]
[http.middlewares.admin-stripprefix.stripPrefix]
prefixes = ["/admin"]
# ...
```
??? question "What About Other Path Transformations?" ??? question "What About Other Path Transformations?"
Instead of removing the path prefix with the [`stripprefix` middleware](../../middlewares/stripprefix/), you can also: Instead of removing the path prefix with the [`stripprefix` middleware](../../middlewares/stripprefix/), you can also:
@ -674,11 +674,11 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
!!! example "ACME from provider to a specific Certificate Resolver" !!! example "ACME from provider to a specific Certificate Resolver"
!!! info "v1" !!! info "v1"
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# static configuration # static configuration
defaultEntryPoints = ["websecure","web"] defaultEntryPoints = ["websecure","web"]
[entryPoints.web] [entryPoints.web]
address = ":80" address = ":80"
[entryPoints.web.redirect] [entryPoints.web.redirect]
@ -686,7 +686,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.websecure.tls] [entryPoints.websecure.tls]
[acme] [acme]
email = "your-email-here@example.com" email = "your-email-here@example.com"
storage = "acme.json" storage = "acme.json"
@ -708,34 +708,17 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
!!! info "v2" !!! info "v2"
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "myresolver"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
websecure: websecure:
address: ":443" address: ":443"
http: http:
tls: tls:
certResolver: myresolver certResolver: myresolver
certificatesResolvers: certificatesResolvers:
myresolver: myresolver:
acme: acme:
@ -744,6 +727,23 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
tlsChallenge: {} tlsChallenge: {}
``` ```
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "myresolver"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.web.address=:80 --entrypoints.web.address=:80
--entrypoints.websecure.address=:443 --entrypoints.websecure.address=:443
@ -764,7 +764,7 @@ There is no more log configuration at the root level.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# static configuration # static configuration
logLevel = "DEBUG" logLevel = "DEBUG"
[traefikLog] [traefikLog]
filePath = "/path/to/traefik.log" filePath = "/path/to/traefik.log"
format = "json" format = "json"
@ -778,14 +778,6 @@ There is no more log configuration at the root level.
!!! info "v2" !!! info "v2"
```toml tab="File (TOML)"
# static configuration
[log]
level = "DEBUG"
filePath = "/path/to/log-file.log"
format = "json"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# static configuration # static configuration
log: log:
@ -794,6 +786,14 @@ There is no more log configuration at the root level.
format: json format: json
``` ```
```toml tab="File (TOML)"
# static configuration
[log]
level = "DEBUG"
filePath = "/path/to/log-file.log"
format = "json"
```
```bash tab="CLI" ```bash tab="CLI"
--log.level=DEBUG --log.level=DEBUG
--log.filePath=/path/to/traefik.log --log.filePath=/path/to/traefik.log
@ -838,17 +838,6 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is
!!! info "v2" !!! info "v2"
```toml tab="File (TOML)"
# static configuration
[tracing]
servicename = "tracing"
[tracing.jaeger]
samplingParam = 1.0
samplingServerURL = "http://12.0.0.1:5778/sampling"
samplingType = "const"
localAgentHostPort = "12.0.0.1:6831"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# static configuration # static configuration
tracing: tracing:
@ -860,6 +849,17 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is
localAgentHostPort: '12.0.0.1:6831' localAgentHostPort: '12.0.0.1:6831'
``` ```
```toml tab="File (TOML)"
# static configuration
[tracing]
servicename = "tracing"
[tracing.jaeger]
samplingParam = 1.0
samplingServerURL = "http://12.0.0.1:5778/sampling"
samplingType = "const"
localAgentHostPort = "12.0.0.1:6831"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.servicename=tracing --tracing.servicename=tracing
--tracing.jaeger.localagenthostport=12.0.0.1:6831 --tracing.jaeger.localagenthostport=12.0.0.1:6831
@ -891,13 +891,6 @@ For a basic configuration, the [metrics configuration](../observability/metrics/
!!! info "v2" !!! info "v2"
```toml tab="File (TOML)"
# static configuration
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
entryPoint = "metrics"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# static configuration # static configuration
metrics: metrics:
@ -910,6 +903,13 @@ For a basic configuration, the [metrics configuration](../observability/metrics/
entryPoint: metrics entryPoint: metrics
``` ```
```toml tab="File (TOML)"
# static configuration
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
entryPoint = "metrics"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.prometheus.buckets=[0.1,0.3,1.2,5.0] --metrics.prometheus.buckets=[0.1,0.3,1.2,5.0]
--metrics.prometheus.entrypoint=metrics --metrics.prometheus.entrypoint=metrics
@ -955,43 +955,43 @@ Each root item has been moved to a related section or removed.
!!! info "v2" !!! info "v2"
```toml tab="File (TOML)"
# static configuration
[global]
checkNewVersion = true
sendAnonymousUsage = true
[log]
level = "DEBUG"
[serversTransport]
insecureSkipVerify = true
rootCAs = [ "/mycert.cert" ]
maxIdleConnsPerHost = 42
[providers]
providersThrottleDuration = 42
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# static configuration # static configuration
global: global:
checkNewVersion: true checkNewVersion: true
sendAnonymousUsage: true sendAnonymousUsage: true
log: log:
level: DEBUG level: DEBUG
serversTransport: serversTransport:
insecureSkipVerify: true insecureSkipVerify: true
rootCAs: rootCAs:
- /mycert.cert - /mycert.cert
maxIdleConnsPerHost: 42 maxIdleConnsPerHost: 42
providers: providers:
providersThrottleDuration: 42 providersThrottleDuration: 42
``` ```
```toml tab="File (TOML)"
# static configuration
[global]
checkNewVersion = true
sendAnonymousUsage = true
[log]
level = "DEBUG"
[serversTransport]
insecureSkipVerify = true
rootCAs = [ "/mycert.cert" ]
maxIdleConnsPerHost = 42
[providers]
providersThrottleDuration = 42
```
```bash tab="CLI" ```bash tab="CLI"
--global.checknewversion=true --global.checknewversion=true
--global.sendanonymoususage=true --global.sendanonymoususage=true
@ -1018,7 +1018,7 @@ To activate the dashboard, you can either:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
## static configuration ## static configuration
# traefik.toml # traefik.toml
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
[entryPoints.websecure.tls] [entryPoints.websecure.tls]
@ -1027,7 +1027,7 @@ To activate the dashboard, you can either:
users = [ users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
] ]
[api] [api]
entryPoint = "websecure" entryPoint = "websecure"
``` ```
@ -1050,55 +1050,25 @@ To activate the dashboard, you can either:
- "traefik.http.middlewares.myAuth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.myAuth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
``` ```
```toml tab="File (TOML)"
## static configuration
# traefik.toml
[entryPoints.websecure]
address = ":443"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
##---------------------##
## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.toml
[http.routers.api]
rule = "Host(`traefik.docker.localhost`)"
entrypoints = ["websecure"]
service = "api@internal"
middlewares = ["myAuth"]
[http.routers.api.tls]
[http.middlewares.myAuth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## static configuration ## static configuration
# traefik.yaml # traefik.yml
entryPoints: entryPoints:
websecure: websecure:
address: ':443' address: ':443'
api: {} api: {}
providers: providers:
file: file:
directory: /path/to/dynamic/config directory: /path/to/dynamic/config
##---------------------## ##---------------------##
## dynamic configuration ## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.yaml # /path/to/dynamic/config/dynamic-conf.yml
http: http:
routers: routers:
api: api:
@ -1109,7 +1079,7 @@ To activate the dashboard, you can either:
middlewares: middlewares:
- myAuth - myAuth
tls: {} tls: {}
middlewares: middlewares:
myAuth: myAuth:
basicAuth: basicAuth:
@ -1117,6 +1087,36 @@ To activate the dashboard, you can either:
- 'test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/' - 'test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'
``` ```
```toml tab="File (TOML)"
## static configuration
# traefik.toml
[entryPoints.websecure]
address = ":443"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
##---------------------##
## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.toml
[http.routers.api]
rule = "Host(`traefik.docker.localhost`)"
entrypoints = ["websecure"]
service = "api@internal"
middlewares = ["myAuth"]
[http.routers.api.tls]
[http.middlewares.myAuth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
]
```
## Providers ## Providers
Supported [providers](../providers/overview.md), for now: Supported [providers](../providers/overview.md), for now:

106
docs/content/observability/access-logs.md
View file

@ -5,18 +5,18 @@ Who Calls Whom?
By default, logs are written to stdout, in text format. By default, logs are written to stdout, in text format.
## Configuration ## Configuration
To enable the access logs: To enable the access logs:
```toml tab="File (TOML)"
[accessLog]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
accessLog: {} accessLog: {}
``` ```
```toml tab="File (TOML)"
[accessLog]
```
```bash tab="CLI" ```bash tab="CLI"
--accesslog=true --accesslog=true
``` ```
@ -26,28 +26,28 @@ accessLog: {}
By default access logs are written to the standard output. By default access logs are written to the standard output.
To write the logs into a log file, use the `filePath` option. To write the logs into a log file, use the `filePath` option.
```toml tab="File (TOML)"
[accessLog]
filePath = "/path/to/access.log"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
accessLog: accessLog:
filePath: "/path/to/access.log" filePath: "/path/to/access.log"
``` ```
```toml tab="File (TOML)"
[accessLog]
filePath = "/path/to/access.log"
```
```bash tab="CLI" ```bash tab="CLI"
--accesslog.filepath=/path/to/access.log --accesslog.filepath=/path/to/access.log
``` ```
### `format` ### `format`
By default, logs are written using the Common Log Format (CLF). By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option. To write logs in JSON, use `json` in the `format` option.
If the given format is unsupported, the default (CLF) is used instead. If the given format is unsupported, the default (CLF) is used instead.
!!! info "Common Log Format" !!! info "Common Log Format"
```html ```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms <remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
``` ```
@ -58,13 +58,6 @@ To write the logs in an asynchronous fashion, specify a `bufferingSize` option.
This option represents the number of log lines Traefik will keep in memory before writing them to the selected output. This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.
In some cases, this option can greatly help performances. In some cases, this option can greatly help performances.
```toml tab="File (TOML)"
# Configuring a buffer of 100 lines
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Configuring a buffer of 100 lines # Configuring a buffer of 100 lines
accessLog: accessLog:
@ -72,6 +65,13 @@ accessLog:
bufferingSize: 100 bufferingSize: 100
``` ```
```toml tab="File (TOML)"
# Configuring a buffer of 100 lines
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```bash tab="CLI" ```bash tab="CLI"
# Configuring a buffer of 100 lines # Configuring a buffer of 100 lines
--accesslog.filepath=/path/to/access.log --accesslog.filepath=/path/to/access.log
@ -80,40 +80,40 @@ accessLog:
### Filtering ### Filtering
To filter logs, you can specify a set of filters which are logically "OR-connected". To filter logs, you can specify a set of filters which are logically "OR-connected".
Thus, specifying multiple filters will keep more access logs than specifying only one. Thus, specifying multiple filters will keep more access logs than specifying only one.
The available filters are: The available filters are:
- `statusCodes`, to limit the access logs to requests with a status codes in the specified range - `statusCodes`, to limit the access logs to requests with a status codes in the specified range
- `retryAttempts`, to keep the access logs when at least one retry has happened - `retryAttempts`, to keep the access logs when at least one retry has happened
- `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)) - `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration))
```yaml tab="File (YAML)"
# Configuring Multiple Filters
accessLog:
filePath: "/path/to/access.log"
format: json
filters:
statusCodes:
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"
```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Configuring Multiple Filters # Configuring Multiple Filters
[accessLog] [accessLog]
filePath = "/path/to/access.log" filePath = "/path/to/access.log"
format = "json" format = "json"
[accessLog.filters] [accessLog.filters]
statusCodes = ["200", "300-302"] statusCodes = ["200", "300-302"]
retryAttempts = true retryAttempts = true
minDuration = "10ms" minDuration = "10ms"
``` ```
```yaml tab="File (YAML)"
# Configuring Multiple Filters
accessLog:
filePath: "/path/to/access.log"
format: json
filters:
statusCodes:
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"
```
```bash tab="CLI" ```bash tab="CLI"
# Configuring Multiple Filters # Configuring Multiple Filters
--accesslog.filepath=/path/to/access.log --accesslog.filepath=/path/to/access.log
@ -135,27 +135,9 @@ Each field can be set to:
The `defaultMode` for `fields.headers` is `drop`. The `defaultMode` for `fields.headers` is `drop`.
```toml tab="File (TOML)"
# Limiting the Logs to Specific Fields
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.fields] [accessLog.fields]
defaultMode = "keep" defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Limiting the Logs to Specific Fields # Limiting the Logs to Specific Fields
accessLog: accessLog:
@ -173,6 +155,24 @@ accessLog:
Content-Type: keep Content-Type: keep
``` ```
```toml tab="File (TOML)"
# Limiting the Logs to Specific Fields
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
```bash tab="CLI" ```bash tab="CLI"
# Limiting the Logs to Specific Fields # Limiting the Logs to Specific Fields
--accesslog.filepath=/path/to/access.log --accesslog.filepath=/path/to/access.log

40
docs/content/observability/logs.md
View file

@ -16,18 +16,18 @@ Traefik logs concern everything that happens to Traefik itself (startup, configu
By default, the logs are written to the standard output. By default, the logs are written to the standard output.
You can configure a file path instead using the `filePath` option. You can configure a file path instead using the `filePath` option.
```toml tab="File (TOML)"
# Writing Logs to a File
[log]
filePath = "/path/to/traefik.log"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Writing Logs to a File # Writing Logs to a File
log: log:
filePath: "/path/to/traefik.log" filePath: "/path/to/traefik.log"
``` ```
```toml tab="File (TOML)"
# Writing Logs to a File
[log]
filePath = "/path/to/traefik.log"
```
```bash tab="CLI" ```bash tab="CLI"
# Writing Logs to a File # Writing Logs to a File
--log.filePath=/path/to/traefik.log --log.filePath=/path/to/traefik.log
@ -35,14 +35,7 @@ log:
#### `format` #### `format`
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option. By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
```toml tab="File (TOML)"
# Writing Logs to a File, in JSON
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Writing Logs to a File, in JSON # Writing Logs to a File, in JSON
@ -51,6 +44,13 @@ log:
format: json format: json
``` ```
```toml tab="File (TOML)"
# Writing Logs to a File, in JSON
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
```bash tab="CLI" ```bash tab="CLI"
# Writing Logs to a File, in JSON # Writing Logs to a File, in JSON
--log.filePath=/path/to/traefik.log --log.filePath=/path/to/traefik.log
@ -59,18 +59,18 @@ log:
#### `level` #### `level`
By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`. By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
```toml tab="File (TOML)"
[log]
level = "DEBUG"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
log: log:
level: DEBUG level: DEBUG
``` ```
```toml tab="File (TOML)"
[log]
level = "DEBUG"
```
```bash tab="CLI" ```bash tab="CLI"
--log.level=DEBUG --log.level=DEBUG
``` ```

58
docs/content/observability/metrics/datadog.md
View file

@ -2,16 +2,16 @@
To enable the Datadog: To enable the Datadog:
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
datadog: {} datadog: {}
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.datadog=true --metrics.datadog=true
``` ```
@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8125"_
Address instructs exporter to send metrics to datadog-agent at this address. Address instructs exporter to send metrics to datadog-agent at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
address = "127.0.0.1:8125"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
datadog: datadog:
address: 127.0.0.1:8125 address: 127.0.0.1:8125
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
address = "127.0.0.1:8125"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.datadog.address=127.0.0.1:8125 --metrics.datadog.address=127.0.0.1:8125
``` ```
@ -44,18 +44,18 @@ _Optional, Default=true_
Enable metrics on entry points. Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
datadog: datadog:
addEntryPointsLabels: true addEntryPointsLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addEntryPointsLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.datadog.addEntryPointsLabels=true --metrics.datadog.addEntryPointsLabels=true
``` ```
@ -66,18 +66,18 @@ _Optional, Default=true_
Enable metrics on services. Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addServicesLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
datadog: datadog:
addServicesLabels: true addServicesLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addServicesLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.datadog.addServicesLabels=true --metrics.datadog.addServicesLabels=true
``` ```
@ -88,18 +88,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to datadog-agent. The interval used by the exporter to push metrics to datadog-agent.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
pushInterval = 10s
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
datadog: datadog:
pushInterval: 10s pushInterval: 10s
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
pushInterval = 10s
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.datadog.pushInterval=10s --metrics.datadog.pushInterval=10s
``` ```

118
docs/content/observability/metrics/influxdb.md
View file

@ -2,16 +2,16 @@
To enable the InfluxDB: To enable the InfluxDB:
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: {} influxDB: {}
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb=true --metrics.influxdb=true
``` ```
@ -22,18 +22,18 @@ _Required, Default="localhost:8089"_
Address instructs exporter to send metrics to influxdb at this address. Address instructs exporter to send metrics to influxdb at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
address = "localhost:8089"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
address: localhost:8089 address: localhost:8089
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
address = "localhost:8089"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.address=localhost:8089 --metrics.influxdb.address=localhost:8089
``` ```
@ -44,18 +44,18 @@ _Required, Default="udp"_
InfluxDB's address protocol (udp or http). InfluxDB's address protocol (udp or http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
protocol = "udp"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
protocol: udp protocol: udp
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
protocol = "udp"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.protocol=udp --metrics.influxdb.protocol=udp
``` ```
@ -66,18 +66,18 @@ _Optional, Default=""_
InfluxDB database used when protocol is http. InfluxDB database used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
database = "db"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
database: "db" database: "db"
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
database = "db"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.database=db --metrics.influxdb.database=db
``` ```
@ -88,18 +88,18 @@ _Optional, Default=""_
InfluxDB retention policy used when protocol is http. InfluxDB retention policy used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
retentionPolicy = "two_hours"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
retentionPolicy: "two_hours" retentionPolicy: "two_hours"
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
retentionPolicy = "two_hours"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.retentionPolicy=two_hours --metrics.influxdb.retentionPolicy=two_hours
``` ```
@ -110,18 +110,18 @@ _Optional, Default=""_
InfluxDB username (only with http). InfluxDB username (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
username = "john"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
username: "john" username: "john"
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
username = "john"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.username=john --metrics.influxdb.username=john
``` ```
@ -132,18 +132,18 @@ _Optional, Default=""_
InfluxDB password (only with http). InfluxDB password (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
password = "secret"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
password: "secret" password: "secret"
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
password = "secret"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.password=secret --metrics.influxdb.password=secret
``` ```
@ -154,18 +154,18 @@ _Optional, Default=true_
Enable metrics on entry points. Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
addEntryPointsLabels: true addEntryPointsLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addEntryPointsLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.addEntryPointsLabels=true --metrics.influxdb.addEntryPointsLabels=true
``` ```
@ -176,18 +176,18 @@ _Optional, Default=true_
Enable metrics on services. Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addServicesLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
addServicesLabels: true addServicesLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addServicesLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.addServicesLabels=true --metrics.influxdb.addServicesLabels=true
``` ```
@ -198,18 +198,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to influxdb. The interval used by the exporter to push metrics to influxdb.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
pushInterval = 10s
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
influxDB: influxDB:
pushInterval: 10s pushInterval: 10s
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
pushInterval = 10s
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.influxdb.pushInterval=10s --metrics.influxdb.pushInterval=10s
``` ```

8
docs/content/observability/metrics/overview.md
View file

@ -11,14 +11,14 @@ Traefik supports 4 metrics backends:
To enable metrics: To enable metrics:
```toml tab="File (TOML)"
[metrics]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: {} metrics: {}
``` ```
```toml tab="File (TOML)"
[metrics]
```
```bash tab="CLI" ```bash tab="CLI"
--metrics=true --metrics=true
``` ```

78
docs/content/observability/metrics/prometheus.md
View file

@ -2,16 +2,16 @@
To enable the Prometheus: To enable the Prometheus:
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
prometheus: {} prometheus: {}
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.prometheus=true --metrics.prometheus=true
``` ```
@ -22,12 +22,6 @@ _Optional, Default="0.100000, 0.300000, 1.200000, 5.000000"_
Buckets for latency metrics. Buckets for latency metrics.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
prometheus: prometheus:
@ -38,6 +32,12 @@ metrics:
- 5.0 - 5.0
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000 --metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000
``` ```
@ -48,18 +48,18 @@ _Optional, Default=true_
Enable metrics on entry points. Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
prometheus: prometheus:
addEntryPointsLabels: true addEntryPointsLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addEntryPointsLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.prometheus.addEntryPointsLabels=true --metrics.prometheus.addEntryPointsLabels=true
``` ```
@ -70,18 +70,18 @@ _Optional, Default=true_
Enable metrics on services. Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addServicesLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
prometheus: prometheus:
addServicesLabels: true addServicesLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addServicesLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.prometheus.addServicesLabels=true --metrics.prometheus.addServicesLabels=true
``` ```
@ -92,16 +92,6 @@ _Optional, Default=traefik_
Entry point used to expose metrics. Entry point used to expose metrics.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.metrics]
address = ":8082"
[metrics]
[metrics.prometheus]
entryPoint = "metrics"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
metrics: metrics:
@ -112,6 +102,16 @@ metrics:
entryPoint: metrics entryPoint: metrics
``` ```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.metrics]
address = ":8082"
[metrics]
[metrics.prometheus]
entryPoint = "metrics"
```
```bash tab="CLI" ```bash tab="CLI"
--entryPoints.metrics.address=:8082 --entryPoints.metrics.address=:8082
--metrics.prometheus.entryPoint=metrics --metrics.prometheus.entryPoint=metrics
@ -123,18 +123,18 @@ _Optional, Default=false_
If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `prometheus@internal` service. If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `prometheus@internal` service.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
manualRouting = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
prometheus: prometheus:
manualRouting: true manualRouting: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
manualRouting = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.prometheus.manualrouting=true --metrics.prometheus.manualrouting=true
``` ```

72
docs/content/observability/metrics/statsd.md
View file

@ -2,16 +2,16 @@
To enable the Statsd: To enable the Statsd:
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
statsD: {} statsD: {}
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.statsd=true --metrics.statsd=true
``` ```
@ -22,18 +22,18 @@ _Required, Default="localhost:8125"_
Address instructs exporter to send metrics to statsd at this address. Address instructs exporter to send metrics to statsd at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
address = "localhost:8125"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
statsD: statsD:
address: localhost:8125 address: localhost:8125
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
address = "localhost:8125"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.statsd.address=localhost:8125 --metrics.statsd.address=localhost:8125
``` ```
@ -44,18 +44,18 @@ _Optional, Default=true_
Enable metrics on entry points. Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
statsD: statsD:
addEntryPointsLabels: true addEntryPointsLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addEntryPointsLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.statsd.addEntryPointsLabels=true --metrics.statsd.addEntryPointsLabels=true
``` ```
@ -66,18 +66,18 @@ _Optional, Default=true_
Enable metrics on services. Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addServicesLabels = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
statsD: statsD:
addServicesLabels: true addServicesLabels: true
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addServicesLabels = true
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.statsd.addServicesLabels=true --metrics.statsd.addServicesLabels=true
``` ```
@ -88,18 +88,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to statsD. The interval used by the exporter to push metrics to statsD.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
pushInterval = 10s
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
statsD: statsD:
pushInterval: 10s pushInterval: 10s
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
pushInterval = 10s
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.statsd.pushInterval=10s --metrics.statsd.pushInterval=10s
``` ```
@ -110,18 +110,18 @@ _Optional, Default="traefik"_
The prefix to use for metrics collection. The prefix to use for metrics collection.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
prefix = "traefik"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
metrics: metrics:
statsD: statsD:
prefix: traefik prefix: traefik
``` ```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
prefix = "traefik"
```
```bash tab="CLI" ```bash tab="CLI"
--metrics.statsd.prefix="traefik" --metrics.statsd.prefix="traefik"
``` ```

58
docs/content/observability/tracing/datadog.md
View file

@ -2,16 +2,16 @@
To enable the Datadog: To enable the Datadog:
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
datadog: {} datadog: {}
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.datadog=true --tracing.datadog=true
``` ```
@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8126"_
Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address. Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
localAgentHostPort = "127.0.0.1:8126"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
datadog: datadog:
localAgentHostPort: 127.0.0.1:8126 localAgentHostPort: 127.0.0.1:8126
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
localAgentHostPort = "127.0.0.1:8126"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.datadog.localAgentHostPort=127.0.0.1:8126 --tracing.datadog.localAgentHostPort=127.0.0.1:8126
``` ```
@ -44,18 +44,18 @@ _Optional, Default=false_
Enable Datadog debug. Enable Datadog debug.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
debug = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
datadog: datadog:
debug: true debug: true
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
debug = true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.datadog.debug=true --tracing.datadog.debug=true
``` ```
@ -66,18 +66,18 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces. Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
datadog: datadog:
globalTag: sample globalTag: sample
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.datadog.globalTag=sample --tracing.datadog.globalTag=sample
``` ```
@ -89,18 +89,18 @@ _Optional, Default=false_
Enable priority sampling. When using distributed tracing, Enable priority sampling. When using distributed tracing,
this option must be enabled in order to get all the parts of a distributed trace sampled. this option must be enabled in order to get all the parts of a distributed trace sampled.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
prioritySampling = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
datadog: datadog:
prioritySampling: true prioritySampling: true
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
prioritySampling = true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.datadog.prioritySampling=true --tracing.datadog.prioritySampling=true
``` ```

46
docs/content/observability/tracing/elastic.md
View file

@ -2,16 +2,16 @@
To enable the Elastic: To enable the Elastic:
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
elastic: {} elastic: {}
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.elastic=true --tracing.elastic=true
``` ```
@ -22,18 +22,18 @@ _Optional, Default="http://localhost:8200"_
APM ServerURL is the URL of the Elastic APM server. APM ServerURL is the URL of the Elastic APM server.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serverURL = "http://apm:8200"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
elastic: elastic:
serverURL: "http://apm:8200" serverURL: "http://apm:8200"
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serverURL = "http://apm:8200"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.elastic.serverurl="http://apm:8200" --tracing.elastic.serverurl="http://apm:8200"
``` ```
@ -44,18 +44,18 @@ _Optional, Default=""_
APM Secret Token is the token used to connect to Elastic APM Server. APM Secret Token is the token used to connect to Elastic APM Server.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
secretToken = "mytoken"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
elastic: elastic:
secretToken: "mytoken" secretToken: "mytoken"
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
secretToken = "mytoken"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.elastic.secrettoken="mytoken" --tracing.elastic.secrettoken="mytoken"
``` ```
@ -66,18 +66,18 @@ _Optional, Default=""_
APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`. APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serviceEnvironment = "production"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
elastic: elastic:
serviceEnvironment: "production" serviceEnvironment: "production"
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serviceEnvironment = "production"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.elastic.serviceenvironment="production" --tracing.elastic.serviceenvironment="production"
``` ```

94
docs/content/observability/tracing/haystack.md
View file

@ -2,16 +2,16 @@
To enable the Haystack: To enable the Haystack:
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: {} haystack: {}
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack=true --tracing.haystack=true
``` ```
@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to haystack-agent at this address. Local Agent Host instructs reporter to send spans to haystack-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentHost = "127.0.0.1"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: haystack:
localAgentHost: 127.0.0.1 localAgentHost: 127.0.0.1
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack.localAgentHost=127.0.0.1 --tracing.haystack.localAgentHost=127.0.0.1
``` ```
@ -44,18 +44,18 @@ _Require, Default=35000_
Local Agent port instructs reporter to send spans to the haystack-agent at this port. Local Agent port instructs reporter to send spans to the haystack-agent at this port.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentPort = 35000
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: haystack:
localAgentPort: 35000 localAgentPort: 35000
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentPort = 35000
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack.localAgentPort=35000 --tracing.haystack.localAgentPort=35000
``` ```
@ -66,18 +66,18 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces. Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
globalTag = "sample:test"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: haystack:
globalTag: sample:test globalTag: sample:test
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
globalTag = "sample:test"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack.globalTag=sample:test --tracing.haystack.globalTag=sample:test
``` ```
@ -88,18 +88,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the trace ID. Specifies the header name that will be used to store the trace ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
traceIDHeaderName = "Trace-ID"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: haystack:
traceIDHeaderName: Trace-ID traceIDHeaderName: Trace-ID
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
traceIDHeaderName = "Trace-ID"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack.traceIDHeaderName=Trace-ID --tracing.haystack.traceIDHeaderName=Trace-ID
``` ```
@ -110,18 +110,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the parent ID. Specifies the header name that will be used to store the parent ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
parentIDHeaderName = "Parent-Message-ID"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: haystack:
parentIDHeaderName: Parent-Message-ID parentIDHeaderName: Parent-Message-ID
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
parentIDHeaderName = "Parent-Message-ID"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack.parentIDHeaderName=Parent-Message-ID --tracing.haystack.parentIDHeaderName=Parent-Message-ID
``` ```
@ -132,18 +132,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the span ID. Specifies the header name that will be used to store the span ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
spanIDHeaderName = "Message-ID"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: haystack:
spanIDHeaderName: Message-ID spanIDHeaderName: Message-ID
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
spanIDHeaderName = "Message-ID"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack.spanIDHeaderName=Message-ID --tracing.haystack.spanIDHeaderName=Message-ID
``` ```
@ -154,18 +154,18 @@ _Optional, Default=empty_
Specifies the header name prefix that will be used to store baggage items in a map. Specifies the header name prefix that will be used to store baggage items in a map.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
baggagePrefixHeaderName = "sample"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
haystack: haystack:
baggagePrefixHeaderName: "sample" baggagePrefixHeaderName: "sample"
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
baggagePrefixHeaderName = "sample"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.haystack.baggagePrefixHeaderName=sample --tracing.haystack.baggagePrefixHeaderName=sample

46
docs/content/observability/tracing/instana.md
View file

@ -2,16 +2,16 @@
To enable the Instana: To enable the Instana:
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
instana: {} instana: {}
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.instana=true --tracing.instana=true
``` ```
@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to instana-agent at this address. Local Agent Host instructs reporter to send spans to instana-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentHost = "127.0.0.1"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
instana: instana:
localAgentHost: 127.0.0.1 localAgentHost: 127.0.0.1
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.instana.localAgentHost=127.0.0.1 --tracing.instana.localAgentHost=127.0.0.1
``` ```
@ -44,18 +44,18 @@ _Require, Default=42699_
Local Agent port instructs reporter to send spans to the instana-agent at this port. Local Agent port instructs reporter to send spans to the instana-agent at this port.
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentPort = 42699
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
instana: instana:
localAgentPort: 42699 localAgentPort: 42699
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentPort = 42699
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.instana.localAgentPort=42699 --tracing.instana.localAgentPort=42699
``` ```
@ -73,18 +73,18 @@ Valid values for logLevel field are:
- `debug` - `debug`
- `info` - `info`
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
logLevel = "info"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
instana: instana:
logLevel: info logLevel: info
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
logLevel = "info"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.instana.logLevel=info --tracing.instana.logLevel=info
``` ```

142
docs/content/observability/tracing/jaeger.md
View file

@ -2,16 +2,16 @@
To enable the Jaeger: To enable the Jaeger:
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: {} jaeger: {}
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger=true --tracing.jaeger=true
``` ```
@ -26,18 +26,18 @@ _Required, Default="http://localhost:5778/sampling"_
Sampling Server URL is the address of jaeger-agent's HTTP sampling server. Sampling Server URL is the address of jaeger-agent's HTTP sampling server.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
samplingServerURL: http://localhost:5778/sampling samplingServerURL: http://localhost:5778/sampling
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.samplingServerURL=http://localhost:5778/sampling --tracing.jaeger.samplingServerURL=http://localhost:5778/sampling
``` ```
@ -48,18 +48,18 @@ _Required, Default="const"_
Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`. Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingType = "const"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
samplingType: const samplingType: const
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingType = "const"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.samplingType=const --tracing.jaeger.samplingType=const
``` ```
@ -76,18 +76,18 @@ Valid values for Param field are:
- for `probabilistic` sampler, a probability between 0 and 1 - for `probabilistic` sampler, a probability between 0 and 1
- for `rateLimiting` sampler, the number of spans per second - for `rateLimiting` sampler, the number of spans per second
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingParam = 1.0
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
samplingParam: 1.0 samplingParam: 1.0
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingParam = 1.0
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.samplingParam=1.0 --tracing.jaeger.samplingParam=1.0
``` ```
@ -98,18 +98,18 @@ _Required, Default="127.0.0.1:6831"_
Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address. Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
localAgentHostPort: 127.0.0.1:6831 localAgentHostPort: 127.0.0.1:6831
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.localAgentHostPort=127.0.0.1:6831 --tracing.jaeger.localAgentHostPort=127.0.0.1:6831
``` ```
@ -120,18 +120,18 @@ _Optional, Default=false_
Generate 128-bit trace IDs, compatible with OpenCensus. Generate 128-bit trace IDs, compatible with OpenCensus.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
gen128Bit = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
gen128Bit: true gen128Bit: true
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
gen128Bit = true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.gen128Bit --tracing.jaeger.gen128Bit
``` ```
@ -146,18 +146,18 @@ This can be either:
- `jaeger`, jaeger's default trace header. - `jaeger`, jaeger's default trace header.
- `b3`, compatible with OpenZipkin - `b3`, compatible with OpenZipkin
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
propagation = "jaeger"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
propagation: jaeger propagation: jaeger
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
propagation = "jaeger"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.propagation=jaeger --tracing.jaeger.propagation=jaeger
``` ```
@ -169,18 +169,18 @@ _Required, Default="uber-trace-id"_
Trace Context Header Name is the http header name used to propagate tracing context. Trace Context Header Name is the http header name used to propagate tracing context.
This must be in lower-case to avoid mismatches when decoding incoming headers. This must be in lower-case to avoid mismatches when decoding incoming headers.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
traceContextHeaderName = "uber-trace-id"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
traceContextHeaderName: uber-trace-id traceContextHeaderName: uber-trace-id
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
traceContextHeaderName = "uber-trace-id"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.traceContextHeaderName=uber-trace-id --tracing.jaeger.traceContextHeaderName=uber-trace-id
``` ```
@ -192,18 +192,18 @@ _Optional, Default=true_
Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change. Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments. Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
disableAttemptReconnecting = false
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
disableAttemptReconnecting: false disableAttemptReconnecting: false
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
disableAttemptReconnecting = false
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.disableAttemptReconnecting=false --tracing.jaeger.disableAttemptReconnecting=false
``` ```
@ -215,12 +215,6 @@ _Optional, Default=""_
Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL. Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
@ -228,6 +222,12 @@ tracing:
endpoint: http://127.0.0.1:14268/api/traces?format=jaeger.thrift endpoint: http://127.0.0.1:14268/api/traces?format=jaeger.thrift
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.collector.endpoint=http://127.0.0.1:14268/api/traces?format=jaeger.thrift --tracing.jaeger.collector.endpoint=http://127.0.0.1:14268/api/traces?format=jaeger.thrift
``` ```
@ -238,12 +238,6 @@ _Optional, Default=""_
User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector. User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
user = "my-user"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
@ -251,6 +245,12 @@ tracing:
user: my-user user: my-user
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
user = "my-user"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.collector.user=my-user --tracing.jaeger.collector.user=my-user
``` ```
@ -261,12 +261,6 @@ _Optional, Default=""_
Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector. Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
password = "my-password"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
jaeger: jaeger:
@ -274,6 +268,12 @@ tracing:
password: my-password password: my-password
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
password = "my-password"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.jaeger.collector.password=my-password --tracing.jaeger.collector.password=my-password
``` ```

28
docs/content/observability/tracing/overview.md
View file

@ -22,14 +22,14 @@ By default, Traefik uses Jaeger as tracing backend.
To enable the tracing: To enable the tracing:
```toml tab="File (TOML)"
[tracing]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: {} tracing: {}
``` ```
```toml tab="File (TOML)"
[tracing]
```
```bash tab="CLI" ```bash tab="CLI"
--tracing=true --tracing=true
``` ```
@ -42,16 +42,16 @@ _Required, Default="traefik"_
Service name used in selected backend. Service name used in selected backend.
```toml tab="File (TOML)"
[tracing]
serviceName = "traefik"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
serviceName: traefik serviceName: traefik
``` ```
```toml tab="File (TOML)"
[tracing]
serviceName = "traefik"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.serviceName=traefik --tracing.serviceName=traefik
``` ```
@ -65,16 +65,16 @@ This can prevent certain tracing providers to drop traces that exceed their leng
`0` means no truncation will occur. `0` means no truncation will occur.
```toml tab="File (TOML)"
[tracing]
spanNameLimit = 150
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
spanNameLimit: 150 spanNameLimit: 150
``` ```
```toml tab="File (TOML)"
[tracing]
spanNameLimit = 150
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.spanNameLimit=150 --tracing.spanNameLimit=150
``` ```

58
docs/content/observability/tracing/zipkin.md
View file

@ -2,16 +2,16 @@
To enable the Zipkin: To enable the Zipkin:
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
zipkin: {} zipkin: {}
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.zipkin=true --tracing.zipkin=true
``` ```
@ -22,18 +22,18 @@ _Required, Default="http://localhost:9411/api/v2/spans"_
Zipkin HTTP endpoint used to send data. Zipkin HTTP endpoint used to send data.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v2/spans"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
zipkin: zipkin:
httpEndpoint: http://localhost:9411/api/v2/spans httpEndpoint: http://localhost:9411/api/v2/spans
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v2/spans"
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.zipkin.httpEndpoint=http://localhost:9411/api/v2/spans --tracing.zipkin.httpEndpoint=http://localhost:9411/api/v2/spans
``` ```
@ -44,18 +44,18 @@ _Optional, Default=false_
Use Zipkin SameSpan RPC style traces. Use Zipkin SameSpan RPC style traces.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sameSpan = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
zipkin: zipkin:
sameSpan: true sameSpan: true
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sameSpan = true
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.zipkin.sameSpan=true --tracing.zipkin.sameSpan=true
``` ```
@ -66,18 +66,18 @@ _Optional, Default=true_
Use Zipkin 128 bit trace IDs. Use Zipkin 128 bit trace IDs.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
id128Bit = false
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
zipkin: zipkin:
id128Bit: false id128Bit: false
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
id128Bit = false
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.zipkin.id128Bit=false --tracing.zipkin.id128Bit=false
``` ```
@ -88,18 +88,18 @@ _Required, Default=1.0_
The rate between 0.0 and 1.0 of requests to trace. The rate between 0.0 and 1.0 of requests to trace.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sampleRate = 0.2
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
tracing: tracing:
zipkin: zipkin:
sampleRate: 0.2 sampleRate: 0.2
``` ```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sampleRate = 0.2
```
```bash tab="CLI" ```bash tab="CLI"
--tracing.zipkin.sampleRate=0.2 --tracing.zipkin.sampleRate=0.2
``` ```

40
docs/content/operations/api.md
View file

@ -26,16 +26,16 @@ If you enable the API, a new special `service` named `api@internal` is created a
To enable the API handler, use the following option on the To enable the API handler, use the following option on the
[static configuration](../getting-started/configuration-overview.md#the-static-configuration): [static configuration](../getting-started/configuration-overview.md#the-static-configuration):
```toml tab="File (TOML)"
# Static Configuration
[api]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Static Configuration # Static Configuration
api: {} api: {}
``` ```
```toml tab="File (TOML)"
# Static Configuration
[api]
```
```bash tab="CLI" ```bash tab="CLI"
--api=true --api=true
``` ```
@ -74,16 +74,16 @@ Enable the API in `insecure` mode, which means that the API will be available di
!!! info !!! info
If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080. If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080.
```toml tab="File (TOML)"
[api]
insecure = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
api: api:
insecure: true insecure: true
``` ```
```toml tab="File (TOML)"
[api]
insecure = true
```
```bash tab="CLI" ```bash tab="CLI"
--api.insecure=true --api.insecure=true
``` ```
@ -94,16 +94,16 @@ _Optional, Default=true_
Enable the dashboard. More about the dashboard features [here](./dashboard.md). Enable the dashboard. More about the dashboard features [here](./dashboard.md).
```toml tab="File (TOML)"
[api]
dashboard = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
api: api:
dashboard: true dashboard: true
``` ```
```toml tab="File (TOML)"
[api]
dashboard = true
```
```bash tab="CLI" ```bash tab="CLI"
--api.dashboard=true --api.dashboard=true
``` ```
@ -117,16 +117,16 @@ _Optional, Default=false_
Enable additional [endpoints](./api.md#endpoints) for debugging and profiling, served under `/debug/`. Enable additional [endpoints](./api.md#endpoints) for debugging and profiling, served under `/debug/`.
```toml tab="File (TOML)"
[api]
debug = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
api: api:
debug: true debug: true
``` ```
```toml tab="File (TOML)"
[api]
debug = true
```
```bash tab="CLI" ```bash tab="CLI"
--api.debug=true --api.debug=true
``` ```

32
docs/content/operations/dashboard.md
View file

@ -31,16 +31,6 @@ This is the **recommended** method.
Start by enabling the dashboard by using the following option from [Traefik's API](./api.md) Start by enabling the dashboard by using the following option from [Traefik's API](./api.md)
on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration): on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration):
```toml tab="File (TOML)"
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
api: api:
# Dashboard # Dashboard
@ -51,6 +41,16 @@ api:
dashboard: true dashboard: true
``` ```
```toml tab="File (TOML)"
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
```
```bash tab="CLI" ```bash tab="CLI"
# Dashboard # Dashboard
# #
@ -105,18 +105,18 @@ This mode is not recommended because it does not allow the use of security featu
To enable the "insecure mode", use the following options from [Traefik's API](./api.md#insecure): To enable the "insecure mode", use the following options from [Traefik's API](./api.md#insecure):
```toml tab="File (TOML)"
[api]
dashboard = true
insecure = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
api: api:
dashboard: true dashboard: true
insecure: true insecure: true
``` ```
```toml tab="File (TOML)"
[api]
dashboard = true
insecure = true
```
```bash tab="CLI" ```bash tab="CLI"
--api.dashboard=true --api.insecure=true --api.dashboard=true --api.insecure=true
``` ```

28
docs/content/operations/include-api-examples.md
View file

@ -69,20 +69,6 @@ labels:
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`)"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic Configuration # Dynamic Configuration
http: http:
@ -99,3 +85,17 @@ http:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`)"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

28
docs/content/operations/include-dashboard-examples.md
View file

@ -69,20 +69,6 @@ labels:
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Dynamic Configuration # Dynamic Configuration
http: http:
@ -99,3 +85,17 @@ http:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
``` ```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

46
docs/content/operations/ping.md
View file

@ -7,14 +7,14 @@ Checking the Health of Your Traefik Instances
To enable the API handler: To enable the API handler:
```toml tab="File (TOML)"
[ping]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
ping: {} ping: {}
``` ```
```toml tab="File (TOML)"
[ping]
```
```bash tab="CLI" ```bash tab="CLI"
--ping=true --ping=true
``` ```
@ -39,15 +39,6 @@ _Optional, Default="traefik"_
Enabling /ping on a dedicated EntryPoint. Enabling /ping on a dedicated EntryPoint.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
ping: ping:
@ -57,6 +48,15 @@ ping:
entryPoint: "ping" entryPoint: "ping"
``` ```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
```
```bash tab="CLI" ```bash tab="CLI"
--entryPoints.ping.address=:8082 --entryPoints.ping.address=:8082
--ping.entryPoint=ping --ping.entryPoint=ping
@ -68,16 +68,16 @@ _Optional, Default=false_
If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `ping@internal` service. If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `ping@internal` service.
```toml tab="File (TOML)"
[ping]
manualRouting = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
ping: ping:
manualRouting: true manualRouting: true
``` ```
```toml tab="File (TOML)"
[ping]
manualRouting = true
```
```bash tab="CLI" ```bash tab="CLI"
--ping.manualrouting=true --ping.manualrouting=true
``` ```
@ -93,16 +93,16 @@ be expected as the signal for graceful termination. In which case, the
terminatingStatusCode can be used to set the code returned by the ping terminatingStatusCode can be used to set the code returned by the ping
handler during termination. handler during termination.
```toml tab="File (TOML)"
[ping]
terminatingStatusCode = 204
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
ping: ping:
terminatingStatusCode: 204 terminatingStatusCode: 204
``` ```
```toml tab="File (TOML)"
[ping]
terminatingStatusCode = 204
```
```bash tab="CLI" ```bash tab="CLI"
--ping.terminatingStatusCode=204 --ping.terminatingStatusCode=204
``` ```

248
docs/content/providers/consul-catalog.md
View file

@ -13,15 +13,15 @@ Attach tags to your services and let Traefik do the rest!
Enabling the consul catalog provider Enabling the consul catalog provider
```toml tab="File (TOML)"
[providers.consulCatalog]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: {} consulCatalog: {}
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog=true --providers.consulcatalog=true
``` ```
@ -44,12 +44,6 @@ _Optional, Default=15s_
Defines the polling interval. Defines the polling interval.
```toml tab="File (TOML)"
[providers.consulCatalog]
refreshInterval = "30s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -57,6 +51,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
refreshInterval = "30s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.refreshInterval=30s --providers.consulcatalog.refreshInterval=30s
# ... # ...
@ -68,12 +68,6 @@ _required, Default="traefik"_
The prefix for Consul Catalog tags defining Traefik labels. The prefix for Consul Catalog tags defining Traefik labels.
```toml tab="File (TOML)"
[providers.consulCatalog]
prefix = "test"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -81,6 +75,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
prefix = "test"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.prefix=test --providers.consulcatalog.prefix=test
# ... # ...
@ -98,12 +98,6 @@ Forces the read to be fully consistent.
For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency). For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency).
```toml tab="File (TOML)"
[providers.consulCatalog]
requireConsistent = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -111,6 +105,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
requireConsistent = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.requireConsistent=true --providers.consulcatalog.requireConsistent=true
# ... # ...
@ -128,12 +128,6 @@ Use stale consistency for catalog reads.
For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency). For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency).
```toml tab="File (TOML)"
[providers.consulCatalog]
stale = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -141,6 +135,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
stale = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.stale=true --providers.consulcatalog.stale=true
# ... # ...
@ -152,12 +152,6 @@ _Optional, Default=false_
Use local agent caching for catalog reads. Use local agent caching for catalog reads.
```toml tab="File (TOML)"
[providers.consulCatalog]
cache = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -165,6 +159,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
cache = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.cache=true --providers.consulcatalog.cache=true
# ... # ...
@ -180,13 +180,6 @@ Defines the address of the Consul server.
_Optional, Default="127.0.0.1:8500"_ _Optional, Default="127.0.0.1:8500"_
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -195,6 +188,13 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.address=127.0.0.1:8500 --providers.consulcatalog.endpoint.address=127.0.0.1:8500
# ... # ...
@ -206,13 +206,6 @@ _Optional, Default=""_
Defines the URI scheme for the Consul server. Defines the URI scheme for the Consul server.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
scheme = "https"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -221,6 +214,13 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
scheme = "https"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.scheme=https --providers.consulcatalog.endpoint.scheme=https
# ... # ...
@ -233,13 +233,6 @@ _Optional, Default=""_
Defines the datacenter to use. Defines the datacenter to use.
If not provided in Traefik, Consul uses the default agent datacenter. If not provided in Traefik, Consul uses the default agent datacenter.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
datacenter = "test"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -248,6 +241,13 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
datacenter = "test"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.datacenter=test --providers.consulcatalog.endpoint.datacenter=test
# ... # ...
@ -259,13 +259,6 @@ _Optional, Default=""_
Token is used to provide a per-request ACL token which overwrites the agent's default token. Token is used to provide a per-request ACL token which overwrites the agent's default token.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
token = "test"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -274,6 +267,13 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
token = "test"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.token=test --providers.consulcatalog.endpoint.token=test
# ... # ...
@ -286,13 +286,6 @@ _Optional, Default=""_
Limits the duration for which a Watch can block. Limits the duration for which a Watch can block.
If not provided, the agent default values will be used. If not provided, the agent default values will be used.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
endpointWaitTime = "15s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -301,6 +294,13 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
endpointWaitTime = "15s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.endpointwaittime=15s --providers.consulcatalog.endpoint.endpointwaittime=15s
# ... # ...
@ -318,11 +318,6 @@ _Optional, Default=""_
Username to use for HTTP Basic Authentication. Username to use for HTTP Basic Authentication.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
username = "test"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -331,6 +326,11 @@ providers:
username: test username: test
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
username = "test"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.httpauth.username=test --providers.consulcatalog.endpoint.httpauth.username=test
``` ```
@ -341,11 +341,6 @@ _Optional, Default=""_
Password to use for HTTP Basic Authentication. Password to use for HTTP Basic Authentication.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
password = "test"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -354,6 +349,11 @@ providers:
password: test password: test
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
password = "test"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.httpauth.password=test --providers.consulcatalog.endpoint.httpauth.password=test
``` ```
@ -370,11 +370,6 @@ _Optional_
`ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified. `ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -383,6 +378,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.ca=path/to/ca.crt --providers.consulcatalog.endpoint.tls.ca=path/to/ca.crt
``` ```
@ -401,11 +401,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -414,6 +409,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.caoptional=true --providers.consulcatalog.endpoint.tls.caoptional=true
``` ```
@ -426,12 +426,6 @@ _Optional_
When using this option, setting the `key` option is required. When using this option, setting the `key` option is required.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -441,6 +435,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert --providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert
--providers.consulcatalog.endpoint.tls.key=path/to/foo.key --providers.consulcatalog.endpoint.tls.key=path/to/foo.key
@ -454,12 +454,6 @@ _Optional_
When using this option, setting the `cert` option is required. When using this option, setting the `cert` option is required.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -469,6 +463,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert --providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert
--providers.consulcatalog.endpoint.tls.key=path/to/foo.key --providers.consulcatalog.endpoint.tls.key=path/to/foo.key
@ -480,11 +480,6 @@ _Optional_
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -493,6 +488,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.insecureskipverify=true --providers.consulcatalog.endpoint.tls.insecureskipverify=true
``` ```
@ -506,12 +506,6 @@ If set to `false`, services that don't have a `traefik.enable=true` tag will be
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.consulCatalog]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -519,6 +513,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
exposedByDefault = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.exposedByDefault=false --providers.consulcatalog.exposedByDefault=false
# ... # ...
@ -538,12 +538,6 @@ and the template has access to all the labels (i.e. tags beginning with the `pre
The option can be overridden on an instance basis with the `traefik.http.routers.{name-of-your-choice}.rule` tag. The option can be overridden on an instance basis with the `traefik.http.routers.{name-of-your-choice}.rule` tag.
```toml tab="File (TOML)"
[providers.consulCatalog]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -551,6 +545,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" --providers.consulcatalog.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ... # ...
@ -599,12 +599,6 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "TagRegex(`a\.tag\.t.+`)" constraints = "TagRegex(`a\.tag\.t.+`)"
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
constraints = "Tag(`a.tag.name`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consulCatalog: consulCatalog:
@ -612,6 +606,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.consulCatalog]
constraints = "Tag(`a.tag.name`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consulcatalog.constraints="Tag(`a.tag.name`)" --providers.consulcatalog.constraints="Tag(`a.tag.name`)"
# ... # ...

98
docs/content/providers/consul.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:8500"_
Defines how to access to Consul. Defines how to access to Consul.
```toml tab="File (TOML)"
[providers.consul]
endpoints = ["127.0.0.1:8500"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:8500" - "127.0.0.1:8500"
``` ```
```toml tab="File (TOML)"
[providers.consul]
endpoints = ["127.0.0.1:8500"]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.endpoints=127.0.0.1:8500 --providers.consul.endpoints=127.0.0.1:8500
``` ```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration. Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.consul]
rootKey = "traefik"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
rootKey: "traefik" rootKey: "traefik"
``` ```
```toml tab="File (TOML)"
[providers.consul]
rootKey = "traefik"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.rootkey=traefik --providers.consul.rootkey=traefik
``` ```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect to Consul with. Defines a username to connect to Consul with.
```toml tab="File (TOML)"
[providers.consul]
# ...
username = "foo"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -73,6 +67,12 @@ providers:
usename: "foo" usename: "foo"
``` ```
```toml tab="File (TOML)"
[providers.consul]
# ...
username = "foo"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.username=foo --providers.consul.username=foo
``` ```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password with which to connect to Consul. Defines a password with which to connect to Consul.
```toml tab="File (TOML)"
[providers.consul]
# ...
password = "bar"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -96,6 +90,12 @@ providers:
password: "bar" password: "bar"
``` ```
```toml tab="File (TOML)"
[providers.consul]
# ...
password = "bar"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.password=foo --providers.consul.password=foo
``` ```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to Consul. Certificate Authority used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.consul.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.tls.ca=path/to/ca.crt --providers.consul.tls.ca=path/to/ca.crt
``` ```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.consul.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -148,6 +143,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.consul.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.tls.caOptional=true --providers.consul.tls.caOptional=true
``` ```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to Consul. Public certificate used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.tls.cert=path/to/foo.cert --providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key --providers.consul.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to Consul. Private certificate used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.tls.cert=path/to/foo.cert --providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key --providers.consul.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.consul.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
consul: consul:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.consul.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.consul.tls.insecureSkipVerify=true --providers.consul.tls.insecureSkipVerify=true
``` ```

224
docs/content/providers/docker.md
View file

@ -20,15 +20,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
Enabling the docker provider Enabling the docker provider
```toml tab="File (TOML)"
[providers.docker]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: {} docker: {}
``` ```
```toml tab="File (TOML)"
[providers.docker]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker=true --providers.docker=true
``` ```
@ -48,15 +48,6 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
Enabling the docker provider (Swarm Mode) Enabling the docker provider (Swarm Mode)
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -67,6 +58,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
swarmMode: true swarmMode: true
``` ```
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```bash tab="CLI" ```bash tab="CLI"
# swarm classic (1.12-) # swarm classic (1.12-)
# --providers.docker.endpoint=tcp://127.0.0.1:2375 # --providers.docker.endpoint=tcp://127.0.0.1:2375
@ -117,7 +117,7 @@ Port detection works as follows:
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) a single port, - If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) a single port,
then Traefik uses this port for private communication. then Traefik uses this port for private communication.
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports, - If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports,
or does not expose any port, then you must manually specify which port Traefik should use for communication or does not expose any port, then you must manually specify which port Traefik should use for communication
by using the label `traefik.http.services.<service_name>.loadbalancer.server.port` by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
(Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)). (Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)).
@ -261,12 +261,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
We specify the docker.sock in traefik's configuration file. We specify the docker.sock in traefik's configuration file.
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -274,6 +268,12 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.endpoint=unix:///var/run/docker.sock --providers.docker.endpoint=unix:///var/run/docker.sock
# ... # ...
@ -285,12 +285,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
We specify the SSH host and user in Traefik's configuration file. We specify the SSH host and user in Traefik's configuration file.
Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik. Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
```toml tab="File (TOML)"
[providers.docker]
endpoint = "ssh://traefik@192.168.2.5:2022"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -298,22 +292,28 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "ssh://traefik@192.168.2.5:2022"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.endpoint=ssh://traefik@192.168.2.5:2022 --providers.docker.endpoint=ssh://traefik@192.168.2.5:2022
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
endpoint: "unix:///var/run/docker.sock" endpoint: "unix:///var/run/docker.sock"
``` ```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.endpoint=unix:///var/run/docker.sock --providers.docker.endpoint=unix:///var/run/docker.sock
``` ```
@ -350,12 +350,6 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that
- `ExtPort` stands for "external Port found in the binding" - `ExtPort` stands for "external Port found in the binding"
- `IntPort` stands for "internal network container's port." - `IntPort` stands for "internal network container's port."
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -363,6 +357,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.useBindPortIP=true --providers.docker.useBindPortIP=true
# ... # ...
@ -377,12 +377,6 @@ If set to `false`, containers that do not have a `traefik.enable=true` label are
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -390,6 +384,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.exposedByDefault=false --providers.docker.exposedByDefault=false
# ... # ...
@ -403,12 +403,6 @@ Defines a default docker network to use for connections to all containers.
This option can be overridden on a per-container basis with the `traefik.docker.network` label. This option can be overridden on a per-container basis with the `traefik.docker.network` label.
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -416,6 +410,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.network=test --providers.docker.network=test
# ... # ...
@ -432,12 +432,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can
The container service name can be accessed with the `Name` identifier, The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container. and the template has access to all the labels defined on this container.
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -445,6 +439,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) --providers.docker.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ... # ...
@ -456,12 +456,6 @@ _Optional, Default=false_
Enables the Swarm Mode (instead of standalone Docker). Enables the Swarm Mode (instead of standalone Docker).
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -469,6 +463,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.swarmMode=true --providers.docker.swarmMode=true
# ... # ...
@ -480,12 +480,6 @@ _Optional, Default=15_
Defines the polling interval (in seconds) for Swarm Mode. Defines the polling interval (in seconds) for Swarm Mode.
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = 30
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -493,6 +487,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = 30
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.swarmModeRefreshSeconds=30 --providers.docker.swarmModeRefreshSeconds=30
# ... # ...
@ -504,12 +504,6 @@ _Optional, Default=0_
Defines the client timeout (in seconds) for HTTP connections. If its value is `0`, no timeout is set. Defines the client timeout (in seconds) for HTTP connections. If its value is `0`, no timeout is set.
```toml tab="File (TOML)"
[providers.docker]
httpClientTimeout = 300
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -517,6 +511,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
httpClientTimeout = 300
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.httpClientTimeout=300 --providers.docker.httpClientTimeout=300
# ... # ...
@ -528,12 +528,6 @@ _Optional, Default=true_
Watch Docker Swarm events. Watch Docker Swarm events.
```toml tab="File (TOML)"
[providers.docker]
watch = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -541,6 +535,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
watch = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.watch=false --providers.docker.watch=false
# ... # ...
@ -591,12 +591,6 @@ as well as the usual boolean logic, as shown in examples below.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -604,6 +598,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.constraints=Label(`a.label.name`,`foo`) --providers.docker.constraints=Label(`a.label.name`,`foo`)
# ... # ...
@ -617,11 +617,6 @@ _Optional_
Certificate Authority used for the secure connection to Docker. Certificate Authority used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -629,6 +624,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.docker.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.tls.ca=path/to/ca.crt --providers.docker.tls.ca=path/to/ca.crt
``` ```
@ -645,11 +645,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -657,6 +652,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.tls.caOptional=true --providers.docker.tls.caOptional=true
``` ```
@ -665,12 +665,6 @@ providers:
Public certificate used for the secure connection to Docker. Public certificate used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -679,6 +673,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert --providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key --providers.docker.tls.key=path/to/foo.key
@ -688,12 +688,6 @@ providers:
Private certificate used for the secure connection to Docker. Private certificate used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -702,6 +696,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert --providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key --providers.docker.tls.key=path/to/foo.key
@ -711,11 +711,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Docker accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to Docker accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.docker.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -723,6 +718,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.docker.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker.tls.insecureSkipVerify=true --providers.docker.tls.insecureSkipVerify=true
``` ```

82
docs/content/providers/ecs.md
View file

@ -11,15 +11,15 @@ Attach labels to your ECS containers and let Traefik do the rest!
Enabling the ECS provider: Enabling the ECS provider:
```toml tab="File (TOML)"
[providers.ecs]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
ecs: {} ecs: {}
``` ```
```toml tab="File (TOML)"
[providers.ecs]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.ecs=true --providers.ecs=true
``` ```
@ -63,12 +63,6 @@ Search for services in cluster list.
- If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters. - If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters.
- If set to `false` service discovery is enabled on configured clusters only. - If set to `false` service discovery is enabled on configured clusters only.
```toml tab="File (TOML)"
[providers.ecs]
autoDiscoverClusters = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
ecs: ecs:
@ -76,6 +70,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.ecs]
autoDiscoverClusters = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.ecs.autoDiscoverClusters=true --providers.ecs.autoDiscoverClusters=true
# ... # ...
@ -87,12 +87,6 @@ _Optional, Default=["default"]_
Search for services in cluster list. Search for services in cluster list.
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
ecs: ecs:
@ -101,6 +95,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.ecs.clusters=default --providers.ecs.clusters=default
# ... # ...
@ -114,12 +114,6 @@ Expose ECS services by default in Traefik.
If set to `false`, services that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration. If set to `false`, services that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
```toml tab="File (TOML)"
[providers.ecs]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
ecs: ecs:
@ -127,6 +121,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.ecs]
exposedByDefault = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.ecs.exposedByDefault=false --providers.ecs.exposedByDefault=false
# ... # ...
@ -143,12 +143,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can
The container service name can be accessed with the `Name` identifier, The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container. and the template has access to all the labels defined on this container.
```toml tab="File (TOML)"
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
ecs: ecs:
@ -156,6 +150,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) --providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ... # ...
@ -167,12 +167,6 @@ _Optional, Default=15_
Polling interval (in seconds). Polling interval (in seconds).
```toml tab="File (TOML)"
[providers.ecs]
refreshSeconds = 15
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
ecs: ecs:
@ -180,6 +174,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.ecs]
refreshSeconds = 15
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.ecs.refreshSeconds=15 --providers.ecs.refreshSeconds=15
# ... # ...
@ -198,13 +198,6 @@ If `accessKeyID` and `secretAccessKey` are not provided, credentials are resolve
- Using shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`. - Using shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.
- Using EC2 instance role or ECS task role - Using EC2 instance role or ECS task role
```toml tab="File (TOML)"
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
ecs: ecs:
@ -214,6 +207,13 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.ecs.region="us-east-1" --providers.ecs.region="us-east-1"
--providers.ecs.accessKeyID="abc" --providers.ecs.accessKeyID="abc"

98
docs/content/providers/etcd.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2379"_
Defines how to access etcd. Defines how to access etcd.
```toml tab="File (TOML)"
[providers.etcd]
endpoints = ["127.0.0.1:2379"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:2379" - "127.0.0.1:2379"
``` ```
```toml tab="File (TOML)"
[providers.etcd]
endpoints = ["127.0.0.1:2379"]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.endpoints=127.0.0.1:2379 --providers.etcd.endpoints=127.0.0.1:2379
``` ```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration. Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.etcd]
rootKey = "traefik"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
rootKey: "traefik" rootKey: "traefik"
``` ```
```toml tab="File (TOML)"
[providers.etcd]
rootKey = "traefik"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.rootkey=traefik --providers.etcd.rootkey=traefik
``` ```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username with which to connect to etcd. Defines a username with which to connect to etcd.
```toml tab="File (TOML)"
[providers.etcd]
# ...
username = "foo"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -73,6 +67,12 @@ providers:
usename: "foo" usename: "foo"
``` ```
```toml tab="File (TOML)"
[providers.etcd]
# ...
username = "foo"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.username=foo --providers.etcd.username=foo
``` ```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password with which to connect to etcd. Defines a password with which to connect to etcd.
```toml tab="File (TOML)"
[providers.etcd]
# ...
password = "bar"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -96,6 +90,12 @@ providers:
password: "bar" password: "bar"
``` ```
```toml tab="File (TOML)"
[providers.etcd]
# ...
password = "bar"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.password=foo --providers.etcd.password=foo
``` ```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to etcd. Certificate Authority used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.etcd.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.tls.ca=path/to/ca.crt --providers.etcd.tls.ca=path/to/ca.crt
``` ```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.etcd.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -148,6 +143,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.etcd.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.tls.caOptional=true --providers.etcd.tls.caOptional=true
``` ```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to etcd. Public certificate used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.tls.cert=path/to/foo.cert --providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key --providers.etcd.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to etcd. Private certificate used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.tls.cert=path/to/foo.cert --providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key --providers.etcd.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to etcd accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to etcd accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.etcd.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
etcd: etcd:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.etcd.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.etcd.tls.insecureSkipVerify=true --providers.etcd.tls.insecureSkipVerify=true
``` ```

184
docs/content/providers/file.md
View file

@ -3,7 +3,7 @@
Good Old Configuration File Good Old Configuration File
{: .subtitle } {: .subtitle }
The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file. The file provider lets you define the [dynamic configuration](./overview.md) in a YAML or TOML file.
It supports providing configuration through a [single configuration file](#filename) or [multiple separate files](#directory). It supports providing configuration through a [single configuration file](#filename) or [multiple separate files](#directory).
@ -21,50 +21,23 @@ It supports providing configuration through a [single configuration file](#filen
Enabling the file provider: Enabling the file provider:
```toml tab="File (TOML)"
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
file: file:
directory: "/path/to/dynamic/conf" directory: "/path/to/dynamic/conf"
``` ```
```toml tab="File (TOML)"
[providers.file]
directory = "/path/to/dynamic/conf"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.file.directory=/path/to/dynamic/conf --providers.file.directory=/path/to/dynamic/conf
``` ```
Declaring Routers, Middlewares & Services: Declaring Routers, Middlewares & Services:
```toml tab="TOML"
[http]
# Add the router
[http.routers]
[http.routers.router0]
entryPoints = ["web"]
middlewares = ["my-basic-auth"]
service = "service-foo"
rule = "Path(`/foo`)"
# Add the middleware
[http.middlewares]
[http.middlewares.my-basic-auth.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
# Add the service
[http.services]
[http.services.service-foo]
[http.services.service-foo.loadBalancer]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://foo/"
[[http.services.service-foo.loadBalancer.servers]]
url = "http://bar/"
```
```yaml tab="YAML" ```yaml tab="YAML"
http: http:
# Add the router # Add the router
@ -96,6 +69,33 @@ It supports providing configuration through a [single configuration file](#filen
passHostHeader: false passHostHeader: false
``` ```
```toml tab="TOML"
[http]
# Add the router
[http.routers]
[http.routers.router0]
entryPoints = ["web"]
middlewares = ["my-basic-auth"]
service = "service-foo"
rule = "Path(`/foo`)"
# Add the middleware
[http.middlewares]
[http.middlewares.my-basic-auth.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
# Add the service
[http.services]
[http.services.service-foo]
[http.services.service-foo.loadBalancer]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://foo/"
[[http.services.service-foo.loadBalancer.servers]]
url = "http://bar/"
```
## Provider Configuration ## Provider Configuration
For an overview of all the options that can be set with the file provider, see the [dynamic configuration](../reference/dynamic-configuration/file.md) and [static configuration](../reference/static-configuration/overview.md) references. For an overview of all the options that can be set with the file provider, see the [dynamic configuration](../reference/dynamic-configuration/file.md) and [static configuration](../reference/static-configuration/overview.md) references.
@ -105,7 +105,7 @@ For an overview of all the options that can be set with the file provider, see t
With the file provider, Traefik listens for file system notifications to update the dynamic configuration. With the file provider, Traefik listens for file system notifications to update the dynamic configuration.
If you use a mounted/bound file system in your orchestrator (like docker or kubernetes), the way the files are linked may be a source of errors. If you use a mounted/bound file system in your orchestrator (like docker or kubernetes), the way the files are linked may be a source of errors.
If the link between the file systems is broken, when a source file/directory is changed/renamed, nothing will be reported to the linked file/directory, so the file system notifications will be neither triggered nor caught. If the link between the file systems is broken, when a source file/directory is changed/renamed, nothing will be reported to the linked file/directory, so the file system notifications will be neither triggered nor caught.
For example, in Docker, if the host file is renamed, the link to the mounted file is broken and the container's file is no longer updated. For example, in Docker, if the host file is renamed, the link to the mounted file is broken and the container's file is no longer updated.
To avoid this kind of issue, it is recommended to: To avoid this kind of issue, it is recommended to:
@ -125,20 +125,20 @@ Defines the path to the configuration file.
The `filename` and `directory` options are mutually exclusive. The `filename` and `directory` options are mutually exclusive.
It is recommended to use `directory`. It is recommended to use `directory`.
```toml tab="File (TOML)"
[providers]
[providers.file]
filename = "/path/to/config/dynamic_conf.toml"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
file: file:
filename: /path/to/config/dynamic_conf.yml filename: /path/to/config/dynamic_conf.yml
``` ```
```toml tab="File (TOML)"
[providers]
[providers.file]
filename = "/path/to/config/dynamic_conf.toml"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.file.filename=/path/to/config/dynamic_conf.toml --providers.file.filename=/path/to/config/dynamic_conf.yml
``` ```
### `directory` ### `directory`
@ -150,18 +150,18 @@ Defines the path to the directory that contains the configuration files.
The `filename` and `directory` options are mutually exclusive. The `filename` and `directory` options are mutually exclusive.
It is recommended to use `directory`. It is recommended to use `directory`.
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/config"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
file: file:
directory: /path/to/config directory: /path/to/config
``` ```
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/config"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.file.directory=/path/to/config --providers.file.directory=/path/to/config
``` ```
@ -171,13 +171,6 @@ providers:
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
It works with both the `filename` and the `directory` options. It works with both the `filename` and the `directory` options.
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/dynamic/conf"
watch = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
file: file:
@ -185,6 +178,13 @@ providers:
watch: true watch: true
``` ```
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/dynamic/conf"
watch = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.file.directory=/my/path/to/dynamic/conf --providers.file.directory=/my/path/to/dynamic/conf
--providers.file.watch=true --providers.file.watch=true
@ -205,6 +205,44 @@ To illustrate, it is possible to easily define multiple routers, services, and T
??? example "Configuring Using Templating" ??? example "Configuring Using Templating"
```yaml tab="YAML"
http:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}-{{ env "MY_ENV_VAR" }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
application{{ $e }}:
# ...
{{end}}
tcp:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
service{{ $e }}:
# ...
{{end}}
tls:
certificates:
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
```
```toml tab="TOML" ```toml tab="TOML"
# template-rules.toml # template-rules.toml
[http] [http]
@ -248,41 +286,3 @@ To illustrate, it is possible to easily define multiple routers, services, and T
# ... # ...
{{ end }} {{ end }}
``` ```
```yaml tab="YAML"
http:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}-{{ env "MY_ENV_VAR" }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
application{{ $e }}:
# ...
{{end}}
tcp:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
service{{ $e }}:
# ...
{{end}}
tls:
certificates:
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
```

84
docs/content/providers/http.md
View file

@ -14,11 +14,6 @@ _Required_
Defines the HTTP(S) endpoint to poll. Defines the HTTP(S) endpoint to poll.
```toml tab="File (TOML)"
[providers.http]
endpoint = "http://127.0.0.1:9000/api"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
@ -26,6 +21,11 @@ providers:
- "http://127.0.0.1:9000/api" - "http://127.0.0.1:9000/api"
``` ```
```toml tab="File (TOML)"
[providers.http]
endpoint = "http://127.0.0.1:9000/api"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.endpoint=http://127.0.0.1:9000/api --providers.http.endpoint=http://127.0.0.1:9000/api
``` ```
@ -36,17 +36,17 @@ _Optional, Default="5s"_
Defines the polling interval. Defines the polling interval.
```toml tab="File (TOML)"
[providers.http]
pollInterval = "5s"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
pollInterval: "5s" pollInterval: "5s"
``` ```
```toml tab="File (TOML)"
[providers.http]
pollInterval = "5s"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.pollInterval=5s --providers.http.pollInterval=5s
``` ```
@ -57,17 +57,17 @@ _Optional, Default="5s"_
Defines the polling timeout when connecting to the configured endpoint. Defines the polling timeout when connecting to the configured endpoint.
```toml tab="File (TOML)"
[providers.http]
pollTimeout = "5s"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
pollTimeout: "5s" pollTimeout: "5s"
``` ```
```toml tab="File (TOML)"
[providers.http]
pollTimeout = "5s"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.pollTimeout=5s --providers.http.pollTimeout=5s
``` ```
@ -80,11 +80,6 @@ _Optional_
Certificate Authority used for the secure connection to the configured endpoint. Certificate Authority used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
@ -92,6 +87,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.http.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.tls.ca=path/to/ca.crt --providers.http.tls.ca=path/to/ca.crt
``` ```
@ -108,11 +108,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.http.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
@ -120,6 +115,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.http.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.tls.caOptional=true --providers.http.tls.caOptional=true
``` ```
@ -128,12 +128,6 @@ providers:
Public certificate used for the secure connection to the configured endpoint. Public certificate used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
@ -142,6 +136,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.tls.cert=path/to/foo.cert --providers.http.tls.cert=path/to/foo.cert
--providers.http.tls.key=path/to/foo.key --providers.http.tls.key=path/to/foo.key
@ -151,12 +151,6 @@ providers:
Private certificate used for the secure connection to the configured endpoint. Private certificate used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
@ -165,6 +159,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.tls.cert=path/to/foo.cert --providers.http.tls.cert=path/to/foo.cert
--providers.http.tls.key=path/to/foo.key --providers.http.tls.key=path/to/foo.key
@ -174,11 +174,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to the endpoint accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to the endpoint accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.http.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
http: http:
@ -186,6 +181,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.http.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.http.tls.insecureSkipVerify=true --providers.http.tls.insecureSkipVerify=true
``` ```

98
docs/content/providers/kubernetes-crd.md
View file

@ -15,7 +15,7 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
* Add/update **all** the Traefik resources [definitions](../reference/dynamic-configuration/kubernetes-crd.md#definitions) * Add/update **all** the Traefik resources [definitions](../reference/dynamic-configuration/kubernetes-crd.md#definitions)
* Add/update the [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for the Traefik custom resources * Add/update the [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for the Traefik custom resources
* Use [Helm Chart](../getting-started/install-traefik.md#use-the-helm-chart) or use a custom Traefik Deployment * Use [Helm Chart](../getting-started/install-traefik.md#use-the-helm-chart) or use a custom Traefik Deployment
* Enable the kubernetesCRD provider * Enable the kubernetesCRD provider
* Apply the needed kubernetesCRD provider [configuration](#provider-configuration) * Apply the needed kubernetesCRD provider [configuration](#provider-configuration)
* Add all necessary Traefik custom [resources](../reference/dynamic-configuration/kubernetes-crd.md#resources) * Add all necessary Traefik custom [resources](../reference/dynamic-configuration/kubernetes-crd.md#resources)
@ -81,12 +81,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required. In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -94,6 +88,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.endpoint=http://localhost:8080 --providers.kubernetescrd.endpoint=http://localhost:8080
``` ```
@ -104,12 +104,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration. Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -117,6 +111,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.token=mytoken --providers.kubernetescrd.token=mytoken
``` ```
@ -128,12 +128,6 @@ _Optional, Default=""_
Path to the certificate authority file. Path to the certificate authority file.
Used for the Kubernetes client configuration. Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -141,6 +135,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.certauthfilepath=/my/ca.crt --providers.kubernetescrd.certauthfilepath=/my/ca.crt
``` ```
@ -152,12 +152,6 @@ _Optional, Default: []_
Array of namespaces to watch. Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`. If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -167,6 +161,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.namespaces=default,production --providers.kubernetescrd.namespaces=default,production
``` ```
@ -186,12 +186,6 @@ See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-
Because the label selector is applied to all Traefik Custom Resources, they all must match the filter. Because the label selector is applied to all Traefik Custom Resources, they all must match the filter.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "app=traefik"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -199,6 +193,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "app=traefik"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.labelselector="app=traefik" --providers.kubernetescrd.labelselector="app=traefik"
``` ```
@ -212,12 +212,6 @@ Value of `kubernetes.io/ingress.class` annotation that identifies resource objec
If the parameter is set, only resources containing an annotation with the same value are processed. If the parameter is set, only resources containing an annotation with the same value are processed.
Otherwise, resources missing the annotation, having an empty value, or the value `traefik` are processed. Otherwise, resources missing the annotation, having an empty value, or the value `traefik` are processed.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -225,6 +219,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.ingressclass=traefik-internal --providers.kubernetescrd.ingressclass=traefik-internal
``` ```
@ -241,12 +241,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format, The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesCRD]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -254,6 +248,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
throttleDuration = "10s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.throttleDuration=10s --providers.kubernetescrd.throttleDuration=10s
``` ```
@ -268,12 +268,6 @@ If the parameter is set to `false`, IngressRoutes are not able to reference any
Please note that the default value for this option will be set to `false` in a future version. Please note that the default value for this option will be set to `false` in a future version.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesCRD: kubernetesCRD:
@ -281,6 +275,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetescrd.allowCrossNamespace=false --providers.kubernetescrd.allowCrossNamespace=false
``` ```

88
docs/content/providers/kubernetes-gateway.md
View file

@ -15,14 +15,6 @@ This provider is proposed as an experimental feature and partially supports the
Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration. Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration.
```toml tab="File (TOML)"
[experimental]
kubernetesGateway = true
[providers.kubernetesGateway]
#...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
experimental: experimental:
kubernetesGateway: true kubernetesGateway: true
@ -32,6 +24,14 @@ This provider is proposed as an experimental feature and partially supports the
#... #...
``` ```
```toml tab="File (TOML)"
[experimental]
kubernetesGateway = true
[providers.kubernetesGateway]
#...
```
```bash tab="CLI" ```bash tab="CLI"
--experimental.kubernetesgateway=true --providers.kubernetesgateway=true #... --experimental.kubernetesgateway=true --providers.kubernetesgateway=true #...
``` ```
@ -117,12 +117,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required. In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesGateway: kubernetesGateway:
@ -130,6 +124,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesgateway.endpoint=http://localhost:8080 --providers.kubernetesgateway.endpoint=http://localhost:8080
``` ```
@ -140,12 +140,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration. Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesGateway: kubernetesGateway:
@ -153,6 +147,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
token = "mytoken"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesgateway.token=mytoken --providers.kubernetesgateway.token=mytoken
``` ```
@ -164,12 +164,6 @@ _Optional, Default=""_
Path to the certificate authority file. Path to the certificate authority file.
Used for the Kubernetes client configuration. Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesGateway: kubernetesGateway:
@ -177,6 +171,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesgateway.certauthfilepath=/my/ca.crt --providers.kubernetesgateway.certauthfilepath=/my/ca.crt
``` ```
@ -188,12 +188,6 @@ _Optional, Default: []_
Array of namespaces to watch. Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`. If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesGateway: kubernetesGateway:
@ -203,6 +197,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesgateway.namespaces=default,production --providers.kubernetesgateway.namespaces=default,production
``` ```
@ -216,12 +216,6 @@ If left empty, Traefik processes all GatewayClass objects in the configured name
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
labelselector = "app=traefik"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesGateway: kubernetesGateway:
@ -229,6 +223,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
labelselector = "app=traefik"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesgateway.labelselector="app=traefik" --providers.kubernetesgateway.labelselector="app=traefik"
``` ```
@ -245,12 +245,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format, The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesGateway]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesGateway: kubernetesGateway:
@ -258,6 +252,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
throttleDuration = "10s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesgateway.throttleDuration=10s --providers.kubernetesgateway.throttleDuration=10s
``` ```

128
docs/content/providers/kubernetes-ingress.md
View file

@ -14,15 +14,15 @@ See the dedicated section in [routing](../routing/providers/kubernetes-ingress.m
You can enable the provider in the static configuration: You can enable the provider in the static configuration:
```toml tab="File (TOML)"
[providers.kubernetesIngress]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: {} kubernetesIngress: {}
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress=true --providers.kubernetesingress=true
``` ```
@ -95,12 +95,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required. In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -108,6 +102,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.endpoint=http://localhost:8080 --providers.kubernetesingress.endpoint=http://localhost:8080
``` ```
@ -118,12 +118,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration. Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -131,6 +125,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
token = "mytoken"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.token=mytoken --providers.kubernetesingress.token=mytoken
``` ```
@ -142,12 +142,6 @@ _Optional, Default=""_
Path to the certificate authority file. Path to the certificate authority file.
Used for the Kubernetes client configuration. Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -155,6 +149,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.certauthfilepath=/my/ca.crt --providers.kubernetesingress.certauthfilepath=/my/ca.crt
``` ```
@ -166,12 +166,6 @@ _Optional, Default: []_
Array of namespaces to watch. Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`. If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -181,6 +175,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.namespaces=default,production --providers.kubernetesingress.namespaces=default,production
``` ```
@ -194,12 +194,6 @@ If left empty, Traefik processes all Ingress objects in the configured namespace
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "app=traefik"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -207,6 +201,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "app=traefik"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.labelselector="app=traefik" --providers.kubernetesingress.labelselector="app=traefik"
``` ```
@ -254,12 +254,6 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
servicePort: 80 servicePort: 80
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -267,6 +261,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.ingressclass=traefik-internal --providers.kubernetesingress.ingressclass=traefik-internal
``` ```
@ -279,12 +279,6 @@ _Optional, Default: ""_
Hostname used for Kubernetes Ingress endpoints. Hostname used for Kubernetes Ingress endpoints.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
hostname = "example.net"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -293,6 +287,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
hostname = "example.net"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.hostname=example.net --providers.kubernetesingress.ingressendpoint.hostname=example.net
``` ```
@ -303,12 +303,6 @@ _Optional, Default: ""_
IP used for Kubernetes Ingress endpoints. IP used for Kubernetes Ingress endpoints.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
ip = "1.2.3.4"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -317,6 +311,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
ip = "1.2.3.4"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.ip=1.2.3.4 --providers.kubernetesingress.ingressendpoint.ip=1.2.3.4
``` ```
@ -328,12 +328,6 @@ _Optional, Default: ""_
Published Kubernetes Service to copy status from. Published Kubernetes Service to copy status from.
Format: `namespace/servicename`. Format: `namespace/servicename`.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
publishedService = "namespace/foo-service"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -342,6 +336,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
publishedService = "namespace/foo-service"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service --providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
``` ```
@ -358,12 +358,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format, The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesIngress]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
kubernetesIngress: kubernetesIngress:
@ -371,6 +365,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
throttleDuration = "10s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.kubernetesingress.throttleDuration=10s --providers.kubernetesingress.throttleDuration=10s
``` ```

234
docs/content/providers/marathon.md
View file

@ -11,15 +11,15 @@ For additional information, refer to [Marathon user guide](../user-guides/marath
Enabling the Marathon provider Enabling the Marathon provider
```toml tab="File (TOML)"
[providers.marathon]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: {} marathon: {}
``` ```
```toml tab="File (TOML)"
[providers.marathon]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon=true --providers.marathon=true
``` ```
@ -61,12 +61,6 @@ _Optional_
Enables Marathon basic authentication. Enables Marathon basic authentication.
```toml tab="File (TOML)"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -75,6 +69,12 @@ providers:
httpBasicPassword: bar httpBasicPassword: bar
``` ```
```toml tab="File (TOML)"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.basic.httpbasicauthuser=foo --providers.marathon.basic.httpbasicauthuser=foo
--providers.marathon.basic.httpbasicpassword=bar --providers.marathon.basic.httpbasicpassword=bar
@ -88,12 +88,6 @@ Datacenter Operating System (DCOS) Token for DCOS environment.
If set, it overrides the Authorization header. If set, it overrides the Authorization header.
```toml tab="File (TOML)"
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```toml tab="File (YAML)" ```toml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -101,6 +95,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.dcosToken=xxxxxx --providers.marathon.dcosToken=xxxxxx
``` ```
@ -119,12 +119,6 @@ and can include [sprig template functions](http://masterminds.github.io/sprig/).
The app ID can be accessed with the `Name` identifier, The app ID can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this Marathon application. and the template has access to all the labels defined on this Marathon application.
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -132,6 +126,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) --providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ... # ...
@ -147,19 +147,19 @@ when trying to open a TCP connection to a Marathon master.
The value of `dialerTimeout` should be provided in seconds or as a valid duration format, The value of `dialerTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)" ```yaml tab="File (YAML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```toml tab="File (YAML)"
providers: providers:
marathon: marathon:
dialerTimeout: "10s" dialerTimeout: "10s"
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.dialerTimeout=10s --providers.marathon.dialerTimeout=10s
``` ```
@ -172,19 +172,19 @@ Marathon server endpoint.
You can optionally specify multiple endpoints. You can optionally specify multiple endpoints.
```toml tab="File (TOML)" ```yaml tab="File (YAML)"
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```toml tab="File (YAML)"
providers: providers:
marathon: marathon:
endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080" endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.endpoint=http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080 --providers.marathon.endpoint=http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080
``` ```
@ -199,12 +199,6 @@ If set to `false`, applications that do not have a `traefik.enable=true` label a
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -212,6 +206,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.exposedByDefault=false --providers.marathon.exposedByDefault=false
# ... # ...
@ -274,12 +274,6 @@ In addition, to match against Marathon constraints, the function `MarathonConstr
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -287,6 +281,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.constraints=Label(`a.label.name`,`foo`) --providers.marathon.constraints=Label(`a.label.name`,`foo`)
# ... # ...
@ -300,12 +300,6 @@ By default, the task IP address (as returned by the Marathon API) is used as bac
otherwise, the name of the host running the task is used. otherwise, the name of the host running the task is used.
The latter behavior can be enforced by setting this option to `true`. The latter behavior can be enforced by setting this option to `true`.
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -313,6 +307,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.forceTaskHostname=true --providers.marathon.forceTaskHostname=true
# ... # ...
@ -326,12 +326,6 @@ Set the TCP Keep Alive duration for the Marathon HTTP Client.
The value of `keepAlive` should be provided in seconds or as a valid duration format, The value of `keepAlive` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -339,6 +333,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.keepAlive=30s --providers.marathon.keepAlive=30s
# ... # ...
@ -354,12 +354,6 @@ Note that the checks are only valid during deployments.
See the Marathon guide for details. See the Marathon guide for details.
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -367,6 +361,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.respectReadinessChecks=true --providers.marathon.respectReadinessChecks=true
# ... # ...
@ -382,12 +382,6 @@ from a Marathon master.
The value of `responseHeaderTimeout` should be provided in seconds or as a valid duration format, The value of `responseHeaderTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -395,6 +389,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.responseHeaderTimeout=66s --providers.marathon.responseHeaderTimeout=66s
# ... # ...
@ -408,11 +408,6 @@ _Optional_
Certificate Authority used for the secure connection to Marathon. Certificate Authority used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -420,6 +415,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.tls.ca=path/to/ca.crt --providers.marathon.tls.ca=path/to/ca.crt
``` ```
@ -436,11 +436,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.marathon.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -448,6 +443,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.marathon.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.tls.caOptional=true --providers.marathon.tls.caOptional=true
``` ```
@ -456,12 +456,6 @@ providers:
Public certificate used for the secure connection to Marathon. Public certificate used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -470,6 +464,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert --providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key --providers.marathon.tls.key=path/to/foo.key
@ -479,12 +479,6 @@ providers:
Private certificate used for the secure connection to Marathon. Private certificate used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -493,6 +487,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert --providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key --providers.marathon.tls.key=path/to/foo.key
@ -502,11 +502,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Marathon accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to Marathon accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.marathon.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -514,6 +509,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.marathon.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.tls.insecureSkipVerify=true --providers.marathon.tls.insecureSkipVerify=true
``` ```
@ -528,12 +528,6 @@ when waiting for the TLS handshake to complete.
The value of `tlsHandshakeTimeout` should be provided in seconds or as a valid duration format, The value of `tlsHandshakeTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -541,6 +535,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.responseHeaderTimeout=10s --providers.marathon.responseHeaderTimeout=10s
# ... # ...
@ -552,12 +552,6 @@ _Optional, Default=false_
Displays additional provider logs when available. Displays additional provider logs when available.
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -565,6 +559,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.trace=true --providers.marathon.trace=true
# ... # ...
@ -576,12 +576,6 @@ _Optional, Default=true_
When set to `true`, watches for Marathon changes. When set to `true`, watches for Marathon changes.
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
marathon: marathon:
@ -589,6 +583,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.marathon.watch=false --providers.marathon.watch=false
# ... # ...

24
docs/content/providers/overview.md
View file

@ -49,12 +49,6 @@ separator, and the provider name.
Declaring the add-foo-prefix in the file provider. Declaring the add-foo-prefix in the file provider.
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
http: http:
middlewares: middlewares:
@ -63,6 +57,12 @@ separator, and the provider name.
prefix: "/foo" prefix: "/foo"
``` ```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```
Using the add-foo-prefix middleware from other providers: Using the add-foo-prefix middleware from other providers:
```yaml tab="Docker" ```yaml tab="Docker"
@ -133,7 +133,7 @@ Below is the list of the currently supported providers in Traefik.
| [ECS](./ecs.md) | Orchestrator | Label | | [ECS](./ecs.md) | Orchestrator | Label |
| [Marathon](./marathon.md) | Orchestrator | Label | | [Marathon](./marathon.md) | Orchestrator | Label |
| [Rancher](./rancher.md) | Orchestrator | Label | | [Rancher](./rancher.md) | Orchestrator | Label |
| [File](./file.md) | Manual | TOML/YAML format | | [File](./file.md) | Manual | YAML/TOML format |
| [Consul](./consul.md) | KV | KV | | [Consul](./consul.md) | KV | KV |
| [Etcd](./etcd.md) | KV | KV | | [Etcd](./etcd.md) | KV | KV |
| [ZooKeeper](./zookeeper.md) | KV | KV | | [ZooKeeper](./zookeeper.md) | KV | KV |
@ -169,16 +169,16 @@ but the throttling algorithm applies to each of them independently.
The value of `providers.providersThrottleDuration` should be provided in seconds or as a valid duration format, The value of `providers.providersThrottleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers]
providers.providersThrottleDuration = 10s
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
providersThrottleDuration: 10s providersThrottleDuration: 10s
``` ```
```toml tab="File (TOML)"
[providers]
providers.providersThrottleDuration = 10s
```
```bash tab="CLI" ```bash tab="CLI"
--providers.providersThrottleDuration=10s --providers.providersThrottleDuration=10s
``` ```

100
docs/content/providers/rancher.md
View file

@ -18,15 +18,15 @@ Attach labels to your services and let Traefik do the rest!
Enabling the Rancher provider Enabling the Rancher provider
```toml tab="File (TOML)"
[providers.rancher]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: {} rancher: {}
``` ```
```toml tab="File (TOML)"
[providers.rancher]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher=true --providers.rancher=true
``` ```
@ -48,14 +48,14 @@ See the dedicated section in [routing](../routing/providers/rancher.md).
For an overview of all the options that can be set with the Rancher provider, see the following snippets: For an overview of all the options that can be set with the Rancher provider, see the following snippets:
```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
--8<-- "content/providers/rancher.yml" --8<-- "content/providers/rancher.yml"
``` ```
```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml"
```
```bash tab="CLI" ```bash tab="CLI"
--8<-- "content/providers/rancher.txt" --8<-- "content/providers/rancher.txt"
``` ```
@ -69,12 +69,6 @@ If set to `false`, services that do not have a `traefik.enable=true` label are i
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: rancher:
@ -82,6 +76,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher.exposedByDefault=false --providers.rancher.exposedByDefault=false
# ... # ...
@ -102,12 +102,6 @@ and the template has access to all the labels defined on this container.
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label. This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: rancher:
@ -115,6 +109,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) --providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ... # ...
@ -126,12 +126,6 @@ _Optional, Default=true_
Filter out services with unhealthy states and inactive states. Filter out services with unhealthy states and inactive states.
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: rancher:
@ -139,6 +133,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher.enableServiceHealthFilter=false --providers.rancher.enableServiceHealthFilter=false
# ... # ...
@ -150,12 +150,6 @@ _Optional, Default=15_
Defines the polling interval (in seconds). Defines the polling interval (in seconds).
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: rancher:
@ -163,6 +157,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher.refreshSeconds=30 --providers.rancher.refreshSeconds=30
# ... # ...
@ -175,12 +175,6 @@ _Optional, Default=false_
Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, Poll the Rancher metadata service for changes every `rancher.refreshSeconds`,
which is less accurate than the default long polling technique which provides near instantaneous updates to Traefik. which is less accurate than the default long polling technique which provides near instantaneous updates to Traefik.
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: rancher:
@ -188,6 +182,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher.intervalPoll=true --providers.rancher.intervalPoll=true
# ... # ...
@ -199,12 +199,6 @@ _Optional, Default="/latest"_
Prefix used for accessing the Rancher metadata service. Prefix used for accessing the Rancher metadata service.
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: rancher:
@ -212,6 +206,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher.prefix=/test --providers.rancher.prefix=/test
# ... # ...
@ -262,12 +262,6 @@ the usual boolean logic, as shown in examples below.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
rancher: rancher:
@ -275,6 +269,12 @@ providers:
# ... # ...
``` ```
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI" ```bash tab="CLI"
--providers.rancher.constraints=Label(`a.label.name`,`foo`) --providers.rancher.constraints=Label(`a.label.name`,`foo`)
# ... # ...

98
docs/content/providers/redis.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:6379"_
Defines how to access to Redis. Defines how to access to Redis.
```toml tab="File (TOML)"
[providers.redis]
endpoints = ["127.0.0.1:6379"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:6379" - "127.0.0.1:6379"
``` ```
```toml tab="File (TOML)"
[providers.redis]
endpoints = ["127.0.0.1:6379"]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.endpoints=127.0.0.1:6379 --providers.redis.endpoints=127.0.0.1:6379
``` ```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration. Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.redis]
rootKey = "traefik"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
rootKey: "traefik" rootKey: "traefik"
``` ```
```toml tab="File (TOML)"
[providers.redis]
rootKey = "traefik"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.rootkey=traefik --providers.redis.rootkey=traefik
``` ```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect with Redis. Defines a username to connect with Redis.
```toml tab="File (TOML)"
[providers.redis]
# ...
username = "foo"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -73,6 +67,12 @@ providers:
usename: "foo" usename: "foo"
``` ```
```toml tab="File (TOML)"
[providers.redis]
# ...
username = "foo"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.username=foo --providers.redis.username=foo
``` ```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password to connect with Redis. Defines a password to connect with Redis.
```toml tab="File (TOML)"
[providers.redis]
# ...
password = "bar"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -96,6 +90,12 @@ providers:
password: "bar" password: "bar"
``` ```
```toml tab="File (TOML)"
[providers.redis]
# ...
password = "bar"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.password=foo --providers.redis.password=foo
``` ```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to Redis. Certificate Authority used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.redis.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.tls.ca=path/to/ca.crt --providers.redis.tls.ca=path/to/ca.crt
``` ```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.redis.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -148,6 +143,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.redis.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.tls.caOptional=true --providers.redis.tls.caOptional=true
``` ```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to Redis. Public certificate used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.tls.cert=path/to/foo.cert --providers.redis.tls.cert=path/to/foo.cert
--providers.redis.tls.key=path/to/foo.key --providers.redis.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to Redis. Private certificate used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.tls.cert=path/to/foo.cert --providers.redis.tls.cert=path/to/foo.cert
--providers.redis.tls.key=path/to/foo.key --providers.redis.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.redis.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
redis: redis:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.redis.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.redis.tls.insecureSkipVerify=true --providers.redis.tls.insecureSkipVerify=true
``` ```

98
docs/content/providers/zookeeper.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2181"_
Defines how to access to ZooKeeper. Defines how to access to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
endpoints = ["127.0.0.1:2181"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:2181" - "127.0.0.1:2181"
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper]
endpoints = ["127.0.0.1:2181"]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.endpoints=127.0.0.1:2181 --providers.zookeeper.endpoints=127.0.0.1:2181
``` ```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration. Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.zooKeeper]
rootKey = "traefik"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
rootKey: "traefik" rootKey: "traefik"
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper]
rootKey = "traefik"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.rootkey=traefik --providers.zookeeper.rootkey=traefik
``` ```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect with ZooKeeper. Defines a username to connect with ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
username = "foo"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -73,6 +67,12 @@ providers:
usename: "foo" usename: "foo"
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
username = "foo"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.username=foo --providers.zookeeper.username=foo
``` ```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password to connect with ZooKeeper. Defines a password to connect with ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
password = "bar"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -96,6 +90,12 @@ providers:
password: "bar" password: "bar"
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
password = "bar"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.password=foo --providers.zookeeper.password=foo
``` ```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to ZooKeeper. Certificate Authority used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt ca: path/to/ca.crt
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.tls.ca=path/to/ca.crt --providers.zookeeper.tls.ca=path/to/ca.crt
``` ```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
caOptional = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -148,6 +143,11 @@ providers:
caOptional: true caOptional: true
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
caOptional = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.tls.caOptional=true --providers.zookeeper.tls.caOptional=true
``` ```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to ZooKeeper. Public certificate used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.tls.cert=path/to/foo.cert --providers.zookeeper.tls.cert=path/to/foo.cert
--providers.zookeeper.tls.key=path/to/foo.key --providers.zookeeper.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to ZooKeeper. Private certificate used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key key: path/to/foo.key
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.tls.cert=path/to/foo.cert --providers.zookeeper.tls.cert=path/to/foo.cert
--providers.zookeeper.tls.key=path/to/foo.key --providers.zookeeper.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Zookeeper accepts any certificate presented by the server regardless of the hostnames it covers. If `insecureSkipVerify` is `true`, the TLS connection to Zookeeper accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
zooKeeper: zooKeeper:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
--providers.zookeeper.tls.insecureSkipVerify=true --providers.zookeeper.tls.insecureSkipVerify=true
``` ```

8
docs/content/reference/dynamic-configuration/file.md
View file

@ -3,10 +3,10 @@
Dynamic configuration with files Dynamic configuration with files
{: .subtitle } {: .subtitle }
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```
```yml tab="YAML" ```yml tab="YAML"
--8<-- "content/reference/dynamic-configuration/file.yaml" --8<-- "content/reference/dynamic-configuration/file.yaml"
``` ```
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```

2
docs/content/reference/static-configuration/cli-ref.md
View file

@ -517,7 +517,7 @@ KV Username
Enable debug logging of generated configuration template. (Default: ```false```) Enable debug logging of generated configuration template. (Default: ```false```)
`--providers.file.directory`: `--providers.file.directory`:
Load dynamic configuration from one or more .toml or .yml files in a directory. Load dynamic configuration from one or more .yml or .toml files in a directory.
`--providers.file.filename`: `--providers.file.filename`:
Load dynamic configuration from a file. Load dynamic configuration from a file.

2
docs/content/reference/static-configuration/env-ref.md
View file

@ -517,7 +517,7 @@ KV Username
Enable debug logging of generated configuration template. (Default: ```false```) Enable debug logging of generated configuration template. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DIRECTORY`: `TRAEFIK_PROVIDERS_FILE_DIRECTORY`:
Load dynamic configuration from one or more .toml or .yml files in a directory. Load dynamic configuration from one or more .yml or .toml files in a directory.
`TRAEFIK_PROVIDERS_FILE_FILENAME`: `TRAEFIK_PROVIDERS_FILE_FILENAME`:
Load dynamic configuration from a file. Load dynamic configuration from a file.

8
docs/content/reference/static-configuration/file.md
View file

@ -1,9 +1,9 @@
# Static Configuration: File # Static Configuration: File
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```
```yml tab="YAML" ```yml tab="YAML"
--8<-- "content/reference/static-configuration/file.yaml" --8<-- "content/reference/static-configuration/file.yaml"
``` ```
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```

618
docs/content/routing/entrypoints.md
View file

@ -13,20 +13,20 @@ and whether to listen for TCP or UDP.
??? example "Port 80 only" ??? example "Port 80 only"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
web: web:
address: ":80" address: ":80"
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.web.address=:80 --entryPoints.web.address=:80
@ -34,28 +34,28 @@ and whether to listen for TCP or UDP.
We define an `entrypoint` called `web` that will listen on port `80`. We define an `entrypoint` called `web` that will listen on port `80`.
??? example "Port 80 & 443" ??? example "Port 80 & 443"
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
## Static configuration ## Static configuration
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
address = ":80" address = ":80"
[entryPoints.websecure] [entryPoints.websecure]
address = ":443" address = ":443"
``` ```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.web.address=:80 --entryPoints.web.address=:80
@ -63,17 +63,10 @@ and whether to listen for TCP or UDP.
``` ```
- Two entrypoints are defined: one called `web`, and the other called `websecure`. - Two entrypoints are defined: one called `web`, and the other called `websecure`.
- `web` listens on port `80`, and `websecure` on port `443`. - `web` listens on port `80`, and `websecure` on port `443`.
??? example "UDP on port 1704" ??? example "UDP on port 1704"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.streaming]
address = ":1704/udp"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -81,6 +74,13 @@ and whether to listen for TCP or UDP.
address: ":1704/udp" address: ":1704/udp"
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.streaming]
address = ":1704/udp"
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.streaming.address=:1704/udp --entryPoints.streaming.address=:1704/udp
@ -91,31 +91,10 @@ and whether to listen for TCP or UDP.
### General ### General
EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
They can be defined by using a file (TOML or YAML) or CLI arguments. They can be defined by using a file (YAML or TOML) or CLI arguments.
??? info "See the complete reference for the list of available options" ??? info "See the complete reference for the list of available options"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888" # same as ":8888/tcp"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.name.proxyProtocol]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
[entryPoints.name.forwardedHeaders]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -140,7 +119,28 @@ They can be defined by using a file (TOML or YAML) or CLI arguments.
- "127.0.0.1" - "127.0.0.1"
- "192.168.0.1" - "192.168.0.1"
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888" # same as ":8888/tcp"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.name.proxyProtocol]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
[entryPoints.name.forwardedHeaders]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.name.address=:8888 # same as :8888/tcp --entryPoints.name.address=:8888 # same as :8888/tcp
@ -170,15 +170,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
??? example "Both TCP and UDP on Port 3179" ??? example "Both TCP and UDP on Port 3179"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.tcpep]
address = ":3179"
[entryPoints.udpep]
address = ":3179/udp"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -188,6 +179,15 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
address: ":3179/udp" address: ":3179/udp"
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.tcpep]
address = ":3179"
[entryPoints.udpep]
address = ":3179/udp"
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.tcpep.address=:3179 --entryPoints.tcpep.address=:3179
@ -196,13 +196,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
??? example "Listen on Specific IP Addresses Only" ??? example "Listen on Specific IP Addresses Only"
```toml tab="File (TOML)"
[entryPoints.specificIPv4]
address = "192.168.2.7:8888"
[entryPoints.specificIPv6]
address = "[2001:db8::1]:8888"
```
```yaml tab="File (yaml)" ```yaml tab="File (yaml)"
entryPoints: entryPoints:
specificIPv4: specificIPv4:
@ -210,12 +203,19 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
specificIPv6: specificIPv6:
address: "[2001:db8::1]:8888" address: "[2001:db8::1]:8888"
``` ```
```toml tab="File (TOML)"
[entryPoints.specificIPv4]
address = "192.168.2.7:8888"
[entryPoints.specificIPv6]
address = "[2001:db8::1]:8888"
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.specificIPv4.address=192.168.2.7:8888 --entrypoints.specificIPv4.address=192.168.2.7:8888
--entrypoints.specificIPv6.address=[2001:db8::1]:8888 --entrypoints.specificIPv6.address=[2001:db8::1]:8888
``` ```
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go. Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
### Forwarded Headers ### Forwarded Headers
@ -223,19 +223,9 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`). You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`).
??? info "`forwardedHeaders.trustedIPs`" ??? info "`forwardedHeaders.trustedIPs`"
Trusting Forwarded Headers from specific IPs. Trusting Forwarded Headers from specific IPs.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -246,7 +236,17 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.web.address=:80 --entryPoints.web.address=:80
@ -254,19 +254,9 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
``` ```
??? info "`forwardedHeaders.insecure`" ??? info "`forwardedHeaders.insecure`"
Insecure Mode (Always Trusting Forwarded Headers). Insecure Mode (Always Trusting Forwarded Headers).
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
insecure = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -275,7 +265,17 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
forwardedHeaders: forwardedHeaders:
insecure: true insecure: true
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
insecure = true
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.web.address=:80 --entryPoints.web.address=:80
@ -290,25 +290,15 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
Setting them has no effect for UDP entryPoints. Setting them has no effect for UDP entryPoints.
??? info "`transport.respondingTimeouts.readTimeout`" ??? info "`transport.respondingTimeouts.readTimeout`"
_Optional, Default=0s_ _Optional, Default=0s_
`readTimeout` is the maximum duration for reading the entire request, including the body. `readTimeout` is the maximum duration for reading the entire request, including the body.
If zero, no timeout exists. If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds. If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -318,24 +308,7 @@ Setting them has no effect for UDP entryPoints.
respondingTimeouts: respondingTimeouts:
readTimeout: 42 readTimeout: 42
``` ```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
```
??? info "`transport.respondingTimeouts.writeTimeout`"
_Optional, Default=0s_
`writeTimeout` is the maximum duration before timing out writes of the response.
It covers the time from the end of the request header read to the end of the response write.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
## Static configuration ## Static configuration
[entryPoints] [entryPoints]
@ -343,9 +316,26 @@ Setting them has no effect for UDP entryPoints.
address = ":8888" address = ":8888"
[entryPoints.name.transport] [entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts] [entryPoints.name.transport.respondingTimeouts]
writeTimeout = 42 readTimeout = 42
``` ```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
```
??? info "`transport.respondingTimeouts.writeTimeout`"
_Optional, Default=0s_
`writeTimeout` is the maximum duration before timing out writes of the response.
It covers the time from the end of the request header read to the end of the response write.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -355,23 +345,7 @@ Setting them has no effect for UDP entryPoints.
respondingTimeouts: respondingTimeouts:
writeTimeout: 42 writeTimeout: 42
``` ```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
```
??? info "`transport.respondingTimeouts.idleTimeout`"
_Optional, Default=180s_
`idleTimeout` is the maximum duration an idle (keep-alive) connection will remain idle before closing itself.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
## Static configuration ## Static configuration
[entryPoints] [entryPoints]
@ -379,9 +353,25 @@ Setting them has no effect for UDP entryPoints.
address = ":8888" address = ":8888"
[entryPoints.name.transport] [entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts] [entryPoints.name.transport.respondingTimeouts]
idleTimeout = 42 writeTimeout = 42
``` ```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
```
??? info "`transport.respondingTimeouts.idleTimeout`"
_Optional, Default=180s_
`idleTimeout` is the maximum duration an idle (keep-alive) connection will remain idle before closing itself.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -391,7 +381,17 @@ Setting them has no effect for UDP entryPoints.
respondingTimeouts: respondingTimeouts:
idleTimeout: 42 idleTimeout: 42
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
idleTimeout = 42
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.name.address=:8888 --entryPoints.name.address=:8888
@ -403,27 +403,17 @@ Setting them has no effect for UDP entryPoints.
Controls the behavior of Traefik during the shutdown phase. Controls the behavior of Traefik during the shutdown phase.
??? info "`lifeCycle.requestAcceptGraceTimeout`" ??? info "`lifeCycle.requestAcceptGraceTimeout`"
_Optional, Default=0s_ _Optional, Default=0s_
Duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `graceTimeOut` option). Duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `graceTimeOut` option).
This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds. If no units are provided, the value is parsed assuming seconds.
The zero duration disables the request accepting grace period, i.e., Traefik will immediately proceed to the grace period. The zero duration disables the request accepting grace period, i.e., Traefik will immediately proceed to the grace period.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -433,25 +423,7 @@ Controls the behavior of Traefik during the shutdown phase.
lifeCycle: lifeCycle:
requestAcceptGraceTimeout: 42 requestAcceptGraceTimeout: 42
``` ```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
```
??? info "`lifeCycle.graceTimeOut`"
_Optional, Default=10s_
Duration to give active requests a chance to finish before Traefik stops.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
!!! warning "In this time frame no new requests are accepted."
```toml tab="File (TOML)" ```toml tab="File (TOML)"
## Static configuration ## Static configuration
[entryPoints] [entryPoints]
@ -459,9 +431,27 @@ Controls the behavior of Traefik during the shutdown phase.
address = ":8888" address = ":8888"
[entryPoints.name.transport] [entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle] [entryPoints.name.transport.lifeCycle]
graceTimeOut = 42 requestAcceptGraceTimeout = 42
``` ```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
```
??? info "`lifeCycle.graceTimeOut`"
_Optional, Default=10s_
Duration to give active requests a chance to finish before Traefik stops.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
!!! warning "In this time frame no new requests are accepted."
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -471,7 +461,17 @@ Controls the behavior of Traefik during the shutdown phase.
lifeCycle: lifeCycle:
graceTimeOut: 42 graceTimeOut: 42
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
graceTimeOut = 42
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--entryPoints.name.address=:8888 --entryPoints.name.address=:8888
@ -486,20 +486,10 @@ If Proxy Protocol header parsing is enabled for the entry point, this entry poin
If the Proxy Protocol header is passed, then the version is determined automatically. If the Proxy Protocol header is passed, then the version is determined automatically.
??? info "`proxyProtocol.trustedIPs`" ??? info "`proxyProtocol.trustedIPs`"
Enabling Proxy Protocol with Trusted IPs. Enabling Proxy Protocol with Trusted IPs.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -510,7 +500,17 @@ If the Proxy Protocol header is passed, then the version is determined automatic
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```bash tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7 --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7
@ -521,20 +521,10 @@ If the Proxy Protocol header is passed, then the version is determined automatic
??? info "`proxyProtocol.insecure`" ??? info "`proxyProtocol.insecure`"
Insecure Mode (Testing Environment Only). Insecure Mode (Testing Environment Only).
In a test environments, you can configure Traefik to trust every incoming connection. In a test environments, you can configure Traefik to trust every incoming connection.
Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect) Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
insecure = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
entryPoints: entryPoints:
@ -543,7 +533,17 @@ If the Proxy Protocol header is passed, then the version is determined automatic
proxyProtocol: proxyProtocol:
insecure: true insecure: true
``` ```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
insecure = true
```
```bash tab="CLI" ```bash tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure --entryPoints.web.proxyProtocol.insecure
@ -561,21 +561,7 @@ This whole section is dedicated to options, keyed by entry point, that will appl
### Redirection ### Redirection
??? example "HTTPS redirection (80 to 443)" ??? example "HTTPS redirection (80 to 443)"
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
@ -585,11 +571,25 @@ This whole section is dedicated to options, keyed by entry point, that will appl
entryPoint: entryPoint:
to: websecure to: websecure
scheme: https scheme: https
websecure: websecure:
address: :443 address: :443
``` ```
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.web.address=:80 --entrypoints.web.address=:80
--entrypoints.web.http.redirections.entryPoint.to=websecure --entrypoints.web.http.redirections.entryPoint.to=websecure
@ -602,22 +602,14 @@ This whole section is dedicated to options, keyed by entry point, that will appl
This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`) or an explicit port (`:443`). This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`) or an explicit port (`:443`).
??? info "`entryPoint.to`" ??? info "`entryPoint.to`"
_Required_ _Required_
The target element, it can be: The target element, it can be:
- an entry point name (ex: `websecure`) - an entry point name (ex: `websecure`)
- a port (`:443`) - a port (`:443`)
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
to = "websecure"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
foo: foo:
@ -627,26 +619,25 @@ This section is a convenience to enable (permanent) redirecting of all incoming
entryPoint: entryPoint:
to: websecure to: websecure
``` ```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.to=websecure
```
??? info "`entryPoint.scheme`"
_Optional, Default="https"_
The redirection target scheme.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[entryPoints.foo] [entryPoints.foo]
# ... # ...
[entryPoints.foo.http.redirections] [entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint] [entryPoints.foo.http.redirections.entryPoint]
# ... to = "websecure"
scheme = "https"
``` ```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.to=websecure
```
??? info "`entryPoint.scheme`"
_Optional, Default="https"_
The redirection target scheme.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
foo: foo:
@ -657,16 +648,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
# ... # ...
scheme: https scheme: https
``` ```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.scheme=https
```
??? info "`entryPoint.permanent`"
_Optional, Default=true_
To apply a permanent redirection.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[entryPoints.foo] [entryPoints.foo]
@ -674,9 +655,19 @@ This section is a convenience to enable (permanent) redirecting of all incoming
[entryPoints.foo.http.redirections] [entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint] [entryPoints.foo.http.redirections.entryPoint]
# ... # ...
permanent = true scheme = "https"
``` ```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.scheme=https
```
??? info "`entryPoint.permanent`"
_Optional, Default=true_
To apply a permanent redirection.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
foo: foo:
@ -687,16 +678,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
# ... # ...
permanent: true permanent: true
``` ```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.permanent=true
```
??? info "`entryPoint.priority`"
_Optional, Default=1_
Priority of the generated router.
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[entryPoints.foo] [entryPoints.foo]
@ -704,9 +685,19 @@ This section is a convenience to enable (permanent) redirecting of all incoming
[entryPoints.foo.http.redirections] [entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint] [entryPoints.foo.http.redirections.entryPoint]
# ... # ...
priority = 10 permanent = true
``` ```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.permanent=true
```
??? info "`entryPoint.priority`"
_Optional, Default=1_
Priority of the generated router.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
foo: foo:
@ -717,7 +708,16 @@ This section is a convenience to enable (permanent) redirecting of all incoming
# ... # ...
priority: 10 priority: 10
``` ```
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
priority = 10
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.priority=10 --entrypoints.foo.http.redirections.entrypoint.priority=10
``` ```
@ -726,14 +726,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point.
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
middlewares = ["auth@file", "strip@file"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
websecure: websecure:
@ -744,6 +736,14 @@ entryPoints:
- strip@file - strip@file
``` ```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
middlewares = ["auth@file", "strip@file"]
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.websecure.address=:443 --entrypoints.websecure.address=:443
--entrypoints.websecure.http.middlewares=auth@file,strip@file --entrypoints.websecure.http.middlewares=auth@file,strip@file
@ -757,21 +757,6 @@ If a TLS section (i.e. any of its fields) is user-defined, then the default conf
The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls). The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls).
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
options = "foobar"
certResolver = "leresolver"
[[entryPoints.websecure.http.tls.domains]]
main = "example.com"
sans = ["foo.example.com", "bar.example.com"]
[[entryPoints.websecure.http.tls.domains]]
main = "test.com"
sans = ["foo.test.com", "bar.test.com"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
websecure: websecure:
@ -791,6 +776,21 @@ entryPoints:
- bar.test.com - bar.test.com
``` ```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
options = "foobar"
certResolver = "leresolver"
[[entryPoints.websecure.http.tls.domains]]
main = "example.com"
sans = ["foo.example.com", "bar.example.com"]
[[entryPoints.websecure.http.tls.domains]]
main = "test.com"
sans = ["foo.test.com", "bar.test.com"]
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.websecure.address=:443 --entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.options=foobar --entrypoints.websecure.http.tls.options=foobar
@ -802,15 +802,7 @@ entryPoints:
``` ```
??? example "Let's Encrypt" ??? example "Let's Encrypt"
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "leresolver"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
websecure: websecure:
@ -819,7 +811,15 @@ entryPoints:
tls: tls:
certResolver: leresolver certResolver: leresolver
``` ```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "leresolver"
```
```bash tab="CLI" ```bash tab="CLI"
--entrypoints.websecure.address=:443 --entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.certResolver=leresolver --entrypoints.websecure.http.tls.certResolver=leresolver

246
docs/content/routing/overview.md
View file

@ -26,18 +26,6 @@ In the process, Traefik will make sure that the user is authenticated (using the
Static configuration: Static configuration:
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
@ -50,6 +38,18 @@ providers:
directory: /path/to/dynamic/conf directory: /path/to/dynamic/conf
``` ```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```bash tab="CLI" ```bash tab="CLI"
# Listen on port 8081 for incoming requests # Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081 --entryPoints.web.address=:8081
@ -60,30 +60,6 @@ providers:
Dynamic configuration: Dynamic configuration:
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
```
```yaml tab="YAML" ```yaml tab="YAML"
# http routing section # http routing section
http: http:
@ -112,6 +88,30 @@ http:
- url: http://private/whoami-service - url: http://private/whoami-service
``` ```
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
```
!!! info "" !!! info ""
In this example, we use the [file provider](../providers/file.md). In this example, we use the [file provider](../providers/file.md).
@ -125,7 +125,18 @@ http:
??? example "Adding a TCP route for TLS requests on whoami.example.com" ??? example "Adding a TCP route for TLS requests on whoami.example.com"
**Static Configuration** **Static Configuration**
```yaml tab="File (YAML)"
entryPoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in file
file:
directory: /path/to/dynamic/conf
```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[entryPoints] [entryPoints]
[entryPoints.web] [entryPoints.web]
@ -137,64 +148,17 @@ http:
[providers.file] [providers.file]
directory = "/path/to/dynamic/conf" directory = "/path/to/dynamic/conf"
``` ```
```yaml tab="File (YAML)"
entryPoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in file
file:
directory: /path/to/dynamic/conf
```
```bash tab="CLI" ```bash tab="CLI"
# Listen on port 8081 for incoming requests # Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081 --entryPoints.web.address=:8081
# Enable the file provider to define routers / middlewares / services in file # Enable the file provider to define routers / middlewares / services in file
--providers.file.directory=/path/to/dynamic/conf --providers.file.directory=/path/to/dynamic/conf
``` ```
**Dynamic Configuration** **Dynamic Configuration**
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
[tcp]
[tcp.routers]
[tcp.routers.to-whoami-tcp]
rule = "HostSNI(`whoami-tcp.example.com`)"
service = "whoami-tcp"
[tcp.routers.to-whoami-tcp.tls]
[tcp.services]
[tcp.services.whoami-tcp.loadBalancer]
[[tcp.services.whoami-tcp.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
```yaml tab="YAML" ```yaml tab="YAML"
# http routing section # http routing section
http: http:
@ -237,6 +201,42 @@ http:
- address: xx.xx.xx.xx:xx - address: xx.xx.xx.xx:xx
``` ```
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
[tcp]
[tcp.routers]
[tcp.routers.to-whoami-tcp]
rule = "HostSNI(`whoami-tcp.example.com`)"
service = "whoami-tcp"
[tcp.routers.to-whoami-tcp.tls]
[tcp.services]
[tcp.services.whoami-tcp.loadBalancer]
[[tcp.services.whoami-tcp.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
## Transport configuration ## Transport configuration
Most of what happens to the connection between the clients and Traefik, Most of what happens to the connection between the clients and Traefik,
@ -254,18 +254,18 @@ _Optional, Default=false_
`insecureSkipVerify` disables SSL certificate verification. `insecureSkipVerify` disables SSL certificate verification.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
insecureSkipVerify = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
serversTransport: serversTransport:
insecureSkipVerify: true insecureSkipVerify: true
``` ```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
insecureSkipVerify = true
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--serversTransport.insecureSkipVerify=true --serversTransport.insecureSkipVerify=true
@ -278,12 +278,6 @@ _Optional_
`rootCAs` is the list of certificates (as file paths, or data bytes) `rootCAs` is the list of certificates (as file paths, or data bytes)
that will be set as Root Certificate Authorities when using a self-signed TLS certificate. that will be set as Root Certificate Authorities when using a self-signed TLS certificate.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
rootCAs = ["foo.crt", "bar.crt"]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
serversTransport: serversTransport:
@ -292,6 +286,12 @@ serversTransport:
- bar.crt - bar.crt
``` ```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
rootCAs = ["foo.crt", "bar.crt"]
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--serversTransport.rootCAs=foo.crt,bar.crt --serversTransport.rootCAs=foo.crt,bar.crt
@ -303,18 +303,18 @@ _Optional, Default=2_
If non-zero, `maxIdleConnsPerHost` controls the maximum idle (keep-alive) connections to keep per-host. If non-zero, `maxIdleConnsPerHost` controls the maximum idle (keep-alive) connections to keep per-host.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
maxIdleConnsPerHost = 7
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
serversTransport: serversTransport:
maxIdleConnsPerHost: 7 maxIdleConnsPerHost: 7
``` ```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
maxIdleConnsPerHost = 7
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--serversTransport.maxIdleConnsPerHost=7 --serversTransport.maxIdleConnsPerHost=7
@ -331,12 +331,6 @@ _Optional, Default=30s_
`dialTimeout` is the maximum duration allowed for a connection to a backend server to be established. `dialTimeout` is the maximum duration allowed for a connection to a backend server to be established.
Zero means no timeout. Zero means no timeout.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
dialTimeout = "1s"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
serversTransport: serversTransport:
@ -344,6 +338,12 @@ serversTransport:
dialTimeout: 1s dialTimeout: 1s
``` ```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
dialTimeout = "1s"
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--serversTransport.forwardingTimeouts.dialTimeout=1s --serversTransport.forwardingTimeouts.dialTimeout=1s
@ -358,12 +358,6 @@ after fully writing the request (including its body, if any).
This time does not include the time to read the response body. This time does not include the time to read the response body.
Zero means no timeout. Zero means no timeout.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
responseHeaderTimeout = "1s"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
serversTransport: serversTransport:
@ -371,6 +365,12 @@ serversTransport:
responseHeaderTimeout: 1s responseHeaderTimeout: 1s
``` ```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
responseHeaderTimeout = "1s"
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--serversTransport.forwardingTimeouts.responseHeaderTimeout=1s --serversTransport.forwardingTimeouts.responseHeaderTimeout=1s
@ -384,12 +384,6 @@ _Optional, Default=90s_
will remain idle before closing itself. will remain idle before closing itself.
Zero means no limit. Zero means no limit.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
idleConnTimeout = "1s"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
## Static configuration ## Static configuration
serversTransport: serversTransport:
@ -397,6 +391,12 @@ serversTransport:
idleConnTimeout: 1s idleConnTimeout: 1s
``` ```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
idleConnTimeout = "1s"
```
```bash tab="CLI" ```bash tab="CLI"
## Static configuration ## Static configuration
--serversTransport.forwardingTimeouts.idleConnTimeout=1s --serversTransport.forwardingTimeouts.idleConnTimeout=1s

34
docs/content/routing/providers/docker.md
View file

@ -13,15 +13,15 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider Enabling the docker provider
```toml tab="File (TOML)"
[providers.docker]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: {} docker: {}
``` ```
```toml tab="File (TOML)"
[providers.docker]
```
```bash tab="CLI" ```bash tab="CLI"
--providers.docker=true --providers.docker=true
``` ```
@ -82,15 +82,6 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider (Swarm Mode) Enabling the docker provider (Swarm Mode)
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
docker: docker:
@ -101,6 +92,15 @@ Attach labels to your containers and let Traefik do the rest!
swarmMode: true swarmMode: true
``` ```
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```bash tab="CLI" ```bash tab="CLI"
# swarm classic (1.12-) # swarm classic (1.12-)
# --providers.docker.endpoint=tcp://127.0.0.1:2375 # --providers.docker.endpoint=tcp://127.0.0.1:2375
@ -266,7 +266,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
!!! warning "The character `@` is not authorized in the service name `<service_name>`." !!! warning "The character `@` is not authorized in the service name `<service_name>`."
??? info "`traefik.http.services.<service_name>.loadbalancer.server.port`" ??? info "`traefik.http.services.<service_name>.loadbalancer.server.port`"
Registers a port. Registers a port.
Useful when the container exposes multiples ports. Useful when the container exposes multiples ports.
@ -289,7 +289,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.
See [serverstransport](../services/index.md#serverstransport) for more information. See [serverstransport](../services/index.md#serverstransport) for more information.
```yaml ```yaml
- "traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar@file" - "traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar@file"
``` ```
@ -399,9 +399,9 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
``` ```
??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`" ??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`"
See [sticky sessions](../services/index.md#sticky-sessions) for more information. See [sticky sessions](../services/index.md#sticky-sessions) for more information.
```yaml ```yaml
- "traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none" - "traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none"
``` ```

102
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -12,7 +12,7 @@ which in turn will create the resulting routers, services, handlers, etc.
## Configuration Example ## Configuration Example
??? example "Configuring Kubernetes Ingress Controller" ??? example "Configuring Kubernetes Ingress Controller"
```yaml tab="RBAC" ```yaml tab="RBAC"
--- ---
kind: ClusterRole kind: ClusterRole
@ -46,7 +46,7 @@ which in turn will create the resulting routers, services, handlers, etc.
- ingresses/status - ingresses/status
verbs: verbs:
- update - update
--- ---
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
@ -61,7 +61,7 @@ which in turn will create the resulting routers, services, handlers, etc.
name: traefik-ingress-controller name: traefik-ingress-controller
namespace: default namespace: default
``` ```
```yaml tab="Ingress" ```yaml tab="Ingress"
kind: Ingress kind: Ingress
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
@ -69,7 +69,7 @@ which in turn will create the resulting routers, services, handlers, etc.
name: myingress name: myingress
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web traefik.ingress.kubernetes.io/router.entrypoints: web
spec: spec:
rules: rules:
- host: example.com - host: example.com
@ -90,7 +90,7 @@ which in turn will create the resulting routers, services, handlers, etc.
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: traefik-ingress-controller name: traefik-ingress-controller
--- ---
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -98,7 +98,7 @@ which in turn will create the resulting routers, services, handlers, etc.
name: traefik name: traefik
labels: labels:
app: traefik app: traefik
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -119,7 +119,7 @@ which in turn will create the resulting routers, services, handlers, etc.
ports: ports:
- name: web - name: web
containerPort: 80 containerPort: 80
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -135,7 +135,7 @@ which in turn will create the resulting routers, services, handlers, etc.
name: web name: web
targetPort: 80 targetPort: 80
``` ```
```yaml tab="Whoami" ```yaml tab="Whoami"
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -144,7 +144,7 @@ which in turn will create the resulting routers, services, handlers, etc.
labels: labels:
app: traefiklabs app: traefiklabs
name: whoami name: whoami
spec: spec:
replicas: 2 replicas: 2
selector: selector:
@ -162,13 +162,13 @@ which in turn will create the resulting routers, services, handlers, etc.
image: traefik/whoami image: traefik/whoami
ports: ports:
- containerPort: 80 - containerPort: 80
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: whoami name: whoami
spec: spec:
ports: ports:
- name: http - name: http
@ -210,7 +210,7 @@ which in turn will create the resulting routers, services, handlers, etc.
Overrides the default router rule type used for a path. Overrides the default router rule type used for a path.
Only path-related matcher name can be specified: `Path`, `PathPrefix`. Only path-related matcher name can be specified: `Path`, `PathPrefix`.
Default `PathPrefix` Default `PathPrefix`
```yaml ```yaml
@ -316,7 +316,7 @@ which in turn will create the resulting routers, services, handlers, etc.
``` ```
## Path Types on Kubernetes 1.18+ ## Path Types on Kubernetes 1.18+
If the Kubernetes cluster version is 1.18+, If the Kubernetes cluster version is 1.18+,
the new `pathType` property can be leveraged to define the rules matchers: the new `pathType` property can be leveraged to define the rules matchers:
@ -341,14 +341,6 @@ TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entry
--entrypoints.websecure.http.tls --entrypoints.websecure.http.tls
``` ```
```toml tab="File (TOML)"
# Static configuration
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Static configuration # Static configuration
entryPoints: entryPoints:
@ -358,10 +350,18 @@ entryPoints:
tls: {} tls: {}
``` ```
```toml tab="File (TOML)"
# Static configuration
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
```
This way, any Ingress attached to this Entrypoint will have TLS termination by default. This way, any Ingress attached to this Entrypoint will have TLS termination by default.
??? example "Configuring Kubernetes Ingress Controller with TLS on Entrypoint" ??? example "Configuring Kubernetes Ingress Controller with TLS on Entrypoint"
```yaml tab="RBAC" ```yaml tab="RBAC"
--- ---
kind: ClusterRole kind: ClusterRole
@ -395,7 +395,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
- ingresses/status - ingresses/status
verbs: verbs:
- update - update
--- ---
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
@ -410,7 +410,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
name: traefik-ingress-controller name: traefik-ingress-controller
namespace: default namespace: default
``` ```
```yaml tab="Ingress" ```yaml tab="Ingress"
kind: Ingress kind: Ingress
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
@ -418,7 +418,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
name: myingress name: myingress
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec: spec:
rules: rules:
- host: example.com - host: example.com
@ -439,7 +439,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: traefik-ingress-controller name: traefik-ingress-controller
--- ---
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -447,7 +447,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
name: traefik name: traefik
labels: labels:
app: traefik app: traefik
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -469,7 +469,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
ports: ports:
- name: websecure - name: websecure
containerPort: 443 containerPort: 443
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -485,7 +485,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
name: websecure name: websecure
targetPort: 443 targetPort: 443
``` ```
```yaml tab="Whoami" ```yaml tab="Whoami"
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -494,7 +494,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
labels: labels:
app: traefiklabs app: traefiklabs
name: whoami name: whoami
spec: spec:
replicas: 2 replicas: 2
selector: selector:
@ -512,13 +512,13 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
image: traefik/whoami image: traefik/whoami
ports: ports:
- containerPort: 80 - containerPort: 80
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: whoami name: whoami
spec: spec:
ports: ports:
- name: http - name: http
@ -535,11 +535,11 @@ To enable TLS on the underlying router created from an Ingress, one should confi
```yaml ```yaml
traefik.ingress.kubernetes.io/router.tls: "true" traefik.ingress.kubernetes.io/router.tls: "true"
``` ```
For more options, please refer to the available [annotations](#on-ingress). For more options, please refer to the available [annotations](#on-ingress).
??? example "Configuring Kubernetes Ingress Controller with TLS" ??? example "Configuring Kubernetes Ingress Controller with TLS"
```yaml tab="RBAC" ```yaml tab="RBAC"
--- ---
kind: ClusterRole kind: ClusterRole
@ -573,7 +573,7 @@ For more options, please refer to the available [annotations](#on-ingress).
- ingresses/status - ingresses/status
verbs: verbs:
- update - update
--- ---
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
@ -588,7 +588,7 @@ For more options, please refer to the available [annotations](#on-ingress).
name: traefik-ingress-controller name: traefik-ingress-controller
namespace: default namespace: default
``` ```
```yaml tab="Ingress" ```yaml tab="Ingress"
kind: Ingress kind: Ingress
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
@ -597,7 +597,7 @@ For more options, please refer to the available [annotations](#on-ingress).
annotations: annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: true traefik.ingress.kubernetes.io/router.tls: true
spec: spec:
rules: rules:
- host: example.com - host: example.com
@ -618,7 +618,7 @@ For more options, please refer to the available [annotations](#on-ingress).
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: traefik-ingress-controller name: traefik-ingress-controller
--- ---
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -626,7 +626,7 @@ For more options, please refer to the available [annotations](#on-ingress).
name: traefik name: traefik
labels: labels:
app: traefik app: traefik
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@ -647,7 +647,7 @@ For more options, please refer to the available [annotations](#on-ingress).
ports: ports:
- name: websecure - name: websecure
containerPort: 443 containerPort: 443
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
@ -663,7 +663,7 @@ For more options, please refer to the available [annotations](#on-ingress).
name: websecure name: websecure
targetPort: 443 targetPort: 443
``` ```
```yaml tab="Whoami" ```yaml tab="Whoami"
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
@ -672,7 +672,7 @@ For more options, please refer to the available [annotations](#on-ingress).
labels: labels:
app: traefiklabs app: traefiklabs
name: whoami name: whoami
spec: spec:
replicas: 2 replicas: 2
selector: selector:
@ -690,13 +690,13 @@ For more options, please refer to the available [annotations](#on-ingress).
image: traefik/whoami image: traefik/whoami
ports: ports:
- containerPort: 80 - containerPort: 80
--- ---
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: whoami name: whoami
spec: spec:
ports: ports:
- name: http - name: http
@ -709,14 +709,14 @@ For more options, please refer to the available [annotations](#on-ingress).
### Certificates Management ### Certificates Management
??? example "Using a secret" ??? example "Using a secret"
```yaml tab="Ingress" ```yaml tab="Ingress"
kind: Ingress kind: Ingress
apiVersion: networking.k8s.io/v1beta1 apiVersion: networking.k8s.io/v1beta1
metadata: metadata:
name: foo name: foo
namespace: production namespace: production
spec: spec:
rules: rules:
- host: example.net - host: example.net
@ -738,7 +738,7 @@ For more options, please refer to the available [annotations](#on-ingress).
kind: Secret kind: Secret
metadata: metadata:
name: supersecret name: supersecret
data: data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
@ -747,7 +747,7 @@ For more options, please refer to the available [annotations](#on-ingress).
TLS certificates can be managed in Secrets objects. TLS certificates can be managed in Secrets objects.
!!! info !!! info
Only TLS certificates provided by users can be stored in Kubernetes Secrets. Only TLS certificates provided by users can be stored in Kubernetes Secrets.
[Let's Encrypt](../../https/acme.md) certificates cannot be managed in Kubernetes Secrets yet. [Let's Encrypt](../../https/acme.md) certificates cannot be managed in Kubernetes Secrets yet.
@ -767,7 +767,7 @@ If either of those configuration options exist, then the backend communication p
and will connect via TLS automatically. and will connect via TLS automatically.
!!! info !!! info
Please note that by enabling TLS communication between traefik and your pods, Please note that by enabling TLS communication between traefik and your pods,
you will have to have trusted certificates that have the proper trust chain and IP subject name. you will have to have trusted certificates that have the proper trust chain and IP subject name.
If this is not an option, you may need to skip TLS certificate verification. If this is not an option, you may need to skip TLS certificate verification.
@ -793,8 +793,8 @@ This ingress follows the Global Default Backend property of ingresses.
This will allow users to create a "default router" that will match all unmatched requests. This will allow users to create a "default router" that will match all unmatched requests.
!!! info !!! info
Due to Traefik's use of priorities, you may have to set this ingress priority lower than other ingresses in your environment, Due to Traefik's use of priorities, you may have to set this ingress priority lower than other ingresses in your environment,
to avoid this global ingress from satisfying requests that could match other ingresses. to avoid this global ingress from satisfying requests that could match other ingresses.
To do this, use the `traefik.ingress.kubernetes.io/router.priority` annotation (as seen in [Annotations on Ingress](#on-ingress)) on your ingresses accordingly. To do this, use the `traefik.ingress.kubernetes.io/router.priority` annotation (as seen in [Annotations on Ingress](#on-ingress)) on your ingresses accordingly.

732
docs/content/routing/routers/index.md
View file

File diff suppressed because it is too large Load diff

666
docs/content/routing/services/index.md
View file

File diff suppressed because it is too large Load diff

142
docs/content/user-guides/grpc.md
View file

@ -8,17 +8,6 @@ This section explains how to use Traefik as reverse proxy for gRPC application.
Static configuration: Static configuration:
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
web: web:
@ -31,30 +20,24 @@ providers:
api: {} api: {}
``` ```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="CLI" ```yaml tab="CLI"
--entryPoints.web.address=:80 --entryPoints.web.address=:80
--providers.file.directory=/path/to/dynamic/config --providers.file.directory=/path/to/dynamic/config
--api.insecure=true --api.insecure=true
``` ```
`/path/to/dynamic/config/dynamic_conf.{toml,yml}`: `/path/to/dynamic/config/dynamic_conf.{yml,toml}`:
```toml tab="TOML"
## dynamic configuration ##
[http]
[http.routers]
[http.routers.routerTest]
service = "srv-grpc"
rule = "Host(`frontend.local`)"
[http.services]
[http.services.srv-grpc]
[http.services.srv-grpc.loadBalancer]
[[http.services.srv-grpc.loadBalancer.servers]]
url = "h2c://backend.local:8080"
```
```yaml tab="YAML" ```yaml tab="YAML"
## dynamic configuration ## ## dynamic configuration ##
@ -72,6 +55,23 @@ http:
- url: h2c://backend.local:8080 - url: h2c://backend.local:8080
``` ```
```toml tab="TOML"
## dynamic configuration ##
[http]
[http.routers]
[http.routers.routerTest]
service = "srv-grpc"
rule = "Host(`frontend.local`)"
[http.services]
[http.services.srv-grpc]
[http.services.srv-grpc.loadBalancer]
[[http.services.srv-grpc.loadBalancer.servers]]
url = "h2c://backend.local:8080"
```
!!! warning !!! warning
For providers with labels, you will have to specify the `traefik.http.services.<my-service-name>.loadbalancer.server.scheme=h2c` For providers with labels, you will have to specify the `traefik.http.services.<my-service-name>.loadbalancer.server.scheme=h2c`
@ -119,22 +119,6 @@ At last, we configure our Traefik instance to use both self-signed certificates.
Static configuration: Static configuration:
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.websecure]
address = ":4443"
[serversTransport]
# For secure connection on backend.local
rootCAs = [ "./backend.cert" ]
[api]
[provider.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
entryPoints: entryPoints:
websecure: websecure:
@ -152,6 +136,22 @@ providers:
api: {} api: {}
``` ```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.websecure]
address = ":4443"
[serversTransport]
# For secure connection on backend.local
rootCAs = [ "./backend.cert" ]
[api]
[provider.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="CLI" ```yaml tab="CLI"
--entryPoints.websecure.address=:4443 --entryPoints.websecure.address=:4443
# For secure connection on backend.local # For secure connection on backend.local
@ -160,32 +160,7 @@ api: {}
--api.insecure=true --api.insecure=true
``` ```
`/path/to/dynamic/config/dynamic_conf.{toml,yml}`: `/path/to/dynamic/config/dynamic_conf.{yml,toml}`:
```toml tab="TOML"
## dynamic configuration ##
[http]
[http.routers]
[http.routers.routerTest]
service = "srv-grpc"
rule = "Host(`frontend.local`)"
[http.services]
[http.services.srv-grpc]
[http.services.srv-grpc.loadBalancer]
[[http.services.srv-grpc.loadBalancer.servers]]
# Access on backend with HTTPS
url = "https://backend.local:8080"
[tls]
# For secure connection on frontend.local
[[tls.certificates]]
certFile = "./frontend.cert"
keyFile = "./frontend.key"
```
```yaml tab="YAML" ```yaml tab="YAML"
## dynamic configuration ## ## dynamic configuration ##
@ -208,6 +183,31 @@ tls:
keyfile: ./frontend.key keyfile: ./frontend.key
``` ```
```toml tab="TOML"
## dynamic configuration ##
[http]
[http.routers]
[http.routers.routerTest]
service = "srv-grpc"
rule = "Host(`frontend.local`)"
[http.services]
[http.services.srv-grpc]
[http.services.srv-grpc.loadBalancer]
[[http.services.srv-grpc.loadBalancer.servers]]
# Access on backend with HTTPS
url = "https://backend.local:8080"
[tls]
# For secure connection on frontend.local
[[tls.certificates]]
certFile = "./frontend.cert"
keyFile = "./frontend.key"
```
!!! warning !!! warning
With some services, the server URLs use the IP, so you may need to configure `insecureSkipVerify` instead of the `rootCAs` to activate HTTPS without hostname verification. With some services, the server URLs use the IP, so you may need to configure `insecureSkipVerify` instead of the `rootCAs` to activate HTTPS without hostname verification.

2
pkg/provider/file/file.go
View file

@ -26,7 +26,7 @@ var _ provider.Provider = (*Provider)(nil)
// Provider holds configurations of the provider. // Provider holds configurations of the provider.
type Provider struct { type Provider struct {
Directory string `description:"Load dynamic configuration from one or more .toml or .yml files in a directory." json:"directory,omitempty" toml:"directory,omitempty" yaml:"directory,omitempty" export:"true"` Directory string `description:"Load dynamic configuration from one or more .yml or .toml files in a directory." json:"directory,omitempty" toml:"directory,omitempty" yaml:"directory,omitempty" export:"true"`
Watch bool `description:"Watch provider." json:"watch,omitempty" toml:"watch,omitempty" yaml:"watch,omitempty" export:"true"` Watch bool `description:"Watch provider." json:"watch,omitempty" toml:"watch,omitempty" yaml:"watch,omitempty" export:"true"`
Filename string `description:"Load dynamic configuration from a file." json:"filename,omitempty" toml:"filename,omitempty" yaml:"filename,omitempty" export:"true"` Filename string `description:"Load dynamic configuration from a file." json:"filename,omitempty" toml:"filename,omitempty" yaml:"filename,omitempty" export:"true"`
DebugLogGeneratedTemplate bool `description:"Enable debug logging of generated configuration template." json:"debugLogGeneratedTemplate,omitempty" toml:"debugLogGeneratedTemplate,omitempty" yaml:"debugLogGeneratedTemplate,omitempty" export:"true"` DebugLogGeneratedTemplate bool `description:"Enable debug logging of generated configuration template." json:"debugLogGeneratedTemplate,omitempty" toml:"debugLogGeneratedTemplate,omitempty" yaml:"debugLogGeneratedTemplate,omitempty" export:"true"`