baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Changing default file format for the snippets from TOML to YAML

Browse source
This commit is contained in:
Tom Moulard 2021-06-19 00:08:08 +02:00 committed by GitHub
parent 99a23b0414
commit c9df233d24
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
79 changed files with 3965 additions and 3964 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

70
docs/content/contributing/data-collection.md
View file

@ -10,18 +10,18 @@ For this very reason, the sendAnonymousUsage option is mandatory: we want you to
!!! example "Enabling Data Collection"
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```yaml tab="File (YAML)"
global:
# Send anonymous usage data
sendAnonymousUsage: true
```
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```bash tab="CLI"
# Send anonymous usage data
--global.sendAnonymousUsage
@ -52,42 +52,44 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
### Example of Collected Data
```toml tab="Original configuration"
[entryPoints]
[entryPoints.web]
address = ":80"
```yaml tab="Original configuration"
entryPoints:
web:
address: ":80"
[api]
api: {}
[providers.docker]
endpoint = "tcp://10.10.10.10:2375"
exposedByDefault = true
swarmMode = true
providers:
docker:
endpoint: "tcp://10.10.10.10:2375"
exposedByDefault: true
swarmMode: true
[providers.docker.TLS]
ca = "dockerCA"
cert = "dockerCert"
key = "dockerKey"
insecureSkipVerify = true
tls:
ca: dockerCA
cert: dockerCert
key: dockerKey
insecureSkipVerify: true
```
```toml tab="Resulting Obfuscated Configuration"
[entryPoints]
[entryPoints.web]
address = ":80"
```yaml tab="Resulting Obfuscated Configuration"
entryPoints:
web:
address: ":80"
[api]
api: {}
[providers.docker]
endpoint = "xxxx"
exposedByDefault = true
swarmMode = true
providers:
docker:
endpoint: "xxxx"
exposedByDefault: true
swarmMode: true
[providers.docker.TLS]
ca = "xxxx"
cert = "xxxx"
key = "xxxx"
insecureSkipVerify = true
tls:
ca: xxxx
cert: xxxx
key: xxxx
insecureSkipVerify: true
```
## The Code for Data Collection

4
docs/content/getting-started/configuration-overview.md
View file

@ -51,7 +51,7 @@ Once positioned, this option sets (and resets) all the default values of the sub
### Configuration File
At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` or `traefik.yaml`) in:
At startup, Traefik searches for a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:
- `/etc/traefik/`
- `$XDG_CONFIG_HOME/`
@ -61,7 +61,7 @@ At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` o
You can override this using the `configFile` argument.
```bash
traefik --configFile=foo/bar/myconfigfile.toml
traefik --configFile=foo/bar/myconfigfile.yml
```
### Arguments

2
docs/content/getting-started/faq.md
View file

@ -86,7 +86,7 @@ can handle all the requests when no other router has been matched.
The example below is a file provider only version (`yaml`) of what this configuration could look like:
```yaml tab="Static configuration"
# traefik.yaml
# traefik.yml
entrypoints:
web:

4
docs/content/getting-started/install-traefik.md
View file

@ -11,12 +11,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml)
```bash
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.4
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.4
```
For more details, go to the [Docker provider documentation](../providers/docker.md)

186
docs/content/https/acme.md
View file

@ -30,14 +30,14 @@ You can read more about this retrieval mechanism in the following section: [ACME
There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference:
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml"
```
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```bash tab="CLI"
--8<-- "content/https/ref-acme.txt"
```
@ -70,22 +70,6 @@ Please check the [configuration examples below](#configuration-examples) for mor
??? example "Enabling ACME"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```yaml tab="File (YAML)"
entryPoints:
web:
@ -104,6 +88,22 @@ Please check the [configuration examples below](#configuration-examples) for mor
entryPoint: web
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
@ -165,12 +165,6 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
??? example "Configuring the `tlsChallenge`"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -179,6 +173,12 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
tlsChallenge: {}
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.tlschallenge=true
@ -193,20 +193,6 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
??? example "Using an EntryPoint Called web for the `httpChallenge`"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
```
```yaml tab="File (YAML)"
entryPoints:
web:
@ -223,6 +209,20 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
entryPoint: web
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
@ -239,15 +239,6 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -259,6 +250,15 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
@ -388,14 +388,6 @@ For complete details, refer to your provider's _Additional configuration_ link.
Use custom DNS servers to resolve the FQDN authority.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -408,6 +400,14 @@ certificatesResolvers:
- "8.8.8.8:53"
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
@ -423,14 +423,6 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi
- `kid`: Key identifier from External CA
- `hmacEncoded`: HMAC key from External CA, should be in Base64 URL Encoding without padding format
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.eab]
kid = "abc-keyID-xyz"
hmacEncoded = "abc-hmac-xyz"
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -441,6 +433,14 @@ certificatesResolvers:
hmacEncoded: abc-hmac-xyz
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.eab]
kid = "abc-keyID-xyz"
hmacEncoded = "abc-hmac-xyz"
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.eab.kid=abc-keyID-xyz
@ -460,13 +460,6 @@ The CA server to use:
??? example "Using the Let's Encrypt staging server"
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -476,6 +469,13 @@ The CA server to use:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
@ -488,13 +488,6 @@ _Required, Default="acme.json"_
The `storage` option sets the location where your ACME certificates are saved to.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
storage = "acme.json"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -504,6 +497,13 @@ certificatesResolvers:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
storage = "acme.json"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.storage=acme.json
@ -534,13 +534,6 @@ Preferred chain to use.
If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
preferredChain = "ISRG Root X1"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -550,6 +543,13 @@ certificatesResolvers:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
preferredChain = "ISRG Root X1"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1"
@ -562,13 +562,6 @@ _Optional, Default="RSA4096"_
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
keyType = "RSA4096"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
@ -578,6 +571,13 @@ certificatesResolvers:
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
keyType = "RSA4096"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.keyType="RSA4096"

24
docs/content/https/include-acme-multiple-domains-example.md
View file

@ -64,18 +64,6 @@ labels:
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
sans = ["*.example.org"]
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -89,3 +77,15 @@ http:
sans:
- "*.example.org"
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
sans = ["*.example.org"]
```

18
docs/content/https/include-acme-multiple-domains-from-rule-example.md
View file

@ -52,15 +52,6 @@ labels:
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -70,3 +61,12 @@ http:
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

18
docs/content/https/include-acme-single-domain-example.md
View file

@ -52,15 +52,6 @@ labels:
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -70,3 +61,12 @@ http:
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

224
docs/content/https/tls.md
View file

@ -13,6 +13,17 @@ See the [Let's Encrypt](./acme.md) page.
To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section:
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
```
```toml tab="File (TOML)"
# Dynamic configuration
@ -25,17 +36,6 @@ To add / remove TLS certificates, even when Traefik is already running, their de
keyFile = "/path/to/other-domain.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
- certFile: /path/to/other-domain.cert
keyFile: /path/to/other-domain.key
```
!!! important "Restriction"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
@ -46,13 +46,6 @@ tls:
In Traefik, certificates are grouped together in certificates stores, which are defined as such:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -61,6 +54,13 @@ tls:
default: {}
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
```
!!! important "Restriction"
Any store definition other than the default one (named `default`) will be ignored,
@ -68,21 +68,6 @@ tls:
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -98,6 +83,21 @@ tls:
keyFile: /path/to/other-domain.key
```
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Restriction"
The `stores` list will actually be ignored and automatically set to `["default"]`.
@ -107,16 +107,6 @@ tls:
Traefik can use a default certificate for connections without a SNI, or without a matching domain.
This default certificate should be defined in a TLS store:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -128,6 +118,16 @@ tls:
keyFile: path/to/cert.key
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
## TLS Options
@ -155,18 +155,6 @@ The TLS options allow one to configure some parameters of the TLS connection.
### Minimum TLS Version
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -179,6 +167,18 @@ tls:
minVersion: VersionTLS13
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@ -206,18 +206,6 @@ We discourage the use of this setting to disable TLS1.3.
The recommended approach is to update the clients to support TLS1.3.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
maxVersion = "VersionTLS13"
[tls.options.maxtls12]
maxVersion = "VersionTLS12"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -230,6 +218,18 @@ tls:
maxVersion: VersionTLS12
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
maxVersion = "VersionTLS13"
[tls.options.maxtls12]
maxVersion = "VersionTLS12"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@ -255,16 +255,6 @@ spec:
See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -275,6 +265,16 @@ tls:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@ -301,14 +301,6 @@ The names of the curves defined by [`crypto`](https://godoc.org/crypto/tls#Curve
See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
curvePreferences = ["CurveP521", "CurveP384"]
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -320,6 +312,14 @@ tls:
- CurveP384
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
curvePreferences = ["CurveP521", "CurveP384"]
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@ -338,14 +338,6 @@ spec:
With strict SNI checking enabled, Traefik won't allow connections from clients
that do not specify a server_name extension or don't match any certificate configured on the tlsOption.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -355,6 +347,14 @@ tls:
sniStrict: true
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@ -371,14 +371,6 @@ spec:
This option allows the server to choose its most preferred cipher suite instead of the client's.
Please note that this is enabled automatically when `minVersion` or `maxVersion` are set.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -388,6 +380,14 @@ tls:
preferServerCipherSuites: true
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
@ -413,17 +413,6 @@ The `clientAuth.clientAuthType` option governs the behaviour as follows:
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@ -438,6 +427,17 @@ tls:
clientAuthType: RequireAndVerifyClientCert
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption

14
docs/content/middlewares/addprefix.md
View file

@ -43,13 +43,6 @@ labels:
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
```
```toml tab="File (TOML)"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
```yaml tab="File (YAML)"
# Prefixing with /foo
http:
@ -59,6 +52,13 @@ http:
prefix: "/foo"
```
```toml tab="File (TOML)"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
## Configuration Options
### `prefix`

88
docs/content/middlewares/basicauth.md
View file

@ -48,16 +48,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
@ -69,6 +59,16 @@ http:
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
## Configuration Options
### General
@ -142,16 +142,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
@ -163,6 +153,16 @@ http:
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@ -216,12 +216,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -230,6 +224,12 @@ http:
usersFile: "/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
usersFile = "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2"
```txt
@ -271,12 +271,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -285,6 +279,12 @@ http:
realm: "MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
realm = "MyRealm"
```
### `headerField`
You can define a header field to store the authenticated user using the `headerField`option.
@ -315,12 +315,6 @@ spec:
}
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -330,6 +324,12 @@ http:
headerField: "X-WebAuth-User"
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
@ -364,12 +364,6 @@ labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -377,3 +371,9 @@ http:
basicAuth:
removeHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```

74
docs/content/middlewares/buffering.md
View file

@ -47,13 +47,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
# Sets the maximum request body to 2MB
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)"
# Sets the maximum request body to 2MB
http:
@ -63,6 +56,13 @@ http:
maxRequestBodyBytes: 2000000
```
```toml tab="File (TOML)"
# Sets the maximum request body to 2MB
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
## Configuration Options
### `maxRequestBodyBytes`
@ -101,12 +101,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -115,6 +109,12 @@ http:
maxRequestBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 2000000
```
### `memRequestBodyBytes`
You can configure a threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.
@ -149,12 +149,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memRequestBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -163,6 +157,12 @@ http:
memRequestBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memRequestBodyBytes = 2000000
```
### `maxResponseBodyBytes`
The `maxResponseBodyBytes` option configures the maximum allowed response size from the service (in bytes).
@ -199,12 +199,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxResponseBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -213,6 +207,12 @@ http:
maxResponseBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
maxResponseBodyBytes = 2000000
```
### `memResponseBodyBytes`
You can configure a threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.
@ -247,12 +247,6 @@ labels:
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memResponseBodyBytes = 2000000
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -261,6 +255,12 @@ http:
memResponseBodyBytes: 2000000
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
memResponseBodyBytes = 2000000
```
### `retryExpression`
You can have the Buffering middleware replay the request using `retryExpression`.
@ -297,12 +297,6 @@ You can have the Buffering middleware replay the request using `retryExpression`
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
retryExpression = "IsNetworkError() && Attempts() < 2"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -311,6 +305,12 @@ You can have the Buffering middleware replay the request using `retryExpression`
retryExpression: "IsNetworkError() && Attempts() < 2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.limit.buffering]
retryExpression = "IsNetworkError() && Attempts() < 2"
```
The retry expression is defined as a logical combination of the functions below with the operators AND (`&&`) and OR (`||`). At least one function is required:
- `Attempts()` number of attempts (the first one counts)

56
docs/content/middlewares/chain.md
View file

@ -117,34 +117,6 @@ labels:
- "traefik.http.services.service1.loadbalancer.server.port=80"
```
```toml tab="File (TOML)"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
```yaml tab="File (YAML)"
# ...
http:
@ -184,3 +156,31 @@ http:
servers:
- url: "http://127.0.0.1:80"
```
```toml tab="File (TOML)"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```

14
docs/content/middlewares/circuitbreaker.md
View file

@ -59,13 +59,6 @@ labels:
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
```
```toml tab="File (TOML)"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
```yaml tab="File (YAML)"
# Latency Check
http:
@ -75,6 +68,13 @@ http:
expression: "LatencyAtQuantileMS(50.0) > 100"
```
```toml tab="File (TOML)"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
## Possible States
There are three possible states for your circuit breaker:

24
docs/content/middlewares/compress.md
View file

@ -42,12 +42,6 @@ labels:
- "traefik.http.middlewares.test-compress.compress=true"
```
```toml tab="File (TOML)"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.compress]
```
```yaml tab="File (YAML)"
# Enable gzip compression
http:
@ -56,6 +50,12 @@ http:
compress: {}
```
```toml tab="File (TOML)"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.compress]
```
!!! info
Responses are compressed when the following criteria are all met:
@ -108,12 +108,6 @@ labels:
- "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-compress.compress]
excludedContentTypes = ["text/event-stream"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -122,3 +116,9 @@ http:
excludedContentTypes:
- text/event-stream
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-compress.compress]
excludedContentTypes = ["text/event-stream"]
```

15
docs/content/middlewares/contenttype.md
View file

@ -1,4 +1,3 @@
# ContentType
Handling Content-Type auto-detection
@ -62,13 +61,6 @@ labels:
- "traefik.http.middlewares.autodetect.contenttype.autodetect=false"
```
```toml tab="File (TOML)"
# Disable auto-detection
[http.middlewares]
[http.middlewares.autodetect.contentType]
autoDetect=false
```
```yaml tab="File (YAML)"
# Disable auto-detection
http:
@ -78,6 +70,13 @@ http:
autoDetect: false
```
```toml tab="File (TOML)"
# Disable auto-detection
[http.middlewares]
[http.middlewares.autodetect.contentType]
autoDetect=false
```
## Configuration Options
### `autoDetect`

86
docs/content/middlewares/digestauth.md
View file

@ -43,16 +43,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
@ -64,6 +54,16 @@ http:
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
## Configuration Options
!!! tip
@ -120,15 +120,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -139,6 +130,15 @@ http:
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@ -192,12 +192,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -206,6 +200,12 @@ http:
usersFile: "/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
usersFile = "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2"
```txt
@ -247,12 +247,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -261,6 +255,12 @@ http:
realm: "MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
realm = "MyRealm"
```
### `headerField`
You can customize the header field for the authenticated user using the `headerField`option.
@ -296,12 +296,6 @@ labels:
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth]
# ...
headerField = "X-WebAuth-User"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -311,6 +305,12 @@ http:
headerField: "X-WebAuth-User"
```
```toml tab="File (TOML)"
[http.middlewares.my-auth.digestAuth]
# ...
headerField = "X-WebAuth-User"
```
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
@ -345,12 +345,6 @@ labels:
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
removeHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -358,3 +352,9 @@ http:
digestAuth:
removeHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
removeHeader = true
```

24
docs/content/middlewares/errorpages.md
View file

@ -58,18 +58,6 @@ labels:
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
```
```toml tab="File (TOML)"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"
[http.services]
# ... definition of error-handler-service and my-service
```
```yaml tab="File (YAML)"
# Custom Error Page for 5XX
http:
@ -81,6 +69,18 @@ http:
service: serviceError
query: "/{status}.html"
services:
# ... definition of error-handler-service and my-service
```
```toml tab="File (TOML)"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"
[http.services]
# ... definition of error-handler-service and my-service
```

166
docs/content/middlewares/forwardauth.md
View file

@ -45,13 +45,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
```
```toml tab="File (TOML)"
# Forward authentication to example.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
```yaml tab="File (YAML)"
# Forward authentication to example.com
http:
@ -61,6 +54,13 @@ http:
address: "https://example.com/auth"
```
```toml tab="File (TOML)"
# Forward authentication to example.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
## Forward-Request Headers
The following request properties are provided to the forward-auth target endpoint as `X-Forwarded-` headers.
@ -109,12 +109,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -123,6 +117,12 @@ http:
address: "https://example.com/auth"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
```
### `trustForwardHeader`
Set the `trustForwardHeader` option to `true` to trust all `X-Forwarded-*` headers.
@ -158,13 +158,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
trustForwardHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -174,6 +167,13 @@ http:
trustForwardHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
trustForwardHeader = true
```
### `authResponseHeaders`
The `authResponseHeaders` option is the list of headers to copy from the authentication server response and set on
@ -212,13 +212,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeaders = ["X-Auth-User", "X-Secret"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -230,6 +223,13 @@ http:
- "X-Secret"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeaders = ["X-Auth-User", "X-Secret"]
```
### `authResponseHeadersRegex`
The `authResponseHeadersRegex` option is the regex to match headers to copy from the authentication server response and
@ -268,13 +268,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeadersRegex = "^X-"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -284,6 +277,13 @@ http:
authResponseHeadersRegex: "^X-"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authResponseHeadersRegex = "^X-"
```
### `authRequestHeaders`
The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server.
@ -323,13 +323,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authRequestHeaders = "Accept,X-CustomHeader"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -341,6 +334,13 @@ http:
- "X-CustomHeader"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
authRequestHeaders = "Accept,X-CustomHeader"
```
### `tls`
The `tls` option is the TLS configuration from Traefik to the authentication server.
@ -391,14 +391,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -409,6 +401,14 @@ http:
ca: "path/to/local.crt"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
```
#### `tls.caOptional`
The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server.
@ -453,14 +453,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
caOptional = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -471,6 +463,14 @@ http:
caOptional: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
caOptional = true
```
#### `tls.cert`
The public certificate used for the secure connection to the authentication server.
@ -522,15 +522,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -542,6 +533,15 @@ http:
key: "path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
!!! info
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@ -597,15 +597,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -617,6 +608,15 @@ http:
key: "path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
!!! info
For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
@ -657,14 +657,6 @@ labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -674,3 +666,11 @@ http:
tls:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://example.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```

70
docs/content/middlewares/headers.md
View file

@ -50,15 +50,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "value"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -70,6 +61,15 @@ http:
X-Custom-Response-Header: "value"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "value"
```
### Adding and Removing Headers
In the following example, requests are proxied with an extra `X-Script-Name` header while their `X-Custom-Request-Header` header gets stripped,
@ -117,16 +117,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header="
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -139,6 +129,16 @@ http:
X-Custom-Response-Header: "" # Removes
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
```
### Using Security Headers
Security-related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be managed similarly to custom headers as shown above.
@ -179,13 +179,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
frameDeny = true
sslRedirect = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -195,6 +188,13 @@ http:
sslRedirect: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
frameDeny = true
sslRedirect = true
```
### CORS Headers
CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
@ -250,15 +250,6 @@ labels:
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
accessControlMaxAge = 100
addVaryHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -275,6 +266,15 @@ http:
addVaryHeader: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
accessControlMaxAge = 100
addVaryHeader = true
```
## Configuration Options
### General

84
docs/content/middlewares/inflightreq.md
View file

@ -41,13 +41,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections
http:
@ -57,6 +50,13 @@ http:
amount: 10
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
## Configuration Options
### `amount`
@ -96,13 +96,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections
http:
@ -112,6 +105,13 @@ http:
amount: 10
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
@ -171,13 +171,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -188,6 +181,13 @@ http:
depth: 2
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
depth = 2
```
##### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
@ -238,13 +238,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -257,6 +250,13 @@ http:
- "192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests.
@ -292,13 +292,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -308,6 +301,13 @@ http:
requestHeaderName: username
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHeaderName = "username"
```
#### `sourceCriterion.requestHost`
Whether to consider the request host as the source.
@ -343,13 +343,6 @@ labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -358,3 +351,10 @@ http:
sourceCriterion:
requestHost: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHost = true
```

48
docs/content/middlewares/ipwhitelist.md
View file

@ -44,13 +44,6 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
# Accepts request from defined IP
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
# Accepts request from defined IP
http:
@ -62,6 +55,13 @@ http:
- "192.168.1.7"
```
```toml tab="File (TOML)"
# Accepts request from defined IP
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
## Configuration Options
### `sourceRange`
@ -131,15 +131,6 @@ labels:
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
http:
@ -153,6 +144,15 @@ http:
depth: 2
```
```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
```
#### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
@ -206,14 +206,6 @@ labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For`
http:
@ -225,3 +217,11 @@ http:
- "127.0.0.1/32"
- "192.168.1.7"
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

40
docs/content/middlewares/overview.md
View file

@ -91,26 +91,6 @@ labels:
- "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher"
```
```toml tab="File (TOML)"
# As TOML Configuration File
[http.routers]
[http.routers.router1]
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
```yaml tab="File (YAML)"
# As YAML Configuration File
http:
@ -133,6 +113,26 @@ http:
- url: "http://127.0.0.1:80"
```
```toml tab="File (TOML)"
# As TOML Configuration File
[http.routers]
[http.routers.router1]
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
## Available Middlewares
| Middleware | Purpose | Area |

66
docs/content/middlewares/passtlsclientcert.md
View file

@ -46,13 +46,6 @@ labels:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
```
```toml tab="File (TOML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
```yaml tab="File (YAML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
http:
@ -62,6 +55,13 @@ http:
pem: true
```
```toml tab="File (TOML)"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header"
```yaml tab="Docker"
@ -182,32 +182,6 @@ http:
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
```
```toml tab="File (TOML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
```
```yaml tab="File (YAML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
http:
@ -236,6 +210,32 @@ http:
domainComponent: true
```
```toml tab="File (TOML)"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
```
## Configuration Options
### General

116
docs/content/middlewares/ratelimit.md
View file

@ -50,15 +50,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
```
```toml tab="File (TOML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
burst = 50
```
```yaml tab="File (YAML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
@ -70,6 +61,15 @@ http:
burst: 50
```
```toml tab="File (TOML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
burst = 50
```
## Configuration Options
### `average`
@ -114,13 +114,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
```
```toml tab="File (TOML)"
# 100 reqs/s
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
```yaml tab="File (YAML)"
# 100 reqs/s
http:
@ -130,6 +123,13 @@ http:
average: 100
```
```toml tab="File (TOML)"
# 100 reqs/s
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
### `period`
`period`, in combination with `average`, defines the actual maximum rate, such as:
@ -179,14 +179,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
```
```toml tab="File (TOML)"
# 6 reqs/minute
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 6
period = "1m"
```
```yaml tab="File (YAML)"
# 6 reqs/minute
http:
@ -197,6 +189,14 @@ http:
period: 1m
```
```toml tab="File (TOML)"
# 6 reqs/minute
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 6
period = "1m"
```
### `burst`
`burst` is the maximum number of requests allowed to go through in the same arbitrarily small period of time.
@ -233,12 +233,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -247,6 +241,12 @@ http:
burst: 100
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
### `sourceCriterion`
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
@ -306,13 +306,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
depth = 2
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -323,6 +316,13 @@ http:
depth: 2
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
depth = 2
```
##### `ipStrategy.excludedIPs`
!!! important "Contrary to what the name might suggest, this option is _not_ about excluding an IP from the rate limiter, and therefore cannot be used to deactivate rate limiting for some IPs."
@ -400,13 +400,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -419,6 +412,13 @@ http:
- "192.168.1.7"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
#### `sourceCriterion.requestHeaderName`
Name of the header used to group incoming requests.
@ -454,13 +454,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -470,6 +463,13 @@ http:
requestHeaderName: username
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
#### `sourceCriterion.requestHost`
Whether to consider the request host as the source.
@ -505,13 +505,6 @@ labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -520,3 +513,10 @@ http:
sourceCriterion:
requestHost: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```

16
docs/content/middlewares/redirectregex.md
View file

@ -53,14 +53,6 @@ labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
```
```toml tab="File (TOML)"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/${1}"
```
```yaml tab="File (YAML)"
# Redirect with domain replacement
http:
@ -71,6 +63,14 @@ http:
replacement: "http://mydomain/${1}"
```
```toml tab="File (TOML)"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/${1}"
```
## Configuration Options
!!! tip

62
docs/content/middlewares/redirectscheme.md
View file

@ -51,14 +51,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
permanent = true
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@ -69,6 +61,14 @@ http:
permanent: true
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
permanent = true
```
## Configuration Options
### `permanent`
@ -115,14 +115,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
permanent = true
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@ -133,6 +125,14 @@ http:
permanent: true
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
permanent = true
```
### `scheme`
The `scheme` option defines the scheme of the new URL.
@ -172,13 +172,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@ -188,6 +181,13 @@ http:
scheme: https
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```
### `port`
The `port` option defines the port of the new URL.
@ -232,14 +232,6 @@ labels:
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
port = 443
```
```yaml tab="File (YAML)"
# Redirect to https
http:
@ -250,4 +242,12 @@ http:
port: "443"
```
```toml tab="File (TOML)"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectScheme]
# ...
port = 443
```
!!! info "Port in this configuration is a string, not a numeric value."

14
docs/content/middlewares/replacepath.md
View file

@ -45,13 +45,6 @@ labels:
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
```
```toml tab="File (TOML)"
# Replace the path with /foo
[http.middlewares]
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
```yaml tab="File (YAML)"
# Replace the path with /foo
http:
@ -61,6 +54,13 @@ http:
path: "/foo"
```
```toml tab="File (TOML)"
# Replace the path with /foo
[http.middlewares]
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
## Configuration Options
### General

16
docs/content/middlewares/replacepathregex.md
View file

@ -50,14 +50,6 @@ labels:
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
```
```toml tab="File (TOML)"
# Replace path with regex
[http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex]
regex = "^/foo/(.*)"
replacement = "/bar/$1"
```
```yaml tab="File (YAML)"
# Replace path with regex
http:
@ -68,6 +60,14 @@ http:
replacement: "/bar/$1"
```
```toml tab="File (TOML)"
# Replace path with regex
[http.middlewares]
[http.middlewares.test-replacepathregex.replacePathRegex]
regex = "^/foo/(.*)"
replacement = "/bar/$1"
```
## Configuration Options
### General

16
docs/content/middlewares/retry.md
View file

@ -52,14 +52,6 @@ labels:
- "traefik.http.middlewares.test-retry.retry.initialinterval=100ms"
```
```toml tab="File (TOML)"
# Retry 4 times with exponential backoff
[http.middlewares]
[http.middlewares.test-retry.retry]
attempts = 4
initialInterval = "100ms"
```
```yaml tab="File (YAML)"
# Retry 4 times with exponential backoff
http:
@ -70,6 +62,14 @@ http:
initialInterval: 100ms
```
```toml tab="File (TOML)"
# Retry 4 times with exponential backoff
[http.middlewares]
[http.middlewares.test-retry.retry]
attempts = 4
initialInterval = "100ms"
```
## Configuration Options
### `attempts`

28
docs/content/middlewares/stripprefix.md
View file

@ -47,13 +47,6 @@ labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
```
```toml tab="File (TOML)"
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
```yaml tab="File (YAML)"
# Strip prefix /foobar and /fiibar
http:
@ -65,6 +58,13 @@ http:
- "/fiibar"
```
```toml tab="File (TOML)"
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
## Configuration Options
### General
@ -149,13 +149,6 @@ labels:
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -165,3 +158,10 @@ http:
- "/foobar"
forceSlash: false
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```

12
docs/content/middlewares/stripprefixregex.md
View file

@ -38,12 +38,6 @@ labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = ["/foo/[a-z0-9]+/[0-9]+/"]
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -53,6 +47,12 @@ http:
- "/foo/[a-z0-9]+/[0-9]+/"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = ["/foo/[a-z0-9]+/[0-9]+/"]
```
## Configuration Options
### General

406
docs/content/migration/v1-to-v2.md
View file

@ -139,27 +139,6 @@ Then any router can refer to an instance of the wanted middleware.
namespace: foo
```
```toml tab="File (TOML)"
[http.routers]
[http.routers.router0]
rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
middlewares = ["auth"]
service = "my-service"
[http.services]
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.1:80"
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.2:80"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
http:
routers:
@ -184,6 +163,27 @@ Then any router can refer to an instance of the wanted middleware.
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
[http.routers]
[http.routers.router0]
rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
middlewares = ["auth"]
service = "my-service"
[http.services]
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.1:80"
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.2:80"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
## TLS Configuration is Now Dynamic, per Router.
TLS parameters used to be specified in the static configuration, as an entryPoint field.
@ -221,6 +221,31 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
!!! info "v2"
```yaml tab="File (YAML)"
http:
routers:
Router-1:
rule: "Host(`example.com`)"
service: service-id
# will terminate the TLS request
tls:
options: myTLSOptions
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
options:
myTLSOptions:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```toml tab="File (TOML)"
# dynamic configuration
[http.routers]
@ -248,31 +273,6 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
]
```
```yaml tab="File (YAML)"
http:
routers:
Router-1:
rule: "Host(`example.com`)"
service: service-id
# will terminate the TLS request
tls:
options: myTLSOptions
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
options:
myTLSOptions:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```yaml tab="K8s IngressRoute"
# The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://doc.traefik.io/traefik/v2.3/reference/dynamic-configuration/kubernetes-crd/#definitions
@ -355,14 +355,21 @@ To apply a redirection:
!!! info "v2"
```bash tab="CLI"
```yaml tab="File (YAML)"
# traefik.yml
## static configuration
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--providers.docker=true
entryPoints:
web:
address: ":80"
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
address: ":443"
```
```toml tab="File (TOML)"
@ -379,21 +386,14 @@ To apply a redirection:
address = ":443"
```
```yaml tab="File (YAML)"
# traefik.yaml
```bash tab="CLI"
## static configuration
entryPoints:
web:
address: ":80"
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
address: ":443"
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--providers.docker=true
```
!!! example "HTTP to HTTPS redirection per domain"
@ -483,29 +483,6 @@ To apply a redirection:
permanent: true
```
```toml tab="File (TOML)"
## dynamic configuration
# dynamic-conf.toml
[http.routers]
[http.routers.router0]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["web"]
middlewares = ["https_redirect"]
[http.routers.router1]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["websecure"]
[http.routers.router1.tls]
[http.middlewares]
[http.middlewares.https_redirect.redirectScheme]
scheme = "https"
permanent = true
```
```yaml tab="File (YAML)"
## dynamic configuration
# dynamic-conf.yml
@ -534,6 +511,29 @@ To apply a redirection:
permanent: true
```
```toml tab="File (TOML)"
## dynamic configuration
# dynamic-conf.toml
[http.routers]
[http.routers.router0]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["web"]
middlewares = ["https_redirect"]
[http.routers.router1]
rule = "Host(`example.net`)"
service = "my-service"
entrypoints = ["websecure"]
[http.routers.router1.tls]
[http.middlewares]
[http.middlewares.https_redirect.redirectScheme]
scheme = "https"
permanent = true
```
## Strip and Rewrite Path Prefixes
With the new core notions of v2 (introduced earlier in the section
@ -619,23 +619,6 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
- /admin
```
```toml tab="File (TOML)"
## Dynamic configuration
# dynamic-conf.toml
[http.routers.router1]
rule = "Host(`example.org`) && PathPrefix(`/admin`)"
service = "admin-svc"
entrypoints = ["web"]
middlewares = ["admin-stripprefix"]
[http.middlewares]
[http.middlewares.admin-stripprefix.stripPrefix]
prefixes = ["/admin"]
# ...
```
```yaml tab="File (YAML)"
## Dynamic Configuration
# dynamic-conf.yml
@ -658,6 +641,23 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
# ...
```
```toml tab="File (TOML)"
## Dynamic configuration
# dynamic-conf.toml
[http.routers.router1]
rule = "Host(`example.org`) && PathPrefix(`/admin`)"
service = "admin-svc"
entrypoints = ["web"]
middlewares = ["admin-stripprefix"]
[http.middlewares]
[http.middlewares.admin-stripprefix.stripPrefix]
prefixes = ["/admin"]
# ...
```
??? question "What About Other Path Transformations?"
Instead of removing the path prefix with the [`stripprefix` middleware](../../middlewares/stripprefix/), you can also:
@ -708,23 +708,6 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "myresolver"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```yaml tab="File (YAML)"
entryPoints:
web:
@ -744,6 +727,23 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
tlsChallenge: {}
```
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "myresolver"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
@ -778,14 +778,6 @@ There is no more log configuration at the root level.
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[log]
level = "DEBUG"
filePath = "/path/to/log-file.log"
format = "json"
```
```yaml tab="File (YAML)"
# static configuration
log:
@ -794,6 +786,14 @@ There is no more log configuration at the root level.
format: json
```
```toml tab="File (TOML)"
# static configuration
[log]
level = "DEBUG"
filePath = "/path/to/log-file.log"
format = "json"
```
```bash tab="CLI"
--log.level=DEBUG
--log.filePath=/path/to/traefik.log
@ -838,17 +838,6 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[tracing]
servicename = "tracing"
[tracing.jaeger]
samplingParam = 1.0
samplingServerURL = "http://12.0.0.1:5778/sampling"
samplingType = "const"
localAgentHostPort = "12.0.0.1:6831"
```
```yaml tab="File (YAML)"
# static configuration
tracing:
@ -860,6 +849,17 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is
localAgentHostPort: '12.0.0.1:6831'
```
```toml tab="File (TOML)"
# static configuration
[tracing]
servicename = "tracing"
[tracing.jaeger]
samplingParam = 1.0
samplingServerURL = "http://12.0.0.1:5778/sampling"
samplingType = "const"
localAgentHostPort = "12.0.0.1:6831"
```
```bash tab="CLI"
--tracing.servicename=tracing
--tracing.jaeger.localagenthostport=12.0.0.1:6831
@ -891,13 +891,6 @@ For a basic configuration, the [metrics configuration](../observability/metrics/
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
entryPoint = "metrics"
```
```yaml tab="File (YAML)"
# static configuration
metrics:
@ -910,6 +903,13 @@ For a basic configuration, the [metrics configuration](../observability/metrics/
entryPoint: metrics
```
```toml tab="File (TOML)"
# static configuration
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
entryPoint = "metrics"
```
```bash tab="CLI"
--metrics.prometheus.buckets=[0.1,0.3,1.2,5.0]
--metrics.prometheus.entrypoint=metrics
@ -955,24 +955,6 @@ Each root item has been moved to a related section or removed.
!!! info "v2"
```toml tab="File (TOML)"
# static configuration
[global]
checkNewVersion = true
sendAnonymousUsage = true
[log]
level = "DEBUG"
[serversTransport]
insecureSkipVerify = true
rootCAs = [ "/mycert.cert" ]
maxIdleConnsPerHost = 42
[providers]
providersThrottleDuration = 42
```
```yaml tab="File (YAML)"
# static configuration
global:
@ -992,6 +974,24 @@ Each root item has been moved to a related section or removed.
providersThrottleDuration: 42
```
```toml tab="File (TOML)"
# static configuration
[global]
checkNewVersion = true
sendAnonymousUsage = true
[log]
level = "DEBUG"
[serversTransport]
insecureSkipVerify = true
rootCAs = [ "/mycert.cert" ]
maxIdleConnsPerHost = 42
[providers]
providersThrottleDuration = 42
```
```bash tab="CLI"
--global.checknewversion=true
--global.sendanonymoususage=true
@ -1050,6 +1050,43 @@ To activate the dashboard, you can either:
- "traefik.http.middlewares.myAuth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
```
```yaml tab="File (YAML)"
## static configuration
# traefik.yml
entryPoints:
websecure:
address: ':443'
api: {}
providers:
file:
directory: /path/to/dynamic/config
##---------------------##
## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.yml
http:
routers:
api:
rule: Host(`traefik.docker.localhost`)
entrypoints:
- websecure
service: api@internal
middlewares:
- myAuth
tls: {}
middlewares:
myAuth:
basicAuth:
users:
- 'test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'
```
```toml tab="File (TOML)"
## static configuration
# traefik.toml
@ -1080,43 +1117,6 @@ To activate the dashboard, you can either:
]
```
```yaml tab="File (YAML)"
## static configuration
# traefik.yaml
entryPoints:
websecure:
address: ':443'
api: {}
providers:
file:
directory: /path/to/dynamic/config
##---------------------##
## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.yaml
http:
routers:
api:
rule: Host(`traefik.docker.localhost`)
entrypoints:
- websecure
service: api@internal
middlewares:
- myAuth
tls: {}
middlewares:
myAuth:
basicAuth:
users:
- 'test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'
```
## Providers
Supported [providers](../providers/overview.md), for now:

92
docs/content/observability/access-logs.md
View file

@ -9,14 +9,14 @@ By default, logs are written to stdout, in text format.
To enable the access logs:
```toml tab="File (TOML)"
[accessLog]
```
```yaml tab="File (YAML)"
accessLog: {}
```
```toml tab="File (TOML)"
[accessLog]
```
```bash tab="CLI"
--accesslog=true
```
@ -26,16 +26,16 @@ accessLog: {}
By default access logs are written to the standard output.
To write the logs into a log file, use the `filePath` option.
```toml tab="File (TOML)"
[accessLog]
filePath = "/path/to/access.log"
```
```yaml tab="File (YAML)"
accessLog:
filePath: "/path/to/access.log"
```
```toml tab="File (TOML)"
[accessLog]
filePath = "/path/to/access.log"
```
```bash tab="CLI"
--accesslog.filepath=/path/to/access.log
```
@ -58,13 +58,6 @@ To write the logs in an asynchronous fashion, specify a `bufferingSize` option.
This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.
In some cases, this option can greatly help performances.
```toml tab="File (TOML)"
# Configuring a buffer of 100 lines
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```yaml tab="File (YAML)"
# Configuring a buffer of 100 lines
accessLog:
@ -72,6 +65,13 @@ accessLog:
bufferingSize: 100
```
```toml tab="File (TOML)"
# Configuring a buffer of 100 lines
[accessLog]
filePath = "/path/to/access.log"
bufferingSize = 100
```
```bash tab="CLI"
# Configuring a buffer of 100 lines
--accesslog.filepath=/path/to/access.log
@ -89,18 +89,6 @@ The available filters are:
- `retryAttempts`, to keep the access logs when at least one retry has happened
- `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration))
```toml tab="File (TOML)"
# Configuring Multiple Filters
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.filters]
statusCodes = ["200", "300-302"]
retryAttempts = true
minDuration = "10ms"
```
```yaml tab="File (YAML)"
# Configuring Multiple Filters
accessLog:
@ -114,6 +102,18 @@ accessLog:
minDuration: "10ms"
```
```toml tab="File (TOML)"
# Configuring Multiple Filters
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.filters]
statusCodes = ["200", "300-302"]
retryAttempts = true
minDuration = "10ms"
```
```bash tab="CLI"
# Configuring Multiple Filters
--accesslog.filepath=/path/to/access.log
@ -135,27 +135,9 @@ Each field can be set to:
The `defaultMode` for `fields.headers` is `drop`.
```toml tab="File (TOML)"
# Limiting the Logs to Specific Fields
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
```yaml tab="File (YAML)"
# Limiting the Logs to Specific Fields
accessLog:
@ -173,6 +155,24 @@ accessLog:
Content-Type: keep
```
```toml tab="File (TOML)"
# Limiting the Logs to Specific Fields
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.fields.names]
"ClientUsername" = "drop"
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
```
```bash tab="CLI"
# Limiting the Logs to Specific Fields
--accesslog.filepath=/path/to/access.log

36
docs/content/observability/logs.md
View file

@ -16,18 +16,18 @@ Traefik logs concern everything that happens to Traefik itself (startup, configu
By default, the logs are written to the standard output.
You can configure a file path instead using the `filePath` option.
```toml tab="File (TOML)"
# Writing Logs to a File
[log]
filePath = "/path/to/traefik.log"
```
```yaml tab="File (YAML)"
# Writing Logs to a File
log:
filePath: "/path/to/traefik.log"
```
```toml tab="File (TOML)"
# Writing Logs to a File
[log]
filePath = "/path/to/traefik.log"
```
```bash tab="CLI"
# Writing Logs to a File
--log.filePath=/path/to/traefik.log
@ -37,13 +37,6 @@ log:
By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option.
```toml tab="File (TOML)"
# Writing Logs to a File, in JSON
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
```yaml tab="File (YAML)"
# Writing Logs to a File, in JSON
log:
@ -51,6 +44,13 @@ log:
format: json
```
```toml tab="File (TOML)"
# Writing Logs to a File, in JSON
[log]
filePath = "/path/to/log-file.log"
format = "json"
```
```bash tab="CLI"
# Writing Logs to a File, in JSON
--log.filePath=/path/to/traefik.log
@ -61,16 +61,16 @@ log:
By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
```toml tab="File (TOML)"
[log]
level = "DEBUG"
```
```yaml tab="File (YAML)"
log:
level: DEBUG
```
```toml tab="File (TOML)"
[log]
level = "DEBUG"
```
```bash tab="CLI"
--log.level=DEBUG
```

58
docs/content/observability/metrics/datadog.md
View file

@ -2,16 +2,16 @@
To enable the Datadog:
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
```
```yaml tab="File (YAML)"
metrics:
datadog: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
```
```bash tab="CLI"
--metrics.datadog=true
```
@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8125"_
Address instructs exporter to send metrics to datadog-agent at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
address = "127.0.0.1:8125"
```
```yaml tab="File (YAML)"
metrics:
datadog:
address: 127.0.0.1:8125
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
address = "127.0.0.1:8125"
```
```bash tab="CLI"
--metrics.datadog.address=127.0.0.1:8125
```
@ -44,18 +44,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
datadog:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.datadog.addEntryPointsLabels=true
```
@ -66,18 +66,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
datadog:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.datadog.addServicesLabels=true
```
@ -88,18 +88,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to datadog-agent.
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
datadog:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.datadog]
pushInterval = 10s
```
```bash tab="CLI"
--metrics.datadog.pushInterval=10s
```

118
docs/content/observability/metrics/influxdb.md
View file

@ -2,16 +2,16 @@
To enable the InfluxDB:
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
```
```yaml tab="File (YAML)"
metrics:
influxDB: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
```
```bash tab="CLI"
--metrics.influxdb=true
```
@ -22,18 +22,18 @@ _Required, Default="localhost:8089"_
Address instructs exporter to send metrics to influxdb at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
address = "localhost:8089"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
address: localhost:8089
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
address = "localhost:8089"
```
```bash tab="CLI"
--metrics.influxdb.address=localhost:8089
```
@ -44,18 +44,18 @@ _Required, Default="udp"_
InfluxDB's address protocol (udp or http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
protocol = "udp"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
protocol: udp
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
protocol = "udp"
```
```bash tab="CLI"
--metrics.influxdb.protocol=udp
```
@ -66,18 +66,18 @@ _Optional, Default=""_
InfluxDB database used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
database = "db"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
database: "db"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
database = "db"
```
```bash tab="CLI"
--metrics.influxdb.database=db
```
@ -88,18 +88,18 @@ _Optional, Default=""_
InfluxDB retention policy used when protocol is http.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
retentionPolicy = "two_hours"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
retentionPolicy: "two_hours"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
retentionPolicy = "two_hours"
```
```bash tab="CLI"
--metrics.influxdb.retentionPolicy=two_hours
```
@ -110,18 +110,18 @@ _Optional, Default=""_
InfluxDB username (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
username = "john"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
username: "john"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
username = "john"
```
```bash tab="CLI"
--metrics.influxdb.username=john
```
@ -132,18 +132,18 @@ _Optional, Default=""_
InfluxDB password (only with http).
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
password = "secret"
```
```yaml tab="File (YAML)"
metrics:
influxDB:
password: "secret"
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
password = "secret"
```
```bash tab="CLI"
--metrics.influxdb.password=secret
```
@ -154,18 +154,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
influxDB:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.influxdb.addEntryPointsLabels=true
```
@ -176,18 +176,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
influxDB:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.influxdb.addServicesLabels=true
```
@ -198,18 +198,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to influxdb.
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
influxDB:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB]
pushInterval = 10s
```
```bash tab="CLI"
--metrics.influxdb.pushInterval=10s
```

8
docs/content/observability/metrics/overview.md
View file

@ -11,14 +11,14 @@ Traefik supports 4 metrics backends:
To enable metrics:
```toml tab="File (TOML)"
[metrics]
```
```yaml tab="File (YAML)"
metrics: {}
```
```toml tab="File (TOML)"
[metrics]
```
```bash tab="CLI"
--metrics=true
```

78
docs/content/observability/metrics/prometheus.md
View file

@ -2,16 +2,16 @@
To enable the Prometheus:
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
```
```yaml tab="File (YAML)"
metrics:
prometheus: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
```
```bash tab="CLI"
--metrics.prometheus=true
```
@ -22,12 +22,6 @@ _Optional, Default="0.100000, 0.300000, 1.200000, 5.000000"_
Buckets for latency metrics.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
```
```yaml tab="File (YAML)"
metrics:
prometheus:
@ -38,6 +32,12 @@ metrics:
- 5.0
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
```
```bash tab="CLI"
--metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000
```
@ -48,18 +48,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.prometheus.addEntryPointsLabels=true
```
@ -70,18 +70,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.prometheus.addServicesLabels=true
```
@ -92,16 +92,6 @@ _Optional, Default=traefik_
Entry point used to expose metrics.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.metrics]
address = ":8082"
[metrics]
[metrics.prometheus]
entryPoint = "metrics"
```
```yaml tab="File (YAML)"
entryPoints:
metrics:
@ -112,6 +102,16 @@ metrics:
entryPoint: metrics
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.metrics]
address = ":8082"
[metrics]
[metrics.prometheus]
entryPoint = "metrics"
```
```bash tab="CLI"
--entryPoints.metrics.address=:8082
--metrics.prometheus.entryPoint=metrics
@ -123,18 +123,18 @@ _Optional, Default=false_
If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `prometheus@internal` service.
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
manualRouting = true
```
```yaml tab="File (YAML)"
metrics:
prometheus:
manualRouting: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.prometheus]
manualRouting = true
```
```bash tab="CLI"
--metrics.prometheus.manualrouting=true
```

70
docs/content/observability/metrics/statsd.md
View file

@ -2,16 +2,16 @@
To enable the Statsd:
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
```
```yaml tab="File (YAML)"
metrics:
statsD: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
```
```bash tab="CLI"
--metrics.statsd=true
```
@ -22,18 +22,18 @@ _Required, Default="localhost:8125"_
Address instructs exporter to send metrics to statsd at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
address = "localhost:8125"
```
```yaml tab="File (YAML)"
metrics:
statsD:
address: localhost:8125
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
address = "localhost:8125"
```
```bash tab="CLI"
--metrics.statsd.address=localhost:8125
```
@ -44,18 +44,18 @@ _Optional, Default=true_
Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
statsD:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.statsd.addEntryPointsLabels=true
```
@ -66,18 +66,18 @@ _Optional, Default=true_
Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
statsD:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.statsd.addServicesLabels=true
```
@ -88,18 +88,18 @@ _Optional, Default=10s_
The interval used by the exporter to push metrics to statsD.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
statsD:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
pushInterval = 10s
```
```bash tab="CLI"
--metrics.statsd.pushInterval=10s
```
@ -110,18 +110,18 @@ _Optional, Default="traefik"_
The prefix to use for metrics collection.
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
prefix = "traefik"
```
```yaml tab="File (YAML)"
metrics:
statsD:
prefix: traefik
```
```toml tab="File (TOML)"
[metrics]
[metrics.statsD]
prefix = "traefik"
```
```bash tab="CLI"
--metrics.statsd.prefix="traefik"
```

58
docs/content/observability/tracing/datadog.md
View file

@ -2,16 +2,16 @@
To enable the Datadog:
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
```
```yaml tab="File (YAML)"
tracing:
datadog: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
```
```bash tab="CLI"
--tracing.datadog=true
```
@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8126"_
Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
localAgentHostPort = "127.0.0.1:8126"
```
```yaml tab="File (YAML)"
tracing:
datadog:
localAgentHostPort: 127.0.0.1:8126
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
localAgentHostPort = "127.0.0.1:8126"
```
```bash tab="CLI"
--tracing.datadog.localAgentHostPort=127.0.0.1:8126
```
@ -44,18 +44,18 @@ _Optional, Default=false_
Enable Datadog debug.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
debug = true
```
```yaml tab="File (YAML)"
tracing:
datadog:
debug: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
debug = true
```
```bash tab="CLI"
--tracing.datadog.debug=true
```
@ -66,18 +66,18 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```yaml tab="File (YAML)"
tracing:
datadog:
globalTag: sample
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```bash tab="CLI"
--tracing.datadog.globalTag=sample
```
@ -89,18 +89,18 @@ _Optional, Default=false_
Enable priority sampling. When using distributed tracing,
this option must be enabled in order to get all the parts of a distributed trace sampled.
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
prioritySampling = true
```
```yaml tab="File (YAML)"
tracing:
datadog:
prioritySampling: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
prioritySampling = true
```
```bash tab="CLI"
--tracing.datadog.prioritySampling=true
```

46
docs/content/observability/tracing/elastic.md
View file

@ -2,16 +2,16 @@
To enable the Elastic:
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
```
```yaml tab="File (YAML)"
tracing:
elastic: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
```
```bash tab="CLI"
--tracing.elastic=true
```
@ -22,18 +22,18 @@ _Optional, Default="http://localhost:8200"_
APM ServerURL is the URL of the Elastic APM server.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serverURL = "http://apm:8200"
```
```yaml tab="File (YAML)"
tracing:
elastic:
serverURL: "http://apm:8200"
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serverURL = "http://apm:8200"
```
```bash tab="CLI"
--tracing.elastic.serverurl="http://apm:8200"
```
@ -44,18 +44,18 @@ _Optional, Default=""_
APM Secret Token is the token used to connect to Elastic APM Server.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
secretToken = "mytoken"
```
```yaml tab="File (YAML)"
tracing:
elastic:
secretToken: "mytoken"
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
secretToken = "mytoken"
```
```bash tab="CLI"
--tracing.elastic.secrettoken="mytoken"
```
@ -66,18 +66,18 @@ _Optional, Default=""_
APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`.
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serviceEnvironment = "production"
```
```yaml tab="File (YAML)"
tracing:
elastic:
serviceEnvironment: "production"
```
```toml tab="File (TOML)"
[tracing]
[tracing.elastic]
serviceEnvironment = "production"
```
```bash tab="CLI"
--tracing.elastic.serviceenvironment="production"
```

94
docs/content/observability/tracing/haystack.md
View file

@ -2,16 +2,16 @@
To enable the Haystack:
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
```
```yaml tab="File (YAML)"
tracing:
haystack: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
```
```bash tab="CLI"
--tracing.haystack=true
```
@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to haystack-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentHost = "127.0.0.1"
```
```yaml tab="File (YAML)"
tracing:
haystack:
localAgentHost: 127.0.0.1
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI"
--tracing.haystack.localAgentHost=127.0.0.1
```
@ -44,18 +44,18 @@ _Require, Default=35000_
Local Agent port instructs reporter to send spans to the haystack-agent at this port.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentPort = 35000
```
```yaml tab="File (YAML)"
tracing:
haystack:
localAgentPort: 35000
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
localAgentPort = 35000
```
```bash tab="CLI"
--tracing.haystack.localAgentPort=35000
```
@ -66,18 +66,18 @@ _Optional, Default=empty_
Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
globalTag = "sample:test"
```
```yaml tab="File (YAML)"
tracing:
haystack:
globalTag: sample:test
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
globalTag = "sample:test"
```
```bash tab="CLI"
--tracing.haystack.globalTag=sample:test
```
@ -88,18 +88,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the trace ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
traceIDHeaderName = "Trace-ID"
```
```yaml tab="File (YAML)"
tracing:
haystack:
traceIDHeaderName: Trace-ID
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
traceIDHeaderName = "Trace-ID"
```
```bash tab="CLI"
--tracing.haystack.traceIDHeaderName=Trace-ID
```
@ -110,18 +110,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the parent ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
parentIDHeaderName = "Parent-Message-ID"
```
```yaml tab="File (YAML)"
tracing:
haystack:
parentIDHeaderName: Parent-Message-ID
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
parentIDHeaderName = "Parent-Message-ID"
```
```bash tab="CLI"
--tracing.haystack.parentIDHeaderName=Parent-Message-ID
```
@ -132,18 +132,18 @@ _Optional, Default=empty_
Specifies the header name that will be used to store the span ID.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
spanIDHeaderName = "Message-ID"
```
```yaml tab="File (YAML)"
tracing:
haystack:
spanIDHeaderName: Message-ID
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
spanIDHeaderName = "Message-ID"
```
```bash tab="CLI"
--tracing.haystack.spanIDHeaderName=Message-ID
```
@ -154,18 +154,18 @@ _Optional, Default=empty_
Specifies the header name prefix that will be used to store baggage items in a map.
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
baggagePrefixHeaderName = "sample"
```
```yaml tab="File (YAML)"
tracing:
haystack:
baggagePrefixHeaderName: "sample"
```
```toml tab="File (TOML)"
[tracing]
[tracing.haystack]
baggagePrefixHeaderName = "sample"
```
```bash tab="CLI"
--tracing.haystack.baggagePrefixHeaderName=sample

46
docs/content/observability/tracing/instana.md
View file

@ -2,16 +2,16 @@
To enable the Instana:
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
```
```yaml tab="File (YAML)"
tracing:
instana: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
```
```bash tab="CLI"
--tracing.instana=true
```
@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_
Local Agent Host instructs reporter to send spans to instana-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentHost = "127.0.0.1"
```
```yaml tab="File (YAML)"
tracing:
instana:
localAgentHost: 127.0.0.1
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentHost = "127.0.0.1"
```
```bash tab="CLI"
--tracing.instana.localAgentHost=127.0.0.1
```
@ -44,18 +44,18 @@ _Require, Default=42699_
Local Agent port instructs reporter to send spans to the instana-agent at this port.
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentPort = 42699
```
```yaml tab="File (YAML)"
tracing:
instana:
localAgentPort: 42699
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
localAgentPort = 42699
```
```bash tab="CLI"
--tracing.instana.localAgentPort=42699
```
@ -73,18 +73,18 @@ Valid values for logLevel field are:
- `debug`
- `info`
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
logLevel = "info"
```
```yaml tab="File (YAML)"
tracing:
instana:
logLevel: info
```
```toml tab="File (TOML)"
[tracing]
[tracing.instana]
logLevel = "info"
```
```bash tab="CLI"
--tracing.instana.logLevel=info
```

142
docs/content/observability/tracing/jaeger.md
View file

@ -2,16 +2,16 @@
To enable the Jaeger:
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
```
```yaml tab="File (YAML)"
tracing:
jaeger: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
```
```bash tab="CLI"
--tracing.jaeger=true
```
@ -26,18 +26,18 @@ _Required, Default="http://localhost:5778/sampling"_
Sampling Server URL is the address of jaeger-agent's HTTP sampling server.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingServerURL: http://localhost:5778/sampling
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingServerURL = "http://localhost:5778/sampling"
```
```bash tab="CLI"
--tracing.jaeger.samplingServerURL=http://localhost:5778/sampling
```
@ -48,18 +48,18 @@ _Required, Default="const"_
Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingType = "const"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingType: const
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingType = "const"
```
```bash tab="CLI"
--tracing.jaeger.samplingType=const
```
@ -76,18 +76,18 @@ Valid values for Param field are:
- for `probabilistic` sampler, a probability between 0 and 1
- for `rateLimiting` sampler, the number of spans per second
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingParam = 1.0
```
```yaml tab="File (YAML)"
tracing:
jaeger:
samplingParam: 1.0
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
samplingParam = 1.0
```
```bash tab="CLI"
--tracing.jaeger.samplingParam=1.0
```
@ -98,18 +98,18 @@ _Required, Default="127.0.0.1:6831"_
Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
localAgentHostPort: 127.0.0.1:6831
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
localAgentHostPort = "127.0.0.1:6831"
```
```bash tab="CLI"
--tracing.jaeger.localAgentHostPort=127.0.0.1:6831
```
@ -120,18 +120,18 @@ _Optional, Default=false_
Generate 128-bit trace IDs, compatible with OpenCensus.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
gen128Bit = true
```
```yaml tab="File (YAML)"
tracing:
jaeger:
gen128Bit: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
gen128Bit = true
```
```bash tab="CLI"
--tracing.jaeger.gen128Bit
```
@ -146,18 +146,18 @@ This can be either:
- `jaeger`, jaeger's default trace header.
- `b3`, compatible with OpenZipkin
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
propagation = "jaeger"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
propagation: jaeger
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
propagation = "jaeger"
```
```bash tab="CLI"
--tracing.jaeger.propagation=jaeger
```
@ -169,18 +169,18 @@ _Required, Default="uber-trace-id"_
Trace Context Header Name is the http header name used to propagate tracing context.
This must be in lower-case to avoid mismatches when decoding incoming headers.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
traceContextHeaderName = "uber-trace-id"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
traceContextHeaderName: uber-trace-id
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
traceContextHeaderName = "uber-trace-id"
```
```bash tab="CLI"
--tracing.jaeger.traceContextHeaderName=uber-trace-id
```
@ -192,18 +192,18 @@ _Optional, Default=true_
Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
disableAttemptReconnecting = false
```
```yaml tab="File (YAML)"
tracing:
jaeger:
disableAttemptReconnecting: false
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger]
disableAttemptReconnecting = false
```
```bash tab="CLI"
--tracing.jaeger.disableAttemptReconnecting=false
```
@ -215,12 +215,6 @@ _Optional, Default=""_
Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
@ -228,6 +222,12 @@ tracing:
endpoint: http://127.0.0.1:14268/api/traces?format=jaeger.thrift
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift"
```
```bash tab="CLI"
--tracing.jaeger.collector.endpoint=http://127.0.0.1:14268/api/traces?format=jaeger.thrift
```
@ -238,12 +238,6 @@ _Optional, Default=""_
User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
user = "my-user"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
@ -251,6 +245,12 @@ tracing:
user: my-user
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
user = "my-user"
```
```bash tab="CLI"
--tracing.jaeger.collector.user=my-user
```
@ -261,12 +261,6 @@ _Optional, Default=""_
Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector.
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
password = "my-password"
```
```yaml tab="File (YAML)"
tracing:
jaeger:
@ -274,6 +268,12 @@ tracing:
password: my-password
```
```toml tab="File (TOML)"
[tracing]
[tracing.jaeger.collector]
password = "my-password"
```
```bash tab="CLI"
--tracing.jaeger.collector.password=my-password
```

28
docs/content/observability/tracing/overview.md
View file

@ -22,14 +22,14 @@ By default, Traefik uses Jaeger as tracing backend.
To enable the tracing:
```toml tab="File (TOML)"
[tracing]
```
```yaml tab="File (YAML)"
tracing: {}
```
```toml tab="File (TOML)"
[tracing]
```
```bash tab="CLI"
--tracing=true
```
@ -42,16 +42,16 @@ _Required, Default="traefik"_
Service name used in selected backend.
```toml tab="File (TOML)"
[tracing]
serviceName = "traefik"
```
```yaml tab="File (YAML)"
tracing:
serviceName: traefik
```
```toml tab="File (TOML)"
[tracing]
serviceName = "traefik"
```
```bash tab="CLI"
--tracing.serviceName=traefik
```
@ -65,16 +65,16 @@ This can prevent certain tracing providers to drop traces that exceed their leng
`0` means no truncation will occur.
```toml tab="File (TOML)"
[tracing]
spanNameLimit = 150
```
```yaml tab="File (YAML)"
tracing:
spanNameLimit: 150
```
```toml tab="File (TOML)"
[tracing]
spanNameLimit = 150
```
```bash tab="CLI"
--tracing.spanNameLimit=150
```

58
docs/content/observability/tracing/zipkin.md
View file

@ -2,16 +2,16 @@
To enable the Zipkin:
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
```
```yaml tab="File (YAML)"
tracing:
zipkin: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
```
```bash tab="CLI"
--tracing.zipkin=true
```
@ -22,18 +22,18 @@ _Required, Default="http://localhost:9411/api/v2/spans"_
Zipkin HTTP endpoint used to send data.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v2/spans"
```
```yaml tab="File (YAML)"
tracing:
zipkin:
httpEndpoint: http://localhost:9411/api/v2/spans
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v2/spans"
```
```bash tab="CLI"
--tracing.zipkin.httpEndpoint=http://localhost:9411/api/v2/spans
```
@ -44,18 +44,18 @@ _Optional, Default=false_
Use Zipkin SameSpan RPC style traces.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sameSpan = true
```
```yaml tab="File (YAML)"
tracing:
zipkin:
sameSpan: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sameSpan = true
```
```bash tab="CLI"
--tracing.zipkin.sameSpan=true
```
@ -66,18 +66,18 @@ _Optional, Default=true_
Use Zipkin 128 bit trace IDs.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
id128Bit = false
```
```yaml tab="File (YAML)"
tracing:
zipkin:
id128Bit: false
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
id128Bit = false
```
```bash tab="CLI"
--tracing.zipkin.id128Bit=false
```
@ -88,18 +88,18 @@ _Required, Default=1.0_
The rate between 0.0 and 1.0 of requests to trace.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sampleRate = 0.2
```
```yaml tab="File (YAML)"
tracing:
zipkin:
sampleRate: 0.2
```
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
sampleRate = 0.2
```
```bash tab="CLI"
--tracing.zipkin.sampleRate=0.2
```

40
docs/content/operations/api.md
View file

@ -26,16 +26,16 @@ If you enable the API, a new special `service` named `api@internal` is created a
To enable the API handler, use the following option on the
[static configuration](../getting-started/configuration-overview.md#the-static-configuration):
```toml tab="File (TOML)"
# Static Configuration
[api]
```
```yaml tab="File (YAML)"
# Static Configuration
api: {}
```
```toml tab="File (TOML)"
# Static Configuration
[api]
```
```bash tab="CLI"
--api=true
```
@ -74,16 +74,16 @@ Enable the API in `insecure` mode, which means that the API will be available di
!!! info
If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080.
```toml tab="File (TOML)"
[api]
insecure = true
```
```yaml tab="File (YAML)"
api:
insecure: true
```
```toml tab="File (TOML)"
[api]
insecure = true
```
```bash tab="CLI"
--api.insecure=true
```
@ -94,16 +94,16 @@ _Optional, Default=true_
Enable the dashboard. More about the dashboard features [here](./dashboard.md).
```toml tab="File (TOML)"
[api]
dashboard = true
```
```yaml tab="File (YAML)"
api:
dashboard: true
```
```toml tab="File (TOML)"
[api]
dashboard = true
```
```bash tab="CLI"
--api.dashboard=true
```
@ -117,16 +117,16 @@ _Optional, Default=false_
Enable additional [endpoints](./api.md#endpoints) for debugging and profiling, served under `/debug/`.
```toml tab="File (TOML)"
[api]
debug = true
```
```yaml tab="File (YAML)"
api:
debug: true
```
```toml tab="File (TOML)"
[api]
debug = true
```
```bash tab="CLI"
--api.debug=true
```

32
docs/content/operations/dashboard.md
View file

@ -31,16 +31,6 @@ This is the **recommended** method.
Start by enabling the dashboard by using the following option from [Traefik's API](./api.md)
on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration):
```toml tab="File (TOML)"
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
```
```yaml tab="File (YAML)"
api:
# Dashboard
@ -51,6 +41,16 @@ api:
dashboard: true
```
```toml tab="File (TOML)"
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
```
```bash tab="CLI"
# Dashboard
#
@ -105,18 +105,18 @@ This mode is not recommended because it does not allow the use of security featu
To enable the "insecure mode", use the following options from [Traefik's API](./api.md#insecure):
```toml tab="File (TOML)"
[api]
dashboard = true
insecure = true
```
```yaml tab="File (YAML)"
api:
dashboard: true
insecure: true
```
```toml tab="File (TOML)"
[api]
dashboard = true
insecure = true
```
```bash tab="CLI"
--api.dashboard=true --api.insecure=true
```

28
docs/content/operations/include-api-examples.md
View file

@ -69,20 +69,6 @@ labels:
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`)"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Dynamic Configuration
http:
@ -99,3 +85,17 @@ http:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`)"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

28
docs/content/operations/include-dashboard-examples.md
View file

@ -69,20 +69,6 @@ labels:
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Dynamic Configuration
http:
@ -99,3 +85,17 @@ http:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "api@internal"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```

46
docs/content/operations/ping.md
View file

@ -7,14 +7,14 @@ Checking the Health of Your Traefik Instances
To enable the API handler:
```toml tab="File (TOML)"
[ping]
```
```yaml tab="File (YAML)"
ping: {}
```
```toml tab="File (TOML)"
[ping]
```
```bash tab="CLI"
--ping=true
```
@ -39,15 +39,6 @@ _Optional, Default="traefik"_
Enabling /ping on a dedicated EntryPoint.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
```
```yaml tab="File (YAML)"
entryPoints:
ping:
@ -57,6 +48,15 @@ ping:
entryPoint: "ping"
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
```
```bash tab="CLI"
--entryPoints.ping.address=:8082
--ping.entryPoint=ping
@ -68,16 +68,16 @@ _Optional, Default=false_
If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `ping@internal` service.
```toml tab="File (TOML)"
[ping]
manualRouting = true
```
```yaml tab="File (YAML)"
ping:
manualRouting: true
```
```toml tab="File (TOML)"
[ping]
manualRouting = true
```
```bash tab="CLI"
--ping.manualrouting=true
```
@ -93,16 +93,16 @@ be expected as the signal for graceful termination. In which case, the
terminatingStatusCode can be used to set the code returned by the ping
handler during termination.
```toml tab="File (TOML)"
[ping]
terminatingStatusCode = 204
```
```yaml tab="File (YAML)"
ping:
terminatingStatusCode: 204
```
```toml tab="File (TOML)"
[ping]
terminatingStatusCode = 204
```
```bash tab="CLI"
--ping.terminatingStatusCode=204
```

248
docs/content/providers/consul-catalog.md
View file

@ -13,15 +13,15 @@ Attach tags to your services and let Traefik do the rest!
Enabling the consul catalog provider
```toml tab="File (TOML)"
[providers.consulCatalog]
```
```yaml tab="File (YAML)"
providers:
consulCatalog: {}
```
```toml tab="File (TOML)"
[providers.consulCatalog]
```
```bash tab="CLI"
--providers.consulcatalog=true
```
@ -44,12 +44,6 @@ _Optional, Default=15s_
Defines the polling interval.
```toml tab="File (TOML)"
[providers.consulCatalog]
refreshInterval = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -57,6 +51,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
refreshInterval = "30s"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.refreshInterval=30s
# ...
@ -68,12 +68,6 @@ _required, Default="traefik"_
The prefix for Consul Catalog tags defining Traefik labels.
```toml tab="File (TOML)"
[providers.consulCatalog]
prefix = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -81,6 +75,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
prefix = "test"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.prefix=test
# ...
@ -98,12 +98,6 @@ Forces the read to be fully consistent.
For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency).
```toml tab="File (TOML)"
[providers.consulCatalog]
requireConsistent = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -111,6 +105,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
requireConsistent = true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.requireConsistent=true
# ...
@ -128,12 +128,6 @@ Use stale consistency for catalog reads.
For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency).
```toml tab="File (TOML)"
[providers.consulCatalog]
stale = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -141,6 +135,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
stale = true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.stale=true
# ...
@ -152,12 +152,6 @@ _Optional, Default=false_
Use local agent caching for catalog reads.
```toml tab="File (TOML)"
[providers.consulCatalog]
cache = true
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -165,6 +159,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
cache = true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.cache=true
# ...
@ -180,13 +180,6 @@ Defines the address of the Consul server.
_Optional, Default="127.0.0.1:8500"_
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -195,6 +188,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
address = "127.0.0.1:8500"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.address=127.0.0.1:8500
# ...
@ -206,13 +206,6 @@ _Optional, Default=""_
Defines the URI scheme for the Consul server.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
scheme = "https"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -221,6 +214,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
scheme = "https"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.scheme=https
# ...
@ -233,13 +233,6 @@ _Optional, Default=""_
Defines the datacenter to use.
If not provided in Traefik, Consul uses the default agent datacenter.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
datacenter = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -248,6 +241,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
datacenter = "test"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.datacenter=test
# ...
@ -259,13 +259,6 @@ _Optional, Default=""_
Token is used to provide a per-request ACL token which overwrites the agent's default token.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
token = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -274,6 +267,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
token = "test"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.token=test
# ...
@ -286,13 +286,6 @@ _Optional, Default=""_
Limits the duration for which a Watch can block.
If not provided, the agent default values will be used.
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
endpointWaitTime = "15s"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -301,6 +294,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
[providers.consulCatalog.endpoint]
endpointWaitTime = "15s"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.endpointwaittime=15s
# ...
@ -318,11 +318,6 @@ _Optional, Default=""_
Username to use for HTTP Basic Authentication.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
username = "test"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -331,6 +326,11 @@ providers:
username: test
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
username = "test"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.httpauth.username=test
```
@ -341,11 +341,6 @@ _Optional, Default=""_
Password to use for HTTP Basic Authentication.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
password = "test"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -354,6 +349,11 @@ providers:
password: test
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.httpAuth]
password = "test"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.httpauth.password=test
```
@ -370,11 +370,6 @@ _Optional_
`ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -383,6 +378,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.ca=path/to/ca.crt
```
@ -401,11 +401,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -414,6 +409,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
caOptional = true
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.caoptional=true
```
@ -426,12 +426,6 @@ _Optional_
When using this option, setting the `key` option is required.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -441,6 +435,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert
--providers.consulcatalog.endpoint.tls.key=path/to/foo.key
@ -454,12 +454,6 @@ _Optional_
When using this option, setting the `cert` option is required.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -469,6 +463,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert
--providers.consulcatalog.endpoint.tls.key=path/to/foo.key
@ -480,11 +480,6 @@ _Optional_
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -493,6 +488,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.consulCatalog.endpoint.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.consulcatalog.endpoint.tls.insecureskipverify=true
```
@ -506,12 +506,6 @@ If set to `false`, services that don't have a `traefik.enable=true` tag will be
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.consulCatalog]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -519,6 +513,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.consulcatalog.exposedByDefault=false
# ...
@ -538,12 +538,6 @@ and the template has access to all the labels (i.e. tags beginning with the `pre
The option can be overridden on an instance basis with the `traefik.http.routers.{name-of-your-choice}.rule` tag.
```toml tab="File (TOML)"
[providers.consulCatalog]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -551,6 +545,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
@ -599,12 +599,6 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "TagRegex(`a\.tag\.t.+`)"
```
```toml tab="File (TOML)"
[providers.consulCatalog]
constraints = "Tag(`a.tag.name`)"
# ...
```
```yaml tab="File (YAML)"
providers:
consulCatalog:
@ -612,6 +606,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
constraints = "Tag(`a.tag.name`)"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.constraints="Tag(`a.tag.name`)"
# ...

98
docs/content/providers/consul.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:8500"_
Defines how to access to Consul.
```toml tab="File (TOML)"
[providers.consul]
endpoints = ["127.0.0.1:8500"]
```
```yaml tab="File (YAML)"
providers:
consul:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:8500"
```
```toml tab="File (TOML)"
[providers.consul]
endpoints = ["127.0.0.1:8500"]
```
```bash tab="CLI"
--providers.consul.endpoints=127.0.0.1:8500
```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.consul]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
consul:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.consul]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.consul.rootkey=traefik
```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect to Consul with.
```toml tab="File (TOML)"
[providers.consul]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
consul:
@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.consul]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.consul.username=foo
```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password with which to connect to Consul.
```toml tab="File (TOML)"
[providers.consul]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
consul:
@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.consul]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.consul.password=foo
```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
consul:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.consul.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.consul.tls.ca=path/to/ca.crt
```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.consul.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
consul:
@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.consul.tls]
caOptional = true
```
```bash tab="CLI"
--providers.consul.tls.caOptional=true
```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consul:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to Consul.
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
consul:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.consul.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.consul.tls.cert=path/to/foo.cert
--providers.consul.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.consul.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
consul:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.consul.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.consul.tls.insecureSkipVerify=true
```

222
docs/content/providers/docker.md
View file

@ -20,15 +20,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
Enabling the docker provider
```toml tab="File (TOML)"
[providers.docker]
```
```yaml tab="File (YAML)"
providers:
docker: {}
```
```toml tab="File (TOML)"
[providers.docker]
```
```bash tab="CLI"
--providers.docker=true
```
@ -48,15 +48,6 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
Enabling the docker provider (Swarm Mode)
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```yaml tab="File (YAML)"
providers:
docker:
@ -67,6 +58,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
swarmMode: true
```
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```bash tab="CLI"
# swarm classic (1.12-)
# --providers.docker.endpoint=tcp://127.0.0.1:2375
@ -261,12 +261,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
We specify the docker.sock in traefik's configuration file.
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -274,6 +268,12 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint=unix:///var/run/docker.sock
# ...
@ -285,12 +285,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
We specify the SSH host and user in Traefik's configuration file.
Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
```toml tab="File (TOML)"
[providers.docker]
endpoint = "ssh://traefik@192.168.2.5:2022"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -298,22 +292,28 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "ssh://traefik@192.168.2.5:2022"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint=ssh://traefik@192.168.2.5:2022
# ...
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```yaml tab="File (YAML)"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
```
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```bash tab="CLI"
--providers.docker.endpoint=unix:///var/run/docker.sock
```
@ -350,12 +350,6 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that
- `ExtPort` stands for "external Port found in the binding"
- `IntPort` stands for "internal network container's port."
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -363,6 +357,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```bash tab="CLI"
--providers.docker.useBindPortIP=true
# ...
@ -377,12 +377,6 @@ If set to `false`, containers that do not have a `traefik.enable=true` label are
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -390,6 +384,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.docker.exposedByDefault=false
# ...
@ -403,12 +403,6 @@ Defines a default docker network to use for connections to all containers.
This option can be overridden on a per-container basis with the `traefik.docker.network` label.
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -416,6 +410,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```bash tab="CLI"
--providers.docker.network=test
# ...
@ -432,12 +432,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can
The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -445,6 +439,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.docker.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@ -456,12 +456,6 @@ _Optional, Default=false_
Enables the Swarm Mode (instead of standalone Docker).
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -469,6 +463,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```bash tab="CLI"
--providers.docker.swarmMode=true
# ...
@ -480,12 +480,6 @@ _Optional, Default=15_
Defines the polling interval (in seconds) for Swarm Mode.
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = 30
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -493,6 +487,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = 30
# ...
```
```bash tab="CLI"
--providers.docker.swarmModeRefreshSeconds=30
# ...
@ -504,12 +504,6 @@ _Optional, Default=0_
Defines the client timeout (in seconds) for HTTP connections. If its value is `0`, no timeout is set.
```toml tab="File (TOML)"
[providers.docker]
httpClientTimeout = 300
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -517,6 +511,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
httpClientTimeout = 300
# ...
```
```bash tab="CLI"
--providers.docker.httpClientTimeout=300
# ...
@ -528,12 +528,6 @@ _Optional, Default=true_
Watch Docker Swarm events.
```toml tab="File (TOML)"
[providers.docker]
watch = false
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -541,6 +535,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
watch = false
# ...
```
```bash tab="CLI"
--providers.docker.watch=false
# ...
@ -591,12 +591,6 @@ as well as the usual boolean logic, as shown in examples below.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
@ -604,6 +598,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI"
--providers.docker.constraints=Label(`a.label.name`,`foo`)
# ...
@ -617,11 +617,6 @@ _Optional_
Certificate Authority used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
docker:
@ -629,6 +624,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.docker.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.docker.tls.ca=path/to/ca.crt
```
@ -645,11 +645,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
docker:
@ -657,6 +652,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional = true
```
```bash tab="CLI"
--providers.docker.tls.caOptional=true
```
@ -665,12 +665,6 @@ providers:
Public certificate used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
docker:
@ -679,6 +673,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key
@ -688,12 +688,6 @@ providers:
Private certificate used for the secure connection to Docker.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
docker:
@ -702,6 +696,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key
@ -711,11 +711,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Docker accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.docker.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
docker:
@ -723,6 +718,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.docker.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.docker.tls.insecureSkipVerify=true
```

82
docs/content/providers/ecs.md
View file

@ -11,15 +11,15 @@ Attach labels to your ECS containers and let Traefik do the rest!
Enabling the ECS provider:
```toml tab="File (TOML)"
[providers.ecs]
```
```yaml tab="File (YAML)"
providers:
ecs: {}
```
```toml tab="File (TOML)"
[providers.ecs]
```
```bash tab="CLI"
--providers.ecs=true
```
@ -63,12 +63,6 @@ Search for services in cluster list.
- If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters.
- If set to `false` service discovery is enabled on configured clusters only.
```toml tab="File (TOML)"
[providers.ecs]
autoDiscoverClusters = true
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@ -76,6 +70,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
autoDiscoverClusters = true
# ...
```
```bash tab="CLI"
--providers.ecs.autoDiscoverClusters=true
# ...
@ -87,12 +87,6 @@ _Optional, Default=["default"]_
Search for services in cluster list.
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@ -101,6 +95,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
clusters = ["default"]
# ...
```
```bash tab="CLI"
--providers.ecs.clusters=default
# ...
@ -114,12 +114,6 @@ Expose ECS services by default in Traefik.
If set to `false`, services that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
```toml tab="File (TOML)"
[providers.ecs]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@ -127,6 +121,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.ecs.exposedByDefault=false
# ...
@ -143,12 +143,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can
The container service name can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File (TOML)"
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@ -156,6 +150,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@ -167,12 +167,6 @@ _Optional, Default=15_
Polling interval (in seconds).
```toml tab="File (TOML)"
[providers.ecs]
refreshSeconds = 15
# ...
```
```yaml tab="File (YAML)"
providers:
ecs:
@ -180,6 +174,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
refreshSeconds = 15
# ...
```
```bash tab="CLI"
--providers.ecs.refreshSeconds=15
# ...
@ -198,13 +198,6 @@ If `accessKeyID` and `secretAccessKey` are not provided, credentials are resolve
- Using shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.
- Using EC2 instance role or ECS task role
```toml tab="File (TOML)"
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
```
```yaml tab="File (YAML)"
providers:
ecs:
@ -214,6 +207,13 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
region = "us-east-1"
accessKeyID = "abc"
secretAccessKey = "123"
```
```bash tab="CLI"
--providers.ecs.region="us-east-1"
--providers.ecs.accessKeyID="abc"

98
docs/content/providers/etcd.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2379"_
Defines how to access etcd.
```toml tab="File (TOML)"
[providers.etcd]
endpoints = ["127.0.0.1:2379"]
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:2379"
```
```toml tab="File (TOML)"
[providers.etcd]
endpoints = ["127.0.0.1:2379"]
```
```bash tab="CLI"
--providers.etcd.endpoints=127.0.0.1:2379
```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.etcd]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
etcd:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.etcd]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.etcd.rootkey=traefik
```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username with which to connect to etcd.
```toml tab="File (TOML)"
[providers.etcd]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.etcd]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.etcd.username=foo
```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password with which to connect to etcd.
```toml tab="File (TOML)"
[providers.etcd]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.etcd]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.etcd.password=foo
```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.etcd.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.etcd.tls.ca=path/to/ca.crt
```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.etcd.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.etcd.tls]
caOptional = true
```
```bash tab="CLI"
--providers.etcd.tls.caOptional=true
```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to etcd.
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.etcd.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.etcd.tls.cert=path/to/foo.cert
--providers.etcd.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to etcd accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.etcd.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
etcd:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.etcd.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.etcd.tls.insecureSkipVerify=true
```

182
docs/content/providers/file.md
View file

@ -3,7 +3,7 @@
Good Old Configuration File
{: .subtitle }
The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file.
The file provider lets you define the [dynamic configuration](./overview.md) in a YAML or TOML file.
It supports providing configuration through a [single configuration file](#filename) or [multiple separate files](#directory).
@ -21,50 +21,23 @@ It supports providing configuration through a [single configuration file](#filen
Enabling the file provider:
```toml tab="File (TOML)"
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)"
providers:
file:
directory: "/path/to/dynamic/conf"
```
```toml tab="File (TOML)"
[providers.file]
directory = "/path/to/dynamic/conf"
```
```bash tab="CLI"
--providers.file.directory=/path/to/dynamic/conf
```
Declaring Routers, Middlewares & Services:
```toml tab="TOML"
[http]
# Add the router
[http.routers]
[http.routers.router0]
entryPoints = ["web"]
middlewares = ["my-basic-auth"]
service = "service-foo"
rule = "Path(`/foo`)"
# Add the middleware
[http.middlewares]
[http.middlewares.my-basic-auth.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
# Add the service
[http.services]
[http.services.service-foo]
[http.services.service-foo.loadBalancer]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://foo/"
[[http.services.service-foo.loadBalancer.servers]]
url = "http://bar/"
```
```yaml tab="YAML"
http:
# Add the router
@ -96,6 +69,33 @@ It supports providing configuration through a [single configuration file](#filen
passHostHeader: false
```
```toml tab="TOML"
[http]
# Add the router
[http.routers]
[http.routers.router0]
entryPoints = ["web"]
middlewares = ["my-basic-auth"]
service = "service-foo"
rule = "Path(`/foo`)"
# Add the middleware
[http.middlewares]
[http.middlewares.my-basic-auth.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
# Add the service
[http.services]
[http.services.service-foo]
[http.services.service-foo.loadBalancer]
[[http.services.service-foo.loadBalancer.servers]]
url = "http://foo/"
[[http.services.service-foo.loadBalancer.servers]]
url = "http://bar/"
```
## Provider Configuration
For an overview of all the options that can be set with the file provider, see the [dynamic configuration](../reference/dynamic-configuration/file.md) and [static configuration](../reference/static-configuration/overview.md) references.
@ -125,20 +125,20 @@ Defines the path to the configuration file.
The `filename` and `directory` options are mutually exclusive.
It is recommended to use `directory`.
```toml tab="File (TOML)"
[providers]
[providers.file]
filename = "/path/to/config/dynamic_conf.toml"
```
```yaml tab="File (YAML)"
providers:
file:
filename: /path/to/config/dynamic_conf.yml
```
```toml tab="File (TOML)"
[providers]
[providers.file]
filename = "/path/to/config/dynamic_conf.toml"
```
```bash tab="CLI"
--providers.file.filename=/path/to/config/dynamic_conf.toml
--providers.file.filename=/path/to/config/dynamic_conf.yml
```
### `directory`
@ -150,18 +150,18 @@ Defines the path to the directory that contains the configuration files.
The `filename` and `directory` options are mutually exclusive.
It is recommended to use `directory`.
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/config"
```
```yaml tab="File (YAML)"
providers:
file:
directory: /path/to/config
```
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/config"
```
```bash tab="CLI"
--providers.file.directory=/path/to/config
```
@ -171,13 +171,6 @@ providers:
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
It works with both the `filename` and the `directory` options.
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/dynamic/conf"
watch = true
```
```yaml tab="File (YAML)"
providers:
file:
@ -185,6 +178,13 @@ providers:
watch: true
```
```toml tab="File (TOML)"
[providers]
[providers.file]
directory = "/path/to/dynamic/conf"
watch = true
```
```bash tab="CLI"
--providers.file.directory=/my/path/to/dynamic/conf
--providers.file.watch=true
@ -205,6 +205,44 @@ To illustrate, it is possible to easily define multiple routers, services, and T
??? example "Configuring Using Templating"
```yaml tab="YAML"
http:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}-{{ env "MY_ENV_VAR" }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
application{{ $e }}:
# ...
{{end}}
tcp:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
service{{ $e }}:
# ...
{{end}}
tls:
certificates:
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
```
```toml tab="TOML"
# template-rules.toml
[http]
@ -248,41 +286,3 @@ To illustrate, it is possible to easily define multiple routers, services, and T
# ...
{{ end }}
```
```yaml tab="YAML"
http:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}-{{ env "MY_ENV_VAR" }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
application{{ $e }}:
# ...
{{end}}
tcp:
routers:
{{range $i, $e := until 100 }}
router{{ $e }}:
# ...
{{end}}
services:
{{range $i, $e := until 100 }}
service{{ $e }}:
# ...
{{end}}
tls:
certificates:
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
```

84
docs/content/providers/http.md
View file

@ -14,11 +14,6 @@ _Required_
Defines the HTTP(S) endpoint to poll.
```toml tab="File (TOML)"
[providers.http]
endpoint = "http://127.0.0.1:9000/api"
```
```yaml tab="File (YAML)"
providers:
http:
@ -26,6 +21,11 @@ providers:
- "http://127.0.0.1:9000/api"
```
```toml tab="File (TOML)"
[providers.http]
endpoint = "http://127.0.0.1:9000/api"
```
```bash tab="CLI"
--providers.http.endpoint=http://127.0.0.1:9000/api
```
@ -36,17 +36,17 @@ _Optional, Default="5s"_
Defines the polling interval.
```toml tab="File (TOML)"
[providers.http]
pollInterval = "5s"
```
```yaml tab="File (YAML)"
providers:
http:
pollInterval: "5s"
```
```toml tab="File (TOML)"
[providers.http]
pollInterval = "5s"
```
```bash tab="CLI"
--providers.http.pollInterval=5s
```
@ -57,17 +57,17 @@ _Optional, Default="5s"_
Defines the polling timeout when connecting to the configured endpoint.
```toml tab="File (TOML)"
[providers.http]
pollTimeout = "5s"
```
```yaml tab="File (YAML)"
providers:
http:
pollTimeout: "5s"
```
```toml tab="File (TOML)"
[providers.http]
pollTimeout = "5s"
```
```bash tab="CLI"
--providers.http.pollTimeout=5s
```
@ -80,11 +80,6 @@ _Optional_
Certificate Authority used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
http:
@ -92,6 +87,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.http.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.http.tls.ca=path/to/ca.crt
```
@ -108,11 +108,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.http.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
http:
@ -120,6 +115,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.http.tls]
caOptional = true
```
```bash tab="CLI"
--providers.http.tls.caOptional=true
```
@ -128,12 +128,6 @@ providers:
Public certificate used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
http:
@ -142,6 +136,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.http.tls.cert=path/to/foo.cert
--providers.http.tls.key=path/to/foo.key
@ -151,12 +151,6 @@ providers:
Private certificate used for the secure connection to the configured endpoint.
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
http:
@ -165,6 +159,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.http.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.http.tls.cert=path/to/foo.cert
--providers.http.tls.key=path/to/foo.key
@ -174,11 +174,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to the endpoint accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.http.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
http:
@ -186,6 +181,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.http.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.http.tls.insecureSkipVerify=true
```

96
docs/content/providers/kubernetes-crd.md
View file

@ -81,12 +81,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -94,6 +88,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.endpoint=http://localhost:8080
```
@ -104,12 +104,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -117,6 +111,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.token=mytoken
```
@ -128,12 +128,6 @@ _Optional, Default=""_
Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -141,6 +135,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.certauthfilepath=/my/ca.crt
```
@ -152,12 +152,6 @@ _Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -167,6 +161,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.namespaces=default,production
```
@ -186,12 +186,6 @@ See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-
Because the label selector is applied to all Traefik Custom Resources, they all must match the filter.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -199,6 +193,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.labelselector="app=traefik"
```
@ -212,12 +212,6 @@ Value of `kubernetes.io/ingress.class` annotation that identifies resource objec
If the parameter is set, only resources containing an annotation with the same value are processed.
Otherwise, resources missing the annotation, having an empty value, or the value `traefik` are processed.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -225,6 +219,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.ingressclass=traefik-internal
```
@ -241,12 +241,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesCRD]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -254,6 +248,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
throttleDuration = "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.throttleDuration=10s
```
@ -268,12 +268,6 @@ If the parameter is set to `false`, IngressRoutes are not able to reference any
Please note that the default value for this option will be set to `false` in a future version.
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
@ -281,6 +275,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowCrossNamespace = false
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.allowCrossNamespace=false
```

88
docs/content/providers/kubernetes-gateway.md
View file

@ -15,14 +15,6 @@ This provider is proposed as an experimental feature and partially supports the
Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration.
```toml tab="File (TOML)"
[experimental]
kubernetesGateway = true
[providers.kubernetesGateway]
#...
```
```yaml tab="File (YAML)"
experimental:
kubernetesGateway: true
@ -32,6 +24,14 @@ This provider is proposed as an experimental feature and partially supports the
#...
```
```toml tab="File (TOML)"
[experimental]
kubernetesGateway = true
[providers.kubernetesGateway]
#...
```
```bash tab="CLI"
--experimental.kubernetesgateway=true --providers.kubernetesgateway=true #...
```
@ -117,12 +117,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@ -130,6 +124,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.endpoint=http://localhost:8080
```
@ -140,12 +140,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@ -153,6 +147,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.token=mytoken
```
@ -164,12 +164,6 @@ _Optional, Default=""_
Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@ -177,6 +171,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.certauthfilepath=/my/ca.crt
```
@ -188,12 +188,6 @@ _Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@ -203,6 +197,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.namespaces=default,production
```
@ -216,12 +216,6 @@ If left empty, Traefik processes all GatewayClass objects in the configured name
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File (TOML)"
[providers.kubernetesGateway]
labelselector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@ -229,6 +223,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
labelselector = "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.labelselector="app=traefik"
```
@ -245,12 +245,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesGateway]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
@ -258,6 +252,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway]
throttleDuration = "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.throttleDuration=10s
```

128
docs/content/providers/kubernetes-ingress.md
View file

@ -14,15 +14,15 @@ See the dedicated section in [routing](../routing/providers/kubernetes-ingress.m
You can enable the provider in the static configuration:
```toml tab="File (TOML)"
[providers.kubernetesIngress]
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress: {}
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
```
```bash tab="CLI"
--providers.kubernetesingress=true
```
@ -95,12 +95,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -108,6 +102,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.endpoint=http://localhost:8080
```
@ -118,12 +118,6 @@ _Optional, Default=""_
Bearer token used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
token = "mytoken"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -131,6 +125,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.token=mytoken
```
@ -142,12 +142,6 @@ _Optional, Default=""_
Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
certAuthFilePath = "/my/ca.crt"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -155,6 +149,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
certAuthFilePath = "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.certauthfilepath=/my/ca.crt
```
@ -166,12 +166,6 @@ _Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
namespaces = ["default", "production"]
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -181,6 +175,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
namespaces = ["default", "production"]
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.namespaces=default,production
```
@ -194,12 +194,6 @@ If left empty, Traefik processes all Ingress objects in the configured namespace
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "app=traefik"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -207,6 +201,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
labelSelector = "app=traefik"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.labelselector="app=traefik"
```
@ -254,12 +254,6 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value
servicePort: 80
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -267,6 +261,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
ingressClass = "traefik-internal"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressclass=traefik-internal
```
@ -279,12 +279,6 @@ _Optional, Default: ""_
Hostname used for Kubernetes Ingress endpoints.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
hostname = "example.net"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -293,6 +287,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
hostname = "example.net"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.hostname=example.net
```
@ -303,12 +303,6 @@ _Optional, Default: ""_
IP used for Kubernetes Ingress endpoints.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
ip = "1.2.3.4"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -317,6 +311,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
ip = "1.2.3.4"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.ip=1.2.3.4
```
@ -328,12 +328,6 @@ _Optional, Default: ""_
Published Kubernetes Service to copy status from.
Format: `namespace/servicename`.
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
publishedService = "namespace/foo-service"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -342,6 +336,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress.ingressEndpoint]
publishedService = "namespace/foo-service"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
```
@ -358,12 +358,6 @@ If left empty, the provider does not apply any throttling and does not drop any
The value of `throttleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.kubernetesIngress]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
@ -371,6 +365,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesIngress]
throttleDuration = "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.throttleDuration=10s
```

234
docs/content/providers/marathon.md
View file

@ -11,15 +11,15 @@ For additional information, refer to [Marathon user guide](../user-guides/marath
Enabling the Marathon provider
```toml tab="File (TOML)"
[providers.marathon]
```
```yaml tab="File (YAML)"
providers:
marathon: {}
```
```toml tab="File (TOML)"
[providers.marathon]
```
```bash tab="CLI"
--providers.marathon=true
```
@ -61,12 +61,6 @@ _Optional_
Enables Marathon basic authentication.
```toml tab="File (TOML)"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -75,6 +69,12 @@ providers:
httpBasicPassword: bar
```
```toml tab="File (TOML)"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```bash tab="CLI"
--providers.marathon.basic.httpbasicauthuser=foo
--providers.marathon.basic.httpbasicpassword=bar
@ -88,12 +88,6 @@ Datacenter Operating System (DCOS) Token for DCOS environment.
If set, it overrides the Authorization header.
```toml tab="File (TOML)"
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```toml tab="File (YAML)"
providers:
marathon:
@ -101,6 +95,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```bash tab="CLI"
--providers.marathon.dcosToken=xxxxxx
```
@ -119,12 +119,6 @@ and can include [sprig template functions](http://masterminds.github.io/sprig/).
The app ID can be accessed with the `Name` identifier,
and the template has access to all the labels defined on this Marathon application.
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -132,6 +126,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@ -147,19 +147,19 @@ when trying to open a TCP connection to a Marathon master.
The value of `dialerTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```toml tab="File (YAML)"
```yaml tab="File (YAML)"
providers:
marathon:
dialerTimeout: "10s"
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.dialerTimeout=10s
```
@ -172,19 +172,19 @@ Marathon server endpoint.
You can optionally specify multiple endpoints.
```toml tab="File (TOML)"
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```toml tab="File (YAML)"
```yaml tab="File (YAML)"
providers:
marathon:
endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```bash tab="CLI"
--providers.marathon.endpoint=http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080
```
@ -199,12 +199,6 @@ If set to `false`, applications that do not have a `traefik.enable=true` label a
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -212,6 +206,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.marathon.exposedByDefault=false
# ...
@ -274,12 +274,6 @@ In addition, to match against Marathon constraints, the function `MarathonConstr
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -287,6 +281,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI"
--providers.marathon.constraints=Label(`a.label.name`,`foo`)
# ...
@ -300,12 +300,6 @@ By default, the task IP address (as returned by the Marathon API) is used as bac
otherwise, the name of the host running the task is used.
The latter behavior can be enforced by setting this option to `true`.
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -313,6 +307,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```bash tab="CLI"
--providers.marathon.forceTaskHostname=true
# ...
@ -326,12 +326,6 @@ Set the TCP Keep Alive duration for the Marathon HTTP Client.
The value of `keepAlive` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -339,6 +333,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```bash tab="CLI"
--providers.marathon.keepAlive=30s
# ...
@ -354,12 +354,6 @@ Note that the checks are only valid during deployments.
See the Marathon guide for details.
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -367,6 +361,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```bash tab="CLI"
--providers.marathon.respectReadinessChecks=true
# ...
@ -382,12 +382,6 @@ from a Marathon master.
The value of `responseHeaderTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -395,6 +389,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout=66s
# ...
@ -408,11 +408,6 @@ _Optional_
Certificate Authority used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -420,6 +415,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.marathon.tls.ca=path/to/ca.crt
```
@ -436,11 +436,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.marathon.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -448,6 +443,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.marathon.tls]
caOptional = true
```
```bash tab="CLI"
--providers.marathon.tls.caOptional=true
```
@ -456,12 +456,6 @@ providers:
Public certificate used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -470,6 +464,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key
@ -479,12 +479,6 @@ providers:
Private certificate used for the secure connection to Marathon.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -493,6 +487,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key
@ -502,11 +502,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Marathon accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.marathon.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -514,6 +509,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.marathon.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.marathon.tls.insecureSkipVerify=true
```
@ -528,12 +528,6 @@ when waiting for the TLS handshake to complete.
The value of `tlsHandshakeTimeout` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -541,6 +535,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout=10s
# ...
@ -552,12 +552,6 @@ _Optional, Default=false_
Displays additional provider logs when available.
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -565,6 +559,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```bash tab="CLI"
--providers.marathon.trace=true
# ...
@ -576,12 +576,6 @@ _Optional, Default=true_
When set to `true`, watches for Marathon changes.
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
@ -589,6 +583,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```bash tab="CLI"
--providers.marathon.watch=false
# ...

24
docs/content/providers/overview.md
View file

@ -49,12 +49,6 @@ separator, and the provider name.
Declaring the add-foo-prefix in the file provider.
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```
```yaml tab="File (YAML)"
http:
middlewares:
@ -63,6 +57,12 @@ separator, and the provider name.
prefix: "/foo"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```
Using the add-foo-prefix middleware from other providers:
```yaml tab="Docker"
@ -133,7 +133,7 @@ Below is the list of the currently supported providers in Traefik.
| [ECS](./ecs.md) | Orchestrator | Label |
| [Marathon](./marathon.md) | Orchestrator | Label |
| [Rancher](./rancher.md) | Orchestrator | Label |
| [File](./file.md) | Manual | TOML/YAML format |
| [File](./file.md) | Manual | YAML/TOML format |
| [Consul](./consul.md) | KV | KV |
| [Etcd](./etcd.md) | KV | KV |
| [ZooKeeper](./zookeeper.md) | KV | KV |
@ -169,16 +169,16 @@ but the throttling algorithm applies to each of them independently.
The value of `providers.providersThrottleDuration` should be provided in seconds or as a valid duration format,
see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
```toml tab="File (TOML)"
[providers]
providers.providersThrottleDuration = 10s
```
```yaml tab="File (YAML)"
providers:
providersThrottleDuration: 10s
```
```toml tab="File (TOML)"
[providers]
providers.providersThrottleDuration = 10s
```
```bash tab="CLI"
--providers.providersThrottleDuration=10s
```

100
docs/content/providers/rancher.md
View file

@ -18,15 +18,15 @@ Attach labels to your services and let Traefik do the rest!
Enabling the Rancher provider
```toml tab="File (TOML)"
[providers.rancher]
```
```yaml tab="File (YAML)"
providers:
rancher: {}
```
```toml tab="File (TOML)"
[providers.rancher]
```
```bash tab="CLI"
--providers.rancher=true
```
@ -48,14 +48,14 @@ See the dedicated section in [routing](../routing/providers/rancher.md).
For an overview of all the options that can be set with the Rancher provider, see the following snippets:
```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml"
```
```yaml tab="File (YAML)"
--8<-- "content/providers/rancher.yml"
```
```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml"
```
```bash tab="CLI"
--8<-- "content/providers/rancher.txt"
```
@ -69,12 +69,6 @@ If set to `false`, services that do not have a `traefik.enable=true` label are i
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@ -82,6 +76,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```bash tab="CLI"
--providers.rancher.exposedByDefault=false
# ...
@ -102,12 +102,6 @@ and the template has access to all the labels defined on this container.
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@ -115,6 +109,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
# ...
@ -126,12 +126,6 @@ _Optional, Default=true_
Filter out services with unhealthy states and inactive states.
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@ -139,6 +133,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```bash tab="CLI"
--providers.rancher.enableServiceHealthFilter=false
# ...
@ -150,12 +150,6 @@ _Optional, Default=15_
Defines the polling interval (in seconds).
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@ -163,6 +157,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```bash tab="CLI"
--providers.rancher.refreshSeconds=30
# ...
@ -175,12 +175,6 @@ _Optional, Default=false_
Poll the Rancher metadata service for changes every `rancher.refreshSeconds`,
which is less accurate than the default long polling technique which provides near instantaneous updates to Traefik.
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@ -188,6 +182,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```bash tab="CLI"
--providers.rancher.intervalPoll=true
# ...
@ -199,12 +199,6 @@ _Optional, Default="/latest"_
Prefix used for accessing the Rancher metadata service.
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@ -212,6 +206,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```bash tab="CLI"
--providers.rancher.prefix=/test
# ...
@ -262,12 +262,6 @@ the usual boolean logic, as shown in examples below.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
@ -275,6 +269,12 @@ providers:
# ...
```
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI"
--providers.rancher.constraints=Label(`a.label.name`,`foo`)
# ...

98
docs/content/providers/redis.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:6379"_
Defines how to access to Redis.
```toml tab="File (TOML)"
[providers.redis]
endpoints = ["127.0.0.1:6379"]
```
```yaml tab="File (YAML)"
providers:
redis:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:6379"
```
```toml tab="File (TOML)"
[providers.redis]
endpoints = ["127.0.0.1:6379"]
```
```bash tab="CLI"
--providers.redis.endpoints=127.0.0.1:6379
```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.redis]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
redis:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.redis]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.redis.rootkey=traefik
```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect with Redis.
```toml tab="File (TOML)"
[providers.redis]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
redis:
@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.redis]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.redis.username=foo
```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password to connect with Redis.
```toml tab="File (TOML)"
[providers.redis]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
redis:
@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.redis]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.redis.password=foo
```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
redis:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.redis.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.redis.tls.ca=path/to/ca.crt
```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.redis.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
redis:
@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.redis.tls]
caOptional = true
```
```bash tab="CLI"
--providers.redis.tls.caOptional=true
```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
redis:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.redis.tls.cert=path/to/foo.cert
--providers.redis.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to Redis.
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
redis:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.redis.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.redis.tls.cert=path/to/foo.cert
--providers.redis.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.redis.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
redis:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.redis.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.redis.tls.insecureSkipVerify=true
```

98
docs/content/providers/zookeeper.md
View file

@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2181"_
Defines how to access to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
endpoints = ["127.0.0.1:2181"]
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -29,6 +24,11 @@ providers:
- "127.0.0.1:2181"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
endpoints = ["127.0.0.1:2181"]
```
```bash tab="CLI"
--providers.zookeeper.endpoints=127.0.0.1:2181
```
@ -39,17 +39,17 @@ _Required, Default="traefik"_
Defines the root key of the configuration.
```toml tab="File (TOML)"
[providers.zooKeeper]
rootKey = "traefik"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
rootKey: "traefik"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
rootKey = "traefik"
```
```bash tab="CLI"
--providers.zookeeper.rootkey=traefik
```
@ -60,12 +60,6 @@ _Optional, Default=""_
Defines a username to connect with ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
username = "foo"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -73,6 +67,12 @@ providers:
usename: "foo"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
username = "foo"
```
```bash tab="CLI"
--providers.zookeeper.username=foo
```
@ -83,12 +83,6 @@ _Optional, Default=""_
Defines a password to connect with ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
password = "bar"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -96,6 +90,12 @@ providers:
password: "bar"
```
```toml tab="File (TOML)"
[providers.zooKeeper]
# ...
password = "bar"
```
```bash tab="CLI"
--providers.zookeeper.password=foo
```
@ -108,11 +108,6 @@ _Optional_
Certificate Authority used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -120,6 +115,11 @@ providers:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--providers.zookeeper.tls.ca=path/to/ca.crt
```
@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the
When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -148,6 +143,11 @@ providers:
caOptional: true
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
caOptional = true
```
```bash tab="CLI"
--providers.zookeeper.tls.caOptional=true
```
@ -156,12 +156,6 @@ providers:
Public certificate used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -170,6 +164,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.zookeeper.tls.cert=path/to/foo.cert
--providers.zookeeper.tls.key=path/to/foo.key
@ -179,12 +179,6 @@ providers:
Private certificate used for the secure connection to ZooKeeper.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -193,6 +187,12 @@ providers:
key: path/to/foo.key
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--providers.zookeeper.tls.cert=path/to/foo.cert
--providers.zookeeper.tls.key=path/to/foo.key
@ -202,11 +202,6 @@ providers:
If `insecureSkipVerify` is `true`, the TLS connection to Zookeeper accepts any certificate presented by the server regardless of the hostnames it covers.
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
zooKeeper:
@ -214,6 +209,11 @@ providers:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[providers.zooKeeper.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--providers.zookeeper.tls.insecureSkipVerify=true
```

8
docs/content/reference/dynamic-configuration/file.md
View file

@ -3,10 +3,10 @@
Dynamic configuration with files
{: .subtitle }
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/dynamic-configuration/file.yaml"
```
```toml tab="TOML"
--8<-- "content/reference/dynamic-configuration/file.toml"
```

2
docs/content/reference/static-configuration/cli-ref.md
View file

@ -517,7 +517,7 @@ KV Username
Enable debug logging of generated configuration template. (Default: ```false```)
`--providers.file.directory`:
Load dynamic configuration from one or more .toml or .yml files in a directory.
Load dynamic configuration from one or more .yml or .toml files in a directory.
`--providers.file.filename`:
Load dynamic configuration from a file.

2
docs/content/reference/static-configuration/env-ref.md
View file

@ -517,7 +517,7 @@ KV Username
Enable debug logging of generated configuration template. (Default: ```false```)
`TRAEFIK_PROVIDERS_FILE_DIRECTORY`:
Load dynamic configuration from one or more .toml or .yml files in a directory.
Load dynamic configuration from one or more .yml or .toml files in a directory.
`TRAEFIK_PROVIDERS_FILE_FILENAME`:
Load dynamic configuration from a file.

8
docs/content/reference/static-configuration/file.md
View file

@ -1,9 +1,9 @@
# Static Configuration: File
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```
```yml tab="YAML"
--8<-- "content/reference/static-configuration/file.yaml"
```
```toml tab="TOML"
--8<-- "content/reference/static-configuration/file.toml"
```

460
docs/content/routing/entrypoints.md
View file

@ -13,13 +13,6 @@ and whether to listen for TCP or UDP.
??? example "Port 80 only"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -27,6 +20,13 @@ and whether to listen for TCP or UDP.
address: ":80"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@ -36,16 +36,6 @@ and whether to listen for TCP or UDP.
??? example "Port 80 & 443"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -56,6 +46,16 @@ and whether to listen for TCP or UDP.
address: ":443"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@ -67,13 +67,6 @@ and whether to listen for TCP or UDP.
??? example "UDP on port 1704"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.streaming]
address = ":1704/udp"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -81,6 +74,13 @@ and whether to listen for TCP or UDP.
address: ":1704/udp"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.streaming]
address = ":1704/udp"
```
```bash tab="CLI"
## Static configuration
--entryPoints.streaming.address=:1704/udp
@ -91,31 +91,10 @@ and whether to listen for TCP or UDP.
### General
EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
They can be defined by using a file (TOML or YAML) or CLI arguments.
They can be defined by using a file (YAML or TOML) or CLI arguments.
??? info "See the complete reference for the list of available options"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888" # same as ":8888/tcp"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.name.proxyProtocol]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
[entryPoints.name.forwardedHeaders]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -141,6 +120,27 @@ They can be defined by using a file (TOML or YAML) or CLI arguments.
- "192.168.0.1"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888" # same as ":8888/tcp"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.name.proxyProtocol]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
[entryPoints.name.forwardedHeaders]
insecure = true
trustedIPs = ["127.0.0.1", "192.168.0.1"]
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888 # same as :8888/tcp
@ -170,15 +170,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
??? example "Both TCP and UDP on Port 3179"
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.tcpep]
address = ":3179"
[entryPoints.udpep]
address = ":3179/udp"
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -188,6 +179,15 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
address: ":3179/udp"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.tcpep]
address = ":3179"
[entryPoints.udpep]
address = ":3179/udp"
```
```bash tab="CLI"
## Static configuration
--entryPoints.tcpep.address=:3179
@ -196,13 +196,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
??? example "Listen on Specific IP Addresses Only"
```toml tab="File (TOML)"
[entryPoints.specificIPv4]
address = "192.168.2.7:8888"
[entryPoints.specificIPv6]
address = "[2001:db8::1]:8888"
```
```yaml tab="File (yaml)"
entryPoints:
specificIPv4:
@ -211,6 +204,13 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
address: "[2001:db8::1]:8888"
```
```toml tab="File (TOML)"
[entryPoints.specificIPv4]
address = "192.168.2.7:8888"
[entryPoints.specificIPv6]
address = "[2001:db8::1]:8888"
```
```bash tab="CLI"
--entrypoints.specificIPv4.address=192.168.2.7:8888
--entrypoints.specificIPv6.address=[2001:db8::1]:8888
@ -226,16 +226,6 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
Trusting Forwarded Headers from specific IPs.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -247,6 +237,16 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
- "192.168.1.7"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@ -257,6 +257,15 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
Insecure Mode (Always Trusting Forwarded Headers).
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
forwardedHeaders:
insecure: true
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
@ -267,15 +276,6 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
insecure = true
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
forwardedHeaders:
insecure: true
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@ -299,16 +299,6 @@ Setting them has no effect for UDP entryPoints.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -319,6 +309,16 @@ Setting them has no effect for UDP entryPoints.
readTimeout: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
readTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
@ -336,16 +336,6 @@ Setting them has no effect for UDP entryPoints.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
writeTimeout = 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -356,6 +346,16 @@ Setting them has no effect for UDP entryPoints.
writeTimeout: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
writeTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
@ -372,16 +372,6 @@ Setting them has no effect for UDP entryPoints.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
idleTimeout = 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -392,6 +382,16 @@ Setting them has no effect for UDP entryPoints.
idleTimeout: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.respondingTimeouts]
idleTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
@ -414,16 +414,6 @@ Controls the behavior of Traefik during the shutdown phase.
If no units are provided, the value is parsed assuming seconds.
The zero duration disables the request accepting grace period, i.e., Traefik will immediately proceed to the grace period.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -434,6 +424,16 @@ Controls the behavior of Traefik during the shutdown phase.
requestAcceptGraceTimeout: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
requestAcceptGraceTimeout = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
@ -452,16 +452,6 @@ Controls the behavior of Traefik during the shutdown phase.
!!! warning "In this time frame no new requests are accepted."
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
graceTimeOut = 42
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -472,6 +462,16 @@ Controls the behavior of Traefik during the shutdown phase.
graceTimeOut: 42
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.name]
address = ":8888"
[entryPoints.name.transport]
[entryPoints.name.transport.lifeCycle]
graceTimeOut = 42
```
```bash tab="CLI"
## Static configuration
--entryPoints.name.address=:8888
@ -490,16 +490,6 @@ If the Proxy Protocol header is passed, then the version is determined automatic
Enabling Proxy Protocol with Trusted IPs.
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -511,6 +501,16 @@ If the Proxy Protocol header is passed, then the version is determined automatic
- "192.168.1.7"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7
@ -525,6 +525,15 @@ If the Proxy Protocol header is passed, then the version is determined automatic
In a test environments, you can configure Traefik to trust every incoming connection.
Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
proxyProtocol:
insecure: true
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
@ -535,15 +544,6 @@ If the Proxy Protocol header is passed, then the version is determined automatic
insecure = true
```
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
web:
address: ":80"
proxyProtocol:
insecure: true
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure
@ -562,20 +562,6 @@ This whole section is dedicated to options, keyed by entry point, that will appl
??? example "HTTPS redirection (80 to 443)"
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```yaml tab="File (YAML)"
entryPoints:
web:
@ -590,6 +576,20 @@ This whole section is dedicated to options, keyed by entry point, that will appl
address: :443
```
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.web.http]
[entryPoints.web.http.redirections]
[entryPoints.web.http.redirections.entryPoint]
to = "websecure"
scheme = "https"
[entryPoints.websecure]
address = ":443"
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entryPoint.to=websecure
@ -610,14 +610,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
- an entry point name (ex: `websecure`)
- a port (`:443`)
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
to = "websecure"
```
```yaml tab="File (YAML)"
entryPoints:
foo:
@ -628,6 +620,14 @@ This section is a convenience to enable (permanent) redirecting of all incoming
to: websecure
```
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
to = "websecure"
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.to=websecure
```
@ -638,15 +638,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
The redirection target scheme.
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
scheme = "https"
```
```yaml tab="File (YAML)"
entryPoints:
foo:
@ -658,6 +649,15 @@ This section is a convenience to enable (permanent) redirecting of all incoming
scheme: https
```
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
scheme = "https"
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.scheme=https
```
@ -668,15 +668,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
To apply a permanent redirection.
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
permanent = true
```
```yaml tab="File (YAML)"
entryPoints:
foo:
@ -688,6 +679,15 @@ This section is a convenience to enable (permanent) redirecting of all incoming
permanent: true
```
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
permanent = true
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.permanent=true
```
@ -698,15 +698,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
Priority of the generated router.
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
priority = 10
```
```yaml tab="File (YAML)"
entryPoints:
foo:
@ -718,6 +709,15 @@ This section is a convenience to enable (permanent) redirecting of all incoming
priority: 10
```
```toml tab="File (TOML)"
[entryPoints.foo]
# ...
[entryPoints.foo.http.redirections]
[entryPoints.foo.http.redirections.entryPoint]
# ...
priority = 10
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.priority=10
```
@ -726,14 +726,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming
The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point.
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
middlewares = ["auth@file", "strip@file"]
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
@ -744,6 +736,14 @@ entryPoints:
- strip@file
```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
middlewares = ["auth@file", "strip@file"]
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.middlewares=auth@file,strip@file
@ -757,21 +757,6 @@ If a TLS section (i.e. any of its fields) is user-defined, then the default conf
The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls).
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
options = "foobar"
certResolver = "leresolver"
[[entryPoints.websecure.http.tls.domains]]
main = "example.com"
sans = ["foo.example.com", "bar.example.com"]
[[entryPoints.websecure.http.tls.domains]]
main = "test.com"
sans = ["foo.test.com", "bar.test.com"]
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
@ -791,6 +776,21 @@ entryPoints:
- bar.test.com
```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
options = "foobar"
certResolver = "leresolver"
[[entryPoints.websecure.http.tls.domains]]
main = "example.com"
sans = ["foo.example.com", "bar.example.com"]
[[entryPoints.websecure.http.tls.domains]]
main = "test.com"
sans = ["foo.test.com", "bar.test.com"]
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.options=foobar
@ -803,14 +803,6 @@ entryPoints:
??? example "Let's Encrypt"
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "leresolver"
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
@ -820,6 +812,14 @@ entryPoints:
certResolver: leresolver
```
```toml tab="File (TOML)"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
certResolver = "leresolver"
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.certResolver=leresolver

264
docs/content/routing/overview.md
View file

@ -26,18 +26,6 @@ In the process, Traefik will make sure that the user is authenticated (using the
Static configuration:
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)"
entryPoints:
web:
@ -50,6 +38,18 @@ providers:
directory: /path/to/dynamic/conf
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081
@ -60,30 +60,6 @@ providers:
Dynamic configuration:
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
```
```yaml tab="YAML"
# http routing section
http:
@ -112,56 +88,9 @@ http:
- url: http://private/whoami-service
```
!!! info ""
In this example, we use the [file provider](../providers/file.md).
Even if it is one of the least magical way of configuring Traefik, it explicitly describes every available notion.
!!! info "HTTP / TCP"
In this example, we've defined routing rules for http requests only.
Traefik also supports TCP requests. To add [TCP routers](./routers/index.md) and [TCP services](./services/index.md), declare them in a TCP section like in the following.
??? example "Adding a TCP route for TLS requests on whoami.example.com"
**Static Configuration**
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```yaml tab="File (YAML)"
entryPoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in file
file:
directory: /path/to/dynamic/conf
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081
# Enable the file provider to define routers / middlewares / services in file
--providers.file.directory=/path/to/dynamic/conf
```
**Dynamic Configuration**
```toml tab="TOML"
# http routing section
[http]
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
@ -181,20 +110,55 @@ http:
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
```
[tcp]
[tcp.routers]
[tcp.routers.to-whoami-tcp]
rule = "HostSNI(`whoami-tcp.example.com`)"
service = "whoami-tcp"
[tcp.routers.to-whoami-tcp.tls]
!!! info ""
[tcp.services]
[tcp.services.whoami-tcp.loadBalancer]
[[tcp.services.whoami-tcp.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
In this example, we use the [file provider](../providers/file.md).
Even if it is one of the least magical way of configuring Traefik, it explicitly describes every available notion.
!!! info "HTTP / TCP"
In this example, we've defined routing rules for http requests only.
Traefik also supports TCP requests. To add [TCP routers](./routers/index.md) and [TCP services](./services/index.md), declare them in a TCP section like in the following.
??? example "Adding a TCP route for TLS requests on whoami.example.com"
**Static Configuration**
```yaml tab="File (YAML)"
entryPoints:
web:
# Listen on port 8081 for incoming requests
address: :8081
providers:
# Enable the file provider to define routers / middlewares / services in file
file:
directory: /path/to/dynamic/conf
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
address = ":8081"
[providers]
# Enable the file provider to define routers / middlewares / services in file
[providers.file]
directory = "/path/to/dynamic/conf"
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081
# Enable the file provider to define routers / middlewares / services in file
--providers.file.directory=/path/to/dynamic/conf
```
**Dynamic Configuration**
```yaml tab="YAML"
# http routing section
http:
@ -237,6 +201,42 @@ http:
- address: xx.xx.xx.xx:xx
```
```toml tab="TOML"
# http routing section
[http]
[http.routers]
# Define a connection between requests and services
[http.routers.to-whoami]
rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
# If the rule matches, applies the middleware
middlewares = ["test-user"]
# If the rule matches, forward to the whoami service (declared below)
service = "whoami"
[http.middlewares]
# Define an authentication mechanism
[http.middlewares.test-user.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.services]
# Define how to reach an existing service on our infrastructure
[http.services.whoami.loadBalancer]
[[http.services.whoami.loadBalancer.servers]]
url = "http://private/whoami-service"
[tcp]
[tcp.routers]
[tcp.routers.to-whoami-tcp]
rule = "HostSNI(`whoami-tcp.example.com`)"
service = "whoami-tcp"
[tcp.routers.to-whoami-tcp.tls]
[tcp.services]
[tcp.services.whoami-tcp.loadBalancer]
[[tcp.services.whoami-tcp.loadBalancer.servers]]
address = "xx.xx.xx.xx:xx"
```
## Transport configuration
Most of what happens to the connection between the clients and Traefik,
@ -254,18 +254,18 @@ _Optional, Default=false_
`insecureSkipVerify` disables SSL certificate verification.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
insecureSkipVerify = true
```
```bash tab="CLI"
## Static configuration
--serversTransport.insecureSkipVerify=true
@ -278,12 +278,6 @@ _Optional_
`rootCAs` is the list of certificates (as file paths, or data bytes)
that will be set as Root Certificate Authorities when using a self-signed TLS certificate.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
rootCAs = ["foo.crt", "bar.crt"]
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@ -292,6 +286,12 @@ serversTransport:
- bar.crt
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
rootCAs = ["foo.crt", "bar.crt"]
```
```bash tab="CLI"
## Static configuration
--serversTransport.rootCAs=foo.crt,bar.crt
@ -303,18 +303,18 @@ _Optional, Default=2_
If non-zero, `maxIdleConnsPerHost` controls the maximum idle (keep-alive) connections to keep per-host.
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
maxIdleConnsPerHost = 7
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
maxIdleConnsPerHost: 7
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport]
maxIdleConnsPerHost = 7
```
```bash tab="CLI"
## Static configuration
--serversTransport.maxIdleConnsPerHost=7
@ -331,12 +331,6 @@ _Optional, Default=30s_
`dialTimeout` is the maximum duration allowed for a connection to a backend server to be established.
Zero means no timeout.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
dialTimeout = "1s"
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@ -344,6 +338,12 @@ serversTransport:
dialTimeout: 1s
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
dialTimeout = "1s"
```
```bash tab="CLI"
## Static configuration
--serversTransport.forwardingTimeouts.dialTimeout=1s
@ -358,12 +358,6 @@ after fully writing the request (including its body, if any).
This time does not include the time to read the response body.
Zero means no timeout.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
responseHeaderTimeout = "1s"
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@ -371,6 +365,12 @@ serversTransport:
responseHeaderTimeout: 1s
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
responseHeaderTimeout = "1s"
```
```bash tab="CLI"
## Static configuration
--serversTransport.forwardingTimeouts.responseHeaderTimeout=1s
@ -384,12 +384,6 @@ _Optional, Default=90s_
will remain idle before closing itself.
Zero means no limit.
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
idleConnTimeout = "1s"
```
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
@ -397,6 +391,12 @@ serversTransport:
idleConnTimeout: 1s
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.forwardingTimeouts]
idleConnTimeout = "1s"
```
```bash tab="CLI"
## Static configuration
--serversTransport.forwardingTimeouts.idleConnTimeout=1s

26
docs/content/routing/providers/docker.md
View file

@ -13,15 +13,15 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider
```toml tab="File (TOML)"
[providers.docker]
```
```yaml tab="File (YAML)"
providers:
docker: {}
```
```toml tab="File (TOML)"
[providers.docker]
```
```bash tab="CLI"
--providers.docker=true
```
@ -82,15 +82,6 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider (Swarm Mode)
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```yaml tab="File (YAML)"
providers:
docker:
@ -101,6 +92,15 @@ Attach labels to your containers and let Traefik do the rest!
swarmMode: true
```
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```bash tab="CLI"
# swarm classic (1.12-)
# --providers.docker.endpoint=tcp://127.0.0.1:2375

16
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -341,14 +341,6 @@ TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entry
--entrypoints.websecure.http.tls
```
```toml tab="File (TOML)"
# Static configuration
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
```
```yaml tab="File (YAML)"
# Static configuration
entryPoints:
@ -358,6 +350,14 @@ entryPoints:
tls: {}
```
```toml tab="File (TOML)"
# Static configuration
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http.tls]
```
This way, any Ingress attached to this Entrypoint will have TLS termination by default.
??? example "Configuring Kubernetes Ingress Controller with TLS on Entrypoint"

660
docs/content/routing/routers/index.md
View file

@ -13,14 +13,6 @@ or act before forwarding the request to the service.
??? example "Requests /foo are Handled by service-foo -- Using the [File Provider](../../providers/file.md)"
```toml tab="TOML"
## Dynamic configuration
[http.routers]
[http.routers.my-router]
rule = "Path(`/foo`)"
service = "service-foo"
```
```yaml tab="YAML"
## Dynamic configuration
http:
@ -30,21 +22,18 @@ or act before forwarding the request to the service.
service: service-foo
```
```toml tab="TOML"
## Dynamic configuration
[http.routers]
[http.routers.my-router]
rule = "Path(`/foo`)"
service = "service-foo"
```
??? example "Forwarding all (non-tls) requests on port 3306 to a database service"
**Dynamic Configuration**
```toml tab="File (TOML)"
## Dynamic configuration
[tcp]
[tcp.routers]
[tcp.routers.to-database]
entryPoints = ["mysql"]
# Catch every request (only available rule for non-tls routers. See below.)
rule = "HostSNI(`*`)"
service = "database"
```
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
@ -57,17 +46,19 @@ or act before forwarding the request to the service.
service: database
```
**Static Configuration**
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.mysql]
address = ":3306"
## Dynamic configuration
[tcp]
[tcp.routers]
[tcp.routers.to-database]
entryPoints = ["mysql"]
# Catch every request (only available rule for non-tls routers. See below.)
rule = "HostSNI(`*`)"
service = "database"
```
**Static Configuration**
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -77,6 +68,15 @@ or act before forwarding the request to the service.
address: ":3306"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.mysql]
address = ":3306"
```
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
@ -96,15 +96,6 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
**Dynamic Configuration**
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
# By default, routers listen to every entry points
rule = "Host(`example.com`)"
service = "service-1"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -115,19 +106,17 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
service: "service-1"
```
**Static Configuration**
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
# By default, routers listen to every entry points
rule = "Host(`example.com`)"
service = "service-1"
```
**Static Configuration**
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -139,6 +128,17 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
address: ":9090"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
```
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
@ -150,16 +150,6 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
**Dynamic Configuration**
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
# won't listen to entry point web
entryPoints = ["websecure", "other"]
rule = "Host(`example.com`)"
service = "service-1"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -173,19 +163,18 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
service: "service-1"
```
**Static Configuration**
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
# won't listen to entry point web
entryPoints = ["websecure", "other"]
rule = "Host(`example.com`)"
service = "service-1"
```
**Static Configuration**
```yaml tab="File (YAML)"
## Static configuration
entryPoints:
@ -197,6 +186,17 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
address: ":9090"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
```
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
@ -276,17 +276,6 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
??? info "How default priorities are computed"
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "HostRegexp(`.*\.traefik\.com`)"
# ...
[http.routers.Router-2]
rule = "Host(`foobar.traefik.com`)"
# ...
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -299,6 +288,17 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
# ...
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "HostRegexp(`.*\.traefik\.com`)"
# ...
[http.routers.Router-2]
rule = "Host(`foobar.traefik.com`)"
# ...
```
In this case, all requests with host `foobar.traefik.com` will be routed through `Router-1` instead of `Router-2`.
| Name | Rule | Priority |
@ -312,21 +312,6 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
??? example "Set priorities -- using the [File Provider](../../providers/file.md)"
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "HostRegexp(`.*\.traefik\.com`)"
entryPoints = ["web"]
service = "service-1"
priority = 1
[http.routers.Router-2]
rule = "Host(`foobar.traefik.com`)"
entryPoints = ["web"]
priority = 2
service = "service-2"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -345,6 +330,21 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
service: service-2
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "HostRegexp(`.*\.traefik\.com`)"
entryPoints = ["web"]
service = "service-1"
priority = 1
[http.routers.Router-2]
rule = "Host(`foobar.traefik.com`)"
entryPoints = ["web"]
priority = 2
service = "service-2"
```
In this configuration, the priority is configured to allow `Router-2` to handle requests with the `foobar.traefik.com` host.
### Middlewares
@ -360,16 +360,6 @@ The middlewares will take effect only if the rule matches, and before forwarding
??? example "With a [middleware](../../middlewares/overview.md) -- using the [File Provider](../../providers/file.md)"
```toml tab="TOML"
## Dynamic configuration
[http.routers]
[http.routers.my-router]
rule = "Path(`/foo`)"
# declared elsewhere
middlewares = ["authentication"]
service = "service-foo"
```
```yaml tab="YAML"
## Dynamic configuration
http:
@ -382,6 +372,16 @@ The middlewares will take effect only if the rule matches, and before forwarding
service: service-foo
```
```toml tab="TOML"
## Dynamic configuration
[http.routers]
[http.routers.my-router]
rule = "Path(`/foo`)"
# declared elsewhere
middlewares = ["authentication"]
service = "service-foo"
```
### Service
Each request must eventually be handled by a [service](../services/index.md),
@ -406,16 +406,6 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
??? example "Configuring the router to accept HTTPS requests only"
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -427,6 +417,16 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
tls: {}
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
```
!!! important "Routers for HTTP & HTTPS"
If you need to define the same route for both HTTP and HTTPS requests, you will need to define two different routers:
@ -434,20 +434,6 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
??? example "HTTP & HTTPS routes"
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.my-https-router]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
# will terminate the TLS request
[http.routers.my-https-router.tls]
[http.routers.my-http-router]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -463,6 +449,20 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted
service: service-id
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.my-https-router]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
# will terminate the TLS request
[http.routers.my-https-router.tls]
[http.routers.my-http-router]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
```
#### `options`
The `options` field enables fine-grained control of the TLS parameters.
@ -485,28 +485,6 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
??? example "Configuring the TLS options"
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
options = "foo"
[tls.options]
[tls.options.foo]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -530,27 +508,34 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`foo-domain`) && Path(`/foo-path/`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
options = "foo"
[tls.options]
[tls.options.foo]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
```
!!! important "Conflicting TLS Options"
Since a TLS options reference is mapped to a host name,
if a configuration introduces a situation where the same host name (from a `Host` rule) gets matched with two TLS options references,
a conflict occurs, such as in the example below:
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.routerfoo]
rule = "Host(`snitest.com`) && Path(`/foo`)"
[http.routers.routerfoo.tls]
options = "foo"
[http.routers]
[http.routers.routerbar]
rule = "Host(`snitest.com`) && Path(`/bar`)"
[http.routers.routerbar.tls]
options = "bar"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -566,21 +551,27 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
options: bar
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.routerfoo]
rule = "Host(`snitest.com`) && Path(`/foo`)"
[http.routers.routerfoo.tls]
options = "foo"
[http.routers]
[http.routers.routerbar]
rule = "Host(`snitest.com`) && Path(`/bar`)"
[http.routers.routerbar.tls]
options = "bar"
```
If that happens, both mappings are discarded, and the host name (`snitest.com` in this case) for these routers gets associated with the default TLS options instead.
#### `certResolver`
If `certResolver` is defined, Traefik will try to generate certificates based on routers `Host` & `HostSNI` rules.
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.routerfoo]
rule = "Host(`snitest.com`) && Path(`/foo`)"
[http.routers.routerfoo.tls]
certResolver = "foo"
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -591,6 +582,15 @@ http:
certResolver: foo
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.routerfoo]
rule = "Host(`snitest.com`) && Path(`/foo`)"
[http.routers.routerfoo.tls]
certResolver = "foo"
```
!!! info "Multiple Hosts in a Rule"
The rule ```Host(`test1.example.com`,`test2.example.com`)``` will request a certificate with the main domain `test1.example.com` and SAN `test2.example.com`.
@ -600,18 +600,6 @@ You can set SANs (alternative domains) for each main domain.
Every domain must have A/AAAA records pointing to Traefik.
Each domain & SAN will lead to a certificate request.
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.routerbar]
rule = "Host(`snitest.com`) && Path(`/bar`)"
[http.routers.routerbar.tls]
certResolver = "bar"
[[http.routers.routerbar.tls.domains]]
main = "snitest.com"
sans = ["*.snitest.com"]
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
@ -626,6 +614,18 @@ http:
- "*.snitest.com"
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.routerbar]
rule = "Host(`snitest.com`) && Path(`/bar`)"
[http.routers.routerbar.tls]
certResolver = "bar"
[[http.routers.routerbar.tls.domains]]
main = "snitest.com"
sans = ["*.snitest.com"]
```
[ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](../../https/acme.md#dnschallenge).
@ -660,18 +660,6 @@ If you want to limit the router scope to a set of entry points, set the entry po
**Dynamic Configuration**
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
# By default, routers listen to every entrypoints
rule = "HostSNI(`example.com`)"
service = "service-1"
# will route TLS requests (and ignore non tls requests)
[tcp.routers.Router-1.tls]
```
```yaml tab="File (YAML)"
## Dynamic configuration
@ -685,20 +673,20 @@ If you want to limit the router scope to a set of entry points, set the entry po
tls: {}
```
**Static Configuration**
```toml tab="File (TOML)"
## Static configuration
## Dynamic configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
[tcp.routers]
[tcp.routers.Router-1]
# By default, routers listen to every entrypoints
rule = "HostSNI(`example.com`)"
service = "service-1"
# will route TLS requests (and ignore non tls requests)
[tcp.routers.Router-1.tls]
```
**Static Configuration**
```yaml tab="File (YAML)"
## Static configuration
@ -711,6 +699,18 @@ If you want to limit the router scope to a set of entry points, set the entry po
address: ":9090"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
```
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
@ -722,18 +722,6 @@ If you want to limit the router scope to a set of entry points, set the entry po
**Dynamic Configuration**
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
# won't listen to entry point web
entryPoints = ["websecure", "other"]
rule = "HostSNI(`example.com`)"
service = "service-1"
# will route TLS requests (and ignore non tls requests)
[tcp.routers.Router-1.tls]
```
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
@ -749,20 +737,20 @@ If you want to limit the router scope to a set of entry points, set the entry po
tls: {}
```
**Static Configuration**
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
# won't listen to entry point web
entryPoints = ["websecure", "other"]
rule = "HostSNI(`example.com`)"
service = "service-1"
# will route TLS requests (and ignore non tls requests)
[tcp.routers.Router-1.tls]
```
**Static Configuration**
```yaml tab="File (YAML)"
## Static configuration
@ -775,6 +763,18 @@ If you want to limit the router scope to a set of entry points, set the entry po
address: ":9090"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.other]
address = ":9090"
```
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
@ -817,16 +817,6 @@ By default, a router with a TLS section will terminate the TLS connections, mean
??? example "Router for TLS requests"
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
rule = "HostSNI(`foo-domain`)"
service = "service-id"
# will terminate the TLS request by default
[tcp.routers.Router-1.tls]
```
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
@ -838,6 +828,16 @@ By default, a router with a TLS section will terminate the TLS connections, mean
tls: {}
```
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
rule = "HostSNI(`foo-domain`)"
service = "service-id"
# will terminate the TLS request by default
[tcp.routers.Router-1.tls]
```
#### `passthrough`
As seen above, a TLS router will terminate the TLS connection by default.
@ -847,16 +847,6 @@ It defaults to `false`.
??? example "Configuring passthrough"
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
rule = "HostSNI(`foo-domain`)"
service = "service-id"
[tcp.routers.Router-1.tls]
passthrough = true
```
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
@ -868,35 +858,23 @@ It defaults to `false`.
passthrough: true
```
#### `options`
The `options` field enables fine-grained control of the TLS parameters.
It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `HostSNI` rule is defined.
!!! example "Configuring the tls options"
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
rule = "HostSNI(`foo-domain`)"
service = "service-id"
# will terminate the TLS request
[tcp.routers.Router-1.tls]
options = "foo"
[tls.options]
[tls.options.foo]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
passthrough = true
```
#### `options`
The `options` field enables fine-grained control of the TLS parameters.
It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `HostSNI` rule is defined.
!!! example "Configuring the tls options"
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
@ -920,19 +898,32 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
rule = "HostSNI(`foo-domain`)"
service = "service-id"
# will terminate the TLS request
[tcp.routers.Router-1.tls]
options = "foo"
[tls.options]
[tls.options.foo]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
]
```
#### `certResolver`
See [`certResolver` for HTTP router](./index.md#certresolver) for more information.
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.routerfoo]
rule = "HostSNI(`snitest.com`)"
[tcp.routers.routerfoo.tls]
certResolver = "foo"
```
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
@ -943,22 +934,19 @@ tcp:
certResolver: foo
```
#### `domains`
See [`domains` for HTTP router](./index.md#domains) for more information.
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.routerbar]
[tcp.routers.routerfoo]
rule = "HostSNI(`snitest.com`)"
[tcp.routers.routerbar.tls]
certResolver = "bar"
[[tcp.routers.routerbar.tls.domains]]
main = "snitest.com"
sans = ["*.snitest.com"]
[tcp.routers.routerfoo.tls]
certResolver = "foo"
```
#### `domains`
See [`domains` for HTTP router](./index.md#domains) for more information.
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
@ -973,6 +961,18 @@ tcp:
- "*.snitest.com"
```
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.routerbar]
rule = "HostSNI(`snitest.com`)"
[tcp.routers.routerbar.tls]
certResolver = "bar"
[[tcp.routers.routerbar.tls.domains]]
main = "snitest.com"
sans = ["*.snitest.com"]
```
## Configuring UDP Routers
!!! warning "The character `@` is not allowed in the router name"
@ -1005,16 +1005,6 @@ If one wants to limit the router scope to a set of entry points, one should set
**Dynamic Configuration**
```toml tab="File (TOML)"
## Dynamic configuration
[udp.routers]
[udp.routers.Router-1]
# By default, routers listen to all UDP entrypoints,
# i.e. "other", and "streaming".
service = "service-1"
```
```yaml tab="File (YAML)"
## Dynamic configuration
@ -1026,22 +1016,18 @@ If one wants to limit the router scope to a set of entry points, one should set
service: "service-1"
```
**Static Configuration**
```toml tab="File (TOML)"
## Static configuration
## Dynamic configuration
[entryPoints]
# not used by UDP routers
[entryPoints.web]
address = ":80"
# used by UDP routers
[entryPoints.other]
address = ":9090/udp"
[entryPoints.streaming]
address = ":9191/udp"
[udp.routers]
[udp.routers.Router-1]
# By default, routers listen to all UDP entrypoints,
# i.e. "other", and "streaming".
service = "service-1"
```
**Static Configuration**
```yaml tab="File (YAML)"
## Static configuration
@ -1056,6 +1042,20 @@ If one wants to limit the router scope to a set of entry points, one should set
address: ":9191/udp"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
# not used by UDP routers
[entryPoints.web]
address = ":80"
# used by UDP routers
[entryPoints.other]
address = ":9090/udp"
[entryPoints.streaming]
address = ":9191/udp"
```
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=":80"
@ -1067,15 +1067,6 @@ If one wants to limit the router scope to a set of entry points, one should set
**Dynamic Configuration**
```toml tab="File (TOML)"
## Dynamic configuration
[udp.routers]
[udp.routers.Router-1]
# does not listen on "other" entry point
entryPoints = ["streaming"]
service = "service-1"
```
```yaml tab="File (YAML)"
## Dynamic configuration
udp:
@ -1087,20 +1078,17 @@ If one wants to limit the router scope to a set of entry points, one should set
service: "service-1"
```
**Static Configuration**
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.other]
address = ":9090/udp"
[entryPoints.streaming]
address = ":9191/udp"
## Dynamic configuration
[udp.routers]
[udp.routers.Router-1]
# does not listen on "other" entry point
entryPoints = ["streaming"]
service = "service-1"
```
**Static Configuration**
```yaml tab="File (YAML)"
## Static configuration
@ -1113,6 +1101,18 @@ If one wants to limit the router scope to a set of entry points, one should set
address: ":9191/udp"
```
```toml tab="File (TOML)"
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.other]
address = ":9090/udp"
[entryPoints.streaming]
address = ":9191/udp"
```
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=":80"

648
docs/content/routing/services/index.md
View file

File diff suppressed because it is too large Load diff

132
docs/content/user-guides/grpc.md
View file

@ -8,17 +8,6 @@ This section explains how to use Traefik as reverse proxy for gRPC application.
Static configuration:
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="File (YAML)"
entryPoints:
web:
@ -31,13 +20,40 @@ providers:
api: {}
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[api]
[providers.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="CLI"
--entryPoints.web.address=:80
--providers.file.directory=/path/to/dynamic/config
--api.insecure=true
```
`/path/to/dynamic/config/dynamic_conf.{toml,yml}`:
`/path/to/dynamic/config/dynamic_conf.{yml,toml}`:
```yaml tab="YAML"
## dynamic configuration ##
http:
routers:
routerTest:
service: srv-grpc
rule: Host(`frontend.local`)
services:
srv-grpc:
loadBalancer:
servers:
- url: h2c://backend.local:8080
```
```toml tab="TOML"
## dynamic configuration ##
@ -56,22 +72,6 @@ api: {}
url = "h2c://backend.local:8080"
```
```yaml tab="YAML"
## dynamic configuration ##
http:
routers:
routerTest:
service: srv-grpc
rule: Host(`frontend.local`)
services:
srv-grpc:
loadBalancer:
servers:
- url: h2c://backend.local:8080
```
!!! warning
For providers with labels, you will have to specify the `traefik.http.services.<my-service-name>.loadbalancer.server.scheme=h2c`
@ -119,22 +119,6 @@ At last, we configure our Traefik instance to use both self-signed certificates.
Static configuration:
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.websecure]
address = ":4443"
[serversTransport]
# For secure connection on backend.local
rootCAs = [ "./backend.cert" ]
[api]
[provider.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="File (YAML)"
entryPoints:
websecure:
@ -152,6 +136,22 @@ providers:
api: {}
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.websecure]
address = ":4443"
[serversTransport]
# For secure connection on backend.local
rootCAs = [ "./backend.cert" ]
[api]
[provider.file]
directory = "/path/to/dynamic/config"
```
```yaml tab="CLI"
--entryPoints.websecure.address=:4443
# For secure connection on backend.local
@ -160,7 +160,28 @@ api: {}
--api.insecure=true
```
`/path/to/dynamic/config/dynamic_conf.{toml,yml}`:
`/path/to/dynamic/config/dynamic_conf.{yml,toml}`:
```yaml tab="YAML"
## dynamic configuration ##
http:
routers:
routerTest:
service: srv-grpc
rule: Host(`frontend.local`)
services:
srv-grpc:
loadBalancer:
servers:
# Access on backend with HTTPS
- url: https://backend.local:8080
tls:
# For secure connection on frontend.local
certificates:
- certfile: ./frontend.cert
keyfile: ./frontend.key
```
```toml tab="TOML"
## dynamic configuration ##
@ -187,27 +208,6 @@ api: {}
keyFile = "./frontend.key"
```
```yaml tab="YAML"
## dynamic configuration ##
http:
routers:
routerTest:
service: srv-grpc
rule: Host(`frontend.local`)
services:
srv-grpc:
loadBalancer:
servers:
# Access on backend with HTTPS
- url: https://backend.local:8080
tls:
# For secure connection on frontend.local
certificates:
- certfile: ./frontend.cert
keyfile: ./frontend.key
```
!!! warning
With some services, the server URLs use the IP, so you may need to configure `insecureSkipVerify` instead of the `rootCAs` to activate HTTPS without hostname verification.

2
pkg/provider/file/file.go
View file

@ -26,7 +26,7 @@ var _ provider.Provider = (*Provider)(nil)
// Provider holds configurations of the provider.
type Provider struct {
Directory string `description:"Load dynamic configuration from one or more .toml or .yml files in a directory." json:"directory,omitempty" toml:"directory,omitempty" yaml:"directory,omitempty" export:"true"`
Directory string `description:"Load dynamic configuration from one or more .yml or .toml files in a directory." json:"directory,omitempty" toml:"directory,omitempty" yaml:"directory,omitempty" export:"true"`
Watch bool `description:"Watch provider." json:"watch,omitempty" toml:"watch,omitempty" yaml:"watch,omitempty" export:"true"`
Filename string `description:"Load dynamic configuration from a file." json:"filename,omitempty" toml:"filename,omitempty" yaml:"filename,omitempty" export:"true"`
DebugLogGeneratedTemplate bool `description:"Enable debug logging of generated configuration template." json:"debugLogGeneratedTemplate,omitempty" toml:"debugLogGeneratedTemplate,omitempty" yaml:"debugLogGeneratedTemplate,omitempty" export:"true"`