diff --git a/.github/workflows/check_doc.yml b/.github/workflows/check_doc.yml new file mode 100644 index 000000000..68c736255 --- /dev/null +++ b/.github/workflows/check_doc.yml @@ -0,0 +1,20 @@ +name: Check Documentation + +on: + pull_request: + +jobs: + + docs: + name: Check, verify and build documentation + runs-on: ubuntu-latest + + steps: + + - name: Check out code + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Check documentation + run: make docs-pull-images docs diff --git a/.golangci.toml b/.golangci.toml index a6527dc33..4ce89734e 100644 --- a/.golangci.toml +++ b/.golangci.toml @@ -67,6 +67,7 @@ "scopelint", # Deprecated "interfacer", # Deprecated "maligned", # Deprecated + "golint", # Deprecated "sqlclosecheck", # Not relevant (SQL) "rowserrcheck", # Not relevant (SQL) "lll", # Not relevant @@ -97,6 +98,7 @@ "unparam", # Too strict "godox", # Too strict "forcetypeassert", # Too strict + "tagliatelle", # Not compatible with current tags. ] [issues] diff --git a/.travis.yml b/.travis.yml index 6a42550c2..e6531917a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,7 +16,6 @@ env: script: - echo "Skipping tests... (Tests are executed on SemaphoreCI)" -- if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then travis_retry make docs-pull-images && make docs; fi before_deploy: - > diff --git a/CHANGELOG.md b/CHANGELOG.md index cc160ba9d..3fd11ed9d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,39 @@ +## [v2.4.9](https://github.com/traefik/traefik/tree/v2.4.9) (2021-06-21) +[All Commits](https://github.com/traefik/traefik/compare/v2.4.8...v2.4.9) + +**Bug fixes:** +- **[acme]** Update go-acme/lego to v4.4.0 ([#8179](https://github.com/traefik/traefik/pull/8179) by [ldez](https://github.com/ldez)) +- **[acme]** Fix: ACME preferred chain. ([#8146](https://github.com/traefik/traefik/pull/8146) by [ldez](https://github.com/ldez)) +- **[k8s,k8s/gatewayapi]** Remove error when HTTProutes is empty ([#8023](https://github.com/traefik/traefik/pull/8023) by [tomMoulard](https://github.com/tomMoulard)) +- **[k8s,k8s/ingress]** Fix incorrect behaviour with multi-port endpoint subsets ([#8156](https://github.com/traefik/traefik/pull/8156) by [coufalja](https://github.com/coufalja)) +- **[k8s,k8s/ingress]** Kubernetes ingress provider to search via all endpoints ([#7997](https://github.com/traefik/traefik/pull/7997) by [martinvizvary](https://github.com/martinvizvary)) +- **[plugins,windows]** Fix plugin unzip call on windows ([#8136](https://github.com/traefik/traefik/pull/8136) by [ddtmachado](https://github.com/ddtmachado)) +- **[plugins]** Update Yaegi to v0.9.17 ([#8100](https://github.com/traefik/traefik/pull/8100) by [ldez](https://github.com/ldez)) +- **[provider]** Bump paerser to v0.1.4 ([#8116](https://github.com/traefik/traefik/pull/8116) by [ldez](https://github.com/ldez)) +- **[server]** Create buffered signals channel ([#8190](https://github.com/traefik/traefik/pull/8190) by [dtomcej](https://github.com/dtomcej)) +- **[server]** Fix: use defaultEntryPoints when no entryPoint is defined in a TCPRouter ([#8111](https://github.com/traefik/traefik/pull/8111) by [LandryBe](https://github.com/LandryBe)) +- **[tls]** Use a dynamic buffer to handle client Hello SNI detection ([#8194](https://github.com/traefik/traefik/pull/8194) by [ldez](https://github.com/ldez)) +- **[tracing]** Error span on 5xx only ([#8033](https://github.com/traefik/traefik/pull/8033) by [kevtainer](https://github.com/kevtainer)) + +**Documentation:** +- **[k8s,k8s/crd]** Fix ingressRouteTCP external name service examples in documentation ([#8120](https://github.com/traefik/traefik/pull/8120) by [rtribotte](https://github.com/rtribotte)) +- **[k8s,k8s/gatewayapi]** Fix Kubernetes Gateway API documentation links ([#8063](https://github.com/traefik/traefik/pull/8063) by [jbdoumenjou](https://github.com/jbdoumenjou)) +- **[k8s,k8s/gatewayapi]** Fix: k8s gateway api link ([#8085](https://github.com/traefik/traefik/pull/8085) by [tomMoulard](https://github.com/tomMoulard)) +- **[k8s,k8s/gatewayapi]** Fix the "values" field in the example of httproute ([#8192](https://github.com/traefik/traefik/pull/8192) by [maelvls](https://github.com/maelvls)) +- **[k8s/crd]** Fix ServersTransport documentation ([#8019](https://github.com/traefik/traefik/pull/8019) by [tomMoulard](https://github.com/tomMoulard)) +- **[k8s]** Correct annotation option ([#8031](https://github.com/traefik/traefik/pull/8031) by [cbergmann](https://github.com/cbergmann)) +- **[metrics]** Add metrics documentation ([#8007](https://github.com/traefik/traefik/pull/8007) by [rtribotte](https://github.com/rtribotte)) +- **[middleware]** Docs: add examples for removing headers ([#8030](https://github.com/traefik/traefik/pull/8030) by [SuperSandro2000](https://github.com/SuperSandro2000)) +- **[middleware]** Doc: clarify usage for ratelimit's excludedIPs ([#8072](https://github.com/traefik/traefik/pull/8072) by [mpl](https://github.com/mpl)) +- **[middleware]** Elaborate on possible use of status codes with the errors middleware ([#8176](https://github.com/traefik/traefik/pull/8176) by [Midnighter](https://github.com/Midnighter)) +- **[middleware]** Doc: fix a syntax error in ratelimit TOML configuration sample ([#8101](https://github.com/traefik/traefik/pull/8101) by [mvertes](https://github.com/mvertes)) +- **[pilot]** Docs: add pilot dashboard flag to static configuration file reference ([#8152](https://github.com/traefik/traefik/pull/8152) by [danshilm](https://github.com/danshilm)) +- Adding Maintainers Guidelines ([#8168](https://github.com/traefik/traefik/pull/8168) by [jakubhajek](https://github.com/jakubhajek)) +- Explains Traefik HTTP response status codes ([#8170](https://github.com/traefik/traefik/pull/8170) by [rtribotte](https://github.com/rtribotte)) +- Doc: typo fix ([#8026](https://github.com/traefik/traefik/pull/8026) by [mpl](https://github.com/mpl)) +- Adding formatting to the document. ([#8180](https://github.com/traefik/traefik/pull/8180) by [jakubhajek](https://github.com/jakubhajek)) +- Changing default file format for the snippets from TOML to YAML ([#8193](https://github.com/traefik/traefik/pull/8193) by [tomMoulard](https://github.com/tomMoulard)) + ## [v2.4.8](https://github.com/traefik/traefik/tree/v2.4.8) (2021-03-22) [All Commits](https://github.com/traefik/traefik/compare/v2.4.7...v2.4.8) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 767c6de93..7b1c8c7d1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,4 +1,9 @@ # Contributing -- https://doc.traefik.io/traefik/contributing/submitting-pull-requests/ -- https://doc.traefik.io/traefik/contributing/submitting-issues/ +Here are some guidelines that should help to start contributing to the project. + +- [Submitting pull Requests](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md) +- [Submitting issues](https://doc.traefik.io/traefik/contributing/submitting-issues/) +- [Submitting security issues](docs/content/contributing/submitting-security-issues.md) + +If you are willing to become a maintainer of the project, please take a look at the [maintainers guidelines](docs/content/contributing/maintainers-guidelines.md). diff --git a/README.md b/README.md index 5008675f7..120806bc8 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,6 @@ [![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik) [![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://doc.traefik.io/traefik) [![Go Report Card](https://goreportcard.com/badge/traefik/traefik)](https://goreportcard.com/report/traefik/traefik) -[![](https://images.microbadger.com/badges/image/traefik.svg)](https://microbadger.com/images/traefik) [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/traefik/traefik/blob/master/LICENSE.md) [![Join the community support forum at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/) [![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik) @@ -126,7 +125,10 @@ You can find high level and deep dive videos on [videos.traefik.io](https://vide ## Maintainers -[Information about process and maintainers](docs/content/contributing/maintainers.md) +We are strongly promoting a philosophy of openness and sharing, and firmly standing against the elitist closed approach. Being part of the core team should be accessible to anyone who is motivated and want to be part of that journey! +This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the core team as well as various responsibilities and guidelines for Traefik maintainers. +You can also find more information on our process to review pull requests and manage issues [in this document](docs/content/contributing/maintainers.md). + ## Contributing diff --git a/build.Dockerfile b/build.Dockerfile index 763808618..4c34406e7 100644 --- a/build.Dockerfile +++ b/build.Dockerfile @@ -19,7 +19,7 @@ RUN mkdir -p /usr/local/bin \ && chmod +x /usr/local/bin/go-bindata # Download golangci-lint binary to bin folder in $GOPATH -RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.39.0 +RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.41.1 # Download misspell binary to bin folder in $GOPATH RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4 diff --git a/cmd/context.go b/cmd/context.go deleted file mode 100644 index 867cb3f72..000000000 --- a/cmd/context.go +++ /dev/null @@ -1,20 +0,0 @@ -package cmd - -import ( - "context" - "os" - "os/signal" - "syscall" -) - -// ContextWithSignal creates a context canceled when SIGINT or SIGTERM are notified. -func ContextWithSignal(ctx context.Context) context.Context { - newCtx, cancel := context.WithCancel(ctx) - signals := make(chan os.Signal) - signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM) - go func() { - <-signals - cancel() - }() - return newCtx -} diff --git a/cmd/traefik/traefik.go b/cmd/traefik/traefik.go index 274716cc1..4ebe82068 100644 --- a/cmd/traefik/traefik.go +++ b/cmd/traefik/traefik.go @@ -8,9 +8,11 @@ import ( stdlog "log" "net/http" "os" + "os/signal" "path/filepath" "sort" "strings" + "syscall" "time" "github.com/coreos/go-systemd/daemon" @@ -122,7 +124,7 @@ func runCmd(staticConfiguration *static.Configuration) error { return err } - ctx := cmd.ContextWithSignal(context.Background()) + ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM) if staticConfiguration.Experimental != nil && staticConfiguration.Experimental.DevPlugin != nil { var cancel context.CancelFunc diff --git a/docs/check.Dockerfile b/docs/check.Dockerfile index b4df613f1..925a9ae4d 100644 --- a/docs/check.Dockerfile +++ b/docs/check.Dockerfile @@ -24,8 +24,8 @@ RUN apk --no-cache --no-progress add \ RUN npm config set unsafe-perm true RUN npm install --global \ - markdownlint@0.17.2 \ - markdownlint-cli@0.19.0 + markdownlint@0.22.0 \ + markdownlint-cli@0.26.0 # Finally the shell tools we need for later # tini helps to terminate properly all the parallelized tasks when sending CTRL-C diff --git a/docs/content/assets/img/maintainers-guidelines.png b/docs/content/assets/img/maintainers-guidelines.png new file mode 100644 index 000000000..300a6e30d Binary files /dev/null and b/docs/content/assets/img/maintainers-guidelines.png differ diff --git a/docs/content/contributing/data-collection.md b/docs/content/contributing/data-collection.md index 0f8e6078b..c230a23e7 100644 --- a/docs/content/contributing/data-collection.md +++ b/docs/content/contributing/data-collection.md @@ -9,19 +9,19 @@ Understanding how you use Traefik is very important to us: it helps us improve t For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases. !!! example "Enabling Data Collection" - - ```toml tab="File (TOML)" - [global] - # Send anonymous usage data - sendAnonymousUsage = true - ``` - + ```yaml tab="File (YAML)" global: # Send anonymous usage data sendAnonymousUsage: true ``` - + + ```toml tab="File (TOML)" + [global] + # Send anonymous usage data + sendAnonymousUsage = true + ``` + ```bash tab="CLI" # Send anonymous usage data --global.sendAnonymousUsage @@ -45,49 +45,51 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col - an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed). !!! info - + - We do not collect the dynamic configuration information (routers & services). - We do not collect this data to run advertising programs. - We do not sell this data to third-parties. ### Example of Collected Data -```toml tab="Original configuration" -[entryPoints] - [entryPoints.web] - address = ":80" +```yaml tab="Original configuration" +entryPoints: + web: + address: ":80" -[api] +api: {} -[providers.docker] - endpoint = "tcp://10.10.10.10:2375" - exposedByDefault = true - swarmMode = true +providers: + docker: + endpoint: "tcp://10.10.10.10:2375" + exposedByDefault: true + swarmMode: true - [providers.docker.TLS] - ca = "dockerCA" - cert = "dockerCert" - key = "dockerKey" - insecureSkipVerify = true + tls: + ca: dockerCA + cert: dockerCert + key: dockerKey + insecureSkipVerify: true ``` -```toml tab="Resulting Obfuscated Configuration" -[entryPoints] - [entryPoints.web] - address = ":80" +```yaml tab="Resulting Obfuscated Configuration" +entryPoints: + web: + address: ":80" -[api] +api: {} -[providers.docker] - endpoint = "xxxx" - exposedByDefault = true - swarmMode = true +providers: + docker: + endpoint: "xxxx" + exposedByDefault: true + swarmMode: true - [providers.docker.TLS] - ca = "xxxx" - cert = "xxxx" - key = "xxxx" - insecureSkipVerify = true + tls: + ca: xxxx + cert: xxxx + key: xxxx + insecureSkipVerify: true ``` ## The Code for Data Collection diff --git a/docs/content/contributing/documentation.md b/docs/content/contributing/documentation.md index 6b3e0316c..5b2fb80ea 100644 --- a/docs/content/contributing/documentation.md +++ b/docs/content/contributing/documentation.md @@ -14,10 +14,10 @@ This [documentation](https://doc.traefik.io/traefik/) is built with [mkdocs](htt ### Method 1: `Docker` and `make` -You can build the documentation and test it locally (with live reloading), using the `docs` target: +You can build the documentation and test it locally (with live reloading), using the `docs-serve` target: ```bash -$ make docs +$ make docs-serve docker build -t traefik-docs -f docs.Dockerfile . # […] docker run --rm -v /home/user/go/github/traefik/traefik:/mkdocs -p 8000:8000 traefik-docs mkdocs serve @@ -82,17 +82,19 @@ Running ["HtmlCheck", "ImageCheck", "ScriptCheck", "LinkCheck"] on /app/site/bas !!! note "Clean & Verify" - If you've made changes to the documentation, it's safter to clean it before verifying it. + If you've made changes to the documentation, it's safter to clean it before verifying it. ```bash - $ make docs-clean docs-verify + $ make docs ... ``` + Will perform all necessary steps for you. + !!! note "Disabling Documentation Verification" Verification can be disabled by setting the environment variable `DOCS_VERIFY_SKIP` to `true`: - + ```shell DOCS_VERIFY_SKIP=true make docs-verify ... diff --git a/docs/content/contributing/maintainers-guidelines.md b/docs/content/contributing/maintainers-guidelines.md new file mode 100644 index 000000000..3c7fc3cdd --- /dev/null +++ b/docs/content/contributing/maintainers-guidelines.md @@ -0,0 +1,129 @@ +# The Maintainers Guidelines + +![Maintainers Guidelines](../assets/img/maintainers-guidelines.png) + +Note: the document is a work in progress. + +Welcome to the Traefik Community. +This document describes how to be part of the core team +as well as various responsibilities +and guidelines for Traefik maintainers. +We are strongly promoting a philosophy of openness and sharing, +and firmly standing against the elitist closed approach. +Being part of the core team should be accessible to anyone motivated +and wants to be part of that journey! + +## Onboarding process + +If you consider joining our community please drop us a line using Twitter or leave a note in the issue. +We will schedule a quick call to meet you and learn more about your motivation. +During the call, the team will discuss the process of becoming a maintainer. +We will be happy to answer any questions and explain all your doubts. + +## Maintainers requirements + +Note: you do not have to meet all the listed requirements, +but must have achieved several. + +- Enabled [2FA](https://docs.github.com/en/github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on your Github account +- The contributor has opened and successfully run medium to large PR’s in the past 6 months. +- The contributor has participated in multiple code reviews of other PR’s, + including those of other maintainers and contributors. +- The contributor showed a consistent pattern of helpful, non-threatening, and friendly behavior towards other community members in the past. +- The contributor is active on Traefik Community forums + or other technical forums/boards such as K8S slack, Reddit, StackOverflow, hacker news. +- Have read and accepted the contributor guidelines. + +## Maintainers responsibilities and privileges + +There are lots of areas where you can contribute to the project, +but we can suggest you start with activities such as: + +- PR reviewing. + - According to our guidelines we require you have at least 3 reviewers, + thus you can review a PR and leave the relevant comment if it is necessary. +- Participating in a daily [issue triage](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md). + - The process helps to understand and prioritize the reported issue according to its importance and severity. + This is crucial to learn how our users implement Traefik. + Each of the issues that are labeled as bug/possible bug/confirmed requires a reproducible use case. + You can help in creating a reproducible use case if it has not been added to the issue + or use the sample code provided by the reporter. + Typically, a simple docker compose should be enough to reproduce the issue. +- Code contribution. +- Documentation contribution. + - Technical documentation is one of the most important components of the product. + The ability to set up a testing environment in a few minutes, + using the official documentation, + is a game changer. +- You will be listed on our Maintainers Github page + as well as on our website in the section [maintainers](maintainers.md). +- We will be promoting you on social channels (mostly on Twitter). + +## Governance + +- Roadmap meetings on a regular basis where all maintainers are welcome. + +## Communicating + +- All of our maintainers are added to Slack #traefik-maintainers channel that belongs to Traefik labs workspace. + Having the team in one place helps us to communicate effectively. + You can reach Traefik core developers directly, + which offers the possibility to discuss issues, pull requests, enhancements more efficiently + and get the feedback almost immediately. + Fewer blockers mean more fun and engaging work. + +- On a daily basis, we publish a report that includes all the activities performed during the day. + You are updated in regard to the workload that has been processed including: + working on the new features and enhancements, + activities related to the reported issues and PR’s, + other important project-related announcements. + +- At 5:00 PM CET every day we review all the created issues that have been reported, + assign them the appropriate *[labels](maintainers.md#labels)* + and prioritize them based on the severity of the problem. + The process is called *[issue triaging](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)*. + Each of the maintainers is welcome to join the meeting. + For that purpose, we use a dedicated Discord server + where you are invited once you have become the official maintainer. + +## Maintainers Activity + +In order to keep the core team efficient and dynamic, +maintainers' activity and involvement will be reviewed on a regular basis. + +- Has the maintainer engaged with the team and the community by meeting two or more of these benchmarks in the past six months? + - Has the maintainer participated in at least two or three maintainer meetings? + - Substantial review of at least one or two PRs from either contributors or maintainers. + - Opened at least one or two bug fixes or feature request PRs + that were eventually merged (or on a trajectory for merge). + - Substantial participation in the Help Wanted program (answered questions, helped identify issues, applied guidelines from the Help Wanted guide to open issues). + - Substantial participation with the community in general. + +- Has the maintainer shown a consistent pattern of helpful, + non-threatening, + and friendly behavior towards other people on the maintainer team and with our community? + +## Additional comments for (not only) maintainers + +- Be able to put yourself in users’ shoes. +- Be open-minded and respectful with other maintainers and other community members. +- Keep the communication public - + if anyone tries to communicate with you directly, + ask him politely to move the conversation to a public communication channel. +- Stay away from defensive comments. +- Please try to express your thoughts clearly enough + and note that some of us are not native English speakers. + Try to rephrase your sentences, avoiding mental shortcuts; + none of us is able to predict your thoughts. +- There are a lot of use cases of using Traefik + and even more issues that are difficult to reproduce. + If the issue can’t be replicated due to a lack of reproducible case (a simple docker compose should be enough) - + set your time limits while working on the issue + and express clearly that you were not able to replicate it. + You can come back later to that case. +- Be proactive. +- Emoji are fine, + but if you express yourself clearly enough they are not necessary. + They will not replace good communication. +- Embrace mentorship. +- Keep in mind that we all have the same intent to improve the project. diff --git a/docs/content/contributing/maintainers.md b/docs/content/contributing/maintainers.md index b31613686..e6406ac63 100644 --- a/docs/content/contributing/maintainers.md +++ b/docs/content/contributing/maintainers.md @@ -20,6 +20,10 @@ * Kevin Pollet [@kevinpollet](https://github.com/kevinpollet) * Harold Ozouf [@jspdown](https://github.com/jspdown) +## Maintainers guidelines + +Please read the [maintainers guidelines](maintainers-guidelines.md) + ## Issue Triage Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide). diff --git a/docs/content/getting-started/configuration-overview.md b/docs/content/getting-started/configuration-overview.md index 51bcb69a3..425e2a74d 100644 --- a/docs/content/getting-started/configuration-overview.md +++ b/docs/content/getting-started/configuration-overview.md @@ -13,13 +13,13 @@ Configuration in Traefik can refer to two different things: Elements in the _static configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often). The _dynamic configuration_ contains everything that defines how the requests are handled by your system. -This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss. +This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss. !!! warning "Incompatible Configuration" Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. If you are running v2, please ensure you are using a v2 configuration. -## The Dynamic Configuration +## The Dynamic Configuration Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file. @@ -28,11 +28,11 @@ Since this configuration is specific to your infrastructure choices, we invite y !!! info "" In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers. - + !!! info "HTTPS Certificates also belong to the dynamic configuration." - - You can add / update / remove them without restarting your Traefik instance. - + + You can add / update / remove them without restarting your Traefik instance. + ## The Static Configuration There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define static configuration options in Traefik: @@ -45,13 +45,13 @@ These ways are evaluated in the order listed above. If no value was provided for a given option, a default value applies. Moreover, if an option has sub-options, and any of these sub-options is not specified, a default value will apply as well. - + For example, the `--providers.docker` option is enough by itself to enable the docker provider, even though sub-options like `--providers.docker.endpoint` exist. Once positioned, this option sets (and resets) all the default values of the sub-options of `--providers.docker`. - + ### Configuration File -At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` or `traefik.yaml`) in: +At startup, Traefik searches for a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in: - `/etc/traefik/` - `$XDG_CONFIG_HOME/` @@ -61,7 +61,7 @@ At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` o You can override this using the `configFile` argument. ```bash -traefik --configFile=foo/bar/myconfigfile.toml +traefik --configFile=foo/bar/myconfigfile.yml ``` ### Arguments diff --git a/docs/content/getting-started/faq.md b/docs/content/getting-started/faq.md new file mode 100644 index 000000000..66ae963af --- /dev/null +++ b/docs/content/getting-started/faq.md @@ -0,0 +1,126 @@ +# FAQ + +## Why is Traefik Answering `XXX` HTTP Response Status Code? + +Traefik is a dynamic reverse proxy, +and while the documentation often demonstrates configuration options through file examples, +the core feature of Traefik is its dynamic configurability, +directly reacting to changes from providers over time. + +Notably, a part of the configuration is [static](../configuration-overview/#the-static-configuration), +and can be provided by a file on startup, whereas various providers, +such as the file provider, +contribute dynamically all along the traefik instance lifetime to its [dynamic configuration](../configuration-overview/#the-dynamic-configuration) changes. + +In addition, the configuration englobes concepts such as the EntryPoint which can be seen as a listener on the Transport Layer (TCP), +as apposed to the Router which is more about the Presentation (TLS) and Application layers (HTTP). +And there can be as many routers as one wishes for a given EntryPoint. + +In other words, for a given Entrypoint, +at any given time the traffic seen is not bound to be just about one protocol. +It could be HTTP, or otherwise. Over TLS, or not. +Not to mention that dynamic configuration changes potentially make that kind of traffic vary over time. + +Therefore, in this dynamic context, +the static configuration of an `entryPoint` does not give any hint whatsoever about how the traffic going through that `entryPoint` is going to be routed. +Or whether it's even going to be routed at all, +i.e. whether there is a Router matching the kind of traffic going through it. + +### `404 Not found` + +Traefik returns a `404` response code in the following situations: + +- A request reaching an EntryPoint that has no Routers +- An HTTP request reaching an EntryPoint that has no HTTP Router +- An HTTPS request reaching an EntryPoint that has no HTTPS Router +- A request reaching an EntryPoint that has HTTP/HTTPS Routers that cannot be matched + +From Traefik's point of view, +every time a request cannot be matched with a router the correct response code is a `404 Not found`. + +In this situation, the response code is not a `503 Service Unavailable` +because Traefik is not able to confirm that the lack of a matching router for a request is only temporary. +Traefik's routing configuration is dynamic and aggregated from different providers, +hence it's not possible to assume at any moment that a specific route should be handled or not. + +??? info "This behavior is consistent with rfc7231" + + ```txt + The server is currently unable to handle the request due to a + temporary overloading or maintenance of the server. The implication + is that this is a temporary condition which will be alleviated after + some delay. If known, the length of the delay MAY be indicated in a + Retry-After header. If no Retry-After is given, the client SHOULD + handle the response as it would for a 500 response. + + Note: The existence of the 503 status code does not imply that a + server must use it when becoming overloaded. Some servers may wish + to simply refuse the connection. + ``` + + Extract from [rfc7231#section-6.6.4](https://datatracker.ietf.org/doc/html/rfc7231#section-6.6.4). + +### `502 Bad Gateway` + +Traefik returns a `502` response code when an error happens while contacting the upstream service. + +### `503 Service Unavailable` + +Traefik returns a `503` response code when a Router has been matched +but there are no servers ready to handle the request. + +This situation is encountered when a service has been explicitly configured without servers, +or when a service has healthcheck enabled and all servers are unhealthy. + +### `XXX` Instead of `404` + +Sometimes, the `404` response code doesn't play well with other parties or services (such as CDNs). + +In these situations, you may want Traefik to always reply with a `503` response code, +instead of a `404` response code. + +To achieve this behavior, a simple catchall router, +with the lowest possible priority and routing to a service without servers, +can handle all the requests when no other router has been matched. + +The example below is a file provider only version (`yaml`) of what this configuration could look like: + +```yaml tab="Static configuration" +# traefik.yml + +entrypoints: + web: + address: :80 + +providers: + file: + filename: dynamic.yaml +``` + +```yaml tab="Dynamic configuration" +# dynamic.yaml + +http: + routers: + catchall: + # attached only to web entryPoint + entryPoints: + - "web" + # catchall rule + rule: "PathPrefix(`/`)" + service: unavailable + # lowest possible priority + # evaluated when no other router is matched + priority: 1 + + services: + # Service that will always answer a 503 Service Unavailable response + unavailable: + loadBalancer: + servers: {} +``` + +!!! info "Dedicated service" + If there is a need for a response code other than a `503` and/or a custom message, + the principle of the above example above (a catchall router) still stands, + but the `unavailable` service should be adapted to fit such a need. diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md index c2948a591..8a5aef403 100644 --- a/docs/content/getting-started/install-traefik.md +++ b/docs/content/getting-started/install-traefik.md @@ -11,12 +11,12 @@ You can install Traefik with the following flavors: Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file: -* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml) * [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.yml) +* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.4/traefik.sample.toml) ```bash docker run -d -p 8080:8080 -p 80:80 \ - -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.4 + -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.4 ``` For more details, go to the [Docker provider documentation](../providers/docker.md) @@ -31,8 +31,8 @@ For more details, go to the [Docker provider documentation](../providers/docker. ## Use the Helm Chart !!! warning - - The Traefik Chart from + + The Traefik Chart from [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7). Traefik can be installed in Kubernetes using the Helm chart from . @@ -61,7 +61,7 @@ helm install traefik traefik/traefik ``` !!! tip "Helm Features" - + All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported. For instance, installing the chart in a dedicated namespace: @@ -73,30 +73,30 @@ helm install traefik traefik/traefik ``` ??? example "Installing with Custom Values" - + You can customize the installation by specifying custom values, as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). {: #helm-custom-values } - + The values are not (yet) documented, but are self-explanatory: you can look at the [default `values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities. - + You can also set Traefik command line flags using `additionalArguments`. Example of installation with logging set to `DEBUG`: - + ```bash tab="Using Helm CLI" helm install --namespace=traefik-v2 \ --set="additionalArguments={--log.level=DEBUG}" \ traefik traefik/traefik ``` - + ```yml tab="With a custom values file" # File custom-values.yml ## Install with "helm install --values=./custom-values.yml traefik traefik/traefik additionalArguments: - "--log.level=DEBUG" ``` - + ### Exposing the Traefik dashboard This HelmChart does not expose the Traefik dashboard by default, for security concerns. diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index 37bb65d82..0383d0fd3 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -13,7 +13,7 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom ## Certificate Resolvers -Traefik requires you to define "Certificate Resolvers" in the [static configuration](../getting-started/configuration-overview.md#the-static-configuration), +Traefik requires you to define "Certificate Resolvers" in the [static configuration](../getting-started/configuration-overview.md#the-static-configuration), which are responsible for retrieving certificates from an ACME server. Then, each ["router"](../routing/routers/index.md) is configured to enable TLS, @@ -26,33 +26,33 @@ You can read more about this retrieval mechanism in the following section: [ACME !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it." ??? note "Configuration Reference" - + There are many available options for ACME. For a quick glance at what's possible, browse the configuration reference: - - ```toml tab="File (TOML)" - --8<-- "content/https/ref-acme.toml" - ``` - + ```yaml tab="File (YAML)" --8<-- "content/https/ref-acme.yaml" ``` - + + ```toml tab="File (TOML)" + --8<-- "content/https/ref-acme.toml" + ``` + ```bash tab="CLI" --8<-- "content/https/ref-acme.txt" ``` ## Domain Definition -Certificate resolvers request certificates for a set of the domain names +Certificate resolvers request certificates for a set of the domain names inferred from routers, with the following logic: - If the router has a [`tls.domains`](../routing/routers/index.md#domains) option set, then the certificate resolver uses the `main` (and optionally `sans`) option of `tls.domains` to know the domain names for this router. -- If no [`tls.domains`](../routing/routers/index.md#domains) option is set, - then the certificate resolver uses the [router's rule](../routing/routers/index.md#rule), - by checking the `Host()` matchers. +- If no [`tls.domains`](../routing/routers/index.md#domains) option is set, + then the certificate resolver uses the [router's rule](../routing/routers/index.md#rule), + by checking the `Host()` matchers. Please note that [multiple `Host()` matchers can be used](../routing/routers/index.md#certresolver)) for specifying multiple domain names for this router. Please note that: @@ -69,31 +69,15 @@ Please check the [configuration examples below](#configuration-examples) for mor ## Configuration Examples ??? example "Enabling ACME" - - ```toml tab="File (TOML)" - [entryPoints] - [entryPoints.web] - address = ":80" - - [entryPoints.websecure] - address = ":443" - - [certificatesResolvers.myresolver.acme] - email = "your-email@example.com" - storage = "acme.json" - [certificatesResolvers.myresolver.acme.httpChallenge] - # used during the challenge - entryPoint = "web" - ``` - + ```yaml tab="File (YAML)" entryPoints: web: address: ":80" - + websecure: address: ":443" - + certificatesResolvers: myresolver: acme: @@ -103,7 +87,23 @@ Please check the [configuration examples below](#configuration-examples) for mor # used during the challenge entryPoint: web ``` - + + ```toml tab="File (TOML)" + [entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.websecure] + address = ":443" + + [certificatesResolvers.myresolver.acme] + email = "your-email@example.com" + storage = "acme.json" + [certificatesResolvers.myresolver.acme.httpChallenge] + # used during the challenge + entryPoint = "web" + ``` + ```bash tab="CLI" --entrypoints.web.address=:80 --entrypoints.websecure.address=:443 @@ -117,23 +117,23 @@ Please check the [configuration examples below](#configuration-examples) for mor !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it." ??? example "Single Domain from Router's Rule Example" - + * A certificate for the domain `example.com` is requested: --8<-- "content/https/include-acme-single-domain-example.md" ??? example "Multiple Domains from Router's Rule Example" - + * A certificate for the domains `example.com` (main) and `blog.example.org` is requested: - + --8<-- "content/https/include-acme-multiple-domains-from-rule-example.md" - + ??? example "Multiple Domains from Router's `tls.domain` Example" * A certificate for the domains `example.com` (main) and `*.example.org` (SAN) is requested: - + --8<-- "content/https/include-acme-multiple-domains-example.md" ## Automatic Renewals @@ -165,12 +165,6 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry ??? example "Configuring the `tlsChallenge`" - ```toml tab="File (TOML)" - [certificatesResolvers.myresolver.acme] - # ... - [certificatesResolvers.myresolver.acme.tlsChallenge] - ``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -178,7 +172,13 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry # ... tlsChallenge: {} ``` - + + ```toml tab="File (TOML)" + [certificatesResolvers.myresolver.acme] + # ... + [certificatesResolvers.myresolver.acme.tlsChallenge] + ``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.tlschallenge=true @@ -193,28 +193,14 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc ??? example "Using an EntryPoint Called web for the `httpChallenge`" - ```toml tab="File (TOML)" - [entryPoints] - [entryPoints.web] - address = ":80" - - [entryPoints.websecure] - address = ":443" - - [certificatesResolvers.myresolver.acme] - # ... - [certificatesResolvers.myresolver.acme.httpChallenge] - entryPoint = "web" - ``` - ```yaml tab="File (YAML)" entryPoints: web: address: ":80" - + websecure: address: ":443" - + certificatesResolvers: myresolver: acme: @@ -222,7 +208,21 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc httpChallenge: entryPoint: web ``` - + + ```toml tab="File (TOML)" + [entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.websecure] + address = ":443" + + [certificatesResolvers.myresolver.acme] + # ... + [certificatesResolvers.myresolver.acme.httpChallenge] + entryPoint = "web" + ``` + ```bash tab="CLI" --entrypoints.web.address=:80 --entrypoints.websecure.address=:443 @@ -239,15 +239,6 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni ??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider" - ```toml tab="File (TOML)" - [certificatesResolvers.myresolver.acme] - # ... - [certificatesResolvers.myresolver.acme.dnsChallenge] - provider = "digitalocean" - delayBeforeCheck = 0 - # ... - ``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -258,7 +249,16 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni delayBeforeCheck: 0 # ... ``` - + + ```toml tab="File (TOML)" + [certificatesResolvers.myresolver.acme] + # ... + [certificatesResolvers.myresolver.acme.dnsChallenge] + provider = "digitalocean" + delayBeforeCheck = 0 + # ... + ``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean @@ -270,7 +270,7 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni A `provider` is mandatory. #### `providers` - + Here is a list of supported `providers`, that can automate the DNS verification, along with the required environment variables and their [wildcard & root domain support](#wildcard-domains). Do not hesitate to complete it. @@ -323,6 +323,7 @@ For complete details, refer to your provider's _Additional configuration_ link. | HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) | | [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) | | [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) | +| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) | | [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) | | [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) | | [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) | @@ -347,6 +348,7 @@ For complete details, refer to your provider's _Additional configuration_ link. | [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) | | [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) | | [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) | +| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) | | [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) | | [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) | | [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) | @@ -357,12 +359,16 @@ For complete details, refer to your provider's _Additional configuration_ link. | [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) | | [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) | | [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) | +| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) | +| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) | | [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) | | [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) | | [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) | | [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) | +| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) | | [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) | | [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) | +| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) | | [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) | | [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) | | [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) | @@ -382,14 +388,6 @@ For complete details, refer to your provider's _Additional configuration_ link. Use custom DNS servers to resolve the FQDN authority. -```toml tab="File (TOML)" -[certificatesResolvers.myresolver.acme] - # ... - [certificatesResolvers.myresolver.acme.dnsChallenge] - # ... - resolvers = ["1.1.1.1:53", "8.8.8.8:53"] -``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -402,6 +400,14 @@ certificatesResolvers: - "8.8.8.8:53" ``` +```toml tab="File (TOML)" +[certificatesResolvers.myresolver.acme] + # ... + [certificatesResolvers.myresolver.acme.dnsChallenge] + # ... + resolvers = ["1.1.1.1:53", "8.8.8.8:53"] +``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53 @@ -417,14 +423,6 @@ As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/stagi - `kid`: Key identifier from External CA - `hmacEncoded`: HMAC key from External CA, should be in Base64 URL Encoding without padding format -```toml tab="File (TOML)" -[certificatesResolvers.myresolver.acme] - # ... - [certificatesResolvers.myresolver.acme.eab] - kid = "abc-keyID-xyz" - hmacEncoded = "abc-hmac-xyz" -``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -435,6 +433,14 @@ certificatesResolvers: hmacEncoded: abc-hmac-xyz ``` +```toml tab="File (TOML)" +[certificatesResolvers.myresolver.acme] + # ... + [certificatesResolvers.myresolver.acme.eab] + kid = "abc-keyID-xyz" + hmacEncoded = "abc-hmac-xyz" +``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.eab.kid=abc-keyID-xyz @@ -454,13 +460,6 @@ The CA server to use: ??? example "Using the Let's Encrypt staging server" - ```toml tab="File (TOML)" - [certificatesResolvers.myresolver.acme] - # ... - caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" - # ... - ``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -470,6 +469,13 @@ The CA server to use: # ... ``` + ```toml tab="File (TOML)" + [certificatesResolvers.myresolver.acme] + # ... + caServer = "https://acme-staging-v02.api.letsencrypt.org/directory" + # ... + ``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory @@ -482,13 +488,6 @@ _Required, Default="acme.json"_ The `storage` option sets the location where your ACME certificates are saved to. -```toml tab="File (TOML)" -[certificatesResolvers.myresolver.acme] - # ... - storage = "acme.json" - # ... -``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -498,6 +497,13 @@ certificatesResolvers: # ... ``` +```toml tab="File (TOML)" +[certificatesResolvers.myresolver.acme] + # ... + storage = "acme.json" + # ... +``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.storage=acme.json @@ -528,13 +534,6 @@ Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. -```toml tab="File (TOML)" -[certificatesResolvers.myresolver.acme] - # ... - preferredChain = "ISRG Root X1" - # ... -``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -544,6 +543,13 @@ certificatesResolvers: # ... ``` +```toml tab="File (TOML)" +[certificatesResolvers.myresolver.acme] + # ... + preferredChain = "ISRG Root X1" + # ... +``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1" @@ -556,13 +562,6 @@ _Optional, Default="RSA4096"_ KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. -```toml tab="File (TOML)" -[certificatesResolvers.myresolver.acme] - # ... - keyType = "RSA4096" - # ... -``` - ```yaml tab="File (YAML)" certificatesResolvers: myresolver: @@ -572,6 +571,13 @@ certificatesResolvers: # ... ``` +```toml tab="File (TOML)" +[certificatesResolvers.myresolver.acme] + # ... + keyType = "RSA4096" + # ... +``` + ```bash tab="CLI" # ... --certificatesresolvers.myresolver.acme.keyType="RSA4096" diff --git a/docs/content/https/include-acme-multiple-domains-example.md b/docs/content/https/include-acme-multiple-domains-example.md index 7fbeb9e06..8107eb24f 100644 --- a/docs/content/https/include-acme-multiple-domains-example.md +++ b/docs/content/https/include-acme-multiple-domains-example.md @@ -64,18 +64,6 @@ labels: - traefik.http.routers.blog.tls.domains[0].sans=*.example.org ``` -```toml tab="File (TOML)" -## Dynamic configuration -[http.routers] - [http.routers.blog] - rule = "Host(`example.com`) && Path(`/blog`)" - [http.routers.blog.tls] - certResolver = "myresolver" # From static configuration - [[http.routers.blog.tls.domains]] - main = "example.org" - sans = ["*.example.org"] -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -89,3 +77,15 @@ http: sans: - "*.example.org" ``` + +```toml tab="File (TOML)" +## Dynamic configuration +[http.routers] + [http.routers.blog] + rule = "Host(`example.com`) && Path(`/blog`)" + [http.routers.blog.tls] + certResolver = "myresolver" # From static configuration + [[http.routers.blog.tls.domains]] + main = "example.org" + sans = ["*.example.org"] +``` diff --git a/docs/content/https/include-acme-multiple-domains-from-rule-example.md b/docs/content/https/include-acme-multiple-domains-from-rule-example.md index 4bf9b23c4..01252360b 100644 --- a/docs/content/https/include-acme-multiple-domains-from-rule-example.md +++ b/docs/content/https/include-acme-multiple-domains-from-rule-example.md @@ -52,15 +52,6 @@ labels: - traefik.http.routers.blog.tls.certresolver=myresolver ``` -```toml tab="File (TOML)" -## Dynamic configuration -[http.routers] - [http.routers.blog] - rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)" - [http.routers.blog.tls] - certResolver = "myresolver" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -70,3 +61,12 @@ http: tls: certResolver: myresolver ``` + +```toml tab="File (TOML)" +## Dynamic configuration +[http.routers] + [http.routers.blog] + rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)" + [http.routers.blog.tls] + certResolver = "myresolver" +``` diff --git a/docs/content/https/include-acme-single-domain-example.md b/docs/content/https/include-acme-single-domain-example.md index e3aea2309..30bfa9229 100644 --- a/docs/content/https/include-acme-single-domain-example.md +++ b/docs/content/https/include-acme-single-domain-example.md @@ -52,15 +52,6 @@ labels: - traefik.http.routers.blog.tls.certresolver=myresolver ``` -```toml tab="File (TOML)" -## Dynamic configuration -[http.routers] - [http.routers.blog] - rule = "Host(`example.com`) && Path(`/blog`)" - [http.routers.blog.tls] - certResolver = "myresolver" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -70,3 +61,12 @@ http: tls: certResolver: myresolver ``` + +```toml tab="File (TOML)" +## Dynamic configuration +[http.routers] + [http.routers.blog] + rule = "Host(`example.com`) && Path(`/blog`)" + [http.routers.blog.tls] + certResolver = "myresolver" +``` diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index 8740a5719..ae3584b8b 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -13,18 +13,6 @@ See the [Let's Encrypt](./acme.md) page. To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section: -```toml tab="File (TOML)" -# Dynamic configuration - -[[tls.certificates]] - certFile = "/path/to/domain.cert" - keyFile = "/path/to/domain.key" - -[[tls.certificates]] - certFile = "/path/to/other-domain.cert" - keyFile = "/path/to/other-domain.key" -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -36,23 +24,28 @@ tls: keyFile: /path/to/other-domain.key ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[[tls.certificates]] + certFile = "/path/to/domain.cert" + keyFile = "/path/to/domain.key" + +[[tls.certificates]] + certFile = "/path/to/other-domain.cert" + keyFile = "/path/to/other-domain.key" +``` + !!! important "Restriction" In the above example, we've used the [file provider](../providers/file.md) to handle these definitions. It is the only available method to configure the certificates (as well as the options and the stores). - However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/). + However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/). ## Certificates Stores In Traefik, certificates are grouped together in certificates stores, which are defined as such: -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.stores] - [tls.stores.default] -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -61,6 +54,13 @@ tls: default: {} ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.stores] + [tls.stores.default] +``` + !!! important "Restriction" Any store definition other than the default one (named `default`) will be ignored, @@ -68,21 +68,6 @@ tls: In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored: -```toml tab="File (TOML)" -# Dynamic configuration - -[[tls.certificates]] - certFile = "/path/to/domain.cert" - keyFile = "/path/to/domain.key" - stores = ["default"] - -[[tls.certificates]] - # Note that since no store is defined, - # the certificate below will be stored in the `default` store. - certFile = "/path/to/other-domain.cert" - keyFile = "/path/to/other-domain.key" -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -98,6 +83,21 @@ tls: keyFile: /path/to/other-domain.key ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[[tls.certificates]] + certFile = "/path/to/domain.cert" + keyFile = "/path/to/domain.key" + stores = ["default"] + +[[tls.certificates]] + # Note that since no store is defined, + # the certificate below will be stored in the `default` store. + certFile = "/path/to/other-domain.cert" + keyFile = "/path/to/other-domain.key" +``` + !!! important "Restriction" The `stores` list will actually be ignored and automatically set to `["default"]`. @@ -107,16 +107,6 @@ tls: Traefik can use a default certificate for connections without a SNI, or without a matching domain. This default certificate should be defined in a TLS store: -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.stores] - [tls.stores.default] - [tls.stores.default.defaultCertificate] - certFile = "path/to/cert.crt" - keyFile = "path/to/cert.key" -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -128,6 +118,16 @@ tls: keyFile: path/to/cert.key ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.stores] + [tls.stores.default] + [tls.stores.default.defaultCertificate] + certFile = "path/to/cert.crt" + keyFile = "path/to/cert.key" +``` + If no default certificate is provided, Traefik generates and uses a self-signed certificate. ## TLS Options @@ -155,18 +155,6 @@ The TLS options allow one to configure some parameters of the TLS connection. ### Minimum TLS Version -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.options] - - [tls.options.default] - minVersion = "VersionTLS12" - - [tls.options.mintls13] - minVersion = "VersionTLS13" -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -179,6 +167,18 @@ tls: minVersion: VersionTLS13 ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.options] + + [tls.options.default] + minVersion = "VersionTLS12" + + [tls.options.mintls13] + minVersion = "VersionTLS13" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption @@ -206,18 +206,6 @@ We discourage the use of this setting to disable TLS1.3. The recommended approach is to update the clients to support TLS1.3. -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.options] - - [tls.options.default] - maxVersion = "VersionTLS13" - - [tls.options.maxtls12] - maxVersion = "VersionTLS12" -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -230,6 +218,18 @@ tls: maxVersion: VersionTLS12 ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.options] + + [tls.options.default] + maxVersion = "VersionTLS13" + + [tls.options.maxtls12] + maxVersion = "VersionTLS12" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption @@ -255,16 +255,6 @@ spec: See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information. -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.options] - [tls.options.default] - cipherSuites = [ - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - ] -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -275,6 +265,16 @@ tls: - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.options] + [tls.options.default] + cipherSuites = [ + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" + ] +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption @@ -301,14 +301,6 @@ The names of the curves defined by [`crypto`](https://godoc.org/crypto/tls#Curve See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information. -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.options] - [tls.options.default] - curvePreferences = ["CurveP521", "CurveP384"] -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -320,6 +312,14 @@ tls: - CurveP384 ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.options] + [tls.options.default] + curvePreferences = ["CurveP521", "CurveP384"] +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption @@ -338,14 +338,6 @@ spec: With strict SNI checking enabled, Traefik won't allow connections from clients that do not specify a server_name extension or don't match any certificate configured on the tlsOption. -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.options] - [tls.options.default] - sniStrict = true -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -355,6 +347,14 @@ tls: sniStrict: true ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.options] + [tls.options.default] + sniStrict = true +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption @@ -371,14 +371,6 @@ spec: This option allows the server to choose its most preferred cipher suite instead of the client's. Please note that this is enabled automatically when `minVersion` or `maxVersion` are set. -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.options] - [tls.options.default] - preferServerCipherSuites = true -``` - ```yaml tab="File (YAML)" # Dynamic configuration @@ -388,6 +380,14 @@ tls: preferServerCipherSuites: true ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.options] + [tls.options.default] + preferServerCipherSuites = true +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption @@ -404,25 +404,14 @@ spec: Traefik supports mutual authentication, through the `clientAuth` section. For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`. - + The `clientAuth.clientAuthType` option governs the behaviour as follows: - `NoClientCert`: disregards any client certificate. - `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided. - `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`. - `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate. -- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`. - -```toml tab="File (TOML)" -# Dynamic configuration - -[tls.options] - [tls.options.default] - [tls.options.default.clientAuth] - # in PEM format. each file can contain multiple CAs. - caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"] - clientAuthType = "RequireAndVerifyClientCert" -``` +- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`. ```yaml tab="File (YAML)" # Dynamic configuration @@ -438,6 +427,17 @@ tls: clientAuthType: RequireAndVerifyClientCert ``` +```toml tab="File (TOML)" +# Dynamic configuration + +[tls.options] + [tls.options.default] + [tls.options.default.clientAuth] + # in PEM format. each file can contain multiple CAs. + caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"] + clientAuthType = "RequireAndVerifyClientCert" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption diff --git a/docs/content/middlewares/http/addprefix.md b/docs/content/middlewares/http/addprefix.md index 53b2b47d7..5e888785c 100644 --- a/docs/content/middlewares/http/addprefix.md +++ b/docs/content/middlewares/http/addprefix.md @@ -1,9 +1,9 @@ # Add Prefix -Prefixing the Path +Prefixing the Path {: .subtitle } -![AddPrefix](../../assets/img/middleware/addprefix.png) +![AddPrefix](../../assets/img/middleware/addprefix.png) The AddPrefix middleware updates the path of a request before forwarding it. @@ -43,13 +43,6 @@ labels: - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo" ``` -```toml tab="File (TOML)" -# Prefixing with /foo -[http.middlewares] - [http.middlewares.add-foo.addPrefix] - prefix = "/foo" -``` - ```yaml tab="File (YAML)" # Prefixing with /foo http: @@ -59,6 +52,13 @@ http: prefix: "/foo" ``` +```toml tab="File (TOML)" +# Prefixing with /foo +[http.middlewares] + [http.middlewares.add-foo.addPrefix] + prefix = "/foo" +``` + ## Configuration Options ### `prefix` diff --git a/docs/content/middlewares/http/basicauth.md b/docs/content/middlewares/http/basicauth.md index c1fd92cbb..e207a238b 100644 --- a/docs/content/middlewares/http/basicauth.md +++ b/docs/content/middlewares/http/basicauth.md @@ -48,16 +48,6 @@ labels: - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` -```toml tab="File (TOML)" -# Declaring the user list -[http.middlewares] - [http.middlewares.test-auth.basicAuth] - users = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", - ] -``` - ```yaml tab="File (YAML)" # Declaring the user list http: @@ -65,17 +55,27 @@ http: test-auth: basicAuth: users: - - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` +```toml tab="File (TOML)" +# Declaring the user list +[http.middlewares] + [http.middlewares.test-auth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] +``` + ## Configuration Options ### General Passwords must be hashed using MD5, SHA1, or BCrypt. -!!! tip +!!! tip Use `htpasswd` to generate the passwords. @@ -84,7 +84,7 @@ Passwords must be hashed using MD5, SHA1, or BCrypt. The `users` option is an array of authorized users. Each user must be declared using the `name:hashed-password` format. !!! note "" - + - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`. - For security reasons, the field `users` doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. @@ -142,16 +142,6 @@ labels: - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` -```toml tab="File (TOML)" -# Declaring the user list -[http.middlewares] - [http.middlewares.test-auth.basicAuth] - users = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", - ] -``` - ```yaml tab="File (YAML)" # Declaring the user list http: @@ -159,10 +149,20 @@ http: test-auth: basicAuth: users: - - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` +```toml tab="File (TOML)" +# Declaring the user list +[http.middlewares] + [http.middlewares.test-auth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] +``` + ### `usersFile` The `usersFile` option is the path to an external file that contains the authorized users for the middleware. @@ -170,9 +170,9 @@ The `usersFile` option is the path to an external file that contains the authori The file content is a list of `name:hashed-password`. !!! note "" - + - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`. - - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. + - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. ```yaml tab="Docker" labels: @@ -216,12 +216,6 @@ labels: - "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.basicAuth] - usersFile = "/path/to/my/usersfile" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -230,6 +224,12 @@ http: usersFile: "/path/to/my/usersfile" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.basicAuth] + usersFile = "/path/to/my/usersfile" +``` + ??? example "A file containing test/test and test2/test2" ```txt @@ -239,7 +239,7 @@ http: ### `realm` -You can customize the realm for the authentication with the `realm` option. The default value is `traefik`. +You can customize the realm for the authentication with the `realm` option. The default value is `traefik`. ```yaml tab="Docker" labels: @@ -271,12 +271,6 @@ labels: - "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.basicAuth] - realm = "MyRealm" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -285,6 +279,12 @@ http: realm: "MyRealm" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.basicAuth] + realm = "MyRealm" +``` + ### `headerField` You can define a header field to store the authenticated user using the `headerField`option. @@ -315,12 +315,6 @@ spec: } ``` -```toml tab="File (TOML)" -[http.middlewares.my-auth.basicAuth] - # ... - headerField = "X-WebAuth-User" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -330,6 +324,12 @@ http: headerField: "X-WebAuth-User" ``` +```toml tab="File (TOML)" +[http.middlewares.my-auth.basicAuth] + # ... + headerField = "X-WebAuth-User" +``` + ### `removeHeader` Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.) @@ -364,12 +364,6 @@ labels: - "traefik.http.middlewares.test-auth.basicauth.removeheader=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.basicAuth] - removeHeader = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -377,3 +371,9 @@ http: basicAuth: removeHeader: true ``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.basicAuth] + removeHeader = true +``` diff --git a/docs/content/middlewares/http/buffering.md b/docs/content/middlewares/http/buffering.md index 5a5d81503..ebf25b4be 100644 --- a/docs/content/middlewares/http/buffering.md +++ b/docs/content/middlewares/http/buffering.md @@ -47,13 +47,6 @@ labels: - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" ``` -```toml tab="File (TOML)" -# Sets the maximum request body to 2MB -[http.middlewares] - [http.middlewares.limit.buffering] - maxRequestBodyBytes = 2000000 -``` - ```yaml tab="File (YAML)" # Sets the maximum request body to 2MB http: @@ -63,6 +56,13 @@ http: maxRequestBodyBytes: 2000000 ``` +```toml tab="File (TOML)" +# Sets the maximum request body to 2MB +[http.middlewares] + [http.middlewares.limit.buffering] + maxRequestBodyBytes = 2000000 +``` + ## Configuration Options ### `maxRequestBodyBytes` @@ -101,12 +101,6 @@ labels: - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.limit.buffering] - maxRequestBodyBytes = 2000000 -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -115,6 +109,12 @@ http: maxRequestBodyBytes: 2000000 ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.limit.buffering] + maxRequestBodyBytes = 2000000 +``` + ### `memRequestBodyBytes` You can configure a threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option. @@ -149,12 +149,6 @@ labels: - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.limit.buffering] - memRequestBodyBytes = 2000000 -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -163,6 +157,12 @@ http: memRequestBodyBytes: 2000000 ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.limit.buffering] + memRequestBodyBytes = 2000000 +``` + ### `maxResponseBodyBytes` The `maxResponseBodyBytes` option configures the maximum allowed response size from the service (in bytes). @@ -199,12 +199,6 @@ labels: - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.limit.buffering] - maxResponseBodyBytes = 2000000 -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -213,6 +207,12 @@ http: maxResponseBodyBytes: 2000000 ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.limit.buffering] + maxResponseBodyBytes = 2000000 +``` + ### `memResponseBodyBytes` You can configure a threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option. @@ -247,12 +247,6 @@ labels: - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.limit.buffering] - memResponseBodyBytes = 2000000 -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -261,17 +255,23 @@ http: memResponseBodyBytes: 2000000 ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.limit.buffering] + memResponseBodyBytes = 2000000 +``` + ### `retryExpression` You can have the Buffering middleware replay the request using `retryExpression`. ??? example "Retries once in the case of a network error" - + ```yaml tab="Docker" labels: - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" ``` - + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: Middleware @@ -281,28 +281,22 @@ You can have the Buffering middleware replay the request using `retryExpression` buffering: retryExpression: "IsNetworkError() && Attempts() < 2" ``` - + ```yaml tab="Consul Catalog" - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" ``` - + ```json tab="Marathon" "labels": { "traefik.http.middlewares.limit.buffering.retryExpression": "IsNetworkError() && Attempts() < 2" } ``` - + ```yaml tab="Rancher" labels: - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2" ``` - - ```toml tab="File (TOML)" - [http.middlewares] - [http.middlewares.limit.buffering] - retryExpression = "IsNetworkError() && Attempts() < 2" - ``` - + ```yaml tab="File (YAML)" http: middlewares: @@ -311,6 +305,12 @@ You can have the Buffering middleware replay the request using `retryExpression` retryExpression: "IsNetworkError() && Attempts() < 2" ``` + ```toml tab="File (TOML)" + [http.middlewares] + [http.middlewares.limit.buffering] + retryExpression = "IsNetworkError() && Attempts() < 2" + ``` + The retry expression is defined as a logical combination of the functions below with the operators AND (`&&`) and OR (`||`). At least one function is required: - `Attempts()` number of attempts (the first one counts) diff --git a/docs/content/middlewares/http/chain.md b/docs/content/middlewares/http/chain.md index 1eee6220e..ff61d18ee 100644 --- a/docs/content/middlewares/http/chain.md +++ b/docs/content/middlewares/http/chain.md @@ -117,34 +117,6 @@ labels: - "traefik.http.services.service1.loadbalancer.server.port=80" ``` -```toml tab="File (TOML)" -# ... -[http.routers] - [http.routers.router1] - service = "service1" - middlewares = ["secured"] - rule = "Host(`mydomain`)" - -[http.middlewares] - [http.middlewares.secured.chain] - middlewares = ["https-only", "known-ips", "auth-users"] - - [http.middlewares.auth-users.basicAuth] - users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"] - - [http.middlewares.https-only.redirectScheme] - scheme = "https" - - [http.middlewares.known-ips.ipWhiteList] - sourceRange = ["192.168.1.7", "127.0.0.1/32"] - -[http.services] - [http.services.service1] - [http.services.service1.loadBalancer] - [[http.services.service1.loadBalancer.servers]] - url = "http://127.0.0.1:80" -``` - ```yaml tab="File (YAML)" # ... http: @@ -184,3 +156,31 @@ http: servers: - url: "http://127.0.0.1:80" ``` + +```toml tab="File (TOML)" +# ... +[http.routers] + [http.routers.router1] + service = "service1" + middlewares = ["secured"] + rule = "Host(`mydomain`)" + +[http.middlewares] + [http.middlewares.secured.chain] + middlewares = ["https-only", "known-ips", "auth-users"] + + [http.middlewares.auth-users.basicAuth] + users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"] + + [http.middlewares.https-only.redirectScheme] + scheme = "https" + + [http.middlewares.known-ips.ipWhiteList] + sourceRange = ["192.168.1.7", "127.0.0.1/32"] + +[http.services] + [http.services.service1] + [http.services.service1.loadBalancer] + [[http.services.service1.loadBalancer.servers]] + url = "http://127.0.0.1:80" +``` diff --git a/docs/content/middlewares/http/circuitbreaker.md b/docs/content/middlewares/http/circuitbreaker.md index 031087286..daa3c5a0c 100644 --- a/docs/content/middlewares/http/circuitbreaker.md +++ b/docs/content/middlewares/http/circuitbreaker.md @@ -59,13 +59,6 @@ labels: - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100" ``` -```toml tab="File (TOML)" -# Latency Check -[http.middlewares] - [http.middlewares.latency-check.circuitBreaker] - expression = "LatencyAtQuantileMS(50.0) > 100" -``` - ```yaml tab="File (YAML)" # Latency Check http: @@ -75,6 +68,13 @@ http: expression: "LatencyAtQuantileMS(50.0) > 100" ``` +```toml tab="File (TOML)" +# Latency Check +[http.middlewares] + [http.middlewares.latency-check.circuitBreaker] + expression = "LatencyAtQuantileMS(50.0) > 100" +``` + ## Possible States There are three possible states for your circuit breaker: diff --git a/docs/content/middlewares/http/compress.md b/docs/content/middlewares/http/compress.md index 3314c7332..ea3c8d621 100644 --- a/docs/content/middlewares/http/compress.md +++ b/docs/content/middlewares/http/compress.md @@ -42,12 +42,6 @@ labels: - "traefik.http.middlewares.test-compress.compress=true" ``` -```toml tab="File (TOML)" -# Enable gzip compression -[http.middlewares] - [http.middlewares.test-compress.compress] -``` - ```yaml tab="File (YAML)" # Enable gzip compression http: @@ -56,6 +50,12 @@ http: compress: {} ``` +```toml tab="File (TOML)" +# Enable gzip compression +[http.middlewares] + [http.middlewares.test-compress.compress] +``` + !!! info Responses are compressed when the following criteria are all met: @@ -108,12 +108,6 @@ labels: - "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-compress.compress] - excludedContentTypes = ["text/event-stream"] -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -122,3 +116,9 @@ http: excludedContentTypes: - text/event-stream ``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-compress.compress] + excludedContentTypes = ["text/event-stream"] +``` diff --git a/docs/content/middlewares/http/contenttype.md b/docs/content/middlewares/http/contenttype.md index 941384882..2d738759c 100644 --- a/docs/content/middlewares/http/contenttype.md +++ b/docs/content/middlewares/http/contenttype.md @@ -1,4 +1,3 @@ - # ContentType Handling Content-Type auto-detection @@ -62,13 +61,6 @@ labels: - "traefik.http.middlewares.autodetect.contenttype.autodetect=false" ``` -```toml tab="File (TOML)" -# Disable auto-detection -[http.middlewares] - [http.middlewares.autodetect.contentType] - autoDetect=false -``` - ```yaml tab="File (YAML)" # Disable auto-detection http: @@ -78,6 +70,13 @@ http: autoDetect: false ``` +```toml tab="File (TOML)" +# Disable auto-detection +[http.middlewares] + [http.middlewares.autodetect.contentType] + autoDetect=false +``` + ## Configuration Options ### `autoDetect` diff --git a/docs/content/middlewares/http/digestauth.md b/docs/content/middlewares/http/digestauth.md index bb47e08ff..2a0904724 100644 --- a/docs/content/middlewares/http/digestauth.md +++ b/docs/content/middlewares/http/digestauth.md @@ -43,16 +43,6 @@ labels: - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` -```toml tab="File (TOML)" -# Declaring the user list -[http.middlewares] - [http.middlewares.test-auth.digestAuth] - users = [ - "test:traefik:a2688e031edb4be6a3797f3882655c05", - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e", - ] -``` - ```yaml tab="File (YAML)" # Declaring the user list http: @@ -64,6 +54,16 @@ http: - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` +```toml tab="File (TOML)" +# Declaring the user list +[http.middlewares] + [http.middlewares.test-auth.digestAuth] + users = [ + "test:traefik:a2688e031edb4be6a3797f3882655c05", + "test2:traefik:518845800f9e2bfb1f1f740ec24f074e", + ] +``` + ## Configuration Options !!! tip @@ -120,15 +120,6 @@ labels: - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.digestAuth] - users = [ - "test:traefik:a2688e031edb4be6a3797f3882655c05", - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e", - ] -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -139,6 +130,15 @@ http: - "test2:traefik:518845800f9e2bfb1f1f740ec24f074e" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.digestAuth] + users = [ + "test:traefik:a2688e031edb4be6a3797f3882655c05", + "test2:traefik:518845800f9e2bfb1f1f740ec24f074e", + ] +``` + ### `usersFile` The `usersFile` option is the path to an external file that contains the authorized users for the middleware. @@ -148,7 +148,7 @@ The file content is a list of `name:realm:encoded-password`. !!! note "" - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`. - - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. + - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead. ```yaml tab="Docker" labels: @@ -192,12 +192,6 @@ labels: - "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.digestAuth] - usersFile = "/path/to/my/usersfile" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -206,6 +200,12 @@ http: usersFile: "/path/to/my/usersfile" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.digestAuth] + usersFile = "/path/to/my/usersfile" +``` + ??? example "A file containing test/test and test2/test2" ```txt @@ -247,12 +247,6 @@ labels: - "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.digestAuth] - realm = "MyRealm" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -261,6 +255,12 @@ http: realm: "MyRealm" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.digestAuth] + realm = "MyRealm" +``` + ### `headerField` You can customize the header field for the authenticated user using the `headerField`option. @@ -296,12 +296,6 @@ labels: - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User" ``` -```toml tab="File (TOML)" -[http.middlewares.my-auth.digestAuth] - # ... - headerField = "X-WebAuth-User" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -311,6 +305,12 @@ http: headerField: "X-WebAuth-User" ``` +```toml tab="File (TOML)" +[http.middlewares.my-auth.digestAuth] + # ... + headerField = "X-WebAuth-User" +``` + ### `removeHeader` Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.) @@ -345,12 +345,6 @@ labels: - "traefik.http.middlewares.test-auth.digestauth.removeheader=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.digestAuth] - removeHeader = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -358,3 +352,9 @@ http: digestAuth: removeHeader: true ``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.digestAuth] + removeHeader = true +``` diff --git a/docs/content/middlewares/http/errorpages.md b/docs/content/middlewares/http/errorpages.md index f892b79bd..0e825dd73 100644 --- a/docs/content/middlewares/http/errorpages.md +++ b/docs/content/middlewares/http/errorpages.md @@ -58,18 +58,6 @@ labels: - "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html" ``` -```toml tab="File (TOML)" -# Custom Error Page for 5XX -[http.middlewares] - [http.middlewares.test-errorpage.errors] - status = ["500-599"] - service = "serviceError" - query = "/{status}.html" - -[http.services] - # ... definition of error-handler-service and my-service -``` - ```yaml tab="File (YAML)" # Custom Error Page for 5XX http: @@ -81,6 +69,18 @@ http: service: serviceError query: "/{status}.html" + services: + # ... definition of error-handler-service and my-service +``` + +```toml tab="File (TOML)" +# Custom Error Page for 5XX +[http.middlewares] + [http.middlewares.test-errorpage.errors] + status = ["500-599"] + service = "serviceError" + query = "/{status}.html" + [http.services] # ... definition of error-handler-service and my-service ``` @@ -99,7 +99,10 @@ The status code ranges are inclusive (`500-599` will trigger with every code bet !!! note "" - You can define either a status code as a number (`500`) or ranges by separating two codes with a dash (`500-599`). + You can define either a status code as a number (`500`), + as multiple comma-separated numbers (`500,502`), + as ranges by separating two codes with a dash (`500-599`), + or a combination of the two (`404,418,500-599`). ### `service` diff --git a/docs/content/middlewares/http/forwardauth.md b/docs/content/middlewares/http/forwardauth.md index fc8d7ea37..3a453ff6f 100644 --- a/docs/content/middlewares/http/forwardauth.md +++ b/docs/content/middlewares/http/forwardauth.md @@ -45,13 +45,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth" ``` -```toml tab="File (TOML)" -# Forward authentication to example.com -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" -``` - ```yaml tab="File (YAML)" # Forward authentication to example.com http: @@ -61,6 +54,13 @@ http: address: "https://example.com/auth" ``` +```toml tab="File (TOML)" +# Forward authentication to example.com +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" +``` + ## Forward-Request Headers The following request properties are provided to the forward-auth target endpoint as `X-Forwarded-` headers. @@ -91,7 +91,7 @@ metadata: name: test-auth spec: forwardAuth: - address: https://example.com/auth + address: https://example.com/auth ``` ```yaml tab="Consul Catalog" @@ -109,12 +109,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -123,6 +117,12 @@ http: address: "https://example.com/auth" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" +``` + ### `trustForwardHeader` Set the `trustForwardHeader` option to `true` to trust all `X-Forwarded-*` headers. @@ -158,13 +158,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - trustForwardHeader = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -174,6 +167,13 @@ http: trustForwardHeader: true ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + trustForwardHeader = true +``` + ### `authResponseHeaders` The `authResponseHeaders` option is the list of headers to copy from the authentication server response and set on @@ -212,13 +212,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - authResponseHeaders = ["X-Auth-User", "X-Secret"] -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -230,6 +223,13 @@ http: - "X-Secret" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + authResponseHeaders = ["X-Auth-User", "X-Secret"] +``` + ### `authResponseHeadersRegex` The `authResponseHeadersRegex` option is the regex to match headers to copy from the authentication server response and @@ -268,13 +268,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - authResponseHeadersRegex = "^X-" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -284,6 +277,13 @@ http: authResponseHeadersRegex: "^X-" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + authResponseHeadersRegex = "^X-" +``` + ### `authRequestHeaders` The `authRequestHeaders` option is the list of the headers to copy from the request to the authentication server. @@ -323,13 +323,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - authRequestHeaders = "Accept,X-CustomHeader" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -341,6 +334,13 @@ http: - "X-CustomHeader" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + authRequestHeaders = "Accept,X-CustomHeader" +``` + ### `tls` The `tls` option is the TLS configuration from Traefik to the authentication server. @@ -392,14 +392,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - [http.middlewares.test-auth.forwardAuth.tls] - ca = "path/to/local.crt" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -410,6 +402,14 @@ http: ca: "path/to/local.crt" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + [http.middlewares.test-auth.forwardAuth.tls] + ca = "path/to/local.crt" +``` + #### `tls.caOptional` The value of `tls.caOptional` defines which policy should be used for the secure connection with TLS Client Authentication to the authentication server. @@ -454,14 +454,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - [http.middlewares.test-auth.forwardAuth.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -472,6 +464,14 @@ http: caOptional: true ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + [http.middlewares.test-auth.forwardAuth.tls] + caOptional = true +``` + #### `tls.cert` The public certificate used for the secure connection to the authentication server. @@ -523,15 +523,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - [http.middlewares.test-auth.forwardAuth.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -543,6 +534,15 @@ http: key: "path/to/foo.key" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + [http.middlewares.test-auth.forwardAuth.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + !!! info For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead. @@ -598,15 +598,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - [http.middlewares.test-auth.forwardAuth.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -618,6 +609,15 @@ http: key: "path/to/foo.key" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + [http.middlewares.test-auth.forwardAuth.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + !!! info For security reasons, the field does not exist for Kubernetes IngressRoute, and one should use the `secret` field instead. @@ -658,14 +658,6 @@ labels: - "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-auth.forwardAuth] - address = "https://example.com/auth" - [http.middlewares.test-auth.forwardAuth.tls] - insecureSkipVerify: true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -675,3 +667,11 @@ http: tls: insecureSkipVerify: true ``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-auth.forwardAuth] + address = "https://example.com/auth" + [http.middlewares.test-auth.forwardAuth.tls] + insecureSkipVerify: true +``` diff --git a/docs/content/middlewares/http/headers.md b/docs/content/middlewares/http/headers.md index 8878d2863..56821b321 100644 --- a/docs/content/middlewares/http/headers.md +++ b/docs/content/middlewares/http/headers.md @@ -50,15 +50,6 @@ labels: - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.testHeader.headers] - [http.middlewares.testHeader.headers.customRequestHeaders] - X-Script-Name = "test" - [http.middlewares.testHeader.headers.customResponseHeaders] - X-Custom-Response-Header = "value" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -70,6 +61,15 @@ http: X-Custom-Response-Header: "value" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.testHeader.headers] + [http.middlewares.testHeader.headers.customRequestHeaders] + X-Script-Name = "test" + [http.middlewares.testHeader.headers.customResponseHeaders] + X-Custom-Response-Header = "value" +``` + ### Adding and Removing Headers In the following example, requests are proxied with an extra `X-Script-Name` header while their `X-Custom-Request-Header` header gets stripped, @@ -78,6 +78,8 @@ and responses are stripped of their `X-Custom-Response-Header` header. ```yaml tab="Docker" labels: - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test" + - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header=" + - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=" ``` ```yaml tab="Kubernetes" @@ -96,27 +98,23 @@ spec: ```yaml tab="Consul Catalog" - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test" +- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header=" +- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=" ``` ```json tab="Marathon" "labels": { "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test", + "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header": "", + "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "", } ``` ```yaml tab="Rancher" labels: - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test" -``` - -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.testHeader.headers] - [http.middlewares.testHeader.headers.customRequestHeaders] - X-Script-Name = "test" # Adds - X-Custom-Request-Header = "" # Removes - [http.middlewares.testHeader.headers.customResponseHeaders] - X-Custom-Response-Header = "" # Removes + - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header=" + - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=" ``` ```yaml tab="File (YAML)" @@ -131,6 +129,16 @@ http: X-Custom-Response-Header: "" # Removes ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.testHeader.headers] + [http.middlewares.testHeader.headers.customRequestHeaders] + X-Script-Name = "test" # Adds + X-Custom-Request-Header = "" # Removes + [http.middlewares.testHeader.headers.customResponseHeaders] + X-Custom-Response-Header = "" # Removes +``` + ### Using Security Headers Security-related headers (HSTS headers, Browser XSS filter, etc) can be managed similarly to custom headers as shown above. @@ -171,13 +179,6 @@ labels: - "traefik.http.middlewares.testheader.headers.browserxssfilter=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.testHeader.headers] - frameDeny = true - browserxssfilter = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -187,6 +188,13 @@ http: browserxssfilter: true ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.testHeader.headers] + frameDeny = true + browserxssfilter = true +``` + ### CORS Headers CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above. @@ -242,15 +250,6 @@ labels: - "traefik.http.middlewares.testheader.headers.addvaryheader=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.testHeader.headers] - accessControlAllowMethods= ["GET", "OPTIONS", "PUT"] - accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"] - accessControlMaxAge = 100 - addVaryHeader = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -267,6 +266,15 @@ http: addVaryHeader: true ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.testHeader.headers] + accessControlAllowMethods= ["GET", "OPTIONS", "PUT"] + accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"] + accessControlMaxAge = 100 + addVaryHeader = true +``` + ## Configuration Options ### General diff --git a/docs/content/middlewares/http/inflightreq.md b/docs/content/middlewares/http/inflightreq.md index b47eb3aab..8095ccd15 100644 --- a/docs/content/middlewares/http/inflightreq.md +++ b/docs/content/middlewares/http/inflightreq.md @@ -41,13 +41,6 @@ labels: - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" ``` -```toml tab="File (TOML)" -# Limiting to 10 simultaneous connections -[http.middlewares] - [http.middlewares.test-inflightreq.inFlightReq] - amount = 10 -``` - ```yaml tab="File (YAML)" # Limiting to 10 simultaneous connections http: @@ -57,6 +50,13 @@ http: amount: 10 ``` +```toml tab="File (TOML)" +# Limiting to 10 simultaneous connections +[http.middlewares] + [http.middlewares.test-inflightreq.inFlightReq] + amount = 10 +``` + ## Configuration Options ### `amount` @@ -96,13 +96,6 @@ labels: - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10" ``` -```toml tab="File (TOML)" -# Limiting to 10 simultaneous connections -[http.middlewares] - [http.middlewares.test-inflightreq.inFlightReq] - amount = 10 -``` - ```yaml tab="File (YAML)" # Limiting to 10 simultaneous connections http: @@ -112,6 +105,13 @@ http: amount: 10 ``` +```toml tab="File (TOML)" +# Limiting to 10 simultaneous connections +[http.middlewares] + [http.middlewares.test-inflightreq.inFlightReq] + amount = 10 +``` + ### `sourceCriterion` The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source. @@ -171,13 +171,6 @@ labels: - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-inflightreq.inflightreq] - [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy] - depth = 2 -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -188,6 +181,13 @@ http: depth: 2 ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-inflightreq.inflightreq] + [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy] + depth = 2 +``` + ##### `ipStrategy.excludedIPs` `excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list. @@ -238,13 +238,6 @@ labels: - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-inflightreq.inflightreq] - [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy] - excludedIPs = ["127.0.0.1/32", "192.168.1.7"] -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -257,6 +250,13 @@ http: - "192.168.1.7" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-inflightreq.inflightreq] + [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy] + excludedIPs = ["127.0.0.1/32", "192.168.1.7"] +``` + #### `sourceCriterion.requestHeaderName` Name of the header used to group incoming requests. @@ -292,13 +292,6 @@ labels: - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-inflightreq.inflightreq] - [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion] - requestHeaderName = "username" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -308,6 +301,13 @@ http: requestHeaderName: username ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-inflightreq.inflightreq] + [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion] + requestHeaderName = "username" +``` + #### `sourceCriterion.requestHost` Whether to consider the request host as the source. @@ -343,13 +343,6 @@ labels: - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-inflightreq.inflightreq] - [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion] - requestHost = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -358,3 +351,10 @@ http: sourceCriterion: requestHost: true ``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-inflightreq.inflightreq] + [http.middlewares.test-inflightreq.inFlightReq.sourceCriterion] + requestHost = true +``` diff --git a/docs/content/middlewares/http/ipwhitelist.md b/docs/content/middlewares/http/ipwhitelist.md index 9fe9dda58..06effd476 100644 --- a/docs/content/middlewares/http/ipwhitelist.md +++ b/docs/content/middlewares/http/ipwhitelist.md @@ -44,13 +44,6 @@ labels: - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" ``` -```toml tab="File (TOML)" -# Accepts request from defined IP -[http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] - sourceRange = ["127.0.0.1/32", "192.168.1.7"] -``` - ```yaml tab="File (YAML)" # Accepts request from defined IP http: @@ -62,6 +55,13 @@ http: - "192.168.1.7" ``` +```toml tab="File (TOML)" +# Accepts request from defined IP +[http.middlewares] + [http.middlewares.test-ipwhitelist.ipWhiteList] + sourceRange = ["127.0.0.1/32", "192.168.1.7"] +``` + ## Configuration Options ### `sourceRange` @@ -131,15 +131,6 @@ labels: - "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2" ``` -```toml tab="File (TOML)" -# Whitelisting Based on `X-Forwarded-For` with `depth=2` -[http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] - sourceRange = ["127.0.0.1/32", "192.168.1.7"] - [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] - depth = 2 -``` - ```yaml tab="File (YAML)" # Whitelisting Based on `X-Forwarded-For` with `depth=2` http: @@ -153,6 +144,15 @@ http: depth: 2 ``` +```toml tab="File (TOML)" +# Whitelisting Based on `X-Forwarded-For` with `depth=2` +[http.middlewares] + [http.middlewares.test-ipwhitelist.ipWhiteList] + sourceRange = ["127.0.0.1/32", "192.168.1.7"] + [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] + depth = 2 +``` + #### `ipStrategy.excludedIPs` `excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list. @@ -206,14 +206,6 @@ labels: - "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` -```toml tab="File (TOML)" -# Exclude from `X-Forwarded-For` -[http.middlewares] - [http.middlewares.test-ipwhitelist.ipWhiteList] - [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] - excludedIPs = ["127.0.0.1/32", "192.168.1.7"] -``` - ```yaml tab="File (YAML)" # Exclude from `X-Forwarded-For` http: @@ -225,3 +217,11 @@ http: - "127.0.0.1/32" - "192.168.1.7" ``` + +```toml tab="File (TOML)" +# Exclude from `X-Forwarded-For` +[http.middlewares] + [http.middlewares.test-ipwhitelist.ipWhiteList] + [http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] + excludedIPs = ["127.0.0.1/32", "192.168.1.7"] +``` diff --git a/docs/content/middlewares/http/passtlsclientcert.md b/docs/content/middlewares/http/passtlsclientcert.md index 137422571..fa65553f6 100644 --- a/docs/content/middlewares/http/passtlsclientcert.md +++ b/docs/content/middlewares/http/passtlsclientcert.md @@ -46,13 +46,6 @@ labels: - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true" ``` -```toml tab="File (TOML)" -# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. -[http.middlewares] - [http.middlewares.test-passtlsclientcert.passTLSClientCert] - pem = true -``` - ```yaml tab="File (YAML)" # Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. http: @@ -62,6 +55,13 @@ http: pem: true ``` +```toml tab="File (TOML)" +# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header. +[http.middlewares] + [http.middlewares.test-passtlsclientcert.passTLSClientCert] + pem = true +``` + ??? example "Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header" ```yaml tab="Docker" @@ -182,32 +182,6 @@ http: - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true" ``` - ```toml tab="File (TOML)" - # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header - [http.middlewares] - [http.middlewares.test-passtlsclientcert.passTLSClientCert] - [http.middlewares.test-passtlsclientcert.passTLSClientCert.info] - notAfter = true - notBefore = true - sans = true - [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject] - country = true - province = true - locality = true - organization = true - commonName = true - serialNumber = true - domainComponent = true - [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer] - country = true - province = true - locality = true - organization = true - commonName = true - serialNumber = true - domainComponent = true - ``` - ```yaml tab="File (YAML)" # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header http: @@ -236,6 +210,32 @@ http: domainComponent: true ``` + ```toml tab="File (TOML)" + # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header + [http.middlewares] + [http.middlewares.test-passtlsclientcert.passTLSClientCert] + [http.middlewares.test-passtlsclientcert.passTLSClientCert.info] + notAfter = true + notBefore = true + sans = true + [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject] + country = true + province = true + locality = true + organization = true + commonName = true + serialNumber = true + domainComponent = true + [http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer] + country = true + province = true + locality = true + organization = true + commonName = true + serialNumber = true + domainComponent = true + ``` + ## Configuration Options ### General diff --git a/docs/content/middlewares/http/ratelimit.md b/docs/content/middlewares/http/ratelimit.md index 764a16555..8c382de10 100644 --- a/docs/content/middlewares/http/ratelimit.md +++ b/docs/content/middlewares/http/ratelimit.md @@ -50,15 +50,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50" ``` -```toml tab="File (TOML)" -# Here, an average of 100 requests per second is allowed. -# In addition, a burst of 50 requests is allowed. -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - average = 100 - burst = 50 -``` - ```yaml tab="File (YAML)" # Here, an average of 100 requests per second is allowed. # In addition, a burst of 50 requests is allowed. @@ -70,6 +61,15 @@ http: burst: 50 ``` +```toml tab="File (TOML)" +# Here, an average of 100 requests per second is allowed. +# In addition, a burst of 50 requests is allowed. +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + average = 100 + burst = 50 +``` + ## Configuration Options ### `average` @@ -114,13 +114,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100" ``` -```toml tab="File (TOML)" -# 100 reqs/s -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - average = 100 -``` - ```yaml tab="File (YAML)" # 100 reqs/s http: @@ -130,6 +123,13 @@ http: average: 100 ``` +```toml tab="File (TOML)" +# 100 reqs/s +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + average = 100 +``` + ### `period` `period`, in combination with `average`, defines the actual maximum rate, such as: @@ -179,14 +179,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m" ``` -```toml tab="File (TOML)" -# 6 reqs/minute -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - average = 6 - period = "1m" -``` - ```yaml tab="File (YAML)" # 6 reqs/minute http: @@ -197,6 +189,14 @@ http: period: 1m ``` +```toml tab="File (TOML)" +# 6 reqs/minute +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + average = 6 + period = "1m" +``` + ### `burst` `burst` is the maximum number of requests allowed to go through in the same arbitrarily small period of time. @@ -233,12 +233,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - burst = 100 -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -247,6 +241,12 @@ http: burst: 100 ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + burst = 100 +``` + ### `sourceCriterion` The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source. @@ -306,13 +306,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - [http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy] - depth = 2 -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -323,21 +316,55 @@ http: depth: 2 ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + [http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy] + depth = 2 +``` + ##### `ipStrategy.excludedIPs` -`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list. +!!! important "Contrary to what the name might suggest, this option is _not_ about excluding an IP from the rate limiter, and therefore cannot be used to deactivate rate limiting for some IPs." !!! important "If `depth` is specified, `excludedIPs` is ignored." -!!! example "Example of ExcludedIPs & X-Forwarded-For" +`excludedIPs` is meant to address two classes of somewhat distinct use-cases: - | `X-Forwarded-For` | `excludedIPs` | clientIP | - |-----------------------------------------|-----------------------|--------------| - | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` | - | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` | - | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` | - | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` | - | `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` | +1. Distinguish IPs which are behind the same (set of) reverse-proxies so that each of them contributes, independently to the others, + to its own rate-limit "bucket" (cf the [leaky bucket analogy](https://wikipedia.org/wiki/Leaky_bucket)). + In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For IPs` that are to be excluded, + in order to find the actual clientIP. + + !!! example "Each IP as a distinct source" + + | X-Forwarded-For | excludedIPs | clientIP | + |--------------------------------|-----------------------|--------------| + | `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` | + | `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` | + +2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source, + and all contribute to the same rate-limit bucket. + + !!! example "Group IPs together as same source" + + | X-Forwarded-For | excludedIPs | clientIP | + |--------------------------------|--------------|--------------| + | `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | + | `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | + | `"10.0.0.3,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | + +For completeness, below are additional examples to illustrate how the matching works. +For a given request the list of `X-Forwarded-For` IPs is checked from most recent to most distant against the `excludedIPs` pool, +and the first IP that is _not_ in the pool (if any) is returned. + +!!! example "Matching for clientIP" + + | X-Forwarded-For | excludedIPs | clientIP | + |--------------------------------|-----------------------|--------------| + | `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"11.0.0.1"` | `"13.0.0.1"` | + | `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` | + | `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` | ```yaml tab="Docker" labels: @@ -373,13 +400,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - [http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy] - excludedIPs = ["127.0.0.1/32", "192.168.1.7"] -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -392,6 +412,13 @@ http: - "192.168.1.7" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + [http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy] + excludedIPs = ["127.0.0.1/32", "192.168.1.7"] +``` + #### `sourceCriterion.requestHeaderName` Name of the header used to group incoming requests. @@ -427,13 +454,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - [http.middlewares.test-ratelimit.rateLimit.sourceCriterion] - requestHeaderName = "username" -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -443,6 +463,13 @@ http: requestHeaderName: username ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + [http.middlewares.test-ratelimit.rateLimit.sourceCriterion] + requestHeaderName = "username" +``` + #### `sourceCriterion.requestHost` Whether to consider the request host as the source. @@ -478,13 +505,6 @@ labels: - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-ratelimit.rateLimit] - [http.middlewares.test-ratelimit.rateLimit.sourceCriterion] - requestHost = true -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -493,3 +513,10 @@ http: sourceCriterion: requestHost: true ``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-ratelimit.rateLimit] + [http.middlewares.test-ratelimit.rateLimit.sourceCriterion] + requestHost = true +``` diff --git a/docs/content/middlewares/http/redirectregex.md b/docs/content/middlewares/http/redirectregex.md index 2fb3965aa..ecf3566b7 100644 --- a/docs/content/middlewares/http/redirectregex.md +++ b/docs/content/middlewares/http/redirectregex.md @@ -53,14 +53,6 @@ labels: - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}" ``` -```toml tab="File (TOML)" -# Redirect with domain replacement -[http.middlewares] - [http.middlewares.test-redirectregex.redirectRegex] - regex = "^http://localhost/(.*)" - replacement = "http://mydomain/${1}" -``` - ```yaml tab="File (YAML)" # Redirect with domain replacement http: @@ -71,6 +63,14 @@ http: replacement: "http://mydomain/${1}" ``` +```toml tab="File (TOML)" +# Redirect with domain replacement +[http.middlewares] + [http.middlewares.test-redirectregex.redirectRegex] + regex = "^http://localhost/(.*)" + replacement = "http://mydomain/${1}" +``` + ## Configuration Options !!! tip @@ -84,7 +84,7 @@ Set the `permanent` option to `true` to apply a permanent redirection. ### `regex` The `regex` option is the regular expression to match and capture elements from the request URL. - + ### `replacement` The `replacement` option defines how to modify the URL to have the new target URL. diff --git a/docs/content/middlewares/http/redirectscheme.md b/docs/content/middlewares/http/redirectscheme.md index 5c49bfb70..e53c98fbe 100644 --- a/docs/content/middlewares/http/redirectscheme.md +++ b/docs/content/middlewares/http/redirectscheme.md @@ -51,14 +51,6 @@ labels: - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true" ``` -```toml tab="File (TOML)" -# Redirect to https -[http.middlewares] - [http.middlewares.test-redirectscheme.redirectScheme] - scheme = "https" - permanent = true -``` - ```yaml tab="File (YAML)" # Redirect to https http: @@ -69,6 +61,14 @@ http: permanent: true ``` +```toml tab="File (TOML)" +# Redirect to https +[http.middlewares] + [http.middlewares.test-redirectscheme.redirectScheme] + scheme = "https" + permanent = true +``` + ## Configuration Options ### `permanent` @@ -115,14 +115,6 @@ labels: - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true" ``` -```toml tab="File (TOML)" -# Redirect to https -[http.middlewares] - [http.middlewares.test-redirectscheme.redirectScheme] - # ... - permanent = true -``` - ```yaml tab="File (YAML)" # Redirect to https http: @@ -133,6 +125,14 @@ http: permanent: true ``` +```toml tab="File (TOML)" +# Redirect to https +[http.middlewares] + [http.middlewares.test-redirectscheme.redirectScheme] + # ... + permanent = true +``` + ### `scheme` The `scheme` option defines the scheme of the new URL. @@ -172,13 +172,6 @@ labels: - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https" ``` -```toml tab="File (TOML)" -# Redirect to https -[http.middlewares] - [http.middlewares.test-redirectscheme.redirectScheme] - scheme = "https" -``` - ```yaml tab="File (YAML)" # Redirect to https http: @@ -188,6 +181,13 @@ http: scheme: https ``` +```toml tab="File (TOML)" +# Redirect to https +[http.middlewares] + [http.middlewares.test-redirectscheme.redirectScheme] + scheme = "https" +``` + ### `port` The `port` option defines the port of the new URL. @@ -232,14 +232,6 @@ labels: - "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443" ``` -```toml tab="File (TOML)" -# Redirect to https -[http.middlewares] - [http.middlewares.test-redirectscheme.redirectScheme] - # ... - port = 443 -``` - ```yaml tab="File (YAML)" # Redirect to https http: @@ -250,4 +242,12 @@ http: port: "443" ``` +```toml tab="File (TOML)" +# Redirect to https +[http.middlewares] + [http.middlewares.test-redirectscheme.redirectScheme] + # ... + port = 443 +``` + !!! info "Port in this configuration is a string, not a numeric value." diff --git a/docs/content/middlewares/http/replacepath.md b/docs/content/middlewares/http/replacepath.md index aad0d3bf2..7da144f1e 100644 --- a/docs/content/middlewares/http/replacepath.md +++ b/docs/content/middlewares/http/replacepath.md @@ -45,13 +45,6 @@ labels: - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo" ``` -```toml tab="File (TOML)" -# Replace the path with /foo -[http.middlewares] - [http.middlewares.test-replacepath.replacePath] - path = "/foo" -``` - ```yaml tab="File (YAML)" # Replace the path with /foo http: @@ -61,6 +54,13 @@ http: path: "/foo" ``` +```toml tab="File (TOML)" +# Replace the path with /foo +[http.middlewares] + [http.middlewares.test-replacepath.replacePath] + path = "/foo" +``` + ## Configuration Options ### General diff --git a/docs/content/middlewares/http/replacepathregex.md b/docs/content/middlewares/http/replacepathregex.md index 928691a79..329ceedd0 100644 --- a/docs/content/middlewares/http/replacepathregex.md +++ b/docs/content/middlewares/http/replacepathregex.md @@ -50,14 +50,6 @@ labels: - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1" ``` -```toml tab="File (TOML)" -# Replace path with regex -[http.middlewares] - [http.middlewares.test-replacepathregex.replacePathRegex] - regex = "^/foo/(.*)" - replacement = "/bar/$1" -``` - ```yaml tab="File (YAML)" # Replace path with regex http: @@ -68,6 +60,14 @@ http: replacement: "/bar/$1" ``` +```toml tab="File (TOML)" +# Replace path with regex +[http.middlewares] + [http.middlewares.test-replacepathregex.replacePathRegex] + regex = "^/foo/(.*)" + replacement = "/bar/$1" +``` + ## Configuration Options ### General @@ -84,7 +84,7 @@ The ReplacePathRegex middleware will: ### `regex` The `regex` option is the regular expression to match and capture the path from the request URL. - + ### `replacement` The `replacement` option defines the replacement path format, which can include captured variables. diff --git a/docs/content/middlewares/http/retry.md b/docs/content/middlewares/http/retry.md index 7f1a8fe0b..d5ef43c95 100644 --- a/docs/content/middlewares/http/retry.md +++ b/docs/content/middlewares/http/retry.md @@ -52,14 +52,6 @@ labels: - "traefik.http.middlewares.test-retry.retry.initialinterval=100ms" ``` -```toml tab="File (TOML)" -# Retry 4 times with exponential backoff -[http.middlewares] - [http.middlewares.test-retry.retry] - attempts = 4 - initialInterval = "100ms" -``` - ```yaml tab="File (YAML)" # Retry 4 times with exponential backoff http: @@ -70,6 +62,14 @@ http: initialInterval: 100ms ``` +```toml tab="File (TOML)" +# Retry 4 times with exponential backoff +[http.middlewares] + [http.middlewares.test-retry.retry] + attempts = 4 + initialInterval = "100ms" +``` + ## Configuration Options ### `attempts` diff --git a/docs/content/middlewares/http/stripprefix.md b/docs/content/middlewares/http/stripprefix.md index 0fa19a7ce..fc55fb444 100644 --- a/docs/content/middlewares/http/stripprefix.md +++ b/docs/content/middlewares/http/stripprefix.md @@ -47,13 +47,6 @@ labels: - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar" ``` -```toml tab="File (TOML)" -# Strip prefix /foobar and /fiibar -[http.middlewares] - [http.middlewares.test-stripprefix.stripPrefix] - prefixes = ["/foobar", "/fiibar"] -``` - ```yaml tab="File (YAML)" # Strip prefix /foobar and /fiibar http: @@ -65,6 +58,13 @@ http: - "/fiibar" ``` +```toml tab="File (TOML)" +# Strip prefix /foobar and /fiibar +[http.middlewares] + [http.middlewares.test-stripprefix.stripPrefix] + prefixes = ["/foobar", "/fiibar"] +``` + ## Configuration Options ### General @@ -149,13 +149,6 @@ labels: - "traefik.http.middlewares.example.stripprefix.forceSlash=false" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.example.stripPrefix] - prefixes = ["/foobar"] - forceSlash = false -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -165,3 +158,10 @@ http: - "/foobar" forceSlash: false ``` + +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.example.stripPrefix] + prefixes = ["/foobar"] + forceSlash = false +``` diff --git a/docs/content/middlewares/http/stripprefixregex.md b/docs/content/middlewares/http/stripprefixregex.md index 5b7f7a7ca..768a05994 100644 --- a/docs/content/middlewares/http/stripprefixregex.md +++ b/docs/content/middlewares/http/stripprefixregex.md @@ -38,12 +38,6 @@ labels: - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/" ``` -```toml tab="File (TOML)" -[http.middlewares] - [http.middlewares.test-stripprefixregex.stripPrefixRegex] - regex = ["/foo/[a-z0-9]+/[0-9]+/"] -``` - ```yaml tab="File (YAML)" http: middlewares: @@ -53,6 +47,12 @@ http: - "/foo/[a-z0-9]+/[0-9]+/" ``` +```toml tab="File (TOML)" +[http.middlewares] + [http.middlewares.test-stripprefixregex.stripPrefixRegex] + regex = ["/foo/[a-z0-9]+/[0-9]+/"] +``` + ## Configuration Options ### General diff --git a/docs/content/middlewares/overview.md b/docs/content/middlewares/overview.md index 68e741dc2..e48e2cfe8 100644 --- a/docs/content/middlewares/overview.md +++ b/docs/content/middlewares/overview.md @@ -77,26 +77,6 @@ labels: - "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher" ``` -```toml tab="File (TOML)" -# As TOML Configuration File -[http.routers] - [http.routers.router1] - service = "myService" - middlewares = ["foo-add-prefix"] - rule = "Host(`example.com`)" - -[http.middlewares] - [http.middlewares.foo-add-prefix.addPrefix] - prefix = "/foo" - -[http.services] - [http.services.service1] - [http.services.service1.loadBalancer] - - [[http.services.service1.loadBalancer.servers]] - url = "http://127.0.0.1:80" -``` - ```yaml tab="File (YAML)" # As YAML Configuration File http: @@ -119,6 +99,26 @@ http: - url: "http://127.0.0.1:80" ``` +```toml tab="File (TOML)" +# As TOML Configuration File +[http.routers] + [http.routers.router1] + service = "myService" + middlewares = ["foo-add-prefix"] + rule = "Host(`example.com`)" + +[http.middlewares] + [http.middlewares.foo-add-prefix.addPrefix] + prefix = "/foo" + +[http.services] + [http.services.service1] + [http.services.service1.loadBalancer] + + [[http.services.service1.loadBalancer.servers]] + url = "http://127.0.0.1:80" +``` + ## Available Middlewares A list of HTTP middlewares can be found [here](http/overview.md). diff --git a/docs/content/migration/v1-to-v2.md b/docs/content/migration/v1-to-v2.md index 70857d8c0..2c7e8f140 100644 --- a/docs/content/migration/v1-to-v2.md +++ b/docs/content/migration/v1-to-v2.md @@ -68,27 +68,27 @@ Then any router can refer to an instance of the wanted middleware. [frontends.frontend1] entryPoints = ["http"] backend = "backend1" - + [frontends.frontend1.routes] [frontends.frontend1.routes.route0] rule = "Host:test.localhost" [frontends.frontend1.routes.route0] rule = "PathPrefix:/test" - + [frontends.frontend1.auth] [frontends.frontend1.auth.basic] users = [ "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", ] - + [backends] [backends.backend1] [backends.backend1.servers.server0] url = "http://10.10.10.1:80" [backends.backend1.servers.server1] url = "http://10.10.10.2:80" - + [backends.backend1.loadBalancer] method = "wrr" ``` @@ -110,19 +110,19 @@ Then any router can refer to an instance of the wanted middleware. metadata: name: basicauth namespace: foo - + spec: basicAuth: users: - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/ - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0 - + --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: ingressroutebar - + spec: entryPoints: - http @@ -139,27 +139,6 @@ Then any router can refer to an instance of the wanted middleware. namespace: foo ``` - ```toml tab="File (TOML)" - [http.routers] - [http.routers.router0] - rule = "Host(`test.localhost`) && PathPrefix(`/test`)" - middlewares = ["auth"] - service = "my-service" - - [http.services] - [[http.services.my-service.loadBalancer.servers]] - url = "http://10.10.10.1:80" - [[http.services.my-service.loadBalancer.servers]] - url = "http://10.10.10.2:80" - - [http.middlewares] - [http.middlewares.auth.basicAuth] - users = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", - ] - ``` - ```yaml tab="File (YAML)" http: routers: @@ -168,14 +147,14 @@ Then any router can refer to an instance of the wanted middleware. service: my-service middlewares: - auth - + services: my-service: loadBalancer: servers: - url: http://10.10.10.1:80 - url: http://10.10.10.2:80 - + middlewares: auth: basicAuth: @@ -184,6 +163,27 @@ Then any router can refer to an instance of the wanted middleware. - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` + ```toml tab="File (TOML)" + [http.routers] + [http.routers.router0] + rule = "Host(`test.localhost`) && PathPrefix(`/test`)" + middlewares = ["auth"] + service = "my-service" + + [http.services] + [[http.services.my-service.loadBalancer.servers]] + url = "http://10.10.10.1:80" + [[http.services.my-service.loadBalancer.servers]] + url = "http://10.10.10.2:80" + + [http.middlewares] + [http.middlewares.auth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] + ``` + ## TLS Configuration is Now Dynamic, per Router. TLS parameters used to be specified in the static configuration, as an entryPoint field. @@ -193,13 +193,13 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o !!! example "TLS on websecure entryPoint becomes TLS option on Router-1" !!! info "v1" - + ```toml tab="File (TOML)" # static configuration [entryPoints] [entryPoints.websecure] address = ":443" - + [entryPoints.websecure.tls] minVersion = "VersionTLS12" cipherSuites = [ @@ -221,33 +221,6 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o !!! info "v2" - ```toml tab="File (TOML)" - # dynamic configuration - [http.routers] - [http.routers.Router-1] - rule = "Host(`example.com`)" - service = "service-id" - # will terminate the TLS request - [http.routers.Router-1.tls] - options = "myTLSOptions" - - [[tls.certificates]] - certFile = "/path/to/domain.cert" - keyFile = "/path/to/domain.key" - - [tls.options] - [tls.options.myTLSOptions] - minVersion = "VersionTLS12" - cipherSuites = [ - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - ] - ``` - ```yaml tab="File (YAML)" http: routers: @@ -257,7 +230,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o # will terminate the TLS request tls: options: myTLSOptions - + tls: certificates: - certFile: /path/to/domain.cert @@ -273,6 +246,33 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ``` + ```toml tab="File (TOML)" + # dynamic configuration + [http.routers] + [http.routers.Router-1] + rule = "Host(`example.com`)" + service = "service-id" + # will terminate the TLS request + [http.routers.Router-1.tls] + options = "myTLSOptions" + + [[tls.certificates]] + certFile = "/path/to/domain.cert" + keyFile = "/path/to/domain.key" + + [tls.options] + [tls.options.myTLSOptions] + minVersion = "VersionTLS12" + cipherSuites = [ + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + ] + ``` + ```yaml tab="K8s IngressRoute" # The definitions below require the definitions for the TLSOption and IngressRoute kinds. # https://doc.traefik.io/traefik/v2.3/reference/dynamic-configuration/kubernetes-crd/#definitions @@ -281,7 +281,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o metadata: name: mytlsoption namespace: default - + spec: minVersion: VersionTLS12 cipherSuites: @@ -290,13 +290,13 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - + --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: ingressroutebar - + spec: entryPoints: - web @@ -322,7 +322,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o ## HTTP to HTTPS Redirection is Now Configured on Routers Previously on Traefik v1, the redirection was applied on an entry point or on a frontend. -With Traefik v2 it is applied on an entry point or a [Router](../routing/routers/index.md). +With Traefik v2 it is applied on an entry point or a [Router](../routing/routers/index.md). To apply a redirection: @@ -332,11 +332,11 @@ To apply a redirection: !!! example "Global HTTP to HTTPS redirection" !!! info "v1" - + ```toml tab="File (TOML)" # static configuration defaultEntryPoints = ["web", "websecure"] - + [entryPoints] [entryPoints.web] address = ":80" @@ -354,35 +354,11 @@ To apply a redirection: ``` !!! info "v2" - - ```bash tab="CLI" - ## static configuration - - --entrypoints.web.address=:80 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entrypoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.websecure.address=:443 - --providers.docker=true - ``` - - ```toml tab="File (TOML)" - # traefik.toml - ## static configuration - - [entryPoints.web] - address = ":80" - [entryPoints.web.http.redirections.entryPoint] - to = "websecure" - scheme = "https" - - [entryPoints.websecure] - address = ":443" - ``` - + ```yaml tab="File (YAML)" - # traefik.yaml + # traefik.yml ## static configuration - + entryPoints: web: address: ":80" @@ -391,15 +367,39 @@ To apply a redirection: entrypoint: to: websecure scheme: https - + websecure: address: ":443" ``` + ```toml tab="File (TOML)" + # traefik.toml + ## static configuration + + [entryPoints.web] + address = ":80" + [entryPoints.web.http.redirections.entryPoint] + to = "websecure" + scheme = "https" + + [entryPoints.websecure] + address = ":443" + ``` + + ```bash tab="CLI" + ## static configuration + + --entrypoints.web.address=:80 + --entrypoints.web.http.redirections.entrypoint.to=websecure + --entrypoints.web.http.redirections.entrypoint.scheme=https + --entrypoints.websecure.address=:443 + --providers.docker=true + ``` + !!! example "HTTP to HTTPS redirection per domain" !!! info "v1" - + ```toml tab="File (TOML)" [entryPoints] [entryPoints.web] @@ -408,9 +408,9 @@ To apply a redirection: [entryPoints.websecure] address = ":443" [entryPoints.websecure.tls] - + [file] - + [frontends] [frontends.frontend1] entryPoints = ["web", "websecure"] @@ -428,11 +428,11 @@ To apply a redirection: traefik.http.routers.app.rule: Host(`example.net`) traefik.http.routers.app.entrypoints: web traefik.http.routers.app.middlewares: https_redirect - + traefik.http.routers.appsecured.rule: Host(`example.net`) traefik.http.routers.appsecured.entrypoints: websecure traefik.http.routers.appsecured.tls: true - + traefik.http.middlewares.https_redirect.redirectscheme.scheme: https traefik.http.middlewares.https_redirect.redirectscheme.permanent: true ``` @@ -442,7 +442,7 @@ To apply a redirection: kind: IngressRoute metadata: name: http-redirect-ingressRoute - + spec: entryPoints: - web @@ -454,13 +454,13 @@ To apply a redirection: port: 80 middlewares: - name: https-redirect - + --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: https-ingressRoute - + spec: entryPoints: - websecure @@ -471,7 +471,7 @@ To apply a redirection: - name: whoami port: 80 tls: {} - + --- apiVersion: traefik.containo.us/v1alpha1 kind: Middleware @@ -483,33 +483,10 @@ To apply a redirection: permanent: true ``` - ```toml tab="File (TOML)" - ## dynamic configuration - # dynamic-conf.toml - - [http.routers] - [http.routers.router0] - rule = "Host(`example.net`)" - service = "my-service" - entrypoints = ["web"] - middlewares = ["https_redirect"] - - [http.routers.router1] - rule = "Host(`example.net`)" - service = "my-service" - entrypoints = ["websecure"] - [http.routers.router1.tls] - - [http.middlewares] - [http.middlewares.https_redirect.redirectScheme] - scheme = "https" - permanent = true - ``` - ```yaml tab="File (YAML)" ## dynamic configuration # dynamic-conf.yml - + http: routers: router0: @@ -519,14 +496,14 @@ To apply a redirection: middlewares: - https_redirect service: my-service - + router1: rule: "Host(`example.net`)" entryPoints: - websecure service: my-service tls: {} - + middlewares: https-redirect: redirectScheme: @@ -534,6 +511,29 @@ To apply a redirection: permanent: true ``` + ```toml tab="File (TOML)" + ## dynamic configuration + # dynamic-conf.toml + + [http.routers] + [http.routers.router0] + rule = "Host(`example.net`)" + service = "my-service" + entrypoints = ["web"] + middlewares = ["https_redirect"] + + [http.routers.router1] + rule = "Host(`example.net`)" + service = "my-service" + entrypoints = ["websecure"] + [http.routers.router1.tls] + + [http.middlewares] + [http.middlewares.https_redirect.redirectScheme] + scheme = "https" + permanent = true + ``` + ## Strip and Rewrite Path Prefixes With the new core notions of v2 (introduced earlier in the section @@ -619,23 +619,6 @@ with the path `/admin` stripped, e.g. to `http://:/`. In this case, yo - /admin ``` - ```toml tab="File (TOML)" - ## Dynamic configuration - # dynamic-conf.toml - - [http.routers.router1] - rule = "Host(`example.org`) && PathPrefix(`/admin`)" - service = "admin-svc" - entrypoints = ["web"] - middlewares = ["admin-stripprefix"] - - [http.middlewares] - [http.middlewares.admin-stripprefix.stripPrefix] - prefixes = ["/admin"] - - # ... - ``` - ```yaml tab="File (YAML)" ## Dynamic Configuration # dynamic-conf.yml @@ -652,12 +635,29 @@ with the path `/admin` stripped, e.g. to `http://:/`. In this case, yo middlewares: admin-stripprefix: stripPrefix: - prefixes: + prefixes: - "/admin" # ... ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + # dynamic-conf.toml + + [http.routers.router1] + rule = "Host(`example.org`) && PathPrefix(`/admin`)" + service = "admin-svc" + entrypoints = ["web"] + middlewares = ["admin-stripprefix"] + + [http.middlewares] + [http.middlewares.admin-stripprefix.stripPrefix] + prefixes = ["/admin"] + + # ... + ``` + ??? question "What About Other Path Transformations?" Instead of removing the path prefix with the [`stripprefix` middleware](../../middlewares/http/stripprefix/), you can also: @@ -674,11 +674,11 @@ with the path `/admin` stripped, e.g. to `http://:/`. In this case, yo !!! example "ACME from provider to a specific Certificate Resolver" !!! info "v1" - + ```toml tab="File (TOML)" # static configuration defaultEntryPoints = ["websecure","web"] - + [entryPoints.web] address = ":80" [entryPoints.web.redirect] @@ -686,7 +686,7 @@ with the path `/admin` stripped, e.g. to `http://:/`. In this case, yo [entryPoints.websecure] address = ":443" [entryPoints.websecure.tls] - + [acme] email = "your-email-here@example.com" storage = "acme.json" @@ -708,34 +708,17 @@ with the path `/admin` stripped, e.g. to `http://:/`. In this case, yo !!! info "v2" - ```toml tab="File (TOML)" - # static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - - [entryPoints.websecure] - address = ":443" - [entryPoints.websecure.http.tls] - certResolver = "myresolver" - - [certificatesResolvers.myresolver.acme] - email = "your-email@example.com" - storage = "acme.json" - [certificatesResolvers.myresolver.acme.tlsChallenge] - ``` - ```yaml tab="File (YAML)" entryPoints: web: address: ":80" - + websecure: address: ":443" http: tls: certResolver: myresolver - + certificatesResolvers: myresolver: acme: @@ -744,6 +727,23 @@ with the path `/admin` stripped, e.g. to `http://:/`. In this case, yo tlsChallenge: {} ``` + ```toml tab="File (TOML)" + # static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.websecure] + address = ":443" + [entryPoints.websecure.http.tls] + certResolver = "myresolver" + + [certificatesResolvers.myresolver.acme] + email = "your-email@example.com" + storage = "acme.json" + [certificatesResolvers.myresolver.acme.tlsChallenge] + ``` + ```bash tab="CLI" --entrypoints.web.address=:80 --entrypoints.websecure.address=:443 @@ -764,7 +764,7 @@ There is no more log configuration at the root level. ```toml tab="File (TOML)" # static configuration logLevel = "DEBUG" - + [traefikLog] filePath = "/path/to/traefik.log" format = "json" @@ -778,14 +778,6 @@ There is no more log configuration at the root level. !!! info "v2" - ```toml tab="File (TOML)" - # static configuration - [log] - level = "DEBUG" - filePath = "/path/to/log-file.log" - format = "json" - ``` - ```yaml tab="File (YAML)" # static configuration log: @@ -794,6 +786,14 @@ There is no more log configuration at the root level. format: json ``` + ```toml tab="File (TOML)" + # static configuration + [log] + level = "DEBUG" + filePath = "/path/to/log-file.log" + format = "json" + ``` + ```bash tab="CLI" --log.level=DEBUG --log.filePath=/path/to/traefik.log @@ -838,17 +838,6 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is !!! info "v2" - ```toml tab="File (TOML)" - # static configuration - [tracing] - servicename = "tracing" - [tracing.jaeger] - samplingParam = 1.0 - samplingServerURL = "http://12.0.0.1:5778/sampling" - samplingType = "const" - localAgentHostPort = "12.0.0.1:6831" - ``` - ```yaml tab="File (YAML)" # static configuration tracing: @@ -860,6 +849,17 @@ Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is localAgentHostPort: '12.0.0.1:6831' ``` + ```toml tab="File (TOML)" + # static configuration + [tracing] + servicename = "tracing" + [tracing.jaeger] + samplingParam = 1.0 + samplingServerURL = "http://12.0.0.1:5778/sampling" + samplingType = "const" + localAgentHostPort = "12.0.0.1:6831" + ``` + ```bash tab="CLI" --tracing.servicename=tracing --tracing.jaeger.localagenthostport=12.0.0.1:6831 @@ -891,13 +891,6 @@ For a basic configuration, the [metrics configuration](../observability/metrics/ !!! info "v2" - ```toml tab="File (TOML)" - # static configuration - [metrics.prometheus] - buckets = [0.1,0.3,1.2,5.0] - entryPoint = "metrics" - ``` - ```yaml tab="File (YAML)" # static configuration metrics: @@ -910,6 +903,13 @@ For a basic configuration, the [metrics configuration](../observability/metrics/ entryPoint: metrics ``` + ```toml tab="File (TOML)" + # static configuration + [metrics.prometheus] + buckets = [0.1,0.3,1.2,5.0] + entryPoint = "metrics" + ``` + ```bash tab="CLI" --metrics.prometheus.buckets=[0.1,0.3,1.2,5.0] --metrics.prometheus.entrypoint=metrics @@ -955,43 +955,43 @@ Each root item has been moved to a related section or removed. !!! info "v2" - ```toml tab="File (TOML)" - # static configuration - [global] - checkNewVersion = true - sendAnonymousUsage = true - - [log] - level = "DEBUG" - - [serversTransport] - insecureSkipVerify = true - rootCAs = [ "/mycert.cert" ] - maxIdleConnsPerHost = 42 - - [providers] - providersThrottleDuration = 42 - ``` - ```yaml tab="File (YAML)" # static configuration global: checkNewVersion: true sendAnonymousUsage: true - + log: level: DEBUG - + serversTransport: insecureSkipVerify: true rootCAs: - /mycert.cert maxIdleConnsPerHost: 42 - + providers: providersThrottleDuration: 42 ``` + ```toml tab="File (TOML)" + # static configuration + [global] + checkNewVersion = true + sendAnonymousUsage = true + + [log] + level = "DEBUG" + + [serversTransport] + insecureSkipVerify = true + rootCAs = [ "/mycert.cert" ] + maxIdleConnsPerHost = 42 + + [providers] + providersThrottleDuration = 42 + ``` + ```bash tab="CLI" --global.checknewversion=true --global.sendanonymoususage=true @@ -1018,7 +1018,7 @@ To activate the dashboard, you can either: ```toml tab="File (TOML)" ## static configuration # traefik.toml - + [entryPoints.websecure] address = ":443" [entryPoints.websecure.tls] @@ -1027,7 +1027,7 @@ To activate the dashboard, you can either: users = [ "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" ] - + [api] entryPoint = "websecure" ``` @@ -1050,55 +1050,25 @@ To activate the dashboard, you can either: - "traefik.http.middlewares.myAuth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" ``` - ```toml tab="File (TOML)" - ## static configuration - # traefik.toml - - [entryPoints.websecure] - address = ":443" - - [api] - - [providers.file] - directory = "/path/to/dynamic/config" - - ##---------------------## - - ## dynamic configuration - # /path/to/dynamic/config/dynamic-conf.toml - - [http.routers.api] - rule = "Host(`traefik.docker.localhost`)" - entrypoints = ["websecure"] - service = "api@internal" - middlewares = ["myAuth"] - [http.routers.api.tls] - - [http.middlewares.myAuth.basicAuth] - users = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - ] - ``` - ```yaml tab="File (YAML)" ## static configuration - # traefik.yaml - + # traefik.yml + entryPoints: websecure: address: ':443' - + api: {} - + providers: file: directory: /path/to/dynamic/config - + ##---------------------## - + ## dynamic configuration - # /path/to/dynamic/config/dynamic-conf.yaml - + # /path/to/dynamic/config/dynamic-conf.yml + http: routers: api: @@ -1109,7 +1079,7 @@ To activate the dashboard, you can either: middlewares: - myAuth tls: {} - + middlewares: myAuth: basicAuth: @@ -1117,6 +1087,36 @@ To activate the dashboard, you can either: - 'test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/' ``` + ```toml tab="File (TOML)" + ## static configuration + # traefik.toml + + [entryPoints.websecure] + address = ":443" + + [api] + + [providers.file] + directory = "/path/to/dynamic/config" + + ##---------------------## + + ## dynamic configuration + # /path/to/dynamic/config/dynamic-conf.toml + + [http.routers.api] + rule = "Host(`traefik.docker.localhost`)" + entrypoints = ["websecure"] + service = "api@internal" + middlewares = ["myAuth"] + [http.routers.api.tls] + + [http.middlewares.myAuth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" + ] + ``` + ## Providers Supported [providers](../providers/overview.md), for now: diff --git a/docs/content/observability/access-logs.md b/docs/content/observability/access-logs.md index 51859c4e1..c1ad21d94 100644 --- a/docs/content/observability/access-logs.md +++ b/docs/content/observability/access-logs.md @@ -5,18 +5,18 @@ Who Calls Whom? By default, logs are written to stdout, in text format. -## Configuration +## Configuration To enable the access logs: -```toml tab="File (TOML)" -[accessLog] -``` - ```yaml tab="File (YAML)" accessLog: {} ``` +```toml tab="File (TOML)" +[accessLog] +``` + ```bash tab="CLI" --accesslog=true ``` @@ -26,28 +26,28 @@ accessLog: {} By default access logs are written to the standard output. To write the logs into a log file, use the `filePath` option. -```toml tab="File (TOML)" -[accessLog] - filePath = "/path/to/access.log" -``` - ```yaml tab="File (YAML)" accessLog: filePath: "/path/to/access.log" ``` +```toml tab="File (TOML)" +[accessLog] + filePath = "/path/to/access.log" +``` + ```bash tab="CLI" --accesslog.filepath=/path/to/access.log ``` ### `format` - + By default, logs are written using the Common Log Format (CLF). To write logs in JSON, use `json` in the `format` option. If the given format is unsupported, the default (CLF) is used instead. !!! info "Common Log Format" - + ```html - [] " " "" "" "" "" ms ``` @@ -58,13 +58,6 @@ To write the logs in an asynchronous fashion, specify a `bufferingSize` option. This option represents the number of log lines Traefik will keep in memory before writing them to the selected output. In some cases, this option can greatly help performances. -```toml tab="File (TOML)" -# Configuring a buffer of 100 lines -[accessLog] - filePath = "/path/to/access.log" - bufferingSize = 100 -``` - ```yaml tab="File (YAML)" # Configuring a buffer of 100 lines accessLog: @@ -72,6 +65,13 @@ accessLog: bufferingSize: 100 ``` +```toml tab="File (TOML)" +# Configuring a buffer of 100 lines +[accessLog] + filePath = "/path/to/access.log" + bufferingSize = 100 +``` + ```bash tab="CLI" # Configuring a buffer of 100 lines --accesslog.filepath=/path/to/access.log @@ -80,40 +80,40 @@ accessLog: ### Filtering -To filter logs, you can specify a set of filters which are logically "OR-connected". +To filter logs, you can specify a set of filters which are logically "OR-connected". Thus, specifying multiple filters will keep more access logs than specifying only one. -The available filters are: +The available filters are: - `statusCodes`, to limit the access logs to requests with a status codes in the specified range - `retryAttempts`, to keep the access logs when at least one retry has happened - `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)) +```yaml tab="File (YAML)" +# Configuring Multiple Filters +accessLog: + filePath: "/path/to/access.log" + format: json + filters: + statusCodes: + - "200" + - "300-302" + retryAttempts: true + minDuration: "10ms" +``` + ```toml tab="File (TOML)" # Configuring Multiple Filters [accessLog] filePath = "/path/to/access.log" format = "json" - [accessLog.filters] + [accessLog.filters] statusCodes = ["200", "300-302"] retryAttempts = true minDuration = "10ms" ``` -```yaml tab="File (YAML)" -# Configuring Multiple Filters -accessLog: - filePath: "/path/to/access.log" - format: json - filters: - statusCodes: - - "200" - - "300-302" - retryAttempts: true - minDuration: "10ms" -``` - ```bash tab="CLI" # Configuring Multiple Filters --accesslog.filepath=/path/to/access.log @@ -135,27 +135,9 @@ Each field can be set to: The `defaultMode` for `fields.headers` is `drop`. -```toml tab="File (TOML)" -# Limiting the Logs to Specific Fields -[accessLog] - filePath = "/path/to/access.log" - format = "json" - [accessLog.fields] defaultMode = "keep" - [accessLog.fields.names] - "ClientUsername" = "drop" - - [accessLog.fields.headers] - defaultMode = "keep" - - [accessLog.fields.headers.names] - "User-Agent" = "redact" - "Authorization" = "drop" - "Content-Type" = "keep" -``` - ```yaml tab="File (YAML)" # Limiting the Logs to Specific Fields accessLog: @@ -173,6 +155,24 @@ accessLog: Content-Type: keep ``` +```toml tab="File (TOML)" +# Limiting the Logs to Specific Fields +[accessLog] + filePath = "/path/to/access.log" + format = "json" + + [accessLog.fields.names] + "ClientUsername" = "drop" + + [accessLog.fields.headers] + defaultMode = "keep" + + [accessLog.fields.headers.names] + "User-Agent" = "redact" + "Authorization" = "drop" + "Content-Type" = "keep" +``` + ```bash tab="CLI" # Limiting the Logs to Specific Fields --accesslog.filepath=/path/to/access.log diff --git a/docs/content/observability/logs.md b/docs/content/observability/logs.md index 3aa0d6c15..2c77dea39 100644 --- a/docs/content/observability/logs.md +++ b/docs/content/observability/logs.md @@ -16,18 +16,18 @@ Traefik logs concern everything that happens to Traefik itself (startup, configu By default, the logs are written to the standard output. You can configure a file path instead using the `filePath` option. -```toml tab="File (TOML)" -# Writing Logs to a File -[log] - filePath = "/path/to/traefik.log" -``` - ```yaml tab="File (YAML)" # Writing Logs to a File log: filePath: "/path/to/traefik.log" ``` +```toml tab="File (TOML)" +# Writing Logs to a File +[log] + filePath = "/path/to/traefik.log" +``` + ```bash tab="CLI" # Writing Logs to a File --log.filePath=/path/to/traefik.log @@ -35,14 +35,7 @@ log: #### `format` -By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option. - -```toml tab="File (TOML)" -# Writing Logs to a File, in JSON -[log] - filePath = "/path/to/log-file.log" - format = "json" -``` +By default, the logs use a text format (`common`), but you can also ask for the `json` format in the `format` option. ```yaml tab="File (YAML)" # Writing Logs to a File, in JSON @@ -51,6 +44,13 @@ log: format: json ``` +```toml tab="File (TOML)" +# Writing Logs to a File, in JSON +[log] + filePath = "/path/to/log-file.log" + format = "json" +``` + ```bash tab="CLI" # Writing Logs to a File, in JSON --log.filePath=/path/to/traefik.log @@ -59,18 +59,18 @@ log: #### `level` -By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`. - -```toml tab="File (TOML)" -[log] - level = "DEBUG" -``` +By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`. ```yaml tab="File (YAML)" log: level: DEBUG ``` +```toml tab="File (TOML)" +[log] + level = "DEBUG" +``` + ```bash tab="CLI" --log.level=DEBUG ``` diff --git a/docs/content/observability/metrics/datadog.md b/docs/content/observability/metrics/datadog.md index 18dcec52a..5e133e1df 100644 --- a/docs/content/observability/metrics/datadog.md +++ b/docs/content/observability/metrics/datadog.md @@ -2,16 +2,16 @@ To enable the Datadog: -```toml tab="File (TOML)" -[metrics] - [metrics.datadog] -``` - ```yaml tab="File (YAML)" metrics: datadog: {} ``` +```toml tab="File (TOML)" +[metrics] + [metrics.datadog] +``` + ```bash tab="CLI" --metrics.datadog=true ``` @@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8125"_ Address instructs exporter to send metrics to datadog-agent at this address. -```toml tab="File (TOML)" -[metrics] - [metrics.datadog] - address = "127.0.0.1:8125" -``` - ```yaml tab="File (YAML)" metrics: datadog: address: 127.0.0.1:8125 ``` +```toml tab="File (TOML)" +[metrics] + [metrics.datadog] + address = "127.0.0.1:8125" +``` + ```bash tab="CLI" --metrics.datadog.address=127.0.0.1:8125 ``` @@ -44,18 +44,18 @@ _Optional, Default=true_ Enable metrics on entry points. -```toml tab="File (TOML)" -[metrics] - [metrics.datadog] - addEntryPointsLabels = true -``` - ```yaml tab="File (YAML)" metrics: datadog: addEntryPointsLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.datadog] + addEntryPointsLabels = true +``` + ```bash tab="CLI" --metrics.datadog.addEntryPointsLabels=true ``` @@ -87,18 +87,18 @@ _Optional, Default=true_ Enable metrics on services. -```toml tab="File (TOML)" -[metrics] - [metrics.datadog] - addServicesLabels = true -``` - ```yaml tab="File (YAML)" metrics: datadog: addServicesLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.datadog] + addServicesLabels = true +``` + ```bash tab="CLI" --metrics.datadog.addServicesLabels=true ``` @@ -109,18 +109,18 @@ _Optional, Default=10s_ The interval used by the exporter to push metrics to datadog-agent. -```toml tab="File (TOML)" -[metrics] - [metrics.datadog] - pushInterval = 10s -``` - ```yaml tab="File (YAML)" metrics: datadog: pushInterval: 10s ``` +```toml tab="File (TOML)" +[metrics] + [metrics.datadog] + pushInterval = 10s +``` + ```bash tab="CLI" --metrics.datadog.pushInterval=10s ``` diff --git a/docs/content/observability/metrics/influxdb.md b/docs/content/observability/metrics/influxdb.md index f83af38c3..b7ffee00b 100644 --- a/docs/content/observability/metrics/influxdb.md +++ b/docs/content/observability/metrics/influxdb.md @@ -2,16 +2,16 @@ To enable the InfluxDB: -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] -``` - ```yaml tab="File (YAML)" metrics: influxDB: {} ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] +``` + ```bash tab="CLI" --metrics.influxdb=true ``` @@ -22,18 +22,18 @@ _Required, Default="localhost:8089"_ Address instructs exporter to send metrics to influxdb at this address. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - address = "localhost:8089" -``` - ```yaml tab="File (YAML)" metrics: influxDB: address: localhost:8089 ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + address = "localhost:8089" +``` + ```bash tab="CLI" --metrics.influxdb.address=localhost:8089 ``` @@ -44,18 +44,18 @@ _Required, Default="udp"_ InfluxDB's address protocol (udp or http). -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - protocol = "udp" -``` - ```yaml tab="File (YAML)" metrics: influxDB: protocol: udp ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + protocol = "udp" +``` + ```bash tab="CLI" --metrics.influxdb.protocol=udp ``` @@ -66,18 +66,18 @@ _Optional, Default=""_ InfluxDB database used when protocol is http. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - database = "db" -``` - ```yaml tab="File (YAML)" metrics: influxDB: database: "db" ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + database = "db" +``` + ```bash tab="CLI" --metrics.influxdb.database=db ``` @@ -88,18 +88,18 @@ _Optional, Default=""_ InfluxDB retention policy used when protocol is http. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - retentionPolicy = "two_hours" -``` - ```yaml tab="File (YAML)" metrics: influxDB: retentionPolicy: "two_hours" ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + retentionPolicy = "two_hours" +``` + ```bash tab="CLI" --metrics.influxdb.retentionPolicy=two_hours ``` @@ -110,18 +110,18 @@ _Optional, Default=""_ InfluxDB username (only with http). -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - username = "john" -``` - ```yaml tab="File (YAML)" metrics: influxDB: username: "john" ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + username = "john" +``` + ```bash tab="CLI" --metrics.influxdb.username=john ``` @@ -132,18 +132,18 @@ _Optional, Default=""_ InfluxDB password (only with http). -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - password = "secret" -``` - ```yaml tab="File (YAML)" metrics: influxDB: password: "secret" ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + password = "secret" +``` + ```bash tab="CLI" --metrics.influxdb.password=secret ``` @@ -154,18 +154,18 @@ _Optional, Default=true_ Enable metrics on entry points. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - addEntryPointsLabels = true -``` - ```yaml tab="File (YAML)" metrics: influxDB: addEntryPointsLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + addEntryPointsLabels = true +``` + ```bash tab="CLI" --metrics.influxdb.addEntryPointsLabels=true ``` @@ -198,18 +198,18 @@ _Optional, Default=true_ Enable metrics on services. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - addServicesLabels = true -``` - ```yaml tab="File (YAML)" metrics: influxDB: addServicesLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + addServicesLabels = true +``` + ```bash tab="CLI" --metrics.influxdb.addServicesLabels=true ``` @@ -220,18 +220,18 @@ _Optional, Default=10s_ The interval used by the exporter to push metrics to influxdb. -```toml tab="File (TOML)" -[metrics] - [metrics.influxDB] - pushInterval = 10s -``` - ```yaml tab="File (YAML)" metrics: influxDB: pushInterval: 10s ``` +```toml tab="File (TOML)" +[metrics] + [metrics.influxDB] + pushInterval = 10s +``` + ```bash tab="CLI" --metrics.influxdb.pushInterval=10s ``` diff --git a/docs/content/observability/metrics/overview.md b/docs/content/observability/metrics/overview.md index 34ec9d4a3..8ce450373 100644 --- a/docs/content/observability/metrics/overview.md +++ b/docs/content/observability/metrics/overview.md @@ -11,14 +11,14 @@ Traefik supports 4 metrics backends: To enable metrics: -```toml tab="File (TOML)" -[metrics] -``` - ```yaml tab="File (YAML)" metrics: {} ``` +```toml tab="File (TOML)" +[metrics] +``` + ```bash tab="CLI" --metrics=true ``` diff --git a/docs/content/observability/metrics/prometheus.md b/docs/content/observability/metrics/prometheus.md index 8e585aee6..d751ebb56 100644 --- a/docs/content/observability/metrics/prometheus.md +++ b/docs/content/observability/metrics/prometheus.md @@ -2,16 +2,16 @@ To enable the Prometheus: -```toml tab="File (TOML)" -[metrics] - [metrics.prometheus] -``` - ```yaml tab="File (YAML)" metrics: prometheus: {} ``` +```toml tab="File (TOML)" +[metrics] + [metrics.prometheus] +``` + ```bash tab="CLI" --metrics.prometheus=true ``` @@ -22,12 +22,6 @@ _Optional, Default="0.100000, 0.300000, 1.200000, 5.000000"_ Buckets for latency metrics. -```toml tab="File (TOML)" -[metrics] - [metrics.prometheus] - buckets = [0.1,0.3,1.2,5.0] -``` - ```yaml tab="File (YAML)" metrics: prometheus: @@ -38,6 +32,12 @@ metrics: - 5.0 ``` +```toml tab="File (TOML)" +[metrics] + [metrics.prometheus] + buckets = [0.1,0.3,1.2,5.0] +``` + ```bash tab="CLI" --metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000 ``` @@ -48,18 +48,18 @@ _Optional, Default=true_ Enable metrics on entry points. -```toml tab="File (TOML)" -[metrics] - [metrics.prometheus] - addEntryPointsLabels = true -``` - ```yaml tab="File (YAML)" metrics: prometheus: addEntryPointsLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.prometheus] + addEntryPointsLabels = true +``` + ```bash tab="CLI" --metrics.prometheus.addEntryPointsLabels=true ``` @@ -92,18 +92,18 @@ _Optional, Default=true_ Enable metrics on services. -```toml tab="File (TOML)" -[metrics] - [metrics.prometheus] - addServicesLabels = true -``` - ```yaml tab="File (YAML)" metrics: prometheus: addServicesLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.prometheus] + addServicesLabels = true +``` + ```bash tab="CLI" --metrics.prometheus.addServicesLabels=true ``` @@ -114,16 +114,6 @@ _Optional, Default=traefik_ Entry point used to expose metrics. -```toml tab="File (TOML)" -[entryPoints] - [entryPoints.metrics] - address = ":8082" - -[metrics] - [metrics.prometheus] - entryPoint = "metrics" -``` - ```yaml tab="File (YAML)" entryPoints: metrics: @@ -134,6 +124,16 @@ metrics: entryPoint: metrics ``` +```toml tab="File (TOML)" +[entryPoints] + [entryPoints.metrics] + address = ":8082" + +[metrics] + [metrics.prometheus] + entryPoint = "metrics" +``` + ```bash tab="CLI" --entryPoints.metrics.address=:8082 --metrics.prometheus.entryPoint=metrics @@ -145,18 +145,18 @@ _Optional, Default=false_ If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `prometheus@internal` service. -```toml tab="File (TOML)" -[metrics] - [metrics.prometheus] - manualRouting = true -``` - ```yaml tab="File (YAML)" metrics: prometheus: manualRouting: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.prometheus] + manualRouting = true +``` + ```bash tab="CLI" --metrics.prometheus.manualrouting=true ``` diff --git a/docs/content/observability/metrics/statsd.md b/docs/content/observability/metrics/statsd.md index 01d086d24..7a57ea91f 100644 --- a/docs/content/observability/metrics/statsd.md +++ b/docs/content/observability/metrics/statsd.md @@ -2,16 +2,16 @@ To enable the Statsd: -```toml tab="File (TOML)" -[metrics] - [metrics.statsD] -``` - ```yaml tab="File (YAML)" metrics: statsD: {} ``` +```toml tab="File (TOML)" +[metrics] + [metrics.statsD] +``` + ```bash tab="CLI" --metrics.statsd=true ``` @@ -22,18 +22,18 @@ _Required, Default="localhost:8125"_ Address instructs exporter to send metrics to statsd at this address. -```toml tab="File (TOML)" -[metrics] - [metrics.statsD] - address = "localhost:8125" -``` - ```yaml tab="File (YAML)" metrics: statsD: address: localhost:8125 ``` +```toml tab="File (TOML)" +[metrics] + [metrics.statsD] + address = "localhost:8125" +``` + ```bash tab="CLI" --metrics.statsd.address=localhost:8125 ``` @@ -44,18 +44,18 @@ _Optional, Default=true_ Enable metrics on entry points. -```toml tab="File (TOML)" -[metrics] - [metrics.statsD] - addEntryPointsLabels = true -``` - ```yaml tab="File (YAML)" metrics: statsD: addEntryPointsLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.statsD] + addEntryPointsLabels = true +``` + ```bash tab="CLI" --metrics.statsd.addEntryPointsLabels=true ``` @@ -88,18 +88,18 @@ _Optional, Default=true_ Enable metrics on services. -```toml tab="File (TOML)" -[metrics] - [metrics.statsD] - addServicesLabels = true -``` - ```yaml tab="File (YAML)" metrics: statsD: addServicesLabels: true ``` +```toml tab="File (TOML)" +[metrics] + [metrics.statsD] + addServicesLabels = true +``` + ```bash tab="CLI" --metrics.statsd.addServicesLabels=true ``` @@ -110,18 +110,18 @@ _Optional, Default=10s_ The interval used by the exporter to push metrics to statsD. -```toml tab="File (TOML)" -[metrics] - [metrics.statsD] - pushInterval = 10s -``` - ```yaml tab="File (YAML)" metrics: statsD: pushInterval: 10s ``` +```toml tab="File (TOML)" +[metrics] + [metrics.statsD] + pushInterval = 10s +``` + ```bash tab="CLI" --metrics.statsd.pushInterval=10s ``` @@ -132,18 +132,18 @@ _Optional, Default="traefik"_ The prefix to use for metrics collection. -```toml tab="File (TOML)" -[metrics] - [metrics.statsD] - prefix = "traefik" -``` - ```yaml tab="File (YAML)" metrics: statsD: prefix: traefik ``` +```toml tab="File (TOML)" +[metrics] + [metrics.statsD] + prefix = "traefik" +``` + ```bash tab="CLI" --metrics.statsd.prefix="traefik" ``` diff --git a/docs/content/observability/tracing/datadog.md b/docs/content/observability/tracing/datadog.md index a6ce77d5d..1b85ec32e 100644 --- a/docs/content/observability/tracing/datadog.md +++ b/docs/content/observability/tracing/datadog.md @@ -2,16 +2,16 @@ To enable the Datadog: -```toml tab="File (TOML)" -[tracing] - [tracing.datadog] -``` - ```yaml tab="File (YAML)" tracing: datadog: {} ``` +```toml tab="File (TOML)" +[tracing] + [tracing.datadog] +``` + ```bash tab="CLI" --tracing.datadog=true ``` @@ -22,18 +22,18 @@ _Required, Default="127.0.0.1:8126"_ Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent at this address. -```toml tab="File (TOML)" -[tracing] - [tracing.datadog] - localAgentHostPort = "127.0.0.1:8126" -``` - ```yaml tab="File (YAML)" tracing: datadog: localAgentHostPort: 127.0.0.1:8126 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.datadog] + localAgentHostPort = "127.0.0.1:8126" +``` + ```bash tab="CLI" --tracing.datadog.localAgentHostPort=127.0.0.1:8126 ``` @@ -44,18 +44,18 @@ _Optional, Default=false_ Enable Datadog debug. -```toml tab="File (TOML)" -[tracing] - [tracing.datadog] - debug = true -``` - ```yaml tab="File (YAML)" tracing: datadog: debug: true ``` +```toml tab="File (TOML)" +[tracing] + [tracing.datadog] + debug = true +``` + ```bash tab="CLI" --tracing.datadog.debug=true ``` @@ -66,18 +66,18 @@ _Optional, Default=empty_ Apply shared tag in a form of Key:Value to all the traces. -```toml tab="File (TOML)" -[tracing] - [tracing.datadog] - globalTag = "sample" -``` - ```yaml tab="File (YAML)" tracing: datadog: globalTag: sample ``` +```toml tab="File (TOML)" +[tracing] + [tracing.datadog] + globalTag = "sample" +``` + ```bash tab="CLI" --tracing.datadog.globalTag=sample ``` @@ -89,18 +89,18 @@ _Optional, Default=false_ Enable priority sampling. When using distributed tracing, this option must be enabled in order to get all the parts of a distributed trace sampled. -```toml tab="File (TOML)" -[tracing] - [tracing.datadog] - prioritySampling = true -``` - ```yaml tab="File (YAML)" tracing: datadog: prioritySampling: true ``` +```toml tab="File (TOML)" +[tracing] + [tracing.datadog] + prioritySampling = true +``` + ```bash tab="CLI" --tracing.datadog.prioritySampling=true ``` diff --git a/docs/content/observability/tracing/elastic.md b/docs/content/observability/tracing/elastic.md index 97042d73f..16513c14a 100644 --- a/docs/content/observability/tracing/elastic.md +++ b/docs/content/observability/tracing/elastic.md @@ -2,16 +2,16 @@ To enable the Elastic: -```toml tab="File (TOML)" -[tracing] - [tracing.elastic] -``` - ```yaml tab="File (YAML)" tracing: elastic: {} ``` +```toml tab="File (TOML)" +[tracing] + [tracing.elastic] +``` + ```bash tab="CLI" --tracing.elastic=true ``` @@ -22,18 +22,18 @@ _Optional, Default="http://localhost:8200"_ APM ServerURL is the URL of the Elastic APM server. -```toml tab="File (TOML)" -[tracing] - [tracing.elastic] - serverURL = "http://apm:8200" -``` - ```yaml tab="File (YAML)" tracing: elastic: serverURL: "http://apm:8200" ``` +```toml tab="File (TOML)" +[tracing] + [tracing.elastic] + serverURL = "http://apm:8200" +``` + ```bash tab="CLI" --tracing.elastic.serverurl="http://apm:8200" ``` @@ -44,18 +44,18 @@ _Optional, Default=""_ APM Secret Token is the token used to connect to Elastic APM Server. -```toml tab="File (TOML)" -[tracing] - [tracing.elastic] - secretToken = "mytoken" -``` - ```yaml tab="File (YAML)" tracing: elastic: secretToken: "mytoken" ``` +```toml tab="File (TOML)" +[tracing] + [tracing.elastic] + secretToken = "mytoken" +``` + ```bash tab="CLI" --tracing.elastic.secrettoken="mytoken" ``` @@ -66,18 +66,18 @@ _Optional, Default=""_ APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`. -```toml tab="File (TOML)" -[tracing] - [tracing.elastic] - serviceEnvironment = "production" -``` - ```yaml tab="File (YAML)" tracing: elastic: serviceEnvironment: "production" ``` +```toml tab="File (TOML)" +[tracing] + [tracing.elastic] + serviceEnvironment = "production" +``` + ```bash tab="CLI" --tracing.elastic.serviceenvironment="production" ``` diff --git a/docs/content/observability/tracing/haystack.md b/docs/content/observability/tracing/haystack.md index 99895860e..2b78f43fb 100644 --- a/docs/content/observability/tracing/haystack.md +++ b/docs/content/observability/tracing/haystack.md @@ -2,16 +2,16 @@ To enable the Haystack: -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] -``` - ```yaml tab="File (YAML)" tracing: haystack: {} ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] +``` + ```bash tab="CLI" --tracing.haystack=true ``` @@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_ Local Agent Host instructs reporter to send spans to haystack-agent at this address. -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] - localAgentHost = "127.0.0.1" -``` - ```yaml tab="File (YAML)" tracing: haystack: localAgentHost: 127.0.0.1 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] + localAgentHost = "127.0.0.1" +``` + ```bash tab="CLI" --tracing.haystack.localAgentHost=127.0.0.1 ``` @@ -44,18 +44,18 @@ _Require, Default=35000_ Local Agent port instructs reporter to send spans to the haystack-agent at this port. -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] - localAgentPort = 35000 -``` - ```yaml tab="File (YAML)" tracing: haystack: localAgentPort: 35000 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] + localAgentPort = 35000 +``` + ```bash tab="CLI" --tracing.haystack.localAgentPort=35000 ``` @@ -66,18 +66,18 @@ _Optional, Default=empty_ Apply shared tag in a form of Key:Value to all the traces. -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] - globalTag = "sample:test" -``` - ```yaml tab="File (YAML)" tracing: haystack: globalTag: sample:test ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] + globalTag = "sample:test" +``` + ```bash tab="CLI" --tracing.haystack.globalTag=sample:test ``` @@ -88,18 +88,18 @@ _Optional, Default=empty_ Specifies the header name that will be used to store the trace ID. -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] - traceIDHeaderName = "Trace-ID" -``` - ```yaml tab="File (YAML)" tracing: haystack: traceIDHeaderName: Trace-ID ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] + traceIDHeaderName = "Trace-ID" +``` + ```bash tab="CLI" --tracing.haystack.traceIDHeaderName=Trace-ID ``` @@ -110,18 +110,18 @@ _Optional, Default=empty_ Specifies the header name that will be used to store the parent ID. -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] - parentIDHeaderName = "Parent-Message-ID" -``` - ```yaml tab="File (YAML)" tracing: haystack: parentIDHeaderName: Parent-Message-ID ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] + parentIDHeaderName = "Parent-Message-ID" +``` + ```bash tab="CLI" --tracing.haystack.parentIDHeaderName=Parent-Message-ID ``` @@ -132,18 +132,18 @@ _Optional, Default=empty_ Specifies the header name that will be used to store the span ID. -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] - spanIDHeaderName = "Message-ID" -``` - ```yaml tab="File (YAML)" tracing: haystack: spanIDHeaderName: Message-ID ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] + spanIDHeaderName = "Message-ID" +``` + ```bash tab="CLI" --tracing.haystack.spanIDHeaderName=Message-ID ``` @@ -154,18 +154,18 @@ _Optional, Default=empty_ Specifies the header name prefix that will be used to store baggage items in a map. -```toml tab="File (TOML)" -[tracing] - [tracing.haystack] - baggagePrefixHeaderName = "sample" -``` - ```yaml tab="File (YAML)" tracing: haystack: baggagePrefixHeaderName: "sample" ``` +```toml tab="File (TOML)" +[tracing] + [tracing.haystack] + baggagePrefixHeaderName = "sample" +``` + ```bash tab="CLI" --tracing.haystack.baggagePrefixHeaderName=sample diff --git a/docs/content/observability/tracing/instana.md b/docs/content/observability/tracing/instana.md index bc6b69958..e9eac66cf 100644 --- a/docs/content/observability/tracing/instana.md +++ b/docs/content/observability/tracing/instana.md @@ -2,16 +2,16 @@ To enable the Instana: -```toml tab="File (TOML)" -[tracing] - [tracing.instana] -``` - ```yaml tab="File (YAML)" tracing: instana: {} ``` +```toml tab="File (TOML)" +[tracing] + [tracing.instana] +``` + ```bash tab="CLI" --tracing.instana=true ``` @@ -22,18 +22,18 @@ _Require, Default="127.0.0.1"_ Local Agent Host instructs reporter to send spans to instana-agent at this address. -```toml tab="File (TOML)" -[tracing] - [tracing.instana] - localAgentHost = "127.0.0.1" -``` - ```yaml tab="File (YAML)" tracing: instana: localAgentHost: 127.0.0.1 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.instana] + localAgentHost = "127.0.0.1" +``` + ```bash tab="CLI" --tracing.instana.localAgentHost=127.0.0.1 ``` @@ -44,18 +44,18 @@ _Require, Default=42699_ Local Agent port instructs reporter to send spans to the instana-agent at this port. -```toml tab="File (TOML)" -[tracing] - [tracing.instana] - localAgentPort = 42699 -``` - ```yaml tab="File (YAML)" tracing: instana: localAgentPort: 42699 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.instana] + localAgentPort = 42699 +``` + ```bash tab="CLI" --tracing.instana.localAgentPort=42699 ``` @@ -73,18 +73,18 @@ Valid values for logLevel field are: - `debug` - `info` -```toml tab="File (TOML)" -[tracing] - [tracing.instana] - logLevel = "info" -``` - ```yaml tab="File (YAML)" tracing: instana: logLevel: info ``` +```toml tab="File (TOML)" +[tracing] + [tracing.instana] + logLevel = "info" +``` + ```bash tab="CLI" --tracing.instana.logLevel=info ``` diff --git a/docs/content/observability/tracing/jaeger.md b/docs/content/observability/tracing/jaeger.md index c06bac674..05ef53dab 100644 --- a/docs/content/observability/tracing/jaeger.md +++ b/docs/content/observability/tracing/jaeger.md @@ -2,16 +2,16 @@ To enable the Jaeger: -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] -``` - ```yaml tab="File (YAML)" tracing: jaeger: {} ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] +``` + ```bash tab="CLI" --tracing.jaeger=true ``` @@ -29,18 +29,18 @@ _Required, Default="http://localhost:5778/sampling"_ Sampling Server URL is the address of jaeger-agent's HTTP sampling server. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - samplingServerURL = "http://localhost:5778/sampling" -``` - ```yaml tab="File (YAML)" tracing: jaeger: samplingServerURL: http://localhost:5778/sampling ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + samplingServerURL = "http://localhost:5778/sampling" +``` + ```bash tab="CLI" --tracing.jaeger.samplingServerURL=http://localhost:5778/sampling ``` @@ -51,18 +51,18 @@ _Required, Default="const"_ Sampling Type specifies the type of the sampler: `const`, `probabilistic`, `rateLimiting`. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - samplingType = "const" -``` - ```yaml tab="File (YAML)" tracing: jaeger: samplingType: const ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + samplingType = "const" +``` + ```bash tab="CLI" --tracing.jaeger.samplingType=const ``` @@ -79,18 +79,18 @@ Valid values for Param field are: - for `probabilistic` sampler, a probability between 0 and 1 - for `rateLimiting` sampler, the number of spans per second -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - samplingParam = 1.0 -``` - ```yaml tab="File (YAML)" tracing: jaeger: samplingParam: 1.0 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + samplingParam = 1.0 +``` + ```bash tab="CLI" --tracing.jaeger.samplingParam=1.0 ``` @@ -101,18 +101,18 @@ _Required, Default="127.0.0.1:6831"_ Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - localAgentHostPort = "127.0.0.1:6831" -``` - ```yaml tab="File (YAML)" tracing: jaeger: localAgentHostPort: 127.0.0.1:6831 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + localAgentHostPort = "127.0.0.1:6831" +``` + ```bash tab="CLI" --tracing.jaeger.localAgentHostPort=127.0.0.1:6831 ``` @@ -123,18 +123,18 @@ _Optional, Default=false_ Generate 128-bit trace IDs, compatible with OpenCensus. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - gen128Bit = true -``` - ```yaml tab="File (YAML)" tracing: jaeger: gen128Bit: true ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + gen128Bit = true +``` + ```bash tab="CLI" --tracing.jaeger.gen128Bit ``` @@ -149,18 +149,18 @@ This can be either: - `jaeger`, jaeger's default trace header. - `b3`, compatible with OpenZipkin -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - propagation = "jaeger" -``` - ```yaml tab="File (YAML)" tracing: jaeger: propagation: jaeger ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + propagation = "jaeger" +``` + ```bash tab="CLI" --tracing.jaeger.propagation=jaeger ``` @@ -172,18 +172,18 @@ _Required, Default="uber-trace-id"_ Trace Context Header Name is the http header name used to propagate tracing context. This must be in lower-case to avoid mismatches when decoding incoming headers. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - traceContextHeaderName = "uber-trace-id" -``` - ```yaml tab="File (YAML)" tracing: jaeger: traceContextHeaderName: uber-trace-id ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + traceContextHeaderName = "uber-trace-id" +``` + ```bash tab="CLI" --tracing.jaeger.traceContextHeaderName=uber-trace-id ``` @@ -195,18 +195,18 @@ _Optional, Default=true_ Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change. Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger] - disableAttemptReconnecting = false -``` - ```yaml tab="File (YAML)" tracing: jaeger: disableAttemptReconnecting: false ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger] + disableAttemptReconnecting = false +``` + ```bash tab="CLI" --tracing.jaeger.disableAttemptReconnecting=false ``` @@ -218,12 +218,6 @@ _Optional, Default=""_ Collector Endpoint instructs reporter to send spans to jaeger-collector at this URL. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger.collector] - endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift" -``` - ```yaml tab="File (YAML)" tracing: jaeger: @@ -231,6 +225,12 @@ tracing: endpoint: http://127.0.0.1:14268/api/traces?format=jaeger.thrift ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger.collector] + endpoint = "http://127.0.0.1:14268/api/traces?format=jaeger.thrift" +``` + ```bash tab="CLI" --tracing.jaeger.collector.endpoint=http://127.0.0.1:14268/api/traces?format=jaeger.thrift ``` @@ -241,12 +241,6 @@ _Optional, Default=""_ User instructs reporter to include a user for basic http authentication when sending spans to jaeger-collector. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger.collector] - user = "my-user" -``` - ```yaml tab="File (YAML)" tracing: jaeger: @@ -254,6 +248,12 @@ tracing: user: my-user ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger.collector] + user = "my-user" +``` + ```bash tab="CLI" --tracing.jaeger.collector.user=my-user ``` @@ -264,12 +264,6 @@ _Optional, Default=""_ Password instructs reporter to include a password for basic http authentication when sending spans to jaeger-collector. -```toml tab="File (TOML)" -[tracing] - [tracing.jaeger.collector] - password = "my-password" -``` - ```yaml tab="File (YAML)" tracing: jaeger: @@ -277,6 +271,12 @@ tracing: password: my-password ``` +```toml tab="File (TOML)" +[tracing] + [tracing.jaeger.collector] + password = "my-password" +``` + ```bash tab="CLI" --tracing.jaeger.collector.password=my-password ``` diff --git a/docs/content/observability/tracing/overview.md b/docs/content/observability/tracing/overview.md index 1471209e9..17f6a522a 100644 --- a/docs/content/observability/tracing/overview.md +++ b/docs/content/observability/tracing/overview.md @@ -22,14 +22,14 @@ By default, Traefik uses Jaeger as tracing backend. To enable the tracing: -```toml tab="File (TOML)" -[tracing] -``` - ```yaml tab="File (YAML)" tracing: {} ``` +```toml tab="File (TOML)" +[tracing] +``` + ```bash tab="CLI" --tracing=true ``` @@ -42,16 +42,16 @@ _Required, Default="traefik"_ Service name used in selected backend. -```toml tab="File (TOML)" -[tracing] - serviceName = "traefik" -``` - ```yaml tab="File (YAML)" tracing: serviceName: traefik ``` +```toml tab="File (TOML)" +[tracing] + serviceName = "traefik" +``` + ```bash tab="CLI" --tracing.serviceName=traefik ``` @@ -65,16 +65,16 @@ This can prevent certain tracing providers to drop traces that exceed their leng `0` means no truncation will occur. -```toml tab="File (TOML)" -[tracing] - spanNameLimit = 150 -``` - ```yaml tab="File (YAML)" tracing: spanNameLimit: 150 ``` +```toml tab="File (TOML)" +[tracing] + spanNameLimit = 150 +``` + ```bash tab="CLI" --tracing.spanNameLimit=150 ``` diff --git a/docs/content/observability/tracing/zipkin.md b/docs/content/observability/tracing/zipkin.md index dcd76323e..9b8eff9e1 100644 --- a/docs/content/observability/tracing/zipkin.md +++ b/docs/content/observability/tracing/zipkin.md @@ -2,16 +2,16 @@ To enable the Zipkin: -```toml tab="File (TOML)" -[tracing] - [tracing.zipkin] -``` - ```yaml tab="File (YAML)" tracing: zipkin: {} ``` +```toml tab="File (TOML)" +[tracing] + [tracing.zipkin] +``` + ```bash tab="CLI" --tracing.zipkin=true ``` @@ -22,18 +22,18 @@ _Required, Default="http://localhost:9411/api/v2/spans"_ Zipkin HTTP endpoint used to send data. -```toml tab="File (TOML)" -[tracing] - [tracing.zipkin] - httpEndpoint = "http://localhost:9411/api/v2/spans" -``` - ```yaml tab="File (YAML)" tracing: zipkin: httpEndpoint: http://localhost:9411/api/v2/spans ``` +```toml tab="File (TOML)" +[tracing] + [tracing.zipkin] + httpEndpoint = "http://localhost:9411/api/v2/spans" +``` + ```bash tab="CLI" --tracing.zipkin.httpEndpoint=http://localhost:9411/api/v2/spans ``` @@ -44,18 +44,18 @@ _Optional, Default=false_ Use Zipkin SameSpan RPC style traces. -```toml tab="File (TOML)" -[tracing] - [tracing.zipkin] - sameSpan = true -``` - ```yaml tab="File (YAML)" tracing: zipkin: sameSpan: true ``` +```toml tab="File (TOML)" +[tracing] + [tracing.zipkin] + sameSpan = true +``` + ```bash tab="CLI" --tracing.zipkin.sameSpan=true ``` @@ -66,18 +66,18 @@ _Optional, Default=true_ Use Zipkin 128 bit trace IDs. -```toml tab="File (TOML)" -[tracing] - [tracing.zipkin] - id128Bit = false -``` - ```yaml tab="File (YAML)" tracing: zipkin: id128Bit: false ``` +```toml tab="File (TOML)" +[tracing] + [tracing.zipkin] + id128Bit = false +``` + ```bash tab="CLI" --tracing.zipkin.id128Bit=false ``` @@ -88,18 +88,18 @@ _Required, Default=1.0_ The rate between 0.0 and 1.0 of requests to trace. -```toml tab="File (TOML)" -[tracing] - [tracing.zipkin] - sampleRate = 0.2 -``` - ```yaml tab="File (YAML)" tracing: zipkin: sampleRate: 0.2 ``` +```toml tab="File (TOML)" +[tracing] + [tracing.zipkin] + sampleRate = 0.2 +``` + ```bash tab="CLI" --tracing.zipkin.sampleRate=0.2 ``` diff --git a/docs/content/operations/api.md b/docs/content/operations/api.md index 9450eb3ae..5b14c3e21 100644 --- a/docs/content/operations/api.md +++ b/docs/content/operations/api.md @@ -26,16 +26,16 @@ If you enable the API, a new special `service` named `api@internal` is created a To enable the API handler, use the following option on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration): -```toml tab="File (TOML)" -# Static Configuration -[api] -``` - ```yaml tab="File (YAML)" # Static Configuration api: {} ``` +```toml tab="File (TOML)" +# Static Configuration +[api] +``` + ```bash tab="CLI" --api=true ``` @@ -74,16 +74,16 @@ Enable the API in `insecure` mode, which means that the API will be available di !!! info If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080. -```toml tab="File (TOML)" -[api] - insecure = true -``` - ```yaml tab="File (YAML)" api: insecure: true ``` +```toml tab="File (TOML)" +[api] + insecure = true +``` + ```bash tab="CLI" --api.insecure=true ``` @@ -94,16 +94,16 @@ _Optional, Default=true_ Enable the dashboard. More about the dashboard features [here](./dashboard.md). -```toml tab="File (TOML)" -[api] - dashboard = true -``` - ```yaml tab="File (YAML)" api: dashboard: true ``` +```toml tab="File (TOML)" +[api] + dashboard = true +``` + ```bash tab="CLI" --api.dashboard=true ``` @@ -117,16 +117,16 @@ _Optional, Default=false_ Enable additional [endpoints](./api.md#endpoints) for debugging and profiling, served under `/debug/`. -```toml tab="File (TOML)" -[api] - debug = true -``` - ```yaml tab="File (YAML)" api: debug: true ``` +```toml tab="File (TOML)" +[api] + debug = true +``` + ```bash tab="CLI" --api.debug=true ``` diff --git a/docs/content/operations/dashboard.md b/docs/content/operations/dashboard.md index 5bd4dce51..6ec1df1c4 100644 --- a/docs/content/operations/dashboard.md +++ b/docs/content/operations/dashboard.md @@ -31,16 +31,6 @@ This is the **recommended** method. Start by enabling the dashboard by using the following option from [Traefik's API](./api.md) on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration): -```toml tab="File (TOML)" -[api] - # Dashboard - # - # Optional - # Default: true - # - dashboard = true -``` - ```yaml tab="File (YAML)" api: # Dashboard @@ -51,6 +41,16 @@ api: dashboard: true ``` +```toml tab="File (TOML)" +[api] + # Dashboard + # + # Optional + # Default: true + # + dashboard = true +``` + ```bash tab="CLI" # Dashboard # @@ -105,18 +105,18 @@ This mode is not recommended because it does not allow the use of security featu To enable the "insecure mode", use the following options from [Traefik's API](./api.md#insecure): -```toml tab="File (TOML)" -[api] - dashboard = true - insecure = true -``` - ```yaml tab="File (YAML)" api: dashboard: true insecure: true ``` +```toml tab="File (TOML)" +[api] + dashboard = true + insecure = true +``` + ```bash tab="CLI" --api.dashboard=true --api.insecure=true ``` diff --git a/docs/content/operations/include-api-examples.md b/docs/content/operations/include-api-examples.md index 9bd416ea3..33fc71a09 100644 --- a/docs/content/operations/include-api-examples.md +++ b/docs/content/operations/include-api-examples.md @@ -69,20 +69,6 @@ labels: - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" ``` -```toml tab="File (TOML)" -# Dynamic Configuration -[http.routers.my-api] - rule = "Host(`traefik.example.com`)" - service = "api@internal" - middlewares = ["auth"] - -[http.middlewares.auth.basicAuth] - users = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", - ] -``` - ```yaml tab="File (YAML)" # Dynamic Configuration http: @@ -99,3 +85,17 @@ http: - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` + +```toml tab="File (TOML)" +# Dynamic Configuration +[http.routers.my-api] + rule = "Host(`traefik.example.com`)" + service = "api@internal" + middlewares = ["auth"] + +[http.middlewares.auth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] +``` diff --git a/docs/content/operations/include-dashboard-examples.md b/docs/content/operations/include-dashboard-examples.md index 8e3201482..eb72d3a0a 100644 --- a/docs/content/operations/include-dashboard-examples.md +++ b/docs/content/operations/include-dashboard-examples.md @@ -69,20 +69,6 @@ labels: - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0" ``` -```toml tab="File (TOML)" -# Dynamic Configuration -[http.routers.my-api] - rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" - service = "api@internal" - middlewares = ["auth"] - -[http.middlewares.auth.basicAuth] - users = [ - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", - ] -``` - ```yaml tab="File (YAML)" # Dynamic Configuration http: @@ -99,3 +85,17 @@ http: - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0" ``` + +```toml tab="File (TOML)" +# Dynamic Configuration +[http.routers.my-api] + rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" + service = "api@internal" + middlewares = ["auth"] + +[http.middlewares.auth.basicAuth] + users = [ + "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0", + ] +``` diff --git a/docs/content/operations/ping.md b/docs/content/operations/ping.md index 95b2266f1..cc187bb9f 100644 --- a/docs/content/operations/ping.md +++ b/docs/content/operations/ping.md @@ -7,14 +7,14 @@ Checking the Health of Your Traefik Instances To enable the API handler: -```toml tab="File (TOML)" -[ping] -``` - ```yaml tab="File (YAML)" ping: {} ``` +```toml tab="File (TOML)" +[ping] +``` + ```bash tab="CLI" --ping=true ``` @@ -39,15 +39,6 @@ _Optional, Default="traefik"_ Enabling /ping on a dedicated EntryPoint. -```toml tab="File (TOML)" -[entryPoints] - [entryPoints.ping] - address = ":8082" - -[ping] - entryPoint = "ping" -``` - ```yaml tab="File (YAML)" entryPoints: ping: @@ -57,6 +48,15 @@ ping: entryPoint: "ping" ``` +```toml tab="File (TOML)" +[entryPoints] + [entryPoints.ping] + address = ":8082" + +[ping] + entryPoint = "ping" +``` + ```bash tab="CLI" --entryPoints.ping.address=:8082 --ping.entryPoint=ping @@ -68,16 +68,16 @@ _Optional, Default=false_ If `manualRouting` is `true`, it disables the default internal router in order to allow one to create a custom router for the `ping@internal` service. -```toml tab="File (TOML)" -[ping] - manualRouting = true -``` - ```yaml tab="File (YAML)" ping: manualRouting: true ``` +```toml tab="File (TOML)" +[ping] + manualRouting = true +``` + ```bash tab="CLI" --ping.manualrouting=true ``` @@ -93,16 +93,16 @@ be expected as the signal for graceful termination. In which case, the terminatingStatusCode can be used to set the code returned by the ping handler during termination. -```toml tab="File (TOML)" -[ping] - terminatingStatusCode = 204 -``` - ```yaml tab="File (YAML)" ping: terminatingStatusCode: 204 ``` +```toml tab="File (TOML)" +[ping] + terminatingStatusCode = 204 +``` + ```bash tab="CLI" --ping.terminatingStatusCode=204 ``` diff --git a/docs/content/providers/consul-catalog.md b/docs/content/providers/consul-catalog.md index d0f85cf79..23f71af86 100644 --- a/docs/content/providers/consul-catalog.md +++ b/docs/content/providers/consul-catalog.md @@ -13,15 +13,15 @@ Attach tags to your services and let Traefik do the rest! Enabling the consul catalog provider - ```toml tab="File (TOML)" - [providers.consulCatalog] - ``` - ```yaml tab="File (YAML)" providers: consulCatalog: {} ``` + ```toml tab="File (TOML)" + [providers.consulCatalog] + ``` + ```bash tab="CLI" --providers.consulcatalog=true ``` @@ -44,12 +44,6 @@ _Optional, Default=15s_ Defines the polling interval. -```toml tab="File (TOML)" -[providers.consulCatalog] - refreshInterval = "30s" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -57,6 +51,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + refreshInterval = "30s" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.refreshInterval=30s # ... @@ -68,12 +68,6 @@ _required, Default="traefik"_ The prefix for Consul Catalog tags defining Traefik labels. -```toml tab="File (TOML)" -[providers.consulCatalog] - prefix = "test" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -81,6 +75,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + prefix = "test" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.prefix=test # ... @@ -98,12 +98,6 @@ Forces the read to be fully consistent. For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency). -```toml tab="File (TOML)" -[providers.consulCatalog] - requireConsistent = true - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -111,6 +105,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + requireConsistent = true + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.requireConsistent=true # ... @@ -128,12 +128,6 @@ Use stale consistency for catalog reads. For more information, see the consul [documentation on consistency](https://www.consul.io/api-docs/features/consistency). -```toml tab="File (TOML)" -[providers.consulCatalog] - stale = true - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -141,6 +135,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + stale = true + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.stale=true # ... @@ -152,12 +152,6 @@ _Optional, Default=false_ Use local agent caching for catalog reads. -```toml tab="File (TOML)" -[providers.consulCatalog] - cache = true - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -165,6 +159,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + cache = true + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.cache=true # ... @@ -180,13 +180,6 @@ Defines the address of the Consul server. _Optional, Default="127.0.0.1:8500"_ -```toml tab="File (TOML)" -[providers.consulCatalog] - [providers.consulCatalog.endpoint] - address = "127.0.0.1:8500" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -195,6 +188,13 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + [providers.consulCatalog.endpoint] + address = "127.0.0.1:8500" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.address=127.0.0.1:8500 # ... @@ -206,13 +206,6 @@ _Optional, Default=""_ Defines the URI scheme for the Consul server. -```toml tab="File (TOML)" -[providers.consulCatalog] - [providers.consulCatalog.endpoint] - scheme = "https" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -221,6 +214,13 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + [providers.consulCatalog.endpoint] + scheme = "https" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.scheme=https # ... @@ -233,13 +233,6 @@ _Optional, Default=""_ Defines the datacenter to use. If not provided in Traefik, Consul uses the default agent datacenter. -```toml tab="File (TOML)" -[providers.consulCatalog] - [providers.consulCatalog.endpoint] - datacenter = "test" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -248,6 +241,13 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + [providers.consulCatalog.endpoint] + datacenter = "test" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.datacenter=test # ... @@ -259,13 +259,6 @@ _Optional, Default=""_ Token is used to provide a per-request ACL token which overwrites the agent's default token. -```toml tab="File (TOML)" -[providers.consulCatalog] - [providers.consulCatalog.endpoint] - token = "test" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -274,6 +267,13 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + [providers.consulCatalog.endpoint] + token = "test" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.token=test # ... @@ -286,13 +286,6 @@ _Optional, Default=""_ Limits the duration for which a Watch can block. If not provided, the agent default values will be used. -```toml tab="File (TOML)" -[providers.consulCatalog] - [providers.consulCatalog.endpoint] - endpointWaitTime = "15s" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -301,6 +294,13 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + [providers.consulCatalog.endpoint] + endpointWaitTime = "15s" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.endpointwaittime=15s # ... @@ -318,11 +318,6 @@ _Optional, Default=""_ Username to use for HTTP Basic Authentication. -```toml tab="File (TOML)" -[providers.consulCatalog.endpoint.httpAuth] - username = "test" -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -331,6 +326,11 @@ providers: username: test ``` +```toml tab="File (TOML)" +[providers.consulCatalog.endpoint.httpAuth] + username = "test" +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.httpauth.username=test ``` @@ -341,11 +341,6 @@ _Optional, Default=""_ Password to use for HTTP Basic Authentication. -```toml tab="File (TOML)" -[providers.consulCatalog.endpoint.httpAuth] - password = "test" -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -354,6 +349,11 @@ providers: password: test ``` +```toml tab="File (TOML)" +[providers.consulCatalog.endpoint.httpAuth] + password = "test" +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.httpauth.password=test ``` @@ -370,11 +370,6 @@ _Optional_ `ca` is the path to the CA certificate used for Consul communication, defaults to the system bundle if not specified. -```toml tab="File (TOML)" -[providers.consulCatalog.endpoint.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -383,6 +378,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.consulCatalog.endpoint.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.tls.ca=path/to/ca.crt ``` @@ -401,11 +401,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.consulCatalog.endpoint.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -414,6 +409,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.consulCatalog.endpoint.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.tls.caoptional=true ``` @@ -426,12 +426,6 @@ _Optional_ When using this option, setting the `key` option is required. -```toml tab="File (TOML)" -[providers.consulCatalog.endpoint.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -441,6 +435,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.consulCatalog.endpoint.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert --providers.consulcatalog.endpoint.tls.key=path/to/foo.key @@ -454,12 +454,6 @@ _Optional_ When using this option, setting the `cert` option is required. -```toml tab="File (TOML)" -[providers.consulCatalog.endpoint.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -469,6 +463,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.consulCatalog.endpoint.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.tls.cert=path/to/foo.cert --providers.consulcatalog.endpoint.tls.key=path/to/foo.key @@ -480,11 +480,6 @@ _Optional_ If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.consulCatalog.endpoint.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -493,6 +488,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.consulCatalog.endpoint.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.consulcatalog.endpoint.tls.insecureskipverify=true ``` @@ -506,12 +506,6 @@ If set to `false`, services that don't have a `traefik.enable=true` tag will be For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -```toml tab="File (TOML)" -[providers.consulCatalog] - exposedByDefault = false - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -519,6 +513,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + exposedByDefault = false + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.exposedByDefault=false # ... @@ -538,12 +538,6 @@ and the template has access to all the labels (i.e. tags beginning with the `pre The option can be overridden on an instance basis with the `traefik.http.routers.{name-of-your-choice}.rule` tag. -```toml tab="File (TOML)" -[providers.consulCatalog] - defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -551,6 +545,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" # ... @@ -599,12 +599,6 @@ as well as the usual boolean logic, as shown in examples below. constraints = "TagRegex(`a\.tag\.t.+`)" ``` -```toml tab="File (TOML)" -[providers.consulCatalog] - constraints = "Tag(`a.tag.name`)" - # ... -``` - ```yaml tab="File (YAML)" providers: consulCatalog: @@ -612,6 +606,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.consulCatalog] + constraints = "Tag(`a.tag.name`)" + # ... +``` + ```bash tab="CLI" --providers.consulcatalog.constraints="Tag(`a.tag.name`)" # ... diff --git a/docs/content/providers/consul.md b/docs/content/providers/consul.md index 7de8b88fe..f3fbf3fa3 100644 --- a/docs/content/providers/consul.md +++ b/docs/content/providers/consul.md @@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:8500"_ Defines how to access to Consul. -```toml tab="File (TOML)" -[providers.consul] - endpoints = ["127.0.0.1:8500"] -``` - ```yaml tab="File (YAML)" providers: consul: @@ -29,6 +24,11 @@ providers: - "127.0.0.1:8500" ``` +```toml tab="File (TOML)" +[providers.consul] + endpoints = ["127.0.0.1:8500"] +``` + ```bash tab="CLI" --providers.consul.endpoints=127.0.0.1:8500 ``` @@ -39,17 +39,17 @@ _Required, Default="traefik"_ Defines the root key of the configuration. -```toml tab="File (TOML)" -[providers.consul] - rootKey = "traefik" -``` - ```yaml tab="File (YAML)" providers: consul: rootKey: "traefik" ``` +```toml tab="File (TOML)" +[providers.consul] + rootKey = "traefik" +``` + ```bash tab="CLI" --providers.consul.rootkey=traefik ``` @@ -60,12 +60,6 @@ _Optional, Default=""_ Defines a username to connect to Consul with. -```toml tab="File (TOML)" -[providers.consul] - # ... - username = "foo" -``` - ```yaml tab="File (YAML)" providers: consul: @@ -73,6 +67,12 @@ providers: usename: "foo" ``` +```toml tab="File (TOML)" +[providers.consul] + # ... + username = "foo" +``` + ```bash tab="CLI" --providers.consul.username=foo ``` @@ -83,12 +83,6 @@ _Optional, Default=""_ Defines a password with which to connect to Consul. -```toml tab="File (TOML)" -[providers.consul] - # ... - password = "bar" -``` - ```yaml tab="File (YAML)" providers: consul: @@ -96,6 +90,12 @@ providers: password: "bar" ``` +```toml tab="File (TOML)" +[providers.consul] + # ... + password = "bar" +``` + ```bash tab="CLI" --providers.consul.password=foo ``` @@ -108,11 +108,6 @@ _Optional_ Certificate Authority used for the secure connection to Consul. -```toml tab="File (TOML)" -[providers.consul.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: consul: @@ -120,6 +115,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.consul.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.consul.tls.ca=path/to/ca.crt ``` @@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.consul.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: consul: @@ -148,6 +143,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.consul.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.consul.tls.caOptional=true ``` @@ -156,12 +156,6 @@ providers: Public certificate used for the secure connection to Consul. -```toml tab="File (TOML)" -[providers.consul.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: consul: @@ -170,6 +164,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.consul.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.consul.tls.cert=path/to/foo.cert --providers.consul.tls.key=path/to/foo.key @@ -179,12 +179,6 @@ providers: Private certificate used for the secure connection to Consul. -```toml tab="File (TOML)" -[providers.consul.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: consul: @@ -193,6 +187,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.consul.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.consul.tls.cert=path/to/foo.cert --providers.consul.tls.key=path/to/foo.key @@ -202,11 +202,6 @@ providers: If `insecureSkipVerify` is `true`, the TLS connection to Consul accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.consul.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: consul: @@ -214,6 +209,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.consul.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.consul.tls.insecureSkipVerify=true ``` diff --git a/docs/content/providers/docker.md b/docs/content/providers/docker.md index 6b407e1f8..502e564f9 100644 --- a/docs/content/providers/docker.md +++ b/docs/content/providers/docker.md @@ -20,15 +20,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/). Enabling the docker provider - ```toml tab="File (TOML)" - [providers.docker] - ``` - ```yaml tab="File (YAML)" providers: docker: {} ``` + ```toml tab="File (TOML)" + [providers.docker] + ``` + ```bash tab="CLI" --providers.docker=true ``` @@ -48,15 +48,6 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/). Enabling the docker provider (Swarm Mode) - ```toml tab="File (TOML)" - [providers.docker] - # swarm classic (1.12-) - # endpoint = "tcp://127.0.0.1:2375" - # docker swarm mode (1.12+) - endpoint = "tcp://127.0.0.1:2377" - swarmMode = true - ``` - ```yaml tab="File (YAML)" providers: docker: @@ -67,6 +58,15 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/). swarmMode: true ``` + ```toml tab="File (TOML)" + [providers.docker] + # swarm classic (1.12-) + # endpoint = "tcp://127.0.0.1:2375" + # docker swarm mode (1.12+) + endpoint = "tcp://127.0.0.1:2377" + swarmMode = true + ``` + ```bash tab="CLI" # swarm classic (1.12-) # --providers.docker.endpoint=tcp://127.0.0.1:2375 @@ -117,7 +117,7 @@ Port detection works as follows: - If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) a single port, then Traefik uses this port for private communication. - If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports, - or does not expose any port, then you must manually specify which port Traefik should use for communication + or does not expose any port, then you must manually specify which port Traefik should use for communication by using the label `traefik.http.services..loadbalancer.server.port` (Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)). @@ -261,12 +261,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A We specify the docker.sock in traefik's configuration file. - ```toml tab="File (TOML)" - [providers.docker] - endpoint = "unix:///var/run/docker.sock" - # ... - ``` - ```yaml tab="File (YAML)" providers: docker: @@ -274,6 +268,12 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A # ... ``` + ```toml tab="File (TOML)" + [providers.docker] + endpoint = "unix:///var/run/docker.sock" + # ... + ``` + ```bash tab="CLI" --providers.docker.endpoint=unix:///var/run/docker.sock # ... @@ -285,12 +285,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A We specify the SSH host and user in Traefik's configuration file. Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik. - ```toml tab="File (TOML)" - [providers.docker] - endpoint = "ssh://traefik@192.168.2.5:2022" - # ... - ``` - ```yaml tab="File (YAML)" providers: docker: @@ -298,22 +292,28 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A # ... ``` + ```toml tab="File (TOML)" + [providers.docker] + endpoint = "ssh://traefik@192.168.2.5:2022" + # ... + ``` + ```bash tab="CLI" --providers.docker.endpoint=ssh://traefik@192.168.2.5:2022 # ... ``` -```toml tab="File (TOML)" -[providers.docker] - endpoint = "unix:///var/run/docker.sock" -``` - ```yaml tab="File (YAML)" providers: docker: endpoint: "unix:///var/run/docker.sock" ``` +```toml tab="File (TOML)" +[providers.docker] + endpoint = "unix:///var/run/docker.sock" +``` + ```bash tab="CLI" --providers.docker.endpoint=unix:///var/run/docker.sock ``` @@ -350,12 +350,6 @@ but still uses the `traefik.http.services..loadbalancer.server.port` that - `ExtPort` stands for "external Port found in the binding" - `IntPort` stands for "internal network container's port." -```toml tab="File (TOML)" -[providers.docker] - useBindPortIP = true - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -363,6 +357,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + useBindPortIP = true + # ... +``` + ```bash tab="CLI" --providers.docker.useBindPortIP=true # ... @@ -377,12 +377,6 @@ If set to `false`, containers that do not have a `traefik.enable=true` label are For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -```toml tab="File (TOML)" -[providers.docker] - exposedByDefault = false - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -390,6 +384,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + exposedByDefault = false + # ... +``` + ```bash tab="CLI" --providers.docker.exposedByDefault=false # ... @@ -403,12 +403,6 @@ Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.docker.network` label. -```toml tab="File (TOML)" -[providers.docker] - network = "test" - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -416,6 +410,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + network = "test" + # ... +``` + ```bash tab="CLI" --providers.docker.network=test # ... @@ -432,12 +432,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can The container service name can be accessed with the `Name` identifier, and the template has access to all the labels defined on this container. -```toml tab="File (TOML)" -[providers.docker] - defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -445,6 +439,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" + # ... +``` + ```bash tab="CLI" --providers.docker.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) # ... @@ -456,12 +456,6 @@ _Optional, Default=false_ Enables the Swarm Mode (instead of standalone Docker). -```toml tab="File (TOML)" -[providers.docker] - swarmMode = true - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -469,6 +463,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + swarmMode = true + # ... +``` + ```bash tab="CLI" --providers.docker.swarmMode=true # ... @@ -480,12 +480,6 @@ _Optional, Default=15_ Defines the polling interval (in seconds) for Swarm Mode. -```toml tab="File (TOML)" -[providers.docker] - swarmModeRefreshSeconds = 30 - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -493,6 +487,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + swarmModeRefreshSeconds = 30 + # ... +``` + ```bash tab="CLI" --providers.docker.swarmModeRefreshSeconds=30 # ... @@ -504,12 +504,6 @@ _Optional, Default=0_ Defines the client timeout (in seconds) for HTTP connections. If its value is `0`, no timeout is set. -```toml tab="File (TOML)" -[providers.docker] - httpClientTimeout = 300 - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -517,6 +511,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + httpClientTimeout = 300 + # ... +``` + ```bash tab="CLI" --providers.docker.httpClientTimeout=300 # ... @@ -528,12 +528,6 @@ _Optional, Default=true_ Watch Docker Swarm events. -```toml tab="File (TOML)" -[providers.docker] - watch = false - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -541,6 +535,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + watch = false + # ... +``` + ```bash tab="CLI" --providers.docker.watch=false # ... @@ -591,12 +591,6 @@ as well as the usual boolean logic, as shown in examples below. For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -```toml tab="File (TOML)" -[providers.docker] - constraints = "Label(`a.label.name`,`foo`)" - # ... -``` - ```yaml tab="File (YAML)" providers: docker: @@ -604,6 +598,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.docker] + constraints = "Label(`a.label.name`,`foo`)" + # ... +``` + ```bash tab="CLI" --providers.docker.constraints=Label(`a.label.name`,`foo`) # ... @@ -617,11 +617,6 @@ _Optional_ Certificate Authority used for the secure connection to Docker. -```toml tab="File (TOML)" -[providers.docker.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: docker: @@ -629,6 +624,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.docker.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.docker.tls.ca=path/to/ca.crt ``` @@ -645,11 +645,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.docker.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: docker: @@ -657,6 +652,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.docker.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.docker.tls.caOptional=true ``` @@ -665,12 +665,6 @@ providers: Public certificate used for the secure connection to Docker. -```toml tab="File (TOML)" -[providers.docker.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: docker: @@ -679,6 +673,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.docker.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.docker.tls.cert=path/to/foo.cert --providers.docker.tls.key=path/to/foo.key @@ -688,12 +688,6 @@ providers: Private certificate used for the secure connection to Docker. -```toml tab="File (TOML)" -[providers.docker.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: docker: @@ -702,6 +696,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.docker.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.docker.tls.cert=path/to/foo.cert --providers.docker.tls.key=path/to/foo.key @@ -711,11 +711,6 @@ providers: If `insecureSkipVerify` is `true`, the TLS connection to Docker accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.docker.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: docker: @@ -723,6 +718,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.docker.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.docker.tls.insecureSkipVerify=true ``` diff --git a/docs/content/providers/ecs.md b/docs/content/providers/ecs.md index efc3e062a..39cb0945b 100644 --- a/docs/content/providers/ecs.md +++ b/docs/content/providers/ecs.md @@ -11,15 +11,15 @@ Attach labels to your ECS containers and let Traefik do the rest! Enabling the ECS provider: - ```toml tab="File (TOML)" - [providers.ecs] - ``` - ```yaml tab="File (YAML)" providers: ecs: {} ``` + ```toml tab="File (TOML)" + [providers.ecs] + ``` + ```bash tab="CLI" --providers.ecs=true ``` @@ -63,12 +63,6 @@ Search for services in cluster list. - If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters. - If set to `false` service discovery is enabled on configured clusters only. -```toml tab="File (TOML)" -[providers.ecs] - autoDiscoverClusters = true - # ... -``` - ```yaml tab="File (YAML)" providers: ecs: @@ -76,6 +70,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.ecs] + autoDiscoverClusters = true + # ... +``` + ```bash tab="CLI" --providers.ecs.autoDiscoverClusters=true # ... @@ -87,12 +87,6 @@ _Optional, Default=["default"]_ Search for services in cluster list. -```toml tab="File (TOML)" -[providers.ecs] - clusters = ["default"] - # ... -``` - ```yaml tab="File (YAML)" providers: ecs: @@ -101,6 +95,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.ecs] + clusters = ["default"] + # ... +``` + ```bash tab="CLI" --providers.ecs.clusters=default # ... @@ -114,12 +114,6 @@ Expose ECS services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration. -```toml tab="File (TOML)" -[providers.ecs] - exposedByDefault = false - # ... -``` - ```yaml tab="File (YAML)" providers: ecs: @@ -127,6 +121,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.ecs] + exposedByDefault = false + # ... +``` + ```bash tab="CLI" --providers.ecs.exposedByDefault=false # ... @@ -143,12 +143,6 @@ It must be a valid [Go template](https://golang.org/pkg/text/template/), and can The container service name can be accessed with the `Name` identifier, and the template has access to all the labels defined on this container. -```toml tab="File (TOML)" -[providers.ecs] - defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" - # ... -``` - ```yaml tab="File (YAML)" providers: ecs: @@ -156,6 +150,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.ecs] + defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" + # ... +``` + ```bash tab="CLI" --providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) # ... @@ -167,12 +167,6 @@ _Optional, Default=15_ Polling interval (in seconds). -```toml tab="File (TOML)" -[providers.ecs] - refreshSeconds = 15 - # ... -``` - ```yaml tab="File (YAML)" providers: ecs: @@ -180,6 +174,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.ecs] + refreshSeconds = 15 + # ... +``` + ```bash tab="CLI" --providers.ecs.refreshSeconds=15 # ... @@ -198,13 +198,6 @@ If `accessKeyID` and `secretAccessKey` are not provided, credentials are resolve - Using shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`. - Using EC2 instance role or ECS task role -```toml tab="File (TOML)" -[providers.ecs] - region = "us-east-1" - accessKeyID = "abc" - secretAccessKey = "123" -``` - ```yaml tab="File (YAML)" providers: ecs: @@ -214,6 +207,13 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.ecs] + region = "us-east-1" + accessKeyID = "abc" + secretAccessKey = "123" +``` + ```bash tab="CLI" --providers.ecs.region="us-east-1" --providers.ecs.accessKeyID="abc" diff --git a/docs/content/providers/etcd.md b/docs/content/providers/etcd.md index a9bc31fad..2d2ab9ba4 100644 --- a/docs/content/providers/etcd.md +++ b/docs/content/providers/etcd.md @@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2379"_ Defines how to access etcd. -```toml tab="File (TOML)" -[providers.etcd] - endpoints = ["127.0.0.1:2379"] -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -29,6 +24,11 @@ providers: - "127.0.0.1:2379" ``` +```toml tab="File (TOML)" +[providers.etcd] + endpoints = ["127.0.0.1:2379"] +``` + ```bash tab="CLI" --providers.etcd.endpoints=127.0.0.1:2379 ``` @@ -39,17 +39,17 @@ _Required, Default="traefik"_ Defines the root key of the configuration. -```toml tab="File (TOML)" -[providers.etcd] - rootKey = "traefik" -``` - ```yaml tab="File (YAML)" providers: etcd: rootKey: "traefik" ``` +```toml tab="File (TOML)" +[providers.etcd] + rootKey = "traefik" +``` + ```bash tab="CLI" --providers.etcd.rootkey=traefik ``` @@ -60,12 +60,6 @@ _Optional, Default=""_ Defines a username with which to connect to etcd. -```toml tab="File (TOML)" -[providers.etcd] - # ... - username = "foo" -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -73,6 +67,12 @@ providers: usename: "foo" ``` +```toml tab="File (TOML)" +[providers.etcd] + # ... + username = "foo" +``` + ```bash tab="CLI" --providers.etcd.username=foo ``` @@ -83,12 +83,6 @@ _Optional, Default=""_ Defines a password with which to connect to etcd. -```toml tab="File (TOML)" -[providers.etcd] - # ... - password = "bar" -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -96,6 +90,12 @@ providers: password: "bar" ``` +```toml tab="File (TOML)" +[providers.etcd] + # ... + password = "bar" +``` + ```bash tab="CLI" --providers.etcd.password=foo ``` @@ -108,11 +108,6 @@ _Optional_ Certificate Authority used for the secure connection to etcd. -```toml tab="File (TOML)" -[providers.etcd.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -120,6 +115,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.etcd.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.etcd.tls.ca=path/to/ca.crt ``` @@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.etcd.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -148,6 +143,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.etcd.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.etcd.tls.caOptional=true ``` @@ -156,12 +156,6 @@ providers: Public certificate used for the secure connection to etcd. -```toml tab="File (TOML)" -[providers.etcd.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -170,6 +164,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.etcd.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.etcd.tls.cert=path/to/foo.cert --providers.etcd.tls.key=path/to/foo.key @@ -179,12 +179,6 @@ providers: Private certificate used for the secure connection to etcd. -```toml tab="File (TOML)" -[providers.etcd.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -193,6 +187,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.etcd.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.etcd.tls.cert=path/to/foo.cert --providers.etcd.tls.key=path/to/foo.key @@ -202,11 +202,6 @@ providers: If `insecureSkipVerify` is `true`, the TLS connection to etcd accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.etcd.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: etcd: @@ -214,6 +209,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.etcd.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.etcd.tls.insecureSkipVerify=true ``` diff --git a/docs/content/providers/file.md b/docs/content/providers/file.md index b393dd0c9..ceff58686 100644 --- a/docs/content/providers/file.md +++ b/docs/content/providers/file.md @@ -3,7 +3,7 @@ Good Old Configuration File {: .subtitle } -The file provider lets you define the [dynamic configuration](./overview.md) in a TOML or YAML file. +The file provider lets you define the [dynamic configuration](./overview.md) in a YAML or TOML file. It supports providing configuration through a [single configuration file](#filename) or [multiple separate files](#directory). @@ -21,50 +21,23 @@ It supports providing configuration through a [single configuration file](#filen Enabling the file provider: - ```toml tab="File (TOML)" - [providers.file] - directory = "/path/to/dynamic/conf" - ``` - ```yaml tab="File (YAML)" providers: file: directory: "/path/to/dynamic/conf" ``` + ```toml tab="File (TOML)" + [providers.file] + directory = "/path/to/dynamic/conf" + ``` + ```bash tab="CLI" --providers.file.directory=/path/to/dynamic/conf ``` Declaring Routers, Middlewares & Services: - ```toml tab="TOML" - [http] - # Add the router - [http.routers] - [http.routers.router0] - entryPoints = ["web"] - middlewares = ["my-basic-auth"] - service = "service-foo" - rule = "Path(`/foo`)" - - # Add the middleware - [http.middlewares] - [http.middlewares.my-basic-auth.basicAuth] - users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] - usersFile = "etc/traefik/.htpasswd" - - # Add the service - [http.services] - [http.services.service-foo] - [http.services.service-foo.loadBalancer] - [[http.services.service-foo.loadBalancer.servers]] - url = "http://foo/" - [[http.services.service-foo.loadBalancer.servers]] - url = "http://bar/" - ``` - ```yaml tab="YAML" http: # Add the router @@ -96,6 +69,33 @@ It supports providing configuration through a [single configuration file](#filen passHostHeader: false ``` + ```toml tab="TOML" + [http] + # Add the router + [http.routers] + [http.routers.router0] + entryPoints = ["web"] + middlewares = ["my-basic-auth"] + service = "service-foo" + rule = "Path(`/foo`)" + + # Add the middleware + [http.middlewares] + [http.middlewares.my-basic-auth.basicAuth] + users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", + "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] + usersFile = "etc/traefik/.htpasswd" + + # Add the service + [http.services] + [http.services.service-foo] + [http.services.service-foo.loadBalancer] + [[http.services.service-foo.loadBalancer.servers]] + url = "http://foo/" + [[http.services.service-foo.loadBalancer.servers]] + url = "http://bar/" + ``` + ## Provider Configuration For an overview of all the options that can be set with the file provider, see the [dynamic configuration](../reference/dynamic-configuration/file.md) and [static configuration](../reference/static-configuration/overview.md) references. @@ -105,7 +105,7 @@ For an overview of all the options that can be set with the file provider, see t With the file provider, Traefik listens for file system notifications to update the dynamic configuration. If you use a mounted/bound file system in your orchestrator (like docker or kubernetes), the way the files are linked may be a source of errors. - If the link between the file systems is broken, when a source file/directory is changed/renamed, nothing will be reported to the linked file/directory, so the file system notifications will be neither triggered nor caught. + If the link between the file systems is broken, when a source file/directory is changed/renamed, nothing will be reported to the linked file/directory, so the file system notifications will be neither triggered nor caught. For example, in Docker, if the host file is renamed, the link to the mounted file is broken and the container's file is no longer updated. To avoid this kind of issue, it is recommended to: @@ -125,20 +125,20 @@ Defines the path to the configuration file. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`. -```toml tab="File (TOML)" -[providers] - [providers.file] - filename = "/path/to/config/dynamic_conf.toml" -``` - ```yaml tab="File (YAML)" providers: file: filename: /path/to/config/dynamic_conf.yml ``` +```toml tab="File (TOML)" +[providers] + [providers.file] + filename = "/path/to/config/dynamic_conf.toml" +``` + ```bash tab="CLI" ---providers.file.filename=/path/to/config/dynamic_conf.toml +--providers.file.filename=/path/to/config/dynamic_conf.yml ``` ### `directory` @@ -150,18 +150,18 @@ Defines the path to the directory that contains the configuration files. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`. -```toml tab="File (TOML)" -[providers] - [providers.file] - directory = "/path/to/config" -``` - ```yaml tab="File (YAML)" providers: file: directory: /path/to/config ``` +```toml tab="File (TOML)" +[providers] + [providers.file] + directory = "/path/to/config" +``` + ```bash tab="CLI" --providers.file.directory=/path/to/config ``` @@ -171,13 +171,6 @@ providers: Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. -```toml tab="File (TOML)" -[providers] - [providers.file] - directory = "/path/to/dynamic/conf" - watch = true -``` - ```yaml tab="File (YAML)" providers: file: @@ -185,6 +178,13 @@ providers: watch: true ``` +```toml tab="File (TOML)" +[providers] + [providers.file] + directory = "/path/to/dynamic/conf" + watch = true +``` + ```bash tab="CLI" --providers.file.directory=/my/path/to/dynamic/conf --providers.file.watch=true @@ -205,6 +205,44 @@ To illustrate, it is possible to easily define multiple routers, services, and T ??? example "Configuring Using Templating" + ```yaml tab="YAML" + http: + routers: + {{range $i, $e := until 100 }} + router{{ $e }}-{{ env "MY_ENV_VAR" }}: + # ... + {{end}} + + services: + {{range $i, $e := until 100 }} + application{{ $e }}: + # ... + {{end}} + + tcp: + routers: + {{range $i, $e := until 100 }} + router{{ $e }}: + # ... + {{end}} + + services: + {{range $i, $e := until 100 }} + service{{ $e }}: + # ... + {{end}} + + tls: + certificates: + {{ range $i, $e := until 10 }} + - certFile: "/etc/traefik/cert-{{ $e }}.pem" + keyFile: "/etc/traefik/cert-{{ $e }}.key" + store: + - "my-store-foo-{{ $e }}" + - "my-store-bar-{{ $e }}" + {{end}} + ``` + ```toml tab="TOML" # template-rules.toml [http] @@ -248,41 +286,3 @@ To illustrate, it is possible to easily define multiple routers, services, and T # ... {{ end }} ``` - - ```yaml tab="YAML" - http: - routers: - {{range $i, $e := until 100 }} - router{{ $e }}-{{ env "MY_ENV_VAR" }}: - # ... - {{end}} - - services: - {{range $i, $e := until 100 }} - application{{ $e }}: - # ... - {{end}} - - tcp: - routers: - {{range $i, $e := until 100 }} - router{{ $e }}: - # ... - {{end}} - - services: - {{range $i, $e := until 100 }} - service{{ $e }}: - # ... - {{end}} - - tls: - certificates: - {{ range $i, $e := until 10 }} - - certFile: "/etc/traefik/cert-{{ $e }}.pem" - keyFile: "/etc/traefik/cert-{{ $e }}.key" - store: - - "my-store-foo-{{ $e }}" - - "my-store-bar-{{ $e }}" - {{end}} - ``` diff --git a/docs/content/providers/http.md b/docs/content/providers/http.md index 290fb828c..5c611cef9 100644 --- a/docs/content/providers/http.md +++ b/docs/content/providers/http.md @@ -14,11 +14,6 @@ _Required_ Defines the HTTP(S) endpoint to poll. -```toml tab="File (TOML)" -[providers.http] - endpoint = "http://127.0.0.1:9000/api" -``` - ```yaml tab="File (YAML)" providers: http: @@ -26,6 +21,11 @@ providers: - "http://127.0.0.1:9000/api" ``` +```toml tab="File (TOML)" +[providers.http] + endpoint = "http://127.0.0.1:9000/api" +``` + ```bash tab="CLI" --providers.http.endpoint=http://127.0.0.1:9000/api ``` @@ -36,17 +36,17 @@ _Optional, Default="5s"_ Defines the polling interval. -```toml tab="File (TOML)" -[providers.http] - pollInterval = "5s" -``` - ```yaml tab="File (YAML)" providers: http: pollInterval: "5s" ``` +```toml tab="File (TOML)" +[providers.http] + pollInterval = "5s" +``` + ```bash tab="CLI" --providers.http.pollInterval=5s ``` @@ -57,17 +57,17 @@ _Optional, Default="5s"_ Defines the polling timeout when connecting to the configured endpoint. -```toml tab="File (TOML)" -[providers.http] - pollTimeout = "5s" -``` - ```yaml tab="File (YAML)" providers: http: pollTimeout: "5s" ``` +```toml tab="File (TOML)" +[providers.http] + pollTimeout = "5s" +``` + ```bash tab="CLI" --providers.http.pollTimeout=5s ``` @@ -80,11 +80,6 @@ _Optional_ Certificate Authority used for the secure connection to the configured endpoint. -```toml tab="File (TOML)" -[providers.http.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: http: @@ -92,6 +87,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.http.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.http.tls.ca=path/to/ca.crt ``` @@ -108,11 +108,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.http.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: http: @@ -120,6 +115,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.http.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.http.tls.caOptional=true ``` @@ -128,12 +128,6 @@ providers: Public certificate used for the secure connection to the configured endpoint. -```toml tab="File (TOML)" -[providers.http.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: http: @@ -142,6 +136,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.http.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.http.tls.cert=path/to/foo.cert --providers.http.tls.key=path/to/foo.key @@ -151,12 +151,6 @@ providers: Private certificate used for the secure connection to the configured endpoint. -```toml tab="File (TOML)" -[providers.http.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: http: @@ -165,6 +159,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.http.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.http.tls.cert=path/to/foo.cert --providers.http.tls.key=path/to/foo.key @@ -174,11 +174,6 @@ providers: If `insecureSkipVerify` is `true`, the TLS connection to the endpoint accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.http.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: http: @@ -186,6 +181,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.http.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.http.tls.insecureSkipVerify=true ``` diff --git a/docs/content/providers/kubernetes-crd.md b/docs/content/providers/kubernetes-crd.md index 54c7f512a..6f5d64fd7 100644 --- a/docs/content/providers/kubernetes-crd.md +++ b/docs/content/providers/kubernetes-crd.md @@ -15,7 +15,7 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku * Add/update **all** the Traefik resources [definitions](../reference/dynamic-configuration/kubernetes-crd.md#definitions) * Add/update the [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) for the Traefik custom resources - * Use [Helm Chart](../getting-started/install-traefik.md#use-the-helm-chart) or use a custom Traefik Deployment + * Use [Helm Chart](../getting-started/install-traefik.md#use-the-helm-chart) or use a custom Traefik Deployment * Enable the kubernetesCRD provider * Apply the needed kubernetesCRD provider [configuration](#provider-configuration) * Add all necessary Traefik custom [resources](../reference/dynamic-configuration/kubernetes-crd.md#resources) @@ -87,12 +87,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku In this case, the endpoint is required. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. -```toml tab="File (TOML)" -[providers.kubernetesCRD] - endpoint = "http://localhost:8080" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -100,6 +94,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + endpoint = "http://localhost:8080" + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.endpoint=http://localhost:8080 ``` @@ -110,12 +110,6 @@ _Optional, Default=""_ Bearer token used for the Kubernetes client configuration. -```toml tab="File (TOML)" -[providers.kubernetesCRD] - token = "mytoken" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -123,6 +117,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + token = "mytoken" + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.token=mytoken ``` @@ -134,12 +134,6 @@ _Optional, Default=""_ Path to the certificate authority file. Used for the Kubernetes client configuration. -```toml tab="File (TOML)" -[providers.kubernetesCRD] - certAuthFilePath = "/my/ca.crt" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -147,6 +141,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + certAuthFilePath = "/my/ca.crt" + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.certauthfilepath=/my/ca.crt ``` @@ -158,12 +158,6 @@ _Optional, Default: []_ Array of namespaces to watch. If left empty, watches all namespaces if the value of `namespaces`. -```toml tab="File (TOML)" -[providers.kubernetesCRD] - namespaces = ["default", "production"] - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -173,6 +167,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + namespaces = ["default", "production"] + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.namespaces=default,production ``` @@ -192,12 +192,6 @@ See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with- Because the label selector is applied to all Traefik Custom Resources, they all must match the filter. -```toml tab="File (TOML)" -[providers.kubernetesCRD] - labelselector = "app=traefik" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -205,6 +199,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + labelselector = "app=traefik" + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.labelselector="app=traefik" ``` @@ -218,12 +218,6 @@ Value of `kubernetes.io/ingress.class` annotation that identifies resource objec If the parameter is set, only resources containing an annotation with the same value are processed. Otherwise, resources missing the annotation, having an empty value, or the value `traefik` are processed. -```toml tab="File (TOML)" -[providers.kubernetesCRD] - ingressClass = "traefik-internal" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -231,6 +225,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + ingressClass = "traefik-internal" + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.ingressclass=traefik-internal ``` @@ -247,12 +247,6 @@ If left empty, the provider does not apply any throttling and does not drop any The value of `throttleDuration` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers.kubernetesCRD] - throttleDuration = "10s" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -260,6 +254,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + throttleDuration = "10s" + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.throttleDuration=10s ``` @@ -274,12 +274,6 @@ If the parameter is set to `false`, IngressRoutes are not able to reference any Please note that the default value for this option will be set to `false` in a future version. -```toml tab="File (TOML)" -[providers.kubernetesCRD] - allowCrossNamespace = false - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesCRD: @@ -287,6 +281,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesCRD] + allowCrossNamespace = false + # ... +``` + ```bash tab="CLI" --providers.kubernetescrd.allowCrossNamespace=false ``` diff --git a/docs/content/providers/kubernetes-gateway.md b/docs/content/providers/kubernetes-gateway.md index 0cf679d3d..af931b572 100644 --- a/docs/content/providers/kubernetes-gateway.md +++ b/docs/content/providers/kubernetes-gateway.md @@ -15,14 +15,6 @@ This provider is proposed as an experimental feature and partially supports the Since this provider is still experimental, it needs to be activated in the experimental section of the static configuration. - ```toml tab="File (TOML)" - [experimental] - kubernetesGateway = true - - [providers.kubernetesGateway] - #... - ``` - ```yaml tab="File (YAML)" experimental: kubernetesGateway: true @@ -32,6 +24,14 @@ This provider is proposed as an experimental feature and partially supports the #... ``` + ```toml tab="File (TOML)" + [experimental] + kubernetesGateway = true + + [providers.kubernetesGateway] + #... + ``` + ```bash tab="CLI" --experimental.kubernetesgateway=true --providers.kubernetesgateway=true #... ``` @@ -119,12 +119,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku In this case, the endpoint is required. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. -```toml tab="File (TOML)" -[providers.kubernetesGateway] - endpoint = "http://localhost:8080" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesGateway: @@ -132,6 +126,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesGateway] + endpoint = "http://localhost:8080" + # ... +``` + ```bash tab="CLI" --providers.kubernetesgateway.endpoint=http://localhost:8080 ``` @@ -142,12 +142,6 @@ _Optional, Default=""_ Bearer token used for the Kubernetes client configuration. -```toml tab="File (TOML)" -[providers.kubernetesGateway] - token = "mytoken" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesGateway: @@ -155,6 +149,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesGateway] + token = "mytoken" + # ... +``` + ```bash tab="CLI" --providers.kubernetesgateway.token=mytoken ``` @@ -166,12 +166,6 @@ _Optional, Default=""_ Path to the certificate authority file. Used for the Kubernetes client configuration. -```toml tab="File (TOML)" -[providers.kubernetesGateway] - certAuthFilePath = "/my/ca.crt" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesGateway: @@ -179,6 +173,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesGateway] + certAuthFilePath = "/my/ca.crt" + # ... +``` + ```bash tab="CLI" --providers.kubernetesgateway.certauthfilepath=/my/ca.crt ``` @@ -190,12 +190,6 @@ _Optional, Default: []_ Array of namespaces to watch. If left empty, watches all namespaces if the value of `namespaces`. -```toml tab="File (TOML)" -[providers.kubernetesGateway] - namespaces = ["default", "production"] - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesGateway: @@ -205,6 +199,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesGateway] + namespaces = ["default", "production"] + # ... +``` + ```bash tab="CLI" --providers.kubernetesgateway.namespaces=default,production ``` @@ -218,12 +218,6 @@ If left empty, Traefik processes all GatewayClass objects in the configured name See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. -```toml tab="File (TOML)" -[providers.kubernetesGateway] - labelselector = "app=traefik" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesGateway: @@ -231,6 +225,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesGateway] + labelselector = "app=traefik" + # ... +``` + ```bash tab="CLI" --providers.kubernetesgateway.labelselector="app=traefik" ``` @@ -247,12 +247,6 @@ If left empty, the provider does not apply any throttling and does not drop any The value of `throttleDuration` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers.kubernetesGateway] - throttleDuration = "10s" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesGateway: @@ -260,6 +254,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesGateway] + throttleDuration = "10s" + # ... +``` + ```bash tab="CLI" --providers.kubernetesgateway.throttleDuration=10s ``` diff --git a/docs/content/providers/kubernetes-ingress.md b/docs/content/providers/kubernetes-ingress.md index a3b85e876..68d819418 100644 --- a/docs/content/providers/kubernetes-ingress.md +++ b/docs/content/providers/kubernetes-ingress.md @@ -18,15 +18,15 @@ See the dedicated section in [routing](../routing/providers/kubernetes-ingress.m You can enable the provider in the static configuration: -```toml tab="File (TOML)" -[providers.kubernetesIngress] -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: {} ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] +``` + ```bash tab="CLI" --providers.kubernetesingress=true ``` @@ -125,12 +125,6 @@ When the environment variables are not found, Traefik tries to connect to the Ku In this case, the endpoint is required. Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig. -```toml tab="File (TOML)" -[providers.kubernetesIngress] - endpoint = "http://localhost:8080" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -138,6 +132,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + endpoint = "http://localhost:8080" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.endpoint=http://localhost:8080 ``` @@ -148,12 +148,6 @@ _Optional, Default=""_ Bearer token used for the Kubernetes client configuration. -```toml tab="File (TOML)" -[providers.kubernetesIngress] - token = "mytoken" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -161,6 +155,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + token = "mytoken" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.token=mytoken ``` @@ -172,12 +172,6 @@ _Optional, Default=""_ Path to the certificate authority file. Used for the Kubernetes client configuration. -```toml tab="File (TOML)" -[providers.kubernetesIngress] - certAuthFilePath = "/my/ca.crt" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -185,6 +179,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + certAuthFilePath = "/my/ca.crt" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.certauthfilepath=/my/ca.crt ``` @@ -196,12 +196,6 @@ _Optional, Default: []_ Array of namespaces to watch. If left empty, watches all namespaces if the value of `namespaces`. -```toml tab="File (TOML)" -[providers.kubernetesIngress] - namespaces = ["default", "production"] - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -211,6 +205,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + namespaces = ["default", "production"] + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.namespaces=default,production ``` @@ -224,12 +224,6 @@ If left empty, Traefik processes all Ingress objects in the configured namespace See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. -```toml tab="File (TOML)" -[providers.kubernetesIngress] - labelSelector = "app=traefik" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -237,6 +231,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + labelSelector = "app=traefik" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.labelselector="app=traefik" ``` @@ -319,12 +319,6 @@ Otherwise, Ingresses missing the annotation, having an empty value, or the value number: 80 ``` -```toml tab="File (TOML)" -[providers.kubernetesIngress] - ingressClass = "traefik-internal" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -332,6 +326,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + ingressClass = "traefik-internal" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.ingressclass=traefik-internal ``` @@ -344,12 +344,6 @@ _Optional, Default: ""_ Hostname used for Kubernetes Ingress endpoints. -```toml tab="File (TOML)" -[providers.kubernetesIngress.ingressEndpoint] - hostname = "example.net" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -358,6 +352,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress.ingressEndpoint] + hostname = "example.net" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.ingressendpoint.hostname=example.net ``` @@ -368,12 +368,6 @@ _Optional, Default: ""_ IP used for Kubernetes Ingress endpoints. -```toml tab="File (TOML)" -[providers.kubernetesIngress.ingressEndpoint] - ip = "1.2.3.4" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -382,6 +376,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress.ingressEndpoint] + ip = "1.2.3.4" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.ingressendpoint.ip=1.2.3.4 ``` @@ -393,12 +393,6 @@ _Optional, Default: ""_ Published Kubernetes Service to copy status from. Format: `namespace/servicename`. -```toml tab="File (TOML)" -[providers.kubernetesIngress.ingressEndpoint] - publishedService = "namespace/foo-service" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -407,6 +401,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress.ingressEndpoint] + publishedService = "namespace/foo-service" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service ``` @@ -423,12 +423,6 @@ If left empty, the provider does not apply any throttling and does not drop any The value of `throttleDuration` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers.kubernetesIngress] - throttleDuration = "10s" - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -436,6 +430,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + throttleDuration = "10s" + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.throttleDuration=10s ``` @@ -444,12 +444,6 @@ providers: _Optional, Default: false -```toml tab="File (TOML)" -[providers.kubernetesIngress] - allowEmptyServices = true - # ... -``` - ```yaml tab="File (YAML)" providers: kubernetesIngress: @@ -457,6 +451,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.kubernetesIngress] + allowEmptyServices = true + # ... +``` + ```bash tab="CLI" --providers.kubernetesingress.allowEmptyServices=true ``` diff --git a/docs/content/providers/marathon.md b/docs/content/providers/marathon.md index ee973749e..e5428d378 100644 --- a/docs/content/providers/marathon.md +++ b/docs/content/providers/marathon.md @@ -11,15 +11,15 @@ For additional information, refer to [Marathon user guide](../user-guides/marath Enabling the Marathon provider - ```toml tab="File (TOML)" - [providers.marathon] - ``` - ```yaml tab="File (YAML)" providers: marathon: {} ``` + ```toml tab="File (TOML)" + [providers.marathon] + ``` + ```bash tab="CLI" --providers.marathon=true ``` @@ -61,12 +61,6 @@ _Optional_ Enables Marathon basic authentication. -```toml tab="File (TOML)" -[providers.marathon.basic] - httpBasicAuthUser = "foo" - httpBasicPassword = "bar" -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -75,6 +69,12 @@ providers: httpBasicPassword: bar ``` +```toml tab="File (TOML)" +[providers.marathon.basic] + httpBasicAuthUser = "foo" + httpBasicPassword = "bar" +``` + ```bash tab="CLI" --providers.marathon.basic.httpbasicauthuser=foo --providers.marathon.basic.httpbasicpassword=bar @@ -88,12 +88,6 @@ Datacenter Operating System (DCOS) Token for DCOS environment. If set, it overrides the Authorization header. -```toml tab="File (TOML)" -[providers.marathon] - dcosToken = "xxxxxx" - # ... -``` - ```toml tab="File (YAML)" providers: marathon: @@ -101,6 +95,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + dcosToken = "xxxxxx" + # ... +``` + ```bash tab="CLI" --providers.marathon.dcosToken=xxxxxx ``` @@ -119,12 +119,6 @@ and can include [sprig template functions](http://masterminds.github.io/sprig/). The app ID can be accessed with the `Name` identifier, and the template has access to all the labels defined on this Marathon application. -```toml tab="File (TOML)" -[providers.marathon] - defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -132,6 +126,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" + # ... +``` + ```bash tab="CLI" --providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) # ... @@ -147,19 +147,19 @@ when trying to open a TCP connection to a Marathon master. The value of `dialerTimeout` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers.marathon] - dialerTimeout = "10s" - # ... -``` - -```toml tab="File (YAML)" +```yaml tab="File (YAML)" providers: marathon: dialerTimeout: "10s" # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + dialerTimeout = "10s" + # ... +``` + ```bash tab="CLI" --providers.marathon.dialerTimeout=10s ``` @@ -172,19 +172,19 @@ Marathon server endpoint. You can optionally specify multiple endpoints. -```toml tab="File (TOML)" -[providers.marathon] - endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080" - # ... -``` - -```toml tab="File (YAML)" +```yaml tab="File (YAML)" providers: marathon: endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080" # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080" + # ... +``` + ```bash tab="CLI" --providers.marathon.endpoint=http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080 ``` @@ -199,12 +199,6 @@ If set to `false`, applications that do not have a `traefik.enable=true` label a For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -```toml tab="File (TOML)" -[providers.marathon] - exposedByDefault = false - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -212,6 +206,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + exposedByDefault = false + # ... +``` + ```bash tab="CLI" --providers.marathon.exposedByDefault=false # ... @@ -274,12 +274,6 @@ In addition, to match against Marathon constraints, the function `MarathonConstr For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -```toml tab="File (TOML)" -[providers.marathon] - constraints = "Label(`a.label.name`,`foo`)" - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -287,6 +281,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + constraints = "Label(`a.label.name`,`foo`)" + # ... +``` + ```bash tab="CLI" --providers.marathon.constraints=Label(`a.label.name`,`foo`) # ... @@ -300,12 +300,6 @@ By default, the task IP address (as returned by the Marathon API) is used as bac otherwise, the name of the host running the task is used. The latter behavior can be enforced by setting this option to `true`. -```toml tab="File (TOML)" -[providers.marathon] - forceTaskHostname = true - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -313,6 +307,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + forceTaskHostname = true + # ... +``` + ```bash tab="CLI" --providers.marathon.forceTaskHostname=true # ... @@ -326,12 +326,6 @@ Set the TCP Keep Alive duration for the Marathon HTTP Client. The value of `keepAlive` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers.marathon] - keepAlive = "30s" - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -339,6 +333,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + keepAlive = "30s" + # ... +``` + ```bash tab="CLI" --providers.marathon.keepAlive=30s # ... @@ -354,12 +354,6 @@ Note that the checks are only valid during deployments. See the Marathon guide for details. -```toml tab="File (TOML)" -[providers.marathon] - respectReadinessChecks = true - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -367,6 +361,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + respectReadinessChecks = true + # ... +``` + ```bash tab="CLI" --providers.marathon.respectReadinessChecks=true # ... @@ -382,12 +382,6 @@ from a Marathon master. The value of `responseHeaderTimeout` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers.marathon] - responseHeaderTimeout = "66s" - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -395,6 +389,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + responseHeaderTimeout = "66s" + # ... +``` + ```bash tab="CLI" --providers.marathon.responseHeaderTimeout=66s # ... @@ -408,11 +408,6 @@ _Optional_ Certificate Authority used for the secure connection to Marathon. -```toml tab="File (TOML)" -[providers.marathon.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -420,6 +415,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.marathon.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.marathon.tls.ca=path/to/ca.crt ``` @@ -436,11 +436,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.marathon.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -448,6 +443,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.marathon.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.marathon.tls.caOptional=true ``` @@ -456,12 +456,6 @@ providers: Public certificate used for the secure connection to Marathon. -```toml tab="File (TOML)" -[providers.marathon.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -470,6 +464,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.marathon.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.marathon.tls.cert=path/to/foo.cert --providers.marathon.tls.key=path/to/foo.key @@ -479,12 +479,6 @@ providers: Private certificate used for the secure connection to Marathon. -```toml tab="File (TOML)" -[providers.marathon.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -493,6 +487,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.marathon.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.marathon.tls.cert=path/to/foo.cert --providers.marathon.tls.key=path/to/foo.key @@ -502,11 +502,6 @@ providers: If `insecureSkipVerify` is `true`, the TLS connection to Marathon accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.marathon.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -514,6 +509,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.marathon.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.marathon.tls.insecureSkipVerify=true ``` @@ -528,12 +528,6 @@ when waiting for the TLS handshake to complete. The value of `tlsHandshakeTimeout` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers.marathon] - responseHeaderTimeout = "10s" - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -541,6 +535,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + responseHeaderTimeout = "10s" + # ... +``` + ```bash tab="CLI" --providers.marathon.responseHeaderTimeout=10s # ... @@ -552,12 +552,6 @@ _Optional, Default=false_ Displays additional provider logs when available. -```toml tab="File (TOML)" -[providers.marathon] - trace = true - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -565,6 +559,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + trace = true + # ... +``` + ```bash tab="CLI" --providers.marathon.trace=true # ... @@ -576,12 +576,6 @@ _Optional, Default=true_ When set to `true`, watches for Marathon changes. -```toml tab="File (TOML)" -[providers.marathon] - watch = false - # ... -``` - ```yaml tab="File (YAML)" providers: marathon: @@ -589,6 +583,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.marathon] + watch = false + # ... +``` + ```bash tab="CLI" --providers.marathon.watch=false # ... diff --git a/docs/content/providers/overview.md b/docs/content/providers/overview.md index 35f478a11..bbd97f4d2 100644 --- a/docs/content/providers/overview.md +++ b/docs/content/providers/overview.md @@ -49,12 +49,6 @@ separator, and the provider name. Declaring the add-foo-prefix in the file provider. - ```toml tab="File (TOML)" - [http.middlewares] - [http.middlewares.add-foo-prefix.addPrefix] - prefix = "/foo" - ``` - ```yaml tab="File (YAML)" http: middlewares: @@ -63,6 +57,12 @@ separator, and the provider name. prefix: "/foo" ``` + ```toml tab="File (TOML)" + [http.middlewares] + [http.middlewares.add-foo-prefix.addPrefix] + prefix = "/foo" + ``` + Using the add-foo-prefix middleware from other providers: ```yaml tab="Docker" @@ -133,7 +133,7 @@ Below is the list of the currently supported providers in Traefik. | [ECS](./ecs.md) | Orchestrator | Label | | [Marathon](./marathon.md) | Orchestrator | Label | | [Rancher](./rancher.md) | Orchestrator | Label | -| [File](./file.md) | Manual | TOML/YAML format | +| [File](./file.md) | Manual | YAML/TOML format | | [Consul](./consul.md) | KV | KV | | [Etcd](./etcd.md) | KV | KV | | [ZooKeeper](./zookeeper.md) | KV | KV | @@ -169,16 +169,16 @@ but the throttling algorithm applies to each of them independently. The value of `providers.providersThrottleDuration` should be provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). -```toml tab="File (TOML)" -[providers] - providers.providersThrottleDuration = 10s -``` - ```yaml tab="File (YAML)" providers: providersThrottleDuration: 10s ``` +```toml tab="File (TOML)" +[providers] + providers.providersThrottleDuration = 10s +``` + ```bash tab="CLI" --providers.providersThrottleDuration=10s ``` diff --git a/docs/content/providers/rancher.md b/docs/content/providers/rancher.md index 5a86d4b32..c30569087 100644 --- a/docs/content/providers/rancher.md +++ b/docs/content/providers/rancher.md @@ -18,15 +18,15 @@ Attach labels to your services and let Traefik do the rest! Enabling the Rancher provider - ```toml tab="File (TOML)" - [providers.rancher] - ``` - ```yaml tab="File (YAML)" providers: rancher: {} ``` + ```toml tab="File (TOML)" + [providers.rancher] + ``` + ```bash tab="CLI" --providers.rancher=true ``` @@ -48,14 +48,14 @@ See the dedicated section in [routing](../routing/providers/rancher.md). For an overview of all the options that can be set with the Rancher provider, see the following snippets: - ```toml tab="File (TOML)" - --8<-- "content/providers/rancher.toml" - ``` - ```yaml tab="File (YAML)" --8<-- "content/providers/rancher.yml" ``` + ```toml tab="File (TOML)" + --8<-- "content/providers/rancher.toml" + ``` + ```bash tab="CLI" --8<-- "content/providers/rancher.txt" ``` @@ -69,12 +69,6 @@ If set to `false`, services that do not have a `traefik.enable=true` label are i For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -```toml tab="File (TOML)" -[providers.rancher] - exposedByDefault = false - # ... -``` - ```yaml tab="File (YAML)" providers: rancher: @@ -82,6 +76,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.rancher] + exposedByDefault = false + # ... +``` + ```bash tab="CLI" --providers.rancher.exposedByDefault=false # ... @@ -102,12 +102,6 @@ and the template has access to all the labels defined on this container. This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label. -```toml tab="File (TOML)" -[providers.rancher] - defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" - # ... -``` - ```yaml tab="File (YAML)" providers: rancher: @@ -115,6 +109,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.rancher] + defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)" + # ... +``` + ```bash tab="CLI" --providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`) # ... @@ -126,12 +126,6 @@ _Optional, Default=true_ Filter out services with unhealthy states and inactive states. -```toml tab="File (TOML)" -[providers.rancher] - enableServiceHealthFilter = false - # ... -``` - ```yaml tab="File (YAML)" providers: rancher: @@ -139,6 +133,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.rancher] + enableServiceHealthFilter = false + # ... +``` + ```bash tab="CLI" --providers.rancher.enableServiceHealthFilter=false # ... @@ -150,12 +150,6 @@ _Optional, Default=15_ Defines the polling interval (in seconds). -```toml tab="File (TOML)" -[providers.rancher] - refreshSeconds = 30 - # ... -``` - ```yaml tab="File (YAML)" providers: rancher: @@ -163,6 +157,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.rancher] + refreshSeconds = 30 + # ... +``` + ```bash tab="CLI" --providers.rancher.refreshSeconds=30 # ... @@ -175,12 +175,6 @@ _Optional, Default=false_ Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate than the default long polling technique which provides near instantaneous updates to Traefik. -```toml tab="File (TOML)" -[providers.rancher] - intervalPoll = true - # ... -``` - ```yaml tab="File (YAML)" providers: rancher: @@ -188,6 +182,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.rancher] + intervalPoll = true + # ... +``` + ```bash tab="CLI" --providers.rancher.intervalPoll=true # ... @@ -199,12 +199,6 @@ _Optional, Default="/latest"_ Prefix used for accessing the Rancher metadata service. -```toml tab="File (TOML)" -[providers.rancher] - prefix = "/test" - # ... -``` - ```yaml tab="File (YAML)" providers: rancher: @@ -212,6 +206,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.rancher] + prefix = "/test" + # ... +``` + ```bash tab="CLI" --providers.rancher.prefix=/test # ... @@ -262,12 +262,6 @@ the usual boolean logic, as shown in examples below. For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). -```toml tab="File (TOML)" -[providers.rancher] - constraints = "Label(`a.label.name`,`foo`)" - # ... -``` - ```yaml tab="File (YAML)" providers: rancher: @@ -275,6 +269,12 @@ providers: # ... ``` +```toml tab="File (TOML)" +[providers.rancher] + constraints = "Label(`a.label.name`,`foo`)" + # ... +``` + ```bash tab="CLI" --providers.rancher.constraints=Label(`a.label.name`,`foo`) # ... diff --git a/docs/content/providers/redis.md b/docs/content/providers/redis.md index abf16cdf9..d38cdcd7f 100644 --- a/docs/content/providers/redis.md +++ b/docs/content/providers/redis.md @@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:6379"_ Defines how to access to Redis. -```toml tab="File (TOML)" -[providers.redis] - endpoints = ["127.0.0.1:6379"] -``` - ```yaml tab="File (YAML)" providers: redis: @@ -29,6 +24,11 @@ providers: - "127.0.0.1:6379" ``` +```toml tab="File (TOML)" +[providers.redis] + endpoints = ["127.0.0.1:6379"] +``` + ```bash tab="CLI" --providers.redis.endpoints=127.0.0.1:6379 ``` @@ -39,17 +39,17 @@ _Required, Default="traefik"_ Defines the root key of the configuration. -```toml tab="File (TOML)" -[providers.redis] - rootKey = "traefik" -``` - ```yaml tab="File (YAML)" providers: redis: rootKey: "traefik" ``` +```toml tab="File (TOML)" +[providers.redis] + rootKey = "traefik" +``` + ```bash tab="CLI" --providers.redis.rootkey=traefik ``` @@ -60,12 +60,6 @@ _Optional, Default=""_ Defines a username to connect with Redis. -```toml tab="File (TOML)" -[providers.redis] - # ... - username = "foo" -``` - ```yaml tab="File (YAML)" providers: redis: @@ -73,6 +67,12 @@ providers: usename: "foo" ``` +```toml tab="File (TOML)" +[providers.redis] + # ... + username = "foo" +``` + ```bash tab="CLI" --providers.redis.username=foo ``` @@ -83,12 +83,6 @@ _Optional, Default=""_ Defines a password to connect with Redis. -```toml tab="File (TOML)" -[providers.redis] - # ... - password = "bar" -``` - ```yaml tab="File (YAML)" providers: redis: @@ -96,6 +90,12 @@ providers: password: "bar" ``` +```toml tab="File (TOML)" +[providers.redis] + # ... + password = "bar" +``` + ```bash tab="CLI" --providers.redis.password=foo ``` @@ -108,11 +108,6 @@ _Optional_ Certificate Authority used for the secure connection to Redis. -```toml tab="File (TOML)" -[providers.redis.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: redis: @@ -120,6 +115,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.redis.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.redis.tls.ca=path/to/ca.crt ``` @@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.redis.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: redis: @@ -148,6 +143,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.redis.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.redis.tls.caOptional=true ``` @@ -156,12 +156,6 @@ providers: Public certificate used for the secure connection to Redis. -```toml tab="File (TOML)" -[providers.redis.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: redis: @@ -170,6 +164,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.redis.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.redis.tls.cert=path/to/foo.cert --providers.redis.tls.key=path/to/foo.key @@ -179,12 +179,6 @@ providers: Private certificate used for the secure connection to Redis. -```toml tab="File (TOML)" -[providers.redis.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: redis: @@ -193,6 +187,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.redis.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.redis.tls.cert=path/to/foo.cert --providers.redis.tls.key=path/to/foo.key @@ -202,11 +202,6 @@ providers: If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.redis.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: redis: @@ -214,6 +209,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.redis.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.redis.tls.insecureSkipVerify=true ``` diff --git a/docs/content/providers/zookeeper.md b/docs/content/providers/zookeeper.md index 1cb354e53..e749a42bf 100644 --- a/docs/content/providers/zookeeper.md +++ b/docs/content/providers/zookeeper.md @@ -17,11 +17,6 @@ _Required, Default="127.0.0.1:2181"_ Defines how to access to ZooKeeper. -```toml tab="File (TOML)" -[providers.zooKeeper] - endpoints = ["127.0.0.1:2181"] -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -29,6 +24,11 @@ providers: - "127.0.0.1:2181" ``` +```toml tab="File (TOML)" +[providers.zooKeeper] + endpoints = ["127.0.0.1:2181"] +``` + ```bash tab="CLI" --providers.zookeeper.endpoints=127.0.0.1:2181 ``` @@ -39,17 +39,17 @@ _Required, Default="traefik"_ Defines the root key of the configuration. -```toml tab="File (TOML)" -[providers.zooKeeper] - rootKey = "traefik" -``` - ```yaml tab="File (YAML)" providers: zooKeeper: rootKey: "traefik" ``` +```toml tab="File (TOML)" +[providers.zooKeeper] + rootKey = "traefik" +``` + ```bash tab="CLI" --providers.zookeeper.rootkey=traefik ``` @@ -60,12 +60,6 @@ _Optional, Default=""_ Defines a username to connect with ZooKeeper. -```toml tab="File (TOML)" -[providers.zooKeeper] - # ... - username = "foo" -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -73,6 +67,12 @@ providers: usename: "foo" ``` +```toml tab="File (TOML)" +[providers.zooKeeper] + # ... + username = "foo" +``` + ```bash tab="CLI" --providers.zookeeper.username=foo ``` @@ -83,12 +83,6 @@ _Optional, Default=""_ Defines a password to connect with ZooKeeper. -```toml tab="File (TOML)" -[providers.zooKeeper] - # ... - password = "bar" -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -96,6 +90,12 @@ providers: password: "bar" ``` +```toml tab="File (TOML)" +[providers.zooKeeper] + # ... + password = "bar" +``` + ```bash tab="CLI" --providers.zookeeper.password=foo ``` @@ -108,11 +108,6 @@ _Optional_ Certificate Authority used for the secure connection to ZooKeeper. -```toml tab="File (TOML)" -[providers.zooKeeper.tls] - ca = "path/to/ca.crt" -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -120,6 +115,11 @@ providers: ca: path/to/ca.crt ``` +```toml tab="File (TOML)" +[providers.zooKeeper.tls] + ca = "path/to/ca.crt" +``` + ```bash tab="CLI" --providers.zookeeper.tls.ca=path/to/ca.crt ``` @@ -136,11 +136,6 @@ When this option is set to `true`, a client certificate is requested during the When this option is set to `false`, a client certificate is requested during the handshake, and at least one valid certificate should be sent by the client. -```toml tab="File (TOML)" -[providers.zooKeeper.tls] - caOptional = true -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -148,6 +143,11 @@ providers: caOptional: true ``` +```toml tab="File (TOML)" +[providers.zooKeeper.tls] + caOptional = true +``` + ```bash tab="CLI" --providers.zookeeper.tls.caOptional=true ``` @@ -156,12 +156,6 @@ providers: Public certificate used for the secure connection to ZooKeeper. -```toml tab="File (TOML)" -[providers.zooKeeper.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -170,6 +164,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.zooKeeper.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.zookeeper.tls.cert=path/to/foo.cert --providers.zookeeper.tls.key=path/to/foo.key @@ -179,12 +179,6 @@ providers: Private certificate used for the secure connection to ZooKeeper. -```toml tab="File (TOML)" -[providers.zooKeeper.tls] - cert = "path/to/foo.cert" - key = "path/to/foo.key" -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -193,6 +187,12 @@ providers: key: path/to/foo.key ``` +```toml tab="File (TOML)" +[providers.zooKeeper.tls] + cert = "path/to/foo.cert" + key = "path/to/foo.key" +``` + ```bash tab="CLI" --providers.zookeeper.tls.cert=path/to/foo.cert --providers.zookeeper.tls.key=path/to/foo.key @@ -202,11 +202,6 @@ providers: If `insecureSkipVerify` is `true`, the TLS connection to Zookeeper accepts any certificate presented by the server regardless of the hostnames it covers. -```toml tab="File (TOML)" -[providers.zooKeeper.tls] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" providers: zooKeeper: @@ -214,6 +209,11 @@ providers: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +[providers.zooKeeper.tls] + insecureSkipVerify = true +``` + ```bash tab="CLI" --providers.zookeeper.tls.insecureSkipVerify=true ``` diff --git a/docs/content/reference/dynamic-configuration/file.md b/docs/content/reference/dynamic-configuration/file.md index 754e6d35d..49986c88f 100644 --- a/docs/content/reference/dynamic-configuration/file.md +++ b/docs/content/reference/dynamic-configuration/file.md @@ -3,10 +3,10 @@ Dynamic configuration with files {: .subtitle } -```toml tab="TOML" ---8<-- "content/reference/dynamic-configuration/file.toml" -``` - ```yml tab="YAML" --8<-- "content/reference/dynamic-configuration/file.yaml" ``` + +```toml tab="TOML" +--8<-- "content/reference/dynamic-configuration/file.toml" +``` diff --git a/docs/content/reference/static-configuration/cli-ref.md b/docs/content/reference/static-configuration/cli-ref.md index 6733467c8..f433e666e 100644 --- a/docs/content/reference/static-configuration/cli-ref.md +++ b/docs/content/reference/static-configuration/cli-ref.md @@ -538,7 +538,7 @@ KV Username Enable debug logging of generated configuration template. (Default: ```false```) `--providers.file.directory`: -Load dynamic configuration from one or more .toml or .yml files in a directory. +Load dynamic configuration from one or more .yml or .toml files in a directory. `--providers.file.filename`: Load dynamic configuration from a file. diff --git a/docs/content/reference/static-configuration/env-ref.md b/docs/content/reference/static-configuration/env-ref.md index f5ce04332..acf678c53 100644 --- a/docs/content/reference/static-configuration/env-ref.md +++ b/docs/content/reference/static-configuration/env-ref.md @@ -538,7 +538,7 @@ KV Username Enable debug logging of generated configuration template. (Default: ```false```) `TRAEFIK_PROVIDERS_FILE_DIRECTORY`: -Load dynamic configuration from one or more .toml or .yml files in a directory. +Load dynamic configuration from one or more .yml or .toml files in a directory. `TRAEFIK_PROVIDERS_FILE_FILENAME`: Load dynamic configuration from a file. diff --git a/docs/content/reference/static-configuration/file.md b/docs/content/reference/static-configuration/file.md index 6fa3daf4f..2ea52b8ae 100644 --- a/docs/content/reference/static-configuration/file.md +++ b/docs/content/reference/static-configuration/file.md @@ -1,9 +1,9 @@ # Static Configuration: File -```toml tab="TOML" ---8<-- "content/reference/static-configuration/file.toml" -``` - ```yml tab="YAML" --8<-- "content/reference/static-configuration/file.yaml" ``` + +```toml tab="TOML" +--8<-- "content/reference/static-configuration/file.toml" +``` diff --git a/docs/content/reference/static-configuration/file.toml b/docs/content/reference/static-configuration/file.toml index 92d9ba767..df9dd51cb 100644 --- a/docs/content/reference/static-configuration/file.toml +++ b/docs/content/reference/static-configuration/file.toml @@ -386,6 +386,7 @@ [pilot] token = "foobar" + dashboard = true [experimental] kubernetesGateway = true diff --git a/docs/content/reference/static-configuration/file.yaml b/docs/content/reference/static-configuration/file.yaml index 0ac2decbf..cfbebd2f4 100644 --- a/docs/content/reference/static-configuration/file.yaml +++ b/docs/content/reference/static-configuration/file.yaml @@ -407,6 +407,7 @@ certificatesResolvers: tlsChallenge: {} pilot: token: foobar + dashboard: true experimental: kubernetesGateway: true http3: true diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index 36db2cc9f..69f917143 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -13,20 +13,20 @@ and whether to listen for TCP or UDP. ??? example "Port 80 only" - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - ``` - ```yaml tab="File (YAML)" ## Static configuration entryPoints: web: address: ":80" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.web.address=:80 @@ -34,28 +34,28 @@ and whether to listen for TCP or UDP. We define an `entrypoint` called `web` that will listen on port `80`. -??? example "Port 80 & 443" +??? example "Port 80 & 443" + + ```yaml tab="File (YAML)" + ## Static configuration + entryPoints: + web: + address: ":80" + + websecure: + address: ":443" + ``` ```toml tab="File (TOML)" ## Static configuration [entryPoints] [entryPoints.web] address = ":80" - + [entryPoints.websecure] address = ":443" ``` - - ```yaml tab="File (YAML)" - ## Static configuration - entryPoints: - web: - address: ":80" - - websecure: - address: ":443" - ``` - + ```bash tab="CLI" ## Static configuration --entryPoints.web.address=:80 @@ -63,17 +63,10 @@ and whether to listen for TCP or UDP. ``` - Two entrypoints are defined: one called `web`, and the other called `websecure`. - - `web` listens on port `80`, and `websecure` on port `443`. + - `web` listens on port `80`, and `websecure` on port `443`. ??? example "UDP on port 1704" - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.streaming] - address = ":1704/udp" - ``` - ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -81,6 +74,13 @@ and whether to listen for TCP or UDP. address: ":1704/udp" ``` + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.streaming] + address = ":1704/udp" + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.streaming.address=:1704/udp @@ -91,32 +91,10 @@ and whether to listen for TCP or UDP. ### General EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). -They can be defined by using a file (TOML or YAML) or CLI arguments. +They can be defined by using a file (YAML or TOML) or CLI arguments. ??? info "See the complete reference for the list of available options" - - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.name] - address = ":8888" # same as ":8888/tcp" - enableHTTP3 = true - [entryPoints.name.transport] - [entryPoints.name.transport.lifeCycle] - requestAcceptGraceTimeout = 42 - graceTimeOut = 42 - [entryPoints.name.transport.respondingTimeouts] - readTimeout = 42 - writeTimeout = 42 - idleTimeout = 42 - [entryPoints.name.proxyProtocol] - insecure = true - trustedIPs = ["127.0.0.1", "192.168.0.1"] - [entryPoints.name.forwardedHeaders] - insecure = true - trustedIPs = ["127.0.0.1", "192.168.0.1"] - ``` - + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -142,7 +120,29 @@ They can be defined by using a file (TOML or YAML) or CLI arguments. - "127.0.0.1" - "192.168.0.1" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.name] + address = ":8888" # same as ":8888/tcp" + enableHTTP3 = true + [entryPoints.name.transport] + [entryPoints.name.transport.lifeCycle] + requestAcceptGraceTimeout = 42 + graceTimeOut = 42 + [entryPoints.name.transport.respondingTimeouts] + readTimeout = 42 + writeTimeout = 42 + idleTimeout = 42 + [entryPoints.name.proxyProtocol] + insecure = true + trustedIPs = ["127.0.0.1", "192.168.0.1"] + [entryPoints.name.forwardedHeaders] + insecure = true + trustedIPs = ["127.0.0.1", "192.168.0.1"] + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.name.address=:8888 # same as :8888/tcp @@ -173,15 +173,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar ??? example "Both TCP and UDP on Port 3179" - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.tcpep] - address = ":3179" - [entryPoints.udpep] - address = ":3179/udp" - ``` - ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -191,6 +182,15 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar address: ":3179/udp" ``` + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.tcpep] + address = ":3179" + [entryPoints.udpep] + address = ":3179/udp" + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.tcpep.address=:3179 @@ -199,13 +199,6 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar ??? example "Listen on Specific IP Addresses Only" - ```toml tab="File (TOML)" - [entryPoints.specificIPv4] - address = "192.168.2.7:8888" - [entryPoints.specificIPv6] - address = "[2001:db8::1]:8888" - ``` - ```yaml tab="File (yaml)" entryPoints: specificIPv4: @@ -213,12 +206,19 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar specificIPv6: address: "[2001:db8::1]:8888" ``` - + + ```toml tab="File (TOML)" + [entryPoints.specificIPv4] + address = "192.168.2.7:8888" + [entryPoints.specificIPv6] + address = "[2001:db8::1]:8888" + ``` + ```bash tab="CLI" --entrypoints.specificIPv4.address=192.168.2.7:8888 --entrypoints.specificIPv6.address=[2001:db8::1]:8888 ``` - + Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go. ### EnableHTTP3 @@ -235,15 +235,7 @@ Enabling HTTP3 will automatically add the correct headers for the connection upg !!! warning "Enabling Experimental HTTP3" As the HTTP3 spec is still in draft, HTTP3 support in Traefik is an experimental feature and needs to be activated - in the experimental section of the static configuration. - - ```toml tab="File (TOML)" - [experimental] - http3 = true - - [entryPoints.name] - enableHTTP3 = true - ``` + in the experimental section of the static configuration. ```yaml tab="File (YAML)" experimental: @@ -253,6 +245,14 @@ Enabling HTTP3 will automatically add the correct headers for the connection upg name: enableHTTP3: true ``` + + ```toml tab="File (TOML)" + [experimental] + http3 = true + + [entryPoints.name] + enableHTTP3 = true + ``` ```bash tab="CLI" --experimental.http3=true --entrypoints.name.enablehttp3=true @@ -263,19 +263,9 @@ Enabling HTTP3 will automatically add the correct headers for the connection upg You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`). ??? info "`forwardedHeaders.trustedIPs`" - + Trusting Forwarded Headers from specific IPs. - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - - [entryPoints.web.forwardedHeaders] - trustedIPs = ["127.0.0.1/32", "192.168.1.7"] - ``` - ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -286,7 +276,17 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward - "127.0.0.1/32" - "192.168.1.7" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web.forwardedHeaders] + trustedIPs = ["127.0.0.1/32", "192.168.1.7"] + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.web.address=:80 @@ -294,19 +294,9 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward ``` ??? info "`forwardedHeaders.insecure`" - + Insecure Mode (Always Trusting Forwarded Headers). - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - - [entryPoints.web.forwardedHeaders] - insecure = true - ``` - ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -315,7 +305,17 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward forwardedHeaders: insecure: true ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web.forwardedHeaders] + insecure = true + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.web.address=:80 @@ -330,25 +330,15 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward Setting them has no effect for UDP entryPoints. ??? info "`transport.respondingTimeouts.readTimeout`" - + _Optional, Default=0s_ - - `readTimeout` is the maximum duration for reading the entire request, including the body. - + + `readTimeout` is the maximum duration for reading the entire request, including the body. + If zero, no timeout exists. Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). If no units are provided, the value is parsed assuming seconds. - - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.name] - address = ":8888" - [entryPoints.name.transport] - [entryPoints.name.transport.respondingTimeouts] - readTimeout = 42 - ``` - + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -358,24 +348,7 @@ Setting them has no effect for UDP entryPoints. respondingTimeouts: readTimeout: 42 ``` - - ```bash tab="CLI" - ## Static configuration - --entryPoints.name.address=:8888 - --entryPoints.name.transport.respondingTimeouts.readTimeout=42 - ``` -??? info "`transport.respondingTimeouts.writeTimeout`" - - _Optional, Default=0s_ - - `writeTimeout` is the maximum duration before timing out writes of the response. - - It covers the time from the end of the request header read to the end of the response write. - If zero, no timeout exists. - Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). - If no units are provided, the value is parsed assuming seconds. - ```toml tab="File (TOML)" ## Static configuration [entryPoints] @@ -383,9 +356,26 @@ Setting them has no effect for UDP entryPoints. address = ":8888" [entryPoints.name.transport] [entryPoints.name.transport.respondingTimeouts] - writeTimeout = 42 + readTimeout = 42 ``` - + + ```bash tab="CLI" + ## Static configuration + --entryPoints.name.address=:8888 + --entryPoints.name.transport.respondingTimeouts.readTimeout=42 + ``` + +??? info "`transport.respondingTimeouts.writeTimeout`" + + _Optional, Default=0s_ + + `writeTimeout` is the maximum duration before timing out writes of the response. + + It covers the time from the end of the request header read to the end of the response write. + If zero, no timeout exists. + Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). + If no units are provided, the value is parsed assuming seconds. + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -395,23 +385,7 @@ Setting them has no effect for UDP entryPoints. respondingTimeouts: writeTimeout: 42 ``` - - ```bash tab="CLI" - ## Static configuration - --entryPoints.name.address=:8888 - --entryPoints.name.transport.respondingTimeouts.writeTimeout=42 - ``` -??? info "`transport.respondingTimeouts.idleTimeout`" - - _Optional, Default=180s_ - - `idleTimeout` is the maximum duration an idle (keep-alive) connection will remain idle before closing itself. - - If zero, no timeout exists. - Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). - If no units are provided, the value is parsed assuming seconds. - ```toml tab="File (TOML)" ## Static configuration [entryPoints] @@ -419,9 +393,25 @@ Setting them has no effect for UDP entryPoints. address = ":8888" [entryPoints.name.transport] [entryPoints.name.transport.respondingTimeouts] - idleTimeout = 42 + writeTimeout = 42 ``` - + + ```bash tab="CLI" + ## Static configuration + --entryPoints.name.address=:8888 + --entryPoints.name.transport.respondingTimeouts.writeTimeout=42 + ``` + +??? info "`transport.respondingTimeouts.idleTimeout`" + + _Optional, Default=180s_ + + `idleTimeout` is the maximum duration an idle (keep-alive) connection will remain idle before closing itself. + + If zero, no timeout exists. + Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). + If no units are provided, the value is parsed assuming seconds. + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -431,7 +421,17 @@ Setting them has no effect for UDP entryPoints. respondingTimeouts: idleTimeout: 42 ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.name] + address = ":8888" + [entryPoints.name.transport] + [entryPoints.name.transport.respondingTimeouts] + idleTimeout = 42 + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.name.address=:8888 @@ -443,27 +443,17 @@ Setting them has no effect for UDP entryPoints. Controls the behavior of Traefik during the shutdown phase. ??? info "`lifeCycle.requestAcceptGraceTimeout`" - + _Optional, Default=0s_ - + Duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `graceTimeOut` option). This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. - + Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). - + If no units are provided, the value is parsed assuming seconds. The zero duration disables the request accepting grace period, i.e., Traefik will immediately proceed to the grace period. - - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.name] - address = ":8888" - [entryPoints.name.transport] - [entryPoints.name.transport.lifeCycle] - requestAcceptGraceTimeout = 42 - ``` - + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -473,25 +463,7 @@ Controls the behavior of Traefik during the shutdown phase. lifeCycle: requestAcceptGraceTimeout: 42 ``` - - ```bash tab="CLI" - ## Static configuration - --entryPoints.name.address=:8888 - --entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42 - ``` -??? info "`lifeCycle.graceTimeOut`" - - _Optional, Default=10s_ - - Duration to give active requests a chance to finish before Traefik stops. - - Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). - - If no units are provided, the value is parsed assuming seconds. - - !!! warning "In this time frame no new requests are accepted." - ```toml tab="File (TOML)" ## Static configuration [entryPoints] @@ -499,9 +471,27 @@ Controls the behavior of Traefik during the shutdown phase. address = ":8888" [entryPoints.name.transport] [entryPoints.name.transport.lifeCycle] - graceTimeOut = 42 + requestAcceptGraceTimeout = 42 ``` - + + ```bash tab="CLI" + ## Static configuration + --entryPoints.name.address=:8888 + --entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42 + ``` + +??? info "`lifeCycle.graceTimeOut`" + + _Optional, Default=10s_ + + Duration to give active requests a chance to finish before Traefik stops. + + Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). + + If no units are provided, the value is parsed assuming seconds. + + !!! warning "In this time frame no new requests are accepted." + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -511,7 +501,17 @@ Controls the behavior of Traefik during the shutdown phase. lifeCycle: graceTimeOut: 42 ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.name] + address = ":8888" + [entryPoints.name.transport] + [entryPoints.name.transport.lifeCycle] + graceTimeOut = 42 + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.name.address=:8888 @@ -526,20 +526,10 @@ If Proxy Protocol header parsing is enabled for the entry point, this entry poin If the Proxy Protocol header is passed, then the version is determined automatically. -??? info "`proxyProtocol.trustedIPs`" - +??? info "`proxyProtocol.trustedIPs`" + Enabling Proxy Protocol with Trusted IPs. - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - - [entryPoints.web.proxyProtocol] - trustedIPs = ["127.0.0.1/32", "192.168.1.7"] - ``` - ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -550,7 +540,17 @@ If the Proxy Protocol header is passed, then the version is determined automatic - "127.0.0.1/32" - "192.168.1.7" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web.proxyProtocol] + trustedIPs = ["127.0.0.1/32", "192.168.1.7"] + ``` + ```bash tab="CLI" --entryPoints.web.address=:80 --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7 @@ -561,20 +561,10 @@ If the Proxy Protocol header is passed, then the version is determined automatic ??? info "`proxyProtocol.insecure`" Insecure Mode (Testing Environment Only). - + In a test environments, you can configure Traefik to trust every incoming connection. Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect) - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - - [entryPoints.web.proxyProtocol] - insecure = true - ``` - ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -583,7 +573,17 @@ If the Proxy Protocol header is passed, then the version is determined automatic proxyProtocol: insecure: true ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + + [entryPoints.web.proxyProtocol] + insecure = true + ``` + ```bash tab="CLI" --entryPoints.web.address=:80 --entryPoints.web.proxyProtocol.insecure @@ -601,21 +601,7 @@ This whole section is dedicated to options, keyed by entry point, that will appl ### Redirection ??? example "HTTPS redirection (80 to 443)" - - ```toml tab="File (TOML)" - [entryPoints.web] - address = ":80" - - [entryPoints.web.http] - [entryPoints.web.http.redirections] - [entryPoints.web.http.redirections.entryPoint] - to = "websecure" - scheme = "https" - - [entryPoints.websecure] - address = ":443" - ``` - + ```yaml tab="File (YAML)" entryPoints: web: @@ -625,11 +611,25 @@ This whole section is dedicated to options, keyed by entry point, that will appl entryPoint: to: websecure scheme: https - + websecure: address: :443 ``` - + + ```toml tab="File (TOML)" + [entryPoints.web] + address = ":80" + + [entryPoints.web.http] + [entryPoints.web.http.redirections] + [entryPoints.web.http.redirections.entryPoint] + to = "websecure" + scheme = "https" + + [entryPoints.websecure] + address = ":443" + ``` + ```bash tab="CLI" --entrypoints.web.address=:80 --entrypoints.web.http.redirections.entryPoint.to=websecure @@ -642,22 +642,14 @@ This whole section is dedicated to options, keyed by entry point, that will appl This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`) or an explicit port (`:443`). ??? info "`entryPoint.to`" - + _Required_ - + The target element, it can be: - + - an entry point name (ex: `websecure`) - a port (`:443`) - - ```toml tab="File (TOML)" - [entryPoints.foo] - # ... - [entryPoints.foo.http.redirections] - [entryPoints.foo.http.redirections.entryPoint] - to = "websecure" - ``` - + ```yaml tab="File (YAML)" entryPoints: foo: @@ -667,26 +659,25 @@ This section is a convenience to enable (permanent) redirecting of all incoming entryPoint: to: websecure ``` - - ```bash tab="CLI" - --entrypoints.foo.http.redirections.entryPoint.to=websecure - ``` - -??? info "`entryPoint.scheme`" - - _Optional, Default="https"_ - - The redirection target scheme. ```toml tab="File (TOML)" [entryPoints.foo] # ... [entryPoints.foo.http.redirections] [entryPoints.foo.http.redirections.entryPoint] - # ... - scheme = "https" + to = "websecure" ``` - + + ```bash tab="CLI" + --entrypoints.foo.http.redirections.entryPoint.to=websecure + ``` + +??? info "`entryPoint.scheme`" + + _Optional, Default="https"_ + + The redirection target scheme. + ```yaml tab="File (YAML)" entryPoints: foo: @@ -697,16 +688,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming # ... scheme: https ``` - - ```bash tab="CLI" - --entrypoints.foo.http.redirections.entryPoint.scheme=https - ``` - -??? info "`entryPoint.permanent`" - - _Optional, Default=true_ - - To apply a permanent redirection. ```toml tab="File (TOML)" [entryPoints.foo] @@ -714,9 +695,19 @@ This section is a convenience to enable (permanent) redirecting of all incoming [entryPoints.foo.http.redirections] [entryPoints.foo.http.redirections.entryPoint] # ... - permanent = true + scheme = "https" ``` - + + ```bash tab="CLI" + --entrypoints.foo.http.redirections.entryPoint.scheme=https + ``` + +??? info "`entryPoint.permanent`" + + _Optional, Default=true_ + + To apply a permanent redirection. + ```yaml tab="File (YAML)" entryPoints: foo: @@ -727,16 +718,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming # ... permanent: true ``` - - ```bash tab="CLI" - --entrypoints.foo.http.redirections.entrypoint.permanent=true - ``` - -??? info "`entryPoint.priority`" - - _Optional, Default=1_ - - Priority of the generated router. ```toml tab="File (TOML)" [entryPoints.foo] @@ -744,9 +725,19 @@ This section is a convenience to enable (permanent) redirecting of all incoming [entryPoints.foo.http.redirections] [entryPoints.foo.http.redirections.entryPoint] # ... - priority = 10 + permanent = true ``` - + + ```bash tab="CLI" + --entrypoints.foo.http.redirections.entrypoint.permanent=true + ``` + +??? info "`entryPoint.priority`" + + _Optional, Default=1_ + + Priority of the generated router. + ```yaml tab="File (YAML)" entryPoints: foo: @@ -757,7 +748,16 @@ This section is a convenience to enable (permanent) redirecting of all incoming # ... priority: 10 ``` - + + ```toml tab="File (TOML)" + [entryPoints.foo] + # ... + [entryPoints.foo.http.redirections] + [entryPoints.foo.http.redirections.entryPoint] + # ... + priority = 10 + ``` + ```bash tab="CLI" --entrypoints.foo.http.redirections.entrypoint.priority=10 ``` @@ -766,14 +766,6 @@ This section is a convenience to enable (permanent) redirecting of all incoming The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. -```toml tab="File (TOML)" -[entryPoints.websecure] - address = ":443" - - [entryPoints.websecure.http] - middlewares = ["auth@file", "strip@file"] -``` - ```yaml tab="File (YAML)" entryPoints: websecure: @@ -784,6 +776,14 @@ entryPoints: - strip@file ``` +```toml tab="File (TOML)" +[entryPoints.websecure] + address = ":443" + + [entryPoints.websecure.http] + middlewares = ["auth@file", "strip@file"] +``` + ```bash tab="CLI" --entrypoints.websecure.address=:443 --entrypoints.websecure.http.middlewares=auth@file,strip@file @@ -797,21 +797,6 @@ If a TLS section (i.e. any of its fields) is user-defined, then the default conf The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls). -```toml tab="File (TOML)" -[entryPoints.websecure] - address = ":443" - - [entryPoints.websecure.http.tls] - options = "foobar" - certResolver = "leresolver" - [[entryPoints.websecure.http.tls.domains]] - main = "example.com" - sans = ["foo.example.com", "bar.example.com"] - [[entryPoints.websecure.http.tls.domains]] - main = "test.com" - sans = ["foo.test.com", "bar.test.com"] -``` - ```yaml tab="File (YAML)" entryPoints: websecure: @@ -831,6 +816,21 @@ entryPoints: - bar.test.com ``` +```toml tab="File (TOML)" +[entryPoints.websecure] + address = ":443" + + [entryPoints.websecure.http.tls] + options = "foobar" + certResolver = "leresolver" + [[entryPoints.websecure.http.tls.domains]] + main = "example.com" + sans = ["foo.example.com", "bar.example.com"] + [[entryPoints.websecure.http.tls.domains]] + main = "test.com" + sans = ["foo.test.com", "bar.test.com"] +``` + ```bash tab="CLI" --entrypoints.websecure.address=:443 --entrypoints.websecure.http.tls.options=foobar @@ -842,15 +842,7 @@ entryPoints: ``` ??? example "Let's Encrypt" - - ```toml tab="File (TOML)" - [entryPoints.websecure] - address = ":443" - - [entryPoints.websecure.http.tls] - certResolver = "leresolver" - ``` - + ```yaml tab="File (YAML)" entryPoints: websecure: @@ -859,7 +851,15 @@ entryPoints: tls: certResolver: leresolver ``` - + + ```toml tab="File (TOML)" + [entryPoints.websecure] + address = ":443" + + [entryPoints.websecure.http.tls] + certResolver = "leresolver" + ``` + ```bash tab="CLI" --entrypoints.websecure.address=:443 --entrypoints.websecure.http.tls.certResolver=leresolver @@ -876,14 +876,6 @@ _Optional, Default=3s_ Timeout defines how long to wait on an idle session before releasing the related resources. The Timeout value must be greater than zero. -```toml tab="File (TOML)" -[entryPoints.foo] - address = ":8000/udp" - - [entryPoints.foo.udp] - timeout = "10s" -``` - ```yaml tab="File (YAML)" entryPoints: foo: @@ -892,6 +884,14 @@ entryPoints: timeout: 10s ``` +```toml tab="File (TOML)" +[entryPoints.foo] + address = ":8000/udp" + + [entryPoints.foo.udp] + timeout = "10s" +``` + ```bash tab="CLI" entrypoints.foo.address=:8000/udp entrypoints.foo.udp.timeout=10s diff --git a/docs/content/routing/overview.md b/docs/content/routing/overview.md index 2e252166c..30bcaf41c 100644 --- a/docs/content/routing/overview.md +++ b/docs/content/routing/overview.md @@ -26,18 +26,6 @@ In the process, Traefik will make sure that the user is authenticated (using the Static configuration: -```toml tab="File (TOML)" -[entryPoints] - [entryPoints.web] - # Listen on port 8081 for incoming requests - address = ":8081" - -[providers] - # Enable the file provider to define routers / middlewares / services in file - [providers.file] - directory = "/path/to/dynamic/conf" -``` - ```yaml tab="File (YAML)" entryPoints: web: @@ -50,6 +38,18 @@ providers: directory: /path/to/dynamic/conf ``` +```toml tab="File (TOML)" +[entryPoints] + [entryPoints.web] + # Listen on port 8081 for incoming requests + address = ":8081" + +[providers] + # Enable the file provider to define routers / middlewares / services in file + [providers.file] + directory = "/path/to/dynamic/conf" +``` + ```bash tab="CLI" # Listen on port 8081 for incoming requests --entryPoints.web.address=:8081 @@ -60,30 +60,6 @@ providers: Dynamic configuration: -```toml tab="TOML" -# http routing section -[http] - [http.routers] - # Define a connection between requests and services - [http.routers.to-whoami] - rule = "Host(`example.com`) && PathPrefix(`/whoami/`)" - # If the rule matches, applies the middleware - middlewares = ["test-user"] - # If the rule matches, forward to the whoami service (declared below) - service = "whoami" - - [http.middlewares] - # Define an authentication mechanism - [http.middlewares.test-user.basicAuth] - users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"] - - [http.services] - # Define how to reach an existing service on our infrastructure - [http.services.whoami.loadBalancer] - [[http.services.whoami.loadBalancer.servers]] - url = "http://private/whoami-service" -``` - ```yaml tab="YAML" # http routing section http: @@ -112,6 +88,30 @@ http: - url: http://private/whoami-service ``` +```toml tab="TOML" +# http routing section +[http] + [http.routers] + # Define a connection between requests and services + [http.routers.to-whoami] + rule = "Host(`example.com`) && PathPrefix(`/whoami/`)" + # If the rule matches, applies the middleware + middlewares = ["test-user"] + # If the rule matches, forward to the whoami service (declared below) + service = "whoami" + + [http.middlewares] + # Define an authentication mechanism + [http.middlewares.test-user.basicAuth] + users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"] + + [http.services] + # Define how to reach an existing service on our infrastructure + [http.services.whoami.loadBalancer] + [[http.services.whoami.loadBalancer.servers]] + url = "http://private/whoami-service" +``` + !!! info "" In this example, we use the [file provider](../providers/file.md). @@ -125,7 +125,18 @@ http: ??? example "Adding a TCP route for TLS requests on whoami.example.com" **Static Configuration** - + + ```yaml tab="File (YAML)" + entryPoints: + web: + # Listen on port 8081 for incoming requests + address: :8081 + providers: + # Enable the file provider to define routers / middlewares / services in file + file: + directory: /path/to/dynamic/conf + ``` + ```toml tab="File (TOML)" [entryPoints] [entryPoints.web] @@ -137,64 +148,17 @@ http: [providers.file] directory = "/path/to/dynamic/conf" ``` - - ```yaml tab="File (YAML)" - entryPoints: - web: - # Listen on port 8081 for incoming requests - address: :8081 - providers: - # Enable the file provider to define routers / middlewares / services in file - file: - directory: /path/to/dynamic/conf - ``` - + ```bash tab="CLI" # Listen on port 8081 for incoming requests --entryPoints.web.address=:8081 - + # Enable the file provider to define routers / middlewares / services in file --providers.file.directory=/path/to/dynamic/conf ``` - + **Dynamic Configuration** - ```toml tab="TOML" - # http routing section - [http] - [http.routers] - # Define a connection between requests and services - [http.routers.to-whoami] - rule = "Host(`example.com`) && PathPrefix(`/whoami/`)" - # If the rule matches, applies the middleware - middlewares = ["test-user"] - # If the rule matches, forward to the whoami service (declared below) - service = "whoami" - - [http.middlewares] - # Define an authentication mechanism - [http.middlewares.test-user.basicAuth] - users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"] - - [http.services] - # Define how to reach an existing service on our infrastructure - [http.services.whoami.loadBalancer] - [[http.services.whoami.loadBalancer.servers]] - url = "http://private/whoami-service" - - [tcp] - [tcp.routers] - [tcp.routers.to-whoami-tcp] - rule = "HostSNI(`whoami-tcp.example.com`)" - service = "whoami-tcp" - [tcp.routers.to-whoami-tcp.tls] - - [tcp.services] - [tcp.services.whoami-tcp.loadBalancer] - [[tcp.services.whoami-tcp.loadBalancer.servers]] - address = "xx.xx.xx.xx:xx" - ``` - ```yaml tab="YAML" # http routing section http: @@ -237,6 +201,42 @@ http: - address: xx.xx.xx.xx:xx ``` + ```toml tab="TOML" + # http routing section + [http] + [http.routers] + # Define a connection between requests and services + [http.routers.to-whoami] + rule = "Host(`example.com`) && PathPrefix(`/whoami/`)" + # If the rule matches, applies the middleware + middlewares = ["test-user"] + # If the rule matches, forward to the whoami service (declared below) + service = "whoami" + + [http.middlewares] + # Define an authentication mechanism + [http.middlewares.test-user.basicAuth] + users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"] + + [http.services] + # Define how to reach an existing service on our infrastructure + [http.services.whoami.loadBalancer] + [[http.services.whoami.loadBalancer.servers]] + url = "http://private/whoami-service" + + [tcp] + [tcp.routers] + [tcp.routers.to-whoami-tcp] + rule = "HostSNI(`whoami-tcp.example.com`)" + service = "whoami-tcp" + [tcp.routers.to-whoami-tcp.tls] + + [tcp.services] + [tcp.services.whoami-tcp.loadBalancer] + [[tcp.services.whoami-tcp.loadBalancer.servers]] + address = "xx.xx.xx.xx:xx" + ``` + ## Transport configuration Most of what happens to the connection between the clients and Traefik, @@ -254,18 +254,18 @@ _Optional, Default=false_ `insecureSkipVerify` disables SSL certificate verification. -```toml tab="File (TOML)" -## Static configuration -[serversTransport] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" ## Static configuration serversTransport: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +## Static configuration +[serversTransport] + insecureSkipVerify = true +``` + ```bash tab="CLI" ## Static configuration --serversTransport.insecureSkipVerify=true @@ -278,12 +278,6 @@ _Optional_ `rootCAs` is the list of certificates (as file paths, or data bytes) that will be set as Root Certificate Authorities when using a self-signed TLS certificate. -```toml tab="File (TOML)" -## Static configuration -[serversTransport] - rootCAs = ["foo.crt", "bar.crt"] -``` - ```yaml tab="File (YAML)" ## Static configuration serversTransport: @@ -292,6 +286,12 @@ serversTransport: - bar.crt ``` +```toml tab="File (TOML)" +## Static configuration +[serversTransport] + rootCAs = ["foo.crt", "bar.crt"] +``` + ```bash tab="CLI" ## Static configuration --serversTransport.rootCAs=foo.crt,bar.crt @@ -303,18 +303,18 @@ _Optional, Default=2_ If non-zero, `maxIdleConnsPerHost` controls the maximum idle (keep-alive) connections to keep per-host. -```toml tab="File (TOML)" -## Static configuration -[serversTransport] - maxIdleConnsPerHost = 7 -``` - ```yaml tab="File (YAML)" ## Static configuration serversTransport: maxIdleConnsPerHost: 7 ``` +```toml tab="File (TOML)" +## Static configuration +[serversTransport] + maxIdleConnsPerHost = 7 +``` + ```bash tab="CLI" ## Static configuration --serversTransport.maxIdleConnsPerHost=7 @@ -331,12 +331,6 @@ _Optional, Default=30s_ `dialTimeout` is the maximum duration allowed for a connection to a backend server to be established. Zero means no timeout. -```toml tab="File (TOML)" -## Static configuration -[serversTransport.forwardingTimeouts] - dialTimeout = "1s" -``` - ```yaml tab="File (YAML)" ## Static configuration serversTransport: @@ -344,6 +338,12 @@ serversTransport: dialTimeout: 1s ``` +```toml tab="File (TOML)" +## Static configuration +[serversTransport.forwardingTimeouts] + dialTimeout = "1s" +``` + ```bash tab="CLI" ## Static configuration --serversTransport.forwardingTimeouts.dialTimeout=1s @@ -358,12 +358,6 @@ after fully writing the request (including its body, if any). This time does not include the time to read the response body. Zero means no timeout. -```toml tab="File (TOML)" -## Static configuration -[serversTransport.forwardingTimeouts] - responseHeaderTimeout = "1s" -``` - ```yaml tab="File (YAML)" ## Static configuration serversTransport: @@ -371,6 +365,12 @@ serversTransport: responseHeaderTimeout: 1s ``` +```toml tab="File (TOML)" +## Static configuration +[serversTransport.forwardingTimeouts] + responseHeaderTimeout = "1s" +``` + ```bash tab="CLI" ## Static configuration --serversTransport.forwardingTimeouts.responseHeaderTimeout=1s @@ -384,12 +384,6 @@ _Optional, Default=90s_ will remain idle before closing itself. Zero means no limit. -```toml tab="File (TOML)" -## Static configuration -[serversTransport.forwardingTimeouts] - idleConnTimeout = "1s" -``` - ```yaml tab="File (YAML)" ## Static configuration serversTransport: @@ -397,6 +391,12 @@ serversTransport: idleConnTimeout: 1s ``` +```toml tab="File (TOML)" +## Static configuration +[serversTransport.forwardingTimeouts] + idleConnTimeout = "1s" +``` + ```bash tab="CLI" ## Static configuration --serversTransport.forwardingTimeouts.idleConnTimeout=1s diff --git a/docs/content/routing/providers/docker.md b/docs/content/routing/providers/docker.md index 1e071fb5e..923c21237 100644 --- a/docs/content/routing/providers/docker.md +++ b/docs/content/routing/providers/docker.md @@ -13,15 +13,15 @@ Attach labels to your containers and let Traefik do the rest! Enabling the docker provider - ```toml tab="File (TOML)" - [providers.docker] - ``` - ```yaml tab="File (YAML)" providers: docker: {} ``` + ```toml tab="File (TOML)" + [providers.docker] + ``` + ```bash tab="CLI" --providers.docker=true ``` @@ -82,15 +82,6 @@ Attach labels to your containers and let Traefik do the rest! Enabling the docker provider (Swarm Mode) - ```toml tab="File (TOML)" - [providers.docker] - # swarm classic (1.12-) - # endpoint = "tcp://127.0.0.1:2375" - # docker swarm mode (1.12+) - endpoint = "tcp://127.0.0.1:2377" - swarmMode = true - ``` - ```yaml tab="File (YAML)" providers: docker: @@ -101,6 +92,15 @@ Attach labels to your containers and let Traefik do the rest! swarmMode: true ``` + ```toml tab="File (TOML)" + [providers.docker] + # swarm classic (1.12-) + # endpoint = "tcp://127.0.0.1:2375" + # docker swarm mode (1.12+) + endpoint = "tcp://127.0.0.1:2377" + swarmMode = true + ``` + ```bash tab="CLI" # swarm classic (1.12-) # --providers.docker.endpoint=tcp://127.0.0.1:2375 @@ -266,7 +266,7 @@ you'd add the label `traefik.http.services..loadbalancer.pa !!! warning "The character `@` is not authorized in the service name ``." ??? info "`traefik.http.services..loadbalancer.server.port`" - + Registers a port. Useful when the container exposes multiples ports. @@ -289,7 +289,7 @@ you'd add the label `traefik.http.services..loadbalancer.pa Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See [serverstransport](../services/index.md#serverstransport) for more information. - + ```yaml - "traefik.http.services..loadbalancer.serverstransport=foobar@file" ``` @@ -399,9 +399,9 @@ you'd add the label `traefik.http.services..loadbalancer.pa ``` ??? info "`traefik.http.services..loadbalancer.sticky.cookie.samesite`" - + See [sticky sessions](../services/index.md#sticky-sessions) for more information. - + ```yaml - "traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none" ``` diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md index 053436594..f0080f8de 100644 --- a/docs/content/routing/providers/kubernetes-crd.md +++ b/docs/content/routing/providers/kubernetes-crd.md @@ -1203,7 +1203,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube ??? example "Examples" - ```yaml tab="IngressRouteTCP" + ```yaml tab="Only on IngressRouteTCP" --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteTCP @@ -1233,38 +1233,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube type: ExternalName ``` - ```yaml tab="ExternalName Service" - --- - apiVersion: traefik.containo.us/v1alpha1 - kind: IngressRouteTCP - metadata: - name: test.route - namespace: default - - spec: - entryPoints: - - foo - - routes: - - match: HostSNI(`*`) - kind: Rule - services: - - name: external-svc - - --- - apiVersion: v1 - kind: Service - metadata: - name: external-svc - namespace: default - spec: - externalName: external.domain - type: ExternalName - ports: - - port: 80 - ``` - - ```yaml tab="Both sides" + ```yaml tab="On both sides" --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteTCP diff --git a/docs/content/routing/providers/kubernetes-gateway.md b/docs/content/routing/providers/kubernetes-gateway.md index fb8be83e7..6cdd578a3 100644 --- a/docs/content/routing/providers/kubernetes-gateway.md +++ b/docs/content/routing/providers/kubernetes-gateway.md @@ -209,7 +209,7 @@ Kubernetes cluster before creating `HTTPRoute` objects. - headers: # [8] type: Exact # [9] values: # [10] - - foo: bar + foo: bar forwardTo: # [11] - serviceName: whoami # [12] weight: 1 # [13] diff --git a/docs/content/routing/providers/kubernetes-ingress.md b/docs/content/routing/providers/kubernetes-ingress.md index 49bae30b6..13aedbc48 100644 --- a/docs/content/routing/providers/kubernetes-ingress.md +++ b/docs/content/routing/providers/kubernetes-ingress.md @@ -12,7 +12,7 @@ which in turn will create the resulting routers, services, handlers, etc. ## Configuration Example ??? example "Configuring Kubernetes Ingress Controller" - + ```yaml tab="RBAC" --- kind: ClusterRole @@ -46,7 +46,7 @@ which in turn will create the resulting routers, services, handlers, etc. - ingresses/status verbs: - update - + --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -61,7 +61,7 @@ which in turn will create the resulting routers, services, handlers, etc. name: traefik-ingress-controller namespace: default ``` - + ```yaml tab="Ingress" kind: Ingress apiVersion: networking.k8s.io/v1beta1 @@ -69,7 +69,7 @@ which in turn will create the resulting routers, services, handlers, etc. name: myingress annotations: traefik.ingress.kubernetes.io/router.entrypoints: web - + spec: rules: - host: example.com @@ -117,7 +117,7 @@ which in turn will create the resulting routers, services, handlers, etc. kind: ServiceAccount metadata: name: traefik-ingress-controller - + --- kind: Deployment apiVersion: apps/v1 @@ -125,7 +125,7 @@ which in turn will create the resulting routers, services, handlers, etc. name: traefik labels: app: traefik - + spec: replicas: 1 selector: @@ -146,7 +146,7 @@ which in turn will create the resulting routers, services, handlers, etc. ports: - name: web containerPort: 80 - + --- apiVersion: v1 kind: Service @@ -162,7 +162,7 @@ which in turn will create the resulting routers, services, handlers, etc. name: web targetPort: 80 ``` - + ```yaml tab="Whoami" kind: Deployment apiVersion: apps/v1 @@ -171,7 +171,7 @@ which in turn will create the resulting routers, services, handlers, etc. labels: app: traefiklabs name: whoami - + spec: replicas: 2 selector: @@ -189,13 +189,13 @@ which in turn will create the resulting routers, services, handlers, etc. image: traefik/whoami ports: - containerPort: 80 - + --- apiVersion: v1 kind: Service metadata: name: whoami - + spec: ports: - name: http @@ -237,7 +237,7 @@ which in turn will create the resulting routers, services, handlers, etc. Overrides the default router rule type used for a path. Only path-related matcher name can be specified: `Path`, `PathPrefix`. - + Default `PathPrefix` ```yaml @@ -351,7 +351,7 @@ which in turn will create the resulting routers, services, handlers, etc. ``` ## Path Types on Kubernetes 1.18+ - + If the Kubernetes cluster version is 1.18+, the new `pathType` property can be leveraged to define the rules matchers: @@ -376,14 +376,6 @@ TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entry --entrypoints.websecure.http.tls ``` -```toml tab="File (TOML)" -# Static configuration -[entryPoints.websecure] - address = ":443" - - [entryPoints.websecure.http.tls] -``` - ```yaml tab="File (YAML)" # Static configuration entryPoints: @@ -393,10 +385,18 @@ entryPoints: tls: {} ``` +```toml tab="File (TOML)" +# Static configuration +[entryPoints.websecure] + address = ":443" + + [entryPoints.websecure.http.tls] +``` + This way, any Ingress attached to this Entrypoint will have TLS termination by default. ??? example "Configuring Kubernetes Ingress Controller with TLS on Entrypoint" - + ```yaml tab="RBAC" --- kind: ClusterRole @@ -430,7 +430,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d - ingresses/status verbs: - update - + --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -445,7 +445,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d name: traefik-ingress-controller namespace: default ``` - + ```yaml tab="Ingress" kind: Ingress apiVersion: networking.k8s.io/v1beta1 @@ -453,7 +453,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d name: myingress annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - + spec: rules: - host: example.com @@ -501,7 +501,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d kind: ServiceAccount metadata: name: traefik-ingress-controller - + --- kind: Deployment apiVersion: apps/v1 @@ -509,7 +509,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d name: traefik labels: app: traefik - + spec: replicas: 1 selector: @@ -531,7 +531,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d ports: - name: websecure containerPort: 443 - + --- apiVersion: v1 kind: Service @@ -547,7 +547,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d name: websecure targetPort: 443 ``` - + ```yaml tab="Whoami" kind: Deployment apiVersion: apps/v1 @@ -556,7 +556,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d labels: app: traefiklabs name: whoami - + spec: replicas: 2 selector: @@ -574,13 +574,13 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d image: traefik/whoami ports: - containerPort: 80 - + --- apiVersion: v1 kind: Service metadata: name: whoami - + spec: ports: - name: http @@ -597,11 +597,11 @@ To enable TLS on the underlying router created from an Ingress, one should confi ```yaml traefik.ingress.kubernetes.io/router.tls: "true" ``` - + For more options, please refer to the available [annotations](#on-ingress). ??? example "Configuring Kubernetes Ingress Controller with TLS" - + ```yaml tab="RBAC" --- kind: ClusterRole @@ -635,7 +635,7 @@ For more options, please refer to the available [annotations](#on-ingress). - ingresses/status verbs: - update - + --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -650,7 +650,7 @@ For more options, please refer to the available [annotations](#on-ingress). name: traefik-ingress-controller namespace: default ``` - + ```yaml tab="Ingress" kind: Ingress apiVersion: networking.k8s.io/v1beta1 @@ -659,7 +659,7 @@ For more options, please refer to the available [annotations](#on-ingress). annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: true - + spec: rules: - host: example.com @@ -708,7 +708,7 @@ For more options, please refer to the available [annotations](#on-ingress). kind: ServiceAccount metadata: name: traefik-ingress-controller - + --- kind: Deployment apiVersion: apps/v1 @@ -716,7 +716,7 @@ For more options, please refer to the available [annotations](#on-ingress). name: traefik labels: app: traefik - + spec: replicas: 1 selector: @@ -737,7 +737,7 @@ For more options, please refer to the available [annotations](#on-ingress). ports: - name: websecure containerPort: 443 - + --- apiVersion: v1 kind: Service @@ -753,7 +753,7 @@ For more options, please refer to the available [annotations](#on-ingress). name: websecure targetPort: 443 ``` - + ```yaml tab="Whoami" kind: Deployment apiVersion: apps/v1 @@ -762,7 +762,7 @@ For more options, please refer to the available [annotations](#on-ingress). labels: app: traefiklabs name: whoami - + spec: replicas: 2 selector: @@ -780,13 +780,13 @@ For more options, please refer to the available [annotations](#on-ingress). image: traefik/whoami ports: - containerPort: 80 - + --- apiVersion: v1 kind: Service metadata: name: whoami - + spec: ports: - name: http @@ -799,14 +799,14 @@ For more options, please refer to the available [annotations](#on-ingress). ### Certificates Management ??? example "Using a secret" - + ```yaml tab="Ingress" kind: Ingress apiVersion: networking.k8s.io/v1beta1 metadata: name: foo namespace: production - + spec: rules: - host: example.net @@ -853,7 +853,7 @@ For more options, please refer to the available [annotations](#on-ingress). kind: Secret metadata: name: supersecret - + data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= @@ -862,7 +862,7 @@ For more options, please refer to the available [annotations](#on-ingress). TLS certificates can be managed in Secrets objects. !!! info - + Only TLS certificates provided by users can be stored in Kubernetes Secrets. [Let's Encrypt](../../https/acme.md) certificates cannot be managed in Kubernetes Secrets yet. @@ -882,7 +882,7 @@ If either of those configuration options exist, then the backend communication p and will connect via TLS automatically. !!! info - + Please note that by enabling TLS communication between traefik and your pods, you will have to have trusted certificates that have the proper trust chain and IP subject name. If this is not an option, you may need to skip TLS certificate verification. @@ -922,8 +922,8 @@ This ingress follows the Global Default Backend property of ingresses. This will allow users to create a "default router" that will match all unmatched requests. !!! info - + Due to Traefik's use of priorities, you may have to set this ingress priority lower than other ingresses in your environment, to avoid this global ingress from satisfying requests that could match other ingresses. - + To do this, use the `traefik.ingress.kubernetes.io/router.priority` annotation (as seen in [Annotations on Ingress](#on-ingress)) on your ingresses accordingly. diff --git a/docs/content/routing/routers/index.md b/docs/content/routing/routers/index.md index e7a18ca8e..ef221ad0a 100644 --- a/docs/content/routing/routers/index.md +++ b/docs/content/routing/routers/index.md @@ -13,14 +13,6 @@ or act before forwarding the request to the service. ??? example "Requests /foo are Handled by service-foo -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.routers] - [http.routers.my-router] - rule = "Path(`/foo`)" - service = "service-foo" - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -30,21 +22,18 @@ or act before forwarding the request to the service. service: service-foo ``` -??? example "Forwarding all (non-tls) requests on port 3306 to a database service" - - **Dynamic Configuration** - - ```toml tab="File (TOML)" + ```toml tab="TOML" ## Dynamic configuration - [tcp] - [tcp.routers] - [tcp.routers.to-database] - entryPoints = ["mysql"] - # Catch every request (only available rule for non-tls routers. See below.) - rule = "HostSNI(`*`)" - service = "database" + [http.routers] + [http.routers.my-router] + rule = "Path(`/foo`)" + service = "service-foo" ``` - + +??? example "Forwarding all (non-tls) requests on port 3306 to a database service" + + **Dynamic Configuration** + ```yaml tab="File (YAML)" ## Dynamic configuration tcp: @@ -56,27 +45,38 @@ or act before forwarding the request to the service. rule: "HostSNI(`*`)" service: database ``` - - **Static Configuration** - + ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - [entryPoints.mysql] - address = ":3306" + ## Dynamic configuration + [tcp] + [tcp.routers] + [tcp.routers.to-database] + entryPoints = ["mysql"] + # Catch every request (only available rule for non-tls routers. See below.) + rule = "HostSNI(`*`)" + service = "database" ``` - + + **Static Configuration** + ```yaml tab="File (YAML)" ## Static configuration entryPoints: web: address: ":80" mysql: - address: ":3306" + address: ":3306" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.mysql] + address = ":3306" + ``` + ```bash tab="CLI" ## Static configuration --entryPoints.web.address=:80 @@ -93,18 +93,9 @@ If not specified, HTTP routers will accept requests from all defined entry point If you want to limit the router scope to a set of entry points, set the `entryPoints` option. ??? example "Listens to Every EntryPoint" - + **Dynamic Configuration** - - ```toml tab="File (TOML)" - ## Dynamic configuration - [http.routers] - [http.routers.Router-1] - # By default, routers listen to every entry points - rule = "Host(`example.com`)" - service = "service-1" - ``` - + ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -114,20 +105,18 @@ If you want to limit the router scope to a set of entry points, set the `entryPo rule: "Host(`example.com`)" service: "service-1" ``` - - **Static Configuration** - + ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - [entryPoints.websecure] - address = ":443" - [entryPoints.other] - address = ":9090" + ## Dynamic configuration + [http.routers] + [http.routers.Router-1] + # By default, routers listen to every entry points + rule = "Host(`example.com`)" + service = "service-1" ``` - + + **Static Configuration** + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -138,7 +127,18 @@ If you want to limit the router scope to a set of entry points, set the `entryPo other: address: ":9090" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.websecure] + address = ":443" + [entryPoints.other] + address = ":9090" + ``` + ```bash tab="CLI" ## Static configuration --entrypoints.web.address=:80 @@ -147,19 +147,9 @@ If you want to limit the router scope to a set of entry points, set the `entryPo ``` ??? example "Listens to Specific EntryPoints" - + **Dynamic Configuration** - - ```toml tab="File (TOML)" - ## Dynamic configuration - [http.routers] - [http.routers.Router-1] - # won't listen to entry point web - entryPoints = ["websecure", "other"] - rule = "Host(`example.com`)" - service = "service-1" - ``` - + ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -173,19 +163,18 @@ If you want to limit the router scope to a set of entry points, set the `entryPo service: "service-1" ``` - **Static Configuration** - ```toml tab="File (TOML)" - ## Static configuration - [entryPoints] - [entryPoints.web] - address = ":80" - [entryPoints.websecure] - address = ":443" - [entryPoints.other] - address = ":9090" + ## Dynamic configuration + [http.routers] + [http.routers.Router-1] + # won't listen to entry point web + entryPoints = ["websecure", "other"] + rule = "Host(`example.com`)" + service = "service-1" ``` - + + **Static Configuration** + ```yaml tab="File (YAML)" ## Static configuration entryPoints: @@ -196,7 +185,18 @@ If you want to limit the router scope to a set of entry points, set the `entryPo other: address: ":9090" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + [entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.websecure] + address = ":443" + [entryPoints.other] + address = ":9090" + ``` + ```bash tab="CLI" ## Static configuration --entrypoints.web.address=:80 @@ -211,7 +211,7 @@ If the rule is verified, the router becomes active, calls middlewares, and then ??? tip "Backticks or Quotes?" To set the value of a rule, use [backticks](https://en.wiktionary.org/wiki/backtick) ``` ` ``` or escaped double-quotes `\"`. - + Single quotes `'` are not accepted as values are [Golang's String Literals](https://golang.org/ref/spec#String_literals). !!! example "Host is example.com" @@ -285,17 +285,6 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul ??? info "How default priorities are computed" - ```toml tab="File (TOML)" - ## Dynamic configuration - [http.routers] - [http.routers.Router-1] - rule = "HostRegexp(`.*\.traefik\.com`)" - # ... - [http.routers.Router-2] - rule = "Host(`foobar.traefik.com`)" - # ... - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -307,35 +296,31 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul rule: "Host(`foobar.traefik.com`)" # ... ``` - - In this case, all requests with host `foobar.traefik.com` will be routed through `Router-1` instead of `Router-2`. - - | Name | Rule | Priority | - |----------|--------------------------------------|----------| - | Router-1 | ```HostRegexp(`.*\.traefik\.com`)``` | 30 | - | Router-2 | ```Host(`foobar.traefik.com`)``` | 26 | - - The previous table shows that `Router-1` has a higher priority than `Router-2`. - - To solve this issue, the priority must be set. -??? example "Set priorities -- using the [File Provider](../../providers/file.md)" - ```toml tab="File (TOML)" ## Dynamic configuration [http.routers] [http.routers.Router-1] rule = "HostRegexp(`.*\.traefik\.com`)" - entryPoints = ["web"] - service = "service-1" - priority = 1 + # ... [http.routers.Router-2] rule = "Host(`foobar.traefik.com`)" - entryPoints = ["web"] - priority = 2 - service = "service-2" + # ... ``` - + + In this case, all requests with host `foobar.traefik.com` will be routed through `Router-1` instead of `Router-2`. + + | Name | Rule | Priority | + |----------|--------------------------------------|----------| + | Router-1 | ```HostRegexp(`.*\.traefik\.com`)``` | 30 | + | Router-2 | ```Host(`foobar.traefik.com`)``` | 26 | + + The previous table shows that `Router-1` has a higher priority than `Router-2`. + + To solve this issue, the priority must be set. + +??? example "Set priorities -- using the [File Provider](../../providers/file.md)" + ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -354,6 +339,21 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul service: service-2 ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + [http.routers] + [http.routers.Router-1] + rule = "HostRegexp(`.*\.traefik\.com`)" + entryPoints = ["web"] + service = "service-1" + priority = 1 + [http.routers.Router-2] + rule = "Host(`foobar.traefik.com`)" + entryPoints = ["web"] + priority = 2 + service = "service-2" + ``` + In this configuration, the priority is configured to allow `Router-2` to handle requests with the `foobar.traefik.com` host. ### Middlewares @@ -364,21 +364,11 @@ The middlewares will take effect only if the rule matches, and before forwarding !!! warning "The character `@` is not authorized in the middleware name." !!! tip "Middlewares order" - + Middlewares are applied in the same order as their declaration in **router**. ??? example "With a [middleware](../../middlewares/overview.md) -- using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.routers] - [http.routers.my-router] - rule = "Path(`/foo`)" - # declared elsewhere - middlewares = ["authentication"] - service = "service-foo" - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -391,6 +381,16 @@ The middlewares will take effect only if the rule matches, and before forwarding service: service-foo ``` + ```toml tab="TOML" + ## Dynamic configuration + [http.routers] + [http.routers.my-router] + rule = "Path(`/foo`)" + # declared elsewhere + middlewares = ["authentication"] + service = "service-foo" + ``` + ### Service Each request must eventually be handled by a [service](../services/index.md), @@ -415,16 +415,6 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted ??? example "Configuring the router to accept HTTPS requests only" - ```toml tab="File (TOML)" - ## Dynamic configuration - [http.routers] - [http.routers.Router-1] - rule = "Host(`foo-domain`) && Path(`/foo-path/`)" - service = "service-id" - # will terminate the TLS request - [http.routers.Router-1.tls] - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -436,6 +426,16 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted tls: {} ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + [http.routers] + [http.routers.Router-1] + rule = "Host(`foo-domain`) && Path(`/foo-path/`)" + service = "service-id" + # will terminate the TLS request + [http.routers.Router-1.tls] + ``` + !!! important "Routers for HTTP & HTTPS" If you need to define the same route for both HTTP and HTTPS requests, you will need to define two different routers: @@ -443,20 +443,6 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted ??? example "HTTP & HTTPS routes" - ```toml tab="File (TOML)" - ## Dynamic configuration - [http.routers] - [http.routers.my-https-router] - rule = "Host(`foo-domain`) && Path(`/foo-path/`)" - service = "service-id" - # will terminate the TLS request - [http.routers.my-https-router.tls] - - [http.routers.my-http-router] - rule = "Host(`foo-domain`) && Path(`/foo-path/`)" - service = "service-id" - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -472,6 +458,20 @@ Traefik will terminate the SSL connections (meaning that it will send decrypted service: service-id ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + [http.routers] + [http.routers.my-https-router] + rule = "Host(`foo-domain`) && Path(`/foo-path/`)" + service = "service-id" + # will terminate the TLS request + [http.routers.my-https-router.tls] + + [http.routers.my-http-router] + rule = "Host(`foo-domain`) && Path(`/foo-path/`)" + service = "service-id" + ``` + #### `options` The `options` field enables fine-grained control of the TLS parameters. @@ -494,28 +494,6 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied ??? example "Configuring the TLS options" - ```toml tab="File (TOML)" - ## Dynamic configuration - [http.routers] - [http.routers.Router-1] - rule = "Host(`foo-domain`) && Path(`/foo-path/`)" - service = "service-id" - # will terminate the TLS request - [http.routers.Router-1.tls] - options = "foo" - - [tls.options] - [tls.options.foo] - minVersion = "VersionTLS12" - cipherSuites = [ - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - ] - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -526,7 +504,7 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied # will terminate the TLS request tls: options: foo - + tls: options: foo: @@ -539,27 +517,34 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + [http.routers] + [http.routers.Router-1] + rule = "Host(`foo-domain`) && Path(`/foo-path/`)" + service = "service-id" + # will terminate the TLS request + [http.routers.Router-1.tls] + options = "foo" + + [tls.options] + [tls.options.foo] + minVersion = "VersionTLS12" + cipherSuites = [ + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + ] + ``` + !!! important "Conflicting TLS Options" Since a TLS options reference is mapped to a host name, if a configuration introduces a situation where the same host name (from a `Host` rule) gets matched with two TLS options references, a conflict occurs, such as in the example below: - ```toml tab="File (TOML)" - ## Dynamic configuration - [http.routers] - [http.routers.routerfoo] - rule = "Host(`snitest.com`) && Path(`/foo`)" - [http.routers.routerfoo.tls] - options = "foo" - - [http.routers] - [http.routers.routerbar] - rule = "Host(`snitest.com`) && Path(`/bar`)" - [http.routers.routerbar.tls] - options = "bar" - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -575,21 +560,27 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied options: bar ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + [http.routers] + [http.routers.routerfoo] + rule = "Host(`snitest.com`) && Path(`/foo`)" + [http.routers.routerfoo.tls] + options = "foo" + + [http.routers] + [http.routers.routerbar] + rule = "Host(`snitest.com`) && Path(`/bar`)" + [http.routers.routerbar.tls] + options = "bar" + ``` + If that happens, both mappings are discarded, and the host name (`snitest.com` in this case) for these routers gets associated with the default TLS options instead. #### `certResolver` If `certResolver` is defined, Traefik will try to generate certificates based on routers `Host` & `HostSNI` rules. -```toml tab="File (TOML)" -## Dynamic configuration -[http.routers] - [http.routers.routerfoo] - rule = "Host(`snitest.com`) && Path(`/foo`)" - [http.routers.routerfoo.tls] - certResolver = "foo" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -600,6 +591,15 @@ http: certResolver: foo ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.routers] + [http.routers.routerfoo] + rule = "Host(`snitest.com`) && Path(`/foo`)" + [http.routers.routerfoo.tls] + certResolver = "foo" +``` + !!! info "Multiple Hosts in a Rule" The rule ```Host(`test1.example.com`,`test2.example.com`)``` will request a certificate with the main domain `test1.example.com` and SAN `test2.example.com`. @@ -609,18 +609,6 @@ You can set SANs (alternative domains) for each main domain. Every domain must have A/AAAA records pointing to Traefik. Each domain & SAN will lead to a certificate request. -```toml tab="File (TOML)" -## Dynamic configuration -[http.routers] - [http.routers.routerbar] - rule = "Host(`snitest.com`) && Path(`/bar`)" - [http.routers.routerbar.tls] - certResolver = "bar" - [[http.routers.routerbar.tls.domains]] - main = "snitest.com" - sans = ["*.snitest.com"] -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -635,6 +623,18 @@ http: - "*.snitest.com" ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.routers] + [http.routers.routerbar] + rule = "Host(`snitest.com`) && Path(`/bar`)" + [http.routers.routerbar.tls] + certResolver = "bar" + [[http.routers.routerbar.tls.domains]] + main = "snitest.com" + sans = ["*.snitest.com"] +``` + [ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates. As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](../../https/acme.md#dnschallenge). @@ -666,24 +666,12 @@ If not specified, TCP routers will accept requests from all defined entry points If you want to limit the router scope to a set of entry points, set the entry points option. ??? example "Listens to Every Entry Point" - + **Dynamic Configuration** - ```toml tab="File (TOML)" - ## Dynamic configuration - - [tcp.routers] - [tcp.routers.Router-1] - # By default, routers listen to every entrypoints - rule = "HostSNI(`example.com`)" - service = "service-1" - # will route TLS requests (and ignore non tls requests) - [tcp.routers.Router-1.tls] - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration - + tcp: routers: Router-1: @@ -694,23 +682,23 @@ If you want to limit the router scope to a set of entry points, set the entry po tls: {} ``` - **Static Configuration** - ```toml tab="File (TOML)" - ## Static configuration - - [entryPoints] - [entryPoints.web] - address = ":80" - [entryPoints.websecure] - address = ":443" - [entryPoints.other] - address = ":9090" + ## Dynamic configuration + + [tcp.routers] + [tcp.routers.Router-1] + # By default, routers listen to every entrypoints + rule = "HostSNI(`example.com`)" + service = "service-1" + # will route TLS requests (and ignore non tls requests) + [tcp.routers.Router-1.tls] ``` - + + **Static Configuration** + ```yaml tab="File (YAML)" ## Static configuration - + entryPoints: web: address: ":80" @@ -719,7 +707,19 @@ If you want to limit the router scope to a set of entry points, set the entry po other: address: ":9090" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + + [entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.websecure] + address = ":443" + [entryPoints.other] + address = ":9090" + ``` + ```bash tab="CLI" ## Static configuration --entrypoints.web.address=:80 @@ -728,21 +728,9 @@ If you want to limit the router scope to a set of entry points, set the entry po ``` ??? example "Listens to Specific Entry Points" - + **Dynamic Configuration** - - ```toml tab="File (TOML)" - ## Dynamic configuration - [tcp.routers] - [tcp.routers.Router-1] - # won't listen to entry point web - entryPoints = ["websecure", "other"] - rule = "HostSNI(`example.com`)" - service = "service-1" - # will route TLS requests (and ignore non tls requests) - [tcp.routers.Router-1.tls] - ``` - + ```yaml tab="File (YAML)" ## Dynamic configuration tcp: @@ -758,23 +746,23 @@ If you want to limit the router scope to a set of entry points, set the entry po tls: {} ``` - **Static Configuration** - ```toml tab="File (TOML)" - ## Static configuration - - [entryPoints] - [entryPoints.web] - address = ":80" - [entryPoints.websecure] - address = ":443" - [entryPoints.other] - address = ":9090" + ## Dynamic configuration + [tcp.routers] + [tcp.routers.Router-1] + # won't listen to entry point web + entryPoints = ["websecure", "other"] + rule = "HostSNI(`example.com`)" + service = "service-1" + # will route TLS requests (and ignore non tls requests) + [tcp.routers.Router-1.tls] ``` - + + **Static Configuration** + ```yaml tab="File (YAML)" ## Static configuration - + entryPoints: web: address: ":80" @@ -783,7 +771,19 @@ If you want to limit the router scope to a set of entry points, set the entry po other: address: ":9090" ``` - + + ```toml tab="File (TOML)" + ## Static configuration + + [entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.websecure] + address = ":443" + [entryPoints.other] + address = ":9090" + ``` + ```bash tab="CLI" ## Static configuration --entrypoints.web.address=:80 @@ -861,16 +861,6 @@ By default, a router with a TLS section will terminate the TLS connections, mean ??? example "Router for TLS requests" - ```toml tab="File (TOML)" - ## Dynamic configuration - [tcp.routers] - [tcp.routers.Router-1] - rule = "HostSNI(`foo-domain`)" - service = "service-id" - # will terminate the TLS request by default - [tcp.routers.Router-1.tls] - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration tcp: @@ -882,6 +872,16 @@ By default, a router with a TLS section will terminate the TLS connections, mean tls: {} ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + [tcp.routers] + [tcp.routers.Router-1] + rule = "HostSNI(`foo-domain`)" + service = "service-id" + # will terminate the TLS request by default + [tcp.routers.Router-1.tls] + ``` + #### `passthrough` As seen above, a TLS router will terminate the TLS connection by default. @@ -891,16 +891,6 @@ It defaults to `false`. ??? example "Configuring passthrough" - ```toml tab="File (TOML)" - ## Dynamic configuration - [tcp.routers] - [tcp.routers.Router-1] - rule = "HostSNI(`foo-domain`)" - service = "service-id" - [tcp.routers.Router-1.tls] - passthrough = true - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration tcp: @@ -912,35 +902,23 @@ It defaults to `false`. passthrough: true ``` -#### `options` - -The `options` field enables fine-grained control of the TLS parameters. -It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `HostSNI` rule is defined. - -!!! example "Configuring the tls options" - ```toml tab="File (TOML)" ## Dynamic configuration [tcp.routers] [tcp.routers.Router-1] rule = "HostSNI(`foo-domain`)" service = "service-id" - # will terminate the TLS request [tcp.routers.Router-1.tls] - options = "foo" - - [tls.options] - [tls.options.foo] - minVersion = "VersionTLS12" - cipherSuites = [ - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - ] + passthrough = true ``` +#### `options` + +The `options` field enables fine-grained control of the TLS parameters. +It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied only if a `HostSNI` rule is defined. + +!!! example "Configuring the tls options" + ```yaml tab="File (YAML)" ## Dynamic configuration tcp: @@ -951,7 +929,7 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied # will terminate the TLS request tls: options: foo - + tls: options: foo: @@ -964,19 +942,32 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ``` + ```toml tab="File (TOML)" + ## Dynamic configuration + [tcp.routers] + [tcp.routers.Router-1] + rule = "HostSNI(`foo-domain`)" + service = "service-id" + # will terminate the TLS request + [tcp.routers.Router-1.tls] + options = "foo" + + [tls.options] + [tls.options.foo] + minVersion = "VersionTLS12" + cipherSuites = [ + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + ] + ``` + #### `certResolver` See [`certResolver` for HTTP router](./index.md#certresolver) for more information. -```toml tab="File (TOML)" -## Dynamic configuration -[tcp.routers] - [tcp.routers.routerfoo] - rule = "HostSNI(`snitest.com`)" - [tcp.routers.routerfoo.tls] - certResolver = "foo" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration tcp: @@ -987,22 +978,19 @@ tcp: certResolver: foo ``` -#### `domains` - -See [`domains` for HTTP router](./index.md#domains) for more information. - ```toml tab="File (TOML)" ## Dynamic configuration [tcp.routers] - [tcp.routers.routerbar] + [tcp.routers.routerfoo] rule = "HostSNI(`snitest.com`)" - [tcp.routers.routerbar.tls] - certResolver = "bar" - [[tcp.routers.routerbar.tls.domains]] - main = "snitest.com" - sans = ["*.snitest.com"] + [tcp.routers.routerfoo.tls] + certResolver = "foo" ``` +#### `domains` + +See [`domains` for HTTP router](./index.md#domains) for more information. + ```yaml tab="File (YAML)" ## Dynamic configuration tcp: @@ -1013,10 +1001,22 @@ tcp: certResolver: "bar" domains: - main: "snitest.com" - sans: + sans: - "*.snitest.com" ``` +```toml tab="File (TOML)" +## Dynamic configuration +[tcp.routers] + [tcp.routers.routerbar] + rule = "HostSNI(`snitest.com`)" + [tcp.routers.routerbar.tls] + certResolver = "bar" + [[tcp.routers.routerbar.tls.domains]] + main = "snitest.com" + sans = ["*.snitest.com"] +``` + ## Configuring UDP Routers !!! warning "The character `@` is not allowed in the router name" @@ -1050,16 +1050,6 @@ If one wants to limit the router scope to a set of entry points, one should set **Dynamic Configuration** - ```toml tab="File (TOML)" - ## Dynamic configuration - - [udp.routers] - [udp.routers.Router-1] - # By default, routers listen to all UDP entrypoints, - # i.e. "other", and "streaming". - service = "service-1" - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration @@ -1071,22 +1061,18 @@ If one wants to limit the router scope to a set of entry points, one should set service: "service-1" ``` - **Static Configuration** - ```toml tab="File (TOML)" - ## Static configuration + ## Dynamic configuration - [entryPoints] - # not used by UDP routers - [entryPoints.web] - address = ":80" - # used by UDP routers - [entryPoints.other] - address = ":9090/udp" - [entryPoints.streaming] - address = ":9191/udp" + [udp.routers] + [udp.routers.Router-1] + # By default, routers listen to all UDP entrypoints, + # i.e. "other", and "streaming". + service = "service-1" ``` + **Static Configuration** + ```yaml tab="File (YAML)" ## Static configuration @@ -1101,6 +1087,20 @@ If one wants to limit the router scope to a set of entry points, one should set address: ":9191/udp" ``` + ```toml tab="File (TOML)" + ## Static configuration + + [entryPoints] + # not used by UDP routers + [entryPoints.web] + address = ":80" + # used by UDP routers + [entryPoints.other] + address = ":9090/udp" + [entryPoints.streaming] + address = ":9191/udp" + ``` + ```bash tab="CLI" ## Static configuration --entrypoints.web.address=":80" @@ -1112,15 +1112,6 @@ If one wants to limit the router scope to a set of entry points, one should set **Dynamic Configuration** - ```toml tab="File (TOML)" - ## Dynamic configuration - [udp.routers] - [udp.routers.Router-1] - # does not listen on "other" entry point - entryPoints = ["streaming"] - service = "service-1" - ``` - ```yaml tab="File (YAML)" ## Dynamic configuration udp: @@ -1132,20 +1123,17 @@ If one wants to limit the router scope to a set of entry points, one should set service: "service-1" ``` - **Static Configuration** - ```toml tab="File (TOML)" - ## Static configuration - - [entryPoints] - [entryPoints.web] - address = ":80" - [entryPoints.other] - address = ":9090/udp" - [entryPoints.streaming] - address = ":9191/udp" + ## Dynamic configuration + [udp.routers] + [udp.routers.Router-1] + # does not listen on "other" entry point + entryPoints = ["streaming"] + service = "service-1" ``` + **Static Configuration** + ```yaml tab="File (YAML)" ## Static configuration @@ -1158,6 +1146,18 @@ If one wants to limit the router scope to a set of entry points, one should set address: ":9191/udp" ``` + ```toml tab="File (TOML)" + ## Static configuration + + [entryPoints] + [entryPoints.web] + address = ":80" + [entryPoints.other] + address = ":9090/udp" + [entryPoints.streaming] + address = ":9191/udp" + ``` + ```bash tab="CLI" ## Static configuration --entrypoints.web.address=":80" diff --git a/docs/content/routing/services/index.md b/docs/content/routing/services/index.md index 859e5c26d..2520bf855 100644 --- a/docs/content/routing/services/index.md +++ b/docs/content/routing/services/index.md @@ -11,17 +11,6 @@ The `Services` are responsible for configuring how to reach the actual services ??? example "Declaring an HTTP Service with Two Servers -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.services] - [http.services.my-service.loadBalancer] - - [[http.services.my-service.loadBalancer.servers]] - url = "http://:/" - [[http.services.my-service.loadBalancer.servers]] - url = "http://:/" - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -33,18 +22,19 @@ The `Services` are responsible for configuring how to reach the actual services - url: "http://:/" ``` -??? example "Declaring a TCP Service with Two Servers -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration - [tcp.services] - [tcp.services.my-service.loadBalancer] - [[tcp.services.my-service.loadBalancer.servers]] - address = ":" - [[tcp.services.my-service.loadBalancer.servers]] - address = ":" + [http.services] + [http.services.my-service.loadBalancer] + + [[http.services.my-service.loadBalancer.servers]] + url = "http://:/" + [[http.services.my-service.loadBalancer.servers]] + url = "http://:/" ``` +??? example "Declaring a TCP Service with Two Servers -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" tcp: services: @@ -55,18 +45,18 @@ The `Services` are responsible for configuring how to reach the actual services - address: ":" ``` -??? example "Declaring a UDP Service with Two Servers -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration - [udp.services] - [udp.services.my-service.loadBalancer] - [[udp.services.my-service.loadBalancer.servers]] + [tcp.services] + [tcp.services.my-service.loadBalancer] + [[tcp.services.my-service.loadBalancer.servers]] address = ":" - [[udp.services.my-service.loadBalancer.servers]] + [[tcp.services.my-service.loadBalancer.servers]] address = ":" ``` +??? example "Declaring a UDP Service with Two Servers -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" udp: services: @@ -77,6 +67,16 @@ The `Services` are responsible for configuring how to reach the actual services - address: ":" ``` + ```toml tab="TOML" + ## Dynamic configuration + [udp.services] + [udp.services.my-service.loadBalancer] + [[udp.services.my-service.loadBalancer.servers]] + address = ":" + [[udp.services.my-service.loadBalancer.servers]] + address = ":" + ``` + ## Configuring HTTP Services ### Servers Load Balancer @@ -87,6 +87,16 @@ Each service has a load-balancer, even if there is only one server to forward tr ??? example "Declaring a Service with Two Servers (with Load Balancing) -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" + http: + services: + my-service: + loadBalancer: + servers: + - url: "http://private-ip-server-1/" + - url: "http://private-ip-server-2/" + ``` + ```toml tab="TOML" ## Dynamic configuration [http.services] @@ -98,16 +108,6 @@ Each service has a load-balancer, even if there is only one server to forward tr url = "http://private-ip-server-2/" ``` - ```yaml tab="YAML" - http: - services: - my-service: - loadBalancer: - servers: - - url: "http://private-ip-server-1/" - - url: "http://private-ip-server-2/" - ``` - #### Servers Servers declare a single instance of your program. @@ -120,14 +120,6 @@ The `url` option point to a specific instance. ??? example "A Service with One Server -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.services] - [http.services.my-service.loadBalancer] - [[http.services.my-service.loadBalancer.servers]] - url = "http://private-ip-server-1/" - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -138,22 +130,20 @@ The `url` option point to a specific instance. - url: "http://private-ip-server-1/" ``` -#### Load-balancing - -For now, only round robin load balancing is supported: - -??? example "Load Balancing -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [http.services] [http.services.my-service.loadBalancer] [[http.services.my-service.loadBalancer.servers]] url = "http://private-ip-server-1/" - [[http.services.my-service.loadBalancer.servers]] - url = "http://private-ip-server-2/" ``` +#### Load-balancing + +For now, only round robin load balancing is supported: + +??? example "Load Balancing -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration http: @@ -165,6 +155,16 @@ For now, only round robin load balancing is supported: - url: "http://private-ip-server-2/" ``` + ```toml tab="TOML" + ## Dynamic configuration + [http.services] + [http.services.my-service.loadBalancer] + [[http.services.my-service.loadBalancer.servers]] + url = "http://private-ip-server-1/" + [[http.services.my-service.loadBalancer.servers]] + url = "http://private-ip-server-2/" + ``` + #### Sticky sessions When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. @@ -186,18 +186,11 @@ On subsequent requests, to keep the session alive with the same server, the clie By default, the affinity cookie is created without those flags. One however can change that through configuration. - + `SameSite` can be `none`, `lax`, `strict` or empty. ??? example "Adding Stickiness -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.services] - [http.services.my-service] - [http.services.my-service.loadBalancer.sticky.cookie] - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -208,19 +201,15 @@ On subsequent requests, to keep the session alive with the same server, the clie cookie: {} ``` -??? example "Adding Stickiness with custom Options -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [http.services] [http.services.my-service] [http.services.my-service.loadBalancer.sticky.cookie] - name = "my_sticky_cookie_name" - secure = true - httpOnly = true - sameSite = "none" ``` +??? example "Adding Stickiness with custom Options -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration http: @@ -234,40 +223,19 @@ On subsequent requests, to keep the session alive with the same server, the clie httpOnly: true ``` -??? example "Setting Stickiness on all the required levels -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [http.services] - [http.services.wrr1] - [http.services.wrr1.weighted.sticky.cookie] - name = "lvl1" - [[http.services.wrr1.weighted.services]] - name = "whoami1" - weight = 1 - [[http.services.wrr1.weighted.services]] - name = "whoami2" - weight = 1 - - [http.services.whoami1] - [http.services.whoami1.loadBalancer] - [http.services.whoami1.loadBalancer.sticky.cookie] - name = "lvl2" - [[http.services.whoami1.loadBalancer.servers]] - url = "http://127.0.0.1:8081" - [[http.services.whoami1.loadBalancer.servers]] - url = "http://127.0.0.1:8082" - - [http.services.whoami2] - [http.services.whoami2.loadBalancer] - [http.services.whoami2.loadBalancer.sticky.cookie] - name = "lvl2" - [[http.services.whoami2.loadBalancer.servers]] - url = "http://127.0.0.1:8083" - [[http.services.whoami2.loadBalancer.servers]] - url = "http://127.0.0.1:8084" + [http.services.my-service] + [http.services.my-service.loadBalancer.sticky.cookie] + name = "my_sticky_cookie_name" + secure = true + httpOnly = true + sameSite = "none" ``` +??? example "Setting Stickiness on all the required levels -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration http: @@ -302,8 +270,40 @@ On subsequent requests, to keep the session alive with the same server, the clie - url: http://127.0.0.1:8084 ``` + ```toml tab="TOML" + ## Dynamic configuration + [http.services] + [http.services.wrr1] + [http.services.wrr1.weighted.sticky.cookie] + name = "lvl1" + [[http.services.wrr1.weighted.services]] + name = "whoami1" + weight = 1 + [[http.services.wrr1.weighted.services]] + name = "whoami2" + weight = 1 + + [http.services.whoami1] + [http.services.whoami1.loadBalancer] + [http.services.whoami1.loadBalancer.sticky.cookie] + name = "lvl2" + [[http.services.whoami1.loadBalancer.servers]] + url = "http://127.0.0.1:8081" + [[http.services.whoami1.loadBalancer.servers]] + url = "http://127.0.0.1:8082" + + [http.services.whoami2] + [http.services.whoami2.loadBalancer] + [http.services.whoami2.loadBalancer.sticky.cookie] + name = "lvl2" + [[http.services.whoami2.loadBalancer.servers]] + url = "http://127.0.0.1:8083" + [[http.services.whoami2.loadBalancer.servers]] + url = "http://127.0.0.1:8084" + ``` + To keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl: - + ``` curl -b "lvl1=whoami1; lvl2=http://127.0.0.1:8081" http://localhost:8000 ``` @@ -342,16 +342,6 @@ Below are the available options for the health check mechanism: ??? example "Custom Interval & Timeout -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.services] - [http.services.Service-1] - [http.services.Service-1.loadBalancer.healthCheck] - path = "/health" - interval = "10s" - timeout = "3s" - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -364,17 +354,18 @@ Below are the available options for the health check mechanism: timeout: "3s" ``` -??? example "Custom Port -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [http.services] [http.services.Service-1] [http.services.Service-1.loadBalancer.healthCheck] path = "/health" - port = 8080 + interval = "10s" + timeout = "3s" ``` +??? example "Custom Port -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration http: @@ -386,17 +377,17 @@ Below are the available options for the health check mechanism: port: 8080 ``` -??? example "Custom Scheme -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [http.services] [http.services.Service-1] [http.services.Service-1.loadBalancer.healthCheck] path = "/health" - scheme = "http" + port = 8080 ``` +??? example "Custom Scheme -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration http: @@ -408,20 +399,17 @@ Below are the available options for the health check mechanism: scheme: http ``` -??? example "Additional HTTP Headers -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [http.services] [http.services.Service-1] [http.services.Service-1.loadBalancer.healthCheck] path = "/health" - - [http.services.Service-1.loadBalancer.healthCheck.headers] - My-Custom-Header = "foo" - My-Header = "bar" + scheme = "http" ``` +??? example "Additional HTTP Headers -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration http: @@ -435,6 +423,18 @@ Below are the available options for the health check mechanism: My-Header: bar ``` + ```toml tab="TOML" + ## Dynamic configuration + [http.services] + [http.services.Service-1] + [http.services.Service-1.loadBalancer.healthCheck] + path = "/health" + + [http.services.Service-1.loadBalancer.healthCheck.headers] + My-Custom-Header = "foo" + My-Header = "bar" + ``` + #### Pass Host Header The `passHostHeader` allows to forward client Host header to server. @@ -443,14 +443,6 @@ By default, `passHostHeader` is true. ??? example "Don't forward the host header -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.services] - [http.services.Service01] - [http.services.Service01.loadBalancer] - passHostHeader = false - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -460,20 +452,20 @@ By default, `passHostHeader` is true. passHostHeader: false ``` -#### ServersTransport - -`serversTransport` allows to reference a [ServersTransport](./index.md#serverstransport_1) configuration for the communication between Traefik and your servers. - -??? example "Specify a transport -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [http.services] [http.services.Service01] [http.services.Service01.loadBalancer] - serversTransport = "mytransport" + passHostHeader = false ``` +#### ServersTransport + +`serversTransport` allows to reference a [ServersTransport](./index.md#serverstransport_1) configuration for the communication between Traefik and your servers. + +??? example "Specify a transport -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration http: @@ -483,9 +475,17 @@ By default, `passHostHeader` is true. serversTransport: mytransport ``` + ```toml tab="TOML" + ## Dynamic configuration + [http.services] + [http.services.Service01] + [http.services.Service01.loadBalancer] + serversTransport = "mytransport" + ``` + !!! info default serversTransport - If no serversTransport is specified, the `default@internal` will be used. - The `default@internal` serversTransport is created from the [static configuration](../overview.md#transport-configuration). + If no serversTransport is specified, the `default@internal` will be used. + The `default@internal` serversTransport is created from the [static configuration](../overview.md#transport-configuration). #### Response Forwarding @@ -501,14 +501,6 @@ Below are the available options for the Response Forwarding mechanism: ??? example "Using a custom FlushInterval -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [http.services] - [http.services.Service-1] - [http.services.Service-1.loadBalancer.responseForwarding] - flushInterval = "1s" - ``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -519,6 +511,14 @@ Below are the available options for the Response Forwarding mechanism: flushInterval: 1s ``` + ```toml tab="TOML" + ## Dynamic configuration + [http.services] + [http.services.Service-1] + [http.services.Service-1.loadBalancer.responseForwarding] + flushInterval = "1s" + ``` + ### ServersTransport ServersTransport allows to configure the transport between Traefik and your servers. @@ -529,12 +529,6 @@ _Optional_ `serverName` configure the server name that will be used for SNI. -```toml tab="File (TOML)" -## Dynamic configuration -[http.serversTransports.mytransport] - serverName = "myhost" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -543,6 +537,12 @@ http: serverName: "myhost" ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.serversTransports.mytransport] + serverName = "myhost" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -561,13 +561,6 @@ _Optional_ `certificates` is the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. -```toml tab="File (TOML)" -## Dynamic configuration -[[http.serversTransports.mytransport.certificates]] - certFile = "foo.crt" - keyFile = "bar.crt" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -578,6 +571,13 @@ http: keyFile: bar.crt ``` +```toml tab="File (TOML)" +## Dynamic configuration +[[http.serversTransports.mytransport.certificates]] + certFile = "foo.crt" + keyFile = "bar.crt" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -594,7 +594,7 @@ apiVersion: v1 kind: Secret metadata: name: mycert - + data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0= @@ -606,12 +606,6 @@ _Optional_ `insecureSkipVerify` disables SSL certificate verification. -```toml tab="File (TOML)" -## Dynamic configuration -[http.serversTransports.mytransport] - insecureSkipVerify = true -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -620,6 +614,12 @@ http: insecureSkipVerify: true ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.serversTransports.mytransport] + insecureSkipVerify = true +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -638,12 +638,6 @@ _Optional_ `rootCAs` is the list of certificates (as file paths, or data bytes) that will be set as Root Certificate Authorities when using a self-signed TLS certificate. -```toml tab="File (TOML)" -## Dynamic configuration -[http.serversTransports.mytransport] - rootCAs = ["foo.crt", "bar.crt"] -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -654,6 +648,12 @@ http: - bar.crt ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.serversTransports.mytransport] + rootCAs = ["foo.crt", "bar.crt"] +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -669,7 +669,7 @@ apiVersion: v1 kind: Secret metadata: name: myca - + data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0= ``` @@ -680,12 +680,6 @@ _Optional, Default=2_ If non-zero, `maxIdleConnsPerHost` controls the maximum idle (keep-alive) connections to keep per-host. -```toml tab="File (TOML)" -## Dynamic configuration -[http.serversTransports.mytransport] - maxIdleConnsPerHost = 7 -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -694,6 +688,12 @@ http: maxIdleConnsPerHost: 7 ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.serversTransports.mytransport] + maxIdleConnsPerHost = 7 +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -747,12 +747,6 @@ _Optional, Default=30s_ `dialTimeout` is the maximum duration allowed for a connection to a backend server to be established. Zero means no timeout. -```toml tab="File (TOML)" -## Dynamic configuration -[http.serversTransports.mytransport.forwardingTimeouts] - dialTimeout = "1s" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -762,6 +756,12 @@ http: dialTimeout: "1s" ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.serversTransports.mytransport.forwardingTimeouts] + dialTimeout = "1s" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -783,12 +783,6 @@ after fully writing the request (including its body, if any). This time does not include the time to read the response body. Zero means no timeout. -```toml tab="File (TOML)" -## Dynamic configuration -[http.serversTransports.mytransport.forwardingTimeouts] - responseHeaderTimeout = "1s" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -798,6 +792,12 @@ http: responseHeaderTimeout: "1s" ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.serversTransports.mytransport.forwardingTimeouts] + responseHeaderTimeout = "1s" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -818,12 +818,6 @@ _Optional, Default=90s_ will remain idle before closing itself. Zero means no limit. -```toml tab="File (TOML)" -## Dynamic configuration -[http.serversTransports.mytransport.forwardingTimeouts] - idleConnTimeout = "1s" -``` - ```yaml tab="File (YAML)" ## Dynamic configuration http: @@ -833,6 +827,12 @@ http: idleConnTimeout: "1s" ``` +```toml tab="File (TOML)" +## Dynamic configuration +[http.serversTransports.mytransport.forwardingTimeouts] + idleConnTimeout = "1s" +``` + ```yaml tab="Kubernetes" apiVersion: traefik.containo.us/v1alpha1 kind: ServersTransport @@ -852,31 +852,9 @@ The WRR is able to load balance the requests between multiple services based on This strategy is only available to load balance between [services](./index.md) and not between [servers](./index.md#servers). !!! info "Supported Providers" - + This strategy can be defined currently with the [File](../../providers/file.md) or [IngressRoute](../../providers/kubernetes-crd.md) providers. -```toml tab="TOML" -## Dynamic configuration -[http.services] - [http.services.app] - [[http.services.app.weighted.services]] - name = "appv1" - weight = 3 - [[http.services.app.weighted.services]] - name = "appv2" - weight = 1 - - [http.services.appv1] - [http.services.appv1.loadBalancer] - [[http.services.appv1.loadBalancer.servers]] - url = "http://private-ip-server-1/" - - [http.services.appv2] - [http.services.appv2.loadBalancer] - [[http.services.appv2.loadBalancer.servers]] - url = "http://private-ip-server-2/" -``` - ```yaml tab="YAML" ## Dynamic configuration http: @@ -900,29 +878,16 @@ http: - url: "http://private-ip-server-2/" ``` -### Mirroring (service) - -The mirroring is able to mirror requests sent to a service to other services. -Please note that by default the whole request is buffered in memory while it is being mirrored. -See the maxBodySize option in the example below for how to modify this behaviour. - -!!! info "Supported Providers" - - This strategy can be defined currently with the [File](../../providers/file.md) or [IngressRoute](../../providers/kubernetes-crd.md) providers. - ```toml tab="TOML" ## Dynamic configuration [http.services] - [http.services.mirrored-api] - [http.services.mirrored-api.mirroring] - service = "appv1" - # maxBodySize is the maximum size in bytes allowed for the body of the request. - # If the body is larger, the request is not mirrored. - # Default value is -1, which means unlimited size. - maxBodySize = 1024 - [[http.services.mirrored-api.mirroring.mirrors]] + [http.services.app] + [[http.services.app.weighted.services]] + name = "appv1" + weight = 3 + [[http.services.app.weighted.services]] name = "appv2" - percent = 10 + weight = 1 [http.services.appv1] [http.services.appv1.loadBalancer] @@ -935,6 +900,16 @@ See the maxBodySize option in the example below for how to modify this behaviour url = "http://private-ip-server-2/" ``` +### Mirroring (service) + +The mirroring is able to mirror requests sent to a service to other services. +Please note that by default the whole request is buffered in memory while it is being mirrored. +See the maxBodySize option in the example below for how to modify this behaviour. + +!!! info "Supported Providers" + + This strategy can be defined currently with the [File](../../providers/file.md) or [IngressRoute](../../providers/kubernetes-crd.md) providers. + ```yaml tab="YAML" ## Dynamic configuration http: @@ -961,6 +936,31 @@ http: - url: "http://private-ip-server-2/" ``` +```toml tab="TOML" +## Dynamic configuration +[http.services] + [http.services.mirrored-api] + [http.services.mirrored-api.mirroring] + service = "appv1" + # maxBodySize is the maximum size in bytes allowed for the body of the request. + # If the body is larger, the request is not mirrored. + # Default value is -1, which means unlimited size. + maxBodySize = 1024 + [[http.services.mirrored-api.mirroring.mirrors]] + name = "appv2" + percent = 10 + + [http.services.appv1] + [http.services.appv1.loadBalancer] + [[http.services.appv1.loadBalancer.servers]] + url = "http://private-ip-server-1/" + + [http.services.appv2] + [http.services.appv2.loadBalancer] + [[http.services.appv2.loadBalancer.servers]] + url = "http://private-ip-server-2/" +``` + ## Configuring TCP Services ### General @@ -976,6 +976,17 @@ The servers load balancer is in charge of balancing the requests between the ser ??? example "Declaring a Service with Two Servers -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" + ## Dynamic configuration + tcp: + services: + my-service: + loadBalancer: + servers: + - address: "xx.xx.xx.xx:xx" + - address: "xx.xx.xx.xx:xx" + ``` + ```toml tab="TOML" ## Dynamic configuration [tcp.services] @@ -986,17 +997,6 @@ The servers load balancer is in charge of balancing the requests between the ser address = "xx.xx.xx.xx:xx" ``` - ```yaml tab="YAML" - ## Dynamic configuration - tcp: - services: - my-service: - loadBalancer: - servers: - - address: "xx.xx.xx.xx:xx" - - address: "xx.xx.xx.xx:xx" - ``` - #### Servers Servers declare a single instance of your program. @@ -1004,14 +1004,6 @@ The `address` option (IP:Port) point to a specific instance. ??? example "A Service with One Server -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [tcp.services] - [tcp.services.my-service.loadBalancer] - [[tcp.services.my-service.loadBalancer.servers]] - address = "xx.xx.xx.xx:xx" - ``` - ```yaml tab="YAML" ## Dynamic configuration tcp: @@ -1022,6 +1014,14 @@ The `address` option (IP:Port) point to a specific instance. - address: "xx.xx.xx.xx:xx" ``` + ```toml tab="TOML" + ## Dynamic configuration + [tcp.services] + [tcp.services.my-service.loadBalancer] + [[tcp.services.my-service.loadBalancer.servers]] + address = "xx.xx.xx.xx:xx" + ``` + #### PROXY Protocol Traefik supports [PROXY Protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2 on TCP Services. @@ -1033,18 +1033,10 @@ Below are the available options for the PROXY protocol: !!! info "Version" - Specifying a version is optional. By default the version 2 will be used. + Specifying a version is optional. By default the version 2 will be used. ??? example "A Service with Proxy Protocol v1 -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [tcp.services] - [tcp.services.my-service.loadBalancer] - [tcp.services.my-service.loadBalancer.proxyProtocol] - version = 1 - ``` - ```yaml tab="YAML" ## Dynamic configuration tcp: @@ -1055,6 +1047,14 @@ Below are the available options for the PROXY protocol: version: 1 ``` + ```toml tab="TOML" + ## Dynamic configuration + [tcp.services] + [tcp.services.my-service.loadBalancer] + [tcp.services.my-service.loadBalancer.proxyProtocol] + version = 1 + ``` + #### Termination Delay As a proxy between a client and a server, it can happen that either side (e.g. client side) decides to terminate its writing capability on the connection (i.e. issuance of a FIN packet). @@ -1071,14 +1071,6 @@ A negative value means an infinite deadline (i.e. the connection is never fully ??? example "A Service with a termination delay -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [tcp.services] - [tcp.services.my-service.loadBalancer] - [[tcp.services.my-service.loadBalancer]] - terminationDelay = 200 - ``` - ```yaml tab="YAML" ## Dynamic configuration tcp: @@ -1088,6 +1080,14 @@ A negative value means an infinite deadline (i.e. the connection is never fully terminationDelay: 200 ``` + ```toml tab="TOML" + ## Dynamic configuration + [tcp.services] + [tcp.services.my-service.loadBalancer] + [[tcp.services.my-service.loadBalancer]] + terminationDelay = 200 + ``` + ### Weighted Round Robin The Weighted Round Robin (alias `WRR`) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights. @@ -1095,31 +1095,9 @@ The Weighted Round Robin (alias `WRR`) load-balancer of services is in charge of This strategy is only available to load balance between [services](./index.md) and not between [servers](./index.md#servers). !!! info "Supported Providers" - + This strategy can be defined currently with the [File](../../providers/file.md) or [IngressRoute](../../providers/kubernetes-crd.md) providers. -```toml tab="TOML" -## Dynamic configuration -[tcp.services] - [tcp.services.app] - [[tcp.services.app.weighted.services]] - name = "appv1" - weight = 3 - [[tcp.services.app.weighted.services]] - name = "appv2" - weight = 1 - - [tcp.services.appv1] - [tcp.services.appv1.loadBalancer] - [[tcp.services.appv1.loadBalancer.servers]] - address = "private-ip-server-1:8080/" - - [tcp.services.appv2] - [tcp.services.appv2.loadBalancer] - [[tcp.services.appv2.loadBalancer.servers]] - address = "private-ip-server-2:8080/" -``` - ```yaml tab="YAML" ## Dynamic configuration tcp: @@ -1143,6 +1121,28 @@ tcp: - address: "xxx.xxx.xxx.xxx:8080" ``` +```toml tab="TOML" +## Dynamic configuration +[tcp.services] + [tcp.services.app] + [[tcp.services.app.weighted.services]] + name = "appv1" + weight = 3 + [[tcp.services.app.weighted.services]] + name = "appv2" + weight = 1 + + [tcp.services.appv1] + [tcp.services.appv1.loadBalancer] + [[tcp.services.appv1.loadBalancer.servers]] + address = "private-ip-server-1:8080/" + + [tcp.services.appv2] + [tcp.services.appv2.loadBalancer] + [[tcp.services.appv2.loadBalancer.servers]] + address = "private-ip-server-2:8080/" +``` + ## Configuring UDP Services ### General @@ -1158,16 +1158,6 @@ The servers load balancer is in charge of balancing the requests between the ser ??? example "Declaring a Service with Two Servers -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" - ## Dynamic configuration - [udp.services] - [udp.services.my-service.loadBalancer] - [[udp.services.my-service.loadBalancer.servers]] - address = "xx.xx.xx.xx:xx" - [[udp.services.my-service.loadBalancer.servers]] - address = "xx.xx.xx.xx:xx" - ``` - ```yaml tab="YAML" ## Dynamic configuration udp: @@ -1179,21 +1169,23 @@ The servers load balancer is in charge of balancing the requests between the ser - address: "xx.xx.xx.xx:xx" ``` -#### Servers - -The Servers field defines all the servers that are part of this load-balancing group, -i.e. each address (IP:Port) on which an instance of the service's program is deployed. - -??? example "A Service with One Server -- Using the [File Provider](../../providers/file.md)" - ```toml tab="TOML" ## Dynamic configuration [udp.services] [udp.services.my-service.loadBalancer] [[udp.services.my-service.loadBalancer.servers]] address = "xx.xx.xx.xx:xx" + [[udp.services.my-service.loadBalancer.servers]] + address = "xx.xx.xx.xx:xx" ``` +#### Servers + +The Servers field defines all the servers that are part of this load-balancing group, +i.e. each address (IP:Port) on which an instance of the service's program is deployed. + +??? example "A Service with One Server -- Using the [File Provider](../../providers/file.md)" + ```yaml tab="YAML" ## Dynamic configuration udp: @@ -1204,6 +1196,14 @@ i.e. each address (IP:Port) on which an instance of the service's program is dep - address: "xx.xx.xx.xx:xx" ``` + ```toml tab="TOML" + ## Dynamic configuration + [udp.services] + [udp.services.my-service.loadBalancer] + [[udp.services.my-service.loadBalancer.servers]] + address = "xx.xx.xx.xx:xx" + ``` + ### Weighted Round Robin The Weighted Round Robin (alias `WRR`) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights. @@ -1212,28 +1212,6 @@ This strategy is only available to load balance between [services](./index.md) a This strategy can only be defined with [File](../../providers/file.md). -```toml tab="TOML" -## Dynamic configuration -[udp.services] - [udp.services.app] - [[udp.services.app.weighted.services]] - name = "appv1" - weight = 3 - [[udp.services.app.weighted.services]] - name = "appv2" - weight = 1 - - [udp.services.appv1] - [udp.services.appv1.loadBalancer] - [[udp.services.appv1.loadBalancer.servers]] - address = "private-ip-server-1:8080/" - - [udp.services.appv2] - [udp.services.appv2.loadBalancer] - [[udp.services.appv2.loadBalancer.servers]] - address = "private-ip-server-2:8080/" -``` - ```yaml tab="YAML" ## Dynamic configuration udp: @@ -1256,3 +1234,25 @@ udp: servers: - address: "xxx.xxx.xxx.xxx:8080" ``` + +```toml tab="TOML" +## Dynamic configuration +[udp.services] + [udp.services.app] + [[udp.services.app.weighted.services]] + name = "appv1" + weight = 3 + [[udp.services.app.weighted.services]] + name = "appv2" + weight = 1 + + [udp.services.appv1] + [udp.services.appv1.loadBalancer] + [[udp.services.appv1.loadBalancer.servers]] + address = "private-ip-server-1:8080/" + + [udp.services.appv2] + [udp.services.appv2.loadBalancer] + [[udp.services.appv2.loadBalancer.servers]] + address = "private-ip-server-2:8080/" +``` diff --git a/docs/content/user-guides/grpc.md b/docs/content/user-guides/grpc.md index 3fef7d420..27b3b4284 100644 --- a/docs/content/user-guides/grpc.md +++ b/docs/content/user-guides/grpc.md @@ -8,17 +8,6 @@ This section explains how to use Traefik as reverse proxy for gRPC application. Static configuration: -```toml tab="File (TOML)" -[entryPoints] - [entryPoints.web] - address = ":80" - -[api] - -[providers.file] - directory = "/path/to/dynamic/config" -``` - ```yaml tab="File (YAML)" entryPoints: web: @@ -31,30 +20,24 @@ providers: api: {} ``` +```toml tab="File (TOML)" +[entryPoints] + [entryPoints.web] + address = ":80" + +[api] + +[providers.file] + directory = "/path/to/dynamic/config" +``` + ```yaml tab="CLI" --entryPoints.web.address=:80 --providers.file.directory=/path/to/dynamic/config --api.insecure=true ``` -`/path/to/dynamic/config/dynamic_conf.{toml,yml}`: - -```toml tab="TOML" -## dynamic configuration ## - -[http] - - [http.routers] - [http.routers.routerTest] - service = "srv-grpc" - rule = "Host(`frontend.local`)" - - [http.services] - [http.services.srv-grpc] - [http.services.srv-grpc.loadBalancer] - [[http.services.srv-grpc.loadBalancer.servers]] - url = "h2c://backend.local:8080" -``` +`/path/to/dynamic/config/dynamic_conf.{yml,toml}`: ```yaml tab="YAML" ## dynamic configuration ## @@ -72,6 +55,23 @@ http: - url: h2c://backend.local:8080 ``` +```toml tab="TOML" +## dynamic configuration ## + +[http] + + [http.routers] + [http.routers.routerTest] + service = "srv-grpc" + rule = "Host(`frontend.local`)" + + [http.services] + [http.services.srv-grpc] + [http.services.srv-grpc.loadBalancer] + [[http.services.srv-grpc.loadBalancer.servers]] + url = "h2c://backend.local:8080" +``` + !!! warning For providers with labels, you will have to specify the `traefik.http.services..loadbalancer.server.scheme=h2c` @@ -119,22 +119,6 @@ At last, we configure our Traefik instance to use both self-signed certificates. Static configuration: -```toml tab="File (TOML)" -[entryPoints] - [entryPoints.websecure] - address = ":4443" - - -[serversTransport] - # For secure connection on backend.local - rootCAs = [ "./backend.cert" ] - -[api] - -[provider.file] - directory = "/path/to/dynamic/config" -``` - ```yaml tab="File (YAML)" entryPoints: websecure: @@ -152,6 +136,22 @@ providers: api: {} ``` +```toml tab="File (TOML)" +[entryPoints] + [entryPoints.websecure] + address = ":4443" + + +[serversTransport] + # For secure connection on backend.local + rootCAs = [ "./backend.cert" ] + +[api] + +[provider.file] + directory = "/path/to/dynamic/config" +``` + ```yaml tab="CLI" --entryPoints.websecure.address=:4443 # For secure connection on backend.local @@ -160,32 +160,7 @@ api: {} --api.insecure=true ``` -`/path/to/dynamic/config/dynamic_conf.{toml,yml}`: - -```toml tab="TOML" -## dynamic configuration ## - -[http] - - [http.routers] - [http.routers.routerTest] - service = "srv-grpc" - rule = "Host(`frontend.local`)" - - [http.services] - [http.services.srv-grpc] - [http.services.srv-grpc.loadBalancer] - [[http.services.srv-grpc.loadBalancer.servers]] - # Access on backend with HTTPS - url = "https://backend.local:8080" - -[tls] - - # For secure connection on frontend.local - [[tls.certificates]] - certFile = "./frontend.cert" - keyFile = "./frontend.key" -``` +`/path/to/dynamic/config/dynamic_conf.{yml,toml}`: ```yaml tab="YAML" ## dynamic configuration ## @@ -208,6 +183,31 @@ tls: keyfile: ./frontend.key ``` +```toml tab="TOML" +## dynamic configuration ## + +[http] + + [http.routers] + [http.routers.routerTest] + service = "srv-grpc" + rule = "Host(`frontend.local`)" + + [http.services] + [http.services.srv-grpc] + [http.services.srv-grpc.loadBalancer] + [[http.services.srv-grpc.loadBalancer.servers]] + # Access on backend with HTTPS + url = "https://backend.local:8080" + +[tls] + + # For secure connection on frontend.local + [[tls.certificates]] + certFile = "./frontend.cert" + keyFile = "./frontend.key" +``` + !!! warning With some services, the server URLs use the IP, so you may need to configure `insecureSkipVerify` instead of the `rootCAs` to activate HTTPS without hostname verification. diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 3a9e141e4..62029fc6d 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -68,6 +68,7 @@ nav: - 'Quick Start': 'getting-started/quick-start.md' - 'Configuration Introduction': 'getting-started/configuration-overview.md' - 'Install Traefik': 'getting-started/install-traefik.md' + - 'Frequently Asked Questions': 'getting-started/faq.md' - 'Configuration Discovery': - 'Overview': 'providers/overview.md' - 'Docker': 'providers/docker.md' diff --git a/go.mod b/go.mod index d42085f0e..e9187c700 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ go 1.16 require ( github.com/BurntSushi/toml v0.3.1 github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61 - github.com/Masterminds/sprig/v3 v3.2.0 + github.com/Masterminds/sprig/v3 v3.2.2 github.com/Microsoft/hcsshim v0.8.7 // indirect github.com/Shopify/sarama v1.23.1 // indirect github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000 @@ -30,7 +30,7 @@ require ( github.com/elazarl/go-bindata-assetfs v1.0.0 github.com/fatih/structs v1.1.0 github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2 - github.com/go-acme/lego/v4 v4.3.1 + github.com/go-acme/lego/v4 v4.4.0 github.com/go-check/check v0.0.0-00010101000000-000000000000 github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea github.com/golang/protobuf v1.4.3 @@ -70,7 +70,7 @@ require ( github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 github.com/tinylib/msgp v1.0.2 // indirect github.com/traefik/gziphandler v1.1.2-0.20210212101304-175e0fad6888 - github.com/traefik/paerser v0.1.2 + github.com/traefik/paerser v0.1.4 github.com/traefik/yaegi v0.9.17 github.com/uber/jaeger-client-go v2.29.1+incompatible github.com/uber/jaeger-lib v2.2.0+incompatible @@ -81,9 +81,9 @@ require ( github.com/vulcand/predicate v1.1.0 go.elastic.co/apm v1.11.0 go.elastic.co/apm/module/apmot v1.11.0 - golang.org/x/mod v0.3.0 + golang.org/x/mod v0.4.2 golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d - golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 + golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba golang.org/x/tools v0.0.0-20200904185747-39188db58858 google.golang.org/grpc v1.27.1 gopkg.in/DataDog/dd-trace-go.v1 v1.19.0 diff --git a/go.sum b/go.sum index 62084b397..4f2bd22d4 100644 --- a/go.sum +++ b/go.sum @@ -79,14 +79,12 @@ github.com/DataDog/zstd v1.3.6-0.20190409195224-796139022798/go.mod h1:1jcaCB/uf github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61 h1:1NIUJ+MAMpqDr4LWIfNsoJR+G7zg/8GZVwuRkmJxtTc= github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61/go.mod h1:62qWSDaEI0BLykU+zQza5CAKgW0lOy9oBSz3/DvYz4w= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= -github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= -github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= -github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= +github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= -github.com/Masterminds/sprig/v3 v3.1.0/go.mod h1:ONGMf7UfYGAbMXCZmQLy8x3lCDIPrEZE/rU8pmrbihA= -github.com/Masterminds/sprig/v3 v3.2.0 h1:P1ekkbuU73Ui/wS0nK1HOM37hh4xdfZo485UPf8rc+Y= -github.com/Masterminds/sprig/v3 v3.2.0/go.mod h1:tWhwTbUTndesPNeF0C900vKoq283u6zp4APT9vaF3SI= +github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= +github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg= @@ -244,6 +242,7 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TRo4= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= +github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnsimple/dnsimple-go v0.63.0 h1:0doY8VW/ckRIMTmOw4E1vwqo+bhtjDzvh1pU2ZteFGA= github.com/dnsimple/dnsimple-go v0.63.0/go.mod h1:O5TJ0/U6r7AfT8niYNlmohpLbCSG+c71tQlGr9SeGrg= github.com/docker/cli v0.0.0-20200221155518-740919cc7fc0 h1:hlGHcYGaaHs/yffSubcUKlp8TyV1v7qhcZZ5nGNQ2Fw= @@ -327,8 +326,8 @@ github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeME github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= -github.com/go-acme/lego/v4 v4.3.1 h1:rzmg0Gpy25B/exXjl+KgpG5Xt6wN5rFTLjRf/Uf3pfg= -github.com/go-acme/lego/v4 v4.3.1/go.mod h1:tySA24ifl6bI7kZ0+ocGtTIv4H1yhYVFAgyMHF2DSRg= +github.com/go-acme/lego/v4 v4.4.0 h1:uHhU5LpOYQOdp3aDU+XY2bajseu8fuExphTL1Ss6/Fc= +github.com/go-acme/lego/v4 v4.4.0/go.mod h1:l3+tFUFZb590dWcqhWZegynUthtaHJbG2fevUpoOOE0= github.com/go-chi/chi v4.0.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ= github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s= github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w= @@ -401,6 +400,8 @@ github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48/go.mod h1:dZGr github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b h1:/vQ+oYKu+JoyaMPDsv5FzwuL2wwWBgBbtj/YLCi4LuA= +github.com/gobs/pretty v0.0.0-20180724170744-09732c25a95b/go.mod h1:Xo4aNUOrJnVruqWQJBtW6+bTBDTniY8yZum5rF3b5jw= github.com/gobuffalo/flect v0.2.0 h1:EWCvMGGxOjsgwlWaP+f4+Hh6yrrte7JeFL2S6b+0hdM= github.com/gobuffalo/flect v0.2.0/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= @@ -543,8 +544,8 @@ github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1: github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.6.8 h1:92lWxgpa+fF3FozM4B3UZtHZMJX8T5XT+TFdCxsPyWs= -github.com/hashicorp/go-retryablehttp v0.6.8/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= +github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM= +github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0 h1:Rqb66Oo1X/eSV1x66xbDccZjhJigjg0+e82kpwzSwCI= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0 h1:GeH6tui99pF4NJgfnhp+L6+FfobzVW3Ah46sLo0ICXs= @@ -577,7 +578,6 @@ github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1: github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df h1:MZf03xP9WdakyXhOWuAD5uPK3wHh96wCsqe3hCMKh8E= github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11 h1:3tnifQM4i+fbajXKBHXWEH+KvNHqojZ778UH75j3bGA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= @@ -585,6 +585,8 @@ github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NH github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d h1:/WZQPMZNsjZ7IlCpsLGdQBINg5bxKQ1K1sh6awxLtkA= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= +github.com/infobloxopen/infoblox-go-client v1.1.1 h1:728A6LbLjptj/7kZjHyIxQnm768PWHfGFm0HH8FnbtU= +github.com/infobloxopen/infoblox-go-client v1.1.1/go.mod h1:BXiw7S2b9qJoM8MS40vfgCNB2NLHGusk1DtO16BD9zI= github.com/instana/go-sensor v1.5.1 h1:GLxYsYiDWD15RSXDHS70VvTVU/CbwUimWrK6/e4eBPQ= github.com/instana/go-sensor v1.5.1/go.mod h1:5dEieTqu59XZr2/X53xF2Px4v83aSRRZa/47VbxAVa4= github.com/jarcoal/httpmock v1.0.6 h1:e81vOSexXU3mJuJ4l//geOmKIt+Vkxerk1feQBC8D0g= @@ -763,6 +765,8 @@ github.com/nrdcg/goinwx v0.8.1 h1:20EQ/JaGFnSKwiDH2JzjIpicffl3cPk6imJBDqVBVtU= github.com/nrdcg/goinwx v0.8.1/go.mod h1:tILVc10gieBp/5PMvbcYeXM6pVQ+c9jxDZnpaR1UW7c= github.com/nrdcg/namesilo v0.2.1 h1:kLjCjsufdW/IlC+iSfAqj0iQGgKjlbUUeDJio5Y6eMg= github.com/nrdcg/namesilo v0.2.1/go.mod h1:lwMvfQTyYq+BbjJd30ylEG4GPSS6PII0Tia4rRpRiyw= +github.com/nrdcg/porkbun v0.1.1 h1:gxVzQYfFUGXhnBax/aVugoE3OIBAdHgrJgyMPyY5Sjo= +github.com/nrdcg/porkbun v0.1.1/go.mod h1:JWl/WKnguWos4mjfp4YizvvToigk9qpQwrodOk+CPoA= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= @@ -908,6 +912,8 @@ github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da h1:p3Vo3i64TCL github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/santhosh-tekuri/jsonschema v1.2.4 h1:hNhW8e7t+H1vgY+1QeEQpveR6D4+OwKPXCfD2aieJis= github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20210127161313-bd30bebeac4f h1:WSnaD0/cvbKJgSTYbjAPf4RJXVvNNDAwVm+W8wEmnGE= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20210127161313-bd30bebeac4f/go.mod h1:CJJ5VAbozOl0yEw7nHB9+7BXTJbIn6h7W+f6Gau5IP8= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM= @@ -945,11 +951,16 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/skratchdot/open-golang v0.0.0-20160302144031-75fb7ed4208c/go.mod h1:sUM3LWHvSMaG192sy56D9F7CNvL7jUJVXoqM1QKLnog= -github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= +github.com/smartystreets/assertions v1.0.1 h1:voD4ITNjPL5jjBfgR/r8fPIIBrliWrWHeiJApdr3r4w= +github.com/smartystreets/assertions v1.0.1/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= +github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 h1:hp2CYQUINdZMHdvTdXtPOY2ainKl4IoMcpAXEf2xj3Q= +github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= +github.com/smartystreets/gunit v1.0.4 h1:tpTjnuH7MLlqhoD21vRoMZbMIi5GmBsAJDFyF67GhZA= +github.com/smartystreets/gunit v1.0.4/go.mod h1:EH5qMBab2UclzXUcpR8b93eHsIlp9u+pDQIRp5DZNzQ= github.com/soheilhy/cmux v0.1.4 h1:0HKaf1o97UwFjHH9o5XsHUOF+tqmdA7KEzXLpiyaw0E= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= @@ -1007,12 +1018,12 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 h1:LnC5Kc github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/traefik/gziphandler v1.1.2-0.20210212101304-175e0fad6888 h1:GMY0C+M/w8xO+/NP3Kq6sroMd+z2KbbdVr1K8o2NLHk= github.com/traefik/gziphandler v1.1.2-0.20210212101304-175e0fad6888/go.mod h1:sLqwoN03tkluITKL+lPEZbfsJQU2suYoKbrR/HeV9aM= -github.com/traefik/paerser v0.1.2 h1:0zvJgdwp2dNUodZHfgf+3IcaeJH2B28NcCGM+iZVtds= -github.com/traefik/paerser v0.1.2/go.mod h1:yYnAgdEC2wJH5CgG75qGWC8SsFDEapg09o9RrA6FfrE= +github.com/traefik/paerser v0.1.4 h1:/IXjV04Gf6di51H8Jl7jyS3OylsLjIasrwXIIwj1aT8= +github.com/traefik/paerser v0.1.4/go.mod h1:FIdQ4Y92ulQUGSeZgxchtBKEcLw1o551PMNg9PoIq/4= github.com/traefik/yaegi v0.9.17 h1:sJ4Wk6S7HHHXtJnOuxC/3qjdQKRy3q9ZhNP0ZGL7Ltw= github.com/traefik/yaegi v0.9.17/go.mod h1:FAYnRlZyuVlEkvnkHq3bvJ1lW5be6XuwgLdkYgYG6Lk= -github.com/transip/gotransip/v6 v6.6.0 h1:dAHCTZzX98H6QE2kA4R9acAXu5RPPTwMSUFtpKZF3Nk= -github.com/transip/gotransip/v6 v6.6.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= +github.com/transip/gotransip/v6 v6.2.0 h1:0Z+qVsyeiQdWfcAUeJyF0IEKAPvhJwwpwPi2WGtBIiE= +github.com/transip/gotransip/v6 v6.2.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/uber-go/atomic v1.3.2 h1:Azu9lPBWRNKzYXSIwRfgRuDuS0YKsK4NFhiQv98gkxo= github.com/uber-go/atomic v1.3.2/go.mod h1:/Ct5t2lcmbJ4OSe/waGBoaVvVqtO0bmtfVNex1PFV8g= @@ -1029,7 +1040,7 @@ github.com/unrolled/secure v1.0.9/go.mod h1:fO+mEan+FLB0CdEnHf6Q4ZZVNqG+5fuLFnP8 github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= -github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= @@ -1041,12 +1052,14 @@ github.com/vdemeester/shakers v0.1.0/go.mod h1:IZ1HHynUOQt32iQ3rvAeVddXLd19h/6LW github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU= github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM= +github.com/vinyldns/go-vinyldns v0.0.0-20200917153823-148a5f6b8f14 h1:TFXGGMHmml4rs29PdPisC/aaCzOxUu1Vsh9on/IpUfE= +github.com/vinyldns/go-vinyldns v0.0.0-20200917153823-148a5f6b8f14/go.mod h1:RWc47jtnVuQv6+lY3c768WtXCas/Xi+U5UFc5xULmYg= github.com/vulcand/oxy v1.3.0 h1:358BVHmJNLjhOrhbjq2EVJX5NQ3HxrP0d5OyHLRliX0= github.com/vulcand/oxy v1.3.0/go.mod h1:hN/gw/jg+GH4A+bqvznsW26Izd4jNGV6h1z3s7drRzs= github.com/vulcand/predicate v1.1.0 h1:Gq/uWopa4rx/tnZu2opOSBqHK63Yqlou/SzrbwdJiNg= github.com/vulcand/predicate v1.1.0/go.mod h1:mlccC5IRBoc2cIFmCB8ZM62I3VDb6p2GXESMHa3CnZg= -github.com/vultr/govultr/v2 v2.4.0 h1:6ySGGAsoOann0lmVNkS8grLvbAT2iYWnO4R1RVYFg0A= -github.com/vultr/govultr/v2 v2.4.0/go.mod h1:U+dZLAmyGD62IGykgC9JYU/zQIOkIhf93nw6dJL/47M= +github.com/vultr/govultr/v2 v2.0.0 h1:+lAtqfWy3g9VwL7tT2Fpyad8Vv4MxOhT/NU8O5dk+EQ= +github.com/vultr/govultr/v2 v2.0.0/go.mod h1:2PsEeg+gs3p/Fo5Pw8F9mv+DUBEOlrNZ8GmCTGmhOhs= github.com/xdg/scram v0.0.0-20180814205039-7eeb5667e42c/go.mod h1:lB8K/P019DLNhemzwFU4jHLhdvlE6uDZjXFejJXr49I= github.com/xdg/stringprep v1.0.0/go.mod h1:Jhud4/sHMO4oL310DaZAKk9ZaJ08SJfe+sJh0HrGL1Y= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -1167,8 +1180,9 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1310,8 +1324,9 @@ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20201208040808-7e3f01d25324 h1:Hir2P/De0WpUhtrKGGjvSb2YxUgyZ7EFOSLIcSSpiwE= golang.org/x/time v0.0.0-20201208040808-7e3f01d25324/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba h1:O8mE0/t419eoIwhTFpKVkHiTs/Igowgfkj25AcZrtiE= +golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/pkg/anonymize/testdata/anonymized-dynamic-config.json b/pkg/anonymize/testdata/anonymized-dynamic-config.json index b48bbc3bc..917fca5d7 100644 --- a/pkg/anonymize/testdata/anonymized-dynamic-config.json +++ b/pkg/anonymize/testdata/anonymized-dynamic-config.json @@ -190,7 +190,7 @@ }, "rateLimit": { "average": 42, - "period": 42, + "period": "42ns", "burst": 42, "sourceCriterion": { "ipStrategy": { @@ -306,7 +306,7 @@ }, "retry": { "attempts": 42, - "initialInterval": 42 + "initialInterval": "42ns" }, "contentType": { "autoDetect": true @@ -352,9 +352,9 @@ ], "maxIdleConnsPerHost": 42, "forwardingTimeouts": { - "dialTimeout": 42, - "responseHeaderTimeout": 42, - "idleConnTimeout": 42 + "dialTimeout": "42ns", + "responseHeaderTimeout": "42ns", + "idleConnTimeout": "42ns" } } } @@ -473,4 +473,4 @@ } } } -} +} \ No newline at end of file diff --git a/pkg/anonymize/testdata/anonymized-static-config.json b/pkg/anonymize/testdata/anonymized-static-config.json index a6ccb1727..ea511146a 100644 --- a/pkg/anonymize/testdata/anonymized-static-config.json +++ b/pkg/anonymize/testdata/anonymized-static-config.json @@ -12,9 +12,9 @@ ], "maxIdleConnsPerHost": 111, "forwardingTimeouts": { - "dialTimeout": 111000000000, - "responseHeaderTimeout": 111000000000, - "idleConnTimeout": 111000000000 + "dialTimeout": "1m51s", + "responseHeaderTimeout": "1m51s", + "idleConnTimeout": "1m51s" } }, "entryPoints": { @@ -22,13 +22,13 @@ "address": "xxxx", "transport": { "lifeCycle": { - "requestAcceptGraceTimeout": 111000000000, - "graceTimeOut": 111000000000 + "requestAcceptGraceTimeout": "1m51s", + "graceTimeOut": "1m51s" }, "respondingTimeouts": { - "readTimeout": 111000000000, - "writeTimeout": 111000000000, - "idleTimeout": 111000000000 + "readTimeout": "1m51s", + "writeTimeout": "1m51s", + "idleTimeout": "1m51s" } }, "proxyProtocol": { @@ -75,7 +75,7 @@ } }, "providers": { - "providersThrottleDuration": 111000000000, + "providersThrottleDuration": "1m51s", "docker": { "constraints": "Label(\"foo\", \"bar\")", "watch": true, @@ -92,8 +92,8 @@ "useBindPortIP": true, "swarmMode": true, "network": "MyNetwork", - "swarmModeRefreshSeconds": 42, - "httpClientTimeout": 42 + "swarmModeRefreshSeconds": "42ns", + "httpClientTimeout": "42ns" }, "file": { "directory": "file Directory", @@ -116,10 +116,10 @@ "key": "xxxx", "insecureSkipVerify": true }, - "dialerTimeout": 42, - "responseHeaderTimeout": 42, - "tlsHandshakeTimeout": 42, - "keepAlive": 42, + "dialerTimeout": "42ns", + "responseHeaderTimeout": "42ns", + "tlsHandshakeTimeout": "42ns", + "keepAlive": "42ns", "forceTaskHostname": true, "basic": { "httpBasicAuthUser": "xxxx", @@ -142,7 +142,7 @@ "hostname": "xxxx", "publishedService": "xxxx" }, - "throttleDuration": 111000000000 + "throttleDuration": "1m51s" }, "kubernetesCRD": { "endpoint": "xxxx", @@ -154,7 +154,7 @@ ], "labelSelector": "myLabelSelector", "ingressClass": "MyIngressClass", - "throttleDuration": 111000000000 + "throttleDuration": "1m51s" }, "kubernetesGateway": { "endpoint": "xxxx", @@ -165,7 +165,7 @@ "b" ], "labelSelector": "myLabelSelector", - "throttleDuration": 111000000000 + "throttleDuration": "1m51s" }, "rest": { "insecure": true @@ -198,10 +198,10 @@ "username": "xxxx", "password": "xxxx" }, - "endpointWaitTime": 42 + "endpointWaitTime": "42ns" }, "prefix": "MyPrefix", - "refreshInterval": 42, + "refreshInterval": "42ns", "requireConsistent": true, "stale": true, "cache": true, @@ -272,8 +272,8 @@ }, "http": { "endpoint": "xxxx", - "pollInterval": 42, - "pollTimeout": 42, + "pollInterval": "42ns", + "pollTimeout": "42ns", "tls": { "ca": "xxxx", "caOptional": true, @@ -303,13 +303,13 @@ }, "datadog": { "address": "xxxx", - "pushInterval": 42, + "pushInterval": "42ns", "addEntryPointsLabels": true, "addServicesLabels": true }, "statsD": { "address": "xxxx", - "pushInterval": 42, + "pushInterval": "42ns", "addEntryPointsLabels": true, "addServicesLabels": true, "prefix": "MyPrefix" @@ -317,7 +317,7 @@ "influxDB": { "address": "xxxx", "protocol": "xxxx", - "pushInterval": 42, + "pushInterval": "42ns", "database": "myDB", "retentionPolicy": "12", "username": "xxxx", @@ -345,7 +345,7 @@ "500" ], "retryAttempts": true, - "minDuration": 42 + "minDuration": "42ns" }, "fields": { "defaultMode": "drop", @@ -428,7 +428,7 @@ "keyType": "MyKeyType", "dnsChallenge": { "provider": "DNSProvider", - "delayBeforeCheck": 42, + "delayBeforeCheck": "42ns", "resolvers": [ "xxxx", "xxxx" diff --git a/pkg/api/testdata/entrypoints.json b/pkg/api/testdata/entrypoints.json index 15c46b787..d93d07bfc 100644 --- a/pkg/api/testdata/entrypoints.json +++ b/pkg/api/testdata/entrypoints.json @@ -19,13 +19,13 @@ }, "transport": { "lifeCycle": { - "graceTimeOut": 2, - "requestAcceptGraceTimeout": 1 + "graceTimeOut": "2ns", + "requestAcceptGraceTimeout": "1ns" }, "respondingTimeouts": { - "idleTimeout": 5, - "readTimeout": 3, - "writeTimeout": 4 + "idleTimeout": "5ns", + "readTimeout": "3ns", + "writeTimeout": "4ns" } } }, @@ -49,14 +49,14 @@ }, "transport": { "lifeCycle": { - "graceTimeOut": 20, - "requestAcceptGraceTimeout": 10 + "graceTimeOut": "20ns", + "requestAcceptGraceTimeout": "10ns" }, "respondingTimeouts": { - "idleTimeout": 50, - "readTimeout": 30, - "writeTimeout": 40 + "idleTimeout": "50ns", + "readTimeout": "30ns", + "writeTimeout": "40ns" } } } -] \ No newline at end of file +] diff --git a/pkg/config/dynamic/middlewares.go b/pkg/config/dynamic/middlewares.go index 775e6d034..0b3452f0a 100644 --- a/pkg/config/dynamic/middlewares.go +++ b/pkg/config/dynamic/middlewares.go @@ -246,7 +246,7 @@ type IPStrategy struct { // Get an IP selection strategy. // If nil return the RemoteAddr strategy -// else return a strategy base on the configuration using the X-Forwarded-For Header. +// else return a strategy based on the configuration using the X-Forwarded-For Header. // Depth override the ExcludedIPs. func (s *IPStrategy) Get() (ip.Strategy, error) { if s == nil { @@ -264,7 +264,7 @@ func (s *IPStrategy) Get() (ip.Strategy, error) { if err != nil { return nil, err } - return &ip.CheckerStrategy{ + return &ip.PoolStrategy{ Checker: checker, }, nil } diff --git a/pkg/config/runtime/runtime_tcp.go b/pkg/config/runtime/runtime_tcp.go index 82d8b76f5..72a8b3a14 100644 --- a/pkg/config/runtime/runtime_tcp.go +++ b/pkg/config/runtime/runtime_tcp.go @@ -15,14 +15,8 @@ func (c *Configuration) GetTCPRoutersByEntryPoints(ctx context.Context, entryPoi for rtName, rt := range c.TCPRouters { logger := log.FromContext(log.With(ctx, log.Str(log.RouterName, rtName))) - eps := rt.EntryPoints - if len(eps) == 0 { - logger.Debugf("No entryPoint defined for this router, using the default one(s) instead: %+v", entryPoints) - eps = entryPoints - } - entryPointsCount := 0 - for _, entryPointName := range eps { + for _, entryPointName := range rt.EntryPoints { if !contains(entryPoints, entryPointName) { rt.AddError(fmt.Errorf("entryPoint %q doesn't exist", entryPointName), false) logger.WithField(log.EntryPointName, entryPointName). diff --git a/pkg/ip/strategy.go b/pkg/ip/strategy.go index 5a32524f6..16e150e95 100644 --- a/pkg/ip/strategy.go +++ b/pkg/ip/strategy.go @@ -43,14 +43,16 @@ func (s *DepthStrategy) GetIP(req *http.Request) string { return strings.TrimSpace(xffs[len(xffs)-s.Depth]) } -// CheckerStrategy a strategy based on an IP Checker -// allows to check that addresses are in a trusted IPs. -type CheckerStrategy struct { +// PoolStrategy is a strategy based on an IP Checker. +// It allows to check whether addresses are in a given pool of IPs. +type PoolStrategy struct { Checker *Checker } -// GetIP return the selected IP. -func (s *CheckerStrategy) GetIP(req *http.Request) string { +// GetIP checks the list of Forwarded IPs (most recent first) against the +// Checker pool of IPs. It returns the first IP that is not in the pool, or the +// empty string otherwise. +func (s *PoolStrategy) GetIP(req *http.Request) string { if s.Checker == nil { return "" } @@ -60,9 +62,13 @@ func (s *CheckerStrategy) GetIP(req *http.Request) string { for i := len(xffs) - 1; i >= 0; i-- { xffTrimmed := strings.TrimSpace(xffs[i]) + if len(xffTrimmed) == 0 { + continue + } if contain, _ := s.Checker.Contains(xffTrimmed); !contain { return xffTrimmed } } + return "" } diff --git a/pkg/ip/strategy_test.go b/pkg/ip/strategy_test.go index 8a05acd63..1409b1d54 100644 --- a/pkg/ip/strategy_test.go +++ b/pkg/ip/strategy_test.go @@ -74,34 +74,35 @@ func TestDepthStrategy_GetIP(t *testing.T) { } } -func TestExcludedIPsStrategy_GetIP(t *testing.T) { +func TestTrustedIPsStrategy_GetIP(t *testing.T) { testCases := []struct { desc string - excludedIPs []string + trustedIPs []string xForwardedFor string expected string + useRemote bool }{ { - desc: "Use excluded all IPs", - excludedIPs: []string{"10.0.0.4", "10.0.0.3", "10.0.0.2", "10.0.0.1"}, + desc: "Trust all IPs", + trustedIPs: []string{"10.0.0.4", "10.0.0.3", "10.0.0.2", "10.0.0.1"}, xForwardedFor: "10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1", expected: "", }, { - desc: "Use excluded IPs", - excludedIPs: []string{"10.0.0.2", "10.0.0.1"}, + desc: "Do not trust all IPs", + trustedIPs: []string{"10.0.0.2", "10.0.0.1"}, xForwardedFor: "10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1", expected: "10.0.0.3", }, { - desc: "Use excluded IPs CIDR", - excludedIPs: []string{"10.0.0.1/24"}, + desc: "Do not trust all IPs with CIDR", + trustedIPs: []string{"10.0.0.1/24"}, xForwardedFor: "127.0.0.1,10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1", expected: "127.0.0.1", }, { - desc: "Use excluded all IPs CIDR", - excludedIPs: []string{"10.0.0.1/24"}, + desc: "Trust all IPs with CIDR", + trustedIPs: []string{"10.0.0.1/24"}, xForwardedFor: "10.0.0.4,10.0.0.3,10.0.0.2,10.0.0.1", expected: "", }, @@ -112,10 +113,10 @@ func TestExcludedIPsStrategy_GetIP(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - checker, err := NewChecker(test.excludedIPs) + checker, err := NewChecker(test.trustedIPs) require.NoError(t, err) - strategy := CheckerStrategy{Checker: checker} + strategy := PoolStrategy{Checker: checker} req := httptest.NewRequest(http.MethodGet, "http://127.0.0.1", nil) req.Header.Set(xForwardedFor, test.xForwardedFor) actual := strategy.GetIP(req) diff --git a/pkg/middlewares/tracing/mock_tracing_test.go b/pkg/middlewares/tracing/mock_tracing_test.go index ca5fcf4fa..33aac1ee6 100644 --- a/pkg/middlewares/tracing/mock_tracing_test.go +++ b/pkg/middlewares/tracing/mock_tracing_test.go @@ -56,7 +56,7 @@ func (n MockSpan) Tracer() opentracing.Tracer { retu func (n MockSpan) LogEvent(event string) {} func (n MockSpan) LogEventWithPayload(event string, payload interface{}) {} func (n MockSpan) Log(data opentracing.LogData) {} -func (n MockSpan) Reset() { +func (n *MockSpan) Reset() { n.Tags = make(map[string]interface{}) } diff --git a/pkg/plugins/client.go b/pkg/plugins/client.go index 26c1f801b..836302f0b 100644 --- a/pkg/plugins/client.go +++ b/pkg/plugins/client.go @@ -281,7 +281,7 @@ func unzipFile(f *zipa.File, dest string) error { defer func() { _ = rc.Close() }() - pathParts := strings.SplitN(f.Name, string(os.PathSeparator), 2) + pathParts := strings.SplitN(f.Name, "/", 2) p := filepath.Join(dest, pathParts[1]) if f.FileInfo().IsDir() { diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go index 26e61faa4..3e221bfa6 100644 --- a/pkg/provider/acme/provider.go +++ b/pkg/provider/acme/provider.go @@ -473,9 +473,10 @@ func (p *Provider) resolveCertificate(ctx context.Context, domain types.Domain, } request := certificate.ObtainRequest{ - Domains: domains, - Bundle: true, - MustStaple: oscpMustStaple, + Domains: domains, + Bundle: true, + MustStaple: oscpMustStaple, + PreferredChain: p.PreferredChain, } cert, err := client.Certificate.Obtain(request) diff --git a/pkg/provider/file/file.go b/pkg/provider/file/file.go index ac7044f3f..c8f915d1d 100644 --- a/pkg/provider/file/file.go +++ b/pkg/provider/file/file.go @@ -26,7 +26,7 @@ var _ provider.Provider = (*Provider)(nil) // Provider holds configurations of the provider. type Provider struct { - Directory string `description:"Load dynamic configuration from one or more .toml or .yml files in a directory." json:"directory,omitempty" toml:"directory,omitempty" yaml:"directory,omitempty" export:"true"` + Directory string `description:"Load dynamic configuration from one or more .yml or .toml files in a directory." json:"directory,omitempty" toml:"directory,omitempty" yaml:"directory,omitempty" export:"true"` Watch bool `description:"Watch provider." json:"watch,omitempty" toml:"watch,omitempty" yaml:"watch,omitempty" export:"true"` Filename string `description:"Load dynamic configuration from a file." json:"filename,omitempty" toml:"filename,omitempty" yaml:"filename,omitempty" export:"true"` DebugLogGeneratedTemplate bool `description:"Enable debug logging of generated configuration template." json:"debugLogGeneratedTemplate,omitempty" toml:"debugLogGeneratedTemplate,omitempty" yaml:"debugLogGeneratedTemplate,omitempty" export:"true"` diff --git a/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_endpoint.yml b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_endpoint.yml new file mode 100644 index 000000000..21004ad0f --- /dev/null +++ b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_endpoint.yml @@ -0,0 +1,20 @@ +kind: Endpoints +apiVersion: v1 +metadata: + name: service1 + namespace: testing + +subsets: + - addresses: + - ip: 10.10.0.1 + - ip: 10.10.0.2 + ports: + - name: tchouk + port: 8089 + - addresses: + - ip: 10.10.0.1 + - ip: 10.10.0.2 + - ip: 10.10.0.3 + ports: + - name: carotte + port: 8090 diff --git a/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_ingress.yml b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_ingress.yml new file mode 100644 index 000000000..ddc20ca40 --- /dev/null +++ b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_ingress.yml @@ -0,0 +1,15 @@ +kind: Ingress +apiVersion: networking.k8s.io/v1beta1 +metadata: + name: "" + namespace: testing + +spec: + rules: + - host: traefik.tchouk + http: + paths: + - path: /bar + backend: + serviceName: service1 + servicePort: tchouk diff --git a/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_service.yml b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_service.yml new file mode 100644 index 000000000..55437f6b2 --- /dev/null +++ b/pkg/provider/kubernetes/ingress/fixtures/Ingress-with-a-named-port-matching-subset-of-service-pods_service.yml @@ -0,0 +1,14 @@ +kind: Service +apiVersion: v1 +metadata: + name: service1 + namespace: testing + +spec: + ports: + - name: carotte + port: 8082 + - name: tchouk + port: 80 + clusterIP: 10.0.0.1 + diff --git a/pkg/provider/kubernetes/ingress/kubernetes.go b/pkg/provider/kubernetes/ingress/kubernetes.go index 491129cc2..0a2240640 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes.go +++ b/pkg/provider/kubernetes/ingress/kubernetes.go @@ -555,8 +555,8 @@ func loadService(client Client, namespace string, backend networkingv1.IngressBa return nil, errors.New("endpoints not found") } - var port int32 for _, subset := range endpoints.Subsets { + var port int32 for _, p := range subset.Ports { if portName == p.Name { port = p.Port diff --git a/pkg/provider/kubernetes/ingress/kubernetes_test.go b/pkg/provider/kubernetes/ingress/kubernetes_test.go index 7a69ebd7a..67ba7e063 100644 --- a/pkg/provider/kubernetes/ingress/kubernetes_test.go +++ b/pkg/provider/kubernetes/ingress/kubernetes_test.go @@ -647,6 +647,36 @@ func TestLoadConfigurationFromIngresses(t *testing.T) { }, }, }, + { + desc: "Ingress with a named port matching subset of service pods", + expected: &dynamic.Configuration{ + TCP: &dynamic.TCPConfiguration{}, + HTTP: &dynamic.HTTPConfiguration{ + Middlewares: map[string]*dynamic.Middleware{}, + Routers: map[string]*dynamic.Router{ + "testing-traefik-tchouk-bar": { + Rule: "Host(`traefik.tchouk`) && PathPrefix(`/bar`)", + Service: "testing-service1-tchouk", + }, + }, + Services: map[string]*dynamic.Service{ + "testing-service1-tchouk": { + LoadBalancer: &dynamic.ServersLoadBalancer{ + PassHostHeader: Bool(true), + Servers: []dynamic.Server{ + { + URL: "http://10.10.0.1:8089", + }, + { + URL: "http://10.10.0.2:8089", + }, + }, + }, + }, + }, + }, + }, + }, { desc: "2 ingresses in different namespace with same service name", expected: &dynamic.Configuration{ diff --git a/pkg/server/aggregator.go b/pkg/server/aggregator.go index d2bf19025..33c11e00f 100644 --- a/pkg/server/aggregator.go +++ b/pkg/server/aggregator.go @@ -62,6 +62,12 @@ func mergeConfiguration(configurations dynamic.Configurations, defaultEntryPoint if configuration.TCP != nil { for routerName, router := range configuration.TCP.Routers { + if len(router.EntryPoints) == 0 { + log.WithoutContext(). + WithField(log.RouterName, routerName). + Debugf("No entryPoint defined for this TCP router, using the default one(s) instead: %+v", defaultEntryPoints) + router.EntryPoints = defaultEntryPoints + } conf.TCP.Routers[provider.MakeQualifiedName(pvd, routerName)] = router } for middlewareName, middleware := range configuration.TCP.Middlewares { diff --git a/pkg/server/aggregator_test.go b/pkg/server/aggregator_test.go index 1e6c6e602..70cce8820 100644 --- a/pkg/server/aggregator_test.go +++ b/pkg/server/aggregator_test.go @@ -449,6 +449,36 @@ func Test_mergeConfiguration_tlsStore(t *testing.T) { } } +func Test_mergeConfiguration_defaultTCPEntryPoint(t *testing.T) { + given := dynamic.Configurations{ + "provider-1": &dynamic.Configuration{ + TCP: &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{ + "router-1": {}, + }, + Services: map[string]*dynamic.TCPService{ + "service-1": {}, + }, + }, + }, + } + + expected := &dynamic.TCPConfiguration{ + Routers: map[string]*dynamic.TCPRouter{ + "router-1@provider-1": { + EntryPoints: []string{"defaultEP"}, + }, + }, + Middlewares: map[string]*dynamic.TCPMiddleware{}, + Services: map[string]*dynamic.TCPService{ + "service-1@provider-1": {}, + }, + } + + actual := mergeConfiguration(given, []string{"defaultEP"}) + assert.Equal(t, expected, actual.TCP) +} + func Test_applyModel(t *testing.T) { testCases := []struct { desc string diff --git a/pkg/tcp/router.go b/pkg/tcp/router.go index 9bbfa29b9..6be63ba44 100644 --- a/pkg/tcp/router.go +++ b/pkg/tcp/router.go @@ -15,6 +15,8 @@ import ( "github.com/traefik/traefik/v2/pkg/types" ) +const defaultBufSize = 4096 + // Router is a TCP router. type Router struct { routingTable map[string]Handler @@ -238,6 +240,11 @@ func clientHelloServerName(br *bufio.Reader) (string, bool, string, error) { } recLen := int(hdr[3])<<8 | int(hdr[4]) // ignoring version in hdr[1:3] + + if recordHeaderLen+recLen > defaultBufSize { + br = bufio.NewReaderSize(br, recordHeaderLen+recLen) + } + helloBytes, err := br.Peek(recordHeaderLen + recLen) if err != nil { log.Errorf("Error while Hello: %s", err) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index fbe6d869f..8d51a360c 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.4.8 +# example new bugfix v2.4.9 CurrentRef = "v2.4" -PreviousRef = "v2.4.7" +PreviousRef = "v2.4.8" BaseBranch = "v2.4" -FutureCurrentRefName = "v2.4.8" +FutureCurrentRefName = "v2.4.9" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10