Update the file provider documentation
This commit is contained in:
parent
dabd9e2208
commit
e2ec64947a
3 changed files with 397 additions and 13 deletions
|
@ -1,27 +1,149 @@
|
||||||
# TODO -- File
|
# Traefik & File
|
||||||
|
|
||||||
Good Old Configuration File
|
Good Old Configuration File
|
||||||
{: .subtitle }
|
{: .subtitle }
|
||||||
|
|
||||||
## Configuration
|
The file provider lets you define the [dynamic configuration](./overview.md) in a `toml` file.
|
||||||
|
You can write these configuration elements:
|
||||||
|
|
||||||
### Full Example in toml
|
* At the end of the main Traefik configuration file (by default: `traefik.toml`).
|
||||||
|
* In [a dedicated file](#filename-optional)
|
||||||
|
* In [several dedicated files](#directory-optional)
|
||||||
|
|
||||||
`TO COMPLETE`
|
!!! note
|
||||||
|
The file provider is the default format used throughout the documentation to show samples of the configuration for many features.
|
||||||
|
|
||||||
### In same file
|
!!! tip
|
||||||
|
The file provider can be a good location for common elements you'd like to re-use from other providers; e.g. declaring whitelist middlewares, basic authentication, ...
|
||||||
|
|
||||||
`TO COMPLETE`
|
## Configuration Examples
|
||||||
|
|
||||||
## In dedicated file
|
??? example "Declaring Routers, Middlewares & Services"
|
||||||
|
|
||||||
`TO COMPLETE`
|
``` toml
|
||||||
|
# Enabling the file provider
|
||||||
|
[providers.files]
|
||||||
|
|
||||||
|
[http]
|
||||||
|
# Add the router
|
||||||
|
[http.routers]
|
||||||
|
[http.routers.router0]
|
||||||
|
entrypoints = ["web"]
|
||||||
|
middlewares = ["my-basic-auth"]
|
||||||
|
service = "service-foo"
|
||||||
|
rule = "Path(`foo`)"
|
||||||
|
|
||||||
|
# Add the middleware
|
||||||
|
[http.middlewares]
|
||||||
|
[http.middlewares.my-basic-auth.BasicAuth]
|
||||||
|
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||||
|
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
||||||
|
usersFile = "etc/traefik/.htpasswd"
|
||||||
|
|
||||||
|
# Add the service
|
||||||
|
[http.services]
|
||||||
|
[http.services.service-foo]
|
||||||
|
[http.services.service-foo.LoadBalancer]
|
||||||
|
method = "wrr"
|
||||||
|
[[http.services.service-foo.LoadBalancer.Servers]]
|
||||||
|
url = "http://foo/"
|
||||||
|
weight = 30
|
||||||
|
[[http.services.service-foo.LoadBalancer.Servers]]
|
||||||
|
url = "http://bar/"
|
||||||
|
weight = 70
|
||||||
|
```
|
||||||
|
|
||||||
### Old Content
|
## Provider Configuration Options
|
||||||
|
|
||||||
Traefik can hot-reload those rules which could be provided by multiple configuration backends.
|
!!! tip "Browse the Reference"
|
||||||
|
If you're in a hurry, maybe you'd rather go through the [File Reference](../reference/providers/file.md).
|
||||||
|
|
||||||
We only need to enable `watch` option to make Traefik watch configuration backend changes and generate its configuration automatically.
|
### filename (_Optional_)
|
||||||
Routes to services will be created and updated instantly at any changes.
|
|
||||||
|
|
||||||
Please refer to the configuration backends section to get documentation on it.
|
Defines the path of the configuration file.
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[providers]
|
||||||
|
[providers.file]
|
||||||
|
filename = "rules.toml"
|
||||||
|
```
|
||||||
|
|
||||||
|
### directory (_Optional_)
|
||||||
|
|
||||||
|
Defines the directory that contains the configuration files.
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[providers]
|
||||||
|
[providers.file]
|
||||||
|
directory = "/path/to/config"
|
||||||
|
```
|
||||||
|
|
||||||
|
### watch (_Optional_)
|
||||||
|
|
||||||
|
Set the `watch` option to `true` to allow Traefik to automatically watch for file changes.
|
||||||
|
It works with both the `filename` and the `directory` options.
|
||||||
|
|
||||||
|
```toml
|
||||||
|
[providers]
|
||||||
|
[providers.file]
|
||||||
|
filename = "rules.toml"
|
||||||
|
watch = true
|
||||||
|
```
|
||||||
|
|
||||||
|
### TOML Templating
|
||||||
|
|
||||||
|
!!! warning
|
||||||
|
TOML templating only works along with dedicated configuration files. Templating does not work in the Traefik main configuration file.
|
||||||
|
|
||||||
|
Traefik allows using TOML templating.
|
||||||
|
Thus, it's possible to define easily lot of routers, services and TLS certificates as described in the file `template-rules.toml` :
|
||||||
|
|
||||||
|
??? example "Configuring Using Templating"
|
||||||
|
|
||||||
|
```toml
|
||||||
|
# template-rules.toml
|
||||||
|
[http]
|
||||||
|
|
||||||
|
[http.routers]
|
||||||
|
{{ range $i, $e := until 100 }}
|
||||||
|
[http.routers.router{{ $e }}]
|
||||||
|
# ...
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
|
||||||
|
[http.Services]
|
||||||
|
{{ range $i, $e := until 100 }}
|
||||||
|
[http.services.service{{ $e }}]
|
||||||
|
# ...
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
[tcp]
|
||||||
|
|
||||||
|
[tcp.routers]
|
||||||
|
{{ range $i, $e := until 100 }}
|
||||||
|
[tcp.routers.router{{ $e }}]
|
||||||
|
# ...
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
|
||||||
|
[tcp.Services]
|
||||||
|
{{ range $i, $e := until 100 }}
|
||||||
|
[http.services.service{{ $e }}]
|
||||||
|
# ...
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
{{ range $i, $e := until 10 }}
|
||||||
|
[[TLS]]
|
||||||
|
Store = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
|
||||||
|
[TLS.Certificate]
|
||||||
|
CertFile = "/etc/traefik/cert-{{ $e }}.pem"
|
||||||
|
KeyFile = "/etc/traefik/cert-{{ $e }}.key"
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
[TLSConfig]
|
||||||
|
{{ range $i, $e := until 10 }}
|
||||||
|
[TLSConfig.TLS{{ $e }}]
|
||||||
|
# ...
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
```
|
||||||
|
|
261
docs/content/reference/providers/file.md
Normal file
261
docs/content/reference/providers/file.md
Normal file
|
@ -0,0 +1,261 @@
|
||||||
|
# File -- Reference
|
||||||
|
|
||||||
|
## File
|
||||||
|
|
||||||
|
```toml
|
||||||
|
################################################################
|
||||||
|
# File Provider
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
[providers]
|
||||||
|
|
||||||
|
# Enable File Provider.
|
||||||
|
[providers.file]
|
||||||
|
|
||||||
|
# Define one separated configuration file.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
filename = "my-conf.toml"
|
||||||
|
|
||||||
|
# Define directory that contains a set of configuration files.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
directory = "/path/to/config"
|
||||||
|
|
||||||
|
# Enable watch file changes.
|
||||||
|
#
|
||||||
|
# Optional
|
||||||
|
#
|
||||||
|
watch = true
|
||||||
|
|
||||||
|
[http]
|
||||||
|
|
||||||
|
[http.routers]
|
||||||
|
|
||||||
|
[http.routers.router0]
|
||||||
|
entrypoints = ["foo", "bar"]
|
||||||
|
middlewares = ["foo", "bar"]
|
||||||
|
service = "service-foo"
|
||||||
|
rule = "Path(`foo`)"
|
||||||
|
priority = 42
|
||||||
|
[http.routers.router0.tls]
|
||||||
|
|
||||||
|
[http.middlewares]
|
||||||
|
|
||||||
|
[http.middlewares.my-add-prefix.AddPrefix]
|
||||||
|
prefix = "/foo"
|
||||||
|
|
||||||
|
[http.middlewares.my-strip-prefix.StripPrefix]
|
||||||
|
prefixes = ["/foo", "/bar"]
|
||||||
|
|
||||||
|
[http.middlewares.my-strip-prefix-regex.StripPrefixRegex]
|
||||||
|
regex = ["/foo/api/", "/bar/{category}/{id:[0-9]+}/"]
|
||||||
|
|
||||||
|
[http.middlewares.my-replace-path.ReplacePath]
|
||||||
|
path = "/foo"
|
||||||
|
|
||||||
|
[http.middlewares.my-replace-path-regex.ReplacePathRegex]
|
||||||
|
regex = "foo/(.*)"
|
||||||
|
replacement = "/foobar/$1"
|
||||||
|
|
||||||
|
[http.middlewares.my-chain.Chain]
|
||||||
|
middlewares = ["my-add-prefix", "my-basic-auth"]
|
||||||
|
|
||||||
|
[http.middlewares.Middleware0.IPWhiteList]
|
||||||
|
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
|
||||||
|
[http.middlewares.Middleware0.IPWhiteList.IPStrategy]
|
||||||
|
depth = 2
|
||||||
|
excludedIPs = ["127.0.0.1/16", "192.168.1.7"]
|
||||||
|
|
||||||
|
[http.middlewares.my-headers.Headers]
|
||||||
|
allowedHosts = ["foobar", "foobar"]
|
||||||
|
hostsProxyHeaders = ["foobar", "foobar"]
|
||||||
|
sslRedirect = true
|
||||||
|
sslTemporaryRedirect = true
|
||||||
|
sslHost = "foobar"
|
||||||
|
sslForceHost = true
|
||||||
|
stsSeconds = 42
|
||||||
|
stsIncludeSubdomains = true
|
||||||
|
stsPreload = true
|
||||||
|
forceSTSHeader = true
|
||||||
|
frameDeny = true
|
||||||
|
customFrameOptionsValue = "foobar"
|
||||||
|
contentTypeNosniff = true
|
||||||
|
browserXSSFilter = true
|
||||||
|
customBrowserXSSValue = "foobar"
|
||||||
|
contentSecurityPolicy = "foobar"
|
||||||
|
publicKey = "foobar"
|
||||||
|
referrerPolicy = "foobar"
|
||||||
|
isDevelopment = true
|
||||||
|
[http.middlewares.my-headers.Headers.CustomRequestHeaders]
|
||||||
|
X-Script-Name = "foo"
|
||||||
|
[http.middlewares.my-headers.Headers.CustomResponseHeaders]
|
||||||
|
X-Custom-Response-Header = "True"
|
||||||
|
[http.middlewares.my-headers.Headers.SSLProxyHeaders]
|
||||||
|
X-Forwarded-Proto = "https"
|
||||||
|
|
||||||
|
[http.middlewares.my-errors.Errors]
|
||||||
|
status = ["400-404", "500-599"]
|
||||||
|
service = "foo-errors-service"
|
||||||
|
query = "/error.html"
|
||||||
|
|
||||||
|
[http.middlewares.my-rate-limit.RateLimit]
|
||||||
|
extractorFunc = "client.ip"
|
||||||
|
[http.middlewares.Middleware0.RateLimit.RateSet]
|
||||||
|
|
||||||
|
[http.middlewares.Middleware0.RateLimit.RateSet.Rate0]
|
||||||
|
period = 10
|
||||||
|
average = 100
|
||||||
|
burst = 200
|
||||||
|
|
||||||
|
[http.middlewares.my-redirect-regex.RedirectRegex]
|
||||||
|
regex = "^http://localhost/(.*)"
|
||||||
|
replacement = "http://mydomain/$1"
|
||||||
|
permanent = true
|
||||||
|
|
||||||
|
[http.middlewares.my-redirect-scheme.RedirectScheme]
|
||||||
|
scheme = "https"
|
||||||
|
port = "8443"
|
||||||
|
permanent = true
|
||||||
|
|
||||||
|
[http.middlewares.my-basic-auth.BasicAuth]
|
||||||
|
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||||
|
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
||||||
|
usersFile = "etc/traefik/.htpasswd"
|
||||||
|
realm = "myRealm"
|
||||||
|
removeHeader = true
|
||||||
|
headerField = "X-WebAuth-User"
|
||||||
|
|
||||||
|
[http.middlewares.my-digest-auth.DigestAuth]
|
||||||
|
users = ["test:traefik:a2688e031edb4be6a3797f3882655c05", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
|
||||||
|
usersFile = "etc/traefik/.htdigest"
|
||||||
|
removeHeader = true
|
||||||
|
realm = "traefik"
|
||||||
|
headerField = "X-WebAuth-User"
|
||||||
|
|
||||||
|
[http.middlewares.my-forward-auth.ForwardAuth]
|
||||||
|
address = "https://myauth.server:443"
|
||||||
|
trustForwardHeader = true
|
||||||
|
authResponseHeaders = ["X-Forwarded-Foo", "X-Forwarded-Bar"]
|
||||||
|
[http.middlewares.my-forward-auth.ForwardAuth.TLS]
|
||||||
|
ca = "/etc/traefik/crt/ca.pem"
|
||||||
|
caOptional = true
|
||||||
|
cert = "/etc/traefik/crt/cert.pem"
|
||||||
|
key = "/etc/traefik/crt/cert.key"
|
||||||
|
insecureSkipVerify = true
|
||||||
|
|
||||||
|
[http.middlewares.my-maxconn.MaxConn]
|
||||||
|
amount = 10
|
||||||
|
extractorFunc = "request.host"
|
||||||
|
|
||||||
|
[http.middlewares.my-buffering.Buffering]
|
||||||
|
maxRequestBodyBytes = 25000
|
||||||
|
memRequestBodyBytes = 25000
|
||||||
|
maxResponseBodyBytes = 25000
|
||||||
|
memResponseBodyBytes = 25000
|
||||||
|
retryExpression = "foobar"
|
||||||
|
|
||||||
|
[http.middlewares.my-circuit-breaker.CircuitBreaker]
|
||||||
|
Expression = "LatencyAtQuantileMS(50.0) > 100"
|
||||||
|
|
||||||
|
[http.middlewares.my-compress.Compress]
|
||||||
|
|
||||||
|
[http.middlewares.my-pass-tls-client-cert.PassTLSClientCert]
|
||||||
|
pem = true
|
||||||
|
[http.middlewares.Middleware0.PassTLSClientCert.Info]
|
||||||
|
notAfter = true
|
||||||
|
notBefore = true
|
||||||
|
sans = true
|
||||||
|
[http.middlewares.Middleware0.PassTLSClientCert.Info.Subject]
|
||||||
|
country = true
|
||||||
|
province = true
|
||||||
|
locality = true
|
||||||
|
organization = true
|
||||||
|
commonName = true
|
||||||
|
serialNumber = true
|
||||||
|
domainComponent = true
|
||||||
|
[http.middlewares.Middleware0.PassTLSClientCert.Info.Issuer]
|
||||||
|
country = true
|
||||||
|
province = true
|
||||||
|
locality = true
|
||||||
|
organization = true
|
||||||
|
commonName = true
|
||||||
|
serialNumber = true
|
||||||
|
domainComponent = true
|
||||||
|
|
||||||
|
[http.middlewares.my-retry.Retry]
|
||||||
|
attempts = 4
|
||||||
|
|
||||||
|
[http.services]
|
||||||
|
|
||||||
|
[http.services.service0]
|
||||||
|
[http.services.service0.LoadBalancer]
|
||||||
|
method = "wrr"
|
||||||
|
passHostHeader = true
|
||||||
|
[http.services.service0.LoadBalancer.Stickiness]
|
||||||
|
cookieName = "my-stickiness-cookie-name"
|
||||||
|
[[http.services.service0.LoadBalancer.Servers]]
|
||||||
|
url = "http://foo/"
|
||||||
|
weight = 30
|
||||||
|
[[http.services.service0.LoadBalancer.Servers]]
|
||||||
|
url = "http://bar/"
|
||||||
|
weight = 70
|
||||||
|
[http.services.service0.LoadBalancer.HealthCheck]
|
||||||
|
scheme = "https"
|
||||||
|
path = "/health"
|
||||||
|
port = 9443
|
||||||
|
interval = "10s"
|
||||||
|
timeout = "30s"
|
||||||
|
hostname = "foobar"
|
||||||
|
[http.services.service0.LoadBalancer.HealthCheck.Headers]
|
||||||
|
My-Custom-Header = "foobar"
|
||||||
|
[http.services.service0.LoadBalancer.ResponseForwarding]
|
||||||
|
flushInterval = "4s"
|
||||||
|
|
||||||
|
[tcp]
|
||||||
|
|
||||||
|
[tcp.routers]
|
||||||
|
[tcp.routers.tcpRouter0]
|
||||||
|
entryPoints = ["foobar", "foobar"]
|
||||||
|
service = "foobar"
|
||||||
|
rule = "foobar"
|
||||||
|
[tcp.routers.tcpRouter0.tlst]
|
||||||
|
passthrough = true
|
||||||
|
|
||||||
|
[tcp.services]
|
||||||
|
[tcp.services.tcpService0]
|
||||||
|
[tcp.services.tcpService0.tcpLoadBalancer]
|
||||||
|
method = "foobar"
|
||||||
|
[[tcp.services.tcpService0.tcpLoadBalancer.Servers]]
|
||||||
|
address = "foobar"
|
||||||
|
weight = 42
|
||||||
|
[[tcp.services.tcpService0.tcpLoadBalancer.Servers]]
|
||||||
|
address = "foobar"
|
||||||
|
weight = 42
|
||||||
|
|
||||||
|
[[tls]]
|
||||||
|
Store = ["my-store-foo", "my-store-bar"]
|
||||||
|
[tls.Certificate]
|
||||||
|
certFile = "/etc/traefik/cert.pem"
|
||||||
|
keyFile = "/etc/traefik/cert.key"
|
||||||
|
|
||||||
|
|
||||||
|
[tlsconfig]
|
||||||
|
[tlsconfig.TLS0]
|
||||||
|
minVersion = "VersionTLS12"
|
||||||
|
cipherSuites = [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384"]
|
||||||
|
[tlsconfig.TLS0.ClientCA]
|
||||||
|
files = ["/etc/traefik/ca-foo.pem", "/etc/traefik/ca-bar.pem"]
|
||||||
|
optional = true
|
||||||
|
|
||||||
|
[tlsstore]
|
||||||
|
[tlsstore.my-store-foo]
|
||||||
|
sniStrict = true
|
||||||
|
[tlsstore.my-store-foo.DefaultCertificate]
|
||||||
|
certFile = "/etc/traefik/cert.pem"
|
||||||
|
keyFile = "/etc/traefik/cert.key"
|
||||||
|
|
||||||
|
```
|
||||||
|
|
|
@ -66,6 +66,7 @@ markdown_extensions:
|
||||||
nav:
|
nav:
|
||||||
- '': 'reference/acme.md'
|
- '': 'reference/acme.md'
|
||||||
- '': 'reference/providers/docker.md'
|
- '': 'reference/providers/docker.md'
|
||||||
|
- '': 'reference/providers/file.md'
|
||||||
- '': 'reference/entrypoints.md'
|
- '': 'reference/entrypoints.md'
|
||||||
- 'Welcome': 'index.md'
|
- 'Welcome': 'index.md'
|
||||||
- 'Getting Started':
|
- 'Getting Started':
|
||||||
|
|
Loading…
Reference in a new issue