baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Merge branch 'v2.0' into master

Browse source
This commit is contained in:
Fernandez Ludovic 2019-09-11 15:21:50 +02:00
commit e4e2a188c5
303 changed files with 9990 additions and 1237 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.golangci.toml
View file

@ -23,6 +23,10 @@
[linters-settings.misspell]
locale = "US"
[linters-settings.funlen]
lines = 230 # default 60
statements = 120 # default 40
[linters]
enable-all = true
disable = [
@ -37,7 +41,6 @@
"gochecknoinits",
"gochecknoglobals",
"bodyclose", # Too many false-positive and panics.
"typecheck", # v1.17.1 and Go1.13 => bug
]
[issues]
@ -50,8 +53,8 @@
"should have a package comment, unless it's in another file for this package",
]
[[issues.exclude-rules]]
path = ".+_test.go"
linters = ["goconst"]
path = "(.+)_test.go"
linters = ["goconst", "funlen"]
[[issues.exclude-rules]]
path = "integration/.+_test.go"
text = "Error return value of `cmd\\.Process\\.Kill` is not checked"

5
.semaphoreci/setup.sh
View file

@ -18,10 +18,9 @@ echo ${SHOULD_TEST}
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
if [ -n "$SHOULD_TEST" ]; then docker version; fi
export GO_VERSION=1.12
if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi
if [ "${GO_VERSION}" == '1.13' ]; then export GO_VERSION=1.13rc1; fi
#if [ "${GO_VERSION}" == '1.13' ]; then export GO_VERSION=1.13rc2; fi
echo "Selected Go version: ${GO_VERSION}"
if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi
@ -34,5 +33,3 @@ if [ -f "./go.mod" ]; then export GOPROXY=https://proxy.golang.org; fi
if [ -f "./go.mod" ]; then go mod download; fi
df

80
CHANGELOG.md
View file

@ -1,5 +1,54 @@
# Change Log
## [v2.0.0-rc3](https://github.com/containous/traefik/tree/v2.0.0-rc3) (2019-09-10)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-rc2...v2.0.0-rc3)
**Enhancements:**
- **[acme,api,tracing]** New API security ([#5311](https://github.com/containous/traefik/pull/5311) by [juliens](https://github.com/juliens))
- **[authentication,middleware,k8s,k8s/crd]** Auth middlewares in kubernetes CRD use secrets ([#5299](https://github.com/containous/traefik/pull/5299) by [juliens](https://github.com/juliens))
- **[logs]** Default to CLF when accesslog format is unsupported ([#5314](https://github.com/containous/traefik/pull/5314) by [mpl](https://github.com/mpl))
- **[middleware,k8s,k8s/crd]** k8s ErrorPage middleware now uses k8s service ([#5339](https://github.com/containous/traefik/pull/5339) by [juliens](https://github.com/juliens))
- **[webui]** Add more pages in the WebUI ([#5278](https://github.com/containous/traefik/pull/5278) by [Basgrani](https://github.com/Basgrani))
**Bug fixes:**
- **[api]** Add provider in middleware chain ([#5334](https://github.com/containous/traefik/pull/5334) by [juliens](https://github.com/juliens))
- **[k8s,k8s/crd]** fix: TLS domains with IngressRoute. ([#5327](https://github.com/containous/traefik/pull/5327) by [ldez](https://github.com/ldez))
- **[middleware]** Improve rate limiter tests ([#5310](https://github.com/containous/traefik/pull/5310) by [mpl](https://github.com/mpl))
- **[server]** Write HTTP server logs into the global logger. ([#5329](https://github.com/containous/traefik/pull/5329) by [ldez](https://github.com/ldez))
**Documentation:**
- Misc documentation fixes ([#5307](https://github.com/containous/traefik/pull/5307) by [ldez](https://github.com/ldez))
- misc documentation fixes ([#5302](https://github.com/containous/traefik/pull/5302) by [mpl](https://github.com/mpl))
- Enhance the Retry Middleware Documentation ([#5298](https://github.com/containous/traefik/pull/5298) by [jbdoumenjou](https://github.com/jbdoumenjou))
**Misc:**
- Cherry pick v1.7 into v2.0 ([#5341](https://github.com/containous/traefik/pull/5341) by [jbdoumenjou](https://github.com/jbdoumenjou))
## [v2.0.0-rc2](https://github.com/containous/traefik/tree/v2.0.0-rc2) (2019-09-03)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-rc1...v2.0.0-rc2)
**Enhancements:**
- **[api]** Improve API for the web UI ([#5267](https://github.com/containous/traefik/pull/5267) by [ldez](https://github.com/ldez))
- **[middleware,tracing]** Re enable ratelimit integration tests ([#5288](https://github.com/containous/traefik/pull/5288) by [mmatur](https://github.com/mmatur))
- **[tracing]** Update Zipkin OpenTracing driver to latest 0.4.3 release ([#5283](https://github.com/containous/traefik/pull/5283) by [basvanbeek](https://github.com/basvanbeek))
**Bug fixes:**
- **[api]** Add errors about unknown entryPoint in runtime api ([#5265](https://github.com/containous/traefik/pull/5265) by [juliens](https://github.com/juliens))
- **[metrics,tracing]** fix: Datadog case. ([#5272](https://github.com/containous/traefik/pull/5272) by [ldez](https://github.com/ldez))
- **[middleware,k8s,k8s/crd]** The chain middleware in k8s use middlewareRef ([#5290](https://github.com/containous/traefik/pull/5290) by [juliens](https://github.com/juliens))
- **[middleware]** Don't panic with undefined middleware ([#5289](https://github.com/containous/traefik/pull/5289) by [ldez](https://github.com/ldez))
- **[middleware]** fix buffering middleware ([#5281](https://github.com/containous/traefik/pull/5281) by [ldez](https://github.com/ldez))
- **[middleware]** fix: stripPrefix and stripPrefixRegex. ([#5291](https://github.com/containous/traefik/pull/5291) by [ldez](https://github.com/ldez))
- **[service,websocket]** Fix recovered panic when websocket is mirrored ([#5255](https://github.com/containous/traefik/pull/5255) by [juliens](https://github.com/juliens))
- **[webui]** Rest provider icon in the webui ([#5261](https://github.com/containous/traefik/pull/5261) by [mmatur](https://github.com/mmatur))
- Fix trailing slash with check new version ([#5266](https://github.com/containous/traefik/pull/5266) by [mmatur](https://github.com/mmatur))
**Documentation:**
- **[middleware]** fix: stripPrefixRegex documentation. ([#5273](https://github.com/containous/traefik/pull/5273) by [ldez](https://github.com/ldez))
- Fix some documentation issues ([#5286](https://github.com/containous/traefik/pull/5286) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Update restrictions in the documentation. ([#5270](https://github.com/containous/traefik/pull/5270) by [ldez](https://github.com/ldez))
- Base of the migration guide ([#5263](https://github.com/containous/traefik/pull/5263) by [jbdoumenjou](https://github.com/jbdoumenjou))
## [v2.0.0-rc1](https://github.com/containous/traefik/tree/v2.0.0-rc1) (2019-08-26)
[All Commits](https://github.com/containous/traefik/compare/v2.0.0-beta1...v2.0.0-rc1)
@ -37,6 +86,13 @@
**Misc:**
- Cherry pick v1.7 into v2.0 ([#5192](https://github.com/containous/traefik/pull/5192) by [ldez](https://github.com/ldez))
## [v1.7.14](https://github.com/containous/traefik/tree/v1.7.14) (2019-08-14)
[All Commits](https://github.com/containous/traefik/compare/v1.7.13...v1.7.14)
**Bug fixes:**
- Update to go1.12.8 ([#5201](https://github.com/containous/traefik/pull/5201) by [ldez](https://github.com/ldez)). HTTP/2 Denial of Service [CVE-2019-9512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512) and [CVE-2019-9514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514)
- **[server]** Make hijackConnectionTracker.Close thread safe ([#5194](https://github.com/containous/traefik/pull/5194) by [jlevesy](https://github.com/jlevesy))
## [v1.7.13](https://github.com/containous/traefik/tree/v1.7.13) (2019-08-07)
[All Commits](https://github.com/containous/traefik/compare/v1.7.12...v1.7.13)
@ -217,7 +273,7 @@
- **[api,authentication]** Remove authentication hashes from API ([#4918](https://github.com/containous/traefik/pull/4918) by [ldez](https://github.com/ldez))
- **[consul]** Enhance KV logs. ([#4877](https://github.com/containous/traefik/pull/4877) by [ldez](https://github.com/ldez))
- **[k8s]** Fix kubernetes template for backend responseforwarding flushinterval setting ([#4901](https://github.com/containous/traefik/pull/4901) by [ravilr](https://github.com/ravilr))
- **[metrics]** Upgraded DataDog tracing library to 1.13.0 ([#4878](https://github.com/containous/traefik/pull/4878) by [aantono](https://github.com/aantono))
- **[metrics]** Upgraded Datadog tracing library to 1.13.0 ([#4878](https://github.com/containous/traefik/pull/4878) by [aantono](https://github.com/aantono))
- **[server]** Add missing callback on close of hijacked connections ([#4900](https://github.com/containous/traefik/pull/4900) by [ravilr](https://github.com/ravilr))
**Documentation:**
@ -419,7 +475,7 @@
- **[k8s/ingress]** Loop through service ports for global backend ([#4486](https://github.com/containous/traefik/pull/4486) by [dtomcej](https://github.com/dtomcej))
- **[k8s]** Add entrypoints prefix in kubernetes frontend/backend id ([#4679](https://github.com/containous/traefik/pull/4679) by [juliens](https://github.com/juliens))
- **[websocket]** Exclude websocket connections from Average Response Time ([#4313](https://github.com/containous/traefik/pull/4313) by [siyu6974](https://github.com/siyu6974))
- **[middleware]** Added support for configuring trace headers for DataDog tracing ([#4516](https://github.com/containous/traefik/pull/4516) by [aantono](https://github.com/aantono))
- **[middleware]** Added support for configuring trace headers for Datadog tracing ([#4516](https://github.com/containous/traefik/pull/4516) by [aantono](https://github.com/aantono))
**Documentation:**
- **[acme]** Add _FILE Environment Variable Documentation ([#4643](https://github.com/containous/traefik/pull/4643) by [dargmuesli](https://github.com/dargmuesli))
@ -670,7 +726,7 @@
- **[metrics]** Metrics: Add support for InfluxDB Database / RetentionPolicy and HTTP client ([#3391](https://github.com/containous/traefik/pull/3391) by [drewkerrigan](https://github.com/drewkerrigan))
- **[middleware,consulcatalog,docker,ecs,kv,marathon,mesos,rancher]** Pass the TLS Cert infos in headers ([#3826](https://github.com/containous/traefik/pull/3826) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[middleware,server]** Extreme Makeover: server refactoring ([#3461](https://github.com/containous/traefik/pull/3461) by [ldez](https://github.com/ldez))
- **[middleware,tracing]** Added integration support for DataDog APM Tracing ([#3517](https://github.com/containous/traefik/pull/3517) by [aantono](https://github.com/aantono))
- **[middleware,tracing]** Added integration support for Datadog APM Tracing ([#3517](https://github.com/containous/traefik/pull/3517) by [aantono](https://github.com/aantono))
- **[middleware,tracing]** Create a custom logger for jaeger ([#3541](https://github.com/containous/traefik/pull/3541) by [mmatur](https://github.com/mmatur))
- **[middleware]** Performance enhancements for the rules matchers. ([#3563](https://github.com/containous/traefik/pull/3563) by [ShaneSaww](https://github.com/ShaneSaww))
- **[middleware]** Extract internal router creation from server ([#3204](https://github.com/containous/traefik/pull/3204) by [Juliens](https://github.com/Juliens))
@ -731,7 +787,7 @@
- **[oxy]** Handle Te header when http2 ([#3824](https://github.com/containous/traefik/pull/3824) by [Juliens](https://github.com/Juliens))
- **[server]** Avoid goroutine leak in server ([#3851](https://github.com/containous/traefik/pull/3851) by [nmengin](https://github.com/nmengin))
- **[server]** Avoid panic during stop ([#3898](https://github.com/containous/traefik/pull/3898) by [nmengin](https://github.com/nmengin))
- **[tracing]** Added default configuration for DataDog APM Tracer ([#3655](https://github.com/containous/traefik/pull/3655) by [aantono](https://github.com/aantono))
- **[tracing]** Added default configuration for Datadog APM Tracer ([#3655](https://github.com/containous/traefik/pull/3655) by [aantono](https://github.com/aantono))
- **[tracing]** Added support for Trace name truncation for traces ([#3689](https://github.com/containous/traefik/pull/3689) by [aantono](https://github.com/aantono))
- **[websocket]** Handle shutdown of Hijacked connections ([#3636](https://github.com/containous/traefik/pull/3636) by [Juliens](https://github.com/Juliens))
- **[webui]** Added Dashboard table item for Rate Limits ([#3893](https://github.com/containous/traefik/pull/3893) by [codecyclist](https://github.com/codecyclist))
@ -868,7 +924,7 @@
- **[docker]** Uses both binded HostIP and HostPort when useBindPortIP=true ([#3638](https://github.com/containous/traefik/pull/3638) by [geraldcroes](https://github.com/geraldcroes))
- **[k8s]** Fix Rewrite-target regex ([#3699](https://github.com/containous/traefik/pull/3699) by [dtomcej](https://github.com/dtomcej))
- **[middleware]** Correct Entrypoint Redirect with Stripped or Added Path ([#3631](https://github.com/containous/traefik/pull/3631) by [dtomcej](https://github.com/dtomcej))
- **[tracing]** Added default configuration for DataDog APM Tracer ([#3655](https://github.com/containous/traefik/pull/3655) by [aantono](https://github.com/aantono))
- **[tracing]** Added default configuration for Datadog APM Tracer ([#3655](https://github.com/containous/traefik/pull/3655) by [aantono](https://github.com/aantono))
- **[tracing]** Added support for Trace name truncation for traces ([#3689](https://github.com/containous/traefik/pull/3689) by [aantono](https://github.com/aantono))
- **[websocket]** Handle shutdown of Hijacked connections ([#3636](https://github.com/containous/traefik/pull/3636) by [Juliens](https://github.com/Juliens))
- H2C: Remove buggy line in init to make verbose switch working ([#3701](https://github.com/containous/traefik/pull/3701) by [dduportal](https://github.com/dduportal))
@ -964,7 +1020,7 @@
- **[mesos]** Segments Labels: Mesos ([#3383](https://github.com/containous/traefik/pull/3383) by [drewkerrigan](https://github.com/drewkerrigan))
- **[metrics]** Metrics: Add support for InfluxDB Database / RetentionPolicy and HTTP client ([#3391](https://github.com/containous/traefik/pull/3391) by [drewkerrigan](https://github.com/drewkerrigan))
- **[middleware,server]** Extreme Makeover: server refactoring ([#3461](https://github.com/containous/traefik/pull/3461) by [ldez](https://github.com/ldez))
- **[middleware,tracing]** Added integration support for DataDog APM Tracing ([#3517](https://github.com/containous/traefik/pull/3517) by [aantono](https://github.com/aantono))
- **[middleware,tracing]** Added integration support for Datadog APM Tracing ([#3517](https://github.com/containous/traefik/pull/3517) by [aantono](https://github.com/aantono))
- **[middleware,tracing]** Create a custom logger for jaeger ([#3541](https://github.com/containous/traefik/pull/3541) by [mmatur](https://github.com/mmatur))
- **[middleware]** Performance enhancements for the rules matchers. ([#3563](https://github.com/containous/traefik/pull/3563) by [ShaneSaww](https://github.com/ShaneSaww))
- **[middleware]** Extract internal router creation from server ([#3204](https://github.com/containous/traefik/pull/3204) by [Juliens](https://github.com/Juliens))
@ -1142,7 +1198,7 @@
- **[metrics]** Added entrypoint metrics to influxdb ([#2992](https://github.com/containous/traefik/pull/2992) by [adityacs](https://github.com/adityacs))
- **[metrics]** Remove unnecessary conversion ([#2850](https://github.com/containous/traefik/pull/2850) by [ferhatelmas](https://github.com/ferhatelmas))
- **[metrics]** Extend metrics and rebuild prometheus exporting logic ([#2567](https://github.com/containous/traefik/pull/2567) by [marco-jantke](https://github.com/marco-jantke))
- **[metrics]** Added missing metrics to registry for DataDog and StatsD ([#2890](https://github.com/containous/traefik/pull/2890) by [aantono](https://github.com/aantono))
- **[metrics]** Added missing metrics to registry for Datadog and StatsD ([#2890](https://github.com/containous/traefik/pull/2890) by [aantono](https://github.com/aantono))
- **[middleware,consul,consulcatalog,docker,ecs,k8s,marathon,mesos,rancher]** New option in secure middleware ([#2958](https://github.com/containous/traefik/pull/2958) by [mmatur](https://github.com/mmatur))
- **[middleware,consulcatalog,docker,ecs,k8s,kv,marathon,mesos,rancher]** Ability to use "X-Forwarded-For" as a source of IP for white list. ([#3070](https://github.com/containous/traefik/pull/3070) by [ldez](https://github.com/ldez))
- **[middleware,docker]** Use pointer of error pages ([#2607](https://github.com/containous/traefik/pull/2607) by [ldez](https://github.com/ldez))
@ -1394,7 +1450,7 @@
- **[mesos]** Add all available labels to Mesos Backend ([#2687](https://github.com/containous/traefik/pull/2687) by [ldez](https://github.com/ldez))
- **[metrics]** Added entrypoint metrics to influxdb ([#2992](https://github.com/containous/traefik/pull/2992) by [adityacs](https://github.com/adityacs))
- **[metrics]** Extend metrics and rebuild prometheus exporting logic ([#2567](https://github.com/containous/traefik/pull/2567) by [marco-jantke](https://github.com/marco-jantke))
- **[metrics]** Added missing metrics to registry for DataDog and StatsD ([#2890](https://github.com/containous/traefik/pull/2890) by [aantono](https://github.com/aantono))
- **[metrics]** Added missing metrics to registry for Datadog and StatsD ([#2890](https://github.com/containous/traefik/pull/2890) by [aantono](https://github.com/aantono))
- **[metrics]** Remove unnecessary conversion ([#2850](https://github.com/containous/traefik/pull/2850) by [ferhatelmas](https://github.com/ferhatelmas))
- **[middleware,consul,consulcatalog,docker,ecs,k8s,marathon,mesos,rancher]** New option in secure middleware ([#2958](https://github.com/containous/traefik/pull/2958) by [mmatur](https://github.com/mmatur))
- **[middleware,consulcatalog,docker,ecs,k8s,kv,marathon,mesos,rancher]** Ability to use "X-Forwarded-For" as a source of IP for white list. ([#3070](https://github.com/containous/traefik/pull/3070) by [ldez](https://github.com/ldez))
@ -2015,12 +2071,12 @@
- **[marathon]** Add support for readiness checks. ([#1883](https://github.com/containous/traefik/pull/1883) by [timoreimann](https://github.com/timoreimann))
- **[marathon]** Move marathon mock ([#1732](https://github.com/containous/traefik/pull/1732) by [ldez](https://github.com/ldez))
- **[marathon]** Use single API call to fetch Marathon resources. ([#1815](https://github.com/containous/traefik/pull/1815) by [timoreimann](https://github.com/timoreimann))
- **[metrics]** Added RetryMetrics to DataDog and StatsD providers ([#1884](https://github.com/containous/traefik/pull/1884) by [aantono](https://github.com/aantono))
- **[metrics]** Added RetryMetrics to Datadog and StatsD providers ([#1884](https://github.com/containous/traefik/pull/1884) by [aantono](https://github.com/aantono))
- **[metrics]** Extract metrics to own package and refactor implementations ([#1968](https://github.com/containous/traefik/pull/1968) by [marco-jantke](https://github.com/marco-jantke))
- **[metrics]** Add metrics for backend_retries_total ([#1504](https://github.com/containous/traefik/pull/1504) by [marco-jantke](https://github.com/marco-jantke))
- **[metrics]** Add status code to request duration metric ([#1755](https://github.com/containous/traefik/pull/1755) by [marco-jantke](https://github.com/marco-jantke))
- **[middleware]** Add trusted whitelist proxy protocol ([#2234](https://github.com/containous/traefik/pull/2234) by [emilevauge](https://github.com/emilevauge)))
- **[metrics]** DataDog and StatsD Metrics Support ([#1701](https://github.com/containous/traefik/pull/1701) by [aantono](https://github.com/aantono))
- **[metrics]** Datadog and StatsD Metrics Support ([#1701](https://github.com/containous/traefik/pull/1701) by [aantono](https://github.com/aantono))
- **[middleware]** Create Header Middleware ([#1236](https://github.com/containous/traefik/pull/1236) by [dtomcej](https://github.com/dtomcej))
- **[middleware]** Add configurable timeouts and curate default timeout settings ([#1873](https://github.com/containous/traefik/pull/1873) by [marco-jantke](https://github.com/marco-jantke))
- **[middleware]** Fix command bug content. ([#2002](https://github.com/containous/traefik/pull/2002) by [ldez](https://github.com/ldez))
@ -2326,11 +2382,11 @@
- **[marathon]** Move marathon mock ([#1732](https://github.com/containous/traefik/pull/1732) by [ldez](https://github.com/ldez))
- **[marathon]** Support multi-port service routing for containers running on Marathon ([#1742](https://github.com/containous/traefik/pull/1742) by [aantono](https://github.com/aantono))
- **[marathon]** Use test builder. ([#1871](https://github.com/containous/traefik/pull/1871) by [timoreimann](https://github.com/timoreimann))
- **[metrics]** DataDog and StatsD Metrics Support ([#1701](https://github.com/containous/traefik/pull/1701) by [aantono](https://github.com/aantono))
- **[metrics]** Datadog and StatsD Metrics Support ([#1701](https://github.com/containous/traefik/pull/1701) by [aantono](https://github.com/aantono))
- **[metrics]** Add status code to request duration metric ([#1755](https://github.com/containous/traefik/pull/1755) by [marco-jantke](https://github.com/marco-jantke))
- **[metrics]** Add metrics for backend_retries_total ([#1504](https://github.com/containous/traefik/pull/1504) by [marco-jantke](https://github.com/marco-jantke))
- **[metrics]** Extract metrics to own package and refactor implementations ([#1968](https://github.com/containous/traefik/pull/1968) by [marco-jantke](https://github.com/marco-jantke))
- **[metrics]** Added RetryMetrics to DataDog and StatsD providers ([#1884](https://github.com/containous/traefik/pull/1884) by [aantono](https://github.com/aantono))
- **[metrics]** Added RetryMetrics to Datadog and StatsD providers ([#1884](https://github.com/containous/traefik/pull/1884) by [aantono](https://github.com/aantono))
- **[middleware]** Return 503 on empty backend ([#1748](https://github.com/containous/traefik/pull/1748) by [marco-jantke](https://github.com/marco-jantke))
- **[middleware]** Add configurable timeouts and curate default timeout settings ([#1873](https://github.com/containous/traefik/pull/1873) by [marco-jantke](https://github.com/marco-jantke))
- **[middleware]** Custom Error Pages ([#1675](https://github.com/containous/traefik/pull/1675) by [bparli](https://github.com/bparli))

3
README.md
View file

@ -90,8 +90,7 @@ To get your hands on Traefik, you can use the [5-Minute Quickstart](http://docs.
You can access the simple HTML frontend of Traefik.
![Web UI Providers](docs/content/assets/img/dashboard-main.png)
![Web UI Health](docs/content/assets/img/dashboard-health.png)
![Web UI Providers](docs/content/assets/img/webui-dashboard.png)
## Documentation

4
build.Dockerfile
View file

@ -1,4 +1,4 @@
FROM golang:1.13rc1-alpine
FROM golang:1.13-alpine
RUN apk --update upgrade \
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
@ -19,7 +19,7 @@ RUN mkdir -p /usr/local/bin \
&& chmod +x /usr/local/bin/go-bindata
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.17.1
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.18.0
# Download golangci-lint and misspell binary to bin folder in $GOPATH
RUN GO111MODULE=off go get github.com/client9/misspell/cmd/misspell

4
cmd/traefik/traefik.go
View file

@ -299,14 +299,14 @@ You haven't specified the sendAnonymousUsage option, it will be enabled by defau
Stats collection is enabled.
Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.
Help us improve Traefik by leaving this feature on :)
More details on: https://docs.traefik.io/basics/#collected-data
More details on: https://docs.traefik.io/v2.0/contributing/data-collection/
`)
collect(staticConfiguration)
} else {
log.WithoutContext().Info(`
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://docs.traefik.io/basics/#collected-data
More details on: https://docs.traefik.io/v2.0/contributing/data-collection/
`)
}
}

BIN
docs/content/assets/img/dashboard-health.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 208 KiB

BIN
docs/content/assets/img/dashboard-main.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 274 KiB

BIN
docs/content/assets/img/middleware/ratelimit.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 68 KiB

BIN
docs/content/assets/img/webui-dashboard.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 125 KiB

2
docs/content/contributing/building-testing.md
View file

@ -28,7 +28,7 @@ Successfully tagged traefik-webui:latest
[...]
docker build -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
Sending build context to Docker daemon 279MB
Step 1/10 : FROM golang:1.13rc1-alpine
Step 1/10 : FROM golang:1.13-alpine
---> f4bfb3d22bda
[...]
Successfully built 5c3c1a911277

2
docs/content/contributing/data-collection.md
View file

@ -9,7 +9,7 @@ Understanding how you use Traefik is very important to us: it helps us improve t
For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
!!! warning
During the beta stage only, leaving this option unset will not prevent Traefik from running but will generate an error log indicating that it enables data collection by default.
Before the GA, leaving this option unset will not prevent Traefik from running but will generate an error log indicating that it enables data collection by default.
!!! example "Enabling Data Collection"

22
docs/content/https/tls.md
View file

@ -35,7 +35,7 @@ tls:
!!! important "File Provider Only"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
In its current beta version, it is the only available method to configure the certificates (as well as the options and the stores).
It is the only available method to configure the certificates (as well as the options and the stores).
## Certificates Stores
@ -52,9 +52,9 @@ tls:
default: {}
```
!!! important "Beta restriction"
!!! important "Restriction"
During the beta version, any store definition other than the default one (named `default`) will be ignored,
Any store definition other than the default one (named `default`) will be ignored,
and there is thefore only one globally available TLS store.
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
@ -85,9 +85,9 @@ tls:
keyFile: /path/to/other-domain.key
```
!!! important "Beta restriction"
!!! important "Restriction"
During the beta version, the `stores` list will actually be ignored and automatically set to `["default"]`.
The `stores` list will actually be ignored and automatically set to `["default"]`.
### Default Certificate
@ -141,17 +141,17 @@ tls:
### Client Authentication (mTLS)
Traefik supports mutual authentication, through the `ClientAuth` section.
Traefik supports mutual authentication, through the `clientAuth` section.
For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `ClientAuth.caFiles`.
For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`.
The `ClientAuth.clientAuthType` option governs the behaviour as follows:
The `clientAuth.clientAuthType` option governs the behaviour as follows:
- `NoClientCert`: disregards any client certificate.
- `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `ClientAuth.caFiles`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `ClientAuth.caFiles`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `ClientAuth.caFiles`.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
```toml tab="TOML"
[tls.options]

222
docs/content/middlewares/basicauth.md
View file

@ -16,7 +16,7 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="Kubernetes"
@ -27,9 +27,7 @@ metadata:
name: test-auth
spec:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
secret: secretName
```
```json tab="Marathon"
@ -41,7 +39,7 @@ spec:
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
@ -81,7 +79,74 @@ The `users` option is an array of authorized users. Each user will be declared u
!!! Note
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- For security reasons, the field `users` doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker"
# Declaring the user list
#
# Note: all dollar signs in the hash need to be doubled for escaping.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="Kubernetes"
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
basicAuth:
secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: default
data:
users: |2
dGVzdDokYXByMSRINnVza2trVyRJZ1hMUDZld1RyU3VCa1RycUU4d2ovCnRlc3QyOiRhcHIxJGQ5
aHI5SEJCJDRIeHdnVWlyM0hQNEVzZ2dQL1FObzAK
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
}
```
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
middlewares:
test-auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
### `usersFile`
@ -89,6 +154,63 @@ The `usersFile` option is the path to an external file that contains the authori
The file content is a list of `name:encoded-password`.
!!! Note
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
basicAuth:
secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: default
data:
users: |2
dGVzdDokYXByMSRINnVza2trVyRJZ1hMUDZld1RyU3VCa1RycUU4d2ovCnRlc3QyOiRhcHIxJGQ5
aHI5SEJCJDRIeHdnVWlyM0hQNEVzZ2dQL1FObzAK
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.basicauth.usersfile": "/path/to/my/usersfile"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
basicAuth:
usersFile: "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2"
```txt
@ -96,21 +218,57 @@ The file content is a list of `name:encoded-password`.
test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
```
!!! Note
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
### `realm`
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
basicAuth:
realm: MyRealm
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.basicauth.realm": "MyRealm"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
basicAuth:
realm: "MyRealm"
```
### `headerField`
You can customize the header field for the authenticated user using the `headerField`option.
You can define a header field to store the authenticated user using the `headerField`option.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
```
```yaml tab="Kubernetes"
@ -148,3 +306,43 @@ http:
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
basicAuth:
removeHeader: true
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.basicauth.removeheader": "true"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
basicAuth:
removeHeader: true
```

6
docs/content/middlewares/chain.md
View file

@ -51,9 +51,9 @@ metadata:
spec:
chain:
middlewares:
- https-only
- known-ips
- auth-users
- name: https-only
- name: known-ips
- name: auth-users
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware

3
docs/content/middlewares/circuitbreaker.md
View file

@ -132,7 +132,7 @@ For example, the expression `LatencyAtQuantileMS(50.0) > 100` will trigger the c
!!! Note
You must provide a float number (with the leading .0) for the quantile value
You must provide a float number (with the trailing .0) for the quantile value
#### Using multiple metrics
@ -153,7 +153,6 @@ Here is the list of supported operators:
- Greater or equal than (`>=`)
- Lesser than (`<`)
- Lesser or equal than (`<=`)
- Not (`!`)
- Equal (`==`)
- Not Equal (`!=`)

2
docs/content/middlewares/compress.md
View file

@ -55,6 +55,6 @@ http:
Responses are compressed when:
* The response body is larger than `512` bytes.
* The response body is larger than `1400` bytes.
* The `Accept-Encoding` request header contains `gzip`.
* The response is not already compressed, i.e. the `Content-Encoding` response header is not already set.

237
docs/content/middlewares/digestauth.md
View file

@ -10,6 +10,7 @@ The DigestAuth middleware is a quick way to restrict access to your services to
## Configuration Examples
```yaml tab="Docker"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
@ -22,9 +23,82 @@ metadata:
name: test-auth
spec:
digestAuth:
users:
- test:traefik:a2688e031edb4be6a3797f3882655c05
- test2:traefik:518845800f9e2bfb1f1f740ec24f074e
secret: userssecret
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.digestauth.users": "test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
}
```
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```toml tab="File (TOML)"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
users = [
"test:traefik:a2688e031edb4be6a3797f3882655c05",
"test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
]
```
```yaml tab="File (YAML)"
# Declaring the user list
http:
middlewares:
test-auth:
digestAuth:
users:
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
## Configuration Options
!!! tip
Use `htdigest` to generate passwords.
### `users`
The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.
!!! Note
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- For security reasons, the field `users` doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
digestAuth:
secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: default
data:
users: |2
dGVzdDokYXByMSRINnVza2trVyRJZ1hMUDZld1RyU3VCa1RycUU4d2ovCnRlc3QyOiRhcHIxJGQ5
aHI5SEJCJDRIeHdnVWlyM0hQNEVzZ2dQL1FObzAK
```
```json tab="Marathon"
@ -57,26 +131,69 @@ http:
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
```
!!! tip
Use `htdigest` to generate passwords.
## Configuration Options
### `users`
The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.
!!! Note
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
The file content is a list of `name:realm:encoded-password`.
!!! Note
- If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
- Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
digestAuth:
secret: authsecret
---
apiVersion: v1
kind: Secret
metadata:
name: authsecret
namespace: default
data:
users: |2
dGVzdDokYXByMSRINnVza2trVyRJZ1hMUDZld1RyU3VCa1RycUU4d2ovCnRlc3QyOiRhcHIxJGQ5
aHI5SEJCJDRIeHdnVWlyM0hQNEVzZ2dQL1FObzAK
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.digestauth.usersfile": "/path/to/my/usersfile"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
usersFile = "/path/to/my/usersfile"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
digestAuth:
usersFile: "/path/to/my/usersfile"
```
??? example "A file containing test/test and test2/test2"
```txt
@ -84,20 +201,54 @@ The file content is a list of `name:realm:encoded-password`.
test2:traefik:518845800f9e2bfb1f1f740ec24f074e
```
!!! Note
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
### `realm`
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
digestAuth:
realm: MyRealm
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.digestauth.realm": "MyRealm"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
realm = "MyRealm"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
digestAuth:
realm: "MyRealm"
```
### `headerField`
You can customize the header field for the authenticated user using the `headerField`option.
Example "File -- Passing Authenticated User to Services Via Headers"
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
@ -143,3 +294,43 @@ http:
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
digestAuth:
removeHeader: true
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.digestauth.removeheader": "true"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.digestAuth]
removeHeader = true
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
digestAuth:
removeHeader: true
```

9
docs/content/middlewares/errorpages.md
View file

@ -29,8 +29,10 @@ spec:
errors:
status:
- 500-599
service: serviceError
query: /{status}.html
service:
name: whoami
port: 80
```
```json tab="Marathon"
@ -77,7 +79,7 @@ http:
```
!!! note
In this example, the error page URL is based on the status code (`query=/{status}.html)`.
In this example, the error page URL is based on the status code (`query=/{status}.html`).
## Configuration Options
@ -95,6 +97,9 @@ The status code ranges are inclusive (`500-599` will trigger with every code bet
The service that will serve the new requested error page.
!!! Note
In kubernetes, you need to reference a kubernetes service instead of a traefik service.
### `query`
The URL for the error page (hosted by `service`). You can use `{status}` in the query, that will be replaced by the received status code.

491
docs/content/middlewares/forwardauth.md
View file

@ -15,12 +15,99 @@ Otherwise, the response from the authentication server is returned.
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```yaml tab="Kubernetes"
# Forward authentication to authserver.com
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
}
```
```yaml tab="Rancher"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
```
```toml tab="File (TOML)"
# Forward authentication to authserver.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
```
```yaml tab="File (YAML)"
# Forward authentication to authserver.com
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
```
## Configuration Options
### `address`
The `address` option defines the authentication server address.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
```
### `trustForwardHeader`
Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwarded-*` headers.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
@ -33,89 +120,381 @@ spec:
forwardAuth:
address: https://authserver.com/auth
trustForwardHeader: true
authResponseHeaders:
- X-Auth-User
- X-Secret
tls:
ca: path/to/local.crt
caOptional: true
cert: path/to/foo.cert
key: path/to/foo.key
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth",
"traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders": "X-Auth-User,X-Secret",
"traefik.http.middlewares.test-auth.forwardauth.tls.ca": "path/to/local.crt",
"traefik.http.middlewares.test-auth.forwardauth.tls.caOptional": "true",
"traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
"traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify": "true",
"traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key",
"traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader": "true"
}
```
```yaml tab="Rancher"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.InisecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```toml tab="File (TOML)"
# Forward authentication to authserver.com
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
trustForwardHeader = true
authResponseHeaders = ["X-Auth-User", "X-Secret"]
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
caOptional = true
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
# Forward authentication to authserver.com
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
trustForwardHeader: true
authResponseHeaders:
- "X-Auth-User"
- "X-Secret"
tls:
ca: "path/to/local.crt"
caOptional: true
cert: "path/to/foo.cert"
key: "path/to/foo.key"
```
## Configuration Options
### `address`
The `address` option defines the authentication server address.
### `trustForwardHeader`
Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwarded-*` headers.
### `authResponseHeaders`
The `authResponseHeaders` option is the list of the headers to copy from the authentication server to the request.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
authResponseHeaders:
- X-Auth-User
- X-Secret
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders": "X-Auth-User,X-Secret"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
authResponseHeaders = ["X-Auth-User", "X-Secret"]
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
authResponseHeaders:
- "X-Auth-User"
- "X-Secret"
```
### `tls`
The `tls` option is the TLS configuration from Traefik to the authentication server.
#### `tls.ca`
TODO add description.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
tls:
caSecret: mycasercret
---
apiVersion: v1
kind: Secret
metadata:
name: mycasercret
namespace: default
data:
ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.tls.ca": "path/to/local.crt"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
tls:
ca: "path/to/local.crt"
```
#### `tls.caOptional`
TODO add description.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
tls:
caOptional: true
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.tls.caOptional": "true"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
caOptional = true
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
tls:
caOptional: true
```
#### `tls.cert`
TODO add description.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
tls:
certSecret: mytlscert
---
apiVersion: v1
kind: Secret
metadata:
name: mytlscert
namespace: default
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
"traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
tls:
cert: "path/to/foo.cert"
key: "path/to/foo.key"
```
!!! Note
For security reasons, the field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
#### `tls.key`
TODO add description.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
tls:
certSecret: mytlscert
---
apiVersion: v1
kind: Secret
metadata:
name: mytlscert
namespace: default
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
"traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
[http.middlewares.test-auth.forwardAuth.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
tls:
cert: "path/to/foo.cert"
key: "path/to/foo.key"
```
!!! Note
For security reasons, the field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
#### `tls.insecureSkipVerify`
TODO add description.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-auth
spec:
forwardAuth:
address: https://authserver.com/auth
insecureSkipVerify: true
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify": "true"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-auth.forwardAuth]
address = "https://authserver.com/auth"
insecureSkipVerify: true
```
```yaml tab="File (YAML)"
http:
middlewares:
test-auth:
forwardAuth:
address: "https://authserver.com/auth"
insecureSkipVerify: true
```

49
docs/content/middlewares/headers.md
View file

@ -70,7 +70,12 @@ http:
`X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request,
and the `X-Custom-Response-Header` header removed from the response.
Please note that is not possible to remove headers through the use of labels (Docker, Rancher, Marathon, ...) for now.
Please note that it is not possible to remove headers through the use of labels (Docker, Rancher, Marathon, ...) for now.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
@ -86,17 +91,17 @@ spec:
X-Custom-Response-Header: "" # Removes
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
@ -121,7 +126,7 @@ http:
### Using Security Headers
Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured per frontend in a similar manner to the custom headers above.
Security related headers (HSTS headers, SSL redirection, Browser XSS filter, etc) can be added and configured in a manner similar to the custom headers above.
This functionality allows for some easy security features to quickly be set.
```yaml tab="Docker"
@ -141,12 +146,6 @@ spec:
sslRedirect: "true"
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.framedeny=true"
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testheader.headers.framedeny": "true",
@ -154,6 +153,12 @@ labels:
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.framedeny=true"
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
@ -172,7 +177,7 @@ http:
### CORS Headers
CORS (Cross-Origin Resource Sharing) headers can be added and configured per frontend in a similar manner to the custom headers above.
CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
This functionality allows for more advanced security features to quickly be set.
```yaml tab="Docker"
@ -199,14 +204,6 @@ spec:
addVaryHeader: "true"
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
@ -216,6 +213,14 @@ labels:
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]

2
docs/content/middlewares/inflightreq.md
View file

@ -74,7 +74,7 @@ The `ipStrategy` option defines two parameters that sets how Traefik will determ
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is is lesser than or equal to 0.
- `depth` is ignored if its value is lesser than or equal to 0.
!!! note "Example of Depth & X-Forwarded-For"

2
docs/content/middlewares/ipwhitelist.md
View file

@ -144,7 +144,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
!!! note
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is is lesser than or equal to 0.
- `depth` is ignored if its value is lesser than or equal to 0.
#### `ipStrategy.excludedIPs`

4
docs/content/middlewares/overview.md
View file

@ -66,7 +66,7 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo",
"traefik.http.router.router1.middlewares": "foo-add-prefix@marathon"
"traefik.http.routers.router1.middlewares": "foo-add-prefix@marathon"
}
```
@ -76,7 +76,7 @@ labels:
# Create a middleware named `foo-add-prefix`
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# Apply the middleware named `foo-add-prefix` to the router named `router1`
- "traefik.http.router.router1.middlewares=foo-add-prefix@rancher"
- "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher"
```
```toml tab="File (TOML)"

6
docs/content/middlewares/passtlsclientcert.md
View file

@ -3,7 +3,9 @@
Adding Client Certificates in a Header
{: .subtitle }
`TODO add schema`
<!--
TODO: add schema
-->
PassTLSClientCert adds in header the selected data from the passed client tls certificate.
@ -219,7 +221,7 @@ PassTLSClientCert can add two headers to the request:
!!! note
The headers are filled with escaped string so it can be safely placed inside a URL query.
In the following example, you can see a complete certificate. We will use each part of it to explains the middleware options.
In the following example, you can see a complete certificate. We will use each part of it to explain the middleware options.
??? example "A complete client tls certificate"

4
docs/content/middlewares/ratelimit.md
View file

@ -3,8 +3,6 @@
To Control the Number of Requests Going to a Service
{: .subtitle }
![RateLimit](../assets/img/middleware/ratelimit.png)
The RateLimit middleware ensures that services will receive a _fair_ number of requests, and allows you define what is fair.
## Configuration Example
@ -173,7 +171,7 @@ The `ipStrategy` option defines two parameters that sets how Traefik will determ
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is is lesser than or equal to 0.
- `depth` is ignored if its value is lesser than or equal to 0.
!!! note "Example of Depth & X-Forwarded-For"

8
docs/content/middlewares/redirectregex.md
View file

@ -3,7 +3,9 @@
Redirecting the Client to a Different Location
{: .subtitle }
`TODO: add schema`
<!--
TODO: add schema
-->
RegexRedirect redirect a request from an url to another with regex matching and replacement.
@ -11,6 +13,7 @@ RegexRedirect redirect a request from an url to another with regex matching and
```yaml tab="Docker"
# Redirect with domain replacement
# Note: all dollar signs need to be doubled for escaping.
labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
@ -37,9 +40,10 @@ spec:
```yaml tab="Rancher"
# Redirect with domain replacement
# Note: all dollar signs need to be doubled for escaping.
labels:
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/${1}"
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
```
```toml tab="File (TOML)"

4
docs/content/middlewares/redirectscheme.md
View file

@ -3,7 +3,9 @@
Redirecting the Client to a Different Scheme/Port
{: .subtitle }
`TODO: add schema`
<!--
TODO: add schema
-->
RegexRedirect redirect request from a scheme to another.

4
docs/content/middlewares/replacepath.md
View file

@ -3,7 +3,9 @@
Updating the Path Before Forwarding the Request
{: .subtitle }
`TODO: add schema`
<!--
TODO: add schema
-->
Replace the path of the request url.

4
docs/content/middlewares/replacepathregex.md
View file

@ -3,7 +3,9 @@
Updating the Path Before Forwarding the Request (Using a Regex)
{: .subtitle }
`TODO: add schema`
<!--
TODO: add schema
-->
The ReplaceRegex replace a path from an url to another with regex matching and replacement.

9
docs/content/middlewares/retry.md
View file

@ -3,9 +3,12 @@
Retrying until it Succeeds
{: .subtitle }
`TODO: add schema`
<!--
TODO: add schema
-->
Retry to send request on attempt failure.
The Retry middleware is in charge of reissuing a request a given number of times to a backend server if that server does not reply.
To be clear, as soon as the server answers, the middleware stops retrying, regardless of the response status.
## Configuration Examples
@ -60,4 +63,4 @@ http:
_mandatory_
The `attempts` option defines how many times to try sending the request.
The `attempts` option defines how many times the request should be retried.

10
docs/content/middlewares/stripprefix.md
View file

@ -3,7 +3,9 @@
Removing Prefixes From the Path Before Forwarding the Request
{: .subtitle }
`TODO: add schema`
<!--
TODO: add schema
-->
Remove the specified prefixes from the URL path.
@ -12,7 +14,7 @@ Remove the specified prefixes from the URL path.
```yaml tab="Docker"
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
```
```yaml tab="Kubernetes"
@ -30,14 +32,14 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "/foobar, /fiibar"
"traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "/foobar,/fiibar"
}
```
```yaml tab="Rancher"
# Strip prefix /foobar and /fiibar
labels:
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar, /fiibar"
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
```
```toml tab="File (TOML)"

21
docs/content/middlewares/stripprefixregex.md
View file

@ -3,55 +3,50 @@
Removing Prefixes From the Path Before Forwarding the Request (Using a Regex)
{: .subtitle }
`TODO: add schema`
Remove the matching prefixes from the URL path.
## Configuration Examples
```yaml tab="Docker"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)",
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
```
```yaml tab="Kubernetes"
# Replace the path by /foo
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-stripprefixregex
spec:
stripPrefixRegex:
regex: "^/foo/(.*)"
regex:
- "/foo/[a-z0-9]+/[0-9]+/"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex": "^/foo/(.*)"
"traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex": "/foo/[a-z0-9]+/[0-9]+/"
}
```
```yaml tab="Rancher"
# Replace the path by /foo
labels:
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=^/foo/(.*)",
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
```
```toml tab="File (TOML)"
# Replace the path by /foo
[http.middlewares]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex = "^/foo/(.*)"
regex = ["/foo/[a-z0-9]+/[0-9]+/"]
```
```yaml tab="File (YAML)"
# Replace the path by /foo
http:
middlewares:
test-stripprefixregex:
stripPrefixRegex:
regex: "^/foo/(.*)"
regex:
- "/foo/[a-z0-9]+/[0-9]+/"
```
## Configuration Options

353
docs/content/migration/v1-to-v2.md Normal file
View file

@ -0,0 +1,353 @@
# Migration Guide: From v1 to v2
How to Migrate from Traefik v1 to Traefik v2.
{: .subtitle }
The version 2 of Traefik introduces a number of breaking changes,
which require one to update their configuration when they migrate from v1 to v2.
The goal of this page is to recapitulate all of these changes, and in particular to give examples,
feature by feature, of how the configuration looked like in v1, and how it now looks like in v2.
!!! Note "Migration Helper"
We created a tool to help during the migration: [traefik-migration-tool](https://github.com/containous/traefik-migration-tool)
This tool allows to:
- convert `Ingress` to Traefik `IngressRoute` resources.
- convert `acme.json` file from v1 to v2 format.
## Frontends and Backends Are Dead... <br/>... Long Live Routers, Middlewares, and Services
During the transition from v1 to v2, a number of internal pieces and components of Traefik were rewritten and reorganized.
As such, the combination of core notions such as frontends and backends has been replaced with the combination of routers, services, and middlewares.
Typically, a router replaces a frontend, and a service assumes the role of a backend, with each router referring to a service.
However, even though a backend was in charge of applying any desired modification on the fly to the incoming request,
the router defers that responsibility to another component.
Instead, a dedicated middleware is now defined for each kind of such modification.
Then any router can refer to an instance of the wanted middleware.
!!! example "One frontend with basic auth and one backend, become one router, one service, and one basic auth middleware."
### v1
```yaml tab="Docker"
labels:
- "traefik.frontend.rule=Host:test.localhost;PathPrefix:/test"
- "traefik.frontend.auth.basic.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="K8s Ingress"
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/rule-type: PathPrefix
spec:
rules:
- host: test.locahost
http:
paths:
- path: /test
backend:
serviceName: server0
servicePort: 80
- path: /test
backend:
serviceName: server1
servicePort: 80
```
```toml tab="File (TOML)"
[frontends]
[frontends.frontend1]
entryPoints = ["http"]
backend = "backend1"
[frontends.frontend1.routes]
[frontends.frontend1.routes.route0]
rule = "Host:test.localhost"
[frontends.frontend1.routes.route0]
rule = "PathPrefix:/test"
[frontends.frontend1.auth]
[frontends.frontend1.auth.basic]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
[backends]
[backends.backend1]
[backends.backend1.servers.server0]
url = "http://10.10.10.1:80"
[backends.backend1.servers.server1]
url = "http://10.10.10.2:80"
[backends.backend1.loadBalancer]
method = "wrr"
```
### v2
```yaml tab="Docker"
labels:
- "traefik.http.routers.router0.rule=Host(`bar.com`) && PathPrefix(`/test`)"
- "traefik.http.routers.router0.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="K8s IngressRoute"
# The definitions below require the definitions for the Middleware and IngressRoute kinds.
# https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definition
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basicauth
namespace: foo
spec:
basicAuth:
users:
- test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
- test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- http
routes:
- match: Host(`test.localhost`) && PathPrefix(`/test`)
kind: Rule
services:
- name: server0
port: 80
- name: server1
port: 80
middlewares:
- name: basicauth
namespace: foo
```
```toml tab="File (TOML)"
[http.routers]
[http.routers.router0]
rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
middlewares = ["auth"]
service = "my-service"
[http.services]
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.1:80"
[[http.services.my-service.loadBalancer.servers]]
url = "http://10.10.10.2:80"
[http.middlewares]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
http:
routers:
router0:
rule: "Host(`test.localhost`) && PathPrefix(`/test`)"
service: my-service
middlewares:
- auth
services:
my-service:
loadBalancer:
servers:
- url: http://10.10.10.1:80
- url: http://10.10.10.2:80
middlewares:
auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
## TLS configuration is now dynamic, per router.
TLS parameters used to be specified in the static configuration, as an entryPoint field.
With Traefik v2, a new dynamic TLS section at the root contains all the desired TLS configurations.
Then, a router's TLS field can refer to one of the TLS configurations defined at the root, hence defining the TLS configuration for that router.
!!! example "TLS on web-secure entryPoint becomes TLS option on Router-1"
### v1
```toml tab="File (TOML)"
# static configuration
[entryPoints]
[entryPoints.web-secure]
address = ":443"
[entryPoints.web-secure.tls]
minVersion = "VersionTLS12"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
[[entryPoints.web-secure.tls.certificates]]
certFile = "path/to/my.cert"
keyFile = "path/to/my.key"
```
```bash tab="CLI"
--entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384'
```
### v2
```toml tab="File (TOML)"
# dynamic configuration
[http.routers]
[http.routers.Router-1]
rule = "Host(`bar.com`)"
service = "service-id"
# will terminate the TLS request
[http.routers.Router-1.tls]
options = "myTLSOptions"
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.myTLSOptions]
minVersion = "VersionTLS13"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
]
```
```yaml tab="File (YAML)"
http:
routers:
Router-1:
rule: "Host(`bar.com`)"
service: service-id
# will terminate the TLS request
tls:
options: myTLSOptions
tls:
certificates:
- certFile: /path/to/domain.cert
keyFile: /path/to/domain.key
options:
myTLSOptions:
minVersion: VersionTLS13
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
```
```yaml tab="K8s IngressRoute"
# The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definition
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: mytlsoption
namespace: default
spec:
minVersion: VersionTLS13
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
spec:
entryPoints:
- web
routes:
- match: Host(`bar.com`)
kind: Rule
services:
- name: whoami
port: 80
tls:
options:
name: mytlsoption
namespace: default
```
```yaml tab="Docker"
labels:
# myTLSOptions must be defined by another provider, in this instance in the File Provider.
# see the cross provider section
- "traefik.http.routers.router0.tls.options=myTLSOptions@file"
```
## HTTP -> HTTPS Redirection
TODO
## ACME (let's encrypt)
TODO
## Traefik Logs
TODO
## Tracing
TODO
## Metrics
TODO
## No more root level key/values
TODO
## Providers
Supported providers, for now:
- [ ] Azure Service Fabric
- [ ] BoltDB
- [ ] Consul
- [ ] Consul Catalog
- [x] Docker
- [ ] DynamoDB
- [ ] ECS
- [ ] Etcd
- [ ] Eureka
- [x] File
- [x] Kubernetes Ingress (without annotations)
- [x] Kubernetes IngressRoute
- [x] Marathon
- [ ] Mesos
- [x] Rest
- [ ] Zookeeper

18
docs/content/observability/access-logs.md
View file

@ -26,12 +26,11 @@ accessLog: {}
By default access logs are written to the standard output.
To write the logs into a log file, use the `filePath` option.
in the Common Log Format (CLF), extended with additional fields.
### `format`
By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option.
If the given format is unsupported, the default (CLF) is used instead.
!!! note "Common Log Format"
@ -152,15 +151,14 @@ accessLog:
format: json
fields:
defaultMode: keep
fields:
names:
ClientUsername: drop
headers:
defaultMode: keep
names:
ClientUsername: drop
headers:
defaultMode: keep
names:
- User-Agent: redact
- Authorization: drop
- Content-Type: keep
User-Agent: redact
Authorization: drop
Content-Type: keep
```
```bash tab="CLI"

24
docs/content/observability/metrics/datadog.md
View file

@ -1,15 +1,15 @@
# DataDog
# Datadog
To enable the DataDog:
To enable the Datadog:
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
[metrics.datadog]
```
```yaml tab="File (YAML)"
metrics:
dataDog: {}
datadog: {}
```
```bash tab="CLI"
@ -24,13 +24,13 @@ Address instructs exporter to send metrics to datadog-agent at this address.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
[metrics.datadog]
address = "127.0.0.1:8125"
```
```yaml tab="File (YAML)"
metrics:
dataDog:
datadog:
address: 127.0.0.1:8125
```
@ -46,13 +46,13 @@ Enable metrics on entry points.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
[metrics.datadog]
addEntryPointsLabels = true
```
```yaml tab="File (YAML)"
metrics:
dataDog:
datadog:
addEntryPointsLabels: true
```
@ -68,13 +68,13 @@ Enable metrics on services.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
[metrics.datadog]
addServicesLabels = true
```
```yaml tab="File (YAML)"
metrics:
dataDog:
datadog:
addServicesLabels: true
```
@ -90,13 +90,13 @@ The interval used by the exporter to push metrics to datadog-agent.
```toml tab="File (TOML)"
[metrics]
[metrics.dataDog]
[metrics.datadog]
pushInterval = 10s
```
```yaml tab="File (YAML)"
metrics:
dataDog:
datadog:
pushInterval: 10s
```

2
docs/content/observability/metrics/overview.md
View file

@ -4,7 +4,7 @@ Metrics system
Traefik supports 4 metrics backends:
- [DataDog](./datadog.md)
- [Datadog](./datadog.md)
- [InfluxDB](./influxdb.md)
- [Prometheus](./prometheus.md)
- [StatsD](./statsd.md)

31
docs/content/observability/metrics/prometheus.md
View file

@ -85,3 +85,34 @@ metrics:
```bash tab="CLI"
--metrics.prometheus.addServicesLabels=true
```
#### `entryPoint`
_Optional, Default=traefik_
Entry point used to expose metrics.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.metrics]
address = ":8082"
[metrics]
[metrics.prometheus]
entryPoint = "metrics"
```
```yaml tab="File (YAML)"
entryPoints:
metrics:
address: ":8082"
metrics:
prometheus:
entryPoint: metrics
```
```bash tab="CLI"
--entryPoints.metrics.address=":8082"
--metrics.prometheus..entryPoint="metrics"
```

26
docs/content/observability/tracing/datadog.md
View file

@ -1,15 +1,15 @@
# DataDog
# Datadog
To enable the DataDog:
To enable the Datadog:
```toml tab="File (TOML)"
[tracing]
[tracing.dataDog]
[tracing.datadog]
```
```yaml tab="File (YAML)"
tracing:
dataDog: {}
datadog: {}
```
```bash tab="CLI"
@ -24,13 +24,13 @@ Local Agent Host Port instructs reporter to send spans to datadog-tracing-agent
```toml tab="File (TOML)"
[tracing]
[tracing.dataDog]
[tracing.datadog]
localAgentHostPort = "127.0.0.1:8126"
```
```yaml tab="File (YAML)"
tracing:
dataDog:
datadog:
localAgentHostPort: 127.0.0.1:8126
```
@ -42,17 +42,17 @@ tracing:
_Optional, Default=false_
Enable DataDog debug.
Enable Datadog debug.
```toml tab="File (TOML)"
[tracing]
[tracing.dataDog]
[tracing.datadog]
debug = true
```
```yaml tab="File (YAML)"
tracing:
dataDog:
datadog:
debug: true
```
@ -68,13 +68,13 @@ Apply shared tag in a form of Key:Value to all the traces.
```toml tab="File (TOML)"
[tracing]
[tracing.dataDog]
[tracing.datadog]
globalTag = "sample"
```
```yaml tab="File (YAML)"
tracing:
dataDog:
datadog:
globalTag: sample
```
@ -91,13 +91,13 @@ this option must be enabled in order to get all the parts of a distributed trace
```toml tab="File (TOML)"
[tracing]
[tracing.dataDog]
[tracing.datadog]
prioritySampling = true
```
```yaml tab="File (YAML)"
tracing:
dataDog:
datadog:
prioritySampling: true
```

2
docs/content/observability/tracing/overview.md
View file

@ -11,7 +11,7 @@ Traefik supports five tracing backends:
- [Jaeger](./jaeger.md)
- [Zipkin](./zipkin.md)
- [DataDog](./datadog.md)
- [Datadog](./datadog.md)
- [Instana](./instana.md)
- [Haystack](./haystack.md)

34
docs/content/observability/tracing/zipkin.md
View file

@ -18,46 +18,24 @@ tracing:
#### `httpEndpoint`
_Required, Default="http://localhost:9411/api/v1/spans"_
_Required, Default="http://localhost:9411/api/v2/spans"_
Zipkin HTTP endpoint used to send data.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
httpEndpoint = "http://localhost:9411/api/v1/spans"
httpEndpoint = "http://localhost:9411/api/v2/spans"
```
```yaml tab="File (YAML)"
tracing:
zipkin:
httpEndpoint: http://localhost:9411/api/v1/spans
httpEndpoint: http://localhost:9411/api/v2/spans
```
```bash tab="CLI"
--tracing.zipkin.httpEndpoint="http://localhost:9411/api/v1/spans"
```
#### `debug`
_Optional, Default=false_
Enable Zipkin debug.
```toml tab="File (TOML)"
[tracing]
[tracing.zipkin]
debug = true
```
```yaml tab="File (YAML)"
tracing:
zipkin:
debug: true
```
```bash tab="CLI"
--tracing.zipkin.debug=true
--tracing.zipkin.httpEndpoint="http://localhost:9411/api/v2/spans"
```
#### `sameSpan`
@ -86,7 +64,7 @@ tracing:
_Optional, Default=true_
Use Zipkin 128 bit root span IDs.
Use Zipkin 128 bit trace IDs.
```toml tab="File (TOML)"
[tracing]
@ -124,4 +102,4 @@ tracing:
```bash tab="CLI"
--tracing.zipkin.sampleRate="0.2"
```
```

85
docs/content/operations/api.md
View file

@ -1,8 +1,5 @@
# API
!!! important
In the beta version, you can't configure middlewares (basic authentication or white listing) anymore, but as security is important, this will change before the RC version.
Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc.
As with all features of Traefik, this handler can be enabled with the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
@ -22,11 +19,10 @@ would be to apply the following protection mechanisms:
keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
!!! important
In the beta version, you can't configure middlewares (basic authentication or white listing) anymore, but as security is important, this will change before the RC version.
## Configuration
If you enable the API, a new special `service` named `api@internal` is created and then can be reference in a router.
To enable the API handler:
```toml tab="File (TOML)"
@ -41,6 +37,83 @@ api: {}
--api=true
```
And then you will able to reference it like this.
```yaml tab="Docker"
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```json tab="Marathon"
"labels": {
"traefik.http.routers.api.rule": "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
"traefik.http.routers.api.service": "api@internal"
"traefik.http.routers.api.middlewares": "auth"
"traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
}
```
```yaml tab="Rancher"
# Declaring the user list
labels:
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```toml tab="File (TOML)"
[http.routers.my-api]
rule="PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
service="api@internal"
middlewares=["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
```
```yaml tab="File (YAML)"
http:
routers:
api:
rule: PathPrefix(`/api`) || PathPrefix(`/dashboard`)
service: api@internal
middlewares:
- auth
middlewares:
auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
```
### `insecure`
Enable the API in `insecure` mode, which means that the API will be available directly on the entryPoint named `traefik`.
!!! Note
If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080.
```toml tab="File (TOML)"
[api]
insecure = true
```
```yaml tab="File (YAML)"
api:
insecure: true
```
```bash tab="CLI"
--api.insecure=true
```
### `dashboard`
_Optional, Default=true_

17
docs/content/operations/dashboard.md
View file

@ -5,25 +5,16 @@ See What's Going On
The dashboard is the central place that shows you the current active routes handled by Traefik.
!!! warning "Dashboard WIP"
Currently, the dashboard is in a Work In Progress State while being reconstructed for v2.
Therefore, the dashboard is currently not working.
<figure>
<img src="../../assets/img/dashboard-main.png" alt="Dashboard - Providers" />
<figcaption>The dashboard in action with Traefik listening to 3 different providers</figcaption>
</figure>
<figure>
<img src="../../assets/img/dashboard-health.png" alt="Dashboard - Health" />
<figcaption>The dashboard shows the health of the system.</figcaption>
<img src="../../assets/img/webui-dashboard.png" alt="Dashboard - Providers" />
<figcaption>The dashboard in action</figcaption>
</figure>
By default, the dashboard is available on `/` on port `:8080`.
!!! tip "Did You Know?"
It is possible to customize the dashboard endpoint.
To learn how, refer to the `Traefik's API documentation`(TODO: add doc and link).
To learn how, refer to the [API documentation](./api.md)
## Enabling the Dashboard
@ -64,4 +55,4 @@ api:
!!! tip "Did You Know?"
The API provides more features than the Dashboard.
To learn more about it, refer to the `Traefik's API documentation`(TODO: add doc and link).
To learn more about it, refer to the [API documentation](./api.md)

35
docs/content/operations/ping.md
View file

@ -5,7 +5,7 @@ Checking the Health of Your Traefik Instances
## Configuration Examples
??? example "Enabling /ping"
To enable the API handler:
```toml tab="File (TOML)"
[ping]
@ -19,10 +19,39 @@ ping: {}
--ping=true
```
## Configuration Options
The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`.
You can customize the `entryPoint` where the `/ping` is active with the `entryPoint` option (default value: `traefik`)
| Path | Method | Description |
|---------|---------------|-----------------------------------------------------------------------------------------------------|
| `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
## Configuration Options
### `entryPoint`
The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`.
Enabling /ping on a dedicated EntryPoint.
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.ping]
address = ":8082"
[ping]
entryPoint = "ping"
```
```yaml tab="File (YAML)"
entryPoints:
ping:
address: ":8082"
ping:
entryPoint: "ping"
```
```bash tab="CLI"
--entryPoints.ping.address=":8082"
--ping.entryPoint="ping"
```

117
docs/content/providers/docker.md
View file

@ -77,6 +77,7 @@ Attach labels to your containers and let Traefik do the rest!
deploy:
labels:
- traefik.http.routers.my-container.rule=Host(`my-domain`)
- traefik.http.services.my-container-service.loadbalancer.server.port=8080
```
!!! important "Labels in Docker Swarm Mode"
@ -387,7 +388,7 @@ Constraints is an expression that Traefik matches against the container's labels
That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp("key", "value")` functions, as well as the usual boolean logic, as shown in examples below.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegex("key", "value")` functions, as well as the usual boolean logic, as shown in examples below.
??? example "Constraints Expression Examples"
@ -418,11 +419,121 @@ The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp(
```toml
# Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `tls`
_Optional_
#### `tls.ca`
TODO add description.
```toml tab="File (TOML)"
[providers.docker.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
docker:
tls:
ca: path/to/ca.crt
```
```bash tab="CLI"
--providers.docker.tls.ca=path/to/ca.crt
```
#### `tls.caOptional`
TODO add description.
```toml tab="File (TOML)"
[providers.docker.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
docker:
tls:
caOptional: true
```
```bash tab="CLI"
--providers.docker.tls.caOptional=true
```
#### `tls.cert`
TODO add description.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
docker:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key
```
#### `tls.key`
TODO add description.
```toml tab="File (TOML)"
[providers.docker.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
docker:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```bash tab="CLI"
--providers.docker.tls.cert=path/to/foo.cert
--providers.docker.tls.key=path/to/foo.key
```
#### `tls.insecureSkipVerify`
TODO add description.
```toml tab="File (TOML)"
[providers.docker.tls]
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
docker:
tls:
insecureSkipVerify: true
```
```bash tab="CLI"
--providers.docker.tls.insecureSkipVerify=true
```
## Routing Configuration Options
### General
@ -477,7 +588,7 @@ You can declare TCP Routers and/or Services using labels.
# ...
labels:
- traefik.tcp.routers.my-router.rule="HostSNI(`my-host.com`)"
- traefik.tcp.routers.my-router.rule.tls="true"
- traefik.tcp.routers.my-router.tls="true"
- traefik.tcp.services.my-service.loadbalancer.server.port="4123"
```

4
docs/content/providers/file.md
View file

@ -46,7 +46,7 @@ You can write these configuration elements:
entryPoints = ["web"]
middlewares = ["my-basic-auth"]
service = "service-foo"
rule = "Path(`foo`)"
rule = "Path(`/foo`)"
# Add the middleware
[http.middlewares]
@ -75,7 +75,7 @@ You can write these configuration elements:
middlewares:
- my-basic-auth
service: service-foo
rule: Path(`foo`)
rule: Path(`/foo`)
# Add the middleware
middlewares:

21
docs/content/providers/kubernetes-crd.md
View file

@ -168,6 +168,27 @@ Value of `kubernetes.io/ingress.class` annotation that identifies Ingress object
If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
### `throttleDuration`
_Optional, Default: 0 (no throttling)_
```toml tab="File (TOML)"
[providers.kubernetesCRD]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
throttleDuration: "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.throttleDuration="10s"
```
## Resource Configuration
If you're in a hurry, maybe you'd rather go through the [dynamic](../reference/dynamic-configuration/kubernetes-crd.md) configuration reference.

21
docs/content/providers/kubernetes-ingress.md
View file

@ -305,6 +305,27 @@ providers:
Published Kubernetes Service to copy status from.
### `throttleDuration`
_Optional, Default: 0 (no throttling)_
```toml tab="File (TOML)"
[providers.kubernetesIngress]
throttleDuration = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesIngress:
throttleDuration: "10s"
# ...
```
```bash tab="CLI"
--providers.kubernetesingress.throttleDuration="10s"
```
## Further
If one wants to know more about the various aspects of the Ingress spec that Traefik supports, many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

113
docs/content/providers/marathon.md
View file

@ -243,7 +243,7 @@ That is to say, if none of the application's labels match the expression, no rou
In addition, the expression also matched against the application's constraints, such as described in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html).
If the expression is empty, all detected applications are included.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp("key", "value")`, as well as the usual boolean logic.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegex("key", "value")`, as well as the usual boolean logic.
In addition, to match against marathon constraints, the function `MarathonConstraint("field:operator:value")` can be used, where the field, operator, and value parts are joined together in a single string with the `:` separator.
??? example "Constraints Expression Examples"
@ -275,7 +275,7 @@ In addition, to match against marathon constraints, the function `MarathonConstr
```toml
# Includes only applications having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
```toml
@ -398,37 +398,116 @@ when waiting for the first response header from a Marathon master.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration), or directly as a number of seconds.
### `TLS`
### `tls`
_Optional_
#### `tls.ca`
TODO add description.
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "path/to/ca.crt"
```
```yaml tab="File (YAML)"
providers:
marathon:
tls:
ca: path/to/ca.crt
```
```bash tab="CLI"
--providers.marathon.tls.ca=path/to/ca.crt
```
#### `tls.caOptional`
TODO add description.
```toml tab="File (TOML)"
[providers.marathon.tls]
caOptional = true
```
```yaml tab="File (YAML)"
providers:
marathon:
tls:
caOptional: true
```
```bash tab="CLI"
--providers.marathon.tls.caOptional=true
```
#### `tls.cert`
TODO add description.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
marathon:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key
```
#### `tls.key`
TODO add description.
```toml tab="File (TOML)"
[providers.marathon.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```yaml tab="File (YAML)"
providers:
marathon:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```bash tab="CLI"
--providers.marathon.tls.cert=path/to/foo.cert
--providers.marathon.tls.key=path/to/foo.key
```
#### `tls.insecureSkipVerify`
TODO add description.
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "/etc/ssl/ca.crt"
cert = "/etc/ssl/marathon.cert"
key = "/etc/ssl/marathon.key"
insecureSkipVerify = true
```
```yaml tab="File (YAML)"
providers:
marathon
marathon:
tls:
ca: "/etc/ssl/ca.crt"
cert: "/etc/ssl/marathon.cert"
key: "/etc/ssl/marathon.key"
insecureSkipVerify: true
insecureSkipVerify: true
```
```bash tab="CLI"
--providers.marathon.tls.ca="/etc/ssl/ca.crt"
--providers.marathon.tls.cert="/etc/ssl/marathon.cert"
--providers.marathon.tls.key="/etc/ssl/marathon.key"
--providers.marathon.tls.insecureskipverify=true
--providers.marathon.tls.insecureSkipVerify=true
```
TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config).
### `tlsHandshakeTimeout`
_Optional, Default=5s_

4
docs/content/providers/rancher.md
View file

@ -239,7 +239,7 @@ Constraints is an expression that Traefik matches against the container's labels
That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp("key", "value")` functions, as well as the usual boolean logic, as shown in examples below.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegex("key", "value")` functions, as well as the usual boolean logic, as shown in examples below.
??? example "Constraints Expression Examples"
@ -270,7 +270,7 @@ The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp(
```toml
# Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).

39
docs/content/reference/dynamic-configuration/docker-labels.yml
View file

@ -45,13 +45,13 @@
- "traefik.http.middlewares.middleware09.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware09.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware09.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware09.headers.framedeny=true"
- "traefik.http.middlewares.middleware09.headers.hostsproxyheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.headers.isdevelopment=true"
- "traefik.http.middlewares.middleware09.headers.publickey=foobar"
- "traefik.http.middlewares.middleware09.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware09.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware09.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware09.headers.sslproxyheaders.name0=foobar"
@ -65,10 +65,9 @@
- "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware10.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware11.inflightreq.amount=42"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country=true"
@ -88,18 +87,24 @@
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.pem=true"
- "traefik.http.middlewares.middleware13.redirectregex.permanent=true"
- "traefik.http.middlewares.middleware13.redirectregex.regex=foobar"
- "traefik.http.middlewares.middleware13.redirectregex.replacement=foobar"
- "traefik.http.middlewares.middleware14.redirectscheme.permanent=true"
- "traefik.http.middlewares.middleware14.redirectscheme.port=foobar"
- "traefik.http.middlewares.middleware14.redirectscheme.scheme=foobar"
- "traefik.http.middlewares.middleware15.replacepath.path=foobar"
- "traefik.http.middlewares.middleware16.replacepathregex.regex=foobar"
- "traefik.http.middlewares.middleware16.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware17.retry.attempts=42"
- "traefik.http.middlewares.middleware18.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware19.stripprefixregex.regex=foobar, foobar"
- "traefik.http.middlewares.middleware13.ratelimit.average=42"
- "traefik.http.middlewares.middleware13.ratelimit.burst=42"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware14.redirectregex.permanent=true"
- "traefik.http.middlewares.middleware14.redirectregex.regex=foobar"
- "traefik.http.middlewares.middleware14.redirectregex.replacement=foobar"
- "traefik.http.middlewares.middleware15.redirectscheme.permanent=true"
- "traefik.http.middlewares.middleware15.redirectscheme.port=foobar"
- "traefik.http.middlewares.middleware15.redirectscheme.scheme=foobar"
- "traefik.http.middlewares.middleware16.replacepath.path=foobar"
- "traefik.http.middlewares.middleware17.replacepathregex.regex=foobar"
- "traefik.http.middlewares.middleware17.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware18.retry.attempts=42"
- "traefik.http.middlewares.middleware19.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware20.stripprefixregex.regex=foobar, foobar"
- "traefik.http.routers.router0.entrypoints=foobar, foobar"
- "traefik.http.routers.router0.middlewares=foobar, foobar"
- "traefik.http.routers.router0.priority=42"
@ -135,8 +140,8 @@
- "traefik.http.services.service0.loadbalancer.passhostheader=true"
- "traefik.http.services.service0.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.service0.loadbalancer.sticky=true"
- "traefik.http.services.service0.loadbalancer.sticky.cookie.name=foobar"
- "traefik.http.services.service0.loadbalancer.sticky.cookie.httponly=true"
- "traefik.http.services.service0.loadbalancer.sticky.cookie.name=foobar"
- "traefik.http.services.service0.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service0.loadbalancer.server.port=foobar"
- "traefik.http.services.service0.loadbalancer.server.scheme=foobar"
@ -151,8 +156,8 @@
- "traefik.http.services.service1.loadbalancer.passhostheader=true"
- "traefik.http.services.service1.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.service1.loadbalancer.sticky=true"
- "traefik.http.services.service1.loadbalancer.sticky.cookie.name=foobar"
- "traefik.http.services.service1.loadbalancer.sticky.cookie.httponly=true"
- "traefik.http.services.service1.loadbalancer.sticky.cookie.name=foobar"
- "traefik.http.services.service1.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service1.loadbalancer.server.port=foobar"
- "traefik.http.services.service1.loadbalancer.server.scheme=foobar"

57
docs/content/reference/dynamic-configuration/file.toml
View file

@ -62,17 +62,28 @@
[http.services.Service01.loadBalancer.responseForwarding]
flushInterval = "foobar"
[http.services.Service02]
[http.services.Service02.weighted]
[http.services.Service02.mirroring]
service = "foobar"
[[http.services.Service02.weighted.services]]
[[http.services.Service02.mirroring.mirrors]]
name = "foobar"
percent = 42
[[http.services.Service02.mirroring.mirrors]]
name = "foobar"
percent = 42
[http.services.Service03]
[http.services.Service03.weighted]
[[http.services.Service03.weighted.services]]
name = "foobar"
weight = 42
[[http.services.Service02.weighted.services]]
[[http.services.Service03.weighted.services]]
name = "foobar"
weight = 42
[http.services.Service02.weighted.sticky]
[http.services.Service02.weighted.sticky.cookie]
[http.services.Service03.weighted.sticky]
[http.services.Service03.weighted.sticky.cookie]
name = "foobar"
secure = true
httpOnly = true
@ -202,30 +213,40 @@
serialNumber = true
domainComponent = true
[http.middlewares.Middleware13]
[http.middlewares.Middleware13.redirectRegex]
[http.middlewares.Middleware13.rateLimit]
average = 42
burst = 42
[http.middlewares.Middleware13.rateLimit.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware13.rateLimit.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.redirectRegex]
regex = "foobar"
replacement = "foobar"
permanent = true
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.redirectScheme]
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.redirectScheme]
scheme = "foobar"
port = "foobar"
permanent = true
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.replacePath]
path = "foobar"
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.replacePathRegex]
[http.middlewares.Middleware16.replacePath]
path = "foobar"
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.replacePathRegex]
regex = "foobar"
replacement = "foobar"
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.retry]
attempts = 42
[http.middlewares.Middleware18]
[http.middlewares.Middleware18.stripPrefix]
prefixes = ["foobar", "foobar"]
[http.middlewares.Middleware18.retry]
attempts = 42
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.stripPrefixRegex]
[http.middlewares.Middleware19.stripPrefix]
prefixes = ["foobar", "foobar"]
[http.middlewares.Middleware20]
[http.middlewares.Middleware20.stripPrefixRegex]
regex = ["foobar", "foobar"]
[tcp]

80
docs/content/reference/dynamic-configuration/file.yaml
View file

@ -69,6 +69,14 @@ http:
responseForwarding:
flushInterval: foobar
Service02:
mirroring:
service: foobar
mirrors:
- name: foobar
percent: 42
- name: foobar
percent: 42
Service03:
weighted:
services:
- name: foobar
@ -201,9 +209,11 @@ http:
inFlightReq:
amount: 42
sourceCriterion:
ipStrategy:
ipstrategy:
depth: 42
excludedIPs: [ foobar, foobar ]
excludedIPs:
- foobar
- foobar
requestHeaderName: foobar
requestHost: true
Middleware12:
@ -230,45 +240,47 @@ http:
serialNumber: true
domainComponent: true
Middleware13:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware14:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware15:
replacePath:
path: foobar
Middleware16:
replacePathRegex:
regex: foobar
replacement: foobar
Middleware17:
retry:
attempts: 42
Middleware18:
stripPrefix:
prefixes:
- foobar
- foobar
Middleware19:
stripPrefixRegex:
regex:
- foobar
- foobar
Middleware20:
rateLimit:
average: 42
burst: 42
sourceCriterion:
ipStrategy:
ipstrategy:
depth: 42
excludedIPs: [ foobar, foobar ]
excludedIPs:
- foobar
- foobar
requestHeaderName: foobar
requestHost: true
Middleware14:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware15:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware16:
replacePath:
path: foobar
Middleware17:
replacePathRegex:
regex: foobar
replacement: foobar
Middleware18:
retry:
attempts: 42
Middleware19:
stripPrefix:
prefixes:
- foobar
- foobar
Middleware20:
stripPrefixRegex:
regex:
- foobar
- foobar
tcp:
routers:
TCPRouter0:

52
docs/content/reference/dynamic-configuration/marathon-labels.json
View file

@ -45,13 +45,13 @@
"traefik.http.middlewares.middleware09.headers.customrequestheaders.name1": "foobar",
"traefik.http.middlewares.middleware09.headers.customresponseheaders.name0": "foobar",
"traefik.http.middlewares.middleware09.headers.customresponseheaders.name1": "foobar",
"traefik.http.middlewares.middleware09.headers.featurepolicy": "foobar",
"traefik.http.middlewares.middleware09.headers.forcestsheader": "true",
"traefik.http.middlewares.middleware09.headers.framedeny": "true",
"traefik.http.middlewares.middleware09.headers.hostsproxyheaders": "foobar, foobar",
"traefik.http.middlewares.middleware09.headers.isdevelopment": "true",
"traefik.http.middlewares.middleware09.headers.publickey": "foobar",
"traefik.http.middlewares.middleware09.headers.referrerpolicy": "foobar",
"traefik.http.middlewares.middleware09.headers.featurepolicy": "foobar",
"traefik.http.middlewares.middleware09.headers.sslforcehost": "true",
"traefik.http.middlewares.middleware09.headers.sslhost": "foobar",
"traefik.http.middlewares.middleware09.headers.sslproxyheaders.name0": "foobar",
@ -64,11 +64,11 @@
"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware10.ipwhitelist.sourcerange": "foobar, foobar",
"traefik.http.middlewares.Middleware11.inflightreq.amount": "42",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.requestheadername": "foobar",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.middleware11.inflightreq.amount": "42",
"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requestheadername": "foobar",
"traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent": "true",
@ -87,24 +87,24 @@
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.province": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.subject.serialnumber": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.pem": "true",
"traefik.http.middlewares.middleware13.redirectregex.permanent": "true",
"traefik.http.middlewares.middleware13.redirectregex.regex": "foobar",
"traefik.http.middlewares.middleware13.redirectregex.replacement": "foobar",
"traefik.http.middlewares.middleware14.redirectscheme.permanent": "true",
"traefik.http.middlewares.middleware14.redirectscheme.port": "foobar",
"traefik.http.middlewares.middleware14.redirectscheme.scheme": "foobar",
"traefik.http.middlewares.middleware15.replacepath.path": "foobar",
"traefik.http.middlewares.middleware16.replacepathregex.regex": "foobar",
"traefik.http.middlewares.middleware16.replacepathregex.replacement": "foobar",
"traefik.http.middlewares.middleware17.retry.attempts": "42",
"traefik.http.middlewares.middleware18.stripprefix.prefixes": "foobar, foobar",
"traefik.http.middlewares.middleware19.stripprefixregex.regex": "foobar, foobar",
"traefik.http.middlewares.Middleware20.ratelimit.average": "42",
"traefik.http.middlewares.Middleware20.ratelimit.burst": "42",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.requestheadername": "foobar",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware13.ratelimit.average": "42",
"traefik.http.middlewares.middleware13.ratelimit.burst": "42",
"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requestheadername": "foobar",
"traefik.http.middlewares.middleware13.ratelimit.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.middleware14.redirectregex.permanent": "true",
"traefik.http.middlewares.middleware14.redirectregex.regex": "foobar",
"traefik.http.middlewares.middleware14.redirectregex.replacement": "foobar",
"traefik.http.middlewares.middleware15.redirectscheme.permanent": "true",
"traefik.http.middlewares.middleware15.redirectscheme.port": "foobar",
"traefik.http.middlewares.middleware15.redirectscheme.scheme": "foobar",
"traefik.http.middlewares.middleware16.replacepath.path": "foobar",
"traefik.http.middlewares.middleware17.replacepathregex.regex": "foobar",
"traefik.http.middlewares.middleware17.replacepathregex.replacement": "foobar",
"traefik.http.middlewares.middleware18.retry.attempts": "42",
"traefik.http.middlewares.middleware19.stripprefix.prefixes": "foobar, foobar",
"traefik.http.middlewares.middleware20.stripprefixregex.regex": "foobar, foobar",
"traefik.http.routers.router0.entrypoints": "foobar, foobar",
"traefik.http.routers.router0.middlewares": "foobar, foobar",
"traefik.http.routers.router0.priority": "42",
@ -140,8 +140,8 @@
"traefik.http.services.service0.loadbalancer.passhostheader": "true",
"traefik.http.services.service0.loadbalancer.responseforwarding.flushinterval": "foobar",
"traefik.http.services.service0.loadbalancer.sticky": "true",
"traefik.http.services.service0.loadbalancer.sticky.cookie.name": "foobar",
"traefik.http.services.service0.loadbalancer.sticky.cookie.httponly": "true",
"traefik.http.services.service0.loadbalancer.sticky.cookie.name": "foobar",
"traefik.http.services.service0.loadbalancer.sticky.cookie.secure": "true",
"traefik.http.services.service0.loadbalancer.server.port": "foobar",
"traefik.http.services.service0.loadbalancer.server.scheme": "foobar",
@ -156,9 +156,9 @@
"traefik.http.services.service1.loadbalancer.passhostheader": "true",
"traefik.http.services.service1.loadbalancer.responseforwarding.flushinterval": "foobar",
"traefik.http.services.service1.loadbalancer.sticky": "true",
"traefik.http.services.service1.loadbalancer.sticky.cookie.httponly": "true",
"traefik.http.services.service1.loadbalancer.sticky.cookie.name": "foobar",
"traefik.http.services.service1.loadbalancer.sticky.cookie.secure": "true",
"traefik.http.services.service1.loadbalancer.sticky.cookie.httponly": "true",
"traefik.http.services.service1.loadbalancer.server.port": "foobar",
"traefik.http.services.service1.loadbalancer.server.scheme": "foobar",
"traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",

37
docs/content/reference/static-configuration/cli-ref.md
View file

@ -45,6 +45,9 @@ Activate dashboard. (Default: ```true```)
`--api.debug`:
Enable additional endpoints for debugging and profiling. (Default: ```false```)
`--api.insecure`:
Activate API directly on the entryPoint named traefik. (Default: ```false```)
`--certificatesresolvers.<name>`:
Certificates resolvers configuration. (Default: ```false```)
@ -151,19 +154,19 @@ Traefik log format: json | common (Default: ```common```)
Log level set to traefik logs. (Default: ```ERROR```)
`--metrics.datadog`:
DataDog metrics exporter type. (Default: ```false```)
Datadog metrics exporter type. (Default: ```false```)
`--metrics.datadog.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```)
`--metrics.datadog.address`:
DataDog's address. (Default: ```localhost:8125```)
Datadog's address. (Default: ```localhost:8125```)
`--metrics.datadog.addserviceslabels`:
Enable metrics on services. (Default: ```true```)
`--metrics.datadog.pushinterval`:
DataDog push interval. (Default: ```10```)
Datadog push interval. (Default: ```10```)
`--metrics.influxdb`:
InfluxDB metrics exporter type. (Default: ```false```)
@ -207,6 +210,9 @@ Enable metrics on services. (Default: ```true```)
`--metrics.prometheus.buckets`:
Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```)
`--metrics.prometheus.entrypoint`:
EntryPoint (Default: ```traefik```)
`--metrics.statsd`:
StatsD metrics exporter type. (Default: ```false```)
@ -223,7 +229,10 @@ Enable metrics on services. (Default: ```true```)
StatsD push interval. (Default: ```10```)
`--ping`:
Enable ping. (Default: ```true```)
Enable ping. (Default: ```false```)
`--ping.entrypoint`:
EntryPoint (Default: ```traefik```)
`--providers.docker`:
Enable Docker backend with default settings. (Default: ```false```)
@ -303,6 +312,9 @@ Kubernetes label selector to use.
`--providers.kubernetescrd.namespaces`:
Kubernetes namespaces.
`--providers.kubernetescrd.throttleduration`:
Ingress refresh throttle duration (Default: ```0```)
`--providers.kubernetescrd.token`:
Kubernetes bearer token (not needed for in-cluster client).
@ -336,6 +348,9 @@ Kubernetes Ingress label selector to use.
`--providers.kubernetesingress.namespaces`:
Kubernetes namespaces.
`--providers.kubernetesingress.throttleduration`:
Ingress refresh throttle duration (Default: ```0```)
`--providers.kubernetesingress.token`:
Kubernetes bearer token (not needed for in-cluster client).
@ -433,7 +448,10 @@ Defines the polling interval in seconds. (Default: ```15```)
Watch provider. (Default: ```true```)
`--providers.rest`:
Enable Rest backend with default settings. (Default: ```true```)
Enable Rest backend with default settings. (Default: ```false```)
`--providers.rest.insecure`:
Activate REST Provider directly on the entryPoint named traefik. (Default: ```false```)
`--serverstransport.forwardingtimeouts.dialtimeout`:
The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
@ -457,13 +475,13 @@ Add cert file for self-signed certificate.
OpenTracing configuration. (Default: ```false```)
`--tracing.datadog`:
Settings for DataDog. (Default: ```false```)
Settings for Datadog. (Default: ```false```)
`--tracing.datadog.bagageprefixheadername`:
Specifies the header name prefix that will be used to store baggage items in a map.
`--tracing.datadog.debug`:
Enable DataDog debug. (Default: ```false```)
Enable Datadog debug. (Default: ```false```)
`--tracing.datadog.globaltag`:
Key:Value tag to be set on all the spans.
@ -561,11 +579,8 @@ Set the maximum character limit for Span names (default 0 = no limit). (Default:
`--tracing.zipkin`:
Settings for Zipkin. (Default: ```false```)
`--tracing.zipkin.debug`:
Enable Zipkin debug. (Default: ```false```)
`--tracing.zipkin.httpendpoint`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v1/spans```)
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
`--tracing.zipkin.id128bit`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)

37
docs/content/reference/static-configuration/env-ref.md
View file

@ -45,6 +45,9 @@ Activate dashboard. (Default: ```true```)
`TRAEFIK_API_DEBUG`:
Enable additional endpoints for debugging and profiling. (Default: ```false```)
`TRAEFIK_API_INSECURE`:
Activate API directly on the entryPoint named traefik. (Default: ```false```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>`:
Certificates resolvers configuration. (Default: ```false```)
@ -151,19 +154,19 @@ Traefik log format: json | common (Default: ```common```)
Log level set to traefik logs. (Default: ```ERROR```)
`TRAEFIK_METRICS_DATADOG`:
DataDog metrics exporter type. (Default: ```false```)
Datadog metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_DATADOG_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_DATADOG_ADDRESS`:
DataDog's address. (Default: ```localhost:8125```)
Datadog's address. (Default: ```localhost:8125```)
`TRAEFIK_METRICS_DATADOG_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_DATADOG_PUSHINTERVAL`:
DataDog push interval. (Default: ```10```)
Datadog push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB`:
InfluxDB metrics exporter type. (Default: ```false```)
@ -207,6 +210,9 @@ Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_PROMETHEUS_BUCKETS`:
Buckets for latency metrics. (Default: ```0.100000, 0.300000, 1.200000, 5.000000```)
`TRAEFIK_METRICS_PROMETHEUS_ENTRYPOINT`:
EntryPoint (Default: ```traefik```)
`TRAEFIK_METRICS_STATSD`:
StatsD metrics exporter type. (Default: ```false```)
@ -223,7 +229,10 @@ Enable metrics on services. (Default: ```true```)
StatsD push interval. (Default: ```10```)
`TRAEFIK_PING`:
Enable ping. (Default: ```true```)
Enable ping. (Default: ```false```)
`TRAEFIK_PING_ENTRYPOINT`:
EntryPoint (Default: ```traefik```)
`TRAEFIK_PROVIDERS_DOCKER`:
Enable Docker backend with default settings. (Default: ```false```)
@ -303,6 +312,9 @@ Kubernetes label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESCRD_THROTTLEDURATION`:
Ingress refresh throttle duration (Default: ```0```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
@ -336,6 +348,9 @@ Kubernetes Ingress label selector to use.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_THROTTLEDURATION`:
Ingress refresh throttle duration (Default: ```0```)
`TRAEFIK_PROVIDERS_KUBERNETESINGRESS_TOKEN`:
Kubernetes bearer token (not needed for in-cluster client).
@ -433,7 +448,10 @@ Defines the polling interval in seconds. (Default: ```15```)
Watch provider. (Default: ```true```)
`TRAEFIK_PROVIDERS_REST`:
Enable Rest backend with default settings. (Default: ```true```)
Enable Rest backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_REST_INSECURE`:
Activate REST Provider directly on the entryPoint named traefik. (Default: ```false```)
`TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT`:
The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
@ -457,13 +475,13 @@ Add cert file for self-signed certificate.
OpenTracing configuration. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG`:
Settings for DataDog. (Default: ```false```)
Settings for Datadog. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_BAGAGEPREFIXHEADERNAME`:
Specifies the header name prefix that will be used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`:
Enable DataDog debug. (Default: ```false```)
Enable Datadog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Key:Value tag to be set on all the spans.
@ -561,11 +579,8 @@ Set the maximum character limit for Span names (default 0 = no limit). (Default:
`TRAEFIK_TRACING_ZIPKIN`:
Settings for Zipkin. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_DEBUG`:
Enable Zipkin debug. (Default: ```false```)
`TRAEFIK_TRACING_ZIPKIN_HTTPENDPOINT`:
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v1/spans```)
HTTP Endpoint to report traces to. (Default: ```http://localhost:9411/api/v2/spans```)
`TRAEFIK_TRACING_ZIPKIN_ID128BIT`:
Use Zipkin 128 bit root span IDs. (Default: ```true```)

11
docs/content/reference/static-configuration/file.toml
View file

@ -83,6 +83,7 @@
namespaces = ["foobar", "foobar"]
labelSelector = "foobar"
ingressClass = "foobar"
throttleDuration = "10s"
[providers.kubernetesIngress.ingressEndpoint]
ip = "foobar"
hostname = "foobar"
@ -95,7 +96,9 @@
namespaces = ["foobar", "foobar"]
labelSelector = "foobar"
ingressClass = "foobar"
throttleDuration = "10s"
[providers.rest]
insecure = true
[providers.rancher]
constraints = "foobar"
watch = true
@ -107,6 +110,7 @@
prefix = "foobar"
[api]
insecure = true
dashboard = true
debug = true
@ -115,7 +119,8 @@
buckets = [42.0, 42.0]
addEntryPointsLabels = true
addServicesLabels = true
[metrics.dataDog]
entryPoint = "foobar"
[metrics.datadog]
address = "foobar"
pushInterval = "10s"
addEntryPointsLabels = true
@ -137,6 +142,7 @@
addServicesLabels = true
[ping]
entryPoint = "foobar"
[log]
level = "foobar"
@ -181,9 +187,8 @@
httpEndpoint = "foobar"
sameSpan = true
id128Bit = true
debug = true
sampleRate = 42.0
[tracing.dataDog]
[tracing.datadog]
localAgentHostPort = "foobar"
globalTag = "foobar"
debug = true

15
docs/content/reference/static-configuration/file.yaml
View file

@ -88,6 +88,7 @@ providers:
- foobar
labelSelector: foobar
ingressClass: foobar
throttleDuration: 10s
ingressEndpoint:
ip: foobar
hostname: foobar
@ -102,7 +103,9 @@ providers:
- foobar
labelSelector: foobar
ingressClass: foobar
rest: {}
throttleDuration: 10s
rest:
insecure: true
rancher:
constraints: foobar
watch: true
@ -113,6 +116,7 @@ providers:
intervalPoll: true
prefix: foobar
api:
insecure: true
dashboard: true
debug: true
metrics:
@ -122,7 +126,8 @@ metrics:
- 42
addEntryPointsLabels: true
addServicesLabels: true
dataDog:
entryPoint: foobar
datadog:
address: foobar
pushInterval: 42
addEntryPointsLabels: true
@ -142,7 +147,8 @@ metrics:
password: foobar
addEntryPointsLabels: true
addServicesLabels: true
ping: {}
ping:
entryPoint: foobar
log:
level: foobar
filePath: foobar
@ -186,9 +192,8 @@ tracing:
httpEndpoint: foobar
sameSpan: true
id128Bit: true
debug: true
sampleRate: 42
dataDog:
datadog:
localAgentHostPort: foobar
globalTag: foobar
debug: true

4
docs/content/routing/entrypoints.md
View file

@ -149,7 +149,7 @@ If the proxyprotocol header is passed, then the version is determined automatica
entryPoints:
web:
address: ":80"
proxyProtocol
proxyProtocol:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
@ -213,7 +213,7 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
entryPoints:
web:
address: ":80"
forwardedHeaders
forwardedHeaders:
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"

4
docs/content/routing/routers/index.md
View file

@ -216,7 +216,7 @@ The table below lists all the available matchers:
| ```Host(`domain-1`, ...)``` | Check if the request domain targets one of the given `domains`. |
| ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`. |
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`) |
| ```Path(`path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
| ```Path(`/path`, `/articles/{category}/{id:[0-9]+}`, ...)``` | Match exact request path. It accepts a sequence of literal and regular expression paths. |
| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)``` | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths. |
| ```Query(`foo=bar`, `bar=baz`)``` | Match` Query String parameters. It accepts a sequence of key=value pairs. |
@ -631,7 +631,7 @@ Services are the target for the router.
rule: "HostSNI(`foo-domain`)"
service: service-id
# will terminate the TLS request by default
tld: {}
tls: {}
```
??? example "Configuring passthrough"

2
docs/content/user-guides/marathon.md
View file

@ -98,7 +98,7 @@ The remaining section is going to explore them along with a benefit/cost trade-o
It may seem obvious to reuse the Marathon health checks as a signal to Traefik whether an application should be taken into load-balancing rotation or not.
Apart from the increased latency a failing health check may have, a major problem with this is is that Marathon does not persist the health check results.
Apart from the increased latency a failing health check may have, a major problem with this is that Marathon does not persist the health check results.
Consequently, if a master re-election occurs in the Marathon clusters, all health check results will revert to the _unknown_ state, effectively causing all applications inside the cluster to become unavailable and leading to a complete cluster failure.
Re-elections do not only happen during regular maintenance work (often requiring rolling upgrades of the Marathon nodes) but also when the Marathon leader fails spontaneously.
As such, there is no way to handle this situation deterministically.

6
docs/mkdocs.yml
View file

@ -122,7 +122,7 @@ nav:
- 'Access Logs': 'observability/access-logs.md'
- 'Metrics':
- 'Overview': 'observability/metrics/overview.md'
- 'DataDog': 'observability/metrics/datadog.md'
- 'Datadog': 'observability/metrics/datadog.md'
- 'InfluxDB': 'observability/metrics/influxdb.md'
- 'Prometheus': 'observability/metrics/prometheus.md'
- 'StatsD': 'observability/metrics/statsd.md'
@ -130,7 +130,7 @@ nav:
- 'Overview': 'observability/tracing/overview.md'
- 'Jaeger': 'observability/tracing/jaeger.md'
- 'Zipkin': 'observability/tracing/zipkin.md'
- 'DataDog': 'observability/tracing/datadog.md'
- 'Datadog': 'observability/tracing/datadog.md'
- 'Instana': 'observability/tracing/instana.md'
- 'Haystack': 'observability/tracing/haystack.md'
- 'User Guides':
@ -143,6 +143,8 @@ nav:
- 'TLS Challenge': 'user-guides/docker-compose/acme-tls/index.md'
- 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md'
- 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md'
- 'Migration':
- 'Traefik v1 to v2': 'migration/v1-to-v2.md'
- 'Contributing':
- 'Thank You!': 'contributing/thank-you.md'
- 'Submitting Issues': 'contributing/submitting-issues.md'

2
exp.Dockerfile
View file

@ -12,7 +12,7 @@ RUN yarn install
RUN npm run build
# BUILD
FROM golang:1.13rc1-alpine as gobuild
FROM golang:1.13-alpine as gobuild
RUN apk --update upgrade \
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \

8
go.mod
View file

@ -43,9 +43,9 @@ require (
github.com/go-check/check v0.0.0-00010101000000-000000000000
github.com/go-kit/kit v0.9.0
github.com/golang/protobuf v1.3.2
github.com/google/go-github/v27 v27.0.4
github.com/google/go-github/v28 v28.0.0
github.com/googleapis/gnostic v0.1.0 // indirect
github.com/gorilla/mux v1.6.2
github.com/gorilla/mux v1.7.3
github.com/gorilla/websocket v1.4.0
github.com/hashicorp/go-version v1.2.0
github.com/huandu/xstrings v1.2.0 // indirect
@ -65,10 +65,10 @@ require (
github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/opencontainers/runc v1.0.0-rc8 // indirect
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect
github.com/opentracing/basictracer-go v1.0.0 // indirect
github.com/opentracing/opentracing-go v1.1.0
github.com/openzipkin-contrib/zipkin-go-opentracing v0.3.5
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.3
github.com/openzipkin/zipkin-go v0.2.1
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/philhofer/fwd v1.0.0 // indirect
github.com/pmezard/go-difflib v1.0.0

16
go.sum
View file

@ -161,6 +161,7 @@ github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZi
github.com/elazarl/go-bindata-assetfs v1.0.0 h1:G/bYguwHIzWq9ZoyUQqrjTmJbbYn3j3CKKpKinvZLFk=
github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
github.com/evanphx/json-patch v0.0.0-20190203023257-5858425f7550/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@ -193,6 +194,7 @@ github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
github.com/gogo/protobuf v0.0.0-20171007142547-342cbe0a0415/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.0 h1:xU6/SpYbvkNYiptHJYEDRseDLvYE7wSqhYYNy0QSUzI=
@ -218,8 +220,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-github/v27 v27.0.4 h1:N/EEqsvJLgqTbepTiMBz+12KhwLovv6YvwpRezd+4Fg=
github.com/google/go-github/v27 v27.0.4/go.mod h1:/0Gr8pJ55COkmv+S/yPKCczSkUPIM/LnFyubufRNIS0=
github.com/google/go-github/v28 v28.0.0 h1:+UjHI4+1W/vsXR4jJBWt0ZA74XHbvt5yBAvsf1M3bgM=
github.com/google/go-github/v28 v28.0.0/go.mod h1:+5GboIspo7F0NG2qsvfYh7en6F3EK37uyqv+c35AR3s=
github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf h1:+RRA9JqSOZFfKrOeqr2z77+8R2RKyh8PG66dcu1V0ck=
@ -317,6 +319,7 @@ github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jv
github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA=
github.com/looplab/fsm v0.1.0 h1:Qte7Zdn/5hBNbXzP7yxVU4OIFHWXBovyTT2LaBTyC20=
github.com/looplab/fsm v0.1.0/go.mod h1:m2VaOfDHxqXBBMgc26m6yUOwkFn8H2AlJDE+jd/uafI=
github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51 h1:Kg/NPZLLC3aAFr1YToMs98dbCdhootQ1hZIvZU28hAQ=
@ -383,9 +386,11 @@ github.com/opentracing/basictracer-go v1.0.0 h1:YyUAhaEfjoWXclZVJ9sGoNct7j4TVk7l
github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/openzipkin-contrib/zipkin-go-opentracing v0.3.5 h1:82Tnq9OJpn+h5xgGpss5/mOv3KXdjtkdorFSOUusjM8=
github.com/openzipkin-contrib/zipkin-go-opentracing v0.3.5/go.mod h1:uVHyebswE1cCXr2A73cRM2frx5ld1RJUCJkFNZ90ZiI=
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.3 h1:XudIMByQMXJ6oDHy4SipNyo35LxjA69Z7v1nL0aAZvA=
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.3/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
github.com/openzipkin/zipkin-go v0.2.1 h1:noL5/5Uf1HpVl3wNsfkZhIKbSWCVi5jgqkONNx8PXcA=
github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
github.com/oracle/oci-go-sdk v7.0.0+incompatible h1:oj5ESjXwwkFRdhZSnPlShvLWYdt/IZ65RQxveYM3maA=
github.com/oracle/oci-go-sdk v7.0.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888=
github.com/ovh/go-ovh v0.0.0-20181109152953-ba5adb4cf014 h1:37VE5TYj2m/FLA9SNr4z0+A0JefvTmR60Zwf8XSEV7c=
@ -396,6 +401,7 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
github.com/philhofer/fwd v1.0.0 h1:UbZqGr5Y38ApvM/V/jEljVxwocdweyH+vmYvRPBnbqQ=
github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
github.com/pierrec/lz4 v0.0.0-20190327172049-315a67e90e41/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@ -441,6 +447,7 @@ github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2
github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/spf13/pflag v1.0.1 h1:aCvUg6QPl3ibpQUxyLkrEkCHtPqYJL4x9AuhqVqFis4=
github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -604,6 +611,7 @@ google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3
google.golang.org/grpc v1.18.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
google.golang.org/grpc v1.20.1 h1:Hz2g2wirWK7H0qIIhGIqRGTuMwTE8HEKFnDZZ7lm9NU=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.22.1 h1:/7cs52RnTJmD43s3uxzlq2U7nqVTd/37viQwMrMNlOM=

2
integration/access_log_test.go
View file

@ -309,8 +309,6 @@ func (s *AccessLogSuite) TestAccessLogFrontendRedirect(c *check.C) {
}
func (s *AccessLogSuite) TestAccessLogRateLimit(c *check.C) {
c.Skip("RateLimit is disable for now")
ensureWorkingDirectoryIsClean()
expected := []accessLogValue{

1
integration/fixtures/access_log_config.toml
View file

@ -22,6 +22,7 @@
address = ":8008"
[api]
insecure = true
[providers]
[providers.docker]

1
integration/fixtures/acme/acme_base.toml
View file

@ -31,6 +31,7 @@
{{end}}
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/acme/acme_domains.toml
View file

@ -31,6 +31,7 @@
{{end}}
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/acme/acme_multiple_resolvers.toml
View file

@ -31,6 +31,7 @@
{{end}}
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/acme/acme_tcp.toml
View file

@ -31,6 +31,7 @@
{{end}}
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/acme/acme_tls.toml
View file

@ -31,6 +31,7 @@
{{end}}
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/acme/acme_tls_dynamic.toml
View file

@ -31,6 +31,7 @@
{{end}}
[api]
insecure = true
[providers]
[providers.file]

1
integration/fixtures/acme/acme_tls_multiple_entrypoints.toml
View file

@ -34,3 +34,4 @@
{{end}}
[api]
insecure = true

1
integration/fixtures/docker/minimal.toml
View file

@ -10,6 +10,7 @@
address = ":8000"
[api]
insecure = true
[providers]
[providers.docker]

1
integration/fixtures/docker/simple.toml
View file

@ -10,6 +10,7 @@
address = ":8000"
[api]
insecure = true
[providers]
[providers.docker]

1
integration/fixtures/grpc/config.toml
View file

@ -13,6 +13,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/grpc/config_h2c.toml
View file

@ -10,6 +10,7 @@
address = ":8081"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/grpc/config_h2c_termination.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/grpc/config_insecure.toml
View file

@ -13,6 +13,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/grpc/config_retry.toml
View file

@ -13,6 +13,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/healthcheck/multiple-entrypoints.toml
View file

@ -12,6 +12,7 @@
address = ":9000"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/healthcheck/port_overload.toml
View file

@ -10,6 +10,7 @@
address = ":8000"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/healthcheck/simple.toml
View file

@ -10,6 +10,7 @@
address = ":8000"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/clientca/https_1ca1config.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/clientca/https_2ca1config.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/clientca/https_2ca2config.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/dynamic_https_sni.toml
View file

@ -13,6 +13,7 @@
address = ":8443"
[api]
insecure = true
[providers]
[providers.file]

1
integration/fixtures/https/dynamic_https_sni_default_cert.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

5
integration/fixtures/https/https_redirect.toml
View file

@ -13,6 +13,7 @@
address = ":8443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"
@ -150,9 +151,9 @@
[http.middlewares.foo-slash-add-prefix.addPrefix]
prefix = "/foo/"
[http.middlewares.id-strip-regex-prefix.stripPrefixRegex]
regex = ["/{id:[a-z]+}"]
regex = ["/[a-z]+"]
[http.middlewares.id-slash-strip-regex-prefix.stripPrefixRegex]
regex = ["/{id:[a-z]+}/"]
regex = ["/[a-z]+/"]
[http.middlewares.api-regex-replace.replacePathRegex]
regex = "/api"
replacement = "/"

1
integration/fixtures/https/https_sni.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/https_sni_case_insensitive_dynamic.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/https_sni_default_cert.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/https_sni_strict.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/https_tls_options.toml
View file

@ -10,6 +10,7 @@
address = ":4443"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/rootcas/https.toml
View file

@ -29,6 +29,7 @@ fblo6RBxUQ==
address = ":8081"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

1
integration/fixtures/https/rootcas/https_with_file.toml
View file

@ -14,6 +14,7 @@
address = ":8081"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"

14
integration/fixtures/k8s/04-ingressroute.yml
View file

@ -1,5 +1,17 @@
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: mychain
namespace: default
spec:
chain:
middlewares:
- name: stripprefix
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: stripprefix
namespace: default
@ -26,4 +38,4 @@ spec:
- name: whoami
port: 80
middlewares:
- name: stripprefix
- name: mychain

1
integration/fixtures/k8s_crd.toml
View file

@ -6,6 +6,7 @@
level = "DEBUG"
[api]
insecure = true
[entryPoints]
[entryPoints.footcp]

1
integration/fixtures/k8s_default.toml
View file

@ -3,6 +3,7 @@
sendAnonymousUsage = false
[api]
insecure = true
[log]
level = "DEBUG"

Some files were not shown because too many files have changed in this diff Show more