baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Uses ASCII characters to spell Traefik

Browse source
This commit is contained in:
Gérald Croës 2018-10-17 16:24:04 +02:00 committed by Traefiker Bot
parent 95d86d84b4
commit e6a88f3531
48 changed files with 320 additions and 320 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
CONTRIBUTING.md
View file

@ -32,7 +32,7 @@ traefik*
##### Setting up your `go` environment ##### Setting up your `go` environment
- You need `go` v1.9+ - You need `go` v1.9+
- It is recommended you clone Træfik into a directory like `~/go/src/github.com/containous/traefik` (This is the official golang workspace hierarchy, and will allow dependencies to resolve properly) - It is recommended you clone Traefik into a directory like `~/go/src/github.com/containous/traefik` (This is the official golang workspace hierarchy, and will allow dependencies to resolve properly)
- Set your `GOPATH` and `PATH` variable to be set to `~/go` via: - Set your `GOPATH` and `PATH` variable to be set to `~/go` via:
```bash ```bash
@ -56,9 +56,9 @@ GORACE=""
## more go env's will be listed ## more go env's will be listed
``` ```
##### Build Træfik ##### Build Traefik
Once your environment is set up and the Træfik repository cloned you can build Træfik. You need get `go-bindata` once to be able to use `go generate` command as part of the build. The steps to build are: Once your environment is set up and the Traefik repository cloned you can build Traefik. You need get `go-bindata` once to be able to use `go generate` command as part of the build. The steps to build are:
```bash ```bash
cd ~/go/src/github.com/containous/traefik cd ~/go/src/github.com/containous/traefik
@ -77,7 +77,7 @@ go build ./cmd/traefik
# run other commands like tests # run other commands like tests
``` ```
You will find the Træfik executable in the `~/go/src/github.com/containous/traefik` folder as `traefik`. You will find the Traefik executable in the `~/go/src/github.com/containous/traefik` folder as `traefik`.
### Updating the templates ### Updating the templates

30
README.md
View file

@ -1,6 +1,6 @@
<p align="center"> <p align="center">
<img src="docs/img/traefik.logo.png" alt="Træfik" title="Træfik" /> <img src="docs/img/traefik.logo.png" alt="Traefik" title="Traefik" />
</p> </p>
[![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik) [![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
@ -12,9 +12,9 @@
[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik) [![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
Træfik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Træfik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically. Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
Pointing Træfik at your orchestrator should be the _only_ configuration step you need. Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
--- ---
@ -43,12 +43,12 @@ Now you want users to access these microservices, and you need a reverse proxy.
Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice. Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice.
In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious. In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious.
**This is when Træfik can help you!** **This is when Traefik can help you!**
Træfik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part. Traefik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part.
**Run Træfik and let it do the work for you!** **Run Traefik and let it do the work for you!**
_(But if you'd rather configure some of your routes manually, Træfik supports that too!)_ _(But if you'd rather configure some of your routes manually, Traefik supports that too!)_
![Architecture](docs/img/architecture.png) ![Architecture](docs/img/architecture.png)
@ -85,15 +85,15 @@ _(But if you'd rather configure some of your routes manually, Træfik supports t
## Quickstart ## Quickstart
To get your hands on Træfik, you can use the [5-Minute Quickstart](http://docs.traefik.io/#the-trfik-quickstart-using-docker) in our documentation (you will need Docker). To get your hands on Traefik, you can use the [5-Minute Quickstart](http://docs.traefik.io/#the-traefik-quickstart-using-docker) in our documentation (you will need Docker).
Alternatively, if you don't want to install anything on your computer, you can try Træfik online in this great [Katacoda tutorial](https://www.katacoda.com/courses/traefik/deploy-load-balancer) that shows how to load balance requests between multiple Docker containers. Alternatively, if you don't want to install anything on your computer, you can try Traefik online in this great [Katacoda tutorial](https://www.katacoda.com/courses/traefik/deploy-load-balancer) that shows how to load balance requests between multiple Docker containers.
If you are looking for a more comprehensive and real use-case example, you can also check [Play-With-Docker](http://training.play-with-docker.com/traefik-load-balancing/) to see how to load balance between multiple nodes. If you are looking for a more comprehensive and real use-case example, you can also check [Play-With-Docker](http://training.play-with-docker.com/traefik-load-balancing/) to see how to load balance between multiple nodes.
## Web UI ## Web UI
You can access the simple HTML frontend of Træfik. You can access the simple HTML frontend of Traefik.
![Web UI Providers](docs/img/web.frontend.png) ![Web UI Providers](docs/img/web.frontend.png)
![Web UI Health](docs/img/traefik-health.png) ![Web UI Health](docs/img/traefik-health.png)
@ -101,12 +101,12 @@ You can access the simple HTML frontend of Træfik.
## Documentation ## Documentation
You can find the complete documentation at [https://docs.traefik.io](https://docs.traefik.io). You can find the complete documentation at [https://docs.traefik.io](https://docs.traefik.io).
A collection of contributions around Træfik can be found at [https://awesome.traefik.io](https://awesome.traefik.io). A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
## Support ## Support
To get community support, you can: To get community support, you can:
- join the Træfik community Slack channel: [![Join the chat at https://slack.traefik.io](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://slack.traefik.io) - join the Traefik community Slack channel: [![Join the chat at https://slack.traefik.io](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://slack.traefik.io)
- use [Stack Overflow](https://stackoverflow.com/questions/tagged/traefik) (using the `traefik` tag) - use [Stack Overflow](https://stackoverflow.com/questions/tagged/traefik) (using the `traefik` tag)
If you need commercial support, please contact [Containo.us](https://containo.us) by mail: <mailto:support@containo.us>. If you need commercial support, please contact [Containo.us](https://containo.us) by mail: <mailto:support@containo.us>.
@ -134,12 +134,12 @@ git clone https://github.com/containous/traefik
## Introductory Videos ## Introductory Videos
Here is a talk given by [Emile Vauge](https://github.com/emilevauge) at [GopherCon 2017](https://gophercon.com/). Here is a talk given by [Emile Vauge](https://github.com/emilevauge) at [GopherCon 2017](https://gophercon.com/).
You will learn Træfik basics in less than 10 minutes. You will learn Traefik basics in less than 10 minutes.
[![Traefik GopherCon 2017](https://img.youtube.com/vi/RgudiksfL-k/0.jpg)](https://www.youtube.com/watch?v=RgudiksfL-k) [![Traefik GopherCon 2017](https://img.youtube.com/vi/RgudiksfL-k/0.jpg)](https://www.youtube.com/watch?v=RgudiksfL-k)
Here is a talk given by [Ed Robinson](https://github.com/errm) at [ContainerCamp UK](https://container.camp) conference. Here is a talk given by [Ed Robinson](https://github.com/errm) at [ContainerCamp UK](https://container.camp) conference.
You will learn fundamental Træfik features and see some demos with Kubernetes. You will learn fundamental Traefik features and see some demos with Kubernetes.
[![Traefik ContainerCamp UK](https://img.youtube.com/vi/aFtpIShV60I/0.jpg)](https://www.youtube.com/watch?v=aFtpIShV60I) [![Traefik ContainerCamp UK](https://img.youtube.com/vi/aFtpIShV60I/0.jpg)](https://www.youtube.com/watch?v=aFtpIShV60I)

38
docs/basics.md
View file

@ -14,12 +14,12 @@ Let's take our example from the [overview](/#overview) again:
> ![Architecture](img/architecture.png) > ![Architecture](img/architecture.png)
Let's zoom on Træfik and have an overview of its internal architecture: Let's zoom on Traefik and have an overview of its internal architecture:
![Architecture](img/internal.png) ![Architecture](img/internal.png)
- Incoming requests end on [entrypoints](#entrypoints), as the name suggests, they are the network entry points into Træfik (listening port, SSL, traffic redirection...). - Incoming requests end on [entrypoints](#entrypoints), as the name suggests, they are the network entry points into Traefik (listening port, SSL, traffic redirection...).
- Traffic is then forwarded to a matching [frontend](#frontends). A frontend defines routes from [entrypoints](#entrypoints) to [backends](#backends). - Traffic is then forwarded to a matching [frontend](#frontends). A frontend defines routes from [entrypoints](#entrypoints) to [backends](#backends).
Routes are created using requests fields (`Host`, `Path`, `Headers`...) and can match or not a request. Routes are created using requests fields (`Host`, `Path`, `Headers`...) and can match or not a request.
- The [frontend](#frontends) will then send the request to a [backend](#backends). A backend can be composed by one or more [servers](#servers), and by a load-balancing strategy. - The [frontend](#frontends) will then send the request to a [backend](#backends). A backend can be composed by one or more [servers](#servers), and by a load-balancing strategy.
@ -27,7 +27,7 @@ Routes are created using requests fields (`Host`, `Path`, `Headers`...) and can
### Entrypoints ### Entrypoints
Entrypoints are the network entry points into Træfik. Entrypoints are the network entry points into Traefik.
They can be defined using: They can be defined using:
- a port (80, 443...) - a port (80, 443...)
@ -514,16 +514,16 @@ Additional http headers and hostname to health check request can be specified, f
## Configuration ## Configuration
Træfik's configuration has two parts: Traefik's configuration has two parts:
- The [static Træfik configuration](/basics#static-trfik-configuration) which is loaded only at the beginning. - The [static Traefik configuration](/basics#static-traefik-configuration) which is loaded only at the beginning.
- The [dynamic Træfik configuration](/basics#dynamic-trfik-configuration) which can be hot-reloaded (no need to restart the process). - The [dynamic Traefik configuration](/basics#dynamic-traefik-configuration) which can be hot-reloaded (no need to restart the process).
### Static Træfik configuration ### Static Traefik configuration
The static configuration is the global configuration which is setting up connections to configuration backends and entrypoints. The static configuration is the global configuration which is setting up connections to configuration backends and entrypoints.
Træfik can be configured using many configuration sources with the following precedence order. Traefik can be configured using many configuration sources with the following precedence order.
Each item takes precedence over the item below it: Each item takes precedence over the item below it:
- [Key-value store](/basics/#key-value-stores) - [Key-value store](/basics/#key-value-stores)
@ -539,7 +539,7 @@ It means that arguments override configuration file, and key-value store overrid
#### Configuration file #### Configuration file
By default, Træfik will try to find a `traefik.toml` in the following places: By default, Traefik will try to find a `traefik.toml` in the following places:
- `/etc/traefik/` - `/etc/traefik/`
- `$HOME/.traefik/` - `$HOME/.traefik/`
@ -565,7 +565,7 @@ Note that all default values will be displayed as well.
#### Key-value stores #### Key-value stores
Træfik supports several Key-value stores: Traefik supports several Key-value stores:
- [Consul](https://consul.io) - [Consul](https://consul.io)
- [etcd](https://coreos.com/etcd/) - [etcd](https://coreos.com/etcd/)
@ -574,7 +574,7 @@ Træfik supports several Key-value stores:
Please refer to the [User Guide Key-value store configuration](/user-guide/kv-config/) section to get documentation on it. Please refer to the [User Guide Key-value store configuration](/user-guide/kv-config/) section to get documentation on it.
### Dynamic Træfik configuration ### Dynamic Traefik configuration
The dynamic configuration concerns : The dynamic configuration concerns :
@ -583,9 +583,9 @@ The dynamic configuration concerns :
- [Servers](/basics/#servers) - [Servers](/basics/#servers)
- HTTPS Certificates - HTTPS Certificates
Træfik can hot-reload those rules which could be provided by [multiple configuration backends](/configuration/commons). Traefik can hot-reload those rules which could be provided by [multiple configuration backends](/configuration/commons).
We only need to enable `watch` option to make Træfik watch configuration backend changes and generate its configuration automatically. We only need to enable `watch` option to make Traefik watch configuration backend changes and generate its configuration automatically.
Routes to services will be created and updated instantly at any changes. Routes to services will be created and updated instantly at any changes.
Please refer to the [configuration backends](/configuration/commons) section to get documentation on it. Please refer to the [configuration backends](/configuration/commons) section to get documentation on it.
@ -599,10 +599,10 @@ Usage:
traefik [command] [--flag=flag_argument] traefik [command] [--flag=flag_argument]
``` ```
List of Træfik available commands with description : List of Traefik available commands with description :
- `version` : Print version - `version` : Print version
- `storeconfig` : Store the static Traefik configuration into a Key-value stores. Please refer to the [Store Træfik configuration](/user-guide/kv-config/#store-configuration-in-key-value-store) section to get documentation on it. - `storeconfig` : Store the static Traefik configuration into a Key-value stores. Please refer to the [Store Traefik configuration](/user-guide/kv-config/#store-configuration-in-key-value-store) section to get documentation on it.
- `bug`: The easiest way to submit a pre-filled issue. - `bug`: The easiest way to submit a pre-filled issue.
- `healthcheck`: Calls Traefik `/ping` to check health. - `healthcheck`: Calls Traefik `/ping` to check health.
@ -627,7 +627,7 @@ docker run traefik[:version] --help
### Command: bug ### Command: bug
Here is the easiest way to submit a pre-filled issue on [Træfik GitHub](https://github.com/containous/traefik). Here is the easiest way to submit a pre-filled issue on [Traefik GitHub](https://github.com/containous/traefik).
```bash ```bash
traefik bug traefik bug
@ -660,14 +660,14 @@ You can read the public proposal on this topic [here](https://github.com/contain
### Why ? ### Why ?
In order to help us learn more about how Træfik is being used and improve it, we collect anonymous usage statistics from running instances. In order to help us learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances.
Those data help us prioritize our developments and focus on what's more important (for example, which configuration backend is used and which is not used). Those data help us prioritize our developments and focus on what's more important (for example, which configuration backend is used and which is not used).
### What ? ### What ?
Once a day (the first call begins 10 minutes after the start of Træfik), we collect: Once a day (the first call begins 10 minutes after the start of Traefik), we collect:
- the Træfik version - the Traefik version
- a hash of the configuration - a hash of the configuration
- an **anonymous version** of the static configuration: - an **anonymous version** of the static configuration:
- token, user name, password, URL, IP, domain, email, etc, are removed - token, user name, password, URL, IP, domain, email, etc, are removed

14
docs/configuration/acme.md
View file

@ -279,7 +279,7 @@ Here is a list of supported `provider`s, that can automate the DNS verification,
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | Not tested yet | | [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | Not tested yet |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | Not tested yet | | [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | Not tested yet |
| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | Not tested yet | | [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | Not tested yet |
| manual | - | none, but you need to run Træfik interactively, turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | YES | | manual | - | none, but you need to run Traefik interactively, turn on `acmeLogging` to see instructions and press <kbd>Enter</kbd>. | YES |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | YES | | [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | YES |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | Not tested yet | | [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | Not tested yet |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | Not tested yet | | [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | Not tested yet |
@ -299,7 +299,7 @@ Here is a list of supported `provider`s, that can automate the DNS verification,
### `domains` ### `domains`
You can provide SANs (alternative domains) to each main domain. You can provide SANs (alternative domains) to each main domain.
All domains must have A/AAAA records pointing to Træfik. All domains must have A/AAAA records pointing to Traefik.
Each domain & SAN will lead to a certificate request. Each domain & SAN will lead to a certificate request.
```toml ```toml
@ -341,7 +341,7 @@ Due to ACME limitation it is not possible to define wildcards in SANs (alternati
Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed. Most likely the root domain should receive a certificate too, so it needs to be specified as SAN and 2 `DNS-01` challenges are executed.
In this case the generated DNS TXT record for both domains is the same. In this case the generated DNS TXT record for both domains is the same.
Eventhough this behaviour is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant, it can lead to problems as all DNS providers keep DNS records cached for a certain time (TTL) and this TTL can be superior to the challenge timeout making the `DNS-01` challenge fail. Eventhough this behaviour is [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) compliant, it can lead to problems as all DNS providers keep DNS records cached for a certain time (TTL) and this TTL can be superior to the challenge timeout making the `DNS-01` challenge fail.
The Træfik ACME client library [LEGO](https://github.com/xenolf/lego) supports some but not all DNS providers to work around this issue. The Traefik ACME client library [LEGO](https://github.com/xenolf/lego) supports some but not all DNS providers to work around this issue.
The [`provider` table](/configuration/acme/#provider) indicates if they allow generating certificates for a wildcard domain and its root domain. The [`provider` table](/configuration/acme/#provider) indicates if they allow generating certificates for a wildcard domain and its root domain.
### `onDemand` (Deprecated) ### `onDemand` (Deprecated)
@ -421,7 +421,7 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
``` ```
!!! warning !!! warning
This file cannot be shared across multiple instances of Træfik at the same time. Please use a [KV Store entry](/configuration/acme/#as-a-key-value-store-entry) instead. This file cannot be shared across multiple instances of Traefik at the same time. Please use a [KV Store entry](/configuration/acme/#as-a-key-value-store-entry) instead.
#### As a Key Value Store Entry #### As a Key Value Store Entry
@ -443,8 +443,8 @@ During migration from ACME v1 to ACME v2, using a storage file, a backup of the
For example: if `acme.storage`'s value is `/etc/traefik/acme/acme.json`, the backup file will be `/etc/traefik/acme/acme.json.bak`. For example: if `acme.storage`'s value is `/etc/traefik/acme/acme.json`, the backup file will be `/etc/traefik/acme/acme.json.bak`.
!!! note !!! note
When Træfik is launched in a container, the storage file's parent directory needs to be mounted to be able to access the backup file on the host. When Traefik is launched in a container, the storage file's parent directory needs to be mounted to be able to access the backup file on the host.
Otherwise the backup file will be deleted when the container is stopped. Træfik will only generate it once! Otherwise the backup file will be deleted when the container is stopped. Traefik will only generate it once!
### `dnsProvider` (Deprecated) ### `dnsProvider` (Deprecated)
@ -465,4 +465,4 @@ If Let's Encrypt is not reachable, these certificates will be used:
1. Provided certificates 1. Provided certificates
!!! note !!! note
For new (sub)domains which need Let's Encrypt authentification, the default Træfik certificate will be used until Træfik is restarted. For new (sub)domains which need Let's Encrypt authentification, the default Traefik certificate will be used until Traefik is restarted.

12
docs/configuration/api.md
View file

@ -4,7 +4,7 @@
```toml ```toml
# API definition # API definition
# Warning: Enabling API will expose Træfik's configuration. # Warning: Enabling API will expose Traefik's configuration.
# It is not recommended in production, # It is not recommended in production,
# unless secured by authentication and authorizations # unless secured by authentication and authorizations
[api] [api]
@ -61,7 +61,7 @@ keeping it restricted over internal networks
| Path | Method | Description | | Path | Method | Description |
|-----------------------------------------------------------------|------------------|-------------------------------------------| |-----------------------------------------------------------------|------------------|-------------------------------------------|
| `/` | `GET` | Provides a simple HTML frontend of Træfik | | `/` | `GET` | Provides a simple HTML frontend of Traefik |
| `/cluster/leader` | `GET` | JSON leader true/false response | | `/cluster/leader` | `GET` | JSON leader true/false response |
| `/health` | `GET` | JSON health metrics | | `/health` | `GET` | JSON health metrics |
| `/api` | `GET` | Configuration for all providers | | `/api` | `GET` | Configuration for all providers |
@ -268,11 +268,11 @@ curl -s "http://localhost:8080/health" | jq .
``` ```
```json ```json
{ {
// Træfik PID // Traefik PID
"pid": 2458, "pid": 2458,
// Træfik server uptime (formated time) // Traefik server uptime (formated time)
"uptime": "39m6.885931127s", "uptime": "39m6.885931127s",
// Træfik server uptime in seconds // Traefik server uptime in seconds
"uptime_sec": 2346.885931127, "uptime_sec": 2346.885931127,
// current server date // current server date
"time": "2015-10-07 18:32:24.362238909 +0200 CEST", "time": "2015-10-07 18:32:24.362238909 +0200 CEST",
@ -282,7 +282,7 @@ curl -s "http://localhost:8080/health" | jq .
"status_code_count": { "status_code_count": {
"502": 1 "502": 1
}, },
// count HTTP response status code since Træfik started // count HTTP response status code since Traefik started
"total_status_code_count": { "total_status_code_count": {
"200": 7, "200": 7,
"404": 21, "404": 21,

2
docs/configuration/backends/boltdb.md
View file

@ -1,6 +1,6 @@
# BoltDB Provider # BoltDB Provider
Træfik can be configured to use BoltDB as a provider. Traefik can be configured to use BoltDB as a provider.
```toml ```toml
################################################################ ################################################################

2
docs/configuration/backends/consul.md
View file

@ -1,6 +1,6 @@
# Consul Key-Value Provider # Consul Key-Value Provider
Træfik can be configured to use Consul as a provider. Traefik can be configured to use Consul as a provider.
```toml ```toml
################################################################ ################################################################

8
docs/configuration/backends/consulcatalog.md
View file

@ -1,6 +1,6 @@
# Consul Catalog Provider # Consul Catalog Provider
Træfik can be configured to use service discovery catalog of Consul as a provider. Traefik can be configured to use service discovery catalog of Consul as a provider.
```toml ```toml
################################################################ ################################################################
@ -96,7 +96,7 @@ Additional settings can be defined using Consul Catalog tags.
| Label | Description | | Label | Description |
|----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `<prefix>.enable=false` | Disables this container in Træfik. | | `<prefix>.enable=false` | Disables this container in Traefik. |
| `<prefix>.protocol=https` | Overrides the default `http` protocol. | | `<prefix>.protocol=https` | Overrides the default `http` protocol. |
| `<prefix>.weight=10` | Assigns this weight to the container. | | `<prefix>.weight=10` | Assigns this weight to the container. |
| `traefik.backend.buffering.maxRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. | | `traefik.backend.buffering.maxRequestBodyBytes=0` | See [buffering](/configuration/commons/#buffering) section. |
@ -214,7 +214,7 @@ If you need to support multiple frontends for a service, for example when having
### Examples ### Examples
If you want that Træfik uses Consul tags correctly you need to defined them like that: If you want that Traefik uses Consul tags correctly you need to defined them like that:
```js ```js
traefik.enable=true traefik.enable=true
@ -222,7 +222,7 @@ traefik.tags=api
traefik.tags=external traefik.tags=external
``` ```
If the prefix defined in Træfik configuration is `bla`, tags need to be defined like that: If the prefix defined in Traefik configuration is `bla`, tags need to be defined like that:
```js ```js
bla.enable=true bla.enable=true

14
docs/configuration/backends/docker.md
View file

@ -1,7 +1,7 @@
# Docker Provider # Docker Provider
Træfik can be configured to use Docker as a provider. Traefik can be configured to use Docker as a provider.
## Docker ## Docker
@ -213,9 +213,9 @@ Labels can be used on containers to override default behavior.
|---------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |---------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.docker.network` | Overrides the default docker network to use for connections to the container. [1] | | `traefik.docker.network` | Overrides the default docker network to use for connections to the container. [1] |
| `traefik.domain` | Sets the default base domain for the frontend rules. For more information, check the [Container Labels section's of the user guide "Let's Encrypt & Docker"](/user-guide/docker-and-lets-encrypt/#container-labels) | | `traefik.domain` | Sets the default base domain for the frontend rules. For more information, check the [Container Labels section's of the user guide "Let's Encrypt & Docker"](/user-guide/docker-and-lets-encrypt/#container-labels) |
| `traefik.enable=false` | Disables this container in Træfik. | | `traefik.enable=false` | Disables this container in Traefik. |
| `traefik.port=80` | Registers this port. Useful when the container exposes multiples ports. | | `traefik.port=80` | Registers this port. Useful when the container exposes multiples ports. |
| `traefik.tags=foo,bar,myTag` | Adds Træfik tags to the Docker container/service to be used in [constraints](/configuration/commons/#constraints). | | `traefik.tags=foo,bar,myTag` | Adds Traefik tags to the Docker container/service to be used in [constraints](/configuration/commons/#constraints). |
| `traefik.protocol=https` | Overrides the default `http` protocol | | `traefik.protocol=https` | Overrides the default `http` protocol |
| `traefik.weight=10` | Assigns this weight to the container | | `traefik.weight=10` | Assigns this weight to the container |
| `traefik.backend=foo` | Gives the name `foo` to the generated backend for this container. | | `traefik.backend=foo` | Gives the name `foo` to the generated backend for this container. |
@ -426,16 +426,16 @@ Segment labels override the default behavior.
More details in this [example](/user-guide/docker-and-lets-encrypt/#labels). More details in this [example](/user-guide/docker-and-lets-encrypt/#labels).
!!! warning !!! warning
When running inside a container, Træfik will need network access through: When running inside a container, Traefik will need network access through:
`docker network connect <network> <traefik-container>` `docker network connect <network> <traefik-container>`
## usebindportip ## usebindportip
The default behavior of Træfik is to route requests to the IP/Port of the matching container. The default behavior of Traefik is to route requests to the IP/Port of the matching container.
When setting `usebindportip` to true, you tell Træfik to use the IP/Port attached to the container's binding instead of the inner network IP/Port. When setting `usebindportip` to true, you tell Traefik to use the IP/Port attached to the container's binding instead of the inner network IP/Port.
When used in conjunction with the `traefik.port` label (that tells Træfik to route requests to a specific port), Træfik tries to find a binding with `traefik.port` port to select the container. If it can't find such a binding, Træfik falls back on the internal network IP of the container, but still uses the `traefik.port` that is set in the label. When used in conjunction with the `traefik.port` label (that tells Traefik to route requests to a specific port), Traefik tries to find a binding with `traefik.port` port to select the container. If it can't find such a binding, Traefik falls back on the internal network IP of the container, but still uses the `traefik.port` that is set in the label.
Below is a recap of the behavior of `usebindportip` in different situations. Below is a recap of the behavior of `usebindportip` in different situations.

2
docs/configuration/backends/dynamodb.md
View file

@ -1,6 +1,6 @@
# DynamoDB Provider # DynamoDB Provider
Træfik can be configured to use Amazon DynamoDB as a provider. Traefik can be configured to use Amazon DynamoDB as a provider.
## Configuration ## Configuration

6
docs/configuration/backends/ecs.md
View file

@ -1,6 +1,6 @@
# ECS Provider # ECS Provider
Træfik can be configured to use Amazon ECS as a provider. Traefik can be configured to use Amazon ECS as a provider.
## Configuration ## Configuration
@ -106,7 +106,7 @@ To enable constraints see [provider-specific constraints section](/configuration
## Policy ## Policy
Træfik needs the following policy to read ECS information: Traefik needs the following policy to read ECS information:
```json ```json
{ {
@ -139,7 +139,7 @@ Labels can be used on task containers to override default behaviour:
| Label | Description | | Label | Description |
|---------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |---------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.domain` | Sets the default base domain for frontend rules. | | `traefik.domain` | Sets the default base domain for frontend rules. |
| `traefik.enable=false` | Disables this container in Træfik. | | `traefik.enable=false` | Disables this container in Traefik. |
| `traefik.port=80` | Overrides the default `port` value. Overrides `NetworkBindings` from Docker Container | | `traefik.port=80` | Overrides the default `port` value. Overrides `NetworkBindings` from Docker Container |
| `traefik.protocol=https` | Overrides the default `http` protocol | | `traefik.protocol=https` | Overrides the default `http` protocol |
| `traefik.weight=10` | Assigns this weight to the container | | `traefik.weight=10` | Assigns this weight to the container |

2
docs/configuration/backends/etcd.md
View file

@ -1,6 +1,6 @@
# Etcd Provider # Etcd Provider
Træfik can be configured to use Etcd as a provider. Traefik can be configured to use Etcd as a provider.
```toml ```toml
################################################################ ################################################################

2
docs/configuration/backends/eureka.md
View file

@ -1,6 +1,6 @@
# Eureka Provider # Eureka Provider
Træfik can be configured to use Eureka as a provider. Traefik can be configured to use Eureka as a provider.
```toml ```toml
################################################################ ################################################################

24
docs/configuration/backends/file.md
View file

@ -1,6 +1,6 @@
# File Provider # File Provider
Træfik can be configured with a file. Traefik can be configured with a file.
## Reference ## Reference
@ -192,16 +192,16 @@ Træfik can be configured with a file.
You have two choices: You have two choices:
- [Rules in Træfik configuration file](/configuration/backends/file/#rules-in-trfik-configuration-file) - [Rules in Traefik configuration file](/configuration/backends/file/#rules-in-traefik-configuration-file)
- [Rules in dedicated files](/configuration/backends/file/#rules-in-dedicated-files) - [Rules in dedicated files](/configuration/backends/file/#rules-in-dedicated-files)
To enable the file backend, you must either pass the `--file` option to the Træfik binary or put the `[file]` section (with or without inner settings) in the configuration file. To enable the file backend, you must either pass the `--file` option to the Traefik binary or put the `[file]` section (with or without inner settings) in the configuration file.
The configuration file allows managing both backends/frontends and HTTPS certificates (which are not [Let's Encrypt](https://letsencrypt.org) certificates generated through Træfik). The configuration file allows managing both backends/frontends and HTTPS certificates (which are not [Let's Encrypt](https://letsencrypt.org) certificates generated through Traefik).
TOML templating can be used if rules are not defined in the Træfik configuration file. TOML templating can be used if rules are not defined in the Traefik configuration file.
### Rules in Træfik Configuration File ### Rules in Traefik Configuration File
Add your configuration at the end of the global configuration file `traefik.toml`: Add your configuration at the end of the global configuration file `traefik.toml`:
@ -247,11 +247,11 @@ defaultEntryPoints = ["http", "https"]
It's recommended to use the file provider to declare certificates. It's recommended to use the file provider to declare certificates.
!!! warning !!! warning
TOML templating cannot be used if rules are defined in the Træfik configuration file. TOML templating cannot be used if rules are defined in the Traefik configuration file.
### Rules in Dedicated Files ### Rules in Dedicated Files
Træfik allows defining rules in one or more separate files. Traefik allows defining rules in one or more separate files.
#### One Separate File #### One Separate File
@ -272,7 +272,7 @@ defaultEntryPoints = ["http", "https"]
watch = true watch = true
``` ```
The option `file.watch` allows Træfik to watch file changes automatically. The option `file.watch` allows Traefik to watch file changes automatically.
#### Multiple Separated Files #### Multiple Separated Files
@ -284,7 +284,7 @@ You could have multiple `.toml` files in a directory (and recursively in its sub
watch = true watch = true
``` ```
The option `file.watch` allows Træfik to watch file changes automatically. The option `file.watch` allows Traefik to watch file changes automatically.
#### Separate Files Content #### Separate Files Content
@ -322,9 +322,9 @@ Backends, Frontends and TLS certificates are defined one at time, as described i
!!! warning !!! warning
TOML templating can only be used **if rules are defined in one or more separate files**. TOML templating can only be used **if rules are defined in one or more separate files**.
Templating will not work in the Træfik configuration file. Templating will not work in the Traefik configuration file.
Træfik allows using TOML templating. Traefik allows using TOML templating.
Thus, it's possible to define easily lot of Backends, Frontends and TLS certificates as described in the file `template-rules.toml` : Thus, it's possible to define easily lot of Backends, Frontends and TLS certificates as described in the file `template-rules.toml` :

4
docs/configuration/backends/kubernetes.md
View file

@ -1,6 +1,6 @@
# Kubernetes Ingress Provider # Kubernetes Ingress Provider
Træfik can be configured to use Kubernetes Ingress as a provider. Traefik can be configured to use Kubernetes Ingress as a provider.
See also [Kubernetes user guide](/user-guide/kubernetes). See also [Kubernetes user guide](/user-guide/kubernetes).
@ -357,5 +357,5 @@ This ingress follows the [Global Default Backend](https://kubernetes.io/docs/con
This will allow users to create a "default backend" that will match all unmatched requests. This will allow users to create a "default backend" that will match all unmatched requests.
!!! note !!! note
Due to Træfik's use of priorities, you may have to set this ingress priority lower than other ingresses in your environment, to avoid this global ingress from satisfying requests that _could_ match other ingresses. Due to Traefik's use of priorities, you may have to set this ingress priority lower than other ingresses in your environment, to avoid this global ingress from satisfying requests that _could_ match other ingresses.
To do this, use the `traefik.ingress.kubernetes.io/priority` annotation (as seen in [General Annotations](/configuration/backends/kubernetes/#general-annotations)) on your ingresses accordingly. To do this, use the `traefik.ingress.kubernetes.io/priority` annotation (as seen in [General Annotations](/configuration/backends/kubernetes/#general-annotations)) on your ingresses accordingly.

4
docs/configuration/backends/marathon.md
View file

@ -1,6 +1,6 @@
# Marathon Provider # Marathon Provider
Træfik can be configured to use Marathon as a provider. Traefik can be configured to use Marathon as a provider.
See also [Marathon user guide](/user-guide/marathon). See also [Marathon user guide](/user-guide/marathon).
@ -196,7 +196,7 @@ The following labels can be defined on Marathon applications. They adjust the be
| Label | Description | | Label | Description |
|---------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |---------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.domain` | Sets the default base domain used for the frontend rules. | | `traefik.domain` | Sets the default base domain used for the frontend rules. |
| `traefik.enable=false` | Disables this container in Træfik. | | `traefik.enable=false` | Disables this container in Traefik. |
| `traefik.port=80` | Registers this port. Useful when the container exposes multiples ports. | | `traefik.port=80` | Registers this port. Useful when the container exposes multiples ports. |
| `traefik.portIndex=1` | Registers port by index in the application's ports array. Useful when the application exposes multiple ports. | | `traefik.portIndex=1` | Registers port by index in the application's ports array. Useful when the application exposes multiple ports. |
| `traefik.protocol=https` | Overrides the default `http` protocol. | | `traefik.protocol=https` | Overrides the default `http` protocol. |

4
docs/configuration/backends/mesos.md
View file

@ -1,6 +1,6 @@
# Mesos Generic Provider # Mesos Generic Provider
Træfik can be configured to use Mesos as a provider. Traefik can be configured to use Mesos as a provider.
```toml ```toml
################################################################ ################################################################
@ -109,7 +109,7 @@ The following labels can be defined on Mesos tasks. They adjust the behavior for
| Label | Description | | Label | Description |
|---------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |---------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.domain` | Sets the default base domain for the frontend rules. | | `traefik.domain` | Sets the default base domain for the frontend rules. |
| `traefik.enable=false` | Disables this container in Træfik. | | `traefik.enable=false` | Disables this container in Traefik. |
| `traefik.port=80` | Registers this port. Useful when the application exposes multiple ports. | | `traefik.port=80` | Registers this port. Useful when the application exposes multiple ports. |
| `traefik.portName=web` | Registers port by name in the application's ports array. Useful when the application exposes multiple ports. | | `traefik.portName=web` | Registers port by name in the application's ports array. Useful when the application exposes multiple ports. |
| `traefik.portIndex=1` | Registers port by index in the application's ports array. Useful when the application exposes multiple ports. | | `traefik.portIndex=1` | Registers port by index in the application's ports array. Useful when the application exposes multiple ports. |

4
docs/configuration/backends/rancher.md
View file

@ -1,6 +1,6 @@
# Rancher Provider # Rancher Provider
Træfik can be configured to use Rancher as a provider. Traefik can be configured to use Rancher as a provider.
## Global Configuration ## Global Configuration
@ -141,7 +141,7 @@ Labels can be used on task containers to override default behavior:
| Label | Description | | Label | Description |
|---------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |---------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.domain` | Sets the default base domain for the frontend rules. | | `traefik.domain` | Sets the default base domain for the frontend rules. |
| `traefik.enable=false` | Disables this container in Træfik. | | `traefik.enable=false` | Disables this container in Traefik. |
| `traefik.port=80` | Registers this port. Useful when the container exposes multiple ports. | | `traefik.port=80` | Registers this port. Useful when the container exposes multiple ports. |
| `traefik.protocol=https` | Overrides the default `http` protocol. | | `traefik.protocol=https` | Overrides the default `http` protocol. |
| `traefik.weight=10` | Assigns this weight to the container. | | `traefik.weight=10` | Assigns this weight to the container. |

2
docs/configuration/backends/rest.md
View file

@ -1,6 +1,6 @@
# Rest Provider # Rest Provider
Træfik can be configured: Traefik can be configured:
- using a RESTful api. - using a RESTful api.

10
docs/configuration/backends/servicefabric.md
View file

@ -1,6 +1,6 @@
# Azure Service Fabric Provider # Azure Service Fabric Provider
Træfik can be configured to use Azure Service Fabric as a provider. Traefik can be configured to use Azure Service Fabric as a provider.
See [this repository for an example deployment package and further documentation.](https://aka.ms/traefikonsf) See [this repository for an example deployment package and further documentation.](https://aka.ms/traefikonsf)
@ -47,13 +47,13 @@ refreshSeconds = 10
## Labels ## Labels
The provider uses labels to configure how services are exposed through Træfik. The provider uses labels to configure how services are exposed through Traefik.
These can be set using Extensions and the Property Manager API These can be set using Extensions and the Property Manager API
#### Extensions #### Extensions
Set labels with extensions through the services `ServiceManifest.xml` file. Set labels with extensions through the services `ServiceManifest.xml` file.
Here is an example of an extension setting Træfik labels: Here is an example of an extension setting Traefik labels:
```xml ```xml
<StatelessServiceType ServiceTypeName="WebServiceType"> <StatelessServiceType ServiceTypeName="WebServiceType">
@ -96,9 +96,9 @@ Labels, set through extensions or the property manager, can be used on services
| Label | Description | | Label | Description |
|------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `traefik.enable=false` | Disable this container in Træfik | | `traefik.enable=false` | Disable this container in Traefik |
| `traefik.backend.circuitbreaker.expression=EXPR` | Create a [circuit breaker](/basics/#backends) to be used against the backend | | `traefik.backend.circuitbreaker.expression=EXPR` | Create a [circuit breaker](/basics/#backends) to be used against the backend |
| `traefik.servicefabric.groupname` | Group all services with the same name into a single backend in Træfik | | `traefik.servicefabric.groupname` | Group all services with the same name into a single backend in Traefik |
| `traefik.servicefabric.groupweight` | Set the weighting of the current services nodes in the backend group | | `traefik.servicefabric.groupweight` | Set the weighting of the current services nodes in the backend group |
| `traefik.servicefabric.enablelabeloverrides` | Toggle whether labels can be overridden using the Service Fabric Property Manager API | | `traefik.servicefabric.enablelabeloverrides` | Toggle whether labels can be overridden using the Service Fabric Property Manager API |
| `traefik.backend.healthcheck.path=/health` | Enable health check for the backend, hitting the container at `path`. | | `traefik.backend.healthcheck.path=/health` | Enable health check for the backend, hitting the container at `path`. |

16
docs/configuration/backends/web.md
View file

@ -3,7 +3,7 @@
!!! danger "DEPRECATED" !!! danger "DEPRECATED"
The web provider is deprecated, please use the [api](/configuration/api.md), the [ping](/configuration/ping.md), the [metrics](/configuration/metrics) and the [rest](/configuration/backends/rest.md) provider. The web provider is deprecated, please use the [api](/configuration/api.md), the [ping](/configuration/ping.md), the [metrics](/configuration/metrics) and the [rest](/configuration/backends/rest.md) provider.
Træfik can be configured: Traefik can be configured:
- using a RESTful api. - using a RESTful api.
- to use a monitoring system (like Prometheus, DataDog or StatD, ...). - to use a monitoring system (like Prometheus, DataDog or StatD, ...).
@ -97,7 +97,7 @@ usersFile = "/path/to/.htdigest"
## Metrics ## Metrics
You can enable Træfik to export internal metrics to different monitoring systems. You can enable Traefik to export internal metrics to different monitoring systems.
### Prometheus ### Prometheus
@ -239,8 +239,8 @@ recentErrors = 10
| Path | Method | Description | | Path | Method | Description |
|-----------------------------------------------------------------|:-------------:|----------------------------------------------------------------------------------------------------| |-----------------------------------------------------------------|:-------------:|----------------------------------------------------------------------------------------------------|
| `/` | `GET` | Provides a simple HTML frontend of Træfik | | `/` | `GET` | Provides a simple HTML frontend of Traefik |
| `/ping` | `GET`, `HEAD` | A simple endpoint to check for Træfik process liveness. Return a code `200` with the content: `OK` | | `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
| `/health` | `GET` | JSON health metrics | | `/health` | `GET` | JSON health metrics |
| `/api` | `GET` | Configuration for all providers | | `/api` | `GET` | Configuration for all providers |
| `/api/providers` | `GET` | Providers | | `/api/providers` | `GET` | Providers |
@ -286,11 +286,11 @@ curl -s "http://localhost:8080/health" | jq .
``` ```
```json ```json
{ {
// Træfik PID // Traefik PID
"pid": 2458, "pid": 2458,
// Træfik server uptime (formated time) // Traefik server uptime (formated time)
"uptime": "39m6.885931127s", "uptime": "39m6.885931127s",
// Træfik server uptime in seconds // Traefik server uptime in seconds
"uptime_sec": 2346.885931127, "uptime_sec": 2346.885931127,
// current server date // current server date
"time": "2015-10-07 18:32:24.362238909 +0200 CEST", "time": "2015-10-07 18:32:24.362238909 +0200 CEST",
@ -300,7 +300,7 @@ curl -s "http://localhost:8080/health" | jq .
"status_code_count": { "status_code_count": {
"502": 1 "502": 1
}, },
// count HTTP response status code since Træfik started // count HTTP response status code since Traefik started
"total_status_code_count": { "total_status_code_count": {
"200": 7, "200": 7,
"404": 21, "404": 21,

2
docs/configuration/backends/zookeeper.md
View file

@ -1,6 +1,6 @@
# Zookeeper Provider # Zookeeper Provider
Træfik can be configured to use Zookeeper as a provider. Traefik can be configured to use Zookeeper as a provider.
```toml ```toml
################################################################ ################################################################

6
docs/configuration/commons.md
View file

@ -132,9 +132,9 @@ Each frontend can specify its own entrypoints.
## Constraints ## Constraints
In a micro-service architecture, with a central service discovery, setting constraints limits Træfik scope to a smaller number of routes. In a micro-service architecture, with a central service discovery, setting constraints limits Traefik scope to a smaller number of routes.
Træfik filters services according to service attributes/tags set in your providers. Traefik filters services according to service attributes/tags set in your providers.
Supported filters: Supported filters:
@ -255,7 +255,7 @@ These can "burst" up to 10 and 200 in each period respectively.
## Buffering ## Buffering
In some cases request/buffering can be enabled for a specific backend. In some cases request/buffering can be enabled for a specific backend.
By enabling this, Træfik will read the entire request into memory (possibly buffering large requests into disk) and will reject requests that are over a specified limit. By enabling this, Traefik will read the entire request into memory (possibly buffering large requests into disk) and will reject requests that are over a specified limit.
This may help services deal with large data (multipart/form-data for example) more efficiently and should minimise time spent when sending data to a backend server. This may help services deal with large data (multipart/form-data for example) more efficiently and should minimise time spent when sending data to a backend server.
For more information please check [oxy/buffer](http://godoc.org/github.com/vulcand/oxy/buffer) documentation. For more information please check [oxy/buffer](http://godoc.org/github.com/vulcand/oxy/buffer) documentation.

6
docs/configuration/entrypoints.md
View file

@ -235,8 +235,8 @@ If you need to add or remove TLS certificates while Traefik is started, Dynamic
## TLS Mutual Authentication ## TLS Mutual Authentication
TLS Mutual Authentication can be `optional` or not. TLS Mutual Authentication can be `optional` or not.
If it's `optional`, Træfik will authorize connection with certificates not signed by a specified Certificate Authority (CA). If it's `optional`, Traefik will authorize connection with certificates not signed by a specified Certificate Authority (CA).
Otherwise, Træfik will only accept clients that present a certificate signed by a specified Certificate Authority (CA). Otherwise, Traefik will only accept clients that present a certificate signed by a specified Certificate Authority (CA).
`ClientCAFiles` can be configured with multiple `CA:s` in the same file or use multiple files containing one or several `CA:s`. `ClientCAFiles` can be configured with multiple `CA:s` in the same file or use multiple files containing one or several `CA:s`.
The `CA:s` has to be in PEM format. The `CA:s` has to be in PEM format.
@ -486,7 +486,7 @@ To enable [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-protoco
Only IPs in `trustedIPs` will lead to remote client address replacement: you should declare your load-balancer IP or CIDR range here (in testing environment, you can trust everyone using `insecure = true`). Only IPs in `trustedIPs` will lead to remote client address replacement: you should declare your load-balancer IP or CIDR range here (in testing environment, you can trust everyone using `insecure = true`).
!!! danger !!! danger
When queuing Træfik behind another load-balancer, be sure to carefully configure Proxy Protocol on both sides. When queuing Traefik behind another load-balancer, be sure to carefully configure Proxy Protocol on both sides.
Otherwise, it could introduce a security risk in your system by forging requests. Otherwise, it could introduce a security risk in your system by forging requests.
```toml ```toml

2
docs/configuration/logs.md
View file

@ -278,7 +278,7 @@ accessLogsFile = "log/access.log"
### CLF - Common Log Format ### CLF - Common Log Format
By default, Træfik use the CLF (`common`) as access log format. By default, Traefik use the CLF (`common`) as access log format.
```html ```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_frontend_name>" "<Traefik_backend_URL>" <request_duration_in_ms>ms <remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_frontend_name>" "<Traefik_backend_URL>" <request_duration_in_ms>ms

2
docs/configuration/ping.md
View file

@ -15,7 +15,7 @@
| Path | Method | Description | | Path | Method | Description |
|---------|---------------|----------------------------------------------------------------------------------------------------| |---------|---------------|----------------------------------------------------------------------------------------------------|
| `/ping` | `GET`, `HEAD` | A simple endpoint to check for Træfik process liveness. Return a code `200` with the content: `OK` | | `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
!!! warning !!! warning

4
docs/configuration/tracing.md
View file

@ -4,7 +4,7 @@ The tracing system allows developers to visualize call flows in their infrastruc
We use [OpenTracing](http://opentracing.io). It is an open standard designed for distributed tracing. We use [OpenTracing](http://opentracing.io). It is an open standard designed for distributed tracing.
Træfik supports three tracing backends: Jaeger, Zipkin and DataDog. Traefik supports three tracing backends: Jaeger, Zipkin and DataDog.
## Jaeger ## Jaeger
@ -61,7 +61,7 @@ Træfik supports three tracing backends: Jaeger, Zipkin and DataDog.
``` ```
!!! warning !!! warning
Træfik is only able to send data over compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent). Traefik is only able to send data over compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent).
## Zipkin ## Zipkin

56
docs/index.md
View file

@ -1,5 +1,5 @@
<p align="center"> <p align="center">
<img src="img/traefik.logo.png" alt="Træfik" title="Træfik" /> <img src="img/traefik.logo.png" alt="Traefik" title="Traefik" />
</p> </p>
[![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik) [![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
@ -10,9 +10,9 @@
[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik) [![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
Træfik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Træfik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically. Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
Pointing Træfik at your orchestrator should be the _only_ configuration step you need. Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
## Overview ## Overview
@ -22,12 +22,12 @@ Now you want users to access these microservices, and you need a reverse proxy.
Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice. Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice.
In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious. In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious.
**This is when Træfik can help you!** **This is when Traefik can help you!**
Træfik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part. Traefik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part.
**Run Træfik and let it do the work for you!** **Run Traefik and let it do the work for you!**
_(But if you'd rather configure some of your routes manually, Træfik supports that too!)_ _(But if you'd rather configure some of your routes manually, Traefik supports that too!)_
![Architecture](img/architecture.png) ![Architecture](img/architecture.png)
@ -62,15 +62,15 @@ _(But if you'd rather configure some of your routes manually, Træfik supports t
- [File](/configuration/backends/file/) - [File](/configuration/backends/file/)
- [Rest](/configuration/backends/rest/) - [Rest](/configuration/backends/rest/)
## The Træfik Quickstart (Using Docker) ## The Traefik Quickstart (Using Docker)
In this quickstart, we'll use [Docker compose](https://docs.docker.com/compose) to create our demo infrastructure. In this quickstart, we'll use [Docker compose](https://docs.docker.com/compose) to create our demo infrastructure.
To save some time, you can clone [Træfik's repository](https://github.com/containous/traefik) and use the quickstart files located in the [examples/quickstart](https://github.com/containous/traefik/tree/master/examples/quickstart/) directory. To save some time, you can clone [Traefik's repository](https://github.com/containous/traefik) and use the quickstart files located in the [examples/quickstart](https://github.com/containous/traefik/tree/master/examples/quickstart/) directory.
### 1 — Launch Træfik — Tell It to Listen to Docker ### 1 — Launch Traefik — Tell It to Listen to Docker
Create a `docker-compose.yml` file where you will define a `reverse-proxy` service that uses the official Træfik image: Create a `docker-compose.yml` file where you will define a `reverse-proxy` service that uses the official Traefik image:
```yaml ```yaml
version: '3' version: '3'
@ -78,7 +78,7 @@ version: '3'
services: services:
reverse-proxy: reverse-proxy:
image: traefik # The official Traefik docker image image: traefik # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Træfik to listen to docker command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports: ports:
- "80:80" # The HTTP port - "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api) - "8080:8080" # The Web UI (enabled by --api)
@ -90,7 +90,7 @@ services:
Enabling the Web UI with the `--api` flag might expose configuration elements. You can read more about this on the [API/Dashboard's Security section](/configuration/api#security). Enabling the Web UI with the `--api` flag might expose configuration elements. You can read more about this on the [API/Dashboard's Security section](/configuration/api#security).
**That's it. Now you can launch Træfik!** **That's it. Now you can launch Traefik!**
Start your `reverse-proxy` with the following command: Start your `reverse-proxy` with the following command:
@ -98,11 +98,11 @@ Start your `reverse-proxy` with the following command:
docker-compose up -d reverse-proxy docker-compose up -d reverse-proxy
``` ```
You can open a browser and go to [http://localhost:8080](http://localhost:8080) to see Træfik's dashboard (we'll go back there once we have launched a service in step 2). You can open a browser and go to [http://localhost:8080](http://localhost:8080) to see Traefik's dashboard (we'll go back there once we have launched a service in step 2).
### 2 — Launch a Service — Træfik Detects It and Creates a Route for You ### 2 — Launch a Service — Traefik Detects It and Creates a Route for You
Now that we have a Træfik instance up and running, we will deploy new services. Now that we have a Traefik instance up and running, we will deploy new services.
Edit your `docker-compose.yml` file and add the following at the end of your file. Edit your `docker-compose.yml` file and add the following at the end of your file.
@ -122,7 +122,7 @@ Start the `whoami` service with the following command:
docker-compose up -d whoami docker-compose up -d whoami
``` ```
Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Træfik has automatically detected the new container and updated its own configuration. Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Traefik has automatically detected the new container and updated its own configuration.
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl) When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
@ -145,9 +145,9 @@ Run more instances of your `whoami` service with the following command:
docker-compose scale whoami=2 docker-compose scale whoami=2
``` ```
Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Træfik has automatically detected the new instance of the container. Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Traefik has automatically detected the new instance of the container.
Finally, see that Træfik load-balances between the two instances of your services by running twice the following command: Finally, see that Traefik load-balances between the two instances of your services by running twice the following command:
```shell ```shell
curl -H Host:whoami.docker.localhost http://127.0.0.1 curl -H Host:whoami.docker.localhost http://127.0.0.1
@ -167,22 +167,22 @@ IP: 172.27.0.4
# ... # ...
``` ```
### 4 — Enjoy Træfik's Magic ### 4 — Enjoy Traefik's Magic
Now that you have a basic understanding of how Træfik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](/) and let Træfik work for you! Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](/) and let Traefik work for you!
Whatever your infrastructure is, there is probably [an available Træfik provider](/#supported-providers) that will do the job. Whatever your infrastructure is, there is probably [an available Traefik provider](/#supported-providers) that will do the job.
Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Træfik's let's encrypt integration](/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](/user-guide/docker-and-lets-encrypt/). Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Traefik's let's encrypt integration](/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](/user-guide/docker-and-lets-encrypt/).
## Resources ## Resources
Here is a talk given by [Emile Vauge](https://github.com/emilevauge) at [GopherCon 2017](https://gophercon.com). Here is a talk given by [Emile Vauge](https://github.com/emilevauge) at [GopherCon 2017](https://gophercon.com).
You will learn Træfik basics in less than 10 minutes. You will learn Traefik basics in less than 10 minutes.
[![Traefik GopherCon 2017](https://img.youtube.com/vi/RgudiksfL-k/0.jpg)](https://www.youtube.com/watch?v=RgudiksfL-k) [![Traefik GopherCon 2017](https://img.youtube.com/vi/RgudiksfL-k/0.jpg)](https://www.youtube.com/watch?v=RgudiksfL-k)
Here is a talk given by [Ed Robinson](https://github.com/errm) at [ContainerCamp UK](https://container.camp) conference. Here is a talk given by [Ed Robinson](https://github.com/errm) at [ContainerCamp UK](https://container.camp) conference.
You will learn fundamental Træfik features and see some demos with Kubernetes. You will learn fundamental Traefik features and see some demos with Kubernetes.
[![Traefik ContainerCamp UK](https://img.youtube.com/vi/aFtpIShV60I/0.jpg)](https://www.youtube.com/watch?v=aFtpIShV60I) [![Traefik ContainerCamp UK](https://img.youtube.com/vi/aFtpIShV60I/0.jpg)](https://www.youtube.com/watch?v=aFtpIShV60I)
@ -217,5 +217,5 @@ Reported vulnerabilities can be found on
### Report a Vulnerability ### Report a Vulnerability
We want to keep Træfik safe for everyone. We want to keep Traefik safe for everyone.
If you've discovered a security vulnerability in Træfik, we appreciate your help in disclosing it to us in a responsible manner, using [this form](https://security.traefik.io). If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using [this form](https://security.traefik.io).

26
docs/user-guide/cluster-docker-consul.md
View file

@ -1,15 +1,15 @@
# Clustering / High Availability on Docker Swarm with Consul # Clustering / High Availability on Docker Swarm with Consul
This guide explains how to use Træfik in high availability mode in a Docker Swarm and with Let's Encrypt. This guide explains how to use Traefik in high availability mode in a Docker Swarm and with Let's Encrypt.
Why do we need Træfik in cluster mode? Running multiple instances should work out of the box? Why do we need Traefik in cluster mode? Running multiple instances should work out of the box?
If you want to use Let's Encrypt with Træfik, sharing configuration or TLS certificates between many Træfik instances, you need Træfik cluster/HA. If you want to use Let's Encrypt with Traefik, sharing configuration or TLS certificates between many Traefik instances, you need Traefik cluster/HA.
Ok, could we mount a shared volume used by all my instances? Yes, you can, but it will not work. Ok, could we mount a shared volume used by all my instances? Yes, you can, but it will not work.
When you use Let's Encrypt, you need to store certificates, but not only. When you use Let's Encrypt, you need to store certificates, but not only.
When Træfik generates a new certificate, it configures a challenge and once Let's Encrypt will verify the ownership of the domain, it will ping back the challenge. When Traefik generates a new certificate, it configures a challenge and once Let's Encrypt will verify the ownership of the domain, it will ping back the challenge.
If the challenge is not known by other Træfik instances, the validation will fail. If the challenge is not known by other Traefik instances, the validation will fail.
For more information about the challenge: [Automatic Certificate Management Environment (ACME)](https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md#http-challenge) For more information about the challenge: [Automatic Certificate Management Environment (ACME)](https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md#http-challenge)
@ -17,12 +17,12 @@ For more information about the challenge: [Automatic Certificate Management Envi
You will need a working Docker Swarm cluster. You will need a working Docker Swarm cluster.
## Træfik configuration ## Traefik configuration
In this guide, we will not use a TOML configuration file, but only command line flag. In this guide, we will not use a TOML configuration file, but only command line flag.
With that, we can use the base image without mounting configuration file or building custom image. With that, we can use the base image without mounting configuration file or building custom image.
What Træfik should do: What Traefik should do:
- Listen to 80 and 443 - Listen to 80 and 443
- Redirect HTTP traffic to HTTPS - Redirect HTTP traffic to HTTPS
@ -64,7 +64,7 @@ Let's Encrypt needs 4 parameters: an TLS entry point to listen to, a non-TLS ent
To enable Let's Encrypt support, you need to add `--acme` flag. To enable Let's Encrypt support, you need to add `--acme` flag.
Now, Træfik needs to know where to store the certificates, we can choose between a key in a Key-Value store, or a file path: `--acme.storage=my/key` or `--acme.storage=/path/to/acme.json`. Now, Traefik needs to know where to store the certificates, we can choose between a key in a Key-Value store, or a file path: `--acme.storage=my/key` or `--acme.storage=/path/to/acme.json`.
The `acme.httpChallenge.entryPoint` flag enables the `HTTP-01` challenge and specifies the entryPoint to use during the challenges. The `acme.httpChallenge.entryPoint` flag enables the `HTTP-01` challenge and specifies the entryPoint to use during the challenges.
@ -143,9 +143,9 @@ networks:
## Migrate configuration to Consul ## Migrate configuration to Consul
We created a special Træfik command to help configuring your Key Value store from a Træfik TOML configuration file and/or CLI flags. We created a special Traefik command to help configuring your Key Value store from a Traefik TOML configuration file and/or CLI flags.
## Deploy a Træfik cluster ## Deploy a Traefik cluster
The best way we found is to have an initializer service. The best way we found is to have an initializer service.
This service will push the config to Consul via the `storeconfig` sub-command. This service will push the config to Consul via the `storeconfig` sub-command.
@ -173,7 +173,7 @@ The initializer in a docker-compose file will be:
- consul - consul
``` ```
And now, the Træfik part will only have the Consul configuration. And now, the Traefik part will only have the Consul configuration.
```yaml ```yaml
traefik: traefik:
@ -189,10 +189,10 @@ And now, the Træfik part will only have the Consul configuration.
``` ```
!!! note !!! note
For Træfik <1.5.0 add `acme.storage=traefik/acme/account` because Træfik is not reading it from Consul. For Traefik <1.5.0 add `acme.storage=traefik/acme/account` because Traefik is not reading it from Consul.
If you have some update to do, update the initializer service and re-deploy it. If you have some update to do, update the initializer service and re-deploy it.
The new configuration will be stored in Consul, and you need to restart the Træfik node: `docker service update --force traefik_traefik`. The new configuration will be stored in Consul, and you need to restart the Traefik node: `docker service update --force traefik_traefik`.
## Full docker-compose file ## Full docker-compose file

18
docs/user-guide/cluster.md
View file

@ -1,8 +1,8 @@
# Clustering / High Availability (beta) # Clustering / High Availability (beta)
This guide explains how to use Træfik in high availability mode. This guide explains how to use Traefik in high availability mode.
In order to deploy and configure multiple Træfik instances, without copying the same configuration file on each instance, we will use a distributed Key-Value store. In order to deploy and configure multiple Traefik instances, without copying the same configuration file on each instance, we will use a distributed Key-Value store.
## Prerequisites ## Prerequisites
@ -11,23 +11,23 @@ _(Currently, we recommend [Consul](https://consul.io) .)_
## File configuration to KV store migration ## File configuration to KV store migration
We created a special Træfik command to help configuring your Key Value store from a Træfik TOML configuration file. We created a special Traefik command to help configuring your Key Value store from a Traefik TOML configuration file.
Please refer to [this section](/user-guide/kv-config/#store-configuration-in-key-value-store) to get more details. Please refer to [this section](/user-guide/kv-config/#store-configuration-in-key-value-store) to get more details.
## Deploy a Træfik cluster ## Deploy a Traefik cluster
Once your Træfik configuration is uploaded on your KV store, you can start each Træfik instance. Once your Traefik configuration is uploaded on your KV store, you can start each Traefik instance.
A Træfik cluster is based on a manager/worker model. A Traefik cluster is based on a manager/worker model.
When starting, Træfik will elect a manager. When starting, Traefik will elect a manager.
If this instance fails, another manager will be automatically elected. If this instance fails, another manager will be automatically elected.
## Træfik cluster and Let's Encrypt ## Traefik cluster and Let's Encrypt
**In cluster mode, ACME certificates have to be stored in [a KV Store entry](/configuration/acme/#as-a-key-value-store-entry).** **In cluster mode, ACME certificates have to be stored in [a KV Store entry](/configuration/acme/#as-a-key-value-store-entry).**
Thanks to the Træfik cluster mode algorithm (based on [the Raft Consensus Algorithm](https://raft.github.io/)), only one instance will contact Let's encrypt to solve the challenges. Thanks to the Traefik cluster mode algorithm (based on [the Raft Consensus Algorithm](https://raft.github.io/)), only one instance will contact Let's encrypt to solve the challenges.
The others instances will get ACME certificate from the KV Store entry. The others instances will get ACME certificate from the KV Store entry.

50
docs/user-guide/docker-and-lets-encrypt.md
View file

@ -1,8 +1,8 @@
# Let's Encrypt & Docker # Let's Encrypt & Docker
In this use case, we want to use Træfik as a _layer-7_ load balancer with SSL termination for a set of micro-services used to run a web application. In this use case, we want to use Traefik as a _layer-7_ load balancer with SSL termination for a set of micro-services used to run a web application.
We also want to automatically _discover any services_ on the Docker host and let Træfik reconfigure itself automatically when containers get created (or shut down) so HTTP traffic can be routed accordingly. We also want to automatically _discover any services_ on the Docker host and let Traefik reconfigure itself automatically when containers get created (or shut down) so HTTP traffic can be routed accordingly.
In addition, we want to use Let's Encrypt to automatically generate and renew SSL certificates per hostname. In addition, we want to use Let's Encrypt to automatically generate and renew SSL certificates per hostname.
@ -19,7 +19,7 @@ In real-life, you'll want to use your own domain and have the DNS configured acc
Docker containers can only communicate with each other over TCP when they share at least one network. Docker containers can only communicate with each other over TCP when they share at least one network.
This makes sense from a topological point of view in the context of networking, since Docker under the hood creates IPTable rules so containers can't reach other containers _unless you'd want to_. This makes sense from a topological point of view in the context of networking, since Docker under the hood creates IPTable rules so containers can't reach other containers _unless you'd want to_.
In this example, we're going to use a single network called `web` where all containers that are handling HTTP traffic (including Træfik) will reside in. In this example, we're going to use a single network called `web` where all containers that are handling HTTP traffic (including Traefik) will reside in.
On the Docker host, run the following command: On the Docker host, run the following command:
@ -27,7 +27,7 @@ On the Docker host, run the following command:
docker network create web docker network create web
``` ```
Now, let's create a directory on the server where we will configure the rest of Træfik: Now, let's create a directory on the server where we will configure the rest of Traefik:
```shell ```shell
mkdir -p /opt/traefik mkdir -p /opt/traefik
@ -41,7 +41,7 @@ touch /opt/traefik/acme.json && chmod 600 /opt/traefik/acme.json
touch /opt/traefik/traefik.toml touch /opt/traefik/traefik.toml
``` ```
The `docker-compose.yml` file will provide us with a simple, consistent and more importantly, a deterministic way to create Træfik. The `docker-compose.yml` file will provide us with a simple, consistent and more importantly, a deterministic way to create Traefik.
The contents of the file is as follows: The contents of the file is as follows:
@ -69,12 +69,12 @@ networks:
``` ```
As you can see, we're mounting the `traefik.toml` file as well as the (empty) `acme.json` file in the container. As you can see, we're mounting the `traefik.toml` file as well as the (empty) `acme.json` file in the container.
Also, we're mounting the `/var/run/docker.sock` Docker socket in the container as well, so Træfik can listen to Docker events and reconfigure its own internal configuration when containers are created (or shut down). Also, we're mounting the `/var/run/docker.sock` Docker socket in the container as well, so Traefik can listen to Docker events and reconfigure its own internal configuration when containers are created (or shut down).
Also, we're making sure the container is automatically restarted by the Docker engine in case of problems (or: if the server is rebooted). Also, we're making sure the container is automatically restarted by the Docker engine in case of problems (or: if the server is rebooted).
We're publishing the default HTTP ports `80` and `443` on the host, and making sure the container is placed within the `web` network we've created earlier on. We're publishing the default HTTP ports `80` and `443` on the host, and making sure the container is placed within the `web` network we've created earlier on.
Finally, we're giving this container a static name called `traefik`. Finally, we're giving this container a static name called `traefik`.
Let's take a look at a simple `traefik.toml` configuration as well before we'll create the Træfik container: Let's take a look at a simple `traefik.toml` configuration as well before we'll create the Traefik container:
```toml ```toml
debug = false debug = false
@ -111,17 +111,17 @@ entryPoint = "http"
This is the minimum configuration required to do the following: This is the minimum configuration required to do the following:
- Log `ERROR`-level messages (or more severe) to the console, but silence `DEBUG`-level messages - Log `ERROR`-level messages (or more severe) to the console, but silence `DEBUG`-level messages
- Check for new versions of Træfik periodically - Check for new versions of Traefik periodically
- Create two entry points, namely an `HTTP` endpoint on port `80`, and an `HTTPS` endpoint on port `443` where all incoming traffic on port `80` will immediately get redirected to `HTTPS`. - Create two entry points, namely an `HTTP` endpoint on port `80`, and an `HTTPS` endpoint on port `443` where all incoming traffic on port `80` will immediately get redirected to `HTTPS`.
- Enable the Docker provider and listen for container events on the Docker unix socket we've mounted earlier. However, **new containers will not be exposed by Træfik by default, we'll get into this in a bit!** - Enable the Docker provider and listen for container events on the Docker unix socket we've mounted earlier. However, **new containers will not be exposed by Traefik by default, we'll get into this in a bit!**
- Enable automatic request and configuration of SSL certificates using Let's Encrypt. - Enable automatic request and configuration of SSL certificates using Let's Encrypt.
These certificates will be stored in the `acme.json` file, which you can back-up yourself and store off-premises. These certificates will be stored in the `acme.json` file, which you can back-up yourself and store off-premises.
Alright, let's boot the container. From the `/opt/traefik` directory, run `docker-compose up -d` which will create and start the Træfik container. Alright, let's boot the container. From the `/opt/traefik` directory, run `docker-compose up -d` which will create and start the Traefik container.
## Exposing Web Services to the Outside World ## Exposing Web Services to the Outside World
Now that we've fully configured and started Træfik, it's time to get our applications running! Now that we've fully configured and started Traefik, it's time to get our applications running!
Let's take a simple example of a micro-service project consisting of various services, where some will be exposed to the outside world and some will not. Let's take a simple example of a micro-service project consisting of various services, where some will be exposed to the outside world and some will not.
@ -195,10 +195,10 @@ Since the `traefik` container we've created and started earlier is also attached
### Labels ### Labels
As mentioned earlier, we don't want containers exposed automatically by Træfik. As mentioned earlier, we don't want containers exposed automatically by Traefik.
The reason behind this is simple: we want to have control over this process ourselves. The reason behind this is simple: we want to have control over this process ourselves.
Thanks to Docker labels, we can tell Træfik how to create its internal routing configuration. Thanks to Docker labels, we can tell Traefik how to create its internal routing configuration.
Let's take a look at the labels themselves for the `app` service, which is a HTTP webservice listing on port 9000: Let's take a look at the labels themselves for the `app` service, which is a HTTP webservice listing on port 9000:
@ -219,13 +219,13 @@ We use both `container labels` and `service labels`.
First, we specify the `backend` name which corresponds to the actual service we're routing **to**. First, we specify the `backend` name which corresponds to the actual service we're routing **to**.
We also tell Træfik to use the `web` network to route HTTP traffic to this container. We also tell Traefik to use the `web` network to route HTTP traffic to this container.
With the `traefik.enable` label, we tell Træfik to include this container in its internal configuration. With the `traefik.enable` label, we tell Traefik to include this container in its internal configuration.
With the `frontend.rule` label, we tell Træfik that we want to route to this container if the incoming HTTP request contains the `Host` `app.my-awesome-app.org`. With the `frontend.rule` label, we tell Traefik that we want to route to this container if the incoming HTTP request contains the `Host` `app.my-awesome-app.org`.
Essentially, this is the actual rule used for Layer-7 load balancing. Essentially, this is the actual rule used for Layer-7 load balancing.
Finally but not unimportantly, we tell Træfik to route **to** port `9000`, since that is the actual TCP/IP port the container actually listens on. Finally but not unimportantly, we tell Traefik to route **to** port `9000`, since that is the actual TCP/IP port the container actually listens on.
### Service labels ### Service labels
@ -238,25 +238,25 @@ In the example, two service names are defined : `basic` and `admin`.
They allow creating two frontends and two backends. They allow creating two frontends and two backends.
- `basic` has only one `service label` : `traefik.basic.protocol`. - `basic` has only one `service label` : `traefik.basic.protocol`.
Træfik will use values set in `traefik.frontend.rule` and `traefik.port` to create the `basic` frontend and backend. Traefik will use values set in `traefik.frontend.rule` and `traefik.port` to create the `basic` frontend and backend.
The frontend listens to incoming HTTP requests which contain the `Host` `app.my-awesome-app.org` and redirect them in `HTTP` to the port `9000` of the backend. The frontend listens to incoming HTTP requests which contain the `Host` `app.my-awesome-app.org` and redirect them in `HTTP` to the port `9000` of the backend.
- `admin` has all the `services labels` needed to create the `admin` frontend and backend (`traefik.admin.frontend.rule`, `traefik.admin.protocol`, `traefik.admin.port`). - `admin` has all the `services labels` needed to create the `admin` frontend and backend (`traefik.admin.frontend.rule`, `traefik.admin.protocol`, `traefik.admin.port`).
Træfik will create a frontend to listen to incoming HTTP requests which contain the `Host` `admin-app.my-awesome-app.org` and redirect them in `HTTPS` to the port `9443` of the backend. Traefik will create a frontend to listen to incoming HTTP requests which contain the `Host` `admin-app.my-awesome-app.org` and redirect them in `HTTPS` to the port `9443` of the backend.
#### Gotchas and tips #### Gotchas and tips
- Always specify the correct port where the container expects HTTP traffic using `traefik.port` label. - Always specify the correct port where the container expects HTTP traffic using `traefik.port` label.
If a container exposes multiple ports, Træfik may forward traffic to the wrong port. If a container exposes multiple ports, Traefik may forward traffic to the wrong port.
Even if a container only exposes one port, you should always write configuration defensively and explicitly. Even if a container only exposes one port, you should always write configuration defensively and explicitly.
- Should you choose to enable the `exposedByDefault` flag in the `traefik.toml` configuration, be aware that all containers that are placed in the same network as Træfik will automatically be reachable from the outside world, for everyone and everyone to see. - Should you choose to enable the `exposedByDefault` flag in the `traefik.toml` configuration, be aware that all containers that are placed in the same network as Traefik will automatically be reachable from the outside world, for everyone and everyone to see.
Usually, this is a bad idea. Usually, this is a bad idea.
- With the `traefik.frontend.auth.basic` label, it's possible for Træfik to provide a HTTP basic-auth challenge for the endpoints you provide the label for. - With the `traefik.frontend.auth.basic` label, it's possible for Traefik to provide a HTTP basic-auth challenge for the endpoints you provide the label for.
- Træfik has built-in support to automatically export [Prometheus](https://prometheus.io) metrics - Traefik has built-in support to automatically export [Prometheus](https://prometheus.io) metrics
- Træfik supports websockets out of the box. In the example above, the `events`-service could be a NodeJS-based application which allows clients to connect using websocket protocol. - Traefik supports websockets out of the box. In the example above, the `events`-service could be a NodeJS-based application which allows clients to connect using websocket protocol.
Thanks to the fact that HTTPS in our example is enforced, these websockets are automatically secure as well (WSS) Thanks to the fact that HTTPS in our example is enforced, these websockets are automatically secure as well (WSS)
### Final thoughts ### Final thoughts
Using Træfik as a Layer-7 load balancer in combination with both Docker and Let's Encrypt provides you with an extremely flexible, powerful and self-configuring solution for your projects. Using Traefik as a Layer-7 load balancer in combination with both Docker and Let's Encrypt provides you with an extremely flexible, powerful and self-configuring solution for your projects.
With Let's Encrypt, your endpoints are automatically secured with production-ready SSL certificates that are renewed automatically as well. With Let's Encrypt, your endpoints are automatically secured with production-ready SSL certificates that are renewed automatically as well.

14
docs/user-guide/examples.md
View file

@ -1,6 +1,6 @@
# Examples # Examples
You will find here some configuration examples of Træfik. You will find here some configuration examples of Traefik.
## HTTP only ## HTTP only
@ -87,7 +87,7 @@ entryPoint = "https"
This configuration allows generating Let's Encrypt certificates (thanks to `HTTP-01` challenge) for the four domains `local[1-4].com` with described SANs. This configuration allows generating Let's Encrypt certificates (thanks to `HTTP-01` challenge) for the four domains `local[1-4].com` with described SANs.
Træfik generates these certificates when it starts and it needs to be restart if new domains are added. Traefik generates these certificates when it starts and it needs to be restart if new domains are added.
### onHostRule option (with HTTP challenge) ### onHostRule option (with HTTP challenge)
@ -122,9 +122,9 @@ entryPoint = "https"
This configuration allows generating Let's Encrypt certificates (thanks to `HTTP-01` challenge) for the four domains `local[1-4].com`. This configuration allows generating Let's Encrypt certificates (thanks to `HTTP-01` challenge) for the four domains `local[1-4].com`.
Træfik generates these certificates when it starts. Traefik generates these certificates when it starts.
If a backend is added with a `onHost` rule, Træfik will automatically generate the Let's Encrypt certificate for the new domain (for frontends wired on the `acme.entryPoint`). If a backend is added with a `onHost` rule, Traefik will automatically generate the Let's Encrypt certificate for the new domain (for frontends wired on the `acme.entryPoint`).
### OnDemand option (with HTTP challenge) ### OnDemand option (with HTTP challenge)
@ -186,7 +186,7 @@ entryPoint = "https"
``` ```
DNS challenge needs environment variables to be executed. DNS challenge needs environment variables to be executed.
These variables have to be set on the machine/container that host Træfik. These variables have to be set on the machine/container that host Traefik.
These variables are described [in this section](/configuration/acme/#provider). These variables are described [in this section](/configuration/acme/#provider).
@ -219,7 +219,7 @@ entryPoint = "https"
``` ```
DNS challenge needs environment variables to be executed. DNS challenge needs environment variables to be executed.
These variables have to be set on the machine/container that host Træfik. These variables have to be set on the machine/container that host Traefik.
These variables are described [in this section](/configuration/acme/#provider). These variables are described [in this section](/configuration/acme/#provider).
@ -248,7 +248,7 @@ entryPoint = "https"
entryPoint = "http" entryPoint = "http"
``` ```
Træfik will only try to generate a Let's encrypt certificate (thanks to `HTTP-01` challenge) if the domain cannot be checked by the provided certificates. Traefik will only try to generate a Let's encrypt certificate (thanks to `HTTP-01` challenge) if the domain cannot be checked by the provided certificates.
### Cluster mode ### Cluster mode

12
docs/user-guide/grpc.md
View file

@ -4,9 +4,9 @@
This section explains how to use Traefik as reverse proxy for gRPC application. This section explains how to use Traefik as reverse proxy for gRPC application.
### Træfik configuration ### Traefik configuration
At last, we configure our Træfik instance to use both self-signed certificates. At last, we configure our Traefik instance to use both self-signed certificates.
```toml ```toml
defaultEntryPoints = ["https"] defaultEntryPoints = ["https"]
@ -39,7 +39,7 @@ defaultEntryPoints = ["https"]
### Conclusion ### Conclusion
We don't need specific configuration to use gRPC in Træfik, we just need to use `h2c` protocol, or use HTTPS communications to have HTTP2 with the backend. We don't need specific configuration to use gRPC in Traefik, we just need to use `h2c` protocol, or use HTTPS communications to have HTTP2 with the backend.
## With HTTPS ## With HTTPS
@ -75,9 +75,9 @@ with
Common Name (e.g. server FQDN or YOUR name) []: frontend.local Common Name (e.g. server FQDN or YOUR name) []: frontend.local
``` ```
### Træfik configuration ### Traefik configuration
At last, we configure our Træfik instance to use both self-signed certificates. At last, we configure our Traefik instance to use both self-signed certificates.
```toml ```toml
defaultEntryPoints = ["https"] defaultEntryPoints = ["https"]
@ -152,7 +152,7 @@ err := s.Serve(lis)
// ... // ...
``` ```
Next we will modify gRPC Client to use our Træfik self-signed certificate: Next we will modify gRPC Client to use our Traefik self-signed certificate:
```go ```go
// ... // ...

80
docs/user-guide/kubernetes.md
View file

@ -1,6 +1,6 @@
# Kubernetes Ingress Controller # Kubernetes Ingress Controller
This guide explains how to use Træfik as an Ingress controller for a Kubernetes cluster. This guide explains how to use Traefik as an Ingress controller for a Kubernetes cluster.
If you are not familiar with Ingresses in Kubernetes you might want to read the [Kubernetes user guide](https://kubernetes.io/docs/concepts/services-networking/ingress/) If you are not familiar with Ingresses in Kubernetes you might want to read the [Kubernetes user guide](https://kubernetes.io/docs/concepts/services-networking/ingress/)
@ -19,12 +19,12 @@ The config files used in this guide can be found in the [examples directory](htt
Kubernetes introduces [Role Based Access Control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in 1.6+ to allow fine-grained control of Kubernetes resources and API. Kubernetes introduces [Role Based Access Control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) in 1.6+ to allow fine-grained control of Kubernetes resources and API.
If your cluster is configured with RBAC, you will need to authorize Træfik to use the Kubernetes API. There are two ways to set up the proper permission: Via namespace-specific RoleBindings or a single, global ClusterRoleBinding. If your cluster is configured with RBAC, you will need to authorize Traefik to use the Kubernetes API. There are two ways to set up the proper permission: Via namespace-specific RoleBindings or a single, global ClusterRoleBinding.
RoleBindings per namespace enable to restrict granted permissions to the very namespaces only that Træfik is watching over, thereby following the least-privileges principle. This is the preferred approach if Træfik is not supposed to watch all namespaces, and the set of namespaces does not change dynamically. Otherwise, a single ClusterRoleBinding must be employed. RoleBindings per namespace enable to restrict granted permissions to the very namespaces only that Traefik is watching over, thereby following the least-privileges principle. This is the preferred approach if Traefik is not supposed to watch all namespaces, and the set of namespaces does not change dynamically. Otherwise, a single ClusterRoleBinding must be employed.
!!! note !!! note
RoleBindings per namespace are available in Træfik 1.5 and later. Please use ClusterRoleBindings for older versions. RoleBindings per namespace are available in Traefik 1.5 and later. Please use ClusterRoleBindings for older versions.
For the sake of simplicity, this guide will use a ClusterRoleBinding: For the sake of simplicity, this guide will use a ClusterRoleBinding:
@ -74,11 +74,11 @@ subjects:
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml
``` ```
For namespaced restrictions, one RoleBinding is required per watched namespace along with a corresponding configuration of Træfik's `kubernetes.namespaces` parameter. For namespaced restrictions, one RoleBinding is required per watched namespace along with a corresponding configuration of Traefik's `kubernetes.namespaces` parameter.
## Deploy Træfik using a Deployment or DaemonSet ## Deploy Traefik using a Deployment or DaemonSet
It is possible to use Træfik with a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) or a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) object, It is possible to use Traefik with a [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) or a [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) object,
whereas both options have their own pros and cons: whereas both options have their own pros and cons:
- The scalability can be much better when using a Deployment, because you will have a Single-Pod-per-Node model when using a DaemonSet, whereas you may need less replicas based on your environment when using a Deployment. - The scalability can be much better when using a Deployment, because you will have a Single-Pod-per-Node model when using a DaemonSet, whereas you may need less replicas based on your environment when using a Deployment.
@ -221,7 +221,7 @@ spec:
!!! note !!! note
This will create a Daemonset that uses privileged ports 80/8080 on the host. This may not work on all providers, but illustrates the static (non-NodePort) hostPort binding. The `traefik-ingress-service` can still be used inside the cluster to access the DaemonSet pods. This will create a Daemonset that uses privileged ports 80/8080 on the host. This may not work on all providers, but illustrates the static (non-NodePort) hostPort binding. The `traefik-ingress-service` can still be used inside the cluster to access the DaemonSet pods.
To deploy Træfik to your cluster start by submitting one of the YAML files to the cluster with `kubectl`: To deploy Traefik to your cluster start by submitting one of the YAML files to the cluster with `kubectl`:
```shell ```shell
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml
@ -257,14 +257,14 @@ traefik-ingress-controller-678226159-eqseo 1/1 Running 0 7m
``` ```
You should see that after submitting the Deployment or DaemonSet to Kubernetes it has launched a Pod, and it is now running. You should see that after submitting the Deployment or DaemonSet to Kubernetes it has launched a Pod, and it is now running.
_It might take a few moments for Kubernetes to pull the Træfik image and start the container._ _It might take a few moments for Kubernetes to pull the Traefik image and start the container._
!!! note !!! note
You could also check the deployment with the Kubernetes dashboard, run You could also check the deployment with the Kubernetes dashboard, run
`minikube dashboard` to open it in your browser, then choose the `kube-system` `minikube dashboard` to open it in your browser, then choose the `kube-system`
namespace from the menu at the top right of the screen. namespace from the menu at the top right of the screen.
You should now be able to access Træfik on port 80 of your Minikube instance when using the DaemonSet: You should now be able to access Traefik on port 80 of your Minikube instance when using the DaemonSet:
```shell ```shell
curl $(minikube ip) curl $(minikube ip)
@ -285,23 +285,23 @@ curl $(minikube ip):<NODEPORT>
``` ```
!!! note !!! note
We expect to see a 404 response here as we haven't yet given Træfik any configuration. We expect to see a 404 response here as we haven't yet given Traefik any configuration.
All further examples below assume a DaemonSet installation. Deployment users will need to append the NodePort when constructing requests. All further examples below assume a DaemonSet installation. Deployment users will need to append the NodePort when constructing requests.
## Deploy Træfik using Helm Chart ## Deploy Traefik using Helm Chart
!!! note !!! note
The Helm Chart is maintained by the community, not the Træfik project maintainers. The Helm Chart is maintained by the community, not the Traefik project maintainers.
Instead of installing Træfik via Kubernetes object directly, you can also use the Træfik Helm chart. Instead of installing Traefik via Kubernetes object directly, you can also use the Traefik Helm chart.
Install the Træfik chart by: Install the Traefik chart by:
```shell ```shell
helm install stable/traefik helm install stable/traefik
``` ```
Install the Træfik chart using a values.yaml file. Install the Traefik chart using a values.yaml file.
```shell ```shell
helm install --values values.yaml stable/traefik helm install --values values.yaml stable/traefik
@ -320,7 +320,7 @@ For more information, check out [the documentation](https://github.com/kubernete
## Submitting an Ingress to the Cluster ## Submitting an Ingress to the Cluster
Lets start by creating a Service and an Ingress that will expose the [Træfik Web UI](https://github.com/containous/traefik#web-ui). Lets start by creating a Service and an Ingress that will expose the [Traefik Web UI](https://github.com/containous/traefik#web-ui).
```yaml ```yaml
apiVersion: v1 apiVersion: v1
@ -367,7 +367,7 @@ You can get the IP address of your minikube instance by running `minikube ip`:
echo "$(minikube ip) traefik-ui.minikube" | sudo tee -a /etc/hosts echo "$(minikube ip) traefik-ui.minikube" | sudo tee -a /etc/hosts
``` ```
We should now be able to visit [traefik-ui.minikube](http://traefik-ui.minikube) in the browser and view the Træfik web UI. We should now be able to visit [traefik-ui.minikube](http://traefik-ui.minikube) in the browser and view the Traefik web UI.
### Add a TLS Certificate to the Ingress ### Add a TLS Certificate to the Ingress
@ -421,7 +421,7 @@ If there are any errors while loading the TLS section of an ingress, the whole i
## Basic Authentication ## Basic Authentication
It's possible to protect access to Træfik through basic authentication. (See the [Kubernetes Ingress](/configuration/backends/kubernetes) configuration page for syntactical details and restrictions.) It's possible to protect access to Traefik through basic authentication. (See the [Kubernetes Ingress](/configuration/backends/kubernetes) configuration page for syntactical details and restrictions.)
### Creating the Secret ### Creating the Secret
@ -677,7 +677,7 @@ spec:
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-ingress.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheese-ingress.yaml
``` ```
Now visit the [Træfik dashboard](http://traefik-ui.minikube/) and you should see a frontend for each host. Now visit the [Traefik dashboard](http://traefik-ui.minikube/) and you should see a frontend for each host.
Along with a backend listing for each service with a server set up for each pod. Along with a backend listing for each service with a server set up for each pod.
If you edit your `/etc/hosts` again you should be able to access the cheese websites in your browser. If you edit your `/etc/hosts` again you should be able to access the cheese websites in your browser.
@ -726,7 +726,7 @@ spec:
[examples/k8s/cheeses-ingress.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheeses-ingress.yaml) [examples/k8s/cheeses-ingress.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheeses-ingress.yaml)
!!! note !!! note
We are configuring Træfik to strip the prefix from the url path with the `traefik.frontend.rule.type` annotation so that we can use the containers from the previous example without modification. We are configuring Traefik to strip the prefix from the url path with the `traefik.frontend.rule.type` annotation so that we can use the containers from the previous example without modification.
```shell ```shell
kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheeses-ingress.yaml kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/cheeses-ingress.yaml
@ -744,7 +744,7 @@ You should now be able to visit the websites in your browser.
## Multiple Ingress Definitions for the Same Host (or Host+Path) ## Multiple Ingress Definitions for the Same Host (or Host+Path)
Træfik will merge multiple Ingress definitions for the same host/path pair into one definition. Traefik will merge multiple Ingress definitions for the same host/path pair into one definition.
Let's say the number of cheese services is growing. Let's say the number of cheese services is growing.
It is now time to move the cheese services to a dedicated cheese namespace to simplify the managements of cheese and non-cheese services. It is now time to move the cheese services to a dedicated cheese namespace to simplify the managements of cheese and non-cheese services.
@ -771,7 +771,7 @@ spec:
servicePort: http servicePort: http
``` ```
Træfik will now look for cheddar service endpoints (ports on healthy pods) in both the cheese and the default namespace. Traefik will now look for cheddar service endpoints (ports on healthy pods) in both the cheese and the default namespace.
Deploying cheddar into the cheese namespace and afterwards shutting down cheddar in the default namespace is enough to migrate the traffic. Deploying cheddar into the cheese namespace and afterwards shutting down cheddar in the default namespace is enough to migrate the traffic.
!!! note !!! note
@ -824,12 +824,12 @@ Note that priority values must be quoted to avoid numeric interpretation (which
## Forwarding to ExternalNames ## Forwarding to ExternalNames
When specifying an [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#services-without-selectors), When specifying an [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#services-without-selectors),
Træfik will forward requests to the given host accordingly and use HTTPS when the Service port matches 443. Traefik will forward requests to the given host accordingly and use HTTPS when the Service port matches 443.
This still requires setting up a proper port mapping on the Service from the Ingress port to the (external) Service port. This still requires setting up a proper port mapping on the Service from the Ingress port to the (external) Service port.
## Disable passing the Host Header ## Disable passing the Host Header
By default Træfik will pass the incoming Host header to the upstream resource. By default Traefik will pass the incoming Host header to the upstream resource.
However, there are times when you may not want this to be the case. For example, if your service is of the ExternalName type. However, there are times when you may not want this to be the case. For example, if your service is of the ExternalName type.
@ -889,38 +889,38 @@ If you were to visit `example.com/static` the request would then be passed on to
## Partitioning the Ingress object space ## Partitioning the Ingress object space
By default, Træfik processes every Ingress objects it observes. At times, however, it may be desirable to ignore certain objects. The following sub-sections describe common use cases and how they can be handled with Træfik. By default, Traefik processes every Ingress objects it observes. At times, however, it may be desirable to ignore certain objects. The following sub-sections describe common use cases and how they can be handled with Traefik.
### Between Træfik and other Ingress controller implementations ### Between Traefik and other Ingress controller implementations
Sometimes Træfik runs along other Ingress controller implementations. One such example is when both Træfik and a cloud provider Ingress controller are active. Sometimes Traefik runs along other Ingress controller implementations. One such example is when both Traefik and a cloud provider Ingress controller are active.
The `kubernetes.io/ingress.class` annotation can be attached to any Ingress object in order to control whether Træfik should handle it. The `kubernetes.io/ingress.class` annotation can be attached to any Ingress object in order to control whether Traefik should handle it.
If the annotation is missing, contains an empty value, or the value `traefik`, then the Træfik controller will take responsibility and process the associated Ingress object. If the annotation is missing, contains an empty value, or the value `traefik`, then the Traefik controller will take responsibility and process the associated Ingress object.
It is also possible to set the `ingressClass` option in Træfik to a particular value. Træfik will only process matching Ingress objects. It is also possible to set the `ingressClass` option in Traefik to a particular value. Traefik will only process matching Ingress objects.
For instance, setting the option to `traefik-internal` causes Træfik to process Ingress objects with the same `kubernetes.io/ingress.class` annotation value, ignoring all other objects (including those with a `traefik` value, empty value, and missing annotation). For instance, setting the option to `traefik-internal` causes Traefik to process Ingress objects with the same `kubernetes.io/ingress.class` annotation value, ignoring all other objects (including those with a `traefik` value, empty value, and missing annotation).
!!! note !!! note
Letting multiple ingress controllers handle the same ingress objects can lead to unintended behavior. Letting multiple ingress controllers handle the same ingress objects can lead to unintended behavior.
It is recommended to prefix all ingressClass values with `traefik` to avoid unintended collisions with other ingress implementations. It is recommended to prefix all ingressClass values with `traefik` to avoid unintended collisions with other ingress implementations.
### Between multiple Træfik Deployments ### Between multiple Traefik Deployments
Sometimes multiple Træfik Deployments are supposed to run concurrently. Sometimes multiple Traefik Deployments are supposed to run concurrently.
For instance, it is conceivable to have one Deployment deal with internal and another one with external traffic. For instance, it is conceivable to have one Deployment deal with internal and another one with external traffic.
For such cases, it is advisable to classify Ingress objects through a label and configure the `labelSelector` option per each Træfik Deployment accordingly. For such cases, it is advisable to classify Ingress objects through a label and configure the `labelSelector` option per each Traefik Deployment accordingly.
To stick with the internal/external example above, all Ingress objects meant for internal traffic could receive a `traffic-type: internal` label while objects designated for external traffic receive a `traffic-type: external` label. To stick with the internal/external example above, all Ingress objects meant for internal traffic could receive a `traffic-type: internal` label while objects designated for external traffic receive a `traffic-type: external` label.
The label selectors on the Træfik Deployments would then be `traffic-type=internal` and `traffic-type=external`, respectively. The label selectors on the Traefik Deployments would then be `traffic-type=internal` and `traffic-type=external`, respectively.
## Traffic Splitting ## Traffic Splitting
It is possible to split Ingress traffic in a fine-grained manner between multiple deployments using _service weights_. It is possible to split Ingress traffic in a fine-grained manner between multiple deployments using _service weights_.
One canonical use case is canary releases where a deployment representing a newer release is to receive an initially small but ever-increasing fraction of the requests over time. One canonical use case is canary releases where a deployment representing a newer release is to receive an initially small but ever-increasing fraction of the requests over time.
The way this can be done in Træfik is to specify a percentage of requests that should go into each deployment. The way this can be done in Traefik is to specify a percentage of requests that should go into each deployment.
For instance, say that an application `my-app` runs in version 1. For instance, say that an application `my-app` runs in version 1.
A newer version 2 is about to be released, but confidence in the robustness and reliability of new version running in production can only be gained gradually. A newer version 2 is about to be released, but confidence in the robustness and reliability of new version running in production can only be gained gradually.
@ -953,7 +953,7 @@ spec:
``` ```
Take note of the `traefik.ingress.kubernetes.io/service-weights` annotation: It specifies the distribution of requests among the referenced backend services, `my-app` and `my-app-canary`. Take note of the `traefik.ingress.kubernetes.io/service-weights` annotation: It specifies the distribution of requests among the referenced backend services, `my-app` and `my-app-canary`.
With this definition, Træfik will route 99% of the requests to the pods backed by the `my-app` deployment, and 1% to those backed by `my-app-canary`. With this definition, Traefik will route 99% of the requests to the pods backed by the `my-app` deployment, and 1% to those backed by `my-app-canary`.
Over time, the ratio may slowly shift towards the canary deployment until it is deemed to replace the previous main application, in steps such as 5%/95%, 10%/90%, 50%/50%, and finally 100%/0%. Over time, the ratio may slowly shift towards the canary deployment until it is deemed to replace the previous main application, in steps such as 5%/95%, 10%/90%, 50%/50%, and finally 100%/0%.
A few conditions must hold for service weights to be applied correctly: A few conditions must hold for service weights to be applied correctly:
@ -1006,7 +1006,7 @@ The examples shown deliberately do not specify any [resource limitations](https:
In a production environment, however, it is important to set proper bounds, especially with regards to CPU: In a production environment, however, it is important to set proper bounds, especially with regards to CPU:
- too strict and Træfik will be throttled while serving requests (as Kubernetes imposes hard quotas) - too strict and Traefik will be throttled while serving requests (as Kubernetes imposes hard quotas)
- too loose and Træfik may waste resources not available for other containers - too loose and Traefik may waste resources not available for other containers
When in doubt, you should measure your resource needs, and adjust requests and limits accordingly. When in doubt, you should measure your resource needs, and adjust requests and limits accordingly.

48
docs/user-guide/kv-config.md
View file

@ -2,9 +2,9 @@
Both [static global configuration](/user-guide/kv-config/#static-configuration-in-key-value-store) and [dynamic](/user-guide/kv-config/#dynamic-configuration-in-key-value-store) configuration can be stored in a Key-value store. Both [static global configuration](/user-guide/kv-config/#static-configuration-in-key-value-store) and [dynamic](/user-guide/kv-config/#dynamic-configuration-in-key-value-store) configuration can be stored in a Key-value store.
This section explains how to launch Træfik using a configuration loaded from a Key-value store. This section explains how to launch Traefik using a configuration loaded from a Key-value store.
Træfik supports several Key-value stores: Traefik supports several Key-value stores:
- [Consul](https://consul.io) - [Consul](https://consul.io)
- [etcd](https://coreos.com/etcd/) - [etcd](https://coreos.com/etcd/)
@ -20,7 +20,7 @@ We will see the steps to set it up with an easy example.
### docker-compose file for Consul ### docker-compose file for Consul
The Træfik global configuration will be retrieved from a [Consul](https://consul.io) store. The Traefik global configuration will be retrieved from a [Consul](https://consul.io) store.
First we have to launch Consul in a container. First we have to launch Consul in a container.
@ -56,11 +56,11 @@ whoami4:
### Upload the configuration in the Key-value store ### Upload the configuration in the Key-value store
We should now fill the store with the Træfik global configuration. We should now fill the store with the Traefik global configuration.
To do that, we can send the Key-value pairs via [curl commands](https://www.consul.io/intro/getting-started/kv.html) or via the [Web UI](https://www.consul.io/intro/getting-started/ui.html). To do that, we can send the Key-value pairs via [curl commands](https://www.consul.io/intro/getting-started/kv.html) or via the [Web UI](https://www.consul.io/intro/getting-started/ui.html).
Fortunately, Træfik allows automation of this process using the `storeconfig` subcommand. Fortunately, Traefik allows automation of this process using the `storeconfig` subcommand.
Please refer to the [store Træfik configuration](/user-guide/kv-config/#store-configuration-in-key-value-store) section to get documentation on it. Please refer to the [store Traefik configuration](/user-guide/kv-config/#store-configuration-in-key-value-store) section to get documentation on it.
Here is the toml configuration we would like to store in the Key-value Store : Here is the toml configuration we would like to store in the Key-value Store :
@ -128,11 +128,11 @@ In case you are setting key values manually:
Note that we can either give path to certificate file or directly the file content itself. Note that we can either give path to certificate file or directly the file content itself.
### Launch Træfik ### Launch Traefik
We will now launch Træfik in a container. We will now launch Traefik in a container.
We use CLI flags to setup the connection between Træfik and Consul. We use CLI flags to setup the connection between Traefik and Consul.
All the rest of the global configuration is stored in Consul. All the rest of the global configuration is stored in Consul.
Here is the [docker-compose file](https://docs.docker.com/compose/compose-file/) : Here is the [docker-compose file](https://docs.docker.com/compose/compose-file/) :
@ -156,7 +156,7 @@ This variable must be initialized with the ACL token value.
If Traefik is launched into a Docker container, the variable `CONSUL_HTTP_TOKEN` can be initialized with the `-e` Docker option : `-e "CONSUL_HTTP_TOKEN=[consul-acl-token-value]"` If Traefik is launched into a Docker container, the variable `CONSUL_HTTP_TOKEN` can be initialized with the `-e` Docker option : `-e "CONSUL_HTTP_TOKEN=[consul-acl-token-value]"`
If a Consul ACL is used to restrict Træfik read/write access, one of the following configurations is needed. If a Consul ACL is used to restrict Traefik read/write access, one of the following configurations is needed.
- HCL format : - HCL format :
@ -199,7 +199,7 @@ So far, only [Consul](https://consul.io) and [etcd](https://coreos.com/etcd/) su
To set it up, we should enable [consul security](https://www.consul.io/docs/internals/security.html) (or [etcd security](https://coreos.com/etcd/docs/latest/security.html)). To set it up, we should enable [consul security](https://www.consul.io/docs/internals/security.html) (or [etcd security](https://coreos.com/etcd/docs/latest/security.html)).
Then, we have to provide CA, Cert and Key to Træfik using `consul` flags : Then, we have to provide CA, Cert and Key to Traefik using `consul` flags :
- `--consul.tls` - `--consul.tls`
- `--consul.tls.ca=path/to/the/file` - `--consul.tls.ca=path/to/the/file`
@ -220,10 +220,10 @@ Remember the command `traefik --help` to display the updated list of flags.
## Dynamic configuration in Key-value store ## Dynamic configuration in Key-value store
Following our example, we will provide backends/frontends rules and HTTPS certificates to Træfik. Following our example, we will provide backends/frontends rules and HTTPS certificates to Traefik.
!!! note !!! note
This section is independent of the way Træfik got its static configuration. This section is independent of the way Traefik got its static configuration.
It means that the static configuration can either come from the same Key-value store or from any other sources. It means that the static configuration can either come from the same Key-value store or from any other sources.
### Key-value storage structure ### Key-value storage structure
@ -360,21 +360,21 @@ And there, the same dynamic configuration in a KV Store (using `prefix = "traefi
### Atomic configuration changes ### Atomic configuration changes
Træfik can watch the backends/frontends configuration changes and generate its configuration automatically. Traefik can watch the backends/frontends configuration changes and generate its configuration automatically.
!!! note !!! note
Only backends/frontends rules are dynamic, the rest of the Træfik configuration stay static. Only backends/frontends rules are dynamic, the rest of the Traefik configuration stay static.
The [Etcd](https://github.com/coreos/etcd/issues/860) and [Consul](https://github.com/hashicorp/consul/issues/886) backends do not support updating multiple keys atomically. The [Etcd](https://github.com/coreos/etcd/issues/860) and [Consul](https://github.com/hashicorp/consul/issues/886) backends do not support updating multiple keys atomically.
As a result, it may be possible for Træfik to read an intermediate configuration state despite judicious use of the `--providersThrottleDuration` flag. As a result, it may be possible for Traefik to read an intermediate configuration state despite judicious use of the `--providersThrottleDuration` flag.
To solve this problem, Træfik supports a special key called `/traefik/alias`. To solve this problem, Traefik supports a special key called `/traefik/alias`.
If set, Træfik use the value as an alternative key prefix. If set, Traefik use the value as an alternative key prefix.
!!! note !!! note
The field `useAPIV3` allows using Etcd V3 API which should support updating multiple keys atomically with Etcd. The field `useAPIV3` allows using Etcd V3 API which should support updating multiple keys atomically with Etcd.
Etcd API V2 is deprecated and, in the future, Træfik will support API V3 by default. Etcd API V2 is deprecated and, in the future, Traefik will support API V3 by default.
Given the key structure below, Træfik will use the `http://172.17.0.2:80` as its only backend (frontend keys have been omitted for brevity). Given the key structure below, Traefik will use the `http://172.17.0.2:80` as its only backend (frontend keys have been omitted for brevity).
| Key | Value | | Key | Value |
|-------------------------------------------------------------------------|-----------------------------| |-------------------------------------------------------------------------|-----------------------------|
@ -411,21 +411,21 @@ Here, we have a 50% balance between the `http://172.17.0.3:80` and the `http://1
| `/traefik_configurations/2/backends/backend1/servers/server2/weight` | `5` | | `/traefik_configurations/2/backends/backend1/servers/server2/weight` | `5` |
!!! note !!! note
Træfik *will not watch for key changes in the `/traefik_configurations` prefix*. It will only watch for changes in the `/traefik/alias`. Traefik *will not watch for key changes in the `/traefik_configurations` prefix*. It will only watch for changes in the `/traefik/alias`.
Further, if the `/traefik/alias` key is set, all other configuration with `/traefik/backends` or `/traefik/frontends` prefix are ignored. Further, if the `/traefik/alias` key is set, all other configuration with `/traefik/backends` or `/traefik/frontends` prefix are ignored.
## Store configuration in Key-value store ## Store configuration in Key-value store
!!! note !!! note
Don't forget to [setup the connection between Træfik and Key-value store](/user-guide/kv-config/#launch-trfik). Don't forget to [setup the connection between Traefik and Key-value store](/user-guide/kv-config/#launch-traefik).
The static Træfik configuration in a key-value store can be automatically created and updated, using the [`storeconfig` subcommand](/basics/#commands). The static Traefik configuration in a key-value store can be automatically created and updated, using the [`storeconfig` subcommand](/basics/#commands).
```bash ```bash
traefik storeconfig [flags] ... traefik storeconfig [flags] ...
``` ```
This command is here only to automate the [process which upload the configuration into the Key-value store](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store). This command is here only to automate the [process which upload the configuration into the Key-value store](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store).
Træfik will not start but the [static configuration](/basics/#static-trfik-configuration) will be uploaded into the Key-value store. Traefik will not start but the [static configuration](/basics/#static-traefik-configuration) will be uploaded into the Key-value store.
If you configured ACME (Let's Encrypt), your registration account and your certificates will also be uploaded. If you configured ACME (Let's Encrypt), your registration account and your certificates will also be uploaded.

24
docs/user-guide/swarm-mode.md
View file

@ -1,6 +1,6 @@
# Docker Swarm (mode) cluster # Docker Swarm (mode) cluster
This section explains how to create a multi-host docker cluster with swarm mode using [docker-machine](https://docs.docker.com/machine) and how to deploy Træfik on it. This section explains how to create a multi-host docker cluster with swarm mode using [docker-machine](https://docs.docker.com/machine) and how to deploy Traefik on it.
The cluster consists of: The cluster consists of:
@ -66,17 +66,17 @@ ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
fnpj8ozfc85zvahx2r540xfcf * manager Ready Active Leader fnpj8ozfc85zvahx2r540xfcf * manager Ready Active Leader
``` ```
Finally, let's create a network for Træfik to use. Finally, let's create a network for Traefik to use.
```shell ```shell
docker-machine ssh manager "docker network create --driver=overlay traefik-net" docker-machine ssh manager "docker network create --driver=overlay traefik-net"
``` ```
## Deploy Træfik ## Deploy Traefik
Let's deploy Træfik as a docker service in our cluster. Let's deploy Traefik as a docker service in our cluster.
The only requirement for Træfik to work with swarm mode is that it needs to run on a manager node - we are going to use a [constraint](https://docs.docker.com/engine/reference/commandline/service_create/#/specify-service-constraints-constraint) for that. The only requirement for Traefik to work with swarm mode is that it needs to run on a manager node - we are going to use a [constraint](https://docs.docker.com/engine/reference/commandline/service_create/#/specify-service-constraints-constraint) for that.
```shell ```shell
docker-machine ssh manager "docker service create \ docker-machine ssh manager "docker service create \
@ -98,10 +98,10 @@ Let's explain this command:
| Option | Description | | Option | Description |
|-----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------| |-----------------------------------------------------------------------------|------------------------------------------------------------------------------------------------|
| `--publish 80:80 --publish 8080:8080` | we publish port `80` and `8080` on the cluster. | | `--publish 80:80 --publish 8080:8080` | we publish port `80` and `8080` on the cluster. |
| `--constraint=node.role==manager` | we ask docker to schedule Træfik on a manager node. | | `--constraint=node.role==manager` | we ask docker to schedule Traefik on a manager node. |
| `--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock` | we bind mount the docker socket where Træfik is scheduled to be able to speak to the daemon. | | `--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock` | we bind mount the docker socket where Traefik is scheduled to be able to speak to the daemon. |
| `--network traefik-net` | we attach the Træfik service (and thus the underlying container) to the `traefik-net` network. | | `--network traefik-net` | we attach the Traefik service (and thus the underlying container) to the `traefik-net` network. |
| `--docker` | enable docker provider, and `--docker.swarmMode` to enable the swarm mode on Træfik. | | `--docker` | enable docker provider, and `--docker.swarmMode` to enable the swarm mode on Traefik. |
| `--api` | activate the webUI on port 8080 | | `--api` | activate the webUI on port 8080 |
@ -145,7 +145,7 @@ z9re2mnl34k4 whoami1 replicated 1/1 emilevauge/whoami:latest
``` ```
## Access to your apps through Træfik ## Access to your apps through Traefik
```shell ```shell
curl -H Host:whoami0.traefik http://$(docker-machine ip manager) curl -H Host:whoami0.traefik http://$(docker-machine ip manager)
@ -187,7 +187,7 @@ X-Forwarded-Server: 77fc29c69fe4
``` ```
!!! note !!! note
As Træfik is published, you can access it from any machine and not only the manager. As Traefik is published, you can access it from any machine and not only the manager.
```shell ```shell
curl -H Host:whoami0.traefik http://$(docker-machine ip worker1) curl -H Host:whoami0.traefik http://$(docker-machine ip worker1)
@ -247,7 +247,7 @@ ysil6oto1wim whoami0 replicated 5/5 emilevauge/whoami:latest
z9re2mnl34k4 whoami1 replicated 5/5 emilevauge/whoami:latest z9re2mnl34k4 whoami1 replicated 5/5 emilevauge/whoami:latest
``` ```
## Access to your `whoami0` through Træfik multiple times. ## Access to your `whoami0` through Traefik multiple times.
Repeat the following command multiple times and note that the Hostname changes each time as Traefik load balances each request against the 5 tasks: Repeat the following command multiple times and note that the Hostname changes each time as Traefik load balances each request against the 5 tasks:

8
docs/user-guide/swarm.md
View file

@ -1,6 +1,6 @@
# Swarm cluster # Swarm cluster
This section explains how to create a multi-host [swarm](https://docs.docker.com/swarm) cluster using [docker-machine](https://docs.docker.com/machine/) and how to deploy Træfik on it. This section explains how to create a multi-host [swarm](https://docs.docker.com/swarm) cluster using [docker-machine](https://docs.docker.com/machine/) and how to deploy Traefik on it.
The cluster consists of: The cluster consists of:
@ -71,9 +71,9 @@ eval $(docker-machine env --swarm mhs-demo0)
docker network create --driver overlay --subnet=10.0.9.0/24 my-net docker network create --driver overlay --subnet=10.0.9.0/24 my-net
``` ```
## Deploy Træfik ## Deploy Traefik
Deploy Træfik: Deploy Traefik:
```shell ```shell
docker $(docker-machine config mhs-demo0) run \ docker $(docker-machine config mhs-demo0) run \
@ -132,7 +132,7 @@ ba2c21488299 emilevauge/whoami "/whoamI" 8 seconds ago
8fbc39271b4c traefik "/traefik -l DEBUG -c" 36 seconds ago Up 37 seconds 192.168.99.101:80->80/tcp, 192.168.99.101:8080->8080/tcp mhs-demo0/serene_bhabha 8fbc39271b4c traefik "/traefik -l DEBUG -c" 36 seconds ago Up 37 seconds 192.168.99.101:80->80/tcp, 192.168.99.101:8080->8080/tcp mhs-demo0/serene_bhabha
``` ```
## Access to your apps through Træfik ## Access to your apps through Traefik
```shell ```shell
curl -H Host:whoami0.traefik http://$(docker-machine ip mhs-demo0) curl -H Host:whoami0.traefik http://$(docker-machine ip mhs-demo0)

32
examples/quickstart/README.md
View file

@ -1,12 +1,12 @@
## The Træfik Quickstart (Using Docker) ## The Traefik Quickstart (Using Docker)
In this quickstart, we'll use [Docker compose](https://docs.docker.com/compose) to create our demo infrastructure. In this quickstart, we'll use [Docker compose](https://docs.docker.com/compose) to create our demo infrastructure.
To save some time, you can clone [Træfik's repository](https://github.com/containous/traefik) and use the quickstart files located in the [examples/quickstart](https://github.com/containous/traefik/tree/master/examples/quickstart/) directory. To save some time, you can clone [Traefik's repository](https://github.com/containous/traefik) and use the quickstart files located in the [examples/quickstart](https://github.com/containous/traefik/tree/master/examples/quickstart/) directory.
### 1 — Launch Træfik — Tell It to Listen to Docker ### 1 — Launch Traefik — Tell It to Listen to Docker
Create a `docker-compose.yml` file where you will define a `reverse-proxy` service that uses the official Træfik image: Create a `docker-compose.yml` file where you will define a `reverse-proxy` service that uses the official Traefik image:
```yaml ```yaml
version: '3' version: '3'
@ -14,7 +14,7 @@ version: '3'
services: services:
reverse-proxy: reverse-proxy:
image: traefik # The official Traefik docker image image: traefik # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Træfik to listen to docker command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports: ports:
- "80:80" # The HTTP port - "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api) - "8080:8080" # The Web UI (enabled by --api)
@ -22,7 +22,7 @@ services:
- /var/run/docker.sock:/var/run/docker.sock #So that Traefik can listen to the Docker events - /var/run/docker.sock:/var/run/docker.sock #So that Traefik can listen to the Docker events
``` ```
**That's it. Now you can launch Træfik!** **That's it. Now you can launch Traefik!**
Start your `reverse-proxy` with the following command: Start your `reverse-proxy` with the following command:
@ -30,11 +30,11 @@ Start your `reverse-proxy` with the following command:
docker-compose up -d reverse-proxy docker-compose up -d reverse-proxy
``` ```
You can open a browser and go to [http://localhost:8080](http://localhost:8080) to see Træfik's dashboard (we'll go back there once we have launched a service in step 2). You can open a browser and go to [http://localhost:8080](http://localhost:8080) to see Traefik's dashboard (we'll go back there once we have launched a service in step 2).
### 2 — Launch a Service — Træfik Detects It and Creates a Route for You ### 2 — Launch a Service — Traefik Detects It and Creates a Route for You
Now that we have a Træfik instance up and running, we will deploy new services. Now that we have a Traefik instance up and running, we will deploy new services.
Edit your `docker-compose.yml` file and add the following at the end of your file. Edit your `docker-compose.yml` file and add the following at the end of your file.
@ -54,7 +54,7 @@ Start the `whoami` service with the following command:
docker-compose up -d whoami docker-compose up -d whoami
``` ```
Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Træfik has automatically detected the new container and updated its own configuration. Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Traefik has automatically detected the new container and updated its own configuration.
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl) When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
@ -77,9 +77,9 @@ Run more instances of your `whoami` service with the following command:
docker-compose up -d --scale whoami=2 docker-compose up -d --scale whoami=2
``` ```
Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Træfik has automatically detected the new instance of the container. Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Traefik has automatically detected the new instance of the container.
Finally, see that Træfik load-balances between the two instances of your services by running twice the following command: Finally, see that Traefik load-balances between the two instances of your services by running twice the following command:
```shell ```shell
curl -H Host:whoami.docker.localhost http://127.0.0.1 curl -H Host:whoami.docker.localhost http://127.0.0.1
@ -99,9 +99,9 @@ IP: 172.27.0.4
# ... # ...
``` ```
### 4 — Enjoy Træfik's Magic ### 4 — Enjoy Traefik's Magic
Now that you have a basic understanding of how Træfik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](https://docs.traefik.io/) and let Træfik work for you! Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](https://docs.traefik.io/) and let Traefik work for you!
Whatever your infrastructure is, there is probably [an available Træfik backend](https://docs.traefik.io/#supported-backends) that will do the job. Whatever your infrastructure is, there is probably [an available Traefik backend](https://docs.traefik.io/#supported-backends) that will do the job.
Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Træfik's let's encrypt integration](https://docs.traefik.io/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/). Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Traefik's let's encrypt integration](https://docs.traefik.io/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/).

4
examples/quickstart/docker-compose.yml
View file

@ -1,10 +1,10 @@
version: '3' version: '3'
services: services:
# The reverse proxy service (Træfik) # The reverse proxy service (Traefik)
reverse-proxy: reverse-proxy:
image: traefik # The official Traefik docker image image: traefik # The official Traefik docker image
command: --api --docker # Enables the web UI and tells Træfik to listen to docker command: --api --docker # Enables the web UI and tells Traefik to listen to docker
ports: ports:
- "80:80" # The HTTP port - "80:80" # The HTTP port
- "8080:8080" # The Web UI (enabled by --api) - "8080:8080" # The Web UI (enabled by --api)

2
integration/consul_test.go
View file

@ -478,7 +478,7 @@ func datastoreContains(datastore *cluster.Datastore, expectedValue string) func(
func (s *ConsulSuite) TestSNIDynamicTlsConfig(c *check.C) { func (s *ConsulSuite) TestSNIDynamicTlsConfig(c *check.C) {
s.setupConsul(c) s.setupConsul(c)
consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress
// start Træfik // start Traefik
file := s.adaptFile(c, "fixtures/consul/simple_https.toml", struct{ ConsulHost string }{consulHost}) file := s.adaptFile(c, "fixtures/consul/simple_https.toml", struct{ ConsulHost string }{consulHost})
defer os.Remove(file) defer os.Remove(file)
cmd, display := s.traefikCmd(withConfigFile(file)) cmd, display := s.traefikCmd(withConfigFile(file))

4
integration/etcd3_test.go
View file

@ -428,7 +428,7 @@ func (s *Etcd3Suite) TestCommandStoreConfig(c *check.C) {
} }
func (s *Etcd3Suite) TestSNIDynamicTlsConfig(c *check.C) { func (s *Etcd3Suite) TestSNIDynamicTlsConfig(c *check.C) {
// start Træfik // start Traefik
cmd, display := s.traefikCmd( cmd, display := s.traefikCmd(
withConfigFile("fixtures/etcd/simple_https.toml"), withConfigFile("fixtures/etcd/simple_https.toml"),
"--etcd", "--etcd",
@ -566,7 +566,7 @@ func (s *Etcd3Suite) TestSNIDynamicTlsConfig(c *check.C) {
} }
func (s *Etcd3Suite) TestDeleteSNIDynamicTlsConfig(c *check.C) { func (s *Etcd3Suite) TestDeleteSNIDynamicTlsConfig(c *check.C) {
// start Træfik // start Traefik
cmd, display := s.traefikCmd( cmd, display := s.traefikCmd(
withConfigFile("fixtures/etcd/simple_https.toml"), withConfigFile("fixtures/etcd/simple_https.toml"),
"--etcd", "--etcd",

10
integration/etcd_test.go
View file

@ -155,7 +155,7 @@ func (s *EtcdSuite) TestNominalConfiguration(c *check.C) {
}) })
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
// wait for Træfik // wait for Traefik
err = try.GetRequest("http://127.0.0.1:8081/api/providers", 60*time.Second, try.BodyContains("Path:/test")) err = try.GetRequest("http://127.0.0.1:8081/api/providers", 60*time.Second, try.BodyContains("Path:/test"))
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
@ -213,7 +213,7 @@ func (s *EtcdSuite) TestGlobalConfiguration(c *check.C) {
}) })
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
// start Træfik // start Traefik
cmd, display := s.traefikCmd( cmd, display := s.traefikCmd(
withConfigFile("fixtures/simple_web.toml"), withConfigFile("fixtures/simple_web.toml"),
"--etcd", "--etcd",
@ -293,7 +293,7 @@ func (s *EtcdSuite) TestGlobalConfiguration(c *check.C) {
func (s *EtcdSuite) TestCertificatesContentWithSNIConfigHandshake(c *check.C) { func (s *EtcdSuite) TestCertificatesContentWithSNIConfigHandshake(c *check.C) {
etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress
// start Træfik // start Traefik
cmd, display := s.traefikCmd( cmd, display := s.traefikCmd(
withConfigFile("fixtures/simple_web.toml"), withConfigFile("fixtures/simple_web.toml"),
"--etcd", "--etcd",
@ -411,7 +411,7 @@ func (s *EtcdSuite) TestCommandStoreConfig(c *check.C) {
err := cmd.Start() err := cmd.Start()
c.Assert(err, checker.IsNil) c.Assert(err, checker.IsNil)
// wait for Træfik finish without error // wait for Traefik finish without error
cmd.Wait() cmd.Wait()
// CHECK // CHECK
@ -437,7 +437,7 @@ func (s *EtcdSuite) TestCommandStoreConfig(c *check.C) {
func (s *EtcdSuite) TestSNIDynamicTlsConfig(c *check.C) { func (s *EtcdSuite) TestSNIDynamicTlsConfig(c *check.C) {
etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress
// start Træfik // start Traefik
cmd, display := s.traefikCmd( cmd, display := s.traefikCmd(
withConfigFile("fixtures/etcd/simple_https.toml"), withConfigFile("fixtures/etcd/simple_https.toml"),
"--etcd", "--etcd",

4
middlewares/accesslog/logger_formatters.go
View file

@ -14,10 +14,10 @@ const (
defaultValue = "-" defaultValue = "-"
) )
// CommonLogFormatter provides formatting in the Træfik common log format // CommonLogFormatter provides formatting in the Traefik common log format
type CommonLogFormatter struct{} type CommonLogFormatter struct{}
// Format formats the log entry in the Træfik common log format // Format formats the log entry in the Traefik common log format
func (f *CommonLogFormatter) Format(entry *logrus.Entry) ([]byte, error) { func (f *CommonLogFormatter) Format(entry *logrus.Entry) ([]byte, error) {
b := &bytes.Buffer{} b := &bytes.Buffer{}

4
mkdocs.yml
View file

@ -1,5 +1,5 @@
site_name: Træfik site_name: Traefik
site_description: Træfik Documentation site_description: Traefik Documentation
site_author: containo.us site_author: containo.us
site_url: https://docs.traefik.io site_url: https://docs.traefik.io
dev_addr: 0.0.0.0:8000 dev_addr: 0.0.0.0:8000

2
provider/docker/docker.go
View file

@ -396,7 +396,7 @@ func parseService(service swarmtypes.Service, networkMap map[string]*dockertypes
if service.Spec.EndpointSpec != nil { if service.Spec.EndpointSpec != nil {
if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeDNSRR { if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeDNSRR {
if isBackendLBSwarm(dData) { if isBackendLBSwarm(dData) {
log.Warnf("Ignored %s endpoint-mode not supported, service name: %s. Fallback to Træfik load balancing", swarmtypes.ResolutionModeDNSRR, service.Spec.Annotations.Name) log.Warnf("Ignored %s endpoint-mode not supported, service name: %s. Fallback to Traefik load balancing", swarmtypes.ResolutionModeDNSRR, service.Spec.Annotations.Name)
} }
} else if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeVIP { } else if service.Spec.EndpointSpec.Mode == swarmtypes.ResolutionModeVIP {
dData.NetworkSettings.Networks = make(map[string]*networkData) dData.NetworkSettings.Networks = make(map[string]*networkData)

2
provider/label/label.go
View file

@ -162,7 +162,7 @@ func HasPrefix(labels map[string]string, prefix string) bool {
return false return false
} }
// IsEnabled Check if a container is enabled in Træfik // IsEnabled Check if a container is enabled in Traefik
func IsEnabled(labels map[string]string, exposedByDefault bool) bool { func IsEnabled(labels map[string]string, exposedByDefault bool) bool {
return GetBoolValue(labels, TraefikEnable, exposedByDefault) return GetBoolValue(labels, TraefikEnable, exposedByDefault)
} }

4
server/server_middlewares.go
View file

@ -309,7 +309,7 @@ func buildIPWhiteLister(whiteList *types.WhiteList, wlRange []string) (*middlewa
func (s *Server) wrapNegroniHandlerWithAccessLog(handler negroni.Handler, frontendName string) negroni.Handler { func (s *Server) wrapNegroniHandlerWithAccessLog(handler negroni.Handler, frontendName string) negroni.Handler {
if s.accessLoggerMiddleware != nil { if s.accessLoggerMiddleware != nil {
saveBackend := accesslog.NewSaveNegroniBackend(handler, "Træfik") saveBackend := accesslog.NewSaveNegroniBackend(handler, "Traefik")
saveFrontend := accesslog.NewSaveNegroniFrontend(saveBackend, frontendName) saveFrontend := accesslog.NewSaveNegroniFrontend(saveBackend, frontendName)
return saveFrontend return saveFrontend
} }
@ -318,7 +318,7 @@ func (s *Server) wrapNegroniHandlerWithAccessLog(handler negroni.Handler, fronte
func (s *Server) wrapHTTPHandlerWithAccessLog(handler http.Handler, frontendName string) http.Handler { func (s *Server) wrapHTTPHandlerWithAccessLog(handler http.Handler, frontendName string) http.Handler {
if s.accessLoggerMiddleware != nil { if s.accessLoggerMiddleware != nil {
saveBackend := accesslog.NewSaveBackend(handler, "Træfik") saveBackend := accesslog.NewSaveBackend(handler, "Traefik")
saveFrontend := accesslog.NewSaveFrontend(saveBackend, frontendName) saveFrontend := accesslog.NewSaveFrontend(saveBackend, frontendName)
return saveFrontend return saveFrontend
} }

6
webui/readme.md
View file

@ -1,10 +1,10 @@
# Træfik Web UI # Traefik Web UI
Access to Træfik Web UI, ex: http://localhost:8080 Access to Traefik Web UI, ex: http://localhost:8080
## Interface ## Interface
Træfik Web UI provide 2 types of informations: Traefik Web UI provide 2 types of informations:
- Providers with their backends and frontends information. - Providers with their backends and frontends information.
- Health of the web server. - Health of the web server.