Compare commits

..

No commits in common. "fba88f2f2584f2f80feb00f94f4119a9c7163212" and "6ed08f382e010217328b5a9a0e4b5d6e319d0f74" have entirely different histories.

29 changed files with 107 additions and 124 deletions

View file

@ -93,7 +93,7 @@ The example below is a file provider only version (`yaml`) of what this configur
```yaml tab="Static configuration"
# traefik.yml
entryPoints:
entrypoints:
web:
address: :80

View file

@ -116,8 +116,8 @@ Please check the [configuration examples below](#configuration-examples) for mor
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.acme.email=your-email@example.com
--certificatesresolvers.myresolver.acme.storage=acme.json
@ -241,8 +241,8 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
```

View file

@ -354,7 +354,7 @@ To apply a redirection:
```
```bash tab="CLI"
--entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
--entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
--entryPoints='Name:websecure Address::443 TLS'
```
@ -394,10 +394,10 @@ To apply a redirection:
```bash tab="CLI"
## static configuration
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entrypoint.to=websecure
--entryPoints.web.http.redirections.entrypoint.scheme=https
--entryPoints.websecure.address=:443
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--providers.docker=true
```
@ -750,8 +750,8 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--certificatesresolvers.myresolver.acme.email=your-email@example.com
--certificatesresolvers.myresolver.acme.storage=acme.json
--certificatesresolvers.myresolver.acme.tlschallenge=true
@ -1078,7 +1078,7 @@ To activate the dashboard, you can either:
routers:
api:
rule: Host(`traefik.docker.localhost`)
entryPoints:
entrypoints:
- websecure
service: api@internal
middlewares:

View file

@ -622,7 +622,7 @@ Starting with `v2.11.2` the `<entrypoint>.transport.respondingTimeouts.tcp.linge
### RespondingTimeouts.TCP and RespondingTimeouts.HTTP
Starting with `v2.11.2` the `respondingTimeouts.tcp` and `respondingTimeouts.http` sections introduced in `v2.11.1` have been removed.
To configure the responding timeouts, please use the [`respondingTimeouts`](../routing/entrypoints.md#respondingtimeouts) section.
To configure responding timeouts
### EntryPoint.Transport.RespondingTimeouts.ReadTimeout

View file

@ -835,10 +835,6 @@ spec:
breaker will try to recover (as soon as it is in recovering
state).
x-kubernetes-int-or-string: true
responseCode:
description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state.
type: integer
type: object
compress:
description: |-

View file

@ -27,8 +27,8 @@ spec:
- name: traefik
image: traefik:v3.0
args:
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --experimental.kubernetesgateway
- --providers.kubernetesgateway

View file

@ -172,10 +172,6 @@ spec:
breaker will try to recover (as soon as it is in recovering
state).
x-kubernetes-int-or-string: true
responseCode:
description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state.
type: integer
type: object
compress:
description: |-

View file

@ -227,8 +227,8 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
```
```bash tab="CLI"
--entryPoints.specificIPv4.address=192.168.2.7:8888
--entryPoints.specificIPv6.address=[2001:db8::1]:8888
--entrypoints.specificIPv4.address=192.168.2.7:8888
--entrypoints.specificIPv6.address=[2001:db8::1]:8888
```
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
@ -270,8 +270,8 @@ reloading the static configuration without any service downtime.
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.reusePort=true
--entrypoints.web.address=:80
--entrypoints.web.reusePort=true
```
Now it is possible to run multiple Traefik processes with the same EntryPoint configuration.
@ -298,10 +298,10 @@ reloading the static configuration without any service downtime.
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.reusePort=true
--entryPoints.privateWeb.address=192.168.1.2:80
--entryPoints.privateWeb.reusePort=true
--entrypoints.web.address=:80
--entrypoints.web.reusePort=true
--entrypoints.privateWeb.address=192.168.1.2:80
--entrypoints.privateWeb.reusePort=true
```
Requests to `192.168.1.2:80` will only be handled by routers that have `privateWeb` as the entry point.
@ -349,9 +349,9 @@ EntryPoints in this list are used (by default) on HTTP and TCP routers that do n
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.websecure.asDefault=true
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.websecure.asDefault=true
```
### HTTP/2
@ -401,7 +401,7 @@ entryPoints:
```
```bash tab="CLI"
--entryPoints.name.http3
--entrypoints.name.http3
```
??? info "HTTP/3 uses UDP+TLS"
@ -433,7 +433,7 @@ It can be used to override the authority in the `alt-svc` header, for example if
```
```bash tab="CLI"
--entryPoints.name.http3.advertisedport=443
--entrypoints.name.http3.advertisedport=443
```
### Forwarded Headers
@ -870,10 +870,10 @@ This whole section is dedicated to options, keyed by entry point, that will appl
```
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entryPoint.to=websecure
--entrypoints.web.http.redirections.entryPoint.scheme=https
--entrypoints.websecure.address=:443
```
#### `entryPoint`
@ -908,7 +908,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entryPoints.foo.http.redirections.entryPoint.to=websecure
--entrypoints.foo.http.redirections.entryPoint.to=websecure
```
??? info "`entryPoint.scheme`"
@ -938,7 +938,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entryPoints.foo.http.redirections.entryPoint.scheme=https
--entrypoints.foo.http.redirections.entryPoint.scheme=https
```
??? info "`entryPoint.permanent`"
@ -968,7 +968,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entryPoints.foo.http.redirections.entrypoint.permanent=true
--entrypoints.foo.http.redirections.entrypoint.permanent=true
```
??? info "`entryPoint.priority`"
@ -998,7 +998,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entryPoints.foo.http.redirections.entrypoint.priority=10
--entrypoints.foo.http.redirections.entrypoint.priority=10
```
### EncodeQuerySemicolons
@ -1026,8 +1026,8 @@ entryPoints:
```
```bash tab="CLI"
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.encodequerysemicolons=true
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.encodequerysemicolons=true
```
#### Examples
@ -1062,8 +1062,8 @@ entryPoints:
```
```bash tab="CLI"
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.middlewares=auth@file,strip@file
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.middlewares=auth@file,strip@file
```
### TLS
@ -1109,13 +1109,13 @@ entryPoints:
```
```bash tab="CLI"
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls.options=foobar
--entryPoints.websecure.http.tls.certResolver=leresolver
--entryPoints.websecure.http.tls.domains[0].main=example.com
--entryPoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
--entryPoints.websecure.http.tls.domains[1].main=test.com
--entryPoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.options=foobar
--entrypoints.websecure.http.tls.certResolver=leresolver
--entrypoints.websecure.http.tls.domains[0].main=example.com
--entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
--entrypoints.websecure.http.tls.domains[1].main=test.com
--entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
```
??? example "Let's Encrypt"
@ -1138,8 +1138,8 @@ entryPoints:
```
```bash tab="CLI"
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls.certResolver=leresolver
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.certResolver=leresolver
```
## UDP Options
@ -1170,8 +1170,8 @@ entryPoints:
```
```bash tab="CLI"
--entryPoints.foo.address=:8000/udp
--entryPoints.foo.udp.timeout=10s
entrypoints.foo.address=:8000/udp
entrypoints.foo.udp.timeout=10s
```
{!traefik-for-business-applications.md!}

View file

@ -53,9 +53,9 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
- --log.level=DEBUG
- --api
- --api.insecure
- --entryPoints.web.address=:80
- --entryPoints.tcpep.address=:8000
- --entryPoints.udpep.address=:9000/udp
- --entrypoints.web.address=:80
- --entrypoints.tcpep.address=:8000
- --entrypoints.udpep.address=:9000/udp
- --providers.kubernetescrd
ports:
- name: web

View file

@ -234,7 +234,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
- headers: # [11]
name: foo # [12]
value: bar # [13]
backendRefs: # [14]
- backendRefs: # [14]
- name: whoamitcp # [15]
weight: 1 # [16]
port: 8080 # [17]
@ -273,7 +273,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
| [6] | `rules` | A list of HTTP matchers, filters and actions. |
| [7] | `matches` | Conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. |
| [8] | `path` | An HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided. |
| [9] | `type` | Type of match against the path Value (supported types: `Exact`, `PathPrefix`). |
| [9] | `type` | Type of match against the path Value (supported types: `Exact`, `Prefix`). |
| [10] | `value` | The value of the HTTP path to match against. |
| [11] | `headers` | Conditions to select a HTTP route by matching HTTP request headers. |
| [12] | `name` | Name of the HTTP header to be matched. |

View file

@ -126,7 +126,7 @@ which in turn will create the resulting routers, services, handlers, etc.
- name: traefik
image: traefik:v3.0
args:
- --entryPoints.web.address=:80
- --entrypoints.web.address=:80
- --providers.kubernetesingress
ports:
- name: web
@ -391,8 +391,8 @@ TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entry
```bash tab="CLI"
# Static configuration
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls
```
```yaml tab="File (YAML)"
@ -524,8 +524,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
- name: traefik
image: traefik:v3.0
args:
- --entryPoints.websecure.address=:443
- --entryPoints.websecure.http.tls
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls
- --providers.kubernetesingress
ports:
- name: websecure
@ -710,7 +710,7 @@ For more options, please refer to the available [annotations](#on-ingress).
- name: traefik
image: traefik:v3.0
args:
- --entryPoints.websecure.address=:443
- --entrypoints.websecure.address=:443
- --providers.kubernetesingress
ports:
- name: websecure

View file

@ -146,9 +146,9 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
```
??? example "Listens to Specific EntryPoints"
@ -204,9 +204,9 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
```
### Rule
@ -959,9 +959,9 @@ If you want to limit the router scope to a set of entry points, set the entry po
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
```
??? example "Listens to Specific EntryPoints"
@ -1023,9 +1023,9 @@ If you want to limit the router scope to a set of entry points, set the entry po
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
```
### Rule
@ -1610,9 +1610,9 @@ If one wants to limit the router scope to a set of EntryPoints, one should set t
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=":80"
--entryPoints.other.address=":9090/udp"
--entryPoints.streaming.address=":9191/udp"
--entrypoints.web.address=":80"
--entrypoints.other.address=":9090/udp"
--entrypoints.streaming.address=":9191/udp"
```
??? example "Listens to Specific EntryPoints"
@ -1667,9 +1667,9 @@ If one wants to limit the router scope to a set of EntryPoints, one should set t
```bash tab="CLI"
## Static configuration
--entryPoints.web.address=":80"
--entryPoints.other.address=":9090/udp"
--entryPoints.streaming.address=":9191/udp"
--entrypoints.web.address=":80"
--entrypoints.other.address=":9090/udp"
--entrypoints.streaming.address=":9191/udp"
```
### Services

View file

@ -30,8 +30,8 @@ spec:
args:
- --api.insecure
- --accesslog
- --entryPoints.web.Address=:8000
- --entryPoints.websecure.Address=:4443
- --entrypoints.web.Address=:8000
- --entrypoints.websecure.Address=:4443
- --providers.kubernetescrd
- --certificatesresolvers.myresolver.acme.tlschallenge
- --certificatesresolvers.myresolver.acme.email=foo@you.com

View file

@ -10,8 +10,8 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

View file

@ -20,8 +20,8 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

View file

@ -64,7 +64,7 @@ What changed between the initial setup:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entryPoints.websecure.address=:443"
- "--entrypoints.websecure.address=:443"
ports:
- "443:443"
```

View file

@ -10,8 +10,8 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

View file

@ -50,7 +50,7 @@ What changed between the basic example:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entryPoints.websecure.address=:443"
- "--entrypoints.websecure.address=:443"
ports:
- "443:443"
```

View file

@ -10,7 +10,7 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.websecure.address=:443"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"

View file

@ -50,7 +50,7 @@ What changed between the basic example:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entryPoints.websecure.address=:443"
- "--entrypoints.websecure.address=:443"
ports:
- "443:443"
```

View file

@ -10,7 +10,7 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entryPoints.web.address=:80"
- "--entrypoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"

View file

@ -86,7 +86,7 @@ Second, you define an entry point, along with the exposure of the matching port
```yaml
command:
# Traefik will listen to incoming request on the port 80 (HTTP)
- "--entryPoints.web.address=:80"
- "--entrypoints.web.address=:80"
ports:
- "80:80"

View file

@ -835,10 +835,6 @@ spec:
breaker will try to recover (as soon as it is in recovering
state).
x-kubernetes-int-or-string: true
responseCode:
description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state.
type: integer
type: object
compress:
description: |-

View file

@ -141,7 +141,7 @@ func newMiddlewareBuilder(ctx context.Context, goPath string, manifest *Manifest
case runtimeYaegi, "":
i, err := newInterpreter(ctx, goPath, manifest.Import)
if err != nil {
return nil, fmt.Errorf("failed to create Yaegi interpreter: %w", err)
return nil, fmt.Errorf("failed to craete Yaegi intepreter: %w", err)
}
return newYaegiMiddlewareBuilder(i, manifest.BasePkg, manifest.Import)

View file

@ -648,10 +648,6 @@ func createCircuitBreakerMiddleware(circuitBreaker *traefikv1alpha1.CircuitBreak
}
}
if circuitBreaker.ResponseCode != 0 {
cb.ResponseCode = circuitBreaker.ResponseCode
}
return cb, nil
}

View file

@ -88,8 +88,6 @@ type CircuitBreaker struct {
FallbackDuration *intstr.IntOrString `json:"fallbackDuration,omitempty" toml:"fallbackDuration,omitempty" yaml:"fallbackDuration,omitempty" export:"true"`
// RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
RecoveryDuration *intstr.IntOrString `json:"recoveryDuration,omitempty" toml:"recoveryDuration,omitempty" yaml:"recoveryDuration,omitempty" export:"true"`
// ResponseCode is the status code that the circuit breaker will return while it is in the open state.
ResponseCode int `json:"responseCode,omitempty" toml:"responseCode,omitempty" yaml:"responseCode,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true

View file

@ -100,11 +100,6 @@ func (r *Router) ServeTCP(conn tcp.WriteCloser) {
// If there is a handler matching the connection metadata,
// we let it handle the connection.
if handler != nil {
// Remove read/write deadline and delegate this to underlying TCP server.
if err := conn.SetDeadline(time.Time{}); err != nil {
log.Error().Err(err).Msg("Error while setting deadline")
}
handler.ServeTCP(conn)
return
}
@ -133,9 +128,15 @@ func (r *Router) ServeTCP(conn tcp.WriteCloser) {
return
}
// Remove read/write deadline and delegate this to underlying TCP server (for now only handled by HTTP Server)
if err := conn.SetDeadline(time.Time{}); err != nil {
log.Error().Err(err).Msg("Error while setting deadline")
// Remove read/write deadline and delegate this to underlying tcp server (for now only handled by HTTP Server)
err = conn.SetReadDeadline(time.Time{})
if err != nil {
log.Error().Err(err).Msg("Error while setting read deadline")
}
err = conn.SetWriteDeadline(time.Time{})
if err != nil {
log.Error().Err(err).Msg("Error while setting write deadline")
}
connData, err := tcpmuxer.NewConnData(hello.serverName, conn, hello.protos)

View file

@ -536,7 +536,7 @@ func (f *fakeSpiffePKI) genSVID(id spiffeid.ID) (*x509svid.SVID, error) {
return x509svid.ParseRaw(certDER, keyPKCS8)
}
// fakeSpiffeSource allows retrieving statically an SVID and its associated bundle.
// fakeSpiffeSource allows retrieving staticly an SVID and its associated bundle.
type fakeSpiffeSource struct {
bundle *x509bundle.Bundle
svid *x509svid.SVID

View file

@ -6,7 +6,7 @@
<q-card-section>
<div class="row items-center no-wrap">
<div class="col text-center">
<q-avatar class="provider-logo" font-size="inherit">
<q-avatar class="provider-logo">
<q-icon :name="`img:${getLogoPath}`" />
</q-avatar>
</div>