c9d23494b9
* Add IdleTimeout setting to http.server Without such a timeout there is a risk of resource leakage from piling up connections, particularly when exposing Traefik to the Internet. Set the default to be 180 seconds * Add IdleConnTimeout to Traefik's http.server settings Without enforcing a timeout Traefik is susceptible to resource leakage, particularly when deployed as a public facing proxy exposed to the Internet. Set the default to be 180 seconds * tweak * Update configuration.go * add some documentation for the idletimeout setting * need to cast idletimeout * update doc to refect format specifics
140 lines
3.5 KiB
Markdown
140 lines
3.5 KiB
Markdown
|
||
# Examples
|
||
|
||
You will find here some configuration examples of Træfɪk.
|
||
|
||
## HTTP only
|
||
|
||
```
|
||
defaultEntryPoints = ["http"]
|
||
[entryPoints]
|
||
[entryPoints.http]
|
||
address = ":80"
|
||
```
|
||
|
||
## HTTP + HTTPS (with SNI)
|
||
|
||
```
|
||
defaultEntryPoints = ["http", "https"]
|
||
[entryPoints]
|
||
[entryPoints.http]
|
||
address = ":80"
|
||
[entryPoints.https]
|
||
address = ":443"
|
||
[entryPoints.https.tls]
|
||
[[entryPoints.https.tls.certificates]]
|
||
CertFile = "integration/fixtures/https/snitest.com.cert"
|
||
KeyFile = "integration/fixtures/https/snitest.com.key"
|
||
[[entryPoints.https.tls.certificates]]
|
||
CertFile = "integration/fixtures/https/snitest.org.cert"
|
||
KeyFile = "integration/fixtures/https/snitest.org.key"
|
||
```
|
||
Note that we can either give path to certificate file or directly the file content itself ([like in this TOML example](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store)).
|
||
|
||
## HTTP redirect on HTTPS
|
||
|
||
```
|
||
defaultEntryPoints = ["http", "https"]
|
||
[entryPoints]
|
||
[entryPoints.http]
|
||
address = ":80"
|
||
[entryPoints.http.redirect]
|
||
entryPoint = "https"
|
||
[entryPoints.https]
|
||
address = ":443"
|
||
[entryPoints.https.tls]
|
||
[[entryPoints.https.tls.certificates]]
|
||
certFile = "tests/traefik.crt"
|
||
keyFile = "tests/traefik.key"
|
||
```
|
||
|
||
## Let's Encrypt support
|
||
|
||
```
|
||
[entryPoints]
|
||
[entryPoints.https]
|
||
address = ":443"
|
||
[entryPoints.https.tls]
|
||
# certs used as default certs
|
||
[[entryPoints.https.tls.certificates]]
|
||
certFile = "tests/traefik.crt"
|
||
keyFile = "tests/traefik.key"
|
||
[acme]
|
||
email = "test@traefik.io"
|
||
storageFile = "acme.json"
|
||
onDemand = true
|
||
caServer = "http://172.18.0.1:4000/directory"
|
||
entryPoint = "https"
|
||
|
||
[[acme.domains]]
|
||
main = "local1.com"
|
||
sans = ["test1.local1.com", "test2.local1.com"]
|
||
[[acme.domains]]
|
||
main = "local2.com"
|
||
sans = ["test1.local2.com", "test2x.local2.com"]
|
||
[[acme.domains]]
|
||
main = "local3.com"
|
||
[[acme.domains]]
|
||
main = "local4.com"
|
||
```
|
||
|
||
## Override entrypoints in frontends
|
||
|
||
```
|
||
[frontends]
|
||
[frontends.frontend1]
|
||
backend = "backend2"
|
||
[frontends.frontend1.routes.test_1]
|
||
rule = "Host:test.localhost"
|
||
[frontends.frontend2]
|
||
backend = "backend1"
|
||
passHostHeader = true
|
||
entrypoints = ["https"] # overrides defaultEntryPoints
|
||
[frontends.frontend2.routes.test_1]
|
||
rule = "Host:{subdomain:[a-z]+}.localhost"
|
||
[frontends.frontend3]
|
||
entrypoints = ["http", "https"] # overrides defaultEntryPoints
|
||
backend = "backend2"
|
||
rule = "Path:/test"
|
||
```
|
||
|
||
## Enable Basic authentication in an entrypoint
|
||
|
||
With two user/pass:
|
||
|
||
- `test`:`test`
|
||
- `test2`:`test2`
|
||
|
||
Passwords are encoded in MD5: you can use htpasswd to generate those ones.
|
||
|
||
```
|
||
defaultEntryPoints = ["http"]
|
||
[entryPoints]
|
||
[entryPoints.http]
|
||
address = ":80"
|
||
[entryPoints.http.auth.basic]
|
||
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
||
```
|
||
|
||
## Pass Authenticated user to application via headers
|
||
|
||
Providing an authentication method as described above, it is possible to pass the user to the application
|
||
via a configurable header value
|
||
|
||
```
|
||
defaultEntryPoints = ["http"]
|
||
[entryPoints]
|
||
[entryPoints.http]
|
||
address = ":80"
|
||
[entryPoints.http.auth]
|
||
headerField = "X-WebAuth-User"
|
||
[entryPoints.http.auth.basic]
|
||
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
||
```
|
||
|
||
## Override the Traefik HTTP server IdleTimeout and/or throttle configurations from re-loading too quickly
|
||
|
||
```
|
||
IdleTimeout = "360s"
|
||
ProvidersThrottleDuration = "5s"
|
||
```
|