d5a15d6756
implemented requested changes fix docs remove struct tag
676 lines
15 KiB
TOML
676 lines
15 KiB
TOML
################################################################
|
|
# Global configuration
|
|
################################################################
|
|
|
|
# Timeout in seconds.
|
|
# Duration to give active requests a chance to finish during hot-reloads
|
|
#
|
|
# Optional
|
|
# Default: 10
|
|
#
|
|
# graceTimeOut = 10
|
|
|
|
# Traefik logs file
|
|
# If not defined, logs to stdout
|
|
#
|
|
# Optional
|
|
#
|
|
# traefikLogsFile = "log/traefik.log"
|
|
|
|
# Access logs file
|
|
#
|
|
# Optional
|
|
#
|
|
# accessLogsFile = "log/access.log"
|
|
|
|
# Log level
|
|
#
|
|
# Optional
|
|
# Default: "ERROR"
|
|
#
|
|
# logLevel = "ERROR"
|
|
|
|
# Backends throttle duration: minimum duration between 2 events from providers
|
|
# before applying a new configuration. It avoids unnecessary reloads if multiples events
|
|
# are sent in a short amount of time.
|
|
#
|
|
# Optional
|
|
# Default: "2s"
|
|
#
|
|
# ProvidersThrottleDuration = "5s"
|
|
|
|
# If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
|
|
# If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value.
|
|
#
|
|
# Optional
|
|
# Default: http.DefaultMaxIdleConnsPerHost
|
|
#
|
|
# MaxIdleConnsPerHost = 200
|
|
|
|
# If set to true invalid SSL certificates are accepted for backends.
|
|
# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
|
|
# Optional
|
|
# Default: false
|
|
#
|
|
# InsecureSkipVerify = true
|
|
|
|
# Entrypoints to be used by frontends that do not specify any entrypoint.
|
|
# Each frontend can specify its own entrypoints.
|
|
#
|
|
# Optional
|
|
# Default: ["http"]
|
|
#
|
|
# defaultEntryPoints = ["http", "https"]
|
|
|
|
# Enable ACME (Let's Encrypt): automatic SSL
|
|
#
|
|
# Optional
|
|
#
|
|
# [acme]
|
|
|
|
# Email address used for registration
|
|
#
|
|
# Required
|
|
#
|
|
# email = "test@traefik.io"
|
|
|
|
# File used for certificates storage.
|
|
# WARNING, if you use Traefik in Docker, don't forget to mount this file as a volume.
|
|
#
|
|
# Required
|
|
#
|
|
# storageFile = "acme.json"
|
|
|
|
# Entrypoint to proxy acme challenge to.
|
|
# WARNING, must point to an entrypoint on port 443
|
|
#
|
|
# Required
|
|
#
|
|
# entryPoint = "https"
|
|
|
|
# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
|
|
# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
|
|
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
|
|
#
|
|
# Optional
|
|
#
|
|
# onDemand = true
|
|
|
|
# Enable certificate generation on frontends Host rules. This will request a certificate from Let's Encrypt for each frontend with a Host rule.
|
|
# For example, a rule Host:test1.traefik.io,test2.traefik.io will request a certificate with main domain test1.traefik.io and SAN test2.traefik.io.
|
|
#
|
|
# Optional
|
|
#
|
|
# OnHostRule = true
|
|
|
|
# CA server to use
|
|
# Uncomment the line to run on the staging let's encrypt server
|
|
# Leave comment to go to prod
|
|
#
|
|
# Optional
|
|
#
|
|
# caServer = "https://acme-staging.api.letsencrypt.org/directory"
|
|
|
|
# Domains list
|
|
# You can provide SANs (alternative domains) to each main domain
|
|
# All domains must have A/AAAA records pointing to Traefik
|
|
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
|
|
# Each domain & SANs will lead to a certificate request.
|
|
#
|
|
# [[acme.domains]]
|
|
# main = "local1.com"
|
|
# sans = ["test1.local1.com", "test2.local1.com"]
|
|
# [[acme.domains]]
|
|
# main = "local2.com"
|
|
# sans = ["test1.local2.com", "test2x.local2.com"]
|
|
# [[acme.domains]]
|
|
# main = "local3.com"
|
|
# [[acme.domains]]
|
|
# main = "local4.com"
|
|
|
|
|
|
# Entrypoints definition
|
|
#
|
|
# Optional
|
|
# Default:
|
|
# [entryPoints]
|
|
# [entryPoints.http]
|
|
# address = ":80"
|
|
#
|
|
# To redirect an http entrypoint to an https entrypoint (with SNI support):
|
|
# [entryPoints]
|
|
# [entryPoints.http]
|
|
# address = ":80"
|
|
# [entryPoints.http.redirect]
|
|
# entryPoint = "https"
|
|
# [entryPoints.https]
|
|
# address = ":443"
|
|
# [entryPoints.https.tls]
|
|
# [[entryPoints.https.tls.certificates]]
|
|
# CertFile = "integration/fixtures/https/snitest.com.cert"
|
|
# KeyFile = "integration/fixtures/https/snitest.com.key"
|
|
# [[entryPoints.https.tls.certificates]]
|
|
# CertFile = "integration/fixtures/https/snitest.org.cert"
|
|
# KeyFile = "integration/fixtures/https/snitest.org.key"
|
|
#
|
|
# To redirect an entrypoint rewriting the URL:
|
|
# [entryPoints]
|
|
# [entryPoints.http]
|
|
# address = ":80"
|
|
# [entryPoints.http.redirect]
|
|
# regex = "^http://localhost/(.*)"
|
|
# replacement = "http://mydomain/$1"
|
|
#
|
|
# To enable basic auth on an entrypoint
|
|
# with 2 user/pass: test:test and test2:test2
|
|
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
|
|
# [entryPoints]
|
|
# [entryPoints.http]
|
|
# address = ":80"
|
|
# [entryPoints.http.auth.basic]
|
|
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
|
#
|
|
# To enable digest auth on an entrypoint
|
|
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
|
|
# You can use htdigest to generate those ones
|
|
# [entryPoints]
|
|
# [entryPoints.http]
|
|
# address = ":80"
|
|
# [entryPoints.http.auth.basic]
|
|
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
|
|
|
|
|
|
# Enable retry sending request if network error
|
|
#
|
|
# Optional
|
|
#
|
|
# [retry]
|
|
|
|
# Number of attempts
|
|
#
|
|
# Optional
|
|
# Default: (number servers in backend) -1
|
|
#
|
|
# attempts = 3
|
|
|
|
################################################################
|
|
# Web configuration backend
|
|
################################################################
|
|
|
|
# Enable web configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [web]
|
|
|
|
# Web administration port
|
|
#
|
|
# Required
|
|
#
|
|
# address = ":8080"
|
|
|
|
# SSL certificate and key used
|
|
#
|
|
# Optional
|
|
#
|
|
# CertFile = "traefik.crt"
|
|
# KeyFile = "traefik.key"
|
|
#
|
|
# Set REST API to read-only mode
|
|
#
|
|
# Optional
|
|
# ReadOnly = false
|
|
|
|
# To enable basic auth on the webui
|
|
# with 2 user/pass: test:test and test2:test2
|
|
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
|
|
# [web.auth.basic]
|
|
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
|
|
# To enable digest auth on the webui
|
|
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
|
|
# You can use htdigest to generate those ones
|
|
# [web.auth.basic]
|
|
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
|
|
|
|
|
|
################################################################
|
|
# File configuration backend
|
|
################################################################
|
|
|
|
# Enable file configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [file]
|
|
|
|
# Rules file
|
|
# If defined, traefik will load rules from this file,
|
|
# otherwise, it will load rules from current file (cf Sample rules below).
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "rules.toml"
|
|
|
|
# Enable watch file changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
|
|
################################################################
|
|
# Docker configuration backend
|
|
################################################################
|
|
|
|
# Enable Docker configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [docker]
|
|
|
|
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
|
|
#
|
|
# Required
|
|
#
|
|
# endpoint = "unix:///var/run/docker.sock"
|
|
|
|
# Default domain used.
|
|
# Can be overridden by setting the "traefik.domain" label on a container.
|
|
#
|
|
# Required
|
|
#
|
|
# domain = "docker.localhost"
|
|
|
|
# Enable watch docker changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
# Override default configuration template. For advanced users :)
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "docker.tmpl"
|
|
|
|
# Expose containers by default in traefik
|
|
#
|
|
# Optional
|
|
# Default: true
|
|
#
|
|
# exposedbydefault = true
|
|
|
|
# Enable docker TLS connection
|
|
#
|
|
# Optional
|
|
#
|
|
# [docker.tls]
|
|
# ca = "/etc/ssl/ca.crt"
|
|
# cert = "/etc/ssl/docker.crt"
|
|
# key = "/etc/ssl/docker.key"
|
|
# insecureskipverify = true
|
|
|
|
|
|
################################################################
|
|
# Mesos/Marathon configuration backend
|
|
################################################################
|
|
|
|
# Enable Marathon configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [marathon]
|
|
|
|
# Marathon server endpoint.
|
|
# You can also specify multiple endpoint for Marathon:
|
|
# endpoint := "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
|
|
#
|
|
# Required
|
|
#
|
|
# endpoint = "http://127.0.0.1:8080"
|
|
|
|
# Enable watch Marathon changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
# Default domain used.
|
|
# Can be overridden by setting the "traefik.domain" label on an application.
|
|
#
|
|
# Required
|
|
#
|
|
# domain = "marathon.localhost"
|
|
|
|
# Override default configuration template. For advanced users :)
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "marathon.tmpl"
|
|
|
|
# Expose Marathon apps by default in traefik
|
|
#
|
|
# Optional
|
|
# Default: false
|
|
#
|
|
# exposedByDefault = true
|
|
|
|
# Convert Marathon groups to subdomains
|
|
# Default behavior: /foo/bar/myapp => foo-bar-myapp.{defaultDomain}
|
|
# with groupsAsSubDomains enabled: /foo/bar/myapp => myapp.bar.foo.{defaultDomain}
|
|
#
|
|
# Optional
|
|
# Default: false
|
|
#
|
|
# groupsAsSubDomains = true
|
|
|
|
# Enable Marathon basic authentication
|
|
#
|
|
# Optional
|
|
#
|
|
# [marathon.basic]
|
|
# httpBasicAuthUser = "foo"
|
|
# httpBasicPassword = "bar"
|
|
|
|
# DCOSToken for DCOS environment, This will override the Authorization header
|
|
#
|
|
# Optional
|
|
#
|
|
# dcosToken = "xxxxxx"
|
|
|
|
|
|
################################################################
|
|
# Mesos configuration backend
|
|
################################################################
|
|
|
|
# Enable Mesos configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [mesos]
|
|
|
|
# Mesos server endpoint.
|
|
# You can also specify multiple endpoint for Mesos:
|
|
# endpoint = "192.168.35.40:5050,192.168.35.41:5050,192.168.35.42:5050"
|
|
# endpoint = "zk://192.168.35.20:2181,192.168.35.21:2181,192.168.35.22:2181/mesos"
|
|
#
|
|
# Required
|
|
#
|
|
# endpoint = "http://127.0.0.1:8080"
|
|
|
|
# Enable watch Mesos changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
# Default domain used.
|
|
# Can be overridden by setting the "traefik.domain" label on an application.
|
|
#
|
|
# Required
|
|
#
|
|
# domain = "mesos.localhost"
|
|
|
|
# Override default configuration template. For advanced users :)
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "mesos.tmpl"
|
|
|
|
# Expose Mesos apps by default in traefik
|
|
#
|
|
# Optional
|
|
# Default: false
|
|
#
|
|
# ExposedByDefault = true
|
|
|
|
# TLS client configuration. https://golang.org/pkg/crypto/tls/#Config
|
|
#
|
|
# Optional
|
|
#
|
|
# [mesos.TLS]
|
|
# InsecureSkipVerify = true
|
|
|
|
#
|
|
#
|
|
# Optional
|
|
#
|
|
# ZkDetectionTimeout = 30
|
|
|
|
#
|
|
#
|
|
# Optional
|
|
#
|
|
# RefreshSeconds = 30
|
|
|
|
#
|
|
#
|
|
# Optional
|
|
#
|
|
# IPSources = "host"
|
|
|
|
################################################################
|
|
# Kubernetes Ingress configuration backend
|
|
################################################################
|
|
# Enable Kubernetes Ingress configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [kubernetes]
|
|
|
|
# Kubernetes server endpoint
|
|
#
|
|
# When deployed as a replication controller in Kubernetes,
|
|
# Traefik will use env variable KUBERNETES_SERVICE_HOST
|
|
# and KUBERNETES_SERVICE_PORT_HTTPS as endpoint
|
|
# Secure token will be found in /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
# and SSL CA cert in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
#
|
|
# Optional
|
|
#
|
|
# endpoint = "http://localhost:8080"
|
|
# namespaces = ["default"]
|
|
#
|
|
# See: http://kubernetes.io/docs/user-guide/labels/#list-and-watch-filtering
|
|
# labelselector = "A and not B"
|
|
|
|
################################################################
|
|
# Consul KV configuration backend
|
|
################################################################
|
|
|
|
# Enable Consul KV configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [consul]
|
|
|
|
# Consul server endpoint
|
|
#
|
|
# Required
|
|
#
|
|
# endpoint = "127.0.0.1:8500"
|
|
|
|
# Enable watch Consul changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
# Prefix used for KV store.
|
|
#
|
|
# Optional
|
|
#
|
|
# prefix = "traefik"
|
|
|
|
# Override default configuration template. For advanced users :)
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "consul.tmpl"
|
|
|
|
# Enable consul TLS connection
|
|
#
|
|
# Optional
|
|
#
|
|
# [consul.tls]
|
|
# ca = "/etc/ssl/ca.crt"
|
|
# cert = "/etc/ssl/consul.crt"
|
|
# key = "/etc/ssl/consul.key"
|
|
# insecureskipverify = true
|
|
|
|
|
|
################################################################
|
|
# Etcd configuration backend
|
|
################################################################
|
|
|
|
# Enable Etcd configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [etcd]
|
|
|
|
# Etcd server endpoint
|
|
#
|
|
# Required
|
|
#
|
|
# endpoint = "127.0.0.1:2379"
|
|
|
|
# Enable watch Etcd changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
# Prefix used for KV store.
|
|
#
|
|
# Optional
|
|
#
|
|
# prefix = "/traefik"
|
|
|
|
# Override default configuration template. For advanced users :)
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "etcd.tmpl"
|
|
|
|
# Enable etcd TLS connection
|
|
#
|
|
# Optional
|
|
#
|
|
# [etcd.tls]
|
|
# ca = "/etc/ssl/ca.crt"
|
|
# cert = "/etc/ssl/etcd.crt"
|
|
# key = "/etc/ssl/etcd.key"
|
|
# insecureskipverify = true
|
|
|
|
|
|
################################################################
|
|
# Zookeeper configuration backend
|
|
################################################################
|
|
|
|
# Enable Zookeeperconfiguration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [zookeeper]
|
|
|
|
# Zookeeper server endpoint
|
|
#
|
|
# Required
|
|
#
|
|
# endpoint = "127.0.0.1:2181"
|
|
|
|
# Enable watch Zookeeper changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
# Prefix used for KV store.
|
|
#
|
|
# Optional
|
|
#
|
|
# prefix = "/traefik"
|
|
|
|
# Override default configuration template. For advanced users :)
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "zookeeper.tmpl"
|
|
|
|
|
|
################################################################
|
|
# BoltDB configuration backend
|
|
################################################################
|
|
|
|
# Enable BoltDB configuration backend
|
|
#
|
|
# Optional
|
|
#
|
|
# [boltdb]
|
|
|
|
# BoltDB file
|
|
#
|
|
# Required
|
|
#
|
|
# endpoint = "/my.db"
|
|
|
|
# Enable watch BoltDB changes
|
|
#
|
|
# Optional
|
|
#
|
|
# watch = true
|
|
|
|
# Prefix used for KV store.
|
|
#
|
|
# Optional
|
|
#
|
|
# prefix = "/traefik"
|
|
|
|
# Override default configuration template. For advanced users :)
|
|
#
|
|
# Optional
|
|
#
|
|
# filename = "boltdb.tmpl"
|
|
|
|
|
|
|
|
|
|
################################################################
|
|
# Sample rules
|
|
################################################################
|
|
# [backends]
|
|
# [backends.backend1]
|
|
# [backends.backend1.circuitbreaker]
|
|
# expression = "NetworkErrorRatio() > 0.5"
|
|
# [backends.backend1.servers.server1]
|
|
# url = "http://172.17.0.2:80"
|
|
# weight = 10
|
|
# [backends.backend1.servers.server2]
|
|
# url = "http://172.17.0.3:80"
|
|
# weight = 1
|
|
# [backends.backend2]
|
|
# [backends.backend2.LoadBalancer]
|
|
# method = "drr"
|
|
# [backends.backend2.servers.server1]
|
|
# url = "http://172.17.0.4:80"
|
|
# weight = 1
|
|
# [backends.backend2.servers.server2]
|
|
# url = "http://172.17.0.5:80"
|
|
# weight = 2
|
|
#
|
|
# [frontends]
|
|
# [frontends.frontend1]
|
|
# backend = "backend2"
|
|
# [frontends.frontend1.routes.test_1]
|
|
# rule = "Host: test.localhost, other.localhost"
|
|
# [frontends.frontend2]
|
|
# backend = "backend1"
|
|
# passHostHeader = true
|
|
# entrypoints = ["https"] # overrides defaultEntryPoints
|
|
# [frontends.frontend2.routes.test_1]
|
|
# rule = "Host:{subdomain:[a-z]+}.localhost"
|
|
# [frontends.frontend3]
|
|
# entrypoints = ["http", "https"] # overrides defaultEntryPoints
|
|
# backend = "backend2"
|
|
# rule = "Path: /test, /other"
|