traefik/docs/content/routing/entrypoints.md
2019-04-15 11:14:05 +02:00

4.8 KiB

EntryPoints

Opening Connections for Incoming Requests {: .subtitle }

EntryPoints

EntryPoints are the network entry points into Traefik. They define the port which will receive the requests (whether HTTP or TCP).

Configuration Examples

??? example "Port 80 only"

```toml
[entryPoints]
  [entryPoints.web]
     address = ":80"
```

We define an `entrypoint` called `web` that will listen on port `80`.

??? example "Port 80 & 443"

```toml
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"
```

- Two entrypoints are defined: one called `web`, and the other called `web-secure`.
- `web` listens on port `80`, and `web-secure` on port `443`. 

Configuration

General

EntryPoints are part of the static configuration. You can define them using a toml file, CLI arguments, or a key-value store.

See the complete reference for the list of available options:

[EntryPoints]

  [EntryPoints.EntryPoint0]
    Address = "foobar"
    [EntryPoints.EntryPoint0.Transport]
      [EntryPoints.EntryPoint0.Transport.LifeCycle]
        RequestAcceptGraceTimeout = 42
        GraceTimeOut = 42
      [EntryPoints.EntryPoint0.Transport.RespondingTimeouts]
        ReadTimeout = 42
        WriteTimeout = 42
        IdleTimeout = 42
    [EntryPoints.EntryPoint0.ProxyProtocol]
      Insecure = true
      TrustedIPs = ["foobar", "foobar"]
    [EntryPoints.EntryPoint0.ForwardedHeaders]
      Insecure = true
      TrustedIPs = ["foobar", "foobar"]
Name:EntryPoint0
Address:foobar
Transport.LifeCycle.RequestAcceptGraceTimeout:42
Transport.LifeCycle.GraceTimeOut:42
Transport.RespondingTimeouts.ReadTimeout:42
Transport.RespondingTimeouts.WriteTimeout:42
Transport.RespondingTimeouts.IdleTimeout:42
ProxyProtocol.Insecure:true
ProxyProtocol.TrustedIPs:foobar,foobar
ForwardedHeaders.Insecure:true
ForwardedHeaders.TrustedIPs:foobar,foobar

??? example "Using the CLI"

Here is an example of using the CLI to define `entrypoints`:

```shell
--entryPoints='Name:http Address::80'
--entryPoints='Name:https Address::443'
```

!!! note
    The whitespace character (` `) is the option separator, and the comma (`,`) is the value separator for lists inside an option.  
    The option names are case-insensitive.

!!! warning "Using Docker Compose Files"

    The syntax for passing arguments inside a docker compose file is a little different. Here are two examples.
    
    ```yaml
    traefik:
        image: traefik:v2.0 # The official v2.0 Traefik docker image
        command:
            - --defaultentrypoints=powpow
            - "--entryPoints=Name:powpow Address::42 Compress:true"
    ```

    or
    
    ```yaml
    traefik:
        image: traefik:v2.0 # The official v2.0 Traefik docker image
        command: --defaultentrypoints=powpow --entryPoints='Name:powpow Address::42 Compress:true'
    ```

ProxyProtocol

Traefik supports ProxyProtocol.

??? example "Enabling Proxy Protocol with Trusted IPs"

```toml
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

IPs in `trustedIPs` only will lead to remote client address replacement: Declare load-balancer IPs or CIDR range here.

??? example "Insecure Mode -- Testing Environnement Only"

In a test environments, you can configure Traefik to trust every incoming connection. Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)

```toml
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      insecure = true
```

!!! warning "Queuing Traefik behind Another Load Balancer"

When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides.
Not doing so could introduce a security risk in your system (enabling request forgery).

Forwarded Header

You can configure Traefik to trust the forwarded headers information (X-Forwarded-*)

??? example "Trusting Forwarded Headers from specific IPs"

```toml
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

??? example "Insecure Mode -- Always Trusting Forwarded Headers"

```toml
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
       insecure = true
```