2019-02-26 16:50:07 +03:00
# EntryPoints
2019-03-25 18:54:03 +03:00
Opening Connections for Incoming Requests
2019-02-26 16:50:07 +03:00
{: .subtitle }
2019-07-01 12:30:05 +03:00
![entryPoints ](../assets/img/entrypoints.png )
2019-02-26 16:50:07 +03:00
2019-04-05 12:32:04 +03:00
EntryPoints are the network entry points into Traefik.
2019-03-14 11:30:04 +03:00
They define the port which will receive the requests (whether HTTP or TCP).
2019-02-26 16:50:07 +03:00
## Configuration Examples
2019-03-14 11:30:04 +03:00
??? example "Port 80 only"
2019-02-26 16:50:07 +03:00
2019-07-01 12:30:05 +03:00
```toml tab="File (TOML)"
2019-04-15 12:14:05 +03:00
[entryPoints]
[entryPoints.web]
2019-07-01 12:30:05 +03:00
address = ":80"
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
```
2019-07-02 18:36:04 +03:00
```bash tab="CLI"
2019-07-01 12:30:05 +03:00
--entryPoints.web.address=:80
2019-02-26 16:50:07 +03:00
```
2019-03-14 11:30:04 +03:00
We define an `entrypoint` called `web` that will listen on port `80` .
2019-02-26 16:50:07 +03:00
2019-03-14 11:30:04 +03:00
??? example "Port 80 & 443"
2019-02-26 16:50:07 +03:00
2019-07-01 12:30:05 +03:00
```toml tab="File (TOML)"
2019-04-15 12:14:05 +03:00
[entryPoints]
[entryPoints.web]
2019-02-26 16:50:07 +03:00
address = ":80"
2019-04-15 12:14:05 +03:00
[entryPoints.web-secure]
2019-02-26 16:50:07 +03:00
address = ":443"
```
2019-07-01 12:30:05 +03:00
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
```
2019-07-02 18:36:04 +03:00
```bash tab="CLI"
2019-07-01 12:30:05 +03:00
--entryPoints.web.address=:80
--entryPoints.web-secure.address=:443
```
2019-02-26 16:50:07 +03:00
2019-03-14 11:30:04 +03:00
- Two entrypoints are defined: one called `web` , and the other called `web-secure` .
- `web` listens on port `80` , and `web-secure` on port `443` .
2019-02-26 16:50:07 +03:00
## Configuration
### General
2019-04-05 12:32:04 +03:00
EntryPoints are part of the [static configuration ](../getting-started/configuration-overview.md#the-static-configuration ).
You can define them using a toml file, CLI arguments, or a key-value store.
See the complete reference for the list of available options:
2019-07-01 12:30:05 +03:00
```toml tab="File (TOML)"
2019-06-21 11:54:04 +03:00
[entryPoints]
2019-04-05 12:32:04 +03:00
2019-06-21 11:54:04 +03:00
[entryPoints.EntryPoint0]
2019-07-01 12:30:05 +03:00
address = ":8888"
[entryPoints.EntryPoint0.transport]
[entryPoints.EntryPoint0.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.EntryPoint0.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.EntryPoint0.proxyProtocol]
insecure = true
trustedIPs = ["foobar", "foobar"]
[entryPoints.EntryPoint0.forwardedHeaders]
insecure = true
trustedIPs = ["foobar", "foobar"]
```
```yaml tab="File (YAML)"
entryPoints:
EntryPoint0:
address: ":8888"
transport:
lifeCycle:
requestAcceptGraceTimeout: 42
graceTimeOut: 42
respondingTimeouts:
readTimeout: 42
writeTimeout: 42
idleTimeout: 42
proxyProtocol:
insecure: true
trustedIPs:
- "foobar"
- "foobar"
forwardedHeaders:
insecure: true
trustedIPs:
- "foobar"
- "foobar"
2019-04-05 12:32:04 +03:00
```
2019-07-02 18:36:04 +03:00
```bash tab="CLI"
2019-07-01 12:30:05 +03:00
--entryPoints.EntryPoint0.address=:8888
--entryPoints.EntryPoint0.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.EntryPoint0.transport.lifeCycle.graceTimeOut=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.readTimeout=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.writeTimeout=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.idleTimeout=42
--entryPoints.EntryPoint0.proxyProtocol.insecure=true
--entryPoints.EntryPoint0.proxyProtocol.trustedIPs=foobar,foobar
--entryPoints.EntryPoint0.forwardedHeaders.insecure=true
--entryPoints.EntryPoint0.forwardedHeaders.trustedIPs=foobar,foobar
2019-04-05 12:32:04 +03:00
```
2019-02-26 16:50:07 +03:00
## ProxyProtocol
Traefik supports [ProxyProtocol ](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt ).
??? example "Enabling Proxy Protocol with Trusted IPs"
2019-07-01 12:30:05 +03:00
```toml tab="File (TOML)"
2019-04-15 12:14:05 +03:00
[entryPoints]
[entryPoints.web]
2019-02-26 16:50:07 +03:00
address = ":80"
2019-04-15 12:14:05 +03:00
[entryPoints.web.proxyProtocol]
2019-02-26 16:50:07 +03:00
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
2019-07-01 12:30:05 +03:00
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
proxyProtocol
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
```
2019-07-02 18:36:04 +03:00
```bash tab="CLI"
2019-07-01 12:30:05 +03:00
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7
```
2019-02-26 16:50:07 +03:00
IPs in `trustedIPs` only will lead to remote client address replacement: Declare load-balancer IPs or CIDR range here.
2019-06-17 12:48:05 +03:00
??? example "Insecure Mode -- Testing Environment Only"
2019-02-26 16:50:07 +03:00
2019-06-17 12:48:05 +03:00
In a test environments, you can configure Traefik to trust every incoming connection.
Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect)
2019-02-26 16:50:07 +03:00
2019-07-01 12:30:05 +03:00
```toml tab="File (TOML)"
2019-04-15 12:14:05 +03:00
[entryPoints]
[entryPoints.web]
2019-02-26 16:50:07 +03:00
address = ":80"
2019-04-15 12:14:05 +03:00
[entryPoints.web.proxyProtocol]
2019-02-26 16:50:07 +03:00
insecure = true
```
2019-07-01 12:30:05 +03:00
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
proxyProtocol:
insecure: true
```
2019-07-02 18:36:04 +03:00
```bash tab="CLI"
2019-07-01 12:30:05 +03:00
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure
```
2019-02-26 16:50:07 +03:00
!!! warning "Queuing Traefik behind Another Load Balancer"
When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides.
Not doing so could introduce a security risk in your system (enabling request forgery).
## Forwarded Header
You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`)
??? example "Trusting Forwarded Headers from specific IPs"
2019-07-01 12:30:05 +03:00
```toml tab="File (TOML)"
2019-04-15 12:14:05 +03:00
[entryPoints]
[entryPoints.web]
2019-02-26 16:50:07 +03:00
address = ":80"
2019-04-15 12:14:05 +03:00
[entryPoints.web.forwardedHeaders]
2019-02-26 16:50:07 +03:00
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
2019-07-01 12:30:05 +03:00
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
forwardedHeaders
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
```
2019-07-02 18:36:04 +03:00
```bash tab="CLI"
2019-07-01 12:30:05 +03:00
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7
```
2019-02-26 16:50:07 +03:00
??? example "Insecure Mode -- Always Trusting Forwarded Headers"
2019-07-01 12:30:05 +03:00
```toml tab="File (TOML)"
2019-04-15 12:14:05 +03:00
[entryPoints]
[entryPoints.web]
2019-02-26 16:50:07 +03:00
address = ":80"
2019-04-15 12:14:05 +03:00
[entryPoints.web.forwardedHeaders]
2019-07-01 12:30:05 +03:00
insecure = true
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
forwardedHeaders:
insecure: true
```
2019-07-02 18:36:04 +03:00
```bash tab="CLI"
2019-07-01 12:30:05 +03:00
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure
2019-02-26 16:50:07 +03:00
```