2015-09-14 16:38:58 +03:00
################################################################
# Global configuration
################################################################
2017-07-18 12:50:07 +03:00
# Duration to give active requests a chance to finish before Traefik stops.
# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
# If no units are provided, the value is parsed assuming seconds.
# Note: in this time frame no new requests are accepted.
2015-09-14 16:38:58 +03:00
#
# Optional
2017-03-27 12:51:53 +03:00
# Default: "10s"
2015-09-14 16:38:58 +03:00
#
2017-03-27 12:51:53 +03:00
# graceTimeOut = "10s"
2015-09-14 16:38:58 +03:00
2016-10-27 17:17:02 +03:00
# Enable debug mode
#
# Optional
# Default: false
#
# debug = true
# Periodically check if a new version has been released
#
# Optional
# Default: true
#
# checkNewVersion = false
2015-09-14 16:38:58 +03:00
# Traefik logs file
2015-09-24 15:32:37 +03:00
# If not defined, logs to stdout
2015-09-14 16:38:58 +03:00
#
# Optional
#
# traefikLogsFile = "log/traefik.log"
# Access logs file
#
# Optional
2017-08-26 13:12:44 +03:00
# DEPRECATED - see [accessLog] lower down
2015-09-14 16:38:58 +03:00
#
# accessLogsFile = "log/access.log"
# Log level
#
# Optional
# Default: "ERROR"
#
# logLevel = "ERROR"
2016-10-21 17:02:18 +03:00
# Backends throttle duration: minimum duration in seconds between 2 events from providers
2015-10-08 18:56:45 +03:00
# before applying a new configuration. It avoids unnecessary reloads if multiples events
# are sent in a short amount of time.
2017-03-27 12:51:53 +03:00
# Can be provided in a format supported by Go's time.ParseDuration function or
# as raw values (digits). If no units are provided, the value is parsed assuming
# seconds.
2015-10-08 18:56:45 +03:00
#
# Optional
2017-03-27 12:51:53 +03:00
# Default: "2s"
2015-10-08 18:56:45 +03:00
#
2017-03-27 12:51:53 +03:00
# ProvidersThrottleDuration = "5s"
2015-10-08 18:56:45 +03:00
2017-03-06 15:40:46 +03:00
# Controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost
# from the Go standard library net/http module is used.
# If you encounter 'too many open files' errors, you can either increase this
# value or change the `ulimit`.
2016-02-10 00:29:01 +03:00
#
# Optional
2017-03-06 15:40:46 +03:00
# Default: 200
2016-02-10 00:29:01 +03:00
#
# MaxIdleConnsPerHost = 200
2016-07-31 19:08:33 +03:00
# If set to true invalid SSL certificates are accepted for backends.
# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
# Optional
# Default: false
#
# InsecureSkipVerify = true
2017-06-23 16:15:07 +03:00
# Register Certificates in the RootCA. This certificates will be use for backends calls.
# Note: You can use file path or cert content directly
# Optional
# Default: []
#
# RootCAs = [ "/mycert.cert" ]
2016-02-25 20:30:13 +03:00
# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
# defaultEntryPoints = ["http", "https"]
2016-09-20 17:56:29 +03:00
# Constraints definition
#
# Optional
#
# Simple matching constraint
# constraints = ["tag==api"]
#
# Simple mismatching constraint
# constraints = ["tag!=api"]
#
# Globbing
# constraints = ["tag==us-*"]
#
# Backend-specific constraint
# [consulCatalog]
2017-03-16 16:35:23 +03:00
# endpoint = "127.0.0.1:8500"
2016-09-20 17:56:29 +03:00
# constraints = ["tag==api"]
#
# Multiple constraints
# - "tag==" must match with at least one tag
# - "tag!=" must match with none of tags
# constraints = ["tag!=us-*", "tag!=asia-*"]
# [consulCatalog]
2017-03-16 16:35:23 +03:00
# endpoint = "127.0.0.1:8500"
2016-09-20 17:56:29 +03:00
# constraints = ["tag==api", "tag!=v*-beta"]
2016-03-15 18:50:14 +03:00
# Enable ACME (Let's Encrypt): automatic SSL
#
# Optional
#
# [acme]
# Email address used for registration
#
# Required
#
# email = "test@traefik.io"
2016-09-29 14:49:12 +03:00
# File or key used for certificates storage.
# WARNING, if you use Traefik in Docker, you have 2 options:
# - create a file on your host and mount it as a volume
# storageFile = "acme.json"
# $ docker run -v "/my/host/acme.json:acme.json" traefik
# - mount the folder containing the file as a volume
# storageFile = "/etc/traefik/acme/acme.json"
# $ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
2016-03-15 18:50:14 +03:00
#
# Required
#
2016-09-29 14:49:12 +03:00
# storage = "acme.json" # or "traefik/acme/account" if using KV store
2016-03-15 18:50:14 +03:00
2016-10-14 03:33:01 +03:00
# Entrypoint to proxy acme challenge/apply certificates to.
2016-07-12 08:25:01 +03:00
# WARNING, must point to an entrypoint on port 443
2016-03-15 18:50:14 +03:00
#
# Required
#
2016-03-21 13:10:18 +03:00
# entryPoint = "https"
2016-03-15 18:50:14 +03:00
2016-10-14 03:33:01 +03:00
# Use a DNS based acme challenge rather than external HTTPS access, e.g. for a firewalled server
# Select the provider that matches the DNS domain that will host the challenge TXT record,
# and provide environment variables with access keys to enable setting it:
# - cloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY
# - digitalocean: DO_AUTH_TOKEN
2017-07-19 19:01:24 +03:00
# - dnsimple: DNSIMPLE_EMAIL, DNSIMPLE_OAUTH_TOKEN
2016-10-14 03:33:01 +03:00
# - dnsmadeeasy: DNSMADEEASY_API_KEY, DNSMADEEASY_API_SECRET
# - exoscale: EXOSCALE_API_KEY, EXOSCALE_API_SECRET
# - gandi: GANDI_API_KEY
# - linode: LINODE_API_KEY
# - manual: none, but run traefik interactively & turn on acmeLogging to see instructions & press Enter
# - namecheap: NAMECHEAP_API_USER, NAMECHEAP_API_KEY
# - rfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER
# - route53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, or configured user/instance IAM profile
# - dyn: DYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD
# - vultr: VULTR_API_KEY
# - ovh: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY
# - pdns: PDNS_API_KEY, PDNS_API_URL
#
# Optional
#
# dnsProvider = "digitalocean"
# By default, the dnsProvider will verify the TXT DNS challenge record before letting ACME verify
# If delayDontCheckDNS is greater than zero, avoid this & instead just wait so many seconds.
# Useful if internal networks block external DNS queries
#
# Optional
#
# delayDontCheckDNS = 0
# If true, display debug log messages from the acme client library
#
# Optional
#
# acmeLogging = true
2016-03-15 18:50:14 +03:00
# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
2016-09-13 16:17:34 +03:00
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
2016-03-15 18:50:14 +03:00
#
# Optional
#
# onDemand = true
2016-08-05 21:42:45 +03:00
# Enable certificate generation on frontends Host rules. This will request a certificate from Let's Encrypt for each frontend with a Host rule.
# For example, a rule Host:test1.traefik.io,test2.traefik.io will request a certificate with main domain test1.traefik.io and SAN test2.traefik.io.
#
# Optional
#
# OnHostRule = true
2016-03-15 18:50:14 +03:00
# CA server to use
# Uncomment the line to run on the staging let's encrypt server
# Leave comment to go to prod
#
# Optional
#
# caServer = "https://acme-staging.api.letsencrypt.org/directory"
# Domains list
# You can provide SANs (alternative domains) to each main domain
2016-09-13 16:17:34 +03:00
# All domains must have A/AAAA records pointing to Traefik
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
# Each domain & SANs will lead to a certificate request.
2016-03-15 18:50:14 +03:00
#
# [[acme.domains]]
# main = "local1.com"
# sans = ["test1.local1.com", "test2.local1.com"]
# [[acme.domains]]
# main = "local2.com"
# sans = ["test1.local2.com", "test2x.local2.com"]
# [[acme.domains]]
# main = "local3.com"
# [[acme.domains]]
# main = "local4.com"
2017-05-30 13:06:49 +03:00
# Enable access logs
# By default it will write to stdout and produce logs in the textual
# Common Log Format (CLF), extended with additional fields.
2017-05-25 14:25:53 +03:00
#
# Optional
#
# [accessLog]
2017-05-30 13:06:49 +03:00
# Sets the file path for the access log. If not specified, stdout will be used.
# Intermediate directories are created if necessary.
2017-05-25 14:25:53 +03:00
#
# Optional
2017-05-30 13:06:49 +03:00
# Default: os.Stdout
2017-05-25 14:25:53 +03:00
#
# filePath = "/path/to/log/log.txt"
# Format is either "json" or "common".
#
# Optional
# Default: "common"
#
# format = "common"
2016-02-25 20:30:13 +03:00
# Entrypoints definition
#
# Optional
# Default:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
#
# To redirect an http entrypoint to an https entrypoint (with SNI support):
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.http.redirect]
# entryPoint = "https"
# [entryPoints.https]
# address = ":443"
# [entryPoints.https.tls]
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.com.cert"
# KeyFile = "integration/fixtures/https/snitest.com.key"
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.org.cert"
# KeyFile = "integration/fixtures/https/snitest.org.key"
#
# To redirect an entrypoint rewriting the URL:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.http.redirect]
# regex = "^http://localhost/(.*)"
# replacement = "http://mydomain/$1"
2016-07-21 18:05:58 +03:00
#
# To enable basic auth on an entrypoint
# with 2 user/pass: test:test and test2:test2
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
2017-02-24 05:46:50 +03:00
# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
2016-07-21 18:05:58 +03:00
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.http.auth.basic]
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
2017-02-24 05:46:50 +03:00
# usersFile = "/path/to/.htpasswd"
2016-07-21 18:05:58 +03:00
#
# To enable digest auth on an entrypoint
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
# You can use htdigest to generate those ones
2017-02-24 05:46:50 +03:00
# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
2016-07-21 18:05:58 +03:00
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.http.auth.basic]
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
2017-02-24 05:46:50 +03:00
# usersFile = "/path/to/.htdigest"
2016-09-20 09:06:06 +03:00
#
2017-08-25 19:22:03 +03:00
# To enable forward auth on an entrypoint
# This configuration will first forward the request to http://authserver.com/auth. If the response code is 2XX,
# access is granted and the original request is performed. Otherwise, the response from the auth server is returned.
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# [entryPoints.http.auth.forward]
# address = "http://authserver.com/auth"
#
2016-09-20 09:06:06 +03:00
# To specify an https entrypoint with a minimum TLS version, and specifying an array of cipher suites (from crypto/tls):
# [entryPoints]
# [entryPoints.https]
# address = ":443"
# [entryPoints.https.tls]
# MinVersion = "VersionTLS12"
# CipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"]
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.com.cert"
# KeyFile = "integration/fixtures/https/snitest.com.key"
# [[entryPoints.https.tls.certificates]]
# CertFile = "integration/fixtures/https/snitest.org.cert"
# KeyFile = "integration/fixtures/https/snitest.org.key"
2015-10-08 18:56:45 +03:00
2016-09-29 00:36:06 +03:00
# To enable compression support using gzip format:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# compress = true
2017-02-25 23:44:01 +03:00
# To bind to a particular IP address only:
# [entryPoints]
# [entryPoints.http]
# address = "10.42.13.37:80"
2017-07-08 13:21:14 +03:00
# To enable IP whitelisting at the entrypoint level:
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# whiteListSourceRange = ["127.0.0.1/32"]
2017-08-25 22:32:03 +03:00
# To enable ProxyProtocol support (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt):
# [entryPoints]
# [entryPoints.http]
# address = ":80"
# proxyprotocol = true
2016-03-29 23:25:32 +03:00
# Enable retry sending request if network error
#
# Optional
#
# [retry]
# Number of attempts
#
# Optional
# Default: (number servers in backend) -1
#
# attempts = 3
2017-03-24 11:36:33 +03:00
# Enable custom health check options.
#
# Optional
#
# [healthcheck]
# Set the default health check interval. Will only be effective if health check
# paths are defined. Given provider-specific support, the value may be
# overridden on a per-backend basis.
# Can be provided in a format supported by Go's time.ParseDuration function or
# as raw values (digits). If no units are provided, the value is parsed assuming
# seconds.
#
# Optional
# Default: "30s"
#
# interval = "30s"
2017-08-18 16:34:04 +03:00
# Timeout settings for the http servers Traefik starts
#
# Optional
#
# [respondingTimeouts]
# ReadTimeout is the maximum duration for reading the entire request, including the body.
# If zero, no timeout exists.
#
# Optional
# Default: "0s"
#
# readTimeout = "5s"
# WriteTimeout is the maximum duration before timing out writes of the response.
# If zero, no timeout exists.
#
# Optional
# Default: "0s"
#
# writeTimeout = "5s"
# IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself.
# Defaults to 180 seconds.
# If zero, no timeout exists.
#
# Optional
# Default: "180s"
#
# idleTimeout = "360s"
# Timeout settings for requests forwarded to the Backend Servers
#
# Optional
#
# [forwardingTimeouts]
# The amount of time to wait until a connection to a Backend Server can be established.
# If zero, no timeout exists.
#
# Optional
# Default: "30s"
#
# dialTimeout = "30s"
# The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists
#
# Optional
# Default: "0s"
#
# responseHeaderTimeout = "0s"
2017-08-26 13:12:44 +03:00
2015-09-14 16:38:58 +03:00
################################################################
# Web configuration backend
################################################################
# Enable web configuration backend
#
# Optional
#
# [web]
# Web administration port
#
# Required
#
# address = ":8080"
2015-09-22 22:00:29 +03:00
# SSL certificate and key used
#
# Optional
#
# CertFile = "traefik.crt"
# KeyFile = "traefik.key"
2017-08-26 13:12:44 +03:00
2016-01-14 00:46:44 +03:00
# Set REST API to read-only mode
#
# Optional
# ReadOnly = false
2017-08-26 13:12:44 +03:00
2016-10-21 11:36:07 +03:00
# Enable more detailed statistics
# [web.statistics]
# RecentErrors = 10
2017-08-26 13:12:44 +03:00
2017-01-17 20:14:13 +03:00
# To enable Traefik to export internal metrics to Prometheus
# [web.metrics.prometheus]
2017-02-13 13:56:27 +03:00
# Buckets=[0.1,0.3,1.2,5.0]
2017-01-17 20:14:13 +03:00
#
2015-09-22 22:00:29 +03:00
2017-08-26 13:12:44 +03:00
# DataDog metrics exporter type
# [web.metrics.datadog]
# Address = "localhost:8125"
# Pushinterval = "10s"
# StatsD metrics exporter type
# [web.metrics.statsd]
# Address = "localhost:8125"
# Pushinterval = "10s"
2016-09-15 16:24:22 +03:00
# To enable basic auth on the webui
# with 2 user/pass: test:test and test2:test2
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
2017-02-24 05:46:50 +03:00
# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
2016-09-20 09:06:06 +03:00
# [web.auth.basic]
2016-09-15 16:24:22 +03:00
# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
2017-02-24 05:46:50 +03:00
# usersFile = "/path/to/.htpasswd"
2016-09-15 16:24:22 +03:00
# To enable digest auth on the webui
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
# You can use htdigest to generate those ones
2017-02-24 05:46:50 +03:00
# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
2016-11-24 20:17:57 +03:00
# [web.auth.digest]
2016-09-15 16:24:22 +03:00
# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
2017-02-24 05:46:50 +03:00
# usersFile = "/path/to/.htdigest"
2016-09-15 16:24:22 +03:00
2015-09-14 16:38:58 +03:00
################################################################
# File configuration backend
################################################################
# Enable file configuration backend
#
# Optional
#
# [file]
# Rules file
# If defined, traefik will load rules from this file,
# otherwise, it will load rules from current file (cf Sample rules below).
#
# Optional
#
# filename = "rules.toml"
2017-05-26 16:32:03 +03:00
# Rules file
# If defined, traefik will load rules from .toml files in this directory.
#
# Optional
#
# directory = "/path/to/config/"
2015-09-14 16:38:58 +03:00
# Enable watch file changes
#
# Optional
#
# watch = true
################################################################
# Docker configuration backend
################################################################
# Enable Docker configuration backend
#
# Optional
#
# [docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
#
# endpoint = "unix:///var/run/docker.sock"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Required
#
# domain = "docker.localhost"
2015-09-15 01:03:53 +03:00
# Enable watch docker changes
#
# Optional
#
# watch = true
2015-09-14 16:38:58 +03:00
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "docker.tmpl"
2016-07-14 12:32:15 +03:00
# Expose containers by default in traefik
#
# Optional
# Default: true
#
# exposedbydefault = true
2015-11-20 18:05:06 +03:00
# Enable docker TLS connection
#
2016-01-18 13:52:18 +03:00
# Optional
#
2015-11-20 18:05:06 +03:00
# [docker.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
2016-08-05 17:02:46 +03:00
# key = "/etc/ssl/docker.key"
# insecureskipverify = true
################################################################
# Docker Swarmmode configuration backend
################################################################
# Enable Docker configuration backend
#
# Optional
#
# [docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
#
# endpoint = "tcp://127.0.0.1:2375"
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a services.
#
# Required
#
# domain = "docker.localhost"
# Enable watch docker changes
#
# Optional
#
# watch = true
# Use Docker Swarm Mode as data provider
#
# Optional
#
# swarmmode = true
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "docker.tmpl"
# Expose services by default in traefik
#
# Optional
# Default: true
#
# exposedbydefault = true
# Enable docker TLS connection
#
# Optional
#
# [swarm.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
2015-11-20 18:05:06 +03:00
# key = "/etc/ssl/docker.key"
# insecureskipverify = true
2016-11-08 16:20:50 +03:00
# Constraints
#
# Optional
#
# constraints = ["tag==api", "tag==he*ld"]
# Matching with containers having the label "traefik.tags" set to "api,helloworld"
2016-09-20 17:56:29 +03:00
# ex: $ docker run -d -P --label traefik.tags=api,helloworld emilevauge/whoami
2015-09-14 16:38:58 +03:00
################################################################
# Mesos/Marathon configuration backend
################################################################
# Enable Marathon configuration backend
#
# Optional
#
# [marathon]
# Marathon server endpoint.
# You can also specify multiple endpoint for Marathon:
# endpoint := "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
#
# Required
#
# endpoint = "http://127.0.0.1:8080"
# Enable watch Marathon changes
#
# Optional
#
# watch = true
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on an application.
#
# Required
#
# domain = "marathon.localhost"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "marathon.tmpl"
2016-03-25 12:34:29 +03:00
# Expose Marathon apps by default in traefik
#
# Optional
2016-11-08 16:20:50 +03:00
# Default: true
2016-03-25 12:34:29 +03:00
#
2016-06-01 17:47:39 +03:00
# exposedByDefault = true
# Convert Marathon groups to subdomains
# Default behavior: /foo/bar/myapp => foo-bar-myapp.{defaultDomain}
# with groupsAsSubDomains enabled: /foo/bar/myapp => myapp.bar.foo.{defaultDomain}
#
# Optional
# Default: false
#
# groupsAsSubDomains = true
2016-03-25 12:34:29 +03:00
2017-08-26 13:12:44 +03:00
# Enable compatibility with marathon-lb labels
2016-10-05 18:42:58 +03:00
#
# Optional
2017-08-26 13:12:44 +03:00
# Default: false
#
# marathonLBCompatibility = true
2016-10-05 18:42:58 +03:00
2016-01-18 13:52:18 +03:00
# Enable Marathon basic authentication
#
# Optional
#
# [marathon.basic]
# httpBasicAuthUser = "foo"
# httpBasicPassword = "bar"
2017-08-26 13:12:44 +03:00
# TLS client configuration. https://golang.org/pkg/crypto/tls/#Config
#
# Optional
#
# [marathon.TLS]
# CA = "/etc/ssl/ca.crt"
# Cert = "/etc/ssl/marathon.cert"
# Key = "/etc/ssl/marathon.key"
# InsecureSkipVerify = true
2016-06-18 15:51:52 +03:00
# DCOSToken for DCOS environment, This will override the Authorization header
2016-02-10 01:10:24 +03:00
#
# Optional
#
2016-06-18 15:51:52 +03:00
# dcosToken = "xxxxxx"
2016-02-10 01:10:24 +03:00
2017-08-26 13:12:44 +03:00
# Override DialerTimeout
# Amount of time to allow the Marathon provider to wait to open a TCP connection
# to a Marathon master.
# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw
# values (digits). If no units are provided, the value is parsed assuming
# seconds.
#
# Optional
# Default: "60s"
# dialerTimeout = "60s"
2016-07-20 12:56:14 +03:00
2017-03-27 12:51:53 +03:00
# Set the TCP Keep Alive interval for the Marathon HTTP Client.
2017-08-26 13:12:44 +03:00
# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw
# values (digits). If no units are provided, the value is parsed assuming
2017-03-27 12:51:53 +03:00
# seconds.
2016-11-22 18:11:28 +03:00
#
# Optional
2017-03-27 12:51:53 +03:00
# Default: "10s"
2016-11-22 18:11:28 +03:00
#
2017-03-27 12:51:53 +03:00
# keepAlive = "10s"
2016-11-22 18:11:28 +03:00
2017-08-25 19:22:03 +03:00
# By default, a task's IP address (as returned by the Marathon API) is used as
2017-03-26 22:59:08 +03:00
# backend server if an IP-per-task configuration can be found; otherwise, the
# name of the host running the task is used.
# The latter behavior can be enforced by enabling this switch.
2017-08-25 19:22:03 +03:00
#
2017-03-26 22:59:08 +03:00
# Optional
# Default: false
#
2017-08-23 10:22:03 +03:00
# forceTaskHostname = false
2017-03-26 22:59:08 +03:00
2017-08-18 04:08:03 +03:00
# Applications may define readiness checks which are probed by Marathon during
# deployments periodically and the results exposed via the API. Enabling the
# following parameter causes Traefik to filter out tasks whose readiness checks
# have not succeeded.
# Note that the checks are only valid at deployment times. See the Marathon
# guide for details.
#
# Optional
# Default: false
2017-08-23 10:22:03 +03:00
#
# respectReadinessChecks = false
2017-08-18 04:08:03 +03:00
2017-08-26 13:12:44 +03:00
2016-07-20 12:56:14 +03:00
################################################################
# Mesos configuration backend
################################################################
# Enable Mesos configuration backend
#
# Optional
#
# [mesos]
# Mesos server endpoint.
# You can also specify multiple endpoint for Mesos:
# endpoint = "192.168.35.40:5050,192.168.35.41:5050,192.168.35.42:5050"
# endpoint = "zk://192.168.35.20:2181,192.168.35.21:2181,192.168.35.22:2181/mesos"
#
# Required
#
# endpoint = "http://127.0.0.1:8080"
# Enable watch Mesos changes
#
# Optional
#
# watch = true
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on an application.
#
# Required
#
# domain = "mesos.localhost"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "mesos.tmpl"
# Expose Mesos apps by default in traefik
#
# Optional
# Default: false
#
# ExposedByDefault = true
# TLS client configuration. https://golang.org/pkg/crypto/tls/#Config
#
# Optional
#
# [mesos.TLS]
# InsecureSkipVerify = true
2016-09-30 16:37:52 +03:00
# Zookeeper timeout (in seconds)
2016-07-20 12:56:14 +03:00
#
# Optional
2017-03-14 17:57:49 +03:00
# Default: 30
2016-07-20 12:56:14 +03:00
#
# ZkDetectionTimeout = 30
2016-09-30 16:37:52 +03:00
# Polling interval (in seconds)
2016-07-20 12:56:14 +03:00
#
# Optional
2017-03-14 17:57:49 +03:00
# Default: 30
2016-07-20 12:56:14 +03:00
#
# RefreshSeconds = 30
2016-09-30 16:37:52 +03:00
# IP sources (e.g. host, docker, mesos, rkt)
2016-07-20 12:56:14 +03:00
#
# Optional
#
# IPSources = "host"
2016-09-30 16:37:52 +03:00
# HTTP Timeout (in seconds)
#
# Optional
2017-03-14 17:57:49 +03:00
# Default: 30
2016-09-30 16:37:52 +03:00
#
2017-03-14 17:57:49 +03:00
# StateTimeoutSecond = "30"
2016-09-30 16:37:52 +03:00
2017-08-26 13:12:44 +03:00
2016-04-20 14:43:37 +03:00
################################################################
# Kubernetes Ingress configuration backend
################################################################
# Enable Kubernetes Ingress configuration backend
#
# Optional
#
# [kubernetes]
# Kubernetes server endpoint
#
2017-03-07 15:09:11 +03:00
# When deployed as a replication controller in Kubernetes, Traefik will use
# the environment variables KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT
# to construct the endpoint.
2016-04-20 14:43:37 +03:00
# Secure token will be found in /var/run/secrets/kubernetes.io/serviceaccount/token
# and SSL CA cert in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
2016-07-12 08:25:01 +03:00
#
2017-03-07 15:09:11 +03:00
# The endpoint may be given to override the environment variable values.
#
# When the environment variables are not found, Traefik will try to connect to
# the Kubernetes API server with an external-cluster client. In this case, the
# endpoint is required. Specifically, it may be set to the URL used by
# `kubectl proxy` to connect to a Kubernetes cluster from localhost.
#
# Optional for in-cluster configuration, required otherwise
# Default: empty
#
# endpoint = "http://127.0.0.1:8001"
# Bearer token used for the Kubernetes client configuration.
#
2016-04-20 14:43:37 +03:00
# Optional
2017-03-07 15:09:11 +03:00
# Default: empty
2016-04-20 14:43:37 +03:00
#
2017-03-07 15:09:11 +03:00
# token = "my token"
# Path to the certificate authority file used for the Kubernetes client
# configuration.
2016-07-12 08:25:01 +03:00
#
2017-03-07 15:09:11 +03:00
# Optional
# Default: empty
#
# certAuthFilePath = "/my/ca.crt"
# Array of namespaces to watch.
#
# Optional
2017-08-18 20:18:02 +03:00
# Default: all namespaces (empty array).
2017-03-07 15:09:11 +03:00
#
# namespaces = ["default"]
2017-08-26 13:12:44 +03:00
# Ingress label selector to identify Ingress objects that should be processed.
# See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors for details.
#
# Optional
# Default: empty (process all Ingresses)
#
2016-07-12 08:25:01 +03:00
# labelselector = "A and not B"
2015-09-14 16:38:58 +03:00
2017-08-26 13:12:44 +03:00
2015-09-21 19:05:56 +03:00
################################################################
# Consul KV configuration backend
################################################################
# Enable Consul KV configuration backend
#
# Optional
#
# [consul]
# Consul server endpoint
#
# Required
#
2015-09-25 12:44:19 +03:00
# endpoint = "127.0.0.1:8500"
2015-09-21 19:05:56 +03:00
# Enable watch Consul changes
#
# Optional
#
# watch = true
# Prefix used for KV store.
#
# Optional
#
2016-08-08 12:53:00 +03:00
# prefix = "traefik"
2015-09-21 19:05:56 +03:00
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "consul.tmpl"
2016-02-19 19:10:48 +03:00
# Enable consul TLS connection
#
# Optional
#
# [consul.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/consul.crt"
# key = "/etc/ssl/consul.key"
# insecureskipverify = true
2017-08-26 13:12:44 +03:00
2016-09-20 17:56:29 +03:00
################################################################
# Consul Catalog configuration backend
################################################################
# Enable Consul Catalog configuration backend
#
# Optional
#
# [consulCatalog]
# Consul server endpoint
#
# Required
#
# endpoint = "127.0.0.1:8500"
# Default domain used.
#
# Optional
#
# domain = "consul.localhost"
2017-08-25 18:32:03 +03:00
# Expose Consul catalog services by default in traefik
#
# Optional
#
# exposedByDefault = true
2016-09-20 17:56:29 +03:00
# Prefix for Consul catalog tags
#
# Optional
#
# prefix = "traefik"
2017-05-08 20:46:53 +03:00
# Default frontEnd Rule for Consul services
#
2017-08-26 13:12:44 +03:00
# The format is a Go Template with:
# - ".ServiceName", ".Domain" and ".Attributes" available
# - "getTag(name, tags, defaultValue)", "hasTag(name, tags)" and "getAttribute(name, tags, defaultValue)" functions are available
# - "getAttribute(...)" function uses prefixed tag names based on "prefix" value
2017-05-08 20:46:53 +03:00
#
# Optional
#
2017-08-26 13:12:44 +03:00
#frontEndRule = "Host:{{.ServiceName}}.{{Domain}}"
2017-05-08 20:46:53 +03:00
2016-09-20 17:56:29 +03:00
# Constraints
2016-11-08 16:20:50 +03:00
#
# Optional
#
# constraints = ["tag==api", "tag==he*ld"]
2016-09-20 17:56:29 +03:00
# Matching with containers having this tag: "traefik.tags=api,helloworld"
2015-09-21 19:05:56 +03:00
2017-08-26 13:12:44 +03:00
2015-10-03 17:51:14 +03:00
################################################################
# Etcd configuration backend
################################################################
# Enable Etcd configuration backend
#
# Optional
#
# [etcd]
# Etcd server endpoint
#
# Required
#
2016-07-11 14:36:35 +03:00
# endpoint = "127.0.0.1:2379"
2015-10-03 17:51:14 +03:00
# Enable watch Etcd changes
#
# Optional
#
# watch = true
# Prefix used for KV store.
#
# Optional
#
# prefix = "/traefik"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "etcd.tmpl"
2017-03-28 18:54:48 +03:00
# Use etcd user/pass authentication
#
# Optional
#
# username = foo
# password = bar
2016-02-19 19:10:48 +03:00
# Enable etcd TLS connection
#
# Optional
#
# [etcd.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/etcd.crt"
# key = "/etc/ssl/etcd.key"
# insecureskipverify = true
2017-08-26 13:12:44 +03:00
################################################################
# Eureka configuration backend
################################################################
# Enable Eureka configuration backend
#
# Optional
#
# [eureka]
# Eureka server endpoint.
# endpoint := "http://my.eureka.server/eureka"
#
# Required
#
# endpoint = "http://my.eureka.server/eureka"
# Override default configuration time between refresh
#
# Optional
# default 30s
# delay = "1m"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "eureka.tmpl"
2015-10-03 17:51:14 +03:00
################################################################
# Zookeeper configuration backend
################################################################
# Enable Zookeeperconfiguration backend
#
# Optional
#
# [zookeeper]
# Zookeeper server endpoint
#
# Required
#
# endpoint = "127.0.0.1:2181"
# Enable watch Zookeeper changes
#
# Optional
#
# watch = true
# Prefix used for KV store.
#
# Optional
#
# prefix = "/traefik"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "zookeeper.tmpl"
################################################################
# BoltDB configuration backend
################################################################
# Enable BoltDB configuration backend
#
# Optional
#
# [boltdb]
# BoltDB file
#
# Required
#
# endpoint = "/my.db"
# Enable watch BoltDB changes
#
# Optional
#
# watch = true
# Prefix used for KV store.
#
# Optional
#
# prefix = "/traefik"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "boltdb.tmpl"
2017-01-05 17:24:17 +03:00
################################################################
# ECS configuration backend
################################################################
# Enable ECS configuration backend
#
# Optional
#
# [ecs]
# ECS Cluster Name
#
2017-08-26 13:12:44 +03:00
# DEPRECATED - Please use Clusters
2017-01-05 17:24:17 +03:00
#
# Cluster = "default"
2017-08-22 12:46:03 +03:00
# ECS Clusters Name
#
# Optional
# Default: ["default"]
#
# Clusters = ["default"]
2017-01-05 17:24:17 +03:00
# Enable watch ECS changes
#
# Optional
# Default: true
#
# Watch = true
2017-08-26 13:12:44 +03:00
# Enable auto discover ECS clusters
#
# Optional
# Default: false
#
# AutoDiscoverClusters = false
2017-01-05 17:24:17 +03:00
# Polling interval (in seconds)
#
# Optional
# Default: 15
#
# RefreshSeconds = 15
# Expose ECS services by default in traefik
#
# Optional
# Default: true
#
# ExposedByDefault = false
# Region to use when connecting to AWS
#
# Optional
#
# Region = "us-east-1"
# AccessKeyID to use when connecting to AWS
#
# Optional
#
# AccessKeyID = "abc"
# SecretAccessKey to use when connecting to AWS
#
# Optional
#
# SecretAccessKey = "123"
# Override default configuration template. For advanced users :)
#
# Optional
#
# filename = "ecs.tmpl"
2015-10-03 17:51:14 +03:00
2017-08-26 13:12:44 +03:00
2017-02-20 22:41:28 +03:00
################################################################
# Rancher configuration backend
################################################################
# Enable Rancher configuration backend
#
# Optional
#
2017-03-24 12:13:12 +03:00
# [rancher]
2017-02-20 22:41:28 +03:00
# Default domain used.
# Can be overridden by setting the "traefik.domain" label on an service.
#
# Required
#
2017-03-24 12:13:12 +03:00
# domain = "rancher.localhost"
2017-02-20 22:41:28 +03:00
# Enable watch Rancher changes
#
# Optional
# Default: true
#
2017-03-24 12:13:12 +03:00
# Watch = true
2017-02-20 22:41:28 +03:00
2017-04-29 22:37:54 +03:00
# Polling interval (in seconds)
#
# Optional
#
# RefreshSeconds = 15
2017-02-20 22:41:28 +03:00
# Expose Rancher services by default in traefik
#
# Optional
# Default: true
#
2017-03-24 12:13:12 +03:00
# ExposedByDefault = false
2017-02-20 22:41:28 +03:00
2017-05-08 04:20:38 +03:00
# Filter services with unhealthy states and inactive states
2017-04-29 22:37:54 +03:00
#
# Optional
# Default: false
#
2017-05-08 04:20:38 +03:00
# EnableServiceHealthFilter = true
2017-04-29 22:37:54 +03:00
2017-05-08 04:20:38 +03:00
# Enable Rancher metadata service configuration backend instead of the API
# configuration backend
#
# Optional
# Default: false
#
2017-06-21 02:38:53 +03:00
# [rancher.metadata]
2017-05-08 04:20:38 +03:00
# Poll the Rancher metadata service for changes every `rancher.RefreshSeconds`
# NOTE: this is less accurate than the default long polling technique which
# will provide near instantaneous updates to Traefik
#
# Optional
# Default: false
#
# IntervalPoll = true
# Prefix used for accessing the Rancher metadata service
#
# Optional
# Default: "/latest"
#
# Prefix = "/2016-07-29"
2017-06-21 02:38:53 +03:00
# Enable Rancher API configuration backend
2017-05-02 17:51:02 +03:00
#
# Optional
2017-06-21 02:38:53 +03:00
# Default: true
#
# [rancher.api]
# Endpoint to use when connecting to the Rancher API
#
# Required
# Endpoint = "http://rancherserver.example.com/v1"
# AccessKey to use when connecting to the Rancher API
#
# Required
# AccessKey = "XXXXXXXXXXXXXXXXXXXX"
# SecretKey to use when connecting to the Rancher API
2017-05-02 17:51:02 +03:00
#
2017-06-21 02:38:53 +03:00
# Required
# SecretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
2015-09-14 16:38:58 +03:00
2017-08-26 13:12:44 +03:00
2017-03-09 04:53:34 +03:00
################################################################
# DynamoDB configuration backend
################################################################
# Enable DynamoDB configuration backend
#
# Optional
#
# [dynamodb]
# DynamoDB Table Name
#
# Optional
#
# TableName = "traefik"
# Enable watch DynamoDB changes
#
# Optional
#
# Watch = true
# Polling interval (in seconds)
#
# Optional
#
# RefreshSeconds = 15
# Region to use when connecting to AWS
#
# Required
#
# Region = "us-east-1"
# AccessKeyID to use when connecting to AWS
#
# Optional
#
# AccessKeyID = "abc"
# SecretAccessKey to use when connecting to AWS
#
# Optional
#
# SecretAccessKey = "123"
# Endpoint of dynamodb when testing locally
#
# Optional
#
# Endpoint = "http://localhost:8080"
2015-09-14 16:38:58 +03:00
################################################################
# Sample rules
################################################################
# [backends]
# [backends.backend1]
2015-09-25 12:44:19 +03:00
# [backends.backend1.circuitbreaker]
# expression = "NetworkErrorRatio() > 0.5"
2015-09-14 16:38:58 +03:00
# [backends.backend1.servers.server1]
# url = "http://172.17.0.2:80"
# weight = 10
# [backends.backend1.servers.server2]
# url = "http://172.17.0.3:80"
# weight = 1
# [backends.backend2]
2015-09-25 12:44:19 +03:00
# [backends.backend2.LoadBalancer]
# method = "drr"
2015-09-14 16:38:58 +03:00
# [backends.backend2.servers.server1]
# url = "http://172.17.0.4:80"
# weight = 1
# [backends.backend2.servers.server2]
# url = "http://172.17.0.5:80"
# weight = 2
#
2015-09-15 17:09:21 +03:00
# [frontends]
# [frontends.frontend1]
2015-09-14 16:38:58 +03:00
# backend = "backend2"
2015-09-15 17:09:21 +03:00
# [frontends.frontend1.routes.test_1]
2016-04-06 16:48:19 +03:00
# rule = "Host: test.localhost, other.localhost"
2015-09-15 17:09:21 +03:00
# [frontends.frontend2]
2015-09-14 16:38:58 +03:00
# backend = "backend1"
2015-10-30 13:33:41 +03:00
# passHostHeader = true
2016-02-01 18:09:13 +03:00
# entrypoints = ["https"] # overrides defaultEntryPoints
# [frontends.frontend2.routes.test_1]
2016-03-31 13:59:50 +03:00
# rule = "Host:{subdomain:[a-z]+}.localhost"
2016-02-01 18:09:13 +03:00
# [frontends.frontend3]
# entrypoints = ["http", "https"] # overrides defaultEntryPoints
# backend = "backend2"
2016-07-12 08:25:01 +03:00
# rule = "Path: /test, /other"