mirror of
https://github.com/containous/traefik.git
synced 2024-12-22 13:34:03 +03:00
YAML I love you
This commit is contained in:
parent
bfde17b4d7
commit
17480abe85
@ -303,8 +303,8 @@ certificatesResolvers:
|
||||
dnsChallenge:
|
||||
# ...
|
||||
resolvers:
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
- "1.1.1.1:53"
|
||||
- "8.8.8.8:53"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
|
@ -30,10 +30,10 @@ To add / remove TLS certificates, even when Traefik is already running, their de
|
||||
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: /path/to/domain.cert
|
||||
keyFile: /path/to/domain.key
|
||||
- certFile: /path/to/other-domain.cert
|
||||
keyFile: /path/to/other-domain.key
|
||||
- certFile: /path/to/domain.cert
|
||||
keyFile: /path/to/domain.key
|
||||
- certFile: /path/to/other-domain.cert
|
||||
keyFile: /path/to/other-domain.key
|
||||
```
|
||||
|
||||
!!! important "Restriction"
|
||||
@ -88,14 +88,14 @@ In the `tls.certificates` section, a list of stores can then be specified to ind
|
||||
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: /path/to/domain.cert
|
||||
keyFile: /path/to/domain.key
|
||||
stores:
|
||||
- default
|
||||
# Note that since no store is defined,
|
||||
# the certificate below will be stored in the `default` store.
|
||||
- certFile: /path/to/other-domain.cert
|
||||
keyFile: /path/to/other-domain.key
|
||||
- certFile: /path/to/domain.cert
|
||||
keyFile: /path/to/domain.key
|
||||
stores:
|
||||
- default
|
||||
# Note that since no store is defined,
|
||||
# the certificate below will be stored in the `default` store.
|
||||
- certFile: /path/to/other-domain.cert
|
||||
keyFile: /path/to/other-domain.key
|
||||
```
|
||||
|
||||
!!! important "Restriction"
|
||||
@ -203,8 +203,8 @@ tls:
|
||||
options:
|
||||
default:
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -216,8 +216,8 @@ metadata:
|
||||
|
||||
spec:
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
```
|
||||
|
||||
!!! important "TLS 1.3"
|
||||
@ -293,8 +293,8 @@ tls:
|
||||
clientAuth:
|
||||
# in PEM format. each file can contain multiple CAs.
|
||||
caFiles:
|
||||
- tests/clientca1.crt
|
||||
- tests/clientca2.crt
|
||||
- tests/clientca1.crt
|
||||
- tests/clientca2.crt
|
||||
clientAuthType: RequireAndVerifyClientCert
|
||||
```
|
||||
|
||||
|
@ -12,7 +12,7 @@ The AddPrefix middleware updates the URL Path of the request before forwarding i
|
||||
```yaml tab="Docker"
|
||||
# Prefixing with /foo
|
||||
labels:
|
||||
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
|
||||
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -35,7 +35,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Prefixing with /foo
|
||||
labels:
|
||||
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
|
||||
- "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -16,7 +16,7 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
|
||||
# To create user:password pair, it's possible to use this command:
|
||||
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -39,7 +39,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Declaring the user list
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -59,8 +59,8 @@ http:
|
||||
test-auth:
|
||||
basicAuth:
|
||||
users:
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
@ -89,7 +89,7 @@ The `users` option is an array of authorized users. Each user will be declared u
|
||||
# To create user:password pair, it's possible to use this command:
|
||||
# echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -124,7 +124,7 @@ data:
|
||||
```yaml tab="Rancher"
|
||||
# Declaring the user list
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -144,8 +144,8 @@ http:
|
||||
test-auth:
|
||||
basicAuth:
|
||||
users:
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
### `usersFile`
|
||||
@ -161,7 +161,7 @@ The file content is a list of `name:encoded-password`.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -224,7 +224,7 @@ You can customize the realm for the authentication with the `realm` option. The
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -268,7 +268,7 @@ You can define a header field to store the authenticated user using the `headerF
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
|
||||
- "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -309,7 +309,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -330,7 +330,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
|
||||
- "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -16,7 +16,7 @@ This can help services deal with large data (multipart/form-data for example), a
|
||||
```yaml tab="Docker"
|
||||
# Sets the maximum request body to 2Mb
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -39,7 +39,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Sets the maximum request body to 2Mb
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -68,7 +68,7 @@ If the request exceeds the allowed size, it is not forwarded to the service and
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -89,7 +89,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -112,7 +112,7 @@ You can configure a threshold (in Bytes) from which the request will be buffered
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -133,7 +133,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -158,7 +158,7 @@ If the response exceeds the allowed size, it is not forwarded to the client. The
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -179,7 +179,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -202,7 +202,7 @@ You can configure a threshold (in Bytes) from which the response will be buffere
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -223,7 +223,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
|
||||
- "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -248,7 +248,7 @@ You can have the Buffering middleware replay the request with the help of the `r
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
|
||||
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -269,7 +269,7 @@ You can have the Buffering middleware replay the request with the help of the `r
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
|
||||
- "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -14,14 +14,14 @@ Example "A Chain for WhiteList, BasicAuth, and HTTPS"
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.routers.router1.service=service1"
|
||||
- "traefik.http.routers.router1.middlewares=secured"
|
||||
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
|
||||
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "http.services.service1.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.router1.service=service1"
|
||||
- "traefik.http.routers.router1.middlewares=secured"
|
||||
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
|
||||
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "http.services.service1.loadbalancer.server.port=80"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -98,14 +98,14 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.routers.router1.service=service1"
|
||||
- "traefik.http.routers.router1.middlewares=secured"
|
||||
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
|
||||
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "http.services.service1.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.router1.service=service1"
|
||||
- "traefik.http.routers.router1.middlewares=secured"
|
||||
- "traefik.http.routers.router1.rule=Host(`mydomain`)"
|
||||
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
|
||||
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32"
|
||||
- "http.services.service1.loadbalancer.server.port=80"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -143,21 +143,21 @@ http:
|
||||
router1:
|
||||
service: service1
|
||||
middlewares:
|
||||
- secured
|
||||
- secured
|
||||
rule: "Host(`mydomain`)"
|
||||
|
||||
middlewares:
|
||||
secured:
|
||||
chain:
|
||||
middlewares:
|
||||
- https-only
|
||||
- known-ips
|
||||
- auth-users
|
||||
- https-only
|
||||
- known-ips
|
||||
- auth-users
|
||||
|
||||
auth-users:
|
||||
basicAuth:
|
||||
users:
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
|
||||
https-only:
|
||||
redirectScheme:
|
||||
@ -166,12 +166,12 @@ http:
|
||||
known-ips:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
|
||||
services:
|
||||
service1:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://127.0.0.1:80"
|
||||
- url: "http://127.0.0.1:80"
|
||||
```
|
||||
|
@ -31,7 +31,7 @@ To assess if your system is healthy, the circuit breaker constantly monitors the
|
||||
```yaml tab="Docker"
|
||||
# Latency Check
|
||||
labels:
|
||||
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
|
||||
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -54,7 +54,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Latency Check
|
||||
labels:
|
||||
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
|
||||
- "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -12,7 +12,7 @@ The Compress middleware enables the gzip compression.
|
||||
```yaml tab="Docker"
|
||||
# Enable gzip compression
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-compress.compress=true"
|
||||
- "traefik.http.middlewares.test-compress.compress=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -34,7 +34,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Enable gzip compression
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-compress.compress=true"
|
||||
- "traefik.http.middlewares.test-compress.compress=true"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -12,7 +12,7 @@ The DigestAuth middleware is a quick way to restrict access to your services to
|
||||
```yaml tab="Docker"
|
||||
# Declaring the user list
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -35,7 +35,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Declaring the user list
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -55,8 +55,8 @@ http:
|
||||
test-auth:
|
||||
digestAuth:
|
||||
users:
|
||||
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
|
||||
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
|
||||
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
@ -76,7 +76,7 @@ The `users` option is an array of authorized users. Each user will be declared u
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -108,7 +108,7 @@ data:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
- "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -126,8 +126,8 @@ http:
|
||||
test-auth:
|
||||
digestAuth:
|
||||
users:
|
||||
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
|
||||
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
- "test:traefik:a2688e031edb4be6a3797f3882655c05"
|
||||
- "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
|
||||
```
|
||||
|
||||
### `usersFile`
|
||||
@ -143,7 +143,7 @@ The file content is a list of `name:realm:encoded-password`.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
|
||||
- "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -206,7 +206,7 @@ You can customize the realm for the authentication with the `realm` option. The
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
|
||||
- "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -296,7 +296,7 @@ Set the `removeHeader` option to `true` to remove the authorization header befor
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
|
||||
- "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
|
@ -15,9 +15,9 @@ The ErrorPage middleware returns a custom page in lieu of the default, according
|
||||
```yaml tab="Docker"
|
||||
# Dynamic Custom Error Page for 5XX Status Code
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -28,7 +28,7 @@ metadata:
|
||||
spec:
|
||||
errors:
|
||||
status:
|
||||
- 500-599
|
||||
- 500-599
|
||||
query: /{status}.html
|
||||
service:
|
||||
name: whoami
|
||||
@ -46,9 +46,9 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Dynamic Custom Error Page for 5XX Status Code
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.status=500-599"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.service=serviceError"
|
||||
- "traefik.http.middlewares.test-errorpage.errors.query=/{status}.html"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -70,7 +70,7 @@ http:
|
||||
test-errorpage:
|
||||
errors:
|
||||
status:
|
||||
- "500-599"
|
||||
- "500-599"
|
||||
service: serviceError
|
||||
query: "/{status}.html"
|
||||
|
||||
|
@ -14,7 +14,7 @@ Otherwise, the response from the authentication server is returned.
|
||||
```yaml tab="Docker"
|
||||
# Forward authentication to authserver.com
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -37,7 +37,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Forward authentication to authserver.com
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -64,7 +64,7 @@ The `address` option defines the authentication server address.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -85,7 +85,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -108,7 +108,7 @@ Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwa
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -130,7 +130,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -155,7 +155,7 @@ The `authResponseHeaders` option is the list of the headers to copy from the aut
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -167,8 +167,8 @@ spec:
|
||||
forwardAuth:
|
||||
address: https://authserver.com/auth
|
||||
authResponseHeaders:
|
||||
- X-Auth-User
|
||||
- X-Secret
|
||||
- X-Auth-User
|
||||
- X-Secret
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -179,7 +179,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -196,8 +196,8 @@ http:
|
||||
forwardAuth:
|
||||
address: "https://authserver.com/auth"
|
||||
authResponseHeaders:
|
||||
- "X-Auth-User"
|
||||
- "X-Secret"
|
||||
- "X-Auth-User"
|
||||
- "X-Secret"
|
||||
```
|
||||
|
||||
### `tls`
|
||||
@ -210,7 +210,7 @@ Certificate Authority used for the secured connection to the authentication serv
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -243,7 +243,7 @@ data:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -275,7 +275,7 @@ Requires `tls.ca` to be defined.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -298,7 +298,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -325,8 +325,8 @@ Public certificate used for the secured connection to the authentication server.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -361,8 +361,8 @@ data:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -394,8 +394,8 @@ Private certificate used for the secure connection to the authentication server.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -430,8 +430,8 @@ data:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -463,7 +463,7 @@ If `insecureSkipVerify` is `true`, TLS for the connection to authentication serv
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -485,7 +485,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
|
||||
- "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -15,8 +15,8 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
|
||||
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
|
||||
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
|
||||
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -41,8 +41,8 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
|
||||
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
|
||||
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
|
||||
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -236,9 +236,9 @@ http:
|
||||
testHeader:
|
||||
headers:
|
||||
accessControlAllowMethod:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- PUT
|
||||
- GET
|
||||
- OPTIONS
|
||||
- PUT
|
||||
accessControlAllowOrigin: "origin-list-or-null"
|
||||
accessControlMaxAge: 100
|
||||
addVaryHeader: true
|
||||
|
@ -11,7 +11,7 @@ To proactively prevent services from being overwhelmed with high load, a limit o
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -33,7 +33,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Limiting to 10 simultaneous connections
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -61,7 +61,7 @@ The middleware will return an `HTTP 429 Too Many Requests` if there are already
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -83,7 +83,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Limiting to 10 simultaneous connections
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -131,7 +131,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -148,7 +148,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -192,7 +192,7 @@ http:
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -209,17 +209,17 @@ spec:
|
||||
- 192.168.1.7
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
|
||||
}
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
[http.middlewares]
|
||||
[http.middlewares.test-inflightreq.inflightreq]
|
||||
@ -235,8 +235,8 @@ http:
|
||||
sourceCriterion:
|
||||
ipStrategy:
|
||||
excludedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
```
|
||||
|
||||
#### `sourceCriterion.requestHeaderName`
|
||||
@ -245,7 +245,7 @@ Requests having the same value for the given header are grouped as coming from t
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -261,7 +261,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -292,7 +292,7 @@ Whether to consider the request host as the source.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -308,7 +308,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
|
||||
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
|
@ -12,7 +12,7 @@ IPWhitelist accepts / refuses requests based on the client IP.
|
||||
```yaml tab="Docker"
|
||||
# Accepts request from defined IP
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -23,8 +23,8 @@ metadata:
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -36,7 +36,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Accepts request from defined IP
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -53,8 +53,8 @@ http:
|
||||
test-ipwhitelist:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
@ -76,8 +76,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||
```yaml tab="Docker"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
labels:
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -89,8 +89,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||
spec:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
ipStrategy:
|
||||
depth: 2
|
||||
```
|
||||
@ -98,14 +98,14 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||
```yaml tab="Rancher"
|
||||
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
|
||||
labels:
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
|
||||
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
|
||||
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
|
||||
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
|
||||
}
|
||||
```
|
||||
|
||||
@ -125,8 +125,8 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||
test-ipwhitelist:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
ipStrategy:
|
||||
depth: 2
|
||||
```
|
||||
@ -164,19 +164,19 @@ spec:
|
||||
ipWhiteList:
|
||||
ipStrategy:
|
||||
excludedIPs:
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
- 127.0.0.1/32
|
||||
- 192.168.1.7
|
||||
```
|
||||
|
||||
```yaml tab="Rancher"
|
||||
# Exclude from `X-Forwarded-For`
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
"labels": {
|
||||
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
|
||||
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
|
||||
}
|
||||
```
|
||||
|
||||
@ -196,8 +196,8 @@ http:
|
||||
ipWhiteList:
|
||||
ipStrategy:
|
||||
excludedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
```
|
||||
|
||||
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
|
||||
|
@ -60,7 +60,7 @@ spec:
|
||||
routes:
|
||||
# more fields...
|
||||
middlewares:
|
||||
- name: stripprefix
|
||||
- name: stripprefix
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -106,7 +106,7 @@ http:
|
||||
router1:
|
||||
service: myService
|
||||
middlewares:
|
||||
- "foo-add-prefix"
|
||||
- "foo-add-prefix"
|
||||
rule: "Host(`example.com`)"
|
||||
|
||||
middlewares:
|
||||
@ -118,7 +118,7 @@ http:
|
||||
service1:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: "http://127.0.0.1:80"
|
||||
- url: "http://127.0.0.1:80"
|
||||
```
|
||||
|
||||
## Provider Namespace
|
||||
|
@ -16,7 +16,7 @@ Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
|
||||
```yaml tab="Docker"
|
||||
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -38,7 +38,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -62,23 +62,23 @@ http:
|
||||
```yaml tab="Docker"
|
||||
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -114,23 +114,23 @@ http:
|
||||
```yaml tab="Rancher"
|
||||
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
|
||||
- "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
|
@ -11,8 +11,8 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r
|
||||
# Here, an average of 100 requests per second is allowed.
|
||||
# In addition, a burst of 50 requests is allowed.
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -39,8 +39,8 @@ spec:
|
||||
# Here, an average of 100 requests per second is allowed.
|
||||
# In addition, a burst of 50 requests is allowed.
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -72,7 +72,7 @@ It defaults to 0, which means no rate limiting.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -93,7 +93,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -117,7 +117,7 @@ It defaults to 1.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -138,7 +138,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
|
||||
|
||||
```
|
||||
|
||||
@ -187,7 +187,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -206,7 +206,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -230,8 +230,8 @@ http:
|
||||
sourceCriterion:
|
||||
ipStrategy:
|
||||
excludedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
```
|
||||
|
||||
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
|
||||
@ -254,7 +254,7 @@ Requests having the same value for the given header are grouped as coming from t
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -270,7 +270,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -301,7 +301,7 @@ Whether to consider the request host as the source.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -317,7 +317,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
|
||||
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -340,4 +340,4 @@ http:
|
||||
rateLimit:
|
||||
sourceCriterion:
|
||||
requestHost: true
|
||||
```
|
||||
```
|
||||
|
@ -15,8 +15,8 @@ RegexRedirect redirect a request from an url to another with regex matching and
|
||||
# Redirect with domain replacement
|
||||
# Note: all dollar signs need to be doubled for escaping.
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -42,8 +42,8 @@ spec:
|
||||
# Redirect with domain replacement
|
||||
# Note: all dollar signs need to be doubled for escaping.
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
|
||||
- "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -85,4 +85,3 @@ The `regex` option is the regular expression to match and capture elements from
|
||||
### `replacement`
|
||||
|
||||
The `replacement` option defines how to modify the URL to have the new target URL.
|
||||
|
@ -14,7 +14,7 @@ RegexRedirect redirect request from a scheme to another.
|
||||
```yaml tab="Docker"
|
||||
# Redirect to https
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -37,7 +37,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Redirect to https
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
|
||||
- "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -14,7 +14,7 @@ Replace the path of the request url.
|
||||
```yaml tab="Docker"
|
||||
# Replace the path by /foo
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
|
||||
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -37,7 +37,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Replace the path by /foo
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
|
||||
- "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -14,8 +14,8 @@ The ReplaceRegex replace a path from an url to another with regex matching and r
|
||||
```yaml tab="Docker"
|
||||
# Replace path with regex
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -40,8 +40,8 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Replace path with regex
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
|
||||
- "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
|
@ -15,7 +15,7 @@ To be clear, as soon as the server answers, the middleware stops retrying, regar
|
||||
```yaml tab="Docker"
|
||||
# Retry to send request 4 times
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-retry.retry.attempts=4"
|
||||
- "traefik.http.middlewares.test-retry.retry.attempts=4"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -38,7 +38,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Retry to send request 4 times
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-retry.retry.attempts=4"
|
||||
- "traefik.http.middlewares.test-retry.retry.attempts=4"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -63,4 +63,4 @@ http:
|
||||
|
||||
_mandatory_
|
||||
|
||||
The `attempts` option defines how many times the request should be retried.
|
||||
The `attempts` option defines how many times the request should be retried.
|
||||
|
@ -14,7 +14,7 @@ Remove the specified prefixes from the URL path.
|
||||
```yaml tab="Docker"
|
||||
# Strip prefix /foobar and /fiibar
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
|
||||
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -26,8 +26,8 @@ metadata:
|
||||
spec:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- /foobar
|
||||
- /fiibar
|
||||
- /foobar
|
||||
- /fiibar
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -39,7 +39,7 @@ spec:
|
||||
```yaml tab="Rancher"
|
||||
# Strip prefix /foobar and /fiibar
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
|
||||
- "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -56,8 +56,8 @@ http:
|
||||
test-stripprefix:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- "/foobar"
|
||||
- "/fiibar"
|
||||
- "/foobar"
|
||||
- "/fiibar"
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
|
@ -9,7 +9,7 @@ Remove the matching prefixes from the URL path.
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
|
||||
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
|
||||
```
|
||||
|
||||
```yaml tab="Kubernetes"
|
||||
@ -20,7 +20,7 @@ metadata:
|
||||
spec:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
- "/foo/[a-z0-9]+/[0-9]+/"
|
||||
- "/foo/[a-z0-9]+/[0-9]+/"
|
||||
```
|
||||
|
||||
```json tab="Marathon"
|
||||
@ -31,7 +31,7 @@ spec:
|
||||
|
||||
```yaml tab="Rancher"
|
||||
labels:
|
||||
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
|
||||
- "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -46,7 +46,7 @@ http:
|
||||
test-stripprefixregex:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
- "/foo/[a-z0-9]+/[0-9]+/"
|
||||
- "/foo/[a-z0-9]+/[0-9]+/"
|
||||
```
|
||||
|
||||
## Configuration Options
|
||||
|
@ -167,21 +167,21 @@ Then any router can refer to an instance of the wanted middleware.
|
||||
rule: "Host(`test.localhost`) && PathPrefix(`/test`)"
|
||||
service: my-service
|
||||
middlewares:
|
||||
- auth
|
||||
- auth
|
||||
|
||||
services:
|
||||
my-service:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://10.10.10.1:80
|
||||
- url: http://10.10.10.2:80
|
||||
- url: http://10.10.10.1:80
|
||||
- url: http://10.10.10.2:80
|
||||
|
||||
middlewares:
|
||||
auth:
|
||||
basicAuth:
|
||||
users:
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
## TLS configuration is now dynamic, per router.
|
||||
@ -261,8 +261,8 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||
myTLSOptions:
|
||||
minVersion: VersionTLS13
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
```
|
||||
|
||||
```yaml tab="K8s IngressRoute"
|
||||
@ -290,11 +290,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
|
||||
entryPoints:
|
||||
- web
|
||||
routes:
|
||||
- match: Host(`bar.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
- match: Host(`bar.com`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: whoami
|
||||
port: 80
|
||||
tls:
|
||||
options:
|
||||
name: mytlsoption
|
||||
@ -464,15 +464,15 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||
router0:
|
||||
rule: "Host(`foo.com`)"
|
||||
entryPoints:
|
||||
- web
|
||||
- web
|
||||
middlewares:
|
||||
- redirect
|
||||
- redirect
|
||||
service: my-service
|
||||
|
||||
router1:
|
||||
rule: "Host(`foo.com`)"
|
||||
entryPoints:
|
||||
- web-secure
|
||||
- web-secure
|
||||
service: my-service
|
||||
tls: {}
|
||||
|
||||
@ -480,8 +480,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||
my-service:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://10.10.10.1:80
|
||||
- url: http://10.10.10.2:80
|
||||
- url: http://10.10.10.1:80
|
||||
- url: http://10.10.10.2:80
|
||||
|
||||
middlewares:
|
||||
redirect:
|
||||
@ -490,8 +490,8 @@ To apply a redirection, one of the redirect middlewares, [RedirectRegex](../midd
|
||||
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: /app/certs/server/server.pem
|
||||
keyFile: /app/certs/server/server.pem
|
||||
- certFile: /app/certs/server/server.pem
|
||||
keyFile: /app/certs/server/server.pem
|
||||
```
|
||||
|
||||
## ACME (LetsEncrypt)
|
||||
|
@ -95,8 +95,8 @@ accessLog:
|
||||
format: json
|
||||
filters:
|
||||
statusCodes:
|
||||
- "200"
|
||||
- "300-302"
|
||||
- "200"
|
||||
- "300-302"
|
||||
retryAttempts: true
|
||||
minDuration: "10ms"
|
||||
```
|
||||
|
@ -32,10 +32,10 @@ Buckets for latency metrics.
|
||||
metrics:
|
||||
prometheus:
|
||||
buckets:
|
||||
- 0.1
|
||||
- 0.3
|
||||
- 1.2
|
||||
- 5.0
|
||||
- 0.1
|
||||
- 0.3
|
||||
- 1.2
|
||||
- 5.0
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
|
@ -40,6 +40,7 @@ api: {}
|
||||
And then you will be able to reference it like this:
|
||||
|
||||
```yaml tab="Docker"
|
||||
labels:
|
||||
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
||||
- "traefik.http.routers.api.service=api@internal"
|
||||
- "traefik.http.routers.api.middlewares=auth"
|
||||
@ -59,9 +60,9 @@ And then you will be able to reference it like this:
|
||||
# Declaring the user list
|
||||
labels:
|
||||
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
|
||||
- "traefik.http.routers.api.service=api@internal"
|
||||
- "traefik.http.routers.api.middlewares=auth"
|
||||
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "traefik.http.routers.api.service=api@internal"
|
||||
- "traefik.http.routers.api.middlewares=auth"
|
||||
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
```toml tab="File (TOML)"
|
||||
@ -72,9 +73,9 @@ labels:
|
||||
|
||||
[http.middlewares.auth.basicAuth]
|
||||
users = [
|
||||
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||
]
|
||||
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||
]
|
||||
```
|
||||
|
||||
```yaml tab="File (YAML)"
|
||||
@ -89,8 +90,8 @@ http:
|
||||
auth:
|
||||
basicAuth:
|
||||
users:
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
|
||||
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
|
||||
```
|
||||
|
||||
### `insecure`
|
||||
|
@ -34,17 +34,17 @@ metadata:
|
||||
|
||||
spec:
|
||||
rules:
|
||||
- host: foo.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
backend:
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
- path: /foo
|
||||
backend:
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
- host: foo.com
|
||||
http:
|
||||
paths:
|
||||
- path: /bar
|
||||
backend:
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
- path: /foo
|
||||
backend:
|
||||
serviceName: service1
|
||||
servicePort: 80
|
||||
```
|
||||
|
||||
## Provider Configuration
|
||||
@ -165,8 +165,8 @@ _Optional, Default: all namespaces (empty array)_
|
||||
providers:
|
||||
kubernetesIngress:
|
||||
namespaces:
|
||||
- "default"
|
||||
- "production"
|
||||
- "default"
|
||||
- "production"
|
||||
# ...
|
||||
```
|
||||
|
||||
|
@ -2,11 +2,11 @@ http:
|
||||
routers:
|
||||
Router0:
|
||||
entryPoints:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
middlewares:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
priority: 42
|
||||
@ -14,21 +14,21 @@ http:
|
||||
options: foobar
|
||||
certResolver: foobar
|
||||
domains:
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
Router1:
|
||||
entryPoints:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
middlewares:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
priority: 42
|
||||
@ -36,14 +36,14 @@ http:
|
||||
options: foobar
|
||||
certResolver: foobar
|
||||
domains:
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
services:
|
||||
Service01:
|
||||
loadBalancer:
|
||||
@ -53,8 +53,8 @@ http:
|
||||
secure: true
|
||||
httpOnly: true
|
||||
servers:
|
||||
- url: foobar
|
||||
- url: foobar
|
||||
- url: foobar
|
||||
- url: foobar
|
||||
healthCheck:
|
||||
scheme: foobar
|
||||
path: foobar
|
||||
@ -72,17 +72,17 @@ http:
|
||||
mirroring:
|
||||
service: foobar
|
||||
mirrors:
|
||||
- name: foobar
|
||||
percent: 42
|
||||
- name: foobar
|
||||
percent: 42
|
||||
- name: foobar
|
||||
percent: 42
|
||||
- name: foobar
|
||||
percent: 42
|
||||
Service03:
|
||||
weighted:
|
||||
services:
|
||||
- name: foobar
|
||||
weight: 42
|
||||
- name: foobar
|
||||
weight: 42
|
||||
- name: foobar
|
||||
weight: 42
|
||||
- name: foobar
|
||||
weight: 42
|
||||
sticky:
|
||||
cookie:
|
||||
name: foobar
|
||||
@ -95,8 +95,8 @@ http:
|
||||
Middleware01:
|
||||
basicAuth:
|
||||
users:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
usersFile: foobar
|
||||
realm: foobar
|
||||
removeHeader: true
|
||||
@ -111,8 +111,8 @@ http:
|
||||
Middleware03:
|
||||
chain:
|
||||
middlewares:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
Middleware04:
|
||||
circuitBreaker:
|
||||
expression: foobar
|
||||
@ -121,8 +121,8 @@ http:
|
||||
Middleware06:
|
||||
digestAuth:
|
||||
users:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
usersFile: foobar
|
||||
removeHeader: true
|
||||
realm: foobar
|
||||
@ -130,8 +130,8 @@ http:
|
||||
Middleware07:
|
||||
errors:
|
||||
status:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
service: foobar
|
||||
query: foobar
|
||||
Middleware08:
|
||||
@ -145,8 +145,8 @@ http:
|
||||
insecureSkipVerify: true
|
||||
trustForwardHeader: true
|
||||
authResponseHeaders:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
Middleware09:
|
||||
headers:
|
||||
customRequestHeaders:
|
||||
@ -157,23 +157,23 @@ http:
|
||||
name1: foobar
|
||||
accessControlAllowCredentials: true
|
||||
accessControlAllowHeaders:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
accessControlAllowMethods:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
accessControlAllowOrigin: foobar
|
||||
accessControlExposeHeaders:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
accessControlMaxAge: 42
|
||||
addVaryHeader: true
|
||||
allowedHosts:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
hostsProxyHeaders:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
sslRedirect: true
|
||||
sslTemporaryRedirect: true
|
||||
sslHost: foobar
|
||||
@ -198,13 +198,13 @@ http:
|
||||
Middleware10:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
ipStrategy:
|
||||
depth: 42
|
||||
excludedIPs:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
Middleware11:
|
||||
inFlightReq:
|
||||
amount: 42
|
||||
@ -212,8 +212,8 @@ http:
|
||||
ipstrategy:
|
||||
depth: 42
|
||||
excludedIPs:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
requestHeaderName: foobar
|
||||
requestHost: true
|
||||
Middleware12:
|
||||
@ -247,8 +247,8 @@ http:
|
||||
ipstrategy:
|
||||
depth: 42
|
||||
excludedIPs:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
requestHeaderName: foobar
|
||||
requestHost: true
|
||||
Middleware14:
|
||||
@ -274,19 +274,19 @@ http:
|
||||
Middleware19:
|
||||
stripPrefix:
|
||||
prefixes:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
Middleware20:
|
||||
stripPrefixRegex:
|
||||
regex:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
tcp:
|
||||
routers:
|
||||
TCPRouter0:
|
||||
entryPoints:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
tls:
|
||||
@ -294,18 +294,18 @@ tcp:
|
||||
options: foobar
|
||||
certResolver: foobar
|
||||
domains:
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
TCPRouter1:
|
||||
entryPoints:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
service: foobar
|
||||
rule: foobar
|
||||
tls:
|
||||
@ -313,60 +313,60 @@ tcp:
|
||||
options: foobar
|
||||
certResolver: foobar
|
||||
domains:
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
- main: foobar
|
||||
sans:
|
||||
- foobar
|
||||
- foobar
|
||||
services:
|
||||
TCPService0:
|
||||
loadBalancer:
|
||||
terminationDelay: 100
|
||||
servers:
|
||||
- address: foobar
|
||||
- address: foobar
|
||||
- address: foobar
|
||||
- address: foobar
|
||||
TCPService1:
|
||||
loadBalancer:
|
||||
terminationDelay: 100
|
||||
servers:
|
||||
- address: foobar
|
||||
- address: foobar
|
||||
- address: foobar
|
||||
- address: foobar
|
||||
tls:
|
||||
certificates:
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
stores:
|
||||
- foobar
|
||||
- foobar
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
stores:
|
||||
- foobar
|
||||
- foobar
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
stores:
|
||||
- foobar
|
||||
- foobar
|
||||
- certFile: foobar
|
||||
keyFile: foobar
|
||||
stores:
|
||||
- foobar
|
||||
- foobar
|
||||
options:
|
||||
Options0:
|
||||
minVersion: foobar
|
||||
cipherSuites:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
clientAuth:
|
||||
caFiles:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
clientAuthType: foobar
|
||||
sniStrict: true
|
||||
Options1:
|
||||
minVersion: foobar
|
||||
cipherSuites:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
clientAuth:
|
||||
caFiles:
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
- foobar
|
||||
clientAuthType: foobar
|
||||
sniStrict: true
|
||||
stores:
|
||||
|
@ -110,13 +110,13 @@ You can define them using a toml file, CLI arguments, or a key-value store.
|
||||
proxyProtocol:
|
||||
insecure: true
|
||||
trustedIPs:
|
||||
- "127.0.0.1"
|
||||
- "192.168.0.1"
|
||||
- "127.0.0.1"
|
||||
- "192.168.0.1"
|
||||
forwardedHeaders:
|
||||
insecure: true
|
||||
trustedIPs:
|
||||
- "127.0.0.1"
|
||||
- "192.168.0.1"
|
||||
- "127.0.0.1"
|
||||
- "192.168.0.1"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
@ -158,8 +158,8 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
|
||||
address: ":80"
|
||||
forwardedHeaders:
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
@ -421,8 +421,8 @@ If the Proxy Protocol header is passed, then the version is determined automatic
|
||||
address: ":80"
|
||||
proxyProtocol:
|
||||
trustedIPs:
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
- "127.0.0.1/32"
|
||||
- "192.168.1.7"
|
||||
```
|
||||
|
||||
```bash tab="CLI"
|
||||
|
@ -446,7 +446,8 @@ You can declare TCP Routers and/or Services using labels.
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
|
||||
<!-- TODO doc terminationdelay in TCP services page -->
|
||||
|
||||
See [termination delay](../services/index.md#termination-delay) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"
|
||||
|
@ -276,8 +276,101 @@ You can declare TCP Routers and/or Services using labels.
|
||||
|
||||
!!! warning "TCP and HTTP"
|
||||
|
||||
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (as it would by default if no TCP Router/Service is defined).
|
||||
Both a TCP Router/Service and an HTTP Router/Service can be created for the same application, but it has to be done explicitly in the config.
|
||||
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
|
||||
You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
|
||||
|
||||
#### TCP Routers
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.entrypoints`"
|
||||
|
||||
See [entry points](../routers/index.md#entrypoints_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.entrypoints": "ep1,ep2"
|
||||
```
|
||||
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.rule`"
|
||||
|
||||
See [rule](../routers/index.md#rule_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.rule": "HostSNI(`myhost.com`)"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.service`"
|
||||
|
||||
See [service](../routers/index.md#services) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.service": "myservice"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls`"
|
||||
|
||||
See [TLS](../routers/index.md#tls_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.tls": "true
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.certresolver`"
|
||||
|
||||
See [certResolver](../routers/index.md#certresolver_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.tls.certresolver": "myresolver"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].main`"
|
||||
|
||||
See [domains](../routers/index.md#domains_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.tls.domains[0].main": "foobar.com"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
||||
|
||||
See [domains](../routers/index.md#domains_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
||||
|
||||
See [options](../routers/index.md#options_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.tls.options": "mysoptions"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.passthrough`"
|
||||
|
||||
See [TLS](../routers/index.md#tls_1) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.routers.mytcprouter.tls.passthrough": "true"
|
||||
```
|
||||
|
||||
#### TCP Services
|
||||
|
||||
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"
|
||||
|
||||
Registers a port of the application.
|
||||
|
||||
```json
|
||||
"traefik.tcp.services.mytcpservice.loadbalancer.server.port": "423"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
|
||||
|
||||
See [termination delay](../services/index.md#termination-delay) for more information.
|
||||
|
||||
```json
|
||||
"traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay": "100"
|
||||
```
|
||||
|
||||
### Specific Provider Options
|
||||
|
||||
|
@ -262,6 +262,119 @@ More information about available middlewares in the dedicated [middlewares secti
|
||||
|
||||
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
|
||||
|
||||
### TCP
|
||||
|
||||
You can declare TCP Routers and/or Services using labels.
|
||||
|
||||
??? example "Declaring TCP Routers and Services"
|
||||
|
||||
```yaml
|
||||
services:
|
||||
my-container:
|
||||
# ...
|
||||
labels:
|
||||
- "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
|
||||
- "traefik.tcp.routers.my-router.tls=true"
|
||||
- "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
|
||||
```
|
||||
|
||||
!!! warning "TCP and HTTP"
|
||||
|
||||
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
|
||||
You can declare both a TCP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
|
||||
|
||||
#### TCP Routers
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.entrypoints`"
|
||||
|
||||
See [entry points](../routers/index.md#entrypoints_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.rule`"
|
||||
|
||||
See [rule](../routers/index.md#rule_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.service`"
|
||||
|
||||
See [service](../routers/index.md#services) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.service=myservice"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls`"
|
||||
|
||||
See [TLS](../routers/index.md#tls_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.tls=true"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.certresolver`"
|
||||
|
||||
See [certResolver](../routers/index.md#certresolver_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].main`"
|
||||
|
||||
See [domains](../routers/index.md#domains_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
|
||||
|
||||
See [domains](../routers/index.md#domains_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.options`"
|
||||
|
||||
See [options](../routers/index.md#options_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.tls.options=mysoptions"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.routers.<router_name>.tls.passthrough`"
|
||||
|
||||
See [TLS](../routers/index.md#tls_1) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.routers.mytcprouter.tls.passthrough=true"
|
||||
```
|
||||
|
||||
#### TCP Services
|
||||
|
||||
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"
|
||||
|
||||
Registers a port of the application.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.services.mytcpservice.loadbalancer.server.port=423"
|
||||
```
|
||||
|
||||
??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
|
||||
|
||||
See [termination delay](../services/index.md#termination-delay) for more information.
|
||||
|
||||
```yaml
|
||||
- "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"
|
||||
```
|
||||
|
||||
### Specific Provider Options
|
||||
|
||||
#### `traefik.enable`
|
||||
|
@ -50,7 +50,7 @@ In the process, routers may use pieces of [middleware](../../middlewares/overvie
|
||||
routers:
|
||||
to-database:
|
||||
entryPoints:
|
||||
- "mysql"
|
||||
- "mysql"
|
||||
# Catch every request (only available rule for non-tls routers. See below.)
|
||||
rule: "HostSNI(`*`)"
|
||||
service: database
|
||||
@ -164,8 +164,8 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
|
||||
Router-1:
|
||||
# won't listen to entry point web
|
||||
entryPoints:
|
||||
- "websecure"
|
||||
- "other"
|
||||
- "websecure"
|
||||
- "other"
|
||||
rule: "Host(`traefik.io`)"
|
||||
service: "service-1"
|
||||
```
|
||||
@ -415,8 +415,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
|
||||
foo:
|
||||
minVersion: VersionTLS12
|
||||
cipherSuites:
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
- TLS_RSA_WITH_AES_256_GCM_SHA384
|
||||
```
|
||||
|
||||
!!! important "Conflicting TLS Options"
|
||||
@ -510,8 +510,8 @@ http:
|
||||
tls:
|
||||
certResolver: "bar"
|
||||
domains:
|
||||
- main: "snitest.com"
|
||||
sans: "*.snitest.com"
|
||||
- main: "snitest.com"
|
||||
sans: "*.snitest.com"
|
||||
```
|
||||
|
||||
[ACME v2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
|
||||
@ -627,8 +627,8 @@ If you want to limit the router scope to a set of entry points, set the entry po
|
||||
Router-1:
|
||||
# won't listen to entry point web
|
||||
entryPoints:
|
||||
- "websecure"
|
||||
- "other"
|
||||
- "websecure"
|
||||
- "other"
|
||||
rule: "HostSNI(`traefik.io`)"
|
||||
service: "service-1"
|
||||
# will route TLS requests (and ignore non tls requests)
|
||||
@ -787,8 +787,8 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
|
||||
foo:
|
||||
minVersion: VersionTLS12
|
||||
cipherSuites:
|
||||
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_RSA_WITH_AES_256_GCM_SHA384"
|
||||
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
|
||||
- "TLS_RSA_WITH_AES_256_GCM_SHA384"
|
||||
```
|
||||
|
||||
#### `certResolver`
|
||||
@ -839,6 +839,6 @@ tcp:
|
||||
tls:
|
||||
certResolver: "bar"
|
||||
domains:
|
||||
- main: "snitest.com"
|
||||
sans: "*.snitest.com"
|
||||
- main: "snitest.com"
|
||||
sans: "*.snitest.com"
|
||||
```
|
||||
|
@ -143,7 +143,7 @@ entryPoints:
|
||||
serversTransport:
|
||||
# For secure connection on backend.local
|
||||
rootCAs:
|
||||
- ./backend.cert
|
||||
- ./backend.cert
|
||||
|
||||
providers:
|
||||
file:
|
||||
|
@ -87,9 +87,9 @@ nav:
|
||||
- 'Services': 'routing/services/index.md'
|
||||
- 'Providers':
|
||||
- 'Docker': 'routing/providers/docker.md'
|
||||
- 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md'
|
||||
- 'Rancher': 'routing/providers/rancher.md'
|
||||
- 'Marathon': 'routing/providers/marathon.md'
|
||||
- 'Kubernetes IngressRoute': 'routing/providers/kubernetes-crd.md'
|
||||
- 'HTTPS & TLS':
|
||||
- 'Overview': 'https/overview.md'
|
||||
- 'TLS': 'https/tls.md'
|
||||
|
Loading…
Reference in New Issue
Block a user