shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-03-19 18:50:12 +03:00
Code Releases Activity

Improve providers documentation.

Browse Source
This commit is contained in:
Ludovic Fernandez 2019-07-02 17:36:04 +02:00 committed by Traefiker Bot
parent 49814b92fe
commit 9db9143366
9 changed files with 784 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
docs/content/https/acme.md
View File

@ -17,7 +17,7 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
[entryPoints.web]
address = ":80"
[entryPoints.http-tls]
[entryPoints.web-secure]
address = ":443"
# every router with TLS enabled will now be able to use ACME for its certificates
@ -36,7 +36,7 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
web:
address: ":80"
http-tls:
web-secure:
address: ":443"
# every router with TLS enabled will now be able to use ACME for its certificates
@ -54,10 +54,7 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
```toml tab="TOML"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.http-tls]
[entryPoints.web-secure]
address = ":443"
[acme]
@ -73,10 +70,7 @@ You can configure Traefik to use an ACME provider (like Let's Encrypt) for autom
```yaml tab="YAML"
entryPoints:
web:
address: ":80"
http-tls:
web-secure:
address: ":443"
acme:
@ -144,17 +138,31 @@ when using the `HTTP-01` challenge, `acme.httpChallenge.entryPoint` must be reac
??? example "Using an EntryPoint Called http for the `httpChallenge`"
```toml tab="TOML"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[acme]
# ...
[acme.httpChallenge]
entryPoint = "http"
entryPoint = "web"
```
```yaml tab="YAML"
entryPoints:
web:
address: ":80"
web-secure:
address: ":443"
acme:
# ...
httpChallenge:
entryPoint: http
entryPoint: web
```
!!! note

228
docs/content/providers/docker.md
View File

@ -15,10 +15,18 @@ Attach labels to your containers and let Traefik do the rest!
??? example "Configuring Docker & Deploying / Exposing Services"
Enabling the docker provider
```toml
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```yaml tab="File (YAML)"
providers:
docker: {}
```
```bash tab="CLI"
--providers.docker
```
Attaching labels to containers (in your docker compose file)
@ -36,13 +44,28 @@ Attach labels to your containers and let Traefik do the rest!
Enabling the docker provider (Swarm Mode)
```toml
```toml tab="File (TOML)"
[providers.docker]
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
swarmMode = true
```
```yaml tab="File (YAML)"
providers:
docker:
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint: "tcp://127.0.0.1:2375"
swarmMode: true
```
```bash tab="CLI"
--providers.docker.endpoint="tcp://127.0.0.1:2375"
--providers.docker.swarmMode
```
Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
@ -67,6 +90,23 @@ Attach labels to your containers and let Traefik do the rest!
### `endpoint`
_Required, Default="unix:///var/run/docker.sock"_
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
```yaml tab="File (YAML)"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
```
```bash tab="CLI"
--providers.docker.endpoint="unix:///var/run/docker.sock"
```
Traefik requires access to the docker socket to get its dynamic configuration.
??? warning "Security Notes"
@ -94,14 +134,10 @@ Traefik requires access to the docker socket to get its dynamic configuration.
It allows different implementation levels of the [AAA (Authentication, Authorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_security)), depending on your security assessment:
- Authentication with Client Certificates as described in ["Protect the Docker daemon socket."](https://docs.docker.com/engine/security/https/)
- Authorization with the [Docker Authorization Plugin Mechanism](https://docs.docker.com/engine/extend/plugins_authorization/)
- Accounting at networking level, by exposing the socket only inside a Docker private network, only available for Traefik.
- Accounting at container level, by exposing the socket on a another container than Traefik's.
With Swarm mode, it allows scheduling of Traefik on worker nodes, with only the "socket exposer" container on the manager nodes.
- Accounting at kernel level, by enforcing kernel calls with mechanisms like [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux), to only allows an identified set of actions for Traefik's process (or the "socket exposer" process).
??? tip "Additional Resources"
@ -133,19 +169,48 @@ Traefik requires access to the docker socket to get its dynamic configuration.
We specify the docker.sock in traefik's configuration file.
```toml
```toml tab="File (TOML)"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
# ...
```
```bash tab="CLI"
--providers.docker.endpoint="unix:///var/run/docker.sock"
# ...
[providers]
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
```
### `usebindportip`
### `useBindPortIP`
_Optional, Default=false_
```toml tab="File (TOML)"
[providers.docker]
useBindPortIP = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
useBindPortIP: true
# ...
```
```bash tab="CLI"
--providers.docker.useBindPortIP=true
# ...
```
Traefik routes requests to the IP/Port of the matching container.
When setting `usebindportip=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port.
When setting `useBindPortIP=true`, you tell Traefik to use the IP/Port attached to the container's _binding_ instead of its inner network IP/Port.
When used in conjunction with the `traefik.http.services.XXX.loadbalancer.server.port` label (that tells Traefik to route requests to a specific port),
Traefik tries to find a binding on port `traefik.http.services.XXX.loadbalancer.server.port`.
@ -171,12 +236,50 @@ but still uses the `traefik.http.services.XXX.loadbalancer.server.port` that is
_Optional, Default=true_
```toml tab="File (TOML)"
[providers.docker]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
exposedByDefault: false
# ...
```
```bash tab="CLI"
--providers.docker.exposedByDefault=false
# ...
```
Expose containers by default through Traefik.
If set to false, containers that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `network`
_Optional_
_Optional, Default=empty_
```toml tab="File (TOML)"
[providers.docker]
network = "test"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
network: test
# ...
```
```bash tab="CLI"
--providers.docker.network=test
# ...
```
Defines a default docker network to use for connections to all containers.
@ -186,39 +289,100 @@ This option can be overridden on a container basis with the `traefik.docker.netw
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
```toml tab="File (TOML)"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.docker.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/),
augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
The container service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File"
[providers.docker]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.docker
--providers.docker.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
### `swarmMode`
_Optional, Default=false_
```toml tab="File (TOML)"
[providers.docker]
swarmMode = true
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
swarmMode: true
# ...
```
```bash tab="CLI"
--providers.docker.swarmMode
# ...
```
Activates the Swarm Mode.
### `swarmModeRefreshSeconds`
_Optional, Default=15_
```toml tab="File (TOML)"
[providers.docker]
swarmModeRefreshSeconds = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
swarmModeRefreshSeconds: "30s"
# ...
```
```bash tab="CLI"
--providers.docker.swarmModeRefreshSeconds=30s
# ...
```
Defines the polling interval (in seconds) in Swarm Mode.
### `constraints`
_Optional, Default=""_
```toml tab="File (TOML)"
[providers.docker]
constraints = "Label(`a.label.name`, `foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
docker:
constraints: "Label(`a.label.name`, `foo`)"
# ...
```
```bash tab="CLI"
--providers.docker.constraints="Label(`a.label.name`, `foo`)"
# ...
```
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included.
@ -257,6 +421,8 @@ The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp(
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
## Routing Configuration Options
### General

130
docs/content/providers/kubernetes-crd.md
View File

@ -19,6 +19,23 @@ we ended up writing a [Custom Resource Definition](https://kubernetes.io/docs/co
_Optional, Default=empty_
```toml tab="File (TOML)"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
endpoint = "http://localhost:8080"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.endpoint="http://localhost:8080"
```
The Kubernetes server endpoint as URL.
When deployed into Kubernetes, Traefik will read the environment variables `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` or `KUBECONFIG` to construct the endpoint.
@ -32,109 +49,130 @@ When the environment variables are not found, Traefik will try to connect to the
In this case, the endpoint is required.
Specifically, it may be set to the URL used by `kubectl proxy` to connect to a Kubernetes cluster using the granted authentication and authorization of the associated kubeconfig.
```toml tab="File"
[providers.kubernetesCRD]
endpoint = "http://localhost:8080"
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
--providers.kubernetescrd.endpoint="http://localhost:8080"
```
### `token`
_Optional, Default=empty_
Bearer token used for the Kubernetes client configuration.
```toml tab="File"
```toml tab="File (TOML)"
[providers.kubernetesCRD]
token = "mytoken"
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
token = "mytoken"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.token="mytoken"
```
Bearer token used for the Kubernetes client configuration.
### `certAuthFilePath`
_Optional, Default=empty_
Path to the certificate authority file.
Used for the Kubernetes client configuration.
```toml tab="File"
```toml tab="File (TOML)"
[providers.kubernetesCRD]
certAuthFilePath = "/my/ca.crt"
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
certAuthFilePath: "/my/ca.crt"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.certauthfilepath="/my/ca.crt"
```
Path to the certificate authority file.
Used for the Kubernetes client configuration.
### `namespaces`
_Optional, Default: all namespaces (empty array)_
Array of namespaces to watch.
```toml tab="File"
```toml tab="File (TOML)"
[providers.kubernetesCRD]
namespaces = ["default", "production"]
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
namespaces:
- "default"
- "production"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.namespaces="default,production"
```
Array of namespaces to watch.
### `labelselector`
_Optional,Default: empty (process all Ingresses)_
```toml tab="File (TOML)"
[providers.kubernetesCRD]
labelselector = "A and not B"
# ...
```
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
labelselector: "A and not B"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.labelselector="A and not B"
```
By default, Traefik processes all Ingress objects in the configured namespaces.
A label selector can be defined to filter on specific Ingress objects only.
See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
```toml tab="File"
[providers.kubernetesCRD]
labelselector = "A and not B"
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
--providers.kubernetescrd.labelselector="A and not B"
```
### `ingressClass`
_Optional, Default: empty_
Value of `kubernetes.io/ingress.class` annotation that identifies Ingress objects to be processed.
If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
```toml tab="File"
```toml tab="File (TOML)"
[providers.kubernetesCRD]
ingressClass = "traefik-internal"
# ...
```
```txt tab="CLI"
--providers.kubernetescrd
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
ingressClass: "traefik-internal"
# ...
```
```bash tab="CLI"
--providers.kubernetescrd.ingressclass="traefik-internal"
```
Value of `kubernetes.io/ingress.class` annotation that identifies Ingress objects to be processed.
If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
## Resource Configuration
If you're in a hurry, maybe you'd rather go through the [dynamic](../reference/dynamic-configuration/kubernetes-crd.md) configuration reference.

302
docs/content/providers/marathon.md
View File

@ -11,14 +11,17 @@ See also [Marathon user guide](../user-guides/marathon.md).
Enabling the marathon provider
```toml tab="File"
```toml tab="File (TOML)"
[providers.marathon]
endpoint = "http://127.0.0.1:8080"
```
```txt tab="CLI"
```yaml tab="File (YAML)"
providers:
marathon: {}
```
```bash tab="CLI"
--providers.marathon
--providers.marathon.endpoint="http://127.0.0.1:8080"
```
Attaching labels to marathon applications
@ -55,43 +58,74 @@ See also [Marathon user guide](../user-guides/marathon.md).
_Optional_
Enables Marathon basic authentication.
```toml tab="File"
```toml tab="File (TOML)"
[providers.marathon.basic]
httpBasicAuthUser = "foo"
httpBasicPassword = "bar"
```
```txt tab="CLI"
--providers.marathon
```yaml tab="File (YAML)"
providers:
marathon:
basic:
httpBasicAuthUser: foo
httpBasicPassword: bar
```
```bash tab="CLI"
--providers.marathon.basic.httpbasicauthuser="foo"
--providers.marathon.basic.httpbasicpassword="bar"
```
Enables Marathon basic authentication.
### `dcosToken`
_Optional_
DCOSToken for DCOS environment.
If set, it overrides the Authorization header.
```toml tab="File"
```toml tab="File (TOML)"
[providers.marathon]
dcosToken = "xxxxxx"
# ...
```
```txt tab="CLI"
--providers.marathon
```toml tab="File (YAML)"
providers:
marathon:
dcosToken: "xxxxxx"
# ...
```
```bash tab="CLI"
--providers.marathon.dcosToken="xxxxxx"
```
DCOSToken for DCOS environment.
If set, it overrides the Authorization header.
### `defaultRule`
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
```toml tab="File (TOML)"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.marathon.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
For a given application if no routing rule was defined by a label, it is defined by this defaultRule instead.
It must be a valid [Go template](https://golang.org/pkg/text/template/),
@ -100,21 +134,27 @@ augmented with the [sprig template functions](http://masterminds.github.io/sprig
The app ID can be accessed as the Name identifier,
and the template has access to all the labels defined on this Marathon application.
```toml tab="File"
[providers.marathon]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.marathon
--providers.marathon.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
### `dialerTimeout`
_Optional, Default=5s_
```toml tab="File (TOML)"
[providers.marathon]
dialerTimeout = "10s"
# ...
```
```toml tab="File (YAML)"
providers:
marathon:
dialerTimeout: "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.dialerTimeout=10s
```
Overrides DialerTimeout.
Amount of time the Marathon provider should wait before timing out,
@ -127,33 +167,77 @@ or directly as a number of seconds.
_Optional, Default=http://127.0.0.1:8080_
Marathon server endpoint.
You can optionally specify multiple endpoints:
```toml tab="File"
```toml tab="File (TOML)"
[providers.marathon]
endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```txt tab="CLI"
--providers.marathon
```toml tab="File (YAML)"
providers:
marathon:
endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
# ...
```
```bash tab="CLI"
--providers.marathon.endpoint="http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
```
Marathon server endpoint.
You can optionally specify multiple endpoints:
### `exposedByDefault`
_Optional, Default=true_
```toml tab="File (TOML)"
[providers.marathon]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
exposedByDefault: false
# ...
```
```bash tab="CLI"
--providers.marathon.exposedByDefault=false
# ...
```
Exposes Marathon applications by default through Traefik.
If set to false, applications that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `constraints`
_Optional, Default=""_
```toml tab="File (TOML)"
[providers.marathon]
constraints = "Label(`a.label.name`, `foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
constraints: "Label(`a.label.name`, `foo`)"
# ...
```
```bash tab="CLI"
--providers.marathon.constraints="Label(`a.label.name`, `foo`)"
# ...
```
Constraints is an expression that Traefik matches against the application's labels to determine whether to create any route for that application.
That is to say, if none of the application's labels match the expression, no route for the application is created.
In addition, the expression also matched against the application's constraints, such as described in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html).
@ -204,10 +288,30 @@ In addition, to match against marathon constraints, the function `MarathonConstr
constraints = "MarathonConstraint(`A:B:C`) && Label(`a.label.name`, `value`)"
```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `forceTaskHostname`
_Optional, Default=false_
```toml tab="File (TOML)"
[providers.marathon]
forceTaskHostname = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
forceTaskHostname: true
# ...
```
```bash tab="CLI"
--providers.marathon.forceTaskHostname=true
# ...
```
By default, a task's IP address (as returned by the Marathon API) is used as backend server if an IP-per-task configuration can be found;
otherwise, the name of the host running the task is used.
The latter behavior can be enforced by enabling this switch.
@ -216,6 +320,24 @@ The latter behavior can be enforced by enabling this switch.
_Optional, Default=10s_
```toml tab="File (TOML)"
[providers.marathon]
keepAlive = "30s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
keepAlive: "30s"
# ...
```
```bash tab="CLI"
--providers.marathon.keepAlive=30s
# ...
```
Set the TCP Keep Alive interval for the Marathon HTTP Client.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration),
or directly as a number of seconds.
@ -224,6 +346,24 @@ or directly as a number of seconds.
_Optional, Default=false_
```toml tab="File (TOML)"
[providers.marathon]
respectReadinessChecks = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
respectReadinessChecks: true
# ...
```
```bash tab="CLI"
--providers.marathon.respectReadinessChecks=true
# ...
```
Applications may define readiness checks which are probed by Marathon during deployments periodically, and these check results are exposed via the API.
Enabling respectReadinessChecks causes Traefik to filter out tasks whose readiness checks have not succeeded.
Note that the checks are only valid at deployment times.
@ -234,6 +374,24 @@ See the Marathon guide for details.
_Optional, Default=60s_
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "66s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
responseHeaderTimeout: "66s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout="66s"
# ...
```
Overrides ResponseHeaderTimeout.
Amount of time the Marathon provider should wait before timing out,
when waiting for the first response header from a Marathon master.
@ -244,9 +402,7 @@ Can be provided in a format supported by [time.ParseDuration](https://golang.org
_Optional_
TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config).
```toml tab="File"
```toml tab="File (TOML)"
[providers.marathon.tls]
ca = "/etc/ssl/ca.crt"
cert = "/etc/ssl/marathon.cert"
@ -254,19 +410,49 @@ TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Confi
insecureSkipVerify = true
```
```txt tab="CLI"
--providers.marathon.tls
```yaml tab="File (YAML)"
providers:
marathon
tls:
ca: "/etc/ssl/ca.crt"
cert: "/etc/ssl/marathon.cert"
key: "/etc/ssl/marathon.key"
insecureSkipVerify: true
```
```bash tab="CLI"
--providers.marathon.tls.ca="/etc/ssl/ca.crt"
--providers.marathon.tls.cert="/etc/ssl/marathon.cert"
--providers.marathon.tls.key="/etc/ssl/marathon.key"
--providers.marathon.tls.insecureskipverify=true
```
### `TLSHandshakeTimeout`
TLS client configuration. [tls/#Config](https://golang.org/pkg/crypto/tls/#Config).
### `tlsHandshakeTimeout`
_Optional, Default=5s_
```toml tab="File (TOML)"
[providers.marathon]
responseHeaderTimeout = "10s"
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
responseHeaderTimeout: "10s"
# ...
```
```bash tab="CLI"
--providers.marathon.responseHeaderTimeout="10s"
# ...
```
Overrides TLSHandshakeTimeout.
Amount of time the Marathon provider should wait before timing out,
when waiting for the TLS handshake to complete.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration),
@ -276,12 +462,48 @@ or directly as a number of seconds.
_Optional, Default=false_
```toml tab="File (TOML)"
[providers.marathon]
trace = true
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
trace: true
# ...
```
```bash tab="CLI"
--providers.marathon.trace=true
# ...
```
Displays additional provider logs (if available).
### `watch`
_Optional, Default=true_
```toml tab="File (TOML)"
[providers.marathon]
watch = false
# ...
```
```yaml tab="File (YAML)"
providers:
marathon:
watch: false
# ...
```
```bash tab="CLI"
--providers.marathon.watch=false
# ...
```
Enables watching for Marathon changes.
## Routing Configuration Options

174
docs/content/providers/rancher.md
View File

@ -18,9 +18,18 @@ Attach labels to your services and let Traefik do the rest!
Enabling the rancher provider
```toml
```toml tab="File (TOML)"
[providers.rancher]
```
```yaml tab="File (YAML)"
providers:
rancher: {}
```
```bash tab="CLI"
--providers.rancher
```
Attaching labels to services
@ -34,21 +43,67 @@ Attach labels to your services and let Traefik do the rest!
??? tip "Browse the Reference"
If you're in a hurry, maybe you'd rather go through the configuration reference:
```toml
```toml tab="File (TOML)"
--8<-- "content/providers/rancher.toml"
```
```yaml tab="File (YAML)"
--8<-- "content/providers/rancher.yml"
```
```bash tab="CLI"
--8<-- "content/providers/rancher.txt"
```
### `ExposedByDefault`
### `exposedByDefault`
_Optional, Default=true_
```toml tab="File (TOML)"
[providers.rancher]
exposedByDefault = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
exposedByDefault: false
# ...
```
```bash tab="CLI"
--providers.rancher.exposedByDefault=false
# ...
```
Expose Rancher services by default in Traefik.
If set to false, services that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
### `DefaultRule`
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `defaultRule`
_Optional, Default=```Host(`{{ normalize .Name }}`)```_
```toml tab="File (TOML)"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```bash tab="CLI"
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
The default host rule for all services.
For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
@ -57,48 +112,127 @@ augmented with the [sprig template functions](http://masterminds.github.io/sprig
The service name can be accessed as the `Name` identifier,
and the template has access to all the labels defined on this container.
```toml tab="File"
[providers.rancher]
defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
# ...
```
```txt tab="CLI"
--providers.rancher
--providers.rancher.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
```
This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
### `EnableServiceHealthFilter`
### `enableServiceHealthFilter`
_Optional, Default=true_
```toml tab="File (TOML)"
[providers.rancher]
enableServiceHealthFilter = false
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
enableServiceHealthFilter: false
# ...
```
```bash tab="CLI"
--providers.rancher.enableServiceHealthFilter=false
# ...
```
Filter services with unhealthy states and inactive states.
### `RefreshSeconds`
### `refreshSeconds`
_Optional, Default=15_
```toml tab="File (TOML)"
[providers.rancher]
refreshSeconds = 30
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
refreshSeconds: 30
# ...
```
```bash tab="CLI"
--providers.rancher.refreshSeconds=30
# ...
```
Defines the polling interval (in seconds).
### `IntervalPoll`
### `intervalPoll`
_Optional, Default=false_
```toml tab="File (TOML)"
[providers.rancher]
intervalPoll = true
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
intervalPoll: true
# ...
```
```bash tab="CLI"
--providers.rancher.intervalPoll=true
# ...
```
Poll the Rancher metadata service for changes every `rancher.refreshSeconds`,
which is less accurate than the default long polling technique which will provide near instantaneous updates to Traefik.
### `Prefix`
### `prefix`
_Optional, Default=/latest_
```toml tab="File (TOML)"
[providers.rancher]
prefix = "/test"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
prefix: "/test"
# ...
```
```bash tab="CLI"
--providers.rancher.prefix="/test"
# ...
```
Prefix used for accessing the Rancher metadata service
### `constraints`
_Optional, Default=""_
```toml tab="File (TOML)"
[providers.rancher]
constraints = "Label(`a.label.name`, `foo`)"
# ...
```
```yaml tab="File (YAML)"
providers:
rancher:
constraints: "Label(`a.label.name`, `foo`)"
# ...
```
```bash tab="CLI"
--providers.rancher.constraints="Label(`a.label.name`, `foo`)"
# ...
```
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
That is to say, if none of the container's labels match the expression, no route for the container is created.
If the expression is empty, all detected containers are included.
@ -137,6 +271,8 @@ The expression syntax is based on the `Label("key", "value")`, and `LabelRegexp(
constraints = "LabelRegexp(`a.label.name`, `a.+`)"
```
See also [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
## Routing Configuration Options
### General

20
docs/content/providers/rancher.txt Normal file
View File

@ -0,0 +1,20 @@
# Enable Rancher Provider.
--providers.rancher
# Expose Rancher services by default in Traefik.
--providers.rancher.exposedByDefault=true
# Enable watch Rancher changes.
--providers.rancher.watch=true
# Filter services with unhealthy states and inactive states.
--providers.rancher.enableServiceHealthFilter=true
# Defines the polling interval (in seconds).
--providers.rancher.refreshSeconds=true
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
--providers.rancher.intervalPoll=false
# Prefix used for accessing the Rancher metadata service
--providers.rancher.prefix="/latest"

21
docs/content/providers/rancher.yml Normal file
View File

@ -0,0 +1,21 @@
# Enable Rancher Provider.
providers:
rancher:
# Expose Rancher services by default in Traefik.
exposedByDefault: true
# Enable watch Rancher changes.
watch: true
# Filter services with unhealthy states and inactive states.
enableServiceHealthFilter: true
# Defines the polling interval (in seconds).
refreshSeconds: true
# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
intervalPoll: false
# Prefix used for accessing the Rancher metadata service
prefix: "/latest"

14
docs/content/routing/entrypoints.md
View File

@ -24,7 +24,7 @@ They define the port which will receive the requests (whether HTTP or TCP).
address: ":80"
```
```ini tab="CLI"
```bash tab="CLI"
--entryPoints.web.address=:80
```
@ -50,7 +50,7 @@ They define the port which will receive the requests (whether HTTP or TCP).
address: ":443"
```
```ini tab="CLI"
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web-secure.address=:443
```
@ -113,7 +113,7 @@ entryPoints:
- "foobar"
```
```ini tab="CLI"
```bash tab="CLI"
--entryPoints.EntryPoint0.address=:8888
--entryPoints.EntryPoint0.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.EntryPoint0.transport.lifeCycle.graceTimeOut=42
@ -151,7 +151,7 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
- "192.168.1.7"
```
```ini tab="CLI"
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7
```
@ -180,7 +180,7 @@ Traefik supports [ProxyProtocol](https://www.haproxy.org/download/1.8/doc/proxy-
insecure: true
```
```ini tab="CLI"
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure
```
@ -215,7 +215,7 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
- "192.168.1.7"
```
```ini tab="CLI"
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7
```
@ -239,7 +239,7 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
insecure: true
```
```ini tab="CLI"
```bash tab="CLI"
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure
```

20
docs/content/routing/overview.md
View File

@ -26,7 +26,7 @@ In the process, Traefik will make sure that the user is authenticated (using the
Static configuration:
```toml tab="TOML"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
# Listen on port 8081 for incoming requests
@ -37,7 +37,7 @@ Static configuration:
[providers.file]
```
```yaml tab="YAML"
```yaml tab="File (YAML)"
entryPoints:
web:
# Listen on port 8081 for incoming requests
@ -48,6 +48,14 @@ providers:
file: {}
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=:8081
# Enable the file provider to define routers / middlewares / services in a file
--providers.file
```
Dynamic configuration:
```toml tab="TOML"
@ -137,6 +145,14 @@ http:
file: {}
```
```bash tab="CLI"
# Listen on port 8081 for incoming requests
--entryPoints.web.address=":8081"
# Enable the file provider to define routers / middlewares / services in a file
--providers.file
```
Dynamic configuration:
```toml tab="TOML"