shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-11-18 12:23:56 +03:00
Code Releases Activity

Merge branch v3.5 into master

Browse Source
This commit is contained in:
romain
2025-10-02 17:43:19 +02:00
parent 6df82676aa 5878238077
commit a030638183
54 changed files with 635 additions and 318 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
View File

@@ -89,7 +89,7 @@ When the bucket is not full, on token is generated every 10 seconds (6 every 1 m
| <a id="period" href="#period" title="#period">`period`</a> | Period of time used to define the rate.<br />More information [here](#rate-and-burst).| 1s | No |
| <a id="burst" href="#burst" title="#burst">`burst`</a> | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst). | 1 | No |
| <a id="denyOnError" href="#denyOnError" title="#denyOnError">`denyOnError`</a> | Forces to return a 429 error if the number of remaining requests accepted cannot be get.<br /> Set to `false`, this option allows the request to reach the backend. | true | No |
| <a id="responseHeaders" href="#responseHeaders" title="#responseHeaders">`responseHeaders`</a> | Injects the following rate limiting headers in the response:<br />- X-Rate-Limit-Remaining<br />- X-Rate-Limit-Limit<br />- X-Rate-Limit-Period<br />- X-Rate-Limit-Reset<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
| <a id="responseHeaders" href="#responseHeaders" title="#responseHeaders">`responseHeaders`</a> | Injects the following rate limiting headers in the response:<br />- `X-Rate-Limit-Remaining`<br />- `X-Rate-Limit-Limit`<br />- `X-Rate-Limit-Period`<br />- `X-Rate-Limit-Reset`<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
| <a id="store-redis-endpoints" href="#store-redis-endpoints" title="#store-redis-endpoints">`store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes |
| <a id="store-redis-username" href="#store-redis-username" title="#store-redis-username">`store.redis.username`</a> | The username Traefik Hub will use to connect to Redis | "" | No |
| <a id="store-redis-password" href="#store-redis-password" title="#store-redis-password">`store.redis.password`</a> | The password Traefik Hub will use to connect to Redis | "" | No |
@@ -142,7 +142,7 @@ In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For
Example to use each IP as a distinct source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1" href="#10-0-0-111-0-0-112-0-0-1" title="#10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1" href="#10-0-0-211-0-0-112-0-0-1" title="#10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@@ -151,7 +151,7 @@ Example to use each IP as a distinct source:
Example to group IPs together as same source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1-2" href="#10-0-0-211-0-0-112-0-0-1-2" title="#10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |

10
docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
View File

@@ -87,10 +87,10 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header |
|-------------------|------------------------|
| <a id="HTTP-Method" href="#HTTP-Method" title="#HTTP-Method">HTTP Method</a> | X-Forwarded-Method |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | X-Forwarded-Proto |
| <a id="Host" href="#Host" title="#Host">Host</a> | X-Forwarded-Host |
| <a id="Request-URI" href="#Request-URI" title="#Request-URI">Request URI</a> | X-Forwarded-Uri |
| <a id="Source-IP-Address" href="#Source-IP-Address" title="#Source-IP-Address">Source IP-Address</a> | X-Forwarded-For |
| <a id="HTTP-Method" href="#HTTP-Method" title="#HTTP-Method">HTTP Method</a> | `X-Forwarded-Method` |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | `X-Forwarded-Proto` |
| <a id="Host" href="#Host" title="#Host">Host</a> | `X-Forwarded-Host` |
| <a id="Request-URI" href="#Request-URI" title="#Request-URI">Request URI</a> | `X-Forwarded-Uri` |
| <a id="Source-IP-Address" href="#Source-IP-Address" title="#Source-IP-Address">Source IP-Address</a> | `X-Forwarded-For` |
{!traefik-for-business-applications.md!}

10
docs/content/reference/routing-configuration/http/middlewares/headers.md
View File

@@ -9,11 +9,11 @@ By default, the following headers are automatically added when proxying requests
| Property | HTTP Header |
|---------------------------|----------------------------|
| <a id="Clients-IP" href="#Clients-IP" title="#Clients-IP">Client's IP</a> | X-Forwarded-For, X-Real-Ip |
| <a id="Host" href="#Host" title="#Host">Host</a> | X-Forwarded-Host |
| <a id="Port" href="#Port" title="#Port">Port</a> | X-Forwarded-Port |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | X-Forwarded-Proto |
| <a id="Proxy-Servers-Hostname" href="#Proxy-Servers-Hostname" title="#Proxy-Servers-Hostname">Proxy Server's Hostname</a> | X-Forwarded-Server |
| <a id="Clients-IP" href="#Clients-IP" title="#Clients-IP">Client's IP</a> | `X-Forwarded-For`, `X-Real-Ip` |
| <a id="Host" href="#Host" title="#Host">Host</a> | `X-Forwarded-Host` |
| <a id="Port" href="#Port" title="#Port">Port</a> | `X-Forwarded-Port` |
| <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | `X-Forwarded-Proto` |
| <a id="Proxy-Servers-Hostname" href="#Proxy-Servers-Hostname" title="#Proxy-Servers-Hostname">Proxy Server's Hostname</a> | `X-Forwarded-Server` |
## Configuration Examples

8
docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
View File

@@ -94,19 +94,19 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| <a id="abcd111122223333-2" href="#abcd111122223333-2" title="#abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80` | `"::abcd:0:0:0:0"` |
| <a id="abcd111122223333-3" href="#abcd111122223333-3" title="#abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96` | `"::abcd:1111:0:0:0"` |
### Example of Depth & X-Forwarded-For
### Example of Depth & `X-Forwarded-For`
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
| X-Forwarded-For | depth | clientIP |
|-----------------------------------------|---------|--------------|
| `X-Forwarded-For` | depth | clientIP |
|-----------------------------------------|-------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### Example of ExcludedIPs & X-Forwarded-For
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |

8
docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
View File

@@ -99,19 +99,19 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| <a id="abcd111122223333-2" href="#abcd111122223333-2" title="#abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80` | `"::abcd:0:0:0:0"` |
| <a id="abcd111122223333-3" href="#abcd111122223333-3" title="#abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96` | `"::abcd:1111:0:0:0"` |
### Example of Depth & X-Forwarded-For
### Example of Depth & `X-Forwarded-For`
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
| X-Forwarded-For | depth | clientIP |
| `X-Forwarded-For` | depth | clientIP |
|-----------------------------------------|---------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### Example of ExcludedIPs & X-Forwarded-For
### Example of ExcludedIPs & `X-Forwarded-For`
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |

4
docs/content/reference/routing-configuration/http/middlewares/ratelimit.md
View File

@@ -266,7 +266,7 @@ In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For
Example to use each IP as a distinct source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1" href="#10-0-0-111-0-0-112-0-0-1" title="#10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1" href="#10-0-0-211-0-0-112-0-0-1" title="#10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@@ -275,7 +275,7 @@ Example to use each IP as a distinct source:
Example to group IPs together as same source:
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| <a id="10-0-0-111-0-0-112-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| <a id="10-0-0-211-0-0-112-0-0-1-2" href="#10-0-0-211-0-0-112-0-0-1-2" title="#10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |

2
docs/content/reference/routing-configuration/http/middlewares/redirectscheme.md
View File

@@ -10,7 +10,7 @@ The `RedirectScheme` middleware redirects the request if the request scheme is d
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../../install-configuration/entrypoints.md#configuration-options) one.
Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
Otherwise, Traefik would clean up the `X-Forwarded` headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.

0
docs/content/reference/routing-configuration/http/router/observability.md → docs/content/reference/routing-configuration/http/routing/observability.md
View File

96
docs/content/reference/routing-configuration/http/routing/router.md Normal file
View File

@@ -0,0 +1,96 @@
---
title: "Traefik HTTP Routers Documentation"
description: "HTTP routers are responsible for connecting incoming requests to the services that can handle them. Read the technical documentation."
---
## HTTP Router
An HTTP router is in charge of connecting incoming requests to the services that can handle them. Routers analyze incoming requests based on rules, and when a match is found, forward the request through any configured middlewares to the appropriate service.
## Configuration Example
```yaml tab="Structured (YAML)"
http:
routers:
my-router:
entryPoints:
- "web"
- "websecure"
rule: "Host(`example.com`) && Path(`/api`)"
priority: 10
middlewares:
- "auth"
- "ratelimit"
tls:
certResolver: "letsencrypt"
observability:
metrics: true
accessLogs: true
tracing: true
service: my-service
```
```toml tab="Structured (TOML)"
[http.routers]
[http.routers.my-router]
entryPoints = ["web", "websecure"]
rule = "Host(`example.com`) && Path(`/api`)"
priority = 10
middlewares = ["auth", "ratelimit"]
service = "my-service"
[http.routers.my-router.tls]
certResolver = "letsencrypt"
[http.routers.my-router.observability]
metrics = true
accessLogs = true
tracing = true
```
```yaml tab="Labels"
labels:
- "traefik.http.routers.my-router.entrypoints=web,websecure"
- "traefik.http.routers.my-router.rule=Host(`example.com`) && Path(`/api`)"
- "traefik.http.routers.my-router.priority=10"
- "traefik.http.routers.my-router.middlewares=auth,ratelimit"
- "traefik.http.routers.my-router.service=my-service"
- "traefik.http.routers.my-router.tls.certresolver=letsencrypt"
- "traefik.http.routers.my-router.observability.metrics=true"
- "traefik.http.routers.my-router.observability.accessLogs=true"
- "traefik.http.routers.my-router.observability.tracing=true"
```
```json tab="Tags"
{
"Tags": [
"traefik.http.routers.my-router.entrypoints=web,websecure",
"traefik.http.routers.my-router.rule=Host(`example.com`) && Path(`/api`)",
"traefik.http.routers.my-router.priority=10",
"traefik.http.routers.my-router.middlewares=auth,ratelimit",
"traefik.http.routers.my-router.service=my-service",
"traefik.http.routers.my-router.tls.certresolver=letsencrypt",
"traefik.http.routers.my-router.observability.metrics=true",
"traefik.http.routers.my-router.observability.accessLogs=true",
"traefik.http.routers.my-router.observability.tracing=true"
]
}
```
## Configuration Options
| Field | Description | Default | Required |
|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, HTTP routers are attached to all entry points. | All entry points | No |
| <a id="rule" href="#rule" title="#rule">`rule`</a> | Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria. If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service. See [Rules & Priority](./rules-and-priority.md) for details. | | Yes |
| <a id="priority" href="#priority" title="#priority">`priority`</a> | To avoid path overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
| <a id="middlewares" href="#middlewares" title="#middlewares">`middlewares`</a> | The list of middlewares that are applied to the router. Middlewares are applied in the order they are declared. See [Middlewares overview](../middlewares/overview.md) for available middlewares. | | No |
| <a id="tls" href="#tls" title="#tls">`tls`</a> | TLS configuration for the router. When specified, the router will only handle HTTPS requests. See [TLS overview](../tls/overview.md) for detailed TLS configuration. | | No |
| <a id="observability" href="#observability" title="#observability">`observability`</a> | Observability configuration for the router. Allows fine-grained control over access logs, metrics, and tracing per router. See [Observability](./observability.md) for details. | Inherited from entry points | No |
| <a id="service" href="#service" title="#service">`service`</a> | The name of the service that will handle the matched requests. Services can be load balancer services, weighted round robin, mirroring, or failover services. See [Service](../load-balancing/service.md) for details.| | Yes |
## Router Naming
- The character `@` is not authorized in the router name
- In provider-specific configurations (Docker, Kubernetes), router names are often auto-generated based on service names and rules

0
docs/content/reference/routing-configuration/http/router/rules-and-priority.md → docs/content/reference/routing-configuration/http/routing/rules-and-priority.md
View File

2
docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
View File

@@ -36,7 +36,7 @@ spec:
accessLogs: true
metrics: true
tracing: true
# Set a pirority
# Set a priority
priority: 10
services:
# Target a Kubernetes Support

2
docs/content/reference/routing-configuration/other-providers/swarm.md
View File

@@ -738,7 +738,7 @@ otherwise it will randomly pick one (depending on how docker is returning them).
#### `traefik.swarm.lbswarm`
```yaml
- "traefik.docker.lbswarm=true"
- "traefik.swarm.lbswarm=true"
```
Enables Swarm's inbuilt load balancer (only relevant in Swarm Mode).

86
docs/content/reference/routing-configuration/tcp/routing/router.md Normal file
View File

@@ -0,0 +1,86 @@
---
title: "Traefik TCP Routers Documentation"
description: "TCP routers are responsible for connecting incoming TCP connections to the services that can handle them. Read the technical documentation."
---
## TCP Router
A TCP router is in charge of connecting incoming TCP connections to the services that can handle them. TCP routers analyze incoming connections based on rules, and when a match is found, forward the connection through any configured middlewares to the appropriate service.
!!! note "TCP vs HTTP Routing"
If both HTTP routers and TCP routers listen to the same EntryPoint, the TCP routers will apply before the HTTP routers. If no matching route is found for the TCP routers, then the HTTP routers will take over.
## Configuration Example
```yaml tab="Structured (YAML)"
tcp:
routers:
my-tcp-router:
entryPoints:
- "tcp-ep"
- "websecure"
rule: "HostSNI(`example.com`)"
priority: 10
middlewares:
- "tcp-ipallowlist"
tls:
passthrough: false
certResolver: "letsencrypt"
service: my-tcp-service
```
```toml tab="Structured (TOML)"
[tcp.routers]
[tcp.routers.my-tcp-router]
entryPoints = ["tcp-ep", "websecure"]
rule = "HostSNI(`example.com`)"
priority = 10
middlewares = ["tcp-ipallowlist"]
service = "my-tcp-service"
[tcp.routers.my-tcp-router.tls]
passthrough = false
certResolver = "letsencrypt"
```
```yaml tab="Labels"
labels:
- "traefik.tcp.routers.my-tcp-router.entrypoints=tcp-ep,websecure"
- "traefik.tcp.routers.my-tcp-router.rule=HostSNI(`example.com`)"
- "traefik.tcp.routers.my-tcp-router.priority=10"
- "traefik.tcp.routers.my-tcp-router.middlewares=tcp-ipallowlist"
- "traefik.tcp.routers.my-tcp-router.tls.certresolver=letsencrypt"
- "traefik.tcp.routers.my-tcp-router.tls.passthrough=false"
- "traefik.tcp.routers.my-tcp-router.service=my-tcp-service"
```
```json tab="Tags"
{
"Tags": [
"traefik.tcp.routers.my-tcp-router.entrypoints=tcp-ep,websecure",
"traefik.tcp.routers.my-tcp-router.rule=HostSNI(`example.com`)",
"traefik.tcp.routers.my-tcp-router.priority=10",
"traefik.tcp.routers.my-tcp-router.middlewares=tcp-ipallowlist",
"traefik.tcp.routers.my-tcp-router.tls.certresolver=letsencrypt",
"traefik.tcp.routers.my-tcp-router.tls.passthrough=false",
"traefik.tcp.routers.my-tcp-router.service=my-tcp-service"
]
}
```
## Configuration Options
| Field | Description | Default | Required |
|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, TCP routers are attached to all TCP entry points. | All TCP entry points | No |
| <a id="rule" href="#rule" title="#rule">`rule`</a> | Rules are a set of matchers configured with values, that determine if a particular connection matches specific criteria. If the rule is verified, the router becomes active, calls middlewares, and then forwards the connection to the service. See [Rules & Priority](./rules-and-priority.md) for details. | | Yes |
| <a id="priority" href="#priority" title="#priority">`priority`</a> | To avoid rule overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of `0` for the priority is ignored. See [Rules & Priority](./rules-and-priority.md) for details. | Rule length | No |
| <a id="middlewares" href="#middlewares" title="#middlewares">`middlewares`</a> | The list of middlewares that are applied to the router. Middlewares are applied in the order they are declared. See [TCP Middlewares overview](../middlewares/overview.md) for available TCP middlewares. | | No |
| <a id="tls" href="#tls" title="#tls">`tls`</a> | TLS configuration for the router. When specified, the router will only handle TLS connections. See [TLS configuration](../tls.md) for detailed TLS options. | | No |
| <a id="service" href="#service" title="#service">`service`</a> | The name of the service that will handle the matched connections. Services can be load balancer services or weighted round robin services. See [TCP Service](../service.md) for details. | | Yes |
## Router Naming
- The character `@` is not authorized in the router name
- Router names should be descriptive and follow your naming conventions
- In provider-specific configurations (Docker, Kubernetes), router names are often auto-generated based on service names and rules

0
docs/content/reference/routing-configuration/tcp/router/rules-and-priority.md → docs/content/reference/routing-configuration/tcp/routing/rules-and-priority.md
View File

69
docs/content/reference/routing-configuration/udp/routing/router.md Normal file
View File

@@ -0,0 +1,69 @@
---
title: "Traefik UDP Routers Documentation"
description: "UDP routers are responsible for connecting incoming UDP packets to the services that can handle them. Read the technical documentation."
---
## UDP Router
A UDP router is in charge of connecting incoming UDP packets to the services that can handle them. Unlike HTTP and TCP routers, UDP routers operate at the transport layer and have unique characteristics due to the connectionless nature of UDP.
!!! important "UDP Router Characteristics"
- UDP is connectionless, so there is no concept of a request URL path or Host SNI to match against
- UDP routers are essentially load-balancers that distribute packets to backend services
- UDP routers can only target UDP services (not HTTP or TCP services)
- Sessions are tracked with configurable timeouts to maintain state between client and backend
## Configuration Example
```yaml tab="Structured (YAML)"
udp:
routers:
my-udp-router:
entryPoints:
- "udp-ep"
- "dns"
service: my-udp-service
```
```toml tab="Structured (TOML)"
[udp.routers]
[udp.routers.my-udp-router]
entryPoints = ["udp-ep", "dns"]
service = "my-udp-service"
```
```yaml tab="Labels"
labels:
- "traefik.udp.routers.my-udp-router.entrypoints=udp-ep,dns"
- "traefik.udp.routers.my-udp-router.service=my-udp-service"
```
```json tab="Tags"
{
"Tags": [
"traefik.udp.routers.my-udp-router.entrypoints=udp-ep,dns",
"traefik.udp.routers.my-udp-router.service=my-udp-service"
]
}
```
## Configuration Options
| Field | Description | Default | Required |
|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | The list of entry points to which the router is attached. If not specified, UDP routers are attached to all UDP entry points. | All UDP entry points | No |
| <a id="service" href="#service" title="#service">`service`</a> | The name of the service that will handle the matched UDP packets. UDP services are typically load balancer services that distribute packets to multiple backend servers. See [UDP Service](../service.md) for details. | | Yes |
## Sessions and Timeout
Even though UDP is connectionless, Traefik's UDP router implementation relies on sessions to maintain state about ongoing communication between clients and backends. This allows the proxy to know where to forward response packets from backends.
Each session has an associated timeout that cleans up inactive sessions after a specified duration of inactivity.
Session timeout can be configured using the `entryPoints.name.udp.timeout` option in the static configuration. See [EntryPoints documentation](../../install-configuration/entrypoints.md) for details.
## Router Naming
- The character `@` is not authorized in the router name
- Router names should be descriptive and follow your naming conventions
- In provider-specific configurations (Docker, Kubernetes), router names are often auto-generated based on service names

0
docs/content/reference/routing-configuration/udp/router/rules-priority.md → docs/content/reference/routing-configuration/udp/routing/rules-priority.md
View File