shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-09-12 01:44:26 +03:00
Code Releases Activity

Compare commits

base: shaba:v2.6.6
Branches Tags
shaba:master shaba:v3.5 shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4 shaba:v2.5
shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0
...
compare: shaba:v2.7
Branches Tags
shaba:v3.5 shaba:master shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4 shaba:v2.5
shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0

75 Commits
v2.6.6 ... v2.7

Author SHA1 Message Date
Fernandez Ludovic
8746358069 chore: fix PyYAML version 2023-07-19 21:34:18 +02:00
Romain
8b22101236 Prepare release v2.7.3 2022-06-29 15:44:08 +02:00
mloiseleur
03598d395b Add documentation main, SANs and plugin CRD fields 2022-06-29 11:04:09 +02:00
Jean-Baptiste Doumenjou
9d61cb64a2 Ensure that the Datadog client is cleanly stopped 2022-06-29 10:34:08 +02:00
Kevin Pollet
65a317010b Prepare release v2.7.2 2022-06-27 15:52:08 +02:00
Julien Salleyron
a887794313 Fix HostRegexp and Query muxers 2022-06-27 15:16:08 +02:00
tomatokoolaid
77e1ce2877 Added useful links for commercial applications 2022-06-27 11:08:08 +02:00
tomatokoolaid
470a4f6e5f Update to improve info section relevance 2022-06-27 10:32:08 +02:00
mloiseleur
94141233f0 Add documentation to Traefik CRD properties 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-06-24 12:40:08 +02:00
Maxence Moutoussamy
ff17ac53df RedirectScheme redirects based on X-Forwarded-Proto header 2022-06-24 12:04:09 +02:00
burner-account
55ba4356f2 Allow multiple listeners on same port in Gateway API provider 2022-06-23 11:58:09 +02:00
Thomas P
804b0ff2f2 Do not make multiple requests to the same URL for balancer healthcheck 2022-06-22 21:46:08 +02:00
Kevin Pollet
818541d4d7 Update yaegi to v0.13.0 2022-06-21 19:56:08 +02:00
miteshjadia
1b199730d2 docs: add missing info.serialNumber option to PassTLSClientCert middleware 2022-06-21 15:46:08 +02:00
Maxence Moutoussamy
23340c46e6 Add log when missing path in health check 2022-06-20 15:40:13 +02:00
Kevin Pollet
5c15f5fe04 Update DataDog tracing dependency to v1.38.1 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2022-06-16 17:54:08 +02:00
Roman Tomjak
ba7e9ed788 Add a note on how to handle server first protocols 2022-06-14 12:24:08 +02:00
Romain
251798a778 Prepare release v2.7.1 2022-06-13 15:30:08 +02:00
Ludovic Fernandez
73306a1533 Hub documentation 
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
 2022-06-13 10:02:08 +02:00
tfny
b3eb629785 Update the contributing docs for clarity and to encourage community activity 2022-06-10 19:06:10 +02:00
Ludovic Fernandez
9c59df5e9c fix: invalid placeholder in log message 2022-06-10 16:16:08 +02:00
Tom Moulard
2a88b25712 Update gateway api link from v1alpha1 to v1alpha2 2022-06-10 15:12:08 +02:00
Ludovic Fernandez
b952f814c1 docs: fix rule expression render 2022-06-10 09:24:08 +02:00
Ludovic Fernandez
6d6f8b28d7 Update go-acme/lego to v4.7.0 2022-06-02 13:00:08 +02:00
tfny
118d56fc40 Update the link for contributor swag 2022-06-02 09:36:08 +02:00
Tom Moulard
fbf90e6981 Update Gateway API links 2022-06-01 10:42:08 +02:00
Robert Barbey
607faace07 Fix typo in stripPrefix middleware docs 2022-05-30 14:10:08 +02:00
mpl
685962545a docs: fix traefik version s/2.6/2.7/ 2022-05-25 18:14:08 +02:00
Romain
34d29e7a10 Prepare release v2.7.0 2022-05-24 18:58:08 +02:00
romain
05f3e60366 Merge branch v2.6 into v2.7 2022-05-24 17:49:39 +02:00
Romain
5aa1220e5a Prepare release v2.6.7 2022-05-24 16:14:08 +02:00
mpl
c1919c6b24 Update Yaegi to v0.12.0 2022-05-23 12:52:08 +02:00
karlosmunjos
6349e2e28c Updated browserXssFilter key to camel case 2022-05-23 10:50:08 +02:00
Maxence Moutoussamy
e642365613 Fix panic when getting certificates with non-existing store 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2022-05-19 17:12:08 +02:00
Romain
ac4086d0ac Fix TCP-TLS/HTTPS routing precedence 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2022-05-19 16:44:14 +02:00
Douglas De Toni Machado
575d4ab431 Fix initial tcp lookup when address is not available 2022-05-19 16:40:09 +02:00
Ludovic Fernandez
ede2be1f66 fix: skip Provide when TLS is nil 2022-05-19 15:00:16 +02:00
Ludovic Fernandez
d134a993d0 docs: fix default priority of the entrypoint redirection 2022-05-19 08:56:07 +02:00
Baptiste Mayelle
86cc6df374 feat: use dedicated entrypoint for the tunnels 
Co-authored-by: Fernandez Ludovic <[ldez@users.noreply.github.com](mailto:ldez@users.noreply.github.com)>
 2022-05-18 17:22:08 +02:00
Tom Moulard
32920ca65c Update linter 2022-05-17 15:48:08 +02:00
Kenny Root
3ac708ddcb Fix log statement for ExternalName misconfig 2022-05-16 10:00:08 +02:00
Ikko Ashimine
0dac0c3a5b Fix typo in maintainers guidelines 2022-05-13 09:44:08 +02:00
Ludovic Fernandez
9810120aff Upgrade to oxy v1.4.1 2022-05-11 09:12:08 +02:00
Ludovic Fernandez
a34e1c0747 Upgrade to oxy v1.4.0 2022-05-10 09:36:08 +02:00
Maxence Moutoussamy
c29ed24a06 Update jaeger-client-go to v2.30.0 2022-05-10 08:50:09 +02:00
kevinpollet
619621f239 Merge branch v2.6 into v2.7 2022-05-04 10:20:46 +02:00
Tom Moulard
73ba7ed2d2 Merge branch v2.6 into v2.7 2022-04-21 10:59:46 +02:00
Romain
a49b537d9c Prepare release v2.7.0-rc2 2022-03-29 17:00:09 +02:00
romain
45328ab719 Merge v2.6 into v2.7 2022-03-29 15:43:10 +02:00
Jean-Baptiste Doumenjou
c0b0f3f0f7 Fix hub tls documentation 2022-03-25 15:42:08 +01:00
Tom Moulard
a4560fa20d Prepare release v2.7.0-rc1 2022-03-24 20:54:08 +01:00
Jean-Baptiste Doumenjou
fbdb6e6e78 Add Traefik Hub Integration (Experimental Feature) 2022-03-24 19:44:08 +01:00
romain
8d58f33a28 Merge v2.6 into master 2022-03-24 17:22:56 +01:00
Douglas De Toni Machado
d2a2362be5 Add a Feature Deprecation page 2022-03-24 12:28:07 +01:00
Ludovic Fernandez
4c0a3721d0 Plugins and token 2022-03-24 08:54:07 +01:00
Tom Moulard
3bf4a8fbe2 Merge current v2.6 into master 2022-03-22 15:55:44 +01:00
Romain
2da7fa0397 Add HostSNIRegexp rule matcher for TCP 2022-03-18 16:04:08 +01:00
Tom Moulard
0d58e8d1ad Add Traefik Hub access and remove Pilot access 2022-03-18 11:06:08 +01:00
Daniel Tomcej
dad76e0478 Add muxer for TCP Routers 2022-03-17 18:02:08 +01:00
Tom Moulard
79aab5aab8 Add Failover service 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-03-17 12:02:09 +01:00
Tom Moulard
6622027c7c Merge current v2.6 into master 2022-03-11 10:07:20 +01:00
Tchoupinax
401c171bbd Add a link to service on router detail view 2022-03-07 16:16:08 +01:00
Tom Moulard
63bb770b9c Allow empty services in Kubernetes CRD 2022-03-07 11:08:07 +01:00
Tom Moulard
c7b24f4e9c Replace npm with yarn to install/run the webui 2022-03-03 18:08:07 +01:00
Tom Moulard
25725e9b2f Merge current v2.6 into master 2022-02-21 14:07:27 +01:00
Kevin Pollet
aaf5aa4506 Configure advertised port using h3 server option 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2022-02-15 16:04:09 +01:00
Sylvain Rabot
9297055ad8 Upgrade quic-go to v0.25.0 2022-02-15 10:16:08 +01:00
Tom Moulard
a79868fadc Merge current v2.6 into master 2022-02-15 09:09:16 +01:00
Dmitry Sharshakov
ca55dfe1c6 Support InfluxDB v2 metrics backend 2022-02-09 15:32:12 +01:00
Richard Kojedzinszky
5780dc2b15 Refactor configuration reload/throttling 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2022-02-07 11:58:04 +01:00
Tom Moulard
764bf59d4d Merge current v2.6 into master 2022-02-04 14:32:57 +01:00
JasonWang2016
7543709ecf Watch for Consul events to rebuild the dynamic configuration 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2022-01-28 17:16:07 +01:00
kevinpollet
1048348ae6 Merge current v2.6 into master 2022-01-25 18:19:40 +01:00
Tom Moulard
ba822acb23 Merge current v2.6 into master 2022-01-10 16:17:25 +01:00
Tom Moulard
f5dd233a3b Merge current v2.6 into master 2021-12-29 17:35:32 +01:00
202 changed files with 24585 additions and 19846 deletions
Expand all files Collapse all files

4
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -3,11 +3,11 @@ PLEASE READ THIS MESSAGE.
Documentation fixes or enhancements:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.6
- for Traefik v2: use branch v2.7
Bug fixes:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.6
- for Traefik v2: use branch v2.7
Enhancements:
- for Traefik v1: we only accept bug fixes

2
.github/workflows/validate.yaml vendored
View File

@@ -7,7 +7,7 @@ on:
env:
GO_VERSION: 1.17
GOLANGCI_LINT_VERSION: v1.45.0
GOLANGCI_LINT_VERSION: v1.46.2
MISSSPELL_VERSION: v0.3.4
IN_DOCKER: ""

6
.golangci.toml
View File

@@ -119,6 +119,7 @@
"interfacer", # Deprecated
"maligned", # Deprecated
"golint", # Deprecated
"execinquery", # Not relevant (SQL)
"sqlclosecheck", # Not relevant (SQL)
"rowserrcheck", # Not relevant (SQL)
"lll", # Not relevant
@@ -142,6 +143,7 @@
"paralleltest", # Not relevant
"exhaustive", # Not relevant
"exhaustivestruct", # Not relevant
"exhaustruct", # duplicate of exhaustivestruct
"goerr113", # Too strict
"wrapcheck", # Too strict
"noctx", # Too strict
@@ -156,6 +158,7 @@
"contextcheck", # too many false-positive
"containedctx", # too many false-positive
"maintidx", # kind of duplicate of gocyclo
"nonamedreturns", # not relevant
]
[issues]
@@ -214,3 +217,6 @@
[[issues.exclude-rules]]
path = "(.+)\\.go"
text = "struct-tag: unknown option 'inline' in JSON tag"
[[issues.exclude-rules]]
path = "pkg/server/router/tcp/manager.go"
text = "Function 'buildEntryPointHandler' is too long (.+)"

4
.semaphore/semaphore.yml
View File

@@ -25,7 +25,7 @@ global_job_config:
- export "PATH=${GOPATH}/bin:${PATH}"
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
- export GOPROXY=https://proxy.golang.org,direct
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.45.0
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.46.2
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
- checkout
- cache restore traefik-$(checksum go.sum)
@@ -64,7 +64,7 @@ blocks:
- name: GH_VERSION
value: 1.12.1
- name: CODENAME
value: "rocamadour"
value: "epoisses"
- name: IN_DOCKER
value: ""
prologue:

146
CHANGELOG.md
View File

@@ -1,3 +1,107 @@
## [v2.7.3](https://github.com/traefik/traefik/tree/v2.7.3) (2022-06-29)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.2...v2.7.3)
**Bug fixes:**
- **[metrics]** Ensure Datadog client is cleanly stopped ([#9137](https://github.com/traefik/traefik/pull/9137) by [jbdoumenjou](https://github.com/jbdoumenjou))
**Documentation:**
- **[middleware,k8s/crd]** Add documentation for main, SANs and plugin CRD fields ([#9136](https://github.com/traefik/traefik/pull/9136) by [mloiseleur](https://github.com/mloiseleur))
## [v2.7.2](https://github.com/traefik/traefik/tree/v2.7.2) (2022-06-27)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.1...v2.7.2)
**Bug fixes:**
- **[healthcheck,service]** Do not make multiple requests to the same URL for balancer healthcheck ([#8632](https://github.com/traefik/traefik/pull/8632) by [TPXP](https://github.com/TPXP))
- **[healthcheck,service]** Add log when missing path in health check ([#9104](https://github.com/traefik/traefik/pull/9104) by [moutoum](https://github.com/moutoum))
- **[k8s/gatewayapi]** Allow multiple listeners on same port in Gateway API provider ([#9107](https://github.com/traefik/traefik/pull/9107) by [burner-account](https://github.com/burner-account))
- **[middleware]** RedirectScheme redirects based on X-Forwarded-Proto header ([#9121](https://github.com/traefik/traefik/pull/9121) by [moutoum](https://github.com/moutoum))
- **[plugins]** Update yaegi to v0.13.0 ([#9118](https://github.com/traefik/traefik/pull/9118) by [kevinpollet](https://github.com/kevinpollet))
- **[rules]** Fix HostRegexp and Query muxers ([#9131](https://github.com/traefik/traefik/pull/9131) by [juliens](https://github.com/juliens))
- **[tracing]** Update DataDog tracing dependency to v1.38.1 ([#9105](https://github.com/traefik/traefik/pull/9105) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- **[acme,k8s/crd]** Add documentation to Traefik CRD properties ([#9096](https://github.com/traefik/traefik/pull/9096) by [mloiseleur](https://github.com/mloiseleur))
- **[middleware]** Add missing info.serialNumber option to PassTLSClientCert middleware ([#9115](https://github.com/traefik/traefik/pull/9115) by [miteshjadia](https://github.com/miteshjadia))
- **[tcp]** Add a note on how to handle server first protocols ([#9002](https://github.com/traefik/traefik/pull/9002) by [romantomjak](https://github.com/romantomjak))
- Update to improve info section relevance ([#9130](https://github.com/traefik/traefik/pull/9130) by [tomatokoolaid](https://github.com/tomatokoolaid))
- Added useful links for commercial applications ([#9129](https://github.com/traefik/traefik/pull/9129) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.7.1](https://github.com/traefik/traefik/tree/v2.7.1) (2022-06-13)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.0...v2.7.1)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.7.0 ([#9065](https://github.com/traefik/traefik/pull/9065) by [ldez](https://github.com/ldez))
- **[logs]** Fix invalid placeholder in log message ([#9084](https://github.com/traefik/traefik/pull/9084) by [ldez](https://github.com/ldez))
**Documentation:**
- **[hub]** Hub documentation ([#9090](https://github.com/traefik/traefik/pull/9090) by [ldez](https://github.com/ldez))
- **[k8s,k8s/gatewayapi]** Update Gateway API link from v1alpha1 to v1alpha2 ([#9083](https://github.com/traefik/traefik/pull/9083) by [tomMoulard](https://github.com/tomMoulard))
- **[k8s,k8s/gatewayapi]** Update Gateway API links ([#9058](https://github.com/traefik/traefik/pull/9058) by [tomMoulard](https://github.com/tomMoulard))
- **[middleware]** Fix typo in stripPrefix middleware docs ([#9051](https://github.com/traefik/traefik/pull/9051) by [rbarbey](https://github.com/rbarbey))
- **[rules]** Fix rule expression rendering ([#9076](https://github.com/traefik/traefik/pull/9076) by [ldez](https://github.com/ldez))
- Update the link for contributor swag ([#9056](https://github.com/traefik/traefik/pull/9056) by [tfny](https://github.com/tfny))
- Fix Traefik version s/2.6/2.7/ ([#9047](https://github.com/traefik/traefik/pull/9047) by [mpl](https://github.com/mpl))
- Update the contributing docs for clarity and to encourage community activity ([#9035](https://github.com/traefik/traefik/pull/9035) by [tfny](https://github.com/tfny))
## [v2.7.0](https://github.com/traefik/traefik/tree/v2.7.0) (2022-05-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.0-rc1...v2.7.0)
**Enhancements:**
- **[consulcatalog]** Watch for Consul events to rebuild the dynamic configuration ([#8476](https://github.com/traefik/traefik/pull/8476) by [JasonWangA](https://github.com/JasonWangA))
- **[healthcheck]** Add Failover service ([#8825](https://github.com/traefik/traefik/pull/8825) by [tomMoulard](https://github.com/tomMoulard))
- **[http3]** Configure advertised port using h3 server option ([#8778](https://github.com/traefik/traefik/pull/8778) by [kevinpollet](https://github.com/kevinpollet))
- **[http3]** Upgrade quic-go to v0.25.0 ([#8760](https://github.com/traefik/traefik/pull/8760) by [sylr](https://github.com/sylr))
- **[hub]** Add Traefik Hub Integration (Experimental Feature) ([#8837](https://github.com/traefik/traefik/pull/8837) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s/crd,k8s]** Allow empty services in Kubernetes CRD ([#8802](https://github.com/traefik/traefik/pull/8802) by [tomMoulard](https://github.com/tomMoulard))
- **[metrics]** Support InfluxDB v2 metrics backend ([#8250](https://github.com/traefik/traefik/pull/8250) by [sh7dm](https://github.com/sh7dm))
- **[plugins]** Remove Pilot token setup constraint to use plugins ([#8869](https://github.com/traefik/traefik/pull/8869) by [ldez](https://github.com/ldez))
- **[provider]** Refactor configuration reload/throttling ([#6633](https://github.com/traefik/traefik/pull/6633) by [rkojedzinszky](https://github.com/rkojedzinszky))
- **[rules,tcp]** Add HostSNIRegexp rule matcher for TCP ([#8849](https://github.com/traefik/traefik/pull/8849) by [rtribotte](https://github.com/rtribotte))
- **[tcp]** Add muxer for TCP Routers ([#8182](https://github.com/traefik/traefik/pull/8182) by [dtomcej](https://github.com/dtomcej))
- **[webui,pilot]** Add Traefik Hub access and remove Pilot access ([#8848](https://github.com/traefik/traefik/pull/8848) by [tomMoulard](https://github.com/tomMoulard))
- **[webui]** Add a link to service on router detail view ([#8821](https://github.com/traefik/traefik/pull/8821) by [Tchoupinax](https://github.com/Tchoupinax))
**Bug fixes:**
- **[hub]** Skip Provide when TLS is nil ([#9031](https://github.com/traefik/traefik/pull/9031) by [ldez](https://github.com/ldez))
- **[tcp]** Fix TCP-TLS/HTTPS routing precedence ([#9024](https://github.com/traefik/traefik/pull/9024) by [rtribotte](https://github.com/rtribotte))
- **[webui,hub]** Use dedicated entrypoint for the tunnels ([#9023](https://github.com/traefik/traefik/pull/9023) by [youkoulayley](https://github.com/youkoulayley))
**Documentation:**
- **[hub]** Fix Traefik Hub TLS documentation ([#8883](https://github.com/traefik/traefik/pull/8883) by [jbdoumenjou](https://github.com/jbdoumenjou))
- Add a Feature Deprecation page ([#8868](https://github.com/traefik/traefik/pull/8868) by [ddtmachado](https://github.com/ddtmachado))
- Prepare release v2.7.0-rc1 ([#8879](https://github.com/traefik/traefik/pull/8879) by [tomMoulard](https://github.com/tomMoulard))
- Prepare release v2.7.0-rc2 ([#8900](https://github.com/traefik/traefik/pull/8900) by [rtribotte](https://github.com/rtribotte))
**Misc:**
- Merge current v2.6 into v2.7 ([#8984](https://github.com/traefik/traefik/pull/8984) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v2.6 into v2.7 ([#8958](https://github.com/traefik/traefik/pull/8958) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into v2.7 ([#8899](https://github.com/traefik/traefik/pull/8899) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.6 into master ([#8877](https://github.com/traefik/traefik/pull/8877) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.6 into master ([#8865](https://github.com/traefik/traefik/pull/8865) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8832](https://github.com/traefik/traefik/pull/8832) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8793](https://github.com/traefik/traefik/pull/8793) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8777](https://github.com/traefik/traefik/pull/8777) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8757](https://github.com/traefik/traefik/pull/8757) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8754](https://github.com/traefik/traefik/pull/8754) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8736](https://github.com/traefik/traefik/pull/8736) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v2.6 into master ([#8689](https://github.com/traefik/traefik/pull/8689) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8666](https://github.com/traefik/traefik/pull/8666) by [tomMoulard](https://github.com/tomMoulard))
## [v2.6.7](https://github.com/traefik/traefik/tree/v2.6.7) (2022-05-23)
[All Commits](https://github.com/traefik/traefik/compare/v2.6.6...v2.6.7)
**Bug fixes:**
- **[logs,k8s/crd]** Fix log statement for ExternalName misconfig ([#9014](https://github.com/traefik/traefik/pull/9014) by [kruton](https://github.com/kruton))
- **[plugins]** Update Yaegi to v0.12.0 ([#9039](https://github.com/traefik/traefik/pull/9039) by [mpl](https://github.com/mpl))
- **[tcp,service]** Fix initial tcp lookup when address is not available ([#9021](https://github.com/traefik/traefik/pull/9021) by [ddtmachado](https://github.com/ddtmachado))
- **[tls]** Fix panic when getting certificates with non-existing store ([#9019](https://github.com/traefik/traefik/pull/9019) by [moutoum](https://github.com/moutoum))
- **[tracing]** Update jaeger-client-go to v2.30.0 ([#9000](https://github.com/traefik/traefik/pull/9000) by [moutoum](https://github.com/moutoum))
**Documentation:**
- **[middleware]** Updated browserXssFilter key to camel case ([#9038](https://github.com/traefik/traefik/pull/9038) by [karlosmunjos](https://github.com/karlosmunjos))
- Fix the default priority for the entrypoint redirection ([#9028](https://github.com/traefik/traefik/pull/9028) by [ldez](https://github.com/ldez))
- Fix typo in maintainers guidelines ([#9011](https://github.com/traefik/traefik/pull/9011) by [eltociear](https://github.com/eltociear))
## [v2.6.6](https://github.com/traefik/traefik/tree/v2.6.6) (2022-05-03)
[All Commits](https://github.com/traefik/traefik/compare/v2.6.3...v2.6.6)
@@ -29,6 +133,15 @@ Release canceled.
Release canceled.
## [v2.7.0-rc2](https://github.com/traefik/traefik/tree/v2.7.0-rc2) (2022-03-29)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.0-rc1...v2.7.0-rc2)
**Documentation:**
- **[hub]** Fix Traefik Hub TLS documentation ([#8883](https://github.com/traefik/traefik/pull/8883) by [jbdoumenjou](https://github.com/jbdoumenjou))
**Misc:**
- Merge current v2.6 into v2.7 ([#8899](https://github.com/traefik/traefik/pull/8899) by [rtribotte](https://github.com/rtribotte))
## [v2.6.3](https://github.com/traefik/traefik/tree/v2.6.3) (2022-03-28)
[All Commits](https://github.com/traefik/traefik/compare/v2.6.2...v2.6.3)
@@ -36,6 +149,39 @@ Release canceled.
- **[plugins]** Fix slice parsing for plugins ([#8886](https://github.com/traefik/traefik/pull/8886) by [ldez](https://github.com/ldez))
- **[tls]** Return TLS unrecognized_name error when no certificate is available ([#8893](https://github.com/traefik/traefik/pull/8893) by [rtribotte](https://github.com/rtribotte))
## [v2.7.0-rc1](https://github.com/traefik/traefik/tree/v2.7.0-rc1) (2022-03-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.6.0-rc1...v2.7.0-rc1)
**Enhancements:**
- **[consulcatalog]** Watch for Consul events to rebuild the dynamic configuration ([#8476](https://github.com/traefik/traefik/pull/8476) by [JasonWangA](https://github.com/JasonWangA))
- **[healthcheck]** Add Failover service ([#8825](https://github.com/traefik/traefik/pull/8825) by [tomMoulard](https://github.com/tomMoulard))
- **[http3]** Configure advertised port using h3 server option ([#8778](https://github.com/traefik/traefik/pull/8778) by [kevinpollet](https://github.com/kevinpollet))
- **[http3]** Upgrade quic-go to v0.25.0 ([#8760](https://github.com/traefik/traefik/pull/8760) by [sylr](https://github.com/sylr))
- **[hub]** Add Traefik Hub Integration (Experimental Feature) ([#8837](https://github.com/traefik/traefik/pull/8837) by [jbdoumenjou](https://github.com/jbdoumenjou))
- **[k8s/crd,k8s]** Allow empty services in Kubernetes CRD ([#8802](https://github.com/traefik/traefik/pull/8802) by [tomMoulard](https://github.com/tomMoulard))
- **[metrics]** Support InfluxDB v2 metrics backend ([#8250](https://github.com/traefik/traefik/pull/8250) by [sh7dm](https://github.com/sh7dm))
- **[plugins]** Remove Pilot token setup constraint to use plugins ([#8869](https://github.com/traefik/traefik/pull/8869) by [ldez](https://github.com/ldez))
- **[provider]** Refactor configuration reload/throttling ([#6633](https://github.com/traefik/traefik/pull/6633) by [rkojedzinszky](https://github.com/rkojedzinszky))
- **[rules,tcp]** Add HostSNIRegexp rule matcher for TCP ([#8849](https://github.com/traefik/traefik/pull/8849) by [rtribotte](https://github.com/rtribotte))
- **[tcp]** Add muxer for TCP Routers ([#8182](https://github.com/traefik/traefik/pull/8182) by [dtomcej](https://github.com/dtomcej))
- **[webui,pilot]** Add Traefik Hub access and remove Pilot access ([#8848](https://github.com/traefik/traefik/pull/8848) by [tomMoulard](https://github.com/tomMoulard))
- **[webui]** Add a link to service on router detail view ([#8821](https://github.com/traefik/traefik/pull/8821) by [Tchoupinax](https://github.com/Tchoupinax))
**Documentation:**
- Add a Feature Deprecation page ([#8868](https://github.com/traefik/traefik/pull/8868) by [ddtmachado](https://github.com/ddtmachado))
**Misc:**
- Merge current v2.6 into master ([#8877](https://github.com/traefik/traefik/pull/8877) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.6 into master ([#8865](https://github.com/traefik/traefik/pull/8865) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8832](https://github.com/traefik/traefik/pull/8832) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8793](https://github.com/traefik/traefik/pull/8793) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8777](https://github.com/traefik/traefik/pull/8777) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8757](https://github.com/traefik/traefik/pull/8757) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8754](https://github.com/traefik/traefik/pull/8754) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8736](https://github.com/traefik/traefik/pull/8736) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v2.6 into master ([#8689](https://github.com/traefik/traefik/pull/8689) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.6 into master ([#8666](https://github.com/traefik/traefik/pull/8666) by [tomMoulard](https://github.com/tomMoulard))
## [v2.6.2](https://github.com/traefik/traefik/tree/v2.6.2) (2022-03-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.6.1...v2.6.2)

4
Makefile
View File

@@ -34,8 +34,6 @@ DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INT
IN_DOCKER ?= true
PLATFORM_URL := $(if $(PLATFORM_URL),$(PLATFORM_URL),"https://pilot.traefik.io")
.PHONY: default
default: binary
@@ -60,7 +58,7 @@ endif
## Build WebUI Docker image
.PHONY: build-webui-image
build-webui-image:
docker build -t traefik-webui --build-arg ARG_PLATFORM_URL=$(PLATFORM_URL) -f webui/Dockerfile webui
docker build -t traefik-webui -f webui/Dockerfile webui
## Clean WebUI static generated assets
.PHONY: clean-webui

2
build.Dockerfile
View File

@@ -13,7 +13,7 @@ RUN mkdir -p /usr/local/bin \
| tar -xzC /usr/local/bin --transform 's#^.+/##x'
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.45.0
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.46.2
# Download misspell binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4

12
cmd/traefik/plugins.go
View File

@@ -27,10 +27,10 @@ func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]p
var client *plugins.Client
plgs := map[string]plugins.Descriptor{}
if isPilotEnabled(staticCfg) && hasPlugins(staticCfg) {
if hasPlugins(staticCfg) {
opts := plugins.ClientOptions{
Output: outputDir,
Token: staticCfg.Pilot.Token,
Token: getPilotToken(staticCfg),
}
var err error
@@ -79,6 +79,14 @@ func isPilotEnabled(staticCfg *static.Configuration) bool {
return staticCfg.Pilot != nil && staticCfg.Pilot.Token != ""
}
func getPilotToken(staticCfg *static.Configuration) string {
if staticCfg.Pilot == nil {
return ""
}
return staticCfg.Pilot.Token
}
func hasPlugins(staticCfg *static.Configuration) bool {
return staticCfg.Experimental != nil && len(staticCfg.Experimental.Plugins) > 0
}

38
cmd/traefik/traefik.go
View File

@@ -34,6 +34,7 @@ import (
"github.com/traefik/traefik/v2/pkg/pilot"
"github.com/traefik/traefik/v2/pkg/provider/acme"
"github.com/traefik/traefik/v2/pkg/provider/aggregator"
"github.com/traefik/traefik/v2/pkg/provider/hub"
"github.com/traefik/traefik/v2/pkg/provider/traefik"
"github.com/traefik/traefik/v2/pkg/safe"
"github.com/traefik/traefik/v2/pkg/server"
@@ -180,8 +181,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
tlsManager := traefiktls.NewManager()
httpChallengeProvider := acme.NewChallengeHTTP()
// we need to wait at least 2 times the ProvidersThrottleDuration to be sure to handle the challenge.
tlsChallengeProvider := acme.NewChallengeTLSALPN(time.Duration(staticConfiguration.Providers.ProvidersThrottleDuration) * 2)
tlsChallengeProvider := acme.NewChallengeTLSALPN()
err = providerAggregator.AddProvider(tlsChallengeProvider)
if err != nil {
return nil, err
@@ -240,6 +240,19 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
}
}
// Traefik Hub
if staticConfiguration.Hub != nil {
if err = providerAggregator.AddProvider(staticConfiguration.Hub); err != nil {
return nil, fmt.Errorf("adding Traefik Hub provider: %w", err)
}
// API is mandatory for Traefik Hub to access the dynamic configuration.
if staticConfiguration.API == nil {
staticConfiguration.API = &static.API{}
}
}
// Metrics
metricRegistries := registerMetricClients(staticConfiguration.Metrics)
@@ -265,7 +278,6 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
watcher := server.NewConfigurationWatcher(
routinesPool,
providerAggregator,
time.Duration(staticConfiguration.Providers.ProvidersThrottleDuration),
getDefaultsEntrypoints(staticConfiguration),
"internal",
)
@@ -323,7 +335,10 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
continue
}
if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
if _, ok := resolverNames[rt.TLS.CertResolver]; !ok &&
// "traefik-hub" is an allowed certificate resolver name in a Traefik Hub Experimental feature context.
// It is used to activate its own certificate resolution, even though it is not a "classical" traefik certificate resolver.
(staticConfiguration.Hub == nil || rt.TLS.CertResolver != "traefik-hub") {
log.WithoutContext().Errorf("the router %s uses a non-existent resolver: %s", rtName, rt.TLS.CertResolver)
}
}
@@ -346,6 +361,11 @@ func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvid
func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string {
var defaultEntryPoints []string
for name, cfg := range staticConfiguration.EntryPoints {
// Traefik Hub entryPoint should not be part of the set of default entryPoints.
if hub.APIEntrypoint == name || hub.TunnelEntrypoint == name {
continue
}
protocol, err := cfg.GetProtocol()
if err != nil {
// Should never happen because Traefik should not start if protocol is invalid.
@@ -450,6 +470,16 @@ func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
metricsConfig.InfluxDB.Address, metricsConfig.InfluxDB.PushInterval)
}
if metricsConfig.InfluxDB2 != nil {
ctx := log.With(context.Background(), log.Str(log.MetricsProviderName, "influxdb2"))
influxDB2Register := metrics.RegisterInfluxDB2(ctx, metricsConfig.InfluxDB2)
if influxDB2Register != nil {
registries = append(registries, influxDB2Register)
log.FromContext(ctx).Debugf("Configured InfluxDB v2 metrics: pushing to %s (%s org/%s bucket) once every %s",
metricsConfig.InfluxDB2.Address, metricsConfig.InfluxDB2.Org, metricsConfig.InfluxDB2.Bucket, metricsConfig.InfluxDB2.PushInterval)
}
}
return registries
}

2
docs/content/contributing/advocating.md
View File

@@ -10,6 +10,6 @@ Spread the Love & Tell Us about It
There are many ways to contribute to the project, and there is one that always spark joy: when we see/read about users talking about how Traefik helps them solve their problems.
If you're talking about Traefik, [let us know](https://blog.traefik.io/spread-the-love-ba5a40aa72e7) and we'll promote your enthusiasm!
If you're talking about Traefik, [let us know](https://traefik.io/submit-my-contribution/) and we'll promote your enthusiasm!
Also, if you've written about Traefik or shared useful information you'd like to promote, feel free to add links in the [dedicated wiki page on Github](https://github.com/traefik/traefik/wiki/Awesome-Traefik).

2
docs/content/contributing/maintainers-guidelines.md
View File

@@ -60,7 +60,7 @@ but we can suggest you start with activities such as:
The ability to set up a testing environment in a few minutes,
using the official documentation,
is a game changer.
- You will be listed on our Maintainers Github page
- You will be listed on our Maintainers GitHub page
as well as on our website in the section [maintainers](maintainers.md).
- We will be promoting you on social channels (mostly on Twitter).

43
docs/content/contributing/submitting-issues.md
View File

@@ -8,41 +8,54 @@ description: "Help us help you! Learn how to submit an issue, following the guid
Help Us Help You!
{: .subtitle }
Issues are perfect for requesting a feature/enhancement or reporting a suspected bug.
We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik.
The process of sorting and checking the issues is a daunting task, and requires a lot of work (more than an hour a day ... just for sorting).
To save us some time and get quicker feedback, be sure to follow the guide lines below.
To help us (and other community members) quickly and easily understand what you need,
be sure to follow the guidelines below.
!!! important "Getting Help Vs Reporting an Issue"
The issue tracker is not a general support forum, but a place to report bugs and asks for new features.
For end-user related support questions, try using first:
- the Traefik community forum: [![Join the chat at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
For end-user related support questions, try using the [Traefik Community Forum](https://community.traefik.io/)
[![Join the chat at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Traefik%20Community%20Forum)](https://community.traefik.io/)
## Issue Title
The title must be short and descriptive. (~60 characters)
## Description
Examples:
Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE.md) as much as possible.
Explain us in which conditions you encountered the issue, what is your context.
Remain as clear and concise as possible
Take time to polish the format of your message so we'll enjoy reading it and working on it.
Help the readers focus on what matters, and help them understand the structure of your message (see the [GitHub Markdown Syntax](https://docs.github.com/en/get-started/writing-on-github)).
* Bug: Duplicate requests in access logs
* Feature: Support TCP
## Feature Request
Traefik is an open-source project and aims to be the best edge router possible.
Traefik is an open source project and aims to be the best edge router possible.
Remember when asking for new features that these must be useful to the majority (and not only useful in edge case scenarios, or hack-like setups).
Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/feature-request.yml) as much as possible.
Do you best to explain what you're looking for, and why it would improve Traefik for everyone.
Do your best to explain what you're looking for, and why it would improve Traefik for everyone.
Be detailed and share the use-case(s) to allow us to see the value of your feature request as quickly as possible.
Features with a lot of positive interaction (claps, +1s, conversation about how this would impact them) indicate higher community interest and help us to prioritize.
If you are interested in creating a PR for your feature request, let us know in the the issue so we can work with you.
It can take a lot of work to make sure a PR can integrate with our existing code and planning with the team ahead of time can make sure that your PR can be accepted and merged quickly.
## Issues or Possible Bug Reports
Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/bug_report.yml) as much as possible.
Explain the conditions in which you encountered the issue; what is your context?
Share any logs you may have and make sure to share the steps it takes to reproduce your issue or bug.
Remain as clear and concise as possible.
Take time to polish the format of your message so we'll enjoy reading it and working on it.
Help your readers focus on what matters and help them understand the structure of your message (see the [GitHub Markdown Syntax](https://docs.github.com/en/get-started/writing-on-github)).
## International English

20
docs/content/deprecation/features.md Normal file
View File

@@ -0,0 +1,20 @@
# Feature Deprecation Notices
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
| Feature | Deprecated | End of Support | Removal |
|-------------------------------------------------------|------------|----------------|---------|
| [Pilot Dashboard (Metrics)](#pilot-dashboard-metrics) | 2.7 | 2.8 | 2.9 |
| [Pilot Plugins](#pilot-plugins) | 2.7 | 2.8 | 2.9 |
## Impact
### Pilot Dashboard (Metrics)
Metrics will continue to function normally up to 2.8, when they will be disabled.
In 2.9, the Pilot platform and all Traefik integration code will be permanently removed.
### Pilot Plugins
Starting on 2.7 the pilot token will not be a requirement anymore.
At 2.9, a new plugin catalog home should be available, decoupled from pilot.

2
docs/content/getting-started/configuration-overview.md
View File

@@ -79,7 +79,7 @@ traefik --help
# or
docker run traefik[:version] --help
# ex: docker run traefik:v2.6 --help
# ex: docker run traefik:v2.7 --help
```
All available arguments can also be found [here](../reference/static-configuration/cli.md).

16
docs/content/getting-started/install-traefik.md
View File

@@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.6/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.6/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.7/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.7/traefik.sample.toml)
```bash
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.6
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.7
```
For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip
* Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v2.6`
ex: `traefik:v2.7`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image.
@@ -178,3 +178,11 @@ And run it:
## Compile your Binary from the Sources
All the details are available in the [Contributing Guide](../contributing/building-testing.md)
!!! question "Using Traefik for Business?"
If you're using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/),
your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/),
or your [API gateway](https://traefik.io/solutions/api-gateway/).
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).

2
docs/content/getting-started/quick-start.md
View File

@@ -20,7 +20,7 @@ version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.6
image: traefik:v2.7
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:

209
docs/content/https/acme.md
View File

@@ -293,109 +293,112 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
For complete details, refer to your provider's _Additional configuration_ link.
| Provider Name | Provider Code | Environment Variables | |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [UKFast SafeDNS](https://www.ukfast.co.uk/dns-hosting.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
| Provider Name | Provider Code | Environment Variables | |
|----------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [UKFast SafeDNS](https://www.ans.co.uk/cloud-and-infrastructure/dedicated-servers/dns-management/) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
[^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
[^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).

9
docs/content/index.md
View File

@@ -26,7 +26,8 @@ Developing Traefik, our main goal is to make it simple to use, and we're sure yo
Join our user friendly and active [Community Forum](https://community.traefik.io) to discuss, learn, and connect with the traefik community.
If you're a business running critical services behind Traefik,
know that [Traefik Labs](https://traefik.io), the company that sponsors Traefik's development,
can provide [commercial support](https://info.traefik.io/commercial-services)
and develops an [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik.
Using Traefik for commercial applications?
Consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/),
your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/),
or your [API gateway](https://traefik.io/solutions/api-gateway/).
Get started with a [free 30-day trial](https://info.traefik.io/get-traefik-enterprise-free-for-30-days).

6
docs/content/middlewares/http/headers.md
View File

@@ -165,7 +165,7 @@ metadata:
spec:
headers:
frameDeny: true
browserxssfilter: true
browserXssFilter: true
```
```yaml tab="Consul Catalog"
@@ -192,14 +192,14 @@ http:
testHeader:
headers:
frameDeny: true
browserxssfilter: true
browserXssFilter: true
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
frameDeny = true
browserxssfilter = true
browserXssFilter = true
```
### CORS Headers

4
docs/content/middlewares/http/overview.md
View File

@@ -153,3 +153,7 @@ http:
| [Retry](retry.md) | Automatically retries in case of error | Request lifecycle |
| [StripPrefix](stripprefix.md) | Changes the path of the request | Path Modifier |
| [StripPrefixRegex](stripprefixregex.md) | Changes the path of the request | Path Modifier |
## Community Middlewares
Please take a look at the community-contributed plugins in the [plugin catalog](https://pilot.traefik.io/plugins).

25
docs/content/middlewares/http/passtlsclientcert.md
View File

@@ -445,6 +445,23 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
If there are more than one certificate, they are separated by a `,`.
#### `info.serialNumber`
Set the `info.serialNumber` option to `true` to add the `Serial Number` of the certificate.
The data is taken from the following certificate part:
```text
Serial Number:
6a:2f:20:f8:ce:8d:48:52:ba:d9:bb:be:60:ec:bf:79
```
And it is formatted as follows in the header (decimal representation):
```text
SerialNumber="141142874255168551917600297745052909433"
```
#### `info.notAfter`
Set the `info.notAfter` option to `true` to add the `Not After` information from the `Validity` part.
@@ -452,8 +469,8 @@ Set the `info.notAfter` option to `true` to add the `Not After` information from
The data is taken from the following certificate part:
```text
Validity
Not After : Dec 5 11:10:16 2020 GMT
Validity
Not After : Dec 5 11:10:16 2020 GMT
```
And it is formatted as follows in the header:
@@ -486,8 +503,8 @@ Set the `info.sans` option to `true` to add the `Subject Alternative Name` infor
The data is taken from the following certificate part:
```text
X509v3 Subject Alternative Name:
DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
X509v3 Subject Alternative Name:
DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
```
And it is formatted as follows in the header:

12
docs/content/middlewares/http/redirectscheme.md
View File

@@ -12,7 +12,17 @@ Redirecting the Client to a Different Scheme/Port
TODO: add schema
-->
RedirectScheme redirects requests from a scheme/port to another.
The RedirectScheme middleware redirects the request if the request scheme is different from the configured scheme.
The middleware does not work for websocket requests.
!!! warning "When behind another reverse-proxy"
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../routing/entrypoints.md#forwarded-headers) one.
Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.
## Configuration Examples

2
docs/content/middlewares/http/stripprefix.md
View File

@@ -87,7 +87,7 @@ The `prefixes` option defines the prefixes to strip from the request URL.
For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/images.png`, which Traefik would likely not be able to associate with the same backend).
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
### `forceSlash`

4
docs/content/migration/v1-to-v2.md
View File

@@ -109,7 +109,7 @@ Then any router can refer to an instance of the wanted middleware.
```yaml tab="K8s IngressRoute"
# The definitions below require the definitions for the Middleware and IngressRoute kinds.
# https://doc.traefik.io/traefik/v2.6/reference/dynamic-configuration/kubernetes-crd/#definitions
# https://doc.traefik.io/traefik/v2.7/reference/dynamic-configuration/kubernetes-crd/#definitions
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
@@ -280,7 +280,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
```yaml tab="K8s IngressRoute"
# The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://doc.traefik.io/traefik/v2.6/reference/dynamic-configuration/kubernetes-crd/#definitions
# https://doc.traefik.io/traefik/v2.7/reference/dynamic-configuration/kubernetes-crd/#definitions
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:

2
docs/content/observability/access-logs.md
View File

@@ -254,7 +254,7 @@ version: "3.7"
services:
traefik:
image: traefik:v2.6
image: traefik:v2.7
environment:
- TZ=US/Alaska
command:

219
docs/content/observability/metrics/influxdb2.md Normal file
View File

@@ -0,0 +1,219 @@
# InfluxDB v2
To enable the InfluxDB2:
```yaml tab="File (YAML)"
metrics:
influxDB2: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
```
```bash tab="CLI"
--metrics.influxdb2=true
```
#### `address`
_Required, Default="http://localhost:8086"_
Address of the InfluxDB v2 instance.
```yaml tab="File (YAML)"
metrics:
influxDB2:
address: http://localhost:8086
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
address = "http://localhost:8086"
```
```bash tab="CLI"
--metrics.influxdb2.address=http://localhost:8086
```
#### `token`
_Required, Default=""_
Token with which to connect to InfluxDB v2.
```yaml tab="File (YAML)"
metrics:
influxDB2:
token: secret
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
token = "secret"
```
```bash tab="CLI"
--metrics.influxdb2.token=secret
```
#### `org`
_Required, Default=""_
Organisation where metrics will be stored.
```yaml tab="File (YAML)"
metrics:
influxDB2:
org: my-org
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
org = "my-org"
```
```bash tab="CLI"
--metrics.influxdb2.org=my-org
```
#### `bucket`
_Required, Default=""_
Bucket where metrics will be stored.
```yaml tab="File (YAML)"
metrics:
influxDB2:
bucket: my-bucket
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
bucket = "my-bucket"
```
```bash tab="CLI"
--metrics.influxdb2.bucket=my-bucket
```
#### `addEntryPointsLabels`
_Optional, Default=true_
Enable metrics on entry points.
```yaml tab="File (YAML)"
metrics:
influxDB2:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.influxdb2.addEntryPointsLabels=true
```
#### `addRoutersLabels`
_Optional, Default=false_
Enable metrics on routers.
```yaml tab="File (YAML)"
metrics:
influxDB2:
addRoutersLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
addRoutersLabels = true
```
```bash tab="CLI"
--metrics.influxdb2.addrouterslabels=true
```
#### `addServicesLabels`
_Optional, Default=true_
Enable metrics on services.
```yaml tab="File (YAML)"
metrics:
influxDB2:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.influxdb2.addServicesLabels=true
```
#### `pushInterval`
_Optional, Default=10s_
The interval used by the exporter to push metrics to InfluxDB server.
```yaml tab="File (YAML)"
metrics:
influxDB2:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
pushInterval = "10s"
```
```bash tab="CLI"
--metrics.influxdb2.pushInterval=10s
```
#### `additionalLabels`
_Optional, Default={}_
Additional labels (InfluxDB tags) on all metrics.
```yaml tab="File (YAML)"
metrics:
influxDB2:
additionalLabels:
host: example.com
environment: production
```
```toml tab="File (TOML)"
[metrics]
[metrics.influxDB2]
[metrics.influxDB2.additionalLabels]
host = "example.com"
environment = "production"
```
```bash tab="CLI"
--metrics.influxdb2.additionallabels.host=example.com --metrics.influxdb2.additionallabels.environment=production
```

85
docs/content/observability/metrics/overview.md
View File

@@ -9,16 +9,17 @@ Traefik supports 4 metrics backends:
- [Datadog](./datadog.md)
- [InfluxDB](./influxdb.md)
- [InfluxDB2](./influxdb2.md)
- [Prometheus](./prometheus.md)
- [StatsD](./statsd.md)
## Global Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------------------|---------|----------|------------|--------|
| [Configuration reloads](#configuration-reloads) | ✓ | ✓ | ✓ | ✓ |
| [Last Configuration Reload Success](#last-configuration-reload-success) | ✓ | ✓ | ✓ | ✓ |
| [TLS certificates expiration](#tls-certificates-expiration) | ✓ | ✓ | ✓ | ✓ |
| Metric | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
|-------------------------------------------------------------------------|---------|----------------------|------------|--------|
| [Configuration reloads](#configuration-reloads) | ✓ | ✓ | ✓ | ✓ |
| [Last Configuration Reload Success](#last-configuration-reload-success) | ✓ | ✓ | ✓ | ✓ |
| [TLS certificates expiration](#tls-certificates-expiration) | ✓ | ✓ | ✓ | ✓ |
### Configuration Reloads
@@ -28,7 +29,7 @@ The total count of configuration reloads.
config.reload.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.config.reload.total
```
@@ -49,7 +50,7 @@ The timestamp of the last configuration reload success.
config.reload.lastSuccessTimestamp
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.config.reload.lastSuccessTimestamp
```
@@ -72,7 +73,7 @@ The expiration date of certificates.
tls.certs.notAfterTimestamp
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.tls.certs.notAfterTimestamp
```
@@ -87,12 +88,12 @@ traefik_tls_certs_not_after
## EntryPoint Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-----------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count) | ✓ | ✓ | ✓ | ✓ |
| Metric | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
|-----------------------------------------------------------|---------|----------------------|------------|--------|
| [HTTP Requests Count](#http-requests-count) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
@@ -104,7 +105,7 @@ The total count of HTTP requests received by an entrypoint.
entrypoint.request.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.entrypoint.requests.total
```
@@ -127,7 +128,7 @@ The total count of HTTPS requests received by an entrypoint.
entrypoint.request.tls.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.entrypoint.requests.tls.total
```
@@ -150,7 +151,7 @@ Request processing duration histogram on an entrypoint.
entrypoint.request.duration
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.entrypoint.request.duration
```
@@ -173,7 +174,7 @@ The current count of open connections on an entrypoint.
entrypoint.connections.open
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.entrypoint.connections.open
```
@@ -188,12 +189,12 @@ traefik_entrypoint_open_connections
## Router Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count_1) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count_1) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram_1) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count_1) | ✓ | ✓ | ✓ | ✓ |
| Metric | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
|-------------------------------------------------------------|---------|----------------------|------------|--------|
| [HTTP Requests Count](#http-requests-count_1) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count_1) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram_1) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count_1) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
@@ -205,7 +206,7 @@ The total count of HTTP requests handled by a router.
router.request.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.router.requests.total
```
@@ -228,7 +229,7 @@ The total count of HTTPS requests handled by a router.
router.request.tls.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.router.requests.tls.total
```
@@ -251,7 +252,7 @@ Request processing duration histogram on a router.
router.request.duration
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.router.request.duration
```
@@ -274,7 +275,7 @@ The current count of open connections on a router.
router.connections.open
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.router.connections.open
```
@@ -289,14 +290,14 @@ traefik_router_open_connections
## Service Metrics
| Metric | DataDog | InfluxDB | Prometheus | StatsD |
|-------------------------------------------------------------|---------|----------|------------|--------|
| [HTTP Requests Count](#http-requests-count_2) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count_2) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram_2) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count_2) | ✓ | ✓ | ✓ | ✓ |
| [Requests Retries Count](#requests-retries-count) | ✓ | ✓ | ✓ | ✓ |
| [Service Server UP](#service-server-up) | ✓ | ✓ | ✓ | ✓ |
| Metric | DataDog | InfluxDB / InfluxDB2 | Prometheus | StatsD |
|-------------------------------------------------------------|---------|----------------------|------------|--------|
| [HTTP Requests Count](#http-requests-count_2) | ✓ | ✓ | ✓ | ✓ |
| [HTTPS Requests Count](#https-requests-count_2) | ✓ | ✓ | ✓ | ✓ |
| [Request Duration Histogram](#request-duration-histogram_2) | ✓ | ✓ | ✓ | ✓ |
| [Open Connections Count](#open-connections-count_2) | ✓ | ✓ | ✓ | ✓ |
| [Requests Retries Count](#requests-retries-count) | ✓ | ✓ | ✓ | ✓ |
| [Service Server UP](#service-server-up) | ✓ | ✓ | ✓ | ✓ |
### HTTP Requests Count
@@ -308,7 +309,7 @@ The total count of HTTP requests processed on a service.
service.request.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.service.requests.total
```
@@ -331,7 +332,7 @@ The total count of HTTPS requests processed on a service.
router.service.tls.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.service.requests.tls.total
```
@@ -354,7 +355,7 @@ Request processing duration histogram on a service.
service.request.duration
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.service.request.duration
```
@@ -377,7 +378,7 @@ The current count of open connections on a service.
service.connections.open
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.service.connections.open
```
@@ -400,7 +401,7 @@ The count of requests retries on a service.
service.retries.total
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.service.retries.total
```
@@ -423,7 +424,7 @@ Current service's server status, described by a gauge with a value of 0 for a do
service.server.up
```
```influxdb tab="InfluxDB"
```influxdb tab="InfluxDB / InfluxDB2"
traefik.service.server.up
```

24
docs/content/providers/consul-catalog.md
View File

@@ -726,3 +726,27 @@ providers:
--providers.consulcatalog.namespace=production
# ...
```
### `watch`
_Optional, Default=false_
When set to `true`, watches for Consul changes ([Consul watches checks](https://www.consul.io/docs/dynamic-app-config/watches#checks)).
```yaml tab="File (YAML)"
providers:
consulCatalog:
watch: true
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
watch = true
# ...
```
```bash tab="CLI"
--providers.consulcatalog.watch=true
# ...
```

2
docs/content/providers/docker.md
View File

@@ -257,7 +257,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
services:
traefik:
image: traefik:v2.6 # The official v2 Traefik docker image
image: traefik:v2.7 # The official v2 Traefik docker image
ports:
- "80:80"
volumes:

44
docs/content/providers/kubernetes-crd.md
View File

@@ -31,15 +31,14 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
For Kubernetes `v1.16+`, please use the Traefik `apiextensions.k8s.io/v1` CRDs instead.
??? example "Initializing Resource Definition and RBAC"
!!! example "Installing Resource Definition and RBAC"
```yaml tab="Traefik Resource Definition"
# All resources definition must be declared
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
```
```yaml tab="RBAC for Traefik CRD"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
## Resource Configuration
@@ -269,11 +268,38 @@ providers:
--providers.kubernetescrd.throttleDuration=10s
```
### `allowEmptyServices`
_Optional, Default: false_
If the parameter is set to `true`,
it allows the creation of an empty [servers load balancer](../routing/services/index.md#servers-load-balancer) if the targeted Kubernetes service has no endpoints available.
With IngressRoute resources,
this results in `503` HTTP responses instead of `404` ones.
```yaml tab="File (YAML)"
providers:
kubernetesCRD:
allowEmptyServices: true
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesCRD]
allowEmptyServices = true
# ...
```
```bash tab="CLI"
--providers.kubernetesCRD.allowEmptyServices=true
```
### `allowCrossNamespace`
_Optional, Default: false_
If the parameter is set to `true`, IngressRoutes are able to reference resources in other namespaces than theirs.
If the parameter is set to `true`,
IngressRoute are able to reference resources in namespaces other than theirs.
```yaml tab="File (YAML)"
providers:

14
docs/content/providers/kubernetes-ingress.md
View File

@@ -450,7 +450,11 @@ providers:
### `allowEmptyServices`
_Optional, Default: false
_Optional, Default: false_
If the parameter is set to `true`,
it allows the creation of an empty [servers load balancer](../routing/services/index.md#servers-load-balancer) if the targeted Kubernetes service has no endpoints available.
This results in `503` HTTP responses instead of `404` ones.
```yaml tab="File (YAML)"
providers:
@@ -469,14 +473,12 @@ providers:
--providers.kubernetesingress.allowEmptyServices=true
```
Allow the creation of services if there are no endpoints available.
This results in `503` http responses instead of `404`.
### `allowExternalNameServices`
_Optional, Default: false_
If the parameter is set to `true`, Ingresses are able to reference ExternalName services.
If the parameter is set to `true`,
Ingresses are able to reference ExternalName services.
```yaml tab="File (YAML)"
providers:
@@ -498,4 +500,4 @@ providers:
### Further
To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.6/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.7/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

2
docs/content/reference/dynamic-configuration/docker-labels.yml
View File

@@ -167,6 +167,7 @@
- "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.rule=foobar"
- "traefik.tcp.routers.tcprouter0.priority=42"
- "traefik.tcp.routers.tcprouter0.service=foobar"
- "traefik.tcp.routers.tcprouter0.tls=true"
- "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
@@ -179,6 +180,7 @@
- "traefik.tcp.routers.tcprouter1.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.rule=foobar"
- "traefik.tcp.routers.tcprouter1.priority=42"
- "traefik.tcp.routers.tcprouter1.service=foobar"
- "traefik.tcp.routers.tcprouter1.tls=true"
- "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"

8
docs/content/reference/dynamic-configuration/file.toml
View File

@@ -95,6 +95,12 @@
secure = true
httpOnly = true
sameSite = "foobar"
[http.services.Service04]
[http.services.Service04.failover]
service = "foobar"
fallback = "foobar"
[http.services.Service04.failover.healthCheck]
[http.middlewares]
[http.middlewares.Middleware00]
[http.middlewares.Middleware00.addPrefix]
@@ -325,6 +331,7 @@
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
priority = 42
[tcp.routers.TCPRouter0.tls]
passthrough = true
options = "foobar"
@@ -342,6 +349,7 @@
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
priority = 42
[tcp.routers.TCPRouter1.tls]
passthrough = true
options = "foobar"

7
docs/content/reference/dynamic-configuration/file.yaml
View File

@@ -95,6 +95,11 @@ http:
secure: true
httpOnly: true
sameSite: foobar
Service04:
failover:
service: foobar
fallback: foobar
healthCheck: {}
middlewares:
Middleware00:
addPrefix:
@@ -366,6 +371,7 @@ tcp:
- foobar
service: foobar
rule: foobar
priority: 42
tls:
passthrough: true
options: foobar
@@ -388,6 +394,7 @@ tcp:
- foobar
service: foobar
rule: foobar
priority: 42
tls:
passthrough: true
options: foobar

2244
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

File diff suppressed because it is too large Load Diff

10
docs/content/reference/dynamic-configuration/kubernetes-crd.md
View File

@@ -8,13 +8,19 @@ description: "Learn about the definitions, resources, and RBAC of dynamic config
Dynamic configuration with Kubernetes Custom Resource
{: .subtitle }
!!! warning "Deprecated apiextensions.k8s.io/v1beta1 CRD"
The `apiextensions.k8s.io/v1beta1` CustomResourceDefinition is deprecated in Kubernetes `v1.16+` and will be removed in `v1.22+`.
For Kubernetes `v1.16+`, please use the Traefik `apiextensions.k8s.io/v1` CRDs instead.
## Definitions
```yaml tab="apiextensions.k8s.io/v1"
```yaml tab="apiextensions.k8s.io/v1 (Kubernetes v1.16+)"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
```
```yaml tab="apiextensions.k8s.io/v1beta1"
```yaml tab="apiextensions.k8s.io/v1beta1 (Deprecated)"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1beta1.yml"
```

2
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
View File

@@ -25,7 +25,7 @@ spec:
serviceAccountName: traefik-controller
containers:
- name: traefik
image: traefik:v2.6
image: traefik:v2.7
args:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443

5
docs/content/reference/dynamic-configuration/kv-ref.md
View File

@@ -233,6 +233,9 @@
| `traefik/http/services/Service03/weighted/sticky/cookie/name` | `foobar` |
| `traefik/http/services/Service03/weighted/sticky/cookie/sameSite` | `foobar` |
| `traefik/http/services/Service03/weighted/sticky/cookie/secure` | `true` |
| `traefik/http/services/Service04/failover/fallback` | `foobar` |
| `traefik/http/services/Service04/failover/healthCheck` | `` |
| `traefik/http/services/Service04/failover/service` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
@@ -240,6 +243,7 @@
| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/middlewares/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/priority` | `42` |
| `traefik/tcp/routers/TCPRouter0/rule` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/service` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` |
@@ -255,6 +259,7 @@
| `traefik/tcp/routers/TCPRouter1/entryPoints/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/middlewares/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/priority` | `42` |
| `traefik/tcp/routers/TCPRouter1/rule` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/service` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` |

2
docs/content/reference/dynamic-configuration/marathon-labels.json
View File

@@ -167,6 +167,7 @@
"traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.rule": "foobar",
"traefik.tcp.routers.tcprouter0.priority": "42",
"traefik.tcp.routers.tcprouter0.service": "foobar",
"traefik.tcp.routers.tcprouter0.tls": "true",
"traefik.tcp.routers.tcprouter0.tls.certresolver": "foobar",
@@ -179,6 +180,7 @@
"traefik.tcp.routers.tcprouter1.entrypoints": "foobar, foobar",
"traefik.tcp.routers.tcprouter1.middlewares": "foobar, foobar",
"traefik.tcp.routers.tcprouter1.rule": "foobar",
"traefik.tcp.routers.tcprouter1.priority": "42",
"traefik.tcp.routers.tcprouter1.service": "foobar",
"traefik.tcp.routers.tcprouter1.tls": "true",
"traefik.tcp.routers.tcprouter1.tls.certresolver": "foobar",

124
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
View File

@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRoute is an Ingress CRD specification.
description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,96 +34,151 @@ spec:
metadata:
type: object
spec:
description: IngressRouteSpec is a specification for a IngressRouteSpec
resource.
description: IngressRouteSpec defines the desired state of IngressRoute.
properties:
entryPoints:
description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
Default: all.'
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: Route contains the set of routes.
description: Route holds the HTTP route configuration.
properties:
kind:
description: Kind defines the kind of the route. Rule is the
only supported kind.
enum:
- Rule
type: string
match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule'
type: string
middlewares:
description: 'Middlewares defines the list of references to
Middleware resources. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-middleware'
items:
description: MiddlewareRef is a ref to the Middleware resources.
description: MiddlewareRef is a reference to a Middleware
resource.
properties:
name:
description: Name defines the name of the referenced Middleware
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Middleware resource.
type: string
required:
- name
type: object
type: array
priority:
description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority'
type: integer
services:
description: Services defines the list of Service. It can contain
any combination of TraefikService and/or reference to a Kubernetes
Service.
items:
description: Service defines an upstream to proxy traffic.
description: Service defines an upstream HTTP service to proxy
traffic to.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The
differentiation between the two is specified in the
Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between
the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client
Host header is forwarded to the upstream Kubernetes
Service. By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to
the client.
properties:
flushInterval:
description: 'FlushInterval defines the interval,
in milliseconds, in between flushes to the client
while copying the response body. A negative value
means to flush immediately after each write to the
client. This configuration is ignored when ReverseProxy
recognizes a response as a streaming response; for
such responses, writes are flushed to the client
immediately. Default: 100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the
request to the upstream Kubernetes Service. It defaults
to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport
between Traefik and your servers. Can only be used on
a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration
based on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as
JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie
can only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported
value at the moment.
type: string
weight:
description: Weight should only be specified when Name
references a TraefikService object (and to be precise,
one that embeds a Weighted Round Robin).
description: Weight defines the weight and should only
be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round
Robin).
type: integer
required:
- name
@@ -135,32 +190,42 @@ spec:
type: object
type: array
tls:
description: "TLS contains the TLS certificates configuration of the
routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls'
properties:
certResolver:
description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
type: string
domains:
description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
main:
description: Main defines the main domain name.
type: string
sans:
description: SANs defines the subject alternative domain
names.
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
name:
description: 'Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
namespace:
description: 'Namespace defines the namespace of the referenced
TLSOption. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
required:
- name
@@ -170,12 +235,17 @@ spec:
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
description: Store defines the reference to the TLSStore, that
will be used to store certificates. Please note that only `default`
TLSStore can be used.
properties:
name:
description: 'Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
namespace:
description: 'Namespace defines the namespace of the referenced
TLSStore. More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
required:
- name

81
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
View File

@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteTCP is an Ingress CRD specification.
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,56 +34,89 @@ spec:
metadata:
type: object
spec:
description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
resource.
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties:
entryPoints:
description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
Default: all.'
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: RouteTCP contains the set of routes.
description: RouteTCP holds the TCP route configuration.
properties:
match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#rule_1'
type: string
middlewares:
description: Middlewares contains references to MiddlewareTCP
description: Middlewares defines the list of references to MiddlewareTCP
resources.
items:
description: ObjectReference is a generic reference to a Traefik
resource.
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name
type: object
type: array
priority:
description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.7/routing/routers/#priority_1'
type: integer
services:
description: Services defines the list of TCP services.
items:
description: ServiceTCP defines an upstream to proxy traffic.
description: ServiceTCP defines an upstream TCP service to
proxy traffic to.
properties:
name:
description: Name defines the name of the referenced Kubernetes
Service.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
proxyProtocol:
description: ProxyProtocol holds the ProxyProtocol configuration.
description: 'ProxyProtocol defines the PROXY protocol
configuration. More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol'
properties:
version:
description: Version defines the PROXY Protocol version
to use.
type: integer
type: object
terminationDelay:
description: TerminationDelay defines the deadline that
the proxy sets, after one of its connected peers indicates
it has closed the writing capability of its connection,
to close the reading capability as well, hence fully
terminating the connection. It is a duration in milliseconds,
defaulting to 100. A negative value means an infinite
deadline (i.e. the reading capability is never closed).
type: integer
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
type: integer
required:
- name
@@ -95,49 +128,67 @@ spec:
type: object
type: array
tls:
description: "TLSTCP contains the TLS certificates configuration of
the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
description: 'TLS defines the TLS configuration on a layer 4 / TCP
Route. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#tls_1'
properties:
certResolver:
description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.7/https/acme/#certificate-resolvers'
type: string
domains:
description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.7/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
main:
description: Main defines the main domain name.
type: string
sans:
description: SANs defines the subject alternative domain
names.
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name
type: object
passthrough:
description: Passthrough defines whether a TLS router will terminate
the TLS connection.
type: boolean
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
description: Store defines the reference to the TLSStore, that
will be used to store certificates. Please note that only `default`
TLSStore can be used.
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name

24
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
View File

@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteUDP is an Ingress CRD specification.
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,31 +34,45 @@ spec:
metadata:
type: object
spec:
description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
resource.
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties:
entryPoints:
description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/entrypoints/
Default: all.'
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: RouteUDP contains the set of routes.
description: RouteUDP holds the UDP route configuration.
properties:
services:
description: Services defines the list of UDP services.
items:
description: ServiceUDP defines an upstream to proxy traffic.
description: ServiceUDP defines an upstream UDP service to
proxy traffic to.
properties:
name:
description: Name defines the name of the referenced Kubernetes
Service.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
type: integer
required:
- name

485
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View File

@@ -19,7 +19,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Middleware is a specification for a Middleware resource.
description: 'Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,54 +35,99 @@ spec:
metadata:
type: object
spec:
description: MiddlewareSpec holds the Middleware configuration.
description: MiddlewareSpec defines the desired state of a Middleware.
properties:
addPrefix:
description: AddPrefix holds the AddPrefix configuration.
description: 'AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding
it. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/'
properties:
prefix:
description: Prefix is the string to add before the current path
in the requested URL. It should include a leading slash (/).
type: string
type: object
basicAuth:
description: BasicAuth holds the HTTP basic authentication configuration.
description: 'BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/'
properties:
headerField:
description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
type: string
realm:
description: 'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.'
type: string
removeHeader:
description: 'RemoveHeader sets the removeHeader option to true
to remove the authorization header before forwarding the request
to your service. Default: false.'
type: boolean
secret:
description: Secret is the name of the referenced Kubernetes Secret
containing user credentials.
type: string
type: object
buffering:
description: Buffering holds the request/response buffering configuration.
description: 'Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes'
properties:
maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed
body size for the request (in bytes). If the request exceeds
the allowed size, it is not forwarded to the service, and the
client gets a 413 (Request Entity Too Large) response. Default:
0 (no maximum).'
format: int64
type: integer
maxResponseBodyBytes:
description: 'MaxResponseBodyBytes defines the maximum allowed
response size from the service (in bytes). If the response exceeds
the allowed size, it is not forwarded to the client. The client
gets a 500 (Internal Server Error) response instead. Default:
0 (no maximum).'
format: int64
type: integer
memRequestBodyBytes:
description: 'MemRequestBodyBytes defines the threshold (in bytes)
from which the request will be buffered on disk instead of in
memory. Default: 1048576 (1Mi).'
format: int64
type: integer
memResponseBodyBytes:
description: 'MemResponseBodyBytes defines the threshold (in bytes)
from which the response will be buffered on disk instead of
in memory. Default: 1048576 (1Mi).'
format: int64
type: integer
retryExpression:
description: 'RetryExpression defines the retry conditions. It
is a logical combination of functions with operators AND (&&)
and OR (||). More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression'
type: string
type: object
chain:
description: Chain holds a chain of middlewares.
description: 'Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/chain/'
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
the chain.
items:
description: MiddlewareRef is a ref to the Middleware resources.
description: MiddlewareRef is a reference to a Middleware resource.
properties:
name:
description: Name defines the name of the referenced Middleware
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Middleware resource.
type: string
required:
- name
@@ -89,165 +135,261 @@ spec:
type: array
type: object
circuitBreaker:
description: CircuitBreaker holds the circuit breaker configuration.
description: 'CircuitBreaker holds the circuit breaker middleware
configuration. This middleware protects the system from stacking
requests to unhealthy services, resulting in cascading failures.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/circuitbreaker/'
properties:
expression:
description: Expression defines the expression that, once matched,
opens the circuit breaker and applies the fallback mechanism
instead of calling the services.
type: string
type: object
compress:
description: Compress holds the compress configuration.
description: 'Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/'
properties:
excludedContentTypes:
description: ExcludedContentTypes defines the list of content
types to compare the Content-Type header of the incoming requests
and responses before compressing.
items:
type: string
type: array
minResponseBodyBytes:
description: 'MinResponseBodyBytes defines the minimum amount
of bytes a response body must have to be compressed. Default:
1024.'
type: integer
type: object
contentType:
description: ContentType middleware - or rather its unique `autoDetect`
option - specifies whether to let the `Content-Type` header, if
it has not been set by the backend, be automatically set to a value
derived from the contents of the response. As a proxy, the default
behavior should be to leave the header alone, regardless of what
the backend did with it. However, the historic default was to always
auto-detect and set the header if it was nil, and it is going to
be kept that way in order to support users currently relying on
it. This middleware exists to enable the correct behavior until
at least the default one can be changed in a future version.
description: ContentType holds the content-type middleware configuration.
This middleware exists to enable the correct behavior until at least
the default one can be changed in a future version.
properties:
autoDetect:
description: AutoDetect specifies whether to let the `Content-Type`
header, if it has not been set by the backend, be automatically
set to a value derived from the contents of the response. As
a proxy, the default behavior should be to leave the header
alone, regardless of what the backend did with it. However,
the historic default was to always auto-detect and set the header
if it was nil, and it is going to be kept that way in order
to support users currently relying on it.
type: boolean
type: object
digestAuth:
description: DigestAuth holds the Digest HTTP authentication configuration.
description: 'DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/'
properties:
headerField:
description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield'
type: string
realm:
description: 'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.'
type: string
removeHeader:
description: RemoveHeader defines whether to remove the authorization
header before forwarding the request to the backend.
type: boolean
secret:
description: Secret is the name of the referenced Kubernetes Secret
containing user credentials.
type: string
type: object
errors:
description: ErrorPage holds the custom error page configuration.
description: 'ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/'
properties:
query:
description: Query defines the URL for the error page (hosted
by service). The {status} variable can be used in order to insert
the status code in the URL.
type: string
service:
description: Service defines an upstream to proxy traffic.
description: 'Service defines the reference to a Kubernetes Service
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/errorpages/#service'
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between the
two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host
header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the
forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming
response; for such responses, writes are flushed to
the client immediately. Default: 100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https
when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport between
Traefik and your servers. Can only be used on a Kubernetes
Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can
be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported value
at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be
specified when Name references a TraefikService object (and
to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
description: Status defines which status or range of statuses
should result in an error page. It can be either a status code
as a number (500), as multiple comma-separated numbers (500,502),
as ranges by separating two codes with a dash (500-599), or
a combination of the two (404,418,500-599).
items:
type: string
type: array
type: object
forwardAuth:
description: ForwardAuth holds the http forward authentication configuration.
description: 'ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/'
properties:
address:
description: Address defines the authentication server address.
type: string
authRequestHeaders:
description: AuthRequestHeaders defines the list of the headers
to copy from the request to the authentication server. If not
set or empty then all request headers are passed.
items:
type: string
type: array
authResponseHeaders:
description: AuthResponseHeaders defines the list of headers to
copy from the authentication server response and set on forwarded
request, replacing any existing conflicting headers.
items:
type: string
type: array
authResponseHeadersRegex:
description: 'AuthResponseHeadersRegex defines the regex to match
headers to copy from the authentication server response and
set on forwarded request, after stripping all headers that match
the regex. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex'
type: string
tls:
description: ClientTLS holds TLS specific configurations as client.
description: TLS defines the configuration used to secure the
connection to the authentication server.
properties:
caOptional:
type: boolean
caSecret:
description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate.
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string
certSecret:
description: CertSecret is the name of the referenced Kubernetes
Secret containing the client certificate. The client certificate
is extracted from the keys `tls.crt` and `tls.key`.
type: string
insecureSkipVerify:
description: InsecureSkipVerify defines whether the server
certificates should be validated.
type: boolean
type: object
trustForwardHeader:
description: 'TrustForwardHeader defines whether to trust (ie:
forward) all X-Forwarded-* headers.'
type: boolean
type: object
headers:
description: Headers holds the custom header configuration.
description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More
info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders'
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials is only valid if true.
false is ignored.
description: AccessControlAllowCredentials defines whether the
request can include user credentials.
type: boolean
accessControlAllowHeaders:
description: AccessControlAllowHeaders must be used in response
to a preflight request with Access-Control-Request-Headers set.
description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
values sent in preflight response.
items:
type: string
type: array
accessControlAllowMethods:
description: AccessControlAllowMethods must be used in response
to a preflight request with Access-Control-Request-Method set.
description: AccessControlAllowMethods defines the Access-Control-Request-Method
values sent in preflight response.
items:
type: string
type: array
@@ -264,60 +406,96 @@ spec:
type: string
type: array
accessControlExposeHeaders:
description: AccessControlExposeHeaders sets valid headers for
the response.
description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
values sent in preflight response.
items:
type: string
type: array
accessControlMaxAge:
description: AccessControlMaxAge sets the time that a preflight
description: AccessControlMaxAge defines the time that a preflight
request may be cached.
format: int64
type: integer
addVaryHeader:
description: AddVaryHeader controls if the Vary header is automatically
added/updated when the AccessControlAllowOriginList is set.
description: AddVaryHeader defines whether the Vary header is
automatically added/updated when the AccessControlAllowOriginList
is set.
type: boolean
allowedHosts:
description: AllowedHosts defines the fully qualified list of
allowed domain names.
items:
type: string
type: array
browserXssFilter:
description: BrowserXSSFilter defines whether to add the X-XSS-Protection
header with the value 1; mode=block.
type: boolean
contentSecurityPolicy:
description: ContentSecurityPolicy defines the Content-Security-Policy
header value.
type: string
contentTypeNosniff:
description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
header with the nosniff value.
type: boolean
customBrowserXSSValue:
description: CustomBrowserXSSValue defines the X-XSS-Protection
header value. This overrides the BrowserXssFilter option.
type: string
customFrameOptionsValue:
description: CustomFrameOptionsValue defines the X-Frame-Options
header value. This overrides the FrameDeny option.
type: string
customRequestHeaders:
additionalProperties:
type: string
description: CustomRequestHeaders defines the header names and
values to apply to the request.
type: object
customResponseHeaders:
additionalProperties:
type: string
description: CustomResponseHeaders defines the header names and
values to apply to the response.
type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP.
type: boolean
frameDeny:
description: FrameDeny defines whether to add the X-Frame-Options
header with the DENY value.
type: boolean
hostsProxyHeaders:
description: HostsProxyHeaders defines the header keys that may
hold a proxied hostname value for the request.
items:
type: string
type: array
isDevelopment:
description: IsDevelopment defines whether to mitigate the unwanted
effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost,
not your production domain. If you would like your development
environment to mimic production with complete Host blocking,
SSL redirects, and STS headers, leave this as false.
type: boolean
permissionsPolicy:
description: PermissionsPolicy defines the Permissions-Policy
header value. This allows sites to control browser features.
type: string
publicKey:
description: PublicKey is the public key that implements HPKP
to prevent MITM attacks with forged certificates.
type: string
referrerPolicy:
description: ReferrerPolicy defines the Referrer-Policy header
value. This allows sites to control whether browsers forward
the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
@@ -328,6 +506,10 @@ spec:
sslProxyHeaders:
additionalProperties:
type: string
description: 'SSLProxyHeaders defines the header keys with associated
values that would indicate a valid HTTPS request. It can be
useful when using other proxies (example: "X-Forwarded-Proto":
"https").'
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -338,221 +520,366 @@ spec:
instead.'
type: boolean
stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header.
type: boolean
stsPreload:
description: STSPreload defines whether the preload flag is appended
to the Strict-Transport-Security header.
type: boolean
stsSeconds:
description: STSSeconds defines the max-age of the Strict-Transport-Security
header. If set to 0, the header is not set.
format: int64
type: integer
type: object
inFlightReq:
description: InFlightReq limits the number of requests being processed
and served concurrently.
description: 'InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and
served concurrently. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/'
properties:
amount:
description: Amount defines the maximum amount of allowed simultaneous
in-flight request. The middleware responds with HTTP 429 Too
Many Requests if there are already amount requests in progress
(based on the same sourceCriterion strategy).
format: int64
type: integer
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
description: 'SourceCriterion defines what criterion is used to
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More
info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion'
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
X-Forwarded-For header and select the first IP not in
the list.
items:
type: string
type: array
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
used to group incoming requests.
type: string
requestHost:
description: RequestHost defines whether to consider the request
Host as the source.
type: boolean
type: object
type: object
ipWhiteList:
description: IPWhiteList holds the ip white list configuration.
description: 'IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/'
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
header and select the first IP not in the list.
items:
type: string
type: array
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
passTLSClientCert:
description: PassTLSClientCert holds the TLS client cert headers configuration.
description: 'PassTLSClientCert holds the pass TLS client cert middleware
configuration. This middleware adds the selected data from the passed
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/'
properties:
info:
description: TLSClientCertificateInfo holds the client TLS certificate
info configuration.
description: Info selects the specific client certificate details
you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
issuer:
description: TLSClientCertificateIssuerDNInfo holds the client
TLS certificate distinguished name info configuration. cf
https://tools.ietf.org/html/rfc3739
description: Issuer defines the client certificate issuer
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
description: CommonName defines whether to add the organizationalUnit
information into the issuer.
type: boolean
country:
description: Country defines whether to add the country
information into the issuer.
type: boolean
domainComponent:
description: DomainComponent defines whether to add the
domainComponent information into the issuer.
type: boolean
locality:
description: Locality defines whether to add the locality
information into the issuer.
type: boolean
organization:
description: Organization defines whether to add the organization
information into the issuer.
type: boolean
province:
description: Province defines whether to add the province
information into the issuer.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the serialNumber
information into the issuer.
type: boolean
type: object
notAfter:
description: NotAfter defines whether to add the Not After
information from the Validity part.
type: boolean
notBefore:
description: NotBefore defines whether to add the Not Before
information from the Validity part.
type: boolean
sans:
description: Sans defines whether to add the Subject Alternative
Name information from the Subject Alternative Name part.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the client
serialNumber information.
type: boolean
subject:
description: TLSClientCertificateSubjectDNInfo holds the client
TLS certificate distinguished name info configuration. cf
https://tools.ietf.org/html/rfc3739
description: Subject defines the client certificate subject
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
description: CommonName defines whether to add the organizationalUnit
information into the subject.
type: boolean
country:
description: Country defines whether to add the country
information into the subject.
type: boolean
domainComponent:
description: DomainComponent defines whether to add the
domainComponent information into the subject.
type: boolean
locality:
description: Locality defines whether to add the locality
information into the subject.
type: boolean
organization:
description: Organization defines whether to add the organization
information into the subject.
type: boolean
organizationalUnit:
description: OrganizationalUnit defines whether to add
the organizationalUnit information into the subject.
type: boolean
province:
description: Province defines whether to add the province
information into the subject.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the serialNumber
information into the subject.
type: boolean
type: object
type: object
pem:
description: PEM sets the X-Forwarded-Tls-Client-Cert header with
the escaped certificate.
type: boolean
type: object
plugin:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: 'Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/'
type: object
rateLimit:
description: RateLimit holds the rate limiting configuration for a
given router.
description: 'RateLimit holds the rate limit configuration. This middleware
ensures that services will receive a fair amount of requests, and
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ratelimit/'
properties:
average:
description: Average is the maximum rate, by default in requests/s,
allowed for the given source. It defaults to 0, which means
no rate limiting. The rate is actually defined by dividing Average
by Period. So for a rate below 1req/s, one needs to define a
Period larger than a second.
format: int64
type: integer
burst:
description: Burst is the maximum number of requests allowed to
arrive in the same arbitrarily small period of time. It defaults
to 1.
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
description: 'Period, in combination with Average, defines the
actual maximum rate, such as: r = Average / Period. It defaults
to a second.'
x-kubernetes-int-or-string: true
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote
address field (as an ipStrategy).
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
X-Forwarded-For header and select the first IP not in
the list.
items:
type: string
type: array
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
used to group incoming requests.
type: string
requestHost:
description: RequestHost defines whether to consider the request
Host as the source.
type: boolean
type: object
type: object
redirectRegex:
description: RedirectRegex holds the redirection configuration.
description: 'RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex'
properties:
permanent:
description: Permanent defines whether the redirection is permanent
(301).
type: boolean
regex:
description: Regex defines the regex used to match and capture
elements from the request URL.
type: string
replacement:
description: Replacement defines how to modify the URL to have
the new target URL.
type: string
type: object
redirectScheme:
description: RedirectScheme holds the scheme redirection configuration.
description: 'RedirectScheme holds the redirect scheme middleware
configuration. This middleware redirects requests from a scheme/port
to another. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/'
properties:
permanent:
description: Permanent defines whether the redirection is permanent
(301).
type: boolean
port:
description: Port defines the port of the new URL.
type: string
scheme:
description: Scheme defines the scheme of the new URL.
type: string
type: object
replacePath:
description: ReplacePath holds the ReplacePath configuration.
description: 'ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/'
properties:
path:
description: Path defines the path to use as replacement in the
request URL.
type: string
type: object
replacePathRegex:
description: ReplacePathRegex holds the ReplacePathRegex configuration.
description: 'ReplacePathRegex holds the replace path regex middleware
configuration. This middleware replaces the path of a URL using
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/'
properties:
regex:
description: Regex defines the regular expression used to match
and capture the path from the request URL.
type: string
replacement:
description: Replacement defines the replacement path format,
which can include captured variables.
type: string
type: object
retry:
description: Retry holds the retry configuration.
description: 'Retry holds the retry middleware configuration. This
middleware reissues requests a given number of times to a backend
server if that server does not reply. As soon as the server answers,
the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/'
properties:
attempts:
description: Attempts defines how many times the request should
be retried.
type: integer
initialInterval:
anyOf:
- type: integer
- type: string
description: InitialInterval defines the first wait time in the
exponential backoff series. The maximum interval is calculated
as twice the initialInterval. If unspecified, requests will
be retried immediately. The value of initialInterval should
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true
type: object
stripPrefix:
description: StripPrefix holds the StripPrefix configuration.
description: 'StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/'
properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
type: boolean
prefixes:
description: Prefixes defines the prefixes to strip from the request
URL.
items:
type: string
type: array
type: object
stripPrefixRegex:
description: StripPrefixRegex holds the StripPrefixRegex configuration.
description: 'StripPrefixRegex holds the strip prefix regex middleware
configuration. This middleware removes the matching prefixes from
the URL path. More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/'
properties:
regex:
description: Regex defines the regular expression to match the
path prefix from the request URL.
items:
type: string
type: array

14
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
View File

@@ -19,7 +19,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.7/middlewares/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,19 +35,24 @@ spec:
metadata:
type: object
spec:
description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
properties:
inFlightConn:
description: TCPInFlightConn holds the TCP in flight connection configuration.
description: InFlightConn defines the InFlightConn middleware configuration.
properties:
amount:
description: Amount defines the maximum amount of allowed simultaneous
connections. The middleware closes the connection if there are
already amount connections opened.
format: int64
type: integer
type: object
ipWhiteList:
description: TCPIPWhiteList holds the TCP ip white list configuration.
description: IPWhiteList defines the IPWhiteList middleware configuration.
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
allowed IPs by using CIDR notation).
items:
type: string
type: array

40
docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
View File

@@ -19,7 +19,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ServersTransport is a specification for a ServersTransport resource.
description: 'ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/services/#serverstransport_1'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,27 +37,28 @@ spec:
metadata:
type: object
spec:
description: ServersTransportSpec options to configure communication between
Traefik and the servers.
description: ServersTransportSpec defines the desired state of a ServersTransport.
properties:
certificatesSecrets:
description: Certificates for mTLS.
description: CertificatesSecrets defines a list of secret storing
client certificates for mTLS.
items:
type: string
type: array
disableHTTP2:
description: Disable HTTP/2 for connections with backend servers.
description: DisableHTTP2 disables HTTP/2 for connections with backend
servers.
type: boolean
forwardingTimeouts:
description: Timeouts for requests forwarded to the backend servers.
description: ForwardingTimeouts defines the timeouts for requests
forwarded to the backend servers.
properties:
dialTimeout:
anyOf:
- type: integer
- type: string
description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established. If zero,
no timeout exists.
connection to a backend server can be established.
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
@@ -77,7 +81,7 @@ spec:
- type: string
description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received
on the HTTP/2 connection. If zero, no health check is performed.
on the HTTP/2 connection.
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
@@ -85,27 +89,29 @@ spec:
- type: string
description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request
(including its body, if any). If zero, no timeout exists.
(including its body, if any).
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
description: Disable SSL certificate verification.
description: InsecureSkipVerify disables SSL certificate verification.
type: boolean
maxIdleConnsPerHost:
description: If non-zero, controls the maximum idle (keep-alive) to
keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host.
type: integer
peerCertURI:
description: URI used to match against SAN URI during the peer certificate
verification.
description: PeerCertURI defines the peer cert URI used to match against
SAN URI during the peer certificate verification.
type: string
rootCAsSecrets:
description: Add cert file for self-signed certificate.
description: RootCAsSecrets defines a list of CA secret used to validate
self-signed certificate.
items:
type: string
type: array
serverName:
description: ServerName used to contact the server.
description: ServerName defines the server name used to contact the
server.
type: string
type: object
required:

32
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
View File

@@ -19,7 +19,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSOption is a specification for a TLSOption resource.
description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
allowing to configure some parameters of the TLS connection. More info:
https://doc.traefik.io/traefik/v2.7/https/tls/#tls-options'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,19 +36,24 @@ spec:
metadata:
type: object
spec:
description: TLSOptionSpec configures TLS for an entry point.
description: TLSOptionSpec defines the desired state of a TLSOption.
properties:
alpnProtocols:
description: 'ALPNProtocols defines the list of supported application
level protocols for the TLS handshake, in order of preference. More
info: https://doc.traefik.io/traefik/v2.7/https/tls/#alpn-protocols'
items:
type: string
type: array
cipherSuites:
description: 'CipherSuites defines the list of supported cipher suites
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#cipher-suites'
items:
type: string
type: array
clientAuth:
description: ClientAuth defines the parameters of the client authentication
part of the TLS connection, if any.
description: ClientAuth defines the server's policy for TLS Client
Authentication.
properties:
clientAuthType:
description: ClientAuthType defines the client authentication
@@ -59,23 +66,36 @@ spec:
- RequireAndVerifyClientCert
type: string
secretNames:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
description: SecretNames defines the names of the referenced Kubernetes
Secret storing certificate details.
items:
type: string
type: array
type: object
curvePreferences:
description: 'CurvePreferences defines the preferred elliptic curves
in a specific order. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#curve-preferences'
items:
type: string
type: array
maxVersion:
description: 'MaxVersion defines the maximum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: None.'
type: string
minVersion:
description: 'MinVersion defines the minimum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.'
type: string
preferServerCipherSuites:
description: PreferServerCipherSuites defines whether the server chooses
a cipher suite among his own instead of among the client's. It is
enabled automatically when minVersion or maxVersion are set.
type: boolean
sniStrict:
description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension.
type: boolean
type: object
required:

10
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
View File

@@ -19,7 +19,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSStore is a specification for a TLSStore resource.
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
the time being, only the TLSStore named default is supported. This means
that you cannot have two stores that are named default in different Kubernetes
namespaces. More info: https://doc.traefik.io/traefik/v2.7/https/tls/#certificates-stores'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,11 +37,10 @@ spec:
metadata:
type: object
spec:
description: TLSStoreSpec configures a TLSStore resource.
description: TLSStoreSpec defines the desired state of a TLSStore.
properties:
defaultCertificate:
description: DefaultCertificate holds a secret name for the TLSOption
resource.
description: DefaultCertificate defines the default certificate configuration.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes

213
docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
View File

@@ -19,10 +19,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TraefikService is the specification for a service (that an IngressRoute
refers to) that is usually not a terminal service (i.e. not a pod of servers),
as opposed to a Kubernetes Service. That is to say, it usually refers to
other (children) services, which themselves can be TraefikServices or Services.
description: 'TraefikService is the CRD implementation of a Traefik Service.
TraefikService object allows to: - Apply weight to Services on load-balancing -
Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#kind-traefikservice'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -37,220 +36,332 @@ spec:
metadata:
type: object
spec:
description: ServiceSpec defines whether a TraefikService is a load-balancer
of services or a mirroring service.
description: TraefikServiceSpec defines the desired state of a TraefikService.
properties:
mirroring:
description: Mirroring defines a mirroring service, which is composed
of a main load-balancer, and a list of mirrors.
description: Mirroring defines the Mirroring service configuration.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
maxBodySize:
description: MaxBodySize defines the maximum size allowed for
the body of the request. If the body is larger, the request
is not mirrored. Default value is -1, which means unlimited
size.
format: int64
type: integer
mirrors:
description: Mirrors defines the list of mirrors where Traefik
will duplicate the traffic.
items:
description: MirrorService defines one of the mirrors of a Mirroring
service.
description: MirrorService holds the mirror configuration.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between
the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host
header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
percent:
description: 'Percent defines the part of the traffic to
mirror. Supported values: 0 to 100.'
type: integer
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https
when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport
between Traefik and your servers. Can only be used on
a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported
value at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be
specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService object
(service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between the two
is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host header
is forwarded to the upstream Kubernetes Service. By default,
passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service. This
can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the forward
of the response.
description: ResponseForwarding defines how Traefik forwards the
response from the upstream Kubernetes Service to the client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https when
Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport between
Traefik and your servers. Can only be used on a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can only
be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy between
the servers. RoundRobin is the only supported value at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be specified
when Name references a TraefikService object (and to be precise,
one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
weighted:
description: WeightedRoundRobin defines a load-balancer of services.
description: Weighted defines the Weighted Round Robin configuration.
properties:
services:
description: Services defines the list of Kubernetes Service and/or
TraefikService to load-balance, with weight.
items:
description: Service defines an upstream to proxy traffic.
description: Service defines an upstream HTTP service to proxy
traffic to.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between
the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host
header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https
when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport
between Traefik and your servers. Can only be used on
a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.7/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported
value at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be
specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.7/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can only
be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object

54
docs/content/reference/static-configuration/cli-ref.md
View File

@@ -183,6 +183,9 @@ Timeout defines how long to wait on an idle session before releasing the related
`--experimental.http3`:
Enable HTTP3. (Default: ```false```)
`--experimental.hub`:
Enable the Traefik Hub provider. (Default: ```false```)
`--experimental.kubernetesgateway`:
Allow the Kubernetes gateway api provider usage. (Default: ```false```)
@@ -216,6 +219,21 @@ resolv.conf used for DNS resolving (Default: ```/etc/resolv.conf```)
`--hostresolver.resolvdepth`:
The maximal depth of DNS recursive resolving (Default: ```5```)
`--hub`:
Traefik Hub configuration. (Default: ```false```)
`--hub.tls.ca`:
The certificate authority authenticates the Traefik Hub Agent certificate.
`--hub.tls.cert`:
The TLS certificate for Traefik Proxy as a TLS client.
`--hub.tls.insecure`:
Enables an insecure TLS connection that uses default credentials, and which has no peer authentication between Traefik Proxy and the Traefik Hub Agent. (Default: ```false```)
`--hub.tls.key`:
The TLS key for Traefik Proxy as a TLS client.
`--log`:
Traefik log settings. (Default: ```false```)
@@ -285,6 +303,36 @@ InfluxDB retention policy used when protocol is http.
`--metrics.influxdb.username`:
InfluxDB username (only with http).
`--metrics.influxdb2`:
InfluxDB v2 metrics exporter type. (Default: ```false```)
`--metrics.influxdb2.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```)
`--metrics.influxdb2.additionallabels.<name>`:
Additional labels (influxdb tags) on all metrics
`--metrics.influxdb2.address`:
InfluxDB v2 address. (Default: ```http://localhost:8086```)
`--metrics.influxdb2.addrouterslabels`:
Enable metrics on routers. (Default: ```false```)
`--metrics.influxdb2.addserviceslabels`:
Enable metrics on services. (Default: ```true```)
`--metrics.influxdb2.bucket`:
InfluxDB v2 bucket ID.
`--metrics.influxdb2.org`:
InfluxDB v2 org ID.
`--metrics.influxdb2.pushinterval`:
InfluxDB v2 push interval. (Default: ```10```)
`--metrics.influxdb2.token`:
InfluxDB v2 access token.
`--metrics.prometheus`:
Prometheus metrics exporter type. (Default: ```false```)
@@ -456,6 +504,9 @@ Name of the Traefik service in Consul Catalog (needs to be registered via the or
`--providers.consulcatalog.stale`:
Use stale consistency for catalog reads. (Default: ```false```)
`--providers.consulcatalog.watch`:
Watch Consul API events. (Default: ```false```)
`--providers.docker`:
Enable Docker backend with default settings. (Default: ```false```)
@@ -615,6 +666,9 @@ Enable Kubernetes backend with default settings. (Default: ```false```)
`--providers.kubernetescrd.allowcrossnamespace`:
Allow cross namespace resource reference. (Default: ```false```)
`--providers.kubernetescrd.allowemptyservices`:
Allow the creation of services without endpoints. (Default: ```false```)
`--providers.kubernetescrd.allowexternalnameservices`:
Allow ExternalName services. (Default: ```false```)

54
docs/content/reference/static-configuration/env-ref.md
View File

@@ -183,6 +183,9 @@ Timeout defines how long to wait on an idle session before releasing the related
`TRAEFIK_EXPERIMENTAL_HTTP3`:
Enable HTTP3. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_HUB`:
Enable the Traefik Hub provider. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_KUBERNETESGATEWAY`:
Allow the Kubernetes gateway api provider usage. (Default: ```false```)
@@ -216,6 +219,21 @@ resolv.conf used for DNS resolving (Default: ```/etc/resolv.conf```)
`TRAEFIK_HOSTRESOLVER_RESOLVDEPTH`:
The maximal depth of DNS recursive resolving (Default: ```5```)
`TRAEFIK_HUB`:
Traefik Hub configuration. (Default: ```false```)
`TRAEFIK_HUB_TLS_CA`:
The certificate authority authenticates the Traefik Hub Agent certificate.
`TRAEFIK_HUB_TLS_CERT`:
The TLS certificate for Traefik Proxy as a TLS client.
`TRAEFIK_HUB_TLS_INSECURE`:
Enables an insecure TLS connection that uses default credentials, and which has no peer authentication between Traefik Proxy and the Traefik Hub Agent. (Default: ```false```)
`TRAEFIK_HUB_TLS_KEY`:
The TLS key for Traefik Proxy as a TLS client.
`TRAEFIK_LOG`:
Traefik log settings. (Default: ```false```)
@@ -252,6 +270,36 @@ Datadog push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB`:
InfluxDB metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_INFLUXDB2`:
InfluxDB v2 metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_INFLUXDB2_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_INFLUXDB2_ADDITIONALLABELS_<NAME>`:
Additional labels (influxdb tags) on all metrics
`TRAEFIK_METRICS_INFLUXDB2_ADDRESS`:
InfluxDB v2 address. (Default: ```http://localhost:8086```)
`TRAEFIK_METRICS_INFLUXDB2_ADDROUTERSLABELS`:
Enable metrics on routers. (Default: ```false```)
`TRAEFIK_METRICS_INFLUXDB2_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_INFLUXDB2_BUCKET`:
InfluxDB v2 bucket ID.
`TRAEFIK_METRICS_INFLUXDB2_ORG`:
InfluxDB v2 org ID.
`TRAEFIK_METRICS_INFLUXDB2_PUSHINTERVAL`:
InfluxDB v2 push interval. (Default: ```10```)
`TRAEFIK_METRICS_INFLUXDB2_TOKEN`:
InfluxDB v2 access token.
`TRAEFIK_METRICS_INFLUXDB_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
@@ -423,6 +471,9 @@ Name of the Traefik service in Consul Catalog (needs to be registered via the or
`TRAEFIK_PROVIDERS_CONSULCATALOG_STALE`:
Use stale consistency for catalog reads. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_WATCH`:
Watch Consul API events. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`:
KV store endpoints (Default: ```127.0.0.1:8500```)
@@ -615,6 +666,9 @@ Enable Kubernetes backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWCROSSNAMESPACE`:
Allow cross namespace resource reference. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWEMPTYSERVICES`:
Allow the creation of services without endpoints. (Default: ```false```)
`TRAEFIK_PROVIDERS_KUBERNETESCRD_ALLOWEXTERNALNAMESERVICES`:
Allow ExternalName services. (Default: ```false```)

21
docs/content/reference/static-configuration/file.toml
View File

@@ -122,6 +122,7 @@
allowExternalNameServices = true
labelSelector = "foobar"
ingressClass = "foobar"
allowEmptyServices = true
throttleDuration = "42s"
[providers.kubernetesGateway]
endpoint = "foobar"
@@ -154,6 +155,7 @@
connectByDefault = true
serviceName = "foobar"
namespace = "foobar"
watch = true
[providers.consulCatalog.endpoint]
address = "foobar"
scheme = "foobar"
@@ -285,6 +287,17 @@
addServicesLabels = true
[metrics.influxDB.additionalLabels]
foobar = "foobar"
[metrics.influxDB2]
address = "foobar"
token = "foobar"
pushInterval = "42s"
org = "foobar"
bucket = "foobar"
addEntryPointsLabels = true
addRoutersLabels = true
addServicesLabels = true
[metrics.influxDB2.additionalLabels]
foobar = "foobar"
[ping]
entryPoint = "foobar"
@@ -412,9 +425,17 @@
token = "foobar"
dashboard = true
[hub]
[hub.tls]
insecure = true
ca = "foobar"
cert = "foobar"
key = "foobar"
[experimental]
kubernetesGateway = true
http3 = true
hub = true
[experimental.plugins]
[experimental.plugins.Descriptor0]
moduleName = "foobar"

21
docs/content/reference/static-configuration/file.yaml
View File

@@ -133,6 +133,7 @@ providers:
labelSelector: foobar
ingressClass: foobar
throttleDuration: 42s
allowEmptyServices: true
kubernetesGateway:
endpoint: foobar
token: foobar
@@ -166,6 +167,7 @@ providers:
connectByDefault: true
serviceName: foobar
namespace: foobar
watch: true
endpoint:
address: foobar
scheme: foobar
@@ -307,6 +309,18 @@ metrics:
addServicesLabels: true
additionalLabels:
foobar: foobar
influxDB2:
address: foobar
token: foobar
pushInterval: 42s
org: foobar
bucket: foobar
addEntryPointsLabels: true
addRoutersLabels: true
addServicesLabels: true
additionalLabels:
foobar: foobar
ping:
entryPoint: foobar
manualRouting: true
@@ -432,9 +446,16 @@ certificatesResolvers:
pilot:
token: foobar
dashboard: true
hub:
tls:
insecure: true
ca: foobar
cert: foobar
key: foobar
experimental:
kubernetesGateway: true
http3: true
hub: true
plugins:
Descriptor0:
moduleName: foobar

2
docs/content/routing/entrypoints.md
View File

@@ -774,7 +774,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
??? info "`entryPoint.priority`"
_Optional, Default=1_
_Optional, Default=MaxInt32-1 (2147483646)_
Priority of the generated router.

3
docs/content/routing/providers/consul-catalog.md
View File

@@ -104,7 +104,8 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
```
??? info "`traefik.http.routers.<router_name>.priority`"
<!-- TODO doc priority in routers page -->
See [priority](../routers/index.md#priority) for more information.
```yaml
traefik.http.routers.myrouter.priority=42

8
docs/content/routing/providers/docker.md
View File

@@ -543,6 +543,14 @@ You can declare TCP Routers and/or Services using labels.
- "traefik.tcp.routers.mytcprouter.tls.passthrough=true"
```
??? info "`traefik.tcp.routers.<router_name>.priority`"
See [priority](../routers/index.md#priority_1) for more information.
```yaml
- "traefik.tcp.routers.myrouter.priority=42"
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"

8
docs/content/routing/providers/ecs.md
View File

@@ -384,6 +384,14 @@ You can declare TCP Routers and/or Services using labels.
traefik.tcp.routers.mytcprouter.tls.passthrough=true
```
??? info "`traefik.tcp.routers.<router_name>.priority`"
See [priority](../routers/index.md#priority_1) for more information.
```yaml
traefik.tcp.routers.myrouter.priority=42
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"

255
docs/content/routing/providers/kubernetes-crd.md
View File

@@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.6
image: traefik:v2.7
args:
- --log.level=DEBUG
- --api
@@ -298,10 +298,10 @@ You can find an excerpt of the available custom resources in the table below:
| Kind | Purpose | Concept Behind |
|--------------------------------------------|--------------------------------------------------------------------|----------------------------------------------------------------|
| [IngressRoute](#kind-ingressroute) | HTTP Routing | [HTTP router](../routers/index.md#configuring-http-routers) |
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
| [TraefikService](#kind-traefikservice) | Abstraction for HTTP loadbalancing/mirroring | [HTTP service](../services/index.md#configuring-http-services) |
| [IngressRouteTCP](#kind-ingressroutetcp) | TCP Routing | [TCP router](../routers/index.md#configuring-tcp-routers) |
| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
| [IngressRouteUDP](#kind-ingressrouteudp) | UDP Routing | [UDP router](../routers/index.md#configuring-udp-routers) |
| [TLSOptions](#kind-tlsoption) | Allows to configure some parameters of the TLS connection | [TLSOptions](../../https/tls.md#tls-options) |
| [TLSStores](#kind-tlsstore) | Allows to configure the default TLS store | [TLSStores](../../https/tls.md#certificates-stores) |
@@ -362,27 +362,27 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
- b.example.net
```
| Ref | Attribute | Purpose |
|------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
| [4] | `routes[n].priority` | [Disambiguate](../routers/index.md#priority) rules of the same length, for route matching |
| [5] | `routes[n].middlewares` | List of reference to [Middleware](#kind-middleware) |
| [6] | `middlewares[n].name` | Defines the [Middleware](#kind-middleware) name |
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| Ref | Attribute | Purpose |
|------|--------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entry points](../routers/index.md#entrypoints) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule) corresponding to an underlying router. |
| [4] | `routes[n].priority` | Defines the [priority](../routers/index.md#priority) to disambiguate rules of the same length, for route matching |
| [5] | `routes[n].middlewares` | List of reference to [Middleware](#kind-middleware) |
| [6] | `middlewares[n].name` | Defines the [Middleware](#kind-middleware) name |
| [7] | `middlewares[n].namespace` | Defines the [Middleware](#kind-middleware) namespace |
| [8] | `routes[n].services` | List of any combination of [TraefikService](#kind-traefikservice) and reference to a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) (See below for `ExternalName Service` setup) |
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [10] | `services[n].serversTransport` | Defines the reference to a [ServersTransport](#kind-serverstransport). The ServersTransport namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace (see [ServersTransport reference](#serverstransport-reference)). |
| [11] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [18] | `domains[n].main` | Defines the main domain name |
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
| [11] | `tls` | Defines [TLS](../routers/index.md#tls) certificate configuration |
| [12] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [13] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [14] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [15] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [16] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver) |
| [17] | `tls.domains` | List of [domains](../routers/index.md#domains) |
| [18] | `domains[n].main` | Defines the main domain name |
| [19] | `domains[n].sans` | List of SANs (alternative domains) |
??? example "Declaring an IngressRoute"
@@ -583,6 +583,62 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
- port: 80
```
#### Load Balancing
More information in the dedicated server [load balancing](../services/index.md#load-balancing) section.
!!! info "Declaring and using Kubernetes Service Load Balancing"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
- name: svc1
namespace: default
- name: svc2
namespace: default
```
```yaml tab="K8s Service"
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app1
---
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app2
```
### Kind: `Middleware`
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/http/overview.md).
@@ -642,7 +698,7 @@ More information about available middlewares in the dedicated [middlewares secti
Register the `TraefikService` [kind](../../reference/dynamic-configuration/kubernetes-crd.md#definitions) in the Kubernetes cluster before creating `TraefikService` objects,
referencing services in the [`IngressRoute`](#kind-ingressroute) objects, or recursively in others `TraefikService` objects.
!!! info "Disambiguate Traefik and Kubernetes Services "
!!! info "Disambiguate Traefik and Kubernetes Services"
As the field `name` can reference different types of objects, use the field `kind` to avoid any ambiguity.
@@ -653,65 +709,8 @@ referencing services in the [`IngressRoute`](#kind-ingressroute) objects, or rec
`TraefikService` object allows to use any (valid) combinations of:
* servers [load balancing](#server-load-balancing).
* services [Weighted Round Robin](#weighted-round-robin) load balancing.
* services [mirroring](#mirroring).
#### Server Load Balancing
More information in the dedicated server [load balancing](../services/index.md#load-balancing) section.
??? "Declaring and Using Server Load Balancing"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
- name: svc1
namespace: default
- name: svc2
namespace: default
```
```yaml tab="K8s Service"
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app1
---
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app2
```
* [Weighted Round Robin](#weighted-round-robin) load balancing.
* [Mirroring](#mirroring).
#### Weighted Round Robin
@@ -1074,7 +1073,7 @@ and there is a second level because each whoami service is a `replicaset` and is
assuming `10.42.0.6` is the IP address of one of the replicas (a pod then) of the `whoami1` service.
### Kind `IngressRouteTCP`
### Kind: `IngressRouteTCP`
`IngressRouteTCP` is the CRD implementation of a [Traefik TCP router](../routers/index.md#configuring-tcp-routers).
@@ -1093,54 +1092,56 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
- footcp
routes: # [2]
- match: HostSNI(`*`) # [3]
priority: 10 # [4]
middlewares:
- name: middleware1 # [4]
namespace: default # [5]
services: # [6]
- name: foo # [7]
port: 8080 # [8]
weight: 10 # [9]
terminationDelay: 400 # [10]
proxyProtocol: # [11]
version: 1 # [12]
tls: # [13]
secretName: supersecret # [14]
options: # [15]
name: opt # [16]
namespace: default # [17]
certResolver: foo # [18]
domains: # [19]
- main: example.net # [20]
sans: # [21]
- name: middleware1 # [5]
namespace: default # [6]
services: # [7]
- name: foo # [8]
port: 8080 # [9]
weight: 10 # [10]
terminationDelay: 400 # [11]
proxyProtocol: # [12]
version: 1 # [13]
tls: # [14]
secretName: supersecret # [15]
options: # [16]
name: opt # [17]
namespace: default # [18]
certResolver: foo # [19]
domains: # [20]
- main: example.net # [21]
sans: # [22]
- a.example.net
- b.example.net
passthrough: false # [22]
passthrough: false # [23]
```
| Ref | Attribute | Purpose |
|------|--------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `entryPoints` | List of [entrypoints](../routers/index.md#entrypoints_1) names |
| [2] | `routes` | List of routes |
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule_1) corresponding to an underlying router |
| [4] | `middlewares[n].name` | Defines the [MiddlewareTCP](#kind-middlewaretcp) name |
| [5] | `middlewares[n].namespace` | Defines the [MiddlewareTCP](#kind-middlewaretcp) namespace |
| [6] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [7] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [8] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [9] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| [10] | `services[n].terminationDelay` | corresponds to the deadline that the proxy sets, after one of its connected peers indicates it has closed the writing capability of its connection, to close the reading capability as well, hence fully terminating the connection. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the reading capability is never closed). |
| [11] | `proxyProtocol` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) configuration |
| [12] | `version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
| [13] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [14] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [15] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [16] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [17] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [18] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [19] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [20] | `domains[n].main` | Defines the main domain name |
| [21] | `domains[n].sans` | List of SANs (alternative domains) |
| [22] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
| [3] | `routes[n].match` | Defines the [rule](../routers/index.md#rule_1) of the underlying router |
| [4] | `routes[n].priority` | Defines the [priority](../routers/index.md#priority_1) to disambiguate rules of the same length, for route matching |
| [5] | `middlewares[n].name` | Defines the [MiddlewareTCP](#kind-middlewaretcp) name |
| [6] | `middlewares[n].namespace` | Defines the [MiddlewareTCP](#kind-middlewaretcp) namespace |
| [7] | `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions (See below for `ExternalName Service` setup) |
| [8] | `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) |
| [9] | `services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. |
| [10] | `services[n].weight` | Defines the weight to apply to the server load balancing |
| [11] | `services[n].terminationDelay` | corresponds to the deadline that the proxy sets, after one of its connected peers indicates it has closed the writing capability of its connection, to close the reading capability as well, hence fully terminating the connection. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the reading capability is never closed). |
| [12] | `proxyProtocol` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) configuration |
| [13] | `version` | Defines the [PROXY protocol](../services/index.md#proxy-protocol) version |
| [14] | `tls` | Defines [TLS](../routers/index.md#tls_1) certificate configuration |
| [15] | `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace) |
| [16] | `tls.options` | Defines the reference to a [TLSOption](#kind-tlsoption) |
| [17] | `options.name` | Defines the [TLSOption](#kind-tlsoption) name |
| [18] | `options.namespace` | Defines the [TLSOption](#kind-tlsoption) namespace |
| [19] | `tls.certResolver` | Defines the reference to a [CertResolver](../routers/index.md#certresolver_1) |
| [20] | `tls.domains` | List of [domains](../routers/index.md#domains_1) |
| [21] | `domains[n].main` | Defines the main domain name |
| [22] | `domains[n].sans` | List of SANs (alternative domains) |
| [23] | `tls.passthrough` | If `true`, delegates the TLS termination to the backend |
??? example "Declaring an IngressRouteTCP"
@@ -1156,6 +1157,7 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
routes:
# Match is the rule corresponding to an underlying router.
- match: HostSNI(`*`)
priority: 10
services:
- name: foo
port: 8080
@@ -1324,7 +1326,7 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
More information about available TCP middlewares in the dedicated [middlewares section](../../middlewares/tcp/overview.md).
### Kind `IngressRouteUDP`
### Kind: `IngressRouteUDP`
`IngressRouteUDP` is the CRD implementation of a [Traefik UDP router](../routers/index.md#configuring-udp-routers).
@@ -1613,9 +1615,8 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
!!! important "Default TLS Store"
Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores).
This means that if you have two stores that are named default in different kubernetes namespaces,
they may be randomly chosen.
For the time being, please only configure one TLSSTore named default.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
For the time being, please only configure one TLSStore named default.
!!! info "TLSStore Attributes"

30
docs/content/routing/providers/kubernetes-gateway.md
View File

@@ -18,7 +18,7 @@ The Kubernetes Gateway API, The Experimental Way. {: .subtitle }
```yaml tab="Whoami Service"
--8<-- "content/reference/dynamic-configuration/kubernetes-whoami-svc.yml"
```
```yaml tab="Traefik Service"
--8<-- "content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml"
```
@@ -44,14 +44,14 @@ You can find an excerpt of the supported Kubernetes Gateway API resources in the
| [GatewayClass](#kind-gatewayclass) | Defines a set of Gateways that share a common configuration and behaviour | [GatewayClass](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/gatewayclass) |
| [Gateway](#kind-gateway) | Describes how traffic can be translated to Services within the cluster | [Gateway](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/gateway) |
| [HTTPRoute](#kind-httproute) | HTTP rules for mapping requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/httproute) |
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/concepts/api-overview/#tcproute-and-udproute)|
| [TCPRoute](#kind-tcproute) | Allows mapping TCP requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/guides/tcp/)|
| [TLSRoute](#kind-tlsroute) | Allows mapping TLS requests from a Gateway to Kubernetes Services | [Route](https://gateway-api.sigs.k8s.io/v1alpha2/guides/tls/)|
### Kind: `GatewayClass`
`GatewayClass` is cluster-scoped resource defined by the infrastructure provider. This resource represents a class of
Gateways that can be instantiated. More details on the
GatewayClass [official documentation](https://gateway-api.sigs.k8s.io/v1alpha1/api-types/gatewayclass/).
GatewayClass [official documentation](https://gateway-api.sigs.k8s.io/v1alpha2/api-types/gatewayclass/).
The `GatewayClass` should be declared by the infrastructure provider, otherwise please register the `GatewayClass`
[definition](../../reference/dynamic-configuration/kubernetes-gateway.md#definitions) in the Kubernetes cluster before
@@ -101,7 +101,7 @@ Depending on the Listener Protocol, different modes and Route types are supporte
gatewayClassName: my-gateway-class # [1]
listeners: # [2]
- name: http # [3]
protocol: HTTP # [4]
protocol: HTTP # [4]
port: 80 # [5]
allowedRoutes: # [9]
kinds:
@@ -109,7 +109,7 @@ Depending on the Listener Protocol, different modes and Route types are supporte
namespaces:
from: Selector # [11]
selector: # [12]
matchLabels:
matchLabels:
app: foo
```
@@ -123,7 +123,7 @@ Depending on the Listener Protocol, different modes and Route types are supporte
gatewayClassName: my-gateway-class # [1]
listeners: # [2]
- name: https # [3]
protocol: HTTPS # [4]
protocol: HTTPS # [4]
port: 443 # [5]
tls: # [7]
certificateRefs: # [8]
@@ -135,7 +135,7 @@ Depending on the Listener Protocol, different modes and Route types are supporte
namespaces:
from: Selector # [11]
selector: # [12]
matchLabels:
matchLabels:
app: foo
```
@@ -149,15 +149,15 @@ Depending on the Listener Protocol, different modes and Route types are supporte
gatewayClassName: my-gateway-class # [1]
listeners: # [2]
- name: tcp # [3]
protocol: TCP # [4]
protocol: TCP # [4]
port: 8000 # [5]
allowedRoutes: # [9]
kinds:
- kind: TCPRoute # [10]
- kind: TCPRoute # [10]
namespaces:
from: Selector # [11]
selector: # [12]
matchLabels:
matchLabels:
app: footcp
```
@@ -171,7 +171,7 @@ Depending on the Listener Protocol, different modes and Route types are supporte
gatewayClassName: my-gateway-class # [1]
listeners: # [2]
- name: tls # [3]
protocol: TLS # [4]
protocol: TLS # [4]
port: 443 # [5]
hostname: foo.com # [6]
tls: # [7]
@@ -184,7 +184,7 @@ Depending on the Listener Protocol, different modes and Route types are supporte
namespaces:
from: Selector # [11]
selector: # [12]
matchLabels:
matchLabels:
app: footcp
```
@@ -222,7 +222,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
parentRefs: # [1]
- name: my-tcp-gateway # [2]
namespace: default # [3]
sectionName: tcp # [4]
sectionName: tcp # [4]
hostnames: # [5]
- whoami
rules: # [6]
@@ -329,7 +329,7 @@ Kubernetes cluster before creating `TLSRoute` objects.
namespace: default # [3]
sectionName: tcp # [4]
hostnames: # [5]
- whoami
- whoami
rules: # [6]
- backendRefs: # [7]
- name: whoamitcp # [8]

6
docs/content/routing/providers/kubernetes-ingress.md
View File

@@ -146,7 +146,7 @@ which in turn will create the resulting routers, services, handlers, etc.
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.6
image: traefik:v2.7
args:
- --entrypoints.web.address=:80
- --providers.kubernetesingress
@@ -537,7 +537,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.6
image: traefik:v2.7
args:
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls
@@ -746,7 +746,7 @@ For more options, please refer to the available [annotations](#on-ingress).
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.6
image: traefik:v2.7
args:
- --entrypoints.websecure.address=:443
- --providers.kubernetesingress

9
docs/content/routing/providers/kv.md
View File

@@ -371,7 +371,6 @@ You can declare TCP Routers and/or Services using KV.
| Key (Path) | Value |
|-----------------------------------------------|----------|
| `traefik/tcp/routers/mytcprouter/tls/options` | `foobar` |
??? info "`traefik/tcp/routers/<router_name>/tls/passthrough`"
@@ -381,6 +380,14 @@ You can declare TCP Routers and/or Services using KV.
|---------------------------------------------------|--------|
| `traefik/tcp/routers/mytcprouter/tls/passthrough` | `true` |
??? info "`traefik/tcp/routers/<router_name>/priority`"
See [priority](../routers/index.md#priority_1) for more information.
| Key (Path) | Value |
|------------------------------------------|-------|
| `traefik/tcp/routers/myrouter/priority` | `42` |
#### TCP Services
??? info "`traefik/tcp/services/<service_name>/loadbalancer/servers/<n>/url`"

8
docs/content/routing/providers/marathon.md
View File

@@ -417,6 +417,14 @@ You can declare TCP Routers and/or Services using labels.
"traefik.tcp.routers.mytcprouter.tls.passthrough": "true"
```
??? info "`traefik.tcp.routers.<router_name>.priority`"
See [priority](../routers/index.md#priority_1) for more information.
```json
"traefik.tcp.routers.myrouter.priority": "42"
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"

8
docs/content/routing/providers/rancher.md
View File

@@ -420,6 +420,14 @@ You can declare TCP Routers and/or Services using labels.
- "traefik.tcp.routers.mytcprouter.tls.passthrough=true"
```
??? info "`traefik.tcp.routers.<router_name>.priority`"
See [priority](../routers/index.md#priority_1) for more information.
```yaml
- "traefik.tcp.routers.myrouter.priority=42"
```
#### TCP Services
??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"

161
docs/content/routing/routers/index.md
View File

@@ -217,7 +217,7 @@ If the rule is verified, the router becomes active, calls middlewares, and then
??? tip "Backticks or Quotes?"
To set the value of a rule, use [backticks](https://en.wiktionary.org/wiki/backtick) ``` ` ``` or escaped double-quotes `\"`.
Single quotes `'` are not accepted as values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).
Single quotes `'` are not accepted since the values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).
!!! example "Host is example.com"
@@ -262,11 +262,12 @@ The table below lists all the available matchers:
!!! info "Combining Matchers Using Operators and Parenthesis"
You can combine multiple matchers using the AND (`&&`) and OR (`||`) operators. You can also use parenthesis.
The usual AND (`&&`) and OR (`||`) logical operators can be used, with the expected precedence rules,
as well as parentheses.
!!! info "Invert a matcher"
!!! info "Inverting a matcher"
You can invert a matcher by using the `!` operator.
One can invert a matcher by using the `!` operator.
!!! important "Rule, Middleware, and Services"
@@ -672,6 +673,21 @@ If no matching route is found for the TCP routers, then the HTTP routers will ta
If not specified, TCP routers will accept requests from all defined entry points.
If you want to limit the router scope to a set of entry points, set the entry points option.
??? info "How to handle Server First protocols?"
To correctly handle a request, Traefik needs to wait for the first
few bytes to arrive before it can decide what to do with it.
For protocols where the server is expected to send first, such
as SMTP, if no specific setup is in place, we could end up in
a situation where both sides are waiting for data and the
connection appears to have hanged.
The only way that Traefik can deal with such a case, is to make
sure that on the concerned entry point, there is no TLS router
whatsoever (neither TCP nor HTTP), and there is at least one
non-TLS TCP router that leads to the server in question.
??? example "Listens to Every Entry Point"
**Dynamic Configuration**
@@ -800,20 +816,147 @@ If you want to limit the router scope to a set of entry points, set the entry po
### Rule
| Rule | Description |
|--------------------------------|-------------------------------------------------------------------------|
| ```HostSNI(`domain-1`, ...)``` | Check if the Server Name Indication corresponds to the given `domains`. |
Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria.
If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service.
??? tip "Backticks or Quotes?"
To set the value of a rule, use [backticks](https://en.wiktionary.org/wiki/backtick) ``` ` ``` or escaped double-quotes `\"`.
Single quotes `'` are not accepted since the values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).
!!! example "HostSNI is example.com"
```toml
rule = "HostSNI(`example.com`)"
```
!!! example "HostSNI is example.com OR HostSNI is example.org AND ClientIP is 0.0.0.0"
```toml
rule = "HostSNI(`example.com`) || (HostSNI(`example.org`) && ClientIP(`0.0.0.0`))"
```
The table below lists all the available matchers:
| Rule | Description |
|---------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------|
| ```HostSNI(`domain-1`, ...)``` | Check if the Server Name Indication corresponds to the given `domains`. |
| ```HostSNIRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Check if the Server Name Indication matches the given regular expressions. See "Regexp Syntax" below. |
| ```ClientIP(`10.0.0.0/16`, `::1`)``` | Check if the request client IP is one of the given IP/CIDR. It accepts IPv4, IPv6 and CIDR formats. |
!!! important "Non-ASCII Domain Names"
Non-ASCII characters are not supported in the `HostSNI` expression, and by doing so the associated TCP router will be invalid.
Non-ASCII characters are not supported in the `HostSNI` and `HostSNIRegexp` expressions, and so using them would invalidate the associated TCP router.
Domain names containing non-ASCII characters must be provided as punycode encoded values ([rfc 3492](https://tools.ietf.org/html/rfc3492)).
!!! important "Regexp Syntax"
`HostSNIRegexp` accepts an expression with zero or more groups enclosed by curly braces, which are called named regexps.
Named regexps, of the form `{name:regexp}`, are the only expressions considered for regexp matching.
The regexp name (`name` in the above example) is an arbitrary value, that exists only for historical reasons.
Any `regexp` supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used.
!!! important "HostSNI & TLS"
It is important to note that the Server Name Indication is an extension of the TLS protocol.
Hence, only TLS routers will be able to specify a domain name with that rule.
However, non-TLS routers will have to explicitly use that rule with `*` (every domain) to state that every non-TLS request will be handled by the router.
However, there is one special use case for HostSNI with non-TLS routers:
when one wants a non-TLS router that matches all (non-TLS) requests,
one should use the specific ```HostSNI(`*`)``` syntax.
!!! info "Combining Matchers Using Operators and Parenthesis"
The usual AND (`&&`) and OR (`||`) logical operators can be used, with the expected precedence rules,
as well as parentheses.
!!! info "Inverting a matcher"
One can invert a matcher by using the `!` operator.
!!! important "Rule, Middleware, and Services"
The rule is evaluated "before" any middleware has the opportunity to work, and "before" the request is forwarded to the service.
### Priority
To avoid path overlap, routes are sorted, by default, in descending order using rules length.
The priority is directly equal to the length of the rule, and so the longest length has the highest priority.
A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
??? info "How default priorities are computed"
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
routers:
Router-1:
rule: "ClientIP(`192.168.0.12`)"
# ...
Router-2:
rule: "ClientIP(`192.168.0.0/24`)"
# ...
```
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
rule = "ClientIP(`192.168.0.12`)"
# ...
[tcp.routers.Router-2]
rule = "ClientIP(`192.168.0.0/24`)"
# ...
```
The table below shows that `Router-2` has a higher computed priority than `Router-1`.
| Name | Rule | Priority |
|----------|-------------------------------------------------------------|----------|
| Router-1 | ```ClientIP(`192.168.0.12`)``` | 24 |
| Router-2 | ```ClientIP(`192.168.0.0/24`)``` | 26 |
Which means that requests from `192.168.0.12` would go to Router-2 even though Router-1 is intended to specifically handle them.
To achieve this intention, a priority (higher than 26) should be set on Router-1.
??? example "Setting priorities -- using the [File Provider](../../providers/file.md)"
```yaml tab="File (YAML)"
## Dynamic configuration
tcp:
routers:
Router-1:
rule: "ClientIP(`192.168.0.12`)"
entryPoints:
- "web"
service: service-1
priority: 2
Router-2:
rule: "ClientIP(`192.168.0.0/24`)"
entryPoints:
- "web"
priority: 1
service: service-2
```
```toml tab="File (TOML)"
## Dynamic configuration
[tcp.routers]
[tcp.routers.Router-1]
rule = "ClientIP(`192.168.0.12`)"
entryPoints = ["web"]
service = "service-1"
priority = 2
[tcp.routers.Router-2]
rule = "ClientIP(`192.168.0.0/24`)"
entryPoints = ["web"]
priority = 1
service = "service-2"
```
In this configuration, the priority is configured so that `Router-1` will handle requests from `192.168.0.12`.
### Middlewares

149
docs/content/routing/services/index.md
View File

@@ -322,14 +322,14 @@ To propagate status changes (e.g. all servers of this service are down) upwards,
Below are the available options for the health check mechanism:
- `path` is appended to the server URL to set the health check endpoint.
- `scheme`, if defined, will replace the server URL `scheme` for the health check endpoint
- `hostname`, if defined, will apply `Host` header `hostname` to the health check request.
- `port`, if defined, will replace the server URL `port` for the health check endpoint.
- `interval` defines the frequency of the health check calls.
- `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy).
- `headers` defines custom headers to be sent to the health check endpoint.
- `followRedirects` defines whether redirects should be followed during the health check calls (default: true).
- `path` (required), defines the server URL path for the health check endpoint .
- `scheme` (optional), replaces the server URL `scheme` for the health check endpoint.
- `hostname` (optional), sets the value of `hostname` in the `Host` header of the health check request.
- `port` (optional), replaces the server URL `port` for the health check endpoint.
- `interval` (default: 30s), defines the frequency of the health check calls.
- `timeout` (default: 5s), defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
- `headers` (optional), defines custom headers to be sent to the health check endpoint.
- `followRedirects` (default: true), defines whether redirects should be followed during the health check calls.
!!! info "Interval & Timeout Format"
@@ -1217,6 +1217,139 @@ http:
url = "http://private-ip-server-2/"
```
### Failover (service)
A failover service job is to forward all requests to a fallback service when the main service becomes unreachable.
!!! info "Relation to HealthCheck"
The failover service relies on the HealthCheck system to get notified when its main service becomes unreachable,
which means HealthCheck needs to be enabled and functional on the main service.
However, HealthCheck does not need to be enabled on the failover service itself for it to be functional.
It is only required in order to propagate upwards the information when the failover itself becomes down
(i.e. both its main and its fallback are down too).
!!! info "Supported Providers"
This strategy can currently only be defined with the [File](../../providers/file.md) provider.
```yaml tab="YAML"
## Dynamic configuration
http:
services:
app:
failover:
service: main
fallback: backup
main:
loadBalancer:
healthCheck:
path: /status
interval: 10s
timeout: 3s
servers:
- url: "http://private-ip-server-1/"
backup:
loadBalancer:
servers:
- url: "http://private-ip-server-2/"
```
```toml tab="TOML"
## Dynamic configuration
[http.services]
[http.services.app]
[http.services.app.failover]
service = "main"
fallback = "backup"
[http.services.main]
[http.services.main.loadBalancer]
[http.services.main.loadBalancer.healthCheck]
path = "/health"
interval = "10s"
timeout = "3s"
[[http.services.main.loadBalancer.servers]]
url = "http://private-ip-server-1/"
[http.services.backup]
[http.services.backup.loadBalancer]
[[http.services.backup.loadBalancer.servers]]
url = "http://private-ip-server-2/"
```
#### Health Check
HealthCheck enables automatic self-healthcheck for this service,
i.e. if the main and the fallback services become unreachable,
the information is propagated upwards to its parent.
!!! info "All or nothing"
If HealthCheck is enabled for a given service, but any of its descendants does
not have it enabled, the creation of the service will fail.
HealthCheck on a Failover service can currently only be defined with the [File](../../providers/file.md) provider.
```yaml tab="YAML"
## Dynamic configuration
http:
services:
app:
failover:
healthCheck: {}
service: main
fallback: backup
main:
loadBalancer:
healthCheck:
path: /status
interval: 10s
timeout: 3s
servers:
- url: "http://private-ip-server-1/"
backup:
loadBalancer:
healthCheck:
path: /status
interval: 10s
timeout: 3s
servers:
- url: "http://private-ip-server-2/"
```
```toml tab="TOML"
## Dynamic configuration
[http.services]
[http.services.app]
[http.services.app.failover.healthCheck]
[http.services.app.failover]
service = "main"
fallback = "backup"
[http.services.main]
[http.services.main.loadBalancer]
[http.services.main.loadBalancer.healthCheck]
path = "/health"
interval = "10s"
timeout = "3s"
[[http.services.main.loadBalancer.servers]]
url = "http://private-ip-server-1/"
[http.services.backup]
[http.services.backup.loadBalancer]
[http.services.backup.loadBalancer.healthCheck]
path = "/health"
interval = "10s"
timeout = "3s"
[[http.services.backup.loadBalancer.servers]]
url = "http://private-ip-server-2/"
```
## Configuring TCP Services
### General

347
docs/content/traefik-hub/index.md Normal file
View File

@@ -0,0 +1,347 @@
# Traefik Hub (Experimental)
## Overview
Once the Traefik Hub Experimental feature is enabled in Traefik,
Traefik and its local agent communicate together.
This agent can:
* get the Traefik metrics to display them in the Traefik Hub UI
* secure the Traefik routers
* provide ACME certificates to Traefik
* transfer requests from the SaaS Platform to Traefik (and then avoid the users to expose directly their infrastructure on the internet)
!!! warning "Traefik Hub Entrypoints"
When the Traefik Hub feature is enabled, Traefik exposes some services meant for the Traefik Hub Agent on dedicated entrypoints (on ports `9900` and `9901` by default).
Given their sensitive nature, those services should not be publicly exposed.
Also those dedicated entrypoints, regardless of how they are created (default, or user-defined), should not be used by anything other than the Hub Agent.
!!! important "Learn More About Traefik Hub"
This section is intended only as a brief overview for Traefik users who are not familiar with Traefik Hub.
To explore all that Traefik Hub has to offer, please consult the [Traefik Hub Documentation](https://doc.traefik.io/traefik-hub).
!!! Note "Prerequisites"
* Traefik Hub is compatible with Traefik Proxy 2.7 or later.
* The Traefik Hub Agent must be installed to connect to the Traefik Hub platform.
* Activate this feature in the experimental section of the static configuration.
!!! example "Minimal Static Configuration to Activate Traefik Hub for Docker"
```yaml tab="File (YAML)"
experimental:
hub: true
hub:
tls:
insecure: true
metrics:
prometheus:
addRoutersLabels: true
```
```toml tab="File (TOML)"
[experimental]
hub = true
[hub]
[hub.tls]
insecure = true
[metrics]
[metrics.prometheus]
addRoutersLabels = true
```
```bash tab="CLI"
--experimental.hub
--hub.tls.insecure
--metrics.prometheus.addrouterslabels
```
!!! example "Minimal Static Configuration to Activate Traefik Hub for Kubernetes"
```yaml tab="File (YAML)"
experimental:
hub: true
hub: {}
metrics:
prometheus:
addRoutersLabels: true
```
```toml tab="File (TOML)"
[experimental]
hub = true
[hub]
[metrics]
[metrics.prometheus]
addRoutersLabels = true
```
```bash tab="CLI"
--experimental.hub
--hub
--metrics.prometheus.addrouterslabels
```
## Configuration
### Entrypoints
#### `traefikhub-api`
This entrypoint is used to communicate between the Hub agent and Traefik.
It allows the Hub agent to create routing.
This dedicated Traefik Hub entryPoint should not be used by anything other than Traefik Hub.
The default port is `9900`.
To change the port, you have to define an entrypoint named `traefikhub-api`.
```yaml tab="File (YAML)"
entryPoints:
traefikhub-api: ":8000"
```
```toml tab="File (TOML)"
[entryPoints.traefikhub-api]
address = ":8000"
```
```bash tab="CLI"
--entrypoints.traefikhub-api.address=:8000
```
#### `traefikhub-tunl`
This entrypoint is used to communicate between Traefik Hub and Traefik.
It allows to create secured tunnels.
This dedicated Traefik Hub entryPoint should not be used by anything other than Traefik Hub.
The default port is `9901`.
To change the port, you have to define an entrypoint named `traefikhub-tunl`.
```yaml tab="File (YAML)"
entryPoints:
traefikhub-tunl: ":8000"
```
```toml tab="File (TOML)"
[entryPoints.traefikhub-tunl]
address = ":8000"
```
```bash tab="CLI"
--entrypoints.traefikhub-tunl.address=:8000
```
### `tls`
_Optional, Default=None_
This section is required when using the Hub agent for Docker.
This section allows configuring mutual TLS connection between Traefik Proxy and the Traefik Hub Agent.
The key and the certificate are the credentials for Traefik Proxy as a TLS client.
The certificate authority authenticates the Traefik Hub Agent certificate.
!!! note "Certificate Domain"
The certificate must be valid for the `proxy.traefik` domain.
!!! note "Certificates Definition"
Certificates can be defined either by their content or their path.
!!! note "Insecure Mode"
The `insecure` option is mutually exclusive with any other option.
```yaml tab="File (YAML)"
hub:
tls:
ca: /path/to/ca.pem
cert: /path/to/cert.pem
key: /path/to/key.pem
```
```toml tab="File (TOML)"
[hub.tls]
ca= "/path/to/ca.pem"
cert= "/path/to/cert.pem"
key= "/path/to/key.pem"
```
```bash tab="CLI"
--hub.tls.ca=/path/to/ca.pem
--hub.tls.cert=/path/to/cert.pem
--hub.tls.key=/path/to/key.pem
```
### `tls.ca`
The certificate authority authenticates the Traefik Hub Agent certificate.
```yaml tab="File (YAML)"
hub:
tls:
ca: |-
-----BEGIN CERTIFICATE-----
MIIBcjCCARegAwIBAgIQaewCzGdRz5iNnjAiEoO5AzAKBggqhkjOPQQDAjASMRAw
DgYDVQQKEwdBY21lIENvMCAXDTIyMDMyMTE2MTY0NFoYDzIxMjIwMjI1MTYxNjQ0
WjASMRAwDgYDVQQKEwdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
ZaKYPj2G8Hnmju6jbHt+vODwKqNDVQMH5nxhtAgSUZS61mLWwZvvUhIYLNPwHz8a
x8C7+cuihEC6Tzvn8DeGeKNNMEswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
CgYIKoZIzj0EAwIDSQAwRgIhAO8sucDGY+JOrNgQg1a9ZqqYvbxPFnYsSZr7F/vz
aUX2AiEAilZ+M5eX4RiMFc3nlm9qVs1LZhV3dZW/u80/mPQ/oaY=
-----END CERTIFICATE-----
```
```toml tab="File (TOML)"
[hub.tls]
ca = """-----BEGIN CERTIFICATE-----
MIIBcjCCARegAwIBAgIQaewCzGdRz5iNnjAiEoO5AzAKBggqhkjOPQQDAjASMRAw
DgYDVQQKEwdBY21lIENvMCAXDTIyMDMyMTE2MTY0NFoYDzIxMjIwMjI1MTYxNjQ0
WjASMRAwDgYDVQQKEwdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
ZaKYPj2G8Hnmju6jbHt+vODwKqNDVQMH5nxhtAgSUZS61mLWwZvvUhIYLNPwHz8a
x8C7+cuihEC6Tzvn8DeGeKNNMEswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
CgYIKoZIzj0EAwIDSQAwRgIhAO8sucDGY+JOrNgQg1a9ZqqYvbxPFnYsSZr7F/vz
aUX2AiEAilZ+M5eX4RiMFc3nlm9qVs1LZhV3dZW/u80/mPQ/oaY=
-----END CERTIFICATE-----"""
```
```bash tab="CLI"
--hub.tls.ca=-----BEGIN CERTIFICATE-----
MIIBcjCCARegAwIBAgIQaewCzGdRz5iNnjAiEoO5AzAKBggqhkjOPQQDAjASMRAw
DgYDVQQKEwdBY21lIENvMCAXDTIyMDMyMTE2MTY0NFoYDzIxMjIwMjI1MTYxNjQ0
WjASMRAwDgYDVQQKEwdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
ZaKYPj2G8Hnmju6jbHt+vODwKqNDVQMH5nxhtAgSUZS61mLWwZvvUhIYLNPwHz8a
x8C7+cuihEC6Tzvn8DeGeKNNMEswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
CgYIKoZIzj0EAwIDSQAwRgIhAO8sucDGY+JOrNgQg1a9ZqqYvbxPFnYsSZr7F/vz
aUX2AiEAilZ+M5eX4RiMFc3nlm9qVs1LZhV3dZW/u80/mPQ/oaY=
-----END CERTIFICATE-----
```
### `tls.cert`
The TLS certificate for Traefik Proxy as a TLS client.
!!! note "Certificate Domain"
The certificate must be valid for the `proxy.traefik` domain.
```yaml tab="File (YAML)"
hub:
tls:
cert: |-
-----BEGIN CERTIFICATE-----
MIIBcjCCARegAwIBAgIQaewCzGdRz5iNnjAiEoO5AzAKBggqhkjOPQQDAjASMRAw
DgYDVQQKEwdBY21lIENvMCAXDTIyMDMyMTE2MTY0NFoYDzIxMjIwMjI1MTYxNjQ0
WjASMRAwDgYDVQQKEwdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
ZaKYPj2G8Hnmju6jbHt+vODwKqNDVQMH5nxhtAgSUZS61mLWwZvvUhIYLNPwHz8a
x8C7+cuihEC6Tzvn8DeGeKNNMEswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
CgYIKoZIzj0EAwIDSQAwRgIhAO8sucDGY+JOrNgQg1a9ZqqYvbxPFnYsSZr7F/vz
aUX2AiEAilZ+M5eX4RiMFc3nlm9qVs1LZhV3dZW/u80/mPQ/oaY=
-----END CERTIFICATE-----
```
```toml tab="File (TOML)"
[hub.tls]
cert = """-----BEGIN CERTIFICATE-----
MIIBcjCCARegAwIBAgIQaewCzGdRz5iNnjAiEoO5AzAKBggqhkjOPQQDAjASMRAw
DgYDVQQKEwdBY21lIENvMCAXDTIyMDMyMTE2MTY0NFoYDzIxMjIwMjI1MTYxNjQ0
WjASMRAwDgYDVQQKEwdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
ZaKYPj2G8Hnmju6jbHt+vODwKqNDVQMH5nxhtAgSUZS61mLWwZvvUhIYLNPwHz8a
x8C7+cuihEC6Tzvn8DeGeKNNMEswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
CgYIKoZIzj0EAwIDSQAwRgIhAO8sucDGY+JOrNgQg1a9ZqqYvbxPFnYsSZr7F/vz
aUX2AiEAilZ+M5eX4RiMFc3nlm9qVs1LZhV3dZW/u80/mPQ/oaY=
-----END CERTIFICATE-----"""
```
```bash tab="CLI"
--hub.tls.cert=-----BEGIN CERTIFICATE-----
MIIBcjCCARegAwIBAgIQaewCzGdRz5iNnjAiEoO5AzAKBggqhkjOPQQDAjASMRAw
DgYDVQQKEwdBY21lIENvMCAXDTIyMDMyMTE2MTY0NFoYDzIxMjIwMjI1MTYxNjQ0
WjASMRAwDgYDVQQKEwdBY21lIENvMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
ZaKYPj2G8Hnmju6jbHt+vODwKqNDVQMH5nxhtAgSUZS61mLWwZvvUhIYLNPwHz8a
x8C7+cuihEC6Tzvn8DeGeKNNMEswDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG
CCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20w
CgYIKoZIzj0EAwIDSQAwRgIhAO8sucDGY+JOrNgQg1a9ZqqYvbxPFnYsSZr7F/vz
aUX2AiEAilZ+M5eX4RiMFc3nlm9qVs1LZhV3dZW/u80/mPQ/oaY=
-----END CERTIFICATE-----
```
### `tls.key`
The TLS key for Traefik Proxy as a TLS client.
```yaml tab="File (YAML)"
hub:
tls:
key: |-
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgm+XJ3LVrTbbirJea
O+Crj2ADVsVHjMuiyd72VE3lgxihRANCAARlopg+PYbweeaO7qNse3684PAqo0NV
AwfmfGG0CBJRlLrWYtbBm+9SEhgs0/AfPxrHwLv5y6KEQLpPO+fwN4Z4
-----END PRIVATE KEY-----
```
```toml tab="File (TOML)"
[hub.tls]
key = """-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgm+XJ3LVrTbbirJea
O+Crj2ADVsVHjMuiyd72VE3lgxihRANCAARlopg+PYbweeaO7qNse3684PAqo0NV
AwfmfGG0CBJRlLrWYtbBm+9SEhgs0/AfPxrHwLv5y6KEQLpPO+fwN4Z4
-----END PRIVATE KEY-----"""
```
```bash tab="CLI"
--hub.tls.key=-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgm+XJ3LVrTbbirJea
O+Crj2ADVsVHjMuiyd72VE3lgxihRANCAARlopg+PYbweeaO7qNse3684PAqo0NV
AwfmfGG0CBJRlLrWYtbBm+9SEhgs0/AfPxrHwLv5y6KEQLpPO+fwN4Z4
-----END PRIVATE KEY-----
```
### `tls.insecure`
_Optional, Default=false_
Enables an insecure TLS connection that uses default credentials,
and which has no peer authentication between Traefik Proxy and the Traefik Hub Agent.
The `insecure` option is mutually exclusive with any other option.
!!! warning "Security Consideration"
Do not use this setup in production.
This option implies sensitive data can be exposed to potential malicious third-party programs.
```yaml tab="File (YAML)"
hub:
tls:
insecure: true
```
```toml tab="File (TOML)"
[hub.tls]
insecure = true
```
```bash tab="CLI"
--hub.tls.insecure=true
```

2
docs/content/user-guides/crd-acme/03-deployments.yml
View File

@@ -26,7 +26,7 @@ spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.6
image: traefik:v2.7
args:
- --api.insecure
- --accesslog

17
docs/content/user-guides/crd-acme/05-tlsoption.yml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true

36
docs/content/user-guides/crd-acme/index.md
View File

@@ -44,20 +44,25 @@ Let's now have a look (in the order they should be applied, if using `kubectl ap
### IngressRoute Definition
First, the definition of the `IngressRoute` and the `Middleware` kinds.
Also note the RBAC authorization resources; they'll be referenced through the `serviceAccountName` of the deployment, later on.
First, you will need to install Traefik CRDs containing the definition of the `IngressRoute` and the `Middleware` kinds,
and the RBAC authorization resources which will be referenced through the `serviceAccountName` of the deployment.
```yaml
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
---
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
### Services
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/02-services.yml
```
```yaml
--8<-- "content/user-guides/crd-acme/02-services.yml"
```
@@ -67,6 +72,10 @@ Then, the services. One for Traefik itself, and one for the app it routes for, i
Next, the deployments, i.e. the actual pods behind the services.
Again, one pod for Traefik, and one for the whoami app.
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/03-deployments.yml
```
```yaml
--8<-- "content/user-guides/crd-acme/03-deployments.yml"
```
@@ -91,7 +100,7 @@ Look it up.
We can now finally apply the actual ingressRoutes, with:
```bash
kubectl apply -f 04-ingressroutes.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/04-ingressroutes.yml
```
```yaml
@@ -110,3 +119,16 @@ curl http://your.example.com:8000/notls
```
Note that you'll have to use `-k` as long as you're using the staging server of Let's Encrypt, since it is not an authorized certificate authority on systems where it hasn't been manually added.
### Force TLS v1.2+
Nowadays, TLS v1.0 and v1.1 are deprecated.
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.7/docs/content/user-guides/crd-acme/05-tlsoption.yml
```
```yaml
--8<-- "content/user-guides/crd-acme/05-tlsoption.yml"
```

2
docs/content/user-guides/crd-acme/k3s.yml
View File

@@ -26,5 +26,5 @@ node:
- K3S_CLUSTER_SECRET=somethingtotallyrandom
volumes:
# this is where you would place a alternative traefik image (saved as a .tar file with
# 'docker save'), if you want to use it, instead of the traefik:v2.6 image.
# 'docker save'), if you want to use it, instead of the traefik:v2.7 image.
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v2.6"
image: "traefik:v2.7"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
View File

@@ -13,7 +13,7 @@ secrets:
services:
traefik:
image: "traefik:v2.6"
image: "traefik:v2.7"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v2.6"
image: "traefik:v2.7"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v2.6"
image: "traefik:v2.7"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services:
traefik:
image: "traefik:v2.6"
image: "traefik:v2.7"
container_name: "traefik"
command:
#- "--log.level=DEBUG"

3
docs/mkdocs.yml
View File

@@ -135,6 +135,7 @@ nav:
- 'Overview': 'middlewares/tcp/overview.md'
- 'InFlightConn': 'middlewares/tcp/inflightconn.md'
- 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md'
- 'Traefik Hub': 'traefik-hub/index.md'
- 'Plugins & Traefik Pilot': 'plugins/index.md'
- 'Operations':
- 'CLI': 'operations/cli.md'
@@ -148,6 +149,7 @@ nav:
- 'Overview': 'observability/metrics/overview.md'
- 'Datadog': 'observability/metrics/datadog.md'
- 'InfluxDB': 'observability/metrics/influxdb.md'
- 'InfluxDB2': 'observability/metrics/influxdb2.md'
- 'Prometheus': 'observability/metrics/prometheus.md'
- 'StatsD': 'observability/metrics/statsd.md'
- 'Tracing':
@@ -199,3 +201,4 @@ nav:
- 'Rancher': 'reference/dynamic-configuration/rancher.md'
- 'Deprecation Notices':
- 'Releases': 'deprecation/releases.md'
- 'Features': 'deprecation/features.md'

2
docs/requirements.txt
View File

@@ -32,7 +32,7 @@ Pygments==2.11.2
pymdown-extensions==7.0
pyparsing==2.4.7
python-dateutil==2.8.2
PyYAML==6.0
PyYAML==6.0.1
pyyaml-env-tag==0.1
requests==2.25.1
retrying==1.3.3

2
docs/scripts/verify.sh
View File

@@ -22,7 +22,7 @@ find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \
--alt_ignore="/traefikproxy-vertical-logo-color.svg/" \
--http_status_ignore="0,500,501,503" \
--file_ignore="/404.html/" \
--url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/,/njal.la/" \
--url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/,/njal.la/,/www.wedos.com/" \
'{}' 1>/dev/null
## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration

4
exp.Dockerfile
View File

@@ -8,8 +8,8 @@ COPY ./webui/ $WEBUI_DIR/
WORKDIR $WEBUI_DIR
RUN npm install
RUN npm run build
RUN yarn install
RUN yarn build
# BUILD
FROM golang:1.17-alpine as gobuild

289
go.mod
View File

@@ -1,18 +1,15 @@
module github.com/traefik/traefik/v2
go 1.16
go 1.17
// github.com/docker/docker v17.12.0-ce-rc1.0.20200204220554-5f6d6f3f2203+incompatible => v19.03.6
require (
github.com/BurntSushi/toml v1.0.0
github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61
github.com/Masterminds/sprig/v3 v3.2.2
github.com/Shopify/sarama v1.23.1 // indirect
github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000
github.com/aws/aws-sdk-go v1.39.0
github.com/cenkalti/backoff/v4 v4.1.1
github.com/compose-spec/compose-go v1.0.3
github.com/containerd/containerd v1.5.9 // indirect
github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
github.com/davecgh/go-spew v1.1.1
@@ -20,29 +17,28 @@ require (
github.com/docker/compose/v2 v2.0.1
github.com/docker/docker v20.10.7+incompatible
github.com/docker/go-connections v0.4.0
github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e // indirect
github.com/eapache/channels v1.1.0
github.com/fatih/structs v1.1.0
github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2
github.com/go-acme/lego/v4 v4.6.0
github.com/go-acme/lego/v4 v4.7.0
github.com/go-check/check v0.0.0-00010101000000-000000000000
github.com/go-kit/kit v0.10.1-0.20200915143503-439c4d2ed3ea
github.com/golang/protobuf v1.5.2
github.com/google/go-github/v28 v28.1.1
github.com/gorilla/mux v1.8.0
github.com/gorilla/websocket v1.4.2
github.com/gorilla/websocket v1.5.0
github.com/hashicorp/consul v1.10.4
github.com/hashicorp/consul/api v1.12.0
github.com/hashicorp/go-hclog v0.16.1
github.com/hashicorp/go-hclog v0.16.2
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/go-version v1.3.0
github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
github.com/instana/go-sensor v1.38.3
github.com/klauspost/compress v1.13.0
github.com/klauspost/compress v1.14.2
github.com/kvtools/valkeyrie v0.4.0
github.com/lucas-clemente/quic-go v0.23.0
github.com/lucas-clemente/quic-go v0.25.0
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
github.com/miekg/dns v1.1.45
github.com/miekg/dns v1.1.47
github.com/mitchellh/copystructure v1.0.0
github.com/mitchellh/hashstructure v1.0.0
github.com/mitchellh/mapstructure v1.4.2
@@ -50,34 +46,31 @@ require (
github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5
github.com/openzipkin/zipkin-go v0.2.2
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/philhofer/fwd v1.0.0 // indirect
github.com/pires/go-proxyproto v0.6.1
github.com/pmezard/go-difflib v1.0.0
github.com/prometheus/client_golang v1.11.0
github.com/prometheus/client_model v0.2.0
github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac
github.com/sirupsen/logrus v1.8.1
github.com/stretchr/testify v1.7.0
github.com/stretchr/testify v1.7.1
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
github.com/tinylib/msgp v1.0.2 // indirect
github.com/traefik/paerser v0.1.5
github.com/traefik/yaegi v0.11.3
github.com/uber/jaeger-client-go v2.29.1+incompatible
github.com/traefik/yaegi v0.13.0
github.com/uber/jaeger-client-go v2.30.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible
github.com/unrolled/render v1.0.2
github.com/unrolled/secure v1.0.9
github.com/vdemeester/shakers v0.1.0
github.com/vulcand/oxy v1.3.0
github.com/vulcand/predicate v1.1.0
github.com/vulcand/oxy v1.4.1
github.com/vulcand/predicate v1.2.0
go.elastic.co/apm v1.13.1
go.elastic.co/apm/module/apmot v1.13.1
golang.org/x/mod v0.4.2
golang.org/x/net v0.0.0-20211209124913-491a49abca63
golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 // indirect
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2
google.golang.org/grpc v1.38.0
gopkg.in/DataDog/dd-trace-go.v1 v1.19.0
gopkg.in/DataDog/dd-trace-go.v1 v1.38.1
gopkg.in/fsnotify.v1 v1.4.7
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
k8s.io/api v0.22.1
@@ -89,13 +82,259 @@ require (
sigs.k8s.io/gateway-api v0.4.0
)
require (
cloud.google.com/go v0.81.0 // indirect
github.com/AlecAivazis/survey/v2 v2.2.3 // indirect
github.com/Azure/azure-sdk-for-go v40.3.0+incompatible // indirect
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.19 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.8 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 // indirect
github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
github.com/DataDog/datadog-go/v5 v5.0.2 // indirect
github.com/DataDog/sketches-go v1.0.0 // indirect
github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.1.1 // indirect
github.com/Microsoft/go-winio v0.5.1 // indirect
github.com/Microsoft/hcsshim v0.8.23 // indirect
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 // indirect
github.com/Shopify/sarama v1.23.1 // indirect
github.com/VividCortex/gohistogram v1.0.0 // indirect
github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 // indirect
github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.1 // indirect
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1183 // indirect
github.com/armon/go-metrics v0.3.10 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/buger/goterm v1.0.0 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cheekybits/genny v1.0.0 // indirect
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
github.com/circonus-labs/circonusllhist v0.1.3 // indirect
github.com/cloudflare/cloudflare-go v0.20.0 // indirect
github.com/compose-spec/godotenv v1.0.0 // indirect
github.com/containerd/cgroups v1.0.1 // indirect
github.com/containerd/console v1.0.2 // indirect
github.com/containerd/containerd v1.5.9 // indirect
github.com/containerd/continuity v0.1.0 // indirect
github.com/containerd/typeurl v1.0.2 // indirect
github.com/coreos/go-semver v0.3.0 // indirect
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/cpu/goacmedns v0.1.1 // indirect
github.com/deepmap/oapi-codegen v1.8.2 // indirect
github.com/dgraph-io/ristretto v0.1.0 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e // indirect
github.com/dnsimple/dnsimple-go v0.70.1 // indirect
github.com/docker/buildx v0.5.2-0.20210422185057-908a856079fc // indirect
github.com/docker/distribution v2.7.1+incompatible // indirect
github.com/docker/docker-credential-helpers v0.6.4-0.20210125172408-38bea2ce277a // indirect
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e // indirect
github.com/dustin/go-humanize v1.0.0 // indirect
github.com/elastic/go-licenser v0.3.1 // indirect
github.com/elastic/go-sysinfo v1.1.1 // indirect
github.com/elastic/go-windows v1.0.0 // indirect
github.com/evanphx/json-patch v4.11.0+incompatible // indirect
github.com/exoscale/egoscale v0.67.0 // indirect
github.com/fatih/color v1.12.0 // indirect
github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
github.com/fsnotify/fsnotify v1.5.1 // indirect
github.com/fvbommel/sortorder v1.0.1 // indirect
github.com/go-errors/errors v1.0.1 // indirect
github.com/go-logfmt/logfmt v0.5.0 // indirect
github.com/go-logr/logr v0.4.0 // indirect
github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48 // indirect
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
github.com/go-zookeeper/zk v1.0.2 // indirect
github.com/gofrs/flock v0.8.0 // indirect
github.com/gofrs/uuid v4.0.0+incompatible // indirect
github.com/gogo/googleapis v1.4.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/google/btree v1.0.1 // indirect
github.com/google/go-cmp v0.5.7 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/gax-go/v2 v2.0.5 // indirect
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/gophercloud/gophercloud v0.16.0 // indirect
github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect
github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
github.com/hashicorp/consul/sdk v0.8.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-msgpack v0.5.5 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/go-uuid v1.0.2 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/memberlist v0.3.0 // indirect
github.com/hashicorp/raft v1.3.2 // indirect
github.com/hashicorp/raft-autopilot v0.1.5 // indirect
github.com/hashicorp/serf v0.9.6 // indirect
github.com/hashicorp/yamux v0.0.0-20210826001029-26ff87cf9493 // indirect
github.com/huandu/xstrings v1.3.1 // indirect
github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/influxdata/line-protocol v0.0.0-20200327222509-2487e7298839 // indirect
github.com/infobloxopen/infoblox-go-client v1.1.1 // indirect
github.com/jaguilar/vt100 v0.0.0-20150826170717-2703a27b14ea // indirect
github.com/jarcoal/httpmock v1.0.8 // indirect
github.com/jcchavezs/porto v0.1.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b // indirect
github.com/labbsr0x/bindman-dns-webhook v1.0.2 // indirect
github.com/labbsr0x/goh v1.0.1 // indirect
github.com/linode/linodego v0.31.1 // indirect
github.com/liquidweb/go-lwApi v0.0.5 // indirect
github.com/liquidweb/liquidweb-cli v0.6.9 // indirect
github.com/liquidweb/liquidweb-go v1.6.3 // indirect
github.com/looplab/fsm v0.1.0 // indirect
github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect
github.com/mailgun/multibuf v0.1.2 // indirect
github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/marten-seemann/qpack v0.2.1 // indirect
github.com/marten-seemann/qtls-go1-16 v0.1.4 // indirect
github.com/marten-seemann/qtls-go1-17 v0.1.0 // indirect
github.com/marten-seemann/qtls-go1-18 v0.1.0-beta.1 // indirect
github.com/mattn/go-colorable v0.1.11 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-shellwords v1.0.12 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
github.com/miekg/pkcs11 v1.0.3 // indirect
github.com/mimuret/golang-iij-dpf v0.7.1 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-testing-interface v1.14.0 // indirect
github.com/mitchellh/reflectwalk v1.0.1 // indirect
github.com/moby/buildkit v0.8.2-0.20210401015549-df49b648c8bf // indirect
github.com/moby/locker v1.0.1 // indirect
github.com/moby/sys/mount v0.2.0 // indirect
github.com/moby/sys/mountinfo v0.4.1 // indirect
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/morikuni/aec v1.0.0 // indirect
github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 // indirect
github.com/nrdcg/auroradns v1.0.1 // indirect
github.com/nrdcg/desec v0.6.0 // indirect
github.com/nrdcg/dnspod-go v0.4.0 // indirect
github.com/nrdcg/freemyip v0.2.0 // indirect
github.com/nrdcg/goinwx v0.8.1 // indirect
github.com/nrdcg/namesilo v0.2.1 // indirect
github.com/nrdcg/porkbun v0.1.1 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/onsi/ginkgo v1.16.4 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.0.2 // indirect
github.com/opencontainers/runc v1.0.2 // indirect
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect
github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect
github.com/ovh/go-ovh v1.1.0 // indirect
github.com/philhofer/fwd v1.1.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pquerna/otp v1.3.0 // indirect
github.com/prometheus/common v0.26.0 // indirect
github.com/prometheus/procfs v0.6.0 // indirect
github.com/sacloud/libsacloud v1.36.2 // indirect
github.com/sanathkr/go-yaml v0.0.0-20170819195128-ed9d249f429b // indirect
github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
github.com/scaleway/scaleway-sdk-go v1.0.0-beta.7.0.20210127161313-bd30bebeac4f // indirect
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 // indirect
github.com/segmentio/fasthash v1.0.3 // indirect
github.com/shopspring/decimal v1.2.0 // indirect
github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9 // indirect
github.com/softlayer/softlayer-go v1.0.3 // indirect
github.com/softlayer/xmlrpc v0.0.0-20200409220501-5f089df7cb7e // indirect
github.com/spf13/cast v1.3.1 // indirect
github.com/spf13/cobra v1.2.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stretchr/objx v0.3.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.287 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.287 // indirect
github.com/theupdateframework/notary v0.6.1 // indirect
github.com/tinylib/msgp v1.1.2 // indirect
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85 // indirect
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
github.com/transip/gotransip/v6 v6.6.1 // indirect
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 // indirect
github.com/vinyldns/go-vinyldns v0.9.16 // indirect
github.com/vultr/govultr/v2 v2.16.0 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
go.elastic.co/apm/module/apmhttp v1.13.1 // indirect
go.elastic.co/fastjson v1.1.0 // indirect
go.etcd.io/etcd/api/v3 v3.5.0 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.0 // indirect
go.etcd.io/etcd/client/v3 v3.5.0 // indirect
go.opencensus.io v0.23.0 // indirect
go.uber.org/atomic v1.7.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
go.uber.org/ratelimit v0.0.0-20180316092928-c15da0234277 // indirect
go.uber.org/zap v1.18.1 // indirect
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f // indirect
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602 // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7 // indirect
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/api v0.44.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
google.golang.org/protobuf v1.27.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/ns1/ns1-go.v2 v2.6.2 // indirect
gopkg.in/redis.v5 v5.2.9 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
howett.net/plist v0.0.0-20181124034731-591f970eefbb // indirect
k8s.io/klog/v2 v2.10.0 // indirect
k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
sigs.k8s.io/yaml v1.2.0 // indirect
)
// Containous forks
replace (
github.com/abbot/go-http-auth => github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e
github.com/go-check/check => github.com/containous/check v0.0.0-20170915194414-ca0bf163426a
github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c
github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220627093034-b2dd784e613f
github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595
github.com/mailgun/multibuf => github.com/containous/multibuf v0.0.0-20220419123348-2d0b12e116c6
)
// https://github.com/docker/compose/blob/e44222664abd07ce1d1fe6796d84d93cbc7468c3/go.mod#L131

468
go.sum
View File

File diff suppressed because it is too large Load Diff

32
integration/acme_test.go
View File

@@ -446,26 +446,28 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase acmeTestCase) {
backend := startTestServer("9010", http.StatusOK, "")
defer backend.Close()
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
// wait for traefik (generating acme account take some seconds)
err = try.Do(60*time.Second, func() error {
_, errGet := client.Get("https://127.0.0.1:5001")
return errGet
})
c.Assert(err, checker.IsNil)
for _, sub := range testCase.subCases {
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
// wait for traefik (generating acme account take some seconds)
err = try.Do(60*time.Second, func() error {
_, errGet := client.Get("https://127.0.0.1:5001")
return errGet
})
c.Assert(err, checker.IsNil)
client = &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
ServerName: sub.host,
},
// Needed so that each subcase redoes the SSL handshake
DisableKeepAlives: true,
},
}
@@ -479,10 +481,6 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase acmeTestCase) {
// Retry to send a Request which uses the LE generated certificate
err = try.Do(60*time.Second, func() error {
resp, err = client.Do(req)
// /!\ If connection is not closed, SSLHandshake will only be done during the first trial /!\
req.Close = true
if err != nil {
return err
}

105
integration/conf_throttling_test.go Normal file
View File

@@ -0,0 +1,105 @@
package integration
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"regexp"
"strconv"
"time"
"github.com/go-check/check"
"github.com/traefik/traefik/v2/integration/try"
"github.com/traefik/traefik/v2/pkg/config/dynamic"
checker "github.com/vdemeester/shakers"
)
type ThrottlingSuite struct{ BaseSuite }
func (s *ThrottlingSuite) SetUpSuite(c *check.C) {
s.createComposeProject(c, "rest")
s.composeUp(c)
}
func (s *ThrottlingSuite) TestThrottleConfReload(c *check.C) {
cmd, display := s.traefikCmd(withConfigFile("fixtures/throttling/simple.toml"))
defer display(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
defer s.killCmd(cmd)
// wait for Traefik
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1000*time.Millisecond, try.BodyContains("rest@internal"))
c.Assert(err, checker.IsNil)
// Expected a 404 as we did not configure anything.
err = try.GetRequest("http://127.0.0.1:8000/", 1000*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
c.Assert(err, checker.IsNil)
config := &dynamic.Configuration{
HTTP: &dynamic.HTTPConfiguration{
Routers: map[string]*dynamic.Router{},
Services: map[string]*dynamic.Service{
"serviceHTTP": {
LoadBalancer: &dynamic.ServersLoadBalancer{
Servers: []dynamic.Server{
{
URL: "http://" + s.getComposeServiceIP(c, "whoami1") + ":80",
},
},
},
},
},
},
}
router := &dynamic.Router{
EntryPoints: []string{"web"},
Middlewares: []string{},
Service: "serviceHTTP",
Rule: "PathPrefix(`/`)",
}
confChanges := 10
for i := 0; i < confChanges; i++ {
config.HTTP.Routers[fmt.Sprintf("routerHTTP%d", i)] = router
data, err := json.Marshal(config)
c.Assert(err, checker.IsNil)
request, err := http.NewRequest(http.MethodPut, "http://127.0.0.1:8080/api/providers/rest", bytes.NewReader(data))
c.Assert(err, checker.IsNil)
response, err := http.DefaultClient.Do(request)
c.Assert(err, checker.IsNil)
c.Assert(response.StatusCode, checker.Equals, http.StatusOK)
time.Sleep(200 * time.Millisecond)
}
reloadsRegexp := regexp.MustCompile(`traefik_config_reloads_total (\d*)\n`)
resp, err := http.Get("http://127.0.0.1:8080/metrics")
c.Assert(err, checker.IsNil)
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
c.Assert(err, checker.IsNil)
fields := reloadsRegexp.FindStringSubmatch(string(body))
c.Assert(len(fields), checker.Equals, 2)
reloads, err := strconv.Atoi(fields[1])
if err != nil {
panic(err)
}
// The test tries to trigger a config reload with the REST API every 200ms,
// 10 times (so for 2s in total).
// Therefore the throttling (set at 400ms for this test) should only let
// (2s / 400 ms =) 5 config reloads happen in theory.
// In addition, we have to take into account the extra config reload from the internal provider (5 + 1).
c.Assert(reloads, checker.LessOrEqualThan, 6)
}

74
integration/consul_catalog_test.go
View File

@@ -234,6 +234,80 @@ func (s *ConsulCatalogSuite) TestSimpleConfiguration(c *check.C) {
c.Assert(err, checker.IsNil)
}
func (s *ConsulCatalogSuite) TestSimpleConfigurationWithWatch(c *check.C) {
tempObjects := struct {
ConsulAddress string
DefaultRule string
}{
ConsulAddress: s.consulURL,
DefaultRule: "Host(`{{ normalize .Name }}.consul.localhost`)",
}
file := s.adaptFile(c, "fixtures/consul_catalog/simple_watch.toml", tempObjects)
defer os.Remove(file)
reg := &api.AgentServiceRegistration{
ID: "whoami1",
Name: "whoami",
Tags: []string{"traefik.enable=true"},
Port: 80,
Address: s.getComposeServiceIP(c, "whoami1"),
}
err := s.registerService(reg, false)
c.Assert(err, checker.IsNil)
cmd, display := s.traefikCmd(withConfigFile(file))
defer display(c)
err = cmd.Start()
c.Assert(err, checker.IsNil)
defer s.killCmd(cmd)
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
c.Assert(err, checker.IsNil)
req.Host = "whoami.consul.localhost"
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContainsOr("Hostname: whoami1"))
c.Assert(err, checker.IsNil)
err = s.deregisterService("whoami1", false)
c.Assert(err, checker.IsNil)
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusNotFound))
c.Assert(err, checker.IsNil)
whoamiIP := s.getComposeServiceIP(c, "whoami1")
reg.Check = &api.AgentServiceCheck{
CheckID: "some-ok-check",
TCP: whoamiIP + ":80",
Name: "some-ok-check",
Interval: "1s",
Timeout: "1s",
}
err = s.registerService(reg, false)
c.Assert(err, checker.IsNil)
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusOK), try.BodyContainsOr("Hostname: whoami1"))
c.Assert(err, checker.IsNil)
reg.Check = &api.AgentServiceCheck{
CheckID: "some-failing-check",
TCP: ":80",
Name: "some-failing-check",
Interval: "1s",
Timeout: "1s",
}
err = s.registerService(reg, false)
c.Assert(err, checker.IsNil)
err = try.Request(req, 2*time.Second, try.StatusCodeIs(http.StatusNotFound))
c.Assert(err, checker.IsNil)
err = s.deregisterService("whoami1", false)
c.Assert(err, checker.IsNil)
}
func (s *ConsulCatalogSuite) TestRegisterServiceWithoutIP(c *check.C) {
tempObjects := struct {
ConsulAddress string

22
integration/fixtures/consul_catalog/simple_watch.toml Normal file
View File

@@ -0,0 +1,22 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.web]
address = ":8000"
[api]
insecure = true
[providers]
[providers.consulCatalog]
exposedByDefault = true
refreshInterval = "500ms"
defaultRule = "{{ .DefaultRule }}"
watch = true
[providers.consulCatalog.endpoint]
address = "{{ .ConsulAddress }}"

1023
integration/fixtures/k8s/01-traefik-crd.yml
View File

File diff suppressed because it is too large Load Diff

44
integration/fixtures/simple_muxer.toml Normal file
View File

@@ -0,0 +1,44 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.webHost]
address = ":8000"
[entryPoints.webHostRegexp]
address = ":8001"
[entryPoints.webQuery]
address = ":8002"
[api]
insecure = true
[providers.file]
filename = "{{ .SelfFilename }}"
## dynamic configuration ##
[http.routers]
[http.routers.router1]
entryPoints = ["webHost"]
service = "service1"
rule = "!Host(`test.localhost`)"
[http.routers.router2]
entryPoints = ["webHostRegexp"]
service = "service1"
rule = "!HostRegexp(`test.localhost`)"
[http.routers.router3]
entryPoints = ["webQuery"]
service = "service1"
rule = "!Query(`foo=`)"
[http.services]
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "{{ .Server1 }}"

22
integration/fixtures/throttling/simple.toml Normal file
View File

@@ -0,0 +1,22 @@
[global]
checkNewVersion = false
sendAnonymousUsage = false
[log]
level = "DEBUG"
[entryPoints]
[entryPoints.web]
address = ":8000"
[api]
insecure = true
[providers]
providersThrottleDuration = "400ms"
[providers.rest]
insecure = true
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]

2
integration/https_test.go
View File

@@ -1072,7 +1072,7 @@ func (s *HTTPSSuite) TestEntryPointHttpsRedirectAndPathModification(c *check.C)
resp.Body.Close()
location := resp.Header.Get("Location")
expected := fmt.Sprintf("https://%s:8443%s", host, test.path)
expected := "https://" + net.JoinHostPort(host, "8443") + test.path
c.Assert(location, checker.Equals, expected)
}

1
integration/integration_test.go
View File

@@ -68,6 +68,7 @@ func Test(t *testing.T) {
check.Suite(&SimpleSuite{})
check.Suite(&TCPSuite{})
check.Suite(&TimeoutSuite{})
check.Suite(&ThrottlingSuite{})
check.Suite(&TLSClientHeadersSuite{})
check.Suite(&TracingSuite{})
check.Suite(&UDPSuite{})

124
integration/simple_test.go
View File

@@ -1,6 +1,7 @@
package integration
import (
"bufio"
"bytes"
"crypto/rand"
"encoding/json"
@@ -663,7 +664,7 @@ func (s *SimpleSuite) TestTCPRouterConfigErrors(c *check.C) {
c.Assert(err, checker.IsNil)
// router4 has an unsupported Rule
err = try.GetRequest("http://127.0.0.1:8080/api/tcp/routers/router4@file", 1000*time.Millisecond, try.BodyContains("unknown rule Host(`mydomain.com`)"))
err = try.GetRequest("http://127.0.0.1:8080/api/tcp/routers/router4@file", 1000*time.Millisecond, try.BodyContains("invalid rule: \\\"Host(`mydomain.com`)\\\""))
c.Assert(err, checker.IsNil)
}
@@ -1178,3 +1179,124 @@ func (s *SimpleSuite) TestContentTypeDisableAutoDetect(c *check.C) {
})
c.Assert(err, checker.IsNil)
}
func (s *SimpleSuite) TestMuxer(c *check.C) {
s.createComposeProject(c, "base")
s.composeUp(c)
defer s.composeDown(c)
whoami1URL := "http://" + net.JoinHostPort(s.getComposeServiceIP(c, "whoami1"), "80")
file := s.adaptFile(c, "fixtures/simple_muxer.toml", struct {
Server1 string
}{whoami1URL})
defer os.Remove(file)
cmd, output := s.traefikCmd(withConfigFile(file))
defer output(c)
err := cmd.Start()
c.Assert(err, checker.IsNil)
defer s.killCmd(cmd)
err = try.GetRequest("http://127.0.0.1:8080/api/rawdata", 1*time.Second, try.BodyContains("!Host"))
c.Assert(err, checker.IsNil)
testCases := []struct {
desc string
request string
target string
body string
expected int
}{
{
desc: "!Host with absolute-form URL with empty host and host header, no match",
request: "GET http://@/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
target: "127.0.0.1:8000",
expected: http.StatusNotFound,
},
{
desc: "!Host with absolute-form URL with empty host and host header, match",
request: "GET http://@/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
target: "127.0.0.1:8000",
expected: http.StatusOK,
},
{
desc: "!Host with absolute-form URL and host header, no match",
request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
target: "127.0.0.1:8000",
expected: http.StatusNotFound,
},
{
desc: "!Host with absolute-form URL and host header, match",
request: "GET http://toto.localhost/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
target: "127.0.0.1:8000",
expected: http.StatusOK,
},
{
desc: "!HostRegexp with absolute-form URL with empty host and host header, no match",
request: "GET http://@/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
target: "127.0.0.1:8001",
expected: http.StatusNotFound,
},
{
desc: "!HostRegexp with absolute-form URL with empty host and host header, match",
request: "GET http://@/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
target: "127.0.0.1:8001",
expected: http.StatusOK,
},
{
desc: "!HostRegexp with absolute-form URL and host header, no match",
request: "GET http://test.localhost/ HTTP/1.1\r\nHost: toto.localhost\r\n\r\n",
target: "127.0.0.1:8001",
expected: http.StatusNotFound,
},
{
desc: "!HostRegexp with absolute-form URL and host header, match",
request: "GET http://toto.localhost/ HTTP/1.1\r\nHost: test.localhost\r\n\r\n",
target: "127.0.0.1:8001",
expected: http.StatusOK,
},
{
desc: "!Query with semicolon, no match",
request: "GET /?foo=; HTTP/1.1\r\nHost: other.localhost\r\n\r\n",
target: "127.0.0.1:8002",
expected: http.StatusNotFound,
},
{
desc: "!Query with semicolon, no match",
request: "GET /?foo=titi;bar=toto HTTP/1.1\r\nHost: other.localhost\r\n\r\n",
target: "127.0.0.1:8002",
expected: http.StatusNotFound,
},
{
desc: "!Query with semicolon, match",
request: "GET /?bar=toto;boo=titi HTTP/1.1\r\nHost: other.localhost\r\n\r\n",
target: "127.0.0.1:8002",
expected: http.StatusOK,
body: "bar=toto&boo=titi",
},
}
for _, test := range testCases {
conn, err := net.Dial("tcp", test.target)
c.Assert(err, checker.IsNil)
_, err = conn.Write([]byte(test.request))
c.Assert(err, checker.IsNil)
resp, err := http.ReadResponse(bufio.NewReader(conn), nil)
c.Assert(err, checker.IsNil)
if resp.StatusCode != test.expected {
c.Errorf("%s failed with %d instead of %d", test.desc, resp.StatusCode, test.expected)
}
if test.body != "" {
body, err := io.ReadAll(resp.Body)
c.Assert(err, checker.IsNil)
c.Assert(string(body), checker.Contains, test.body)
}
}
}

4
integration/timeout_test.go
View File

@@ -2,6 +2,7 @@ package integration
import (
"fmt"
"net"
"net/http"
"os"
"time"
@@ -38,7 +39,8 @@ func (s *TimeoutSuite) TestForwardingTimeouts(c *check.C) {
c.Assert(response.StatusCode, checker.Equals, http.StatusGatewayTimeout)
// Check that timeout service is available
statusURL := fmt.Sprintf("http://%s:9000/statusTest?status=200", timeoutEndpointIP)
statusURL := fmt.Sprintf("http://%s/statusTest?status=200",
net.JoinHostPort(timeoutEndpointIP, "9000"))
c.Assert(try.GetRequest(statusURL, 60*time.Second, try.StatusCodeIs(http.StatusOK)), checker.IsNil)
// This simulates a ResponseHeaderTimeout.

2
pkg/api/handler_overview.go
View File

@@ -26,6 +26,7 @@ type features struct {
Tracing string `json:"tracing"`
Metrics string `json:"metrics"`
AccessLog bool `json:"accessLog"`
Hub bool `json:"hub"`
// TODO add certificates resolvers
}
@@ -247,6 +248,7 @@ func getFeatures(conf static.Configuration) features {
Tracing: getTracing(conf),
Metrics: getMetrics(conf),
AccessLog: conf.AccessLog != nil,
Hub: conf.Hub != nil,
}
}

2
pkg/api/handler_overview_test.go
View File

@@ -15,6 +15,7 @@ import (
"github.com/traefik/traefik/v2/pkg/config/static"
"github.com/traefik/traefik/v2/pkg/provider/docker"
"github.com/traefik/traefik/v2/pkg/provider/file"
"github.com/traefik/traefik/v2/pkg/provider/hub"
"github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd"
"github.com/traefik/traefik/v2/pkg/provider/kubernetes/ingress"
"github.com/traefik/traefik/v2/pkg/provider/marathon"
@@ -265,6 +266,7 @@ func TestHandler_Overview(t *testing.T) {
Tracing: &static.Tracing{
Jaeger: &jaeger.Config{},
},
Hub: &hub.Provider{},
},
confDyn: runtime.Configuration{},
expected: expected{

5
pkg/api/testdata/overview-dynamic.json vendored
View File

@@ -2,7 +2,8 @@
"features": {
"accessLog": false,
"metrics": "",
"tracing": ""
"tracing": "",
"hub": false
},
"http": {
"middlewares": {
@@ -50,4 +51,4 @@
"warnings": 0
}
}
}
}

5
pkg/api/testdata/overview-empty.json vendored
View File

@@ -2,7 +2,8 @@
"features": {
"accessLog": false,
"metrics": "",
"tracing": ""
"tracing": "",
"hub": false
},
"http": {
"middlewares": {
@@ -50,4 +51,4 @@
"warnings": 0
}
}
}
}

5
pkg/api/testdata/overview-features.json vendored
View File

@@ -2,7 +2,8 @@
"features": {
"accessLog": false,
"metrics": "Prometheus",
"tracing": "Jaeger"
"tracing": "Jaeger",
"hub": true
},
"http": {
"middlewares": {
@@ -50,4 +51,4 @@
"warnings": 0
}
}
}
}

5
pkg/api/testdata/overview-providers.json vendored
View File

@@ -2,7 +2,8 @@
"features": {
"accessLog": false,
"metrics": "",
"tracing": ""
"tracing": "",
"hub": false
},
"http": {
"middlewares": {
@@ -60,4 +61,4 @@
"warnings": 0
}
}
}
}

31
pkg/config/dynamic/http_config.go
View File

@@ -35,6 +35,7 @@ type Service struct {
LoadBalancer *ServersLoadBalancer `json:"loadBalancer,omitempty" toml:"loadBalancer,omitempty" yaml:"loadBalancer,omitempty" export:"true"`
Weighted *WeightedRoundRobin `json:"weighted,omitempty" toml:"weighted,omitempty" yaml:"weighted,omitempty" label:"-" export:"true"`
Mirroring *Mirroring `json:"mirroring,omitempty" toml:"mirroring,omitempty" yaml:"mirroring,omitempty" label:"-" export:"true"`
Failover *Failover `json:"failover,omitempty" toml:"failover,omitempty" yaml:"failover,omitempty" label:"-" export:"true"`
}
// +k8s:deepcopy-gen=true
@@ -76,6 +77,15 @@ func (m *Mirroring) SetDefaults() {
// +k8s:deepcopy-gen=true
// Failover holds the Failover configuration.
type Failover struct {
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
Fallback string `json:"fallback,omitempty" toml:"fallback,omitempty" yaml:"fallback,omitempty" export:"true"`
HealthCheck *HealthCheck `json:"healthCheck,omitempty" toml:"healthCheck,omitempty" yaml:"healthCheck,omitempty" label:"allowEmpty" file:"allowEmpty" export:"true"`
}
// +k8s:deepcopy-gen=true
// MirrorService holds the MirrorService configuration.
type MirrorService struct {
Name string `json:"name,omitempty" toml:"name,omitempty" yaml:"name,omitempty" export:"true"`
@@ -98,7 +108,7 @@ type WeightedRoundRobin struct {
// +k8s:deepcopy-gen=true
// WRRService is a reference to a service load-balanced with weighted round robin.
// WRRService is a reference to a service load-balanced with weighted round-robin.
type WRRService struct {
Name string `json:"name,omitempty" toml:"name,omitempty" yaml:"name,omitempty" export:"true"`
Weight *int `json:"weight,omitempty" toml:"weight,omitempty" yaml:"weight,omitempty" export:"true"`
@@ -114,6 +124,7 @@ func (w *WRRService) SetDefaults() {
// Sticky holds the sticky configuration.
type Sticky struct {
// Cookie defines the sticky cookie configuration.
Cookie *Cookie `json:"cookie,omitempty" toml:"cookie,omitempty" yaml:"cookie,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
}
@@ -121,9 +132,14 @@ type Sticky struct {
// Cookie holds the sticky configuration based on cookie.
type Cookie struct {
Name string `json:"name,omitempty" toml:"name,omitempty" yaml:"name,omitempty" export:"true"`
Secure bool `json:"secure,omitempty" toml:"secure,omitempty" yaml:"secure,omitempty" export:"true"`
HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"`
// Name defines the Cookie name.
Name string `json:"name,omitempty" toml:"name,omitempty" yaml:"name,omitempty" export:"true"`
// Secure defines whether the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
Secure bool `json:"secure,omitempty" toml:"secure,omitempty" yaml:"secure,omitempty" export:"true"`
// HTTPOnly defines whether the cookie can be accessed by client-side APIs, such as JavaScript.
HTTPOnly bool `json:"httpOnly,omitempty" toml:"httpOnly,omitempty" yaml:"httpOnly,omitempty" export:"true"`
// SameSite defines the same site policy.
// More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
SameSite string `json:"sameSite,omitempty" toml:"sameSite,omitempty" yaml:"sameSite,omitempty" export:"true"`
}
@@ -168,8 +184,13 @@ func (l *ServersLoadBalancer) SetDefaults() {
// +k8s:deepcopy-gen=true
// ResponseForwarding holds configuration for the forward of the response.
// ResponseForwarding holds the response forwarding configuration.
type ResponseForwarding struct {
// FlushInterval defines the interval, in milliseconds, in between flushes to the client while copying the response body.
// A negative value means to flush immediately after each write to the client.
// This configuration is ignored when ReverseProxy recognizes a response as a streaming response;
// for such responses, writes are flushed to the client immediately.
// Default: 100ms
FlushInterval string `json:"flushInterval,omitempty" toml:"flushInterval,omitempty" yaml:"flushInterval,omitempty" export:"true"`
}

402
pkg/config/dynamic/middlewares.go
View File

@@ -40,153 +40,250 @@ type Middleware struct {
// +k8s:deepcopy-gen=true
// ContentType middleware - or rather its unique `autoDetect` option -
// specifies whether to let the `Content-Type` header,
// if it has not been set by the backend,
// be automatically set to a value derived from the contents of the response.
// As a proxy, the default behavior should be to leave the header alone,
// regardless of what the backend did with it.
// However, the historic default was to always auto-detect and set the header if it was nil,
// and it is going to be kept that way in order to support users currently relying on it.
// ContentType holds the content-type middleware configuration.
// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
type ContentType struct {
// AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
// be automatically set to a value derived from the contents of the response.
// As a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it.
// However, the historic default was to always auto-detect and set the header if it was nil,
// and it is going to be kept that way in order to support users currently relying on it.
AutoDetect bool `json:"autoDetect,omitempty" toml:"autoDetect,omitempty" yaml:"autoDetect,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// AddPrefix holds the AddPrefix configuration.
// AddPrefix holds the add prefix middleware configuration.
// This middleware updates the path of a request before forwarding it.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/addprefix/
type AddPrefix struct {
// Prefix is the string to add before the current path in the requested URL.
// It should include a leading slash (/).
Prefix string `json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// BasicAuth holds the HTTP basic authentication configuration.
// BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/
type BasicAuth struct {
Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
// Users is an array of authorized users.
// Each user must be declared using the name:hashed-password format.
// Tip: Use htpasswd to generate the passwords.
Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
// UsersFile is the path to an external file that contains the authorized users.
UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
// Default: traefik.
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
// RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
// Default: false.
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// Buffering holds the request/response buffering configuration.
// Buffering holds the buffering middleware configuration.
// This middleware retries or limits the size of requests that can be forwarded to backends.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#maxrequestbodybytes
type Buffering struct {
MaxRequestBodyBytes int64 `json:"maxRequestBodyBytes,omitempty" toml:"maxRequestBodyBytes,omitempty" yaml:"maxRequestBodyBytes,omitempty" export:"true"`
MemRequestBodyBytes int64 `json:"memRequestBodyBytes,omitempty" toml:"memRequestBodyBytes,omitempty" yaml:"memRequestBodyBytes,omitempty" export:"true"`
MaxResponseBodyBytes int64 `json:"maxResponseBodyBytes,omitempty" toml:"maxResponseBodyBytes,omitempty" yaml:"maxResponseBodyBytes,omitempty" export:"true"`
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
// Default: 0 (no maximum).
MaxRequestBodyBytes int64 `json:"maxRequestBodyBytes,omitempty" toml:"maxRequestBodyBytes,omitempty" yaml:"maxRequestBodyBytes,omitempty" export:"true"`
// MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
// Default: 1048576 (1Mi).
MemRequestBodyBytes int64 `json:"memRequestBodyBytes,omitempty" toml:"memRequestBodyBytes,omitempty" yaml:"memRequestBodyBytes,omitempty" export:"true"`
// MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
// If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
// Default: 0 (no maximum).
MaxResponseBodyBytes int64 `json:"maxResponseBodyBytes,omitempty" toml:"maxResponseBodyBytes,omitempty" yaml:"maxResponseBodyBytes,omitempty" export:"true"`
// MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
// Default: 1048576 (1Mi).
MemResponseBodyBytes int64 `json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true"`
// RetryExpression defines the retry conditions.
// It is a logical combination of functions with operators AND (&&) and OR (||).
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/buffering/#retryexpression
RetryExpression string `json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// Chain holds a chain of middlewares.
// Chain holds the chain middleware configuration.
// This middleware enables to define reusable combinations of other pieces of middleware.
type Chain struct {
// Middlewares is the list of middleware names which composes the chain.
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// CircuitBreaker holds the circuit breaker configuration.
// CircuitBreaker holds the circuit breaker middleware configuration.
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/circuitbreaker/
type CircuitBreaker struct {
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
Expression string `json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// Compress holds the compress configuration.
// Compress holds the compress middleware configuration.
// This middleware compresses responses before sending them to the client, using gzip compression.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/compress/
type Compress struct {
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
ExcludedContentTypes []string `json:"excludedContentTypes,omitempty" toml:"excludedContentTypes,omitempty" yaml:"excludedContentTypes,omitempty" export:"true"`
MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"`
// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
// Default: 1024.
MinResponseBodyBytes int `json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// DigestAuth holds the Digest HTTP authentication configuration.
// DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/digestauth/
type DigestAuth struct {
Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
// Users defines the authorized users.
// Each user should be declared using the name:realm:encoded-password format.
Users Users `json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false"`
// UsersFile is the path to an external file that contains the authorized users for the middleware.
UsersFile string `json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty"`
// RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.
RemoveHeader bool `json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true"`
// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
// Default: traefik.
Realm string `json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty"`
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/basicauth/#headerfield
HeaderField string `json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// ErrorPage holds the custom error page configuration.
// ErrorPage holds the custom error middleware configuration.
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
type ErrorPage struct {
Status []string `json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true"`
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
Query string `json:"query,omitempty" toml:"query,omitempty" yaml:"query,omitempty" export:"true"`
// Status defines which status or range of statuses should result in an error page.
// It can be either a status code as a number (500),
// as multiple comma-separated numbers (500,502),
// as ranges by separating two codes with a dash (500-599),
// or a combination of the two (404,418,500-599).
Status []string `json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true"`
// Service defines the name of the service that will serve the error page.
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
// Query defines the URL for the error page (hosted by service).
// The {status} variable can be used in order to insert the status code in the URL.
Query string `json:"query,omitempty" toml:"query,omitempty" yaml:"query,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// ForwardAuth holds the http forward authentication configuration.
// ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/
type ForwardAuth struct {
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
TLS *types.ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
TrustForwardHeader bool `json:"trustForwardHeader,omitempty" toml:"trustForwardHeader,omitempty" yaml:"trustForwardHeader,omitempty" export:"true"`
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
AuthRequestHeaders []string `json:"authRequestHeaders,omitempty" toml:"authRequestHeaders,omitempty" yaml:"authRequestHeaders,omitempty" export:"true"`
// Address defines the authentication server address.
Address string `json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty"`
// TLS defines the configuration used to secure the connection to the authentication server.
TLS *types.ClientTLS `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
// TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
TrustForwardHeader bool `json:"trustForwardHeader,omitempty" toml:"trustForwardHeader,omitempty" yaml:"trustForwardHeader,omitempty" export:"true"`
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders []string `json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true"`
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/forwardauth/#authresponseheadersregex
AuthResponseHeadersRegex string `json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true"`
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed.
AuthRequestHeaders []string `json:"authRequestHeaders,omitempty" toml:"authRequestHeaders,omitempty" yaml:"authRequestHeaders,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// Headers holds the custom header configuration.
// Headers holds the headers middleware configuration.
// This middleware manages the requests and responses headers.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/headers/#customrequestheaders
type Headers struct {
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
// CustomRequestHeaders defines the header names and values to apply to the request.
CustomRequestHeaders map[string]string `json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true"`
// CustomResponseHeaders defines the header names and values to apply to the response.
CustomResponseHeaders map[string]string `json:"customResponseHeaders,omitempty" toml:"customResponseHeaders,omitempty" yaml:"customResponseHeaders,omitempty" export:"true"`
// AccessControlAllowCredentials is only valid if true. false is ignored.
// AccessControlAllowCredentials defines whether the request can include user credentials.
AccessControlAllowCredentials bool `json:"accessControlAllowCredentials,omitempty" toml:"accessControlAllowCredentials,omitempty" yaml:"accessControlAllowCredentials,omitempty" export:"true"`
// AccessControlAllowHeaders must be used in response to a preflight request with Access-Control-Request-Headers set.
// AccessControlAllowHeaders defines the Access-Control-Request-Headers values sent in preflight response.
AccessControlAllowHeaders []string `json:"accessControlAllowHeaders,omitempty" toml:"accessControlAllowHeaders,omitempty" yaml:"accessControlAllowHeaders,omitempty" export:"true"`
// AccessControlAllowMethods must be used in response to a preflight request with Access-Control-Request-Method set.
// AccessControlAllowMethods defines the Access-Control-Request-Method values sent in preflight response.
AccessControlAllowMethods []string `json:"accessControlAllowMethods,omitempty" toml:"accessControlAllowMethods,omitempty" yaml:"accessControlAllowMethods,omitempty" export:"true"`
// AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin "*".
AccessControlAllowOriginList []string `json:"accessControlAllowOriginList,omitempty" toml:"accessControlAllowOriginList,omitempty" yaml:"accessControlAllowOriginList,omitempty"`
// AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
AccessControlAllowOriginListRegex []string `json:"accessControlAllowOriginListRegex,omitempty" toml:"accessControlAllowOriginListRegex,omitempty" yaml:"accessControlAllowOriginListRegex,omitempty"`
// AccessControlExposeHeaders sets valid headers for the response.
// AccessControlExposeHeaders defines the Access-Control-Expose-Headers values sent in preflight response.
AccessControlExposeHeaders []string `json:"accessControlExposeHeaders,omitempty" toml:"accessControlExposeHeaders,omitempty" yaml:"accessControlExposeHeaders,omitempty" export:"true"`
// AccessControlMaxAge sets the time that a preflight request may be cached.
// AccessControlMaxAge defines the time that a preflight request may be cached.
AccessControlMaxAge int64 `json:"accessControlMaxAge,omitempty" toml:"accessControlMaxAge,omitempty" yaml:"accessControlMaxAge,omitempty" export:"true"`
// AddVaryHeader controls if the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.
// AddVaryHeader defines whether the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.
AddVaryHeader bool `json:"addVaryHeader,omitempty" toml:"addVaryHeader,omitempty" yaml:"addVaryHeader,omitempty" export:"true"`
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
// AllowedHosts defines the fully qualified list of allowed domain names.
AllowedHosts []string `json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty"`
// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
HostsProxyHeaders []string `json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLRedirect bool `json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true"`
// Deprecated: use EntryPoint redirection or RedirectScheme instead.
SSLTemporaryRedirect bool `json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true"`
// Deprecated: use RedirectRegex instead.
SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
SSLHost string `json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty"`
// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
SSLProxyHeaders map[string]string `json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty"`
// Deprecated: use RedirectRegex instead.
SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"`
STSPreload bool `json:"stsPreload,omitempty" toml:"stsPreload,omitempty" yaml:"stsPreload,omitempty" export:"true"`
ForceSTSHeader bool `json:"forceSTSHeader,omitempty" toml:"forceSTSHeader,omitempty" yaml:"forceSTSHeader,omitempty" export:"true"`
FrameDeny bool `json:"frameDeny,omitempty" toml:"frameDeny,omitempty" yaml:"frameDeny,omitempty" export:"true"`
SSLForceHost bool `json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true"`
// STSSeconds defines the max-age of the Strict-Transport-Security header.
// If set to 0, the header is not set.
STSSeconds int64 `json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true"`
// STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header.
STSIncludeSubdomains bool `json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true"`
// STSPreload defines whether the preload flag is appended to the Strict-Transport-Security header.
STSPreload bool `json:"stsPreload,omitempty" toml:"stsPreload,omitempty" yaml:"stsPreload,omitempty" export:"true"`
// ForceSTSHeader defines whether to add the STS header even when the connection is HTTP.
ForceSTSHeader bool `json:"forceSTSHeader,omitempty" toml:"forceSTSHeader,omitempty" yaml:"forceSTSHeader,omitempty" export:"true"`
// FrameDeny defines whether to add the X-Frame-Options header with the DENY value.
FrameDeny bool `json:"frameDeny,omitempty" toml:"frameDeny,omitempty" yaml:"frameDeny,omitempty" export:"true"`
// CustomFrameOptionsValue defines the X-Frame-Options header value.
// This overrides the FrameDeny option.
CustomFrameOptionsValue string `json:"customFrameOptionsValue,omitempty" toml:"customFrameOptionsValue,omitempty" yaml:"customFrameOptionsValue,omitempty"`
ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty" toml:"contentTypeNosniff,omitempty" yaml:"contentTypeNosniff,omitempty" export:"true"`
BrowserXSSFilter bool `json:"browserXssFilter,omitempty" toml:"browserXssFilter,omitempty" yaml:"browserXssFilter,omitempty" export:"true"`
CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty" toml:"customBrowserXSSValue,omitempty" yaml:"customBrowserXSSValue,omitempty"`
ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty" toml:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty"`
PublicKey string `json:"publicKey,omitempty" toml:"publicKey,omitempty" yaml:"publicKey,omitempty"`
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
// ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value.
ContentTypeNosniff bool `json:"contentTypeNosniff,omitempty" toml:"contentTypeNosniff,omitempty" yaml:"contentTypeNosniff,omitempty" export:"true"`
// BrowserXSSFilter defines whether to add the X-XSS-Protection header with the value 1; mode=block.
BrowserXSSFilter bool `json:"browserXssFilter,omitempty" toml:"browserXssFilter,omitempty" yaml:"browserXssFilter,omitempty" export:"true"`
// CustomBrowserXSSValue defines the X-XSS-Protection header value.
// This overrides the BrowserXssFilter option.
CustomBrowserXSSValue string `json:"customBrowserXSSValue,omitempty" toml:"customBrowserXSSValue,omitempty" yaml:"customBrowserXSSValue,omitempty"`
// ContentSecurityPolicy defines the Content-Security-Policy header value.
ContentSecurityPolicy string `json:"contentSecurityPolicy,omitempty" toml:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty"`
// PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates.
PublicKey string `json:"publicKey,omitempty" toml:"publicKey,omitempty" yaml:"publicKey,omitempty"`
// ReferrerPolicy defines the Referrer-Policy header value.
// This allows sites to control whether browsers forward the Referer header to other sites.
ReferrerPolicy string `json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true"`
// Deprecated: use PermissionsPolicy instead.
FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
FeaturePolicy string `json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true"`
// PermissionsPolicy defines the Permissions-Policy header value.
// This allows sites to control browser features.
PermissionsPolicy string `json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true"`
IsDevelopment bool `json:"isDevelopment,omitempty" toml:"isDevelopment,omitempty" yaml:"isDevelopment,omitempty" export:"true"`
// IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
// Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
// If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
// and STS headers, leave this as false.
IsDevelopment bool `json:"isDevelopment,omitempty" toml:"isDevelopment,omitempty" yaml:"isDevelopment,omitempty" export:"true"`
}
// HasCustomHeadersDefined checks to see if any of the custom header elements have been set.
@@ -235,9 +332,12 @@ func (h *Headers) HasSecureHeadersDefined() bool {
// +k8s:deepcopy-gen=true
// IPStrategy holds the ip strategy configuration.
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/#ipstrategy
type IPStrategy struct {
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"`
// TODO(mpl): I think we should make RemoteAddr an explicit field. For one thing, it would yield better documentation.
}
@@ -272,25 +372,40 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
// +k8s:deepcopy-gen=true
// IPWhiteList holds the ip white list configuration.
// IPWhiteList holds the IP whitelist middleware configuration.
// This middleware accepts / refuses requests based on the client IP.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/ipwhitelist/
type IPWhiteList struct {
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
SourceRange []string `json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty"`
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
}
// +k8s:deepcopy-gen=true
// InFlightReq limits the number of requests being processed and served concurrently.
// InFlightReq holds the in-flight request middleware configuration.
// This middleware limits the number of requests being processed and served concurrently.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/
type InFlightReq struct {
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
// Amount defines the maximum amount of allowed simultaneous in-flight request.
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
Amount int64 `json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true"`
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the requestHost.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/inflightreq/#sourcecriterion
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// PassTLSClientCert holds the TLS client cert headers configuration.
// PassTLSClientCert holds the pass TLS client cert middleware configuration.
// This middleware adds the selected data from the passed client TLS certificate to a header.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/passtlsclientcert/
type PassTLSClientCert struct {
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
// PEM sets the X-Forwarded-Tls-Client-Cert header with the escaped certificate.
PEM bool `json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true"`
// Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
Info *TLSClientCertificateInfo `json:"info,omitempty" toml:"info,omitempty" yaml:"info,omitempty" export:"true"`
}
@@ -300,14 +415,17 @@ type PassTLSClientCert struct {
// If none are set, the default is to use the request's remote address field.
// All fields are mutually exclusive.
type SourceCriterion struct {
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" export:"true"`
RequestHeaderName string `json:"requestHeaderName,omitempty" toml:"requestHeaderName,omitempty" yaml:"requestHeaderName,omitempty" export:"true"`
RequestHost bool `json:"requestHost,omitempty" toml:"requestHost,omitempty" yaml:"requestHost,omitempty" export:"true"`
IPStrategy *IPStrategy `json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" export:"true"`
// RequestHeaderName defines the name of the header used to group incoming requests.
RequestHeaderName string `json:"requestHeaderName,omitempty" toml:"requestHeaderName,omitempty" yaml:"requestHeaderName,omitempty" export:"true"`
// RequestHost defines whether to consider the request Host as the source.
RequestHost bool `json:"requestHost,omitempty" toml:"requestHost,omitempty" yaml:"requestHost,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// RateLimit holds the rate limiting configuration for a given router.
// RateLimit holds the rate limit configuration.
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
type RateLimit struct {
// Average is the maximum rate, by default in requests/s, allowed for the given source.
// It defaults to 0, which means no rate limiting.
@@ -323,6 +441,9 @@ type RateLimit struct {
// It defaults to 1.
Burst int64 `json:"burst,omitempty" toml:"burst,omitempty" yaml:"burst,omitempty" export:"true"`
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the request's remote address field (as an ipStrategy).
SourceCriterion *SourceCriterion `json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true"`
}
@@ -334,51 +455,82 @@ func (r *RateLimit) SetDefaults() {
// +k8s:deepcopy-gen=true
// RedirectRegex holds the redirection configuration.
// RedirectRegex holds the redirect regex middleware configuration.
// This middleware redirects a request using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectregex/#regex
type RedirectRegex struct {
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
// Regex defines the regex used to match and capture elements from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty"`
// Replacement defines how to modify the URL to have the new target URL.
Replacement string `json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty"`
Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
// Permanent defines whether the redirection is permanent (301).
Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// RedirectScheme holds the scheme redirection configuration.
// RedirectScheme holds the redirect scheme middleware configuration.
// This middleware redirects requests from a scheme/port to another.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/redirectscheme/
type RedirectScheme struct {
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
Port string `json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true"`
Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
// Scheme defines the scheme of the new URL.
Scheme string `json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true"`
// Port defines the port of the new URL.
Port string `json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true"`
// Permanent defines whether the redirection is permanent (301).
Permanent bool `json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// ReplacePath holds the ReplacePath configuration.
// ReplacePath holds the replace path middleware configuration.
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepath/
type ReplacePath struct {
// Path defines the path to use as replacement in the request URL.
Path string `json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// ReplacePathRegex holds the ReplacePathRegex configuration.
// ReplacePathRegex holds the replace path regex middleware configuration.
// This middleware replaces the path of a URL using regex matching and replacement.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/replacepathregex/
type ReplacePathRegex struct {
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
// Regex defines the regular expression used to match and capture the path from the request URL.
Regex string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
// Replacement defines the replacement path format, which can include captured variables.
Replacement string `json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// Retry holds the retry configuration.
// Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/retry/
type Retry struct {
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
// Attempts defines how many times the request should be retried.
Attempts int `json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true"`
// InitialInterval defines the first wait time in the exponential backoff series.
// The maximum interval is calculated as twice the initialInterval.
// If unspecified, requests will be retried immediately.
// The value of initialInterval should be provided in seconds or as a valid duration format,
// see https://pkg.go.dev/time#ParseDuration.
InitialInterval ptypes.Duration `json:"initialInterval,omitempty" toml:"initialInterval,omitempty" yaml:"initialInterval,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
// StripPrefix holds the StripPrefix configuration.
// StripPrefix holds the strip prefix middleware configuration.
// This middleware removes the specified prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefix/
type StripPrefix struct {
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
// Prefixes defines the prefixes to strip from the request URL.
Prefixes []string `json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true"`
// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
// Default: true.
ForceSlash bool `json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true"` // Deprecated
}
// SetDefaults Default values for a StripPrefix.
@@ -388,8 +540,11 @@ func (s *StripPrefix) SetDefaults() {
// +k8s:deepcopy-gen=true
// StripPrefixRegex holds the StripPrefixRegex configuration.
// StripPrefixRegex holds the strip prefix regex middleware configuration.
// This middleware removes the matching prefixes from the URL path.
// More info: https://doc.traefik.io/traefik/v2.7/middlewares/http/stripprefixregex/
type StripPrefixRegex struct {
// Regex defines the regular expression to match the path prefix from the request URL.
Regex []string `json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true"`
}
@@ -397,12 +552,18 @@ type StripPrefixRegex struct {
// TLSClientCertificateInfo holds the client TLS certificate info configuration.
type TLSClientCertificateInfo struct {
NotAfter bool `json:"notAfter,omitempty" toml:"notAfter,omitempty" yaml:"notAfter,omitempty" export:"true"`
NotBefore bool `json:"notBefore,omitempty" toml:"notBefore,omitempty" yaml:"notBefore,omitempty" export:"true"`
Sans bool `json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty" export:"true"`
Subject *TLSClientCertificateSubjectDNInfo `json:"subject,omitempty" toml:"subject,omitempty" yaml:"subject,omitempty" export:"true"`
Issuer *TLSClientCertificateIssuerDNInfo `json:"issuer,omitempty" toml:"issuer,omitempty" yaml:"issuer,omitempty" export:"true"`
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
// NotAfter defines whether to add the Not After information from the Validity part.
NotAfter bool `json:"notAfter,omitempty" toml:"notAfter,omitempty" yaml:"notAfter,omitempty" export:"true"`
// NotBefore defines whether to add the Not Before information from the Validity part.
NotBefore bool `json:"notBefore,omitempty" toml:"notBefore,omitempty" yaml:"notBefore,omitempty" export:"true"`
// Sans defines whether to add the Subject Alternative Name information from the Subject Alternative Name part.
Sans bool `json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty" export:"true"`
// SerialNumber defines whether to add the client serialNumber information.
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
// Subject defines the client certificate subject details to add to the X-Forwarded-Tls-Client-Cert-Info header.
Subject *TLSClientCertificateSubjectDNInfo `json:"subject,omitempty" toml:"subject,omitempty" yaml:"subject,omitempty" export:"true"`
// Issuer defines the client certificate issuer details to add to the X-Forwarded-Tls-Client-Cert-Info header.
Issuer *TLSClientCertificateIssuerDNInfo `json:"issuer,omitempty" toml:"issuer,omitempty" yaml:"issuer,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true
@@ -410,12 +571,19 @@ type TLSClientCertificateInfo struct {
// TLSClientCertificateIssuerDNInfo holds the client TLS certificate distinguished name info configuration.
// cf https://tools.ietf.org/html/rfc3739
type TLSClientCertificateIssuerDNInfo struct {
Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
// Country defines whether to add the country information into the issuer.
Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
// Province defines whether to add the province information into the issuer.
Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
// Locality defines whether to add the locality information into the issuer.
Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
// Organization defines whether to add the organization information into the issuer.
Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
// CommonName defines whether to add the organizationalUnit information into the issuer.
CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
// SerialNumber defines whether to add the serialNumber information into the issuer.
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
// DomainComponent defines whether to add the domainComponent information into the issuer.
DomainComponent bool `json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true"`
}
@@ -424,14 +592,22 @@ type TLSClientCertificateIssuerDNInfo struct {
// TLSClientCertificateSubjectDNInfo holds the client TLS certificate distinguished name info configuration.
// cf https://tools.ietf.org/html/rfc3739
type TLSClientCertificateSubjectDNInfo struct {
Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
// Country defines whether to add the country information into the subject.
Country bool `json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true"`
// Province defines whether to add the province information into the subject.
Province bool `json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true"`
// Locality defines whether to add the locality information into the subject.
Locality bool `json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true"`
// Organization defines whether to add the organization information into the subject.
Organization bool `json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true"`
// OrganizationalUnit defines whether to add the organizationalUnit information into the subject.
OrganizationalUnit bool `json:"organizationalUnit,omitempty" toml:"organizationalUnit,omitempty" yaml:"organizationalUnit,omitempty" export:"true"`
CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
DomainComponent bool `json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true"`
// CommonName defines whether to add the organizationalUnit information into the subject.
CommonName bool `json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true"`
// SerialNumber defines whether to add the serialNumber information into the subject.
SerialNumber bool `json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true"`
// DomainComponent defines whether to add the domainComponent information into the subject.
DomainComponent bool `json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true"`
}
// +k8s:deepcopy-gen=true

5
pkg/config/dynamic/tcp_config.go
View File

@@ -52,6 +52,7 @@ type TCPRouter struct {
Middlewares []string `json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true"`
Service string `json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true"`
Rule string `json:"rule,omitempty" toml:"rule,omitempty" yaml:"rule,omitempty"`
Priority int `json:"priority,omitempty" toml:"priority,omitempty,omitzero" yaml:"priority,omitempty" export:"true"`
TLS *RouterTCPTLSConfig `json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true"`
}
@@ -112,8 +113,10 @@ type TCPServer struct {
// +k8s:deepcopy-gen=true
// ProxyProtocol holds the ProxyProtocol configuration.
// ProxyProtocol holds the PROXY Protocol configuration.
// More info: https://doc.traefik.io/traefik/v2.7/routing/services/#proxy-protocol
type ProxyProtocol struct {
// Version defines the PROXY Protocol version to use.
Version int `json:"version,omitempty" toml:"version,omitempty" yaml:"version,omitempty" export:"true"`
}

Some files were not shown because too many files have changed in this diff Show More