shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-11-09 04:23:50 +03:00
Code Releases Activity

Compare commits

base: shaba:v2.9
Branches Tags
shaba:master shaba:v3.6 shaba:v3.5 shaba:v2.11 shaba:v2.5 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.6.0 shaba:v3.5.6 shaba:v3.5.5 shaba:v3.6.0-rc1 shaba:v3.5.4 shaba:v2.11.30 shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0
..
compare: shaba:v3.0.0-beta2
Branches Tags
shaba:v3.6 shaba:v3.5 shaba:v2.11 shaba:master shaba:v2.5 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.6.0 shaba:v3.5.6 shaba:v3.5.5 shaba:v3.6.0-rc1 shaba:v3.5.4 shaba:v2.11.30 shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0

47 Commits
v2.9 ... v3.0.0-bet

Author SHA1 Message Date
Tom Moulard
e54ee89330 Prepare release v3.0.0-beta2 2022-12-07 17:26:04 +01:00
Simon Delicata
fdd3f2abef Moves HTTP/3 outside the experimental section 2022-12-07 17:02:05 +01:00
Tom Moulard
517917cd7c Merge current v2.9 into master 2022-12-07 15:55:46 +01:00
Tom Moulard
6c75052a13 Change traefik cmd error log to error level 2022-12-07 11:34:06 +01:00
Tom Moulard
8cf9385938 Rework Host and HostRegexp matchers 
Co-authored-by: Simon Delicata <simon.delicata@traefik.io>
 2022-12-06 10:40:06 +01:00
Romain
519ed8bde5 Prepare release v3.0.0-beta1 2022-12-05 16:58:04 +01:00
romain
46a61ce9c8 Merge remote-tracking branch 'upstream/v2.9' into merge-branch-v2.9-into-master 2022-12-05 15:23:06 +01:00
Ludovic Fernandez
c57876c116 Improve provider logs 2022-11-30 09:50:05 +01:00
Tom Moulard
0d81fac3fc Add OpenTelemetry tracing and metrics support 2022-11-29 15:34:05 +01:00
Simon Delicata
db287c4d31 Disable Content-Type auto-detection by default 2022-11-29 11:48:05 +01:00
Antoine
4d86668af3 Update routing syntax 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2022-11-28 15:48:05 +01:00
Fernandez Ludovic
b93141992e Merge branch v2.9 into master 2022-11-28 09:01:53 +01:00
Simon Delicata
a3e4c85ec0 Remove deprecated options 2022-11-25 10:50:06 +01:00
Ludovic Fernandez
bee86b5ac7 fix: log level 2022-11-25 09:52:04 +01:00
Ludovic Fernandez
0ba51d62fa fix: flaky with shutdown tests 2022-11-24 17:06:07 +01:00
Kevin Pollet
268d1edc8f Fix flaky healthcheck test 2022-11-24 16:32:05 +01:00
Ludovic Fernandez
580e7fa774 fix: flaky tests on the configuration watcher 2022-11-24 16:00:06 +01:00
Ali Afsharzadeh
46c266661c Add a status option to the service health check 2022-11-24 11:40:05 +01:00
Fernandez Ludovic
61325d7b91 Merge branch v2.9 into master 2022-11-23 17:30:49 +01:00
Kevin Pollet
3f8aa13e68 Fix error when setting ServerUp metric labels 2022-11-23 16:04:05 +01:00
Ludovic Fernandez
08279047ae Improve test logger assertions 2022-11-23 12:14:04 +01:00
Ludovic Fernandez
3dd4968c41 Retry on plugin API calls 2022-11-23 11:42:04 +01:00
Fernandez Ludovic
ba1ca68977 Merge branch v2.9 into master 2022-11-23 09:22:52 +01:00
Ludovic Fernandez
56f7515ecd New logger for the Traefik logs 2022-11-21 18:36:05 +01:00
xmessi
27c02b5a56 Log TLS client subject 2022-11-21 10:18:05 +01:00
Romain
630de7481e Support SNI routing with Postgres STARTTLS connections 
Co-authored-by: Michael Kuhnt <michael.kuhnt@daimler.com>
Co-authored-by: Julien Salleyron <julien@containo.us>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2022-11-16 15:34:10 +01:00
Julien Salleyron
fadee5e87b Rework servers load-balancer to use the WRR 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-11-16 11:38:07 +01:00
Greg
67d9c8da0b Add support for Brotli 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-11-15 10:56:08 +01:00
mloiseleur
1a1cfd1adc Update and publish official Grafana Dashboard 2022-11-08 15:32:06 +01:00
Ngọc Long
240fb871b6 Support gRPC and gRPC-Web protocol in metrics 2022-11-08 10:52:09 +01:00
Ludovic Fernandez
d131ef57da chore: update nhooyr.io/websocket 2022-11-03 16:30:08 +01:00
kevinpollet
281fa25844 Merge branch v2.9 into master 2022-10-28 09:22:36 +02:00
Julien Salleyron
bd3eaf4f5e Add GrpcWeb middleware 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-10-27 17:34:06 +02:00
Ludovic Fernandez
7a6bfd3336 chore: change TCP middleware package 2022-10-26 17:42:07 +02:00
Wambugu
1b9873cae9 Renaming IPWhiteList to IPAllowList 2022-10-26 17:16:05 +02:00
Fernandez Ludovic
e86f21ae7b Merge branch 'v2.9' into master 2022-10-24 11:24:41 +02:00
Julien Levesy
194247caae Check if default servers transport spiffe config is not nil 2022-10-18 10:28:07 +02:00
kevinpollet
cd0654026a Merge branch v2.9 into master 2022-10-17 18:53:37 +02:00
Julien Levesy
b39ce8cc58 Support SPIFFE mTLS between Traefik and Backend servers 2022-10-14 17:16:08 +02:00
Kevin Pollet
33f0aed5ea Support custom headers when fetching configuration through HTTP 2022-10-14 15:10:10 +02:00
kalle (jag)
188ef84c4f Allow to define default entrypoints (for HTTP/TCP) 2022-10-11 09:36:08 +02:00
kevinpollet
a5c520664a Merge branch v2.9 into master 2022-10-06 16:40:09 +02:00
Kevin Pollet
38d7011487 Add Tailscale certificate resolver 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2022-09-30 15:20:08 +02:00
jjacque
033fccccc7 Support gRPC healthcheck 2022-09-20 16:54:08 +02:00
Michael Hampton
df99a9fb57 Add option to keep only healthy ECS tasks 2022-09-20 15:42:08 +02:00
Thomas Harris
d6b69e1347 Support multiple namespaces in the Nomad Provider 2022-09-19 16:26:08 +02:00
romain
4bd055cf97 Merge branch v2.9 into master 2022-09-19 13:52:58 +02:00
590 changed files with 17857 additions and 11399 deletions
Expand all files Collapse all files

8
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -2,16 +2,16 @@
PLEASE READ THIS MESSAGE. PLEASE READ THIS MESSAGE.
Documentation fixes or enhancements: Documentation fixes or enhancements:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.9 - for Traefik v2: use branch v2.9
- for Traefik v3: use branch master
Bug fixes: Bug fixes:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.9 - for Traefik v2: use branch v2.9
- for Traefik v3: use branch master
Enhancements: Enhancements:
- for Traefik v1: we only accept bug fixes - for Traefik v2: we only accept bug fixes
- for Traefik v2: use branch master - for Traefik v3: use branch master
HOW TO WRITE A GOOD PULL REQUEST? https://doc.traefik.io/traefik/contributing/submitting-pull-requests/ HOW TO WRITE A GOOD PULL REQUEST? https://doc.traefik.io/traefik/contributing/submitting-pull-requests/

2
.github/workflows/build.yaml vendored
View File

@@ -6,7 +6,7 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.20' GO_VERSION: 1.19
CGO_ENABLED: 0 CGO_ENABLED: 0
IN_DOCKER: "" IN_DOCKER: ""

2
.github/workflows/documentation.yml vendored
View File

@@ -7,7 +7,7 @@ on:
- v* - v*
env: env:
STRUCTOR_VERSION: v1.12.0 STRUCTOR_VERSION: v1.11.2
MIXTUS_VERSION: v0.4.1 MIXTUS_VERSION: v0.4.1
jobs: jobs:

2
.github/workflows/test-unit.yaml vendored
View File

@@ -6,7 +6,7 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.20' GO_VERSION: 1.19
IN_DOCKER: "" IN_DOCKER: ""
jobs: jobs:

4
.github/workflows/validate.yaml vendored
View File

@@ -6,8 +6,8 @@ on:
- '*' - '*'
env: env:
GO_VERSION: '1.20' GO_VERSION: 1.19
GOLANGCI_LINT_VERSION: v1.51.2 GOLANGCI_LINT_VERSION: v1.50.0
MISSSPELL_VERSION: v0.4.0 MISSSPELL_VERSION: v0.4.0
IN_DOCKER: "" IN_DOCKER: ""

10
.golangci.yml
View File

@@ -134,14 +134,6 @@ issues:
exclude: exclude:
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked' - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
- "should have a package comment, unless it's in another file for this package" - "should have a package comment, unless it's in another file for this package"
- 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed
- 'SA1019: cfg.SSLRedirect is deprecated'
- 'SA1019: cfg.SSLTemporaryRedirect is deprecated'
- 'SA1019: cfg.SSLHost is deprecated'
- 'SA1019: cfg.SSLForceHost is deprecated'
- 'SA1019: cfg.FeaturePolicy is deprecated'
- 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
- 'SA1019: c.Providers.Consul.Namespace is deprecated'
exclude-rules: exclude-rules:
- path: '(.+)_test.go' - path: '(.+)_test.go'
linters: linters:
@@ -162,7 +154,7 @@ issues:
text: "Function 'buildConstructor' has too many statements" text: "Function 'buildConstructor' has too many statements"
linters: linters:
- funlen - funlen
- path: pkg/tracing/haystack/logger.go - path: pkg/logs/haystack.go
linters: linters:
- goprintffuncname - goprintffuncname
- path: pkg/tracing/tracing.go - path: pkg/tracing/tracing.go

4
.semaphore/semaphore.yml
View File

@@ -19,7 +19,7 @@ global_job_config:
prologue: prologue:
commands: commands:
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin" - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
- sudo semgo go1.20 - sudo semgo go1.19
- export "GOPATH=$(go env GOPATH)" - export "GOPATH=$(go env GOPATH)"
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}" - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
- export "PATH=${GOPATH}/bin:${PATH}" - export "PATH=${GOPATH}/bin:${PATH}"
@@ -64,7 +64,7 @@ blocks:
- name: GH_VERSION - name: GH_VERSION
value: 1.12.1 value: 1.12.1
- name: CODENAME - name: CODENAME
value: "banon" value: "beaufort"
- name: IN_DOCKER - name: IN_DOCKER
value: "" value: ""
prologue: prologue:

100
CHANGELOG.md
View File

@@ -1,53 +1,15 @@
## [v2.9.10](https://github.com/traefik/traefik/tree/v2.9.10) (2023-04-06) ## [v3.0.0-beta2](https://github.com/traefik/traefik/tree/v3.0.0-beta2) (2022-12-07)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.9...v2.9.10) [All Commits](https://github.com/traefik/traefik/compare/v3.0.0-beta1...v3.0.0-beta2)
## [v2.9.9](https://github.com/traefik/traefik/tree/v2.9.9) (2023-03-21) **Enhancements:**
[All Commits](https://github.com/traefik/traefik/compare/v2.9.8...v2.9.9) - **[http3]** Moves HTTP/3 outside the experimental section ([#9570](https://github.com/traefik/traefik/pull/9570) by [sdelicata](https://github.com/sdelicata))
**Bug fixes:** **Bug fixes:**
- **[acme]** Update go-acme/lego to v4.10.2 ([#9749](https://github.com/traefik/traefik/pull/9749) by [ldez](https://github.com/ldez)) - **[logs]** Change traefik cmd error log to error level ([#9569](https://github.com/traefik/traefik/pull/9569) by [tomMoulard](https://github.com/tomMoulard))
- **[http3]** Update quic-go to v0.33.0 ([#9737](https://github.com/traefik/traefik/pull/9737) by [ldez](https://github.com/ldez)) - **[rules]** Rework Host and HostRegexp matchers ([#9559](https://github.com/traefik/traefik/pull/9559) by [tomMoulard](https://github.com/tomMoulard))
- **[metrics]** Include user-defined default cert for traefik_tls_certs_not_after metric ([#9742](https://github.com/traefik/traefik/pull/9742) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Update vulcand/oxy to a0e9f7ff1040 ([#9750](https://github.com/traefik/traefik/pull/9750) by [ldez](https://github.com/ldez))
- **[nomad]** Fix default configuration settings for Nomad Provider ([#9758](https://github.com/traefik/traefik/pull/9758) by [aofei](https://github.com/aofei))
- **[nomad]** Fix Nomad client TLS defaults ([#9795](https://github.com/traefik/traefik/pull/9795) by [rtribotte](https://github.com/rtribotte))
- **[server]** Remove User-Agent header removal from ReverseProxy director func ([#9752](https://github.com/traefik/traefik/pull/9752) by [rtribotte](https://github.com/rtribotte))
**Documentation:** **Misc:**
- **[middleware]** Clarify ratelimit middleware ([#9777](https://github.com/traefik/traefik/pull/9777) by [mpl](https://github.com/mpl)) - Merge current v2.9 into master ([#9586](https://github.com/traefik/traefik/pull/9586) by [tomMoulard](https://github.com/tomMoulard))
- **[tcp]** Correcting variable name &#39;server address&#39; in TCP Router ([#9743](https://github.com/traefik/traefik/pull/9743) by [ralphg6](https://github.com/ralphg6))
## [v2.9.8](https://github.com/traefik/traefik/tree/v2.9.8) (2023-02-15)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.7...v2.9.8)
**Bug fixes:**
- **[server]** Update golang.org/x/net to v0.7.0 ([#9716](https://github.com/traefik/traefik/pull/9716) by [ldez](https://github.com/ldez))
## [v2.9.7](https://github.com/traefik/traefik/tree/v2.9.7) (2023-02-14)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.6...v2.9.7)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.10.0 ([#9705](https://github.com/traefik/traefik/pull/9705) by [ldez](https://github.com/ldez))
- **[ecs]** Prevent panicking when a container has no network interfaces ([#9661](https://github.com/traefik/traefik/pull/9661) by [rtribotte](https://github.com/rtribotte))
- **[file]** Make file provider more resilient wrt first configuration ([#9595](https://github.com/traefik/traefik/pull/9595) by [mpl](https://github.com/mpl))
- **[logs]** Differentiate UDP stream and TCP connection in logs ([#9687](https://github.com/traefik/traefik/pull/9687) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Prevent from no rate limiting when average is zero ([#9621](https://github.com/traefik/traefik/pull/9621) by [witalisoft](https://github.com/witalisoft))
- **[middleware]** Prevents superfluous WriteHeader call in the error middleware ([#9620](https://github.com/traefik/traefik/pull/9620) by [tomMoulard](https://github.com/tomMoulard))
- **[middleware]** Sanitize X-Forwarded-Proto header in RedirectScheme middleware ([#9598](https://github.com/traefik/traefik/pull/9598) by [ldez](https://github.com/ldez))
- **[plugins]** Update paerser to v0.2.0 ([#9671](https://github.com/traefik/traefik/pull/9671) by [ldez](https://github.com/ldez))
- **[plugins]** Update Yaegi to v0.15.0 ([#9700](https://github.com/traefik/traefik/pull/9700) by [ldez](https://github.com/ldez))
- **[tls,http3]** Bump quic-go to 89769f409f ([#9685](https://github.com/traefik/traefik/pull/9685) by [mpl](https://github.com/mpl))
- **[tls,tcp]** Adds the support for IPv6 in the TCP HostSNI matcher ([#9692](https://github.com/traefik/traefik/pull/9692) by [rtribotte](https://github.com/rtribotte))
**Documentation:**
- **[acme]** Add CNAME support and gotchas ([#9698](https://github.com/traefik/traefik/pull/9698) by [mpl](https://github.com/mpl))
- **[acme]** Further Let&#39;s Encrypt ratelimit warnings ([#9627](https://github.com/traefik/traefik/pull/9627) by [hcooper](https://github.com/hcooper))
- **[k8s]** Add info admonition about routing to k8 services ([#9645](https://github.com/traefik/traefik/pull/9645) by [svx](https://github.com/svx))
- **[k8s]** Improve TLSStore CRD documentation ([#9579](https://github.com/traefik/traefik/pull/9579) by [mloiseleur](https://github.com/mloiseleur))
- **[middleware]** doc: add note about remoteaddr strategy ([#9701](https://github.com/traefik/traefik/pull/9701) by [mpl](https://github.com/mpl))
- Update copyright to match new standard ([#9651](https://github.com/traefik/traefik/pull/9651) by [paulocfjunior](https://github.com/paulocfjunior))
- Update copyright for 2023 ([#9631](https://github.com/traefik/traefik/pull/9631) by [kevinpollet](https://github.com/kevinpollet))
- Update submitting pull requests to include language about drafts ([#9609](https://github.com/traefik/traefik/pull/9609) by [tfny](https://github.com/tfny))
## [v2.9.6](https://github.com/traefik/traefik/tree/v2.9.6) (2022-12-07) ## [v2.9.6](https://github.com/traefik/traefik/tree/v2.9.6) (2022-12-07)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.5...v2.9.6) [All Commits](https://github.com/traefik/traefik/compare/v2.9.5...v2.9.6)
@@ -68,6 +30,52 @@
- **[k8s/helm]** Update Helm installation section ([#9564](https://github.com/traefik/traefik/pull/9564) by [mloiseleur](https://github.com/mloiseleur)) - **[k8s/helm]** Update Helm installation section ([#9564](https://github.com/traefik/traefik/pull/9564) by [mloiseleur](https://github.com/mloiseleur))
- **[middleware]** Clarify PathPrefix matcher greediness ([#9519](https://github.com/traefik/traefik/pull/9519) by [mpl](https://github.com/mpl)) - **[middleware]** Clarify PathPrefix matcher greediness ([#9519](https://github.com/traefik/traefik/pull/9519) by [mpl](https://github.com/mpl))
## [v3.0.0-beta1](https://github.com/traefik/traefik/tree/v3.0.0-beta1) (2022-12-05)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v3.0.0-beta1)
**Enhancements:**
- **[ecs]** Add option to keep only healthy ECS tasks ([#8027](https://github.com/traefik/traefik/pull/8027) by [Michampt](https://github.com/Michampt))
- **[healthcheck]** Support gRPC healthcheck ([#8583](https://github.com/traefik/traefik/pull/8583) by [jjacque](https://github.com/jjacque))
- **[healthcheck]** Add a status option to the service health check ([#9463](https://github.com/traefik/traefik/pull/9463) by [guoard](https://github.com/guoard))
- **[http]** Support custom headers when fetching configuration through HTTP ([#9421](https://github.com/traefik/traefik/pull/9421) by [kevinpollet](https://github.com/kevinpollet))
- **[logs,performance]** New logger for the Traefik logs ([#9515](https://github.com/traefik/traefik/pull/9515) by [ldez](https://github.com/ldez))
- **[logs,plugins]** Retry on plugin API calls ([#9530](https://github.com/traefik/traefik/pull/9530) by [ldez](https://github.com/ldez))
- **[logs,provider]** Improve provider logs ([#9562](https://github.com/traefik/traefik/pull/9562) by [ldez](https://github.com/ldez))
- **[logs]** Improve test logger assertions ([#9533](https://github.com/traefik/traefik/pull/9533) by [ldez](https://github.com/ldez))
- **[metrics]** Support gRPC and gRPC-Web protocol in metrics ([#9483](https://github.com/traefik/traefik/pull/9483) by [longit644](https://github.com/longit644))
- **[middleware,accesslogs]** Log TLS client subject ([#9285](https://github.com/traefik/traefik/pull/9285) by [xmessi](https://github.com/xmessi))
- **[middleware,metrics,tracing]** Add OpenTelemetry tracing and metrics support ([#8999](https://github.com/traefik/traefik/pull/8999) by [tomMoulard](https://github.com/tomMoulard))
- **[middleware]** Disable Content-Type auto-detection by default ([#9546](https://github.com/traefik/traefik/pull/9546) by [sdelicata](https://github.com/sdelicata))
- **[middleware]** Add gRPC-Web middleware ([#9451](https://github.com/traefik/traefik/pull/9451) by [juliens](https://github.com/juliens))
- **[middleware]** Add support for Brotli ([#9387](https://github.com/traefik/traefik/pull/9387) by [glinton](https://github.com/glinton))
- **[middleware]** Renaming IPWhiteList to IPAllowList ([#9457](https://github.com/traefik/traefik/pull/9457) by [wxmbugu](https://github.com/wxmbugu))
- **[nomad]** Support multiple namespaces in the Nomad Provider ([#9332](https://github.com/traefik/traefik/pull/9332) by [0teh](https://github.com/0teh))
- **[rules]** Update routing syntax ([#9531](https://github.com/traefik/traefik/pull/9531) by [skwair](https://github.com/skwair))
- **[server]** Rework servers load-balancer to use the WRR ([#9431](https://github.com/traefik/traefik/pull/9431) by [juliens](https://github.com/juliens))
- **[server]** Allow default entrypoints definition ([#9100](https://github.com/traefik/traefik/pull/9100) by [jilleJr](https://github.com/jilleJr))
- **[tls,service]** Support SPIFFE mTLS between Traefik and Backend servers ([#9394](https://github.com/traefik/traefik/pull/9394) by [jlevesy](https://github.com/jlevesy))
- **[tls]** Add Tailscale certificate resolver ([#9237](https://github.com/traefik/traefik/pull/9237) by [kevinpollet](https://github.com/kevinpollet))
- **[tls]** Support SNI routing with Postgres STARTTLS connections ([#9377](https://github.com/traefik/traefik/pull/9377) by [rtribotte](https://github.com/rtribotte))
- Remove deprecated options ([#9527](https://github.com/traefik/traefik/pull/9527) by [sdelicata](https://github.com/sdelicata))
**Bug fixes:**
- **[logs]** Fix log level ([#9545](https://github.com/traefik/traefik/pull/9545) by [ldez](https://github.com/ldez))
- **[metrics]** Fix ServerUp metric ([#9534](https://github.com/traefik/traefik/pull/9534) by [kevinpollet](https://github.com/kevinpollet))
- **[tls,service]** Enforce default servers transport SPIFFE config ([#9444](https://github.com/traefik/traefik/pull/9444) by [jlevesy](https://github.com/jlevesy))
**Documentation:**
- **[metrics]** Update and publish official Grafana Dashboard ([#9493](https://github.com/traefik/traefik/pull/9493) by [mloiseleur](https://github.com/mloiseleur))
**Misc:**
- Merge branch v2.9 into master ([#9554](https://github.com/traefik/traefik/pull/9554) by [ldez](https://github.com/ldez))
- Merge branch v2.9 into master ([#9536](https://github.com/traefik/traefik/pull/9536) by [ldez](https://github.com/ldez))
- Merge branch v2.9 into master ([#9532](https://github.com/traefik/traefik/pull/9532) by [ldez](https://github.com/ldez))
- Merge branch v2.9 into master ([#9482](https://github.com/traefik/traefik/pull/9482) by [kevinpollet](https://github.com/kevinpollet))
- Merge branch v2.9 into master ([#9464](https://github.com/traefik/traefik/pull/9464) by [ldez](https://github.com/ldez))
- Merge branch v2.9 into master ([#9449](https://github.com/traefik/traefik/pull/9449) by [kevinpollet](https://github.com/kevinpollet))
- Merge branch v2.9 into master ([#9419](https://github.com/traefik/traefik/pull/9419) by [kevinpollet](https://github.com/kevinpollet))
- Merge branch v2.9 into master ([#9351](https://github.com/traefik/traefik/pull/9351) by [rtribotte](https://github.com/rtribotte))
## [v2.9.5](https://github.com/traefik/traefik/tree/v2.9.5) (2022-11-17) ## [v2.9.5](https://github.com/traefik/traefik/tree/v2.9.5) (2022-11-17)
[All Commits](https://github.com/traefik/traefik/compare/v2.9.4...v2.9.5) [All Commits](https://github.com/traefik/traefik/compare/v2.9.4...v2.9.5)

2
LICENSE.md
View File

@@ -1,6 +1,6 @@
The MIT License (MIT) The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs Copyright (c) 2016-2020 Containous SAS; 2020-2022 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

2
README.md
View File

@@ -57,7 +57,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
- Provides HTTPS to your microservices by leveraging [Let's Encrypt](https://letsencrypt.org) (wildcard certificates support) - Provides HTTPS to your microservices by leveraging [Let's Encrypt](https://letsencrypt.org) (wildcard certificates support)
- Circuit breakers, retry - Circuit breakers, retry
- See the magic through its clean web UI - See the magic through its clean web UI
- Websocket, HTTP/2, GRPC ready - Websocket, HTTP/2, gRPC ready
- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB) - Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB)
- Keeps access logs (JSON, CLF) - Keeps access logs (JSON, CLF)
- Fast - Fast

2
build.Dockerfile
View File

@@ -1,4 +1,4 @@
FROM golang:1.20-alpine FROM golang:1.19-alpine
RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \ RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
&& update-ca-certificates \ && update-ca-certificates \

89
cmd/traefik/logger.go Normal file
View File

@@ -0,0 +1,89 @@
package main
import (
"io"
stdlog "log"
"os"
"strings"
"time"
"github.com/natefinch/lumberjack"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/sirupsen/logrus"
"github.com/traefik/traefik/v2/pkg/config/static"
"github.com/traefik/traefik/v2/pkg/logs"
)
func init() {
// hide the first logs before the setup of the logger.
zerolog.SetGlobalLevel(zerolog.ErrorLevel)
}
func setupLogger(staticConfiguration *static.Configuration) {
// configure log format
w := getLogWriter(staticConfiguration)
// configure log level
logLevel := getLogLevel(staticConfiguration)
// create logger
logCtx := zerolog.New(w).With().Timestamp()
if logLevel <= zerolog.DebugLevel {
logCtx = logCtx.Caller()
}
log.Logger = logCtx.Logger().Level(logLevel)
zerolog.DefaultContextLogger = &log.Logger
zerolog.SetGlobalLevel(logLevel)
// Global logrus replacement (related to lib like go-rancher-metadata, docker, etc.)
logrus.StandardLogger().Out = logs.NoLevel(log.Logger, zerolog.DebugLevel)
// configure default standard log.
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
stdlog.SetOutput(logs.NoLevel(log.Logger, zerolog.DebugLevel))
}
func getLogWriter(staticConfiguration *static.Configuration) io.Writer {
var w io.Writer = os.Stderr
if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
_, _ = os.Create(staticConfiguration.Log.FilePath)
w = &lumberjack.Logger{
Filename: staticConfiguration.Log.FilePath,
MaxSize: staticConfiguration.Log.MaxSize,
MaxBackups: staticConfiguration.Log.MaxBackups,
MaxAge: staticConfiguration.Log.MaxAge,
Compress: true,
}
}
if staticConfiguration.Log == nil || staticConfiguration.Log.Format != "json" {
w = zerolog.ConsoleWriter{
Out: w,
TimeFormat: time.RFC3339,
NoColor: staticConfiguration.Log != nil && (staticConfiguration.Log.NoColor || len(staticConfiguration.Log.FilePath) > 0),
}
}
return w
}
func getLogLevel(staticConfiguration *static.Configuration) zerolog.Level {
levelStr := "error"
if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
levelStr = strings.ToLower(staticConfiguration.Log.Level)
}
logLevel, err := zerolog.ParseLevel(strings.ToLower(levelStr))
if err != nil {
log.Error().Err(err).
Str("logLevel", levelStr).
Msg("Unspecified or invalid log level, setting the level to default (ERROR)...")
logLevel = zerolog.ErrorLevel
}
return logLevel
}

285
cmd/traefik/traefik.go
View File

@@ -9,7 +9,6 @@ import (
"net/http" "net/http"
"os" "os"
"os/signal" "os/signal"
"path/filepath"
"sort" "sort"
"strings" "strings"
"syscall" "syscall"
@@ -18,7 +17,9 @@ import (
"github.com/coreos/go-systemd/daemon" "github.com/coreos/go-systemd/daemon"
"github.com/go-acme/lego/v4/challenge" "github.com/go-acme/lego/v4/challenge"
gokitmetrics "github.com/go-kit/kit/metrics" gokitmetrics "github.com/go-kit/kit/metrics"
"github.com/rs/zerolog/log"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"github.com/spiffe/go-spiffe/v2/workloadapi"
"github.com/traefik/paerser/cli" "github.com/traefik/paerser/cli"
"github.com/traefik/traefik/v2/cmd" "github.com/traefik/traefik/v2/cmd"
"github.com/traefik/traefik/v2/cmd/healthcheck" "github.com/traefik/traefik/v2/cmd/healthcheck"
@@ -28,12 +29,13 @@ import (
"github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/config/dynamic"
"github.com/traefik/traefik/v2/pkg/config/runtime" "github.com/traefik/traefik/v2/pkg/config/runtime"
"github.com/traefik/traefik/v2/pkg/config/static" "github.com/traefik/traefik/v2/pkg/config/static"
"github.com/traefik/traefik/v2/pkg/log" "github.com/traefik/traefik/v2/pkg/logs"
"github.com/traefik/traefik/v2/pkg/metrics" "github.com/traefik/traefik/v2/pkg/metrics"
"github.com/traefik/traefik/v2/pkg/middlewares/accesslog" "github.com/traefik/traefik/v2/pkg/middlewares/accesslog"
"github.com/traefik/traefik/v2/pkg/provider/acme" "github.com/traefik/traefik/v2/pkg/provider/acme"
"github.com/traefik/traefik/v2/pkg/provider/aggregator" "github.com/traefik/traefik/v2/pkg/provider/aggregator"
"github.com/traefik/traefik/v2/pkg/provider/hub" "github.com/traefik/traefik/v2/pkg/provider/hub"
"github.com/traefik/traefik/v2/pkg/provider/tailscale"
"github.com/traefik/traefik/v2/pkg/provider/traefik" "github.com/traefik/traefik/v2/pkg/provider/traefik"
"github.com/traefik/traefik/v2/pkg/safe" "github.com/traefik/traefik/v2/pkg/safe"
"github.com/traefik/traefik/v2/pkg/server" "github.com/traefik/traefik/v2/pkg/server"
@@ -44,7 +46,6 @@ import (
"github.com/traefik/traefik/v2/pkg/tracing/jaeger" "github.com/traefik/traefik/v2/pkg/tracing/jaeger"
"github.com/traefik/traefik/v2/pkg/types" "github.com/traefik/traefik/v2/pkg/types"
"github.com/traefik/traefik/v2/pkg/version" "github.com/traefik/traefik/v2/pkg/version"
"github.com/vulcand/oxy/v2/roundrobin"
) )
func main() { func main() {
@@ -78,7 +79,7 @@ Complete documentation is available at https://traefik.io`,
err = cli.Execute(cmdTraefik) err = cli.Execute(cmdTraefik)
if err != nil { if err != nil {
stdlog.Println(err) log.Error().Err(err).Msg("Command error")
logrus.Exit(1) logrus.Exit(1)
} }
@@ -86,27 +87,24 @@ Complete documentation is available at https://traefik.io`,
} }
func runCmd(staticConfiguration *static.Configuration) error { func runCmd(staticConfiguration *static.Configuration) error {
configureLogging(staticConfiguration) setupLogger(staticConfiguration)
http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
if err := roundrobin.SetDefaultWeight(0); err != nil {
log.WithoutContext().Errorf("Could not set round robin default weight: %v", err)
}
staticConfiguration.SetEffectiveConfiguration() staticConfiguration.SetEffectiveConfiguration()
if err := staticConfiguration.ValidateConfiguration(); err != nil { if err := staticConfiguration.ValidateConfiguration(); err != nil {
return err return err
} }
log.WithoutContext().Infof("Traefik version %s built on %s", version.Version, version.BuildDate) log.Info().Str("version", version.Version).
Msgf("Traefik version %s built on %s", version.Version, version.BuildDate)
jsonConf, err := json.Marshal(staticConfiguration) jsonConf, err := json.Marshal(staticConfiguration)
if err != nil { if err != nil {
log.WithoutContext().Errorf("Could not marshal static configuration: %v", err) log.Error().Err(err).Msg("Could not marshal static configuration")
log.WithoutContext().Debugf("Static configuration loaded [struct] %#v", staticConfiguration) log.Debug().Interface("staticConfiguration", staticConfiguration).Msg("Static configuration loaded [struct]")
} else { } else {
log.WithoutContext().Debugf("Static configuration loaded %s", string(jsonConf)) log.Debug().RawJSON("staticConfiguration", jsonConf).Msg("Static configuration loaded [json]")
} }
if staticConfiguration.Global.CheckNewVersion { if staticConfiguration.Global.CheckNewVersion {
@@ -131,16 +129,16 @@ func runCmd(staticConfiguration *static.Configuration) error {
sent, err := daemon.SdNotify(false, "READY=1") sent, err := daemon.SdNotify(false, "READY=1")
if !sent && err != nil { if !sent && err != nil {
log.WithoutContext().Errorf("Failed to notify: %v", err) log.Error().Err(err).Msg("Failed to notify")
} }
t, err := daemon.SdWatchdogEnabled(false) t, err := daemon.SdWatchdogEnabled(false)
if err != nil { if err != nil {
log.WithoutContext().Errorf("Could not enable Watchdog: %v", err) log.Error().Err(err).Msg("Could not enable Watchdog")
} else if t != 0 { } else if t != 0 {
// Send a ping each half time given // Send a ping each half time given
t /= 2 t /= 2
log.WithoutContext().Infof("Watchdog activated with timer duration %s", t) log.Info().Msgf("Watchdog activated with timer duration %s", t)
safe.Go(func() { safe.Go(func() {
tick := time.Tick(t) tick := time.Tick(t)
for range tick { for range tick {
@@ -151,17 +149,17 @@ func runCmd(staticConfiguration *static.Configuration) error {
if staticConfiguration.Ping == nil || errHealthCheck == nil { if staticConfiguration.Ping == nil || errHealthCheck == nil {
if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok { if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok {
log.WithoutContext().Error("Fail to tick watchdog") log.Error().Msg("Fail to tick watchdog")
} }
} else { } else {
log.WithoutContext().Error(errHealthCheck) log.Error().Err(errHealthCheck).Send()
} }
} }
}) })
} }
svr.Wait() svr.Wait()
log.WithoutContext().Info("Shutting down") log.Info().Msg("Shutting down")
return nil return nil
} }
@@ -190,6 +188,10 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager, httpChallengeProvider, tlsChallengeProvider) acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager, httpChallengeProvider, tlsChallengeProvider)
// Tailscale
tsProviders := initTailscaleProviders(staticConfiguration, &providerAggregator)
// Entrypoints // Entrypoints
serverEntryPointsTCP, err := server.NewTCPEntryPoints(staticConfiguration.EntryPoints, staticConfiguration.HostResolver) serverEntryPointsTCP, err := server.NewTCPEntryPoints(staticConfiguration.EntryPoints, staticConfiguration.HostResolver)
@@ -202,15 +204,11 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
return nil, err return nil, err
} }
if staticConfiguration.Pilot != nil {
log.WithoutContext().Warn("Traefik Pilot has been removed.")
}
// Plugins // Plugins
pluginBuilder, err := createPluginBuilder(staticConfiguration) pluginBuilder, err := createPluginBuilder(staticConfiguration)
if err != nil { if err != nil {
log.WithoutContext().WithError(err).Error("Plugins are disabled because an error has occurred.") log.Error().Err(err).Msg("Plugins are disabled because an error has occurred.")
} }
// Providers plugins // Providers plugins
@@ -251,7 +249,26 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
// Service manager factory // Service manager factory
roundTripperManager := service.NewRoundTripperManager() var spiffeX509Source *workloadapi.X509Source
if staticConfiguration.Spiffe != nil && staticConfiguration.Spiffe.WorkloadAPIAddr != "" {
log.Info().Str("workloadAPIAddr", staticConfiguration.Spiffe.WorkloadAPIAddr).
Msg("Waiting on SPIFFE SVID delivery")
spiffeX509Source, err = workloadapi.NewX509Source(
ctx,
workloadapi.WithClientOptions(
workloadapi.WithAddr(
staticConfiguration.Spiffe.WorkloadAPIAddr,
),
),
)
if err != nil {
return nil, fmt.Errorf("unable to create SPIFFE x509 source: %w", err)
}
log.Info().Msg("Successfully obtained SPIFFE SVID.")
}
roundTripperManager := service.NewRoundTripperManager(spiffeX509Source)
acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider) acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider)
managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry, roundTripperManager, acmeHTTPHandler) managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry, roundTripperManager, acmeHTTPHandler)
@@ -278,7 +295,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates) tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge() gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
for _, certificate := range tlsManager.GetServerCertificates() { for _, certificate := range tlsManager.GetCertificates() {
appendCertMetric(gauge, certificate) appendCertMetric(gauge, certificate)
} }
}) })
@@ -311,13 +328,22 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
// TLS challenge // TLS challenge
watcher.AddListener(tlsChallengeProvider.ListenConfiguration) watcher.AddListener(tlsChallengeProvider.ListenConfiguration)
// ACME // Certificate Resolvers
resolverNames := map[string]struct{}{} resolverNames := map[string]struct{}{}
// ACME
for _, p := range acmeProviders { for _, p := range acmeProviders {
resolverNames[p.ResolverName] = struct{}{} resolverNames[p.ResolverName] = struct{}{}
watcher.AddListener(p.ListenConfiguration) watcher.AddListener(p.ListenConfiguration)
} }
// Tailscale
for _, p := range tsProviders {
resolverNames[p.ResolverName] = struct{}{}
watcher.AddListener(p.HandleConfigUpdate)
}
// Certificate resolver logs // Certificate resolver logs
watcher.AddListener(func(config dynamic.Configuration) { watcher.AddListener(func(config dynamic.Configuration) {
for rtName, rt := range config.HTTP.Routers { for rtName, rt := range config.HTTP.Routers {
@@ -329,7 +355,8 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
// "traefik-hub" is an allowed certificate resolver name in a Traefik Hub Experimental feature context. // "traefik-hub" is an allowed certificate resolver name in a Traefik Hub Experimental feature context.
// It is used to activate its own certificate resolution, even though it is not a "classical" traefik certificate resolver. // It is used to activate its own certificate resolution, even though it is not a "classical" traefik certificate resolver.
(staticConfiguration.Hub == nil || rt.TLS.CertResolver != "traefik-hub") { (staticConfiguration.Hub == nil || rt.TLS.CertResolver != "traefik-hub") {
log.WithoutContext().Errorf("the router %s uses a non-existent resolver: %s", rtName, rt.TLS.CertResolver) log.Error().Err(err).Str(logs.RouterName, rtName).Str("certificateResolver", rt.TLS.CertResolver).
Msg("Router uses a non-existent certificate resolver")
} }
} }
}) })
@@ -350,8 +377,24 @@ func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvid
func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string { func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string {
var defaultEntryPoints []string var defaultEntryPoints []string
// Determines if at least one EntryPoint is configured to be used by default.
var hasDefinedDefaults bool
for _, ep := range staticConfiguration.EntryPoints {
if ep.AsDefault {
hasDefinedDefaults = true
break
}
}
for name, cfg := range staticConfiguration.EntryPoints { for name, cfg := range staticConfiguration.EntryPoints {
// Traefik Hub entryPoint should not be part of the set of default entryPoints. // By default all entrypoints are considered.
// If at least one is flagged, then only flagged entrypoints are included.
if hasDefinedDefaults && !cfg.AsDefault {
continue
}
// Traefik Hub entryPoint should not be used as a default entryPoint.
if hub.APIEntrypoint == name || hub.TunnelEntrypoint == name { if hub.APIEntrypoint == name || hub.TunnelEntrypoint == name {
continue continue
} }
@@ -359,7 +402,7 @@ func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string
protocol, err := cfg.GetProtocol() protocol, err := cfg.GetProtocol()
if err != nil { if err != nil {
// Should never happen because Traefik should not start if protocol is invalid. // Should never happen because Traefik should not start if protocol is invalid.
log.WithoutContext().Errorf("Invalid protocol: %v", err) log.Error().Err(err).Msg("Invalid protocol")
} }
if protocol != "udp" && name != static.DefaultInternalEntryPointName { if protocol != "udp" && name != static.DefaultInternalEntryPointName {
@@ -382,7 +425,7 @@ func switchRouter(routerFactory *server.RouterFactory, serverEntryPointsTCP serv
} }
} }
// initACMEProvider creates an acme provider from the ACME part of globalConfiguration. // initACMEProvider creates and registers acme.Provider instances corresponding to the configured ACME certificate resolvers.
func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager, httpChallengeProvider, tlsChallengeProvider challenge.Provider) []*acme.Provider { func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager, httpChallengeProvider, tlsChallengeProvider challenge.Provider) []*acme.Provider {
localStores := map[string]*acme.LocalStore{} localStores := map[string]*acme.LocalStore{}
@@ -405,7 +448,7 @@ func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.Pr
} }
if err := providerAggregator.AddProvider(p); err != nil { if err := providerAggregator.AddProvider(p); err != nil {
log.WithoutContext().Errorf("The ACME resolver %q is skipped from the resolvers list because: %v", name, err) log.Error().Err(err).Str("resolver", name).Msg("The ACME resolve is skipped from the resolvers list")
continue continue
} }
@@ -419,6 +462,27 @@ func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.Pr
return resolvers return resolvers
} }
// initTailscaleProviders creates and registers tailscale.Provider instances corresponding to the configured Tailscale certificate resolvers.
func initTailscaleProviders(cfg *static.Configuration, providerAggregator *aggregator.ProviderAggregator) []*tailscale.Provider {
var providers []*tailscale.Provider
for name, resolver := range cfg.CertificatesResolvers {
if resolver.Tailscale == nil {
continue
}
tsProvider := &tailscale.Provider{ResolverName: name}
if err := providerAggregator.AddProvider(tsProvider); err != nil {
log.Error().Err(err).Str(logs.ProviderName, name).Msg("Unable to create Tailscale provider")
continue
}
providers = append(providers, tsProvider)
}
return providers
}
func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry { func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
if metricsConfig == nil { if metricsConfig == nil {
return nil return nil
@@ -427,42 +491,70 @@ func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
var registries []metrics.Registry var registries []metrics.Registry
if metricsConfig.Prometheus != nil { if metricsConfig.Prometheus != nil {
ctx := log.With(context.Background(), log.Str(log.MetricsProviderName, "prometheus")) logger := log.With().Str(logs.MetricsProviderName, "prometheus").Logger()
prometheusRegister := metrics.RegisterPrometheus(ctx, metricsConfig.Prometheus)
prometheusRegister := metrics.RegisterPrometheus(logger.WithContext(context.Background()), metricsConfig.Prometheus)
if prometheusRegister != nil { if prometheusRegister != nil {
registries = append(registries, prometheusRegister) registries = append(registries, prometheusRegister)
log.FromContext(ctx).Debug("Configured Prometheus metrics") logger.Debug().Msg("Configured Prometheus metrics")
} }
} }
if metricsConfig.Datadog != nil { if metricsConfig.Datadog != nil {
ctx := log.With(context.Background(), log.Str(log.MetricsProviderName, "datadog")) logger := log.With().Str(logs.MetricsProviderName, "datadog").Logger()
registries = append(registries, metrics.RegisterDatadog(ctx, metricsConfig.Datadog))
log.FromContext(ctx).Debugf("Configured Datadog metrics: pushing to %s once every %s", registries = append(registries, metrics.RegisterDatadog(logger.WithContext(context.Background()), metricsConfig.Datadog))
metricsConfig.Datadog.Address, metricsConfig.Datadog.PushInterval) logger.Debug().
Str("address", metricsConfig.Datadog.Address).
Str("pushInterval", metricsConfig.Datadog.PushInterval.String()).
Msgf("Configured Datadog metrics")
} }
if metricsConfig.StatsD != nil { if metricsConfig.StatsD != nil {
ctx := log.With(context.Background(), log.Str(log.MetricsProviderName, "statsd")) logger := log.With().Str(logs.MetricsProviderName, "statsd").Logger()
registries = append(registries, metrics.RegisterStatsd(ctx, metricsConfig.StatsD))
log.FromContext(ctx).Debugf("Configured StatsD metrics: pushing to %s once every %s", registries = append(registries, metrics.RegisterStatsd(logger.WithContext(context.Background()), metricsConfig.StatsD))
metricsConfig.StatsD.Address, metricsConfig.StatsD.PushInterval) logger.Debug().
Str("address", metricsConfig.StatsD.Address).
Str("pushInterval", metricsConfig.StatsD.PushInterval.String()).
Msg("Configured StatsD metrics")
} }
if metricsConfig.InfluxDB != nil { if metricsConfig.InfluxDB != nil {
ctx := log.With(context.Background(), log.Str(log.MetricsProviderName, "influxdb")) logger := log.With().Str(logs.MetricsProviderName, "influxdb").Logger()
registries = append(registries, metrics.RegisterInfluxDB(ctx, metricsConfig.InfluxDB))
log.FromContext(ctx).Debugf("Configured InfluxDB metrics: pushing to %s once every %s", registries = append(registries, metrics.RegisterInfluxDB(logger.WithContext(context.Background()), metricsConfig.InfluxDB))
metricsConfig.InfluxDB.Address, metricsConfig.InfluxDB.PushInterval) logger.Debug().
Str("address", metricsConfig.InfluxDB.Address).
Str("pushInterval", metricsConfig.InfluxDB.PushInterval.String()).
Msg("Configured InfluxDB metrics")
} }
if metricsConfig.InfluxDB2 != nil { if metricsConfig.InfluxDB2 != nil {
ctx := log.With(context.Background(), log.Str(log.MetricsProviderName, "influxdb2")) logger := log.With().Str(logs.MetricsProviderName, "influxdb2").Logger()
influxDB2Register := metrics.RegisterInfluxDB2(ctx, metricsConfig.InfluxDB2)
influxDB2Register := metrics.RegisterInfluxDB2(logger.WithContext(context.Background()), metricsConfig.InfluxDB2)
if influxDB2Register != nil { if influxDB2Register != nil {
registries = append(registries, influxDB2Register) registries = append(registries, influxDB2Register)
log.FromContext(ctx).Debugf("Configured InfluxDB v2 metrics: pushing to %s (%s org/%s bucket) once every %s", logger.Debug().
metricsConfig.InfluxDB2.Address, metricsConfig.InfluxDB2.Org, metricsConfig.InfluxDB2.Bucket, metricsConfig.InfluxDB2.PushInterval) Str("address", metricsConfig.InfluxDB2.Address).
Str("bucket", metricsConfig.InfluxDB2.Bucket).
Str("organization", metricsConfig.InfluxDB2.Org).
Str("pushInterval", metricsConfig.InfluxDB2.PushInterval.String()).
Msg("Configured InfluxDB v2 metrics")
}
}
if metricsConfig.OpenTelemetry != nil {
logger := log.With().Str(logs.MetricsProviderName, "openTelemetry").Logger()
openTelemetryRegistry := metrics.RegisterOpenTelemetry(logger.WithContext(context.Background()), metricsConfig.OpenTelemetry)
if openTelemetryRegistry != nil {
registries = append(registries, openTelemetryRegistry)
logger.Debug().
Str("address", metricsConfig.OpenTelemetry.Address).
Str("pushInterval", metricsConfig.OpenTelemetry.PushInterval.String()).
Msg("Configured OpenTelemetry metrics")
} }
} }
@@ -490,7 +582,7 @@ func setupAccessLog(conf *types.AccessLog) *accesslog.Handler {
accessLoggerMiddleware, err := accesslog.NewHandler(conf) accessLoggerMiddleware, err := accesslog.NewHandler(conf)
if err != nil { if err != nil {
log.WithoutContext().Warnf("Unable to create access logger: %v", err) log.Warn().Err(err).Msg("Unable to create access logger")
return nil return nil
} }
@@ -510,7 +602,7 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
if conf.Zipkin != nil { if conf.Zipkin != nil {
if backend != nil { if backend != nil {
log.WithoutContext().Error("Multiple tracing backend are not supported: cannot create Zipkin backend.") log.Error().Msg("Multiple tracing backend are not supported: cannot create Zipkin backend.")
} else { } else {
backend = conf.Zipkin backend = conf.Zipkin
} }
@@ -518,7 +610,7 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
if conf.Datadog != nil { if conf.Datadog != nil {
if backend != nil { if backend != nil {
log.WithoutContext().Error("Multiple tracing backend are not supported: cannot create Datadog backend.") log.Error().Msg("Multiple tracing backend are not supported: cannot create Datadog backend.")
} else { } else {
backend = conf.Datadog backend = conf.Datadog
} }
@@ -526,7 +618,7 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
if conf.Instana != nil { if conf.Instana != nil {
if backend != nil { if backend != nil {
log.WithoutContext().Error("Multiple tracing backend are not supported: cannot create Instana backend.") log.Error().Msg("Multiple tracing backend are not supported: cannot create Instana backend.")
} else { } else {
backend = conf.Instana backend = conf.Instana
} }
@@ -534,7 +626,7 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
if conf.Haystack != nil { if conf.Haystack != nil {
if backend != nil { if backend != nil {
log.WithoutContext().Error("Multiple tracing backend are not supported: cannot create Haystack backend.") log.Error().Msg("Multiple tracing backend are not supported: cannot create Haystack backend.")
} else { } else {
backend = conf.Haystack backend = conf.Haystack
} }
@@ -542,14 +634,22 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
if conf.Elastic != nil { if conf.Elastic != nil {
if backend != nil { if backend != nil {
log.WithoutContext().Error("Multiple tracing backend are not supported: cannot create Elastic backend.") log.Error().Msg("Multiple tracing backend are not supported: cannot create Elastic backend.")
} else { } else {
backend = conf.Elastic backend = conf.Elastic
} }
} }
if conf.OpenTelemetry != nil {
if backend != nil {
log.Error().Msg("Tracing backends are all mutually exclusive: cannot create OpenTelemetry backend.")
} else {
backend = conf.OpenTelemetry
}
}
if backend == nil { if backend == nil {
log.WithoutContext().Debug("Could not initialize tracing, using Jaeger by default") log.Debug().Msg("Could not initialize tracing, using Jaeger by default")
defaultBackend := &jaeger.Config{} defaultBackend := &jaeger.Config{}
defaultBackend.SetDefaults() defaultBackend.SetDefaults()
backend = defaultBackend backend = defaultBackend
@@ -557,65 +657,12 @@ func setupTracing(conf *static.Tracing) *tracing.Tracing {
tracer, err := tracing.NewTracing(conf.ServiceName, conf.SpanNameLimit, backend) tracer, err := tracing.NewTracing(conf.ServiceName, conf.SpanNameLimit, backend)
if err != nil { if err != nil {
log.WithoutContext().Warnf("Unable to create tracer: %v", err) log.Warn().Err(err).Msg("Unable to create tracer")
return nil return nil
} }
return tracer return tracer
} }
func configureLogging(staticConfiguration *static.Configuration) {
// configure default log flags
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
// configure log level
// an explicitly defined log level always has precedence. if none is
// given and debug mode is disabled, the default is ERROR, and DEBUG
// otherwise.
levelStr := "error"
if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
levelStr = strings.ToLower(staticConfiguration.Log.Level)
}
level, err := logrus.ParseLevel(levelStr)
if err != nil {
log.WithoutContext().Errorf("Error getting level: %v", err)
}
log.SetLevel(level)
var logFile string
if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
logFile = staticConfiguration.Log.FilePath
}
// configure log format
var formatter logrus.Formatter
if staticConfiguration.Log != nil && staticConfiguration.Log.Format == "json" {
formatter = &logrus.JSONFormatter{}
} else {
disableColors := len(logFile) > 0
formatter = &logrus.TextFormatter{DisableColors: disableColors, FullTimestamp: true, DisableSorting: true}
}
log.SetFormatter(formatter)
if len(logFile) > 0 {
dir := filepath.Dir(logFile)
if err := os.MkdirAll(dir, 0o755); err != nil {
log.WithoutContext().Errorf("Failed to create log path %s: %s", dir, err)
}
err = log.OpenFile(logFile)
logrus.RegisterExitHandler(func() {
if err := log.CloseFile(); err != nil {
log.WithoutContext().Errorf("Error while closing log: %v", err)
}
})
if err != nil {
log.WithoutContext().Errorf("Error while opening log file %s: %v", logFile, err)
}
}
}
func checkNewVersion() { func checkNewVersion() {
ticker := time.Tick(24 * time.Hour) ticker := time.Tick(24 * time.Hour)
safe.Go(func() { safe.Go(func() {
@@ -626,16 +673,16 @@ func checkNewVersion() {
} }
func stats(staticConfiguration *static.Configuration) { func stats(staticConfiguration *static.Configuration) {
logger := log.WithoutContext() logger := log.Info()
if staticConfiguration.Global.SendAnonymousUsage { if staticConfiguration.Global.SendAnonymousUsage {
logger.Info(`Stats collection is enabled.`) logger.Msg(`Stats collection is enabled.`)
logger.Info(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`) logger.Msg(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
logger.Info(`Help us improve Traefik by leaving this feature on :)`) logger.Msg(`Help us improve Traefik by leaving this feature on :)`)
logger.Info(`More details on: https://doc.traefik.io/traefik/contributing/data-collection/`) logger.Msg(`More details on: https://doc.traefik.io/traefik/contributing/data-collection/`)
collect(staticConfiguration) collect(staticConfiguration)
} else { } else {
logger.Info(` logger.Msg(`
Stats collection is disabled. Stats collection is disabled.
Help us improve Traefik by turning this feature on :) Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/ More details on: https://doc.traefik.io/traefik/contributing/data-collection/
@@ -648,7 +695,7 @@ func collect(staticConfiguration *static.Configuration) {
safe.Go(func() { safe.Go(func() {
for time.Sleep(10 * time.Minute); ; <-ticker { for time.Sleep(10 * time.Minute); ; <-ticker {
if err := collector.Collect(staticConfiguration); err != nil { if err := collector.Collect(staticConfiguration); err != nil {
log.WithoutContext().Debug(err) log.Debug().Err(err).Send()
} }
} }
}) })

77
cmd/traefik/traefik_test.go
View File

@@ -9,6 +9,7 @@ import (
"github.com/go-kit/kit/metrics" "github.com/go-kit/kit/metrics"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/traefik/traefik/v2/pkg/config/static"
) )
// FooCert is a PEM-encoded TLS cert. // FooCert is a PEM-encoded TLS cert.
@@ -114,3 +115,79 @@ func TestAppendCertMetric(t *testing.T) {
}) })
} }
} }
func TestGetDefaultsEntrypoints(t *testing.T) {
testCases := []struct {
desc string
entrypoints static.EntryPoints
expected []string
}{
{
desc: "Skips special names",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
},
"traefik": {
Address: ":8080",
},
"traefikhub-api": {
Address: ":9900",
},
"traefikhub-tunl": {
Address: ":9901",
},
},
expected: []string{"web"},
},
{
desc: "Two EntryPoints not attachable",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
},
"websecure": {
Address: ":443",
},
},
expected: []string{"web", "websecure"},
},
{
desc: "Two EntryPoints only one attachable",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
},
"websecure": {
Address: ":443",
AsDefault: true,
},
},
expected: []string{"websecure"},
},
{
desc: "Two attachable EntryPoints",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
AsDefault: true,
},
"websecure": {
Address: ":443",
AsDefault: true,
},
},
expected: []string{"web", "websecure"},
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
actual := getDefaultsEntrypoints(&static.Configuration{
EntryPoints: test.entrypoints,
})
assert.ElementsMatch(t, test.expected, actual)
})
}
}

2513
contrib/grafana/traefik-kubernetes.json
View File

File diff suppressed because it is too large Load Diff

2272
contrib/grafana/traefik.json
View File

File diff suppressed because it is too large Load Diff

BIN
docs/content/assets/img/middleware/ipwhitelist.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 58 KiB

1
docs/content/contributing/submitting-pull-requests.md
View File

@@ -56,7 +56,6 @@ Merging a PR requires the following steps to be completed before it is merged au
* Do not open the PR from an organization repository. * Do not open the PR from an organization repository.
* Keep "allows edit from maintainer" checked. * Keep "allows edit from maintainer" checked.
* Use semantic line breaks for documentation. * Use semantic line breaks for documentation.
* Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
* Pass the validation check. * Pass the validation check.
* Pass all tests. * Pass all tests.
* Receive 3 approving reviews maintainers. * Receive 3 approving reviews maintainers.

25
docs/content/deprecation/features.md
View File

@@ -2,27 +2,4 @@
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation. This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
| Feature | Deprecated | End of Support | Removal | There is no feature deprecation in Traefik v3 for now.
|-------------------------------------------------------------|------------|----------------|---------|
| [Pilot](#pilot) | 2.7 | 2.8 | 2.9 |
| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 |
| [TLS 1.0 and 1.1 Support](#tls-10-and-11) | N/A | 2.8 | N/A |
## Impact
### Pilot
Metrics will continue to function normally up to 2.8, when they will be disabled.
In 2.9, the Pilot platform and all Traefik integration code will be permanently removed.
Starting on 2.7 the pilot token will not be a requirement anymore for plugins.
Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from Pilot.
### Consul Enterprise Namespace
Starting on 2.8 the `namespace` option of Consul and Consul Catalog providers is deprecated,
please use the `namespaces` options instead.
### TLS 1.0 and 1.1
Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2. Of course, it can still be overridden with custom configuration.

2
docs/content/getting-started/configuration-overview.md
View File

@@ -79,7 +79,7 @@ traefik --help
# or # or
docker run traefik[:version] --help docker run traefik[:version] --help
# ex: docker run traefik:v2.9 --help # ex: docker run traefik:v3.0 --help
``` ```
All available arguments can also be found [here](../reference/static-configuration/cli.md). All available arguments can also be found [here](../reference/static-configuration/cli.md).

20
docs/content/getting-started/faq.md
View File

@@ -181,23 +181,3 @@ and the message should help in figuring out the mistake(s) in the configuration,
When using the file provider, When using the file provider,
one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json). one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail?
If you're trying to renew wildcard certificates, with DNS challenge,
and you're getting errors such as:
```txt
msg="Error renewing certificate from LE: {example.com [*.example.com]}"
providerName=letsencrypt.acme error="error: one or more domains had a problem:
[example.com] acme: error presenting token: gandiv5: unexpected authZone example.com. for fqdn example.com."
```
then it could be due to `CNAME` support.
In which case, you should make sure your infrastructure is properly set up for a
`DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with:
```bash
LEGO_DISABLE_CNAME_SUPPORT=true
```

4
docs/content/getting-started/install-traefik.md
View File

@@ -21,7 +21,7 @@ Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and
```bash ```bash
docker run -d -p 8080:8080 -p 80:80 \ docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.9 -v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.0
``` ```
For more details, go to the [Docker provider documentation](../providers/docker.md) For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,7 +29,7 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip !!! tip
* Prefer a fixed version than the latest that could be an unexpected version. * Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v2.9` ex: `traefik:v3.0`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine). * Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image. * Any orchestrator using docker images can fetch the official Traefik docker image.

2
docs/content/getting-started/quick-start-with-kubernetes.md
View File

@@ -130,7 +130,7 @@ spec:
serviceAccountName: traefik-account serviceAccountName: traefik-account
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.9 image: traefik:v3.0
args: args:
- --api.insecure - --api.insecure
- --providers.kubernetesingress - --providers.kubernetesingress

2
docs/content/getting-started/quick-start.md
View File

@@ -20,7 +20,7 @@ version: '3'
services: services:
reverse-proxy: reverse-proxy:
# The official v2 Traefik docker image # The official v2 Traefik docker image
image: traefik:v2.9 image: traefik:v3.0
# Enables the web UI and tells Traefik to listen to docker # Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker command: --api.insecure=true --providers.docker
ports: ports:

247
docs/content/https/acme.md
View File

@@ -11,11 +11,7 @@ Automatic HTTPS
You can configure Traefik to use an ACME provider (like Let's Encrypt) for automatic certificate generation. You can configure Traefik to use an ACME provider (like Let's Encrypt) for automatic certificate generation.
!!! warning "Let's Encrypt and Rate Limiting" !!! warning "Let's Encrypt and Rate Limiting"
Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to __one week__, and can not be overridden. Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits).
When running Traefik in a container this file should be persisted across restarts.
If Traefik requests new certificates each time it starts up, a crash-looping container can quickly reach Let's Encrypt's ratelimits.
To configure where certificates are stored, please take a look at the [storage](#storage) configuration.
Use Let's Encrypt staging server with the [`caServer`](#caserver) configuration option Use Let's Encrypt staging server with the [`caServer`](#caserver) configuration option
when experimenting to avoid hitting this limit too fast. when experimenting to avoid hitting this limit too fast.
@@ -283,19 +279,8 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
# ... # ...
``` ```
!!! warning "`CNAME` support" !!! important
A `provider` is mandatory.
`CNAME` are supported (and sometimes even [encouraged](https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname)),
but there are a few cases where they can be [problematic](../../getting-started/faq/#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).
If needed, `CNAME` support can be disabled with the following environment variable:
```bash
LEGO_DISABLE_CNAME_SUPPORT=true
```
!!! important
A `provider` is mandatory.
#### `providers` #### `providers`
@@ -308,121 +293,117 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
For complete details, refer to your provider's _Additional configuration_ link. For complete details, refer to your provider's _Additional configuration_ link.
| Provider Name | Provider Code | Environment Variables | | | Provider Name | Provider Code | Environment Variables | |
|------------------------------------------------------------------------|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------| |----------------------------------------------------------------------------------------------------|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) | | [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) | | [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) | | [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) | | [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) | | [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) | | [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) | | [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) | | [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) | | [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) | | [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [Civo](https://www.civo.com/) | `civo` | `CIVO_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/civo) | | [Civo](https://www.civo.com/) | `civo` | `CIVO_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/civo) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) | | [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) | | [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) | | [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) | | [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) | | [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) | | [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) | | [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) | | [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) | | [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [dnsHome.de](https://www.dnshome.de) | `dnsHomede` | `DNSHOMEDE_CREDENTIALS` | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede) | | [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) | | [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) | | [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) | | [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) | | [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) | | [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) | | [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) | | [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) | | [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) | | [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) | | [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) | | [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) | | [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) | | [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) | | [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) | | [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) | | [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) | | [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) | | [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [GoDaddy](https://www.godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) | | [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) | | [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) | | [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) | | [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) | | [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) | | [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) | | [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) | | [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) |
| [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) | | [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) | | [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) | | [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) | | [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) | | [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) | | [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) | | [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) | | [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) | | [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Liara](https://liara.ir) | `liara` | `LIARA_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/liara) | | [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) | | [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) | | [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) | | [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) | | [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) | | [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) | | [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) | | [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) | | [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) | | [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/) | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN` | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) | | [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/) | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN` | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) | | [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) | | [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) | | [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) | | [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) | | [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) | | [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) | | [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) | | [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) | | [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) | | [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) | | [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) | | [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) | | [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) | | [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) | | [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) | | [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) | | [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) | | [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) | | [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) | | [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) | | [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) | | [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) | | [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) | | [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) | | [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) | | [UKFast SafeDNS](https://www.ans.co.uk/cloud-and-infrastructure/dedicated-servers/dns-management/) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) | | [Variomedia](https://www.variomedia.de/) | `variomedia` | `VARIOMEDIA_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia) |
| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) | | [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Ultradns](https://neustarsecurityservices.com/dns-services) | `ultradns` | `ULTRADNS_USERNAME`, `ULTRADNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/ultradns) | | [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) |
| [Variomedia](https://www.variomedia.de/) | `variomedia` | `VARIOMEDIA_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia) | | [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) | | [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) | | [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) | | [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) | | [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) | | [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) | | [Yandex Cloud](https://cloud.yandex.com/en/) | `yandexcloud` | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) | | [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Websupport](https://websupport.sk) | `websupport` | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/websupport) | | [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) | | [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| [Yandex Cloud](https://cloud.yandex.com/en/) | `yandexcloud` | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud) | | External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) | | HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) | | manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
[^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/). [^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
[^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production). [^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).

54
docs/content/https/spiffe.md Normal file
View File

@@ -0,0 +1,54 @@
---
title: "Traefik SPIFFE Documentation"
description: "Learn how to configure Traefik to use SPIFFE. Read the technical documentation."
---
# SPIFFE
Secure the backend connection with SPIFFE.
{: .subtitle }
[SPIFFE](https://spiffe.io/docs/latest/spiffe-about/overview/) (Secure Production Identity Framework For Everyone),
provides a secure identity in the form of a specially crafted X.509 certificate,
to every workload in an environment.
Traefik is able to connect to the Workload API to obtain an x509-SVID used to secure the connection with SPIFFE enabled backends.
## Configuration
### General
Enabling SPIFFE is part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
It can be defined by using a file (YAML or TOML) or CLI arguments.
### Workload API
The `workloadAPIAddr` configuration defines the address of the SPIFFE [Workload API](https://spiffe.io/docs/latest/spiffe-about/spiffe-concepts/#spiffe-workload-api).
!!! info "Enabling SPIFFE in ServersTransports"
Enabling SPIFFE does not imply that backend connections are going to use it automatically.
Each [ServersTransport](../routing/services/index.md#serverstransport_1) that is meant to be secured with SPIFFE must [explicitly](../routing/services/index.md#spiffe) enable it.
!!! warning "SPIFFE can cause Traefik to stall"
When using SPIFFE,
Traefik will wait for the first SVID to be delivered before starting.
If Traefik is hanging when waiting on SPIFFE SVID delivery,
please double check that it is correctly registered as workload in your SPIFFE infrastructure.
```yaml tab="File (YAML)"
## Static configuration
spiffe:
workloadAPIAddr: localhost
```
```toml tab="File (TOML)"
## Static configuration
[spiffe]
workloadAPIAddr: localhost
```
```bash tab="CLI"
## Static configuration
--spiffe.workloadAPIAddr=localhost
```

237
docs/content/https/tailscale.md Normal file
View File

@@ -0,0 +1,237 @@
---
title: "Traefik Tailscale Documentation"
description: "Learn how to configure Traefik Proxy to resolve TLS certificates for your Tailscale services. Read the technical documentation."
---
# Tailscale
Provision TLS certificates for your internal Tailscale services.
{: .subtitle }
To protect a service with TLS, a certificate from a public Certificate Authority is needed.
In addition to its vpn role, Tailscale can also [provide certificates](https://tailscale.com/kb/1153/enabling-https/) for the machines in your Tailscale network.
## Certificate resolvers
To obtain a TLS certificate from the Tailscale daemon,
a Tailscale certificate resolver needs to be configured as below.
!!! info "Referencing a certificate resolver"
Defining a certificate resolver does not imply that routers are going to use it automatically.
Each router or entrypoint that is meant to use the resolver must explicitly [reference](../routing/routers/index.md#certresolver) it.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
tailscale: {}
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.tailscale]
```
```bash tab="CLI"
--certificatesresolvers.myresolver.tailscale=true
```
## Domain Definition
A certificate resolver requests certificates for a set of domain names inferred from routers, according to the following:
- If the router has a [`tls.domains`](../routing/routers/index.md#domains) option set,
then the certificate resolver derives this router domain name from the `main` option of `tls.domains`.
- Otherwise, the certificate resolver derives the domain name from any `Host()` or `HostSNI()` matchers
in the [router's rule](../routing/routers/index.md#rule).
!!! info "Tailscale Domain Format"
The domain is only taken into account if it is a Tailscale-specific one,
i.e. of the form `machine-name.domains-alias.ts.net`.
## Configuration Example
!!! example "Enabling Tailscale certificate resolution"
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
myresolver:
tailscale: {}
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.tailscale]
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.tailscale=true
```
!!! example "Domain from Router's Rule Example"
```yaml tab="Docker"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```yaml tab="Docker (Swarm)"
## Dynamic configuration
deploy:
labels:
- traefik.http.routers.blog.rule=Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blogtls
spec:
entryPoints:
- websecure
routes:
- match: Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
kind: Rule
services:
- name: blog
port: 8080
tls:
certResolver: myresolver
```
```json tab="Marathon"
labels: {
"traefik.http.routers.blog.rule": "Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)",
"traefik.http.routers.blog.tls.certresolver": "myresolver",
}
```
```yaml tab="Rancher"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
blog:
rule: "Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)"
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
!!! example "Domain from Router's tls.domain Example"
```yaml tab="Docker"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=monitoring.yak-bebop.ts.net
```
```yaml tab="Docker (Swarm)"
## Dynamic configuration
deploy:
labels:
- traefik.http.routers.blog.rule=Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=monitoring.yak-bebop.ts.net
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: blogtls
spec:
entryPoints:
- websecure
routes:
- match: Path(`/metrics`)
kind: Rule
services:
- name: blog
port: 8080
tls:
certResolver: myresolver
domains:
- main: monitoring.yak-bebop.ts.net
```
```json tab="Marathon"
labels: {
"traefik.http.routers.blog.rule": "Path(`/metrics`)",
"traefik.http.routers.blog.tls.certresolver": "myresolver",
"traefik.http.routers.blog.tls.domains[0].main": "monitoring.yak-bebop.ts.net",
}
```
```yaml tab="Rancher"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=monitoring.yak-bebop.ts.net
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
blog:
rule: "Path(`/metrics`)"
tls:
certResolver: myresolver
domains:
- main: "monitoring.yak-bebop.ts.net"
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Path(`/metrics`)"
[http.routers.blog.tls]
certResolver = "myresolver"
[[http.routers.blog.tls.domains]]
main = "monitoring.yak-bebop.ts.net"
```
## Automatic Renewals
Traefik automatically tracks the expiry date of each Tailscale certificate it fetches,
and starts to renew a certificate 14 days before its expiry to match Tailscale daemon renew policy.

16
docs/content/middlewares/http/chain.md
View File

@@ -15,7 +15,7 @@ It makes reusing the same groups easier.
## Configuration Example ## Configuration Example
Below is an example of a Chain containing `WhiteList`, `BasicAuth`, and `RedirectScheme`. Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
@@ -25,7 +25,7 @@ labels:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@@ -80,7 +80,7 @@ kind: Middleware
metadata: metadata:
name: known-ips name: known-ips
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 192.168.1.7 - 192.168.1.7
- 127.0.0.1/32 - 127.0.0.1/32
@@ -93,7 +93,7 @@ spec:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@@ -105,7 +105,7 @@ spec:
"traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users", "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
"traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"traefik.http.middlewares.https-only.redirectscheme.scheme": "https", "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
"traefik.http.middlewares.known-ips.ipwhitelist.sourceRange": "192.168.1.7,127.0.0.1/32", "traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32",
"traefik.http.services.service1.loadbalancer.server.port": "80" "traefik.http.services.service1.loadbalancer.server.port": "80"
} }
``` ```
@@ -118,7 +118,7 @@ labels:
- "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users" - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
- "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/" - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "traefik.http.middlewares.https-only.redirectscheme.scheme=https" - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
- "traefik.http.middlewares.known-ips.ipwhitelist.sourceRange=192.168.1.7,127.0.0.1/32" - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
- "traefik.http.services.service1.loadbalancer.server.port=80" - "traefik.http.services.service1.loadbalancer.server.port=80"
``` ```
@@ -150,7 +150,7 @@ http:
scheme: https scheme: https
known-ips: known-ips:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "192.168.1.7" - "192.168.1.7"
- "127.0.0.1/32" - "127.0.0.1/32"
@@ -180,7 +180,7 @@ http:
[http.middlewares.https-only.redirectScheme] [http.middlewares.https-only.redirectScheme]
scheme = "https" scheme = "https"
[http.middlewares.known-ips.ipWhiteList] [http.middlewares.known-ips.ipAllowList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"] sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services] [http.services]

42
docs/content/middlewares/http/compress.md
View File

@@ -5,23 +5,24 @@ description: "Traefik Proxy's HTTP middleware lets you compress responses before
# Compress # Compress
Compress Responses before Sending them to the Client Compress Allows Compressing Responses before Sending them to the Client
{: .subtitle } {: .subtitle }
![Compress](../../assets/img/middleware/compress.png) ![Compress](../../assets/img/middleware/compress.png)
The Compress middleware uses gzip compression. The Compress middleware supports gzip and Brotli compression.
The activation of compression, and the compression method choice rely (among other things) on the request's `Accept-Encoding` header.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Enable gzip compression # Enable compression
labels: labels:
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
# Enable gzip compression # Enable compression
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
@@ -31,7 +32,7 @@ spec:
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Enable gzip compression # Enable compression
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
@@ -42,13 +43,13 @@ spec:
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Enable gzip compression # Enable compression
labels: labels:
- "traefik.http.middlewares.test-compress.compress=true" - "traefik.http.middlewares.test-compress.compress=true"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Enable gzip compression # Enable compression
http: http:
middlewares: middlewares:
test-compress: test-compress:
@@ -56,7 +57,7 @@ http:
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Enable gzip compression # Enable compression
[http.middlewares] [http.middlewares]
[http.middlewares.test-compress.compress] [http.middlewares.test-compress.compress]
``` ```
@@ -65,23 +66,34 @@ http:
Responses are compressed when the following criteria are all met: Responses are compressed when the following criteria are all met:
* The response body is larger than the configured minimum amount of bytes (default is `1024`). * The `Accept-Encoding` request header contains `gzip`, `*`, and/or `br` with or without [quality values](https://developer.mozilla.org/en-US/docs/Glossary/Quality_values).
* The `Accept-Encoding` request header contains `gzip`. If the `Accept-Encoding` request header is absent, it is meant as br compression is requested.
If it is present, but its value is the empty string, then compression is disabled.
* The response is not already compressed, i.e. the `Content-Encoding` response header is not already set. * The response is not already compressed, i.e. the `Content-Encoding` response header is not already set.
* The response`Content-Type` header is not one among the [excludedContentTypes options](#excludedcontenttypes).
If the `Content-Type` header is not defined, or empty, the compress middleware will automatically [detect](https://mimesniff.spec.whatwg.org/) a content type. * The response body is larger than the [configured minimum amount of bytes](#minresponsebodybytes) (default is `1024`).
It will also set the `Content-Type` header according to the detected MIME type.
## Configuration Options ## Configuration Options
### `excludedContentTypes` ### `excludedContentTypes`
_Optional, Default=""_
`excludedContentTypes` specifies a list of content types to compare the `Content-Type` header of the incoming requests and responses before compressing. `excludedContentTypes` specifies a list of content types to compare the `Content-Type` header of the incoming requests and responses before compressing.
The responses with content types defined in `excludedContentTypes` are not compressed. The responses with content types defined in `excludedContentTypes` are not compressed.
Content types are compared in a case-insensitive, whitespace-ignored manner. Content types are compared in a case-insensitive, whitespace-ignored manner.
!!! info "In the case of gzip"
If the `Content-Type` header is not defined, or empty, the compress middleware will automatically [detect](https://mimesniff.spec.whatwg.org/) a content type.
It will also set the `Content-Type` header according to the detected MIME type.
!!! info "gRPC"
Note that `application/grpc` is never compressed.
```yaml tab="Docker" ```yaml tab="Docker"
labels: labels:
- "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream" - "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream"
@@ -130,9 +142,9 @@ http:
### `minResponseBodyBytes` ### `minResponseBodyBytes`
`minResponseBodyBytes` specifies the minimum amount of bytes a response body must have to be compressed. _Optional, Default=1024_
The default value is `1024`, which should be a reasonable value for most cases. `minResponseBodyBytes` specifies the minimum amount of bytes a response body must have to be compressed.
Responses smaller than the specified values will not be compressed. Responses smaller than the specified values will not be compressed.

57
docs/content/middlewares/http/contenttype.md
View File

@@ -1,6 +1,6 @@
--- ---
title: "Traefik ContentType Documentation" title: "Traefik ContentType Documentation"
description: "Traefik Proxy's HTTP middleware can automatically specify the content-type header if it has not been defined by the backend. Read the technical documentation." description: "Traefik Proxy's HTTP middleware automatically sets the `Content-Type` header value when it is not set by the backend. Read the technical documentation."
--- ---
# ContentType # ContentType
@@ -8,84 +8,59 @@ description: "Traefik Proxy's HTTP middleware can automatically specify the cont
Handling Content-Type auto-detection Handling Content-Type auto-detection
{: .subtitle } {: .subtitle }
The Content-Type middleware - or rather its `autoDetect` option - The Content-Type middleware sets the `Content-Type` header value to the media type detected from the response content,
specifies whether to let the `Content-Type` header, when it is not set by the backend.
if it has not been defined by the backend,
be automatically set to a value derived from the contents of the response.
As a proxy, the default behavior should be to leave the header alone,
regardless of what the backend did with it.
However, the historic default was to always auto-detect and set the header if it was not already defined,
and altering this behavior would be a breaking change which would impact many users.
This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
!!! info !!! info
As explained above, for compatibility reasons the default behavior on a router (without this middleware),
is still to automatically set the `Content-Type` header.
Therefore, given the default value of the `autoDetect` option (false),
simply enabling this middleware for a router switches the router's behavior.
The scope of the Content-Type middleware is the MIME type detection done by the core of Traefik (the server part). The scope of the Content-Type middleware is the MIME type detection done by the core of Traefik (the server part).
Therefore, it has no effect against any other `Content-Type` header modifications (e.g.: in another middleware such as compress). Therefore, it has no effect against any other `Content-Type` header modifications (e.g.: in another middleware such as compress).
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Disable auto-detection # Enable auto-detection
labels: labels:
- "traefik.http.middlewares.autodetect.contenttype.autodetect=false" - "traefik.http.middlewares.autodetect.contenttype=true"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
# Disable auto-detection # Enable auto-detection
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: autodetect name: autodetect
spec: spec:
contentType: contentType: {}
autoDetect: false
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Disable auto-detection # Enable auto-detection
- "traefik.http.middlewares.autodetect.contenttype.autodetect=false" - "traefik.http.middlewares.autodetect.contenttype=true"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.autodetect.contenttype.autodetect": "false" "traefik.http.middlewares.autodetect.contenttype": "true"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Disable auto-detection # Enable auto-detection
labels: labels:
- "traefik.http.middlewares.autodetect.contenttype.autodetect=false" - "traefik.http.middlewares.autodetect.contenttype=true"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Disable auto-detection # Enable auto-detection
http: http:
middlewares: middlewares:
autodetect: autodetect:
contentType: contentType: {}
autoDetect: false
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Disable auto-detection # Enable auto-detection
[http.middlewares] [http.middlewares]
[http.middlewares.autodetect.contentType] [http.middlewares.autodetect.contentType]
autoDetect=false ```
```
## Configuration Options
### `autoDetect`
`autoDetect` specifies whether to let the `Content-Type` header,
if it has not been set by the backend,
be automatically set to a value derived from the contents of the response.

77
docs/content/middlewares/http/grpcweb.md Normal file
View File

@@ -0,0 +1,77 @@
---
title: "Traefik GrpcWeb Documentation"
description: "In Traefik Proxy's HTTP middleware, GrpcWeb converts a gRPC Web requests to HTTP/2 gRPC requests. Read the technical documentation."
---
# GrpcWeb
Converting gRPC Web requests to HTTP/2 gRPC requests.
{: .subtitle }
The GrpcWeb middleware converts gRPC Web requests to HTTP/2 gRPC requests before forwarding them to the backends.
!!! tip
Please note, that Traefik needs to communicate using gRPC with the backends (h2c or HTTP/2 over TLS).
Check out the [gRPC](../../user-guides/grpc.md) user guide for more details.
## Configuration Examples
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-grpcweb.grpcweb.allowOrigins=*"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-grpcweb
spec:
grpcWeb:
allowOrigins:
- "*"
```
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-grpcweb.grpcWeb.allowOrigins=*"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins": "*"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins=*"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-grpcweb:
grpcWeb:
allowOrigins:
- "*"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-grpcweb.grpcWeb]
allowOrigins = ["*"]
```
## Configuration Options
### `allowOrigins`
The `allowOrigins` contains the list of allowed origins.
A wildcard origin `*` can also be configured to match all requests.
More information including how to use the settings can be found at:
- [Mozilla.org](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin)
- [w3](https://fetch.spec.whatwg.org/#http-access-control-allow-origin)
- [IETF](https://tools.ietf.org/html/rfc6454#section-7.1)

40
docs/content/middlewares/http/headers.md
View File

@@ -364,43 +364,11 @@ The `allowedHosts` option lists fully qualified domain names that are allowed.
The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request. The `hostsProxyHeaders` option is a set of header keys that may hold a proxied hostname value for the request.
### `sslRedirect`
!!! warning
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
The `sslRedirect` only allow HTTPS requests when set to `true`.
### `sslTemporaryRedirect`
!!! warning
Deprecated in favor of [EntryPoint redirection](../../routing/entrypoints.md#redirection) or the [RedirectScheme middleware](./redirectscheme.md).
Set `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302 (instead of a 301).
### `sslHost`
!!! warning
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
The `sslHost` option is the host name that is used to redirect HTTP requests to HTTPS.
### `sslProxyHeaders` ### `sslProxyHeaders`
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request. The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid HTTPS request.
It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).
### `sslForceHost`
!!! warning
Deprecated in favor of the [RedirectRegex middleware](./redirectregex.md).
Set `sslForceHost` to `true` and set `sslHost` to force requests to use `SSLHost` regardless of whether they already use SSL.
### `stsSeconds` ### `stsSeconds`
The `stsSeconds` is the max-age of the `Strict-Transport-Security` header. The `stsSeconds` is the max-age of the `Strict-Transport-Security` header.
@@ -452,14 +420,6 @@ The `publicKey` implements HPKP to prevent MITM attacks with forged certificates
The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites. The `referrerPolicy` allows sites to control whether browsers forward the `Referer` header to other sites.
### `featurePolicy`
!!! warning
Deprecated in favor of `permissionsPolicy`
The `featurePolicy` allows sites to control browser features.
### `permissionsPolicy` ### `permissionsPolicy`
The `permissionsPolicy` allows sites to control browser features. The `permissionsPolicy` allows sites to control browser features.

2
docs/content/middlewares/http/inflightreq.md
View File

@@ -127,8 +127,6 @@ If none are set, the default is to use the `requestHost`.
The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`. The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
!!! important "As a middleware, InFlightReq happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through the middleware. Therefore, during InFlightReq, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be used and/or relied upon."
##### `ipStrategy.depth` ##### `ipStrategy.depth`
The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right). The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right).

95
docs/content/middlewares/http/ipwhitelist.md → docs/content/middlewares/http/ipallowlist.md
View File

@@ -1,32 +1,30 @@
--- ---
title: "Traefik HTTP Middlewares IPWhiteList" title: "Traefik HTTP Middlewares IPAllowList"
description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
--- ---
# IPWhiteList # IPAllowList
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
![IpWhiteList](../../assets/img/middleware/ipwhitelist.png) IPAllowList accepts / refuses requests based on the client IP.
IPWhitelist accepts / refuses requests based on the client IP.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@@ -34,27 +32,27 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Accepts request from defined IP # Accepts request from defined IP
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Accepts request from defined IP # Accepts request from defined IP
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@@ -63,7 +61,7 @@ http:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Accepts request from defined IP # Accepts request from defined IP
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
``` ```
@@ -75,10 +73,7 @@ The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using
### `ipStrategy` ### `ipStrategy`
The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`. The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.
If no strategy is set, the default behavior is to match `sourceRange` against the Remote address found in the request.
!!! important "As a middleware, whitelisting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through whitelisting. Therefore, during whitelisting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be matched against `sourceRange`."
#### `ipStrategy.depth` #### `ipStrategy.depth`
@@ -89,7 +84,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
!!! example "Examples of Depth & X-Forwarded-For" !!! example "Examples of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`). If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
| `X-Forwarded-For` | `depth` | clientIP | | `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------| |-----------------------------------------|---------|--------------|
@@ -98,20 +93,20 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
```yaml tab="Docker" ```yaml tab="Docker"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@@ -120,31 +115,31 @@ spec:
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7", "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth": "2" "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.depth=2" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@@ -153,11 +148,11 @@ http:
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Whitelisting Based on `X-Forwarded-For` with `depth=2` # Allowlisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
depth = 2 depth = 2
``` ```
@@ -180,7 +175,7 @@ http:
```yaml tab="Docker" ```yaml tab="Docker"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
@@ -188,9 +183,9 @@ labels:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: Middleware kind: Middleware
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- 127.0.0.1/32 - 127.0.0.1/32
@@ -199,27 +194,27 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7" "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
labels: labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7" - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
http: http:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
ipStrategy: ipStrategy:
excludedIPs: excludedIPs:
- "127.0.0.1/32" - "127.0.0.1/32"
@@ -229,7 +224,7 @@ http:
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For` # Exclude from `X-Forwarded-For`
[http.middlewares] [http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList] [http.middlewares.test-ipallowlist.ipAllowList]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy] [http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"] excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
``` ```

2
docs/content/middlewares/http/overview.md
View File

@@ -142,7 +142,7 @@ http:
| [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle | | [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication | | [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication |
| [Headers](headers.md) | Adds / Updates headers | Security | | [Headers](headers.md) | Adds / Updates headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limits the allowed client IPs | Security, Request lifecycle | | [IPAllowList](ipallowlist.md) | Limits the allowed client IPs | Security, Request lifecycle |
| [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle | | [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security | | [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle | | [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle |

4
docs/content/middlewares/http/ratelimit.md
View File

@@ -10,8 +10,6 @@ To Control the Number of Requests Going to a Service
The RateLimit middleware ensures that services will receive a _fair_ amount of requests, and allows one to define what fair is. The RateLimit middleware ensures that services will receive a _fair_ amount of requests, and allows one to define what fair is.
It is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) implementation. In this analogy, the [average](#average) parameter (defined below) is the rate at which the bucket refills, and the [burst](#burst) is the size (volume) of the bucket.
## Configuration Example ## Configuration Example
```yaml tab="Docker" ```yaml tab="Docker"
@@ -264,8 +262,6 @@ If none are set, the default is to use the request's remote address field (as an
The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`. The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
!!! important "As a middleware, rate-limiting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through rate-limiting. Therefore, during rate-limiting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be found and/or relied upon."
##### `ipStrategy.depth` ##### `ipStrategy.depth`
The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right). The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right).

82
docs/content/middlewares/http/stripprefix.md
View File

@@ -88,85 +88,3 @@ For instance, `/products` also matches `/products/shoes` and `/products/shirts`.
If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs. If your backend is serving assets (e.g., images or JavaScript files), it can use the `X-Forwarded-Prefix` header to properly construct relative URLs.
Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend). Using the previous example, the backend should return `/products/shoes/image.png` (and not `/image.png`, which Traefik would likely not be able to associate with the same backend).
### `forceSlash`
_Optional, Default=true_
The `forceSlash` option ensures the resulting stripped path is not the empty string, by replacing it with `/` when necessary.
This option was added to keep the initial (non-intuitive) behavior of this middleware, in order to avoid introducing a breaking change.
It is recommended to explicitly set `forceSlash` to `false`.
??? info "Behavior examples"
- `forceSlash=true`
| Path | Prefix to strip | Result |
|------------|-----------------|--------|
| `/` | `/` | `/` |
| `/foo` | `/foo` | `/` |
| `/foo/` | `/foo` | `/` |
| `/foo/` | `/foo/` | `/` |
| `/bar` | `/foo` | `/bar` |
| `/foo/bar` | `/foo` | `/bar` |
- `forceSlash=false`
| Path | Prefix to strip | Result |
|------------|-----------------|--------|
| `/` | `/` | empty |
| `/foo` | `/foo` | empty |
| `/foo/` | `/foo` | `/` |
| `/foo/` | `/foo/` | empty |
| `/bar` | `/foo` | `/bar` |
| `/foo/bar` | `/foo` | `/bar` |
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: example
spec:
stripPrefix:
prefixes:
- "/foobar"
forceSlash: false
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.example.stripprefix.prefixes": "/foobar",
"traefik.http.middlewares.example.stripprefix.forceSlash": "false"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
- "traefik.http.middlewares.example.stripprefix.forceSlash=false"
```
```yaml tab="File (YAML)"
http:
middlewares:
example:
stripPrefix:
prefixes:
- "/foobar"
forceSlash: false
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.example.stripPrefix]
prefixes = ["/foobar"]
forceSlash = false
```

26
docs/content/middlewares/tcp/ipwhitelist.md → docs/content/middlewares/tcp/ipallowlist.md
View File

@@ -1,30 +1,30 @@
--- ---
title: "Traefik TCP Middlewares IPWhiteList" title: "Traefik TCP Middlewares IPAllowList"
description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
--- ---
# IPWhiteList # IPAllowList
Limiting Clients to Specific IPs Limiting Clients to Specific IPs
{: .subtitle } {: .subtitle }
IPWhitelist accepts / refuses connections based on the client IP. IPAllowList accepts / refuses connections based on the client IP.
## Configuration Examples ## Configuration Examples
```yaml tab="Docker" ```yaml tab="Docker"
# Accepts connections from defined IP # Accepts connections from defined IP
labels: labels:
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```yaml tab="Kubernetes" ```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: test-ipwhitelist name: test-ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@@ -32,25 +32,25 @@ spec:
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Accepts request from defined IP # Accepts request from defined IP
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7" "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# Accepts request from defined IP # Accepts request from defined IP
labels: labels:
- "traefik.tcp.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
# Accepts request from defined IP # Accepts request from defined IP
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.test-ipwhitelist.ipWhiteList] [tcp.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
``` ```
@@ -58,8 +58,8 @@ labels:
# Accepts request from defined IP # Accepts request from defined IP
tcp: tcp:
middlewares: middlewares:
test-ipwhitelist: test-ipallowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"

46
docs/content/middlewares/tcp/overview.md
View File

@@ -18,10 +18,10 @@ whoami:
# A container that exposes an API to show its IP address # A container that exposes an API to show its IP address
image: traefik/whoami image: traefik/whoami
labels: labels:
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@docker"
``` ```
```yaml tab="Kubernetes IngressRoute" ```yaml tab="Kubernetes IngressRoute"
@@ -43,9 +43,9 @@ spec:
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: foo-ip-whitelist name: foo-ip-allowlist
spec: spec:
ipWhiteList: ipAllowList:
sourcerange: sourcerange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@@ -60,30 +60,30 @@ spec:
routes: routes:
# more fields... # more fields...
middlewares: middlewares:
- name: foo-ip-whitelist - name: foo-ip-allowlist
``` ```
```yaml tab="Consul Catalog" ```yaml tab="Consul Catalog"
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@consulcatalog" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"
``` ```
```json tab="Marathon" ```json tab="Marathon"
"labels": { "labels": {
"traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7", "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7",
"traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@marathon" "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon"
} }
``` ```
```yaml tab="Rancher" ```yaml tab="Rancher"
# As a Rancher Label # As a Rancher Label
labels: labels:
# Create a middleware named `foo-ip-whitelist` # Create a middleware named `foo-ip-allowlist`
- "traefik.tcp.middlewares.foo-ip-whitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7" - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
# Apply the middleware named `foo-ip-whitelist` to the router named `router1` # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@rancher" - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher"
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
@@ -91,11 +91,11 @@ labels:
[tcp.routers] [tcp.routers]
[tcp.routers.router1] [tcp.routers.router1]
service = "myService" service = "myService"
middlewares = ["foo-ip-whitelist"] middlewares = ["foo-ip-allowlist"]
rule = "Host(`example.com`)" rule = "Host(`example.com`)"
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.foo-ip-whitelist.ipWhiteList] [tcp.middlewares.foo-ip-allowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"] sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[tcp.services] [tcp.services]
@@ -114,12 +114,12 @@ tcp:
router1: router1:
service: myService service: myService
middlewares: middlewares:
- "foo-ip-whitelist" - "foo-ip-allowlist"
rule: "Host(`example.com`)" rule: "Host(`example.com`)"
middlewares: middlewares:
foo-ip-whitelist: foo-ip-allowlist:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- "127.0.0.1/32" - "127.0.0.1/32"
- "192.168.1.7" - "192.168.1.7"
@@ -137,4 +137,4 @@ tcp:
| Middleware | Purpose | Area | | Middleware | Purpose | Area |
|-------------------------------------------|---------------------------------------------------|-----------------------------| |-------------------------------------------|---------------------------------------------------|-----------------------------|
| [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle | | [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle |
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs. | Security, Request lifecycle | | [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle |

57
docs/content/migration/v2-to-v3.md Normal file
View File

@@ -0,0 +1,57 @@
---
title: "Traefik V3 Migration Documentation"
description: "Migrate from Traefik Proxy v2 to v3 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation."
---
# Migration Guide: From v2 to v3
How to Migrate from Traefik v2 to Traefik v3.
{: .subtitle }
The version 3 of Traefik introduces a number of breaking changes,
which require one to update their configuration when they migrate from v2 to v3.
The goal of this page is to recapitulate all of these changes, and in particular to give examples,
feature by feature, of how the configuration looked like in v2, and how it now looks like in v3.
## IPWhiteList
In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing anything to the configuration.
## gRPC Metrics
In v3, the reported status code for gRPC requests is now the value of the `Grpc-Status` header.
## Deprecated Options Removal
- The `pilot` option has been removed from the static configuration.
- The `tracing.datadog.globaltag` option has been removed.
- The `namespace` option of Consul, Consul Catalog and Nomad providers has been removed.
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers.
- `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
- The `forceSlash` option of the StripPrefix middleware has been removed.
- the `preferServerCipherSuites` option has been removed.
## Matchers
In v3, the `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.
`QueryRegexp` has been introduced to match query values using a regular expression.
`HeaderRegexp`, `HostRegexp`, `PathRegexp`, `QueryRegexp`, and `HostSNIRegexp` matchers now uses the [Go regexp syntax](https://golang.org/pkg/regexp/syntax/).
All matchers now take a single value (except `Headers`, `HeaderRegexp`, `Query`, and `QueryRegexp` which take two)
and should be explicitly combined using logical operators to mimic previous behavior.
`Query` can take a single value to match is the query value that has no value (e.g. `/search?mobile`).
`HostHeader` has been removed, use `Host` instead.
## Content-Type Auto-Detection
In v3, the `Content-Type` header is not auto-detected anymore when it is not set by the backend.
One should use the `ContentType` middleware to enable the `Content-Type` header value auto-detection.
## HTTP/3
In v3, HTTP/3 is no longer an experimental feature.
The `experimental.http3` option has been removed from the static configuration.

6
docs/content/migration/v2.md
View File

@@ -490,3 +490,9 @@ In `v2.8.2`, Traefik now reject certificates signed with the SHA-1 hash function
### Traefik Pilot ### Traefik Pilot
In `v2.9`, Traefik Pilot support has been removed. In `v2.9`, Traefik Pilot support has been removed.
## v2.10
### Nomad Namespace
In `v2.10`, the `namespace` option of the Nomad provider is deprecated, please use the `namespaces` options instead.

3
docs/content/observability/access-logs.md
View File

@@ -229,6 +229,7 @@ accessLog:
| `RetryAttempts` | The amount of attempts the request was retried. | | `RetryAttempts` | The amount of attempts the request was retried. |
| `TLSVersion` | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS). | | `TLSVersion` | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS). |
| `TLSCipher` | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS) | | `TLSCipher` | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS) |
| `TLSClientSubject` | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`) |
## Log Rotation ## Log Rotation
@@ -254,7 +255,7 @@ version: "3.7"
services: services:
traefik: traefik:
image: traefik:v2.9 image: traefik:v3.0
environment: environment:
- TZ=US/Alaska - TZ=US/Alaska
command: command:

101
docs/content/observability/logs.md
View File

@@ -64,7 +64,7 @@ log:
#### `level` #### `level`
By default, the `level` is set to `ERROR`. Alternative logging levels are `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`. By default, the `level` is set to `ERROR`. Alternative logging levels are `TRACE`, `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
log: log:
@@ -80,10 +80,101 @@ log:
--log.level=DEBUG --log.level=DEBUG
``` ```
#### `noColor`
When using the 'common' format, disables the colorized output.
```yaml tab="File (YAML)"
log:
noColor: true
```
```toml tab="File (TOML)"
[log]
noColor = true
```
```bash tab="CLI"
--log.nocolor=true
```
## Log Rotation ## Log Rotation
Traefik will close and reopen its log files, assuming they're configured, on receipt of a USR1 signal. The rotation of the log files can be configured with the following options.
This allows the logs to be rotated and processed by an external program, such as `logrotate`.
!!! warning ### `maxSize`
This does not work on Windows due to the lack of USR signals.
`maxSize` is the maximum size in megabytes of the log file before it gets rotated.
It defaults to 100 megabytes.
```yaml tab="File (YAML)"
log:
maxSize: 1
```
```toml tab="File (TOML)"
[log]
maxSize = 1
```
```bash tab="CLI"
--log.maxsize=1
```
### `maxBackups`
`maxBackups` is the maximum number of old log files to retain.
The default is to retain all old log files (though `maxAge` may still cause them to get deleted).
```yaml tab="File (YAML)"
log:
maxBackups: 3
```
```toml tab="File (TOML)"
[log]
maxBackups = 3
```
```bash tab="CLI"
--log.maxbackups=3
```
### `maxAge`
`maxAge` is the maximum number of days to retain old log files based on the timestamp encoded in their filename.
Note that a day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.
The default is not to remove old log files based on age.
```yaml tab="File (YAML)"
log:
maxAge: 3
```
```toml tab="File (TOML)"
[log]
maxAge = 3
```
```bash tab="CLI"
--log.maxage=3
```
### `compress`
`compress` determines if the rotated log files should be compressed using gzip.
The default is not to perform compression.
```yaml tab="File (YAML)"
log:
compress: 3
```
```toml tab="File (TOML)"
[log]
compress = 3
```
```bash tab="CLI"
--log.compress=3
```

353
docs/content/observability/metrics/opentelemetry.md Normal file
View File

@@ -0,0 +1,353 @@
---
title: "Traefik OpenTelemetry Documentation"
description: "Traefik supports several metrics backends, including OpenTelemetry. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation."
---
# OpenTelemetry
To enable the OpenTelemetry:
```yaml tab="File (YAML)"
metrics:
openTelemetry: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
```
```bash tab="CLI"
--metrics.openTelemetry=true
```
!!! info "The OpenTelemetry exporter will export metrics to the collector by using HTTP by default, see the [gRPC Section](#grpc-configuration) to use gRPC."
#### `address`
_Required, Default="localhost:4318", Format="`<host>:<port>`"_
Address of the OpenTelemetry Collector to send metrics to.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
address: localhost:4318
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
address = "localhost:4318"
```
```bash tab="CLI"
--metrics.openTelemetry.address=localhost:4318
```
#### `addEntryPointsLabels`
_Optional, Default=true_
Enable metrics on entry points.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
addEntryPointsLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
addEntryPointsLabels = true
```
```bash tab="CLI"
--metrics.openTelemetry.addEntryPointsLabels=true
```
#### `addRoutersLabels`
_Optional, Default=false_
Enable metrics on routers.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
addRoutersLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
addRoutersLabels = true
```
```bash tab="CLI"
--metrics.openTelemetry.addRoutersLabels=true
```
#### `addServicesLabels`
_Optional, Default=true_
Enable metrics on services.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
addServicesLabels: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
addServicesLabels = true
```
```bash tab="CLI"
--metrics.openTelemetry.addServicesLabels=true
```
#### `explicitBoundaries`
_Optional, Default=".005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10"_
Explicit boundaries for Histogram data points.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
explicitBoundaries:
- 0.1
- 0.3
- 1.2
- 5.0
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
explicitBoundaries = [0.1,0.3,1.2,5.0]
```
```bash tab="CLI"
--metrics.openTelemetry.explicitBoundaries=0.1,0.3,1.2,5.0
```
#### `headers`
_Optional, Default={}_
Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--metrics.openTelemetry.headers.foo=bar --metrics.openTelemetry.headers.baz=buz
```
#### `insecure`
_Optional, Default=false_
Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
insecure: true
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
insecure = true
```
```bash tab="CLI"
--metrics.openTelemetry.insecure=true
```
#### `pushInterval`
_Optional, Default=10s_
Interval at which metrics are sent to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
pushInterval: 10s
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
pushInterval = "10s"
```
```bash tab="CLI"
--metrics.openTelemetry.pushInterval=10s
```
#### `path`
_Required, Default="/v1/traces"_
Allows to override the default URL path used for sending metrics.
This option has no effect when using gRPC transport.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
path: /foo/v1/traces
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry]
path = "/foo/v1/traces"
```
```bash tab="CLI"
--metrics.openTelemetry.path=/foo/v1/traces
```
#### `tls`
_Optional_
Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
##### `ca`
_Optional_
`ca` is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector,
it defaults to the system bundle.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
tls:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[metrics.openTelemetry.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--metrics.openTelemetry.tls.ca=path/to/ca.crt
```
##### `cert`
_Optional_
`cert` is the path to the public certificate used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the `key` option is required.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```toml tab="File (TOML)"
[metrics.openTelemetry.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--metrics.openTelemetry.tls.cert=path/to/foo.cert
--metrics.openTelemetry.tls.key=path/to/foo.key
```
##### `key`
_Optional_
`key` is the path to the private key used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the `cert` option is required.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```toml tab="File (TOML)"
[metrics.openTelemetry.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--metrics.openTelemetry.tls.cert=path/to/foo.cert
--metrics.openTelemetry.tls.key=path/to/foo.key
```
##### `insecureSkipVerify`
_Optional, Default=false_
If `insecureSkipVerify` is `true`,
the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
tls:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[metrics.openTelemetry.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--metrics.openTelemetry.tls.insecureSkipVerify=true
```
#### gRPC configuration
This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
```yaml tab="File (YAML)"
metrics:
openTelemetry:
grpc: {}
```
```toml tab="File (TOML)"
[metrics]
[metrics.openTelemetry.grpc]
```
```bash tab="CLI"
--metrics.openTelemetry.grpc=true
```

2
docs/content/observability/metrics/overview.md
View File

@@ -13,6 +13,8 @@ Traefik supports these metrics backends:
- [Prometheus](./prometheus.md) - [Prometheus](./prometheus.md)
- [StatsD](./statsd.md) - [StatsD](./statsd.md)
Traefik Proxy hosts an official Grafana dashboard for both [on-premises](https://grafana.com/grafana/dashboards/17346) and [Kubernetes](https://grafana.com/grafana/dashboards/17347) deployments.
## Global Metrics ## Global Metrics
| Metric | Type | Description | | Metric | Type | Description |

24
docs/content/observability/tracing/datadog.md
View File

@@ -65,30 +65,6 @@ tracing:
--tracing.datadog.debug=true --tracing.datadog.debug=true
``` ```
#### `globalTag`
??? warning "Deprecated in favor of the [`globalTags`](#globaltags) option."
_Optional, Default=empty_
Applies a shared key:value tag on all spans.
```yaml tab="File (YAML)"
tracing:
datadog:
globalTag: sample
```
```toml tab="File (TOML)"
[tracing]
[tracing.datadog]
globalTag = "sample"
```
```bash tab="CLI"
--tracing.datadog.globalTag=sample
```
#### `globalTags` #### `globalTags`
_Optional, Default=empty_ _Optional, Default=empty_

246
docs/content/observability/tracing/opentelemetry.md Normal file
View File

@@ -0,0 +1,246 @@
---
title: "Traefik OpenTelemetry Documentation"
description: "Traefik supports several tracing backends, including OpenTelemetry. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation."
---
# OpenTelemetry
To enable the OpenTelemetry tracer:
```yaml tab="File (YAML)"
tracing:
openTelemetry: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.openTelemetry]
```
```bash tab="CLI"
--tracing.openTelemetry=true
```
!!! info "The OpenTelemetry trace reporter will export traces to the collector using HTTP by default, see the [gRPC Section](#grpc-configuration) to use gRPC."
!!! info "Trace sampling"
By default, the OpenTelemetry trace reporter will sample 100% of traces.
See [OpenTelemetry's SDK configuration](https://opentelemetry.io/docs/reference/specification/sdk-environment-variables/#general-sdk-configuration) to customize the sampling strategy.
#### `address`
_Required, Default="localhost:4318", Format="`<host>:<port>`"_
Address of the OpenTelemetry Collector to send spans to.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
address: localhost:4318
```
```toml tab="File (TOML)"
[tracing]
[tracing.openTelemetry]
address = "localhost:4318"
```
```bash tab="CLI"
--tracing.openTelemetry.address=localhost:4318
```
#### `headers`
_Optional, Default={}_
Additional headers sent with spans by the reporter to the OpenTelemetry Collector.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
headers:
foo: bar
baz: buz
```
```toml tab="File (TOML)"
[tracing]
[tracing.openTelemetry.headers]
foo = "bar"
baz = "buz"
```
```bash tab="CLI"
--tracing.openTelemetry.headers.foo=bar --tracing.openTelemetry.headers.baz=buz
```
#### `insecure`
_Optional, Default=false_
Allows reporter to send spans to the OpenTelemetry Collector without using a secured protocol.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
insecure: true
```
```toml tab="File (TOML)"
[tracing]
[tracing.openTelemetry]
insecure = true
```
```bash tab="CLI"
--tracing.openTelemetry.insecure=true
```
#### `path`
_Required, Default="/v1/traces"_
Allows to override the default URL path used for sending traces.
This option has no effect when using gRPC transport.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
path: /foo/v1/traces
```
```toml tab="File (TOML)"
[tracing]
[tracing.openTelemetry]
path = "/foo/v1/traces"
```
```bash tab="CLI"
--tracing.openTelemetry.path=/foo/v1/traces
```
#### `tls`
_Optional_
Defines the TLS configuration used by the reporter to send spans to the OpenTelemetry Collector.
##### `ca`
_Optional_
`ca` is the path to the certificate authority used for the secure connection to the OpenTelemetry Collector,
it defaults to the system bundle.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
tls:
ca: path/to/ca.crt
```
```toml tab="File (TOML)"
[tracing.openTelemetry.tls]
ca = "path/to/ca.crt"
```
```bash tab="CLI"
--tracing.openTelemetry.tls.ca=path/to/ca.crt
```
##### `cert`
_Optional_
`cert` is the path to the public certificate used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the `key` option is required.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```toml tab="File (TOML)"
[tracing.openTelemetry.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--tracing.openTelemetry.tls.cert=path/to/foo.cert
--tracing.openTelemetry.tls.key=path/to/foo.key
```
##### `key`
_Optional_
`key` is the path to the private key used for the secure connection to the OpenTelemetry Collector.
When using this option, setting the `cert` option is required.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
tls:
cert: path/to/foo.cert
key: path/to/foo.key
```
```toml tab="File (TOML)"
[tracing.openTelemetry.tls]
cert = "path/to/foo.cert"
key = "path/to/foo.key"
```
```bash tab="CLI"
--tracing.openTelemetry.tls.cert=path/to/foo.cert
--tracing.openTelemetry.tls.key=path/to/foo.key
```
##### `insecureSkipVerify`
_Optional, Default=false_
If `insecureSkipVerify` is `true`,
the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
tls:
insecureSkipVerify: true
```
```toml tab="File (TOML)"
[tracing.openTelemetry.tls]
insecureSkipVerify = true
```
```bash tab="CLI"
--tracing.openTelemetry.tls.insecureSkipVerify=true
```
#### gRPC configuration
_Optional_
This instructs the reporter to send spans to the OpenTelemetry Collector using gRPC.
```yaml tab="File (YAML)"
tracing:
openTelemetry:
grpc: {}
```
```toml tab="File (TOML)"
[tracing]
[tracing.openTelemetry.grpc]
```
```bash tab="CLI"
--tracing.openTelemetry.grpc=true
```

6
docs/content/operations/dashboard.md
View File

@@ -72,7 +72,7 @@ to allow defining:
- One or more security features through [middlewares](../middlewares/overview.md) - One or more security features through [middlewares](../middlewares/overview.md)
like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md), like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
[forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md). [forwardAuth](../middlewares/http/forwardauth.md)) or [allowlisting](../middlewares/http/ipallowlist.md).
- A [router rule](#dashboard-router-rule) for accessing the dashboard, - A [router rule](#dashboard-router-rule) for accessing the dashboard,
through Traefik itself (sometimes referred as "Traefik-ception"). through Traefik itself (sometimes referred as "Traefik-ception").
@@ -93,12 +93,12 @@ rule = "Host(`traefik.example.com`)"
```bash tab="Path Prefix Rule" ```bash tab="Path Prefix Rule"
# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/ # The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
rule = "PathPrefix(`/api`, `/dashboard`)" rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
``` ```
```bash tab="Combination of Rules" ```bash tab="Combination of Rules"
# The dashboard can be accessed on http://traefik.example.com/dashboard/ # The dashboard can be accessed on http://traefik.example.com/dashboard/
rule = "Host(`traefik.example.com`) && PathPrefix(`/api`, `/dashboard`)" rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
``` ```
??? example "Dashboard Dynamic Configuration Examples" ??? example "Dashboard Dynamic Configuration Examples"

35
docs/content/providers/consul-catalog.md
View File

@@ -667,41 +667,6 @@ providers:
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `namespace`
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
_Optional, Default=""_
The `namespace` option defines the namespace in which the consul catalog services will be discovered.
!!! warning
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
!!! warning
One should only define either the `namespaces` option or the `namespace` option.
```yaml tab="File (YAML)"
providers:
consulCatalog:
namespace: "production"
# ...
```
```toml tab="File (TOML)"
[providers.consulCatalog]
namespace = "production"
# ...
```
```bash tab="CLI"
--providers.consulcatalog.namespace=production
# ...
```
### `namespaces` ### `namespaces`
_Optional, Default=""_ _Optional, Default=""_

34
docs/content/providers/consul.md
View File

@@ -59,40 +59,6 @@ providers:
--providers.consul.rootkey=traefik --providers.consul.rootkey=traefik
``` ```
### `namespace`
??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
_Optional, Default=""_
The `namespace` option defines the namespace to query.
!!! warning
The namespace option only works with [Consul Enterprise](https://www.consul.io/docs/enterprise),
which provides the [Namespaces](https://www.consul.io/docs/enterprise/namespaces) feature.
!!! warning
One should only define either the `namespaces` option or the `namespace` option.
```yaml tab="File (YAML)"
providers:
consul:
# ...
namespace: "production"
```
```toml tab="File (TOML)"
[providers.consul]
# ...
namespace = "production"
```
```bash tab="CLI"
--providers.consul.namespace=production
```
### `namespaces` ### `namespaces`
_Optional, Default=""_ _Optional, Default=""_

4
docs/content/providers/docker.md
View File

@@ -95,7 +95,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
## Routing Configuration ## Routing Configuration
When using Docker as a [provider](./overview.md), When using Docker as a [provider](./overview.md),
Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#label) to retrieve its routing configuration. Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.
See the list of labels in the dedicated [routing](../routing/providers/docker.md) section. See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.
@@ -265,7 +265,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
services: services:
traefik: traefik:
image: traefik:v2.9 # The official v2 Traefik docker image image: traefik:v3.0 # The official v2 Traefik docker image
ports: ports:
- "80:80" - "80:80"
volumes: volumes:

24
docs/content/providers/ecs.md
View File

@@ -234,6 +234,30 @@ providers:
# ... # ...
``` ```
### `healthyTasksOnly`
_Optional, Default=false_
Determines whether Traefik discovers only healthy tasks (`HEALTHY` healthStatus).
```yaml tab="File (YAML)"
providers:
ecs:
healthyTasksOnly: true
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
healthyTasksOnly = true
# ...
```
```bash tab="CLI"
--providers.ecs.healthyTasksOnly=true
# ...
```
### `defaultRule` ### `defaultRule`
_Optional, Default=```Host(`{{ normalize .Name }}`)```_ _Optional, Default=```Host(`{{ normalize .Name }}`)```_

2
docs/content/providers/file.md
View File

@@ -18,7 +18,7 @@ It supports providing configuration through a [single configuration file](#filen
!!! tip !!! tip
The file provider can be a good solution for reusing common elements from other providers (e.g. declaring whitelist middlewares, basic authentication, ...) The file provider can be a good solution for reusing common elements from other providers (e.g. declaring allowlist middlewares, basic authentication, ...)
## Configuration Examples ## Configuration Examples

20
docs/content/providers/http.md
View File

@@ -76,6 +76,26 @@ providers:
--providers.http.pollTimeout=5s --providers.http.pollTimeout=5s
``` ```
### `headers`
_Optional_
Defines custom headers to be sent to the endpoint.
```yaml tab="File (YAML)"
providers:
headers:
name: value
```
```toml tab="File (TOML)"
[providers.http.headers]
name = "value"
```
```bash tab="CLI"
--providers.http.headers.name=value
### `tls` ### `tls`
_Optional_ _Optional_

21
docs/content/providers/nomad.md
View File

@@ -440,26 +440,37 @@ providers:
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery). For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
### `namespace` ### `namespaces`
_Optional, Default=""_ _Optional, Default=""_
The `namespace` option defines the namespace in which the Nomad services will be discovered. The `namespaces` option defines the namespaces in which the nomad services will be discovered.
When using the `namespaces` option, the discovered object names will be suffixed as shown below:
```text
<resource-name>@nomad-<namespace>
```
!!! warning
One should only define either the `namespaces` option or the `namespace` option.
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
providers: providers:
nomad: nomad:
namespace: "production" namespaces:
- "ns1"
- "ns2"
# ... # ...
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[providers.nomad] [providers.nomad]
namespace = "production" namespaces = ["ns1", "ns2"]
# ... # ...
``` ```
```bash tab="CLI" ```bash tab="CLI"
--providers.nomad.namespace=production --providers.nomad.namespaces=ns1,ns2
# ... # ...
``` ```

20
docs/content/reference/dynamic-configuration/docker-labels.yml
View File

@@ -17,7 +17,7 @@
- "traefik.http.middlewares.middleware05.compress=true" - "traefik.http.middlewares.middleware05.compress=true"
- "traefik.http.middlewares.middleware05.compress.excludedcontenttypes=foobar, foobar" - "traefik.http.middlewares.middleware05.compress.excludedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware05.compress.minresponsebodybytes=42" - "traefik.http.middlewares.middleware05.compress.minresponsebodybytes=42"
- "traefik.http.middlewares.middleware06.contenttype.autodetect=true" - "traefik.http.middlewares.middleware06.contenttype=true"
- "traefik.http.middlewares.middleware07.digestauth.headerfield=foobar" - "traefik.http.middlewares.middleware07.digestauth.headerfield=foobar"
- "traefik.http.middlewares.middleware07.digestauth.realm=foobar" - "traefik.http.middlewares.middleware07.digestauth.realm=foobar"
- "traefik.http.middlewares.middleware07.digestauth.removeheader=true" - "traefik.http.middlewares.middleware07.digestauth.removeheader=true"
@@ -31,7 +31,6 @@
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar" - "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar" - "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true" - "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar" - "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
@@ -54,7 +53,6 @@
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar" - "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar" - "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar" - "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.forcestsheader=true" - "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware10.headers.framedeny=true" - "traefik.http.middlewares.middleware10.headers.framedeny=true"
- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar" - "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
@@ -62,18 +60,14 @@
- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar" - "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.publickey=foobar" - "traefik.http.middlewares.middleware10.headers.publickey=foobar"
- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar" - "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar" - "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar" - "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true" - "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware10.headers.stspreload=true" - "traefik.http.middlewares.middleware10.headers.stspreload=true"
- "traefik.http.middlewares.middleware10.headers.stsseconds=42" - "traefik.http.middlewares.middleware10.headers.stsseconds=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42" - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar" - "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar" - "traefik.http.middlewares.middleware11.ipallowlist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware12.inflightreq.amount=42" - "traefik.http.middlewares.middleware12.inflightreq.amount=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar" - "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
@@ -118,9 +112,9 @@
- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar" - "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware20.retry.attempts=42" - "traefik.http.middlewares.middleware20.retry.attempts=42"
- "traefik.http.middlewares.middleware20.retry.initialinterval=42" - "traefik.http.middlewares.middleware20.retry.initialinterval=42"
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar" - "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar" - "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
- "traefik.http.middlewares.middleware23.grpcweb.alloworigins=foobar, foobar"
- "traefik.http.routers.router0.entrypoints=foobar, foobar" - "traefik.http.routers.router0.entrypoints=foobar, foobar"
- "traefik.http.routers.router0.middlewares=foobar, foobar" - "traefik.http.routers.router0.middlewares=foobar, foobar"
- "traefik.http.routers.router0.priority=42" - "traefik.http.routers.router0.priority=42"
@@ -152,8 +146,10 @@
- "traefik.http.services.service01.loadbalancer.healthcheck.interval=foobar" - "traefik.http.services.service01.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.path=foobar" - "traefik.http.services.service01.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.method=foobar" - "traefik.http.services.service01.loadbalancer.healthcheck.method=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.status=42"
- "traefik.http.services.service01.loadbalancer.healthcheck.port=42" - "traefik.http.services.service01.loadbalancer.healthcheck.port=42"
- "traefik.http.services.service01.loadbalancer.healthcheck.scheme=foobar" - "traefik.http.services.service01.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.mode=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.timeout=foobar" - "traefik.http.services.service01.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.service01.loadbalancer.passhostheader=true" - "traefik.http.services.service01.loadbalancer.passhostheader=true"
- "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar" - "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar"
@@ -165,7 +161,7 @@
- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true" - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service01.loadbalancer.server.port=foobar" - "traefik.http.services.service01.loadbalancer.server.port=foobar"
- "traefik.http.services.service01.loadbalancer.server.scheme=foobar" - "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar" - "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42" - "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
- "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar" - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"

38
docs/content/reference/dynamic-configuration/file.toml
View File

@@ -53,18 +53,20 @@
url = "foobar" url = "foobar"
[http.services.Service01.loadBalancer.healthCheck] [http.services.Service01.loadBalancer.healthCheck]
scheme = "foobar" scheme = "foobar"
mode = "foobar"
path = "foobar" path = "foobar"
method = "foobar" method = "foobar"
status = 42
port = 42 port = 42
interval = "foobar" interval = "42s"
timeout = "foobar" timeout = "42s"
hostname = "foobar" hostname = "foobar"
followRedirects = true followRedirects = true
[http.services.Service01.loadBalancer.healthCheck.headers] [http.services.Service01.loadBalancer.healthCheck.headers]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[http.services.Service01.loadBalancer.responseForwarding] [http.services.Service01.loadBalancer.responseForwarding]
flushInterval = "foobar" flushInterval = "42s"
[http.services.Service02] [http.services.Service02]
[http.services.Service02.mirroring] [http.services.Service02.mirroring]
service = "foobar" service = "foobar"
@@ -135,7 +137,6 @@
minResponseBodyBytes = 42 minResponseBodyBytes = 42
[http.middlewares.Middleware06] [http.middlewares.Middleware06]
[http.middlewares.Middleware06.contentType] [http.middlewares.Middleware06.contentType]
autoDetect = true
[http.middlewares.Middleware07] [http.middlewares.Middleware07]
[http.middlewares.Middleware07.digestAuth] [http.middlewares.Middleware07.digestAuth]
users = ["foobar", "foobar"] users = ["foobar", "foobar"]
@@ -157,7 +158,6 @@
authRequestHeaders = ["foobar", "foobar"] authRequestHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware09.forwardAuth.tls] [http.middlewares.Middleware09.forwardAuth.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -173,10 +173,6 @@
addVaryHeader = true addVaryHeader = true
allowedHosts = ["foobar", "foobar"] allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"] hostsProxyHeaders = ["foobar", "foobar"]
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
stsSeconds = 42 stsSeconds = 42
stsIncludeSubdomains = true stsIncludeSubdomains = true
stsPreload = true stsPreload = true
@@ -189,7 +185,6 @@
contentSecurityPolicy = "foobar" contentSecurityPolicy = "foobar"
publicKey = "foobar" publicKey = "foobar"
referrerPolicy = "foobar" referrerPolicy = "foobar"
featurePolicy = "foobar"
permissionsPolicy = "foobar" permissionsPolicy = "foobar"
isDevelopment = true isDevelopment = true
[http.middlewares.Middleware10.headers.customRequestHeaders] [http.middlewares.Middleware10.headers.customRequestHeaders]
@@ -202,9 +197,9 @@
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[http.middlewares.Middleware11] [http.middlewares.Middleware11]
[http.middlewares.Middleware11.ipWhiteList] [http.middlewares.Middleware11.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware11.ipWhiteList.ipStrategy] [http.middlewares.Middleware11.ipAllowList.ipStrategy]
depth = 42 depth = 42
excludedIPs = ["foobar", "foobar"] excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware12] [http.middlewares.Middleware12]
@@ -280,10 +275,12 @@
[http.middlewares.Middleware21] [http.middlewares.Middleware21]
[http.middlewares.Middleware21.stripPrefix] [http.middlewares.Middleware21.stripPrefix]
prefixes = ["foobar", "foobar"] prefixes = ["foobar", "foobar"]
forceSlash = true
[http.middlewares.Middleware22] [http.middlewares.Middleware22]
[http.middlewares.Middleware22.stripPrefixRegex] [http.middlewares.Middleware22.stripPrefixRegex]
regex = ["foobar", "foobar"] regex = ["foobar", "foobar"]
[http.middlewares.Middleware23]
[http.middlewares.Middleware23.grpcWeb]
allowOrigins = ["foobar", "foobar"]
[http.serversTransports] [http.serversTransports]
[http.serversTransports.ServersTransport0] [http.serversTransports.ServersTransport0]
serverName = "foobar" serverName = "foobar"
@@ -300,12 +297,18 @@
[[http.serversTransports.ServersTransport0.certificates]] [[http.serversTransports.ServersTransport0.certificates]]
certFile = "foobar" certFile = "foobar"
keyFile = "foobar" keyFile = "foobar"
[http.serversTransports.ServersTransport0.forwardingTimeouts] [http.serversTransports.ServersTransport0.forwardingTimeouts]
dialTimeout = "42s" dialTimeout = "42s"
responseHeaderTimeout = "42s" responseHeaderTimeout = "42s"
idleConnTimeout = "42s" idleConnTimeout = "42s"
readIdleTimeout = "42s" readIdleTimeout = "42s"
pingTimeout = "42s" pingTimeout = "42s"
[http.serversTransports.ServersTransport0.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[http.serversTransports.ServersTransport1] [http.serversTransports.ServersTransport1]
serverName = "foobar" serverName = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -321,6 +324,7 @@
[[http.serversTransports.ServersTransport1.certificates]] [[http.serversTransports.ServersTransport1.certificates]]
certFile = "foobar" certFile = "foobar"
keyFile = "foobar" keyFile = "foobar"
[http.serversTransports.ServersTransport1.forwardingTimeouts] [http.serversTransports.ServersTransport1.forwardingTimeouts]
dialTimeout = "42s" dialTimeout = "42s"
responseHeaderTimeout = "42s" responseHeaderTimeout = "42s"
@@ -328,6 +332,10 @@
readIdleTimeout = "42s" readIdleTimeout = "42s"
pingTimeout = "42s" pingTimeout = "42s"
[http.serversTransports.ServersTransport1.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[tcp] [tcp]
[tcp.routers] [tcp.routers]
[tcp.routers.TCPRouter0] [tcp.routers.TCPRouter0]
@@ -390,7 +398,7 @@
weight = 42 weight = 42
[tcp.middlewares] [tcp.middlewares]
[tcp.middlewares.TCPMiddleware00] [tcp.middlewares.TCPMiddleware00]
[tcp.middlewares.TCPMiddleware00.ipWhiteList] [tcp.middlewares.TCPMiddleware00.ipAllowList]
sourceRange = ["foobar", "foobar"] sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware01] [tcp.middlewares.TCPMiddleware01]
[tcp.middlewares.TCPMiddleware01.inFlightConn] [tcp.middlewares.TCPMiddleware01.inFlightConn]
@@ -442,7 +450,6 @@
cipherSuites = ["foobar", "foobar"] cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"]
sniStrict = true sniStrict = true
preferServerCipherSuites = true
alpnProtocols = ["foobar", "foobar"] alpnProtocols = ["foobar", "foobar"]
[tls.options.Options0.clientAuth] [tls.options.Options0.clientAuth]
caFiles = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]
@@ -453,7 +460,6 @@
cipherSuites = ["foobar", "foobar"] cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"] curvePreferences = ["foobar", "foobar"]
sniStrict = true sniStrict = true
preferServerCipherSuites = true
alpnProtocols = ["foobar", "foobar"] alpnProtocols = ["foobar", "foobar"]
[tls.options.Options1.clientAuth] [tls.options.Options1.clientAuth]
caFiles = ["foobar", "foobar"] caFiles = ["foobar", "foobar"]

41
docs/content/reference/dynamic-configuration/file.yaml
View File

@@ -58,11 +58,13 @@ http:
- url: foobar - url: foobar
healthCheck: healthCheck:
scheme: foobar scheme: foobar
mode: foobar
path: foobar path: foobar
method: foobar method: foobar
status: 42
port: 42 port: 42
interval: foobar interval: 42s
timeout: foobar timeout: 42s
hostname: foobar hostname: foobar
followRedirects: true followRedirects: true
headers: headers:
@@ -70,7 +72,7 @@ http:
name1: foobar name1: foobar
passHostHeader: true passHostHeader: true
responseForwarding: responseForwarding:
flushInterval: foobar flushInterval: 42s
serversTransport: foobar serversTransport: foobar
Service02: Service02:
mirroring: mirroring:
@@ -139,8 +141,7 @@ http:
- foobar - foobar
minResponseBodyBytes: 42 minResponseBodyBytes: 42
Middleware06: Middleware06:
contentType: contentType: {}
autoDetect: true
Middleware07: Middleware07:
digestAuth: digestAuth:
users: users:
@@ -162,7 +163,6 @@ http:
address: foobar address: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -206,13 +206,9 @@ http:
hostsProxyHeaders: hostsProxyHeaders:
- foobar - foobar
- foobar - foobar
sslRedirect: true
sslTemporaryRedirect: true
sslHost: foobar
sslProxyHeaders: sslProxyHeaders:
name0: foobar name0: foobar
name1: foobar name1: foobar
sslForceHost: true
stsSeconds: 42 stsSeconds: 42
stsIncludeSubdomains: true stsIncludeSubdomains: true
stsPreload: true stsPreload: true
@@ -225,11 +221,10 @@ http:
contentSecurityPolicy: foobar contentSecurityPolicy: foobar
publicKey: foobar publicKey: foobar
referrerPolicy: foobar referrerPolicy: foobar
featurePolicy: foobar
permissionsPolicy: foobar permissionsPolicy: foobar
isDevelopment: true isDevelopment: true
Middleware11: Middleware11:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- foobar - foobar
- foobar - foobar
@@ -317,12 +312,16 @@ http:
prefixes: prefixes:
- foobar - foobar
- foobar - foobar
forceSlash: true
Middleware22: Middleware22:
stripPrefixRegex: stripPrefixRegex:
regex: regex:
- foobar - foobar
- foobar - foobar
Middleware23:
grpcWeb:
allowOrigins:
- foobar
- foobar
serversTransports: serversTransports:
ServersTransport0: ServersTransport0:
serverName: foobar serverName: foobar
@@ -344,6 +343,12 @@ http:
pingTimeout: 42s pingTimeout: 42s
disableHTTP2: true disableHTTP2: true
peerCertURI: foobar peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
ServersTransport1: ServersTransport1:
serverName: foobar serverName: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -364,6 +369,12 @@ http:
pingTimeout: 42s pingTimeout: 42s
disableHTTP2: true disableHTTP2: true
peerCertURI: foobar peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
tcp: tcp:
routers: routers:
TCPRouter0: TCPRouter0:
@@ -430,7 +441,7 @@ tcp:
weight: 42 weight: 42
middlewares: middlewares:
TCPMiddleware00: TCPMiddleware00:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- foobar - foobar
- foobar - foobar
@@ -490,7 +501,6 @@ tls:
- foobar - foobar
clientAuthType: foobar clientAuthType: foobar
sniStrict: true sniStrict: true
preferServerCipherSuites: true
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar
@@ -509,7 +519,6 @@ tls:
- foobar - foobar
clientAuthType: foobar clientAuthType: foobar
sniStrict: true sniStrict: true
preferServerCipherSuites: true
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar

211
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

@@ -39,7 +39,7 @@ spec:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration. bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.'
items: items:
type: string type: string
@@ -56,11 +56,11 @@ spec:
- Rule - Rule
type: string type: string
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule' description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule'
type: string type: string
middlewares: middlewares:
description: 'Middlewares defines the list of references to description: 'Middlewares defines the list of references to
Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware' Middleware resources. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware'
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@@ -79,7 +79,7 @@ spec:
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority' info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority'
type: integer type: integer
services: services:
description: Services defines the list of Service. It can contain description: Services defines the list of Service. It can contain
@@ -145,7 +145,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -190,16 +190,16 @@ spec:
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls' description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls'
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers'
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains'
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@@ -217,15 +217,15 @@ spec:
options: options:
description: 'Options defines the reference to a TLSOption, that description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined, specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSOption. description: 'Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: 'Namespace defines the namespace of the referenced
TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' TLSOption. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string type: string
required: required:
- name - name
@@ -241,11 +241,11 @@ spec:
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSStore. description: 'Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: 'Namespace defines the namespace of the referenced
TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' TLSStore. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string type: string
required: required:
- name - name
@@ -307,7 +307,7 @@ spec:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration. bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.'
items: items:
type: string type: string
@@ -318,7 +318,7 @@ spec:
description: RouteTCP holds the TCP route configuration. description: RouteTCP holds the TCP route configuration.
properties: properties:
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1' description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1'
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@@ -341,7 +341,7 @@ spec:
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1' info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1'
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@@ -366,7 +366,7 @@ spec:
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
proxyProtocol: proxyProtocol:
description: 'ProxyProtocol defines the PROXY protocol description: 'ProxyProtocol defines the PROXY protocol
configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol' configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol'
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@@ -397,16 +397,16 @@ spec:
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration on a layer 4 / TCP description: 'TLS defines the TLS configuration on a layer 4 / TCP
Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1' Route. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1'
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers'
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains'
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@@ -424,7 +424,7 @@ spec:
options: options:
description: 'Options defines the reference to a TLSOption, that description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined, specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik
@@ -518,7 +518,7 @@ spec:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration. bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.'
items: items:
type: string type: string
@@ -597,7 +597,7 @@ spec:
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'Middleware is the CRD implementation of a Traefik Middleware. description: 'Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -617,7 +617,7 @@ spec:
addPrefix: addPrefix:
description: 'AddPrefix holds the add prefix middleware configuration. description: 'AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding This middleware updates the path of a request before forwarding
it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/' it. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/'
properties: properties:
prefix: prefix:
description: Prefix is the string to add before the current path description: Prefix is the string to add before the current path
@@ -627,11 +627,11 @@ spec:
basicAuth: basicAuth:
description: 'BasicAuth holds the basic auth middleware configuration. description: 'BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/'
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield'
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: 'Realm allows the protected resources on a server
@@ -651,7 +651,7 @@ spec:
buffering: buffering:
description: 'Buffering holds the buffering middleware configuration. description: 'Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can This middleware retries or limits the size of requests that can
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes' be forwarded to backends. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes'
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed description: 'MaxRequestBodyBytes defines the maximum allowed
@@ -684,13 +684,13 @@ spec:
retryExpression: retryExpression:
description: 'RetryExpression defines the retry conditions. It description: 'RetryExpression defines the retry conditions. It
is a logical combination of functions with operators AND (&&) is a logical combination of functions with operators AND (&&)
and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression' and OR (||). More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression'
type: string type: string
type: object type: object
chain: chain:
description: 'Chain holds the configuration of the chain middleware. description: 'Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other This middleware enables to define reusable combinations of other
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/' pieces of middleware. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/'
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@@ -744,12 +744,13 @@ spec:
compress: compress:
description: 'Compress holds the compress middleware configuration. description: 'Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the This middleware compresses responses before sending them to the
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/' client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/'
properties: properties:
excludedContentTypes: excludedContentTypes:
description: ExcludedContentTypes defines the list of content description: ExcludedContentTypes defines the list of content
types to compare the Content-Type header of the incoming requests types to compare the Content-Type header of the incoming requests
and responses before compressing. and responses before compressing. `application/grpc` is always
excluded.
items: items:
type: string type: string
type: array type: array
@@ -761,28 +762,18 @@ spec:
type: object type: object
contentType: contentType:
description: ContentType holds the content-type middleware configuration. description: ContentType holds the content-type middleware configuration.
This middleware exists to enable the correct behavior until at least This middleware sets the `Content-Type` header value to the media
the default one can be changed in a future version. type detected from the response content, when it is not set by the
properties: backend.
autoDetect:
description: AutoDetect specifies whether to let the `Content-Type`
header, if it has not been set by the backend, be automatically
set to a value derived from the contents of the response. As
a proxy, the default behavior should be to leave the header
alone, regardless of what the backend did with it. However,
the historic default was to always auto-detect and set the header
if it was nil, and it is going to be kept that way in order
to support users currently relying on it.
type: boolean
type: object type: object
digestAuth: digestAuth:
description: 'DigestAuth holds the digest auth middleware configuration. description: 'DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/'
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield'
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: 'Realm allows the protected resources on a server
@@ -801,7 +792,7 @@ spec:
errors: errors:
description: 'ErrorPage holds the custom error middleware configuration. description: 'ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according This middleware returns a custom page in lieu of the default, according
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/' to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/'
properties: properties:
query: query:
description: Query defines the URL for the error page (hosted description: Query defines the URL for the error page (hosted
@@ -810,7 +801,7 @@ spec:
type: string type: string
service: service:
description: 'Service defines the reference to a Kubernetes Service description: 'Service defines the reference to a Kubernetes Service
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service' that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service'
properties: properties:
kind: kind:
description: Kind defines the kind of the Service. description: Kind defines the kind of the Service.
@@ -867,7 +858,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -916,7 +907,7 @@ spec:
forwardAuth: forwardAuth:
description: 'ForwardAuth holds the forward auth middleware configuration. description: 'ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/'
properties: properties:
address: address:
description: Address defines the authentication server address. description: Address defines the authentication server address.
@@ -939,14 +930,12 @@ spec:
description: 'AuthResponseHeadersRegex defines the regex to match description: 'AuthResponseHeadersRegex defines the regex to match
headers to copy from the authentication server response and headers to copy from the authentication server response and
set on forwarded request, after stripping all headers that match set on forwarded request, after stripping all headers that match
the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex' the regex. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex'
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
connection to the authentication server. connection to the authentication server.
properties: properties:
caOptional:
type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate. Secret containing the CA to validate the server certificate.
@@ -967,10 +956,21 @@ spec:
forward) all X-Forwarded-* headers.' forward) all X-Forwarded-* headers.'
type: boolean type: boolean
type: object type: object
grpcWeb:
description: GrpcWeb holds the gRPC web middleware configuration.
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
properties:
allowOrigins:
description: AllowOrigins is a list of allowable origins. Can
also be a wildcard origin "*".
items:
type: string
type: array
type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More This middleware manages the requests and responses headers. More
info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders' info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders'
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@@ -1054,9 +1054,6 @@ spec:
description: CustomResponseHeaders defines the header names and description: CustomResponseHeaders defines the header names and
values to apply to the response. values to apply to the response.
type: object type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader: forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP. even when the connection is HTTP.
@@ -1092,12 +1089,6 @@ spec:
value. This allows sites to control whether browsers forward value. This allows sites to control whether browsers forward
the Referer header to other sites. the Referer header to other sites.
type: string type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
@@ -1106,14 +1097,6 @@ spec:
useful when using other proxies (example: "X-Forwarded-Proto": useful when using other proxies (example: "X-Forwarded-Proto":
"https").' "https").'
type: object type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains: stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header. directive is appended to the Strict-Transport-Security header.
@@ -1131,7 +1114,7 @@ spec:
inFlightReq: inFlightReq:
description: 'InFlightReq holds the in-flight request middleware configuration. description: 'InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and This middleware limits the number of requests being processed and
served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/' served concurrently. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/'
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: Amount defines the maximum amount of allowed simultaneous
@@ -1145,11 +1128,11 @@ spec:
group requests as originating from a common source. If several group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised. strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More If none are set, the default is to use the requestHost. More
info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion' info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@@ -1174,14 +1157,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@@ -1205,7 +1188,7 @@ spec:
passTLSClientCert: passTLSClientCert:
description: 'PassTLSClientCert holds the pass TLS client cert middleware description: 'PassTLSClientCert holds the pass TLS client cert middleware
configuration. This middleware adds the selected data from the passed configuration. This middleware adds the selected data from the passed
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/' client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/'
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@@ -1312,7 +1295,7 @@ spec:
rateLimit: rateLimit:
description: 'RateLimit holds the rate limit configuration. This middleware description: 'RateLimit holds the rate limit configuration. This middleware
ensures that services will receive a fair amount of requests, and ensures that services will receive a fair amount of requests, and
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/' allows one to define what fair is. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/'
properties: properties:
average: average:
description: Average is the maximum rate, by default in requests/s, description: Average is the maximum rate, by default in requests/s,
@@ -1345,7 +1328,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@@ -1373,7 +1356,7 @@ spec:
redirectRegex: redirectRegex:
description: 'RedirectRegex holds the redirect regex middleware configuration. description: 'RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex'
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@@ -1391,7 +1374,7 @@ spec:
redirectScheme: redirectScheme:
description: 'RedirectScheme holds the redirect scheme middleware description: 'RedirectScheme holds the redirect scheme middleware
configuration. This middleware redirects requests from a scheme/port configuration. This middleware redirects requests from a scheme/port
to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/' to another. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/'
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@@ -1407,7 +1390,7 @@ spec:
replacePath: replacePath:
description: 'ReplacePath holds the replace path middleware configuration. description: 'ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the This middleware replaces the path of the request URL and store the
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/' original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/'
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@@ -1417,7 +1400,7 @@ spec:
replacePathRegex: replacePathRegex:
description: 'ReplacePathRegex holds the replace path regex middleware description: 'ReplacePathRegex holds the replace path regex middleware
configuration. This middleware replaces the path of a URL using configuration. This middleware replaces the path of a URL using
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/' regex matching and replacement. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/'
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@@ -1433,7 +1416,7 @@ spec:
middleware reissues requests a given number of times to a backend middleware reissues requests a given number of times to a backend
server if that server does not reply. As soon as the server answers, server if that server does not reply. As soon as the server answers,
the middleware stops retrying, regardless of the response status. the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/'
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@@ -1453,13 +1436,8 @@ spec:
stripPrefix: stripPrefix:
description: 'StripPrefix holds the strip prefix middleware configuration. description: 'StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/'
properties: properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
URL. URL.
@@ -1470,7 +1448,7 @@ spec:
stripPrefixRegex: stripPrefixRegex:
description: 'StripPrefixRegex holds the strip prefix regex middleware description: 'StripPrefixRegex holds the strip prefix regex middleware
configuration. This middleware removes the matching prefixes from configuration. This middleware removes the matching prefixes from
the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/' the URL path. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/'
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the
@@ -1514,7 +1492,7 @@ spec:
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -1541,8 +1519,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of
@@ -1588,7 +1566,7 @@ spec:
description: 'ServersTransport is the CRD implementation of a ServersTransport. description: 'ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -1679,6 +1657,19 @@ spec:
description: ServerName defines the server name used to contact the description: ServerName defines the server name used to contact the
server. server.
type: string type: string
spiffe:
description: Spiffe defines the SPIFFE configuration.
properties:
ids:
description: IDs defines the allowed SPIFFE IDs (takes precedence
over the SPIFFE TrustDomain).
items:
type: string
type: array
trustDomain:
description: TrustDomain defines the allowed SPIFFE trust domain.
type: string
type: object
type: object type: object
required: required:
- metadata - metadata
@@ -1715,7 +1706,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSOption is the CRD implementation of a Traefik TLS Option, description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
allowing to configure some parameters of the TLS connection. More info: allowing to configure some parameters of the TLS connection. More info:
https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -1735,13 +1726,13 @@ spec:
alpnProtocols: alpnProtocols:
description: 'ALPNProtocols defines the list of supported application description: 'ALPNProtocols defines the list of supported application
level protocols for the TLS handshake, in order of preference. More level protocols for the TLS handshake, in order of preference. More
info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols' info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols'
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: 'CipherSuites defines the list of supported cipher suites description: 'CipherSuites defines the list of supported cipher suites
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites' for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites'
items: items:
type: string type: string
type: array type: array
@@ -1768,7 +1759,7 @@ spec:
type: object type: object
curvePreferences: curvePreferences:
description: 'CurvePreferences defines the preferred elliptic curves description: 'CurvePreferences defines the preferred elliptic curves
in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences' in a specific order. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences'
items: items:
type: string type: string
type: array type: array
@@ -1782,12 +1773,6 @@ spec:
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.' VersionTLS13. Default: VersionTLS10.'
type: string type: string
preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430'
type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension. from clients connections that do not specify a server_name extension.
@@ -1829,7 +1814,7 @@ spec:
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
the time being, only the TLSStore named default is supported. This means the time being, only the TLSStore named default is supported. This means
that you cannot have two stores that are named default in different Kubernetes that you cannot have two stores that are named default in different Kubernetes
namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores' namespaces. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -1927,7 +1912,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: 'TraefikService is the CRD implementation of a Traefik Service. description: 'TraefikService is the CRD implementation of a Traefik Service.
TraefikService object allows to: - Apply weight to Services on load-balancing TraefikService object allows to: - Apply weight to Services on load-balancing
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice' - Mirror traffic on services More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -2026,7 +2011,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -2110,7 +2095,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -2210,7 +2195,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -2249,7 +2234,7 @@ spec:
type: array type: array
sticky: sticky:
description: 'Sticky defines whether sticky sessions are enabled. description: 'Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

3
docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
View File

@@ -148,7 +148,7 @@ spec:
- name: whoamitcp - name: whoamitcp
port: 8080 port: 8080
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
tls: tls:
secretName: foosecret secretName: foosecret
passthrough: false passthrough: false
@@ -193,7 +193,6 @@ spec:
- foobar - foobar
clientAuthType: RequireAndVerifyClientCert clientAuthType: RequireAndVerifyClientCert
sniStrict: true sniStrict: true
preferServerCipherSuites: true
alpnProtocols: alpnProtocols:
- foobar - foobar
- foobar - foobar

2
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
View File

@@ -25,7 +25,7 @@ spec:
serviceAccountName: traefik-controller serviceAccountName: traefik-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.9 image: traefik:v3.0
args: args:
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443

41
docs/content/reference/dynamic-configuration/kv-ref.md
View File

@@ -19,7 +19,7 @@
| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/0` | `foobar` | | `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/0` | `foobar` |
| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/1` | `foobar` | | `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/1` | `foobar` |
| `traefik/http/middlewares/Middleware05/compress/minResponseBodyBytes` | `42` | | `traefik/http/middlewares/Middleware05/compress/minResponseBodyBytes` | `42` |
| `traefik/http/middlewares/Middleware06/contentType/autoDetect` | `true` | | `traefik/http/middlewares/Middleware06/contentType` | `` |
| `traefik/http/middlewares/Middleware07/digestAuth/headerField` | `foobar` | | `traefik/http/middlewares/Middleware07/digestAuth/headerField` | `foobar` |
| `traefik/http/middlewares/Middleware07/digestAuth/realm` | `foobar` | | `traefik/http/middlewares/Middleware07/digestAuth/realm` | `foobar` |
| `traefik/http/middlewares/Middleware07/digestAuth/removeHeader` | `true` | | `traefik/http/middlewares/Middleware07/digestAuth/removeHeader` | `true` |
@@ -37,7 +37,6 @@
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeadersRegex` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` | | `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
@@ -66,7 +65,6 @@
| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` | | `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` | | `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
@@ -75,20 +73,16 @@
| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` |
| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` |
| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` | | `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` | | `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` | | `traefik/http/middlewares/Middleware11/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | | `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
@@ -135,11 +129,12 @@
| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` | | `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` | | `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` | | `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` |
| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` | | `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` |
| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/0` | `foobar` |
| `traefik/http/middlewares/Middleware23/grpcWeb/allowOrigins/1` | `foobar` |
| `traefik/http/routers/Router0/entryPoints/0` | `foobar` | | `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
| `traefik/http/routers/Router0/entryPoints/1` | `foobar` | | `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
| `traefik/http/routers/Router0/middlewares/0` | `foobar` | | `traefik/http/routers/Router0/middlewares/0` | `foobar` |
@@ -186,6 +181,9 @@
| `traefik/http/serversTransports/ServersTransport0/rootCAs/0` | `foobar` | | `traefik/http/serversTransports/ServersTransport0/rootCAs/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/rootCAs/1` | `foobar` | | `traefik/http/serversTransports/ServersTransport0/rootCAs/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/serverName` | `foobar` | | `traefik/http/serversTransports/ServersTransport0/serverName` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/trustDomain` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/0/certFile` | `foobar` | | `traefik/http/serversTransports/ServersTransport1/certificates/0/certFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile` | `foobar` | | `traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/1/certFile` | `foobar` | | `traefik/http/serversTransports/ServersTransport1/certificates/1/certFile` | `foobar` |
@@ -202,18 +200,23 @@
| `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` | | `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` | | `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` | | `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/trustDomain` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/followRedirects` | `true` | | `traefik/http/services/Service01/loadBalancer/healthCheck/followRedirects` | `true` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name0` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name0` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name1` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name1` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/hostname` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/hostname` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/interval` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/interval` | `42s` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/method` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/method` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/mode` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/path` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/path` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/port` | `42` | | `traefik/http/services/Service01/loadBalancer/healthCheck/port` | `42` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/scheme` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/scheme` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/timeout` | `foobar` | | `traefik/http/services/Service01/loadBalancer/healthCheck/status` | `42` |
| `traefik/http/services/Service01/loadBalancer/healthCheck/timeout` | `42s` |
| `traefik/http/services/Service01/loadBalancer/passHostHeader` | `true` | | `traefik/http/services/Service01/loadBalancer/passHostHeader` | `true` |
| `traefik/http/services/Service01/loadBalancer/responseForwarding/flushInterval` | `foobar` | | `traefik/http/services/Service01/loadBalancer/responseForwarding/flushInterval` | `42s` |
| `traefik/http/services/Service01/loadBalancer/servers/0/url` | `foobar` | | `traefik/http/services/Service01/loadBalancer/servers/0/url` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/servers/1/url` | `foobar` | | `traefik/http/services/Service01/loadBalancer/servers/1/url` | `foobar` |
| `traefik/http/services/Service01/loadBalancer/serversTransport` | `foobar` | | `traefik/http/services/Service01/loadBalancer/serversTransport` | `foobar` |
@@ -240,8 +243,8 @@
| `traefik/http/services/Service04/failover/fallback` | `foobar` | | `traefik/http/services/Service04/failover/fallback` | `foobar` |
| `traefik/http/services/Service04/failover/healthCheck` | `` | | `traefik/http/services/Service04/failover/healthCheck` | `` |
| `traefik/http/services/Service04/failover/service` | `foobar` | | `traefik/http/services/Service04/failover/service` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` | | `traefik/tcp/middlewares/TCPMiddleware00/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` | | `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
@@ -302,7 +305,6 @@
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options0/maxVersion` | `foobar` | | `traefik/tls/options/Options0/maxVersion` | `foobar` |
| `traefik/tls/options/Options0/minVersion` | `foobar` | | `traefik/tls/options/Options0/minVersion` | `foobar` |
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options0/sniStrict` | `true` | | `traefik/tls/options/Options0/sniStrict` | `true` |
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` | | `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` | | `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
@@ -315,7 +317,6 @@
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` | | `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options1/maxVersion` | `foobar` | | `traefik/tls/options/Options1/maxVersion` | `foobar` |
| `traefik/tls/options/Options1/minVersion` | `foobar` | | `traefik/tls/options/Options1/minVersion` | `foobar` |
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options1/sniStrict` | `true` | | `traefik/tls/options/Options1/sniStrict` | `true` |
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` | | `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` | | `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |

26
docs/content/reference/dynamic-configuration/marathon-labels.json
View File

@@ -17,7 +17,7 @@
"traefik.http.middlewares.middleware05.compress": "true", "traefik.http.middlewares.middleware05.compress": "true",
"traefik.http.middlewares.middleware05.compress.excludedcontenttypes": "foobar, foobar", "traefik.http.middlewares.middleware05.compress.excludedcontenttypes": "foobar, foobar",
"traefik.http.middlewares.middleware05.compress.minresponsebodybytes": "42", "traefik.http.middlewares.middleware05.compress.minresponsebodybytes": "42",
"traefik.http.middlewares.middleware06.contenttype.autodetect": "true", "traefik.http.middlewares.middleware06.contenttype": "true",
"traefik.http.middlewares.middleware07.digestauth.headerfield": "foobar", "traefik.http.middlewares.middleware07.digestauth.headerfield": "foobar",
"traefik.http.middlewares.middleware07.digestauth.realm": "foobar", "traefik.http.middlewares.middleware07.digestauth.realm": "foobar",
"traefik.http.middlewares.middleware07.digestauth.removeheader": "true", "traefik.http.middlewares.middleware07.digestauth.removeheader": "true",
@@ -31,7 +31,6 @@
"traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar", "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar",
"traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar", "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar",
"traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar",
"traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true",
"traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar",
"traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true", "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify": "true",
"traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.key": "foobar",
@@ -54,7 +53,6 @@
"traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar", "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1": "foobar",
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar", "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0": "foobar",
"traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar", "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1": "foobar",
"traefik.http.middlewares.middleware10.headers.featurepolicy": "foobar",
"traefik.http.middlewares.middleware10.headers.forcestsheader": "true", "traefik.http.middlewares.middleware10.headers.forcestsheader": "true",
"traefik.http.middlewares.middleware10.headers.framedeny": "true", "traefik.http.middlewares.middleware10.headers.framedeny": "true",
"traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar", "traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar",
@@ -62,18 +60,14 @@
"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar", "traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar",
"traefik.http.middlewares.middleware10.headers.publickey": "foobar", "traefik.http.middlewares.middleware10.headers.publickey": "foobar",
"traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar", "traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar",
"traefik.http.middlewares.middleware10.headers.sslforcehost": "true",
"traefik.http.middlewares.middleware10.headers.sslhost": "foobar",
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar", "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0": "foobar",
"traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar", "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1": "foobar",
"traefik.http.middlewares.middleware10.headers.sslredirect": "true",
"traefik.http.middlewares.middleware10.headers.ssltemporaryredirect": "true",
"traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true", "traefik.http.middlewares.middleware10.headers.stsincludesubdomains": "true",
"traefik.http.middlewares.middleware10.headers.stspreload": "true", "traefik.http.middlewares.middleware10.headers.stspreload": "true",
"traefik.http.middlewares.middleware10.headers.stsseconds": "42", "traefik.http.middlewares.middleware10.headers.stsseconds": "42",
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth": "42", "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips": "foobar, foobar", "traefik.http.middlewares.middleware11.ipallowlist.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware11.ipwhitelist.sourcerange": "foobar, foobar", "traefik.http.middlewares.middleware11.ipallowlist.sourcerange": "foobar, foobar",
"traefik.http.middlewares.middleware12.inflightreq.amount": "42", "traefik.http.middlewares.middleware12.inflightreq.amount": "42",
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar", "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
@@ -118,9 +112,9 @@
"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar", "traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
"traefik.http.middlewares.middleware20.retry.attempts": "42", "traefik.http.middlewares.middleware20.retry.attempts": "42",
"traefik.http.middlewares.middleware20.retry.initialinterval": "42", "traefik.http.middlewares.middleware20.retry.initialinterval": "42",
"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar", "traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar", "traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
"traefik.http.middlewares.middleware23.grpcweb.alloworigins": "foobar, foobar",
"traefik.http.routers.router0.entrypoints": "foobar, foobar", "traefik.http.routers.router0.entrypoints": "foobar, foobar",
"traefik.http.routers.router0.middlewares": "foobar, foobar", "traefik.http.routers.router0.middlewares": "foobar, foobar",
"traefik.http.routers.router0.priority": "42", "traefik.http.routers.router0.priority": "42",
@@ -149,14 +143,16 @@
"traefik.http.services.service01.loadbalancer.healthcheck.headers.name0": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.headers.name0": "foobar",
"traefik.http.services.service01.loadbalancer.healthcheck.headers.name1": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.headers.name1": "foobar",
"traefik.http.services.service01.loadbalancer.healthcheck.hostname": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.hostname": "foobar",
"traefik.http.services.service01.loadbalancer.healthcheck.interval": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.interval": "42s",
"traefik.http.services.service01.loadbalancer.healthcheck.path": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.path": "foobar",
"traefik.http.services.service01.loadbalancer.healthcheck.method": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.method": "foobar",
"traefik.http.services.service01.loadbalancer.healthcheck.status": "42",
"traefik.http.services.service01.loadbalancer.healthcheck.port": "42", "traefik.http.services.service01.loadbalancer.healthcheck.port": "42",
"traefik.http.services.service01.loadbalancer.healthcheck.scheme": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.scheme": "foobar",
"traefik.http.services.service01.loadbalancer.healthcheck.timeout": "foobar", "traefik.http.services.service01.loadbalancer.healthcheck.mode": "foobar",
"traefik.http.services.service01.loadbalancer.healthcheck.timeout": "42s",
"traefik.http.services.service01.loadbalancer.passhostheader": "true", "traefik.http.services.service01.loadbalancer.passhostheader": "true",
"traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval": "foobar", "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval": "42s",
"traefik.http.services.service01.loadbalancer.serverstransport": "foobar", "traefik.http.services.service01.loadbalancer.serverstransport": "foobar",
"traefik.http.services.service01.loadbalancer.sticky.cookie": "true", "traefik.http.services.service01.loadbalancer.sticky.cookie": "true",
"traefik.http.services.service01.loadbalancer.sticky.cookie.httponly": "true", "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly": "true",
@@ -165,7 +161,7 @@
"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true", "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
"traefik.http.services.service01.loadbalancer.server.port": "foobar", "traefik.http.services.service01.loadbalancer.server.port": "foobar",
"traefik.http.services.service01.loadbalancer.server.scheme": "foobar", "traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar", "traefik.tcp.middlewares.tcpmiddleware00.ipallowlist.sourcerange": "foobar, foobar",
"traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42", "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42",
"traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar", "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
"traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar", "traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar",

26
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
View File

@@ -39,7 +39,7 @@ spec:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration. bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.'
items: items:
type: string type: string
@@ -56,11 +56,11 @@ spec:
- Rule - Rule
type: string type: string
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule' description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule'
type: string type: string
middlewares: middlewares:
description: 'Middlewares defines the list of references to description: 'Middlewares defines the list of references to
Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware' Middleware resources. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-middleware'
items: items:
description: MiddlewareRef is a reference to a Middleware description: MiddlewareRef is a reference to a Middleware
resource. resource.
@@ -79,7 +79,7 @@ spec:
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority' info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority'
type: integer type: integer
services: services:
description: Services defines the list of Service. It can contain description: Services defines the list of Service. It can contain
@@ -145,7 +145,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -190,16 +190,16 @@ spec:
type: object type: object
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls' description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls'
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers'
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains'
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@@ -217,15 +217,15 @@ spec:
options: options:
description: 'Options defines the reference to a TLSOption, that description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined, specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSOption. description: 'Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: 'Namespace defines the namespace of the referenced
TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' TLSOption. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string type: string
required: required:
- name - name
@@ -241,11 +241,11 @@ spec:
properties: properties:
name: name:
description: 'Name defines the name of the referenced TLSStore. description: 'Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string type: string
namespace: namespace:
description: 'Namespace defines the namespace of the referenced description: 'Namespace defines the namespace of the referenced
TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' TLSStore. More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string type: string
required: required:
- name - name

16
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
View File

@@ -39,7 +39,7 @@ spec:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration. bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.'
items: items:
type: string type: string
@@ -50,7 +50,7 @@ spec:
description: RouteTCP holds the TCP route configuration. description: RouteTCP holds the TCP route configuration.
properties: properties:
match: match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1' description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#rule_1'
type: string type: string
middlewares: middlewares:
description: Middlewares defines the list of references to MiddlewareTCP description: Middlewares defines the list of references to MiddlewareTCP
@@ -73,7 +73,7 @@ spec:
type: array type: array
priority: priority:
description: 'Priority defines the router''s priority. More description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1' info: https://doc.traefik.io/traefik/v3.0/routing/routers/#priority_1'
type: integer type: integer
services: services:
description: Services defines the list of TCP services. description: Services defines the list of TCP services.
@@ -98,7 +98,7 @@ spec:
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
proxyProtocol: proxyProtocol:
description: 'ProxyProtocol defines the PROXY protocol description: 'ProxyProtocol defines the PROXY protocol
configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol' configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#proxy-protocol'
properties: properties:
version: version:
description: Version defines the PROXY Protocol version description: Version defines the PROXY Protocol version
@@ -129,16 +129,16 @@ spec:
type: array type: array
tls: tls:
description: 'TLS defines the TLS configuration on a layer 4 / TCP description: 'TLS defines the TLS configuration on a layer 4 / TCP
Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1' Route. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#tls_1'
properties: properties:
certResolver: certResolver:
description: 'CertResolver defines the name of the certificate description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' static configuration. More info: https://doc.traefik.io/traefik/v3.0/https/acme/#certificate-resolvers'
type: string type: string
domains: domains:
description: 'Domains defines the list of domains that will be description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' used to issue certificates. More info: https://doc.traefik.io/traefik/v3.0/routing/routers/#domains'
items: items:
description: Domain holds a domain name with SANs. description: Domain holds a domain name with SANs.
properties: properties:
@@ -156,7 +156,7 @@ spec:
options: options:
description: 'Options defines the reference to a TLSOption, that description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined, specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
properties: properties:
name: name:
description: Name defines the name of the referenced Traefik description: Name defines the name of the referenced Traefik

2
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
View File

@@ -39,7 +39,7 @@ spec:
entryPoints: entryPoints:
description: 'EntryPoints defines the list of entry point names to description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration. bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ More info: https://doc.traefik.io/traefik/v3.0/routing/entrypoints/
Default: all.' Default: all.'
items: items:
type: string type: string

120
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View File

@@ -20,7 +20,7 @@ spec:
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'Middleware is the CRD implementation of a Traefik Middleware. description: 'Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/overview/'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -40,7 +40,7 @@ spec:
addPrefix: addPrefix:
description: 'AddPrefix holds the add prefix middleware configuration. description: 'AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding This middleware updates the path of a request before forwarding
it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/' it. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/addprefix/'
properties: properties:
prefix: prefix:
description: Prefix is the string to add before the current path description: Prefix is the string to add before the current path
@@ -50,11 +50,11 @@ spec:
basicAuth: basicAuth:
description: 'BasicAuth holds the basic auth middleware configuration. description: 'BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/'
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield'
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: 'Realm allows the protected resources on a server
@@ -74,7 +74,7 @@ spec:
buffering: buffering:
description: 'Buffering holds the buffering middleware configuration. description: 'Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can This middleware retries or limits the size of requests that can
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes' be forwarded to backends. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#maxrequestbodybytes'
properties: properties:
maxRequestBodyBytes: maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed description: 'MaxRequestBodyBytes defines the maximum allowed
@@ -107,13 +107,13 @@ spec:
retryExpression: retryExpression:
description: 'RetryExpression defines the retry conditions. It description: 'RetryExpression defines the retry conditions. It
is a logical combination of functions with operators AND (&&) is a logical combination of functions with operators AND (&&)
and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression' and OR (||). More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/buffering/#retryexpression'
type: string type: string
type: object type: object
chain: chain:
description: 'Chain holds the configuration of the chain middleware. description: 'Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other This middleware enables to define reusable combinations of other
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/' pieces of middleware. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/chain/'
properties: properties:
middlewares: middlewares:
description: Middlewares is the list of MiddlewareRef which composes description: Middlewares is the list of MiddlewareRef which composes
@@ -167,12 +167,13 @@ spec:
compress: compress:
description: 'Compress holds the compress middleware configuration. description: 'Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the This middleware compresses responses before sending them to the
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/' client, using gzip compression. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/compress/'
properties: properties:
excludedContentTypes: excludedContentTypes:
description: ExcludedContentTypes defines the list of content description: ExcludedContentTypes defines the list of content
types to compare the Content-Type header of the incoming requests types to compare the Content-Type header of the incoming requests
and responses before compressing. and responses before compressing. `application/grpc` is always
excluded.
items: items:
type: string type: string
type: array type: array
@@ -184,28 +185,18 @@ spec:
type: object type: object
contentType: contentType:
description: ContentType holds the content-type middleware configuration. description: ContentType holds the content-type middleware configuration.
This middleware exists to enable the correct behavior until at least This middleware sets the `Content-Type` header value to the media
the default one can be changed in a future version. type detected from the response content, when it is not set by the
properties: backend.
autoDetect:
description: AutoDetect specifies whether to let the `Content-Type`
header, if it has not been set by the backend, be automatically
set to a value derived from the contents of the response. As
a proxy, the default behavior should be to leave the header
alone, regardless of what the backend did with it. However,
the historic default was to always auto-detect and set the header
if it was nil, and it is going to be kept that way in order
to support users currently relying on it.
type: boolean
type: object type: object
digestAuth: digestAuth:
description: 'DigestAuth holds the digest auth middleware configuration. description: 'DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users. This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/digestauth/'
properties: properties:
headerField: headerField:
description: 'HeaderField defines a header field to store the description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' authenticated user. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/basicauth/#headerfield'
type: string type: string
realm: realm:
description: 'Realm allows the protected resources on a server description: 'Realm allows the protected resources on a server
@@ -224,7 +215,7 @@ spec:
errors: errors:
description: 'ErrorPage holds the custom error middleware configuration. description: 'ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according This middleware returns a custom page in lieu of the default, according
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/' to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/'
properties: properties:
query: query:
description: Query defines the URL for the error page (hosted description: Query defines the URL for the error page (hosted
@@ -233,7 +224,7 @@ spec:
type: string type: string
service: service:
description: 'Service defines the reference to a Kubernetes Service description: 'Service defines the reference to a Kubernetes Service
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service' that will serve the error page. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/errorpages/#service'
properties: properties:
kind: kind:
description: Kind defines the kind of the Service. description: Kind defines the kind of the Service.
@@ -290,7 +281,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -339,7 +330,7 @@ spec:
forwardAuth: forwardAuth:
description: 'ForwardAuth holds the forward auth middleware configuration. description: 'ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service. This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/'
properties: properties:
address: address:
description: Address defines the authentication server address. description: Address defines the authentication server address.
@@ -362,14 +353,12 @@ spec:
description: 'AuthResponseHeadersRegex defines the regex to match description: 'AuthResponseHeadersRegex defines the regex to match
headers to copy from the authentication server response and headers to copy from the authentication server response and
set on forwarded request, after stripping all headers that match set on forwarded request, after stripping all headers that match
the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex' the regex. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#authresponseheadersregex'
type: string type: string
tls: tls:
description: TLS defines the configuration used to secure the description: TLS defines the configuration used to secure the
connection to the authentication server. connection to the authentication server.
properties: properties:
caOptional:
type: boolean
caSecret: caSecret:
description: CASecret is the name of the referenced Kubernetes description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate. Secret containing the CA to validate the server certificate.
@@ -390,10 +379,21 @@ spec:
forward) all X-Forwarded-* headers.' forward) all X-Forwarded-* headers.'
type: boolean type: boolean
type: object type: object
grpcWeb:
description: GrpcWeb holds the gRPC web middleware configuration.
This middleware converts a gRPC web request to an HTTP/2 gRPC request.
properties:
allowOrigins:
description: AllowOrigins is a list of allowable origins. Can
also be a wildcard origin "*".
items:
type: string
type: array
type: object
headers: headers:
description: 'Headers holds the headers middleware configuration. description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More This middleware manages the requests and responses headers. More
info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders' info: https://doc.traefik.io/traefik/v3.0/middlewares/http/headers/#customrequestheaders'
properties: properties:
accessControlAllowCredentials: accessControlAllowCredentials:
description: AccessControlAllowCredentials defines whether the description: AccessControlAllowCredentials defines whether the
@@ -477,9 +477,6 @@ spec:
description: CustomResponseHeaders defines the header names and description: CustomResponseHeaders defines the header names and
values to apply to the response. values to apply to the response.
type: object type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader: forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP. even when the connection is HTTP.
@@ -515,12 +512,6 @@ spec:
value. This allows sites to control whether browsers forward value. This allows sites to control whether browsers forward
the Referer header to other sites. the Referer header to other sites.
type: string type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
type: boolean
sslHost:
description: 'Deprecated: use RedirectRegex instead.'
type: string
sslProxyHeaders: sslProxyHeaders:
additionalProperties: additionalProperties:
type: string type: string
@@ -529,14 +520,6 @@ spec:
useful when using other proxies (example: "X-Forwarded-Proto": useful when using other proxies (example: "X-Forwarded-Proto":
"https").' "https").'
type: object type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
sslTemporaryRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
instead.'
type: boolean
stsIncludeSubdomains: stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header. directive is appended to the Strict-Transport-Security header.
@@ -554,7 +537,7 @@ spec:
inFlightReq: inFlightReq:
description: 'InFlightReq holds the in-flight request middleware configuration. description: 'InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and This middleware limits the number of requests being processed and
served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/' served concurrently. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/'
properties: properties:
amount: amount:
description: Amount defines the maximum amount of allowed simultaneous description: Amount defines the maximum amount of allowed simultaneous
@@ -568,11 +551,11 @@ spec:
group requests as originating from a common source. If several group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised. strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More If none are set, the default is to use the requestHost. More
info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion' info: https://doc.traefik.io/traefik/v3.0/middlewares/http/inflightreq/#sourcecriterion'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@@ -597,14 +580,14 @@ spec:
type: boolean type: boolean
type: object type: object
type: object type: object
ipWhiteList: ipAllowList:
description: 'IPWhiteList holds the IP whitelist middleware configuration. description: 'IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP. This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/'
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration used description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@@ -628,7 +611,7 @@ spec:
passTLSClientCert: passTLSClientCert:
description: 'PassTLSClientCert holds the pass TLS client cert middleware description: 'PassTLSClientCert holds the pass TLS client cert middleware
configuration. This middleware adds the selected data from the passed configuration. This middleware adds the selected data from the passed
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/' client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/passtlsclientcert/'
properties: properties:
info: info:
description: Info selects the specific client certificate details description: Info selects the specific client certificate details
@@ -735,7 +718,7 @@ spec:
rateLimit: rateLimit:
description: 'RateLimit holds the rate limit configuration. This middleware description: 'RateLimit holds the rate limit configuration. This middleware
ensures that services will receive a fair amount of requests, and ensures that services will receive a fair amount of requests, and
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/' allows one to define what fair is. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ratelimit/'
properties: properties:
average: average:
description: Average is the maximum rate, by default in requests/s, description: Average is the maximum rate, by default in requests/s,
@@ -768,7 +751,7 @@ spec:
properties: properties:
ipStrategy: ipStrategy:
description: 'IPStrategy holds the IP strategy configuration description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/#ipstrategy'
properties: properties:
depth: depth:
description: Depth tells Traefik to use the X-Forwarded-For description: Depth tells Traefik to use the X-Forwarded-For
@@ -796,7 +779,7 @@ spec:
redirectRegex: redirectRegex:
description: 'RedirectRegex holds the redirect regex middleware configuration. description: 'RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement. This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectregex/#regex'
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@@ -814,7 +797,7 @@ spec:
redirectScheme: redirectScheme:
description: 'RedirectScheme holds the redirect scheme middleware description: 'RedirectScheme holds the redirect scheme middleware
configuration. This middleware redirects requests from a scheme/port configuration. This middleware redirects requests from a scheme/port
to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/' to another. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/redirectscheme/'
properties: properties:
permanent: permanent:
description: Permanent defines whether the redirection is permanent description: Permanent defines whether the redirection is permanent
@@ -830,7 +813,7 @@ spec:
replacePath: replacePath:
description: 'ReplacePath holds the replace path middleware configuration. description: 'ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the This middleware replaces the path of the request URL and store the
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/' original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepath/'
properties: properties:
path: path:
description: Path defines the path to use as replacement in the description: Path defines the path to use as replacement in the
@@ -840,7 +823,7 @@ spec:
replacePathRegex: replacePathRegex:
description: 'ReplacePathRegex holds the replace path regex middleware description: 'ReplacePathRegex holds the replace path regex middleware
configuration. This middleware replaces the path of a URL using configuration. This middleware replaces the path of a URL using
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/' regex matching and replacement. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/replacepathregex/'
properties: properties:
regex: regex:
description: Regex defines the regular expression used to match description: Regex defines the regular expression used to match
@@ -856,7 +839,7 @@ spec:
middleware reissues requests a given number of times to a backend middleware reissues requests a given number of times to a backend
server if that server does not reply. As soon as the server answers, server if that server does not reply. As soon as the server answers,
the middleware stops retrying, regardless of the response status. the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/retry/'
properties: properties:
attempts: attempts:
description: Attempts defines how many times the request should description: Attempts defines how many times the request should
@@ -876,13 +859,8 @@ spec:
stripPrefix: stripPrefix:
description: 'StripPrefix holds the strip prefix middleware configuration. description: 'StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path. This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefix/'
properties: properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
type: boolean
prefixes: prefixes:
description: Prefixes defines the prefixes to strip from the request description: Prefixes defines the prefixes to strip from the request
URL. URL.
@@ -893,7 +871,7 @@ spec:
stripPrefixRegex: stripPrefixRegex:
description: 'StripPrefixRegex holds the strip prefix regex middleware description: 'StripPrefixRegex holds the strip prefix regex middleware
configuration. This middleware removes the matching prefixes from configuration. This middleware removes the matching prefixes from
the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/' the URL path. More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/stripprefixregex/'
properties: properties:
regex: regex:
description: Regex defines the regular expression to match the description: Regex defines the regular expression to match the

6
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
View File

@@ -20,7 +20,7 @@ spec:
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/' More info: https://doc.traefik.io/traefik/v3.0/middlewares/overview/'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -47,8 +47,8 @@ spec:
format: int64 format: int64
type: integer type: integer
type: object type: object
ipWhiteList: ipAllowList:
description: IPWhiteList defines the IPWhiteList middleware configuration. description: IPAllowList defines the IPAllowList middleware configuration.
properties: properties:
sourceRange: sourceRange:
description: SourceRange defines the allowed IPs (or ranges of description: SourceRange defines the allowed IPs (or ranges of

15
docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
View File

@@ -22,7 +22,7 @@ spec:
description: 'ServersTransport is the CRD implementation of a ServersTransport. description: 'ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used. If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration. The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_1'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -113,6 +113,19 @@ spec:
description: ServerName defines the server name used to contact the description: ServerName defines the server name used to contact the
server. server.
type: string type: string
spiffe:
description: Spiffe defines the SPIFFE configuration.
properties:
ids:
description: IDs defines the allowed SPIFFE IDs (takes precedence
over the SPIFFE TrustDomain).
items:
type: string
type: array
trustDomain:
description: TrustDomain defines the allowed SPIFFE trust domain.
type: string
type: object
type: object type: object
required: required:
- metadata - metadata

14
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
View File

@@ -21,7 +21,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: 'TLSOption is the CRD implementation of a Traefik TLS Option, description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
allowing to configure some parameters of the TLS connection. More info: allowing to configure some parameters of the TLS connection. More info:
https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' https://doc.traefik.io/traefik/v3.0/https/tls/#tls-options'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -41,13 +41,13 @@ spec:
alpnProtocols: alpnProtocols:
description: 'ALPNProtocols defines the list of supported application description: 'ALPNProtocols defines the list of supported application
level protocols for the TLS handshake, in order of preference. More level protocols for the TLS handshake, in order of preference. More
info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols' info: https://doc.traefik.io/traefik/v3.0/https/tls/#alpn-protocols'
items: items:
type: string type: string
type: array type: array
cipherSuites: cipherSuites:
description: 'CipherSuites defines the list of supported cipher suites description: 'CipherSuites defines the list of supported cipher suites
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites' for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#cipher-suites'
items: items:
type: string type: string
type: array type: array
@@ -74,7 +74,7 @@ spec:
type: object type: object
curvePreferences: curvePreferences:
description: 'CurvePreferences defines the preferred elliptic curves description: 'CurvePreferences defines the preferred elliptic curves
in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences' in a specific order. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#curve-preferences'
items: items:
type: string type: string
type: array type: array
@@ -88,12 +88,6 @@ spec:
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.' VersionTLS13. Default: VersionTLS10.'
type: string type: string
preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430'
type: boolean
sniStrict: sniStrict:
description: SniStrict defines whether Traefik allows connections description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension. from clients connections that do not specify a server_name extension.

2
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
View File

@@ -22,7 +22,7 @@ spec:
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
the time being, only the TLSStore named default is supported. This means the time being, only the TLSStore named default is supported. This means
that you cannot have two stores that are named default in different Kubernetes that you cannot have two stores that are named default in different Kubernetes
namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores' namespaces. More info: https://doc.traefik.io/traefik/v3.0/https/tls/#certificates-stores'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation

10
docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
View File

@@ -21,7 +21,7 @@ spec:
openAPIV3Schema: openAPIV3Schema:
description: 'TraefikService is the CRD implementation of a Traefik Service. description: 'TraefikService is the CRD implementation of a Traefik Service.
TraefikService object allows to: - Apply weight to Services on load-balancing TraefikService object allows to: - Apply weight to Services on load-balancing
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice' - Mirror traffic on services More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#kind-traefikservice'
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
@@ -120,7 +120,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -204,7 +204,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -304,7 +304,7 @@ spec:
type: string type: string
sticky: sticky:
description: 'Sticky defines the sticky sessions configuration. description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' More info: https://doc.traefik.io/traefik/v3.0/routing/services/#sticky-sessions'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.
@@ -343,7 +343,7 @@ spec:
type: array type: array
sticky: sticky:
description: 'Sticky defines whether sticky sessions are enabled. description: 'Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' More info: https://doc.traefik.io/traefik/v3.0/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
properties: properties:
cookie: cookie:
description: Cookie defines the sticky cookie configuration. description: Cookie defines the sticky cookie configuration.

172
docs/content/reference/static-configuration/cli-ref.md
View File

@@ -99,12 +99,18 @@ Storage to use. (Default: ```acme.json```)
`--certificatesresolvers.<name>.acme.tlschallenge`: `--certificatesresolvers.<name>.acme.tlschallenge`:
Activate TLS-ALPN-01 Challenge. (Default: ```true```) Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`--certificatesresolvers.<name>.tailscale`:
Enables Tailscale certificate resolution. (Default: ```true```)
`--entrypoints.<name>`: `--entrypoints.<name>`:
Entry points definition. (Default: ```false```) Entry points definition. (Default: ```false```)
`--entrypoints.<name>.address`: `--entrypoints.<name>.address`:
Entry point address. Entry point address.
`--entrypoints.<name>.asdefault`:
Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. (Default: ```false```)
`--entrypoints.<name>.forwardedheaders.insecure`: `--entrypoints.<name>.forwardedheaders.insecure`:
Trust all forwarded headers. (Default: ```false```) Trust all forwarded headers. (Default: ```false```)
@@ -183,9 +189,6 @@ WriteTimeout is the maximum duration before timing out writes of the response. I
`--entrypoints.<name>.udp.timeout`: `--entrypoints.<name>.udp.timeout`:
Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```) Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```)
`--experimental.http3`:
Enable HTTP3. (Default: ```false```)
`--experimental.hub`: `--experimental.hub`:
Enable the Traefik Hub provider. (Default: ```false```) Enable the Traefik Hub provider. (Default: ```false```)
@@ -240,6 +243,9 @@ The TLS key for Traefik Proxy as a TLS client.
`--log`: `--log`:
Traefik log settings. (Default: ```false```) Traefik log settings. (Default: ```false```)
`--log.compress`:
Determines if the rotated log files should be compressed using gzip. (Default: ```false```)
`--log.filepath`: `--log.filepath`:
Traefik log file path. Stdout is used when omitted or empty. Traefik log file path. Stdout is used when omitted or empty.
@@ -249,6 +255,18 @@ Traefik log format: json | common (Default: ```common```)
`--log.level`: `--log.level`:
Log level set to traefik logs. (Default: ```ERROR```) Log level set to traefik logs. (Default: ```ERROR```)
`--log.maxage`:
Maximum number of days to retain old log files based on the timestamp encoded in their filename. (Default: ```0```)
`--log.maxbackups`:
Maximum number of old log files to retain. (Default: ```0```)
`--log.maxsize`:
Maximum size in megabytes of the log file before it gets rotated. (Default: ```0```)
`--log.nocolor`:
When using the 'common' format, disables the colorized output. (Default: ```false```)
`--metrics.datadog`: `--metrics.datadog`:
Datadog metrics exporter type. (Default: ```false```) Datadog metrics exporter type. (Default: ```false```)
@@ -336,6 +354,51 @@ InfluxDB v2 push interval. (Default: ```10```)
`--metrics.influxdb2.token`: `--metrics.influxdb2.token`:
InfluxDB v2 access token. InfluxDB v2 access token.
`--metrics.opentelemetry`:
OpenTelemetry metrics exporter type. (Default: ```false```)
`--metrics.opentelemetry.addentrypointslabels`:
Enable metrics on entry points. (Default: ```true```)
`--metrics.opentelemetry.address`:
Address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
`--metrics.opentelemetry.addrouterslabels`:
Enable metrics on routers. (Default: ```false```)
`--metrics.opentelemetry.addserviceslabels`:
Enable metrics on services. (Default: ```true```)
`--metrics.opentelemetry.explicitboundaries`:
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
`--metrics.opentelemetry.grpc`:
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```)
`--metrics.opentelemetry.headers.<name>`:
Headers sent with payload.
`--metrics.opentelemetry.insecure`:
Disables client transport security for the exporter. (Default: ```false```)
`--metrics.opentelemetry.path`:
Set the URL path of the collector endpoint.
`--metrics.opentelemetry.pushinterval`:
Period between calls to collect a checkpoint. (Default: ```10```)
`--metrics.opentelemetry.tls.ca`:
TLS CA
`--metrics.opentelemetry.tls.cert`:
TLS cert
`--metrics.opentelemetry.tls.insecureskipverify`:
TLS insecure skip verify (Default: ```false```)
`--metrics.opentelemetry.tls.key`:
TLS key
`--metrics.prometheus`: `--metrics.prometheus`:
Prometheus metrics exporter type. (Default: ```false```) Prometheus metrics exporter type. (Default: ```false```)
@@ -396,9 +459,6 @@ Enable Consul backend with default settings. (Default: ```false```)
`--providers.consul.endpoints`: `--providers.consul.endpoints`:
KV store endpoints. (Default: ```127.0.0.1:8500```) KV store endpoints. (Default: ```127.0.0.1:8500```)
`--providers.consul.namespace`:
Sets the namespace used to discover the configuration (Consul Enterprise only).
`--providers.consul.namespaces`: `--providers.consul.namespaces`:
Sets the namespaces used to discover the configuration (Consul Enterprise only). Sets the namespaces used to discover the configuration (Consul Enterprise only).
@@ -408,9 +468,6 @@ Root key used for KV store. (Default: ```traefik```)
`--providers.consul.tls.ca`: `--providers.consul.tls.ca`:
TLS CA TLS CA
`--providers.consul.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.consul.tls.cert`: `--providers.consul.tls.cert`:
TLS cert TLS cert
@@ -462,9 +519,6 @@ The URI scheme for the Consul server
`--providers.consulcatalog.endpoint.tls.ca`: `--providers.consulcatalog.endpoint.tls.ca`:
TLS CA TLS CA
`--providers.consulcatalog.endpoint.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.consulcatalog.endpoint.tls.cert`: `--providers.consulcatalog.endpoint.tls.cert`:
TLS cert TLS cert
@@ -480,9 +534,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
`--providers.consulcatalog.exposedbydefault`: `--providers.consulcatalog.exposedbydefault`:
Expose containers by default. (Default: ```true```) Expose containers by default. (Default: ```true```)
`--providers.consulcatalog.namespace`:
Sets the namespace used to discover services (Consul Enterprise only).
`--providers.consulcatalog.namespaces`: `--providers.consulcatalog.namespaces`:
Sets the namespaces used to discover services (Consul Enterprise only). Sets the namespaces used to discover services (Consul Enterprise only).
@@ -537,9 +588,6 @@ Polling interval for swarm mode. (Default: ```15```)
`--providers.docker.tls.ca`: `--providers.docker.tls.ca`:
TLS CA TLS CA
`--providers.docker.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.docker.tls.cert`: `--providers.docker.tls.cert`:
TLS cert TLS cert
@@ -559,13 +607,13 @@ Watch Docker events. (Default: ```true```)
Enable AWS ECS backend with default settings. (Default: ```false```) Enable AWS ECS backend with default settings. (Default: ```false```)
`--providers.ecs.accesskeyid`: `--providers.ecs.accesskeyid`:
The AWS credentials access key to use for making requests AWS credentials access key ID to use for making requests.
`--providers.ecs.autodiscoverclusters`: `--providers.ecs.autodiscoverclusters`:
Auto discover cluster (Default: ```false```) Auto discover cluster. (Default: ```false```)
`--providers.ecs.clusters`: `--providers.ecs.clusters`:
ECS Clusters name (Default: ```default```) ECS Cluster names. (Default: ```default```)
`--providers.ecs.constraints`: `--providers.ecs.constraints`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
@@ -574,19 +622,22 @@ Constraints is an expression that Traefik matches against the container's labels
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```) Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`--providers.ecs.ecsanywhere`: `--providers.ecs.ecsanywhere`:
Enable ECS Anywhere support (Default: ```false```) Enable ECS Anywhere support. (Default: ```false```)
`--providers.ecs.exposedbydefault`: `--providers.ecs.exposedbydefault`:
Expose services by default (Default: ```true```) Expose services by default. (Default: ```true```)
`--providers.ecs.healthytasksonly`:
Determines whether to discover only healthy tasks. (Default: ```false```)
`--providers.ecs.refreshseconds`: `--providers.ecs.refreshseconds`:
Polling interval (in seconds) (Default: ```15```) Polling interval (in seconds). (Default: ```15```)
`--providers.ecs.region`: `--providers.ecs.region`:
The AWS region to use for requests AWS region to use for requests.
`--providers.ecs.secretaccesskey`: `--providers.ecs.secretaccesskey`:
The AWS credentials access key to use for making requests AWS credentials access key to use for making requests.
`--providers.etcd`: `--providers.etcd`:
Enable Etcd backend with default settings. (Default: ```false```) Enable Etcd backend with default settings. (Default: ```false```)
@@ -603,9 +654,6 @@ Root key used for KV store. (Default: ```traefik```)
`--providers.etcd.tls.ca`: `--providers.etcd.tls.ca`:
TLS CA TLS CA
`--providers.etcd.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.etcd.tls.cert`: `--providers.etcd.tls.cert`:
TLS cert TLS cert
@@ -636,6 +684,9 @@ Enable HTTP backend with default settings. (Default: ```false```)
`--providers.http.endpoint`: `--providers.http.endpoint`:
Load configuration from this endpoint. Load configuration from this endpoint.
`--providers.http.headers.<name>`:
Define custom headers to be sent to the endpoint.
`--providers.http.pollinterval`: `--providers.http.pollinterval`:
Polling interval for endpoint. (Default: ```5```) Polling interval for endpoint. (Default: ```5```)
@@ -645,9 +696,6 @@ Polling timeout for endpoint. (Default: ```5```)
`--providers.http.tls.ca`: `--providers.http.tls.ca`:
TLS CA TLS CA
`--providers.http.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.http.tls.cert`: `--providers.http.tls.cert`:
TLS cert TLS cert
@@ -792,9 +840,6 @@ Set a response header timeout for Marathon. (Default: ```60```)
`--providers.marathon.tls.ca`: `--providers.marathon.tls.ca`:
TLS CA TLS CA
`--providers.marathon.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.marathon.tls.cert`: `--providers.marathon.tls.cert`:
TLS cert TLS cert
@@ -823,7 +868,7 @@ Constraints is an expression that Traefik matches against the Nomad service's ta
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```) Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`--providers.nomad.endpoint.address`: `--providers.nomad.endpoint.address`:
The address of the Nomad server, including scheme and port. (Default: ```http://127.0.0.1:4646```) The address of the Nomad server, including scheme and port.
`--providers.nomad.endpoint.endpointwaittime`: `--providers.nomad.endpoint.endpointwaittime`:
WaitTime limits how long a Watch will block. If not provided, the agent default values will be used (Default: ```0```) WaitTime limits how long a Watch will block. If not provided, the agent default values will be used (Default: ```0```)
@@ -834,9 +879,6 @@ Nomad region to use. If not provided, the local agent region is used.
`--providers.nomad.endpoint.tls.ca`: `--providers.nomad.endpoint.tls.ca`:
TLS CA TLS CA
`--providers.nomad.endpoint.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.nomad.endpoint.tls.cert`: `--providers.nomad.endpoint.tls.cert`:
TLS cert TLS cert
@@ -852,8 +894,8 @@ Token is used to provide a per-request ACL token.
`--providers.nomad.exposedbydefault`: `--providers.nomad.exposedbydefault`:
Expose Nomad services by default. (Default: ```true```) Expose Nomad services by default. (Default: ```true```)
`--providers.nomad.namespace`: `--providers.nomad.namespaces`:
Sets the Nomad namespace used to discover services. Sets the Nomad namespaces used to discover services.
`--providers.nomad.prefix`: `--providers.nomad.prefix`:
Prefix for nomad service tags. (Default: ```traefik```) Prefix for nomad service tags. (Default: ```traefik```)
@@ -915,9 +957,6 @@ Root key used for KV store. (Default: ```traefik```)
`--providers.redis.tls.ca`: `--providers.redis.tls.ca`:
TLS CA TLS CA
`--providers.redis.tls.caoptional`:
TLS CA.Optional (Default: ```false```)
`--providers.redis.tls.cert`: `--providers.redis.tls.cert`:
TLS cert TLS cert
@@ -969,6 +1008,18 @@ If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, D
`--serverstransport.rootcas`: `--serverstransport.rootcas`:
Add cert file for self-signed certificate. Add cert file for self-signed certificate.
`--serverstransport.spiffe`:
Defines the SPIFFE configuration. (Default: ```false```)
`--serverstransport.spiffe.ids`:
Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).
`--serverstransport.spiffe.trustdomain`:
Defines the allowed SPIFFE trust domain.
`--spiffe.workloadapiaddr`:
Defines the workload API address.
`--tracing`: `--tracing`:
OpenTracing configuration. (Default: ```false```) OpenTracing configuration. (Default: ```false```)
@@ -981,9 +1032,6 @@ Sets the header name prefix used to store baggage items in a map.
`--tracing.datadog.debug`: `--tracing.datadog.debug`:
Enables Datadog debug. (Default: ```false```) Enables Datadog debug. (Default: ```false```)
`--tracing.datadog.globaltag`:
Sets a key:value tag on all spans.
`--tracing.datadog.globaltags.<name>`: `--tracing.datadog.globaltags.<name>`:
Sets a list of key:value tags on all spans. Sets a list of key:value tags on all spans.
@@ -1089,6 +1137,36 @@ Sets the sampling type. (Default: ```const```)
`--tracing.jaeger.tracecontextheadername`: `--tracing.jaeger.tracecontextheadername`:
Sets the header name used to store the trace ID. (Default: ```uber-trace-id```) Sets the header name used to store the trace ID. (Default: ```uber-trace-id```)
`--tracing.opentelemetry`:
Settings for OpenTelemetry. (Default: ```false```)
`--tracing.opentelemetry.address`:
Sets the address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
`--tracing.opentelemetry.grpc`:
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```)
`--tracing.opentelemetry.headers.<name>`:
Defines additional headers to be sent with the payloads.
`--tracing.opentelemetry.insecure`:
Disables client transport security for the exporter. (Default: ```false```)
`--tracing.opentelemetry.path`:
Sets the URL path of the collector endpoint.
`--tracing.opentelemetry.tls.ca`:
TLS CA
`--tracing.opentelemetry.tls.cert`:
TLS cert
`--tracing.opentelemetry.tls.insecureskipverify`:
TLS insecure skip verify (Default: ```false```)
`--tracing.opentelemetry.tls.key`:
TLS key
`--tracing.servicename`: `--tracing.servicename`:
Set the name for this service. (Default: ```traefik```) Set the name for this service. (Default: ```traefik```)

172
docs/content/reference/static-configuration/env-ref.md
View File

@@ -99,12 +99,18 @@ Storage to use. (Default: ```acme.json```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_TLSCHALLENGE`: `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_TLSCHALLENGE`:
Activate TLS-ALPN-01 Challenge. (Default: ```true```) Activate TLS-ALPN-01 Challenge. (Default: ```true```)
`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_TAILSCALE`:
Enables Tailscale certificate resolution. (Default: ```true```)
`TRAEFIK_ENTRYPOINTS_<NAME>`: `TRAEFIK_ENTRYPOINTS_<NAME>`:
Entry points definition. (Default: ```false```) Entry points definition. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_ADDRESS`: `TRAEFIK_ENTRYPOINTS_<NAME>_ADDRESS`:
Entry point address. Entry point address.
`TRAEFIK_ENTRYPOINTS_<NAME>_ASDEFAULT`:
Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. (Default: ```false```)
`TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_INSECURE`: `TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_INSECURE`:
Trust all forwarded headers. (Default: ```false```) Trust all forwarded headers. (Default: ```false```)
@@ -183,9 +189,6 @@ WriteTimeout is the maximum duration before timing out writes of the response. I
`TRAEFIK_ENTRYPOINTS_<NAME>_UDP_TIMEOUT`: `TRAEFIK_ENTRYPOINTS_<NAME>_UDP_TIMEOUT`:
Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```) Timeout defines how long to wait on an idle session before releasing the related resources. (Default: ```3```)
`TRAEFIK_EXPERIMENTAL_HTTP3`:
Enable HTTP3. (Default: ```false```)
`TRAEFIK_EXPERIMENTAL_HUB`: `TRAEFIK_EXPERIMENTAL_HUB`:
Enable the Traefik Hub provider. (Default: ```false```) Enable the Traefik Hub provider. (Default: ```false```)
@@ -240,6 +243,9 @@ The TLS key for Traefik Proxy as a TLS client.
`TRAEFIK_LOG`: `TRAEFIK_LOG`:
Traefik log settings. (Default: ```false```) Traefik log settings. (Default: ```false```)
`TRAEFIK_LOG_COMPRESS`:
Determines if the rotated log files should be compressed using gzip. (Default: ```false```)
`TRAEFIK_LOG_FILEPATH`: `TRAEFIK_LOG_FILEPATH`:
Traefik log file path. Stdout is used when omitted or empty. Traefik log file path. Stdout is used when omitted or empty.
@@ -249,6 +255,18 @@ Traefik log format: json | common (Default: ```common```)
`TRAEFIK_LOG_LEVEL`: `TRAEFIK_LOG_LEVEL`:
Log level set to traefik logs. (Default: ```ERROR```) Log level set to traefik logs. (Default: ```ERROR```)
`TRAEFIK_LOG_MAXAGE`:
Maximum number of days to retain old log files based on the timestamp encoded in their filename. (Default: ```0```)
`TRAEFIK_LOG_MAXBACKUPS`:
Maximum number of old log files to retain. (Default: ```0```)
`TRAEFIK_LOG_MAXSIZE`:
Maximum size in megabytes of the log file before it gets rotated. (Default: ```0```)
`TRAEFIK_LOG_NOCOLOR`:
When using the 'common' format, disables the colorized output. (Default: ```false```)
`TRAEFIK_METRICS_DATADOG`: `TRAEFIK_METRICS_DATADOG`:
Datadog metrics exporter type. (Default: ```false```) Datadog metrics exporter type. (Default: ```false```)
@@ -336,6 +354,51 @@ InfluxDB retention policy used when protocol is http.
`TRAEFIK_METRICS_INFLUXDB_USERNAME`: `TRAEFIK_METRICS_INFLUXDB_USERNAME`:
InfluxDB username (only with http). InfluxDB username (only with http).
`TRAEFIK_METRICS_OPENTELEMETRY`:
OpenTelemetry metrics exporter type. (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDENTRYPOINTSLABELS`:
Enable metrics on entry points. (Default: ```true```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDRESS`:
Address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDROUTERSLABELS`:
Enable metrics on routers. (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_ADDSERVICESLABELS`:
Enable metrics on services. (Default: ```true```)
`TRAEFIK_METRICS_OPENTELEMETRY_EXPLICITBOUNDARIES`:
Boundaries for latency metrics. (Default: ```0.005000, 0.010000, 0.025000, 0.050000, 0.100000, 0.250000, 0.500000, 1.000000, 2.500000, 5.000000, 10.000000```)
`TRAEFIK_METRICS_OPENTELEMETRY_GRPC`:
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```)
`TRAEFIK_METRICS_OPENTELEMETRY_HEADERS_<NAME>`:
Headers sent with payload.
`TRAEFIK_METRICS_OPENTELEMETRY_INSECURE`:
Disables client transport security for the exporter. (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_PATH`:
Set the URL path of the collector endpoint.
`TRAEFIK_METRICS_OPENTELEMETRY_PUSHINTERVAL`:
Period between calls to collect a checkpoint. (Default: ```10```)
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_CA`:
TLS CA
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_CERT`:
TLS cert
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_METRICS_OPENTELEMETRY_TLS_KEY`:
TLS key
`TRAEFIK_METRICS_PROMETHEUS`: `TRAEFIK_METRICS_PROMETHEUS`:
Prometheus metrics exporter type. (Default: ```false```) Prometheus metrics exporter type. (Default: ```false```)
@@ -432,9 +495,6 @@ The URI scheme for the Consul server
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`: `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`: `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_TLS_CERT`:
TLS cert TLS cert
@@ -450,9 +510,6 @@ Token is used to provide a per-request ACL token which overrides the agent's def
`TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`: `TRAEFIK_PROVIDERS_CONSULCATALOG_EXPOSEDBYDEFAULT`:
Expose containers by default. (Default: ```true```) Expose containers by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACE`:
Sets the namespace used to discover services (Consul Enterprise only).
`TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`: `TRAEFIK_PROVIDERS_CONSULCATALOG_NAMESPACES`:
Sets the namespaces used to discover services (Consul Enterprise only). Sets the namespaces used to discover services (Consul Enterprise only).
@@ -477,9 +534,6 @@ Watch Consul API events. (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`: `TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`:
KV store endpoints. (Default: ```127.0.0.1:8500```) KV store endpoints. (Default: ```127.0.0.1:8500```)
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACE`:
Sets the namespace used to discover the configuration (Consul Enterprise only).
`TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`: `TRAEFIK_PROVIDERS_CONSUL_NAMESPACES`:
Sets the namespaces used to discover the configuration (Consul Enterprise only). Sets the namespaces used to discover the configuration (Consul Enterprise only).
@@ -489,9 +543,6 @@ Root key used for KV store. (Default: ```traefik```)
`TRAEFIK_PROVIDERS_CONSUL_TLS_CA`: `TRAEFIK_PROVIDERS_CONSUL_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_CONSUL_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`: `TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`:
TLS cert TLS cert
@@ -537,9 +588,6 @@ Polling interval for swarm mode. (Default: ```15```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CA`: `TRAEFIK_PROVIDERS_DOCKER_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_DOCKER_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`: `TRAEFIK_PROVIDERS_DOCKER_TLS_CERT`:
TLS cert TLS cert
@@ -559,13 +607,13 @@ Watch Docker events. (Default: ```true```)
Enable AWS ECS backend with default settings. (Default: ```false```) Enable AWS ECS backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_ECS_ACCESSKEYID`: `TRAEFIK_PROVIDERS_ECS_ACCESSKEYID`:
The AWS credentials access key to use for making requests AWS credentials access key ID to use for making requests.
`TRAEFIK_PROVIDERS_ECS_AUTODISCOVERCLUSTERS`: `TRAEFIK_PROVIDERS_ECS_AUTODISCOVERCLUSTERS`:
Auto discover cluster (Default: ```false```) Auto discover cluster. (Default: ```false```)
`TRAEFIK_PROVIDERS_ECS_CLUSTERS`: `TRAEFIK_PROVIDERS_ECS_CLUSTERS`:
ECS Clusters name (Default: ```default```) ECS Cluster names. (Default: ```default```)
`TRAEFIK_PROVIDERS_ECS_CONSTRAINTS`: `TRAEFIK_PROVIDERS_ECS_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
@@ -574,19 +622,22 @@ Constraints is an expression that Traefik matches against the container's labels
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```) Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_ECS_ECSANYWHERE`: `TRAEFIK_PROVIDERS_ECS_ECSANYWHERE`:
Enable ECS Anywhere support (Default: ```false```) Enable ECS Anywhere support. (Default: ```false```)
`TRAEFIK_PROVIDERS_ECS_EXPOSEDBYDEFAULT`: `TRAEFIK_PROVIDERS_ECS_EXPOSEDBYDEFAULT`:
Expose services by default (Default: ```true```) Expose services by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_ECS_HEALTHYTASKSONLY`:
Determines whether to discover only healthy tasks. (Default: ```false```)
`TRAEFIK_PROVIDERS_ECS_REFRESHSECONDS`: `TRAEFIK_PROVIDERS_ECS_REFRESHSECONDS`:
Polling interval (in seconds) (Default: ```15```) Polling interval (in seconds). (Default: ```15```)
`TRAEFIK_PROVIDERS_ECS_REGION`: `TRAEFIK_PROVIDERS_ECS_REGION`:
The AWS region to use for requests AWS region to use for requests.
`TRAEFIK_PROVIDERS_ECS_SECRETACCESSKEY`: `TRAEFIK_PROVIDERS_ECS_SECRETACCESSKEY`:
The AWS credentials access key to use for making requests AWS credentials access key to use for making requests.
`TRAEFIK_PROVIDERS_ETCD`: `TRAEFIK_PROVIDERS_ETCD`:
Enable Etcd backend with default settings. (Default: ```false```) Enable Etcd backend with default settings. (Default: ```false```)
@@ -603,9 +654,6 @@ Root key used for KV store. (Default: ```traefik```)
`TRAEFIK_PROVIDERS_ETCD_TLS_CA`: `TRAEFIK_PROVIDERS_ETCD_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_ETCD_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_ETCD_TLS_CERT`: `TRAEFIK_PROVIDERS_ETCD_TLS_CERT`:
TLS cert TLS cert
@@ -636,6 +684,9 @@ Enable HTTP backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_HTTP_ENDPOINT`: `TRAEFIK_PROVIDERS_HTTP_ENDPOINT`:
Load configuration from this endpoint. Load configuration from this endpoint.
`TRAEFIK_PROVIDERS_HTTP_HEADERS_<NAME>`:
Define custom headers to be sent to the endpoint.
`TRAEFIK_PROVIDERS_HTTP_POLLINTERVAL`: `TRAEFIK_PROVIDERS_HTTP_POLLINTERVAL`:
Polling interval for endpoint. (Default: ```5```) Polling interval for endpoint. (Default: ```5```)
@@ -645,9 +696,6 @@ Polling timeout for endpoint. (Default: ```5```)
`TRAEFIK_PROVIDERS_HTTP_TLS_CA`: `TRAEFIK_PROVIDERS_HTTP_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_HTTP_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_HTTP_TLS_CERT`: `TRAEFIK_PROVIDERS_HTTP_TLS_CERT`:
TLS cert TLS cert
@@ -795,9 +843,6 @@ Set a TLS handshake timeout for Marathon. (Default: ```5```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CA`: `TRAEFIK_PROVIDERS_MARATHON_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_MARATHON_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`: `TRAEFIK_PROVIDERS_MARATHON_TLS_CERT`:
TLS cert TLS cert
@@ -823,7 +868,7 @@ Constraints is an expression that Traefik matches against the Nomad service's ta
Default rule. (Default: ```Host(`{{ normalize .Name }}`)```) Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_ADDRESS`: `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_ADDRESS`:
The address of the Nomad server, including scheme and port. (Default: ```http://127.0.0.1:4646```) The address of the Nomad server, including scheme and port.
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_ENDPOINTWAITTIME`: `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_ENDPOINTWAITTIME`:
WaitTime limits how long a Watch will block. If not provided, the agent default values will be used (Default: ```0```) WaitTime limits how long a Watch will block. If not provided, the agent default values will be used (Default: ```0```)
@@ -834,9 +879,6 @@ Nomad region to use. If not provided, the local agent region is used.
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`: `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`: `TRAEFIK_PROVIDERS_NOMAD_ENDPOINT_TLS_CERT`:
TLS cert TLS cert
@@ -852,8 +894,8 @@ Token is used to provide a per-request ACL token.
`TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`: `TRAEFIK_PROVIDERS_NOMAD_EXPOSEDBYDEFAULT`:
Expose Nomad services by default. (Default: ```true```) Expose Nomad services by default. (Default: ```true```)
`TRAEFIK_PROVIDERS_NOMAD_NAMESPACE`: `TRAEFIK_PROVIDERS_NOMAD_NAMESPACES`:
Sets the Nomad namespace used to discover services. Sets the Nomad namespaces used to discover services.
`TRAEFIK_PROVIDERS_NOMAD_PREFIX`: `TRAEFIK_PROVIDERS_NOMAD_PREFIX`:
Prefix for nomad service tags. (Default: ```traefik```) Prefix for nomad service tags. (Default: ```traefik```)
@@ -915,9 +957,6 @@ Root key used for KV store. (Default: ```traefik```)
`TRAEFIK_PROVIDERS_REDIS_TLS_CA`: `TRAEFIK_PROVIDERS_REDIS_TLS_CA`:
TLS CA TLS CA
`TRAEFIK_PROVIDERS_REDIS_TLS_CAOPTIONAL`:
TLS CA.Optional (Default: ```false```)
`TRAEFIK_PROVIDERS_REDIS_TLS_CERT`: `TRAEFIK_PROVIDERS_REDIS_TLS_CERT`:
TLS cert TLS cert
@@ -969,6 +1008,18 @@ If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, D
`TRAEFIK_SERVERSTRANSPORT_ROOTCAS`: `TRAEFIK_SERVERSTRANSPORT_ROOTCAS`:
Add cert file for self-signed certificate. Add cert file for self-signed certificate.
`TRAEFIK_SERVERSTRANSPORT_SPIFFE`:
Defines the SPIFFE configuration. (Default: ```false```)
`TRAEFIK_SERVERSTRANSPORT_SPIFFE_IDS`:
Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain).
`TRAEFIK_SERVERSTRANSPORT_SPIFFE_TRUSTDOMAIN`:
Defines the allowed SPIFFE trust domain.
`TRAEFIK_SPIFFE_WORKLOADAPIADDR`:
Defines the workload API address.
`TRAEFIK_TRACING`: `TRAEFIK_TRACING`:
OpenTracing configuration. (Default: ```false```) OpenTracing configuration. (Default: ```false```)
@@ -981,9 +1032,6 @@ Sets the header name prefix used to store baggage items in a map.
`TRAEFIK_TRACING_DATADOG_DEBUG`: `TRAEFIK_TRACING_DATADOG_DEBUG`:
Enables Datadog debug. (Default: ```false```) Enables Datadog debug. (Default: ```false```)
`TRAEFIK_TRACING_DATADOG_GLOBALTAG`:
Sets a key:value tag on all spans.
`TRAEFIK_TRACING_DATADOG_GLOBALTAGS_<NAME>`: `TRAEFIK_TRACING_DATADOG_GLOBALTAGS_<NAME>`:
Sets a list of key:value tags on all spans. Sets a list of key:value tags on all spans.
@@ -1089,6 +1137,36 @@ Sets the sampling type. (Default: ```const```)
`TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`: `TRAEFIK_TRACING_JAEGER_TRACECONTEXTHEADERNAME`:
Sets the header name used to store the trace ID. (Default: ```uber-trace-id```) Sets the header name used to store the trace ID. (Default: ```uber-trace-id```)
`TRAEFIK_TRACING_OPENTELEMETRY`:
Settings for OpenTelemetry. (Default: ```false```)
`TRAEFIK_TRACING_OPENTELEMETRY_ADDRESS`:
Sets the address (host:port) of the collector endpoint. (Default: ```localhost:4318```)
`TRAEFIK_TRACING_OPENTELEMETRY_GRPC`:
gRPC specific configuration for the OpenTelemetry collector. (Default: ```true```)
`TRAEFIK_TRACING_OPENTELEMETRY_HEADERS_<NAME>`:
Defines additional headers to be sent with the payloads.
`TRAEFIK_TRACING_OPENTELEMETRY_INSECURE`:
Disables client transport security for the exporter. (Default: ```false```)
`TRAEFIK_TRACING_OPENTELEMETRY_PATH`:
Sets the URL path of the collector endpoint.
`TRAEFIK_TRACING_OPENTELEMETRY_TLS_CA`:
TLS CA
`TRAEFIK_TRACING_OPENTELEMETRY_TLS_CERT`:
TLS cert
`TRAEFIK_TRACING_OPENTELEMETRY_TLS_INSECURESKIPVERIFY`:
TLS insecure skip verify (Default: ```false```)
`TRAEFIK_TRACING_OPENTELEMETRY_TLS_KEY`:
TLS key
`TRAEFIK_TRACING_SERVICENAME`: `TRAEFIK_TRACING_SERVICENAME`:
Set the name for this service. (Default: ```traefik```) Set the name for this service. (Default: ```traefik```)

79
docs/content/reference/static-configuration/file.toml
View File

@@ -14,6 +14,7 @@
[entryPoints] [entryPoints]
[entryPoints.EntryPoint0] [entryPoints.EntryPoint0]
address = "foobar" address = "foobar"
asDefault = true
[entryPoints.EntryPoint0.transport] [entryPoints.EntryPoint0.transport]
[entryPoints.EntryPoint0.transport.lifeCycle] [entryPoints.EntryPoint0.transport.lifeCycle]
requestAcceptGraceTimeout = "42s" requestAcceptGraceTimeout = "42s"
@@ -70,7 +71,6 @@
allowEmptyServices = true allowEmptyServices = true
[providers.docker.tls] [providers.docker.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -95,7 +95,6 @@
respectReadinessChecks = true respectReadinessChecks = true
[providers.marathon.tls] [providers.marathon.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -158,7 +157,6 @@
connectByDefault = true connectByDefault = true
serviceName = "foobar" serviceName = "foobar"
watch = true watch = true
namespace = "foobar"
namespaces = ["foobar", "foobar"] namespaces = ["foobar", "foobar"]
[providers.consulCatalog.endpoint] [providers.consulCatalog.endpoint]
address = "foobar" address = "foobar"
@@ -168,7 +166,6 @@
endpointWaitTime = "42s" endpointWaitTime = "42s"
[providers.consulCatalog.endpoint.tls] [providers.consulCatalog.endpoint.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -180,7 +177,7 @@
constraints = "foobar" constraints = "foobar"
prefix = "foobar" prefix = "foobar"
stale = true stale = true
namespace = "foobar" namespaces = ["foobar", "foobar"]
exposedByDefault = true exposedByDefault = true
refreshInterval = "42s" refreshInterval = "42s"
[providers.nomad.endpoint] [providers.nomad.endpoint]
@@ -190,7 +187,6 @@
endpointWaitTime = "42s" endpointWaitTime = "42s"
[providers.nomad.endpoint.tls] [providers.nomad.endpoint.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -205,15 +201,14 @@
accessKeyID = "foobar" accessKeyID = "foobar"
secretAccessKey = "foobar" secretAccessKey = "foobar"
ecsAnywhere = true ecsAnywhere = true
healthyTasksOnly = true
[providers.consul] [providers.consul]
rootKey = "foobar" rootKey = "foobar"
endpoints = ["foobar", "foobar"] endpoints = ["foobar", "foobar"]
token = "foobar" token = "foobar"
namespace = "foobar"
namespaces = ["foobar", "foobar"] namespaces = ["foobar", "foobar"]
[providers.consul.tls] [providers.consul.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -224,7 +219,6 @@
password = "foobar" password = "foobar"
[providers.etcd.tls] [providers.etcd.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -241,7 +235,6 @@
db = 42 db = 42
[providers.redis.tls] [providers.redis.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -249,9 +242,11 @@
endpoint = "foobar" endpoint = "foobar"
pollInterval = "42s" pollInterval = "42s"
pollTimeout = "42s" pollTimeout = "42s"
[providers.http.headers]
name0 = "foobar"
name1 = "foobar"
[providers.http.tls] [providers.http.tls]
ca = "foobar" ca = "foobar"
caOptional = true
cert = "foobar" cert = "foobar"
key = "foobar" key = "foobar"
insecureSkipVerify = true insecureSkipVerify = true
@@ -312,6 +307,25 @@
[metrics.influxDB2.additionalLabels] [metrics.influxDB2.additionalLabels]
name0 = "foobar" name0 = "foobar"
name1 = "foobar" name1 = "foobar"
[metrics.openTelemetry]
address = "foobar"
addEntryPointsLabels = true
addRoutersLabels = true
addServicesLabels = true
pushInterval = "42s"
path = "foobar"
explicitBoundaries = [42.0, 42.0]
insecure = true
[metrics.openTelemetry.headers]
name0 = "foobar"
name1 = "foobar"
[metrics.openTelemetry.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
insecureSkipVerify = true
key = "foobar"
[metrics.openTelemetry.grpc]
[ping] [ping]
entryPoint = "foobar" entryPoint = "foobar"
@@ -320,8 +334,13 @@
[log] [log]
level = "foobar" level = "foobar"
filePath = "foobar"
format = "foobar" format = "foobar"
noColor = true
filePath = "foobar"
maxSize = 42
maxBackups = 42
maxAge = 42
compress = true
[accessLog] [accessLog]
filePath = "foobar" filePath = "foobar"
@@ -365,7 +384,6 @@
sampleRate = 42.0 sampleRate = 42.0
[tracing.datadog] [tracing.datadog]
localAgentHostPort = "foobar" localAgentHostPort = "foobar"
globalTag = "foobar"
[tracing.datadog.globalTags] [tracing.datadog.globalTags]
tag1 = "foobar" tag1 = "foobar"
tag2 = "foobar" tag2 = "foobar"
@@ -392,6 +410,20 @@
serverURL = "foobar" serverURL = "foobar"
secretToken = "foobar" secretToken = "foobar"
serviceEnvironment = "foobar" serviceEnvironment = "foobar"
[tracing.openTelemetry]
address = "foobar"
insecure = true
path = "foobar"
[tracing.openTelemetry.headers]
name0 = "foobar"
name1 = "foobar"
[tracing.openTelemetry.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[tracing.openTelemetry.grpc]
[hostResolver] [hostResolver]
cnameFlattening = true cnameFlattening = true
@@ -418,25 +450,7 @@
[certificatesResolvers.CertificateResolver0.acme.httpChallenge] [certificatesResolvers.CertificateResolver0.acme.httpChallenge]
entryPoint = "foobar" entryPoint = "foobar"
[certificatesResolvers.CertificateResolver0.acme.tlsChallenge] [certificatesResolvers.CertificateResolver0.acme.tlsChallenge]
[certificatesResolvers.CertificateResolver1] [certificatesResolvers.CertificateResolver1.tailscale]
[certificatesResolvers.CertificateResolver1.acme]
email = "foobar"
caServer = "foobar"
preferredChain = "foobar"
storage = "foobar"
keyType = "foobar"
certificatesDuration = 42
[certificatesResolvers.CertificateResolver1.acme.eab]
kid = "foobar"
hmacEncoded = "foobar"
[certificatesResolvers.CertificateResolver1.acme.dnsChallenge]
provider = "foobar"
delayBeforeCheck = "42s"
resolvers = ["foobar", "foobar"]
disablePropagationCheck = true
[certificatesResolvers.CertificateResolver1.acme.httpChallenge]
entryPoint = "foobar"
[certificatesResolvers.CertificateResolver1.acme.tlsChallenge]
[hub] [hub]
[hub.tls] [hub.tls]
@@ -447,7 +461,6 @@
[experimental] [experimental]
kubernetesGateway = true kubernetesGateway = true
http3 = true
hub = true hub = true
[experimental.plugins] [experimental.plugins]
[experimental.plugins.Descriptor0] [experimental.plugins.Descriptor0]

85
docs/content/reference/static-configuration/file.yaml
View File

@@ -14,6 +14,7 @@ serversTransport:
entryPoints: entryPoints:
EntryPoint0: EntryPoint0:
address: foobar address: foobar
asDefault: true
transport: transport:
lifeCycle: lifeCycle:
requestAcceptGraceTimeout: 42s requestAcceptGraceTimeout: 42s
@@ -69,7 +70,6 @@ providers:
defaultRule: foobar defaultRule: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -95,7 +95,6 @@ providers:
dcosToken: foobar dcosToken: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -170,7 +169,6 @@ providers:
connectByDefault: true connectByDefault: true
serviceName: foobar serviceName: foobar
watch: true watch: true
namespace: foobar
namespaces: namespaces:
- foobar - foobar
- foobar - foobar
@@ -182,7 +180,6 @@ providers:
endpointWaitTime: 42s endpointWaitTime: 42s
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -194,7 +191,9 @@ providers:
constraints: foobar constraints: foobar
prefix: foobar prefix: foobar
stale: true stale: true
namespace: foobar namespaces:
- foobar
- foobar
exposedByDefault: true exposedByDefault: true
refreshInterval: 42s refreshInterval: 42s
endpoint: endpoint:
@@ -204,7 +203,6 @@ providers:
endpointWaitTime: 42s endpointWaitTime: 42s
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -221,19 +219,18 @@ providers:
accessKeyID: foobar accessKeyID: foobar
secretAccessKey: foobar secretAccessKey: foobar
ecsAnywhere: true ecsAnywhere: true
healthyTasksOnly: true
consul: consul:
rootKey: foobar rootKey: foobar
endpoints: endpoints:
- foobar - foobar
- foobar - foobar
token: foobar token: foobar
namespace: foobar
namespaces: namespaces:
- foobar - foobar
- foobar - foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -246,7 +243,6 @@ providers:
password: foobar password: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -267,7 +263,6 @@ providers:
db: 42 db: 42
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -275,9 +270,11 @@ providers:
endpoint: foobar endpoint: foobar
pollInterval: 42s pollInterval: 42s
pollTimeout: 42s pollTimeout: 42s
headers:
name0: foobar
name1: foobar
tls: tls:
ca: foobar ca: foobar
caOptional: true
cert: foobar cert: foobar
key: foobar key: foobar
insecureSkipVerify: true insecureSkipVerify: true
@@ -338,14 +335,41 @@ metrics:
additionalLabels: additionalLabels:
name0: foobar name0: foobar
name1: foobar name1: foobar
openTelemetry:
address: foobar
addEntryPointsLabels: true
addRoutersLabels: true
addServicesLabels: true
explicitBoundaries:
- 42
- 42
headers:
name0: foobar
name1: foobar
insecure: true
path: foobar
pushInterval: 42s
tls:
ca: foobar
caOptional: true
cert: foobar
insecureSkipVerify: true
key: foobar
grpc: {}
ping: ping:
entryPoint: foobar entryPoint: foobar
manualRouting: true manualRouting: true
terminatingStatusCode: 42 terminatingStatusCode: 42
log: log:
level: foobar level: foobar
filePath: foobar
format: foobar format: foobar
noColor: true
filePath: foobar
maxSize: 42
maxBackups: 42
maxAge: 42
compress: true
accessLog: accessLog:
filePath: foobar filePath: foobar
format: foobar format: foobar
@@ -389,7 +413,6 @@ tracing:
sampleRate: 42 sampleRate: 42
datadog: datadog:
localAgentHostPort: foobar localAgentHostPort: foobar
globalTag: foobar
globalTags: globalTags:
tag1: foobar tag1: foobar
tag2: foobar tag2: foobar
@@ -416,6 +439,20 @@ tracing:
serverURL: foobar serverURL: foobar
secretToken: foobar secretToken: foobar
serviceEnvironment: foobar serviceEnvironment: foobar
openTelemetry:
address: foobar
headers:
name0: foobar
name1: foobar
insecure: true
path: foobar
tls:
ca: foobar
caOptional: true
cert: foobar
key: foobar
insecureSkipVerify: true
grpc: {}
hostResolver: hostResolver:
cnameFlattening: true cnameFlattening: true
resolvConfig: foobar resolvConfig: foobar
@@ -443,26 +480,7 @@ certificatesResolvers:
entryPoint: foobar entryPoint: foobar
tlsChallenge: {} tlsChallenge: {}
CertificateResolver1: CertificateResolver1:
acme: tailscale: {}
email: foobar
caServer: foobar
certificatesDuration: 42
preferredChain: foobar
storage: foobar
keyType: foobar
eab:
kid: foobar
hmacEncoded: foobar
dnsChallenge:
provider: foobar
delayBeforeCheck: 42s
resolvers:
- foobar
- foobar
disablePropagationCheck: true
httpChallenge:
entryPoint: foobar
tlsChallenge: {}
hub: hub:
tls: tls:
insecure: true insecure: true
@@ -471,7 +489,6 @@ hub:
key: foobar key: foobar
experimental: experimental:
kubernetesGateway: true kubernetesGateway: true
http3: true
hub: true hub: true
plugins: plugins:
Descriptor0: Descriptor0:

108
docs/content/routing/entrypoints.md
View File

@@ -233,6 +233,54 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go. Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
### AsDefault
_Optional, Default=false_
The `AsDefault` option marks the EntryPoint to be in the list of default EntryPoints.
EntryPoints in this list are used (by default) on HTTP and TCP routers that do not define their own [EntryPoints option](./routers/index.md#entrypoints).
!!! info "List of default EntryPoints"
If there is no EntryPoint with the `AsDefault` option set to `true`,
then the list of default EntryPoints includes all HTTP/TCP EntryPoints.
If at least one EntryPoint has the `AsDefault` option set to `true`,
then the list of default EntryPoints includes only EntryPoints that have the `AsDefault` option set to `true`.
Some built-in EntryPoints are always excluded from the list, namely: `traefik`, `traefikhub-api`, and `traefikhub-tunl`.
!!! warning "Only TCP and HTTP"
The `AsDefault` option has no effect on UDP EntryPoints.
When a UDP router does not define the [EntryPoints option](./routers/index.md#entrypoints_2),
it is attached to all available UDP EntryPoints.
??? example "Defining only one EntryPoint as default"
```yaml tab="File (yaml)"
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
asDefault: true
```
```toml tab="File (TOML)"
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
asDefault = true
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.websecure.asDefault=true
```
### HTTP/2 ### HTTP/2
#### `maxConcurrentStreams` #### `maxConcurrentStreams`
@@ -264,39 +312,32 @@ entryPoints:
#### `http3` #### `http3`
`http3` enables HTTP/3 protocol on the entryPoint. `http3` enables HTTP/3 protocol on the entryPoint.
HTTP/3 requires a TCP entryPoint, as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. HTTP/3 requires a TCP entryPoint,
In most scenarios, this entryPoint is the same as the one used for TLS traffic. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP.
In most scenarios,
this entryPoint is the same as the one used for TLS traffic.
```yaml tab="File (YAML)"
entryPoints:
name:
http3: {}
```
```toml tab="File (TOML)"
[entryPoints.name.http3]
```
```bash tab="CLI"
--entrypoints.name.http3
```
??? info "HTTP/3 uses UDP+TLS" ??? info "HTTP/3 uses UDP+TLS"
As HTTP/3 uses UDP, you can't have a TCP entryPoint with HTTP/3 on the same port as a UDP entryPoint. As HTTP/3 actually uses UDP, when traefik is configured with a TCP entryPoint on port N with HTTP/3 enabled,
Since HTTP/3 requires the use of TLS, only routers with TLS enabled will be usable with HTTP/3. the underlying HTTP/3 server that is started automatically listens on UDP port N too. As a consequence,
it means port N cannot be used by another UDP entryPoint.
!!! warning "Enabling Experimental HTTP/3" Since HTTP/3 requires the use of TLS,
only routers with TLS enabled will be usable with HTTP/3.
As the HTTP/3 spec is still in draft, HTTP/3 support in Traefik is an experimental feature and needs to be activated
in the experimental section of the static configuration.
```yaml tab="File (YAML)"
experimental:
http3: true
entryPoints:
name:
http3: {}
```
```toml tab="File (TOML)"
[experimental]
http3 = true
[entryPoints.name.http3]
```
```bash tab="CLI"
--experimental.http3=true
--entrypoints.name.http3
```
#### `advertisedPort` #### `advertisedPort`
@@ -307,9 +348,6 @@ It can be used to override the authority in the `alt-svc` header, for example if
!!! info "http3.advertisedPort" !!! info "http3.advertisedPort"
```yaml tab="File (YAML)" ```yaml tab="File (YAML)"
experimental:
http3: true
entryPoints: entryPoints:
name: name:
http3: http3:
@@ -317,15 +355,11 @@ It can be used to override the authority in the `alt-svc` header, for example if
``` ```
```toml tab="File (TOML)" ```toml tab="File (TOML)"
[experimental]
http3 = true
[entryPoints.name.http3] [entryPoints.name.http3]
advertisedPort = 443 advertisedPort = 443
``` ```
```bash tab="CLI" ```bash tab="CLI"
--experimental.http3=true
--entrypoints.name.http3.advertisedport=443 --entrypoints.name.http3.advertisedport=443
``` ```

55
docs/content/routing/overview.md
View File

@@ -325,6 +325,61 @@ serversTransport:
--serversTransport.maxIdleConnsPerHost=7 --serversTransport.maxIdleConnsPerHost=7
``` ```
### `spiffe`
Please note that [SPIFFE](../https/spiffe.md) must be enabled in the static configuration
before using it to secure the connection between Traefik and the backends.
#### `spiffe.ids`
_Optional_
`ids` defines the allowed SPIFFE IDs.
This takes precedence over the SPIFFE TrustDomain.
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
spiffe:
ids:
- spiffe://trust-domain/id1
- spiffe://trust-domain/id2
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.spiffe]
ids = ["spiffe://trust-domain/id1", "spiffe://trust-domain/id2"]
```
```bash tab="CLI"
## Static configuration
--serversTransport.spiffe.ids=spiffe://trust-domain/id1,spiffe://trust-domain/id2
```
#### `spiffe.trustDomain`
_Optional_
`trustDomain` defines the allowed SPIFFE trust domain.
```yaml tab="File (YAML)"
## Static configuration
serversTransport:
trustDomain: spiffe://trust-domain
```
```toml tab="File (TOML)"
## Static configuration
[serversTransport.spiffe]
trustDomain = "spiffe://trust-domain"
```
```bash tab="CLI"
## Static configuration
--serversTransport.spiffe.trustDomain=spiffe://trust-domain
```
### `forwardingTimeouts` ### `forwardingTimeouts`
`forwardingTimeouts` is about a number of timeouts relevant to when forwarding requests to the backend servers. `forwardingTimeouts` is about a number of timeouts relevant to when forwarding requests to the backend servers.

8
docs/content/routing/providers/consul-catalog.md
View File

@@ -193,6 +193,14 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar
``` ```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.status`"
See [health check](../services/index.md#health-check) for more information.
```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.status=42
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`" ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`"
See [health check](../services/index.md#health-check) for more information. See [health check](../services/index.md#health-check) for more information.

8
docs/content/routing/providers/docker.md
View File

@@ -347,6 +347,14 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
- "traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar" - "traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar"
``` ```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.status`"
See [health check](../services/index.md#health-check) for more information.
```yaml
- "traefik.http.services.myservice.loadbalancer.healthcheck.status=42"
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`" ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`"
See [health check](../services/index.md#health-check) for more information. See [health check](../services/index.md#health-check) for more information.

8
docs/content/routing/providers/ecs.md
View File

@@ -195,6 +195,14 @@ you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.pa
traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar
``` ```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.status`"
See [health check](../services/index.md#health-check) for more information.
```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.status=42
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`" ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`"
See [health check](../services/index.md#health-check) for more information. See [health check](../services/index.md#health-check) for more information.

27
docs/content/routing/providers/kubernetes-crd.md
View File

@@ -48,7 +48,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.9 image: traefik:v3.0
args: args:
- --log.level=DEBUG - --log.level=DEBUG
- --api - --api
@@ -1287,9 +1287,9 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1
kind: MiddlewareTCP kind: MiddlewareTCP
metadata: metadata:
name: ipwhitelist name: ipallowlist
spec: spec:
ipWhiteList: ipAllowList:
sourceRange: sourceRange:
- 127.0.0.1/32 - 127.0.0.1/32
- 192.168.1.7 - 192.168.1.7
@@ -1305,13 +1305,13 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
entryPoints: entryPoints:
- web - web
routes: routes:
- match: Host(`example.com`) && PathPrefix(`/whitelist`) - match: Host(`example.com`) && PathPrefix(`/allowlist`)
kind: Rule kind: Rule
services: services:
- name: whoami - name: whoami
port: 80 port: 80
middlewares: middlewares:
- name: ipwhitelist - name: ipallowlist
namespace: foo namespace: foo
``` ```
@@ -1609,14 +1609,14 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
`TLSStore` is the CRD implementation of a [Traefik "TLS Store"](../../https/tls.md#certificates-stores). `TLSStore` is the CRD implementation of a [Traefik "TLS Store"](../../https/tls.md#certificates-stores).
Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore` objects. Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore` objects
or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`IngressRouteTCP`](#kind-ingressroutetcp) objects.
!!! important "Default TLS Store" !!! important "Default TLS Store"
Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores). Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores).
This _default_ `TLSStore` should be in a namespace discoverable by Traefik. Since it is used by default on [`IngressRoute`](#kind-ingressroute) and [`IngressRouteTCP`](#kind-ingressroutetcp) objects, there never is a need to actually reference it.
This means that you cannot have two stores that are named default in different Kubernetes namespaces. This means that you cannot have two stores that are named default in different Kubernetes namespaces.
As a consequence, with respect to TLS stores, the only change that makes sense (and only if needed) is to configure the default TLSStore. For the time being, please only configure one TLSStore named default.
!!! info "TLSStore Attributes" !!! info "TLSStore Attributes"
```yaml tab="TLSStore" ```yaml tab="TLSStore"
@@ -1624,7 +1624,7 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
kind: TLSStore kind: TLSStore
metadata: metadata:
name: default name: default
namespace: default
spec: spec:
certificates: # [1] certificates: # [1]
- secretName: foo - secretName: foo
@@ -1645,7 +1645,8 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
kind: TLSStore kind: TLSStore
metadata: metadata:
name: default name: default
namespace: default
spec: spec:
defaultCertificate: defaultCertificate:
secretName: supersecret secretName: supersecret
@@ -1659,14 +1660,16 @@ Register the `TLSStore` kind in the Kubernetes cluster before creating `TLSStore
spec: spec:
entryPoints: entryPoints:
- websecure - web
routes: routes:
- match: Host(`example.com`) && PathPrefix(`/stripit`) - match: Host(`example.com`) && PathPrefix(`/stripit`)
kind: Rule kind: Rule
services: services:
- name: whoami - name: whoami
port: 80 port: 80
tls: {} tls:
store:
name: default
``` ```
```yaml tab="Secret" ```yaml tab="Secret"

16
docs/content/routing/providers/kubernetes-ingress.md
View File

@@ -147,7 +147,7 @@ which in turn will create the resulting routers, services, handlers, etc.
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.9 image: traefik:v3.0
args: args:
- --entrypoints.web.address=:80 - --entrypoints.web.address=:80
- --providers.kubernetesingress - --providers.kubernetesingress
@@ -539,7 +539,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.9 image: traefik:v3.0
args: args:
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls - --entrypoints.websecure.http.tls
@@ -749,7 +749,7 @@ For more options, please refer to the available [annotations](#on-ingress).
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.9 image: traefik:v3.0
args: args:
- --entrypoints.websecure.address=:443 - --entrypoints.websecure.address=:443
- --providers.kubernetesingress - --providers.kubernetesingress
@@ -888,20 +888,14 @@ TLS certificates can be managed in Secrets objects.
### Communication Between Traefik and Pods ### Communication Between Traefik and Pods
!!! info "It is not possible to route requests directly to [Kubernetes services](https://kubernetes.io/docs/concepts/services-networking/service/ "Link to Kubernetes service docs")"
You can use an `ExternalName` service to forward requests to the Kubernetes service through DNS.
For doing so, you have to [allow external name services](https://doc.traefik.io/traefik/providers/kubernetes-ingress/#allowexternalnameservices "Link to docs about allowing external name services").
Traefik automatically requests endpoint information based on the service provided in the ingress spec. Traefik automatically requests endpoint information based on the service provided in the ingress spec.
Although Traefik will connect directly to the endpoints (pods), Although Traefik will connect directly to the endpoints (pods),
it still checks the service port to see if TLS communication is required. it still checks the service port to see if TLS communication is required.
There are 3 ways to configure Traefik to use HTTPS to communicate with pods: There are 3 ways to configure Traefik to use https to communicate with pods:
1. If the service port defined in the ingress spec is `443` (note that you can still use `targetPort` to use a different port on your pod). 1. If the service port defined in the ingress spec is `443` (note that you can still use `targetPort` to use a different port on your pod).
1. If the service port defined in the ingress spec has a name that starts with `https` (such as `https-api`, `https-web` or just `https`). 1. If the service port defined in the ingress spec has a name that starts with https (such as `https-api`, `https-web` or just `https`).
1. If the service spec includes the annotation `traefik.ingress.kubernetes.io/service.serversscheme: https`. 1. If the service spec includes the annotation `traefik.ingress.kubernetes.io/service.serversscheme: https`.
If either of those configuration options exist, then the backend communication protocol is assumed to be TLS, If either of those configuration options exist, then the backend communication protocol is assumed to be TLS,

10
docs/content/routing/providers/kv.md
View File

@@ -172,6 +172,14 @@ A Story of key & values
|-------------------------------------------------------------------|----------| |-------------------------------------------------------------------|----------|
| `traefik/http/services/myservice/loadbalancer/healthcheck/method` | `foobar` | | `traefik/http/services/myservice/loadbalancer/healthcheck/method` | `foobar` |
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/status`"
See [health check](../services/index.md#health-check) for more information.
| Key (Path) | Value |
|-------------------------------------------------------------------|-------|
| `traefik/http/services/myservice/loadbalancer/healthcheck/status` | `42` |
??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/port`" ??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/port`"
See [health check](../services/index.md#health-check) for more information. See [health check](../services/index.md#health-check) for more information.
@@ -398,7 +406,7 @@ You can declare TCP Routers and/or Services using KV.
#### TCP Services #### TCP Services
??? info "`traefik/tcp/services/<service_name>/loadbalancer/servers/<n>/address`" ??? info "`traefik/tcp/services/<service_name>/loadbalancer/servers/<n>/url`"
See [servers](../services/index.md#servers) for more information. See [servers](../services/index.md#servers) for more information.

8
docs/content/routing/providers/marathon.md
View File

@@ -222,6 +222,14 @@ For example, to change the passHostHeader behavior, you'd add the label `"traefi
"traefik.http.services.myservice.loadbalancer.healthcheck.method": "foobar" "traefik.http.services.myservice.loadbalancer.healthcheck.method": "foobar"
``` ```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.status`"
See [health check](../services/index.md#health-check) for more information.
```json
"traefik.http.services.myservice.loadbalancer.healthcheck.status": "42"
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`" ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`"
See [health check](../services/index.md#health-check) for more information. See [health check](../services/index.md#health-check) for more information.

8
docs/content/routing/providers/nomad.md
View File

@@ -185,6 +185,14 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo
``` ```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.status`"
See [health check](../services/index.md#health-check) for more information.
```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.status=42
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`" ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`"
See [health check](../services/index.md#health-check) for more information. See [health check](../services/index.md#health-check) for more information.

8
docs/content/routing/providers/rancher.md
View File

@@ -228,6 +228,14 @@ you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.pa
- "traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar" - "traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar"
``` ```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.status`"
See [health check](../services/index.md#health-check) for more information.
```yaml
- "traefik.http.services.myservice.loadbalancer.healthcheck.status=42"
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`" ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`"
See [health check](../services/index.md#health-check) for more information. See [health check](../services/index.md#health-check) for more information.

468
docs/content/routing/routers/index.md
View File

@@ -94,7 +94,7 @@ or act before forwarding the request to the service.
### EntryPoints ### EntryPoints
If not specified, HTTP routers will accept requests from all defined entry points. If not specified, HTTP routers will accept requests from all EntryPoints in the [list of default EntryPoints](../entrypoints.md#asdefault).
If you want to limit the router scope to a set of entry points, set the `entryPoints` option. If you want to limit the router scope to a set of entry points, set the `entryPoints` option.
??? example "Listens to Every EntryPoint" ??? example "Listens to Every EntryPoint"
@@ -106,7 +106,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
http: http:
routers: routers:
Router-1: Router-1:
# By default, routers listen to every entry points # By default, routers listen to every EntryPoints.
rule: "Host(`example.com`)" rule: "Host(`example.com`)"
service: "service-1" service: "service-1"
``` ```
@@ -115,7 +115,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
## Dynamic configuration ## Dynamic configuration
[http.routers] [http.routers]
[http.routers.Router-1] [http.routers.Router-1]
# By default, routers listen to every entry points # By default, routers listen to every EntryPoints.
rule = "Host(`example.com`)" rule = "Host(`example.com`)"
service = "service-1" service = "service-1"
``` ```
@@ -214,78 +214,226 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria. Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria.
If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service. If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service.
??? tip "Backticks or Quotes?"
To set the value of a rule, use [backticks](https://en.wiktionary.org/wiki/backtick) ``` ` ``` or escaped double-quotes `\"`.
Single quotes `'` are not accepted since the values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).
!!! example "Host is example.com"
```toml
rule = "Host(`example.com`)"
```
!!! example "Host is example.com OR Host is example.org AND path is /traefik"
```toml
rule = "Host(`example.com`) || (Host(`example.org`) && Path(`/traefik`))"
```
The table below lists all the available matchers: The table below lists all the available matchers:
| Rule | Description | | Rule | Description |
|--------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------| |-----------------------------------------------------------------|:-------------------------------------------------------------------------------|
| ```Headers(`key`, `value`)``` | Check if there is a key `key`defined in the headers, with the value `value` | | [```Header(`key`, `value`)```](#header-and-headerregexp) | Matches requests containing a header named `key` set to `value`. |
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` | | [```HeaderRegexp(`key`, `regexp`)```](#header-and-headerregexp) | Matches requests containing a header named `key` matching `regexp`. |
| ```Host(`example.com`, ...)``` | Check if the request domain (host header value) targets one of the given `domains`. | | [```Host(`domain`)```](#host-and-hostregexp) | Matches requests host set to `domain`. |
| ```HostHeader(`example.com`, ...)``` | Same as `Host`, only exists for historical reasons. | | [```HostRegexp(`regexp`)```](#host-and-hostregexp) | Matches requests host matching `regexp`. |
| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Match the request domain. See "Regexp Syntax" below. | | [```Method(`method`)```](#method) | Matches requests method set to `method`. |
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`) | | [```Path(`path`)```](#path-pathprefix-and-pathregexp) | Matches requests path set to `path`. |
| ```Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)``` | Match exact request path. See "Regexp Syntax" below. | | [```PathPrefix(`prefix`)```](#path-pathprefix-and-pathregexp) | Matches requests path prefix set to `prefix`. |
| ```PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)``` | Match request prefix path. See "Regexp Syntax" below. | | [```PathRegexp(`regexp`)```](#path-pathprefix-and-pathregexp) | Matches request path using `regexp`. |
| ```Query(`foo=bar`, `bar=baz`)``` | Match Query String parameters. It accepts a sequence of key=value pairs. | | [```Query(`key`, `value`)```](#query-and-queryregexp) | Matches requests query parameters named `key` set to `value`. |
| ```ClientIP(`10.0.0.0/16`, `::1`)``` | Match if the request client IP is one of the given IP/CIDR. It accepts IPv4, IPv6 and CIDR formats. | | [```QueryRegexp(`key`, `regexp`)```](#query-and-queryregexp) | Matches requests query parameters named `key` matching `regexp`. |
| [```ClientIP(`ip`)```](#clientip) | Matches requests client IP using `ip`. It accepts IPv4, IPv6 and CIDR formats. |
!!! important "Non-ASCII Domain Names" !!! tip "Backticks or Quotes?"
Non-ASCII characters are not supported in `Host` and `HostRegexp` expressions, and by doing so the associated router will be invalid. To set the value of a rule, use [backticks](https://en.wiktionary.org/wiki/backtick) ``` ` ``` or escaped double-quotes `\"`.
For the `Host` expression, domain names containing non-ASCII characters must be provided as punycode encoded values ([rfc 3492](https://tools.ietf.org/html/rfc3492)).
As well, when using the `HostRegexp` expressions, in order to match domain names containing non-ASCII characters, the regular expression should match a punycode encoded domain name. Single quotes `'` are not accepted since the values are [Go's String Literals](https://golang.org/ref/spec#String_literals).
!!! important "Regexp Syntax" !!! important "Regexp Syntax"
`HostRegexp`, `PathPrefix`, and `Path` accept an expression with zero or more groups enclosed by curly braces, which are called named regexps. Matchers that accept a regexp as their value use a [Go](https://golang.org/pkg/regexp/) flavored syntax.
Named regexps, of the form `{name:regexp}`, are the only expressions considered for regexp matching.
The regexp name (`name` in the above example) is an arbitrary value, that exists only for historical reasons.
Any `regexp` supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used. !!! info "Expressing Complex Rules Using Operators and Parenthesis"
For example, here is a case insensitive path matcher syntax: ```Path(`/{path:(?i:Products)}`)```.
!!! info "Combining Matchers Using Operators and Parenthesis"
The usual AND (`&&`) and OR (`||`) logical operators can be used, with the expected precedence rules, The usual AND (`&&`) and OR (`||`) logical operators can be used, with the expected precedence rules,
as well as parentheses. as well as parentheses.
!!! info "Inverting a matcher" One can invert a matcher by using the NOT (`!`) operator.
One can invert a matcher by using the `!` operator. The following rule matches requests where:
!!! important "Rule, Middleware, and Services" - either host is `example.com` OR,
- host is `example.org` AND path is NOT `/traefik`
The rule is evaluated "before" any middleware has the opportunity to work, and "before" the request is forwarded to the service. ```yaml
Host(`example.com`) || (Host(`example.org`) && !Path(`/traefik`))
```
!!! info "Path Vs PathPrefix" #### Header and HeaderRegexp
Use `Path` if your service listens on the exact path only. For instance, ```Path(`/products`)``` would match `/products` but not `/products/shoes`. The `Header` and `HeaderRegexp` matchers allow to match requests that contain specific header.
Use a `*Prefix*` matcher if your service listens on a particular base path but also serves requests on sub-paths. !!! example "Examples"
For instance, ```PathPrefix(`/products`)``` would match `/products` and `/products/shoes`,
as well as `/productsforsale`, and `/productsforsale/shoes`.
Since the path is forwarded as-is, your service is expected to listen on `/products`.
!!! info "ClientIP matcher" Match requests with a `Content-Type` header set to `application/yaml`:
The `ClientIP` matcher will only match the request client IP and does not use the `X-Forwarded-For` header for matching. ```yaml
Header(`Content-Type`, `application/yaml`)
```
Match requests with a `Content-Type` header set to either `application/json` or `application/yaml`:
```yaml
HeaderRegexp(`Content-Type`, `^application/(json|yaml)$`)
```
To match headers [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity), use the `(?i)` option:
```yaml
HeaderRegexp(`Content-Type`, `(?i)^application/(json|yaml)$`)
```
#### Host and HostRegexp
The `Host` and `HostRegexp` matchers allow to match requests that are targeted to a given host.
These matchers do not support non-ASCII characters, use punycode encoded values ([rfc 3492](https://tools.ietf.org/html/rfc3492)) to match such domains.
If no Host is set in the request URL (e.g., it's an IP address), these matchers will look at the `Host` header.
These matchers will match the request's host in lowercase.
!!! example "Examples"
Match requests with `Host` set to `example.com`:
```yaml
Host(`example.com`)
```
Match requests sent to any subdomain of `example.com`:
```yaml
HostRegexp(`^.+\.example\.com$`)
```
Match requests with `Host` set to either `example.com` or `example.org`:
```yaml
HostRegexp(`^example\.(com|org)$`)
```
To match domains [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity), use the `(?i)` option:
```yaml
HostRegexp(`(?i)^example\.(com|org)$`)
```
#### Method
The `Method` matchers allows to match requests sent with the given method.
!!! example "Example"
Match `OPTIONS` requests:
```yaml
Method(`OPTIONS`)
```
#### Path, PathPrefix, and PathRegexp
These matchers allow matching requests based on their URL path.
For exact matches, use `Path` and its prefixed alternative `PathPrefix`, for regexp matches, use `PathRegexp`.
Path are always starting with a `/`, except for `PathRegexp`.
!!! example "Examples"
Match `/products` but neither `/products/shoes` nor `/products/`:
```yaml
Path(`/products`)
```
Match `/products` as well as everything under `/products`,
such as `/products/shoes`, `/products/` but also `/products-for-sale`:
```yaml
PathPrefix(`/products`)
```
Match both `/products/shoes` and `/products/socks` with and ID like `/products/shoes/57`:
```yaml
PathRegexp(`^/products/(shoes|socks)/[0-9]+$`)
```
Match requests with a path ending in either `.jpeg`, `.jpg` or `.png`:
```yaml
PathRegexp(`\.(jpeg|jpg|png)$`)
```
Match `/products` as well as everything under `/products`,
such as `/products/shoes`, `/products/` but also `/products-for-sale`,
[case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity):
```yaml
HostRegexp(`(?i)^/products`)
```
#### Query and QueryRegexp
The `Query` and `QueryRegexp` matchers allow to match requests based on query parameters.
!!! example "Examples"
Match requests with a `mobile` query parameter set to `true`, such as in `/search?mobile=true`:
```yaml
Query(`mobile`, `true`)
```
To match requests with a query parameter `mobile` that has no value, such as in `/search?mobile`, use:
```yaml
Query(`mobile`)
```
Match requests with a `mobile` query parameter set to either `true` or `yes`:
```yaml
QueryRegexp(`mobile`, `^(true|yes)$`)
```
Match requests with a `mobile` query parameter set to any value (including the empty value):
```yaml
QueryRegexp(`mobile`, `^.*$`)
```
To match query parameters [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity), use the `(?i)` option:
```yaml
QueryRegexp(`mobile`, `(?i)^(true|yes)$`)
```
#### ClientIP
The `ClientIP` matcher allows matching requests sent from the given client IP.
It only matches the request client IP and does not use the `X-Forwarded-For` header for matching.
!!! example "Examples"
Match requests coming from a given IP:
```yaml tab="IPv4"
ClientIP(`10.76.105.11`)
```
```yaml tab="IPv6"
ClientIP(`::1`)
```
Match requests coming from a given subnet:
```yaml tab="IPv4"
ClientIP(`192.168.1.0/24`)
```
```yaml tab="IPv6"
ClientIP(`fe80::/10`)
```
### Priority ### Priority
@@ -300,7 +448,7 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
http: http:
routers: routers:
Router-1: Router-1:
rule: "HostRegexp(`{subdomain:[a-z]+}.traefik.com`)" rule: "HostRegexp(`[a-z]+\.traefik\.com`)"
# ... # ...
Router-2: Router-2:
rule: "Host(`foobar.traefik.com`)" rule: "Host(`foobar.traefik.com`)"
@@ -311,7 +459,7 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
## Dynamic configuration ## Dynamic configuration
[http.routers] [http.routers]
[http.routers.Router-1] [http.routers.Router-1]
rule = "HostRegexp(`{subdomain:[a-z]+}.traefik.com`)" rule = "HostRegexp(`[a-z]+\\.traefik\\.com`)"
# ... # ...
[http.routers.Router-2] [http.routers.Router-2]
rule = "Host(`foobar.traefik.com`)" rule = "Host(`foobar.traefik.com`)"
@@ -320,10 +468,10 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
In this case, all requests with host `foobar.traefik.com` will be routed through `Router-1` instead of `Router-2`. In this case, all requests with host `foobar.traefik.com` will be routed through `Router-1` instead of `Router-2`.
| Name | Rule | Priority | | Name | Rule | Priority |
|----------|----------------------------------------------------|----------| |----------|------------------------------------------|----------|
| Router-1 | ```HostRegexp(`{subdomain:[a-z]+}.traefik.com`)``` | 44 | | Router-1 | ```HostRegexp(`[a-z]+\.traefik\.com`)``` | 44 |
| Router-2 | ```Host(`foobar.traefik.com`)``` | 26 | | Router-2 | ```Host(`foobar.traefik.com`)``` | 26 |
The previous table shows that `Router-1` has a higher priority than `Router-2`. The previous table shows that `Router-1` has a higher priority than `Router-2`.
@@ -336,7 +484,7 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
http: http:
routers: routers:
Router-1: Router-1:
rule: "HostRegexp(`{subdomain:[a-z]+}.traefik.com`)" rule: "HostRegexp(`[a-z]+\\.traefik\\.com`)"
entryPoints: entryPoints:
- "web" - "web"
service: service-1 service: service-1
@@ -353,7 +501,7 @@ A value of `0` for the priority is ignored: `priority = 0` means that the defaul
## Dynamic configuration ## Dynamic configuration
[http.routers] [http.routers]
[http.routers.Router-1] [http.routers.Router-1]
rule = "HostRegexp(`{subdomain:[a-z]+}.traefik.com`)" rule = "HostRegexp(`[a-z]+\\.traefik\\.com`)"
entryPoints = ["web"] entryPoints = ["web"]
service = "service-1" service = "service-1"
priority = 1 priority = 1
@@ -667,12 +815,12 @@ The [supported `provider` table](../../https/acme.md#providers) indicates if the
### General ### General
If both HTTP routers and TCP routers listen to the same entry points, the TCP routers will apply *before* the HTTP routers. If both HTTP routers and TCP routers listen to the same EntryPoint, the TCP routers will apply *before* the HTTP routers.
If no matching route is found for the TCP routers, then the HTTP routers will take over. If no matching route is found for the TCP routers, then the HTTP routers will take over.
### EntryPoints ### EntryPoints
If not specified, TCP routers will accept requests from all defined entry points. If not specified, TCP routers will accept requests from all EntryPoints in the [list of default EntryPoints](../entrypoints.md#asdefault)..
If you want to limit the router scope to a set of entry points, set the entry points option. If you want to limit the router scope to a set of entry points, set the entry points option.
??? info "How to handle Server First protocols?" ??? info "How to handle Server First protocols?"
@@ -685,9 +833,9 @@ If you want to limit the router scope to a set of entry points, set the entry po
a situation where both sides are waiting for data and the a situation where both sides are waiting for data and the
connection appears to have hanged. connection appears to have hanged.
The only way that Traefik can deal with such a case, is to make The only way that Traefik can deal with such a case, is to make
sure that on the concerned entry point, there is no TLS router sure that on the concerned entry point, there is no TLS router
whatsoever (neither TCP nor HTTP), and there is at least one whatsoever (neither TCP nor HTTP), and there is at least one
non-TLS TCP router that leads to the server in question. non-TLS TCP router that leads to the server in question.
??? example "Listens to Every Entry Point" ??? example "Listens to Every Entry Point"
@@ -700,7 +848,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
tcp: tcp:
routers: routers:
Router-1: Router-1:
# By default, routers listen to every entrypoints # By default, routers listen to every EntryPoints.
rule: "HostSNI(`example.com`)" rule: "HostSNI(`example.com`)"
service: "service-1" service: "service-1"
# will route TLS requests (and ignore non tls requests) # will route TLS requests (and ignore non tls requests)
@@ -712,7 +860,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
[tcp.routers] [tcp.routers]
[tcp.routers.Router-1] [tcp.routers.Router-1]
# By default, routers listen to every entrypoints # By default, routers listen to every EntryPoints.
rule = "HostSNI(`example.com`)" rule = "HostSNI(`example.com`)"
service = "service-1" service = "service-1"
# will route TLS requests (and ignore non tls requests) # will route TLS requests (and ignore non tls requests)
@@ -752,7 +900,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
--entrypoints.other.address=:9090 --entrypoints.other.address=:9090
``` ```
??? example "Listens to Specific Entry Points" ??? example "Listens to Specific EntryPoints"
**Dynamic Configuration** **Dynamic Configuration**
@@ -818,48 +966,49 @@ If you want to limit the router scope to a set of entry points, set the entry po
### Rule ### Rule
Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria. Rules are a set of matchers configured with values, that determine if a particular connection matches specific criteria.
If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service. If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service.
??? tip "Backticks or Quotes?"
To set the value of a rule, use [backticks](https://en.wiktionary.org/wiki/backtick) ``` ` ``` or escaped double-quotes `\"`.
Single quotes `'` are not accepted since the values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).
!!! example "HostSNI is example.com"
```toml
rule = "HostSNI(`example.com`)"
```
!!! example "HostSNI is example.com OR HostSNI is example.org AND ClientIP is 0.0.0.0"
```toml
rule = "HostSNI(`example.com`) || (HostSNI(`example.org`) && ClientIP(`0.0.0.0`))"
```
The table below lists all the available matchers: The table below lists all the available matchers:
| Rule | Description | | Rule | Description |
|---------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------| |-------------------------------------------------------------|:-------------------------------------------------------------------------------------------------|
| ```HostSNI(`domain-1`, ...)``` | Checks if the Server Name Indication corresponds to the given `domains`. | | [```HostSNI(`domain`)```](#hostsni-and-hostsniregexp) | Checks if the connection's Server Name Indication is equal to `domain`. |
| ```HostSNIRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Checks if the Server Name Indication matches the given regular expressions. See "Regexp Syntax" below. | | [```HostSNIRegexp(`regexp`)```](#hostsni-and-hostsniregexp) | Checks if the connection's Server Name Indication matches `regexp`. |
| ```ClientIP(`10.0.0.0/16`, `::1`)``` | Checks if the connection client IP is one of the given IP/CIDR. It accepts IPv4, IPv6 and CIDR formats. | | [```ClientIP(`ip`)```](#clientip_1) | Checks if the connection's client IP correspond to `ip`. It accepts IPv4, IPv6 and CIDR formats. |
| ```ALPN(`mqtt`, `h2c`)``` | Checks if any of the connection ALPN protocols is one of the given protocols. | | [```ALPN(`protocol`)```](#alpn) | Checks if the connection's ALPN protocol equals `protocol`. |
!!! important "Non-ASCII Domain Names" !!! tip "Backticks or Quotes?"
Non-ASCII characters are not supported in the `HostSNI` and `HostSNIRegexp` expressions, and so using them would invalidate the associated TCP router. To set the value of a rule, use [backticks](https://en.wiktionary.org/wiki/backtick) ``` ` ``` or escaped double-quotes `\"`.
Domain names containing non-ASCII characters must be provided as punycode encoded values ([rfc 3492](https://tools.ietf.org/html/rfc3492)).
Single quotes `'` are not accepted since the values are [Go's String Literals](https://golang.org/ref/spec#String_literals).
!!! important "Regexp Syntax" !!! important "Regexp Syntax"
`HostSNIRegexp` accepts an expression with zero or more groups enclosed by curly braces, which are called named regexps. Matchers that accept a regexp as their value use a [Go](https://golang.org/pkg/regexp/) flavored syntax.
Named regexps, of the form `{name:regexp}`, are the only expressions considered for regexp matching.
The regexp name (`name` in the above example) is an arbitrary value, that exists only for historical reasons.
Any `regexp` supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used. !!! info "Expressing Complex Rules Using Operators and Parenthesis"
The usual AND (`&&`) and OR (`||`) logical operators can be used, with the expected precedence rules,
as well as parentheses.
One can invert a matcher by using the NOT (`!`) operator.
The following rule matches connections where:
- either Server Name Indication is `example.com` OR,
- Server Name Indication is `example.org` AND ALPN protocol is NOT `h2`
```yaml
HostSNI(`example.com`) || (HostSNI(`example.org`) && !ALPN(`h2`))
```
#### HostSNI and HostSNIRegexp
`HostSNI` and `HostSNIRegexp` matchers allow to match connections targeted to a given domain.
These matchers do not support non-ASCII characters, use punycode encoded values ([rfc 3492](https://tools.ietf.org/html/rfc3492)) to match such domains.
!!! important "HostSNI & TLS" !!! important "HostSNI & TLS"
@@ -869,29 +1018,76 @@ The table below lists all the available matchers:
when one wants a non-TLS router that matches all (non-TLS) requests, when one wants a non-TLS router that matches all (non-TLS) requests,
one should use the specific ```HostSNI(`*`)``` syntax. one should use the specific ```HostSNI(`*`)``` syntax.
!!! info "Combining Matchers Using Operators and Parenthesis" !!! example "Examples"
The usual AND (`&&`) and OR (`||`) logical operators can be used, with the expected precedence rules, Match all connections:
as well as parentheses.
!!! info "Inverting a matcher" ```yaml tab="HostSNI"
HostSNI(`*`)
```
One can invert a matcher by using the `!` operator. ```yaml tab="HostSNIRegexp"
HostSNIRegexp(`^.*$`)
```
!!! important "Rule, Middleware, and Services" Match TCP connections sent to `example.com`:
The rule is evaluated "before" any middleware has the opportunity to work, and "before" the request is forwarded to the service. ```yaml
HostSNI(`example.com`)
```
!!! important "ALPN ACME-TLS/1" Match TCP connections openned on any subdomain of `example.com`:
It would be a security issue to let a user-defined router catch the response to ```yaml
an ACME TLS challenge previously initiated by Traefik. HostSNIRegexp(`^.+\.example\.com$`)
For this reason, the `ALPN` matcher is not allowed to match the `ACME-TLS/1` ```
protocol, and Traefik returns an error if this is attempted.
#### ClientIP
The `ClientIP` matcher allows matching connections opened by a client with the given IP.
!!! example "Examples"
Match connections opened by a given IP:
```yaml tab="IPv4"
ClientIP(`10.76.105.11`)
```
```yaml tab="IPv6"
ClientIP(`::1`)
```
Match connections coming from a given subnet:
```yaml tab="IPv4"
ClientIP(`192.168.1.0/24`)
```
```yaml tab="IPv6"
ClientIP(`fe80::/10`)
```
#### ALPN
The `ALPN` matcher allows matching connections the given protocol.
It would be a security issue to let a user-defined router catch the response to
an ACME TLS challenge previously initiated by Traefik.
For this reason, the `ALPN` matcher is not allowed to match the `ACME-TLS/1`
protocol, and Traefik returns an error if this is attempted.
!!! example "Example"
Match connections using the ALPN protocol `h2`:
```yaml
ALPN(`h2`)
```
### Priority ### Priority
To avoid path overlap, routes are sorted, by default, in descending order using rules length. To avoid path overlap, routes are sorted, by default, in descending order using rules length.
The priority is directly equal to the length of the rule, and so the longest length has the highest priority. The priority is directly equal to the length of the rule, and so the longest length has the highest priority.
A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used. A value of `0` for the priority is ignored: `priority = 0` means that the default rules length sorting is used.
@@ -987,7 +1183,7 @@ The middlewares will take effect only if the rule matches, and before connecting
[tcp.routers.my-router] [tcp.routers.my-router]
rule = "HostSNI(`*`)" rule = "HostSNI(`*`)"
# declared elsewhere # declared elsewhere
middlewares = ["ipwhitelist"] middlewares = ["ipallowlist"]
service = "service-foo" service = "service-foo"
``` ```
@@ -999,7 +1195,7 @@ The middlewares will take effect only if the rule matches, and before connecting
rule: "HostSNI(`*`)" rule: "HostSNI(`*`)"
# declared elsewhere # declared elsewhere
middlewares: middlewares:
- ipwhitelist - ipallowlist
service: service-foo service: service-foo
``` ```
@@ -1042,6 +1238,30 @@ By default, a router with a TLS section will terminate the TLS connections, mean
[tcp.routers.Router-1.tls] [tcp.routers.Router-1.tls]
``` ```
??? info "Postgres STARTTLS"
Traefik supports the Postgres STARTTLS protocol,
which allows TLS routing for Postgres connections.
To do so, Traefik reads the first bytes sent by a Postgres client,
identifies if they correspond to the message of a STARTTLS negotiation,
and, if so, acknowledges and signals the client that it can start the TLS handshake.
Please note/remember that there are subtleties inherent to STARTTLS in whether
the connection ends up being a TLS one or not. These subtleties depend on the
`sslmode` value in the client configuration (and on the server authentication
rules). Therefore, it is recommended to use the `require` value for the
`sslmode`.
Afterwards, the TLS handshake, and routing based on TLS, can proceed as expected.
!!! warning "Postgres STARTTLS with TCP TLS PassThrough routers"
As mentioned above, the `sslmode` configuration parameter does have an impact on
whether a STARTTLS session will succeed. In particular in the context of TCP TLS
PassThrough, some of the values (such as `allow`) do not even make sense. Which
is why, once more it is recommended to use the `require` value.
#### `passthrough` #### `passthrough`
As seen above, a TLS router will terminate the TLS connection by default. As seen above, a TLS router will terminate the TLS connection by default.
@@ -1197,14 +1417,14 @@ So UDP "routers" at this time are pretty much only load-balancers in one form or
It basically means that some state is kept about an ongoing communication between a client and a backend, It basically means that some state is kept about an ongoing communication between a client and a backend,
notably so that the proxy knows where to forward a response packet from a backend. notably so that the proxy knows where to forward a response packet from a backend.
As expected, a `timeout` is associated to each of these sessions, As expected, a `timeout` is associated to each of these sessions,
so that they get cleaned out if they go through a period of inactivity longer than a given duration. so that they get cleaned out if they go through a period of inactivity longer than a given duration.
Timeout can be configured using the `entryPoints.name.udp.timeout` option as described Timeout can be configured using the `entryPoints.name.udp.timeout` option as described
under [entry points](../entrypoints/#udp-options). under [EntryPoints](../entrypoints/#udp-options).
### EntryPoints ### EntryPoints
If not specified, UDP routers will accept packets from all defined (UDP) entry points. If not specified, UDP routers will accept packets from all defined (UDP) EntryPoints.
If one wants to limit the router scope to a set of entry points, one should set the entry points option. If one wants to limit the router scope to a set of EntryPoints, one should set the `entryPoints` option.
??? example "Listens to Every Entry Point" ??? example "Listens to Every Entry Point"
@@ -1268,7 +1488,7 @@ If one wants to limit the router scope to a set of entry points, one should set
--entrypoints.streaming.address=":9191/udp" --entrypoints.streaming.address=":9191/udp"
``` ```
??? example "Listens to Specific Entry Points" ??? example "Listens to Specific EntryPoints"
**Dynamic Configuration** **Dynamic Configuration**

81
docs/content/routing/services/index.md
View File

@@ -316,7 +316,8 @@ On subsequent requests, to keep the session alive with the same server, the clie
#### Health Check #### Health Check
Configure health check to remove unhealthy servers from the load balancing rotation. Configure health check to remove unhealthy servers from the load balancing rotation.
Traefik will consider your servers healthy as long as they return status codes between `2XX` and `3XX` to the health check requests (carried out every `interval`). Traefik will consider HTTP(s) servers healthy as long as they return a status code to the health check request (carried out every `interval`) between `2XX` and `3XX`, or matching the configured status.
For gRPC servers, Traefik will consider them healthy as long as they return `SERVING` to [gRPC health check v1](https://github.com/grpc/grpc/blob/master/doc/health-checking.md) requests.
To propagate status changes (e.g. all servers of this service are down) upwards, HealthCheck must also be enabled on the parent(s) of this service. To propagate status changes (e.g. all servers of this service are down) upwards, HealthCheck must also be enabled on the parent(s) of this service.
@@ -324,6 +325,7 @@ Below are the available options for the health check mechanism:
- `path` (required), defines the server URL path for the health check endpoint . - `path` (required), defines the server URL path for the health check endpoint .
- `scheme` (optional), replaces the server URL `scheme` for the health check endpoint. - `scheme` (optional), replaces the server URL `scheme` for the health check endpoint.
- `mode` (default: http), if defined to `grpc`, will use the gRPC health check protocol to probe the server.
- `hostname` (optional), sets the value of `hostname` in the `Host` header of the health check request. - `hostname` (optional), sets the value of `hostname` in the `Host` header of the health check request.
- `port` (optional), replaces the server URL `port` for the health check endpoint. - `port` (optional), replaces the server URL `port` for the health check endpoint.
- `interval` (default: 30s), defines the frequency of the health check calls. - `interval` (default: 30s), defines the frequency of the health check calls.
@@ -331,6 +333,7 @@ Below are the available options for the health check mechanism:
- `headers` (optional), defines custom headers to be sent to the health check endpoint. - `headers` (optional), defines custom headers to be sent to the health check endpoint.
- `followRedirects` (default: true), defines whether redirects should be followed during the health check calls. - `followRedirects` (default: true), defines whether redirects should be followed during the health check calls.
- `method` (default: GET), defines the HTTP method that will be used while connecting to the endpoint. - `method` (default: GET), defines the HTTP method that will be used while connecting to the endpoint.
- `status` (optional), defines the expected HTTP status code of the response to the health check request.
!!! info "Interval & Timeout Format" !!! info "Interval & Timeout Format"
@@ -774,6 +777,82 @@ spec:
peerCertURI: foobar peerCertURI: foobar
``` ```
#### `spiffe`
Please note that [SPIFFE](../../https/spiffe.md) must be enabled in the static configuration
before using it to secure the connection between Traefik and the backends.
##### `spiffe.ids`
_Optional_
`ids` defines the allowed SPIFFE IDs.
This takes precedence over the SPIFFE TrustDomain.
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
spiffe:
ids:
- spiffe://trust-domain/id1
- spiffe://trust-domain/id2
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport.spiffe]
ids = ["spiffe://trust-domain/id1", "spiffe://trust-domain/id2"]
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
spiffe:
ids:
- spiffe://trust-domain/id1
- spiffe://trust-domain/id2
```
##### `spiffe.trustDomain`
_Optional_
`trustDomain` defines the allowed SPIFFE trust domain.
```yaml tab="File (YAML)"
## Dynamic configuration
http:
serversTransports:
mytransport:
spiffe:
trustDomain: spiffe://trust-domain
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.serversTransports.mytransport.spiffe]
trustDomain = "spiffe://trust-domain"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: default
spec:
spiffe:
trustDomain: "spiffe://trust-domain"
```
#### `forwardingTimeouts` #### `forwardingTimeouts`
`forwardingTimeouts` are the timeouts applied when forwarding requests to the servers. `forwardingTimeouts` are the timeouts applied when forwarding requests to the servers.

2
docs/content/user-guides/crd-acme/03-deployments.yml
View File

@@ -26,7 +26,7 @@ spec:
serviceAccountName: traefik-ingress-controller serviceAccountName: traefik-ingress-controller
containers: containers:
- name: traefik - name: traefik
image: traefik:v2.9 image: traefik:v3.0
args: args:
- --api.insecure - --api.insecure
- --accesslog - --accesslog

2
docs/content/user-guides/crd-acme/k3s.yml
View File

@@ -26,5 +26,5 @@ node:
- K3S_CLUSTER_SECRET=somethingtotallyrandom - K3S_CLUSTER_SECRET=somethingtotallyrandom
volumes: volumes:
# this is where you would place a alternative traefik image (saved as a .tar file with # this is where you would place a alternative traefik image (saved as a .tar file with
# 'docker save'), if you want to use it, instead of the traefik:v2.9 image. # 'docker save'), if you want to use it, instead of the traefik:v3.0 image.
- /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images - /somewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.9" image: "traefik:v3.0"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
View File

@@ -13,7 +13,7 @@ secrets:
services: services:
traefik: traefik:
image: "traefik:v2.9" image: "traefik:v3.0"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.9" image: "traefik:v3.0"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.9" image: "traefik:v3.0"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
View File

@@ -3,7 +3,7 @@ version: "3.3"
services: services:
traefik: traefik:
image: "traefik:v2.9" image: "traefik:v3.0"
container_name: "traefik" container_name: "traefik"
command: command:
#- "--log.level=DEBUG" #- "--log.level=DEBUG"

2
docs/content/user-guides/docker-compose/basic-example/index.md
View File

@@ -32,7 +32,7 @@ This will also be used as a starting point for the other docker-compose guides.
services: services:
traefik: traefik:
image: "traefik:v2.9" image: "traefik:v3.0"
... ...
networks: networks:
- traefiknet - traefiknet

12
docs/mkdocs.yml
View File

@@ -27,7 +27,7 @@ theme:
prev: 'Previous' prev: 'Previous'
next: 'Next' next: 'Next'
copyright: 'Traefik Labs • Copyright &copy; 2016-2023' copyright: "Copyright &copy; 2016-2020 Containous; 2020-2022 Traefik Labs"
extra_javascript: extra_javascript:
- assets/js/hljs/highlight.pack.js # Download from https://highlightjs.org/download/ and enable YAML, TOML and Dockerfile - assets/js/hljs/highlight.pack.js # Download from https://highlightjs.org/download/ and enable YAML, TOML and Dockerfile
@@ -109,6 +109,8 @@ nav:
- 'Overview': 'https/overview.md' - 'Overview': 'https/overview.md'
- 'TLS': 'https/tls.md' - 'TLS': 'https/tls.md'
- 'Let''s Encrypt': 'https/acme.md' - 'Let''s Encrypt': 'https/acme.md'
- 'Tailscale': 'https/tailscale.md'
- 'SPIFFE': 'https/spiffe.md'
- 'Middlewares': - 'Middlewares':
- 'Overview': 'middlewares/overview.md' - 'Overview': 'middlewares/overview.md'
- 'HTTP': - 'HTTP':
@@ -123,8 +125,9 @@ nav:
- 'DigestAuth': 'middlewares/http/digestauth.md' - 'DigestAuth': 'middlewares/http/digestauth.md'
- 'Errors': 'middlewares/http/errorpages.md' - 'Errors': 'middlewares/http/errorpages.md'
- 'ForwardAuth': 'middlewares/http/forwardauth.md' - 'ForwardAuth': 'middlewares/http/forwardauth.md'
- 'GrpcWeb': 'middlewares/http/grpcweb.md'
- 'Headers': 'middlewares/http/headers.md' - 'Headers': 'middlewares/http/headers.md'
- 'IpWhitelist': 'middlewares/http/ipwhitelist.md' - 'IpAllowList': 'middlewares/http/ipallowlist.md'
- 'InFlightReq': 'middlewares/http/inflightreq.md' - 'InFlightReq': 'middlewares/http/inflightreq.md'
- 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md' - 'PassTLSClientCert': 'middlewares/http/passtlsclientcert.md'
- 'RateLimit': 'middlewares/http/ratelimit.md' - 'RateLimit': 'middlewares/http/ratelimit.md'
@@ -138,7 +141,7 @@ nav:
- 'TCP': - 'TCP':
- 'Overview': 'middlewares/tcp/overview.md' - 'Overview': 'middlewares/tcp/overview.md'
- 'InFlightConn': 'middlewares/tcp/inflightconn.md' - 'InFlightConn': 'middlewares/tcp/inflightconn.md'
- 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md' - 'IpAllowList': 'middlewares/tcp/ipallowlist.md'
- 'Traefik Hub': 'traefik-hub/index.md' - 'Traefik Hub': 'traefik-hub/index.md'
- 'Plugins & Plugin Catalog': 'plugins/index.md' - 'Plugins & Plugin Catalog': 'plugins/index.md'
- 'Operations': - 'Operations':
@@ -154,6 +157,7 @@ nav:
- 'Datadog': 'observability/metrics/datadog.md' - 'Datadog': 'observability/metrics/datadog.md'
- 'InfluxDB': 'observability/metrics/influxdb.md' - 'InfluxDB': 'observability/metrics/influxdb.md'
- 'InfluxDB2': 'observability/metrics/influxdb2.md' - 'InfluxDB2': 'observability/metrics/influxdb2.md'
- 'OpenTelemetry': 'observability/metrics/opentelemetry.md'
- 'Prometheus': 'observability/metrics/prometheus.md' - 'Prometheus': 'observability/metrics/prometheus.md'
- 'StatsD': 'observability/metrics/statsd.md' - 'StatsD': 'observability/metrics/statsd.md'
- 'Tracing': - 'Tracing':
@@ -164,6 +168,7 @@ nav:
- 'Instana': 'observability/tracing/instana.md' - 'Instana': 'observability/tracing/instana.md'
- 'Haystack': 'observability/tracing/haystack.md' - 'Haystack': 'observability/tracing/haystack.md'
- 'Elastic': 'observability/tracing/elastic.md' - 'Elastic': 'observability/tracing/elastic.md'
- 'OpenTelemetry': 'observability/tracing/opentelemetry.md'
- 'User Guides': - 'User Guides':
- 'Kubernetes and Let''s Encrypt': 'user-guides/crd-acme/index.md' - 'Kubernetes and Let''s Encrypt': 'user-guides/crd-acme/index.md'
- 'gRPC Examples': 'user-guides/grpc.md' - 'gRPC Examples': 'user-guides/grpc.md'
@@ -175,6 +180,7 @@ nav:
- 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md' - 'HTTP Challenge': 'user-guides/docker-compose/acme-http/index.md'
- 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md' - 'DNS Challenge': 'user-guides/docker-compose/acme-dns/index.md'
- 'Migration': - 'Migration':
- 'Traefik v2 to v3': 'migration/v2-to-v3.md'
- 'Traefik v2 minor migrations': 'migration/v2.md' - 'Traefik v2 minor migrations': 'migration/v2.md'
- 'Traefik v1 to v2': 'migration/v1-to-v2.md' - 'Traefik v1 to v2': 'migration/v1-to-v2.md'
- 'Contributing': - 'Contributing':

2
docs/requirements.txt
View File

@@ -32,7 +32,7 @@ Pygments==2.11.2
pymdown-extensions==7.0 pymdown-extensions==7.0
pyparsing==2.4.7 pyparsing==2.4.7
python-dateutil==2.8.2 python-dateutil==2.8.2
PyYAML==6.0.1 PyYAML==6.0
pyyaml-env-tag==0.1 pyyaml-env-tag==0.1
requests==2.25.1 requests==2.25.1
retrying==1.3.3 retrying==1.3.3

2
docs/scripts/verify.sh
View File

@@ -22,7 +22,7 @@ find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \
--alt_ignore="/traefikproxy-vertical-logo-color.svg/" \ --alt_ignore="/traefikproxy-vertical-logo-color.svg/" \
--http_status_ignore="0,500,501,503" \ --http_status_ignore="0,500,501,503" \
--file_ignore="/404.html/" \ --file_ignore="/404.html/" \
--url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/,/njal.la/,/www.wedos.com/,/www.reg.ru/,/www.godaddy.com/,/internetbs.net/" \ --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/,/njal.la/,/www.wedos.com/" \
'{}' 1>/dev/null '{}' 1>/dev/null
## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration ## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration

Some files were not shown because too many files have changed in this diff Show More