shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-11-09 04:23:50 +03:00
Code Releases Activity

Compare commits

base: shaba:v3.5.1
Branches Tags
shaba:master shaba:v3.6 shaba:v3.5 shaba:v2.11 shaba:v2.5 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.6.0 shaba:v3.5.6 shaba:v3.5.5 shaba:v3.6.0-rc1 shaba:v3.5.4 shaba:v2.11.30 shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0
...
compare: shaba:v3.5.5
Branches Tags
shaba:v3.6 shaba:v3.5 shaba:v2.11 shaba:master shaba:v2.5 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4
shaba:v3.6.0 shaba:v3.5.6 shaba:v3.5.5 shaba:v3.6.0-rc1 shaba:v3.5.4 shaba:v2.11.30 shaba:v3.5.3 shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0

82 Commits
v3.5.1 ... v3.5.5

Author SHA1 Message Date
romain
9a8cf6e5bd prepare-release-v3.5.5 2025-11-07 14:06:00 +01:00
kevinpollet
12887f992a Merge branch v2.11 into v3.5 2025-11-07 11:59:54 +01:00
Kevin Pollet
effca0a603 Update letsencrypt/pebble to use ghcr image 2025-11-07 11:58:04 +01:00
Romain
4e3022628d Filter unknown nodes with file and env for the deprecation loader 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2025-11-04 17:00:06 +01:00
Ludovic Fernandez
e1e350f5aa Bump github.com/go-acme/lego/v4 to v4.28.0 2025-11-04 11:32:05 +01:00
Sheddy
1d8cd5a89b Add missing ACME options and clean up table for more visibility 2025-11-03 09:14:04 +01:00
Antoine Aflalo
c4c3968109 Fix default encodings in compress middleware 2025-10-31 09:24:04 +01:00
Sheddy
2e2fe7a817 Update Configuration Overview Page 2025-10-30 14:22:04 +01:00
Romain
06f401d472 Prepare release v3.5.4 2025-10-28 11:44:04 +01:00
kevinpollet
3b9eaed9c9 Merge branch v2.11 into v3.5 2025-10-28 09:54:03 +01:00
Romain
998868450f Prepare release v2.11.30 2025-10-28 09:44:04 +01:00
Daniel Peinhopf
8914057766 Add missing reference docs for statusRewrites in errors middleware 2025-10-27 10:52:04 +01:00
Asaf Mesika
e1b6668a84 Clarify health check requirement for server status metric 2025-10-27 10:34:04 +01:00
Michel Loiseleur
e67fbcc5c2 Add API basePath documentation and fix broken links 2025-10-27 10:20:05 +01:00
Germain Lefebvre
ea3e08ec3b Fix metric name to metrics.otlp.grpc.insecure 2025-10-27 09:34:04 +01:00
Romain
f3ecfa82bc Mitigate TestShutdown flakyness 2025-10-23 14:30:05 +02:00
Ludovic Fernandez
5e2b393ceb Fix Hetzner env var name inside documentation 2025-10-23 11:36:04 +02:00
Romain
0880cc672f Mitigate TestShutdownUDPConn flakyness 2025-10-23 11:28:04 +02:00
iraj jelodari
822f349fa1 Fix typo in TLS certificate generation description 2025-10-23 09:16:04 +02:00
homersimpsons
6c4dfaa56e Fix anchors in basic auth configuration options 2025-10-20 16:38:04 +02:00
Ludovic Fernandez
ecf08b91a3 Bump github.com/go-acme/lego/v4 to v4.27.0 2025-10-20 16:22:06 +02:00
Evgenii Domashenkin
b4847d74bc Do not fail when pod is not found in K8sAttributesDetector 2025-10-20 15:24:05 +02:00
Landry Benguigui
6e0012cb0a fix: enable stdio logging when otlp is enabled 2025-10-17 16:06:06 +02:00
Landry Benguigui
862116c050 Remove flaky TestReadLoopMaxDataSize 2025-10-17 15:16:10 +02:00
Nicolas Mengin
3a7d331967 Merge TLSOption/TLSStore CRD documentation page 2025-10-17 14:54:04 +02:00
Kevin Pollet
9dfcded534 Bump github.com/kvtools/etcdv3 to v1.0.3 2025-10-16 17:48:04 +02:00
Kevin Pollet
ffd82c92cb Fix KV key name used to check if connection is alive 2025-10-16 16:50:05 +02:00
romain
f7e59510b4 Merge branch v2.11 into v3.5 2025-10-14 17:15:54 +02:00
Romain
835899f4bc Replace internal dead links 2025-10-14 16:26:05 +02:00
Kevin Pollet
34d7091f31 Bump github.com/quic-go/quic-go to v0.55.0 2025-10-14 15:48:05 +02:00
Xuetao Li
0ea8cbdfbf Clarify log.filePath behavior in documentation 2025-10-14 10:18:05 +02:00
Michel Loiseleur
c18ba96f87 Align documentation on default otlp endpoint 2025-10-14 09:26:44 +02:00
Romain
cc1cb77abb Clean and avoid collisions of anchors in option tables 2025-10-13 11:34:04 +02:00
Kevin Pollet
b04759a80b Bump golang.org/x/net to v0.46.0 2025-10-10 17:22:04 +02:00
MaBu
b2f9996fa4 Fix markdown rendering for table anchors 2025-10-10 14:16:04 +02:00
Romain
fe730d3ad9 Make the staple updates continuous 2025-10-10 12:10:05 +02:00
shreealt
c948417866 Rename traefik_tls_certs_not_after_milliseconds to traefik_tls_certs_not_after_seconds 2025-10-10 11:10:05 +02:00
GreyXor
b61df559d2 Bump github.com/quic-go/quic-go to v0.55.0 2025-10-10 10:40:45 +02:00
Kevin Pollet
2a3b696d85 Fix provider option descriptions 2025-10-07 14:38:05 +01:00
Romain
5688b1777d Fix wrong references to router's pages 2025-10-06 15:42:08 +01:00
Kevin Pollet
c61fb89d3f Use k8s.ResourceEventHandler for Gateway API provider 2025-10-06 07:58:04 +01:00
Michael
c5ed376d5f fix: otel not working without USER 2025-10-03 13:48:04 +01:00
Martin Saldinger
ad566ee9ef Fix PreserveRequestMethod casing 2025-10-03 13:10:04 +01:00
Simon A. Eugster
83b28270a4 Fix heading levels and add links 2025-10-03 09:52:04 +01:00
Hannah Kim
8441c476f1 Bump gopkg.in/DataDog/dd-trace-go.v1 to v1.74.6 2025-10-03 09:44:04 +01:00
Ludovic Fernandez
5f415615eb Bump github.com/go-acme/lego/v4 to v4.26.0 2025-10-03 09:42:04 +01:00
Romain
5dfb832921 Update OpenTelemetry to v1.38.0 and semantic conventions to v1.37.0 2025-10-03 09:04:04 +01:00
Romain
5878238077 Add dedicated pages for routers and fix doc links in CRDs 2025-10-02 16:32:04 +01:00
shreealt
614ba391fa Fix incorrect addInternals configuration option 2025-10-02 15:54:05 +01:00
Stefan Ortgies
92d06b733c Fix swam code example 2025-10-02 15:34:04 +01:00
Ryan Bruntz
98121cb081 Fix link for accesslog.fields.names in documentation 2025-10-02 09:00:04 +01:00
Miro Michalicka
52fa989d00 Fix typo in ingressroute.md from pirority to priority 2025-10-02 08:08:04 +01:00
Massimiliano D.
6aaae0e6f7 Fix version display regression 2025-09-30 14:42:04 +01:00
Paweł Czochański
b0a6c40c33 Document rejectStatusCode 2025-09-30 10:28:04 +01:00
Sheddy
7c30752d21 chore: fix incorrect option and lint page 2025-09-29 14:16:08 +01:00
Asger Hautop Drewsen
284d665aa0 docs: Format more HTTP headers as code 2025-09-29 13:50:04 +01:00
Romain
5ab001b55b Prepare release v3.5.3 2025-09-26 09:46:03 +01:00
Darkangeel_hd
7e3dbc22f7 Fix typo in rules and priority documentation 2025-09-23 08:22:06 +01:00
Sheddy
53df34e070 docs: add govern section 2025-09-22 13:38:05 +01:00
Evgenii Domashenkin
e4f0f7be35 ServersTransport: set minimum MaxIdleConnsPerHost=-1 2025-09-22 10:54:04 +01:00
Massimiliano D.
2580d0f95c Update hub-button-app to use a local script 
Co-authored-by: Firespray-31 <147506444+Firespray-31@users.noreply.github.com>
 2025-09-22 09:00:44 +01:00
Romain
5df4c270a7 Use client conn to build the proxy protocol header 
Co-authored-by: Simon Delicata <simon.delicata@free.fr>
 2025-09-19 10:36:05 +02:00
Nicolas Mengin
660acf3b42 Create Traefik Service CRD sub-resource documentation page. 2025-09-17 14:56:06 +02:00
Harold Ozouf
fed86bd816 Refactor plugins system 2025-09-16 16:16:07 +02:00
Matteo Bongiovanni
ffd01fc88a Fix conflict in IngressRouteTCP documentation 2025-09-16 10:50:05 +02:00
Nicolas Mengin
27a820950a Reorganize the menu entries 2025-09-12 10:02:05 +02:00
Mark Ormesher
f9f825163a fix config examples in entrypoints.md 2025-09-12 09:44:04 +02:00
Michel Loiseleur
cff924f4fd Fix broken links in documentation 2025-09-11 14:48:04 +02:00
Sheddy
01bc0a0a0a Add New Secure Section to the Documentation 2025-09-11 09:44:04 +02:00
Nicolas Mengin
c294b87a45 Add an anchor on the options names. 2025-09-09 17:26:05 +02:00
Romain
0b240ca97a Prepare release v3.5.2 2025-09-09 12:12:04 +02:00
Dorian Allen
ff848c74f9 Fix customerrors query url replacement 2025-09-09 09:54:04 +02:00
Simon Delicata
e2282b1379 Add GenericCLF log format for access logs 2025-09-08 11:24:05 +02:00
Sheddy
a051f20876 Add redis options to ratelimit middleware & Include distributed rate limit middleware 2025-09-05 11:16:04 +02:00
Sheddy
e96034f494 Fix broken links in KV store documentation 2025-09-04 11:16:04 +02:00
Bilal Budhani
f685b3f258 Fixes typo for Swarm mode in CLI example 2025-09-04 09:22:04 +02:00
Michel Loiseleur
7ab17d228f Fixes typo for OCSP in CLI example 2025-09-03 10:28:04 +02:00
Baptiste Mayelle
5f28c56437 Restore empty webui/static to use traefik as library 2025-09-01 16:30:09 +02:00
Nicolas Mengin
2023ffe2d3 Fix migration path in documentation 2025-09-01 11:10:05 +02:00
Chris Gatt
cc7f409d46 Fix path for access-logs header config 2025-09-01 10:50:04 +02:00
Vincent Bernat
19ed2346cb Fix link to HTTP3 section in documentation 2025-09-01 09:25:04 +02:00
Romain
f9fbcfbb42 Send proxy protocol header before TLS handshake 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2025-08-29 12:30:04 +02:00
347 changed files with 8360 additions and 7019 deletions
Expand all files Collapse all files

5
.github/workflows/test-conformance.yaml vendored
View File

@@ -30,11 +30,6 @@ jobs:
with:
go-version: ${{ env.GO_VERSION }}
- name: Avoid generating webui
run: |
mkdir webui/static
touch webui/static/index.html
- name: K8s Gateway API conformance test and report
run: |
make test-gateway-api-conformance

10
.github/workflows/test-integration.yaml vendored
View File

@@ -30,11 +30,6 @@ jobs:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Avoid generating webui
run: |
mkdir webui/static
touch webui/static/index.html
- name: Build binary
run: make binary-linux-amd64
@@ -74,11 +69,6 @@ jobs:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Avoid generating webui
run: |
mkdir webui/static
touch webui/static/index.html
- name: Download traefik binary
uses: actions/download-artifact@v4
with:

5
.github/workflows/test-unit.yaml vendored
View File

@@ -56,11 +56,6 @@ jobs:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Avoid generating webui
run: |
mkdir webui/static
touch webui/static/index.html
- name: Tests
run: |
go test -v -parallel 8 ${{ matrix.package.group }}

10
.github/workflows/validate.yaml vendored
View File

@@ -27,11 +27,6 @@ jobs:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Avoid generating webui
run: |
mkdir webui/static
touch webui/static/index.html
- name: golangci-lint
uses: golangci/golangci-lint-action@v7
with:
@@ -55,11 +50,6 @@ jobs:
- name: Install misspell ${{ env.MISSPELL_VERSION }}
run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/HEAD/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSPELL_VERSION}
- name: Avoid generating webui
run: |
mkdir webui/static
touch webui/static/index.html
- name: Validate
run: make validate-files

2
.golangci.yml
View File

@@ -263,7 +263,7 @@ linters:
- path: pkg/provider/kubernetes/(crd|gateway)/client.go
linters:
- interfacebloat
- path: pkg/metrics/metrics.go
- path: pkg/observability/metrics/metrics.go
linters:
- interfacebloat
- path: integration/healthcheck_test.go

105
CHANGELOG.md
View File

@@ -1,3 +1,108 @@
## [v3.5.5](https://github.com/traefik/traefik/tree/v3.5.5) (2025-11-07)
[All Commits](https://github.com/traefik/traefik/compare/v3.5.4...v3.5.5)
**Bug fixes:**
- **[acme]** Bump github.com/go-acme/lego/v4 to v4.28.0 ([#12218](https://github.com/traefik/traefik/pull/12218) by [ldez](https://github.com/ldez))
- **[server]** Filter unknown nodes with file and env for the deprecation loader ([#12227](https://github.com/traefik/traefik/pull/12227) by [rtribotte](https://github.com/rtribotte))
**Documentation:**
- **[acme]** Add missing ACME options and clean up table for more visibility ([#12208](https://github.com/traefik/traefik/pull/12208) by [sheddy-traefik](https://github.com/sheddy-traefik))
- **[middleware]** Fix default encodings in compress middleware ([#12216](https://github.com/traefik/traefik/pull/12216) by [Belphemur](https://github.com/Belphemur))
- Update Configuration Overview Page ([#12202](https://github.com/traefik/traefik/pull/12202) by [sheddy-traefik](https://github.com/sheddy-traefik))
## [v3.5.4](https://github.com/traefik/traefik/tree/v3.5.4) (2025-10-28)
[All Commits](https://github.com/traefik/traefik/compare/v3.5.3...v3.5.4)
**Bug fixes:**
- **[acme]** Bump github.com/go-acme/lego/v4 to v4.27.0 ([#12166](https://github.com/traefik/traefik/pull/12166) by [ldez](https://github.com/ldez))
- **[acme]** Bump github.com/go-acme/lego/v4 to v4.26.0 ([#12063](https://github.com/traefik/traefik/pull/12063) by [ldez](https://github.com/ldez))
- **[http3]** Bump github.com/quic-go/quic-go to v0.55.0 ([#12121](https://github.com/traefik/traefik/pull/12121) by [GreyXor](https://github.com/GreyXor))
- **[kv]** Bump github.com/kvtools/etcdv3 to v1.0.3 ([#12163](https://github.com/traefik/traefik/pull/12163) by [kevinpollet](https://github.com/kevinpollet))
- **[logs,metrics,tracing,accesslogs,otel]** Fix otel not working without USER ([#12103](https://github.com/traefik/traefik/pull/12103) by [mmatur](https://github.com/mmatur))
- **[logs,otel]** Enable stdout logging when OTLP is enabled ([#12124](https://github.com/traefik/traefik/pull/12124) by [lbenguigui](https://github.com/lbenguigui))
- **[metrics,otel]** Rename traefik_tls_certs_not_after_milliseconds to traefik_tls_certs_not_after_seconds ([#12141](https://github.com/traefik/traefik/pull/12141) by [shreealt](https://github.com/shreealt))
- **[otel]** Update OpenTelemetry to v1.38.0 and semantic conventions to v1.37.0 ([#12099](https://github.com/traefik/traefik/pull/12099) by [rtribotte](https://github.com/rtribotte))
- **[otel]** Do not fail when pod is not found in K8sAttributesDetector ([#12096](https://github.com/traefik/traefik/pull/12096) by [xe-leon](https://github.com/xe-leon))
- **[tls]** Make the staple updates continuous ([#12142](https://github.com/traefik/traefik/pull/12142) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Fix version display regression ([#12111](https://github.com/traefik/traefik/pull/12111) by [mdeliatf](https://github.com/mdeliatf))
**Documentation:**
- **[accesslogs]** Fix link for accesslog.fields.names in documentation ([#12094](https://github.com/traefik/traefik/pull/12094) by [rmbruntz](https://github.com/rmbruntz))
- **[acme]** Fix Hetzner env var name inside documentation ([#12187](https://github.com/traefik/traefik/pull/12187) by [ldez](https://github.com/ldez))
- **[acme]** Replace internal dead links ([#12152](https://github.com/traefik/traefik/pull/12152) by [rtribotte](https://github.com/rtribotte))
- **[acme]** Clean and avoid collisions of anchors in option tables ([#12149](https://github.com/traefik/traefik/pull/12149) by [rtribotte](https://github.com/rtribotte))
- **[docker/swarm]** Fix swarm code example ([#12115](https://github.com/traefik/traefik/pull/12115) by [Dr4K4n](https://github.com/Dr4K4n))
- **[healthcheck]** Clarify health check requirement for server status metric ([#12201](https://github.com/traefik/traefik/pull/12201) by [asafm](https://github.com/asafm))
- **[k8s/crd]** Fix typo in ingressroute.md from pirority to priority ([#12112](https://github.com/traefik/traefik/pull/12112) by [miromichalicka](https://github.com/miromichalicka))
- **[k8s]** Fix incorrect option and lint page ([#12108](https://github.com/traefik/traefik/pull/12108) by [sheddy-traefik](https://github.com/sheddy-traefik))
- **[k8s]** Add API basePath documentation and fix broken links ([#12177](https://github.com/traefik/traefik/pull/12177) by [mloiseleur](https://github.com/mloiseleur))
- **[k8s]** Merge TLSOption/TLSStore CRD documentation page ([#12164](https://github.com/traefik/traefik/pull/12164) by [nmengin](https://github.com/nmengin))
- **[logs]** Clarify log.filePath behavior in documentation ([#12153](https://github.com/traefik/traefik/pull/12153) by [Alanxtl](https://github.com/Alanxtl))
- **[metrics]** Fix incorrect addInternals configuration option ([#12118](https://github.com/traefik/traefik/pull/12118) by [shreealt](https://github.com/shreealt))
- **[middleware]** Fix anchors in basic auth configuration options ([#12168](https://github.com/traefik/traefik/pull/12168) by [homersimpsons](https://github.com/homersimpsons))
- **[middleware]** Fix PreserveRequestMethod casing ([#12122](https://github.com/traefik/traefik/pull/12122) by [LeTamanoir](https://github.com/LeTamanoir))
- **[middleware]** Add missing reference docs for statusRewrites in errors middleware ([#12198](https://github.com/traefik/traefik/pull/12198) by [sevensolutions](https://github.com/sevensolutions))
- **[middleware]** Document rejectStatusCode ([#12062](https://github.com/traefik/traefik/pull/12062) by [czocher](https://github.com/czocher))
- **[otel]** Align documentation on default otlp endpoint ([#12151](https://github.com/traefik/traefik/pull/12151) by [mloiseleur](https://github.com/mloiseleur))
- **[otel]** Fix metric name to metrics.otlp.grpc.insecure ([#12200](https://github.com/traefik/traefik/pull/12200) by [germainlefebvre4](https://github.com/germainlefebvre4))
- **[server,k8s/crd,k8s]** Add dedicated pages for routers and fix doc links in CRDs ([#12119](https://github.com/traefik/traefik/pull/12119) by [rtribotte](https://github.com/rtribotte))
- **[tls]** Fix typo in TLS certificate generation description ([#12185](https://github.com/traefik/traefik/pull/12185) by [iraj-jelo](https://github.com/iraj-jelo))
- Fix wrong references to router&#39;s pages ([#12131](https://github.com/traefik/traefik/pull/12131) by [rtribotte](https://github.com/rtribotte))
- Fix markdown rendering for table anchors ([#12129](https://github.com/traefik/traefik/pull/12129) by [MaBauMeBad](https://github.com/MaBauMeBad))
- Fix provider option descriptions ([#12135](https://github.com/traefik/traefik/pull/12135) by [kevinpollet](https://github.com/kevinpollet))
- Format HTTP headers as code ([#12105](https://github.com/traefik/traefik/pull/12105) by [tyilo](https://github.com/tyilo))
- Fix heading levels and add links ([#12084](https://github.com/traefik/traefik/pull/12084) by [Granjow](https://github.com/Granjow))
**Misc:**
- Merge branch v2.11 into v3.5 ([#12206](https://github.com/traefik/traefik/pull/12206) by [kevinpollet](https://github.com/kevinpollet))
- Merge branch v2.11 into v3.5 ([#12158](https://github.com/traefik/traefik/pull/12158) by [rtribotte](https://github.com/rtribotte))
## [v2.11.30](https://github.com/traefik/traefik/tree/v2.11.30) (2025-10-28)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.29...v2.11.30)
**Bug fixes:**
- **[http3]** Bump github.com/quic-go/quic-go to v0.55.0 ([#12156](https://github.com/traefik/traefik/pull/12156) by [kevinpollet](https://github.com/kevinpollet))
- **[kv]** Fix KV key name used to check if connection is alive ([#12162](https://github.com/traefik/traefik/pull/12162) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Bump golang.org/x/net to v0.46.0 ([#12143](https://github.com/traefik/traefik/pull/12143) by [kevinpollet](https://github.com/kevinpollet))
- **[tracing]** Bump gopkg.in/DataDog/dd-trace-go.v1 to v1.74.6 ([#12083](https://github.com/traefik/traefik/pull/12083) by [hannahkm](https://github.com/hannahkm))
## [v3.5.3](https://github.com/traefik/traefik/tree/v3.5.3) (2025-09-26)
[All Commits](https://github.com/traefik/traefik/compare/v3.5.2...v3.5.3)
**Bug fixes:**
- **[k8s/crd]** ServersTransport: set minimum MaxIdleConnsPerHost=-1 ([#12077](https://github.com/traefik/traefik/pull/12077) by [xe-leon](https://github.com/xe-leon))
- **[plugins]** Refactor plugins system ([#12035](https://github.com/traefik/traefik/pull/12035) by [jspdown](https://github.com/jspdown))
- **[server]** Use client conn to build the proxy protocol header ([#12069](https://github.com/traefik/traefik/pull/12069) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Update hub-button-app to use a local script ([#12060](https://github.com/traefik/traefik/pull/12060) by [mdeliatf](https://github.com/mdeliatf))
**Documentation:**
- **[acme,middleware]** Fix broken links in documentation ([#12057](https://github.com/traefik/traefik/pull/12057) by [mloiseleur](https://github.com/mloiseleur))
- **[k8s]** Create Traefik Service CRD sub-resource documentation page ([#12080](https://github.com/traefik/traefik/pull/12080) by [nmengin](https://github.com/nmengin))
- **[k8s]** Fix conflict in IngressRouteTCP documentation ([#12064](https://github.com/traefik/traefik/pull/12064) by [MatBon01](https://github.com/MatBon01))
- Fix typo in rules and priority documentation ([#12089](https://github.com/traefik/traefik/pull/12089) by [Darkangeel-hd](https://github.com/Darkangeel-hd))
- Add govern section ([#12067](https://github.com/traefik/traefik/pull/12067) by [sheddy-traefik](https://github.com/sheddy-traefik))
- Fix entrypoint config examples ([#12056](https://github.com/traefik/traefik/pull/12056) by [markormesher](https://github.com/markormesher))
- Reorganize the menu entries ([#12044](https://github.com/traefik/traefik/pull/12044) by [nmengin](https://github.com/nmengin))
- Add New Secure Section to the Documentation ([#11978](https://github.com/traefik/traefik/pull/11978) by [sheddy-traefik](https://github.com/sheddy-traefik))
## [v3.5.2](https://github.com/traefik/traefik/tree/v3.5.2) (2025-09-09)
[All Commits](https://github.com/traefik/traefik/compare/v3.5.1...v3.5.2)
**Bug fixes:**
- **[middleware,accesslogs]** Add GenericCLF log format for access logs ([#12033](https://github.com/traefik/traefik/pull/12033) by [sdelicata](https://github.com/sdelicata))
- **[middleware]** Fix customerrors query url replacement ([#11876](https://github.com/traefik/traefik/pull/11876) by [DorianBlues](https://github.com/DorianBlues))
- **[tls,service]** Send proxy protocol header before TLS handshake ([#11956](https://github.com/traefik/traefik/pull/11956) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Restore empty webui/static to use traefik as library ([#12025](https://github.com/traefik/traefik/pull/12025) by [youkoulayley](https://github.com/youkoulayley))
**Documentation:**
- **[accesslogs]** Fix path for access-logs header config ([#12030](https://github.com/traefik/traefik/pull/12030) by [cgatt](https://github.com/cgatt))
- **[acme]** Fixes typo for OCSP in CLI example ([#12039](https://github.com/traefik/traefik/pull/12039) by [mloiseleur](https://github.com/mloiseleur))
- **[docker/swarm]** Fixes typo for Swarm mode in CLI example ([#12038](https://github.com/traefik/traefik/pull/12038) by [BilalBudhani](https://github.com/BilalBudhani))
- **[kv]** Fix broken links in KV store documentation ([#12040](https://github.com/traefik/traefik/pull/12040) by [sheddy-traefik](https://github.com/sheddy-traefik))
- **[middleware]** Add redis options to ratelimit middleware &amp; Include distributed rate limit middleware ([#12041](https://github.com/traefik/traefik/pull/12041) by [sheddy-traefik](https://github.com/sheddy-traefik))
- **[server]** Fix link to HTTP3 section in documentation ([#12028](https://github.com/traefik/traefik/pull/12028) by [vincentbernat](https://github.com/vincentbernat))
- Fix migration path in documentation ([#12032](https://github.com/traefik/traefik/pull/12032) by [nmengin](https://github.com/nmengin))
## [v3.5.1](https://github.com/traefik/traefik/tree/v3.5.1) (2025-08-27)
[All Commits](https://github.com/traefik/traefik/compare/v3.5.0...v3.5.1)

5
Makefile
View File

@@ -35,12 +35,15 @@ build-webui-image:
.PHONY: clean-webui
#? clean-webui: Clean WebUI static generated assets
clean-webui:
rm -rf webui/static
rm -r webui/static
mkdir -p webui/static
printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
webui/static/index.html:
$(MAKE) build-webui-image
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn build:prod
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
.PHONY: generate-webui
#? generate-webui: Generate WebUI

6
cmd/traefik/logger.go
View File

@@ -14,7 +14,7 @@ import (
"github.com/rs/zerolog/log"
"github.com/sirupsen/logrus"
"github.com/traefik/traefik/v3/pkg/config/static"
"github.com/traefik/traefik/v3/pkg/logs"
"github.com/traefik/traefik/v3/pkg/observability/logs"
"gopkg.in/natefinch/lumberjack.v2"
)
@@ -68,10 +68,6 @@ func setupLogger(ctx context.Context, staticConfiguration *static.Configuration)
}
func getLogWriter(staticConfiguration *static.Configuration) io.Writer {
if staticConfiguration.Log != nil && staticConfiguration.Log.OTLP != nil {
return io.Discard
}
var w io.Writer = os.Stdout
if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
_, _ = os.OpenFile(staticConfiguration.Log.FilePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0o666)

41
cmd/traefik/plugins.go
View File

@@ -2,43 +2,62 @@ package main
import (
"fmt"
"net/http"
"path/filepath"
"time"
"github.com/hashicorp/go-retryablehttp"
"github.com/rs/zerolog/log"
"github.com/traefik/traefik/v3/pkg/config/static"
"github.com/traefik/traefik/v3/pkg/observability/logs"
"github.com/traefik/traefik/v3/pkg/plugins"
)
const outputDir = "./plugins-storage/"
func createPluginBuilder(staticConfiguration *static.Configuration) (*plugins.Builder, error) {
client, plgs, localPlgs, err := initPlugins(staticConfiguration)
manager, plgs, localPlgs, err := initPlugins(staticConfiguration)
if err != nil {
return nil, err
}
return plugins.NewBuilder(client, plgs, localPlgs)
return plugins.NewBuilder(manager, plgs, localPlgs)
}
func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]plugins.Descriptor, map[string]plugins.LocalDescriptor, error) {
func initPlugins(staticCfg *static.Configuration) (*plugins.Manager, map[string]plugins.Descriptor, map[string]plugins.LocalDescriptor, error) {
err := checkUniquePluginNames(staticCfg.Experimental)
if err != nil {
return nil, nil, nil, err
}
var client *plugins.Client
var manager *plugins.Manager
plgs := map[string]plugins.Descriptor{}
if hasPlugins(staticCfg) {
opts := plugins.ClientOptions{
httpClient := retryablehttp.NewClient()
httpClient.Logger = logs.NewRetryableHTTPLogger(log.Logger)
httpClient.HTTPClient = &http.Client{Timeout: 10 * time.Second}
httpClient.RetryMax = 3
// Create separate downloader for HTTP operations
archivesPath := filepath.Join(outputDir, "archives")
downloader, err := plugins.NewRegistryDownloader(plugins.RegistryDownloaderOptions{
HTTPClient: httpClient.HTTPClient,
ArchivesPath: archivesPath,
})
if err != nil {
return nil, nil, nil, fmt.Errorf("unable to create plugin downloader: %w", err)
}
opts := plugins.ManagerOptions{
Output: outputDir,
}
var err error
client, err = plugins.NewClient(opts)
manager, err = plugins.NewManager(downloader, opts)
if err != nil {
return nil, nil, nil, fmt.Errorf("unable to create plugins client: %w", err)
return nil, nil, nil, fmt.Errorf("unable to create plugins manager: %w", err)
}
err = plugins.SetupRemotePlugins(client, staticCfg.Experimental.Plugins)
err = plugins.SetupRemotePlugins(manager, staticCfg.Experimental.Plugins)
if err != nil {
return nil, nil, nil, fmt.Errorf("unable to set up plugins environment: %w", err)
}
@@ -57,7 +76,7 @@ func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]p
localPlgs = staticCfg.Experimental.LocalPlugins
}
return client, plgs, localPlgs, nil
return manager, plgs, localPlgs, nil
}
func checkUniquePluginNames(e *static.Experimental) error {

12
cmd/traefik/traefik.go
View File

@@ -30,9 +30,11 @@ import (
"github.com/traefik/traefik/v3/pkg/config/dynamic"
"github.com/traefik/traefik/v3/pkg/config/runtime"
"github.com/traefik/traefik/v3/pkg/config/static"
"github.com/traefik/traefik/v3/pkg/logs"
"github.com/traefik/traefik/v3/pkg/metrics"
"github.com/traefik/traefik/v3/pkg/middlewares/accesslog"
"github.com/traefik/traefik/v3/pkg/observability/logs"
"github.com/traefik/traefik/v3/pkg/observability/metrics"
"github.com/traefik/traefik/v3/pkg/observability/tracing"
otypes "github.com/traefik/traefik/v3/pkg/observability/types"
"github.com/traefik/traefik/v3/pkg/provider/acme"
"github.com/traefik/traefik/v3/pkg/provider/aggregator"
"github.com/traefik/traefik/v3/pkg/provider/tailscale"
@@ -46,8 +48,6 @@ import (
"github.com/traefik/traefik/v3/pkg/server/service"
"github.com/traefik/traefik/v3/pkg/tcp"
traefiktls "github.com/traefik/traefik/v3/pkg/tls"
"github.com/traefik/traefik/v3/pkg/tracing"
"github.com/traefik/traefik/v3/pkg/types"
"github.com/traefik/traefik/v3/pkg/version"
)
@@ -505,7 +505,7 @@ func initTailscaleProviders(cfg *static.Configuration, providerAggregator *aggre
return providers
}
func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
func registerMetricClients(metricsConfig *otypes.Metrics) []metrics.Registry {
if metricsConfig == nil {
return nil
}
@@ -586,7 +586,7 @@ func appendCertMetric(gauge gokitmetrics.Gauge, certificate *x509.Certificate) {
gauge.With(labels...).Set(notAfter)
}
func setupAccessLog(ctx context.Context, conf *types.AccessLog) *accesslog.Handler {
func setupAccessLog(ctx context.Context, conf *otypes.AccessLog) *accesslog.Handler {
if conf == nil {
return nil
}

BIN
docs/content/assets/img/secure/oidc-auth-flow.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 170 KiB

2
docs/content/contributing/documentation.md
View File

@@ -15,7 +15,7 @@ Let's see how.
### General
This [documentation](../../ "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to the website of MkDocs").
This [documentation](../index.md "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to the website of MkDocs").
### Method 1: `Docker` and `make`

4
docs/content/expose/docker.md
View File

@@ -90,7 +90,7 @@ This confirms that Traefik is successfully routing requests to your whoami appli
## Add Routing Rules
Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/router/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.
Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/routing/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.
Update your `docker-compose.yml` to add another service:
@@ -457,7 +457,7 @@ These fundamental capabilities provide a solid foundation for exposing any appli
Now that you understand the basics of exposing services with Traefik Proxy, you might want to explore:
- [Advanced routing options](../reference/routing-configuration/http/router/rules-and-priority.md) like query parameter matching, header-based routing, and more
- [Advanced routing options](../reference/routing-configuration/http/routing/rules-and-priority.md) like query parameter matching, header-based routing, and more
- [Additional middlewares](../reference/routing-configuration/http/middlewares/overview.md) for authentication, rate limiting, and request modifications
- [Observability features](../reference/install-configuration/observability/metrics.md) for monitoring and debugging your Traefik deployment
- [TCP services](../reference/routing-configuration/tcp/service.md) for exposing TCP services

2
docs/content/expose/kubernetes.md
View File

@@ -1005,7 +1005,7 @@ These fundamental capabilities provide a solid foundation for exposing any appli
Now that you understand the basics of exposing services with Traefik Proxy, you might want to explore:
- [Advanced routing options](../reference/routing-configuration/http/router/rules-and-priority.md) like query parameter matching, header-based routing, and more
- [Advanced routing options](../reference/routing-configuration/http/routing/rules-and-priority.md) like query parameter matching, header-based routing, and more
- [Additional middlewares](../reference/routing-configuration/http/middlewares/overview.md) for authentication, rate limiting, and request modifications
- [Observability features](../reference/install-configuration/observability/metrics.md) for monitoring and debugging your Traefik deployment
- [TCP services](../reference/routing-configuration/tcp/service.md) for exposing TCP services

4
docs/content/expose/swarm.md
View File

@@ -68,7 +68,7 @@ This confirms that Traefik is successfully routing requests to your whoami appli
## Add Routing Rules
Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/router/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.
Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/routing/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.
Update your `docker-compose.yml` to add another service:
@@ -393,7 +393,7 @@ These fundamental capabilities provide a solid foundation for exposing any appli
Now that you understand the basics of exposing services with Traefik Proxy, you might want to explore:
- [Advanced routing options](../reference/routing-configuration/http/router/rules-and-priority.md) like query parameter matching, header-based routing, and more
- [Advanced routing options](../reference/routing-configuration/http/routing/rules-and-priority.md) like query parameter matching, header-based routing, and more
- [Additional middlewares](../reference/routing-configuration/http/middlewares/overview.md) for authentication, rate limiting, and request modifications
- [Observability features](../reference/install-configuration/observability/metrics.md) for monitoring and debugging your Traefik deployment
- [TCP services](../reference/routing-configuration/tcp/service.md) for exposing TCP services

26
docs/content/getting-started/configuration-overview.md
View File

@@ -1,6 +1,6 @@
---
title: "Traefik Configuration Documentation"
description: "Get started with Traefik Proxy. This page will introduce you to the dynamic routing and startup configurations. Read the technical documentation."
description: "Get started with Traefik Proxy. This page will introduce you to the routing and install configurations. Read the technical documentation."
---
# Configuration Introduction
@@ -8,39 +8,37 @@ description: "Get started with Traefik Proxy. This page will introduce you to th
How the Magic Happens
{: .subtitle }
![Configuration](../assets/img/static-dynamic-configuration.png)
Configuration in Traefik can refer to two different things:
- The fully dynamic routing configuration (referred to as the _routing configuration_, formerly known as the _dynamic configuration_)
- The startup configuration (referred to as the _install configuration_, formerly known as the _static configuration_)
- The install (startup) configuration (formerly known as the _static configuration_)
- The routing configuration (formerly known as the _dynamic configuration_)
Elements in the install configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
Elements in the _install configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
The _dynamic configuration_ contains everything that defines how the requests are handled by your system.
The _routing configuration_ contains everything that defines how the requests are handled by your system.
This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
!!! warning "Incompatible Configuration"
Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now.
If you are running v2, please ensure you are using a v2 configuration.
## The Dynamic Configuration
## The Routing Configuration
Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file.
Traefik gets its _routing configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file.
Since this configuration is specific to your infrastructure choices, we invite you to refer to the [dedicated section of this documentation](../routing/overview.md).
!!! info ""
In the [Quick Start example](../getting-started/quick-start.md), the routing configuration comes from docker in the form of labels attached to your containers.
In the [Quick Start example](../getting-started/docker.md), the whoami application routing configuration comes from docker in the form of a label attached to the whoami container.
!!! info "HTTPS Certificates also belong to the routing configuration."
You can add / update / remove them without restarting your Traefik instance.
## The Static Configuration
## The Install Configuration
There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define static configuration options in Traefik:
There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define install configuration options in Traefik:
1. In a configuration file
1. In the command-line arguments
@@ -56,7 +54,7 @@ Once positioned, this option sets (and resets) all the default values of the sub
### Configuration File
At startup, Traefik searches for static configuration in a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:
At startup, Traefik searches for install configuration in a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:
- `/etc/traefik/`
- `$XDG_CONFIG_HOME/`
@@ -86,7 +84,7 @@ Check the [CLI reference](../reference/install-configuration/configuration-optio
### Environment Variables
All available environment variables can be found in the [static configuration environment overview](../reference/install-configuration/configuration-options.md).
All available environment variables can be found in the [install configuration environment overview](../reference/install-configuration/configuration-options.md).
## Available Configuration Options

18
docs/content/getting-started/faq.md
View File

@@ -12,10 +12,10 @@ and while the documentation often demonstrates configuration options through fil
the core feature of Traefik is its dynamic configurability,
directly reacting to changes from providers over time.
Notably, a part of the configuration is [static](../configuration-overview/#the-static-configuration),
Notably, a part of the configuration is [static](./configuration-overview.md#the-static-configuration),
and can be provided by a file on startup, whereas various providers,
such as the file provider,
contribute dynamically all along the traefik instance lifetime to its [dynamic configuration](../configuration-overview/#the-dynamic-configuration) changes.
contribute dynamically all along the traefik instance lifetime to its [dynamic configuration](./configuration-overview.md#the-dynamic-configuration) changes.
In addition, the configuration englobes concepts such as the EntryPoint which can be seen as a listener on the Transport Layer (TCP),
as apposed to the Router which is more about the Presentation (TLS) and Application layers (HTTP).
@@ -147,13 +147,13 @@ for example, by using the `touch` command on the configuration file.
By default, the following headers are automatically added when proxying requests:
| Property | HTTP Header |
|---------------------------|----------------------------|
| Client's IP | X-Forwarded-For, X-Real-Ip |
| Host | X-Forwarded-Host |
| Port | X-Forwarded-Port |
| Protocol | X-Forwarded-Proto |
| Proxy Server's Hostname | X-Forwarded-Server |
| Property | HTTP Header |
|---------------------------|--------------------------------|
| Client's IP | `X-Forwarded-For`, `X-Real-Ip` |
| Host | `X-Forwarded-Host` |
| Port | `X-Forwarded-Port` |
| Protocol | `X-Forwarded-Proto` |
| Proxy Server's Hostname | `X-Forwarded-Server` |
For more details,
please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.

59
docs/content/govern/index.md Normal file
View File

@@ -0,0 +1,59 @@
---
title: "Govern Your APIs with Traefik Hub"
description: "Learn how Traefik Hub provides comprehensive API Gateway and API Management capabilities to govern, secure, and manage your APIs at scale."
---
# Govern Your APIs with Traefik Hub
Traefik Hub transforms your API infrastructure by providing enterprise-grade API Gateway and comprehensive API Management capabilities. Built on the foundation of Traefik Proxy, Hub enables organizations to govern, secure, and manage APIs at scale across cloud-native environments.
## API Gateway and API Management Capabilities
Traefik Hub offers two complementary approaches to API governance:
- [Traefik Hub API Gateway](https://traefik.io/solutions/api-gateway/): Enterprise-grade security, distributed features, and advanced access control for cloud-native API gateway scenarios. It includes AI Gateway capabilities for modern machine learning workloads.
- [Traefik Hub API Management](https://traefik.io/solutions/api-management/): Comprehensive API lifecycle management, developer portals, and organizational features for teams managing multiple APIs across environments.
## API Management Features
Traefik Hub API Management provides a complete suite of features designed to streamline API governance and accelerate developer productivity:
### Comprehensive API Lifecycle Management
- **Centralized API Catalog**: Comprehensive API inventory providing real-time visibility and control
- **Advanced Versioning**: Utilize the most flexible API versioning and Kubernetes-native labels to logically organize APIs, track their evolution over time, and avoid breaking changes for client applications
- **Quality Control**: Perform error checks and change impact analysis with Traefik Hub's static analyzer to ensure compliance and prevent misconfiguration by catching errors early
- **Resource Management**: Centralize rate limits, quotas, and policy enforcement across groups of APIs through Plans & Bundles, ensuring consistent and efficient resource management
- **Subscription Management**: Create managed and self-serve subscriptions for enhanced ease-of-use, security, and auditability
- **Standards Compliance**: Import, validate, and manage APIs using industry-standard OpenAPI specifications
### Developer Experience & Self-Service
- **Customizable Portals**: Easily create one or more dedicated API Portals for developers to discover, understand, and interact with your APIs
- **Interactive API Testing**: Allow developers to test APIs directly within the portal for immediate feedback
- **Branded Experience**: Customize the API portal to house API documentation, clear integration instructions, and personalized content to foster adoption and streamline development
- **Credential Management**: Generate API access credentials, such as API keys, directly from the portal for simplified access and secure integration
- **Auto-generated Documentation**: Automatically generated, interactive API documentation from OpenAPI specifications in the portal
### Enterprise-Grade Security
- **Access Control**: Implement fine-grained permissions through detailed API policies and JWT inspection to secure access to API resources
- **Identity Integration**: Leverage existing identity and access management (IAM) solutions, such as Keycloak, Okta, Auth0, etc. through industry-standard authentication protocols, including native OIDC support
- **Data Protection**: Advanced TLS management, supporting Let's Encrypt (ACME) and SPIFFE for robust data protection
- **Threat Prevention**: Native Web Application Firewall (WAF) powered by OWASP Coraza to defend against known vulnerabilities
### Observability
- **Open Standards Monitoring**: Gain deep insights into API health and performance with OpenTelemetry integration to provide metrics and tracing capabilities without vendor lock-in
- **Third-party Integrations**: Turnkey integration with Treblle directly on the Traefik Hub Dashboard for real-time, out-of-the-box observability without maintaining a complex monitoring infrastructure
- **Pre-built Grafana Dashboards**: Ready-to-use monitoring dashboards with key API metrics and performance indicators
## Getting Started with API Governance
Transform your API infrastructure with Traefik Hub's governance capabilities:
1. **Start with API Gateway**: Implement enterprise security, authentication, distributed features, and AI Gateway capabilities
2. **Scale with API Management**: Add comprehensive lifecycle management, developer portals, and governance features
Ready to govern your APIs at scale? Explore [Traefik Hub API Management](https://traefik.io/solutions/api-management/) and discover how it can transform your API strategy.

10
docs/content/https/acme.md
View File

@@ -314,7 +314,7 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
!!! warning "`CNAME` support"
`CNAME` are supported (and sometimes even [encouraged](https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname)),
but there are a few cases where they can be [problematic](../../getting-started/faq/#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).
but there are a few cases where they can be [problematic](../getting-started/faq.md#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).
If needed, `CNAME` support can be disabled with the following environment variable:
@@ -356,6 +356,8 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED) | `azure` | DEPRECATED use `azuredns` instead. | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [AzureDNS](https://azure.microsoft.com/services/dns/) | `azuredns` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`, `AZURE_SUBSCRIPTION_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_ENVIRONMENT]`, `[AZURE_PRIVATE_ZONE]`, `[AZURE_ZONE_NAME]` | [Additional configuration](https://go-acme.github.io/lego/dns/azuredns) |
| [Baidu Cloud](https://cloud.baidu.com) | `baiducloud` | `BAIDUCLOUD_ACCESS_KEY_ID`, `BAIDUCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/baiducloud) |
| [Beget](https://beget.com/) | `beget` | `BEGET_USERNAME`, `BEGET_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/beget) |
| [Binary Lane](https://www.binarylane.com.au/) | `binarylane` | `BINARYLANE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/binarylane) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [BookMyName](https://www.bookmyname.com) | `bookmyname` | `BOOKMYNAME_USERNAME`, `BOOKMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/bookmyname) |
@@ -403,8 +405,9 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [GoDaddy](https://www.godaddy.com) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Google Domains](https://domains.google) (DEPRECATED) | `googledomains` | DEPRECATED | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hostinger](https://www.hostinger.com/) | `hostinger` | `HOSTINGER_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/hostinger) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [http.net](https://www.http.net/) | `httpnet` | `HTTPNET_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet) |
| [Huawei Cloud](https://huaweicloud.com) | `huaweicloud` | `HUAWEICLOUD_ACCESS_KEY_ID`, `HUAWEICLOUD_SECRET_ACCESS_KEY`, `HUAWEICLOUD_REGION` | [Additional configuration](https://go-acme.github.io/lego/dns/huaweicloud) |
@@ -421,6 +424,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [IPv64](https://ipv64.net) | `ipv64` | `IPV64_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ipv64) |
| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [KeyHelp](https://www.keyweb.de/en/keyhelp/keyhelp/) | `keyhelp` | `KEYHELP_API_KEY`, `KEYHELP_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/keyhelp) |
| [Liara](https://liara.ir) | `liara` | `LIARA_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/liara) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Lima-City](https://www.lima-city.de) | `limacity` | `LIMACITY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/limacity) |
@@ -448,6 +452,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [Nodion](https://www.nodion.com) | `nodion` | `NODION_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/nodion) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Octenium](https://octenium.com/) | `octenium` | `OCTENIUM_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/octenium) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
@@ -477,6 +482,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Technitium](https://technitium.com) | `technitium` | `TECHNITIUM_SERVER_BASE_URL`, `TECHNITIUM_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/technitium) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [Tencent EdgeOne](https://edgeone.ai/) | `edgeone` | `EDGEONE_SECRET_ID`, `EDGEONE_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/edgeone) |
| [Timeweb Cloud](https://timeweb.cloud) | `timewebcloud` | `TIMEWEBCLOUD_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/timewebcloud) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |

4
docs/content/https/tls.md
View File

@@ -234,7 +234,7 @@ The TLS options allow one to configure some parameters of the TLS connection.
!!! important "TLSOption in Kubernetes"
When using the [TLSOption resource](../../routing/providers/kubernetes-crd/#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
When using the [TLSOption resource](../routing/providers/kubernetes-crd.md#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
if not explicitly overwritten, should apply to all ingresses.
To achieve that, you'll have to create a TLSOption resource with the name `default`.
There may exist only one TLSOption with the name `default` (across all namespaces) - otherwise they will be dropped.
@@ -503,7 +503,7 @@ Traefik supports mutual authentication, through the `clientAuth` section.
For authentication policies that require verification of the client certificate, the certificate authority for the certificates should be set in `clientAuth.caFiles`.
In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../../routing/providers/kubernetes-crd/#kind-tlsoption) for more details.
In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../routing/providers/kubernetes-crd.md#kind-tlsoption) for more details.
The `clientAuth.clientAuthType` option governs the behaviour as follows:

2
docs/content/index.md
View File

@@ -33,7 +33,7 @@ Traefik supports different needs depending on your background. We keep three use
Traefiks main concepts help you understand how requests flow to your services:
- [Entrypoints](./reference/install-configuration/entrypoints.md) are the network entry points into Traefik. They define the port that will receive the packets and whether to listen for TCP or UDP.
- [Routers](./reference/routing-configuration/http/router/rules-and-priority.md) are in charge of connecting incoming requests to the services that can handle them. In the process, routers may use pieces of [middleware](./reference/routing-configuration/http/middlewares/overview.md) to update the request or act before forwarding the request to the service.
- [Routers](./reference/routing-configuration/http/routing/rules-and-priority.md) are in charge of connecting incoming requests to the services that can handle them. In the process, routers may use pieces of [middleware](./reference/routing-configuration/http/middlewares/overview.md) to update the request or act before forwarding the request to the service.
- [Services](./reference/routing-configuration/http/load-balancing/service.md) are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
- [Providers](./reference/install-configuration/providers/overview.md) are infrastructure components, whether orchestrators, container engines, cloud providers, or key-value stores. The idea is that Traefik queries the provider APIs in order to find relevant information about routing, and when Traefik detects a change, it dynamically updates the routes.

10
docs/content/middlewares/http/forwardauth.md
View File

@@ -58,11 +58,11 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header |
|-------------------|------------------------|
| HTTP Method | X-Forwarded-Method |
| Protocol | X-Forwarded-Proto |
| Host | X-Forwarded-Host |
| Request URI | X-Forwarded-Uri |
| Source IP-Address | X-Forwarded-For |
| HTTP Method | `X-Forwarded-Method` |
| Protocol | `X-Forwarded-Proto` |
| Host | `X-Forwarded-Host` |
| Request URI | `X-Forwarded-Uri` |
| Source IP-Address | `X-Forwarded-For` |
## Configuration Options

4
docs/content/middlewares/http/inflightreq.md
View File

@@ -113,7 +113,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Example of Depth & X-Forwarded-For"
!!! example "Example of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@@ -167,7 +167,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|

46
docs/content/middlewares/http/ipallowlist.md
View File

@@ -78,7 +78,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Examples of Depth & X-Forwarded-For"
!!! example "Examples of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
@@ -144,7 +144,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
@@ -264,3 +264,45 @@ http:
[http.middlewares.test-ipallowlist.ipallowlist.sourceCriterion.ipStrategy]
ipv6Subnet = 64
```
### `rejectStatusCode`
The `rejectStatusCode` option sets HTTP status code for refused requests. If not set, the default is 403 (Forbidden).
```yaml tab="Docker & Swarm"
# Reject requests with a 404 rather than a 403
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
```
```yaml tab="Kubernetes"
# Reject requests with a 404 rather than a 403
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ipallowlist
spec:
ipAllowList:
rejectStatusCode: 404
```
```yaml tab="Consul Catalog"
# Reject requests with a 404 rather than a 403
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
```
```yaml tab="File (YAML)"
# Reject requests with a 404 rather than a 403
http:
middlewares:
test-ipallowlist:
ipAllowList:
rejectStatusCode: 404
```
```toml tab="File (TOML)"
# Reject requests with a 404 rather than a 403
[http.middlewares]
[http.middlewares.test-ipallowlist.ipAllowList]
rejectStatusCode = 404
```

4
docs/content/middlewares/http/ipwhitelist.md
View File

@@ -82,7 +82,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Examples of Depth & X-Forwarded-For"
!!! example "Examples of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`).
@@ -148,7 +148,7 @@ http:
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
!!! example "Example of ExcludedIPs & `X-Forwarded-For`"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|

8
docs/content/middlewares/http/ratelimit.md
View File

@@ -225,7 +225,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.
See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.
!!! example "Example of Depth & X-Forwarded-For"
!!! example "Example of Depth & `X-Forwarded-For`"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
@@ -288,7 +288,7 @@ http:
!!! example "Each IP as a distinct source"
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@@ -298,7 +298,7 @@ http:
!!! example "Group IPs together as same source"
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
@@ -310,7 +310,7 @@ and the first IP that is _not_ in the pool (if any) is returned.
!!! example "Matching for clientIP"
| X-Forwarded-For | excludedIPs | clientIP |
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"11.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |

2
docs/content/middlewares/http/redirectscheme.md
View File

@@ -19,7 +19,7 @@ The RedirectScheme middleware redirects the request if the request scheme is dif
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../routing/entrypoints.md#forwarded-headers) one.
Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
Otherwise, Traefik would clean up the `X-Forwarded` headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.

1135
docs/content/migrate/v1-to-v2.md
View File

File diff suppressed because it is too large Load Diff

4
docs/content/migrate/v2-to-v3-details.md
View File

@@ -135,7 +135,7 @@ It is now unsupported and would prevent Traefik to start.
##### Remediation
The `http3` option should be removed from the static configuration experimental section.
To configure `http3`, please checkout the [entrypoint configuration documentation](../routing/entrypoints.md#http3_1).
To configure `http3`, please checkout the [entrypoint configuration documentation](../reference/install-configuration/entrypoints.md#http3).
### Consul provider
@@ -730,7 +730,7 @@ In v3, we renamed the `IPWhiteList` middleware to `IPAllowList` without changing
### TCP LoadBalancer `terminationDelay` option
The TCP LoadBalancer `terminationDelay` option has been removed.
The TCP LoadBalancer `terminationDelay` option has been deprecated.
This option can now be configured directly on the `TCPServersTransport` level, please take a look at this [documentation](../routing/services/index.md#terminationdelay)
### Kubernetes CRDs API Group `traefik.containo.us`

8
docs/content/migrate/v2-to-v3.md
View File

@@ -11,7 +11,7 @@ How to Migrate from Traefik v2 to Traefik v3.
!!! success "Streamlined Migration Process"
Traefik v3 introduces minimal breaking changes and maintains backward compatibility with v2 syntax in dynamic configuration, offering a gradual migration path.
With Traefik v3, we are introducing a streamlined transition process from v2. Minimal breaking changes have been made to specific options in the [static configuration](./v2-to-v3-details.md#static-configuration-changes "Link to static configuration changes"), and we are ensuring backward compatibility with v2 syntax in the [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes"). This will offer a gradual path for adopting the v3 syntax, allowing users to progressively migrate their Kubernetes ingress resources, Docker labels, etc., to the new format.
With Traefik v3, we are introducing a streamlined transition process from v2. Minimal breaking changes have been made to specific options in the [static configuration](./v2-to-v3-details.md#install-configuration-changes "Link to install configuration changes"), and we are ensuring backward compatibility with v2 syntax in the [dynamic configuration](./v2-to-v3-details.md#routing-configuration-changes "Link to routing configuration changes"). This will offer a gradual path for adopting the v3 syntax, allowing users to progressively migrate their Kubernetes ingress resources, Docker labels, etc., to the new format.
## Migration Overview
@@ -33,7 +33,7 @@ The migration process consists of three progressive steps designed to minimize r
**Review and Update Static Configuration**
Check the changes in [static configurations](./v2-to-v3-details.md#static-configuration-changes "Link to static configuration changes") and [operations](./v2-to-v3-details.md#operations-changes "Link to operations changes") brought by Traefik v3. Modify your configurations accordingly.
Check the changes in [static configurations](./v2-to-v3-details.md#install-configuration-changes "Link to install configuration changes") and [operations](./v2-to-v3-details.md#operations-changes "Link to operations changes") brought by Traefik v3. Modify your configurations accordingly.
**Enable v2 Compatibility Mode**
@@ -110,13 +110,13 @@ We strongly advise you to follow a progressive migration strategy ([Kubernetes r
## Step 3: Progressively Migrate Dynamic Configuration
!!! info "Optional Immediate Step"
This step can be done later in the process, as Traefik v3 is compatible with the v2 format for [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes"). Enable Traefik logs to get some help if any deprecated option is in use.
This step can be done later in the process, as Traefik v3 is compatible with the v2 format for [dynamic configuration](./v2-to-v3-details.md#routing-configuration-changes "Link to routing configuration changes"). Enable Traefik logs to get some help if any deprecated option is in use.
### Migration Process
**Review Dynamic Configuration Changes**
Check the changes in [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes") to understand what updates are needed.
Check the changes in [dynamic configuration](./v2-to-v3-details.md#routing-configuration-changes "Link to routing configuration changes") to understand what updates are needed.
**Progressive Router Migration**

718
docs/content/migrate/v2.md
View File

@@ -1,719 +1,11 @@
---
title: "Traefik Migration Documentation"
title: "Traefik V2 Migration Documentation"
description: "Learn the steps needed to migrate to new Traefik Proxy v2 versions, i.e. v2.0 to v2.1 or v2.1 to v2.2. Read the technical documentation."
---
# Migration: Steps needed between the versions
# Migration: Steps needed between the v2 versions
## v2.0 to v2.1
The multiple minor versions of Traefik v2 introduced a number of changes,
which may require one to update their configuration when they migrate.
### Kubernetes CRD
In v2.1, a new Kubernetes CRD called `TraefikService` was added.
While updating an installation to v2.1,
one should apply that CRD, and update the existing `ClusterRole` definition to allow Traefik to use that CRD.
To add that CRD and enhance the permissions, the following definitions need to be applied to the cluster.
```yaml tab="TraefikService"
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TraefikService
plural: traefikservices
singular: traefikservice
scope: Namespaced
```
```yaml tab="ClusterRole"
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.io
- traefik.containo.us
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
- serverstransporttcps
verbs:
- get
- list
- watch
```
After having both resources applied, Traefik will work properly.
## v2.1 to v2.2
### Headers middleware: accessControlAllowOrigin
`accessControlAllowOrigin` is deprecated.
This field will be removed in future 2.x releases.
Please configure your allowed origins in `accessControlAllowOriginList` instead.
### Kubernetes CRD
In v2.2, new Kubernetes CRDs called `TLSStore` and `IngressRouteUDP` were added.
While updating an installation to v2.2,
one should apply that CRDs, and update the existing `ClusterRole` definition to allow Traefik to use that CRDs.
To add that CRDs and enhance the permissions, the following definitions need to be applied to the cluster.
```yaml tab="TLSStore"
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsstores.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSStore
plural: tlsstores
singular: tlsstore
scope: Namespaced
```
```yaml tab="IngressRouteUDP"
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressrouteudps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteUDP
plural: ingressrouteudps
singular: ingressrouteudp
scope: Namespaced
```
```yaml tab="ClusterRole"
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.io
- traefik.containo.us
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
- serverstransporttcps
verbs:
- get
- list
- watch
```
After having both resources applied, Traefik will work properly.
### Kubernetes Ingress
To enable HTTPS, it is not sufficient anymore to only rely on a TLS section in the Ingress.
#### Expose an Ingress on 80 and 443
Define the default TLS configuration on the HTTPS entry point.
```yaml tab="Ingress"
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: example
spec:
tls:
- secretName: my-tls-secret
rules:
- host: example.com
http:
paths:
- path: "/foo"
backend:
serviceName: example-com
servicePort: 80
```
Entry points definition and enable Ingress provider:
```yaml tab="File (YAML)"
# Static configuration
entryPoints:
web:
address: :80
websecure:
address: :443
http:
tls: {}
providers:
kubernetesIngress: {}
```
```toml tab="File (TOML)"
# Static configuration
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[entryPoints.websecure.http]
[entryPoints.websecure.http.tls]
[providers.kubernetesIngress]
```
```bash tab="CLI"
# Static configuration
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--providers.kubernetesIngress=true
```
#### Use TLS only on one Ingress
Define the TLS restriction with annotations.
```yaml tab="Ingress"
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: example-tls
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec:
tls:
- secretName: my-tls-secret
rules:
- host: example.com
http:
paths:
- path: ""
backend:
serviceName: example-com
servicePort: 80
```
Entry points definition and enable Ingress provider:
```yaml tab="File (YAML)"
# Static configuration
entryPoints:
web:
address: :80
websecure:
address: :443
providers:
kubernetesIngress: {}
```
```toml tab="File (TOML)"
# Static configuration
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[providers.kubernetesIngress]
```
```bash tab="CLI"
# Static configuration
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--providers.kubernetesIngress=true
```
## v2.2.2 to v2.2.5
### InsecureSNI removal
In `v2.2.2` we introduced a new flag (`insecureSNI`) which was available as a global option to disable domain fronting.
Since `v2.2.5` this global option has been removed, and you should not use it anymore.
### HostSNI rule matcher removal
In `v2.2.2` we introduced a new rule matcher (`HostSNI`) for HTTP routers which was allowing to match the Server Name Indication at the router level.
Since `v2.2.5` this rule has been removed for HTTP routers, and you should not use it anymore.
## v2.2 to v2.3
### X.509 CommonName Deprecation
The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present, is now disabled by default.
It means that if one is using https with your backend servers, and a certificate with only a CommonName,
Traefik will not try to match the server name indication with the CommonName anymore.
It can be temporarily re-enabled by adding the value `x509ignoreCN=0` to the `GODEBUG` environment variable.
More information: https://golang.org/doc/go1.15#commonname
### File Provider
The file parser has been changed, since v2.3 the unknown options/fields in a dynamic configuration file are treated as errors.
### IngressClass
In `v2.3`, the support of `IngressClass`, which is available since Kubernetes version `1.18`, has been introduced.
In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated.
## v2.3 to v2.4
### ServersTransport
In `v2.4.0`, the support of `ServersTransport` has been introduced.
It is therefore necessary to update [RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-crd.md) definitions.
## v2.4.7 to v2.4.8
### Non-ASCII Domain Names
In `v2.4.8`, we introduced a new check on domain names used in HTTP router rule `Host` and `HostRegexp` expressions,
and in TCP router rule `HostSNI` expression.
This check ensures that provided domain names don't contain non-ASCII characters.
If not, an error is raised, and the associated router will be shown as invalid in the dashboard.
This new behavior is intended to show what was failing silently previously and to help troubleshooting configuration issues.
It doesn't change the support for non-ASCII domain names in routers rules, which is not part of the Traefik feature set so far.
In order to use non-ASCII domain names in a router's rule, one should use the Punycode form of the domain name.
For more information, please read the [HTTP routers rule](../routing/routers/index.md#rule) part or [TCP router rules](../routing/routers/index.md#rule_1) part of the documentation.
## v2.4.8 to v2.4.9
### Tracing Span
In `v2.4.9`, we changed span error to log only server errors (>= 500).
## v2.4.9 to v2.4.10
### K8S CrossNamespace
In `v2.4.10`, the default value for `allowCrossNamespace` has been changed to `false`.
### K8S ExternalName Service
In `v2.4.10`, by default, it is no longer authorized to reference Kubernetes ExternalName services.
To allow it, the `allowExternalNameServices` option should be set to `true`.
## v2.4 to v2.5
### Kubernetes CRD
In `v2.5`, the [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions) have been updated to support the new API version `apiextensions.k8s.io/v1`.
As required by `apiextensions.k8s.io/v1`, we have included the OpenAPI validation schema.
After deploying the new [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions), the resources will be validated only on creation or update.
Please note that the unknown fields will not be pruned when migrating from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1` CRDs.
For more details check out the official [documentation](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema).
### Kubernetes Ingress
Traefik v2.5 moves forward for the Ingress provider to support Kubernetes v1.22.
Traefik now supports only v1.14+ Kubernetes clusters, which means the support of `extensions/v1beta1` API Version ingresses has been dropped.
The `extensions/v1beta1` API Version should now be replaced either by `networking.k8s.io/v1beta1` or by `networking.k8s.io/v1` (as of Kubernetes v1.19+).
The support of the `networking.k8s.io/v1beta1` API Version will stop in Kubernetes v1.22.
### Headers middleware: ssl redirect options
`sslRedirect`, `sslTemporaryRedirect`, `sslHost` and `sslForceHost` are deprecated in Traefik v2.5.
For simple HTTP to HTTPS redirection, you may use [EntryPoints redirections](../routing/entrypoints.md#redirection).
For more advanced use cases, you can use either the [RedirectScheme middleware](../middlewares/http/redirectscheme.md) or the [RedirectRegex middleware](../middlewares/http/redirectregex.md).
### Headers middleware: accessControlAllowOrigin
`accessControlAllowOrigin` is no longer supported in Traefik v2.5.
### X.509 CommonName Deprecation Bis
Following up on the deprecation started [previously](#x509-commonname-deprecation),
as the `x509ignoreCN=0` value for the `GODEBUG` is [deprecated in Go 1.17](https://tip.golang.org/doc/go1.17#crypto/x509),
the legacy behavior related to the CommonName field cannot be enabled at all anymore.
## v2.5.3 to v2.5.4
### Errors middleware
In `v2.5.4`, when the errors service is configured with the [`PassHostHeader`](../routing/services/index.md#pass-host-header) option to `true` (default),
the forwarded Host header value is now set to the client request Host value and not `0.0.0.0`.
Check out the [Errors middleware](../middlewares/http/errorpages.md#service) documentation for more details.
## v2.5 to v2.6
### HTTP/3
Traefik v2.6 introduces the `AdvertisedPort` option,
which allows advertising, in the `Alt-Svc` header, a UDP port different from the one on which Traefik is actually listening (the EntryPoint's port).
By doing so, it introduces a new configuration structure `http3`, which replaces the `enableHTTP3` option (which therefore doesn't exist anymore).
To enable HTTP/3 on an EntryPoint, please check out the [HTTP/3 configuration](../routing/entrypoints.md#http3) documentation.
### Kubernetes Gateway API Provider
In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) of the specification and
[route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces.
Therefore, the RBAC and CRD definitions must be updated.
## v2.6.0 to v2.6.1
### Metrics
In `v2.6.1`, the metrics system does not support any more custom HTTP method verbs to prevent potential metrics cardinality overhead.
In consequence, for metrics having the method label,
if the HTTP method verb of a request is not one defined in the set of common methods for [`HTTP/1.1`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods)
or the [`PRI`](https://datatracker.ietf.org/doc/html/rfc7540#section-11.6) verb (for `HTTP/2`),
the value for the method label becomes `EXTENSION_METHOD`, instead of the request's one.
### Tracing
In `v2.6.1`, the Datadog tags added to a span changed from `service.name` to `traefik.service.name` and from `router.name` to `traefik.router.name`.
## v2.8
### TLS client authentication
In `v2.8`, the `caOptional` option is deprecated as TLS client authentication is a server side option.
This option available in the ForwardAuth middleware, as well as in the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers has no effect and must not be used anymore.
### Consul Enterprise Namespaces
In `v2.8`, the `namespace` option of Consul and Consul Catalog providers is deprecated, please use the `namespaces` options instead.
### Traefik Pilot
In `v2.8`, the `pilot.token` and `pilot.dashboard` options are deprecated.
Please check our Blog for migration instructions later this year.
## v2.8.2
Since `v2.5.0`, the `PreferServerCipherSuites` is [deprecated and ignored](https://tip.golang.org/doc/go1.17#crypto/tls) by Go,
in `v2.8.2` the `preferServerCipherSuites` option is also deprecated and ignored in Traefik.
In `v2.8.2`, Traefik now reject certificates signed with the SHA-1 hash function. ([details](https://tip.golang.org/doc/go1.18#sha1))
## v2.9
### Traefik Pilot
In `v2.9`, Traefik Pilot support has been removed.
## v2.10
### Nomad Namespace
In `v2.10`, the `namespace` option of the Nomad provider is deprecated, please use the `namespaces` options instead.
### Kubernetes CRDs
In `v2.10`, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
As the Kubernetes CRD provider still works with both API Versions (`traefik.io/v1alpha1` and `traefik.containo.us/v1alpha1`),
it means that for the same kind, namespace and name, the provider will only keep the `traefik.io/v1alpha1` resource.
In addition, the Kubernetes CRDs API Version `traefik.containo.us/v1alpha1` will not be supported in Traefik v3 itself.
Please note that it is a requirement to update the CRDs and the RBAC in the cluster before upgrading Traefik.
To do so, please apply the required [CRDs](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml) and [RBAC](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml) manifests for v2.10:
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
```
### Traefik Hub
In `v2.10`, Traefik Hub configuration has been removed because Traefik Hub v2 doesn't require this configuration.
## v2.11
### IPWhiteList (HTTP)
In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/http/ipallowlist.md) middleware instead.
### IPWhiteList (TCP)
In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
### TLS CipherSuites
> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
Decision has been made to support ECDHE cipher suites only by default.
The following ciphers have been removed from the default list:
- `TLS_RSA_WITH_AES_128_CBC_SHA`
- `TLS_RSA_WITH_AES_256_CBC_SHA`
- `TLS_RSA_WITH_AES_128_GCM_SHA256`
- `TLS_RSA_WITH_AES_256_GCM_SHA384`
To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](../https/tls.md#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
### Minimum TLS Version
> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
> matching the behavior of crypto/tls clients.
> This change can be reverted with the `tls10server=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](../https/tls.md#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.
## v2.11.1
### Maximum Router Priority Value
Before v2.11.1, the maximum user-defined router priority value is:
- `MaxInt32` for 32-bit platforms,
- `MaxInt64` for 64-bit platforms.
Please check out the [go documentation](https://pkg.go.dev/math#pkg-constants) for more information.
In v2.11.1, Traefik reserves a range of priorities for its internal routers and now,
the maximum user-defined router priority value is:
- `(MaxInt32 - 1000)` for 32-bit platforms,
- `(MaxInt64 - 1000)` for 64-bit platforms.
### EntryPoint.Transport.RespondingTimeouts.<Timeout>
Starting with `v2.11.1` the following timeout options are deprecated:
- `<entryPoint>.transport.respondingTimeouts.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.idleTimeout`
They have been replaced by:
- `<entryPoint>.transport.respondingTimeouts.http.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.idleTimeout`
### EntryPoint.Transport.RespondingTimeouts.TCP.LingeringTimeout
Starting with `v2.11.1` a new `lingeringTimeout` entryPoints option has been introduced, with a default value of 2s.
The lingering timeout defines the maximum duration between each TCP read operation on the connection.
As a layer 4 timeout, it applies during HTTP handling but respects the configured HTTP server `readTimeout`.
This change avoids Traefik instances with the default configuration hanging while waiting for bytes to be read on the connection.
We suggest to adapt this value accordingly to your situation.
The new default value is purposely narrowed and can close the connection too early.
Increasing the `lingeringTimeout` value could be the solution notably if you are dealing with the following errors:
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
## v2.11.2
### LingeringTimeout
Starting with `v2.11.2` the `<entrypoint>.transport.respondingTimeouts.tcp.lingeringTimeout` introduced in `v2.11.1` has been removed.
### RespondingTimeouts.TCP and RespondingTimeouts.HTTP
Starting with `v2.11.2` the `respondingTimeouts.tcp` and `respondingTimeouts.http` sections introduced in `v2.11.1` have been removed.
To configure the responding timeouts, please use the [`respondingTimeouts`](../routing/entrypoints.md#respondingtimeouts) section.
### EntryPoint.Transport.RespondingTimeouts.ReadTimeout
Starting with `v2.11.2` the entryPoints [`readTimeout`](../routing/entrypoints.md#respondingtimeouts) option default value changed to 60 seconds.
For HTTP, this option defines the maximum duration for reading the entire request, including the body.
For TCP, this option defines the maximum duration for the first bytes to be read on the connection.
The default value was previously set to zero, which means no timeout.
This change has been done to avoid Traefik instances with the default configuration to be hanging forever while waiting for bytes to be read on the connection.
Increasing the `readTimeout` value could be the solution notably if you are dealing with the following errors:
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
## v2.11.3
### Connection headers
In `v2.11.3`, the handling of the request Connection headers directives has changed to prevent any abuse.
Before, Traefik removed any header listed in the Connection header just before forwarding the request to the backends.
Now, Traefik removes the headers listed in the Connection header as soon as the request is handled.
As a consequence, middlewares do not have access to those Connection headers,
and a new option has been introduced to specify which ones could go through the middleware chain before being removed: `<entrypoint>.forwardedHeaders.connection`.
Please check out the [entrypoint forwarded headers connection option configuration](../routing/entrypoints.md#forwarded-headers) documentation.
## v2.11.14
### X-Forwarded-Prefix
In `v2.11.14`, the `X-Forwarded-Prefix` header is now handled like the other `X-Forwarded-*` headers: Traefik removes it when it's sent from an untrusted source.
Please refer to the Forwarded headers [documentation](../routing/entrypoints.md#forwarded-headers) for more details.
## v2.11.24
### Request Path Sanitization
Since `v2.11.24`, the incoming request path is now cleaned before being used to match the router rules and sent to the backends.
Any `/../`, `/./` or duplicate slash segments in the request path is interpreted and/or collapsed.
If you want to disable this behavior, you can set the [`sanitizePath` option](../routing/entrypoints.md#sanitizepath) to `false` in the entryPoint HTTP configuration.
This can be useful when dealing with legacy clients that are not url-encoding data in the request path.
For example, as base64 uses the “/” character internally,
if it's not url encoded,
it can lead to unsafe routing when the `sanitizePath` option is set to `false`.
!!! warning "Security"
Setting the `sanitizePath` option to `false` is not safe.
Ensure every request is properly url encoded instead.
## v2.11.25
### Request Path Normalization
Since `v2.11.25`, the request path is now normalized by decoding unreserved characters in the request path,
and also uppercasing the percent-encoded characters.
This follows [RFC 3986 percent-encoding normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2),
and [RFC 3986 case normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.1).
The normalization happens before the request path is sanitized,
and cannot be disabled.
This notably helps with encoded dots characters (which are unreserved characters) to be sanitized properly.
### Routing Path
Since `v2.11.25`, the reserved characters [(as per RFC 3986)](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) are kept encoded in the request path when matching the router rules.
Those characters, when decoded, change the meaning of the request path for routing purposes,
and Traefik now keeps them encoded to avoid any ambiguity.
### Request Path Matching Examples
| Request Path | Router Rule | Traefik v2.11.24 | Traefik v2.11.25 |
|-------------------|------------------------|------------------|------------------|
| `/foo%2Fbar` | PathPrefix(`/foo/bar`) | Match | No match |
| `/foo/../bar` | PathPrefix(`/foo`) | No match | No match |
| `/foo/../bar` | PathPrefix(`/bar`) | Match | Match |
| `/foo/%2E%2E/bar` | PathPrefix(`/foo`) | Match | No match |
| `/foo/%2E%2E/bar` | PathPrefix(`/bar`) | No match | Match |
## v2.11.28
### MultiPath TCP
Since `v2.11.28`, the MultiPath TCP support introduced with `v2.11.26` has been removed.
It appears that enabling MPTCP on some platforms can cause Traefik to stop with the following error logs message:
- `set tcp X.X.X.X:X->X.X.X.X:X: setsockopt: operation not supported`
However, it can be re-enabled by setting the `multipathtcp` variable in the GODEBUG environment variable, see the related [go documentation](https://go.dev/doc/godebug#go-124).
For more information about the changes between Traefik v2 minor versions, please refer to the [v2 documentation](https://doc.traefik.io/traefik/v2.11/migration/v2/).

50
docs/content/migrate/v3.md
View File

@@ -113,9 +113,9 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.3/docs/con
**Updated Resources:**
- [TraefikService](../../routing/services/#mirroring-service) ([PR #11032](https://github.com/traefik/traefik/pull/11032))
- [RateLimit](../../middlewares/http/ratelimit/) & [InFlightReq](../../middlewares/http/inflightreq/) middlewares ([PR #9747](https://github.com/traefik/traefik/pull/9747))
- [Compress](../../middlewares/http/compress/) middleware ([PR #10943](https://github.com/traefik/traefik/pull/10943))
- [TraefikService](../routing/services/index.md#mirroring-service) ([PR #11032](https://github.com/traefik/traefik/pull/11032))
- [RateLimit](../middlewares/http/ratelimit.md) & [InFlightReq](../middlewares/http/inflightreq.md) middlewares ([PR #9747](https://github.com/traefik/traefik/pull/9747))
- [Compress](../middlewares/http/compress.md) middleware ([PR #10943](https://github.com/traefik/traefik/pull/10943))
### Kubernetes Gateway Provider Standard Channel
@@ -189,7 +189,7 @@ the `backendtlspolicies` and `backendtlspolicies/status` rights have to be added
## v3.2.1
### X-Forwarded-Prefix Header Changes
### `X-Forwarded-Prefix` Header Changes
In v3.2.1, the `X-Forwarded-Prefix` header is now handled like other `X-Forwarded-*` headers - Traefik removes it when sent from untrusted sources.
@@ -326,7 +326,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/con
!!! warning "Deprecation"
The `RoundRobin` strategy is deprecated but still supported (equivalent to `wrr`). It will be removed in the next major release.
Refer to the [HTTP Services Load Balancing documentation](../../routing/services/#load-balancing-strategy) for detailed information.
Refer to the [HTTP Services Load Balancing documentation](../routing/services/index.md#load-balancing-strategy) for detailed information.
#### ServersTransport CA Certificate Configuration
@@ -413,12 +413,12 @@ Reserved characters change the meaning of request paths when decoded. Keeping th
The following table illustrates how path matching behavior has changed:
| Request Path | Router Rule | Traefik v3.4.0 | Traefik v3.4.1 | Explanation |
|-------------------|------------------------|----------------|----------------|-------------|
| `/foo%2Fbar` | ```PathPrefix(`/foo/bar`)``` | Match | No match | `%2F` (/) stays encoded, preventing false matches |
| `/foo/../bar` | ```PathPrefix(`/foo`)``` | No match | No match | Path traversal is sanitized away |
| `/foo/../bar` | ```PathPrefix(`/bar`)``` | Match | Match | Resolves to `/bar` after sanitization |
| `/foo/%2E%2E/bar` | ```PathPrefix(`/foo`)``` | Match | No match | Encoded dots normalized then sanitized |
| Request Path | Router Rule | Traefik v3.4.0 | Traefik v3.4.1 | Explanation |
|-------------------|------------------------------|----------------|----------------|-------------------------------------------------------|
| `/foo%2Fbar` | ```PathPrefix(`/foo/bar`)``` | Match | No match | `%2F` (/) stays encoded, preventing false matches |
| `/foo/../bar` | ```PathPrefix(`/foo`)``` | No match | No match | Path traversal is sanitized away |
| `/foo/../bar` | ```PathPrefix(`/bar`)``` | Match | Match | Resolves to `/bar` after sanitization |
| `/foo/%2E%2E/bar` | ```PathPrefix(`/foo`)``` | Match | No match | Encoded dots normalized then sanitized |
| `/foo/%2E%2E/bar` | ```PathPrefix(`/bar`)``` | No match | Match | Resolves to `/bar` after normalization + sanitization |
## v3.4.5
@@ -452,7 +452,7 @@ Possible values are:
- `minimal`: produces a single server span and one client span for each request processed by a router.
- `detailed`: enables the creation of additional spans for each middleware executed for each request processed by a router.
See the updated documentation for [entrypoints](../reference/install-configuration/entrypoints.md) and [dynamic routers](../reference/routing-configuration/http/router/observability.md#traceverbosity).
See the updated documentation for [entrypoints](../reference/install-configuration/entrypoints.md) and [dynamic routers](../reference/routing-configuration/http/routing/observability.md#traceverbosity).
#### K8s Resource Attributes
@@ -470,3 +470,29 @@ For that purpose, the following right has to be added to the Traefik Kubernetes
- get
...
```
---
## v3.5.2
### Deprecation of ProxyProtocol option
Starting with `v3.5.2`, the `proxyProtocol` option for TCP LoadBalancer is deprecated.
This option can now be configured at the `TCPServersTransport` level, please check out the [documentation](../reference/routing-configuration/tcp/serverstransport.md) for more details.
#### Kubernetes CRD Provider
To use the new `proxyprotocol` option in the Kubernetes CRD provider, you need to update your CRDs.
**Apply Updated CRDs:**
```shell
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.5/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
```
## v3.5.4
### Certificate Metric Renamed with OpenTelemetry
Starting with `v3.5.4`, and when using OpenTelemetry, the `traefik_tls_certs_not_after_milliseconds` metric is renamed to `traefik_tls_certs_not_after_seconds`.
This change aligns the metric name with its real unit precision, which is in seconds.

24
docs/content/observability/access-logs.md
View File

@@ -69,27 +69,43 @@ accessLog:
_Optional, Default="common"_
By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option.
If the given format is unsupported, the default (CLF) is used instead.
By default, logs are written using the Traefik Common Log Format (CLF).
The available log formats are:
!!! info "Common Log Format"
- `common` - Traefik's extended CLF format (default)
- `genericCLF` - Generic CLF format compatible with standard log analyzers
- `json` - JSON format for structured logging
If the given format is unsupported, the default (`common`) is used instead.
!!! info "Traefik Common Log Format vs Generic CLF"
**Traefik Common Log Format (`common`):**
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <HTTP_status> <content-length> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
```
**Generic CLF Format (`genericCLF`):**
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <HTTP_status> <content-length> "<request_referrer>" "<request_user_agent>"
```
The `genericCLF` format omits Traefik-specific fields (request count, router name, service URL, and duration) for better compatibility with standard CLF parsers.
```yaml tab="File (YAML)"
# JSON format
accessLog:
format: "json"
```
```toml tab="File (TOML)"
# JSON format
[accessLog]
format = "json"
```
```bash tab="CLI"
# JSON format
--accesslog.format=json
```

1
docs/content/observability/logs.md
View File

@@ -20,6 +20,7 @@ Traefik logs concern everything that happens to Traefik itself (startup, configu
By default, the logs are written to the standard output.
You can configure a file path instead using the `filePath` option.
When `filePath` is specified, Traefik will write logs only to that file (not to standard output).
```yaml tab="File (YAML)"
# Writing Logs to a File

2
docs/content/observability/tracing/opentelemetry.md
View File

@@ -5,7 +5,7 @@ description: "Traefik supports several tracing backends, including OpenTelemetry
# OpenTelemetry
Traefik Proxy follows [official OpenTelemetry semantic conventions v1.26.0](https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md).
Traefik Proxy follows [official OpenTelemetry semantic conventions v1.37.0](https://github.com/open-telemetry/semantic-conventions/blob/v1.37.0/docs/http/http-spans.md).
To enable the OpenTelemetry tracer:

7
docs/content/observe/logs-and-access-logs.md
View File

@@ -155,8 +155,9 @@ When the `observability` options are not defined on a router, it inherits the be
Traefik Proxy supports the following log formats:
- Common Log Format (CLF)
- JSON
- `common` - Traefik's extended CLF format (default)
- `genericCLF` - Generic CLF format compatible with standard log analyzers
- `json` - JSON format for structured logging
## Access Log Filters
@@ -172,7 +173,7 @@ The available filters are:
When using the `json` format, you can customize which fields are included in your access logs.
- **Request Fields:** You can choose to `keep`, `drop`, or `redact` any of the standard request fields. A complete list of available fields like `ClientHost`, `RequestMethod`, and `Duration` can be found in the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md#available-fields).
- **Request Fields:** You can choose to `keep`, `drop`, or `redact` any of the standard request fields. A complete list of available fields like `ClientHost`, `RequestMethod`, and `Duration` can be found in the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md#json-format-fields).
- **Request Headers:** You can also specify which request headers should be included in the logs, and whether their values should be `kept`, `dropped`, or `redacted`.
!!! info

4
docs/content/operations/api.md
View File

@@ -46,7 +46,7 @@ And then define a routing configuration on Traefik itself with the
--8<-- "content/operations/include-api-examples.md"
??? warning "The router's [rule](../../routing/routers/#rule) must catch requests for the URI path `/api`"
??? warning "The router's [rule](../routing/routers/index.md#rule) must catch requests for the URI path `/api`"
Using an "Host" rule is recommended, by catching all the incoming traffic on this host domain to the API.
However, you can also use "path prefix" rule or any combination or rules.
@@ -109,7 +109,7 @@ api:
--api.dashboard=true
```
!!! warning "With Dashboard enabled, the router [rule](../../routing/routers/#rule) must catch requests for both `/api` and `/dashboard`"
!!! warning "With Dashboard enabled, the router [rule](../routing/routers/index.md#rule) must catch requests for both `/api` and `/dashboard`"
Please check the [Dashboard documentation](./dashboard.md#dashboard-router-rule) to learn more about this and to get examples.
### `debug`

2
docs/content/operations/dashboard.md
View File

@@ -11,7 +11,7 @@ See What's Going On
The dashboard is the central place that shows you the current active routes handled by Traefik.
<figure>
<img src="../../assets/img/webui-dashboard.png" alt="Dashboard - Providers" />
<img src="../assets/img/webui-dashboard.png" alt="Dashboard - Providers" />
<figcaption>The dashboard in action</figcaption>
</figure>

4
docs/content/providers/consul-catalog.md
View File

@@ -477,7 +477,7 @@ _Optional, Default=true_
Expose Consul Catalog services by default in Traefik.
If set to `false`, services that don't have a `traefik.enable=true` tag will be ignored from the resulting routing configuration.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:
@@ -672,7 +672,7 @@ providers:
# ...
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
### `namespaces`

4
docs/content/providers/docker.md
View File

@@ -380,7 +380,7 @@ _Optional, Default=true_
Expose containers by default through Traefik.
If set to `false`, containers that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:
@@ -554,7 +554,7 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:

2
docs/content/providers/ecs.md
View File

@@ -214,7 +214,7 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:

4
docs/content/providers/nomad.md
View File

@@ -384,7 +384,7 @@ _Optional, Default=true_
Expose Nomad services by default in Traefik.
If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:
@@ -504,7 +504,7 @@ providers:
# ...
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
### `namespaces`

4
docs/content/providers/swarm.md
View File

@@ -424,7 +424,7 @@ _Optional, Default=true_
Expose containers by default through Traefik.
If set to `false`, containers that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:
@@ -621,7 +621,7 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:

20
docs/content/reference/dynamic-configuration/file.toml
View File

@@ -454,16 +454,16 @@
[tcp.services.TCPService01.loadBalancer]
serversTransport = "foobar"
terminationDelay = 42
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[tcp.services.TCPService01.loadBalancer.proxyProtocol]
version = 42
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[tcp.services.TCPService02]
[tcp.services.TCPService02.weighted]
@@ -489,6 +489,8 @@
dialKeepAlive = "42s"
dialTimeout = "42s"
terminationDelay = "42s"
[tcp.serversTransports.TCPServersTransport0.proxyProtocol]
version = 42
[tcp.serversTransports.TCPServersTransport0.tls]
serverName = "foobar"
insecureSkipVerify = true
@@ -509,6 +511,8 @@
dialKeepAlive = "42s"
dialTimeout = "42s"
terminationDelay = "42s"
[tcp.serversTransports.TCPServersTransport1.proxyProtocol]
version = 42
[tcp.serversTransports.TCPServersTransport1.tls]
serverName = "foobar"
insecureSkipVerify = true

8
docs/content/reference/dynamic-configuration/file.yaml
View File

@@ -518,14 +518,14 @@ tcp:
services:
TCPService01:
loadBalancer:
proxyProtocol:
version: 42
servers:
- address: foobar
tls: true
- address: foobar
tls: true
serversTransport: foobar
proxyProtocol:
version: 42
terminationDelay: 42
TCPService02:
weighted:
@@ -552,6 +552,8 @@ tcp:
TCPServersTransport0:
dialKeepAlive: 42s
dialTimeout: 42s
proxyProtocol:
version: 42
terminationDelay: 42s
tls:
serverName: foobar
@@ -573,6 +575,8 @@ tcp:
TCPServersTransport1:
dialKeepAlive: 42s
dialTimeout: 42s
proxyProtocol:
version: 42
terminationDelay: 42s
tls:
serverName: foobar

124
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@@ -64,12 +64,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@@ -89,7 +89,7 @@ spec:
observability:
description: |-
Observability defines the observability configuration for a router.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
properties:
accessLogs:
description: AccessLogs enables access logs for this router.
@@ -112,7 +112,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@@ -263,7 +263,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -332,7 +332,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
type: string
required:
@@ -342,18 +342,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -372,17 +372,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
required:
- name
@@ -399,12 +399,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
required:
- name
@@ -464,7 +464,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@@ -477,7 +477,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@@ -501,7 +501,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@@ -543,7 +543,8 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
properties:
version:
description: Version defines the PROXY Protocol version
@@ -584,7 +585,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
enum:
- v3
@@ -597,18 +598,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -627,7 +628,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik
@@ -719,7 +720,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@@ -807,7 +808,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
properties:
apiVersion:
description: |-
@@ -848,12 +849,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
type: string
realm:
description: |-
@@ -913,7 +914,7 @@ spec:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@@ -976,7 +977,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@@ -1026,12 +1027,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
type: string
realm:
description: |-
@@ -1051,7 +1052,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
properties:
query:
description: |-
@@ -1063,7 +1064,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@@ -1205,7 +1206,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -1292,7 +1293,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@@ -1320,7 +1321,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
type: string
forwardBody:
description: ForwardBody defines whether to send the request body
@@ -1329,7 +1330,7 @@ spec:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
type: string
maxBodySize:
description: MaxBodySize defines the maximum body size in bytes
@@ -1795,13 +1796,13 @@ spec:
x-kubernetes-preserve-unknown-fields: true
description: |-
Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
type: object
rateLimit:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
properties:
average:
description: |-
@@ -2019,7 +2020,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
properties:
attempts:
description: Attempts defines how many times the request should
@@ -2099,7 +2100,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
properties:
apiVersion:
description: |-
@@ -2136,7 +2137,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -2150,7 +2151,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -2189,7 +2190,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
properties:
apiVersion:
description: |-
@@ -2275,7 +2276,7 @@ spec:
maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host.
minimum: 0
minimum: -1
type: integer
peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against
@@ -2358,7 +2359,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
properties:
apiVersion:
description: |-
@@ -2400,6 +2401,15 @@ spec:
to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
proxyProtocol:
description: ProxyProtocol holds the PROXY Protocol configuration.
properties:
version:
description: Version defines the PROXY Protocol version to use.
maximum: 2
minimum: 1
type: integer
type: object
terminationDelay:
anyOf:
- type: integer
@@ -2503,7 +2513,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
properties:
apiVersion:
description: |-
@@ -2528,14 +2538,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
items:
type: string
type: array
@@ -2563,7 +2573,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
items:
type: string
type: array
@@ -2623,7 +2633,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
properties:
apiVersion:
description: |-
@@ -2721,7 +2731,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
properties:
apiVersion:
description: |-
@@ -2985,7 +2995,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -3113,7 +3123,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -3326,7 +3336,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -3394,7 +3404,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

920
docs/content/reference/dynamic-configuration/kv-ref.md
View File

@@ -5,462 +5,464 @@ THIS FILE MUST NOT BE EDITED BY HAND
| Key (Path) | Value |
|------------|-------|
| `traefik/http/middlewares/Middleware01/addPrefix/prefix` | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/headerField` | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/realm` | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/removeHeader` | `true` |
| `traefik/http/middlewares/Middleware02/basicAuth/users/0` | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/users/1` | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/usersFile` | `foobar` |
| `traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes` | `42` |
| `traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes` | `42` |
| `traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes` | `42` |
| `traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes` | `42` |
| `traefik/http/middlewares/Middleware03/buffering/retryExpression` | `foobar` |
| `traefik/http/middlewares/Middleware04/chain/middlewares/0` | `foobar` |
| `traefik/http/middlewares/Middleware04/chain/middlewares/1` | `foobar` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod` | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/responseCode` | `42` |
| `traefik/http/middlewares/Middleware06/compress/defaultEncoding` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/encodings/0` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/encodings/1` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/1` | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` |
| `traefik/http/middlewares/Middleware07/contentType/autoDetect` | `true` |
| `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` |
| `traefik/http/middlewares/Middleware08/digestAuth/users/0` | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/users/1` | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/usersFile` | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/query` | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/service` | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/status/0` | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/status/1` | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/statusRewrites/name0` | `42` |
| `traefik/http/middlewares/Middleware09/errors/statusRewrites/name1` | `42` |
| `traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/0` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/1` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/address` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/forwardBody` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/headerField` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/maxBodySize` | `42` |
| `traefik/http/middlewares/Middleware10/forwardAuth/preserveLocationHeader` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/preserveRequestMethod` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader` | `true` |
| `traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/0` | `foobar` |
| `traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowCredentials` | `true` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlMaxAge` | `42` |
| `traefik/http/middlewares/Middleware12/headers/addVaryHeader` | `true` |
| `traefik/http/middlewares/Middleware12/headers/allowedHosts/0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/allowedHosts/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/browserXssFilter` | `true` |
| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/contentTypeNosniff` | `true` |
| `traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/featurePolicy` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/forceSTSHeader` | `true` |
| `traefik/http/middlewares/Middleware12/headers/frameDeny` | `true` |
| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/isDevelopment` | `true` |
| `traefik/http/middlewares/Middleware12/headers/permissionsPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/publicKey` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/referrerPolicy` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslForceHost` | `true` |
| `traefik/http/middlewares/Middleware12/headers/sslHost` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1` | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslRedirect` | `true` |
| `traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect` | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains` | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsPreload` | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsSeconds` | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/rejectStatusCode` | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/0` | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/1` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/amount` | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHost` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/commonName` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/country` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/domainComponent` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/locality` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/organization` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/province` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/serialNumber` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/notAfter` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/notBefore` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/sans` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/serialNumber` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/commonName` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/country` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/domainComponent` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/locality` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organization` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organizationalUnit` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/province` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/serialNumber` | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/pem` | `true` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf0/name0` | `foobar` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf0/name1` | `foobar` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf1/name0` | `foobar` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf1/name1` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/average` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/burst` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/period` | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/db` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/dialTimeout` | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/0` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/1` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/maxActiveConns` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/minIdleConns` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/password` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/poolSize` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/readTimeout` | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/ca` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/cert` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/insecureSkipVerify` | `true` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/key` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/username` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/writeTimeout` | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/ipv6Subnet` | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHost` | `true` |
| `traefik/http/middlewares/Middleware19/redirectRegex/permanent` | `true` |
| `traefik/http/middlewares/Middleware19/redirectRegex/regex` | `foobar` |
| `traefik/http/middlewares/Middleware19/redirectRegex/replacement` | `foobar` |
| `traefik/http/middlewares/Middleware20/redirectScheme/permanent` | `true` |
| `traefik/http/middlewares/Middleware20/redirectScheme/port` | `foobar` |
| `traefik/http/middlewares/Middleware20/redirectScheme/scheme` | `foobar` |
| `traefik/http/middlewares/Middleware21/replacePath/path` | `foobar` |
| `traefik/http/middlewares/Middleware22/replacePathRegex/regex` | `foobar` |
| `traefik/http/middlewares/Middleware22/replacePathRegex/replacement` | `foobar` |
| `traefik/http/middlewares/Middleware23/retry/attempts` | `42` |
| `traefik/http/middlewares/Middleware23/retry/initialInterval` | `42s` |
| `traefik/http/middlewares/Middleware24/stripPrefix/forceSlash` | `true` |
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0` | `foobar` |
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1` | `foobar` |
| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0` | `foobar` |
| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/1` | `foobar` |
| `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
| `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
| `traefik/http/routers/Router0/middlewares/0` | `foobar` |
| `traefik/http/routers/Router0/middlewares/1` | `foobar` |
| `traefik/http/routers/Router0/observability/accessLogs` | `true` |
| `traefik/http/routers/Router0/observability/metrics` | `true` |
| `traefik/http/routers/Router0/observability/traceVerbosity` | `foobar` |
| `traefik/http/routers/Router0/observability/tracing` | `true` |
| `traefik/http/routers/Router0/priority` | `42` |
| `traefik/http/routers/Router0/rule` | `foobar` |
| `traefik/http/routers/Router0/ruleSyntax` | `foobar` |
| `traefik/http/routers/Router0/service` | `foobar` |
| `traefik/http/routers/Router0/tls/certResolver` | `foobar` |
| `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` |
| `traefik/http/routers/Router0/tls/domains/0/sans/0` | `foobar` |
| `traefik/http/routers/Router0/tls/domains/0/sans/1` | `foobar` |
| `traefik/http/routers/Router0/tls/domains/1/main` | `foobar` |
| `traefik/http/routers/Router0/tls/domains/1/sans/0` | `foobar` |
| `traefik/http/routers/Router0/tls/domains/1/sans/1` | `foobar` |
| `traefik/http/routers/Router0/tls/options` | `foobar` |
| `traefik/http/routers/Router1/entryPoints/0` | `foobar` |
| `traefik/http/routers/Router1/entryPoints/1` | `foobar` |
| `traefik/http/routers/Router1/middlewares/0` | `foobar` |
| `traefik/http/routers/Router1/middlewares/1` | `foobar` |
| `traefik/http/routers/Router1/observability/accessLogs` | `true` |
| `traefik/http/routers/Router1/observability/metrics` | `true` |
| `traefik/http/routers/Router1/observability/traceVerbosity` | `foobar` |
| `traefik/http/routers/Router1/observability/tracing` | `true` |
| `traefik/http/routers/Router1/priority` | `42` |
| `traefik/http/routers/Router1/rule` | `foobar` |
| `traefik/http/routers/Router1/ruleSyntax` | `foobar` |
| `traefik/http/routers/Router1/service` | `foobar` |
| `traefik/http/routers/Router1/tls/certResolver` | `foobar` |
| `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` |
| `traefik/http/routers/Router1/tls/domains/0/sans/0` | `foobar` |
| `traefik/http/routers/Router1/tls/domains/0/sans/1` | `foobar` |
| `traefik/http/routers/Router1/tls/domains/1/main` | `foobar` |
| `traefik/http/routers/Router1/tls/domains/1/sans/0` | `foobar` |
| `traefik/http/routers/Router1/tls/domains/1/sans/1` | `foobar` |
| `traefik/http/routers/Router1/tls/options` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/0/certFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/0/keyFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/1/certFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/1/keyFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/disableHTTP2` | `true` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/pingTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/readIdleTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport0/insecureSkipVerify` | `true` |
| `traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost` | `42` |
| `traefik/http/serversTransports/ServersTransport0/peerCertURI` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/rootCAs/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/rootCAs/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/serverName` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/trustDomain` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/0/certFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/1/certFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/1/keyFile` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/disableHTTP2` | `true` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/pingTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/readIdleTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout` | `42s` |
| `traefik/http/serversTransports/ServersTransport1/insecureSkipVerify` | `true` |
| `traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost` | `42` |
| `traefik/http/serversTransports/ServersTransport1/peerCertURI` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/0` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/1` | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/trustDomain` | `foobar` |
| `traefik/http/services/Service01/failover/fallback` | `foobar` |
| `traefik/http/services/Service01/failover/healthCheck` | `` |
| `traefik/http/services/Service01/failover/service` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects` | `true` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/hostname` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/interval` | `42s` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/method` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/mode` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/path` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/port` | `42` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/scheme` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/status` | `42` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/timeout` | `42s` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval` | `42s` |
| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` |
| `traefik/http/services/Service02/loadBalancer/servers/0/preservePath` | `true` |
| `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/servers/0/weight` | `42` |
| `traefik/http/services/Service02/loadBalancer/servers/1/preservePath` | `true` |
| `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/servers/1/weight` | `42` |
| `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/domain` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge` | `42` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/name` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/path` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite` | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/secure` | `true` |
| `traefik/http/services/Service02/loadBalancer/strategy` | `foobar` |
| `traefik/http/services/Service03/mirroring/healthCheck` | `` |
| `traefik/http/services/Service03/mirroring/maxBodySize` | `42` |
| `traefik/http/services/Service03/mirroring/mirrorBody` | `true` |
| `traefik/http/services/Service03/mirroring/mirrors/0/name` | `foobar` |
| `traefik/http/services/Service03/mirroring/mirrors/0/percent` | `42` |
| `traefik/http/services/Service03/mirroring/mirrors/1/name` | `foobar` |
| `traefik/http/services/Service03/mirroring/mirrors/1/percent` | `42` |
| `traefik/http/services/Service03/mirroring/service` | `foobar` |
| `traefik/http/services/Service04/weighted/healthCheck` | `` |
| `traefik/http/services/Service04/weighted/services/0/name` | `foobar` |
| `traefik/http/services/Service04/weighted/services/0/weight` | `42` |
| `traefik/http/services/Service04/weighted/services/1/name` | `foobar` |
| `traefik/http/services/Service04/weighted/services/1/weight` | `42` |
| `traefik/http/services/Service04/weighted/sticky/cookie/domain` | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/httpOnly` | `true` |
| `traefik/http/services/Service04/weighted/sticky/cookie/maxAge` | `42` |
| `traefik/http/services/Service04/weighted/sticky/cookie/name` | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/path` | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/sameSite` | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/secure` | `true` |
| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1` | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount` | `42` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/middlewares/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/priority` | `42` |
| `traefik/tcp/routers/TCPRouter0/rule` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/ruleSyntax` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/service` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/1/main` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/options` | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/passthrough` | `true` |
| `traefik/tcp/routers/TCPRouter1/entryPoints/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/entryPoints/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/middlewares/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/priority` | `42` |
| `traefik/tcp/routers/TCPRouter1/rule` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/ruleSyntax` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/service` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/1/main` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/0` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/1` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/options` | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/passthrough` | `true` |
| `traefik/tcp/serversTransports/TCPServersTransport0/dialKeepAlive` | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport0/dialTimeout` | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport0/terminationDelay` | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/certFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/keyFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/certFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/keyFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/insecureSkipVerify` | `true` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/peerCertURI` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/0` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/1` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/serverName` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/0` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/1` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/trustDomain` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/dialKeepAlive` | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport1/dialTimeout` | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport1/terminationDelay` | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/certFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/keyFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/certFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/keyFile` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/insecureSkipVerify` | `true` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/peerCertURI` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/0` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/1` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/serverName` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/0` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/1` | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/trustDomain` | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/proxyProtocol/version` | `42` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/0/address` | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/0/tls` | `true` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/address` | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls` | `true` |
| `traefik/tcp/services/TCPService01/loadBalancer/serversTransport` | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/terminationDelay` | `42` |
| `traefik/tcp/services/TCPService02/weighted/services/0/name` | `foobar` |
| `traefik/tcp/services/TCPService02/weighted/services/0/weight` | `42` |
| `traefik/tcp/services/TCPService02/weighted/services/1/name` | `foobar` |
| `traefik/tcp/services/TCPService02/weighted/services/1/weight` | `42` |
| `traefik/tls/certificates/0/certFile` | `foobar` |
| `traefik/tls/certificates/0/keyFile` | `foobar` |
| `traefik/tls/certificates/0/stores/0` | `foobar` |
| `traefik/tls/certificates/0/stores/1` | `foobar` |
| `traefik/tls/certificates/1/certFile` | `foobar` |
| `traefik/tls/certificates/1/keyFile` | `foobar` |
| `traefik/tls/certificates/1/stores/0` | `foobar` |
| `traefik/tls/certificates/1/stores/1` | `foobar` |
| `traefik/tls/options/Options0/alpnProtocols/0` | `foobar` |
| `traefik/tls/options/Options0/alpnProtocols/1` | `foobar` |
| `traefik/tls/options/Options0/cipherSuites/0` | `foobar` |
| `traefik/tls/options/Options0/cipherSuites/1` | `foobar` |
| `traefik/tls/options/Options0/clientAuth/caFiles/0` | `foobar` |
| `traefik/tls/options/Options0/clientAuth/caFiles/1` | `foobar` |
| `traefik/tls/options/Options0/clientAuth/clientAuthType` | `foobar` |
| `traefik/tls/options/Options0/curvePreferences/0` | `foobar` |
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options0/disableSessionTickets` | `true` |
| `traefik/tls/options/Options0/maxVersion` | `foobar` |
| `traefik/tls/options/Options0/minVersion` | `foobar` |
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options0/sniStrict` | `true` |
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
| `traefik/tls/options/Options1/cipherSuites/0` | `foobar` |
| `traefik/tls/options/Options1/cipherSuites/1` | `foobar` |
| `traefik/tls/options/Options1/clientAuth/caFiles/0` | `foobar` |
| `traefik/tls/options/Options1/clientAuth/caFiles/1` | `foobar` |
| `traefik/tls/options/Options1/clientAuth/clientAuthType` | `foobar` |
| `traefik/tls/options/Options1/curvePreferences/0` | `foobar` |
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
| `traefik/tls/options/Options1/disableSessionTickets` | `true` |
| `traefik/tls/options/Options1/maxVersion` | `foobar` |
| `traefik/tls/options/Options1/minVersion` | `foobar` |
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
| `traefik/tls/options/Options1/sniStrict` | `true` |
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/main` | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0` | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1` | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/resolver` | `foobar` |
| `traefik/tls/stores/Store1/defaultCertificate/certFile` | `foobar` |
| `traefik/tls/stores/Store1/defaultCertificate/keyFile` | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/main` | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/0` | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/1` | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/resolver` | `foobar` |
| `traefik/udp/routers/UDPRouter0/entryPoints/0` | `foobar` |
| `traefik/udp/routers/UDPRouter0/entryPoints/1` | `foobar` |
| `traefik/udp/routers/UDPRouter0/service` | `foobar` |
| `traefik/udp/routers/UDPRouter1/entryPoints/0` | `foobar` |
| `traefik/udp/routers/UDPRouter1/entryPoints/1` | `foobar` |
| `traefik/udp/routers/UDPRouter1/service` | `foobar` |
| `traefik/udp/services/UDPService01/loadBalancer/servers/0/address` | `foobar` |
| `traefik/udp/services/UDPService01/loadBalancer/servers/1/address` | `foobar` |
| `traefik/udp/services/UDPService02/weighted/services/0/name` | `foobar` |
| `traefik/udp/services/UDPService02/weighted/services/0/weight` | `42` |
| `traefik/udp/services/UDPService02/weighted/services/1/name` | `foobar` |
| `traefik/udp/services/UDPService02/weighted/services/1/weight` | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware01addPrefixprefix" href="#opt-traefikhttpmiddlewaresMiddleware01addPrefixprefix" title="#opt-traefikhttpmiddlewaresMiddleware01addPrefixprefix">`traefik/http/middlewares/Middleware01/addPrefix/prefix`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthheaderField" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthheaderField" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthheaderField">`traefik/http/middlewares/Middleware02/basicAuth/headerField`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthrealm" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthrealm" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthrealm">`traefik/http/middlewares/Middleware02/basicAuth/realm`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader">`traefik/http/middlewares/Middleware02/basicAuth/removeHeader`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthusers0" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers0" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers0">`traefik/http/middlewares/Middleware02/basicAuth/users/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthusers1" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers1" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers1">`traefik/http/middlewares/Middleware02/basicAuth/users/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthusersFile" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusersFile" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusersFile">`traefik/http/middlewares/Middleware02/basicAuth/usersFile`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes">`traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes">`traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes">`traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes">`traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingretryExpression" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingretryExpression" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingretryExpression">`traefik/http/middlewares/Middleware03/buffering/retryExpression`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares0" href="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares0" title="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares0">`traefik/http/middlewares/Middleware04/chain/middlewares/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares1" href="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares1" title="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares1">`traefik/http/middlewares/Middleware04/chain/middlewares/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod">`traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerexpression" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerexpression" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerexpression">`traefik/http/middlewares/Middleware05/circuitBreaker/expression`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration">`traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration">`traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode">`traefik/http/middlewares/Middleware05/circuitBreaker/responseCode`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressdefaultEncoding" href="#opt-traefikhttpmiddlewaresMiddleware06compressdefaultEncoding" title="#opt-traefikhttpmiddlewaresMiddleware06compressdefaultEncoding">`traefik/http/middlewares/Middleware06/compress/defaultEncoding`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressencodings0" href="#opt-traefikhttpmiddlewaresMiddleware06compressencodings0" title="#opt-traefikhttpmiddlewaresMiddleware06compressencodings0">`traefik/http/middlewares/Middleware06/compress/encodings/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressencodings1" href="#opt-traefikhttpmiddlewaresMiddleware06compressencodings1" title="#opt-traefikhttpmiddlewaresMiddleware06compressencodings1">`traefik/http/middlewares/Middleware06/compress/encodings/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0" href="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0" title="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0">`traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1" href="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1" title="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1">`traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0" href="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0" title="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0">`traefik/http/middlewares/Middleware06/compress/includedContentTypes/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1" href="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1" title="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1">`traefik/http/middlewares/Middleware06/compress/includedContentTypes/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes">`traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware07contentTypeautoDetect" href="#opt-traefikhttpmiddlewaresMiddleware07contentTypeautoDetect" title="#opt-traefikhttpmiddlewaresMiddleware07contentTypeautoDetect">`traefik/http/middlewares/Middleware07/contentType/autoDetect`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthheaderField" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthheaderField" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthheaderField">`traefik/http/middlewares/Middleware08/digestAuth/headerField`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthrealm" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthrealm" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthrealm">`traefik/http/middlewares/Middleware08/digestAuth/realm`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader">`traefik/http/middlewares/Middleware08/digestAuth/removeHeader`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthusers0" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers0" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers0">`traefik/http/middlewares/Middleware08/digestAuth/users/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthusers1" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers1" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers1">`traefik/http/middlewares/Middleware08/digestAuth/users/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthusersFile" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusersFile" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusersFile">`traefik/http/middlewares/Middleware08/digestAuth/usersFile`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsquery" href="#opt-traefikhttpmiddlewaresMiddleware09errorsquery" title="#opt-traefikhttpmiddlewaresMiddleware09errorsquery">`traefik/http/middlewares/Middleware09/errors/query`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsservice" href="#opt-traefikhttpmiddlewaresMiddleware09errorsservice" title="#opt-traefikhttpmiddlewaresMiddleware09errorsservice">`traefik/http/middlewares/Middleware09/errors/service`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatus0" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus0" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus0">`traefik/http/middlewares/Middleware09/errors/status/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatus1" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus1" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus1">`traefik/http/middlewares/Middleware09/errors/status/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0">`traefik/http/middlewares/Middleware09/errors/statusRewrites/name0`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1">`traefik/http/middlewares/Middleware09/errors/statusRewrites/name1`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0">`traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1">`traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddress" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddress" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddress">`traefik/http/middlewares/Middleware10/forwardAuth/address`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0">`traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1">`traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody">`traefik/http/middlewares/Middleware10/forwardAuth/forwardBody`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthheaderField" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthheaderField" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthheaderField">`traefik/http/middlewares/Middleware10/forwardAuth/headerField`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize">`traefik/http/middlewares/Middleware10/forwardAuth/maxBodySize`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader">`traefik/http/middlewares/Middleware10/forwardAuth/preserveLocationHeader`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod">`traefik/http/middlewares/Middleware10/forwardAuth/preserveRequestMethod`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsca" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsca" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsca">`traefik/http/middlewares/Middleware10/forwardAuth/tls/ca`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional">`traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscert" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscert" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscert">`traefik/http/middlewares/Middleware10/forwardAuth/tls/cert`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify">`traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlskey" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlskey" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlskey">`traefik/http/middlewares/Middleware10/forwardAuth/tls/key`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader">`traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0" href="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0" title="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0">`traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1" href="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1" title="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1">`traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials">`traefik/http/middlewares/Middleware12/headers/accessControlAllowCredentials`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0">`traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1">`traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge">`traefik/http/middlewares/Middleware12/headers/accessControlMaxAge`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaddVaryHeader" href="#opt-traefikhttpmiddlewaresMiddleware12headersaddVaryHeader" title="#opt-traefikhttpmiddlewaresMiddleware12headersaddVaryHeader">`traefik/http/middlewares/Middleware12/headers/addVaryHeader`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts0" href="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts0" title="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts0">`traefik/http/middlewares/Middleware12/headers/allowedHosts/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts1" href="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts1" title="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts1">`traefik/http/middlewares/Middleware12/headers/allowedHosts/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter" href="#opt-traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter" title="#opt-traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter">`traefik/http/middlewares/Middleware12/headers/browserXssFilter`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy">`traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly" href="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly" title="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly">`traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff" href="#opt-traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff" title="#opt-traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff">`traefik/http/middlewares/Middleware12/headers/contentTypeNosniff`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue">`traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue">`traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0">`traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1">`traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0">`traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1">`traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersfeaturePolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headersfeaturePolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headersfeaturePolicy">`traefik/http/middlewares/Middleware12/headers/featurePolicy`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersforceSTSHeader" href="#opt-traefikhttpmiddlewaresMiddleware12headersforceSTSHeader" title="#opt-traefikhttpmiddlewaresMiddleware12headersforceSTSHeader">`traefik/http/middlewares/Middleware12/headers/forceSTSHeader`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersframeDeny" href="#opt-traefikhttpmiddlewaresMiddleware12headersframeDeny" title="#opt-traefikhttpmiddlewaresMiddleware12headersframeDeny">`traefik/http/middlewares/Middleware12/headers/frameDeny`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0">`traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1">`traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersisDevelopment" href="#opt-traefikhttpmiddlewaresMiddleware12headersisDevelopment" title="#opt-traefikhttpmiddlewaresMiddleware12headersisDevelopment">`traefik/http/middlewares/Middleware12/headers/isDevelopment`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy">`traefik/http/middlewares/Middleware12/headers/permissionsPolicy`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerspublicKey" href="#opt-traefikhttpmiddlewaresMiddleware12headerspublicKey" title="#opt-traefikhttpmiddlewaresMiddleware12headerspublicKey">`traefik/http/middlewares/Middleware12/headers/publicKey`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersreferrerPolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headersreferrerPolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headersreferrerPolicy">`traefik/http/middlewares/Middleware12/headers/referrerPolicy`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslForceHost" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslForceHost" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslForceHost">`traefik/http/middlewares/Middleware12/headers/sslForceHost`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslHost" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslHost" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslHost">`traefik/http/middlewares/Middleware12/headers/sslHost`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0">`traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1">`traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslRedirect" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslRedirect" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslRedirect">`traefik/http/middlewares/Middleware12/headers/sslRedirect`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect">`traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains" href="#opt-traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains" title="#opt-traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains">`traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersstsPreload" href="#opt-traefikhttpmiddlewaresMiddleware12headersstsPreload" title="#opt-traefikhttpmiddlewaresMiddleware12headersstsPreload">`traefik/http/middlewares/Middleware12/headers/stsPreload`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware12headersstsSeconds" href="#opt-traefikhttpmiddlewaresMiddleware12headersstsSeconds" title="#opt-traefikhttpmiddlewaresMiddleware12headersstsSeconds">`traefik/http/middlewares/Middleware12/headers/stsSeconds`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/depth`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/ipv6Subnet`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode">`traefik/http/middlewares/Middleware13/ipAllowList/rejectStatusCode`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0">`traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1">`traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/depth`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/ipv6Subnet`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0">`traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1">`traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqamount" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqamount" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqamount">`traefik/http/middlewares/Middleware15/inFlightReq/amount`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/depth`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/ipv6Subnet`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHeaderName`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHost`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/commonName`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/country`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/domainComponent`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/locality`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/organization`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/province`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/serialNumber`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/notAfter`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/notBefore`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/sans`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/serialNumber`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/commonName`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/country`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/domainComponent`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/locality`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organization`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organizationalUnit`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/province`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/serialNumber`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertpem" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertpem" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertpem">`traefik/http/middlewares/Middleware16/passTLSClientCert/pem`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0">`traefik/http/middlewares/Middleware17/plugin/PluginConf0/name0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1">`traefik/http/middlewares/Middleware17/plugin/PluginConf0/name1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0">`traefik/http/middlewares/Middleware17/plugin/PluginConf1/name0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1">`traefik/http/middlewares/Middleware17/plugin/PluginConf1/name1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitaverage" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitaverage" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitaverage">`traefik/http/middlewares/Middleware18/rateLimit/average`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitburst" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitburst" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitburst">`traefik/http/middlewares/Middleware18/rateLimit/burst`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitperiod" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitperiod" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitperiod">`traefik/http/middlewares/Middleware18/rateLimit/period`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdb" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdb" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdb">`traefik/http/middlewares/Middleware18/rateLimit/redis/db`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/dialTimeout`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0">`traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1">`traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns">`traefik/http/middlewares/Middleware18/rateLimit/redis/maxActiveConns`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns">`traefik/http/middlewares/Middleware18/rateLimit/redis/minIdleConns`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredispassword" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispassword" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispassword">`traefik/http/middlewares/Middleware18/rateLimit/redis/password`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize">`traefik/http/middlewares/Middleware18/rateLimit/redis/poolSize`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/readTimeout`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsca" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsca" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsca">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/ca`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlscert" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlscert" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlscert">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/cert`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/insecureSkipVerify`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlskey" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlskey" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlskey">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/key`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisusername" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisusername" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisusername">`traefik/http/middlewares/Middleware18/rateLimit/redis/username`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/writeTimeout`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/depth`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/ipv6Subnet`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHeaderName`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHost`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware19redirectRegexpermanent" href="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexpermanent" title="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexpermanent">`traefik/http/middlewares/Middleware19/redirectRegex/permanent`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware19redirectRegexregex" href="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexregex" title="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexregex">`traefik/http/middlewares/Middleware19/redirectRegex/regex`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware19redirectRegexreplacement" href="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexreplacement" title="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexreplacement">`traefik/http/middlewares/Middleware19/redirectRegex/replacement`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware20redirectSchemepermanent" href="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemepermanent" title="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemepermanent">`traefik/http/middlewares/Middleware20/redirectScheme/permanent`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware20redirectSchemeport" href="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemeport" title="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemeport">`traefik/http/middlewares/Middleware20/redirectScheme/port`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware20redirectSchemescheme" href="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemescheme" title="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemescheme">`traefik/http/middlewares/Middleware20/redirectScheme/scheme`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware21replacePathpath" href="#opt-traefikhttpmiddlewaresMiddleware21replacePathpath" title="#opt-traefikhttpmiddlewaresMiddleware21replacePathpath">`traefik/http/middlewares/Middleware21/replacePath/path`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware22replacePathRegexregex" href="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexregex" title="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexregex">`traefik/http/middlewares/Middleware22/replacePathRegex/regex`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement" href="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement" title="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement">`traefik/http/middlewares/Middleware22/replacePathRegex/replacement`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware23retryattempts" href="#opt-traefikhttpmiddlewaresMiddleware23retryattempts" title="#opt-traefikhttpmiddlewaresMiddleware23retryattempts">`traefik/http/middlewares/Middleware23/retry/attempts`</a> | `42` |
| <a id="opt-traefikhttpmiddlewaresMiddleware23retryinitialInterval" href="#opt-traefikhttpmiddlewaresMiddleware23retryinitialInterval" title="#opt-traefikhttpmiddlewaresMiddleware23retryinitialInterval">`traefik/http/middlewares/Middleware23/retry/initialInterval`</a> | `42s` |
| <a id="opt-traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash" href="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash" title="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash">`traefik/http/middlewares/Middleware24/stripPrefix/forceSlash`</a> | `true` |
| <a id="opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0" href="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0" title="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0">`traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1" href="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1" title="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1">`traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0" href="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0" title="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0">`traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0`</a> | `foobar` |
| <a id="opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1" href="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1" title="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1">`traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0entryPoints0" href="#opt-traefikhttproutersRouter0entryPoints0" title="#opt-traefikhttproutersRouter0entryPoints0">`traefik/http/routers/Router0/entryPoints/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0entryPoints1" href="#opt-traefikhttproutersRouter0entryPoints1" title="#opt-traefikhttproutersRouter0entryPoints1">`traefik/http/routers/Router0/entryPoints/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0middlewares0" href="#opt-traefikhttproutersRouter0middlewares0" title="#opt-traefikhttproutersRouter0middlewares0">`traefik/http/routers/Router0/middlewares/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0middlewares1" href="#opt-traefikhttproutersRouter0middlewares1" title="#opt-traefikhttproutersRouter0middlewares1">`traefik/http/routers/Router0/middlewares/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0observabilityaccessLogs" href="#opt-traefikhttproutersRouter0observabilityaccessLogs" title="#opt-traefikhttproutersRouter0observabilityaccessLogs">`traefik/http/routers/Router0/observability/accessLogs`</a> | `true` |
| <a id="opt-traefikhttproutersRouter0observabilitymetrics" href="#opt-traefikhttproutersRouter0observabilitymetrics" title="#opt-traefikhttproutersRouter0observabilitymetrics">`traefik/http/routers/Router0/observability/metrics`</a> | `true` |
| <a id="opt-traefikhttproutersRouter0observabilitytraceVerbosity" href="#opt-traefikhttproutersRouter0observabilitytraceVerbosity" title="#opt-traefikhttproutersRouter0observabilitytraceVerbosity">`traefik/http/routers/Router0/observability/traceVerbosity`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0observabilitytracing" href="#opt-traefikhttproutersRouter0observabilitytracing" title="#opt-traefikhttproutersRouter0observabilitytracing">`traefik/http/routers/Router0/observability/tracing`</a> | `true` |
| <a id="opt-traefikhttproutersRouter0priority" href="#opt-traefikhttproutersRouter0priority" title="#opt-traefikhttproutersRouter0priority">`traefik/http/routers/Router0/priority`</a> | `42` |
| <a id="opt-traefikhttproutersRouter0rule" href="#opt-traefikhttproutersRouter0rule" title="#opt-traefikhttproutersRouter0rule">`traefik/http/routers/Router0/rule`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0ruleSyntax" href="#opt-traefikhttproutersRouter0ruleSyntax" title="#opt-traefikhttproutersRouter0ruleSyntax">`traefik/http/routers/Router0/ruleSyntax`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0service" href="#opt-traefikhttproutersRouter0service" title="#opt-traefikhttproutersRouter0service">`traefik/http/routers/Router0/service`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlscertResolver" href="#opt-traefikhttproutersRouter0tlscertResolver" title="#opt-traefikhttproutersRouter0tlscertResolver">`traefik/http/routers/Router0/tls/certResolver`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlsdomains0main" href="#opt-traefikhttproutersRouter0tlsdomains0main" title="#opt-traefikhttproutersRouter0tlsdomains0main">`traefik/http/routers/Router0/tls/domains/0/main`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlsdomains0sans0" href="#opt-traefikhttproutersRouter0tlsdomains0sans0" title="#opt-traefikhttproutersRouter0tlsdomains0sans0">`traefik/http/routers/Router0/tls/domains/0/sans/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlsdomains0sans1" href="#opt-traefikhttproutersRouter0tlsdomains0sans1" title="#opt-traefikhttproutersRouter0tlsdomains0sans1">`traefik/http/routers/Router0/tls/domains/0/sans/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlsdomains1main" href="#opt-traefikhttproutersRouter0tlsdomains1main" title="#opt-traefikhttproutersRouter0tlsdomains1main">`traefik/http/routers/Router0/tls/domains/1/main`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlsdomains1sans0" href="#opt-traefikhttproutersRouter0tlsdomains1sans0" title="#opt-traefikhttproutersRouter0tlsdomains1sans0">`traefik/http/routers/Router0/tls/domains/1/sans/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlsdomains1sans1" href="#opt-traefikhttproutersRouter0tlsdomains1sans1" title="#opt-traefikhttproutersRouter0tlsdomains1sans1">`traefik/http/routers/Router0/tls/domains/1/sans/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter0tlsoptions" href="#opt-traefikhttproutersRouter0tlsoptions" title="#opt-traefikhttproutersRouter0tlsoptions">`traefik/http/routers/Router0/tls/options`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1entryPoints0" href="#opt-traefikhttproutersRouter1entryPoints0" title="#opt-traefikhttproutersRouter1entryPoints0">`traefik/http/routers/Router1/entryPoints/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1entryPoints1" href="#opt-traefikhttproutersRouter1entryPoints1" title="#opt-traefikhttproutersRouter1entryPoints1">`traefik/http/routers/Router1/entryPoints/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1middlewares0" href="#opt-traefikhttproutersRouter1middlewares0" title="#opt-traefikhttproutersRouter1middlewares0">`traefik/http/routers/Router1/middlewares/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1middlewares1" href="#opt-traefikhttproutersRouter1middlewares1" title="#opt-traefikhttproutersRouter1middlewares1">`traefik/http/routers/Router1/middlewares/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1observabilityaccessLogs" href="#opt-traefikhttproutersRouter1observabilityaccessLogs" title="#opt-traefikhttproutersRouter1observabilityaccessLogs">`traefik/http/routers/Router1/observability/accessLogs`</a> | `true` |
| <a id="opt-traefikhttproutersRouter1observabilitymetrics" href="#opt-traefikhttproutersRouter1observabilitymetrics" title="#opt-traefikhttproutersRouter1observabilitymetrics">`traefik/http/routers/Router1/observability/metrics`</a> | `true` |
| <a id="opt-traefikhttproutersRouter1observabilitytraceVerbosity" href="#opt-traefikhttproutersRouter1observabilitytraceVerbosity" title="#opt-traefikhttproutersRouter1observabilitytraceVerbosity">`traefik/http/routers/Router1/observability/traceVerbosity`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1observabilitytracing" href="#opt-traefikhttproutersRouter1observabilitytracing" title="#opt-traefikhttproutersRouter1observabilitytracing">`traefik/http/routers/Router1/observability/tracing`</a> | `true` |
| <a id="opt-traefikhttproutersRouter1priority" href="#opt-traefikhttproutersRouter1priority" title="#opt-traefikhttproutersRouter1priority">`traefik/http/routers/Router1/priority`</a> | `42` |
| <a id="opt-traefikhttproutersRouter1rule" href="#opt-traefikhttproutersRouter1rule" title="#opt-traefikhttproutersRouter1rule">`traefik/http/routers/Router1/rule`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1ruleSyntax" href="#opt-traefikhttproutersRouter1ruleSyntax" title="#opt-traefikhttproutersRouter1ruleSyntax">`traefik/http/routers/Router1/ruleSyntax`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1service" href="#opt-traefikhttproutersRouter1service" title="#opt-traefikhttproutersRouter1service">`traefik/http/routers/Router1/service`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlscertResolver" href="#opt-traefikhttproutersRouter1tlscertResolver" title="#opt-traefikhttproutersRouter1tlscertResolver">`traefik/http/routers/Router1/tls/certResolver`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlsdomains0main" href="#opt-traefikhttproutersRouter1tlsdomains0main" title="#opt-traefikhttproutersRouter1tlsdomains0main">`traefik/http/routers/Router1/tls/domains/0/main`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlsdomains0sans0" href="#opt-traefikhttproutersRouter1tlsdomains0sans0" title="#opt-traefikhttproutersRouter1tlsdomains0sans0">`traefik/http/routers/Router1/tls/domains/0/sans/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlsdomains0sans1" href="#opt-traefikhttproutersRouter1tlsdomains0sans1" title="#opt-traefikhttproutersRouter1tlsdomains0sans1">`traefik/http/routers/Router1/tls/domains/0/sans/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlsdomains1main" href="#opt-traefikhttproutersRouter1tlsdomains1main" title="#opt-traefikhttproutersRouter1tlsdomains1main">`traefik/http/routers/Router1/tls/domains/1/main`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlsdomains1sans0" href="#opt-traefikhttproutersRouter1tlsdomains1sans0" title="#opt-traefikhttproutersRouter1tlsdomains1sans0">`traefik/http/routers/Router1/tls/domains/1/sans/0`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlsdomains1sans1" href="#opt-traefikhttproutersRouter1tlsdomains1sans1" title="#opt-traefikhttproutersRouter1tlsdomains1sans1">`traefik/http/routers/Router1/tls/domains/1/sans/1`</a> | `foobar` |
| <a id="opt-traefikhttproutersRouter1tlsoptions" href="#opt-traefikhttproutersRouter1tlsoptions" title="#opt-traefikhttproutersRouter1tlsoptions">`traefik/http/routers/Router1/tls/options`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0certificates0certFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates0certFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates0certFile">`traefik/http/serversTransports/ServersTransport0/certificates/0/certFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0certificates0keyFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates0keyFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates0keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/0/keyFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0certificates1certFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates1certFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates1certFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/certFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0certificates1keyFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates1keyFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates1keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/keyFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0disableHTTP2" href="#opt-traefikhttpserversTransportsServersTransport0disableHTTP2" title="#opt-traefikhttpserversTransportsServersTransport0disableHTTP2">`traefik/http/serversTransports/ServersTransport0/disableHTTP2`</a> | `true` |
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/pingTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/readIdleTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify" href="#opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify" title="#opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify">`traefik/http/serversTransports/ServersTransport0/insecureSkipVerify`</a> | `true` |
| <a id="opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" href="#opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" title="#opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost`</a> | `42` |
| <a id="opt-traefikhttpserversTransportsServersTransport0peerCertURI" href="#opt-traefikhttpserversTransportsServersTransport0peerCertURI" title="#opt-traefikhttpserversTransportsServersTransport0peerCertURI">`traefik/http/serversTransports/ServersTransport0/peerCertURI`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0rootCAs0" href="#opt-traefikhttpserversTransportsServersTransport0rootCAs0" title="#opt-traefikhttpserversTransportsServersTransport0rootCAs0">`traefik/http/serversTransports/ServersTransport0/rootCAs/0`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0rootCAs1" href="#opt-traefikhttpserversTransportsServersTransport0rootCAs1" title="#opt-traefikhttpserversTransportsServersTransport0rootCAs1">`traefik/http/serversTransports/ServersTransport0/rootCAs/1`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0serverName" href="#opt-traefikhttpserversTransportsServersTransport0serverName" title="#opt-traefikhttpserversTransportsServersTransport0serverName">`traefik/http/serversTransports/ServersTransport0/serverName`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0spiffeids0" href="#opt-traefikhttpserversTransportsServersTransport0spiffeids0" title="#opt-traefikhttpserversTransportsServersTransport0spiffeids0">`traefik/http/serversTransports/ServersTransport0/spiffe/ids/0`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0spiffeids1" href="#opt-traefikhttpserversTransportsServersTransport0spiffeids1" title="#opt-traefikhttpserversTransportsServersTransport0spiffeids1">`traefik/http/serversTransports/ServersTransport0/spiffe/ids/1`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport0spiffetrustDomain" href="#opt-traefikhttpserversTransportsServersTransport0spiffetrustDomain" title="#opt-traefikhttpserversTransportsServersTransport0spiffetrustDomain">`traefik/http/serversTransports/ServersTransport0/spiffe/trustDomain`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1certificates0certFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates0certFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates0certFile">`traefik/http/serversTransports/ServersTransport1/certificates/0/certFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1certificates0keyFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates0keyFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates0keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1certificates1certFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates1certFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates1certFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/certFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1certificates1keyFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates1keyFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates1keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/keyFile`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1disableHTTP2" href="#opt-traefikhttpserversTransportsServersTransport1disableHTTP2" title="#opt-traefikhttpserversTransportsServersTransport1disableHTTP2">`traefik/http/serversTransports/ServersTransport1/disableHTTP2`</a> | `true` |
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/pingTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/readIdleTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
| <a id="opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify" href="#opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify" title="#opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify">`traefik/http/serversTransports/ServersTransport1/insecureSkipVerify`</a> | `true` |
| <a id="opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" href="#opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" title="#opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost`</a> | `42` |
| <a id="opt-traefikhttpserversTransportsServersTransport1peerCertURI" href="#opt-traefikhttpserversTransportsServersTransport1peerCertURI" title="#opt-traefikhttpserversTransportsServersTransport1peerCertURI">`traefik/http/serversTransports/ServersTransport1/peerCertURI`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1rootCAs0" href="#opt-traefikhttpserversTransportsServersTransport1rootCAs0" title="#opt-traefikhttpserversTransportsServersTransport1rootCAs0">`traefik/http/serversTransports/ServersTransport1/rootCAs/0`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1rootCAs1" href="#opt-traefikhttpserversTransportsServersTransport1rootCAs1" title="#opt-traefikhttpserversTransportsServersTransport1rootCAs1">`traefik/http/serversTransports/ServersTransport1/rootCAs/1`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1serverName" href="#opt-traefikhttpserversTransportsServersTransport1serverName" title="#opt-traefikhttpserversTransportsServersTransport1serverName">`traefik/http/serversTransports/ServersTransport1/serverName`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1spiffeids0" href="#opt-traefikhttpserversTransportsServersTransport1spiffeids0" title="#opt-traefikhttpserversTransportsServersTransport1spiffeids0">`traefik/http/serversTransports/ServersTransport1/spiffe/ids/0`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1spiffeids1" href="#opt-traefikhttpserversTransportsServersTransport1spiffeids1" title="#opt-traefikhttpserversTransportsServersTransport1spiffeids1">`traefik/http/serversTransports/ServersTransport1/spiffe/ids/1`</a> | `foobar` |
| <a id="opt-traefikhttpserversTransportsServersTransport1spiffetrustDomain" href="#opt-traefikhttpserversTransportsServersTransport1spiffetrustDomain" title="#opt-traefikhttpserversTransportsServersTransport1spiffetrustDomain">`traefik/http/serversTransports/ServersTransport1/spiffe/trustDomain`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService01failoverfallback" href="#opt-traefikhttpservicesService01failoverfallback" title="#opt-traefikhttpservicesService01failoverfallback">`traefik/http/services/Service01/failover/fallback`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService01failoverhealthCheck" href="#opt-traefikhttpservicesService01failoverhealthCheck" title="#opt-traefikhttpservicesService01failoverhealthCheck">`traefik/http/services/Service01/failover/healthCheck`</a> | `` |
| <a id="opt-traefikhttpservicesService01failoverservice" href="#opt-traefikhttpservicesService01failoverservice" title="#opt-traefikhttpservicesService01failoverservice">`traefik/http/services/Service01/failover/service`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects">`traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects`</a> | `true` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname0" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname0" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname0">`traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname1" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname1" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname1">`traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckhostname" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckhostname" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckhostname">`traefik/http/services/Service02/loadBalancer/healthCheck/hostname`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckinterval" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckinterval" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckinterval">`traefik/http/services/Service02/loadBalancer/healthCheck/interval`</a> | `42s` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckmethod" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckmethod" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckmethod">`traefik/http/services/Service02/loadBalancer/healthCheck/method`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckmode" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckmode" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckmode">`traefik/http/services/Service02/loadBalancer/healthCheck/mode`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckpath" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckpath" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckpath">`traefik/http/services/Service02/loadBalancer/healthCheck/path`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckport" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckport" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckport">`traefik/http/services/Service02/loadBalancer/healthCheck/port`</a> | `42` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckscheme" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckscheme" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckscheme">`traefik/http/services/Service02/loadBalancer/healthCheck/scheme`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckstatus" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckstatus" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckstatus">`traefik/http/services/Service02/loadBalancer/healthCheck/status`</a> | `42` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthChecktimeout" href="#opt-traefikhttpservicesService02loadBalancerhealthChecktimeout" title="#opt-traefikhttpservicesService02loadBalancerhealthChecktimeout">`traefik/http/services/Service02/loadBalancer/healthCheck/timeout`</a> | `42s` |
| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval">`traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval`</a> | `42s` |
| <a id="opt-traefikhttpservicesService02loadBalancerpassHostHeader" href="#opt-traefikhttpservicesService02loadBalancerpassHostHeader" title="#opt-traefikhttpservicesService02loadBalancerpassHostHeader">`traefik/http/services/Service02/loadBalancer/passHostHeader`</a> | `true` |
| <a id="opt-traefikhttpservicesService02loadBalancerresponseForwardingflushInterval" href="#opt-traefikhttpservicesService02loadBalancerresponseForwardingflushInterval" title="#opt-traefikhttpservicesService02loadBalancerresponseForwardingflushInterval">`traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval`</a> | `42s` |
| <a id="opt-traefikhttpservicesService02loadBalancerservers0preservePath" href="#opt-traefikhttpservicesService02loadBalancerservers0preservePath" title="#opt-traefikhttpservicesService02loadBalancerservers0preservePath">`traefik/http/services/Service02/loadBalancer/servers/0/preservePath`</a> | `true` |
| <a id="opt-traefikhttpservicesService02loadBalancerservers0url" href="#opt-traefikhttpservicesService02loadBalancerservers0url" title="#opt-traefikhttpservicesService02loadBalancerservers0url">`traefik/http/services/Service02/loadBalancer/servers/0/url`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerservers0weight" href="#opt-traefikhttpservicesService02loadBalancerservers0weight" title="#opt-traefikhttpservicesService02loadBalancerservers0weight">`traefik/http/services/Service02/loadBalancer/servers/0/weight`</a> | `42` |
| <a id="opt-traefikhttpservicesService02loadBalancerservers1preservePath" href="#opt-traefikhttpservicesService02loadBalancerservers1preservePath" title="#opt-traefikhttpservicesService02loadBalancerservers1preservePath">`traefik/http/services/Service02/loadBalancer/servers/1/preservePath`</a> | `true` |
| <a id="opt-traefikhttpservicesService02loadBalancerservers1url" href="#opt-traefikhttpservicesService02loadBalancerservers1url" title="#opt-traefikhttpservicesService02loadBalancerservers1url">`traefik/http/services/Service02/loadBalancer/servers/1/url`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerservers1weight" href="#opt-traefikhttpservicesService02loadBalancerservers1weight" title="#opt-traefikhttpservicesService02loadBalancerservers1weight">`traefik/http/services/Service02/loadBalancer/servers/1/weight`</a> | `42` |
| <a id="opt-traefikhttpservicesService02loadBalancerserversTransport" href="#opt-traefikhttpservicesService02loadBalancerserversTransport" title="#opt-traefikhttpservicesService02loadBalancerserversTransport">`traefik/http/services/Service02/loadBalancer/serversTransport`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiedomain" href="#opt-traefikhttpservicesService02loadBalancerstickycookiedomain" title="#opt-traefikhttpservicesService02loadBalancerstickycookiedomain">`traefik/http/services/Service02/loadBalancer/sticky/cookie/domain`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiehttpOnly" href="#opt-traefikhttpservicesService02loadBalancerstickycookiehttpOnly" title="#opt-traefikhttpservicesService02loadBalancerstickycookiehttpOnly">`traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly`</a> | `true` |
| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiemaxAge" href="#opt-traefikhttpservicesService02loadBalancerstickycookiemaxAge" title="#opt-traefikhttpservicesService02loadBalancerstickycookiemaxAge">`traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge`</a> | `42` |
| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiename" href="#opt-traefikhttpservicesService02loadBalancerstickycookiename" title="#opt-traefikhttpservicesService02loadBalancerstickycookiename">`traefik/http/services/Service02/loadBalancer/sticky/cookie/name`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiepath" href="#opt-traefikhttpservicesService02loadBalancerstickycookiepath" title="#opt-traefikhttpservicesService02loadBalancerstickycookiepath">`traefik/http/services/Service02/loadBalancer/sticky/cookie/path`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiesameSite" href="#opt-traefikhttpservicesService02loadBalancerstickycookiesameSite" title="#opt-traefikhttpservicesService02loadBalancerstickycookiesameSite">`traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiesecure" href="#opt-traefikhttpservicesService02loadBalancerstickycookiesecure" title="#opt-traefikhttpservicesService02loadBalancerstickycookiesecure">`traefik/http/services/Service02/loadBalancer/sticky/cookie/secure`</a> | `true` |
| <a id="opt-traefikhttpservicesService02loadBalancerstrategy" href="#opt-traefikhttpservicesService02loadBalancerstrategy" title="#opt-traefikhttpservicesService02loadBalancerstrategy">`traefik/http/services/Service02/loadBalancer/strategy`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService03mirroringhealthCheck" href="#opt-traefikhttpservicesService03mirroringhealthCheck" title="#opt-traefikhttpservicesService03mirroringhealthCheck">`traefik/http/services/Service03/mirroring/healthCheck`</a> | `` |
| <a id="opt-traefikhttpservicesService03mirroringmaxBodySize" href="#opt-traefikhttpservicesService03mirroringmaxBodySize" title="#opt-traefikhttpservicesService03mirroringmaxBodySize">`traefik/http/services/Service03/mirroring/maxBodySize`</a> | `42` |
| <a id="opt-traefikhttpservicesService03mirroringmirrorBody" href="#opt-traefikhttpservicesService03mirroringmirrorBody" title="#opt-traefikhttpservicesService03mirroringmirrorBody">`traefik/http/services/Service03/mirroring/mirrorBody`</a> | `true` |
| <a id="opt-traefikhttpservicesService03mirroringmirrors0name" href="#opt-traefikhttpservicesService03mirroringmirrors0name" title="#opt-traefikhttpservicesService03mirroringmirrors0name">`traefik/http/services/Service03/mirroring/mirrors/0/name`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService03mirroringmirrors0percent" href="#opt-traefikhttpservicesService03mirroringmirrors0percent" title="#opt-traefikhttpservicesService03mirroringmirrors0percent">`traefik/http/services/Service03/mirroring/mirrors/0/percent`</a> | `42` |
| <a id="opt-traefikhttpservicesService03mirroringmirrors1name" href="#opt-traefikhttpservicesService03mirroringmirrors1name" title="#opt-traefikhttpservicesService03mirroringmirrors1name">`traefik/http/services/Service03/mirroring/mirrors/1/name`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService03mirroringmirrors1percent" href="#opt-traefikhttpservicesService03mirroringmirrors1percent" title="#opt-traefikhttpservicesService03mirroringmirrors1percent">`traefik/http/services/Service03/mirroring/mirrors/1/percent`</a> | `42` |
| <a id="opt-traefikhttpservicesService03mirroringservice" href="#opt-traefikhttpservicesService03mirroringservice" title="#opt-traefikhttpservicesService03mirroringservice">`traefik/http/services/Service03/mirroring/service`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService04weightedhealthCheck" href="#opt-traefikhttpservicesService04weightedhealthCheck" title="#opt-traefikhttpservicesService04weightedhealthCheck">`traefik/http/services/Service04/weighted/healthCheck`</a> | `` |
| <a id="opt-traefikhttpservicesService04weightedservices0name" href="#opt-traefikhttpservicesService04weightedservices0name" title="#opt-traefikhttpservicesService04weightedservices0name">`traefik/http/services/Service04/weighted/services/0/name`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService04weightedservices0weight" href="#opt-traefikhttpservicesService04weightedservices0weight" title="#opt-traefikhttpservicesService04weightedservices0weight">`traefik/http/services/Service04/weighted/services/0/weight`</a> | `42` |
| <a id="opt-traefikhttpservicesService04weightedservices1name" href="#opt-traefikhttpservicesService04weightedservices1name" title="#opt-traefikhttpservicesService04weightedservices1name">`traefik/http/services/Service04/weighted/services/1/name`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService04weightedservices1weight" href="#opt-traefikhttpservicesService04weightedservices1weight" title="#opt-traefikhttpservicesService04weightedservices1weight">`traefik/http/services/Service04/weighted/services/1/weight`</a> | `42` |
| <a id="opt-traefikhttpservicesService04weightedstickycookiedomain" href="#opt-traefikhttpservicesService04weightedstickycookiedomain" title="#opt-traefikhttpservicesService04weightedstickycookiedomain">`traefik/http/services/Service04/weighted/sticky/cookie/domain`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService04weightedstickycookiehttpOnly" href="#opt-traefikhttpservicesService04weightedstickycookiehttpOnly" title="#opt-traefikhttpservicesService04weightedstickycookiehttpOnly">`traefik/http/services/Service04/weighted/sticky/cookie/httpOnly`</a> | `true` |
| <a id="opt-traefikhttpservicesService04weightedstickycookiemaxAge" href="#opt-traefikhttpservicesService04weightedstickycookiemaxAge" title="#opt-traefikhttpservicesService04weightedstickycookiemaxAge">`traefik/http/services/Service04/weighted/sticky/cookie/maxAge`</a> | `42` |
| <a id="opt-traefikhttpservicesService04weightedstickycookiename" href="#opt-traefikhttpservicesService04weightedstickycookiename" title="#opt-traefikhttpservicesService04weightedstickycookiename">`traefik/http/services/Service04/weighted/sticky/cookie/name`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService04weightedstickycookiepath" href="#opt-traefikhttpservicesService04weightedstickycookiepath" title="#opt-traefikhttpservicesService04weightedstickycookiepath">`traefik/http/services/Service04/weighted/sticky/cookie/path`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService04weightedstickycookiesameSite" href="#opt-traefikhttpservicesService04weightedstickycookiesameSite" title="#opt-traefikhttpservicesService04weightedstickycookiesameSite">`traefik/http/services/Service04/weighted/sticky/cookie/sameSite`</a> | `foobar` |
| <a id="opt-traefikhttpservicesService04weightedstickycookiesecure" href="#opt-traefikhttpservicesService04weightedstickycookiesecure" title="#opt-traefikhttpservicesService04weightedstickycookiesecure">`traefik/http/services/Service04/weighted/sticky/cookie/secure`</a> | `true` |
| <a id="opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0" href="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0" title="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0">`traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0`</a> | `foobar` |
| <a id="opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1" href="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1" title="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1">`traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1`</a> | `foobar` |
| <a id="opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0" href="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0" title="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0">`traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0`</a> | `foobar` |
| <a id="opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1" href="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1" title="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1">`traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1`</a> | `foobar` |
| <a id="opt-traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount" href="#opt-traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount" title="#opt-traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount">`traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount`</a> | `42` |
| <a id="opt-traefiktcproutersTCPRouter0entryPoints0" href="#opt-traefiktcproutersTCPRouter0entryPoints0" title="#opt-traefiktcproutersTCPRouter0entryPoints0">`traefik/tcp/routers/TCPRouter0/entryPoints/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0entryPoints1" href="#opt-traefiktcproutersTCPRouter0entryPoints1" title="#opt-traefiktcproutersTCPRouter0entryPoints1">`traefik/tcp/routers/TCPRouter0/entryPoints/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0middlewares0" href="#opt-traefiktcproutersTCPRouter0middlewares0" title="#opt-traefiktcproutersTCPRouter0middlewares0">`traefik/tcp/routers/TCPRouter0/middlewares/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0middlewares1" href="#opt-traefiktcproutersTCPRouter0middlewares1" title="#opt-traefiktcproutersTCPRouter0middlewares1">`traefik/tcp/routers/TCPRouter0/middlewares/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0priority" href="#opt-traefiktcproutersTCPRouter0priority" title="#opt-traefiktcproutersTCPRouter0priority">`traefik/tcp/routers/TCPRouter0/priority`</a> | `42` |
| <a id="opt-traefiktcproutersTCPRouter0rule" href="#opt-traefiktcproutersTCPRouter0rule" title="#opt-traefiktcproutersTCPRouter0rule">`traefik/tcp/routers/TCPRouter0/rule`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0ruleSyntax" href="#opt-traefiktcproutersTCPRouter0ruleSyntax" title="#opt-traefiktcproutersTCPRouter0ruleSyntax">`traefik/tcp/routers/TCPRouter0/ruleSyntax`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0service" href="#opt-traefiktcproutersTCPRouter0service" title="#opt-traefiktcproutersTCPRouter0service">`traefik/tcp/routers/TCPRouter0/service`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlscertResolver" href="#opt-traefiktcproutersTCPRouter0tlscertResolver" title="#opt-traefiktcproutersTCPRouter0tlscertResolver">`traefik/tcp/routers/TCPRouter0/tls/certResolver`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlsdomains0main" href="#opt-traefiktcproutersTCPRouter0tlsdomains0main" title="#opt-traefiktcproutersTCPRouter0tlsdomains0main">`traefik/tcp/routers/TCPRouter0/tls/domains/0/main`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlsdomains0sans0" href="#opt-traefiktcproutersTCPRouter0tlsdomains0sans0" title="#opt-traefiktcproutersTCPRouter0tlsdomains0sans0">`traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlsdomains0sans1" href="#opt-traefiktcproutersTCPRouter0tlsdomains0sans1" title="#opt-traefiktcproutersTCPRouter0tlsdomains0sans1">`traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlsdomains1main" href="#opt-traefiktcproutersTCPRouter0tlsdomains1main" title="#opt-traefiktcproutersTCPRouter0tlsdomains1main">`traefik/tcp/routers/TCPRouter0/tls/domains/1/main`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlsdomains1sans0" href="#opt-traefiktcproutersTCPRouter0tlsdomains1sans0" title="#opt-traefiktcproutersTCPRouter0tlsdomains1sans0">`traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlsdomains1sans1" href="#opt-traefiktcproutersTCPRouter0tlsdomains1sans1" title="#opt-traefiktcproutersTCPRouter0tlsdomains1sans1">`traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlsoptions" href="#opt-traefiktcproutersTCPRouter0tlsoptions" title="#opt-traefiktcproutersTCPRouter0tlsoptions">`traefik/tcp/routers/TCPRouter0/tls/options`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter0tlspassthrough" href="#opt-traefiktcproutersTCPRouter0tlspassthrough" title="#opt-traefiktcproutersTCPRouter0tlspassthrough">`traefik/tcp/routers/TCPRouter0/tls/passthrough`</a> | `true` |
| <a id="opt-traefiktcproutersTCPRouter1entryPoints0" href="#opt-traefiktcproutersTCPRouter1entryPoints0" title="#opt-traefiktcproutersTCPRouter1entryPoints0">`traefik/tcp/routers/TCPRouter1/entryPoints/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1entryPoints1" href="#opt-traefiktcproutersTCPRouter1entryPoints1" title="#opt-traefiktcproutersTCPRouter1entryPoints1">`traefik/tcp/routers/TCPRouter1/entryPoints/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1middlewares0" href="#opt-traefiktcproutersTCPRouter1middlewares0" title="#opt-traefiktcproutersTCPRouter1middlewares0">`traefik/tcp/routers/TCPRouter1/middlewares/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1middlewares1" href="#opt-traefiktcproutersTCPRouter1middlewares1" title="#opt-traefiktcproutersTCPRouter1middlewares1">`traefik/tcp/routers/TCPRouter1/middlewares/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1priority" href="#opt-traefiktcproutersTCPRouter1priority" title="#opt-traefiktcproutersTCPRouter1priority">`traefik/tcp/routers/TCPRouter1/priority`</a> | `42` |
| <a id="opt-traefiktcproutersTCPRouter1rule" href="#opt-traefiktcproutersTCPRouter1rule" title="#opt-traefiktcproutersTCPRouter1rule">`traefik/tcp/routers/TCPRouter1/rule`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1ruleSyntax" href="#opt-traefiktcproutersTCPRouter1ruleSyntax" title="#opt-traefiktcproutersTCPRouter1ruleSyntax">`traefik/tcp/routers/TCPRouter1/ruleSyntax`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1service" href="#opt-traefiktcproutersTCPRouter1service" title="#opt-traefiktcproutersTCPRouter1service">`traefik/tcp/routers/TCPRouter1/service`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlscertResolver" href="#opt-traefiktcproutersTCPRouter1tlscertResolver" title="#opt-traefiktcproutersTCPRouter1tlscertResolver">`traefik/tcp/routers/TCPRouter1/tls/certResolver`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlsdomains0main" href="#opt-traefiktcproutersTCPRouter1tlsdomains0main" title="#opt-traefiktcproutersTCPRouter1tlsdomains0main">`traefik/tcp/routers/TCPRouter1/tls/domains/0/main`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlsdomains0sans0" href="#opt-traefiktcproutersTCPRouter1tlsdomains0sans0" title="#opt-traefiktcproutersTCPRouter1tlsdomains0sans0">`traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlsdomains0sans1" href="#opt-traefiktcproutersTCPRouter1tlsdomains0sans1" title="#opt-traefiktcproutersTCPRouter1tlsdomains0sans1">`traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlsdomains1main" href="#opt-traefiktcproutersTCPRouter1tlsdomains1main" title="#opt-traefiktcproutersTCPRouter1tlsdomains1main">`traefik/tcp/routers/TCPRouter1/tls/domains/1/main`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlsdomains1sans0" href="#opt-traefiktcproutersTCPRouter1tlsdomains1sans0" title="#opt-traefiktcproutersTCPRouter1tlsdomains1sans0">`traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/0`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlsdomains1sans1" href="#opt-traefiktcproutersTCPRouter1tlsdomains1sans1" title="#opt-traefiktcproutersTCPRouter1tlsdomains1sans1">`traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/1`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlsoptions" href="#opt-traefiktcproutersTCPRouter1tlsoptions" title="#opt-traefiktcproutersTCPRouter1tlsoptions">`traefik/tcp/routers/TCPRouter1/tls/options`</a> | `foobar` |
| <a id="opt-traefiktcproutersTCPRouter1tlspassthrough" href="#opt-traefiktcproutersTCPRouter1tlspassthrough" title="#opt-traefiktcproutersTCPRouter1tlspassthrough">`traefik/tcp/routers/TCPRouter1/tls/passthrough`</a> | `true` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0dialKeepAlive" href="#opt-traefiktcpserversTransportsTCPServersTransport0dialKeepAlive" title="#opt-traefiktcpserversTransportsTCPServersTransport0dialKeepAlive">`traefik/tcp/serversTransports/TCPServersTransport0/dialKeepAlive`</a> | `42s` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0dialTimeout" href="#opt-traefiktcpserversTransportsTCPServersTransport0dialTimeout" title="#opt-traefiktcpserversTransportsTCPServersTransport0dialTimeout">`traefik/tcp/serversTransports/TCPServersTransport0/dialTimeout`</a> | `42s` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion" href="#opt-traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion" title="#opt-traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion">`traefik/tcp/serversTransports/TCPServersTransport0/proxyProtocol/version`</a> | `42` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0terminationDelay" href="#opt-traefiktcpserversTransportsTCPServersTransport0terminationDelay" title="#opt-traefiktcpserversTransportsTCPServersTransport0terminationDelay">`traefik/tcp/serversTransports/TCPServersTransport0/terminationDelay`</a> | `42s` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/certFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/keyFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/certFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/keyFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify">`traefik/tcp/serversTransports/TCPServersTransport0/tls/insecureSkipVerify`</a> | `true` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI">`traefik/tcp/serversTransports/TCPServersTransport0/tls/peerCertURI`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0">`traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/0`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1">`traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/1`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsserverName" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsserverName" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsserverName">`traefik/tcp/serversTransports/TCPServersTransport0/tls/serverName`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/0`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/1`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/trustDomain`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1dialKeepAlive" href="#opt-traefiktcpserversTransportsTCPServersTransport1dialKeepAlive" title="#opt-traefiktcpserversTransportsTCPServersTransport1dialKeepAlive">`traefik/tcp/serversTransports/TCPServersTransport1/dialKeepAlive`</a> | `42s` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1dialTimeout" href="#opt-traefiktcpserversTransportsTCPServersTransport1dialTimeout" title="#opt-traefiktcpserversTransportsTCPServersTransport1dialTimeout">`traefik/tcp/serversTransports/TCPServersTransport1/dialTimeout`</a> | `42s` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion" href="#opt-traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion" title="#opt-traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion">`traefik/tcp/serversTransports/TCPServersTransport1/proxyProtocol/version`</a> | `42` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1terminationDelay" href="#opt-traefiktcpserversTransportsTCPServersTransport1terminationDelay" title="#opt-traefiktcpserversTransportsTCPServersTransport1terminationDelay">`traefik/tcp/serversTransports/TCPServersTransport1/terminationDelay`</a> | `42s` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/certFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/keyFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/certFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/keyFile`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify">`traefik/tcp/serversTransports/TCPServersTransport1/tls/insecureSkipVerify`</a> | `true` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI">`traefik/tcp/serversTransports/TCPServersTransport1/tls/peerCertURI`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0">`traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/0`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1">`traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/1`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsserverName" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsserverName" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsserverName">`traefik/tcp/serversTransports/TCPServersTransport1/tls/serverName`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/0`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/1`</a> | `foobar` |
| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/trustDomain`</a> | `foobar` |
| <a id="opt-traefiktcpservicesTCPService01loadBalancerproxyProtocolversion" href="#opt-traefiktcpservicesTCPService01loadBalancerproxyProtocolversion" title="#opt-traefiktcpservicesTCPService01loadBalancerproxyProtocolversion">`traefik/tcp/services/TCPService01/loadBalancer/proxyProtocol/version`</a> | `42` |
| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers0address" href="#opt-traefiktcpservicesTCPService01loadBalancerservers0address" title="#opt-traefiktcpservicesTCPService01loadBalancerservers0address">`traefik/tcp/services/TCPService01/loadBalancer/servers/0/address`</a> | `foobar` |
| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers0tls" href="#opt-traefiktcpservicesTCPService01loadBalancerservers0tls" title="#opt-traefiktcpservicesTCPService01loadBalancerservers0tls">`traefik/tcp/services/TCPService01/loadBalancer/servers/0/tls`</a> | `true` |
| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers1address" href="#opt-traefiktcpservicesTCPService01loadBalancerservers1address" title="#opt-traefiktcpservicesTCPService01loadBalancerservers1address">`traefik/tcp/services/TCPService01/loadBalancer/servers/1/address`</a> | `foobar` |
| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers1tls" href="#opt-traefiktcpservicesTCPService01loadBalancerservers1tls" title="#opt-traefiktcpservicesTCPService01loadBalancerservers1tls">`traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls`</a> | `true` |
| <a id="opt-traefiktcpservicesTCPService01loadBalancerserversTransport" href="#opt-traefiktcpservicesTCPService01loadBalancerserversTransport" title="#opt-traefiktcpservicesTCPService01loadBalancerserversTransport">`traefik/tcp/services/TCPService01/loadBalancer/serversTransport`</a> | `foobar` |
| <a id="opt-traefiktcpservicesTCPService01loadBalancerterminationDelay" href="#opt-traefiktcpservicesTCPService01loadBalancerterminationDelay" title="#opt-traefiktcpservicesTCPService01loadBalancerterminationDelay">`traefik/tcp/services/TCPService01/loadBalancer/terminationDelay`</a> | `42` |
| <a id="opt-traefiktcpservicesTCPService02weightedservices0name" href="#opt-traefiktcpservicesTCPService02weightedservices0name" title="#opt-traefiktcpservicesTCPService02weightedservices0name">`traefik/tcp/services/TCPService02/weighted/services/0/name`</a> | `foobar` |
| <a id="opt-traefiktcpservicesTCPService02weightedservices0weight" href="#opt-traefiktcpservicesTCPService02weightedservices0weight" title="#opt-traefiktcpservicesTCPService02weightedservices0weight">`traefik/tcp/services/TCPService02/weighted/services/0/weight`</a> | `42` |
| <a id="opt-traefiktcpservicesTCPService02weightedservices1name" href="#opt-traefiktcpservicesTCPService02weightedservices1name" title="#opt-traefiktcpservicesTCPService02weightedservices1name">`traefik/tcp/services/TCPService02/weighted/services/1/name`</a> | `foobar` |
| <a id="opt-traefiktcpservicesTCPService02weightedservices1weight" href="#opt-traefiktcpservicesTCPService02weightedservices1weight" title="#opt-traefiktcpservicesTCPService02weightedservices1weight">`traefik/tcp/services/TCPService02/weighted/services/1/weight`</a> | `42` |
| <a id="opt-traefiktlscertificates0certFile" href="#opt-traefiktlscertificates0certFile" title="#opt-traefiktlscertificates0certFile">`traefik/tls/certificates/0/certFile`</a> | `foobar` |
| <a id="opt-traefiktlscertificates0keyFile" href="#opt-traefiktlscertificates0keyFile" title="#opt-traefiktlscertificates0keyFile">`traefik/tls/certificates/0/keyFile`</a> | `foobar` |
| <a id="opt-traefiktlscertificates0stores0" href="#opt-traefiktlscertificates0stores0" title="#opt-traefiktlscertificates0stores0">`traefik/tls/certificates/0/stores/0`</a> | `foobar` |
| <a id="opt-traefiktlscertificates0stores1" href="#opt-traefiktlscertificates0stores1" title="#opt-traefiktlscertificates0stores1">`traefik/tls/certificates/0/stores/1`</a> | `foobar` |
| <a id="opt-traefiktlscertificates1certFile" href="#opt-traefiktlscertificates1certFile" title="#opt-traefiktlscertificates1certFile">`traefik/tls/certificates/1/certFile`</a> | `foobar` |
| <a id="opt-traefiktlscertificates1keyFile" href="#opt-traefiktlscertificates1keyFile" title="#opt-traefiktlscertificates1keyFile">`traefik/tls/certificates/1/keyFile`</a> | `foobar` |
| <a id="opt-traefiktlscertificates1stores0" href="#opt-traefiktlscertificates1stores0" title="#opt-traefiktlscertificates1stores0">`traefik/tls/certificates/1/stores/0`</a> | `foobar` |
| <a id="opt-traefiktlscertificates1stores1" href="#opt-traefiktlscertificates1stores1" title="#opt-traefiktlscertificates1stores1">`traefik/tls/certificates/1/stores/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0alpnProtocols0" href="#opt-traefiktlsoptionsOptions0alpnProtocols0" title="#opt-traefiktlsoptionsOptions0alpnProtocols0">`traefik/tls/options/Options0/alpnProtocols/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0alpnProtocols1" href="#opt-traefiktlsoptionsOptions0alpnProtocols1" title="#opt-traefiktlsoptionsOptions0alpnProtocols1">`traefik/tls/options/Options0/alpnProtocols/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0cipherSuites0" href="#opt-traefiktlsoptionsOptions0cipherSuites0" title="#opt-traefiktlsoptionsOptions0cipherSuites0">`traefik/tls/options/Options0/cipherSuites/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0cipherSuites1" href="#opt-traefiktlsoptionsOptions0cipherSuites1" title="#opt-traefiktlsoptionsOptions0cipherSuites1">`traefik/tls/options/Options0/cipherSuites/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0clientAuthcaFiles0" href="#opt-traefiktlsoptionsOptions0clientAuthcaFiles0" title="#opt-traefiktlsoptionsOptions0clientAuthcaFiles0">`traefik/tls/options/Options0/clientAuth/caFiles/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0clientAuthcaFiles1" href="#opt-traefiktlsoptionsOptions0clientAuthcaFiles1" title="#opt-traefiktlsoptionsOptions0clientAuthcaFiles1">`traefik/tls/options/Options0/clientAuth/caFiles/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0clientAuthclientAuthType" href="#opt-traefiktlsoptionsOptions0clientAuthclientAuthType" title="#opt-traefiktlsoptionsOptions0clientAuthclientAuthType">`traefik/tls/options/Options0/clientAuth/clientAuthType`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0curvePreferences0" href="#opt-traefiktlsoptionsOptions0curvePreferences0" title="#opt-traefiktlsoptionsOptions0curvePreferences0">`traefik/tls/options/Options0/curvePreferences/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0curvePreferences1" href="#opt-traefiktlsoptionsOptions0curvePreferences1" title="#opt-traefiktlsoptionsOptions0curvePreferences1">`traefik/tls/options/Options0/curvePreferences/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0disableSessionTickets" href="#opt-traefiktlsoptionsOptions0disableSessionTickets" title="#opt-traefiktlsoptionsOptions0disableSessionTickets">`traefik/tls/options/Options0/disableSessionTickets`</a> | `true` |
| <a id="opt-traefiktlsoptionsOptions0maxVersion" href="#opt-traefiktlsoptionsOptions0maxVersion" title="#opt-traefiktlsoptionsOptions0maxVersion">`traefik/tls/options/Options0/maxVersion`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0minVersion" href="#opt-traefiktlsoptionsOptions0minVersion" title="#opt-traefiktlsoptionsOptions0minVersion">`traefik/tls/options/Options0/minVersion`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions0preferServerCipherSuites" href="#opt-traefiktlsoptionsOptions0preferServerCipherSuites" title="#opt-traefiktlsoptionsOptions0preferServerCipherSuites">`traefik/tls/options/Options0/preferServerCipherSuites`</a> | `true` |
| <a id="opt-traefiktlsoptionsOptions0sniStrict" href="#opt-traefiktlsoptionsOptions0sniStrict" title="#opt-traefiktlsoptionsOptions0sniStrict">`traefik/tls/options/Options0/sniStrict`</a> | `true` |
| <a id="opt-traefiktlsoptionsOptions1alpnProtocols0" href="#opt-traefiktlsoptionsOptions1alpnProtocols0" title="#opt-traefiktlsoptionsOptions1alpnProtocols0">`traefik/tls/options/Options1/alpnProtocols/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1alpnProtocols1" href="#opt-traefiktlsoptionsOptions1alpnProtocols1" title="#opt-traefiktlsoptionsOptions1alpnProtocols1">`traefik/tls/options/Options1/alpnProtocols/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1cipherSuites0" href="#opt-traefiktlsoptionsOptions1cipherSuites0" title="#opt-traefiktlsoptionsOptions1cipherSuites0">`traefik/tls/options/Options1/cipherSuites/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1cipherSuites1" href="#opt-traefiktlsoptionsOptions1cipherSuites1" title="#opt-traefiktlsoptionsOptions1cipherSuites1">`traefik/tls/options/Options1/cipherSuites/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1clientAuthcaFiles0" href="#opt-traefiktlsoptionsOptions1clientAuthcaFiles0" title="#opt-traefiktlsoptionsOptions1clientAuthcaFiles0">`traefik/tls/options/Options1/clientAuth/caFiles/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1clientAuthcaFiles1" href="#opt-traefiktlsoptionsOptions1clientAuthcaFiles1" title="#opt-traefiktlsoptionsOptions1clientAuthcaFiles1">`traefik/tls/options/Options1/clientAuth/caFiles/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1clientAuthclientAuthType" href="#opt-traefiktlsoptionsOptions1clientAuthclientAuthType" title="#opt-traefiktlsoptionsOptions1clientAuthclientAuthType">`traefik/tls/options/Options1/clientAuth/clientAuthType`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1curvePreferences0" href="#opt-traefiktlsoptionsOptions1curvePreferences0" title="#opt-traefiktlsoptionsOptions1curvePreferences0">`traefik/tls/options/Options1/curvePreferences/0`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1curvePreferences1" href="#opt-traefiktlsoptionsOptions1curvePreferences1" title="#opt-traefiktlsoptionsOptions1curvePreferences1">`traefik/tls/options/Options1/curvePreferences/1`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1disableSessionTickets" href="#opt-traefiktlsoptionsOptions1disableSessionTickets" title="#opt-traefiktlsoptionsOptions1disableSessionTickets">`traefik/tls/options/Options1/disableSessionTickets`</a> | `true` |
| <a id="opt-traefiktlsoptionsOptions1maxVersion" href="#opt-traefiktlsoptionsOptions1maxVersion" title="#opt-traefiktlsoptionsOptions1maxVersion">`traefik/tls/options/Options1/maxVersion`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1minVersion" href="#opt-traefiktlsoptionsOptions1minVersion" title="#opt-traefiktlsoptionsOptions1minVersion">`traefik/tls/options/Options1/minVersion`</a> | `foobar` |
| <a id="opt-traefiktlsoptionsOptions1preferServerCipherSuites" href="#opt-traefiktlsoptionsOptions1preferServerCipherSuites" title="#opt-traefiktlsoptionsOptions1preferServerCipherSuites">`traefik/tls/options/Options1/preferServerCipherSuites`</a> | `true` |
| <a id="opt-traefiktlsoptionsOptions1sniStrict" href="#opt-traefiktlsoptionsOptions1sniStrict" title="#opt-traefiktlsoptionsOptions1sniStrict">`traefik/tls/options/Options1/sniStrict`</a> | `true` |
| <a id="opt-traefiktlsstoresStore0defaultCertificatecertFile" href="#opt-traefiktlsstoresStore0defaultCertificatecertFile" title="#opt-traefiktlsstoresStore0defaultCertificatecertFile">`traefik/tls/stores/Store0/defaultCertificate/certFile`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore0defaultCertificatekeyFile" href="#opt-traefiktlsstoresStore0defaultCertificatekeyFile" title="#opt-traefiktlsstoresStore0defaultCertificatekeyFile">`traefik/tls/stores/Store0/defaultCertificate/keyFile`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertdomainmain" href="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainmain" title="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainmain">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/main`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans0" href="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans0" title="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans0">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans1" href="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans1" title="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans1">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertresolver" href="#opt-traefiktlsstoresStore0defaultGeneratedCertresolver" title="#opt-traefiktlsstoresStore0defaultGeneratedCertresolver">`traefik/tls/stores/Store0/defaultGeneratedCert/resolver`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore1defaultCertificatecertFile" href="#opt-traefiktlsstoresStore1defaultCertificatecertFile" title="#opt-traefiktlsstoresStore1defaultCertificatecertFile">`traefik/tls/stores/Store1/defaultCertificate/certFile`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore1defaultCertificatekeyFile" href="#opt-traefiktlsstoresStore1defaultCertificatekeyFile" title="#opt-traefiktlsstoresStore1defaultCertificatekeyFile">`traefik/tls/stores/Store1/defaultCertificate/keyFile`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertdomainmain" href="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainmain" title="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainmain">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/main`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans0" href="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans0" title="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans0">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/0`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans1" href="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans1" title="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans1">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/1`</a> | `foobar` |
| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertresolver" href="#opt-traefiktlsstoresStore1defaultGeneratedCertresolver" title="#opt-traefiktlsstoresStore1defaultGeneratedCertresolver">`traefik/tls/stores/Store1/defaultGeneratedCert/resolver`</a> | `foobar` |
| <a id="opt-traefikudproutersUDPRouter0entryPoints0" href="#opt-traefikudproutersUDPRouter0entryPoints0" title="#opt-traefikudproutersUDPRouter0entryPoints0">`traefik/udp/routers/UDPRouter0/entryPoints/0`</a> | `foobar` |
| <a id="opt-traefikudproutersUDPRouter0entryPoints1" href="#opt-traefikudproutersUDPRouter0entryPoints1" title="#opt-traefikudproutersUDPRouter0entryPoints1">`traefik/udp/routers/UDPRouter0/entryPoints/1`</a> | `foobar` |
| <a id="opt-traefikudproutersUDPRouter0service" href="#opt-traefikudproutersUDPRouter0service" title="#opt-traefikudproutersUDPRouter0service">`traefik/udp/routers/UDPRouter0/service`</a> | `foobar` |
| <a id="opt-traefikudproutersUDPRouter1entryPoints0" href="#opt-traefikudproutersUDPRouter1entryPoints0" title="#opt-traefikudproutersUDPRouter1entryPoints0">`traefik/udp/routers/UDPRouter1/entryPoints/0`</a> | `foobar` |
| <a id="opt-traefikudproutersUDPRouter1entryPoints1" href="#opt-traefikudproutersUDPRouter1entryPoints1" title="#opt-traefikudproutersUDPRouter1entryPoints1">`traefik/udp/routers/UDPRouter1/entryPoints/1`</a> | `foobar` |
| <a id="opt-traefikudproutersUDPRouter1service" href="#opt-traefikudproutersUDPRouter1service" title="#opt-traefikudproutersUDPRouter1service">`traefik/udp/routers/UDPRouter1/service`</a> | `foobar` |
| <a id="opt-traefikudpservicesUDPService01loadBalancerservers0address" href="#opt-traefikudpservicesUDPService01loadBalancerservers0address" title="#opt-traefikudpservicesUDPService01loadBalancerservers0address">`traefik/udp/services/UDPService01/loadBalancer/servers/0/address`</a> | `foobar` |
| <a id="opt-traefikudpservicesUDPService01loadBalancerservers1address" href="#opt-traefikudpservicesUDPService01loadBalancerservers1address" title="#opt-traefikudpservicesUDPService01loadBalancerservers1address">`traefik/udp/services/UDPService01/loadBalancer/servers/1/address`</a> | `foobar` |
| <a id="opt-traefikudpservicesUDPService02weightedservices0name" href="#opt-traefikudpservicesUDPService02weightedservices0name" title="#opt-traefikudpservicesUDPService02weightedservices0name">`traefik/udp/services/UDPService02/weighted/services/0/name`</a> | `foobar` |
| <a id="opt-traefikudpservicesUDPService02weightedservices0weight" href="#opt-traefikudpservicesUDPService02weightedservices0weight" title="#opt-traefikudpservicesUDPService02weightedservices0weight">`traefik/udp/services/UDPService02/weighted/services/0/weight`</a> | `42` |
| <a id="opt-traefikudpservicesUDPService02weightedservices1name" href="#opt-traefikudpservicesUDPService02weightedservices1name" title="#opt-traefikudpservicesUDPService02weightedservices1name">`traefik/udp/services/UDPService02/weighted/services/1/name`</a> | `foobar` |
| <a id="opt-traefikudpservicesUDPService02weightedservices1weight" href="#opt-traefikudpservicesUDPService02weightedservices1weight" title="#opt-traefikudpservicesUDPService02weightedservices1weight">`traefik/udp/services/UDPService02/weighted/services/1/weight`</a> | `42` |

30
docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@@ -64,12 +64,12 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
type: string
middlewares:
description: |-
Middlewares defines the list of references to Middleware resources.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
items:
description: MiddlewareRef is a reference to a Middleware
resource.
@@ -89,7 +89,7 @@ spec:
observability:
description: |-
Observability defines the observability configuration for a router.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
properties:
accessLogs:
description: AccessLogs enables access logs for this router.
@@ -112,7 +112,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@@ -263,7 +263,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -332,7 +332,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
type: string
required:
@@ -342,18 +342,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -372,17 +372,17 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
properties:
name:
description: |-
Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
type: string
required:
- name
@@ -399,12 +399,12 @@ spec:
name:
description: |-
Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
namespace:
description: |-
Namespace defines the namespace of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
type: string
required:
- name

19
docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string
@@ -56,7 +56,7 @@ spec:
match:
description: |-
Match defines the router's rule.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
type: string
middlewares:
description: Middlewares defines the list of references to MiddlewareTCP
@@ -80,7 +80,7 @@ spec:
priority:
description: |-
Priority defines the router's priority.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
maximum: 9223372036854775000
type: integer
services:
@@ -122,7 +122,8 @@ spec:
proxyProtocol:
description: |-
ProxyProtocol defines the PROXY protocol configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
properties:
version:
description: Version defines the PROXY Protocol version
@@ -163,7 +164,7 @@ spec:
syntax:
description: |-
Syntax defines the router's rule syntax.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
enum:
- v3
@@ -176,18 +177,18 @@ spec:
tls:
description: |-
TLS defines the TLS configuration on a layer 4 / TCP Route.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
properties:
certResolver:
description: |-
CertResolver defines the name of the certificate resolver to use.
Cert resolvers have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
type: string
domains:
description: |-
Domains defines the list of domains that will be used to issue certificates.
More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
items:
description: Domain holds a domain name with SANs.
properties:
@@ -206,7 +207,7 @@ spec:
description: |-
Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
If not defined, the `default` TLSOption is used.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
properties:
name:
description: Name defines the name of the referenced Traefik

2
docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
View File

@@ -43,7 +43,7 @@ spec:
description: |-
EntryPoints defines the list of entry point names to bind to.
Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
Default: all.
items:
type: string

32
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View File

@@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
properties:
apiVersion:
description: |-
@@ -60,12 +60,12 @@ spec:
description: |-
BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
type: string
realm:
description: |-
@@ -125,7 +125,7 @@ spec:
description: |-
Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other pieces of middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
@@ -188,7 +188,7 @@ spec:
description: |-
Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
properties:
defaultEncoding:
description: DefaultEncoding specifies the default encoding if
@@ -238,12 +238,12 @@ spec:
description: |-
DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
properties:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
type: string
realm:
description: |-
@@ -263,7 +263,7 @@ spec:
description: |-
ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
properties:
query:
description: |-
@@ -275,7 +275,7 @@ spec:
service:
description: |-
Service defines the reference to a Kubernetes Service that will serve the error page.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
properties:
healthCheck:
description: Healthcheck defines health checks for ExternalName
@@ -417,7 +417,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -504,7 +504,7 @@ spec:
description: |-
ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
properties:
addAuthCookiesToResponse:
description: AddAuthCookiesToResponse defines the list of cookies
@@ -532,7 +532,7 @@ spec:
authResponseHeadersRegex:
description: |-
AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
type: string
forwardBody:
description: ForwardBody defines whether to send the request body
@@ -541,7 +541,7 @@ spec:
headerField:
description: |-
HeaderField defines a header field to store the authenticated user.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
type: string
maxBodySize:
description: MaxBodySize defines the maximum body size in bytes
@@ -1007,13 +1007,13 @@ spec:
x-kubernetes-preserve-unknown-fields: true
description: |-
Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
type: object
rateLimit:
description: |-
RateLimit holds the rate limit configuration.
This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
properties:
average:
description: |-
@@ -1231,7 +1231,7 @@ spec:
Retry holds the retry middleware configuration.
This middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
properties:
attempts:
description: Attempts defines how many times the request should

6
docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
View File

@@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
properties:
apiVersion:
description: |-
@@ -56,7 +56,7 @@ spec:
description: |-
IPAllowList defines the IPAllowList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
@@ -70,7 +70,7 @@ spec:
IPWhiteList defines the IPWhiteList middleware configuration.
This middleware accepts/refuses connections based on the client IP.
Deprecated: please use IPAllowList instead.
More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of

4
docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
View File

@@ -21,7 +21,7 @@ spec:
ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
properties:
apiVersion:
description: |-
@@ -107,7 +107,7 @@ spec:
maxIdleConnsPerHost:
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host.
minimum: 0
minimum: -1
type: integer
peerCertURI:
description: PeerCertURI defines the peer cert URI used to match against

11
docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
View File

@@ -21,7 +21,7 @@ spec:
ServersTransportTCP is the CRD implementation of a TCPServersTransport.
If no tcpServersTransport is specified, a default one named default@internal will be used.
The default@internal tcpServersTransport can be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
properties:
apiVersion:
description: |-
@@ -63,6 +63,15 @@ spec:
to a backend server can be established.
pattern: ^([0-9]+(ns|us|µs|ms|s|m|h)?)+$
x-kubernetes-int-or-string: true
proxyProtocol:
description: ProxyProtocol holds the PROXY Protocol configuration.
properties:
version:
description: Version defines the PROXY Protocol version to use.
maximum: 2
minimum: 1
type: integer
type: object
terminationDelay:
anyOf:
- type: integer

8
docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
View File

@@ -19,7 +19,7 @@ spec:
openAPIV3Schema:
description: |-
TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
properties:
apiVersion:
description: |-
@@ -44,14 +44,14 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
items:
type: string
type: array
cipherSuites:
description: |-
CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
items:
type: string
type: array
@@ -79,7 +79,7 @@ spec:
curvePreferences:
description: |-
CurvePreferences defines the preferred elliptic curves.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
items:
type: string
type: array

2
docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
View File

@@ -21,7 +21,7 @@ spec:
TLSStore is the CRD implementation of a Traefik TLS Store.
For the time being, only the TLSStore named default is supported.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
properties:
apiVersion:
description: |-

10
docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
View File

@@ -22,7 +22,7 @@ spec:
TraefikService object allows to:
- Apply weight to Services on load-balancing
- Mirror traffic on services
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
properties:
apiVersion:
description: |-
@@ -286,7 +286,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -414,7 +414,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -627,7 +627,7 @@ spec:
sticky:
description: |-
Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
properties:
cookie:
description: Cookie defines the sticky cookie configuration.
@@ -695,7 +695,7 @@ spec:
sticky:
description: |-
Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
properties:
cookie:
description: Cookie defines the sticky cookie configuration.

72
docs/content/reference/install-configuration/api-dashboard.md
View File

@@ -155,11 +155,12 @@ enabing the dashboard [here](https://github.com/traefik/traefik-helm-chart/blob/
| Field | Description | Default | Required |
|:-----------|:---------------------------------|:--------|:---------|
| `api` | Enable api/dashboard. When set to `true`, its sub option `api.dashboard` is also set to true.| false | No |
| `api.dashboard` | Enable dashboard. | false | No |
| `api.debug` | Enable additional endpoints for debugging and profiling. | false | No |
| `api.disabledashboardad` | Disable the advertisement from the dashboard. | false | No |
| `api.insecure` | Enable the API and the dashboard on the entryPoint named traefik.| false | No |
| <a id="opt-api" href="#opt-api" title="#opt-api">`api`</a> | Enable api/dashboard. When set to `true`, its sub option `api.dashboard` is also set to true.| false | No |
| <a id="opt-api-basepath" href="#opt-api-basepath" title="#opt-api-basepath">api.basepath</a> | Defines the base path where the API and Dashboard will be exposed. | / | No |
| <a id="opt-api-dashboard" href="#opt-api-dashboard" title="#opt-api-dashboard">`api.dashboard`</a> | Enable dashboard. | false | No |
| <a id="opt-api-debug" href="#opt-api-debug" title="#opt-api-debug">`api.debug`</a> | Enable additional endpoints for debugging and profiling. | false | No |
| <a id="opt-api-disabledashboardad" href="#opt-api-disabledashboardad" title="#opt-api-disabledashboardad">`api.disabledashboardad`</a> | Disable the advertisement from the dashboard. | false | No |
| <a id="opt-api-insecure" href="#opt-api-insecure" title="#opt-api-insecure">`api.insecure`</a> | Enable the API and the dashboard on the entryPoint named traefik.| false | No |
## Endpoints
@@ -167,37 +168,42 @@ All the following endpoints must be accessed with a `GET` HTTP request.
| Path | Description |
|--------------------------------|---------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. |
| `/api/http/routers/{name}` | Returns the information of the HTTP router specified by `name`. |
| `/api/http/services` | Lists all the HTTP services information. |
| `/api/http/services/{name}` | Returns the information of the HTTP service specified by `name`. |
| `/api/http/middlewares` | Lists all the HTTP middlewares information. |
| `/api/http/middlewares/{name}` | Returns the information of the HTTP middleware specified by `name`. |
| `/api/tcp/routers` | Lists all the TCP routers information. |
| `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name`. |
| `/api/tcp/services` | Lists all the TCP services information. |
| `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name`. |
| `/api/tcp/middlewares` | Lists all the TCP middlewares information. |
| `/api/tcp/middlewares/{name}` | Returns the information of the TCP middleware specified by `name`. |
| `/api/udp/routers` | Lists all the UDP routers information. |
| `/api/udp/routers/{name}` | Returns the information of the UDP router specified by `name`. |
| `/api/udp/services` | Lists all the UDP services information. |
| `/api/udp/services/{name}` | Returns the information of the UDP service specified by `name`. |
| `/api/entrypoints` | Lists all the entry points information. |
| `/api/entrypoints/{name}` | Returns the information of the entry point specified by `name`. |
| `/api/overview` | Returns statistic information about HTTP, TCP and about enabled features and providers. |
| `/api/rawdata` | Returns information about dynamic configurations, errors, status and dependency relations. |
| `/api/version` | Returns information about Traefik version. |
| `/debug/vars` | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
| `/debug/pprof/` | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. |
| `/debug/pprof/cmdline` | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation. |
| `/debug/pprof/profile` | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. |
| `/debug/pprof/symbol` | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. |
| `/debug/pprof/trace` | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. |
| <a id="opt-apihttprouters" href="#opt-apihttprouters" title="#opt-apihttprouters">`/api/http/routers`</a> | Lists all the HTTP routers information. |
| <a id="opt-apihttproutersname" href="#opt-apihttproutersname" title="#opt-apihttproutersname">`/api/http/routers/{name}`</a> | Returns the information of the HTTP router specified by `name`. |
| <a id="opt-apihttpservices" href="#opt-apihttpservices" title="#opt-apihttpservices">`/api/http/services`</a> | Lists all the HTTP services information. |
| <a id="opt-apihttpservicesname" href="#opt-apihttpservicesname" title="#opt-apihttpservicesname">`/api/http/services/{name}`</a> | Returns the information of the HTTP service specified by `name`. |
| <a id="opt-apihttpmiddlewares" href="#opt-apihttpmiddlewares" title="#opt-apihttpmiddlewares">`/api/http/middlewares`</a> | Lists all the HTTP middlewares information. |
| <a id="opt-apihttpmiddlewaresname" href="#opt-apihttpmiddlewaresname" title="#opt-apihttpmiddlewaresname">`/api/http/middlewares/{name}`</a> | Returns the information of the HTTP middleware specified by `name`. |
| <a id="opt-apitcprouters" href="#opt-apitcprouters" title="#opt-apitcprouters">`/api/tcp/routers`</a> | Lists all the TCP routers information. |
| <a id="opt-apitcproutersname" href="#opt-apitcproutersname" title="#opt-apitcproutersname">`/api/tcp/routers/{name}`</a> | Returns the information of the TCP router specified by `name`. |
| <a id="opt-apitcpservices" href="#opt-apitcpservices" title="#opt-apitcpservices">`/api/tcp/services`</a> | Lists all the TCP services information. |
| <a id="opt-apitcpservicesname" href="#opt-apitcpservicesname" title="#opt-apitcpservicesname">`/api/tcp/services/{name}`</a> | Returns the information of the TCP service specified by `name`. |
| <a id="opt-apitcpmiddlewares" href="#opt-apitcpmiddlewares" title="#opt-apitcpmiddlewares">`/api/tcp/middlewares`</a> | Lists all the TCP middlewares information. |
| <a id="opt-apitcpmiddlewaresname" href="#opt-apitcpmiddlewaresname" title="#opt-apitcpmiddlewaresname">`/api/tcp/middlewares/{name}`</a> | Returns the information of the TCP middleware specified by `name`. |
| <a id="opt-apiudprouters" href="#opt-apiudprouters" title="#opt-apiudprouters">`/api/udp/routers`</a> | Lists all the UDP routers information. |
| <a id="opt-apiudproutersname" href="#opt-apiudproutersname" title="#opt-apiudproutersname">`/api/udp/routers/{name}`</a> | Returns the information of the UDP router specified by `name`. |
| <a id="opt-apiudpservices" href="#opt-apiudpservices" title="#opt-apiudpservices">`/api/udp/services`</a> | Lists all the UDP services information. |
| <a id="opt-apiudpservicesname" href="#opt-apiudpservicesname" title="#opt-apiudpservicesname">`/api/udp/services/{name}`</a> | Returns the information of the UDP service specified by `name`. |
| <a id="opt-apientrypoints" href="#opt-apientrypoints" title="#opt-apientrypoints">`/api/entrypoints`</a> | Lists all the entry points information. |
| <a id="opt-apientrypointsname" href="#opt-apientrypointsname" title="#opt-apientrypointsname">`/api/entrypoints/{name}`</a> | Returns the information of the entry point specified by `name`. |
| <a id="opt-apioverview" href="#opt-apioverview" title="#opt-apioverview">`/api/overview`</a> | Returns statistic information about HTTP, TCP and about enabled features and providers. |
| <a id="opt-apirawdata" href="#opt-apirawdata" title="#opt-apirawdata">`/api/rawdata`</a> | Returns information about dynamic configurations, errors, status and dependency relations. |
| <a id="opt-apiversion" href="#opt-apiversion" title="#opt-apiversion">`/api/version`</a> | Returns information about Traefik version. |
| <a id="opt-debugvars" href="#opt-debugvars" title="#opt-debugvars">`/debug/vars`</a> | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
| <a id="opt-debugpprof" href="#opt-debugpprof" title="#opt-debugpprof">`/debug/pprof/`</a> | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. |
| <a id="opt-debugpprofcmdline" href="#opt-debugpprofcmdline" title="#opt-debugpprofcmdline">`/debug/pprof/cmdline`</a> | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation. |
| <a id="opt-debugpprofprofile" href="#opt-debugpprofprofile" title="#opt-debugpprofprofile">`/debug/pprof/profile`</a> | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. |
| <a id="opt-debugpprofsymbol" href="#opt-debugpprofsymbol" title="#opt-debugpprofsymbol">`/debug/pprof/symbol`</a> | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. |
| <a id="opt-debugpproftrace" href="#opt-debugpproftrace" title="#opt-debugpproftrace">`/debug/pprof/trace`</a> | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. |
!!! note "Base Path Configuration"
By default, Traefik exposes its API and Dashboard under the `/` base path. It's possible to configure it with `api.basepath`. When configured, all endpoints (api, dashboard, debug) are using it.
## Dashboard
The dashboard is available at the same location as the [API](../../operations/api.md), but by default on the path `/dashboard/`.
The dashboard is available at the same location as the API, but by default on the path `/dashboard/`.
!!! note

945
docs/content/reference/install-configuration/configuration-options.md
View File

@@ -7,475 +7,476 @@ THIS FILE MUST NOT BE EDITED BY HAND
| Field | Description | Default |
|:-------|:------------|:-------|
| accesslog | Access log settings. | false |
| accesslog.addinternals | Enables access log for internal services (ping, dashboard, etc...). | false |
| accesslog.bufferingsize | Number of access log lines to process in a buffered way. | 0 |
| accesslog.fields.defaultmode | Default mode for fields: keep | drop | keep |
| accesslog.fields.headers.defaultmode | Default mode for fields: keep | drop | redact | drop |
| accesslog.fields.headers.names._name_ | Override mode for headers | |
| accesslog.fields.names._name_ | Override mode for fields | |
| accesslog.filepath | Access log file path. Stdout is used when omitted or empty. | |
| accesslog.filters.minduration | Keep access logs when request took longer than the specified duration. | 0 |
| accesslog.filters.retryattempts | Keep access logs when at least one retry happened. | false |
| accesslog.filters.statuscodes | Keep access logs with status codes in the specified range. | |
| accesslog.format | Access log format: json | common | common |
| accesslog.otlp | Settings for OpenTelemetry. | false |
| accesslog.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
| accesslog.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| accesslog.otlp.grpc.headers._name_ | Headers sent with payload. | |
| accesslog.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
| accesslog.otlp.grpc.tls.ca | TLS CA | |
| accesslog.otlp.grpc.tls.cert | TLS cert | |
| accesslog.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
| accesslog.otlp.grpc.tls.key | TLS key | |
| accesslog.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
| accesslog.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| accesslog.otlp.http.headers._name_ | Headers sent with payload. | |
| accesslog.otlp.http.tls.ca | TLS CA | |
| accesslog.otlp.http.tls.cert | TLS cert | |
| accesslog.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
| accesslog.otlp.http.tls.key | TLS key | |
| accesslog.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
| accesslog.otlp.servicename | Defines the service name resource attribute. | traefik |
| api | Enable api/dashboard. | false |
| api.basepath | Defines the base path where the API and Dashboard will be exposed. | / |
| api.dashboard | Activate dashboard. | true |
| api.debug | Enable additional endpoints for debugging and profiling. | false |
| api.disabledashboardad | Disable ad in the dashboard. | false |
| api.insecure | Activate API directly on the entryPoint named traefik. | false |
| certificatesresolvers._name_ | Certificates resolvers configuration. | false |
| certificatesresolvers._name_.acme.cacertificates | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| certificatesresolvers._name_.acme.caserver | CA server to use. | https://acme-v02.api.letsencrypt.org/directory |
| certificatesresolvers._name_.acme.caservername | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| certificatesresolvers._name_.acme.casystemcertpool | Define if the certificates pool must use a copy of the system cert pool. | false |
| certificatesresolvers._name_.acme.certificatesduration | Certificates' duration in hours. | 2160 |
| certificatesresolvers._name_.acme.clientresponseheadertimeout | Timeout for receiving the response headers when communicating with the ACME server. | 30 |
| certificatesresolvers._name_.acme.clienttimeout | Timeout for a complete HTTP transaction with the ACME server. | 120 |
| certificatesresolvers._name_.acme.dnschallenge | Activate DNS-01 Challenge. | false |
| certificatesresolvers._name_.acme.dnschallenge.delaybeforecheck | (Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. | 0 |
| certificatesresolvers._name_.acme.dnschallenge.disablepropagationcheck | (Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation | DNS propagation checks configuration | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation.delaybeforechecks | Defines the delay before checking the challenge TXT record propagation. | 0 |
| certificatesresolvers._name_.acme.dnschallenge.propagation.disableanschecks | Disables the challenge TXT record propagation checks against authoritative nameservers. | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation.disablechecks | Disables the challenge TXT record propagation checks (not recommended). | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation.requireallrns | Requires the challenge TXT record to be propagated to all recursive nameservers. | false |
| certificatesresolvers._name_.acme.dnschallenge.provider | Use a DNS-01 based challenge provider rather than HTTPS. | |
| certificatesresolvers._name_.acme.dnschallenge.resolvers | Use following DNS servers to resolve the FQDN authority. | |
| certificatesresolvers._name_.acme.eab.hmacencoded | Base64 encoded HMAC key from External CA. | |
| certificatesresolvers._name_.acme.eab.kid | Key identifier from External CA. | |
| certificatesresolvers._name_.acme.email | Email address used for registration. | |
| certificatesresolvers._name_.acme.emailaddresses | CSR email addresses to use. | |
| certificatesresolvers._name_.acme.httpchallenge | Activate HTTP-01 Challenge. | false |
| certificatesresolvers._name_.acme.httpchallenge.delay | Delay between the creation of the challenge and the validation. | 0 |
| certificatesresolvers._name_.acme.httpchallenge.entrypoint | HTTP challenge EntryPoint | |
| certificatesresolvers._name_.acme.keytype | KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. | RSA4096 |
| certificatesresolvers._name_.acme.preferredchain | Preferred chain to use. | |
| certificatesresolvers._name_.acme.profile | Certificate profile to use. | |
| certificatesresolvers._name_.acme.storage | Storage to use. | acme.json |
| certificatesresolvers._name_.acme.tlschallenge | Activate TLS-ALPN-01 Challenge. | true |
| certificatesresolvers._name_.tailscale | Enables Tailscale certificate resolution. | true |
| core.defaultrulesyntax | Defines the rule parser default syntax (v2 or v3) | v3 |
| entrypoints._name_ | Entry points definition. | false |
| entrypoints._name_.address | Entry point address. | |
| entrypoints._name_.allowacmebypass | Enables handling of ACME TLS and HTTP challenges with custom routers. | false |
| entrypoints._name_.asdefault | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false |
| entrypoints._name_.forwardedheaders.connection | List of Connection headers that are allowed to pass through the middleware chain before being removed. | |
| entrypoints._name_.forwardedheaders.insecure | Trust all forwarded headers. | false |
| entrypoints._name_.forwardedheaders.trustedips | Trust only forwarded headers from selected IPs. | |
| entrypoints._name_.http | HTTP configuration. | |
| entrypoints._name_.http.encodequerysemicolons | Defines whether request query semicolons should be URLEncoded. | false |
| entrypoints._name_.http.maxheaderbytes | Maximum size of request headers in bytes. | 1048576 |
| entrypoints._name_.http.middlewares | Default middlewares for the routers linked to the entry point. | |
| entrypoints._name_.http.redirections.entrypoint.permanent | Applies a permanent redirection. | true |
| entrypoints._name_.http.redirections.entrypoint.priority | Priority of the generated router. | 9223372036854775806 |
| entrypoints._name_.http.redirections.entrypoint.scheme | Scheme used for the redirection. | https |
| entrypoints._name_.http.redirections.entrypoint.to | Targeted entry point of the redirection. | |
| entrypoints._name_.http.sanitizepath | Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences). | true |
| entrypoints._name_.http.tls | Default TLS configuration for the routers linked to the entry point. | false |
| entrypoints._name_.http.tls.certresolver | Default certificate resolver for the routers linked to the entry point. | |
| entrypoints._name_.http.tls.domains | Default TLS domains for the routers linked to the entry point. | |
| entrypoints._name_.http.tls.domains[0].main | Default subject name. | |
| entrypoints._name_.http.tls.domains[0].sans | Subject alternative names. | |
| entrypoints._name_.http.tls.options | Default TLS options for the routers linked to the entry point. | |
| entrypoints._name_.http2.maxconcurrentstreams | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 |
| entrypoints._name_.http3 | HTTP/3 configuration. | false |
| entrypoints._name_.http3.advertisedport | UDP port to advertise, on which HTTP/3 is available. | 0 |
| entrypoints._name_.observability.accesslogs | Enables access-logs for this entryPoint. | true |
| entrypoints._name_.observability.metrics | Enables metrics for this entryPoint. | true |
| entrypoints._name_.observability.traceverbosity | Defines the tracing verbosity level for this entryPoint. | minimal |
| entrypoints._name_.observability.tracing | Enables tracing for this entryPoint. | true |
| entrypoints._name_.proxyprotocol | Proxy-Protocol configuration. | false |
| entrypoints._name_.proxyprotocol.insecure | Trust all. | false |
| entrypoints._name_.proxyprotocol.trustedips | Trust only selected IPs. | |
| entrypoints._name_.reuseport | Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. | false |
| entrypoints._name_.transport.keepalivemaxrequests | Maximum number of requests before closing a keep-alive connection. | 0 |
| entrypoints._name_.transport.keepalivemaxtime | Maximum duration before closing a keep-alive connection. | 0 |
| entrypoints._name_.transport.lifecycle.gracetimeout | Duration to give active requests a chance to finish before Traefik stops. | 10 |
| entrypoints._name_.transport.lifecycle.requestacceptgracetimeout | Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. | 0 |
| entrypoints._name_.transport.respondingtimeouts.idletimeout | IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. | 180 |
| entrypoints._name_.transport.respondingtimeouts.readtimeout | ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. | 60 |
| entrypoints._name_.transport.respondingtimeouts.writetimeout | WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. | 0 |
| entrypoints._name_.udp.timeout | Timeout defines how long to wait on an idle session before releasing the related resources. | 3 |
| experimental.abortonpluginfailure | Defines whether all plugins must be loaded successfully for Traefik to start. | false |
| experimental.fastproxy | Enables the FastProxy implementation. | false |
| experimental.fastproxy.debug | Enable debug mode for the FastProxy implementation. | false |
| experimental.kubernetesgateway | (Deprecated) Allow the Kubernetes gateway api provider usage. | false |
| experimental.kubernetesingressnginx | Allow the Kubernetes Ingress NGINX provider usage. | false |
| experimental.localplugins._name_ | Local plugins configuration. | false |
| experimental.localplugins._name_.modulename | Plugin's module name. | |
| experimental.localplugins._name_.settings | Plugin's settings (works only for wasm plugins). | |
| experimental.localplugins._name_.settings.envs | Environment variables to forward to the wasm guest. | |
| experimental.localplugins._name_.settings.mounts | Directory to mount to the wasm guest. | |
| experimental.localplugins._name_.settings.useunsafe | Allow the plugin to use unsafe package. | false |
| experimental.otlplogs | Enables the OpenTelemetry logs integration. | false |
| experimental.plugins._name_.modulename | plugin's module name. | |
| experimental.plugins._name_.settings | Plugin's settings (works only for wasm plugins). | |
| experimental.plugins._name_.settings.envs | Environment variables to forward to the wasm guest. | |
| experimental.plugins._name_.settings.mounts | Directory to mount to the wasm guest. | |
| experimental.plugins._name_.settings.useunsafe | Allow the plugin to use unsafe package. | false |
| experimental.plugins._name_.version | plugin's version. | |
| global.checknewversion | Periodically check if a new version has been released. | true |
| global.sendanonymoususage | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false |
| hostresolver | Enable CNAME Flattening. | false |
| hostresolver.cnameflattening | A flag to enable/disable CNAME flattening | false |
| hostresolver.resolvconfig | resolv.conf used for DNS resolving | /etc/resolv.conf |
| hostresolver.resolvdepth | The maximal depth of DNS recursive resolving | 5 |
| log | Traefik log settings. | false |
| log.compress | Determines if the rotated log files should be compressed using gzip. | false |
| log.filepath | Traefik log file path. Stdout is used when omitted or empty. | |
| log.format | Traefik log format: json | common | common |
| log.level | Log level set to traefik logs. | ERROR |
| log.maxage | Maximum number of days to retain old log files based on the timestamp encoded in their filename. | 0 |
| log.maxbackups | Maximum number of old log files to retain. | 0 |
| log.maxsize | Maximum size in megabytes of the log file before it gets rotated. | 0 |
| log.nocolor | When using the 'common' format, disables the colorized output. | false |
| log.otlp | Settings for OpenTelemetry. | false |
| log.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
| log.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| log.otlp.grpc.headers._name_ | Headers sent with payload. | |
| log.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
| log.otlp.grpc.tls.ca | TLS CA | |
| log.otlp.grpc.tls.cert | TLS cert | |
| log.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
| log.otlp.grpc.tls.key | TLS key | |
| log.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
| log.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| log.otlp.http.headers._name_ | Headers sent with payload. | |
| log.otlp.http.tls.ca | TLS CA | |
| log.otlp.http.tls.cert | TLS cert | |
| log.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
| log.otlp.http.tls.key | TLS key | |
| log.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
| log.otlp.servicename | Defines the service name resource attribute. | traefik |
| metrics.addinternals | Enables metrics for internal services (ping, dashboard, etc...). | false |
| metrics.datadog | Datadog metrics exporter type. | false |
| metrics.datadog.addentrypointslabels | Enable metrics on entry points. | true |
| metrics.datadog.address | Datadog's address. | localhost:8125 |
| metrics.datadog.addrouterslabels | Enable metrics on routers. | false |
| metrics.datadog.addserviceslabels | Enable metrics on services. | true |
| metrics.datadog.prefix | Prefix to use for metrics collection. | traefik |
| metrics.datadog.pushinterval | Datadog push interval. | 10 |
| metrics.influxdb2 | InfluxDB v2 metrics exporter type. | false |
| metrics.influxdb2.addentrypointslabels | Enable metrics on entry points. | true |
| metrics.influxdb2.additionallabels._name_ | Additional labels (influxdb tags) on all metrics | |
| metrics.influxdb2.address | InfluxDB v2 address. | http://localhost:8086 |
| metrics.influxdb2.addrouterslabels | Enable metrics on routers. | false |
| metrics.influxdb2.addserviceslabels | Enable metrics on services. | true |
| metrics.influxdb2.bucket | InfluxDB v2 bucket ID. | |
| metrics.influxdb2.org | InfluxDB v2 org ID. | |
| metrics.influxdb2.pushinterval | InfluxDB v2 push interval. | 10 |
| metrics.influxdb2.token | InfluxDB v2 access token. | |
| metrics.otlp | OpenTelemetry metrics exporter type. | false |
| metrics.otlp.addentrypointslabels | Enable metrics on entry points. | true |
| metrics.otlp.addrouterslabels | Enable metrics on routers. | false |
| metrics.otlp.addserviceslabels | Enable metrics on services. | true |
| metrics.otlp.explicitboundaries | Boundaries for latency metrics. | 0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000 |
| metrics.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
| metrics.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| metrics.otlp.grpc.headers._name_ | Headers sent with payload. | |
| metrics.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
| metrics.otlp.grpc.tls.ca | TLS CA | |
| metrics.otlp.grpc.tls.cert | TLS cert | |
| metrics.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
| metrics.otlp.grpc.tls.key | TLS key | |
| metrics.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
| metrics.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| metrics.otlp.http.headers._name_ | Headers sent with payload. | |
| metrics.otlp.http.tls.ca | TLS CA | |
| metrics.otlp.http.tls.cert | TLS cert | |
| metrics.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
| metrics.otlp.http.tls.key | TLS key | |
| metrics.otlp.pushinterval | Period between calls to collect a checkpoint. | 10 |
| metrics.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
| metrics.otlp.servicename | Defines the service name resource attribute. | traefik |
| metrics.prometheus | Prometheus metrics exporter type. | false |
| metrics.prometheus.addentrypointslabels | Enable metrics on entry points. | true |
| metrics.prometheus.addrouterslabels | Enable metrics on routers. | false |
| metrics.prometheus.addserviceslabels | Enable metrics on services. | true |
| metrics.prometheus.buckets | Buckets for latency metrics. | 0.100000, 0.300000, 1.200000, 5.000000 |
| metrics.prometheus.entrypoint | EntryPoint | traefik |
| metrics.prometheus.headerlabels._name_ | Defines the extra labels for the requests_total metrics, and for each of them, the request header containing the value for this label. | |
| metrics.prometheus.manualrouting | Manual routing | false |
| metrics.statsd | StatsD metrics exporter type. | false |
| metrics.statsd.addentrypointslabels | Enable metrics on entry points. | true |
| metrics.statsd.address | StatsD address. | localhost:8125 |
| metrics.statsd.addrouterslabels | Enable metrics on routers. | false |
| metrics.statsd.addserviceslabels | Enable metrics on services. | true |
| metrics.statsd.prefix | Prefix to use for metrics collection. | traefik |
| metrics.statsd.pushinterval | StatsD push interval. | 10 |
| ocsp | OCSP configuration. | false |
| ocsp.responderoverrides._name_ | Defines a map of OCSP responders to replace for querying OCSP servers. | |
| ping | Enable ping. | false |
| ping.entrypoint | EntryPoint | traefik |
| ping.manualrouting | Manual routing | false |
| ping.terminatingstatuscode | Terminating status code | 503 |
| providers.consul | Enable Consul backend with default settings. | false |
| providers.consul.endpoints | KV store endpoints. | 127.0.0.1:8500 |
| providers.consul.namespaces | Sets the namespaces used to discover the configuration (Consul Enterprise only). | |
| providers.consul.rootkey | Root key used for KV store. | traefik |
| providers.consul.tls.ca | TLS CA | |
| providers.consul.tls.cert | TLS cert | |
| providers.consul.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.consul.tls.key | TLS key | |
| providers.consul.token | Per-request ACL token. | |
| providers.consulcatalog | Enable ConsulCatalog backend with default settings. | false |
| providers.consulcatalog.cache | Use local agent caching for catalog reads. | false |
| providers.consulcatalog.connectaware | Enable Consul Connect support. | false |
| providers.consulcatalog.connectbydefault | Consider every service as Connect capable by default. | false |
| providers.consulcatalog.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.consulcatalog.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.consulcatalog.endpoint.address | The address of the Consul server | |
| providers.consulcatalog.endpoint.datacenter | Data center to use. If not provided, the default agent data center is used | |
| providers.consulcatalog.endpoint.endpointwaittime | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| providers.consulcatalog.endpoint.httpauth.password | Basic Auth password | |
| providers.consulcatalog.endpoint.httpauth.username | Basic Auth username | |
| providers.consulcatalog.endpoint.scheme | The URI scheme for the Consul server | |
| providers.consulcatalog.endpoint.tls.ca | TLS CA | |
| providers.consulcatalog.endpoint.tls.cert | TLS cert | |
| providers.consulcatalog.endpoint.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.consulcatalog.endpoint.tls.key | TLS key | |
| providers.consulcatalog.endpoint.token | Token is used to provide a per-request ACL token which overrides the agent's default token | |
| providers.consulcatalog.exposedbydefault | Expose containers by default. | true |
| providers.consulcatalog.namespaces | Sets the namespaces used to discover services (Consul Enterprise only). | |
| providers.consulcatalog.prefix | Prefix for consul service tags. | traefik |
| providers.consulcatalog.refreshinterval | Interval for check Consul API. | 15 |
| providers.consulcatalog.requireconsistent | Forces the read to be fully consistent. | false |
| providers.consulcatalog.servicename | Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). | traefik |
| providers.consulcatalog.stale | Use stale consistency for catalog reads. | false |
| providers.consulcatalog.strictchecks | A list of service health statuses to allow taking traffic. | passing, warning |
| providers.consulcatalog.watch | Watch Consul API events. | false |
| providers.docker | Enable Docker backend with default settings. | false |
| providers.docker.allowemptyservices | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| providers.docker.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.docker.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.docker.endpoint | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| providers.docker.exposedbydefault | Expose containers by default. | true |
| providers.docker.httpclienttimeout | Client timeout for HTTP connections. | 0 |
| providers.docker.network | Default Docker network used. | |
| providers.docker.password | Password for Basic HTTP authentication. | |
| providers.docker.tls.ca | TLS CA | |
| providers.docker.tls.cert | TLS cert | |
| providers.docker.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.docker.tls.key | TLS key | |
| providers.docker.usebindportip | Use the ip address from the bound port, rather than from the inner network. | false |
| providers.docker.username | Username for Basic HTTP authentication. | |
| providers.docker.watch | Watch Docker events. | true |
| providers.ecs | Enable AWS ECS backend with default settings. | false |
| providers.ecs.accesskeyid | AWS credentials access key ID to use for making requests. | |
| providers.ecs.autodiscoverclusters | Auto discover cluster. | false |
| providers.ecs.clusters | ECS Cluster names. | default |
| providers.ecs.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.ecs.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.ecs.ecsanywhere | Enable ECS Anywhere support. | false |
| providers.ecs.exposedbydefault | Expose services by default. | true |
| providers.ecs.healthytasksonly | Determines whether to discover only healthy tasks. | false |
| providers.ecs.refreshseconds | Polling interval (in seconds). | 15 |
| providers.ecs.region | AWS region to use for requests. | |
| providers.ecs.secretaccesskey | AWS credentials access key to use for making requests. | |
| providers.etcd | Enable Etcd backend with default settings. | false |
| providers.etcd.endpoints | KV store endpoints. | 127.0.0.1:2379 |
| providers.etcd.password | Password for authentication. | |
| providers.etcd.rootkey | Root key used for KV store. | traefik |
| providers.etcd.tls.ca | TLS CA | |
| providers.etcd.tls.cert | TLS cert | |
| providers.etcd.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.etcd.tls.key | TLS key | |
| providers.etcd.username | Username for authentication. | |
| providers.file.debugloggeneratedtemplate | Enable debug logging of generated configuration template. | false |
| providers.file.directory | Load dynamic configuration from one or more .yml or .toml files in a directory. | |
| providers.file.filename | Load dynamic configuration from a file. | |
| providers.file.watch | Watch provider. | true |
| providers.http | Enable HTTP backend with default settings. | false |
| providers.http.endpoint | Load configuration from this endpoint. | |
| providers.http.headers._name_ | Define custom headers to be sent to the endpoint. | |
| providers.http.pollinterval | Polling interval for endpoint. | 5 |
| providers.http.polltimeout | Polling timeout for endpoint. | 5 |
| providers.http.tls.ca | TLS CA | |
| providers.http.tls.cert | TLS cert | |
| providers.http.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.http.tls.key | TLS key | |
| providers.kubernetescrd | Enable Kubernetes backend with default settings. | false |
| providers.kubernetescrd.allowcrossnamespace | Allow cross namespace resource reference. | false |
| providers.kubernetescrd.allowemptyservices | Allow the creation of services without endpoints. | false |
| providers.kubernetescrd.allowexternalnameservices | Allow ExternalName services. | false |
| providers.kubernetescrd.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetescrd.disableclusterscoperesources | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| providers.kubernetescrd.endpoint | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetescrd.ingressclass | Value of kubernetes.io/ingress.class annotation to watch for. | |
| providers.kubernetescrd.labelselector | Kubernetes label selector to use. | |
| providers.kubernetescrd.namespaces | Kubernetes namespaces. | |
| providers.kubernetescrd.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| providers.kubernetescrd.throttleduration | Ingress refresh throttle duration | 0 |
| providers.kubernetescrd.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesgateway | Enable Kubernetes gateway api provider with default settings. | false |
| providers.kubernetesgateway.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetesgateway.endpoint | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetesgateway.experimentalchannel | Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). | false |
| providers.kubernetesgateway.labelselector | Kubernetes label selector to select specific GatewayClasses. | |
| providers.kubernetesgateway.namespaces | Kubernetes namespaces. | |
| providers.kubernetesgateway.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing by default. | false |
| providers.kubernetesgateway.statusaddress.hostname | Hostname used for Kubernetes Gateway status address. | |
| providers.kubernetesgateway.statusaddress.ip | IP used to set Kubernetes Gateway status address. | |
| providers.kubernetesgateway.statusaddress.service | Published Kubernetes Service to copy status addresses from. | |
| providers.kubernetesgateway.statusaddress.service.name | Name of the Kubernetes service. | |
| providers.kubernetesgateway.statusaddress.service.namespace | Namespace of the Kubernetes service. | |
| providers.kubernetesgateway.throttleduration | Kubernetes refresh throttle duration | 0 |
| providers.kubernetesgateway.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesingress | Enable Kubernetes backend with default settings. | false |
| providers.kubernetesingress.allowemptyservices | Allow creation of services without endpoints. | false |
| providers.kubernetesingress.allowexternalnameservices | Allow ExternalName services. | false |
| providers.kubernetesingress.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetesingress.disableclusterscoperesources | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| providers.kubernetesingress.disableingressclasslookup | Disables the lookup of IngressClasses (Deprecated, please use DisableClusterScopeResources). | false |
| providers.kubernetesingress.endpoint | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetesingress.ingressclass | Value of kubernetes.io/ingress.class annotation or IngressClass name to watch for. | |
| providers.kubernetesingress.ingressendpoint.hostname | Hostname used for Kubernetes Ingress endpoints. | |
| providers.kubernetesingress.ingressendpoint.ip | IP used for Kubernetes Ingress endpoints. | |
| providers.kubernetesingress.ingressendpoint.publishedservice | Published Kubernetes Service to copy status from. | |
| providers.kubernetesingress.labelselector | Kubernetes Ingress label selector to use. | |
| providers.kubernetesingress.namespaces | Kubernetes namespaces. | |
| providers.kubernetesingress.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| providers.kubernetesingress.strictprefixmatching | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). | false |
| providers.kubernetesingress.throttleduration | Ingress refresh throttle duration | 0 |
| providers.kubernetesingress.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesingressnginx | Enable Kubernetes Ingress NGINX provider. | false |
| providers.kubernetesingressnginx.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetesingressnginx.controllerclass | Ingress Class Controller value this controller satisfies. | k8s.io/ingress-nginx |
| providers.kubernetesingressnginx.defaultbackendservice | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | |
| providers.kubernetesingressnginx.disablesvcexternalname | Disable support for Services of type ExternalName. | false |
| providers.kubernetesingressnginx.endpoint | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetesingressnginx.ingressclass | Name of the ingress class this controller satisfies. | nginx |
| providers.kubernetesingressnginx.ingressclassbyname | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false |
| providers.kubernetesingressnginx.publishservice | Service fronting the Ingress controller. Takes the form 'namespace/name'. | |
| providers.kubernetesingressnginx.publishstatusaddress | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | |
| providers.kubernetesingressnginx.throttleduration | Ingress refresh throttle duration. | 0 |
| providers.kubernetesingressnginx.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesingressnginx.watchingresswithoutclass | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false |
| providers.kubernetesingressnginx.watchnamespace | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | |
| providers.kubernetesingressnginx.watchnamespaceselector | Selector selects namespaces the controller watches for updates to Kubernetes objects. | |
| providers.nomad | Enable Nomad backend with default settings. | false |
| providers.nomad.allowemptyservices | Allow the creation of services without endpoints. | false |
| providers.nomad.constraints | Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service. | |
| providers.nomad.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.nomad.endpoint.address | The address of the Nomad server, including scheme and port. | http://127.0.0.1:4646 |
| providers.nomad.endpoint.endpointwaittime | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| providers.nomad.endpoint.region | Nomad region to use. If not provided, the local agent region is used. | |
| providers.nomad.endpoint.tls.ca | TLS CA | |
| providers.nomad.endpoint.tls.cert | TLS cert | |
| providers.nomad.endpoint.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.nomad.endpoint.tls.key | TLS key | |
| providers.nomad.endpoint.token | Token is used to provide a per-request ACL token. | |
| providers.nomad.exposedbydefault | Expose Nomad services by default. | true |
| providers.nomad.namespaces | Sets the Nomad namespaces used to discover services. | |
| providers.nomad.prefix | Prefix for nomad service tags. | traefik |
| providers.nomad.refreshinterval | Interval for polling Nomad API. | 15 |
| providers.nomad.stale | Use stale consistency for catalog reads. | false |
| providers.nomad.throttleduration | Watch throttle duration. | 0 |
| providers.nomad.watch | Watch Nomad Service events. | false |
| providers.plugin._name_ | Plugins configuration. | |
| providers.providersthrottleduration | Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. | 2 |
| providers.redis | Enable Redis backend with default settings. | false |
| providers.redis.db | Database to be selected after connecting to the server. | 0 |
| providers.redis.endpoints | KV store endpoints. | 127.0.0.1:6379 |
| providers.redis.password | Password for authentication. | |
| providers.redis.rootkey | Root key used for KV store. | traefik |
| providers.redis.sentinel.latencystrategy | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false |
| providers.redis.sentinel.mastername | Name of the master. | |
| providers.redis.sentinel.password | Password for Sentinel authentication. | |
| providers.redis.sentinel.randomstrategy | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false |
| providers.redis.sentinel.replicastrategy | Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). | false |
| providers.redis.sentinel.usedisconnectedreplicas | Use replicas disconnected with master when cannot get connected replicas. | false |
| providers.redis.sentinel.username | Username for Sentinel authentication. | |
| providers.redis.tls.ca | TLS CA | |
| providers.redis.tls.cert | TLS cert | |
| providers.redis.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.redis.tls.key | TLS key | |
| providers.redis.username | Username for authentication. | |
| providers.rest | Enable Rest backend with default settings. | false |
| providers.rest.insecure | Activate REST Provider directly on the entryPoint named traefik. | false |
| providers.swarm | Enable Docker Swarm backend with default settings. | false |
| providers.swarm.allowemptyservices | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| providers.swarm.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.swarm.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.swarm.endpoint | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| providers.swarm.exposedbydefault | Expose containers by default. | true |
| providers.swarm.httpclienttimeout | Client timeout for HTTP connections. | 0 |
| providers.swarm.network | Default Docker network used. | |
| providers.swarm.password | Password for Basic HTTP authentication. | |
| providers.swarm.refreshseconds | Polling interval for swarm mode. | 15 |
| providers.swarm.tls.ca | TLS CA | |
| providers.swarm.tls.cert | TLS cert | |
| providers.swarm.tls.insecureskipverify | TLS insecure skip verify | false |
| providers.swarm.tls.key | TLS key | |
| providers.swarm.usebindportip | Use the ip address from the bound port, rather than from the inner network. | false |
| providers.swarm.username | Username for Basic HTTP authentication. | |
| providers.swarm.watch | Watch Docker events. | true |
| providers.zookeeper | Enable ZooKeeper backend with default settings. | false |
| providers.zookeeper.endpoints | KV store endpoints. | 127.0.0.1:2181 |
| providers.zookeeper.password | Password for authentication. | |
| providers.zookeeper.rootkey | Root key used for KV store. | traefik |
| providers.zookeeper.username | Username for authentication. | |
| serverstransport.forwardingtimeouts.dialtimeout | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| serverstransport.forwardingtimeouts.idleconntimeout | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself | 90 |
| serverstransport.forwardingtimeouts.responseheadertimeout | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. | 0 |
| serverstransport.insecureskipverify | Disable SSL certificate verification. | false |
| serverstransport.maxidleconnsperhost | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used | 200 |
| serverstransport.rootcas | Add cert file for self-signed certificate. | |
| serverstransport.spiffe | Defines the SPIFFE configuration. | false |
| serverstransport.spiffe.ids | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| serverstransport.spiffe.trustdomain | Defines the allowed SPIFFE trust domain. | |
| spiffe.workloadapiaddr | Defines the workload API address. | |
| tcpserverstransport.dialkeepalive | Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled | 15 |
| tcpserverstransport.dialtimeout | Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| tcpserverstransport.terminationdelay | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 0 |
| tcpserverstransport.tls | Defines the TLS configuration. | false |
| tcpserverstransport.tls.insecureskipverify | Disables SSL certificate verification. | false |
| tcpserverstransport.tls.rootcas | Defines a list of CA secret used to validate self-signed certificate | |
| tcpserverstransport.tls.spiffe | Defines the SPIFFE TLS configuration. | false |
| tcpserverstransport.tls.spiffe.ids | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| tcpserverstransport.tls.spiffe.trustdomain | Defines the allowed SPIFFE trust domain. | |
| tracing | Tracing configuration. | false |
| tracing.addinternals | Enables tracing for internal services (ping, dashboard, etc...). | false |
| tracing.capturedrequestheaders | Request headers to add as attributes for server and client spans. | |
| tracing.capturedresponseheaders | Response headers to add as attributes for server and client spans. | |
| tracing.globalattributes._name_ | (Deprecated) Defines additional resource attributes (key:value). | |
| tracing.otlp | Settings for OpenTelemetry. | false |
| tracing.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
| tracing.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| tracing.otlp.grpc.headers._name_ | Headers sent with payload. | |
| tracing.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
| tracing.otlp.grpc.tls.ca | TLS CA | |
| tracing.otlp.grpc.tls.cert | TLS cert | |
| tracing.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
| tracing.otlp.grpc.tls.key | TLS key | |
| tracing.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
| tracing.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| tracing.otlp.http.headers._name_ | Headers sent with payload. | |
| tracing.otlp.http.tls.ca | TLS CA | |
| tracing.otlp.http.tls.cert | TLS cert | |
| tracing.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
| tracing.otlp.http.tls.key | TLS key | |
| tracing.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
| tracing.safequeryparams | Query params to not redact. | |
| tracing.samplerate | Sets the rate between 0.0 and 1.0 of requests to trace. | 1.000000 |
| tracing.servicename | Defines the service name resource attribute. | traefik |
| <a id="opt-accesslog" href="#opt-accesslog" title="#opt-accesslog">accesslog</a> | Access log settings. | false |
| <a id="opt-accesslog-addinternals" href="#opt-accesslog-addinternals" title="#opt-accesslog-addinternals">accesslog.addinternals</a> | Enables access log for internal services (ping, dashboard, etc...). | false |
| <a id="opt-accesslog-bufferingsize" href="#opt-accesslog-bufferingsize" title="#opt-accesslog-bufferingsize">accesslog.bufferingsize</a> | Number of access log lines to process in a buffered way. | 0 |
| <a id="opt-accesslog-fields-defaultmode" href="#opt-accesslog-fields-defaultmode" title="#opt-accesslog-fields-defaultmode">accesslog.fields.defaultmode</a> | Default mode for fields: keep | drop | keep |
| <a id="opt-accesslog-fields-headers-defaultmode" href="#opt-accesslog-fields-headers-defaultmode" title="#opt-accesslog-fields-headers-defaultmode">accesslog.fields.headers.defaultmode</a> | Default mode for fields: keep | drop | redact | drop |
| <a id="opt-accesslog-fields-headers-names-name" href="#opt-accesslog-fields-headers-names-name" title="#opt-accesslog-fields-headers-names-name">accesslog.fields.headers.names._name_</a> | Override mode for headers | |
| <a id="opt-accesslog-fields-names-name" href="#opt-accesslog-fields-names-name" title="#opt-accesslog-fields-names-name">accesslog.fields.names._name_</a> | Override mode for fields | |
| <a id="opt-accesslog-filepath" href="#opt-accesslog-filepath" title="#opt-accesslog-filepath">accesslog.filepath</a> | Access log file path. Stdout is used when omitted or empty. | |
| <a id="opt-accesslog-filters-minduration" href="#opt-accesslog-filters-minduration" title="#opt-accesslog-filters-minduration">accesslog.filters.minduration</a> | Keep access logs when request took longer than the specified duration. | 0 |
| <a id="opt-accesslog-filters-retryattempts" href="#opt-accesslog-filters-retryattempts" title="#opt-accesslog-filters-retryattempts">accesslog.filters.retryattempts</a> | Keep access logs when at least one retry happened. | false |
| <a id="opt-accesslog-filters-statuscodes" href="#opt-accesslog-filters-statuscodes" title="#opt-accesslog-filters-statuscodes">accesslog.filters.statuscodes</a> | Keep access logs with status codes in the specified range. | |
| <a id="opt-accesslog-format" href="#opt-accesslog-format" title="#opt-accesslog-format">accesslog.format</a> | Access log format: json, common, or genericCLF | common |
| <a id="opt-accesslog-otlp" href="#opt-accesslog-otlp" title="#opt-accesslog-otlp">accesslog.otlp</a> | Settings for OpenTelemetry. | false |
| <a id="opt-accesslog-otlp-grpc" href="#opt-accesslog-otlp-grpc" title="#opt-accesslog-otlp-grpc">accesslog.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="opt-accesslog-otlp-grpc-endpoint" href="#opt-accesslog-otlp-grpc-endpoint" title="#opt-accesslog-otlp-grpc-endpoint">accesslog.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="opt-accesslog-otlp-grpc-headers-name" href="#opt-accesslog-otlp-grpc-headers-name" title="#opt-accesslog-otlp-grpc-headers-name">accesslog.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-accesslog-otlp-grpc-insecure" href="#opt-accesslog-otlp-grpc-insecure" title="#opt-accesslog-otlp-grpc-insecure">accesslog.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="opt-accesslog-otlp-grpc-tls-ca" href="#opt-accesslog-otlp-grpc-tls-ca" title="#opt-accesslog-otlp-grpc-tls-ca">accesslog.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="opt-accesslog-otlp-grpc-tls-cert" href="#opt-accesslog-otlp-grpc-tls-cert" title="#opt-accesslog-otlp-grpc-tls-cert">accesslog.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="opt-accesslog-otlp-grpc-tls-insecureskipverify" href="#opt-accesslog-otlp-grpc-tls-insecureskipverify" title="#opt-accesslog-otlp-grpc-tls-insecureskipverify">accesslog.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-accesslog-otlp-grpc-tls-key" href="#opt-accesslog-otlp-grpc-tls-key" title="#opt-accesslog-otlp-grpc-tls-key">accesslog.otlp.grpc.tls.key</a> | TLS key | |
| <a id="opt-accesslog-otlp-http" href="#opt-accesslog-otlp-http" title="#opt-accesslog-otlp-http">accesslog.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="opt-accesslog-otlp-http-endpoint" href="#opt-accesslog-otlp-http-endpoint" title="#opt-accesslog-otlp-http-endpoint">accesslog.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="opt-accesslog-otlp-http-headers-name" href="#opt-accesslog-otlp-http-headers-name" title="#opt-accesslog-otlp-http-headers-name">accesslog.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-accesslog-otlp-http-tls-ca" href="#opt-accesslog-otlp-http-tls-ca" title="#opt-accesslog-otlp-http-tls-ca">accesslog.otlp.http.tls.ca</a> | TLS CA | |
| <a id="opt-accesslog-otlp-http-tls-cert" href="#opt-accesslog-otlp-http-tls-cert" title="#opt-accesslog-otlp-http-tls-cert">accesslog.otlp.http.tls.cert</a> | TLS cert | |
| <a id="opt-accesslog-otlp-http-tls-insecureskipverify" href="#opt-accesslog-otlp-http-tls-insecureskipverify" title="#opt-accesslog-otlp-http-tls-insecureskipverify">accesslog.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-accesslog-otlp-http-tls-key" href="#opt-accesslog-otlp-http-tls-key" title="#opt-accesslog-otlp-http-tls-key">accesslog.otlp.http.tls.key</a> | TLS key | |
| <a id="opt-accesslog-otlp-resourceattributes-name" href="#opt-accesslog-otlp-resourceattributes-name" title="#opt-accesslog-otlp-resourceattributes-name">accesslog.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="opt-accesslog-otlp-servicename" href="#opt-accesslog-otlp-servicename" title="#opt-accesslog-otlp-servicename">accesslog.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| <a id="opt-api" href="#opt-api" title="#opt-api">api</a> | Enable api/dashboard. | false |
| <a id="opt-api-basepath" href="#opt-api-basepath" title="#opt-api-basepath">api.basepath</a> | Defines the base path where the API and Dashboard will be exposed. | / |
| <a id="opt-api-dashboard" href="#opt-api-dashboard" title="#opt-api-dashboard">api.dashboard</a> | Activate dashboard. | true |
| <a id="opt-api-debug" href="#opt-api-debug" title="#opt-api-debug">api.debug</a> | Enable additional endpoints for debugging and profiling. | false |
| <a id="opt-api-disabledashboardad" href="#opt-api-disabledashboardad" title="#opt-api-disabledashboardad">api.disabledashboardad</a> | Disable ad in the dashboard. | false |
| <a id="opt-api-insecure" href="#opt-api-insecure" title="#opt-api-insecure">api.insecure</a> | Activate API directly on the entryPoint named traefik. | false |
| <a id="opt-certificatesresolvers-name" href="#opt-certificatesresolvers-name" title="#opt-certificatesresolvers-name">certificatesresolvers._name_</a> | Certificates resolvers configuration. | false |
| <a id="opt-certificatesresolvers-name-acme-cacertificates" href="#opt-certificatesresolvers-name-acme-cacertificates" title="#opt-certificatesresolvers-name-acme-cacertificates">certificatesresolvers._name_.acme.cacertificates</a> | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| <a id="opt-certificatesresolvers-name-acme-caserver" href="#opt-certificatesresolvers-name-acme-caserver" title="#opt-certificatesresolvers-name-acme-caserver">certificatesresolvers._name_.acme.caserver</a> | CA server to use. | https://acme-v02.api.letsencrypt.org/directory |
| <a id="opt-certificatesresolvers-name-acme-caservername" href="#opt-certificatesresolvers-name-acme-caservername" title="#opt-certificatesresolvers-name-acme-caservername">certificatesresolvers._name_.acme.caservername</a> | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| <a id="opt-certificatesresolvers-name-acme-casystemcertpool" href="#opt-certificatesresolvers-name-acme-casystemcertpool" title="#opt-certificatesresolvers-name-acme-casystemcertpool">certificatesresolvers._name_.acme.casystemcertpool</a> | Define if the certificates pool must use a copy of the system cert pool. | false |
| <a id="opt-certificatesresolvers-name-acme-certificatesduration" href="#opt-certificatesresolvers-name-acme-certificatesduration" title="#opt-certificatesresolvers-name-acme-certificatesduration">certificatesresolvers._name_.acme.certificatesduration</a> | Certificates' duration in hours. | 2160 |
| <a id="opt-certificatesresolvers-name-acme-clientresponseheadertimeout" href="#opt-certificatesresolvers-name-acme-clientresponseheadertimeout" title="#opt-certificatesresolvers-name-acme-clientresponseheadertimeout">certificatesresolvers._name_.acme.clientresponseheadertimeout</a> | Timeout for receiving the response headers when communicating with the ACME server. | 30 |
| <a id="opt-certificatesresolvers-name-acme-clienttimeout" href="#opt-certificatesresolvers-name-acme-clienttimeout" title="#opt-certificatesresolvers-name-acme-clienttimeout">certificatesresolvers._name_.acme.clienttimeout</a> | Timeout for a complete HTTP transaction with the ACME server. | 120 |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge" href="#opt-certificatesresolvers-name-acme-dnschallenge" title="#opt-certificatesresolvers-name-acme-dnschallenge">certificatesresolvers._name_.acme.dnschallenge</a> | Activate DNS-01 Challenge. | false |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" href="#opt-certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" title="#opt-certificatesresolvers-name-acme-dnschallenge-delaybeforecheck">certificatesresolvers._name_.acme.dnschallenge.delaybeforecheck</a> | (Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. | 0 |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" href="#opt-certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" title="#opt-certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck">certificatesresolvers._name_.acme.dnschallenge.disablepropagationcheck</a> | (Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] | false |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation">certificatesresolvers._name_.acme.dnschallenge.propagation</a> | DNS propagation checks configuration | false |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.delaybeforechecks</a> | Defines the delay before checking the challenge TXT record propagation. | 0 |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disableanschecks</a> | Disables the challenge TXT record propagation checks against authoritative nameservers. | false |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disablechecks</a> | Disables the challenge TXT record propagation checks (not recommended). | false |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns">certificatesresolvers._name_.acme.dnschallenge.propagation.requireallrns</a> | Requires the challenge TXT record to be propagated to all recursive nameservers. | false |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-provider" href="#opt-certificatesresolvers-name-acme-dnschallenge-provider" title="#opt-certificatesresolvers-name-acme-dnschallenge-provider">certificatesresolvers._name_.acme.dnschallenge.provider</a> | Use a DNS-01 based challenge provider rather than HTTPS. | |
| <a id="opt-certificatesresolvers-name-acme-dnschallenge-resolvers" href="#opt-certificatesresolvers-name-acme-dnschallenge-resolvers" title="#opt-certificatesresolvers-name-acme-dnschallenge-resolvers">certificatesresolvers._name_.acme.dnschallenge.resolvers</a> | Use following DNS servers to resolve the FQDN authority. | |
| <a id="opt-certificatesresolvers-name-acme-eab-hmacencoded" href="#opt-certificatesresolvers-name-acme-eab-hmacencoded" title="#opt-certificatesresolvers-name-acme-eab-hmacencoded">certificatesresolvers._name_.acme.eab.hmacencoded</a> | Base64 encoded HMAC key from External CA. | |
| <a id="opt-certificatesresolvers-name-acme-eab-kid" href="#opt-certificatesresolvers-name-acme-eab-kid" title="#opt-certificatesresolvers-name-acme-eab-kid">certificatesresolvers._name_.acme.eab.kid</a> | Key identifier from External CA. | |
| <a id="opt-certificatesresolvers-name-acme-email" href="#opt-certificatesresolvers-name-acme-email" title="#opt-certificatesresolvers-name-acme-email">certificatesresolvers._name_.acme.email</a> | Email address used for registration. | |
| <a id="opt-certificatesresolvers-name-acme-emailaddresses" href="#opt-certificatesresolvers-name-acme-emailaddresses" title="#opt-certificatesresolvers-name-acme-emailaddresses">certificatesresolvers._name_.acme.emailaddresses</a> | CSR email addresses to use. | |
| <a id="opt-certificatesresolvers-name-acme-httpchallenge" href="#opt-certificatesresolvers-name-acme-httpchallenge" title="#opt-certificatesresolvers-name-acme-httpchallenge">certificatesresolvers._name_.acme.httpchallenge</a> | Activate HTTP-01 Challenge. | false |
| <a id="opt-certificatesresolvers-name-acme-httpchallenge-delay" href="#opt-certificatesresolvers-name-acme-httpchallenge-delay" title="#opt-certificatesresolvers-name-acme-httpchallenge-delay">certificatesresolvers._name_.acme.httpchallenge.delay</a> | Delay between the creation of the challenge and the validation. | 0 |
| <a id="opt-certificatesresolvers-name-acme-httpchallenge-entrypoint" href="#opt-certificatesresolvers-name-acme-httpchallenge-entrypoint" title="#opt-certificatesresolvers-name-acme-httpchallenge-entrypoint">certificatesresolvers._name_.acme.httpchallenge.entrypoint</a> | HTTP challenge EntryPoint | |
| <a id="opt-certificatesresolvers-name-acme-keytype" href="#opt-certificatesresolvers-name-acme-keytype" title="#opt-certificatesresolvers-name-acme-keytype">certificatesresolvers._name_.acme.keytype</a> | KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. | RSA4096 |
| <a id="opt-certificatesresolvers-name-acme-preferredchain" href="#opt-certificatesresolvers-name-acme-preferredchain" title="#opt-certificatesresolvers-name-acme-preferredchain">certificatesresolvers._name_.acme.preferredchain</a> | Preferred chain to use. | |
| <a id="opt-certificatesresolvers-name-acme-profile" href="#opt-certificatesresolvers-name-acme-profile" title="#opt-certificatesresolvers-name-acme-profile">certificatesresolvers._name_.acme.profile</a> | Certificate profile to use. | |
| <a id="opt-certificatesresolvers-name-acme-storage" href="#opt-certificatesresolvers-name-acme-storage" title="#opt-certificatesresolvers-name-acme-storage">certificatesresolvers._name_.acme.storage</a> | Storage to use. | acme.json |
| <a id="opt-certificatesresolvers-name-acme-tlschallenge" href="#opt-certificatesresolvers-name-acme-tlschallenge" title="#opt-certificatesresolvers-name-acme-tlschallenge">certificatesresolvers._name_.acme.tlschallenge</a> | Activate TLS-ALPN-01 Challenge. | true |
| <a id="opt-certificatesresolvers-name-tailscale" href="#opt-certificatesresolvers-name-tailscale" title="#opt-certificatesresolvers-name-tailscale">certificatesresolvers._name_.tailscale</a> | Enables Tailscale certificate resolution. | true |
| <a id="opt-core-defaultrulesyntax" href="#opt-core-defaultrulesyntax" title="#opt-core-defaultrulesyntax">core.defaultrulesyntax</a> | Defines the rule parser default syntax (v2 or v3) | v3 |
| <a id="opt-entrypoints-name" href="#opt-entrypoints-name" title="#opt-entrypoints-name">entrypoints._name_</a> | Entry points definition. | false |
| <a id="opt-entrypoints-name-address" href="#opt-entrypoints-name-address" title="#opt-entrypoints-name-address">entrypoints._name_.address</a> | Entry point address. | |
| <a id="opt-entrypoints-name-allowacmebypass" href="#opt-entrypoints-name-allowacmebypass" title="#opt-entrypoints-name-allowacmebypass">entrypoints._name_.allowacmebypass</a> | Enables handling of ACME TLS and HTTP challenges with custom routers. | false |
| <a id="opt-entrypoints-name-asdefault" href="#opt-entrypoints-name-asdefault" title="#opt-entrypoints-name-asdefault">entrypoints._name_.asdefault</a> | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false |
| <a id="opt-entrypoints-name-forwardedheaders-connection" href="#opt-entrypoints-name-forwardedheaders-connection" title="#opt-entrypoints-name-forwardedheaders-connection">entrypoints._name_.forwardedheaders.connection</a> | List of Connection headers that are allowed to pass through the middleware chain before being removed. | |
| <a id="opt-entrypoints-name-forwardedheaders-insecure" href="#opt-entrypoints-name-forwardedheaders-insecure" title="#opt-entrypoints-name-forwardedheaders-insecure">entrypoints._name_.forwardedheaders.insecure</a> | Trust all forwarded headers. | false |
| <a id="opt-entrypoints-name-forwardedheaders-trustedips" href="#opt-entrypoints-name-forwardedheaders-trustedips" title="#opt-entrypoints-name-forwardedheaders-trustedips">entrypoints._name_.forwardedheaders.trustedips</a> | Trust only forwarded headers from selected IPs. | |
| <a id="opt-entrypoints-name-http" href="#opt-entrypoints-name-http" title="#opt-entrypoints-name-http">entrypoints._name_.http</a> | HTTP configuration. | |
| <a id="opt-entrypoints-name-http-encodequerysemicolons" href="#opt-entrypoints-name-http-encodequerysemicolons" title="#opt-entrypoints-name-http-encodequerysemicolons">entrypoints._name_.http.encodequerysemicolons</a> | Defines whether request query semicolons should be URLEncoded. | false |
| <a id="opt-entrypoints-name-http-maxheaderbytes" href="#opt-entrypoints-name-http-maxheaderbytes" title="#opt-entrypoints-name-http-maxheaderbytes">entrypoints._name_.http.maxheaderbytes</a> | Maximum size of request headers in bytes. | 1048576 |
| <a id="opt-entrypoints-name-http-middlewares" href="#opt-entrypoints-name-http-middlewares" title="#opt-entrypoints-name-http-middlewares">entrypoints._name_.http.middlewares</a> | Default middlewares for the routers linked to the entry point. | |
| <a id="opt-entrypoints-name-http-redirections-entrypoint-permanent" href="#opt-entrypoints-name-http-redirections-entrypoint-permanent" title="#opt-entrypoints-name-http-redirections-entrypoint-permanent">entrypoints._name_.http.redirections.entrypoint.permanent</a> | Applies a permanent redirection. | true |
| <a id="opt-entrypoints-name-http-redirections-entrypoint-priority" href="#opt-entrypoints-name-http-redirections-entrypoint-priority" title="#opt-entrypoints-name-http-redirections-entrypoint-priority">entrypoints._name_.http.redirections.entrypoint.priority</a> | Priority of the generated router. | 9223372036854775806 |
| <a id="opt-entrypoints-name-http-redirections-entrypoint-scheme" href="#opt-entrypoints-name-http-redirections-entrypoint-scheme" title="#opt-entrypoints-name-http-redirections-entrypoint-scheme">entrypoints._name_.http.redirections.entrypoint.scheme</a> | Scheme used for the redirection. | https |
| <a id="opt-entrypoints-name-http-redirections-entrypoint-to" href="#opt-entrypoints-name-http-redirections-entrypoint-to" title="#opt-entrypoints-name-http-redirections-entrypoint-to">entrypoints._name_.http.redirections.entrypoint.to</a> | Targeted entry point of the redirection. | |
| <a id="opt-entrypoints-name-http-sanitizepath" href="#opt-entrypoints-name-http-sanitizepath" title="#opt-entrypoints-name-http-sanitizepath">entrypoints._name_.http.sanitizepath</a> | Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences). | true |
| <a id="opt-entrypoints-name-http-tls" href="#opt-entrypoints-name-http-tls" title="#opt-entrypoints-name-http-tls">entrypoints._name_.http.tls</a> | Default TLS configuration for the routers linked to the entry point. | false |
| <a id="opt-entrypoints-name-http-tls-certresolver" href="#opt-entrypoints-name-http-tls-certresolver" title="#opt-entrypoints-name-http-tls-certresolver">entrypoints._name_.http.tls.certresolver</a> | Default certificate resolver for the routers linked to the entry point. | |
| <a id="opt-entrypoints-name-http-tls-domains" href="#opt-entrypoints-name-http-tls-domains" title="#opt-entrypoints-name-http-tls-domains">entrypoints._name_.http.tls.domains</a> | Default TLS domains for the routers linked to the entry point. | |
| <a id="opt-entrypoints-name-http-tls-domains0-main" href="#opt-entrypoints-name-http-tls-domains0-main" title="#opt-entrypoints-name-http-tls-domains0-main">entrypoints._name_.http.tls.domains[0].main</a> | Default subject name. | |
| <a id="opt-entrypoints-name-http-tls-domains0-sans" href="#opt-entrypoints-name-http-tls-domains0-sans" title="#opt-entrypoints-name-http-tls-domains0-sans">entrypoints._name_.http.tls.domains[0].sans</a> | Subject alternative names. | |
| <a id="opt-entrypoints-name-http-tls-options" href="#opt-entrypoints-name-http-tls-options" title="#opt-entrypoints-name-http-tls-options">entrypoints._name_.http.tls.options</a> | Default TLS options for the routers linked to the entry point. | |
| <a id="opt-entrypoints-name-http2-maxconcurrentstreams" href="#opt-entrypoints-name-http2-maxconcurrentstreams" title="#opt-entrypoints-name-http2-maxconcurrentstreams">entrypoints._name_.http2.maxconcurrentstreams</a> | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 |
| <a id="opt-entrypoints-name-http3" href="#opt-entrypoints-name-http3" title="#opt-entrypoints-name-http3">entrypoints._name_.http3</a> | HTTP/3 configuration. | false |
| <a id="opt-entrypoints-name-http3-advertisedport" href="#opt-entrypoints-name-http3-advertisedport" title="#opt-entrypoints-name-http3-advertisedport">entrypoints._name_.http3.advertisedport</a> | UDP port to advertise, on which HTTP/3 is available. | 0 |
| <a id="opt-entrypoints-name-observability-accesslogs" href="#opt-entrypoints-name-observability-accesslogs" title="#opt-entrypoints-name-observability-accesslogs">entrypoints._name_.observability.accesslogs</a> | Enables access-logs for this entryPoint. | true |
| <a id="opt-entrypoints-name-observability-metrics" href="#opt-entrypoints-name-observability-metrics" title="#opt-entrypoints-name-observability-metrics">entrypoints._name_.observability.metrics</a> | Enables metrics for this entryPoint. | true |
| <a id="opt-entrypoints-name-observability-traceverbosity" href="#opt-entrypoints-name-observability-traceverbosity" title="#opt-entrypoints-name-observability-traceverbosity">entrypoints._name_.observability.traceverbosity</a> | Defines the tracing verbosity level for this entryPoint. | minimal |
| <a id="opt-entrypoints-name-observability-tracing" href="#opt-entrypoints-name-observability-tracing" title="#opt-entrypoints-name-observability-tracing">entrypoints._name_.observability.tracing</a> | Enables tracing for this entryPoint. | true |
| <a id="opt-entrypoints-name-proxyprotocol" href="#opt-entrypoints-name-proxyprotocol" title="#opt-entrypoints-name-proxyprotocol">entrypoints._name_.proxyprotocol</a> | Proxy-Protocol configuration. | false |
| <a id="opt-entrypoints-name-proxyprotocol-insecure" href="#opt-entrypoints-name-proxyprotocol-insecure" title="#opt-entrypoints-name-proxyprotocol-insecure">entrypoints._name_.proxyprotocol.insecure</a> | Trust all. | false |
| <a id="opt-entrypoints-name-proxyprotocol-trustedips" href="#opt-entrypoints-name-proxyprotocol-trustedips" title="#opt-entrypoints-name-proxyprotocol-trustedips">entrypoints._name_.proxyprotocol.trustedips</a> | Trust only selected IPs. | |
| <a id="opt-entrypoints-name-reuseport" href="#opt-entrypoints-name-reuseport" title="#opt-entrypoints-name-reuseport">entrypoints._name_.reuseport</a> | Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. | false |
| <a id="opt-entrypoints-name-transport-keepalivemaxrequests" href="#opt-entrypoints-name-transport-keepalivemaxrequests" title="#opt-entrypoints-name-transport-keepalivemaxrequests">entrypoints._name_.transport.keepalivemaxrequests</a> | Maximum number of requests before closing a keep-alive connection. | 0 |
| <a id="opt-entrypoints-name-transport-keepalivemaxtime" href="#opt-entrypoints-name-transport-keepalivemaxtime" title="#opt-entrypoints-name-transport-keepalivemaxtime">entrypoints._name_.transport.keepalivemaxtime</a> | Maximum duration before closing a keep-alive connection. | 0 |
| <a id="opt-entrypoints-name-transport-lifecycle-gracetimeout" href="#opt-entrypoints-name-transport-lifecycle-gracetimeout" title="#opt-entrypoints-name-transport-lifecycle-gracetimeout">entrypoints._name_.transport.lifecycle.gracetimeout</a> | Duration to give active requests a chance to finish before Traefik stops. | 10 |
| <a id="opt-entrypoints-name-transport-lifecycle-requestacceptgracetimeout" href="#opt-entrypoints-name-transport-lifecycle-requestacceptgracetimeout" title="#opt-entrypoints-name-transport-lifecycle-requestacceptgracetimeout">entrypoints._name_.transport.lifecycle.requestacceptgracetimeout</a> | Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. | 0 |
| <a id="opt-entrypoints-name-transport-respondingtimeouts-idletimeout" href="#opt-entrypoints-name-transport-respondingtimeouts-idletimeout" title="#opt-entrypoints-name-transport-respondingtimeouts-idletimeout">entrypoints._name_.transport.respondingtimeouts.idletimeout</a> | IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. | 180 |
| <a id="opt-entrypoints-name-transport-respondingtimeouts-readtimeout" href="#opt-entrypoints-name-transport-respondingtimeouts-readtimeout" title="#opt-entrypoints-name-transport-respondingtimeouts-readtimeout">entrypoints._name_.transport.respondingtimeouts.readtimeout</a> | ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. | 60 |
| <a id="opt-entrypoints-name-transport-respondingtimeouts-writetimeout" href="#opt-entrypoints-name-transport-respondingtimeouts-writetimeout" title="#opt-entrypoints-name-transport-respondingtimeouts-writetimeout">entrypoints._name_.transport.respondingtimeouts.writetimeout</a> | WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. | 0 |
| <a id="opt-entrypoints-name-udp-timeout" href="#opt-entrypoints-name-udp-timeout" title="#opt-entrypoints-name-udp-timeout">entrypoints._name_.udp.timeout</a> | Timeout defines how long to wait on an idle session before releasing the related resources. | 3 |
| <a id="opt-experimental-abortonpluginfailure" href="#opt-experimental-abortonpluginfailure" title="#opt-experimental-abortonpluginfailure">experimental.abortonpluginfailure</a> | Defines whether all plugins must be loaded successfully for Traefik to start. | false |
| <a id="opt-experimental-fastproxy" href="#opt-experimental-fastproxy" title="#opt-experimental-fastproxy">experimental.fastproxy</a> | Enables the FastProxy implementation. | false |
| <a id="opt-experimental-fastproxy-debug" href="#opt-experimental-fastproxy-debug" title="#opt-experimental-fastproxy-debug">experimental.fastproxy.debug</a> | Enable debug mode for the FastProxy implementation. | false |
| <a id="opt-experimental-kubernetesgateway" href="#opt-experimental-kubernetesgateway" title="#opt-experimental-kubernetesgateway">experimental.kubernetesgateway</a> | (Deprecated) Allow the Kubernetes gateway api provider usage. | false |
| <a id="opt-experimental-kubernetesingressnginx" href="#opt-experimental-kubernetesingressnginx" title="#opt-experimental-kubernetesingressnginx">experimental.kubernetesingressnginx</a> | Allow the Kubernetes Ingress NGINX provider usage. | false |
| <a id="opt-experimental-localplugins-name" href="#opt-experimental-localplugins-name" title="#opt-experimental-localplugins-name">experimental.localplugins._name_</a> | Local plugins configuration. | false |
| <a id="opt-experimental-localplugins-name-modulename" href="#opt-experimental-localplugins-name-modulename" title="#opt-experimental-localplugins-name-modulename">experimental.localplugins._name_.modulename</a> | Plugin's module name. | |
| <a id="opt-experimental-localplugins-name-settings" href="#opt-experimental-localplugins-name-settings" title="#opt-experimental-localplugins-name-settings">experimental.localplugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
| <a id="opt-experimental-localplugins-name-settings-envs" href="#opt-experimental-localplugins-name-settings-envs" title="#opt-experimental-localplugins-name-settings-envs">experimental.localplugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
| <a id="opt-experimental-localplugins-name-settings-mounts" href="#opt-experimental-localplugins-name-settings-mounts" title="#opt-experimental-localplugins-name-settings-mounts">experimental.localplugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
| <a id="opt-experimental-localplugins-name-settings-useunsafe" href="#opt-experimental-localplugins-name-settings-useunsafe" title="#opt-experimental-localplugins-name-settings-useunsafe">experimental.localplugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
| <a id="opt-experimental-otlplogs" href="#opt-experimental-otlplogs" title="#opt-experimental-otlplogs">experimental.otlplogs</a> | Enables the OpenTelemetry logs integration. | false |
| <a id="opt-experimental-plugins-name-hash" href="#opt-experimental-plugins-name-hash" title="#opt-experimental-plugins-name-hash">experimental.plugins._name_.hash</a> | plugin's hash to validate' | |
| <a id="opt-experimental-plugins-name-modulename" href="#opt-experimental-plugins-name-modulename" title="#opt-experimental-plugins-name-modulename">experimental.plugins._name_.modulename</a> | plugin's module name. | |
| <a id="opt-experimental-plugins-name-settings" href="#opt-experimental-plugins-name-settings" title="#opt-experimental-plugins-name-settings">experimental.plugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
| <a id="opt-experimental-plugins-name-settings-envs" href="#opt-experimental-plugins-name-settings-envs" title="#opt-experimental-plugins-name-settings-envs">experimental.plugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
| <a id="opt-experimental-plugins-name-settings-mounts" href="#opt-experimental-plugins-name-settings-mounts" title="#opt-experimental-plugins-name-settings-mounts">experimental.plugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
| <a id="opt-experimental-plugins-name-settings-useunsafe" href="#opt-experimental-plugins-name-settings-useunsafe" title="#opt-experimental-plugins-name-settings-useunsafe">experimental.plugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
| <a id="opt-experimental-plugins-name-version" href="#opt-experimental-plugins-name-version" title="#opt-experimental-plugins-name-version">experimental.plugins._name_.version</a> | plugin's version. | |
| <a id="opt-global-checknewversion" href="#opt-global-checknewversion" title="#opt-global-checknewversion">global.checknewversion</a> | Periodically check if a new version has been released. | true |
| <a id="opt-global-sendanonymoususage" href="#opt-global-sendanonymoususage" title="#opt-global-sendanonymoususage">global.sendanonymoususage</a> | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false |
| <a id="opt-hostresolver" href="#opt-hostresolver" title="#opt-hostresolver">hostresolver</a> | Enable CNAME Flattening. | false |
| <a id="opt-hostresolver-cnameflattening" href="#opt-hostresolver-cnameflattening" title="#opt-hostresolver-cnameflattening">hostresolver.cnameflattening</a> | A flag to enable/disable CNAME flattening | false |
| <a id="opt-hostresolver-resolvconfig" href="#opt-hostresolver-resolvconfig" title="#opt-hostresolver-resolvconfig">hostresolver.resolvconfig</a> | resolv.conf used for DNS resolving | /etc/resolv.conf |
| <a id="opt-hostresolver-resolvdepth" href="#opt-hostresolver-resolvdepth" title="#opt-hostresolver-resolvdepth">hostresolver.resolvdepth</a> | The maximal depth of DNS recursive resolving | 5 |
| <a id="opt-log" href="#opt-log" title="#opt-log">log</a> | Traefik log settings. | false |
| <a id="opt-log-compress" href="#opt-log-compress" title="#opt-log-compress">log.compress</a> | Determines if the rotated log files should be compressed using gzip. | false |
| <a id="opt-log-filepath" href="#opt-log-filepath" title="#opt-log-filepath">log.filepath</a> | Traefik log file path. Stdout is used when omitted or empty. | |
| <a id="opt-log-format" href="#opt-log-format" title="#opt-log-format">log.format</a> | Traefik log format: json | common | common |
| <a id="opt-log-level" href="#opt-log-level" title="#opt-log-level">log.level</a> | Log level set to traefik logs. | ERROR |
| <a id="opt-log-maxage" href="#opt-log-maxage" title="#opt-log-maxage">log.maxage</a> | Maximum number of days to retain old log files based on the timestamp encoded in their filename. | 0 |
| <a id="opt-log-maxbackups" href="#opt-log-maxbackups" title="#opt-log-maxbackups">log.maxbackups</a> | Maximum number of old log files to retain. | 0 |
| <a id="opt-log-maxsize" href="#opt-log-maxsize" title="#opt-log-maxsize">log.maxsize</a> | Maximum size in megabytes of the log file before it gets rotated. | 0 |
| <a id="opt-log-nocolor" href="#opt-log-nocolor" title="#opt-log-nocolor">log.nocolor</a> | When using the 'common' format, disables the colorized output. | false |
| <a id="opt-log-otlp" href="#opt-log-otlp" title="#opt-log-otlp">log.otlp</a> | Settings for OpenTelemetry. | false |
| <a id="opt-log-otlp-grpc" href="#opt-log-otlp-grpc" title="#opt-log-otlp-grpc">log.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="opt-log-otlp-grpc-endpoint" href="#opt-log-otlp-grpc-endpoint" title="#opt-log-otlp-grpc-endpoint">log.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="opt-log-otlp-grpc-headers-name" href="#opt-log-otlp-grpc-headers-name" title="#opt-log-otlp-grpc-headers-name">log.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-log-otlp-grpc-insecure" href="#opt-log-otlp-grpc-insecure" title="#opt-log-otlp-grpc-insecure">log.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="opt-log-otlp-grpc-tls-ca" href="#opt-log-otlp-grpc-tls-ca" title="#opt-log-otlp-grpc-tls-ca">log.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="opt-log-otlp-grpc-tls-cert" href="#opt-log-otlp-grpc-tls-cert" title="#opt-log-otlp-grpc-tls-cert">log.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="opt-log-otlp-grpc-tls-insecureskipverify" href="#opt-log-otlp-grpc-tls-insecureskipverify" title="#opt-log-otlp-grpc-tls-insecureskipverify">log.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-log-otlp-grpc-tls-key" href="#opt-log-otlp-grpc-tls-key" title="#opt-log-otlp-grpc-tls-key">log.otlp.grpc.tls.key</a> | TLS key | |
| <a id="opt-log-otlp-http" href="#opt-log-otlp-http" title="#opt-log-otlp-http">log.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="opt-log-otlp-http-endpoint" href="#opt-log-otlp-http-endpoint" title="#opt-log-otlp-http-endpoint">log.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="opt-log-otlp-http-headers-name" href="#opt-log-otlp-http-headers-name" title="#opt-log-otlp-http-headers-name">log.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-log-otlp-http-tls-ca" href="#opt-log-otlp-http-tls-ca" title="#opt-log-otlp-http-tls-ca">log.otlp.http.tls.ca</a> | TLS CA | |
| <a id="opt-log-otlp-http-tls-cert" href="#opt-log-otlp-http-tls-cert" title="#opt-log-otlp-http-tls-cert">log.otlp.http.tls.cert</a> | TLS cert | |
| <a id="opt-log-otlp-http-tls-insecureskipverify" href="#opt-log-otlp-http-tls-insecureskipverify" title="#opt-log-otlp-http-tls-insecureskipverify">log.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-log-otlp-http-tls-key" href="#opt-log-otlp-http-tls-key" title="#opt-log-otlp-http-tls-key">log.otlp.http.tls.key</a> | TLS key | |
| <a id="opt-log-otlp-resourceattributes-name" href="#opt-log-otlp-resourceattributes-name" title="#opt-log-otlp-resourceattributes-name">log.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="opt-log-otlp-servicename" href="#opt-log-otlp-servicename" title="#opt-log-otlp-servicename">log.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| <a id="opt-metrics-addinternals" href="#opt-metrics-addinternals" title="#opt-metrics-addinternals">metrics.addinternals</a> | Enables metrics for internal services (ping, dashboard, etc...). | false |
| <a id="opt-metrics-datadog" href="#opt-metrics-datadog" title="#opt-metrics-datadog">metrics.datadog</a> | Datadog metrics exporter type. | false |
| <a id="opt-metrics-datadog-addentrypointslabels" href="#opt-metrics-datadog-addentrypointslabels" title="#opt-metrics-datadog-addentrypointslabels">metrics.datadog.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="opt-metrics-datadog-address" href="#opt-metrics-datadog-address" title="#opt-metrics-datadog-address">metrics.datadog.address</a> | Datadog's address. | localhost:8125 |
| <a id="opt-metrics-datadog-addrouterslabels" href="#opt-metrics-datadog-addrouterslabels" title="#opt-metrics-datadog-addrouterslabels">metrics.datadog.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="opt-metrics-datadog-addserviceslabels" href="#opt-metrics-datadog-addserviceslabels" title="#opt-metrics-datadog-addserviceslabels">metrics.datadog.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="opt-metrics-datadog-prefix" href="#opt-metrics-datadog-prefix" title="#opt-metrics-datadog-prefix">metrics.datadog.prefix</a> | Prefix to use for metrics collection. | traefik |
| <a id="opt-metrics-datadog-pushinterval" href="#opt-metrics-datadog-pushinterval" title="#opt-metrics-datadog-pushinterval">metrics.datadog.pushinterval</a> | Datadog push interval. | 10 |
| <a id="opt-metrics-influxdb2" href="#opt-metrics-influxdb2" title="#opt-metrics-influxdb2">metrics.influxdb2</a> | InfluxDB v2 metrics exporter type. | false |
| <a id="opt-metrics-influxdb2-addentrypointslabels" href="#opt-metrics-influxdb2-addentrypointslabels" title="#opt-metrics-influxdb2-addentrypointslabels">metrics.influxdb2.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="opt-metrics-influxdb2-additionallabels-name" href="#opt-metrics-influxdb2-additionallabels-name" title="#opt-metrics-influxdb2-additionallabels-name">metrics.influxdb2.additionallabels._name_</a> | Additional labels (influxdb tags) on all metrics | |
| <a id="opt-metrics-influxdb2-address" href="#opt-metrics-influxdb2-address" title="#opt-metrics-influxdb2-address">metrics.influxdb2.address</a> | InfluxDB v2 address. | http://localhost:8086 |
| <a id="opt-metrics-influxdb2-addrouterslabels" href="#opt-metrics-influxdb2-addrouterslabels" title="#opt-metrics-influxdb2-addrouterslabels">metrics.influxdb2.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="opt-metrics-influxdb2-addserviceslabels" href="#opt-metrics-influxdb2-addserviceslabels" title="#opt-metrics-influxdb2-addserviceslabels">metrics.influxdb2.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="opt-metrics-influxdb2-bucket" href="#opt-metrics-influxdb2-bucket" title="#opt-metrics-influxdb2-bucket">metrics.influxdb2.bucket</a> | InfluxDB v2 bucket ID. | |
| <a id="opt-metrics-influxdb2-org" href="#opt-metrics-influxdb2-org" title="#opt-metrics-influxdb2-org">metrics.influxdb2.org</a> | InfluxDB v2 org ID. | |
| <a id="opt-metrics-influxdb2-pushinterval" href="#opt-metrics-influxdb2-pushinterval" title="#opt-metrics-influxdb2-pushinterval">metrics.influxdb2.pushinterval</a> | InfluxDB v2 push interval. | 10 |
| <a id="opt-metrics-influxdb2-token" href="#opt-metrics-influxdb2-token" title="#opt-metrics-influxdb2-token">metrics.influxdb2.token</a> | InfluxDB v2 access token. | |
| <a id="opt-metrics-otlp" href="#opt-metrics-otlp" title="#opt-metrics-otlp">metrics.otlp</a> | OpenTelemetry metrics exporter type. | false |
| <a id="opt-metrics-otlp-addentrypointslabels" href="#opt-metrics-otlp-addentrypointslabels" title="#opt-metrics-otlp-addentrypointslabels">metrics.otlp.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="opt-metrics-otlp-addrouterslabels" href="#opt-metrics-otlp-addrouterslabels" title="#opt-metrics-otlp-addrouterslabels">metrics.otlp.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="opt-metrics-otlp-addserviceslabels" href="#opt-metrics-otlp-addserviceslabels" title="#opt-metrics-otlp-addserviceslabels">metrics.otlp.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="opt-metrics-otlp-explicitboundaries" href="#opt-metrics-otlp-explicitboundaries" title="#opt-metrics-otlp-explicitboundaries">metrics.otlp.explicitboundaries</a> | Boundaries for latency metrics. | 0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000 |
| <a id="opt-metrics-otlp-grpc" href="#opt-metrics-otlp-grpc" title="#opt-metrics-otlp-grpc">metrics.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="opt-metrics-otlp-grpc-endpoint" href="#opt-metrics-otlp-grpc-endpoint" title="#opt-metrics-otlp-grpc-endpoint">metrics.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="opt-metrics-otlp-grpc-headers-name" href="#opt-metrics-otlp-grpc-headers-name" title="#opt-metrics-otlp-grpc-headers-name">metrics.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-metrics-otlp-grpc-insecure" href="#opt-metrics-otlp-grpc-insecure" title="#opt-metrics-otlp-grpc-insecure">metrics.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="opt-metrics-otlp-grpc-tls-ca" href="#opt-metrics-otlp-grpc-tls-ca" title="#opt-metrics-otlp-grpc-tls-ca">metrics.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="opt-metrics-otlp-grpc-tls-cert" href="#opt-metrics-otlp-grpc-tls-cert" title="#opt-metrics-otlp-grpc-tls-cert">metrics.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="opt-metrics-otlp-grpc-tls-insecureskipverify" href="#opt-metrics-otlp-grpc-tls-insecureskipverify" title="#opt-metrics-otlp-grpc-tls-insecureskipverify">metrics.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-metrics-otlp-grpc-tls-key" href="#opt-metrics-otlp-grpc-tls-key" title="#opt-metrics-otlp-grpc-tls-key">metrics.otlp.grpc.tls.key</a> | TLS key | |
| <a id="opt-metrics-otlp-http" href="#opt-metrics-otlp-http" title="#opt-metrics-otlp-http">metrics.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="opt-metrics-otlp-http-endpoint" href="#opt-metrics-otlp-http-endpoint" title="#opt-metrics-otlp-http-endpoint">metrics.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="opt-metrics-otlp-http-headers-name" href="#opt-metrics-otlp-http-headers-name" title="#opt-metrics-otlp-http-headers-name">metrics.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-metrics-otlp-http-tls-ca" href="#opt-metrics-otlp-http-tls-ca" title="#opt-metrics-otlp-http-tls-ca">metrics.otlp.http.tls.ca</a> | TLS CA | |
| <a id="opt-metrics-otlp-http-tls-cert" href="#opt-metrics-otlp-http-tls-cert" title="#opt-metrics-otlp-http-tls-cert">metrics.otlp.http.tls.cert</a> | TLS cert | |
| <a id="opt-metrics-otlp-http-tls-insecureskipverify" href="#opt-metrics-otlp-http-tls-insecureskipverify" title="#opt-metrics-otlp-http-tls-insecureskipverify">metrics.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-metrics-otlp-http-tls-key" href="#opt-metrics-otlp-http-tls-key" title="#opt-metrics-otlp-http-tls-key">metrics.otlp.http.tls.key</a> | TLS key | |
| <a id="opt-metrics-otlp-pushinterval" href="#opt-metrics-otlp-pushinterval" title="#opt-metrics-otlp-pushinterval">metrics.otlp.pushinterval</a> | Period between calls to collect a checkpoint. | 10 |
| <a id="opt-metrics-otlp-resourceattributes-name" href="#opt-metrics-otlp-resourceattributes-name" title="#opt-metrics-otlp-resourceattributes-name">metrics.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="opt-metrics-otlp-servicename" href="#opt-metrics-otlp-servicename" title="#opt-metrics-otlp-servicename">metrics.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| <a id="opt-metrics-prometheus" href="#opt-metrics-prometheus" title="#opt-metrics-prometheus">metrics.prometheus</a> | Prometheus metrics exporter type. | false |
| <a id="opt-metrics-prometheus-addentrypointslabels" href="#opt-metrics-prometheus-addentrypointslabels" title="#opt-metrics-prometheus-addentrypointslabels">metrics.prometheus.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="opt-metrics-prometheus-addrouterslabels" href="#opt-metrics-prometheus-addrouterslabels" title="#opt-metrics-prometheus-addrouterslabels">metrics.prometheus.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="opt-metrics-prometheus-addserviceslabels" href="#opt-metrics-prometheus-addserviceslabels" title="#opt-metrics-prometheus-addserviceslabels">metrics.prometheus.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="opt-metrics-prometheus-buckets" href="#opt-metrics-prometheus-buckets" title="#opt-metrics-prometheus-buckets">metrics.prometheus.buckets</a> | Buckets for latency metrics. | 0.100000, 0.300000, 1.200000, 5.000000 |
| <a id="opt-metrics-prometheus-entrypoint" href="#opt-metrics-prometheus-entrypoint" title="#opt-metrics-prometheus-entrypoint">metrics.prometheus.entrypoint</a> | EntryPoint | traefik |
| <a id="opt-metrics-prometheus-headerlabels-name" href="#opt-metrics-prometheus-headerlabels-name" title="#opt-metrics-prometheus-headerlabels-name">metrics.prometheus.headerlabels._name_</a> | Defines the extra labels for the requests_total metrics, and for each of them, the request header containing the value for this label. | |
| <a id="opt-metrics-prometheus-manualrouting" href="#opt-metrics-prometheus-manualrouting" title="#opt-metrics-prometheus-manualrouting">metrics.prometheus.manualrouting</a> | Manual routing | false |
| <a id="opt-metrics-statsd" href="#opt-metrics-statsd" title="#opt-metrics-statsd">metrics.statsd</a> | StatsD metrics exporter type. | false |
| <a id="opt-metrics-statsd-addentrypointslabels" href="#opt-metrics-statsd-addentrypointslabels" title="#opt-metrics-statsd-addentrypointslabels">metrics.statsd.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="opt-metrics-statsd-address" href="#opt-metrics-statsd-address" title="#opt-metrics-statsd-address">metrics.statsd.address</a> | StatsD address. | localhost:8125 |
| <a id="opt-metrics-statsd-addrouterslabels" href="#opt-metrics-statsd-addrouterslabels" title="#opt-metrics-statsd-addrouterslabels">metrics.statsd.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="opt-metrics-statsd-addserviceslabels" href="#opt-metrics-statsd-addserviceslabels" title="#opt-metrics-statsd-addserviceslabels">metrics.statsd.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="opt-metrics-statsd-prefix" href="#opt-metrics-statsd-prefix" title="#opt-metrics-statsd-prefix">metrics.statsd.prefix</a> | Prefix to use for metrics collection. | traefik |
| <a id="opt-metrics-statsd-pushinterval" href="#opt-metrics-statsd-pushinterval" title="#opt-metrics-statsd-pushinterval">metrics.statsd.pushinterval</a> | StatsD push interval. | 10 |
| <a id="opt-ocsp" href="#opt-ocsp" title="#opt-ocsp">ocsp</a> | OCSP configuration. | false |
| <a id="opt-ocsp-responderoverrides-name" href="#opt-ocsp-responderoverrides-name" title="#opt-ocsp-responderoverrides-name">ocsp.responderoverrides._name_</a> | Defines a map of OCSP responders to replace for querying OCSP servers. | |
| <a id="opt-ping" href="#opt-ping" title="#opt-ping">ping</a> | Enable ping. | false |
| <a id="opt-ping-entrypoint" href="#opt-ping-entrypoint" title="#opt-ping-entrypoint">ping.entrypoint</a> | EntryPoint | traefik |
| <a id="opt-ping-manualrouting" href="#opt-ping-manualrouting" title="#opt-ping-manualrouting">ping.manualrouting</a> | Manual routing | false |
| <a id="opt-ping-terminatingstatuscode" href="#opt-ping-terminatingstatuscode" title="#opt-ping-terminatingstatuscode">ping.terminatingstatuscode</a> | Terminating status code | 503 |
| <a id="opt-providers-consul" href="#opt-providers-consul" title="#opt-providers-consul">providers.consul</a> | Enables Consul provider. | false |
| <a id="opt-providers-consul-endpoints" href="#opt-providers-consul-endpoints" title="#opt-providers-consul-endpoints">providers.consul.endpoints</a> | KV store endpoints. | 127.0.0.1:8500 |
| <a id="opt-providers-consul-namespaces" href="#opt-providers-consul-namespaces" title="#opt-providers-consul-namespaces">providers.consul.namespaces</a> | Sets the namespaces used to discover the configuration (Consul Enterprise only). | |
| <a id="opt-providers-consul-rootkey" href="#opt-providers-consul-rootkey" title="#opt-providers-consul-rootkey">providers.consul.rootkey</a> | Root key used for KV store. | traefik |
| <a id="opt-providers-consul-tls-ca" href="#opt-providers-consul-tls-ca" title="#opt-providers-consul-tls-ca">providers.consul.tls.ca</a> | TLS CA | |
| <a id="opt-providers-consul-tls-cert" href="#opt-providers-consul-tls-cert" title="#opt-providers-consul-tls-cert">providers.consul.tls.cert</a> | TLS cert | |
| <a id="opt-providers-consul-tls-insecureskipverify" href="#opt-providers-consul-tls-insecureskipverify" title="#opt-providers-consul-tls-insecureskipverify">providers.consul.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-consul-tls-key" href="#opt-providers-consul-tls-key" title="#opt-providers-consul-tls-key">providers.consul.tls.key</a> | TLS key | |
| <a id="opt-providers-consul-token" href="#opt-providers-consul-token" title="#opt-providers-consul-token">providers.consul.token</a> | Per-request ACL token. | |
| <a id="opt-providers-consulcatalog" href="#opt-providers-consulcatalog" title="#opt-providers-consulcatalog">providers.consulcatalog</a> | Enables Consul Catalog provider. | false |
| <a id="opt-providers-consulcatalog-cache" href="#opt-providers-consulcatalog-cache" title="#opt-providers-consulcatalog-cache">providers.consulcatalog.cache</a> | Use local agent caching for catalog reads. | false |
| <a id="opt-providers-consulcatalog-connectaware" href="#opt-providers-consulcatalog-connectaware" title="#opt-providers-consulcatalog-connectaware">providers.consulcatalog.connectaware</a> | Enable Consul Connect support. | false |
| <a id="opt-providers-consulcatalog-connectbydefault" href="#opt-providers-consulcatalog-connectbydefault" title="#opt-providers-consulcatalog-connectbydefault">providers.consulcatalog.connectbydefault</a> | Consider every service as Connect capable by default. | false |
| <a id="opt-providers-consulcatalog-constraints" href="#opt-providers-consulcatalog-constraints" title="#opt-providers-consulcatalog-constraints">providers.consulcatalog.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="opt-providers-consulcatalog-defaultrule" href="#opt-providers-consulcatalog-defaultrule" title="#opt-providers-consulcatalog-defaultrule">providers.consulcatalog.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="opt-providers-consulcatalog-endpoint-address" href="#opt-providers-consulcatalog-endpoint-address" title="#opt-providers-consulcatalog-endpoint-address">providers.consulcatalog.endpoint.address</a> | The address of the Consul server | |
| <a id="opt-providers-consulcatalog-endpoint-datacenter" href="#opt-providers-consulcatalog-endpoint-datacenter" title="#opt-providers-consulcatalog-endpoint-datacenter">providers.consulcatalog.endpoint.datacenter</a> | Data center to use. If not provided, the default agent data center is used | |
| <a id="opt-providers-consulcatalog-endpoint-endpointwaittime" href="#opt-providers-consulcatalog-endpoint-endpointwaittime" title="#opt-providers-consulcatalog-endpoint-endpointwaittime">providers.consulcatalog.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| <a id="opt-providers-consulcatalog-endpoint-httpauth-password" href="#opt-providers-consulcatalog-endpoint-httpauth-password" title="#opt-providers-consulcatalog-endpoint-httpauth-password">providers.consulcatalog.endpoint.httpauth.password</a> | Basic Auth password | |
| <a id="opt-providers-consulcatalog-endpoint-httpauth-username" href="#opt-providers-consulcatalog-endpoint-httpauth-username" title="#opt-providers-consulcatalog-endpoint-httpauth-username">providers.consulcatalog.endpoint.httpauth.username</a> | Basic Auth username | |
| <a id="opt-providers-consulcatalog-endpoint-scheme" href="#opt-providers-consulcatalog-endpoint-scheme" title="#opt-providers-consulcatalog-endpoint-scheme">providers.consulcatalog.endpoint.scheme</a> | The URI scheme for the Consul server | |
| <a id="opt-providers-consulcatalog-endpoint-tls-ca" href="#opt-providers-consulcatalog-endpoint-tls-ca" title="#opt-providers-consulcatalog-endpoint-tls-ca">providers.consulcatalog.endpoint.tls.ca</a> | TLS CA | |
| <a id="opt-providers-consulcatalog-endpoint-tls-cert" href="#opt-providers-consulcatalog-endpoint-tls-cert" title="#opt-providers-consulcatalog-endpoint-tls-cert">providers.consulcatalog.endpoint.tls.cert</a> | TLS cert | |
| <a id="opt-providers-consulcatalog-endpoint-tls-insecureskipverify" href="#opt-providers-consulcatalog-endpoint-tls-insecureskipverify" title="#opt-providers-consulcatalog-endpoint-tls-insecureskipverify">providers.consulcatalog.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-consulcatalog-endpoint-tls-key" href="#opt-providers-consulcatalog-endpoint-tls-key" title="#opt-providers-consulcatalog-endpoint-tls-key">providers.consulcatalog.endpoint.tls.key</a> | TLS key | |
| <a id="opt-providers-consulcatalog-endpoint-token" href="#opt-providers-consulcatalog-endpoint-token" title="#opt-providers-consulcatalog-endpoint-token">providers.consulcatalog.endpoint.token</a> | Token is used to provide a per-request ACL token which overrides the agent's default token | |
| <a id="opt-providers-consulcatalog-exposedbydefault" href="#opt-providers-consulcatalog-exposedbydefault" title="#opt-providers-consulcatalog-exposedbydefault">providers.consulcatalog.exposedbydefault</a> | Expose containers by default. | true |
| <a id="opt-providers-consulcatalog-namespaces" href="#opt-providers-consulcatalog-namespaces" title="#opt-providers-consulcatalog-namespaces">providers.consulcatalog.namespaces</a> | Sets the namespaces used to discover services (Consul Enterprise only). | |
| <a id="opt-providers-consulcatalog-prefix" href="#opt-providers-consulcatalog-prefix" title="#opt-providers-consulcatalog-prefix">providers.consulcatalog.prefix</a> | Prefix for consul service tags. | traefik |
| <a id="opt-providers-consulcatalog-refreshinterval" href="#opt-providers-consulcatalog-refreshinterval" title="#opt-providers-consulcatalog-refreshinterval">providers.consulcatalog.refreshinterval</a> | Interval for check Consul API. | 15 |
| <a id="opt-providers-consulcatalog-requireconsistent" href="#opt-providers-consulcatalog-requireconsistent" title="#opt-providers-consulcatalog-requireconsistent">providers.consulcatalog.requireconsistent</a> | Forces the read to be fully consistent. | false |
| <a id="opt-providers-consulcatalog-servicename" href="#opt-providers-consulcatalog-servicename" title="#opt-providers-consulcatalog-servicename">providers.consulcatalog.servicename</a> | Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). | traefik |
| <a id="opt-providers-consulcatalog-stale" href="#opt-providers-consulcatalog-stale" title="#opt-providers-consulcatalog-stale">providers.consulcatalog.stale</a> | Use stale consistency for catalog reads. | false |
| <a id="opt-providers-consulcatalog-strictchecks" href="#opt-providers-consulcatalog-strictchecks" title="#opt-providers-consulcatalog-strictchecks">providers.consulcatalog.strictchecks</a> | A list of service health statuses to allow taking traffic. | passing, warning |
| <a id="opt-providers-consulcatalog-watch" href="#opt-providers-consulcatalog-watch" title="#opt-providers-consulcatalog-watch">providers.consulcatalog.watch</a> | Watch Consul API events. | false |
| <a id="opt-providers-docker" href="#opt-providers-docker" title="#opt-providers-docker">providers.docker</a> | Enables Docker provider. | false |
| <a id="opt-providers-docker-allowemptyservices" href="#opt-providers-docker-allowemptyservices" title="#opt-providers-docker-allowemptyservices">providers.docker.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| <a id="opt-providers-docker-constraints" href="#opt-providers-docker-constraints" title="#opt-providers-docker-constraints">providers.docker.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="opt-providers-docker-defaultrule" href="#opt-providers-docker-defaultrule" title="#opt-providers-docker-defaultrule">providers.docker.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="opt-providers-docker-endpoint" href="#opt-providers-docker-endpoint" title="#opt-providers-docker-endpoint">providers.docker.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| <a id="opt-providers-docker-exposedbydefault" href="#opt-providers-docker-exposedbydefault" title="#opt-providers-docker-exposedbydefault">providers.docker.exposedbydefault</a> | Expose containers by default. | true |
| <a id="opt-providers-docker-httpclienttimeout" href="#opt-providers-docker-httpclienttimeout" title="#opt-providers-docker-httpclienttimeout">providers.docker.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
| <a id="opt-providers-docker-network" href="#opt-providers-docker-network" title="#opt-providers-docker-network">providers.docker.network</a> | Default Docker network used. | |
| <a id="opt-providers-docker-password" href="#opt-providers-docker-password" title="#opt-providers-docker-password">providers.docker.password</a> | Password for Basic HTTP authentication. | |
| <a id="opt-providers-docker-tls-ca" href="#opt-providers-docker-tls-ca" title="#opt-providers-docker-tls-ca">providers.docker.tls.ca</a> | TLS CA | |
| <a id="opt-providers-docker-tls-cert" href="#opt-providers-docker-tls-cert" title="#opt-providers-docker-tls-cert">providers.docker.tls.cert</a> | TLS cert | |
| <a id="opt-providers-docker-tls-insecureskipverify" href="#opt-providers-docker-tls-insecureskipverify" title="#opt-providers-docker-tls-insecureskipverify">providers.docker.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-docker-tls-key" href="#opt-providers-docker-tls-key" title="#opt-providers-docker-tls-key">providers.docker.tls.key</a> | TLS key | |
| <a id="opt-providers-docker-usebindportip" href="#opt-providers-docker-usebindportip" title="#opt-providers-docker-usebindportip">providers.docker.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
| <a id="opt-providers-docker-username" href="#opt-providers-docker-username" title="#opt-providers-docker-username">providers.docker.username</a> | Username for Basic HTTP authentication. | |
| <a id="opt-providers-docker-watch" href="#opt-providers-docker-watch" title="#opt-providers-docker-watch">providers.docker.watch</a> | Watch Docker events. | true |
| <a id="opt-providers-ecs" href="#opt-providers-ecs" title="#opt-providers-ecs">providers.ecs</a> | Enables AWS ECS provider. | false |
| <a id="opt-providers-ecs-accesskeyid" href="#opt-providers-ecs-accesskeyid" title="#opt-providers-ecs-accesskeyid">providers.ecs.accesskeyid</a> | AWS credentials access key ID to use for making requests. | |
| <a id="opt-providers-ecs-autodiscoverclusters" href="#opt-providers-ecs-autodiscoverclusters" title="#opt-providers-ecs-autodiscoverclusters">providers.ecs.autodiscoverclusters</a> | Auto discover cluster. | false |
| <a id="opt-providers-ecs-clusters" href="#opt-providers-ecs-clusters" title="#opt-providers-ecs-clusters">providers.ecs.clusters</a> | ECS Cluster names. | default |
| <a id="opt-providers-ecs-constraints" href="#opt-providers-ecs-constraints" title="#opt-providers-ecs-constraints">providers.ecs.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="opt-providers-ecs-defaultrule" href="#opt-providers-ecs-defaultrule" title="#opt-providers-ecs-defaultrule">providers.ecs.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="opt-providers-ecs-ecsanywhere" href="#opt-providers-ecs-ecsanywhere" title="#opt-providers-ecs-ecsanywhere">providers.ecs.ecsanywhere</a> | Enable ECS Anywhere support. | false |
| <a id="opt-providers-ecs-exposedbydefault" href="#opt-providers-ecs-exposedbydefault" title="#opt-providers-ecs-exposedbydefault">providers.ecs.exposedbydefault</a> | Expose services by default. | true |
| <a id="opt-providers-ecs-healthytasksonly" href="#opt-providers-ecs-healthytasksonly" title="#opt-providers-ecs-healthytasksonly">providers.ecs.healthytasksonly</a> | Determines whether to discover only healthy tasks. | false |
| <a id="opt-providers-ecs-refreshseconds" href="#opt-providers-ecs-refreshseconds" title="#opt-providers-ecs-refreshseconds">providers.ecs.refreshseconds</a> | Polling interval (in seconds). | 15 |
| <a id="opt-providers-ecs-region" href="#opt-providers-ecs-region" title="#opt-providers-ecs-region">providers.ecs.region</a> | AWS region to use for requests. | |
| <a id="opt-providers-ecs-secretaccesskey" href="#opt-providers-ecs-secretaccesskey" title="#opt-providers-ecs-secretaccesskey">providers.ecs.secretaccesskey</a> | AWS credentials access key to use for making requests. | |
| <a id="opt-providers-etcd" href="#opt-providers-etcd" title="#opt-providers-etcd">providers.etcd</a> | Enables Etcd provider. | false |
| <a id="opt-providers-etcd-endpoints" href="#opt-providers-etcd-endpoints" title="#opt-providers-etcd-endpoints">providers.etcd.endpoints</a> | KV store endpoints. | 127.0.0.1:2379 |
| <a id="opt-providers-etcd-password" href="#opt-providers-etcd-password" title="#opt-providers-etcd-password">providers.etcd.password</a> | Password for authentication. | |
| <a id="opt-providers-etcd-rootkey" href="#opt-providers-etcd-rootkey" title="#opt-providers-etcd-rootkey">providers.etcd.rootkey</a> | Root key used for KV store. | traefik |
| <a id="opt-providers-etcd-tls-ca" href="#opt-providers-etcd-tls-ca" title="#opt-providers-etcd-tls-ca">providers.etcd.tls.ca</a> | TLS CA | |
| <a id="opt-providers-etcd-tls-cert" href="#opt-providers-etcd-tls-cert" title="#opt-providers-etcd-tls-cert">providers.etcd.tls.cert</a> | TLS cert | |
| <a id="opt-providers-etcd-tls-insecureskipverify" href="#opt-providers-etcd-tls-insecureskipverify" title="#opt-providers-etcd-tls-insecureskipverify">providers.etcd.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-etcd-tls-key" href="#opt-providers-etcd-tls-key" title="#opt-providers-etcd-tls-key">providers.etcd.tls.key</a> | TLS key | |
| <a id="opt-providers-etcd-username" href="#opt-providers-etcd-username" title="#opt-providers-etcd-username">providers.etcd.username</a> | Username for authentication. | |
| <a id="opt-providers-file-debugloggeneratedtemplate" href="#opt-providers-file-debugloggeneratedtemplate" title="#opt-providers-file-debugloggeneratedtemplate">providers.file.debugloggeneratedtemplate</a> | Enable debug logging of generated configuration template. | false |
| <a id="opt-providers-file-directory" href="#opt-providers-file-directory" title="#opt-providers-file-directory">providers.file.directory</a> | Load dynamic configuration from one or more .yml or .toml files in a directory. | |
| <a id="opt-providers-file-filename" href="#opt-providers-file-filename" title="#opt-providers-file-filename">providers.file.filename</a> | Load dynamic configuration from a file. | |
| <a id="opt-providers-file-watch" href="#opt-providers-file-watch" title="#opt-providers-file-watch">providers.file.watch</a> | Watch provider. | true |
| <a id="opt-providers-http" href="#opt-providers-http" title="#opt-providers-http">providers.http</a> | Enables HTTP provider. | false |
| <a id="opt-providers-http-endpoint" href="#opt-providers-http-endpoint" title="#opt-providers-http-endpoint">providers.http.endpoint</a> | Load configuration from this endpoint. | |
| <a id="opt-providers-http-headers-name" href="#opt-providers-http-headers-name" title="#opt-providers-http-headers-name">providers.http.headers._name_</a> | Define custom headers to be sent to the endpoint. | |
| <a id="opt-providers-http-pollinterval" href="#opt-providers-http-pollinterval" title="#opt-providers-http-pollinterval">providers.http.pollinterval</a> | Polling interval for endpoint. | 5 |
| <a id="opt-providers-http-polltimeout" href="#opt-providers-http-polltimeout" title="#opt-providers-http-polltimeout">providers.http.polltimeout</a> | Polling timeout for endpoint. | 5 |
| <a id="opt-providers-http-tls-ca" href="#opt-providers-http-tls-ca" title="#opt-providers-http-tls-ca">providers.http.tls.ca</a> | TLS CA | |
| <a id="opt-providers-http-tls-cert" href="#opt-providers-http-tls-cert" title="#opt-providers-http-tls-cert">providers.http.tls.cert</a> | TLS cert | |
| <a id="opt-providers-http-tls-insecureskipverify" href="#opt-providers-http-tls-insecureskipverify" title="#opt-providers-http-tls-insecureskipverify">providers.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-http-tls-key" href="#opt-providers-http-tls-key" title="#opt-providers-http-tls-key">providers.http.tls.key</a> | TLS key | |
| <a id="opt-providers-kubernetescrd" href="#opt-providers-kubernetescrd" title="#opt-providers-kubernetescrd">providers.kubernetescrd</a> | Enables Kubernetes CRD provider. | false |
| <a id="opt-providers-kubernetescrd-allowcrossnamespace" href="#opt-providers-kubernetescrd-allowcrossnamespace" title="#opt-providers-kubernetescrd-allowcrossnamespace">providers.kubernetescrd.allowcrossnamespace</a> | Allow cross namespace resource reference. | false |
| <a id="opt-providers-kubernetescrd-allowemptyservices" href="#opt-providers-kubernetescrd-allowemptyservices" title="#opt-providers-kubernetescrd-allowemptyservices">providers.kubernetescrd.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
| <a id="opt-providers-kubernetescrd-allowexternalnameservices" href="#opt-providers-kubernetescrd-allowexternalnameservices" title="#opt-providers-kubernetescrd-allowexternalnameservices">providers.kubernetescrd.allowexternalnameservices</a> | Allow ExternalName services. | false |
| <a id="opt-providers-kubernetescrd-certauthfilepath" href="#opt-providers-kubernetescrd-certauthfilepath" title="#opt-providers-kubernetescrd-certauthfilepath">providers.kubernetescrd.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="opt-providers-kubernetescrd-disableclusterscoperesources" href="#opt-providers-kubernetescrd-disableclusterscoperesources" title="#opt-providers-kubernetescrd-disableclusterscoperesources">providers.kubernetescrd.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| <a id="opt-providers-kubernetescrd-endpoint" href="#opt-providers-kubernetescrd-endpoint" title="#opt-providers-kubernetescrd-endpoint">providers.kubernetescrd.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="opt-providers-kubernetescrd-ingressclass" href="#opt-providers-kubernetescrd-ingressclass" title="#opt-providers-kubernetescrd-ingressclass">providers.kubernetescrd.ingressclass</a> | Value of kubernetes.io/ingress.class annotation to watch for. | |
| <a id="opt-providers-kubernetescrd-labelselector" href="#opt-providers-kubernetescrd-labelselector" title="#opt-providers-kubernetescrd-labelselector">providers.kubernetescrd.labelselector</a> | Kubernetes label selector to use. | |
| <a id="opt-providers-kubernetescrd-namespaces" href="#opt-providers-kubernetescrd-namespaces" title="#opt-providers-kubernetescrd-namespaces">providers.kubernetescrd.namespaces</a> | Kubernetes namespaces. | |
| <a id="opt-providers-kubernetescrd-nativelbbydefault" href="#opt-providers-kubernetescrd-nativelbbydefault" title="#opt-providers-kubernetescrd-nativelbbydefault">providers.kubernetescrd.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| <a id="opt-providers-kubernetescrd-throttleduration" href="#opt-providers-kubernetescrd-throttleduration" title="#opt-providers-kubernetescrd-throttleduration">providers.kubernetescrd.throttleduration</a> | Ingress refresh throttle duration | 0 |
| <a id="opt-providers-kubernetescrd-token" href="#opt-providers-kubernetescrd-token" title="#opt-providers-kubernetescrd-token">providers.kubernetescrd.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="opt-providers-kubernetesgateway" href="#opt-providers-kubernetesgateway" title="#opt-providers-kubernetesgateway">providers.kubernetesgateway</a> | Enables Kubernetes Gateway API provider. | false |
| <a id="opt-providers-kubernetesgateway-certauthfilepath" href="#opt-providers-kubernetesgateway-certauthfilepath" title="#opt-providers-kubernetesgateway-certauthfilepath">providers.kubernetesgateway.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="opt-providers-kubernetesgateway-endpoint" href="#opt-providers-kubernetesgateway-endpoint" title="#opt-providers-kubernetesgateway-endpoint">providers.kubernetesgateway.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="opt-providers-kubernetesgateway-experimentalchannel" href="#opt-providers-kubernetesgateway-experimentalchannel" title="#opt-providers-kubernetesgateway-experimentalchannel">providers.kubernetesgateway.experimentalchannel</a> | Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). | false |
| <a id="opt-providers-kubernetesgateway-labelselector" href="#opt-providers-kubernetesgateway-labelselector" title="#opt-providers-kubernetesgateway-labelselector">providers.kubernetesgateway.labelselector</a> | Kubernetes label selector to select specific GatewayClasses. | |
| <a id="opt-providers-kubernetesgateway-namespaces" href="#opt-providers-kubernetesgateway-namespaces" title="#opt-providers-kubernetesgateway-namespaces">providers.kubernetesgateway.namespaces</a> | Kubernetes namespaces. | |
| <a id="opt-providers-kubernetesgateway-nativelbbydefault" href="#opt-providers-kubernetesgateway-nativelbbydefault" title="#opt-providers-kubernetesgateway-nativelbbydefault">providers.kubernetesgateway.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing by default. | false |
| <a id="opt-providers-kubernetesgateway-statusaddress-hostname" href="#opt-providers-kubernetesgateway-statusaddress-hostname" title="#opt-providers-kubernetesgateway-statusaddress-hostname">providers.kubernetesgateway.statusaddress.hostname</a> | Hostname used for Kubernetes Gateway status address. | |
| <a id="opt-providers-kubernetesgateway-statusaddress-ip" href="#opt-providers-kubernetesgateway-statusaddress-ip" title="#opt-providers-kubernetesgateway-statusaddress-ip">providers.kubernetesgateway.statusaddress.ip</a> | IP used to set Kubernetes Gateway status address. | |
| <a id="opt-providers-kubernetesgateway-statusaddress-service" href="#opt-providers-kubernetesgateway-statusaddress-service" title="#opt-providers-kubernetesgateway-statusaddress-service">providers.kubernetesgateway.statusaddress.service</a> | Published Kubernetes Service to copy status addresses from. | |
| <a id="opt-providers-kubernetesgateway-statusaddress-service-name" href="#opt-providers-kubernetesgateway-statusaddress-service-name" title="#opt-providers-kubernetesgateway-statusaddress-service-name">providers.kubernetesgateway.statusaddress.service.name</a> | Name of the Kubernetes service. | |
| <a id="opt-providers-kubernetesgateway-statusaddress-service-namespace" href="#opt-providers-kubernetesgateway-statusaddress-service-namespace" title="#opt-providers-kubernetesgateway-statusaddress-service-namespace">providers.kubernetesgateway.statusaddress.service.namespace</a> | Namespace of the Kubernetes service. | |
| <a id="opt-providers-kubernetesgateway-throttleduration" href="#opt-providers-kubernetesgateway-throttleduration" title="#opt-providers-kubernetesgateway-throttleduration">providers.kubernetesgateway.throttleduration</a> | Kubernetes refresh throttle duration | 0 |
| <a id="opt-providers-kubernetesgateway-token" href="#opt-providers-kubernetesgateway-token" title="#opt-providers-kubernetesgateway-token">providers.kubernetesgateway.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="opt-providers-kubernetesingress" href="#opt-providers-kubernetesingress" title="#opt-providers-kubernetesingress">providers.kubernetesingress</a> | Enables Kubernetes Ingress provider. | false |
| <a id="opt-providers-kubernetesingress-allowemptyservices" href="#opt-providers-kubernetesingress-allowemptyservices" title="#opt-providers-kubernetesingress-allowemptyservices">providers.kubernetesingress.allowemptyservices</a> | Allow creation of services without endpoints. | false |
| <a id="opt-providers-kubernetesingress-allowexternalnameservices" href="#opt-providers-kubernetesingress-allowexternalnameservices" title="#opt-providers-kubernetesingress-allowexternalnameservices">providers.kubernetesingress.allowexternalnameservices</a> | Allow ExternalName services. | false |
| <a id="opt-providers-kubernetesingress-certauthfilepath" href="#opt-providers-kubernetesingress-certauthfilepath" title="#opt-providers-kubernetesingress-certauthfilepath">providers.kubernetesingress.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="opt-providers-kubernetesingress-disableclusterscoperesources" href="#opt-providers-kubernetesingress-disableclusterscoperesources" title="#opt-providers-kubernetesingress-disableclusterscoperesources">providers.kubernetesingress.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| <a id="opt-providers-kubernetesingress-disableingressclasslookup" href="#opt-providers-kubernetesingress-disableingressclasslookup" title="#opt-providers-kubernetesingress-disableingressclasslookup">providers.kubernetesingress.disableingressclasslookup</a> | Disables the lookup of IngressClasses (Deprecated, please use DisableClusterScopeResources). | false |
| <a id="opt-providers-kubernetesingress-endpoint" href="#opt-providers-kubernetesingress-endpoint" title="#opt-providers-kubernetesingress-endpoint">providers.kubernetesingress.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="opt-providers-kubernetesingress-ingressclass" href="#opt-providers-kubernetesingress-ingressclass" title="#opt-providers-kubernetesingress-ingressclass">providers.kubernetesingress.ingressclass</a> | Value of kubernetes.io/ingress.class annotation or IngressClass name to watch for. | |
| <a id="opt-providers-kubernetesingress-ingressendpoint-hostname" href="#opt-providers-kubernetesingress-ingressendpoint-hostname" title="#opt-providers-kubernetesingress-ingressendpoint-hostname">providers.kubernetesingress.ingressendpoint.hostname</a> | Hostname used for Kubernetes Ingress endpoints. | |
| <a id="opt-providers-kubernetesingress-ingressendpoint-ip" href="#opt-providers-kubernetesingress-ingressendpoint-ip" title="#opt-providers-kubernetesingress-ingressendpoint-ip">providers.kubernetesingress.ingressendpoint.ip</a> | IP used for Kubernetes Ingress endpoints. | |
| <a id="opt-providers-kubernetesingress-ingressendpoint-publishedservice" href="#opt-providers-kubernetesingress-ingressendpoint-publishedservice" title="#opt-providers-kubernetesingress-ingressendpoint-publishedservice">providers.kubernetesingress.ingressendpoint.publishedservice</a> | Published Kubernetes Service to copy status from. | |
| <a id="opt-providers-kubernetesingress-labelselector" href="#opt-providers-kubernetesingress-labelselector" title="#opt-providers-kubernetesingress-labelselector">providers.kubernetesingress.labelselector</a> | Kubernetes Ingress label selector to use. | |
| <a id="opt-providers-kubernetesingress-namespaces" href="#opt-providers-kubernetesingress-namespaces" title="#opt-providers-kubernetesingress-namespaces">providers.kubernetesingress.namespaces</a> | Kubernetes namespaces. | |
| <a id="opt-providers-kubernetesingress-nativelbbydefault" href="#opt-providers-kubernetesingress-nativelbbydefault" title="#opt-providers-kubernetesingress-nativelbbydefault">providers.kubernetesingress.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| <a id="opt-providers-kubernetesingress-strictprefixmatching" href="#opt-providers-kubernetesingress-strictprefixmatching" title="#opt-providers-kubernetesingress-strictprefixmatching">providers.kubernetesingress.strictprefixmatching</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). | false |
| <a id="opt-providers-kubernetesingress-throttleduration" href="#opt-providers-kubernetesingress-throttleduration" title="#opt-providers-kubernetesingress-throttleduration">providers.kubernetesingress.throttleduration</a> | Ingress refresh throttle duration | 0 |
| <a id="opt-providers-kubernetesingress-token" href="#opt-providers-kubernetesingress-token" title="#opt-providers-kubernetesingress-token">providers.kubernetesingress.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="opt-providers-kubernetesingressnginx" href="#opt-providers-kubernetesingressnginx" title="#opt-providers-kubernetesingressnginx">providers.kubernetesingressnginx</a> | Enables Kubernetes Ingress NGINX provider. | false |
| <a id="opt-providers-kubernetesingressnginx-certauthfilepath" href="#opt-providers-kubernetesingressnginx-certauthfilepath" title="#opt-providers-kubernetesingressnginx-certauthfilepath">providers.kubernetesingressnginx.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="opt-providers-kubernetesingressnginx-controllerclass" href="#opt-providers-kubernetesingressnginx-controllerclass" title="#opt-providers-kubernetesingressnginx-controllerclass">providers.kubernetesingressnginx.controllerclass</a> | Ingress Class Controller value this controller satisfies. | k8s.io/ingress-nginx |
| <a id="opt-providers-kubernetesingressnginx-defaultbackendservice" href="#opt-providers-kubernetesingressnginx-defaultbackendservice" title="#opt-providers-kubernetesingressnginx-defaultbackendservice">providers.kubernetesingressnginx.defaultbackendservice</a> | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | |
| <a id="opt-providers-kubernetesingressnginx-disablesvcexternalname" href="#opt-providers-kubernetesingressnginx-disablesvcexternalname" title="#opt-providers-kubernetesingressnginx-disablesvcexternalname">providers.kubernetesingressnginx.disablesvcexternalname</a> | Disable support for Services of type ExternalName. | false |
| <a id="opt-providers-kubernetesingressnginx-endpoint" href="#opt-providers-kubernetesingressnginx-endpoint" title="#opt-providers-kubernetesingressnginx-endpoint">providers.kubernetesingressnginx.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="opt-providers-kubernetesingressnginx-ingressclass" href="#opt-providers-kubernetesingressnginx-ingressclass" title="#opt-providers-kubernetesingressnginx-ingressclass">providers.kubernetesingressnginx.ingressclass</a> | Name of the ingress class this controller satisfies. | nginx |
| <a id="opt-providers-kubernetesingressnginx-ingressclassbyname" href="#opt-providers-kubernetesingressnginx-ingressclassbyname" title="#opt-providers-kubernetesingressnginx-ingressclassbyname">providers.kubernetesingressnginx.ingressclassbyname</a> | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false |
| <a id="opt-providers-kubernetesingressnginx-publishservice" href="#opt-providers-kubernetesingressnginx-publishservice" title="#opt-providers-kubernetesingressnginx-publishservice">providers.kubernetesingressnginx.publishservice</a> | Service fronting the Ingress controller. Takes the form 'namespace/name'. | |
| <a id="opt-providers-kubernetesingressnginx-publishstatusaddress" href="#opt-providers-kubernetesingressnginx-publishstatusaddress" title="#opt-providers-kubernetesingressnginx-publishstatusaddress">providers.kubernetesingressnginx.publishstatusaddress</a> | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | |
| <a id="opt-providers-kubernetesingressnginx-throttleduration" href="#opt-providers-kubernetesingressnginx-throttleduration" title="#opt-providers-kubernetesingressnginx-throttleduration">providers.kubernetesingressnginx.throttleduration</a> | Ingress refresh throttle duration. | 0 |
| <a id="opt-providers-kubernetesingressnginx-token" href="#opt-providers-kubernetesingressnginx-token" title="#opt-providers-kubernetesingressnginx-token">providers.kubernetesingressnginx.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="opt-providers-kubernetesingressnginx-watchingresswithoutclass" href="#opt-providers-kubernetesingressnginx-watchingresswithoutclass" title="#opt-providers-kubernetesingressnginx-watchingresswithoutclass">providers.kubernetesingressnginx.watchingresswithoutclass</a> | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false |
| <a id="opt-providers-kubernetesingressnginx-watchnamespace" href="#opt-providers-kubernetesingressnginx-watchnamespace" title="#opt-providers-kubernetesingressnginx-watchnamespace">providers.kubernetesingressnginx.watchnamespace</a> | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | |
| <a id="opt-providers-kubernetesingressnginx-watchnamespaceselector" href="#opt-providers-kubernetesingressnginx-watchnamespaceselector" title="#opt-providers-kubernetesingressnginx-watchnamespaceselector">providers.kubernetesingressnginx.watchnamespaceselector</a> | Selector selects namespaces the controller watches for updates to Kubernetes objects. | |
| <a id="opt-providers-nomad" href="#opt-providers-nomad" title="#opt-providers-nomad">providers.nomad</a> | Enables Nomad provider. | false |
| <a id="opt-providers-nomad-allowemptyservices" href="#opt-providers-nomad-allowemptyservices" title="#opt-providers-nomad-allowemptyservices">providers.nomad.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
| <a id="opt-providers-nomad-constraints" href="#opt-providers-nomad-constraints" title="#opt-providers-nomad-constraints">providers.nomad.constraints</a> | Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service. | |
| <a id="opt-providers-nomad-defaultrule" href="#opt-providers-nomad-defaultrule" title="#opt-providers-nomad-defaultrule">providers.nomad.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="opt-providers-nomad-endpoint-address" href="#opt-providers-nomad-endpoint-address" title="#opt-providers-nomad-endpoint-address">providers.nomad.endpoint.address</a> | The address of the Nomad server, including scheme and port. | http://127.0.0.1:4646 |
| <a id="opt-providers-nomad-endpoint-endpointwaittime" href="#opt-providers-nomad-endpoint-endpointwaittime" title="#opt-providers-nomad-endpoint-endpointwaittime">providers.nomad.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| <a id="opt-providers-nomad-endpoint-region" href="#opt-providers-nomad-endpoint-region" title="#opt-providers-nomad-endpoint-region">providers.nomad.endpoint.region</a> | Nomad region to use. If not provided, the local agent region is used. | |
| <a id="opt-providers-nomad-endpoint-tls-ca" href="#opt-providers-nomad-endpoint-tls-ca" title="#opt-providers-nomad-endpoint-tls-ca">providers.nomad.endpoint.tls.ca</a> | TLS CA | |
| <a id="opt-providers-nomad-endpoint-tls-cert" href="#opt-providers-nomad-endpoint-tls-cert" title="#opt-providers-nomad-endpoint-tls-cert">providers.nomad.endpoint.tls.cert</a> | TLS cert | |
| <a id="opt-providers-nomad-endpoint-tls-insecureskipverify" href="#opt-providers-nomad-endpoint-tls-insecureskipverify" title="#opt-providers-nomad-endpoint-tls-insecureskipverify">providers.nomad.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-nomad-endpoint-tls-key" href="#opt-providers-nomad-endpoint-tls-key" title="#opt-providers-nomad-endpoint-tls-key">providers.nomad.endpoint.tls.key</a> | TLS key | |
| <a id="opt-providers-nomad-endpoint-token" href="#opt-providers-nomad-endpoint-token" title="#opt-providers-nomad-endpoint-token">providers.nomad.endpoint.token</a> | Token is used to provide a per-request ACL token. | |
| <a id="opt-providers-nomad-exposedbydefault" href="#opt-providers-nomad-exposedbydefault" title="#opt-providers-nomad-exposedbydefault">providers.nomad.exposedbydefault</a> | Expose Nomad services by default. | true |
| <a id="opt-providers-nomad-namespaces" href="#opt-providers-nomad-namespaces" title="#opt-providers-nomad-namespaces">providers.nomad.namespaces</a> | Sets the Nomad namespaces used to discover services. | |
| <a id="opt-providers-nomad-prefix" href="#opt-providers-nomad-prefix" title="#opt-providers-nomad-prefix">providers.nomad.prefix</a> | Prefix for nomad service tags. | traefik |
| <a id="opt-providers-nomad-refreshinterval" href="#opt-providers-nomad-refreshinterval" title="#opt-providers-nomad-refreshinterval">providers.nomad.refreshinterval</a> | Interval for polling Nomad API. | 15 |
| <a id="opt-providers-nomad-stale" href="#opt-providers-nomad-stale" title="#opt-providers-nomad-stale">providers.nomad.stale</a> | Use stale consistency for catalog reads. | false |
| <a id="opt-providers-nomad-throttleduration" href="#opt-providers-nomad-throttleduration" title="#opt-providers-nomad-throttleduration">providers.nomad.throttleduration</a> | Watch throttle duration. | 0 |
| <a id="opt-providers-nomad-watch" href="#opt-providers-nomad-watch" title="#opt-providers-nomad-watch">providers.nomad.watch</a> | Watch Nomad Service events. | false |
| <a id="opt-providers-plugin-name" href="#opt-providers-plugin-name" title="#opt-providers-plugin-name">providers.plugin._name_</a> | Plugins configuration. | |
| <a id="opt-providers-providersthrottleduration" href="#opt-providers-providersthrottleduration" title="#opt-providers-providersthrottleduration">providers.providersthrottleduration</a> | Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. | 2 |
| <a id="opt-providers-redis" href="#opt-providers-redis" title="#opt-providers-redis">providers.redis</a> | Enables Redis provider. | false |
| <a id="opt-providers-redis-db" href="#opt-providers-redis-db" title="#opt-providers-redis-db">providers.redis.db</a> | Database to be selected after connecting to the server. | 0 |
| <a id="opt-providers-redis-endpoints" href="#opt-providers-redis-endpoints" title="#opt-providers-redis-endpoints">providers.redis.endpoints</a> | KV store endpoints. | 127.0.0.1:6379 |
| <a id="opt-providers-redis-password" href="#opt-providers-redis-password" title="#opt-providers-redis-password">providers.redis.password</a> | Password for authentication. | |
| <a id="opt-providers-redis-rootkey" href="#opt-providers-redis-rootkey" title="#opt-providers-redis-rootkey">providers.redis.rootkey</a> | Root key used for KV store. | traefik |
| <a id="opt-providers-redis-sentinel-latencystrategy" href="#opt-providers-redis-sentinel-latencystrategy" title="#opt-providers-redis-sentinel-latencystrategy">providers.redis.sentinel.latencystrategy</a> | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false |
| <a id="opt-providers-redis-sentinel-mastername" href="#opt-providers-redis-sentinel-mastername" title="#opt-providers-redis-sentinel-mastername">providers.redis.sentinel.mastername</a> | Name of the master. | |
| <a id="opt-providers-redis-sentinel-password" href="#opt-providers-redis-sentinel-password" title="#opt-providers-redis-sentinel-password">providers.redis.sentinel.password</a> | Password for Sentinel authentication. | |
| <a id="opt-providers-redis-sentinel-randomstrategy" href="#opt-providers-redis-sentinel-randomstrategy" title="#opt-providers-redis-sentinel-randomstrategy">providers.redis.sentinel.randomstrategy</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false |
| <a id="opt-providers-redis-sentinel-replicastrategy" href="#opt-providers-redis-sentinel-replicastrategy" title="#opt-providers-redis-sentinel-replicastrategy">providers.redis.sentinel.replicastrategy</a> | Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). | false |
| <a id="opt-providers-redis-sentinel-usedisconnectedreplicas" href="#opt-providers-redis-sentinel-usedisconnectedreplicas" title="#opt-providers-redis-sentinel-usedisconnectedreplicas">providers.redis.sentinel.usedisconnectedreplicas</a> | Use replicas disconnected with master when cannot get connected replicas. | false |
| <a id="opt-providers-redis-sentinel-username" href="#opt-providers-redis-sentinel-username" title="#opt-providers-redis-sentinel-username">providers.redis.sentinel.username</a> | Username for Sentinel authentication. | |
| <a id="opt-providers-redis-tls-ca" href="#opt-providers-redis-tls-ca" title="#opt-providers-redis-tls-ca">providers.redis.tls.ca</a> | TLS CA | |
| <a id="opt-providers-redis-tls-cert" href="#opt-providers-redis-tls-cert" title="#opt-providers-redis-tls-cert">providers.redis.tls.cert</a> | TLS cert | |
| <a id="opt-providers-redis-tls-insecureskipverify" href="#opt-providers-redis-tls-insecureskipverify" title="#opt-providers-redis-tls-insecureskipverify">providers.redis.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-redis-tls-key" href="#opt-providers-redis-tls-key" title="#opt-providers-redis-tls-key">providers.redis.tls.key</a> | TLS key | |
| <a id="opt-providers-redis-username" href="#opt-providers-redis-username" title="#opt-providers-redis-username">providers.redis.username</a> | Username for authentication. | |
| <a id="opt-providers-rest" href="#opt-providers-rest" title="#opt-providers-rest">providers.rest</a> | Enables Rest provider. | false |
| <a id="opt-providers-rest-insecure" href="#opt-providers-rest-insecure" title="#opt-providers-rest-insecure">providers.rest.insecure</a> | Activate REST Provider directly on the entryPoint named traefik. | false |
| <a id="opt-providers-swarm" href="#opt-providers-swarm" title="#opt-providers-swarm">providers.swarm</a> | Enables Docker Swarm provider. | false |
| <a id="opt-providers-swarm-allowemptyservices" href="#opt-providers-swarm-allowemptyservices" title="#opt-providers-swarm-allowemptyservices">providers.swarm.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| <a id="opt-providers-swarm-constraints" href="#opt-providers-swarm-constraints" title="#opt-providers-swarm-constraints">providers.swarm.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="opt-providers-swarm-defaultrule" href="#opt-providers-swarm-defaultrule" title="#opt-providers-swarm-defaultrule">providers.swarm.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="opt-providers-swarm-endpoint" href="#opt-providers-swarm-endpoint" title="#opt-providers-swarm-endpoint">providers.swarm.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| <a id="opt-providers-swarm-exposedbydefault" href="#opt-providers-swarm-exposedbydefault" title="#opt-providers-swarm-exposedbydefault">providers.swarm.exposedbydefault</a> | Expose containers by default. | true |
| <a id="opt-providers-swarm-httpclienttimeout" href="#opt-providers-swarm-httpclienttimeout" title="#opt-providers-swarm-httpclienttimeout">providers.swarm.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
| <a id="opt-providers-swarm-network" href="#opt-providers-swarm-network" title="#opt-providers-swarm-network">providers.swarm.network</a> | Default Docker network used. | |
| <a id="opt-providers-swarm-password" href="#opt-providers-swarm-password" title="#opt-providers-swarm-password">providers.swarm.password</a> | Password for Basic HTTP authentication. | |
| <a id="opt-providers-swarm-refreshseconds" href="#opt-providers-swarm-refreshseconds" title="#opt-providers-swarm-refreshseconds">providers.swarm.refreshseconds</a> | Polling interval for swarm mode. | 15 |
| <a id="opt-providers-swarm-tls-ca" href="#opt-providers-swarm-tls-ca" title="#opt-providers-swarm-tls-ca">providers.swarm.tls.ca</a> | TLS CA | |
| <a id="opt-providers-swarm-tls-cert" href="#opt-providers-swarm-tls-cert" title="#opt-providers-swarm-tls-cert">providers.swarm.tls.cert</a> | TLS cert | |
| <a id="opt-providers-swarm-tls-insecureskipverify" href="#opt-providers-swarm-tls-insecureskipverify" title="#opt-providers-swarm-tls-insecureskipverify">providers.swarm.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-providers-swarm-tls-key" href="#opt-providers-swarm-tls-key" title="#opt-providers-swarm-tls-key">providers.swarm.tls.key</a> | TLS key | |
| <a id="opt-providers-swarm-usebindportip" href="#opt-providers-swarm-usebindportip" title="#opt-providers-swarm-usebindportip">providers.swarm.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
| <a id="opt-providers-swarm-username" href="#opt-providers-swarm-username" title="#opt-providers-swarm-username">providers.swarm.username</a> | Username for Basic HTTP authentication. | |
| <a id="opt-providers-swarm-watch" href="#opt-providers-swarm-watch" title="#opt-providers-swarm-watch">providers.swarm.watch</a> | Watch Docker events. | true |
| <a id="opt-providers-zookeeper" href="#opt-providers-zookeeper" title="#opt-providers-zookeeper">providers.zookeeper</a> | Enables ZooKeeper provider. | false |
| <a id="opt-providers-zookeeper-endpoints" href="#opt-providers-zookeeper-endpoints" title="#opt-providers-zookeeper-endpoints">providers.zookeeper.endpoints</a> | KV store endpoints. | 127.0.0.1:2181 |
| <a id="opt-providers-zookeeper-password" href="#opt-providers-zookeeper-password" title="#opt-providers-zookeeper-password">providers.zookeeper.password</a> | Password for authentication. | |
| <a id="opt-providers-zookeeper-rootkey" href="#opt-providers-zookeeper-rootkey" title="#opt-providers-zookeeper-rootkey">providers.zookeeper.rootkey</a> | Root key used for KV store. | traefik |
| <a id="opt-providers-zookeeper-username" href="#opt-providers-zookeeper-username" title="#opt-providers-zookeeper-username">providers.zookeeper.username</a> | Username for authentication. | |
| <a id="opt-serverstransport-forwardingtimeouts-dialtimeout" href="#opt-serverstransport-forwardingtimeouts-dialtimeout" title="#opt-serverstransport-forwardingtimeouts-dialtimeout">serverstransport.forwardingtimeouts.dialtimeout</a> | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| <a id="opt-serverstransport-forwardingtimeouts-idleconntimeout" href="#opt-serverstransport-forwardingtimeouts-idleconntimeout" title="#opt-serverstransport-forwardingtimeouts-idleconntimeout">serverstransport.forwardingtimeouts.idleconntimeout</a> | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself | 90 |
| <a id="opt-serverstransport-forwardingtimeouts-responseheadertimeout" href="#opt-serverstransport-forwardingtimeouts-responseheadertimeout" title="#opt-serverstransport-forwardingtimeouts-responseheadertimeout">serverstransport.forwardingtimeouts.responseheadertimeout</a> | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. | 0 |
| <a id="opt-serverstransport-insecureskipverify" href="#opt-serverstransport-insecureskipverify" title="#opt-serverstransport-insecureskipverify">serverstransport.insecureskipverify</a> | Disable SSL certificate verification. | false |
| <a id="opt-serverstransport-maxidleconnsperhost" href="#opt-serverstransport-maxidleconnsperhost" title="#opt-serverstransport-maxidleconnsperhost">serverstransport.maxidleconnsperhost</a> | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. If negative, disables connection reuse. | 200 |
| <a id="opt-serverstransport-rootcas" href="#opt-serverstransport-rootcas" title="#opt-serverstransport-rootcas">serverstransport.rootcas</a> | Add cert file for self-signed certificate. | |
| <a id="opt-serverstransport-spiffe" href="#opt-serverstransport-spiffe" title="#opt-serverstransport-spiffe">serverstransport.spiffe</a> | Defines the SPIFFE configuration. | false |
| <a id="opt-serverstransport-spiffe-ids" href="#opt-serverstransport-spiffe-ids" title="#opt-serverstransport-spiffe-ids">serverstransport.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| <a id="opt-serverstransport-spiffe-trustdomain" href="#opt-serverstransport-spiffe-trustdomain" title="#opt-serverstransport-spiffe-trustdomain">serverstransport.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
| <a id="opt-spiffe-workloadapiaddr" href="#opt-spiffe-workloadapiaddr" title="#opt-spiffe-workloadapiaddr">spiffe.workloadapiaddr</a> | Defines the workload API address. | |
| <a id="opt-tcpserverstransport-dialkeepalive" href="#opt-tcpserverstransport-dialkeepalive" title="#opt-tcpserverstransport-dialkeepalive">tcpserverstransport.dialkeepalive</a> | Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled | 15 |
| <a id="opt-tcpserverstransport-dialtimeout" href="#opt-tcpserverstransport-dialtimeout" title="#opt-tcpserverstransport-dialtimeout">tcpserverstransport.dialtimeout</a> | Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| <a id="opt-tcpserverstransport-terminationdelay" href="#opt-tcpserverstransport-terminationdelay" title="#opt-tcpserverstransport-terminationdelay">tcpserverstransport.terminationdelay</a> | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 0 |
| <a id="opt-tcpserverstransport-tls" href="#opt-tcpserverstransport-tls" title="#opt-tcpserverstransport-tls">tcpserverstransport.tls</a> | Defines the TLS configuration. | false |
| <a id="opt-tcpserverstransport-tls-insecureskipverify" href="#opt-tcpserverstransport-tls-insecureskipverify" title="#opt-tcpserverstransport-tls-insecureskipverify">tcpserverstransport.tls.insecureskipverify</a> | Disables SSL certificate verification. | false |
| <a id="opt-tcpserverstransport-tls-rootcas" href="#opt-tcpserverstransport-tls-rootcas" title="#opt-tcpserverstransport-tls-rootcas">tcpserverstransport.tls.rootcas</a> | Defines a list of CA secret used to validate self-signed certificate | |
| <a id="opt-tcpserverstransport-tls-spiffe" href="#opt-tcpserverstransport-tls-spiffe" title="#opt-tcpserverstransport-tls-spiffe">tcpserverstransport.tls.spiffe</a> | Defines the SPIFFE TLS configuration. | false |
| <a id="opt-tcpserverstransport-tls-spiffe-ids" href="#opt-tcpserverstransport-tls-spiffe-ids" title="#opt-tcpserverstransport-tls-spiffe-ids">tcpserverstransport.tls.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| <a id="opt-tcpserverstransport-tls-spiffe-trustdomain" href="#opt-tcpserverstransport-tls-spiffe-trustdomain" title="#opt-tcpserverstransport-tls-spiffe-trustdomain">tcpserverstransport.tls.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
| <a id="opt-tracing" href="#opt-tracing" title="#opt-tracing">tracing</a> | Tracing configuration. | false |
| <a id="opt-tracing-addinternals" href="#opt-tracing-addinternals" title="#opt-tracing-addinternals">tracing.addinternals</a> | Enables tracing for internal services (ping, dashboard, etc...). | false |
| <a id="opt-tracing-capturedrequestheaders" href="#opt-tracing-capturedrequestheaders" title="#opt-tracing-capturedrequestheaders">tracing.capturedrequestheaders</a> | Request headers to add as attributes for server and client spans. | |
| <a id="opt-tracing-capturedresponseheaders" href="#opt-tracing-capturedresponseheaders" title="#opt-tracing-capturedresponseheaders">tracing.capturedresponseheaders</a> | Response headers to add as attributes for server and client spans. | |
| <a id="opt-tracing-globalattributes-name" href="#opt-tracing-globalattributes-name" title="#opt-tracing-globalattributes-name">tracing.globalattributes._name_</a> | (Deprecated) Defines additional resource attributes (key:value). | |
| <a id="opt-tracing-otlp" href="#opt-tracing-otlp" title="#opt-tracing-otlp">tracing.otlp</a> | Settings for OpenTelemetry. | false |
| <a id="opt-tracing-otlp-grpc" href="#opt-tracing-otlp-grpc" title="#opt-tracing-otlp-grpc">tracing.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="opt-tracing-otlp-grpc-endpoint" href="#opt-tracing-otlp-grpc-endpoint" title="#opt-tracing-otlp-grpc-endpoint">tracing.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="opt-tracing-otlp-grpc-headers-name" href="#opt-tracing-otlp-grpc-headers-name" title="#opt-tracing-otlp-grpc-headers-name">tracing.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-tracing-otlp-grpc-insecure" href="#opt-tracing-otlp-grpc-insecure" title="#opt-tracing-otlp-grpc-insecure">tracing.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="opt-tracing-otlp-grpc-tls-ca" href="#opt-tracing-otlp-grpc-tls-ca" title="#opt-tracing-otlp-grpc-tls-ca">tracing.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="opt-tracing-otlp-grpc-tls-cert" href="#opt-tracing-otlp-grpc-tls-cert" title="#opt-tracing-otlp-grpc-tls-cert">tracing.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="opt-tracing-otlp-grpc-tls-insecureskipverify" href="#opt-tracing-otlp-grpc-tls-insecureskipverify" title="#opt-tracing-otlp-grpc-tls-insecureskipverify">tracing.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-tracing-otlp-grpc-tls-key" href="#opt-tracing-otlp-grpc-tls-key" title="#opt-tracing-otlp-grpc-tls-key">tracing.otlp.grpc.tls.key</a> | TLS key | |
| <a id="opt-tracing-otlp-http" href="#opt-tracing-otlp-http" title="#opt-tracing-otlp-http">tracing.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="opt-tracing-otlp-http-endpoint" href="#opt-tracing-otlp-http-endpoint" title="#opt-tracing-otlp-http-endpoint">tracing.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="opt-tracing-otlp-http-headers-name" href="#opt-tracing-otlp-http-headers-name" title="#opt-tracing-otlp-http-headers-name">tracing.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="opt-tracing-otlp-http-tls-ca" href="#opt-tracing-otlp-http-tls-ca" title="#opt-tracing-otlp-http-tls-ca">tracing.otlp.http.tls.ca</a> | TLS CA | |
| <a id="opt-tracing-otlp-http-tls-cert" href="#opt-tracing-otlp-http-tls-cert" title="#opt-tracing-otlp-http-tls-cert">tracing.otlp.http.tls.cert</a> | TLS cert | |
| <a id="opt-tracing-otlp-http-tls-insecureskipverify" href="#opt-tracing-otlp-http-tls-insecureskipverify" title="#opt-tracing-otlp-http-tls-insecureskipverify">tracing.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="opt-tracing-otlp-http-tls-key" href="#opt-tracing-otlp-http-tls-key" title="#opt-tracing-otlp-http-tls-key">tracing.otlp.http.tls.key</a> | TLS key | |
| <a id="opt-tracing-resourceattributes-name" href="#opt-tracing-resourceattributes-name" title="#opt-tracing-resourceattributes-name">tracing.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="opt-tracing-safequeryparams" href="#opt-tracing-safequeryparams" title="#opt-tracing-safequeryparams">tracing.safequeryparams</a> | Query params to not redact. | |
| <a id="opt-tracing-samplerate" href="#opt-tracing-samplerate" title="#opt-tracing-samplerate">tracing.samplerate</a> | Sets the rate between 0.0 and 1.0 of requests to trace. | 1.000000 |
| <a id="opt-tracing-servicename" href="#opt-tracing-servicename" title="#opt-tracing-servicename">tracing.servicename</a> | Defines the service name resource attribute. | traefik |

111
docs/content/reference/install-configuration/entrypoints.md
View File

@@ -25,10 +25,11 @@ entryPoints:
websecure:
address: :443
tls: {}
middlewares:
- auth@kubernetescrd
- strip@kubernetescrd
http:
tls: {}
middlewares:
- auth@kubernetescrd
- strip@kubernetescrd
```
```toml tab="File (TOML)"
@@ -85,38 +86,38 @@ additionalArguments:
| Field | Description | Default | Required |
|:----------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------|:---------|
| `address` | Define the port, and optionally the hostname, on which to listen for incoming connections and packets.<br /> It also defines the protocol to use (TCP or UDP).<br /> If no protocol is specified, the default is TCP. The format is:`[host]:port[/tcp\|/udp] | - | Yes |
| `asDefault` | Mark the `entryPoint` to be in the list of default `entryPoints`.<br /> `entryPoints`in this list are used (by default) on HTTP and TCP routers that do not define their own `entryPoints` option.<br /> More information [here](#asdefault). | false | No |
| `forwardedHeaders.trustedIPs` | Set the IPs or CIDR from where Traefik trusts the forwarded headers information (`X-Forwarded-*`). | - | No |
| `forwardedHeaders.insecure` | Set the insecure mode to always trust the forwarded headers information (`X-Forwarded-*`).<br />We recommend to use this option only for tests purposes, not in production. | false | No |
| `http.redirections.`<br />`entryPoint.to` | The target element to enable (permanent) redirecting of all incoming requests on an entry point to another one. <br /> The target element can be an entry point name (ex: `websecure`), or a port (`:443`). | - | Yes |
| `http.redirections.`<br />`entryPoint.scheme` | The target scheme to use for (permanent) redirection of all incoming requests. | https | No |
| `http.redirections.`<br />`entryPoint.permanent` | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`). | false | No |
| `http.redirections.`<br />`entryPoint.priority` | Default priority applied to the routers attached to the `entryPoint`. | MaxInt32-1 (2147483646) | No |
| `http.encodeQuerySemicolons` | Enable query semicolons encoding. <br /> Use this option to avoid non-encoded semicolons to be interpreted as query parameter separators by Traefik. <br /> When using this option, the non-encoded semicolons characters in query will be transmitted encoded to the backend.<br /> More information [here](#encodequerysemicolons). | false | No |
| `http.sanitizePath` | Defines whether to enable the request path sanitization.<br /> More information [here](#sanitizepath). | false | No |
| `http.middlewares` | Set the list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. <br />More information [here](#httpmiddlewares). | - | No |
| `http.tls` | Enable TLS on every router attached to the `entryPoint`. <br /> If no certificate are set, a default self-signed certificate is generates by Traefik. <br /> We recommend to not use self signed certificates in production. | - | No |
| `http.tls.options` | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption). | - | No |
| `http.tls.certResolver` | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md). | - | No |
| `http2.maxConcurrentStreams` | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero. | 250 | No |
| `http3` | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3. | - | No |
| `http3.advertisedPort` | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening. | - | No |
| `observability.accessLogs` | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| `observability.metrics` | Defines whether a router attached to this EntryPoint produces metrics by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| `observability.tracing` | Defines whether a router attached to this EntryPoint produces traces by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| `observability.traceVerbosity` | Defines the tracing verbosity level for routers attached to this EntryPoint. Possible values: `minimal` (default), `detailed`. Routers can override this value in their own observability configuration. <br /> More information [here](#traceverbosity). | minimal | No |
| `proxyProtocol.trustedIPs` | Enable PROXY protocol with Trusted IPs. <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No |
| `proxyProtocol.insecure` | Enable PROXY protocol trusting every incoming connection. <br /> Every remote client address will be replaced (`trustedIPs`) won't have any effect). <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br />We recommend to use this option only for tests purposes, not in production.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No |
| `reusePort` | Enable `entryPoints` from the same or different processes listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option. <br /> It also allows the kernel to act like a load balancer to distribute incoming connections between entry points.<br /> More information [here](#reuseport). | false | No |
| `transport.`<br />`respondingTimeouts.`<br />`readTimeout` | Set the timeouts for incoming requests to the Traefik instance. This is the maximum duration for reading the entire request, including the body. Setting them has no effect for UDP `entryPoints`.<br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 60s (seconds) | No |
| `transport.`<br />`respondingTimeouts.`<br />`writeTimeout` | Maximum duration before timing out writes of the response. <br /> It covers the time from the end of the request header read to the end of the response write. <br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 0s (seconds) | No |
| `transport.`<br />`respondingTimeouts.`<br />`idleTimeout` | Maximum duration an idle (keep-alive) connection will remain idle before closing itself. <br /> If zero, no timeout exists <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 180s (seconds) | No |
| `transport.`<br />`lifeCycle.`<br />`graceTimeOut` | Set the duration to give active requests a chance to finish before Traefik stops. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds <br /> In this time frame no new requests are accepted. | 10s (seconds) | No |
| `transport.`<br />`lifeCycle.`<br />`requestAcceptGraceTimeout` | Set the duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `transportlifeCycle.graceTimeOut` option). <br /> This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 0s (seconds) | No |
| `transport.`<br />`keepAliveMaxRequests` | Set the maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). <br /> Zero means no limit. | 0 | No |
| `transport.`<br />`keepAliveMaxTime` | Set the maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit. | 0s (seconds) | No |
| `udp.timeout` | Define how long to wait on an idle session before releasing the related resources. <br />The Timeout value must be greater than zero. | 3s (seconds) | No |
| <a id="opt-address" href="#opt-address" title="#opt-address">`address`</a> | Define the port, and optionally the hostname, on which to listen for incoming connections and packets.<br /> It also defines the protocol to use (TCP or UDP).<br /> If no protocol is specified, the default is TCP. The format is:`[host]:port[/tcp\|/udp] | - | Yes |
| <a id="opt-asDefault" href="#opt-asDefault" title="#opt-asDefault">`asDefault`</a> | Mark the `entryPoint` to be in the list of default `entryPoints`.<br /> `entryPoints`in this list are used (by default) on HTTP and TCP routers that do not define their own `entryPoints` option.<br /> More information [here](#asdefault). | false | No |
| <a id="opt-forwardedHeaders-trustedIPs" href="#opt-forwardedHeaders-trustedIPs" title="#opt-forwardedHeaders-trustedIPs">`forwardedHeaders.trustedIPs`</a> | Set the IPs or CIDR from where Traefik trusts the forwarded headers information (`X-Forwarded-*`). | - | No |
| <a id="opt-forwardedHeaders-insecure" href="#opt-forwardedHeaders-insecure" title="#opt-forwardedHeaders-insecure">`forwardedHeaders.insecure`</a> | Set the insecure mode to always trust the forwarded headers information (`X-Forwarded-*`).<br />We recommend to use this option only for tests purposes, not in production. | false | No |
| <a id="opt-http-redirections-entryPoint-to" href="#opt-http-redirections-entryPoint-to" title="#opt-http-redirections-entryPoint-to">`http.redirections.`<br />`entryPoint.to`</a> | The target element to enable (permanent) redirecting of all incoming requests on an entry point to another one. <br /> The target element can be an entry point name (ex: `websecure`), or a port (`:443`). | - | Yes |
| <a id="opt-http-redirections-entryPoint-scheme" href="#opt-http-redirections-entryPoint-scheme" title="#opt-http-redirections-entryPoint-scheme">`http.redirections.`<br />`entryPoint.scheme`</a> | The target scheme to use for (permanent) redirection of all incoming requests. | https | No |
| <a id="opt-http-redirections-entryPoint-permanent" href="#opt-http-redirections-entryPoint-permanent" title="#opt-http-redirections-entryPoint-permanent">`http.redirections.`<br />`entryPoint.permanent`</a> | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`). | false | No |
| <a id="opt-http-redirections-entryPoint-priority" href="#opt-http-redirections-entryPoint-priority" title="#opt-http-redirections-entryPoint-priority">`http.redirections.`<br />`entryPoint.priority`</a> | Default priority applied to the routers attached to the `entryPoint`. | MaxInt32-1 (2147483646) | No |
| <a id="opt-http-encodeQuerySemicolons" href="#opt-http-encodeQuerySemicolons" title="#opt-http-encodeQuerySemicolons">`http.encodeQuerySemicolons`</a> | Enable query semicolons encoding. <br /> Use this option to avoid non-encoded semicolons to be interpreted as query parameter separators by Traefik. <br /> When using this option, the non-encoded semicolons characters in query will be transmitted encoded to the backend.<br /> More information [here](#encodequerysemicolons). | false | No |
| <a id="opt-http-sanitizePath" href="#opt-http-sanitizePath" title="#opt-http-sanitizePath">`http.sanitizePath`</a> | Defines whether to enable the request path sanitization.<br /> More information [here](#sanitizepath). | false | No |
| <a id="opt-http-middlewares" href="#opt-http-middlewares" title="#opt-http-middlewares">`http.middlewares`</a> | Set the list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. <br />More information [here](#httpmiddlewares). | - | No |
| <a id="opt-http-tls" href="#opt-http-tls" title="#opt-http-tls">`http.tls`</a> | Enable TLS on every router attached to the `entryPoint`. <br /> If no certificate are set, a default self-signed certificate is generated by Traefik. <br /> We recommend to not use self signed certificates in production. | - | No |
| <a id="opt-http-tls-options" href="#opt-http-tls-options" title="#opt-http-tls-options">`http.tls.options`</a> | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption). | - | No |
| <a id="opt-http-tls-certResolver" href="#opt-http-tls-certResolver" title="#opt-http-tls-certResolver">`http.tls.certResolver`</a> | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md). | - | No |
| <a id="opt-http2-maxConcurrentStreams" href="#opt-http2-maxConcurrentStreams" title="#opt-http2-maxConcurrentStreams">`http2.maxConcurrentStreams`</a> | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero. | 250 | No |
| <a id="opt-http3" href="#opt-http3" title="#opt-http3">`http3`</a> | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3). | - | No |
| <a id="opt-http3-advertisedPort" href="#opt-http3-advertisedPort" title="#opt-http3-advertisedPort">`http3.advertisedPort`</a> | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening. | - | No |
| <a id="opt-observability-accessLogs" href="#opt-observability-accessLogs" title="#opt-observability-accessLogs">`observability.accessLogs`</a> | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| <a id="opt-observability-metrics" href="#opt-observability-metrics" title="#opt-observability-metrics">`observability.metrics`</a> | Defines whether a router attached to this EntryPoint produces metrics by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| <a id="opt-observability-tracing" href="#opt-observability-tracing" title="#opt-observability-tracing">`observability.tracing`</a> | Defines whether a router attached to this EntryPoint produces traces by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| <a id="opt-observability-traceVerbosity" href="#opt-observability-traceVerbosity" title="#opt-observability-traceVerbosity">`observability.traceVerbosity`</a> | Defines the tracing verbosity level for routers attached to this EntryPoint. Possible values: `minimal` (default), `detailed`. Routers can override this value in their own observability configuration. <br /> More information [here](#traceverbosity). | minimal | No |
| <a id="opt-proxyProtocol-trustedIPs" href="#opt-proxyProtocol-trustedIPs" title="#opt-proxyProtocol-trustedIPs">`proxyProtocol.trustedIPs`</a> | Enable PROXY protocol with Trusted IPs. <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No |
| <a id="opt-proxyProtocol-insecure" href="#opt-proxyProtocol-insecure" title="#opt-proxyProtocol-insecure">`proxyProtocol.insecure`</a> | Enable PROXY protocol trusting every incoming connection. <br /> Every remote client address will be replaced (`trustedIPs`) won't have any effect). <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br />We recommend to use this option only for tests purposes, not in production.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No |
| <a id="opt-reusePort" href="#opt-reusePort" title="#opt-reusePort">`reusePort`</a> | Enable `entryPoints` from the same or different processes listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option. <br /> It also allows the kernel to act like a load balancer to distribute incoming connections between entry points.<br /> More information [here](#reuseport). | false | No |
| <a id="opt-transport-respondingTimeouts-readTimeout" href="#opt-transport-respondingTimeouts-readTimeout" title="#opt-transport-respondingTimeouts-readTimeout">`transport.`<br />`respondingTimeouts.`<br />`readTimeout`</a> | Set the timeouts for incoming requests to the Traefik instance. This is the maximum duration for reading the entire request, including the body. Setting them has no effect for UDP `entryPoints`.<br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 60s (seconds) | No |
| <a id="opt-transport-respondingTimeouts-writeTimeout" href="#opt-transport-respondingTimeouts-writeTimeout" title="#opt-transport-respondingTimeouts-writeTimeout">`transport.`<br />`respondingTimeouts.`<br />`writeTimeout`</a> | Maximum duration before timing out writes of the response. <br /> It covers the time from the end of the request header read to the end of the response write. <br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 0s (seconds) | No |
| <a id="opt-transport-respondingTimeouts-idleTimeout" href="#opt-transport-respondingTimeouts-idleTimeout" title="#opt-transport-respondingTimeouts-idleTimeout">`transport.`<br />`respondingTimeouts.`<br />`idleTimeout`</a> | Maximum duration an idle (keep-alive) connection will remain idle before closing itself. <br /> If zero, no timeout exists <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 180s (seconds) | No |
| <a id="opt-transport-lifeCycle-graceTimeOut" href="#opt-transport-lifeCycle-graceTimeOut" title="#opt-transport-lifeCycle-graceTimeOut">`transport.`<br />`lifeCycle.`<br />`graceTimeOut`</a> | Set the duration to give active requests a chance to finish before Traefik stops. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds <br /> In this time frame no new requests are accepted. | 10s (seconds) | No |
| <a id="opt-transport-lifeCycle-requestAcceptGraceTimeout" href="#opt-transport-lifeCycle-requestAcceptGraceTimeout" title="#opt-transport-lifeCycle-requestAcceptGraceTimeout">`transport.`<br />`lifeCycle.`<br />`requestAcceptGraceTimeout`</a> | Set the duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `transportlifeCycle.graceTimeOut` option). <br /> This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 0s (seconds) | No |
| <a id="opt-transport-keepAliveMaxRequests" href="#opt-transport-keepAliveMaxRequests" title="#opt-transport-keepAliveMaxRequests">`transport.`<br />`keepAliveMaxRequests`</a> | Set the maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). <br /> Zero means no limit. | 0 | No |
| <a id="opt-transport-keepAliveMaxTime" href="#opt-transport-keepAliveMaxTime" title="#opt-transport-keepAliveMaxTime">`transport.`<br />`keepAliveMaxTime`</a> | Set the maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit. | 0s (seconds) | No |
| <a id="opt-udp-timeout" href="#opt-udp-timeout" title="#opt-udp-timeout">`udp.timeout`</a> | Define how long to wait on an idle session before releasing the related resources. <br />The Timeout value must be greater than zero. | 3s (seconds) | No |
### asDefault
@@ -151,18 +152,20 @@ are applied after the ones declared on the Entrypoint)
entryPoints:
web:
address: :80
middlewares:
- auth@kubernetescrd
- strip@file
http:
middlewares:
- auth@kubernetescrd
- strip@file
```
```yaml tab="Helm Chart Values"
ports:
web:
port: :80
middlewares:
- auth@kubernetescrd
- strip@file
http:
middlewares:
- auth@kubernetescrd
- strip@file
```
### encodeQuerySemicolons
@@ -171,10 +174,10 @@ Behavior examples:
| EncodeQuerySemicolons | Request Query | Resulting Request Query |
|-----------------------|---------------------|-------------------------|
| false | foo=bar;baz=bar | foo=bar&baz=bar |
| true | foo=bar;baz=bar | foo=bar%3Bbaz=bar |
| false | foo=bar&baz=bar;foo | foo=bar&baz=bar&foo |
| true | foo=bar&baz=bar;foo | foo=bar&baz=bar%3Bfoo |
| <a id="opt-false" href="#opt-false" title="#opt-false">false</a> | foo=bar;baz=bar | foo=bar&baz=bar |
| <a id="opt-true" href="#opt-true" title="#opt-true">true</a> | foo=bar;baz=bar | foo=bar%3Bbaz=bar |
| <a id="opt-false-2" href="#opt-false-2" title="#opt-false-2">false</a> | foo=bar&baz=bar;foo | foo=bar&baz=bar&foo |
| <a id="opt-true-2" href="#opt-true-2" title="#opt-true-2">true</a> | foo=bar&baz=bar;foo | foo=bar&baz=bar%3Bfoo |
### SanitizePath
@@ -194,14 +197,14 @@ it can lead to unsafe routing when the `sanitizePath` option is set to `false`.
| SanitizePath | Request Path | Resulting Request Path |
|--------------|-----------------|------------------------|
| false | /./foo/bar | /./foo/bar |
| true | /./foo/bar | /foo/bar |
| false | /foo/../bar | /foo/../bar |
| true | /foo/../bar | /bar |
| false | /foo/bar// | /foo/bar// |
| true | /foo/bar// | /foo/bar/ |
| false | /./foo/../bar// | /./foo/../bar// |
| true | /./foo/../bar// | /bar/ |
| <a id="opt-false-3" href="#opt-false-3" title="#opt-false-3">false</a> | /./foo/bar | /./foo/bar |
| <a id="opt-true-3" href="#opt-true-3" title="#opt-true-3">true</a> | /./foo/bar | /foo/bar |
| <a id="opt-false-4" href="#opt-false-4" title="#opt-false-4">false</a> | /foo/../bar | /foo/../bar |
| <a id="opt-true-4" href="#opt-true-4" title="#opt-true-4">true</a> | /foo/../bar | /bar |
| <a id="opt-false-5" href="#opt-false-5" title="#opt-false-5">false</a> | /foo/bar// | /foo/bar// |
| <a id="opt-true-5" href="#opt-true-5" title="#opt-true-5">true</a> | /foo/bar// | /foo/bar/ |
| <a id="opt-false-6" href="#opt-false-6" title="#opt-false-6">false</a> | /./foo/../bar// | /./foo/../bar// |
| <a id="opt-true-6" href="#opt-true-6" title="#opt-true-6">true</a> | /./foo/../bar// | /bar/ |
### HTTP3

8
docs/content/reference/install-configuration/observability/healthcheck.md
View File

@@ -36,7 +36,7 @@ whose default value is `traefik` (port `8080`).
| Path | Method | Description |
|---------|---------------|-----------------------------------------------------------------------------------------------------|
| `/ping` | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
| <a id="opt-ping" href="#opt-ping" title="#opt-ping">`/ping`</a> | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
### Configuration Example
@@ -58,9 +58,9 @@ ping: {}
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `ping.entryPoint` | Enables `/ping` on a dedicated EntryPoint. | traefik | No |
| `ping.manualRouting` | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No |
| `ping.terminatingStatusCode` | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No |
| <a id="opt-ping-entryPoint" href="#opt-ping-entryPoint" title="#opt-ping-entryPoint">`ping.entryPoint`</a> | Enables `/ping` on a dedicated EntryPoint. | traefik | No |
| <a id="opt-ping-manualRouting" href="#opt-ping-manualRouting" title="#opt-ping-manualRouting">`ping.manualRouting`</a> | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No |
| <a id="opt-ping-terminatingStatusCode" href="#opt-ping-terminatingStatusCode" title="#opt-ping-terminatingStatusCode">`ping.terminatingStatusCode`</a> | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No |
#### `terminatingStatusCode`

6
docs/content/reference/install-configuration/observability/healthcheck/ping.md
View File

@@ -37,9 +37,9 @@ You can define it using the same [configuration methods](../../boot-environment.
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `ping.entryPoint` | Enables `/ping` on a dedicated EntryPoint. | traefik | No |
| `ping.manualRouting` | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No |
| `ping.terminatingStatusCode` | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No |
| <a id="opt-ping-entryPoint" href="#opt-ping-entryPoint" title="#opt-ping-entryPoint">`ping.entryPoint`</a> | Enables `/ping` on a dedicated EntryPoint. | traefik | No |
| <a id="opt-ping-manualRouting" href="#opt-ping-manualRouting" title="#opt-ping-manualRouting">`ping.manualRouting`</a> | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No |
| <a id="opt-ping-terminatingStatusCode" href="#opt-ping-terminatingStatusCode" title="#opt-ping-terminatingStatusCode">`ping.terminatingStatusCode`</a> | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No |
### `terminatingStatusCode`

235
docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
View File

@@ -35,14 +35,14 @@ The section below describe how to configure Traefik logs using the static config
| Field | Description | Default | Required |
|:-----------|:----------------------------|:--------|:---------|
| `log.filePath` | By default, the logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| - | No |
| `log.format` | Log format (`common`or `json`).<br /> The fields displayed with the format `common` cannot be customized. | "common" | No |
| `log.level` | Log level (`TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`)| ERROR | No |
| `log.noColor` | When using the format `common`, disables the colorized output. | false | No |
| `log.maxSize` | Maximum size in megabytes of the log file before it gets rotated. | 100MB | No |
| `log.maxAge` | Maximum number of days to retain old log files based on the timestamp encoded in their filename.<br /> A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.<br />By default files are not removed based on their age. | 0 | No |
| `log.maxBackups` | Maximum number of old log files to retain.<br />The default is to retain all old log files. | 0 | No |
| `log.compress` | Compress log files in gzip after rotation. | false | No |
| <a id="opt-log-filePath" href="#opt-log-filePath" title="#opt-log-filePath">`log.filePath`</a> | By default, the logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option. When `filePath` is specified, Traefik will write logs only to that file (not to standard output).| - | No |
| <a id="opt-log-format" href="#opt-log-format" title="#opt-log-format">`log.format`</a> | Log format (`common`or `json`).<br /> The fields displayed with the format `common` cannot be customized. | "common" | No |
| <a id="opt-log-level" href="#opt-log-level" title="#opt-log-level">`log.level`</a> | Log level (`TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`)| ERROR | No |
| <a id="opt-log-noColor" href="#opt-log-noColor" title="#opt-log-noColor">`log.noColor`</a> | When using the format `common`, disables the colorized output. | false | No |
| <a id="opt-log-maxSize" href="#opt-log-maxSize" title="#opt-log-maxSize">`log.maxSize`</a> | Maximum size in megabytes of the log file before it gets rotated. | 100MB | No |
| <a id="opt-log-maxAge" href="#opt-log-maxAge" title="#opt-log-maxAge">`log.maxAge`</a> | Maximum number of days to retain old log files based on the timestamp encoded in their filename.<br /> A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.<br />By default files are not removed based on their age. | 0 | No |
| <a id="opt-log-maxBackups" href="#opt-log-maxBackups" title="#opt-log-maxBackups">`log.maxBackups`</a> | Maximum number of old log files to retain.<br />The default is to retain all old log files. | 0 | No |
| <a id="opt-log-compress" href="#opt-log-compress" title="#opt-log-compress">`log.compress`</a> | Compress log files in gzip after rotation. | false | No |
### OpenTelemetry
@@ -65,6 +65,9 @@ experimental:
!!! warning
This is an experimental feature.
!!! note "Stdio logs remain available"
When OTLP logging is enabled, standard output (stdio) logs are still available and will continue to be written alongside OTLP exports.
#### Configuration Example
```yaml tab="File (YAML)"
@@ -98,25 +101,41 @@ log:
| Field | Description | Default | Required |
|:---------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
| `log.otlp.serviceName` | Service name used in selected backend. | "traefik" | No |
| `log.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
| `log.otlp.http` | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP. | | No |
| `log.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| `log.otlp.http.headers` | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `log.otlp.http.tls` | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `log.otlp.http.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| `log.otlp.grpc` | This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC. | | No |
| `log.otlp.grpc.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| `log.otlp.grpc.headers` | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `log.otlp.grpc.insecure` | Instructs the exporter to send logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| `log.otlp.grpc.tls` | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `log.otlp.grpc.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| <a id="opt-log-otlp-serviceName" href="#opt-log-otlp-serviceName" title="#opt-log-otlp-serviceName">`log.otlp.serviceName`</a> | Service name used in selected backend. | "traefik" | No |
| <a id="opt-log-otlp-resourceAttributes" href="#opt-log-otlp-resourceAttributes" title="#opt-log-otlp-resourceAttributes">`log.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details. | [] | No |
| <a id="opt-log-otlp-http" href="#opt-log-otlp-http" title="#opt-log-otlp-http">`log.otlp.http`</a> | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP. | | No |
| <a id="opt-log-otlp-http-endpoint" href="#opt-log-otlp-http-endpoint" title="#opt-log-otlp-http-endpoint">`log.otlp.http.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| <a id="opt-log-otlp-http-headers" href="#opt-log-otlp-http-headers" title="#opt-log-otlp-http-headers">`log.otlp.http.headers`</a> | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| <a id="opt-log-otlp-http-tls" href="#opt-log-otlp-http-tls" title="#opt-log-otlp-http-tls">`log.otlp.http.tls`</a> | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| <a id="opt-log-otlp-http-tls-ca" href="#opt-log-otlp-http-tls-ca" title="#opt-log-otlp-http-tls-ca">`log.otlp.http.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| <a id="opt-log-otlp-http-tls-cert" href="#opt-log-otlp-http-tls-cert" title="#opt-log-otlp-http-tls-cert">`log.otlp.http.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| <a id="opt-log-otlp-http-tls-key" href="#opt-log-otlp-http-tls-key" title="#opt-log-otlp-http-tls-key">`log.otlp.http.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| <a id="opt-log-otlp-http-tls-insecureSkipVerify" href="#opt-log-otlp-http-tls-insecureSkipVerify" title="#opt-log-otlp-http-tls-insecureSkipVerify">`log.otlp.http.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| <a id="opt-log-otlp-grpc" href="#opt-log-otlp-grpc" title="#opt-log-otlp-grpc">`log.otlp.grpc`</a> | This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC. | | No |
| <a id="opt-log-otlp-grpc-endpoint" href="#opt-log-otlp-grpc-endpoint" title="#opt-log-otlp-grpc-endpoint">`log.otlp.grpc.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| <a id="opt-log-otlp-grpc-headers" href="#opt-log-otlp-grpc-headers" title="#opt-log-otlp-grpc-headers">`log.otlp.grpc.headers`</a> | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| <a id="opt-log-otlp-grpc-insecure" href="#opt-log-otlp-grpc-insecure" title="#opt-log-otlp-grpc-insecure">`log.otlp.grpc.insecure`</a> | Instructs the exporter to send logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| <a id="opt-log-otlp-grpc-tls" href="#opt-log-otlp-grpc-tls" title="#opt-log-otlp-grpc-tls">`log.otlp.grpc.tls`</a> | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| <a id="opt-log-otlp-grpc-tls-ca" href="#opt-log-otlp-grpc-tls-ca" title="#opt-log-otlp-grpc-tls-ca">`log.otlp.grpc.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| <a id="opt-log-otlp-grpc-tls-cert" href="#opt-log-otlp-grpc-tls-cert" title="#opt-log-otlp-grpc-tls-cert">`log.otlp.grpc.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| <a id="opt-log-otlp-grpc-tls-key" href="#opt-log-otlp-grpc-tls-key" title="#opt-log-otlp-grpc-tls-key">`log.otlp.grpc.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| <a id="opt-log-otlp-grpc-tls-insecureSkipVerify" href="#opt-log-otlp-grpc-tls-insecureSkipVerify" title="#opt-log-otlp-grpc-tls-insecureSkipVerify">`log.otlp.grpc.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
#### resourceAttributes
The `resourceAttributes` option allows setting the resource attributes sent along the traces.
Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
!!! info "Kubernetes Resource Attributes Detection"
Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
- `k8s.namespace.name`
- `k8s.pod.uid`
- `k8s.pod.name`
Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
In this case, you should provide the attributes with the option or the env variable.
## AccessLogs
@@ -187,24 +206,23 @@ accessLog:
--accesslog.fields.headers.names.Authorization=drop
```
### Configuration Options
The section below describes how to configure Traefik access logs using the static configuration.
| Field | Description | Default | Required |
|:-----------|:--------------------------|:--------|:---------|
| `accesslog.filePath` | By default, the access logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| | No |
| `accesslog.format` | By default, logs are written using the Common Log Format (CLF).<br />To write logs in JSON, use `json` in the `format` option.<br />If the given format is unsupported, the default (CLF) is used instead.<br />More information about CLF fields [here](#clf-format-fields). | "common" | No |
| `accesslog.bufferingSize` | To write the logs in an asynchronous fashion, specify a `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No |
| `accesslog.addInternals` | Enables access logs for internal resources (e.g.: `ping@internal`). | false | No |
| `accesslog.filters.statusCodes` | Limit the access logs to requests with a status codes in the specified range. | [ ] | No |
| `accesslog.filters.retryAttempts` | Keep the access logs when at least one retry has happened. | false | No |
| `accesslog.filters.minDuration` | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)). | 0 | No |
| `accesslog.fields.defaultMode` | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No |
| `accesslog.fields.names` | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#available-fields). | [ ] | No |
| `accesslog.headers.defaultMode` | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No |
| `accesslog.headers.names` | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No |
| <a id="opt-accesslog-filePath" href="#opt-accesslog-filePath" title="#opt-accesslog-filePath">`accesslog.filePath`</a> | By default, the access logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| | No |
| <a id="opt-accesslog-format" href="#opt-accesslog-format" title="#opt-accesslog-format">`accesslog.format`</a> | By default, logs are written using the Traefik Common Log Format (CLF).<br />Available formats: [`common`](#traefik-clf-format-fields) (Traefik extended CLF), [`genericCLF`](#generic-clf-format-fields) (standard CLF compatible with analyzers), or [`json`](#json-format-fields).<br />If the given format is unsupported, the default (`common`) is used instead. | "common" | No |
| <a id="opt-accesslog-bufferingSize" href="#opt-accesslog-bufferingSize" title="#opt-accesslog-bufferingSize">`accesslog.bufferingSize`</a> | To write the logs in an asynchronous fashion, specify a `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No |
| <a id="opt-accesslog-addInternals" href="#opt-accesslog-addInternals" title="#opt-accesslog-addInternals">`accesslog.addInternals`</a> | Enables access logs for internal resources (e.g.: `ping@internal`). | false | No |
| <a id="opt-accesslog-filters-statusCodes" href="#opt-accesslog-filters-statusCodes" title="#opt-accesslog-filters-statusCodes">`accesslog.filters.statusCodes`</a> | Limit the access logs to requests with a status codes in the specified range. | [ ] | No |
| <a id="opt-accesslog-filters-retryAttempts" href="#opt-accesslog-filters-retryAttempts" title="#opt-accesslog-filters-retryAttempts">`accesslog.filters.retryAttempts`</a> | Keep the access logs when at least one retry has happened. | false | No |
| <a id="opt-accesslog-filters-minDuration" href="#opt-accesslog-filters-minDuration" title="#opt-accesslog-filters-minDuration">`accesslog.filters.minDuration`</a> | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)). | 0 | No |
| <a id="opt-accesslog-fields-defaultMode" href="#opt-accesslog-fields-defaultMode" title="#opt-accesslog-fields-defaultMode">`accesslog.fields.defaultMode`</a> | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No |
| <a id="opt-accesslog-fields-names" href="#opt-accesslog-fields-names" title="#opt-accesslog-fields-names">`accesslog.fields.names`</a> | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#json-format-fields). | [ ] | No |
| <a id="opt-accesslog-fields-headers-defaultMode" href="#opt-accesslog-fields-headers-defaultMode" title="#opt-accesslog-fields-headers-defaultMode">`accesslog.fields.headers.defaultMode`</a> | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No |
| <a id="opt-accesslog-fields-headers-names" href="#opt-accesslog-fields-headers-names" title="#opt-accesslog-fields-headers-names">`accesslog.fields.headers.names`</a> | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No |
### OpenTelemetry
@@ -260,29 +278,46 @@ accesslog:
| Field | Description | Default | Required |
|:---------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
| `accesslog.otlp.serviceName` | Defines the service name resource attribute. | "traefik" | No |
| `accesslog.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
| `accesslog.otlp.http` | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP. | | No |
| `accesslog.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| `accesslog.otlp.http.headers` | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `accesslog.otlp.http.tls` | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `accesslog.otlp.http.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| `accesslog.otlp.grpc` | This instructs the exporter to send access logs to the OpenTelemetry Collector using gRPC. | | No |
| `accesslog.otlp.grpc.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| `accesslog.otlp.grpc.headers` | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `accesslog.otlp.grpc.insecure` | Instructs the exporter to send access logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| `accesslog.otlp.grpc.tls` | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `accesslog.otlp.grpc.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| <a id="opt-accesslog-otlp-serviceName" href="#opt-accesslog-otlp-serviceName" title="#opt-accesslog-otlp-serviceName">`accesslog.otlp.serviceName`</a> | Defines the service name resource attribute. | "traefik" | No |
| <a id="opt-accesslog-otlp-resourceAttributes" href="#opt-accesslog-otlp-resourceAttributes" title="#opt-accesslog-otlp-resourceAttributes">`accesslog.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes_1) for details. | [] | No |
| <a id="opt-accesslog-otlp-http" href="#opt-accesslog-otlp-http" title="#opt-accesslog-otlp-http">`accesslog.otlp.http`</a> | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP. | | No |
| <a id="opt-accesslog-otlp-http-endpoint" href="#opt-accesslog-otlp-http-endpoint" title="#opt-accesslog-otlp-http-endpoint">`accesslog.otlp.http.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| <a id="opt-accesslog-otlp-http-headers" href="#opt-accesslog-otlp-http-headers" title="#opt-accesslog-otlp-http-headers">`accesslog.otlp.http.headers`</a> | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| <a id="opt-accesslog-otlp-http-tls" href="#opt-accesslog-otlp-http-tls" title="#opt-accesslog-otlp-http-tls">`accesslog.otlp.http.tls`</a> | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| <a id="opt-accesslog-otlp-http-tls-ca" href="#opt-accesslog-otlp-http-tls-ca" title="#opt-accesslog-otlp-http-tls-ca">`accesslog.otlp.http.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| <a id="opt-accesslog-otlp-http-tls-cert" href="#opt-accesslog-otlp-http-tls-cert" title="#opt-accesslog-otlp-http-tls-cert">`accesslog.otlp.http.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| <a id="opt-accesslog-otlp-http-tls-key" href="#opt-accesslog-otlp-http-tls-key" title="#opt-accesslog-otlp-http-tls-key">`accesslog.otlp.http.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| <a id="opt-accesslog-otlp-http-tls-insecureSkipVerify" href="#opt-accesslog-otlp-http-tls-insecureSkipVerify" title="#opt-accesslog-otlp-http-tls-insecureSkipVerify">`accesslog.otlp.http.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| <a id="opt-accesslog-otlp-grpc" href="#opt-accesslog-otlp-grpc" title="#opt-accesslog-otlp-grpc">`accesslog.otlp.grpc`</a> | This instructs the exporter to send access logs to the OpenTelemetry Collector using gRPC. | | No |
| <a id="opt-accesslog-otlp-grpc-endpoint" href="#opt-accesslog-otlp-grpc-endpoint" title="#opt-accesslog-otlp-grpc-endpoint">`accesslog.otlp.grpc.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| <a id="opt-accesslog-otlp-grpc-headers" href="#opt-accesslog-otlp-grpc-headers" title="#opt-accesslog-otlp-grpc-headers">`accesslog.otlp.grpc.headers`</a> | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| <a id="opt-accesslog-otlp-grpc-insecure" href="#opt-accesslog-otlp-grpc-insecure" title="#opt-accesslog-otlp-grpc-insecure">`accesslog.otlp.grpc.insecure`</a> | Instructs the exporter to send access logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| <a id="opt-accesslog-otlp-grpc-tls" href="#opt-accesslog-otlp-grpc-tls" title="#opt-accesslog-otlp-grpc-tls">`accesslog.otlp.grpc.tls`</a> | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| <a id="opt-accesslog-otlp-grpc-tls-ca" href="#opt-accesslog-otlp-grpc-tls-ca" title="#opt-accesslog-otlp-grpc-tls-ca">`accesslog.otlp.grpc.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| <a id="opt-accesslog-otlp-grpc-tls-cert" href="#opt-accesslog-otlp-grpc-tls-cert" title="#opt-accesslog-otlp-grpc-tls-cert">`accesslog.otlp.grpc.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| <a id="opt-accesslog-otlp-grpc-tls-key" href="#opt-accesslog-otlp-grpc-tls-key" title="#opt-accesslog-otlp-grpc-tls-key">`accesslog.otlp.grpc.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| <a id="opt-accesslog-otlp-grpc-tls-insecureSkipVerify" href="#opt-accesslog-otlp-grpc-tls-insecureSkipVerify" title="#opt-accesslog-otlp-grpc-tls-insecureSkipVerify">`accesslog.otlp.grpc.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
### CLF format fields
#### resourceAttributes
Below the fields displayed with the CLF format:
The `resourceAttributes` option allows setting the resource attributes sent along the traces.
Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
!!! info "Kubernetes Resource Attributes Detection"
Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
- `k8s.namespace.name`
- `k8s.pod.uid`
- `k8s.pod.name`
Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
In this case, you should provide the attributes with the option or the env variable.
### Traefik CLF format fields
It's the default format provided by Traefik.
Below the fields displayed with the Traefik CLF format:
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>]
@@ -291,44 +326,54 @@ Below the fields displayed with the CLF format:
"<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
```
### Available Fields
### Generic CLF format fields
Below the fields displayed with the generic CLF format:
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>]
"<request_method> <request_path> <request_protocol>" <HTTP_status> <content-length>
"<request_referrer>" "<request_user_agent>"
```
### JSON format fields
| Field | Description |
|-------------------------|------------------|
| `StartUTC` | The time at which request processing started. |
| `StartLocal` | The local time at which request processing started. |
| `Duration` | The total time taken (in nanoseconds) by processing the response, including the origin server's time but not the log writing time. |
| `RouterName` | The name of the Traefik router. |
| `ServiceName` | The name of the Traefik backend. |
| `ServiceURL` | The URL of the Traefik backend. |
| `ServiceAddr` | The IP:port of the Traefik backend (extracted from `ServiceURL`). |
| `ClientAddr` | The remote address in its original form (usually IP:port). |
| `ClientHost` | The remote IP address from which the client request was received. |
| `ClientPort` | The remote TCP port from which the client request was received. |
| `ClientUsername` | The username provided in the URL, if present. |
| `RequestAddr` | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API. |
| `RequestHost` | The HTTP Host server name (not including port). |
| `RequestPort` | The TCP port from the HTTP Host. |
| `RequestMethod` | The HTTP method. |
| `RequestPath` | The HTTP request URI, not including the scheme, host or port. |
| `RequestProtocol` | The version of HTTP requested. |
| `RequestScheme` | The HTTP scheme requested `http` or `https`. |
| `RequestLine` | The `RequestMethod`, + `RequestPath` and `RequestProtocol`. |
| `RequestContentSize` | The number of bytes in the request entity (a.k.a. body) sent by the client. |
| `OriginDuration` | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. |
| `OriginContentSize` | The content length specified by the origin server, or 0 if unspecified. |
| `OriginStatus` | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). |
| `OriginStatusLine` | `OriginStatus` + Status code explanation |
| `DownstreamStatus` | The HTTP status code returned to the client. |
| `DownstreamStatusLine` | The `DownstreamStatus` and status code explanation. |
| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
| `RequestCount` | The number of requests received since the Traefik instance started. |
| `GzipRatio` | The response body compression ratio achieved. |
| `Overhead` | The processing time overhead (in nanoseconds) caused by Traefik. |
| `RetryAttempts` | The amount of attempts the request was retried. |
| `TLSVersion` | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS). |
| `TLSCipher` | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS). |
| `TLSClientSubject` | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`). |
| <a id="opt-StartUTC" href="#opt-StartUTC" title="#opt-StartUTC">`StartUTC`</a> | The time at which request processing started. |
| <a id="opt-StartLocal" href="#opt-StartLocal" title="#opt-StartLocal">`StartLocal`</a> | The local time at which request processing started. |
| <a id="opt-Duration" href="#opt-Duration" title="#opt-Duration">`Duration`</a> | The total time taken (in nanoseconds) by processing the response, including the origin server's time but not the log writing time. |
| <a id="opt-RouterName" href="#opt-RouterName" title="#opt-RouterName">`RouterName`</a> | The name of the Traefik router. |
| <a id="opt-ServiceName" href="#opt-ServiceName" title="#opt-ServiceName">`ServiceName`</a> | The name of the Traefik backend. |
| <a id="opt-ServiceURL" href="#opt-ServiceURL" title="#opt-ServiceURL">`ServiceURL`</a> | The URL of the Traefik backend. |
| <a id="opt-ServiceAddr" href="#opt-ServiceAddr" title="#opt-ServiceAddr">`ServiceAddr`</a> | The IP:port of the Traefik backend (extracted from `ServiceURL`). |
| <a id="opt-ClientAddr" href="#opt-ClientAddr" title="#opt-ClientAddr">`ClientAddr`</a> | The remote address in its original form (usually IP:port). |
| <a id="opt-ClientHost" href="#opt-ClientHost" title="#opt-ClientHost">`ClientHost`</a> | The remote IP address from which the client request was received. |
| <a id="opt-ClientPort" href="#opt-ClientPort" title="#opt-ClientPort">`ClientPort`</a> | The remote TCP port from which the client request was received. |
| <a id="opt-ClientUsername" href="#opt-ClientUsername" title="#opt-ClientUsername">`ClientUsername`</a> | The username provided in the URL, if present. |
| <a id="opt-RequestAddr" href="#opt-RequestAddr" title="#opt-RequestAddr">`RequestAddr`</a> | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API. |
| <a id="opt-RequestHost" href="#opt-RequestHost" title="#opt-RequestHost">`RequestHost`</a> | The HTTP Host server name (not including port). |
| <a id="opt-RequestPort" href="#opt-RequestPort" title="#opt-RequestPort">`RequestPort`</a> | The TCP port from the HTTP Host. |
| <a id="opt-RequestMethod" href="#opt-RequestMethod" title="#opt-RequestMethod">`RequestMethod`</a> | The HTTP method. |
| <a id="opt-RequestPath" href="#opt-RequestPath" title="#opt-RequestPath">`RequestPath`</a> | The HTTP request URI, not including the scheme, host or port. |
| <a id="opt-RequestProtocol" href="#opt-RequestProtocol" title="#opt-RequestProtocol">`RequestProtocol`</a> | The version of HTTP requested. |
| <a id="opt-RequestScheme" href="#opt-RequestScheme" title="#opt-RequestScheme">`RequestScheme`</a> | The HTTP scheme requested `http` or `https`. |
| <a id="opt-RequestLine" href="#opt-RequestLine" title="#opt-RequestLine">`RequestLine`</a> | The `RequestMethod`, + `RequestPath` and `RequestProtocol`. |
| <a id="opt-RequestContentSize" href="#opt-RequestContentSize" title="#opt-RequestContentSize">`RequestContentSize`</a> | The number of bytes in the request entity (a.k.a. body) sent by the client. |
| <a id="opt-OriginDuration" href="#opt-OriginDuration" title="#opt-OriginDuration">`OriginDuration`</a> | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. |
| <a id="opt-OriginContentSize" href="#opt-OriginContentSize" title="#opt-OriginContentSize">`OriginContentSize`</a> | The content length specified by the origin server, or 0 if unspecified. |
| <a id="opt-OriginStatus" href="#opt-OriginStatus" title="#opt-OriginStatus">`OriginStatus`</a> | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). |
| <a id="opt-OriginStatusLine" href="#opt-OriginStatusLine" title="#opt-OriginStatusLine">`OriginStatusLine`</a> | `OriginStatus` + Status code explanation |
| <a id="opt-DownstreamStatus" href="#opt-DownstreamStatus" title="#opt-DownstreamStatus">`DownstreamStatus`</a> | The HTTP status code returned to the client. |
| <a id="opt-DownstreamStatusLine" href="#opt-DownstreamStatusLine" title="#opt-DownstreamStatusLine">`DownstreamStatusLine`</a> | The `DownstreamStatus` and status code explanation. |
| <a id="opt-DownstreamContentSize" href="#opt-DownstreamContentSize" title="#opt-DownstreamContentSize">`DownstreamContentSize`</a> | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
| <a id="opt-RequestCount" href="#opt-RequestCount" title="#opt-RequestCount">`RequestCount`</a> | The number of requests received since the Traefik instance started. |
| <a id="opt-GzipRatio" href="#opt-GzipRatio" title="#opt-GzipRatio">`GzipRatio`</a> | The response body compression ratio achieved. |
| <a id="opt-Overhead" href="#opt-Overhead" title="#opt-Overhead">`Overhead`</a> | The processing time overhead (in nanoseconds) caused by Traefik. |
| <a id="opt-RetryAttempts" href="#opt-RetryAttempts" title="#opt-RetryAttempts">`RetryAttempts`</a> | The amount of attempts the request was retried. |
| <a id="opt-TLSVersion" href="#opt-TLSVersion" title="#opt-TLSVersion">`TLSVersion`</a> | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS). |
| <a id="opt-TLSCipher" href="#opt-TLSCipher" title="#opt-TLSCipher">`TLSCipher`</a> | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS). |
| <a id="opt-TLSClientSubject" href="#opt-TLSClientSubject" title="#opt-TLSClientSubject">`TLSClientSubject`</a> | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`). |
### Log Rotation

404
docs/content/reference/install-configuration/observability/metrics.md
View File

@@ -62,29 +62,45 @@ metrics:
| Field | Description | Default | Required |
|:-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------|:---------|
| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| `metrics.otlp.serviceName` | Defines the service name resource attribute. | "traefik" | No |
| `metrics.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
| `metrics.otlp.addEntryPointsLabels` | Enable metrics on entry points. | true | No |
| `metrics.otlp.addRoutersLabels` | Enable metrics on routers. | false | No |
| `metrics.otlp.addServicesLabels` | Enable metrics on services. | true | No |
| `metrics.otlp.explicitBoundaries` | Explicit boundaries for Histogram data points. | ".005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10" | No |
| `metrics.otlp.pushInterval` | Interval at which metrics are sent to the OpenTelemetry Collector. | 10s | No |
| `metrics.otlp.http` | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `metrics.otlp.http.endpoint` | URL of the OpenTelemetry Collector to send metrics to.<br /> Format="`<scheme>://<host>:<port><path>`" | "http://localhost:4318/v1/metrics" | Yes |
| `metrics.otlp.http.headers` | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No |
| `metrics.otlp.http.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | "" | No |
| `metrics.otlp.http.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | "" | No |
| `metrics.otlp.http.tls.key` | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `metrics.otlp.http.tls.insecureskipverify` | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| `metrics.otlp.grpc` | This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC. | null/false | No |
| `metrics.otlp.grpc.endpoint` | Address of the OpenTelemetry Collector to send metrics to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes |
| `metrics.otlp.grpc.headers` | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No |
| `metrics.otlp.http.grpc.insecure` | Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
| `metrics.otlp.grpc.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | - | No |
| `metrics.otlp.grpc.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | - | No |
| `metrics.otlp.grpc.tls.key` | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `metrics.otlp.grpc.tls.insecureskipverify` | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| <a id="opt-metrics-addInternals" href="#opt-metrics-addInternals" title="#opt-metrics-addInternals">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| <a id="opt-metrics-otlp-serviceName" href="#opt-metrics-otlp-serviceName" title="#opt-metrics-otlp-serviceName">`metrics.otlp.serviceName`</a> | Defines the service name resource attribute. | "traefik" | No |
| <a id="opt-metrics-otlp-resourceAttributes" href="#opt-metrics-otlp-resourceAttributes" title="#opt-metrics-otlp-resourceAttributes">`metrics.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details. | [] | No |
| <a id="opt-metrics-otlp-addEntryPointsLabels" href="#opt-metrics-otlp-addEntryPointsLabels" title="#opt-metrics-otlp-addEntryPointsLabels">`metrics.otlp.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| <a id="opt-metrics-otlp-addRoutersLabels" href="#opt-metrics-otlp-addRoutersLabels" title="#opt-metrics-otlp-addRoutersLabels">`metrics.otlp.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| <a id="opt-metrics-otlp-addServicesLabels" href="#opt-metrics-otlp-addServicesLabels" title="#opt-metrics-otlp-addServicesLabels">`metrics.otlp.addServicesLabels`</a> | Enable metrics on services. | true | No |
| <a id="opt-metrics-otlp-explicitBoundaries" href="#opt-metrics-otlp-explicitBoundaries" title="#opt-metrics-otlp-explicitBoundaries">`metrics.otlp.explicitBoundaries`</a> | Explicit boundaries for Histogram data points. | ".005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10" | No |
| <a id="opt-metrics-otlp-pushInterval" href="#opt-metrics-otlp-pushInterval" title="#opt-metrics-otlp-pushInterval">`metrics.otlp.pushInterval`</a> | Interval at which metrics are sent to the OpenTelemetry Collector. | 10s | No |
| <a id="opt-metrics-otlp-http" href="#opt-metrics-otlp-http" title="#opt-metrics-otlp-http">`metrics.otlp.http`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| <a id="opt-metrics-otlp-http-endpoint" href="#opt-metrics-otlp-http-endpoint" title="#opt-metrics-otlp-http-endpoint">`metrics.otlp.http.endpoint`</a> | URL of the OpenTelemetry Collector to send metrics to.<br /> Format="`<scheme>://<host>:<port><path>`" | "https://localhost:4318/v1/metrics" | Yes |
| <a id="opt-metrics-otlp-http-headers" href="#opt-metrics-otlp-http-headers" title="#opt-metrics-otlp-http-headers">`metrics.otlp.http.headers`</a> | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No |
| <a id="opt-metrics-otlp-http-tls-ca" href="#opt-metrics-otlp-http-tls-ca" title="#opt-metrics-otlp-http-tls-ca">`metrics.otlp.http.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | "" | No |
| <a id="opt-metrics-otlp-http-tls-cert" href="#opt-metrics-otlp-http-tls-cert" title="#opt-metrics-otlp-http-tls-cert">`metrics.otlp.http.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | "" | No |
| <a id="opt-metrics-otlp-http-tls-key" href="#opt-metrics-otlp-http-tls-key" title="#opt-metrics-otlp-http-tls-key">`metrics.otlp.http.tls.key`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| <a id="opt-metrics-otlp-http-tls-insecureskipverify" href="#opt-metrics-otlp-http-tls-insecureskipverify" title="#opt-metrics-otlp-http-tls-insecureskipverify">`metrics.otlp.http.tls.insecureskipverify`</a> | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| <a id="opt-metrics-otlp-grpc" href="#opt-metrics-otlp-grpc" title="#opt-metrics-otlp-grpc">`metrics.otlp.grpc`</a> | This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC. | null/false | No |
| <a id="opt-metrics-otlp-grpc-endpoint" href="#opt-metrics-otlp-grpc-endpoint" title="#opt-metrics-otlp-grpc-endpoint">`metrics.otlp.grpc.endpoint`</a> | Address of the OpenTelemetry Collector to send metrics to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes |
| <a id="opt-metrics-otlp-grpc-headers" href="#opt-metrics-otlp-grpc-headers" title="#opt-metrics-otlp-grpc-headers">`metrics.otlp.grpc.headers`</a> | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No |
| <a id="opt-metrics-otlp-grpc-insecure" href="#opt-metrics-otlp-grpc-insecure" title="#opt-metrics-otlp-grpc-insecure">`metrics.otlp.grpc.insecure`</a> | Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
| <a id="opt-metrics-otlp-grpc-tls-ca" href="#opt-metrics-otlp-grpc-tls-ca" title="#opt-metrics-otlp-grpc-tls-ca">`metrics.otlp.grpc.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | - | No |
| <a id="opt-metrics-otlp-grpc-tls-cert" href="#opt-metrics-otlp-grpc-tls-cert" title="#opt-metrics-otlp-grpc-tls-cert">`metrics.otlp.grpc.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | - | No |
| <a id="opt-metrics-otlp-grpc-tls-key" href="#opt-metrics-otlp-grpc-tls-key" title="#opt-metrics-otlp-grpc-tls-key">`metrics.otlp.grpc.tls.key`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| <a id="opt-metrics-otlp-grpc-tls-insecureskipverify" href="#opt-metrics-otlp-grpc-tls-insecureskipverify" title="#opt-metrics-otlp-grpc-tls-insecureskipverify">`metrics.otlp.grpc.tls.insecureskipverify`</a> | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
### resourceAttributes
The `resourceAttributes` option allows setting the resource attributes sent along the traces.
Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
!!! info "Kubernetes Resource Attributes Detection"
Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
- `k8s.namespace.name`
- `k8s.pod.uid`
- `k8s.pod.name`
Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
In this case, you should provide the attributes with the option or the env variable.
## Vendors
@@ -112,13 +128,13 @@ metrics:
| Field | Description | Default | Required |
|:------|:-------------------------------|:---------------------|:---------|
| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| `datadog.address` | Defines the address for the exporter to send metrics to datadog-agent. More information [here](#address)| `127.0.0.1:8125` | Yes |
| `datadog.addEntryPointsLabels` | Enable metrics on entry points. | true | No |
| `datadog.addRoutersLabels` | Enable metrics on routers. | false | No |
| `datadog.addServicesLabels` | Enable metrics on services. | true | No |
| `datadog.pushInterval` | Defines the interval used by the exporter to push metrics to datadog-agent. | 10s | No |
| `datadog.prefix` | Defines the prefix to use for metrics collection. | "traefik" | No |
| <a id="opt-metrics-addInternals-2" href="#opt-metrics-addInternals-2" title="#opt-metrics-addInternals-2">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| <a id="opt-datadog-address" href="#opt-datadog-address" title="#opt-datadog-address">`datadog.address`</a> | Defines the address for the exporter to send metrics to datadog-agent. More information [here](#address)| `127.0.0.1:8125` | Yes |
| <a id="opt-datadog-addEntryPointsLabels" href="#opt-datadog-addEntryPointsLabels" title="#opt-datadog-addEntryPointsLabels">`datadog.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| <a id="opt-datadog-addRoutersLabels" href="#opt-datadog-addRoutersLabels" title="#opt-datadog-addRoutersLabels">`datadog.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| <a id="opt-datadog-addServicesLabels" href="#opt-datadog-addServicesLabels" title="#opt-datadog-addServicesLabels">`datadog.addServicesLabels`</a> | Enable metrics on services. | true | No |
| <a id="opt-datadog-pushInterval" href="#opt-datadog-pushInterval" title="#opt-datadog-pushInterval">`datadog.pushInterval`</a> | Defines the interval used by the exporter to push metrics to datadog-agent. | 10s | No |
| <a id="opt-datadog-prefix" href="#opt-datadog-prefix" title="#opt-datadog-prefix">`datadog.prefix`</a> | Defines the prefix to use for metrics collection. | "traefik" | No |
##### `address`
@@ -170,16 +186,16 @@ metrics:
| Field | Description | Default | Required |
|:-----------|-------------------------|:--------|:---------|
| `metrics.addInternal` | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| `metrics.influxDB2.addEntryPointsLabels` | Enable metrics on entry points. | true | No |
| `metrics.influxDB2.addRoutersLabels` | Enable metrics on routers. | false | No |
| `metrics.influxDB2.addServicesLabels` | Enable metrics on services.| true | No |
| `metrics.influxDB2.additionalLabels` | Additional labels (InfluxDB tags) on all metrics. | - | No |
| `metrics.influxDB2.pushInterval` | The interval used by the exporter to push metrics to InfluxDB server. | 10s | No |
| `metrics.influxDB2.address` | Address of the InfluxDB v2 instance. | "http://localhost:8086" | Yes |
| `metrics.influxDB2.token` | Token with which to connect to InfluxDB v2. | - | Yes |
| `metrics.influxDB2.org` | Organisation where metrics will be stored. | - | Yes |
| `metrics.influxDB2.bucket` | Bucket where metrics will be stored. | - | Yes |
| <a id="opt-metrics-addInternal" href="#opt-metrics-addInternal" title="#opt-metrics-addInternal">`metrics.addInternal`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| <a id="opt-metrics-influxDB2-addEntryPointsLabels" href="#opt-metrics-influxDB2-addEntryPointsLabels" title="#opt-metrics-influxDB2-addEntryPointsLabels">`metrics.influxDB2.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| <a id="opt-metrics-influxDB2-addRoutersLabels" href="#opt-metrics-influxDB2-addRoutersLabels" title="#opt-metrics-influxDB2-addRoutersLabels">`metrics.influxDB2.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| <a id="opt-metrics-influxDB2-addServicesLabels" href="#opt-metrics-influxDB2-addServicesLabels" title="#opt-metrics-influxDB2-addServicesLabels">`metrics.influxDB2.addServicesLabels`</a> | Enable metrics on services.| true | No |
| <a id="opt-metrics-influxDB2-additionalLabels" href="#opt-metrics-influxDB2-additionalLabels" title="#opt-metrics-influxDB2-additionalLabels">`metrics.influxDB2.additionalLabels`</a> | Additional labels (InfluxDB tags) on all metrics. | - | No |
| <a id="opt-metrics-influxDB2-pushInterval" href="#opt-metrics-influxDB2-pushInterval" title="#opt-metrics-influxDB2-pushInterval">`metrics.influxDB2.pushInterval`</a> | The interval used by the exporter to push metrics to InfluxDB server. | 10s | No |
| <a id="opt-metrics-influxDB2-address" href="#opt-metrics-influxDB2-address" title="#opt-metrics-influxDB2-address">`metrics.influxDB2.address`</a> | Address of the InfluxDB v2 instance. | "http://localhost:8086" | Yes |
| <a id="opt-metrics-influxDB2-token" href="#opt-metrics-influxDB2-token" title="#opt-metrics-influxDB2-token">`metrics.influxDB2.token`</a> | Token with which to connect to InfluxDB v2. | - | Yes |
| <a id="opt-metrics-influxDB2-org" href="#opt-metrics-influxDB2-org" title="#opt-metrics-influxDB2-org">`metrics.influxDB2.org`</a> | Organisation where metrics will be stored. | - | Yes |
| <a id="opt-metrics-influxDB2-bucket" href="#opt-metrics-influxDB2-bucket" title="#opt-metrics-influxDB2-bucket">`metrics.influxDB2.bucket`</a> | Bucket where metrics will be stored. | - | Yes |
### Prometheus
@@ -215,14 +231,14 @@ metrics:
| Field | Description | Default | Required |
|:-----------|---------------------|:--------|:---------|
| `metrics.prometheus.addInternals` | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| `metrics.prometheus.addEntryPointsLabels` | Enable metrics on entry points. | true | No |
| `metrics.prometheus.addRoutersLabels` | Enable metrics on routers. | false | No |
| `metrics.prometheus.addServicesLabels` | Enable metrics on services.| true | No |
| `metrics.prometheus.buckets` | Buckets for latency metrics. |"0.100000, 0.300000, 1.200000, 5.000000" | No |
| `metrics.prometheus.manualRouting` | Set to _true_, it disables the default internal router in order to allow creating a custom router for the `prometheus@internal` service. | false | No |
| `metrics.prometheus.entryPoint` | Traefik Entrypoint name used to expose metrics. | "traefik" | No |
| `metrics.prometheus.headerLabels` | Defines extra labels extracted from request headers for the `requests_total` metrics.<br />More information [here](#headerlabels). | | Yes |
| <a id="opt-metrics-addInternals-3" href="#opt-metrics-addInternals-3" title="#opt-metrics-addInternals-3">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| <a id="opt-metrics-prometheus-addEntryPointsLabels" href="#opt-metrics-prometheus-addEntryPointsLabels" title="#opt-metrics-prometheus-addEntryPointsLabels">`metrics.prometheus.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| <a id="opt-metrics-prometheus-addRoutersLabels" href="#opt-metrics-prometheus-addRoutersLabels" title="#opt-metrics-prometheus-addRoutersLabels">`metrics.prometheus.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| <a id="opt-metrics-prometheus-addServicesLabels" href="#opt-metrics-prometheus-addServicesLabels" title="#opt-metrics-prometheus-addServicesLabels">`metrics.prometheus.addServicesLabels`</a> | Enable metrics on services.| true | No |
| <a id="opt-metrics-prometheus-buckets" href="#opt-metrics-prometheus-buckets" title="#opt-metrics-prometheus-buckets">`metrics.prometheus.buckets`</a> | Buckets for latency metrics. |"0.100000, 0.300000, 1.200000, 5.000000" | No |
| <a id="opt-metrics-prometheus-manualRouting" href="#opt-metrics-prometheus-manualRouting" title="#opt-metrics-prometheus-manualRouting">`metrics.prometheus.manualRouting`</a> | Set to _true_, it disables the default internal router in order to allow creating a custom router for the `prometheus@internal` service. | false | No |
| <a id="opt-metrics-prometheus-entryPoint" href="#opt-metrics-prometheus-entryPoint" title="#opt-metrics-prometheus-entryPoint">`metrics.prometheus.entryPoint`</a> | Traefik Entrypoint name used to expose metrics. | "traefik" | No |
| <a id="opt-metrics-prometheus-headerLabels" href="#opt-metrics-prometheus-headerLabels" title="#opt-metrics-prometheus-headerLabels">`metrics.prometheus.headerLabels`</a> | Defines extra labels extracted from request headers for the `requests_total` metrics.<br />More information [here](#headerlabels). | | Yes |
##### headerLabels
@@ -288,13 +304,13 @@ metrics:
| Field | Description | Default | Required |
|:-----------|:-------------------------|:--------|:---------|
| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| `metrics.statsD.addEntryPointsLabels` | Enable metrics on entry points. | true | No |
| `metrics.statsD.addRoutersLabels` | Enable metrics on routers. | false | No |
| `metrics.statsD.addServicesLabels` | Enable metrics on services.| true | No |
| `metrics.statsD.pushInterval` | The interval used by the exporter to push metrics to DataDog server. | 10s | No |
| `metrics.statsD.address` | Address instructs exporter to send metrics to statsd at this address. | "127.0.0.1:8125" | Yes |
| `metrics.statsD.prefix` | The prefix to use for metrics collection. | "traefik" | No |
| <a id="opt-metrics-addInternals-4" href="#opt-metrics-addInternals-4" title="#opt-metrics-addInternals-4">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| <a id="opt-metrics-statsD-addEntryPointsLabels" href="#opt-metrics-statsD-addEntryPointsLabels" title="#opt-metrics-statsD-addEntryPointsLabels">`metrics.statsD.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| <a id="opt-metrics-statsD-addRoutersLabels" href="#opt-metrics-statsD-addRoutersLabels" title="#opt-metrics-statsD-addRoutersLabels">`metrics.statsD.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| <a id="opt-metrics-statsD-addServicesLabels" href="#opt-metrics-statsD-addServicesLabels" title="#opt-metrics-statsD-addServicesLabels">`metrics.statsD.addServicesLabels`</a> | Enable metrics on services.| true | No |
| <a id="opt-metrics-statsD-pushInterval" href="#opt-metrics-statsD-pushInterval" title="#opt-metrics-statsD-pushInterval">`metrics.statsD.pushInterval`</a> | The interval used by the exporter to push metrics to DataDog server. | 10s | No |
| <a id="opt-metrics-statsD-address" href="#opt-metrics-statsD-address" title="#opt-metrics-statsD-address">`metrics.statsD.address`</a> | Address instructs exporter to send metrics to statsd at this address. | "127.0.0.1:8125" | Yes |
| <a id="opt-metrics-statsD-prefix" href="#opt-metrics-statsD-prefix" title="#opt-metrics-statsD-prefix">`metrics.statsD.prefix`</a> | The prefix to use for metrics collection. | "traefik" | No |
## Metrics Provided
@@ -303,42 +319,42 @@ metrics:
=== "OpenTelemetry"
| Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `traefik_config_reloads_total` | Count | | The total count of configuration reloads. |
| `traefik_config_last_reload_success` | Gauge | | The timestamp of the last configuration reload success. |
| `traefik_open_connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `traefik_tls_certs_not_after` | Gauge | | The expiration date of certificates. |
| <a id="opt-traefik-config-reloads-total" href="#opt-traefik-config-reloads-total" title="#opt-traefik-config-reloads-total">`traefik_config_reloads_total`</a> | Count | | The total count of configuration reloads. |
| <a id="opt-traefik-config-last-reload-success" href="#opt-traefik-config-last-reload-success" title="#opt-traefik-config-last-reload-success">`traefik_config_last_reload_success`</a> | Gauge | | The timestamp of the last configuration reload success. |
| <a id="opt-traefik-open-connections" href="#opt-traefik-open-connections" title="#opt-traefik-open-connections">`traefik_open_connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| <a id="opt-traefik-tls-certs-not-after" href="#opt-traefik-tls-certs-not-after" title="#opt-traefik-tls-certs-not-after">`traefik_tls_certs_not_after`</a> | Gauge | | The expiration date of certificates. |
=== "Prometheus"
| Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `traefik_config_reloads_total` | Count | | The total count of configuration reloads. |
| `traefik_config_last_reload_success` | Gauge | | The timestamp of the last configuration reload success. |
| `traefik_open_connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `traefik_tls_certs_not_after` | Gauge | | The expiration date of certificates. |
| <a id="opt-traefik-config-reloads-total-2" href="#opt-traefik-config-reloads-total-2" title="#opt-traefik-config-reloads-total-2">`traefik_config_reloads_total`</a> | Count | | The total count of configuration reloads. |
| <a id="opt-traefik-config-last-reload-success-2" href="#opt-traefik-config-last-reload-success-2" title="#opt-traefik-config-last-reload-success-2">`traefik_config_last_reload_success`</a> | Gauge | | The timestamp of the last configuration reload success. |
| <a id="opt-traefik-open-connections-2" href="#opt-traefik-open-connections-2" title="#opt-traefik-open-connections-2">`traefik_open_connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| <a id="opt-traefik-tls-certs-not-after-2" href="#opt-traefik-tls-certs-not-after-2" title="#opt-traefik-tls-certs-not-after-2">`traefik_tls_certs_not_after`</a> | Gauge | | The expiration date of certificates. |
=== "Datadog"
| Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `config.reload.total` | Count | | The total count of configuration reloads. |
| `config.reload.lastSuccessTimestamp` | Gauge | | The timestamp of the last configuration reload success. |
| `open.connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `tls.certs.notAfterTimestamp` | Gauge | | The expiration date of certificates. |
| <a id="opt-config-reload-total" href="#opt-config-reload-total" title="#opt-config-reload-total">`config.reload.total`</a> | Count | | The total count of configuration reloads. |
| <a id="opt-config-reload-lastSuccessTimestamp" href="#opt-config-reload-lastSuccessTimestamp" title="#opt-config-reload-lastSuccessTimestamp">`config.reload.lastSuccessTimestamp`</a> | Gauge | | The timestamp of the last configuration reload success. |
| <a id="opt-open-connections" href="#opt-open-connections" title="#opt-open-connections">`open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| <a id="opt-tls-certs-notAfterTimestamp" href="#opt-tls-certs-notAfterTimestamp" title="#opt-tls-certs-notAfterTimestamp">`tls.certs.notAfterTimestamp`</a> | Gauge | | The expiration date of certificates. |
=== "InfluxDB2"
| Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `traefik.config.reload.total` | Count | | The total count of configuration reloads. |
| `traefik.config.reload.lastSuccessTimestamp` | Gauge | | The timestamp of the last configuration reload success. |
| `traefik.open.connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `traefik.tls.certs.notAfterTimestamp` | Gauge | | The expiration date of certificates. |
| <a id="opt-traefik-config-reload-total" href="#opt-traefik-config-reload-total" title="#opt-traefik-config-reload-total">`traefik.config.reload.total`</a> | Count | | The total count of configuration reloads. |
| <a id="opt-traefik-config-reload-lastSuccessTimestamp" href="#opt-traefik-config-reload-lastSuccessTimestamp" title="#opt-traefik-config-reload-lastSuccessTimestamp">`traefik.config.reload.lastSuccessTimestamp`</a> | Gauge | | The timestamp of the last configuration reload success. |
| <a id="opt-traefik-open-connections-3" href="#opt-traefik-open-connections-3" title="#opt-traefik-open-connections-3">`traefik.open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| <a id="opt-traefik-tls-certs-notAfterTimestamp" href="#opt-traefik-tls-certs-notAfterTimestamp" title="#opt-traefik-tls-certs-notAfterTimestamp">`traefik.tls.certs.notAfterTimestamp`</a> | Gauge | | The expiration date of certificates. |
=== "StatsD"
| Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `{prefix}.config.reload.total` | Count | | The total count of configuration reloads. |
| `{prefix}.config.reload.lastSuccessTimestamp` | Gauge | | The timestamp of the last configuration reload success. |
| `{prefix}.open.connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `{prefix}.tls.certs.notAfterTimestamp` | Gauge | | The expiration date of certificates. |
| <a id="opt-prefix-config-reload-total" href="#opt-prefix-config-reload-total" title="#opt-prefix-config-reload-total">`{prefix}.config.reload.total`</a> | Count | | The total count of configuration reloads. |
| <a id="opt-prefix-config-reload-lastSuccessTimestamp" href="#opt-prefix-config-reload-lastSuccessTimestamp" title="#opt-prefix-config-reload-lastSuccessTimestamp">`{prefix}.config.reload.lastSuccessTimestamp`</a> | Gauge | | The timestamp of the last configuration reload success. |
| <a id="opt-prefix-open-connections" href="#opt-prefix-open-connections" title="#opt-prefix-open-connections">`{prefix}.open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| <a id="opt-prefix-tls-certs-notAfterTimestamp" href="#opt-prefix-tls-certs-notAfterTimestamp" title="#opt-prefix-tls-certs-notAfterTimestamp">`{prefix}.tls.certs.notAfterTimestamp`</a> | Gauge | | The expiration date of certificates. |
!!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`.
@@ -349,8 +365,8 @@ Here is a comprehensive list of labels that are provided by the global metrics:
| Label | Description | example |
|--------------|----------------------------------------|----------------------|
| `entrypoint` | Entrypoint that handled the connection | "example_entrypoint" |
| `protocol` | Connection protocol | "TCP" |
| <a id="opt-entrypoint" href="#opt-entrypoint" title="#opt-entrypoint">`entrypoint`</a> | Entrypoint that handled the connection | "example_entrypoint" |
| <a id="opt-protocol" href="#opt-protocol" title="#opt-protocol">`protocol`</a> | Connection protocol | "TCP" |
### OpenTelemetry Semantic Conventions
@@ -360,7 +376,7 @@ Traefik Proxy follows [official OpenTelemetry semantic conventions v1.23.1](http
| Metric | Type | [Labels](#labels) | Description |
|----------|-----------|-------------------------|------------------|
| `http.server.request.duration` | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP server requests |
| <a id="opt-http-server-request-duration" href="#opt-http-server-request-duration" title="#opt-http-server-request-duration">`http.server.request.duration`</a> | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP server requests |
##### Labels
@@ -368,35 +384,35 @@ Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example |
|-----------------------------|--------|---------------|
| `error.type` | Describes a class of error the operation ended with | "500" |
| `http.request.method` | HTTP request method | "GET" |
| `http.response.status_code` | HTTP response status code | "200" |
| `network.protocol.name` | OSI application layer or non-OSI equivalent | "http/1.1" |
| `network.protocol.version` | Version of the protocol specified in `network.protocol.name` | "1.1" |
| `server.address` | Name of the local HTTP server that received the request | "example.com" |
| `server.port` | Port of the local HTTP server that received the request | "80" |
| `url.scheme` | The URI scheme component identifying the used protocol | "http" |
| <a id="opt-error-type" href="#opt-error-type" title="#opt-error-type">`error.type`</a> | Describes a class of error the operation ended with | "500" |
| <a id="opt-http-request-method" href="#opt-http-request-method" title="#opt-http-request-method">`http.request.method`</a> | HTTP request method | "GET" |
| <a id="opt-http-response-status-code" href="#opt-http-response-status-code" title="#opt-http-response-status-code">`http.response.status_code`</a> | HTTP response status code | "200" |
| <a id="opt-network-protocol-name" href="#opt-network-protocol-name" title="#opt-network-protocol-name">`network.protocol.name`</a> | OSI application layer or non-OSI equivalent | "http/1.1" |
| <a id="opt-network-protocol-version" href="#opt-network-protocol-version" title="#opt-network-protocol-version">`network.protocol.version`</a> | Version of the protocol specified in `network.protocol.name` | "1.1" |
| <a id="opt-server-address" href="#opt-server-address" title="#opt-server-address">`server.address`</a> | Name of the local HTTP server that received the request | "example.com" |
| <a id="opt-server-port" href="#opt-server-port" title="#opt-server-port">`server.port`</a> | Port of the local HTTP server that received the request | "80" |
| <a id="opt-url-scheme" href="#opt-url-scheme" title="#opt-url-scheme">`url.scheme`</a> | The URI scheme component identifying the used protocol | "http" |
#### HTTP Client
| Metric | Type | [Labels](#labels) | Description |
|-------------------------------|-----------|-----------------|--------|
| `http.client.request.duration` | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP client requests |
| <a id="opt-http-client-request-duration" href="#opt-http-client-request-duration" title="#opt-http-client-request-duration">`http.client.request.duration`</a> | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP client requests |
##### Labels
Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example |
|------ -----|------------|---------------|
| `error.type` | Describes a class of error the operation ended with | "500" |
| `http.request.method` | HTTP request method | "GET" |
| `http.response.status_code` | HTTP response status code | "200" |
| `network.protocol.name` | OSI application layer or non-OSI equivalent | "http/1.1" |
| `network.protocol.version` | Version of the protocol specified in `network.protocol.name` | "1.1" |
| `server.address` | Name of the local HTTP server that received the request | "example.com" |
| `server.port` | Port of the local HTTP server that received the request | "80" |
| `url.scheme` | The URI scheme component identifying the used protocol | "http" |
| Label | Description | example |
|----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|---------------|
| <a id="opt-error-type-2" href="#opt-error-type-2" title="#opt-error-type-2">`error.type`</a> | Describes a class of error the operation ended with | "500" |
| <a id="opt-http-request-method-2" href="#opt-http-request-method-2" title="#opt-http-request-method-2">`http.request.method`</a> | HTTP request method | "GET" |
| <a id="opt-http-response-status-code-2" href="#opt-http-response-status-code-2" title="#opt-http-response-status-code-2">`http.response.status_code`</a> | HTTP response status code | "200" |
| <a id="opt-network-protocol-name-2" href="#opt-network-protocol-name-2" title="#opt-network-protocol-name-2">`network.protocol.name`</a> | OSI application layer or non-OSI equivalent | "http/1.1" |
| <a id="opt-network-protocol-version-2" href="#opt-network-protocol-version-2" title="#opt-network-protocol-version-2">`network.protocol.version`</a> | Version of the protocol specified in `network.protocol.name` | "1.1" |
| <a id="opt-server-address-2" href="#opt-server-address-2" title="#opt-server-address-2">`server.address`</a> | Name of the local HTTP server that received the request | "example.com" |
| <a id="opt-server-port-2" href="#opt-server-port-2" title="#opt-server-port-2">`server.port`</a> | Port of the local HTTP server that received the request | "80" |
| <a id="opt-url-scheme-2" href="#opt-url-scheme-2" title="#opt-url-scheme-2">`url.scheme`</a> | The URI scheme component identifying the used protocol | "http" |
### HTTP Metrics
@@ -408,51 +424,51 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its
| Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|--------------------|--------------------------|
| `traefik_entrypoint_requests_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `traefik_entrypoint_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `traefik_entrypoint_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `traefik_entrypoint_requests_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `traefik_entrypoint_responses_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-total" href="#opt-traefik-entrypoint-requests-total" title="#opt-traefik-entrypoint-requests-total">`traefik_entrypoint_requests_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-tls-total" href="#opt-traefik-entrypoint-requests-tls-total" title="#opt-traefik-entrypoint-requests-tls-total">`traefik_entrypoint_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| <a id="opt-traefik-entrypoint-request-duration-seconds" href="#opt-traefik-entrypoint-request-duration-seconds" title="#opt-traefik-entrypoint-request-duration-seconds">`traefik_entrypoint_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-bytes-total" href="#opt-traefik-entrypoint-requests-bytes-total" title="#opt-traefik-entrypoint-requests-bytes-total">`traefik_entrypoint_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| <a id="opt-traefik-entrypoint-responses-bytes-total" href="#opt-traefik-entrypoint-responses-bytes-total" title="#opt-traefik-entrypoint-responses-bytes-total">`traefik_entrypoint_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "Prometheus"
| Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|------------------------|-------------------------|
| `traefik_entrypoint_requests_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `traefik_entrypoint_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `traefik_entrypoint_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `traefik_entrypoint_requests_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `traefik_entrypoint_responses_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-total-2" href="#opt-traefik-entrypoint-requests-total-2" title="#opt-traefik-entrypoint-requests-total-2">`traefik_entrypoint_requests_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-tls-total-2" href="#opt-traefik-entrypoint-requests-tls-total-2" title="#opt-traefik-entrypoint-requests-tls-total-2">`traefik_entrypoint_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| <a id="opt-traefik-entrypoint-request-duration-seconds-2" href="#opt-traefik-entrypoint-request-duration-seconds-2" title="#opt-traefik-entrypoint-request-duration-seconds-2">`traefik_entrypoint_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-bytes-total-2" href="#opt-traefik-entrypoint-requests-bytes-total-2" title="#opt-traefik-entrypoint-requests-bytes-total-2">`traefik_entrypoint_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| <a id="opt-traefik-entrypoint-responses-bytes-total-2" href="#opt-traefik-entrypoint-responses-bytes-total-2" title="#opt-traefik-entrypoint-responses-bytes-total-2">`traefik_entrypoint_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "Datadog"
| Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|------------------|---------------------------|
| `entrypoint.requests.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `entrypoint.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `entrypoint.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `entrypoint.requests.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `entrypoint.responses.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
| <a id="opt-entrypoint-requests-total" href="#opt-entrypoint-requests-total" title="#opt-entrypoint-requests-total">`entrypoint.requests.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| <a id="opt-entrypoint-requests-tls-total" href="#opt-entrypoint-requests-tls-total" title="#opt-entrypoint-requests-tls-total">`entrypoint.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| <a id="opt-entrypoint-request-duration-seconds" href="#opt-entrypoint-request-duration-seconds" title="#opt-entrypoint-request-duration-seconds">`entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| <a id="opt-entrypoint-requests-bytes-total" href="#opt-entrypoint-requests-bytes-total" title="#opt-entrypoint-requests-bytes-total">`entrypoint.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| <a id="opt-entrypoint-responses-bytes-total" href="#opt-entrypoint-responses-bytes-total" title="#opt-entrypoint-responses-bytes-total">`entrypoint.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "InfluxDB2"
| Metric | Type | [Labels](#labels) | Description |
|------------|-----------|-------------------|-----------------|
| `traefik.entrypoint.requests.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `traefik.entrypoint.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `traefik.entrypoint.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `traefik.entrypoint.requests.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `traefik.entrypoint.responses.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-total-3" href="#opt-traefik-entrypoint-requests-total-3" title="#opt-traefik-entrypoint-requests-total-3">`traefik.entrypoint.requests.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-tls-total-3" href="#opt-traefik-entrypoint-requests-tls-total-3" title="#opt-traefik-entrypoint-requests-tls-total-3">`traefik.entrypoint.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| <a id="opt-traefik-entrypoint-request-duration-seconds-3" href="#opt-traefik-entrypoint-request-duration-seconds-3" title="#opt-traefik-entrypoint-request-duration-seconds-3">`traefik.entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| <a id="opt-traefik-entrypoint-requests-bytes-total-3" href="#opt-traefik-entrypoint-requests-bytes-total-3" title="#opt-traefik-entrypoint-requests-bytes-total-3">`traefik.entrypoint.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| <a id="opt-traefik-entrypoint-responses-bytes-total-3" href="#opt-traefik-entrypoint-responses-bytes-total-3" title="#opt-traefik-entrypoint-responses-bytes-total-3">`traefik.entrypoint.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "StatsD"
| Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `{prefix}.entrypoint.requests.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `{prefix}.entrypoint.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `{prefix}.entrypoint.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `{prefix}.entrypoint.requests.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `{prefix}.entrypoint.responses.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
| <a id="opt-prefix-entrypoint-requests-total" href="#opt-prefix-entrypoint-requests-total" title="#opt-prefix-entrypoint-requests-total">`{prefix}.entrypoint.requests.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| <a id="opt-prefix-entrypoint-requests-tls-total" href="#opt-prefix-entrypoint-requests-tls-total" title="#opt-prefix-entrypoint-requests-tls-total">`{prefix}.entrypoint.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| <a id="opt-prefix-entrypoint-request-duration-seconds" href="#opt-prefix-entrypoint-request-duration-seconds" title="#opt-prefix-entrypoint-request-duration-seconds">`{prefix}.entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| <a id="opt-prefix-entrypoint-requests-bytes-total" href="#opt-prefix-entrypoint-requests-bytes-total" title="#opt-prefix-entrypoint-requests-bytes-total">`{prefix}.entrypoint.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| <a id="opt-prefix-entrypoint-responses-bytes-total" href="#opt-prefix-entrypoint-responses-bytes-total" title="#opt-prefix-entrypoint-responses-bytes-total">`{prefix}.entrypoint.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
!!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`.
@@ -463,51 +479,51 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its
| Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|----------------------|--------------------------------|
| `traefik_router_requests_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `traefik_router_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `traefik_router_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `traefik_router_requests_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `traefik_router_responses_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
| <a id="opt-traefik-router-requests-total" href="#opt-traefik-router-requests-total" title="#opt-traefik-router-requests-total">`traefik_router_requests_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| <a id="opt-traefik-router-requests-tls-total" href="#opt-traefik-router-requests-tls-total" title="#opt-traefik-router-requests-tls-total">`traefik_router_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| <a id="opt-traefik-router-request-duration-seconds" href="#opt-traefik-router-request-duration-seconds" title="#opt-traefik-router-request-duration-seconds">`traefik_router_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| <a id="opt-traefik-router-requests-bytes-total" href="#opt-traefik-router-requests-bytes-total" title="#opt-traefik-router-requests-bytes-total">`traefik_router_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| <a id="opt-traefik-router-responses-bytes-total" href="#opt-traefik-router-responses-bytes-total" title="#opt-traefik-router-responses-bytes-total">`traefik_router_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "Prometheus"
| Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
| `traefik_router_requests_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `traefik_router_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `traefik_router_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `traefik_router_requests_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `traefik_router_responses_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
| <a id="opt-traefik-router-requests-total-2" href="#opt-traefik-router-requests-total-2" title="#opt-traefik-router-requests-total-2">`traefik_router_requests_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| <a id="opt-traefik-router-requests-tls-total-2" href="#opt-traefik-router-requests-tls-total-2" title="#opt-traefik-router-requests-tls-total-2">`traefik_router_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| <a id="opt-traefik-router-request-duration-seconds-2" href="#opt-traefik-router-request-duration-seconds-2" title="#opt-traefik-router-request-duration-seconds-2">`traefik_router_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| <a id="opt-traefik-router-requests-bytes-total-2" href="#opt-traefik-router-requests-bytes-total-2" title="#opt-traefik-router-requests-bytes-total-2">`traefik_router_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| <a id="opt-traefik-router-responses-bytes-total-2" href="#opt-traefik-router-responses-bytes-total-2" title="#opt-traefik-router-responses-bytes-total-2">`traefik_router_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "Datadog"
| Metric | Type | [Labels](#labels) | Description |
|-------------|-----------|---------------|---------------------|
| `router.requests.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `router.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `router.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `router.requests.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `router.responses.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
| <a id="opt-router-requests-total" href="#opt-router-requests-total" title="#opt-router-requests-total">`router.requests.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| <a id="opt-router-requests-tls-total" href="#opt-router-requests-tls-total" title="#opt-router-requests-tls-total">`router.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| <a id="opt-router-request-duration-seconds" href="#opt-router-request-duration-seconds" title="#opt-router-request-duration-seconds">`router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| <a id="opt-router-requests-bytes-total" href="#opt-router-requests-bytes-total" title="#opt-router-requests-bytes-total">`router.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| <a id="opt-router-responses-bytes-total" href="#opt-router-responses-bytes-total" title="#opt-router-responses-bytes-total">`router.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "InfluxDB2"
| Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
| `traefik.router.requests.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `traefik.router.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `traefik.router.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `traefik.router.requests.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `traefik.router.responses.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
| <a id="opt-traefik-router-requests-total-3" href="#opt-traefik-router-requests-total-3" title="#opt-traefik-router-requests-total-3">`traefik.router.requests.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| <a id="opt-traefik-router-requests-tls-total-3" href="#opt-traefik-router-requests-tls-total-3" title="#opt-traefik-router-requests-tls-total-3">`traefik.router.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| <a id="opt-traefik-router-request-duration-seconds-3" href="#opt-traefik-router-request-duration-seconds-3" title="#opt-traefik-router-request-duration-seconds-3">`traefik.router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| <a id="opt-traefik-router-requests-bytes-total-3" href="#opt-traefik-router-requests-bytes-total-3" title="#opt-traefik-router-requests-bytes-total-3">`traefik.router.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| <a id="opt-traefik-router-responses-bytes-total-3" href="#opt-traefik-router-responses-bytes-total-3" title="#opt-traefik-router-responses-bytes-total-3">`traefik.router.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "StatsD"
| Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|---------------|-------------|
| `{prefix}.router.requests.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `{prefix}.router.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `{prefix}.router.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `{prefix}.router.requests.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `{prefix}.router.responses.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
| <a id="opt-prefix-router-requests-total" href="#opt-prefix-router-requests-total" title="#opt-prefix-router-requests-total">`{prefix}.router.requests.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| <a id="opt-prefix-router-requests-tls-total" href="#opt-prefix-router-requests-tls-total" title="#opt-prefix-router-requests-tls-total">`{prefix}.router.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| <a id="opt-prefix-router-request-duration-seconds" href="#opt-prefix-router-request-duration-seconds" title="#opt-prefix-router-request-duration-seconds">`{prefix}.router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| <a id="opt-prefix-router-requests-bytes-total" href="#opt-prefix-router-requests-bytes-total" title="#opt-prefix-router-requests-bytes-total">`{prefix}.router.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| <a id="opt-prefix-router-responses-bytes-total" href="#opt-prefix-router-responses-bytes-total" title="#opt-prefix-router-responses-bytes-total">`{prefix}.router.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
!!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`.
@@ -518,61 +534,61 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its
| Metric | Type | Labels | Description |
|-----------------------|-----------|------------|------------|
| `traefik_service_requests_total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `traefik_service_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `traefik_service_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `traefik_service_retries_total` | Count | `service` | The count of requests retries on a service. |
| `traefik_service_server_up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `traefik_service_requests_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `traefik_service_responses_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
| <a id="opt-traefik-service-requests-total" href="#opt-traefik-service-requests-total" title="#opt-traefik-service-requests-total">`traefik_service_requests_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| <a id="opt-traefik-service-requests-tls-total" href="#opt-traefik-service-requests-tls-total" title="#opt-traefik-service-requests-tls-total">`traefik_service_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| <a id="opt-traefik-service-request-duration-seconds" href="#opt-traefik-service-request-duration-seconds" title="#opt-traefik-service-request-duration-seconds">`traefik_service_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| <a id="opt-traefik-service-retries-total" href="#opt-traefik-service-retries-total" title="#opt-traefik-service-retries-total">`traefik_service_retries_total`</a> | Count | `service` | The count of requests retries on a service. |
| <a id="opt-traefik-service-server-up" href="#opt-traefik-service-server-up" title="#opt-traefik-service-server-up">`traefik_service_server_up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
| <a id="opt-traefik-service-requests-bytes-total" href="#opt-traefik-service-requests-bytes-total" title="#opt-traefik-service-requests-bytes-total">`traefik_service_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| <a id="opt-traefik-service-responses-bytes-total" href="#opt-traefik-service-responses-bytes-total" title="#opt-traefik-service-responses-bytes-total">`traefik_service_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "Prometheus"
| Metric | Type | Labels | Description |
|-----------------------|-----------|-------|------------|
| `traefik_service_requests_total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `traefik_service_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `traefik_service_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `traefik_service_retries_total` | Count | `service` | The count of requests retries on a service. |
| `traefik_service_server_up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `traefik_service_requests_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `traefik_service_responses_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
| <a id="opt-traefik-service-requests-total-2" href="#opt-traefik-service-requests-total-2" title="#opt-traefik-service-requests-total-2">`traefik_service_requests_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| <a id="opt-traefik-service-requests-tls-total-2" href="#opt-traefik-service-requests-tls-total-2" title="#opt-traefik-service-requests-tls-total-2">`traefik_service_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| <a id="opt-traefik-service-request-duration-seconds-2" href="#opt-traefik-service-request-duration-seconds-2" title="#opt-traefik-service-request-duration-seconds-2">`traefik_service_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| <a id="opt-traefik-service-retries-total-2" href="#opt-traefik-service-retries-total-2" title="#opt-traefik-service-retries-total-2">`traefik_service_retries_total`</a> | Count | `service` | The count of requests retries on a service. |
| <a id="opt-traefik-service-server-up-2" href="#opt-traefik-service-server-up-2" title="#opt-traefik-service-server-up-2">`traefik_service_server_up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
| <a id="opt-traefik-service-requests-bytes-total-2" href="#opt-traefik-service-requests-bytes-total-2" title="#opt-traefik-service-requests-bytes-total-2">`traefik_service_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| <a id="opt-traefik-service-responses-bytes-total-2" href="#opt-traefik-service-responses-bytes-total-2" title="#opt-traefik-service-responses-bytes-total-2">`traefik_service_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "Datadog"
| Metric | Type | Labels | Description |
|-----------------------|-----------|--------|------------------|
| `service.requests.total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `router.service.tls.total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `service.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `service.retries.total` | Count | `service` | The count of requests retries on a service. |
| `service.server.up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `service.requests.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `service.responses.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
| <a id="opt-service-requests-total" href="#opt-service-requests-total" title="#opt-service-requests-total">`service.requests.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| <a id="opt-router-service-tls-total" href="#opt-router-service-tls-total" title="#opt-router-service-tls-total">`router.service.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| <a id="opt-service-request-duration-seconds" href="#opt-service-request-duration-seconds" title="#opt-service-request-duration-seconds">`service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| <a id="opt-service-retries-total" href="#opt-service-retries-total" title="#opt-service-retries-total">`service.retries.total`</a> | Count | `service` | The count of requests retries on a service. |
| <a id="opt-service-server-up" href="#opt-service-server-up" title="#opt-service-server-up">`service.server.up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
| <a id="opt-service-requests-bytes-total" href="#opt-service-requests-bytes-total" title="#opt-service-requests-bytes-total">`service.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| <a id="opt-service-responses-bytes-total" href="#opt-service-responses-bytes-total" title="#opt-service-responses-bytes-total">`service.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "InfluxDB2"
| Metric | Type | Labels | Description |
|-----------------------|-----------|-----------------------------------------|-------------------------------------------------------------|
| `traefik.service.requests.total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `traefik.service.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `traefik.service.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `traefik.service.retries.total` | Count | `service` | The count of requests retries on a service. |
| `traefik.service.server.up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `traefik.service.requests.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `traefik.service.responses.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
| <a id="opt-traefik-service-requests-total-3" href="#opt-traefik-service-requests-total-3" title="#opt-traefik-service-requests-total-3">`traefik.service.requests.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| <a id="opt-traefik-service-requests-tls-total-3" href="#opt-traefik-service-requests-tls-total-3" title="#opt-traefik-service-requests-tls-total-3">`traefik.service.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| <a id="opt-traefik-service-request-duration-seconds-3" href="#opt-traefik-service-request-duration-seconds-3" title="#opt-traefik-service-request-duration-seconds-3">`traefik.service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| <a id="opt-traefik-service-retries-total-3" href="#opt-traefik-service-retries-total-3" title="#opt-traefik-service-retries-total-3">`traefik.service.retries.total`</a> | Count | `service` | The count of requests retries on a service. |
| <a id="opt-traefik-service-server-up-3" href="#opt-traefik-service-server-up-3" title="#opt-traefik-service-server-up-3">`traefik.service.server.up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
| <a id="opt-traefik-service-requests-bytes-total-3" href="#opt-traefik-service-requests-bytes-total-3" title="#opt-traefik-service-requests-bytes-total-3">`traefik.service.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| <a id="opt-traefik-service-responses-bytes-total-3" href="#opt-traefik-service-responses-bytes-total-3" title="#opt-traefik-service-responses-bytes-total-3">`traefik.service.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "StatsD"
| Metric | Type | Labels | Description |
|-----------------------|-----------|-----|---------|
| `{prefix}.service.requests.total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `{prefix}.service.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `{prefix}.service.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `{prefix}.service.retries.total` | Count | `service` | The count of requests retries on a service. |
| `{prefix}.service.server.up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `{prefix}.service.requests.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `{prefix}.service.responses.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
| <a id="opt-prefix-service-requests-total" href="#opt-prefix-service-requests-total" title="#opt-prefix-service-requests-total">`{prefix}.service.requests.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| <a id="opt-prefix-service-requests-tls-total" href="#opt-prefix-service-requests-tls-total" title="#opt-prefix-service-requests-tls-total">`{prefix}.service.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| <a id="opt-prefix-service-request-duration-seconds" href="#opt-prefix-service-request-duration-seconds" title="#opt-prefix-service-request-duration-seconds">`{prefix}.service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| <a id="opt-prefix-service-retries-total" href="#opt-prefix-service-retries-total" title="#opt-prefix-service-retries-total">`{prefix}.service.retries.total`</a> | Count | `service` | The count of requests retries on a service. |
| <a id="opt-prefix-service-server-up" href="#opt-prefix-service-server-up" title="#opt-prefix-service-server-up">`{prefix}.service.server.up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
| <a id="opt-prefix-service-requests-bytes-total" href="#opt-prefix-service-requests-bytes-total" title="#opt-prefix-service-requests-bytes-total">`{prefix}.service.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| <a id="opt-prefix-service-responses-bytes-total" href="#opt-prefix-service-responses-bytes-total" title="#opt-prefix-service-responses-bytes-total">`{prefix}.service.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
!!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`.
@@ -583,18 +599,18 @@ Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example |
|---------------|-------------------|----------------------------|
| `cn` | Certificate Common Name | "example.com" |
| `code` | Request code | "200" |
| `entrypoint` | Entrypoint that handled the request | "example_entrypoint" |
| `method` | Request Method | "GET" |
| `protocol` | Request protocol | "http" |
| `router` | Router that handled the request | "example_router" |
| `sans` | Certificate Subject Alternative NameS | "example.com" |
| `serial` | Certificate Serial Number | "123..." |
| `service` | Service that handled the request | "example_service@provider" |
| `tls_cipher` | TLS cipher used for the request | "TLS_FALLBACK_SCSV" |
| `tls_version` | TLS version used for the request | "1.0" |
| `url` | Service server url | "http://example.com" |
| <a id="opt-cn" href="#opt-cn" title="#opt-cn">`cn`</a> | Certificate Common Name | "example.com" |
| <a id="opt-code" href="#opt-code" title="#opt-code">`code`</a> | Request code | "200" |
| <a id="opt-entrypoint-2" href="#opt-entrypoint-2" title="#opt-entrypoint-2">`entrypoint`</a> | Entrypoint that handled the request | "example_entrypoint" |
| <a id="opt-method" href="#opt-method" title="#opt-method">`method`</a> | Request Method | "GET" |
| <a id="opt-protocol-2" href="#opt-protocol-2" title="#opt-protocol-2">`protocol`</a> | Request protocol | "http" |
| <a id="opt-router" href="#opt-router" title="#opt-router">`router`</a> | Router that handled the request | "example_router" |
| <a id="opt-sans" href="#opt-sans" title="#opt-sans">`sans`</a> | Certificate Subject Alternative NameS | "example.com" |
| <a id="opt-serial" href="#opt-serial" title="#opt-serial">`serial`</a> | Certificate Serial Number | "123..." |
| <a id="opt-service" href="#opt-service" title="#opt-service">`service`</a> | Service that handled the request | "example_service@provider" |
| <a id="opt-tls-cipher" href="#opt-tls-cipher" title="#opt-tls-cipher">`tls_cipher`</a> | TLS cipher used for the request | "TLS_FALLBACK_SCSV" |
| <a id="opt-tls-version" href="#opt-tls-version" title="#opt-tls-version">`tls_version`</a> | TLS version used for the request | "1.0" |
| <a id="opt-url" href="#opt-url" title="#opt-url">`url`</a> | Service server url | "http://example.com" |
!!! info "`method` label value"

64
docs/content/reference/install-configuration/observability/tracing.md
View File

@@ -36,27 +36,43 @@ tracing: {}
## Configuration Options
| Field | Description | Default | Required |
|:-------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------|:---------|
| `tracing.addInternals` | Enables tracing for internal resources (e.g.: `ping@internal`). | false | No |
| `tracing.serviceName` | Defines the service name resource attribute. | "traefik" | No |
| `tracing.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No |
| `tracing.sampleRate` | The proportion of requests to trace, specified between 0.0 and 1.0. | 1.0 | No |
| `tracing.capturedRequestHeaders` | Defines the list of request headers to add as attributes.<br />It applies to client and server kind spans. | [] | No |
| `tracing.capturedResponseHeaders` | Defines the list of response headers to add as attributes.<br />It applies to client and server kind spans. | [] | False |
| `tracing.safeQueryParams` | By default, all query parameters are redacted.<br />Defines the list of query parameters to not redact. | [] | No |
| `tracing.otlp.http` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `tracing.otlp.http.endpoint` | URL of the OpenTelemetry Collector to send tracing to.<br /> Format="`<scheme>://<host>:<port><path>`" | "http://localhost:4318/v1/tracing" | Yes |
| `tracing.otlp.http.headers` | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | | No |
| `tracing.otlp.http.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
| `tracing.otlp.http.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
| `tracing.otlp.http.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No |
| `tracing.otlp.http.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| `tracing.otlp.grpc` | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC. | false | No |
| `tracing.otlp.grpc.endpoint` | Address of the OpenTelemetry Collector to send tracing to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes |
| `tracing.otlp.grpc.headers` | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | [] | No |
| `tracing.otlp.grpc.insecure` | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
| `tracing.otlp.grpc.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
| `tracing.otlp.grpc.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
| `tracing.otlp.grpc.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No |
| `tracing.otlp.grpc.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| Field | Description | Default | Required |
|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------|:---------|
| <a id="opt-tracing-addInternals" href="#opt-tracing-addInternals" title="#opt-tracing-addInternals">`tracing.addInternals`</a> | Enables tracing for internal resources (e.g.: `ping@internal`). | false | No |
| <a id="opt-tracing-serviceName" href="#opt-tracing-serviceName" title="#opt-tracing-serviceName">`tracing.serviceName`</a> | Defines the service name resource attribute. | "traefik" | No |
| <a id="opt-tracing-resourceAttributes" href="#opt-tracing-resourceAttributes" title="#opt-tracing-resourceAttributes">`tracing.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details. | [] | No |
| <a id="opt-tracing-sampleRate" href="#opt-tracing-sampleRate" title="#opt-tracing-sampleRate">`tracing.sampleRate`</a> | The proportion of requests to trace, specified between 0.0 and 1.0. | 1.0 | No |
| <a id="opt-tracing-capturedRequestHeaders" href="#opt-tracing-capturedRequestHeaders" title="#opt-tracing-capturedRequestHeaders">`tracing.capturedRequestHeaders`</a> | Defines the list of request headers to add as attributes.<br />It applies to client and server kind spans. | [] | No |
| <a id="opt-tracing-capturedResponseHeaders" href="#opt-tracing-capturedResponseHeaders" title="#opt-tracing-capturedResponseHeaders">`tracing.capturedResponseHeaders`</a> | Defines the list of response headers to add as attributes.<br />It applies to client and server kind spans. | [] | False |
| <a id="opt-tracing-safeQueryParams" href="#opt-tracing-safeQueryParams" title="#opt-tracing-safeQueryParams">`tracing.safeQueryParams`</a> | By default, all query parameters are redacted.<br />Defines the list of query parameters to not redact. | [] | No |
| <a id="opt-tracing-otlp-http" href="#opt-tracing-otlp-http" title="#opt-tracing-otlp-http">`tracing.otlp.http`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| <a id="opt-tracing-otlp-http-endpoint" href="#opt-tracing-otlp-http-endpoint" title="#opt-tracing-otlp-http-endpoint">`tracing.otlp.http.endpoint`</a> | URL of the OpenTelemetry Collector to send tracing to.<br /> Format="`<scheme>://<host>:<port><path>`" | "https://localhost:4318/v1/tracing" | Yes |
| <a id="opt-tracing-otlp-http-headers" href="#opt-tracing-otlp-http-headers" title="#opt-tracing-otlp-http-headers">`tracing.otlp.http.headers`</a> | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | | No |
| <a id="opt-tracing-otlp-http-tls-ca" href="#opt-tracing-otlp-http-tls-ca" title="#opt-tracing-otlp-http-tls-ca">`tracing.otlp.http.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
| <a id="opt-tracing-otlp-http-tls-cert" href="#opt-tracing-otlp-http-tls-cert" title="#opt-tracing-otlp-http-tls-cert">`tracing.otlp.http.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
| <a id="opt-tracing-otlp-http-tls-key" href="#opt-tracing-otlp-http-tls-key" title="#opt-tracing-otlp-http-tls-key">`tracing.otlp.http.tls.key`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No |
| <a id="opt-tracing-otlp-http-tls-insecureskipverify" href="#opt-tracing-otlp-http-tls-insecureskipverify" title="#opt-tracing-otlp-http-tls-insecureskipverify">`tracing.otlp.http.tls.insecureskipverify`</a> | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| <a id="opt-tracing-otlp-grpc" href="#opt-tracing-otlp-grpc" title="#opt-tracing-otlp-grpc">`tracing.otlp.grpc`</a> | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC. | false | No |
| <a id="opt-tracing-otlp-grpc-endpoint" href="#opt-tracing-otlp-grpc-endpoint" title="#opt-tracing-otlp-grpc-endpoint">`tracing.otlp.grpc.endpoint`</a> | Address of the OpenTelemetry Collector to send tracing to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes |
| <a id="opt-tracing-otlp-grpc-headers" href="#opt-tracing-otlp-grpc-headers" title="#opt-tracing-otlp-grpc-headers">`tracing.otlp.grpc.headers`</a> | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | [] | No |
| <a id="opt-tracing-otlp-grpc-insecure" href="#opt-tracing-otlp-grpc-insecure" title="#opt-tracing-otlp-grpc-insecure">`tracing.otlp.grpc.insecure`</a> | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
| <a id="opt-tracing-otlp-grpc-tls-ca" href="#opt-tracing-otlp-grpc-tls-ca" title="#opt-tracing-otlp-grpc-tls-ca">`tracing.otlp.grpc.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
| <a id="opt-tracing-otlp-grpc-tls-cert" href="#opt-tracing-otlp-grpc-tls-cert" title="#opt-tracing-otlp-grpc-tls-cert">`tracing.otlp.grpc.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
| <a id="opt-tracing-otlp-grpc-tls-key" href="#opt-tracing-otlp-grpc-tls-key" title="#opt-tracing-otlp-grpc-tls-key">`tracing.otlp.grpc.tls.key`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No |
| <a id="opt-tracing-otlp-grpc-tls-insecureskipverify" href="#opt-tracing-otlp-grpc-tls-insecureskipverify" title="#opt-tracing-otlp-grpc-tls-insecureskipverify">`tracing.otlp.grpc.tls.insecureskipverify`</a> | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
## resourceAttributes
The `resourceAttributes` option allows setting the resource attributes sent along the traces.
Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
!!! info "Kubernetes Resource Attributes Detection"
Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
- `k8s.namespace.name`
- `k8s.pod.uid`
- `k8s.pod.name`
Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
In this case, you should provide the attributes with the option or the env variable.

48
docs/content/reference/install-configuration/providers/docker.md
View File

@@ -40,22 +40,22 @@ services:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.docker.endpoint` | Specifies the Docker API endpoint. See [here](#endpoint) for more information| "unix:///var/run/docker.sock" | Yes |
| `providers.docker.username` | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No |
| `providers.docker.password` | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No |
| `providers.docker.useBindPortIP` | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No |
| `providers.docker.exposedByDefault` | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No |
| `providers.docker.network` | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.docker.network` label.| "" | No |
| `providers.docker.defaultRule` | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.docker.httpClientTimeout` | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No |
| `providers.docker.watch` | Instructs Traefik to watch Docker events or not. | True | No |
| `providers.docker.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.docker.allowEmptyServices` | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| `providers.docker.tls.ca` | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No |
| `providers.docker.tls.cert` | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.docker.tls.key` | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.docker.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-docker-endpoint" href="#opt-providers-docker-endpoint" title="#opt-providers-docker-endpoint">`providers.docker.endpoint`</a> | Specifies the Docker API endpoint. See [here](#endpoint) for more information| "unix:///var/run/docker.sock" | Yes |
| <a id="opt-providers-docker-username" href="#opt-providers-docker-username" title="#opt-providers-docker-username">`providers.docker.username`</a> | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No |
| <a id="opt-providers-docker-password" href="#opt-providers-docker-password" title="#opt-providers-docker-password">`providers.docker.password`</a> | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No |
| <a id="opt-providers-docker-useBindPortIP" href="#opt-providers-docker-useBindPortIP" title="#opt-providers-docker-useBindPortIP">`providers.docker.useBindPortIP`</a> | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No |
| <a id="opt-providers-docker-exposedByDefault" href="#opt-providers-docker-exposedByDefault" title="#opt-providers-docker-exposedByDefault">`providers.docker.exposedByDefault`</a> | Expose containers by default through Traefik. See [here](./overview.md#exposedbydefault-and-traefikenable) for additional information | true | No |
| <a id="opt-providers-docker-network" href="#opt-providers-docker-network" title="#opt-providers-docker-network">`providers.docker.network`</a> | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.docker.network` label.| "" | No |
| <a id="opt-providers-docker-defaultRule" href="#opt-providers-docker-defaultRule" title="#opt-providers-docker-defaultRule">`providers.docker.defaultRule`</a> | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| <a id="opt-providers-docker-httpClientTimeout" href="#opt-providers-docker-httpClientTimeout" title="#opt-providers-docker-httpClientTimeout">`providers.docker.httpClientTimeout`</a> | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No |
| <a id="opt-providers-docker-watch" href="#opt-providers-docker-watch" title="#opt-providers-docker-watch">`providers.docker.watch`</a> | Instructs Traefik to watch Docker events or not. | True | No |
| <a id="opt-providers-docker-constraints" href="#opt-providers-docker-constraints" title="#opt-providers-docker-constraints">`providers.docker.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| <a id="opt-providers-docker-allowEmptyServices" href="#opt-providers-docker-allowEmptyServices" title="#opt-providers-docker-allowEmptyServices">`providers.docker.allowEmptyServices`</a> | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| <a id="opt-providers-docker-tls-ca" href="#opt-providers-docker-tls-ca" title="#opt-providers-docker-tls-ca">`providers.docker.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-docker-tls-cert" href="#opt-providers-docker-tls-cert" title="#opt-providers-docker-tls-cert">`providers.docker.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes |
| <a id="opt-providers-docker-tls-key" href="#opt-providers-docker-tls-key" title="#opt-providers-docker-tls-key">`providers.docker.tls.key`</a> | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-docker-tls-insecureSkipVerify" href="#opt-providers-docker-tls-insecureSkipVerify" title="#opt-providers-docker-tls-insecureSkipVerify">`providers.docker.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `endpoint`
@@ -192,13 +192,13 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that
| port label | Container's binding | Routes to |
|--------------------|----------------------------------------------------|----------------|
| - | - | IntIP:IntPort |
| - | ExtPort:IntPort | IntIP:IntPort |
| - | ExtIp:ExtPort:IntPort | ExtIp:ExtPort |
| LblPort | - | IntIp:LblPort |
| LblPort | ExtIp:ExtPort:LblPort | ExtIp:ExtPort |
| LblPort | ExtIp:ExtPort:OtherPort | IntIp:LblPort |
| LblPort | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
| <a id="opt-row" href="#opt-row" title="#opt-row">-</a> | - | IntIP:IntPort |
| <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">-</a> | ExtPort:IntPort | IntIP:IntPort |
| <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">-</a> | ExtIp:ExtPort:IntPort | ExtIp:ExtPort |
| <a id="opt-LblPort" href="#opt-LblPort" title="#opt-LblPort">LblPort</a> | - | IntIp:LblPort |
| <a id="opt-LblPort-2" href="#opt-LblPort-2" title="#opt-LblPort-2">LblPort</a> | ExtIp:ExtPort:LblPort | ExtIp:ExtPort |
| <a id="opt-LblPort-3" href="#opt-LblPort-3" title="#opt-LblPort-3">LblPort</a> | ExtIp:ExtPort:OtherPort | IntIp:LblPort |
| <a id="opt-LblPort-4" href="#opt-LblPort-4" title="#opt-LblPort-4">LblPort</a> | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
!!! info ""
In the above table:
@@ -306,7 +306,7 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:

58
docs/content/reference/install-configuration/providers/hashicorp/consul-catalog.md
View File

@@ -32,34 +32,34 @@ Attaching tags to services:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.consulCatalog.refreshInterval` | Defines the polling interval.| 15s | No |
| `providers.consulCatalog.prefix` | Defines the prefix for Consul Catalog tags defining Traefik labels.| traefik | yes |
| `providers.consulCatalog.requireConsistent` | Forces the read to be fully consistent. See [here](#requireconsistent) for more information.| false | yes |
| `providers.consulCatalog.exposedByDefault` | Expose Consul Catalog services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery). | true | no |
| `providers.consulCatalog.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.consulCatalog.connectAware` | Enable Consul Connect support. If set to `true`, Traefik will be enabled to communicate with Connect services. | false | No |
| `providers.consulCatalog.connectByDefault` | Consider every service as Connect capable by default. If set to true, Traefik will consider every Consul Catalog service to be Connect capable by default. The option can be overridden on an instance basis with the traefik.consulcatalog.connect tag. | false | No |
| `providers.consulCatalog.serviceName` | Defines the name of the Traefik service in Consul Catalog. | "traefik" | No |
| `providers.consulCatalog.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.consulCatalog.namespaces` | Defines the namespaces to query. See [here](#namespaces) for more information. | "" | no |
| `providers.consulCatalog.stale` | Instruct Traefik to use stale consistency for catalog reads. | false | no |
| `providers.consulCatalog.cache` | Instruct Traefik to use local agent caching for catalog reads. | false | no |
| `providers.consulCatalog.endpoint` | Defines the Consul server endpoint. | - | yes |
| `providers.consulCatalog.endpoint.address` | Defines the address of the Consul server. | 127.0.0.1:8500 | no |
| `providers.consulCatalog.endpoint.scheme` | Defines the URI scheme for the Consul server. | "" | no |
| `providers.consulCatalog.endpoint.datacenter` | Defines the datacenter to use. If not provided in Traefik, Consul uses the default agent datacenter. | "" | no |
| `providers.consulCatalog.endpoint.token` | Defines a per-request ACL token which overwrites the agent's default token. | "" | no |
| `providers.consulCatalog.endpoint.endpointWaitTime` | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | no |
| `providers.consulCatalog.endpoint.httpAuth` | Defines authentication settings for the HTTP client using HTTP Basic Authentication. | N/A | no |
| `providers.consulCatalog.endpoint.httpAuth.username` | Defines the username to use for HTTP Basic Authentication. | "" | no |
| `providers.consulCatalog.endpoint.httpAuth.password` | Defines the password to use for HTTP Basic Authentication. | "" | no |
| `providers.consulCatalog.strictChecks` | Define which [Consul Service health checks](https://developer.hashicorp.com/consul/docs/services/usage/checks#define-initial-health-check-status) are allowed to take on traffic. | "passing,warning" | no |
| `providers.consulCatalog.tls.ca` | Defines the path to the certificate authority used for the secure connection to Consul Calatog, it defaults to the system bundle. | "" | No |
| `providers.consulCatalog.tls.cert` | Defines the path to the public certificate used for the secure connection to Consul Calatog. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.consulCatalog.tls.key` | Defines the path to the private key used for the secure connection to Consul Catalog. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.consulCatalog.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Consul Catalog when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| `providers.consulCatalog.watch` | When set to `true`, watches for Consul changes ([Consul watches checks](https://www.consul.io/docs/dynamic-app-config/watches#checks)). | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-consulCatalog-refreshInterval" href="#opt-providers-consulCatalog-refreshInterval" title="#opt-providers-consulCatalog-refreshInterval">`providers.consulCatalog.refreshInterval`</a> | Defines the polling interval.| 15s | No |
| <a id="opt-providers-consulCatalog-prefix" href="#opt-providers-consulCatalog-prefix" title="#opt-providers-consulCatalog-prefix">`providers.consulCatalog.prefix`</a> | Defines the prefix for Consul Catalog tags defining Traefik labels.| traefik | yes |
| <a id="opt-providers-consulCatalog-requireConsistent" href="#opt-providers-consulCatalog-requireConsistent" title="#opt-providers-consulCatalog-requireConsistent">`providers.consulCatalog.requireConsistent`</a> | Forces the read to be fully consistent. See [here](#requireconsistent) for more information.| false | yes |
| <a id="opt-providers-consulCatalog-exposedByDefault" href="#opt-providers-consulCatalog-exposedByDefault" title="#opt-providers-consulCatalog-exposedByDefault">`providers.consulCatalog.exposedByDefault`</a> | Expose Consul Catalog services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#exposedbydefault-and-traefikenable). | true | no |
| <a id="opt-providers-consulCatalog-defaultRule" href="#opt-providers-consulCatalog-defaultRule" title="#opt-providers-consulCatalog-defaultRule">`providers.consulCatalog.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| <a id="opt-providers-consulCatalog-connectAware" href="#opt-providers-consulCatalog-connectAware" title="#opt-providers-consulCatalog-connectAware">`providers.consulCatalog.connectAware`</a> | Enable Consul Connect support. If set to `true`, Traefik will be enabled to communicate with Connect services. | false | No |
| <a id="opt-providers-consulCatalog-connectByDefault" href="#opt-providers-consulCatalog-connectByDefault" title="#opt-providers-consulCatalog-connectByDefault">`providers.consulCatalog.connectByDefault`</a> | Consider every service as Connect capable by default. If set to true, Traefik will consider every Consul Catalog service to be Connect capable by default. The option can be overridden on an instance basis with the traefik.consulcatalog.connect tag. | false | No |
| <a id="opt-providers-consulCatalog-serviceName" href="#opt-providers-consulCatalog-serviceName" title="#opt-providers-consulCatalog-serviceName">`providers.consulCatalog.serviceName`</a> | Defines the name of the Traefik service in Consul Catalog. | "traefik" | No |
| <a id="opt-providers-consulCatalog-constraints" href="#opt-providers-consulCatalog-constraints" title="#opt-providers-consulCatalog-constraints">`providers.consulCatalog.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| <a id="opt-providers-consulCatalog-namespaces" href="#opt-providers-consulCatalog-namespaces" title="#opt-providers-consulCatalog-namespaces">`providers.consulCatalog.namespaces`</a> | Defines the namespaces to query. See [here](#namespaces) for more information. | "" | no |
| <a id="opt-providers-consulCatalog-stale" href="#opt-providers-consulCatalog-stale" title="#opt-providers-consulCatalog-stale">`providers.consulCatalog.stale`</a> | Instruct Traefik to use stale consistency for catalog reads. | false | no |
| <a id="opt-providers-consulCatalog-cache" href="#opt-providers-consulCatalog-cache" title="#opt-providers-consulCatalog-cache">`providers.consulCatalog.cache`</a> | Instruct Traefik to use local agent caching for catalog reads. | false | no |
| <a id="opt-providers-consulCatalog-endpoint" href="#opt-providers-consulCatalog-endpoint" title="#opt-providers-consulCatalog-endpoint">`providers.consulCatalog.endpoint`</a> | Defines the Consul server endpoint. | - | yes |
| <a id="opt-providers-consulCatalog-endpoint-address" href="#opt-providers-consulCatalog-endpoint-address" title="#opt-providers-consulCatalog-endpoint-address">`providers.consulCatalog.endpoint.address`</a> | Defines the address of the Consul server. | 127.0.0.1:8500 | no |
| <a id="opt-providers-consulCatalog-endpoint-scheme" href="#opt-providers-consulCatalog-endpoint-scheme" title="#opt-providers-consulCatalog-endpoint-scheme">`providers.consulCatalog.endpoint.scheme`</a> | Defines the URI scheme for the Consul server. | "" | no |
| <a id="opt-providers-consulCatalog-endpoint-datacenter" href="#opt-providers-consulCatalog-endpoint-datacenter" title="#opt-providers-consulCatalog-endpoint-datacenter">`providers.consulCatalog.endpoint.datacenter`</a> | Defines the datacenter to use. If not provided in Traefik, Consul uses the default agent datacenter. | "" | no |
| <a id="opt-providers-consulCatalog-endpoint-token" href="#opt-providers-consulCatalog-endpoint-token" title="#opt-providers-consulCatalog-endpoint-token">`providers.consulCatalog.endpoint.token`</a> | Defines a per-request ACL token which overwrites the agent's default token. | "" | no |
| <a id="opt-providers-consulCatalog-endpoint-endpointWaitTime" href="#opt-providers-consulCatalog-endpoint-endpointWaitTime" title="#opt-providers-consulCatalog-endpoint-endpointWaitTime">`providers.consulCatalog.endpoint.endpointWaitTime`</a> | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | no |
| <a id="opt-providers-consulCatalog-endpoint-httpAuth" href="#opt-providers-consulCatalog-endpoint-httpAuth" title="#opt-providers-consulCatalog-endpoint-httpAuth">`providers.consulCatalog.endpoint.httpAuth`</a> | Defines authentication settings for the HTTP client using HTTP Basic Authentication. | N/A | no |
| <a id="opt-providers-consulCatalog-endpoint-httpAuth-username" href="#opt-providers-consulCatalog-endpoint-httpAuth-username" title="#opt-providers-consulCatalog-endpoint-httpAuth-username">`providers.consulCatalog.endpoint.httpAuth.username`</a> | Defines the username to use for HTTP Basic Authentication. | "" | no |
| <a id="opt-providers-consulCatalog-endpoint-httpAuth-password" href="#opt-providers-consulCatalog-endpoint-httpAuth-password" title="#opt-providers-consulCatalog-endpoint-httpAuth-password">`providers.consulCatalog.endpoint.httpAuth.password`</a> | Defines the password to use for HTTP Basic Authentication. | "" | no |
| <a id="opt-providers-consulCatalog-strictChecks" href="#opt-providers-consulCatalog-strictChecks" title="#opt-providers-consulCatalog-strictChecks">`providers.consulCatalog.strictChecks`</a> | Define which [Consul Service health checks](https://developer.hashicorp.com/consul/docs/services/usage/checks#define-initial-health-check-status) are allowed to take on traffic. | "passing,warning" | no |
| <a id="opt-providers-consulCatalog-tls-ca" href="#opt-providers-consulCatalog-tls-ca" title="#opt-providers-consulCatalog-tls-ca">`providers.consulCatalog.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Consul Calatog, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-consulCatalog-tls-cert" href="#opt-providers-consulCatalog-tls-cert" title="#opt-providers-consulCatalog-tls-cert">`providers.consulCatalog.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Consul Calatog. When using this option, setting the `key` option is required. | "" | Yes |
| <a id="opt-providers-consulCatalog-tls-key" href="#opt-providers-consulCatalog-tls-key" title="#opt-providers-consulCatalog-tls-key">`providers.consulCatalog.tls.key`</a> | Defines the path to the private key used for the secure connection to Consul Catalog. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-consulCatalog-tls-insecureSkipVerify" href="#opt-providers-consulCatalog-tls-insecureSkipVerify" title="#opt-providers-consulCatalog-tls-insecureSkipVerify">`providers.consulCatalog.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Consul Catalog when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-consulCatalog-watch" href="#opt-providers-consulCatalog-watch" title="#opt-providers-consulCatalog-watch">`providers.consulCatalog.watch`</a> | When set to `true`, watches for Consul changes ([Consul watches checks](https://www.consul.io/docs/dynamic-app-config/watches#checks)). | false | No |
### `requireConsistent`
@@ -166,7 +166,7 @@ providers:
# ...
```
For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#exposedbydefault-and-traefikenable).
### `namespaces`

24
docs/content/reference/install-configuration/providers/hashicorp/consul.md
View File

@@ -26,18 +26,18 @@ providers:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.consul.endpoints` | Defines the endpoint to access Consul. | "127.0.0.1:8500" | yes |
| `providers.consul.rootKey` | Defines the root key of the configuration. | "traefik" | yes |
| `providers.consul.namespaces` | Defines the namespaces to query. See [here](#namespaces) for more information | "" | no |
| `providers.consul.username` | Defines a username to connect to Consul with. | "" | no |
| `providers.consul.password` | Defines a password with which to connect to Consul. | "" | no |
| `providers.consul.token` | Defines a token with which to connect to Consul. | "" | no |
| `providers.consul.tls` | Defines the TLS configuration used for the secure connection to Consul | - | No |
| `providers.consul.tls.ca` | Defines the path to the certificate authority used for the secure connection to Consul, it defaults to the system bundle. | - | Yes |
| `providers.consul.tls.cert` | Defines the path to the public certificate used for the secure connection to Consul. When using this option, setting the `key` option is required. | - | Yes |
| `providers.consul.tls.key` | Defines the path to the private key used for the secure connection to Consul. When using this option, setting the `cert` option is required. | - | Yes |
| `providers.consul.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Consul when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-consul-endpoints" href="#opt-providers-consul-endpoints" title="#opt-providers-consul-endpoints">`providers.consul.endpoints`</a> | Defines the endpoint to access Consul. | "127.0.0.1:8500" | yes |
| <a id="opt-providers-consul-rootKey" href="#opt-providers-consul-rootKey" title="#opt-providers-consul-rootKey">`providers.consul.rootKey`</a> | Defines the root key of the configuration. | "traefik" | yes |
| <a id="opt-providers-consul-namespaces" href="#opt-providers-consul-namespaces" title="#opt-providers-consul-namespaces">`providers.consul.namespaces`</a> | Defines the namespaces to query. See [here](#namespaces) for more information | "" | no |
| <a id="opt-providers-consul-username" href="#opt-providers-consul-username" title="#opt-providers-consul-username">`providers.consul.username`</a> | Defines a username to connect to Consul with. | "" | no |
| <a id="opt-providers-consul-password" href="#opt-providers-consul-password" title="#opt-providers-consul-password">`providers.consul.password`</a> | Defines a password with which to connect to Consul. | "" | no |
| <a id="opt-providers-consul-token" href="#opt-providers-consul-token" title="#opt-providers-consul-token">`providers.consul.token`</a> | Defines a token with which to connect to Consul. | "" | no |
| <a id="opt-providers-consul-tls" href="#opt-providers-consul-tls" title="#opt-providers-consul-tls">`providers.consul.tls`</a> | Defines the TLS configuration used for the secure connection to Consul | - | No |
| <a id="opt-providers-consul-tls-ca" href="#opt-providers-consul-tls-ca" title="#opt-providers-consul-tls-ca">`providers.consul.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Consul, it defaults to the system bundle. | - | Yes |
| <a id="opt-providers-consul-tls-cert" href="#opt-providers-consul-tls-cert" title="#opt-providers-consul-tls-cert">`providers.consul.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Consul. When using this option, setting the `key` option is required. | - | Yes |
| <a id="opt-providers-consul-tls-key" href="#opt-providers-consul-tls-key" title="#opt-providers-consul-tls-key">`providers.consul.tls.key`</a> | Defines the path to the private key used for the secure connection to Consul. When using this option, setting the `cert` option is required. | - | Yes |
| <a id="opt-providers-consul-tls-insecureSkipVerify" href="#opt-providers-consul-tls-insecureSkipVerify" title="#opt-providers-consul-tls-insecureSkipVerify">`providers.consul.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Consul when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `namespaces`

40
docs/content/reference/install-configuration/providers/hashicorp/nomad.md
View File

@@ -39,25 +39,25 @@ service {
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.nomad.namespaces` | Defines the namespaces in which the nomad services will be discovered.| "" | No |
| `providers.nomad.refreshInterval` | Defines the polling interval. This option is ignored when the `watch` option is enabled | 15s | No |
| `providers.nomad.watch` | Enables the watch mode to refresh the configuration on a per-event basis. | false | No |
| `providers.nomad.throttleDuration` | Defines how often the provider is allowed to handle service events from Nomad. This option is only compatible when the `watch` option is enabled | 0s | No |
| `providers.nomad.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.nomad.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.nomad.exposedByDefault` | Expose Nomad services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No |
| `providers.nomad.allowEmptyServices` | Instructs the provider to create any [servers load balancer](../../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| `providers.nomad.prefix` | Defines the prefix for Nomad service tags defining Traefik labels. | `traefik` | yes |
| `providers.nomad.stale` | Instructs Traefik to use stale consistency for Nomad service API reads. See [here](#stale) for more information | false | No |
| `providers.nomad.endpoint.address` | Defines the Address of the Nomad server. | `http://127.0.0.1:4646` | No |
| `providers.nomad.endpoint.token` | Defines a per-request ACL token if Nomad ACLs are enabled. See [here](#token) for more information | "" | No |
| `providers.nomad.endpoint.endpointWaitTime` | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | No |
| `providers.nomad.endpoint.tls` | Defines the TLS configuration used for the secure connection to the Nomad APi. | - | No |
| `providers.nomad.endpoint.tls.ca` | Defines the path to the certificate authority used for the secure connection to the Nomad API, it defaults to the system bundle. | "" | No |
| `providers.nomad.endpoint.tls.cert` | Defines the path to the public certificate used for the secure connection to the Nomad API. When using this option, setting the `key` option is required. | '" | Yes |
| `providers.nomad.endpoint.tls.key` | Defines the path to the private key used for the secure connection to the Nomad API. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.nomad.endpoint.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Nomad when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-nomad-namespaces" href="#opt-providers-nomad-namespaces" title="#opt-providers-nomad-namespaces">`providers.nomad.namespaces`</a> | Defines the namespaces in which the nomad services will be discovered.| "" | No |
| <a id="opt-providers-nomad-refreshInterval" href="#opt-providers-nomad-refreshInterval" title="#opt-providers-nomad-refreshInterval">`providers.nomad.refreshInterval`</a> | Defines the polling interval. This option is ignored when the `watch` option is enabled | 15s | No |
| <a id="opt-providers-nomad-watch" href="#opt-providers-nomad-watch" title="#opt-providers-nomad-watch">`providers.nomad.watch`</a> | Enables the watch mode to refresh the configuration on a per-event basis. | false | No |
| <a id="opt-providers-nomad-throttleDuration" href="#opt-providers-nomad-throttleDuration" title="#opt-providers-nomad-throttleDuration">`providers.nomad.throttleDuration`</a> | Defines how often the provider is allowed to handle service events from Nomad. This option is only compatible when the `watch` option is enabled | 0s | No |
| <a id="opt-providers-nomad-defaultRule" href="#opt-providers-nomad-defaultRule" title="#opt-providers-nomad-defaultRule">`providers.nomad.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No |
| <a id="opt-providers-nomad-constraints" href="#opt-providers-nomad-constraints" title="#opt-providers-nomad-constraints">`providers.nomad.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| <a id="opt-providers-nomad-exposedByDefault" href="#opt-providers-nomad-exposedByDefault" title="#opt-providers-nomad-exposedByDefault">`providers.nomad.exposedByDefault`</a> | Expose Nomad services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#exposedbydefault-and-traefikenable) for additional information | true | No |
| <a id="opt-providers-nomad-allowEmptyServices" href="#opt-providers-nomad-allowEmptyServices" title="#opt-providers-nomad-allowEmptyServices">`providers.nomad.allowEmptyServices`</a> | Instructs the provider to create any [servers load balancer](../../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| <a id="opt-providers-nomad-prefix" href="#opt-providers-nomad-prefix" title="#opt-providers-nomad-prefix">`providers.nomad.prefix`</a> | Defines the prefix for Nomad service tags defining Traefik labels. | `traefik` | yes |
| <a id="opt-providers-nomad-stale" href="#opt-providers-nomad-stale" title="#opt-providers-nomad-stale">`providers.nomad.stale`</a> | Instructs Traefik to use stale consistency for Nomad service API reads. See [here](#stale) for more information | false | No |
| <a id="opt-providers-nomad-endpoint-address" href="#opt-providers-nomad-endpoint-address" title="#opt-providers-nomad-endpoint-address">`providers.nomad.endpoint.address`</a> | Defines the Address of the Nomad server. | `http://127.0.0.1:4646` | No |
| <a id="opt-providers-nomad-endpoint-token" href="#opt-providers-nomad-endpoint-token" title="#opt-providers-nomad-endpoint-token">`providers.nomad.endpoint.token`</a> | Defines a per-request ACL token if Nomad ACLs are enabled. See [here](#token) for more information | "" | No |
| <a id="opt-providers-nomad-endpoint-endpointWaitTime" href="#opt-providers-nomad-endpoint-endpointWaitTime" title="#opt-providers-nomad-endpoint-endpointWaitTime">`providers.nomad.endpoint.endpointWaitTime`</a> | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | No |
| <a id="opt-providers-nomad-endpoint-tls" href="#opt-providers-nomad-endpoint-tls" title="#opt-providers-nomad-endpoint-tls">`providers.nomad.endpoint.tls`</a> | Defines the TLS configuration used for the secure connection to the Nomad APi. | - | No |
| <a id="opt-providers-nomad-endpoint-tls-ca" href="#opt-providers-nomad-endpoint-tls-ca" title="#opt-providers-nomad-endpoint-tls-ca">`providers.nomad.endpoint.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to the Nomad API, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-nomad-endpoint-tls-cert" href="#opt-providers-nomad-endpoint-tls-cert" title="#opt-providers-nomad-endpoint-tls-cert">`providers.nomad.endpoint.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to the Nomad API. When using this option, setting the `key` option is required. | '" | Yes |
| <a id="opt-providers-nomad-endpoint-tls-key" href="#opt-providers-nomad-endpoint-tls-key" title="#opt-providers-nomad-endpoint-tls-key">`providers.nomad.endpoint.tls.key`</a> | Defines the path to the private key used for the secure connection to the Nomad API. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-nomad-endpoint-tls-insecureSkipVerify" href="#opt-providers-nomad-endpoint-tls-insecureSkipVerify" title="#opt-providers-nomad-endpoint-tls-insecureSkipVerify">`providers.nomad.endpoint.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Nomad when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `namespaces`
@@ -245,7 +245,7 @@ providers:
# ...
```
For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#exposedbydefault-and-traefikenable).
## Routing Configuration

50
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-crd.md
View File

@@ -54,19 +54,19 @@ providers:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesCRD.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesCRD.token` | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesCRD.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesCRD.namespaces` | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No |
| `providers.kubernetesCRD.labelselector` | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| `providers.kubernetesCRD.ingressClass` | Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| `providers.kubernetesCRD.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesCRD.allowEmptyServices` | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| `providers.kubernetesCRD.allowCrossNamespace` | Allows the `IngressRoutes` to reference resources in namespaces other than theirs. | false | No |
| `providers.kubernetesCRD.allowExternalNameServices` | Allows the `IngressRoutes` to reference ExternalName services. | false | No |
| `providers.kubernetesCRD.nativeLBByDefault` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `IngressRoute` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| `providers.kubernetesCRD.disableClusterScopeResources` | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle IngressRoutes with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-kubernetesCRD-endpoint" href="#opt-providers-kubernetesCRD-endpoint" title="#opt-providers-kubernetesCRD-endpoint">`providers.kubernetesCRD.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| <a id="opt-providers-kubernetesCRD-token" href="#opt-providers-kubernetesCRD-token" title="#opt-providers-kubernetesCRD-token">`providers.kubernetesCRD.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesCRD-certAuthFilePath" href="#opt-providers-kubernetesCRD-certAuthFilePath" title="#opt-providers-kubernetesCRD-certAuthFilePath">`providers.kubernetesCRD.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesCRD-namespaces" href="#opt-providers-kubernetesCRD-namespaces" title="#opt-providers-kubernetesCRD-namespaces">`providers.kubernetesCRD.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No |
| <a id="opt-providers-kubernetesCRD-labelselector" href="#opt-providers-kubernetesCRD-labelselector" title="#opt-providers-kubernetesCRD-labelselector">`providers.kubernetesCRD.labelselector`</a> | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| <a id="opt-providers-kubernetesCRD-ingressClass" href="#opt-providers-kubernetesCRD-ingressClass" title="#opt-providers-kubernetesCRD-ingressClass">`providers.kubernetesCRD.ingressClass`</a> | Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| <a id="opt-providers-kubernetesCRD-throttleDuration" href="#opt-providers-kubernetesCRD-throttleDuration" title="#opt-providers-kubernetesCRD-throttleDuration">`providers.kubernetesCRD.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| <a id="opt-providers-kubernetesCRD-allowEmptyServices" href="#opt-providers-kubernetesCRD-allowEmptyServices" title="#opt-providers-kubernetesCRD-allowEmptyServices">`providers.kubernetesCRD.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| <a id="opt-providers-kubernetesCRD-allowCrossNamespace" href="#opt-providers-kubernetesCRD-allowCrossNamespace" title="#opt-providers-kubernetesCRD-allowCrossNamespace">`providers.kubernetesCRD.allowCrossNamespace`</a> | Allows the `IngressRoutes` to reference resources in namespaces other than theirs. | false | No |
| <a id="opt-providers-kubernetesCRD-allowExternalNameServices" href="#opt-providers-kubernetesCRD-allowExternalNameServices" title="#opt-providers-kubernetesCRD-allowExternalNameServices">`providers.kubernetesCRD.allowExternalNameServices`</a> | Allows the `IngressRoutes` to reference ExternalName services. | false | No |
| <a id="opt-providers-kubernetesCRD-nativeLBByDefault" href="#opt-providers-kubernetesCRD-nativeLBByDefault" title="#opt-providers-kubernetesCRD-nativeLBByDefault">`providers.kubernetesCRD.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `IngressRoute` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| <a id="opt-providers-kubernetesCRD-disableClusterScopeResources" href="#opt-providers-kubernetesCRD-disableClusterScopeResources" title="#opt-providers-kubernetesCRD-disableClusterScopeResources">`providers.kubernetesCRD.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle IngressRoutes with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
### endpoint
@@ -108,18 +108,18 @@ See the dedicated section in [routing](../../../../routing/providers/kubernetes-
<!-- markdownlint-disable MD013 -->
| Resource | Purpose |
|--------------------------------------------------|--------------------------------------------------------------------|
| [IngressRoute](../../../../routing/providers/kubernetes-crd.md#kind-ingressroute) | HTTP Routing |
| [Middleware](../../../../middlewares/http/overview.md) | Tweaks the HTTP requests before they are sent to your service |
| [TraefikService](../../../../routing/providers/kubernetes-crd.md#kind-traefikservice) | Abstraction for HTTP loadbalancing/mirroring |
| [TLSOptions](../../../../routing/providers/kubernetes-crd.md#kind-tlsoption) | Allows configuring some parameters of the TLS connection |
| [TLSStores](../../../../routing/providers/kubernetes-crd.md#kind-tlsstore) | Allows configuring the default TLS store |
| [ServersTransport](../../../../routing/providers/kubernetes-crd.md#kind-serverstransport) | Allows configuring the transport between Traefik and the backends |
| [IngressRouteTCP](../../../../routing/providers/kubernetes-crd.md#kind-ingressroutetcp) | TCP Routing |
| [MiddlewareTCP](../../../../routing/providers/kubernetes-crd.md#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service |
| [ServersTransportTCP](../../../../routing/providers/kubernetes-crd.md#kind-serverstransporttc) | Allows configuring the transport between Traefik and the backends |
| [IngressRouteUDP](../../../../routing/providers/kubernetes-crd.md#kind-ingressrouteudp) | UDP Routing |
| Resource | Purpose |
|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|
| <a id="opt-IngressRoute" href="#opt-IngressRoute" title="#opt-IngressRoute">[IngressRoute](../../../routing-configuration/kubernetes/crd/http/ingressroute.md)</a> | HTTP Routing |
| <a id="opt-Middleware" href="#opt-Middleware" title="#opt-Middleware">[Middleware](../../../routing-configuration/kubernetes/crd/http/middleware.md)</a> | Tweaks the HTTP requests before they are sent to your service |
| <a id="opt-TraefikService" href="#opt-TraefikService" title="#opt-TraefikService">[TraefikService](../../../routing-configuration/kubernetes/crd/http/traefikservice.md)</a> | Abstraction for HTTP loadbalancing/mirroring |
| <a id="opt-TLSOptions" href="#opt-TLSOptions" title="#opt-TLSOptions">[TLSOptions](../../../routing-configuration/kubernetes/crd/tls/tlsoption.md)</a> | Allows configuring some parameters of the TLS connection |
| <a id="opt-TLSStores" href="#opt-TLSStores" title="#opt-TLSStores">[TLSStores](../../../routing-configuration/kubernetes/crd/tls/tlsstore.md)</a> | Allows configuring the default TLS store |
| <a id="opt-ServersTransport" href="#opt-ServersTransport" title="#opt-ServersTransport">[ServersTransport](../../../routing-configuration/kubernetes/crd/http/serverstransport.md)</a> | Allows configuring the transport between Traefik and the backends |
| <a id="opt-IngressRouteTCP" href="#opt-IngressRouteTCP" title="#opt-IngressRouteTCP">[IngressRouteTCP](../../../routing-configuration/kubernetes/crd/tcp/ingressroutetcp.md)</a> | TCP Routing |
| <a id="opt-MiddlewareTCP" href="#opt-MiddlewareTCP" title="#opt-MiddlewareTCP">[MiddlewareTCP](../../../routing-configuration/kubernetes/crd/tcp/middlewaretcp.md)</a> | Tweaks the TCP requests before they are sent to your service |
| <a id="opt-ServersTransportTCP" href="#opt-ServersTransportTCP" title="#opt-ServersTransportTCP">[ServersTransportTCP](../../../routing-configuration/kubernetes/crd/tcp/serverstransporttcp.md)</a> | Allows configuring the transport between Traefik and the backends |
| <a id="opt-IngressRouteUDP" href="#opt-IngressRouteUDP" title="#opt-IngressRouteUDP">[IngressRouteUDP](../../../routing-configuration/kubernetes/crd/udp/ingressrouteudp.md)</a> | UDP Routing |
## Particularities

26
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-gateway.md
View File

@@ -69,19 +69,19 @@ providers:
| Field | Description | Default | Required |
|:----------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesGateway.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesGateway.experimentalChannel` | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute` and `TLSRoute`) | false | No |
| `providers.kubernetesGateway.token` | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesGateway.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesGateway.namespaces` | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No |
| `providers.kubernetesGateway.labelselector` | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](./kubernetes-crd.md#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| `providers.kubernetesGateway.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesGateway.nativeLBByDefault` | Defines whether to use Native Kubernetes load-balancing mode by default. For more information, please check out the `traefik.io/service.nativelb` service annotation documentation. | false | No |
| `providers.kubernetesGateway.`<br />`statusAddress.hostname` | Hostname copied to the Gateway `status.addresses`. | "" | No |
| `providers.kubernetesGateway.`<br />`statusAddress.ip` | IP address copied to the Gateway `status.addresses`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| `providers.kubernetesGateway.`<br />`statusAddress.service.namespace` | The namespace of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No |
| `providers.kubernetesGateway.`<br />`statusAddress.service.name` | The name of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-kubernetesGateway-endpoint" href="#opt-providers-kubernetesGateway-endpoint" title="#opt-providers-kubernetesGateway-endpoint">`providers.kubernetesGateway.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| <a id="opt-providers-kubernetesGateway-experimentalChannel" href="#opt-providers-kubernetesGateway-experimentalChannel" title="#opt-providers-kubernetesGateway-experimentalChannel">`providers.kubernetesGateway.experimentalChannel`</a> | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute` and `TLSRoute`) | false | No |
| <a id="opt-providers-kubernetesGateway-token" href="#opt-providers-kubernetesGateway-token" title="#opt-providers-kubernetesGateway-token">`providers.kubernetesGateway.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesGateway-certAuthFilePath" href="#opt-providers-kubernetesGateway-certAuthFilePath" title="#opt-providers-kubernetesGateway-certAuthFilePath">`providers.kubernetesGateway.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesGateway-namespaces" href="#opt-providers-kubernetesGateway-namespaces" title="#opt-providers-kubernetesGateway-namespaces">`providers.kubernetesGateway.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No |
| <a id="opt-providers-kubernetesGateway-labelselector" href="#opt-providers-kubernetesGateway-labelselector" title="#opt-providers-kubernetesGateway-labelselector">`providers.kubernetesGateway.labelselector`</a> | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](./kubernetes-crd.md#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| <a id="opt-providers-kubernetesGateway-throttleDuration" href="#opt-providers-kubernetesGateway-throttleDuration" title="#opt-providers-kubernetesGateway-throttleDuration">`providers.kubernetesGateway.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| <a id="opt-providers-kubernetesGateway-nativeLBByDefault" href="#opt-providers-kubernetesGateway-nativeLBByDefault" title="#opt-providers-kubernetesGateway-nativeLBByDefault">`providers.kubernetesGateway.nativeLBByDefault`</a> | Defines whether to use Native Kubernetes load-balancing mode by default. For more information, please check out the `traefik.io/service.nativelb` service annotation documentation. | false | No |
| <a id="opt-providers-kubernetesGateway-statusAddress-hostname" href="#opt-providers-kubernetesGateway-statusAddress-hostname" title="#opt-providers-kubernetesGateway-statusAddress-hostname">`providers.kubernetesGateway.`<br />`statusAddress.hostname`</a> | Hostname copied to the Gateway `status.addresses`. | "" | No |
| <a id="opt-providers-kubernetesGateway-statusAddress-ip" href="#opt-providers-kubernetesGateway-statusAddress-ip" title="#opt-providers-kubernetesGateway-statusAddress-ip">`providers.kubernetesGateway.`<br />`statusAddress.ip`</a> | IP address copied to the Gateway `status.addresses`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| <a id="opt-providers-kubernetesGateway-statusAddress-service-namespace" href="#opt-providers-kubernetesGateway-statusAddress-service-namespace" title="#opt-providers-kubernetesGateway-statusAddress-service-namespace">`providers.kubernetesGateway.`<br />`statusAddress.service.namespace`</a> | The namespace of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No |
| <a id="opt-providers-kubernetesGateway-statusAddress-service-name" href="#opt-providers-kubernetesGateway-statusAddress-service-name" title="#opt-providers-kubernetesGateway-statusAddress-service-name">`providers.kubernetesGateway.`<br />`statusAddress.service.name`</a> | The name of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No |
<!-- markdownlint-enable MD013 -->

30
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md
View File

@@ -49,21 +49,21 @@ which in turn creates the resulting routers, services, handlers, etc.
| Field | Description | Default | Required |
|:------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesIngressNGINX.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesIngressNGINX.token` | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngressNGINX.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngressNGINX.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesIngressNGINX.watchNamespace` | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | "" | No |
| `providers.kubernetesIngressNGINX.watchNamespaceSelector` | Selector selects namespaces the controller watches for updates to Kubernetes objects. | "" | No |
| `providers.kubernetesIngressNGINX.ingressClass` | Name of the ingress class this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.controllerClass` | Ingress Class Controller value this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.watchIngressWithoutClass` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false | No |
| `providers.kubernetesIngressNGINX.ingressClassByName` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false | No |
| `providers.kubernetesIngressNGINX.publishService` | Service fronting the Ingress controller. Takes the form namespace/name. | "" | No |
| `providers.kubernetesIngressNGINX.publishStatusAddress` | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.defaultBackendService` | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | "" | No |
| `providers.kubernetesIngressNGINX.disableSvcExternalName` | Disable support for Services of type ExternalName. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-kubernetesIngressNGINX-endpoint" href="#opt-providers-kubernetesIngressNGINX-endpoint" title="#opt-providers-kubernetesIngressNGINX-endpoint">`providers.kubernetesIngressNGINX.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-token" href="#opt-providers-kubernetesIngressNGINX-token" title="#opt-providers-kubernetesIngressNGINX-token">`providers.kubernetesIngressNGINX.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-certAuthFilePath" href="#opt-providers-kubernetesIngressNGINX-certAuthFilePath" title="#opt-providers-kubernetesIngressNGINX-certAuthFilePath">`providers.kubernetesIngressNGINX.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-throttleDuration" href="#opt-providers-kubernetesIngressNGINX-throttleDuration" title="#opt-providers-kubernetesIngressNGINX-throttleDuration">`providers.kubernetesIngressNGINX.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| <a id="opt-providers-kubernetesIngressNGINX-watchNamespace" href="#opt-providers-kubernetesIngressNGINX-watchNamespace" title="#opt-providers-kubernetesIngressNGINX-watchNamespace">`providers.kubernetesIngressNGINX.watchNamespace`</a> | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-watchNamespaceSelector" href="#opt-providers-kubernetesIngressNGINX-watchNamespaceSelector" title="#opt-providers-kubernetesIngressNGINX-watchNamespaceSelector">`providers.kubernetesIngressNGINX.watchNamespaceSelector`</a> | Selector selects namespaces the controller watches for updates to Kubernetes objects. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-ingressClass" href="#opt-providers-kubernetesIngressNGINX-ingressClass" title="#opt-providers-kubernetesIngressNGINX-ingressClass">`providers.kubernetesIngressNGINX.ingressClass`</a> | Name of the ingress class this controller satisfies. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-controllerClass" href="#opt-providers-kubernetesIngressNGINX-controllerClass" title="#opt-providers-kubernetesIngressNGINX-controllerClass">`providers.kubernetesIngressNGINX.controllerClass`</a> | Ingress Class Controller value this controller satisfies. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-watchIngressWithoutClass" href="#opt-providers-kubernetesIngressNGINX-watchIngressWithoutClass" title="#opt-providers-kubernetesIngressNGINX-watchIngressWithoutClass">`providers.kubernetesIngressNGINX.watchIngressWithoutClass`</a> | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false | No |
| <a id="opt-providers-kubernetesIngressNGINX-ingressClassByName" href="#opt-providers-kubernetesIngressNGINX-ingressClassByName" title="#opt-providers-kubernetesIngressNGINX-ingressClassByName">`providers.kubernetesIngressNGINX.ingressClassByName`</a> | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false | No |
| <a id="opt-providers-kubernetesIngressNGINX-publishService" href="#opt-providers-kubernetesIngressNGINX-publishService" title="#opt-providers-kubernetesIngressNGINX-publishService">`providers.kubernetesIngressNGINX.publishService`</a> | Service fronting the Ingress controller. Takes the form namespace/name. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-publishStatusAddress" href="#opt-providers-kubernetesIngressNGINX-publishStatusAddress" title="#opt-providers-kubernetesIngressNGINX-publishStatusAddress">`providers.kubernetesIngressNGINX.publishStatusAddress`</a> | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-defaultBackendService" href="#opt-providers-kubernetesIngressNGINX-defaultBackendService" title="#opt-providers-kubernetesIngressNGINX-defaultBackendService">`providers.kubernetesIngressNGINX.defaultBackendService`</a> | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | "" | No |
| <a id="opt-providers-kubernetesIngressNGINX-disableSvcExternalName" href="#opt-providers-kubernetesIngressNGINX-disableSvcExternalName" title="#opt-providers-kubernetesIngressNGINX-disableSvcExternalName">`providers.kubernetesIngressNGINX.disableSvcExternalName`</a> | Disable support for Services of type ExternalName. | false | No |
<!-- markdownlint-enable MD013 -->

54
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress.md
View File

@@ -3,7 +3,7 @@ title: "Traefik Kubernetes Ingress Documentation"
description: "Understand the requirements, routing configuration, and how to set up Traefik Proxy as your Kubernetes Ingress Controller. Read the technical documentation."
---
# Traefik & Kubernetes
# Traefik & Kubernetes
The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; i.e,
it manages access to cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
@@ -42,28 +42,29 @@ and derives the corresponding dynamic configuration from it,
which in turn creates the resulting routers, services, handlers, etc.
## Configuration Options
<!-- markdownlint-disable MD013 -->
| Field | Description | Default | Required |
|:-----------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesIngress.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesIngress.token` | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngress.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesCRD.namespaces` | Array of namespaces to watch.<br />If left empty, watch all namespaces. | | No |
| `providers.kubernetesIngress.labelselector` | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| `providers.kubernetesIngress.ingressClass` | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| `providers.kubernetesIngress.disableIngressClassLookup` | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option. | false | No |
| `providers.kubernetesIngress.`<br />`ingressEndpoint.hostname` | Hostname used for Kubernetes Ingress endpoints. | "" | No |
| `providers.kubernetesIngress.`<br />`ingressEndpoint.ip` | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| `providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService` | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice). | "" | No |
| `providers.kubernetesIngress.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesIngress.allowEmptyServices` | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| `providers.kubernetesIngress.allowCrossNamespace` | Allows the `Ingress` to reference resources in namespaces other than theirs. | false | No |
| `providers.kubernetesIngress.allowExternalNameServices` | Allows the `Ingress` to reference ExternalName services. | false | No |
| `providers.kubernetesIngress.nativeLBByDefault` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| `providers.kubernetesIngress.disableClusterScopeResources` | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
| `providers.kubernetesIngress.strictPrefixMatching` | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`. | false | No |
| Field | Description | Default | Required |
| :------------------------------------------------------------------ | :------------- | :------ | :------- |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-kubernetesIngress-endpoint" href="#opt-providers-kubernetesIngress-endpoint" title="#opt-providers-kubernetesIngress-endpoint">`providers.kubernetesIngress.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| <a id="opt-providers-kubernetesIngress-token" href="#opt-providers-kubernetesIngress-token" title="#opt-providers-kubernetesIngress-token">`providers.kubernetesIngress.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesIngress-certAuthFilePath" href="#opt-providers-kubernetesIngress-certAuthFilePath" title="#opt-providers-kubernetesIngress-certAuthFilePath">`providers.kubernetesIngress.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| <a id="opt-providers-kubernetesIngress-namespaces" href="#opt-providers-kubernetesIngress-namespaces" title="#opt-providers-kubernetesIngress-namespaces">`providers.kubernetesIngress.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | | No |
| <a id="opt-providers-kubernetesIngress-labelselector" href="#opt-providers-kubernetesIngress-labelselector" title="#opt-providers-kubernetesIngress-labelselector">`providers.kubernetesIngress.labelselector`</a> | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| <a id="opt-providers-kubernetesIngress-ingressClass" href="#opt-providers-kubernetesIngress-ingressClass" title="#opt-providers-kubernetesIngress-ingressClass">`providers.kubernetesIngress.ingressClass`</a> | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| <a id="opt-providers-kubernetesIngress-disableIngressClassLookup" href="#opt-providers-kubernetesIngress-disableIngressClassLookup" title="#opt-providers-kubernetesIngress-disableIngressClassLookup">`providers.kubernetesIngress.disableIngressClassLookup`</a> | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option. | false | No |
| <a id="opt-providers-kubernetesIngress-ingressEndpoint-hostname" href="#opt-providers-kubernetesIngress-ingressEndpoint-hostname" title="#opt-providers-kubernetesIngress-ingressEndpoint-hostname">`providers.kubernetesIngress.`<br />`ingressEndpoint.hostname`</a> | Hostname used for Kubernetes Ingress endpoints. | "" | No |
| <a id="opt-providers-kubernetesIngress-ingressEndpoint-ip" href="#opt-providers-kubernetesIngress-ingressEndpoint-ip" title="#opt-providers-kubernetesIngress-ingressEndpoint-ip">`providers.kubernetesIngress.`<br />`ingressEndpoint.ip`</a> | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| <a id="opt-providers-kubernetesIngress-ingressEndpoint-publishedService" href="#opt-providers-kubernetesIngress-ingressEndpoint-publishedService" title="#opt-providers-kubernetesIngress-ingressEndpoint-publishedService">`providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService`</a> | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice). | "" | No |
| <a id="opt-providers-kubernetesIngress-throttleDuration" href="#opt-providers-kubernetesIngress-throttleDuration" title="#opt-providers-kubernetesIngress-throttleDuration">`providers.kubernetesIngress.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| <a id="opt-providers-kubernetesIngress-allowEmptyServices" href="#opt-providers-kubernetesIngress-allowEmptyServices" title="#opt-providers-kubernetesIngress-allowEmptyServices">`providers.kubernetesIngress.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| <a id="opt-providers-kubernetesIngress-allowCrossNamespace" href="#opt-providers-kubernetesIngress-allowCrossNamespace" title="#opt-providers-kubernetesIngress-allowCrossNamespace">`providers.kubernetesIngress.allowCrossNamespace`</a> | Allows the `Ingress` to reference resources in namespaces other than theirs. | false | No |
| <a id="opt-providers-kubernetesIngress-allowExternalNameServices" href="#opt-providers-kubernetesIngress-allowExternalNameServices" title="#opt-providers-kubernetesIngress-allowExternalNameServices">`providers.kubernetesIngress.allowExternalNameServices`</a> | Allows the `Ingress` to reference ExternalName services. | false | No |
| <a id="opt-providers-kubernetesIngress-nativeLBByDefault" href="#opt-providers-kubernetesIngress-nativeLBByDefault" title="#opt-providers-kubernetesIngress-nativeLBByDefault">`providers.kubernetesIngress.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| <a id="opt-providers-kubernetesIngress-disableClusterScopeResources" href="#opt-providers-kubernetesIngress-disableClusterScopeResources" title="#opt-providers-kubernetesIngress-disableClusterScopeResources">`providers.kubernetesIngress.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
| <a id="opt-providers-kubernetesIngress-strictPrefixMatching" href="#opt-providers-kubernetesIngress-strictPrefixMatching" title="#opt-providers-kubernetesIngress-strictPrefixMatching">`providers.kubernetesIngress.strictPrefixMatching`</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`. | false | No |
<!-- markdownlint-enable MD013 -->
@@ -81,7 +82,7 @@ Both are mounted automatically when deployed inside Kubernetes.
The endpoint may be specified to override the environment variable values inside
a cluster.
When the environment variables are not found, Traefik tries to connect to the
When the environment variables are not found, Traefik tries to connect to the
Kubernetes API server with an external-cluster client.
In this case, the endpoint is required.
@@ -105,7 +106,7 @@ providers:
--providers.kubernetesingress.endpoint=http://localhost:8080
```
### `ingressEndpoint.publishedService`
### `ingressEndpoint.publishedService`
Format: `namespace/servicename`.
@@ -136,17 +137,16 @@ providers:
--providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
```
## Routing Configuration
See the dedicated section in [routing](../../../../routing/providers/kubernetes-ingress.md).
## Further
To learn more about the various aspects of the Ingress specification that
To learn more about the various aspects of the Ingress specification that
Traefik supports,
many examples of Ingresses definitions are located in the test
[examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures)
many examples of Ingresses definitions are located in the test
[examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures)
of the Traefik repository.
{!traefik-for-business-applications.md!}

20
docs/content/reference/install-configuration/providers/kv/etcd.md
View File

@@ -26,16 +26,16 @@ providers:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.etcd.endpoints` | Defines the endpoint to access etcd. | "127.0.0.1:2379" | Yes |
| `providers.etcd.rootKey` | Defines the root key for the configuration. | "traefik" | Yes |
| `providers.etcd.username` | Defines a username with which to connect to etcd. | "" | No |
| `providers.etcd.password` | Defines a password for connecting to etcd. | "" | No |
| `providers.etcd.tls` | Defines the TLS configuration used for the secure connection to etcd. | - | No |
| `providers.etcd.tls.ca` | Defines the path to the certificate authority used for the secure connection to etcd, it defaults to the system bundle. | "" | No |
| `providers.etcd.tls.cert` | Defines the path to the public certificate used for the secure connection to etcd. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.etcd.tls.key` | Defines the path to the private key used for the secure connection to etcd. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.etcd.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-etcd-endpoints" href="#opt-providers-etcd-endpoints" title="#opt-providers-etcd-endpoints">`providers.etcd.endpoints`</a> | Defines the endpoint to access etcd. | "127.0.0.1:2379" | Yes |
| <a id="opt-providers-etcd-rootKey" href="#opt-providers-etcd-rootKey" title="#opt-providers-etcd-rootKey">`providers.etcd.rootKey`</a> | Defines the root key for the configuration. | "traefik" | Yes |
| <a id="opt-providers-etcd-username" href="#opt-providers-etcd-username" title="#opt-providers-etcd-username">`providers.etcd.username`</a> | Defines a username with which to connect to etcd. | "" | No |
| <a id="opt-providers-etcd-password" href="#opt-providers-etcd-password" title="#opt-providers-etcd-password">`providers.etcd.password`</a> | Defines a password for connecting to etcd. | "" | No |
| <a id="opt-providers-etcd-tls" href="#opt-providers-etcd-tls" title="#opt-providers-etcd-tls">`providers.etcd.tls`</a> | Defines the TLS configuration used for the secure connection to etcd. | - | No |
| <a id="opt-providers-etcd-tls-ca" href="#opt-providers-etcd-tls-ca" title="#opt-providers-etcd-tls-ca">`providers.etcd.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to etcd, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-etcd-tls-cert" href="#opt-providers-etcd-tls-cert" title="#opt-providers-etcd-tls-cert">`providers.etcd.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to etcd. When using this option, setting the `key` option is required. | "" | Yes |
| <a id="opt-providers-etcd-tls-key" href="#opt-providers-etcd-tls-key" title="#opt-providers-etcd-tls-key">`providers.etcd.tls.key`</a> | Defines the path to the private key used for the secure connection to etcd. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-etcd-tls-insecureSkipVerify" href="#opt-providers-etcd-tls-insecureSkipVerify" title="#opt-providers-etcd-tls-insecureSkipVerify">`providers.etcd.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
## Routing Configuration

38
docs/content/reference/install-configuration/providers/kv/redis.md
View File

@@ -26,25 +26,25 @@ providers:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.redis.endpoints` | Defines the endpoint to access Redis. | "127.0.0.1:6379" | Yes |
| `providers.redis.rootKey` | Defines the root key for the configuration. | "traefik" | Yes |
| `providers.redis.username` | Defines a username for connecting to Redis. | "" | No |
| `providers.redis.password` | Defines a password for connecting to Redis. | "" | No |
| `providers.redis.db` | Defines the database to be selected after connecting to the Redis. | 0 | No |
| `providers.redis.tls` | Defines the TLS configuration used for the secure connection to Redis. | - | No |
| `providers.redis.tls.ca` | Defines the path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle. | "" | No |
| `providers.redis.tls.cert` | Defines the path to the public certificate used for the secure connection to Redis. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.redis.tls.key` | Defines the path to the private key used for the secure connection to Redis. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.redis.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Redis when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| `providers.redis.sentinel` | Defines the Sentinel configuration used to interact with Redis Sentinel. | - | No |
| `providers.redis.sentinel.masterName` | Defines the name of the Sentinel master. | "" | Yes |
| `providers.redis.sentinel.username` | Defines the username for Sentinel authentication. | "" | No |
| `providers.redis.sentinel.password` | Defines the password for Sentinel authentication. | "" | No |
| `providers.redis.sentinel.latencyStrategy` | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false | No |
| `providers.redis.sentinel.randomStrategy` | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No |
| `providers.redis.sentinel.replicaStrategy` | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No |
| `providers.redis.sentinel.useDisconnectedReplicas` | Defines whether to use replicas disconnected with master when cannot get connected replicas. | false | false |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-redis-endpoints" href="#opt-providers-redis-endpoints" title="#opt-providers-redis-endpoints">`providers.redis.endpoints`</a> | Defines the endpoint to access Redis. | "127.0.0.1:6379" | Yes |
| <a id="opt-providers-redis-rootKey" href="#opt-providers-redis-rootKey" title="#opt-providers-redis-rootKey">`providers.redis.rootKey`</a> | Defines the root key for the configuration. | "traefik" | Yes |
| <a id="opt-providers-redis-username" href="#opt-providers-redis-username" title="#opt-providers-redis-username">`providers.redis.username`</a> | Defines a username for connecting to Redis. | "" | No |
| <a id="opt-providers-redis-password" href="#opt-providers-redis-password" title="#opt-providers-redis-password">`providers.redis.password`</a> | Defines a password for connecting to Redis. | "" | No |
| <a id="opt-providers-redis-db" href="#opt-providers-redis-db" title="#opt-providers-redis-db">`providers.redis.db`</a> | Defines the database to be selected after connecting to the Redis. | 0 | No |
| <a id="opt-providers-redis-tls" href="#opt-providers-redis-tls" title="#opt-providers-redis-tls">`providers.redis.tls`</a> | Defines the TLS configuration used for the secure connection to Redis. | - | No |
| <a id="opt-providers-redis-tls-ca" href="#opt-providers-redis-tls-ca" title="#opt-providers-redis-tls-ca">`providers.redis.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-redis-tls-cert" href="#opt-providers-redis-tls-cert" title="#opt-providers-redis-tls-cert">`providers.redis.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Redis. When using this option, setting the `key` option is required. | "" | Yes |
| <a id="opt-providers-redis-tls-key" href="#opt-providers-redis-tls-key" title="#opt-providers-redis-tls-key">`providers.redis.tls.key`</a> | Defines the path to the private key used for the secure connection to Redis. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-redis-tls-insecureSkipVerify" href="#opt-providers-redis-tls-insecureSkipVerify" title="#opt-providers-redis-tls-insecureSkipVerify">`providers.redis.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Redis when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-redis-sentinel" href="#opt-providers-redis-sentinel" title="#opt-providers-redis-sentinel">`providers.redis.sentinel`</a> | Defines the Sentinel configuration used to interact with Redis Sentinel. | - | No |
| <a id="opt-providers-redis-sentinel-masterName" href="#opt-providers-redis-sentinel-masterName" title="#opt-providers-redis-sentinel-masterName">`providers.redis.sentinel.masterName`</a> | Defines the name of the Sentinel master. | "" | Yes |
| <a id="opt-providers-redis-sentinel-username" href="#opt-providers-redis-sentinel-username" title="#opt-providers-redis-sentinel-username">`providers.redis.sentinel.username`</a> | Defines the username for Sentinel authentication. | "" | No |
| <a id="opt-providers-redis-sentinel-password" href="#opt-providers-redis-sentinel-password" title="#opt-providers-redis-sentinel-password">`providers.redis.sentinel.password`</a> | Defines the password for Sentinel authentication. | "" | No |
| <a id="opt-providers-redis-sentinel-latencyStrategy" href="#opt-providers-redis-sentinel-latencyStrategy" title="#opt-providers-redis-sentinel-latencyStrategy">`providers.redis.sentinel.latencyStrategy`</a> | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false | No |
| <a id="opt-providers-redis-sentinel-randomStrategy" href="#opt-providers-redis-sentinel-randomStrategy" title="#opt-providers-redis-sentinel-randomStrategy">`providers.redis.sentinel.randomStrategy`</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No |
| <a id="opt-providers-redis-sentinel-replicaStrategy" href="#opt-providers-redis-sentinel-replicaStrategy" title="#opt-providers-redis-sentinel-replicaStrategy">`providers.redis.sentinel.replicaStrategy`</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No |
| <a id="opt-providers-redis-sentinel-useDisconnectedReplicas" href="#opt-providers-redis-sentinel-useDisconnectedReplicas" title="#opt-providers-redis-sentinel-useDisconnectedReplicas">`providers.redis.sentinel.useDisconnectedReplicas`</a> | Defines whether to use replicas disconnected with master when cannot get connected replicas. | false | false |
## Routing Configuration

20
docs/content/reference/install-configuration/providers/kv/zk.md
View File

@@ -26,16 +26,16 @@ providers:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.zooKeeper.endpoints` | Defines the endpoint to access ZooKeeper. | "127.0.0.1:2181" | Yes |
| `providers.zooKeeper.rootKey` | Defines the root key for the configuration. | "traefik" | Yes |
| `providers.zooKeeper.username` | Defines a username with which to connect to zooKeeper. | "" | No |
| `providers.zooKeeper.password` | Defines a password for connecting to zooKeeper. | "" | No |
| `providers.zooKeeper.tls` | Defines the TLS configuration used for the secure connection to zooKeeper. | - | No |
| `providers.zooKeeper.tls.ca` | Defines the path to the certificate authority used for the secure connection to zooKeeper, it defaults to the system bundle. | "" | No |
| `providers.zooKeeper.tls.cert` | Defines the path to the public certificate used for the secure connection to zooKeeper. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.zooKeeper.tls.key` | Defines the path to the private key used for the secure connection to zooKeeper. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.zooKeeper.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-zooKeeper-endpoints" href="#opt-providers-zooKeeper-endpoints" title="#opt-providers-zooKeeper-endpoints">`providers.zooKeeper.endpoints`</a> | Defines the endpoint to access ZooKeeper. | "127.0.0.1:2181" | Yes |
| <a id="opt-providers-zooKeeper-rootKey" href="#opt-providers-zooKeeper-rootKey" title="#opt-providers-zooKeeper-rootKey">`providers.zooKeeper.rootKey`</a> | Defines the root key for the configuration. | "traefik" | Yes |
| <a id="opt-providers-zooKeeper-username" href="#opt-providers-zooKeeper-username" title="#opt-providers-zooKeeper-username">`providers.zooKeeper.username`</a> | Defines a username with which to connect to zooKeeper. | "" | No |
| <a id="opt-providers-zooKeeper-password" href="#opt-providers-zooKeeper-password" title="#opt-providers-zooKeeper-password">`providers.zooKeeper.password`</a> | Defines a password for connecting to zooKeeper. | "" | No |
| <a id="opt-providers-zooKeeper-tls" href="#opt-providers-zooKeeper-tls" title="#opt-providers-zooKeeper-tls">`providers.zooKeeper.tls`</a> | Defines the TLS configuration used for the secure connection to zooKeeper. | - | No |
| <a id="opt-providers-zooKeeper-tls-ca" href="#opt-providers-zooKeeper-tls-ca" title="#opt-providers-zooKeeper-tls-ca">`providers.zooKeeper.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to zooKeeper, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-zooKeeper-tls-cert" href="#opt-providers-zooKeeper-tls-cert" title="#opt-providers-zooKeeper-tls-cert">`providers.zooKeeper.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to zooKeeper. When using this option, setting the `key` option is required. | "" | Yes |
| <a id="opt-providers-zooKeeper-tls-key" href="#opt-providers-zooKeeper-tls-key" title="#opt-providers-zooKeeper-tls-key">`providers.zooKeeper.tls.key`</a> | Defines the path to the private key used for the secure connection to zooKeeper. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-zooKeeper-tls-insecureSkipVerify" href="#opt-providers-zooKeeper-tls-insecureSkipVerify" title="#opt-providers-zooKeeper-tls-insecureSkipVerify">`providers.zooKeeper.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
## Routing Configuration

26
docs/content/reference/install-configuration/providers/others/ecs.md
View File

@@ -26,18 +26,18 @@ providers:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.ecs.autoDiscoverClusters` | Search for services in cluster list. If set to `true` service discovery is enabled for all clusters. | false | No |
| `providers.ecs.ecsAnywhere` | Enable ECS Anywhere support. | false | No |
| `providers.ecs.clusters` | Search for services in cluster list. This option is ignored if `autoDiscoverClusters` is set to `true`. | `["default"]` | No |
| `providers.ecs.exposedByDefault` | Expose ECS services by default in Traefik. | true | No |
| `providers.ecs.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | true | No |
| `providers.ecs.healthyTasksOnly` | Defines whether Traefik discovers only healthy tasks (`HEALTHY` healthStatus). | false | No |
| `providers.ecs.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.ecs.refreshSeconds` | Defines the polling interval (in seconds). | 15 | No |
| `providers.ecs.region` | Defines the region of the ECS instance. See [here](#credentials) for more information. | "" | No |
| `providers.ecs.accessKeyID` | Defines the Access Key ID for the ECS instance. See [here](#credentials) for more information. | "" | No |
| `providers.ecs.secretAccessKey` | Defines the Secret Access Key for the ECS instance. See [here](#credentials) for more information. | "" | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-ecs-autoDiscoverClusters" href="#opt-providers-ecs-autoDiscoverClusters" title="#opt-providers-ecs-autoDiscoverClusters">`providers.ecs.autoDiscoverClusters`</a> | Search for services in cluster list. If set to `true` service discovery is enabled for all clusters. | false | No |
| <a id="opt-providers-ecs-ecsAnywhere" href="#opt-providers-ecs-ecsAnywhere" title="#opt-providers-ecs-ecsAnywhere">`providers.ecs.ecsAnywhere`</a> | Enable ECS Anywhere support. | false | No |
| <a id="opt-providers-ecs-clusters" href="#opt-providers-ecs-clusters" title="#opt-providers-ecs-clusters">`providers.ecs.clusters`</a> | Search for services in cluster list. This option is ignored if `autoDiscoverClusters` is set to `true`. | `["default"]` | No |
| <a id="opt-providers-ecs-exposedByDefault" href="#opt-providers-ecs-exposedByDefault" title="#opt-providers-ecs-exposedByDefault">`providers.ecs.exposedByDefault`</a> | Expose ECS services by default in Traefik. | true | No |
| <a id="opt-providers-ecs-constraints" href="#opt-providers-ecs-constraints" title="#opt-providers-ecs-constraints">`providers.ecs.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | true | No |
| <a id="opt-providers-ecs-healthyTasksOnly" href="#opt-providers-ecs-healthyTasksOnly" title="#opt-providers-ecs-healthyTasksOnly">`providers.ecs.healthyTasksOnly`</a> | Defines whether Traefik discovers only healthy tasks (`HEALTHY` healthStatus). | false | No |
| <a id="opt-providers-ecs-defaultRule" href="#opt-providers-ecs-defaultRule" title="#opt-providers-ecs-defaultRule">`providers.ecs.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| <a id="opt-providers-ecs-refreshSeconds" href="#opt-providers-ecs-refreshSeconds" title="#opt-providers-ecs-refreshSeconds">`providers.ecs.refreshSeconds`</a> | Defines the polling interval (in seconds). | 15 | No |
| <a id="opt-providers-ecs-region" href="#opt-providers-ecs-region" title="#opt-providers-ecs-region">`providers.ecs.region`</a> | Defines the region of the ECS instance. See [here](#credentials) for more information. | "" | No |
| <a id="opt-providers-ecs-accessKeyID" href="#opt-providers-ecs-accessKeyID" title="#opt-providers-ecs-accessKeyID">`providers.ecs.accessKeyID`</a> | Defines the Access Key ID for the ECS instance. See [here](#credentials) for more information. | "" | No |
| <a id="opt-providers-ecs-secretAccessKey" href="#opt-providers-ecs-secretAccessKey" title="#opt-providers-ecs-secretAccessKey">`providers.ecs.secretAccessKey`</a> | Defines the Secret Access Key for the ECS instance. See [here](#credentials) for more information. | "" | No |
### `constraints`
@@ -103,7 +103,7 @@ providers:
# ...
```
For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#exposedbydefault-and-traefikenable).
### `defaultRule`

8
docs/content/reference/install-configuration/providers/others/file.md
View File

@@ -100,10 +100,10 @@ http:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.file.filename` | Defines the path to the configuration file. | "" | Yes |
| `providers.file.directory` | Defines the path to the directory that contains the configuration files. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`. | "" | Yes |
| `providers.file.watch` | Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. | true | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-file-filename" href="#opt-providers-file-filename" title="#opt-providers-file-filename">`providers.file.filename`</a> | Defines the path to the configuration file. | "" | Yes |
| <a id="opt-providers-file-directory" href="#opt-providers-file-directory" title="#opt-providers-file-directory">`providers.file.directory`</a> | Defines the path to the directory that contains the configuration files. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`. | "" | Yes |
| <a id="opt-providers-file-watch" href="#opt-providers-file-watch" title="#opt-providers-file-watch">`providers.file.watch`</a> | Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. | true | No |
!!! warning "Limitations"

18
docs/content/reference/install-configuration/providers/others/http.md
View File

@@ -30,15 +30,15 @@ providers:
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.http.endpoint` | Defines the HTTP(S) endpoint to poll. | "" | Yes |
| `providers.http.pollInterval` | Defines the polling interval. | 5s | No |
| `providers.http.pollTimeout` | Defines the polling timeout when connecting to the endpoint. | 5s | No |
| `providers.http.headers` | Defines custom headers to be sent to the endpoint. | "" | No |
| `providers.http.tls.ca` | Defines the path to the certificate authority used for the secure connection to the endpoint, it defaults to the system bundle. | "" | No |
| `providers.http.tls.cert` | Defines the path to the public certificate used for the secure connection to the endpoint. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.http.tls.key` | Defines the path to the private key used for the secure connection to the endpoint. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.http.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by endpoint when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-http-endpoint" href="#opt-providers-http-endpoint" title="#opt-providers-http-endpoint">`providers.http.endpoint`</a> | Defines the HTTP(S) endpoint to poll. | "" | Yes |
| <a id="opt-providers-http-pollInterval" href="#opt-providers-http-pollInterval" title="#opt-providers-http-pollInterval">`providers.http.pollInterval`</a> | Defines the polling interval. | 5s | No |
| <a id="opt-providers-http-pollTimeout" href="#opt-providers-http-pollTimeout" title="#opt-providers-http-pollTimeout">`providers.http.pollTimeout`</a> | Defines the polling timeout when connecting to the endpoint. | 5s | No |
| <a id="opt-providers-http-headers" href="#opt-providers-http-headers" title="#opt-providers-http-headers">`providers.http.headers`</a> | Defines custom headers to be sent to the endpoint. | "" | No |
| <a id="opt-providers-http-tls-ca" href="#opt-providers-http-tls-ca" title="#opt-providers-http-tls-ca">`providers.http.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to the endpoint, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-http-tls-cert" href="#opt-providers-http-tls-cert" title="#opt-providers-http-tls-cert">`providers.http.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to the endpoint. When using this option, setting the `key` option is required. | "" | Yes |
| <a id="opt-providers-http-tls-key" href="#opt-providers-http-tls-key" title="#opt-providers-http-tls-key">`providers.http.tls.key`</a> | Defines the path to the private key used for the secure connection to the endpoint. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-http-tls-insecureSkipVerify" href="#opt-providers-http-tls-insecureSkipVerify" title="#opt-providers-http-tls-insecureSkipVerify">`providers.http.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by endpoint when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### headers

28
docs/content/reference/install-configuration/providers/overview.md
View File

@@ -51,20 +51,20 @@ Below is the list of the currently supported providers in Traefik.
| Provider | Type | Configuration Type | Provider Name |
|--------------------------------------------------------------|--------------|----------------------|---------------------|
| [Docker](./docker.md) | Orchestrator | Label | `docker` |
| [Docker Swarm](./swarm.md) | Orchestrator | Label | `swarm` |
| [Kubernetes IngressRoute](./kubernetes/kubernetes-crd.md) | Orchestrator | Custom Resource | `kubernetescrd` |
| [Kubernetes Ingress](./kubernetes/kubernetes-ingress.md) | Orchestrator | Ingress | `kubernetes` |
| [Kubernetes Gateway API](./kubernetes/kubernetes-gateway.md) | Orchestrator | Gateway API Resource | `kubernetesgateway` |
| [Consul Catalog](./hashicorp/consul-catalog.md) | Orchestrator | Label | `consulcatalog` |
| [Nomad](./hashicorp/nomad.md) | Orchestrator | Label | `nomad` |
| [ECS](./others/ecs.md) | Orchestrator | Label | `ecs` |
| [File](./others/file.md) | Manual | YAML/TOML format | `file` |
| [Consul](./hashicorp/consul.md) | KV | KV | `consul` |
| [Etcd](./kv/etcd.md) | KV | KV | `etcd` |
| [ZooKeeper](./kv/zk.md) | KV | KV | `zookeeper` |
| [Redis](./kv/redis.md) | KV | KV | `redis` |
| [HTTP](./others/http.md) | Manual | JSON/YAML format | `http` |
| <a id="opt-Docker" href="#opt-Docker" title="#opt-Docker">[Docker](./docker.md)</a> | Orchestrator | Label | `docker` |
| <a id="opt-Docker-Swarm" href="#opt-Docker-Swarm" title="#opt-Docker-Swarm">[Docker Swarm](./swarm.md)</a> | Orchestrator | Label | `swarm` |
| <a id="opt-Kubernetes-IngressRoute" href="#opt-Kubernetes-IngressRoute" title="#opt-Kubernetes-IngressRoute">[Kubernetes IngressRoute](./kubernetes/kubernetes-crd.md)</a> | Orchestrator | Custom Resource | `kubernetescrd` |
| <a id="opt-Kubernetes-Ingress" href="#opt-Kubernetes-Ingress" title="#opt-Kubernetes-Ingress">[Kubernetes Ingress](./kubernetes/kubernetes-ingress.md)</a> | Orchestrator | Ingress | `kubernetes` |
| <a id="opt-Kubernetes-Gateway-API" href="#opt-Kubernetes-Gateway-API" title="#opt-Kubernetes-Gateway-API">[Kubernetes Gateway API](./kubernetes/kubernetes-gateway.md)</a> | Orchestrator | Gateway API Resource | `kubernetesgateway` |
| <a id="opt-Consul-Catalog" href="#opt-Consul-Catalog" title="#opt-Consul-Catalog">[Consul Catalog](./hashicorp/consul-catalog.md)</a> | Orchestrator | Label | `consulcatalog` |
| <a id="opt-Nomad" href="#opt-Nomad" title="#opt-Nomad">[Nomad](./hashicorp/nomad.md)</a> | Orchestrator | Label | `nomad` |
| <a id="opt-ECS" href="#opt-ECS" title="#opt-ECS">[ECS](./others/ecs.md)</a> | Orchestrator | Label | `ecs` |
| <a id="opt-File" href="#opt-File" title="#opt-File">[File](./others/file.md)</a> | Manual | YAML/TOML format | `file` |
| <a id="opt-Consul" href="#opt-Consul" title="#opt-Consul">[Consul](./hashicorp/consul.md)</a> | KV | KV | `consul` |
| <a id="opt-Etcd" href="#opt-Etcd" title="#opt-Etcd">[Etcd](./kv/etcd.md)</a> | KV | KV | `etcd` |
| <a id="opt-ZooKeeper" href="#opt-ZooKeeper" title="#opt-ZooKeeper">[ZooKeeper](./kv/zk.md)</a> | KV | KV | `zookeeper` |
| <a id="opt-Redis" href="#opt-Redis" title="#opt-Redis">[Redis](./kv/redis.md)</a> | KV | KV | `redis` |
| <a id="opt-HTTP" href="#opt-HTTP" title="#opt-HTTP">[HTTP](./others/http.md)</a> | Manual | JSON/YAML format | `http` |
!!! info "More Providers"

52
docs/content/reference/install-configuration/providers/swarm.md
View File

@@ -45,23 +45,23 @@ services:
| Field | Description | Default | Required |
|:-----------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.swarm.endpoint` | Specifies the Docker API endpoint. See [here](#endpoint) for more information | `unix:///var/run/docker.sock` | Yes |
| `providers.swarm.username` | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No |
| `providers.swarm.password` | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No |
| `providers.swarm.useBindPortIP` | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No |
| `providers.swarm.exposedByDefault` | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No |
| `providers.swarm.network` | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.swarm.network` label. | "" | No |
| `providers.swarm.defaultRule` | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.swarm.refreshSeconds` | Defines the polling interval for Swarm Mode. | "15s" | No |
| `providers.swarm.httpClientTimeout` | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No |
| `providers.swarm.watch` | Instructs Traefik to watch Docker events or not. | True | No |
| `providers.swarm.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.swarm.allowEmptyServices` | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| `providers.swarm.tls.ca` | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No |
| `providers.swarm.tls.cert` | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.swarm.tls.key` | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.swarm.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| <a id="opt-providers-swarm-endpoint" href="#opt-providers-swarm-endpoint" title="#opt-providers-swarm-endpoint">`providers.swarm.endpoint`</a> | Specifies the Docker API endpoint. See [here](#endpoint) for more information | `unix:///var/run/docker.sock` | Yes |
| <a id="opt-providers-swarm-username" href="#opt-providers-swarm-username" title="#opt-providers-swarm-username">`providers.swarm.username`</a> | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No |
| <a id="opt-providers-swarm-password" href="#opt-providers-swarm-password" title="#opt-providers-swarm-password">`providers.swarm.password`</a> | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No |
| <a id="opt-providers-swarm-useBindPortIP" href="#opt-providers-swarm-useBindPortIP" title="#opt-providers-swarm-useBindPortIP">`providers.swarm.useBindPortIP`</a> | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No |
| <a id="opt-providers-swarm-exposedByDefault" href="#opt-providers-swarm-exposedByDefault" title="#opt-providers-swarm-exposedByDefault">`providers.swarm.exposedByDefault`</a> | Expose containers by default through Traefik. See [here](./overview.md#exposedbydefault-and-traefikenable) for additional information | true | No |
| <a id="opt-providers-swarm-network" href="#opt-providers-swarm-network" title="#opt-providers-swarm-network">`providers.swarm.network`</a> | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.swarm.network` label. | "" | No |
| <a id="opt-providers-swarm-defaultRule" href="#opt-providers-swarm-defaultRule" title="#opt-providers-swarm-defaultRule">`providers.swarm.defaultRule`</a> | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No |
| <a id="opt-providers-swarm-refreshSeconds" href="#opt-providers-swarm-refreshSeconds" title="#opt-providers-swarm-refreshSeconds">`providers.swarm.refreshSeconds`</a> | Defines the polling interval for Swarm Mode. | "15s" | No |
| <a id="opt-providers-swarm-httpClientTimeout" href="#opt-providers-swarm-httpClientTimeout" title="#opt-providers-swarm-httpClientTimeout">`providers.swarm.httpClientTimeout`</a> | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No |
| <a id="opt-providers-swarm-watch" href="#opt-providers-swarm-watch" title="#opt-providers-swarm-watch">`providers.swarm.watch`</a> | Instructs Traefik to watch Docker events or not. | True | No |
| <a id="opt-providers-swarm-constraints" href="#opt-providers-swarm-constraints" title="#opt-providers-swarm-constraints">`providers.swarm.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| <a id="opt-providers-swarm-allowEmptyServices" href="#opt-providers-swarm-allowEmptyServices" title="#opt-providers-swarm-allowEmptyServices">`providers.swarm.allowEmptyServices`</a> | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| <a id="opt-providers-swarm-tls-ca" href="#opt-providers-swarm-tls-ca" title="#opt-providers-swarm-tls-ca">`providers.swarm.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No |
| <a id="opt-providers-swarm-tls-cert" href="#opt-providers-swarm-tls-cert" title="#opt-providers-swarm-tls-cert">`providers.swarm.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes |
| <a id="opt-providers-swarm-tls-key" href="#opt-providers-swarm-tls-key" title="#opt-providers-swarm-tls-key">`providers.swarm.tls.key`</a> | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes |
| <a id="opt-providers-swarm-tls-insecureSkipVerify" href="#opt-providers-swarm-tls-insecureSkipVerify" title="#opt-providers-swarm-tls-insecureSkipVerify">`providers.swarm.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `endpoint`
@@ -97,7 +97,7 @@ See the [Docker Swarm API Access](#docker-api-access) section for more informati
```
```bash tab="CLI"
--providers.docker.endpoint=unix:///var/run/docker.sock
--providers.swarm.endpoint=unix:///var/run/docker.sock
# ...
```
@@ -198,13 +198,13 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that
| port label | Container's binding | Routes to |
|--------------------|----------------------------------------------------|----------------|
| - | - | IntIP:IntPort |
| - | ExtPort:IntPort | IntIP:IntPort |
| - | ExtIp:ExtPort:IntPort | ExtIp:ExtPort |
| LblPort | - | IntIp:LblPort |
| LblPort | ExtIp:ExtPort:LblPort | ExtIp:ExtPort |
| LblPort | ExtIp:ExtPort:OtherPort | IntIp:LblPort |
| LblPort | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
| <a id="opt-row" href="#opt-row" title="#opt-row">-</a> | - | IntIP:IntPort |
| <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">-</a> | ExtPort:IntPort | IntIP:IntPort |
| <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">-</a> | ExtIp:ExtPort:IntPort | ExtIp:ExtPort |
| <a id="opt-LblPort" href="#opt-LblPort" title="#opt-LblPort">LblPort</a> | - | IntIp:LblPort |
| <a id="opt-LblPort-2" href="#opt-LblPort-2" title="#opt-LblPort-2">LblPort</a> | ExtIp:ExtPort:LblPort | ExtIp:ExtPort |
| <a id="opt-LblPort-3" href="#opt-LblPort-3" title="#opt-LblPort-3">LblPort</a> | ExtIp:ExtPort:OtherPort | IntIp:LblPort |
| <a id="opt-LblPort-4" href="#opt-LblPort-4" title="#opt-LblPort-4">LblPort</a> | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
!!! info ""
In the above table:
@@ -312,7 +312,7 @@ as well as the usual boolean logic, as shown in examples below.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).
```yaml tab="File (YAML)"
providers:

53
docs/content/reference/install-configuration/tls/certificate-resolvers/acme.md
View File

@@ -73,30 +73,35 @@ certificatesResolvers:
ACME certificate resolvers have the following configuration options:
| Field | Description | Default | Required |
|:--------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------|:---------|
| `acme.email` | Email address used for registration. | "" | Yes |
| `acme.caServer` | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | No |
| `acme.preferredChain` | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. | "" | No |
| `acme.keyType` | KeyType to use. | "RSA4096" | No |
| `acme.eab` | Enable external account binding. | | No |
| `acme.eab.kid` | Key identifier from External CA. | "" | No |
| `acme.eab.hmacEncoded` | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No |
| `acme.certificatesDuration` | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
| `acme.clientTimeout` | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No |
| `acme.clientResponseHeaderTimeout` | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No |
| `acme.dnsChallenge` | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
| `acme.dnsChallenge.provider` | DNS provider to use. | "" | No |
| `acme.dnsChallenge.resolvers` | DNS servers to resolve the FQDN authority. | [] | No |
| `acme.dnsChallenge.propagation.delayBeforeChecks` | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries. | 0s | No |
| `acme.dnsChallenge.propagation.disableChecks` | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding. | false | No |
| `acme.dnsChallenge.propagation.requireAllRNS` | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead. | false | No |
| `acme.dnsChallenge.propagation.disableANSChecks` | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable. | false | No |
| `acme.httpChallenge` | Enable HTTP-01 challenge. More information [here](#httpchallenge). | | No |
| `acme.httpChallenge.entryPoint` | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80 | "" | Yes |
| `acme.httpChallenge.delay` | The delay between the creation of the challenge and the validation. A value lower than or equal to zero means no delay. | 0 | No |
| `acme.tlsChallenge` | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge). | - | No |
| `acme.storage` | File path used for certificates storage. | "acme.json" | Yes |
| Field | Description | Default | Required |
|:------|:------------|:--------|:---------|
| <a id="opt-acme-email" href="#opt-acme-email" title="#opt-acme-email">`acme.email`</a> | Email address used for registration. | "" | Yes |
| <a id="opt-acme-caServer" href="#opt-acme-caServer" title="#opt-acme-caServer">`acme.caServer`</a> | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | No |
| <a id="opt-acme-preferredChain" href="#opt-acme-preferredChain" title="#opt-acme-preferredChain">`acme.preferredChain`</a> | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. | "" | No |
| <a id="opt-acme-keyType" href="#opt-acme-keyType" title="#opt-acme-keyType">`acme.keyType`</a> | KeyType to use. | "RSA4096" | No |
| <a id="opt-acme-profile" href="#opt-acme-profile" title="#opt-acme-profile">`acme.profile`</a> | Certificate profile to use. | "" | No |
| <a id="opt-acme-caCertificates" href="#opt-acme-caCertificates" title="#opt-acme-caCertificates">`acme.caCertificates`</a> | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | [] | No |
| <a id="opt-acme-caSystemCertPool" href="#opt-acme-caSystemCertPool" title="#opt-acme-caSystemCertPool">`acme.caSystemCertPool`</a> | Defines if the certificates pool must use a copy of the system cert pool. | false | No |
| <a id="opt-acme-caServerName" href="#opt-acme-caServerName" title="#opt-acme-caServerName">`acme.caServerName`</a> | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | "" | No |
| <a id="opt-acme-emailAddresses" href="#opt-acme-emailAddresses" title="#opt-acme-emailAddresses">`acme.emailAddresses`</a> | CSR email addresses to use. | "" | No |
| <a id="opt-acme-eab" href="#opt-acme-eab" title="#opt-acme-eab">`acme.eab`</a> | Enable external account binding. | | No |
| <a id="opt-acme-eab-kid" href="#opt-acme-eab-kid" title="#opt-acme-eab-kid">`acme.eab.kid`</a> | Key identifier from External CA. | "" | No |
| <a id="opt-acme-eab-hmacEncoded" href="#opt-acme-eab-hmacEncoded" title="#opt-acme-eab-hmacEncoded">`acme.eab.hmacEncoded`</a> | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No |
| <a id="opt-acme-certificatesDuration" href="#opt-acme-certificatesDuration" title="#opt-acme-certificatesDuration">`acme.certificatesDuration`</a> | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
| <a id="opt-acme-clientTimeout" href="#opt-acme-clientTimeout" title="#opt-acme-clientTimeout">`acme.clientTimeout`</a> | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No |
| <a id="opt-acme-clientResponseHeaderTimeout" href="#opt-acme-clientResponseHeaderTimeout" title="#opt-acme-clientResponseHeaderTimeout">`acme.clientResponseHeaderTimeout`</a> | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No |
| <a id="opt-acme-dnsChallenge" href="#opt-acme-dnsChallenge" title="#opt-acme-dnsChallenge">`acme.dnsChallenge`</a> | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
| <a id="opt-acme-dnsChallenge-provider" href="#opt-acme-dnsChallenge-provider" title="#opt-acme-dnsChallenge-provider">`acme.dnsChallenge.provider`</a> | DNS provider to use. | "" | No |
| <a id="opt-acme-dnsChallenge-resolvers" href="#opt-acme-dnsChallenge-resolvers" title="#opt-acme-dnsChallenge-resolvers">`acme.dnsChallenge.resolvers`</a> | DNS servers to resolve the FQDN authority. | [] | No |
| <a id="opt-acme-dnsChallenge-propagation-delayBeforeChecks" href="#opt-acme-dnsChallenge-propagation-delayBeforeChecks" title="#opt-acme-dnsChallenge-propagation-delayBeforeChecks">`acme.dnsChallenge.propagation.delayBeforeChecks`</a> | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries. | 0s | No |
| <a id="opt-acme-dnsChallenge-propagation-disableChecks" href="#opt-acme-dnsChallenge-propagation-disableChecks" title="#opt-acme-dnsChallenge-propagation-disableChecks">`acme.dnsChallenge.propagation.disableChecks`</a> | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding. | false | No |
| <a id="opt-acme-dnsChallenge-propagation-requireAllRNS" href="#opt-acme-dnsChallenge-propagation-requireAllRNS" title="#opt-acme-dnsChallenge-propagation-requireAllRNS">`acme.dnsChallenge.propagation.requireAllRNS`</a> | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead. | false | No |
| <a id="opt-acme-dnsChallenge-propagation-disableANSChecks" href="#opt-acme-dnsChallenge-propagation-disableANSChecks" title="#opt-acme-dnsChallenge-propagation-disableANSChecks">`acme.dnsChallenge.propagation.disableANSChecks`</a> | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable. | false | No |
| <a id="opt-acme-httpChallenge" href="#opt-acme-httpChallenge" title="#opt-acme-httpChallenge">`acme.httpChallenge`</a> | Enable HTTP-01 challenge. More information [here](#httpchallenge). | | No |
| <a id="opt-acme-httpChallenge-entryPoint" href="#opt-acme-httpChallenge-entryPoint" title="#opt-acme-httpChallenge-entryPoint">`acme.httpChallenge.entryPoint`</a> | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80 | "" | Yes |
| <a id="opt-acme-httpChallenge-delay" href="#opt-acme-httpChallenge-delay" title="#opt-acme-httpChallenge-delay">`acme.httpChallenge.delay`</a> | The delay between the creation of the challenge and the validation. A value lower than or equal to zero means no delay. | 0 | No |
| <a id="opt-acme-tlsChallenge" href="#opt-acme-tlsChallenge" title="#opt-acme-tlsChallenge">`acme.tlsChallenge`</a> | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge). | - | No |
| <a id="opt-acme-storage" href="#opt-acme-storage" title="#opt-acme-storage">`acme.storage`</a> | File path used for certificates storage. | "acme.json" | Yes |
## Automatic Certificate Renewal

2
docs/content/reference/install-configuration/tls/ocsp.md
View File

@@ -67,5 +67,5 @@ ocsp:
```bash tab="CLI"
## Static configuration
-ocsp.responderoverrides.foo=bar
--ocsp.responderoverrides.foo=bar
```

2
docs/content/reference/install-configuration/tls/spiffe.md
View File

@@ -44,7 +44,7 @@ spiffe:
## ServersTransport
Enabling SPIFFE does not imply that backend connections are going to use it automatically.
Each [ServersTransport](../../../routing/services/index.md#serverstransport_1) or [TCPServersTransport](../../../routing/services/index.md#serverstransport_2), that is meant to be secured with SPIFFE, must explicitly enable it (see [SPIFFE with ServersTransport](../../../routing/services/index.md#spiffe) or [SPIFFE with TCPServersTransport](../../../routing/services/index.md#spiffe_1)).
Each [ServersTransport](../../routing-configuration/http/load-balancing/serverstransport.md) or [TCPServersTransport](../../routing-configuration/tcp/serverstransport.md), that is meant to be secured with SPIFFE, must explicitly enable it (see [SPIFFE with ServersTransport](../../routing-configuration/http/load-balancing/serverstransport.md#opt-spiffe) or [SPIFFE with TCPServersTransport](../../routing-configuration/tcp/serverstransport.md#opt-serverstransport-spiffe)).
### Configuration Example

33
docs/content/reference/routing-configuration/http/load-balancing/serverstransport.md
View File

@@ -94,19 +94,20 @@ labels:
## Configuration Options
| Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------|
| `serverName` | Configures the server name that will be used as the SNI. | "" | No |
| `certificates` | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | [] | No |
| `insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No |
| `rootcas` | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | [] | No |
| `maxIdleConnsPerHost` | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
| `disableHTTP2` | Disables HTTP/2 for connections with servers. | false | No |
| `peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
| `forwardingTimeouts.dialTimeout` | Amount of time to wait until a connection to a server can be established.<br />0 = no timeout | 30s | No |
| `forwardingTimeouts.responseHeaderTimeout` | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />0 = no timeout | 0s | No |
| `forwardingTimeouts.idleConnTimeout` | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />0 = no timeout | 90s | No |
| `forwardingTimeouts.readIdleTimeout` | Defines the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. | 0s | No |
| `forwardingTimeouts.pingTimeout` | Defines the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. | 15s | No |
| `spiffe.ids` | Defines the allowed SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | [] | No |
| `spiffe.trustDomain` | Defines the SPIFFE trust domain. | "" | No |
| Field | Description | Default | Required |
|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| <a id="opt-serverName" href="#opt-serverName" title="#opt-serverName">`serverName`</a> | Configures the server name that will be used as the SNI. | "" | No |
| <a id="opt-certificates" href="#opt-certificates" title="#opt-certificates">`certificates`</a> | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | [] | No |
| <a id="opt-insecureSkipVerify" href="#opt-insecureSkipVerify" title="#opt-insecureSkipVerify">`insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
| <a id="opt-rootcas" href="#opt-rootcas" title="#opt-rootcas">`rootcas`</a> | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | [] | No |
| <a id="opt-maxIdleConnsPerHost" href="#opt-maxIdleConnsPerHost" title="#opt-maxIdleConnsPerHost">`maxIdleConnsPerHost`</a> | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
| <a id="opt-disableHTTP2" href="#opt-disableHTTP2" title="#opt-disableHTTP2">`disableHTTP2`</a> | Disables HTTP/2 for connections with servers. | false | No |
| <a id="opt-peerCertURI" href="#opt-peerCertURI" title="#opt-peerCertURI">`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
| <a id="opt-forwardingTimeouts-dialTimeout" href="#opt-forwardingTimeouts-dialTimeout" title="#opt-forwardingTimeouts-dialTimeout">`forwardingTimeouts.dialTimeout`</a> | Amount of time to wait until a connection to a server can be established.<br />0 = no timeout | 30s | No |
| <a id="opt-forwardingTimeouts-responseHeaderTimeout" href="#opt-forwardingTimeouts-responseHeaderTimeout" title="#opt-forwardingTimeouts-responseHeaderTimeout">`forwardingTimeouts.responseHeaderTimeout`</a> | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />0 = no timeout | 0s | No |
| <a id="opt-forwardingTimeouts-idleConnTimeout" href="#opt-forwardingTimeouts-idleConnTimeout" title="#opt-forwardingTimeouts-idleConnTimeout">`forwardingTimeouts.idleConnTimeout`</a> | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />0 = no timeout | 90s | No |
| <a id="opt-forwardingTimeouts-readIdleTimeout" href="#opt-forwardingTimeouts-readIdleTimeout" title="#opt-forwardingTimeouts-readIdleTimeout">`forwardingTimeouts.readIdleTimeout`</a> | Defines the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. | 0s | No |
| <a id="opt-forwardingTimeouts-pingTimeout" href="#opt-forwardingTimeouts-pingTimeout" title="#opt-forwardingTimeouts-pingTimeout">`forwardingTimeouts.pingTimeout`</a> | Defines the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. | 15s | No |
| <a id="opt-spiffe" href="#opt-spiffe" title="#opt-spiffe">`spiffe`</a> | Defines the SPIFFE configuration. An empty `spiffe` section enables SPIFFE (that allows any SPIFFE ID). | | No |
| <a id="opt-spiffe-ids" href="#opt-spiffe-ids" title="#opt-spiffe-ids">`spiffe.ids`</a> | Defines the allowed SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | [] | No |
| <a id="opt-spiffe-trustDomain" href="#opt-spiffe-trustDomain" title="#opt-spiffe-trustDomain">`spiffe.trustDomain`</a> | Defines the SPIFFE trust domain. | "" | No |

51
docs/content/reference/routing-configuration/http/load-balancing/service.md
View File

@@ -3,13 +3,16 @@ title: "Traefik HTTP Services Documentation"
description: "A service is in charge of connecting incoming requests to the Servers that can handle them. Read the technical documentation."
---
Traefik services define how to distribute incoming traffic across your backend servers.
Each service implements one of the load balancing strategies detailed on this page to ensure optimal traffic distribution and high availability.
## Service Load Balancer
The load balancers are able to load balance the requests between multiple instances of your programs.
Each service has a load-balancer, even if there is only one server to forward traffic to.
## Configuration Example
### Configuration Example
```yaml tab="Structured (YAML)"
http:
@@ -89,13 +92,13 @@ labels:
| Field | Description | Required |
|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
| `servers` | Represents individual backend instances for your service | Yes |
| `sticky` | Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. | No |
| `healthcheck` | Configures health check to remove unhealthy servers from the load balancing rotation. | No |
| `passHostHeader` | Allows forwarding of the client Host header to server. By default, `passHostHeader` is true. | No |
| `serversTransport` | Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used. | No |
| `responseForwarding` | Configures how Traefik forwards the response from the backend server to the client. | No |
| `responseForwarding.FlushInterval` | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No |
| <a id="opt-servers" href="#opt-servers" title="#opt-servers">`servers`</a> | Represents individual backend instances for your service | Yes |
| <a id="opt-sticky" href="#opt-sticky" title="#opt-sticky">`sticky`</a> | Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. | No |
| <a id="opt-healthcheck" href="#opt-healthcheck" title="#opt-healthcheck">`healthcheck`</a> | Configures health check to remove unhealthy servers from the load balancing rotation. | No |
| <a id="opt-passHostHeader" href="#opt-passHostHeader" title="#opt-passHostHeader">`passHostHeader`</a> | Allows forwarding of the client Host header to server. By default, `passHostHeader` is true. | No |
| <a id="opt-serversTransport" href="#opt-serversTransport" title="#opt-serversTransport">`serversTransport`</a> | Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used. | No |
| <a id="opt-responseForwarding" href="#opt-responseForwarding" title="#opt-responseForwarding">`responseForwarding`</a> | Configures how Traefik forwards the response from the backend server to the client. | No |
| <a id="opt-responseForwarding-FlushInterval" href="#opt-responseForwarding-FlushInterval" title="#opt-responseForwarding-FlushInterval">`responseForwarding.FlushInterval`</a> | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No |
#### Servers
@@ -105,9 +108,9 @@ Servers represent individual backend instances for your service. The [service lo
| Field | Description | Required |
|----------------|----------------------------------------------------|----------------------------------------------------------------------------------|
| `url` | Points to a specific instance. | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) |
| `weight` | Allows for weighted load balancing on the servers. | No |
| `preservePath` | Allows to preserve the URL path. | No |
| <a id="opt-url" href="#opt-url" title="#opt-url">`url`</a> | Points to a specific instance. | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) |
| <a id="opt-weight" href="#opt-weight" title="#opt-weight">`weight`</a> | Allows for weighted load balancing on the servers. | No |
| <a id="opt-preservePath" href="#opt-preservePath" title="#opt-preservePath">`preservePath`</a> | Allows to preserve the URL path. | No |
#### Health Check
@@ -119,19 +122,19 @@ Below are the available options for the health check mechanism:
| Field | Description | Default | Required |
|---------------------|-------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| `path` | Defines the server URL path for the health check endpoint. | "" | Yes |
| `scheme` | Replaces the server URL scheme for the health check endpoint. | | No |
| `mode` | If defined to `grpc`, will use the gRPC health check protocol to probe the server. | http | No |
| `hostname` | Defines the value of hostname in the Host header of the health check request. | "" | No |
| `port` | Replaces the server URL port for the health check endpoint. | | No |
| `interval` | Defines the frequency of the health check calls for healthy targets. | 30s | No |
| `unhealthyInterval` | Defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value. | 30s | No |
| `timeout` | Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. | 5s | No |
| `headers` | Defines custom headers to be sent to the health check endpoint. | | No |
| `followRedirects` | Defines whether redirects should be followed during the health check calls. | true | No |
| `hostname` | Defines the value of hostname in the Host header of the health check request. | "" | No |
| `method` | Defines the HTTP method that will be used while connecting to the endpoint. | GET | No |
| `status` | Defines the expected HTTP status code of the response to the health check request. | | No |
| <a id="opt-path" href="#opt-path" title="#opt-path">`path`</a> | Defines the server URL path for the health check endpoint. | "" | Yes |
| <a id="opt-scheme" href="#opt-scheme" title="#opt-scheme">`scheme`</a> | Replaces the server URL scheme for the health check endpoint. | | No |
| <a id="opt-mode" href="#opt-mode" title="#opt-mode">`mode`</a> | If defined to `grpc`, will use the gRPC health check protocol to probe the server. | http | No |
| <a id="opt-hostname" href="#opt-hostname" title="#opt-hostname">`hostname`</a> | Defines the value of hostname in the Host header of the health check request. | "" | No |
| <a id="opt-port" href="#opt-port" title="#opt-port">`port`</a> | Replaces the server URL port for the health check endpoint. | | No |
| <a id="opt-interval" href="#opt-interval" title="#opt-interval">`interval`</a> | Defines the frequency of the health check calls for healthy targets. | 30s | No |
| <a id="opt-unhealthyInterval" href="#opt-unhealthyInterval" title="#opt-unhealthyInterval">`unhealthyInterval`</a> | Defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value. | 30s | No |
| <a id="opt-timeout" href="#opt-timeout" title="#opt-timeout">`timeout`</a> | Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. | 5s | No |
| <a id="opt-headers" href="#opt-headers" title="#opt-headers">`headers`</a> | Defines custom headers to be sent to the health check endpoint. | | No |
| <a id="opt-followRedirects" href="#opt-followRedirects" title="#opt-followRedirects">`followRedirects`</a> | Defines whether redirects should be followed during the health check calls. | true | No |
| <a id="opt-hostname-2" href="#opt-hostname-2" title="#opt-hostname-2">`hostname`</a> | Defines the value of hostname in the Host header of the health check request. | "" | No |
| <a id="opt-method" href="#opt-method" title="#opt-method">`method`</a> | Defines the HTTP method that will be used while connecting to the endpoint. | GET | No |
| <a id="opt-status" href="#opt-status" title="#opt-status">`status`</a> | Defines the expected HTTP status code of the response to the health check request. | | No |
#### Sticky sessions

2
docs/content/reference/routing-configuration/http/middlewares/addprefix.md
View File

@@ -54,4 +54,4 @@ spec:
| Field | Description | Default | Required |
|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `prefix` | String to add **before** the current path in the requested URL. It should include a leading slash (`/`). | "" | Yes |
| <a id="opt-prefix" href="#opt-prefix" title="#opt-prefix">`prefix`</a> | String to add **before** the current path in the requested URL. It should include a leading slash (`/`). | "" | Yes |

12
docs/content/reference/routing-configuration/http/middlewares/apikey.md
View File

@@ -46,11 +46,11 @@ stringData:
| Field | Description | Default | Required |
|:-----------------------------|:------------------------------------------------|:--------|:---------|
| `keySource.header` | Defines the header name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| `keySource.headerAuthScheme` | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax). | "" | No |
| `keySource.query` | Defines the query parameter name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| `keySource.cookie` | Defines the cookie name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| `secretNonBase64Encoded` | Defines whether the secret sent by the client is base64 encoded. | false | No |
| `secretValues` | Contain the hash of the API keys. <br /> Supported hashing algorithms are Bcrypt, SHA1 and MD5. <br /> The hash should be generated using `htpasswd`.<br />Can reference a Kubernetes Secret using the URN format: `urn:k8s:secret:[name]:[valueKey]` | [] | Yes |
| <a id="opt-keySource-header" href="#opt-keySource-header" title="#opt-keySource-header">`keySource.header`</a> | Defines the header name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| <a id="opt-keySource-headerAuthScheme" href="#opt-keySource-headerAuthScheme" title="#opt-keySource-headerAuthScheme">`keySource.headerAuthScheme`</a> | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax). | "" | No |
| <a id="opt-keySource-query" href="#opt-keySource-query" title="#opt-keySource-query">`keySource.query`</a> | Defines the query parameter name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| <a id="opt-keySource-cookie" href="#opt-keySource-cookie" title="#opt-keySource-cookie">`keySource.cookie`</a> | Defines the cookie name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| <a id="opt-secretNonBase64Encoded" href="#opt-secretNonBase64Encoded" title="#opt-secretNonBase64Encoded">`secretNonBase64Encoded`</a> | Defines whether the secret sent by the client is base64 encoded. | false | No |
| <a id="opt-secretValues" href="#opt-secretValues" title="#opt-secretValues">`secretValues`</a> | Contain the hash of the API keys. <br /> Supported hashing algorithms are Bcrypt, SHA1 and MD5. <br /> The hash should be generated using `htpasswd`.<br />Can reference a Kubernetes Secret using the URN format: `urn:k8s:secret:[name]:[valueKey]` | [] | Yes |
{!traefik-for-business-applications.md!}

10
docs/content/reference/routing-configuration/http/middlewares/basicauth.md
View File

@@ -64,11 +64,11 @@ spec:
| Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `users` | Array of authorized users. Each user must be declared using the `name:hashed-password` format. (More information [here](#users))| "" | No |
| `usersFile` | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:hashed-password`. (More information [here](#usersfile)) | "" | No |
| `realm` | Allow customizing the realm for the authentication.| "traefik" | No |
| `headerField` | Allow defining a header field to store the authenticated user.| "" | No |
| `removeHeader` | Allow removing the authorization header before forwarding the request to your service. | false | No |
| <a id="opt-users" href="#opt-users" title="#opt-users">`users`</a> | Array of authorized users. Each user must be declared using the `name:hashed-password` format. (More information [here](#users-usersfile))| "" | No |
| <a id="opt-usersFile" href="#opt-usersFile" title="#opt-usersFile">`usersFile`</a> | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:hashed-password`. (More information [here](#users-usersfile)) | "" | No |
| <a id="opt-realm" href="#opt-realm" title="#opt-realm">`realm`</a> | Allow customizing the realm for the authentication.| "traefik" | No |
| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Allow defining a header field to store the authenticated user.| "" | No |
| <a id="opt-removeHeader" href="#opt-removeHeader" title="#opt-removeHeader">`removeHeader`</a> | Allow removing the authorization header before forwarding the request to your service. | false | No |
### Passwords format

10
docs/content/reference/routing-configuration/http/middlewares/buffering.md
View File

@@ -58,11 +58,11 @@ spec:
| Field | Description | Default | Required |
|:------|:------------|:--------|:---------|
| `maxRequestBodyBytes` | Maximum allowed body size for the request (in bytes). <br /> If the request exceeds the allowed size, it is not forwarded to the Service, and the client gets a `413` (Request Entity Too Large) response. | 0 | No |
| `memRequestBodyBytes` | Threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.| 1048576 | No |
| `maxResponseBodyBytes` | Maximum allowed response size from the Service (in bytes). <br /> If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead. | 0 | No |
| `memResponseBodyBytes` | Threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.| 1048576 | No |
| `retryExpression` | Replay the request using `retryExpression`.<br /> More information [here](#retryexpression). | "" | No |
| <a id="opt-maxRequestBodyBytes" href="#opt-maxRequestBodyBytes" title="#opt-maxRequestBodyBytes">`maxRequestBodyBytes`</a> | Maximum allowed body size for the request (in bytes). <br /> If the request exceeds the allowed size, it is not forwarded to the Service, and the client gets a `413` (Request Entity Too Large) response. | 0 | No |
| <a id="opt-memRequestBodyBytes" href="#opt-memRequestBodyBytes" title="#opt-memRequestBodyBytes">`memRequestBodyBytes`</a> | Threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.| 1048576 | No |
| <a id="opt-maxResponseBodyBytes" href="#opt-maxResponseBodyBytes" title="#opt-maxResponseBodyBytes">`maxResponseBodyBytes`</a> | Maximum allowed response size from the Service (in bytes). <br /> If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead. | 0 | No |
| <a id="opt-memResponseBodyBytes" href="#opt-memResponseBodyBytes" title="#opt-memResponseBodyBytes">`memResponseBodyBytes`</a> | Threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.| 1048576 | No |
| <a id="opt-retryExpression" href="#opt-retryExpression" title="#opt-retryExpression">`retryExpression`</a> | Replay the request using `retryExpression`.<br /> More information [here](#retryexpression). | "" | No |
### retryExpression

2
docs/content/reference/routing-configuration/http/middlewares/chain.md
View File

@@ -168,4 +168,4 @@ spec:
| Field | Description | Default | Required |
|:------|:------------|:--------|:---------|
| `middlewares` | List of middlewares to chain.<br /> The middlewares have to be in the same namespace as the `chain` middleware. | [] | Yes |
| <a id="opt-middlewares" href="#opt-middlewares" title="#opt-middlewares">`middlewares`</a> | List of middlewares to chain.<br /> The middlewares have to be in the same namespace as the `chain` middleware. | [] | Yes |

16
docs/content/reference/routing-configuration/http/middlewares/circuitbreaker.md
View File

@@ -65,11 +65,11 @@ spec:
| Field | Description | Default | Required |
|:------|:------------|:--------|:---------|
| `expression` | Condition to open the circuit breaker and applies the fallback mechanism instead of calling your services.<br />More information [here](#expression) | 100ms | No |
| `checkPeriod` | The interval between successive checks of the circuit breaker condition (when in standby state). | 100ms | No |
| `fallbackDuration` | The duration for which the circuit breaker will wait before trying to recover (from a tripped state). | 10s | No |
| `recoveryDuration` | The duration for which the circuit breaker will try to recover (as soon as it is in recovering state). | 10s | No |
| `responseCode` | The status code that the circuit breaker will return while it is in the open state. | 503 | No |
| <a id="opt-expression" href="#opt-expression" title="#opt-expression">`expression`</a> | Condition to open the circuit breaker and applies the fallback mechanism instead of calling your services.<br />More information [here](#expression) | 100ms | No |
| <a id="opt-checkPeriod" href="#opt-checkPeriod" title="#opt-checkPeriod">`checkPeriod`</a> | The interval between successive checks of the circuit breaker condition (when in standby state). | 100ms | No |
| <a id="opt-fallbackDuration" href="#opt-fallbackDuration" title="#opt-fallbackDuration">`fallbackDuration`</a> | The duration for which the circuit breaker will wait before trying to recover (from a tripped state). | 10s | No |
| <a id="opt-recoveryDuration" href="#opt-recoveryDuration" title="#opt-recoveryDuration">`recoveryDuration`</a> | The duration for which the circuit breaker will try to recover (as soon as it is in recovering state). | 10s | No |
| <a id="opt-responseCode" href="#opt-responseCode" title="#opt-responseCode">`responseCode`</a> | The status code that the circuit breaker will return while it is in the open state. | 503 | No |
### expression
@@ -77,9 +77,9 @@ The `expression` option can check three different metrics:
| Metrics | Description | Example |
|:------|:------------|:--------|
| `NetworkErrorRatio` | The network error ratio to open the circuit breaker. | `NetworkErrorRatio() > 0.30` opens the circuit breaker at a 30% ratio of network errors |
| `ResponseCodeRatio` | The status code ratio to open the circuit breaker.<br />More information [below](#responsecoderatio) | `ResponseCodeRatio(500, 600, 0, 600) > 0.25` opens the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX) |
| `LatencyAtQuantileMS` | The latency at a quantile in milliseconds to open the circuit breaker when a given proportion of your requests become too slow.<br /> Only floating point number (with the trailing .0) for the quantile value. | `LatencyAtQuantileMS(50.0) > 100` opens the circuit breaker when the median latency (quantile 50) reaches 100ms. |
| <a id="opt-NetworkErrorRatio" href="#opt-NetworkErrorRatio" title="#opt-NetworkErrorRatio">`NetworkErrorRatio`</a> | The network error ratio to open the circuit breaker. | `NetworkErrorRatio() > 0.30` opens the circuit breaker at a 30% ratio of network errors |
| <a id="opt-ResponseCodeRatio" href="#opt-ResponseCodeRatio" title="#opt-ResponseCodeRatio">`ResponseCodeRatio`</a> | The status code ratio to open the circuit breaker.<br />More information [below](#responsecoderatio) | `ResponseCodeRatio(500, 600, 0, 600) > 0.25` opens the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX) |
| <a id="opt-LatencyAtQuantileMS" href="#opt-LatencyAtQuantileMS" title="#opt-LatencyAtQuantileMS">`LatencyAtQuantileMS`</a> | The latency at a quantile in milliseconds to open the circuit breaker when a given proportion of your requests become too slow.<br /> Only floating point number (with the trailing .0) for the quantile value. | `LatencyAtQuantileMS(50.0) > 100` opens the circuit breaker when the median latency (quantile 50) reaches 100ms. |
#### ResponseCodeRatio

10
docs/content/reference/routing-configuration/http/middlewares/compress.md
View File

@@ -51,11 +51,11 @@ spec:
| Field | Description | Default | Required |
|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
|`excludedContentTypes` | List of content types to compare the `Content-Type` header of the incoming requests and responses before compressing. <br /> The responses with content types defined in `excludedContentTypes` are not compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner. <br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
|`defaultEncoding` | specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). | "" | No |
|`encodings` | Specifies the list of supported compression encodings. At least one encoding value must be specified, and valid entries are `zstd` (Zstandard), `br` (Brotli), and `gzip` (Gzip). The order of the list also sets the priority, the top entry has the highest priority. | zstd, br, gzip | No |
| `includedContentTypes` | List of content types to compare the `Content-Type` header of the responses before compressing. <br /> The responses with content types defined in `includedContentTypes` are compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner.<br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
| `minResponseBodyBytes` | `Minimum amount of bytes a response body must have to be compressed. <br />Responses smaller than the specified values will **not** be compressed. | 1024 | No |
| <a id="opt-excludedContentTypes" href="#opt-excludedContentTypes" title="#opt-excludedContentTypes">`excludedContentTypes`</a> | List of content types to compare the `Content-Type` header of the incoming requests and responses before compressing. <br /> The responses with content types defined in `excludedContentTypes` are not compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner. <br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
| <a id="opt-defaultEncoding" href="#opt-defaultEncoding" title="#opt-defaultEncoding">`defaultEncoding`</a> | specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). | "" | No |
| <a id="opt-encodings" href="#opt-encodings" title="#opt-encodings">`encodings`</a> | Specifies the list of supported compression encodings. At least one encoding value must be specified, and valid entries are `zstd` (Zstandard), `br` (Brotli), and `gzip` (Gzip). The order of the list also sets the priority, the top entry has the highest priority. | gzip, br, zstd | No |
| <a id="opt-includedContentTypes" href="#opt-includedContentTypes" title="#opt-includedContentTypes">`includedContentTypes`</a> | List of content types to compare the `Content-Type` header of the responses before compressing. <br /> The responses with content types defined in `includedContentTypes` are compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner.<br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
| <a id="opt-minResponseBodyBytes" href="#opt-minResponseBodyBytes" title="#opt-minResponseBodyBytes">`minResponseBodyBytes`</a> | `Minimum amount of bytes a response body must have to be compressed. <br />Responses smaller than the specified values will **not** be compressed. | 1024 | No |
## Compression activation

10
docs/content/reference/routing-configuration/http/middlewares/digestauth.md
View File

@@ -59,11 +59,11 @@ spec:
| Field | Description | Default | Required |
|:-----------|:---------------------------------------------------------------------------------|:--------|:---------|
| `users` | Array of authorized users. Each user must be declared using the `name:realm:encoded-password` format.<br /> The option `users` supports Kubernetes secrets.<br />(More information [here](#users--usersfile))| [] | No |
| `usersFile` | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:realm:encoded-password`. (More information [here](#users--usersfile)) | "" | No |
| `realm` | Allow customizing the realm for the authentication.| "traefik" | No |
| `headerField` | Allow defining a header field to store the authenticated user.| "" | No |
| `removeHeader` | Allow removing the authorization header before forwarding the request to your service. | false | No |
| <a id="opt-users" href="#opt-users" title="#opt-users">`users`</a> | Array of authorized users. Each user must be declared using the `name:realm:encoded-password` format.<br /> The option `users` supports Kubernetes secrets.<br />(More information [here](#users--usersfile))| [] | No |
| <a id="opt-usersFile" href="#opt-usersFile" title="#opt-usersFile">`usersFile`</a> | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:realm:encoded-password`. (More information [here](#users--usersfile)) | "" | No |
| <a id="opt-realm" href="#opt-realm" title="#opt-realm">`realm`</a> | Allow customizing the realm for the authentication.| "traefik" | No |
| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Allow defining a header field to store the authenticated user.| "" | No |
| <a id="opt-removeHeader" href="#opt-removeHeader" title="#opt-removeHeader">`removeHeader`</a> | Allow removing the authorization header before forwarding the request to your service. | false | No |
### Passwords format

181
docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md Normal file
View File

@@ -0,0 +1,181 @@
---
title: "Distributed RateLimit"
description: "Traefik Hub API Gateway - The Distributed RateLimit middleware ensures Services receive fair amounts of requests throughout your cluster and not only on an individual proxy."
---
!!! info "Traefik Hub Feature"
This middleware is available exclusively in [Traefik Hub](https://traefik.io/traefik-hub/). Learn more about [Traefik Hub's advanced features](https://doc.traefik.io/traefik-hub/api-gateway/intro).
The Distributed RateLimit middleware ensures that requests are limited over time throughout your cluster and not only on an individual proxy.
It is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) implementation.
---
## Configuration Example
Below is an advanced configuration that enables the Distributed RateLimit middleware with Redis backend for cluster-wide rate limiting.
```yaml tab="Middleware Distributed Rate Limit"
# Here, a limit of 100 requests per second is allowed.
# In addition, a burst of 200 requests is allowed.
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-distributedratelimit
namespace: traefik
spec:
plugin:
distributedRateLimit:
burst: 200
denyOnError: false
limit: 100
period: 1s
responseHeaders: true
sourceCriterion:
ipStrategy:
excludedIPs:
- 172.20.176.201
store:
redis:
endpoints:
- my-release-redis-master.default.svc.cluster.local:6379
# Use the field password of the Secret redis in the same namespace
password: urn:k8s:secret:redis:password
timeout: 500ms
```
```yaml tab="Kubernetes Secret"
apiVersion: v1
kind: Secret
metadata:
name: redis
namespace: traefik
stringData:
password: mysecret12345678
```
## Rate and Burst
The rate is defined by dividing `limit` by `period`.
For a rate below 1 req/s, define a `period` larger than a second
The middleware is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) implementation.
In this analogy, the `limit` and `period` parameters define the **rate** at which the bucket refills, and the `burst` is the size (volume) of the bucket.
```yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
plugin:
distributedRateLimit:
burst: 100
period: 1m
limit: 6
```
In the example above, the middleware allows up to 100 connections in parallel (`burst`).
Each connection consume a token, once the 100 tokens are consumed, the other ones are blocked until at least one token is available in the bucket.
When the bucket is not full, on token is generated every 10 seconds (6 every 1 minutes (`period` / `limit`)).
## Configuration Options
| Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| <a id="opt-limit" href="#opt-limit" title="#opt-limit">`limit`</a> | Number of requests used to define the rate using the `period`.<br /> 0 means **no rate limiting**.<br />More information [here](#rate-and-burst).| 0 | No |
| <a id="opt-period" href="#opt-period" title="#opt-period">`period`</a> | Period of time used to define the rate.<br />More information [here](#rate-and-burst).| 1s | No |
| <a id="opt-burst" href="#opt-burst" title="#opt-burst">`burst`</a> | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst). | 1 | No |
| <a id="opt-denyOnError" href="#opt-denyOnError" title="#opt-denyOnError">`denyOnError`</a> | Forces to return a 429 error if the number of remaining requests accepted cannot be get.<br /> Set to `false`, this option allows the request to reach the backend. | true | No |
| <a id="opt-responseHeaders" href="#opt-responseHeaders" title="#opt-responseHeaders">`responseHeaders`</a> | Injects the following rate limiting headers in the response:<br />- `X-Rate-Limit-Remaining`<br />- `X-Rate-Limit-Limit`<br />- `X-Rate-Limit-Period`<br />- `X-Rate-Limit-Reset`<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
| <a id="opt-store-redis-endpoints" href="#opt-store-redis-endpoints" title="#opt-store-redis-endpoints">`store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes |
| <a id="opt-store-redis-username" href="#opt-store-redis-username" title="#opt-store-redis-username">`store.redis.username`</a> | The username Traefik Hub will use to connect to Redis | "" | No |
| <a id="opt-store-redis-password" href="#opt-store-redis-password" title="#opt-store-redis-password">`store.redis.password`</a> | The password Traefik Hub will use to connect to Redis | "" | No |
| <a id="opt-store-redis-database" href="#opt-store-redis-database" title="#opt-store-redis-database">`store.redis.database`</a> | The database Traefik Hub will use to sore information (default: `0`) | "" | No |
| <a id="opt-store-redis-cluster" href="#opt-store-redis-cluster" title="#opt-store-redis-cluster">`store.redis.cluster`</a> | Enable Redis Cluster | "" | No |
| <a id="opt-store-redis-tls-caBundle" href="#opt-store-redis-tls-caBundle" title="#opt-store-redis-tls-caBundle">`store.redis.tls.caBundle`</a> | Custom CA bundle | "" | No |
| <a id="opt-store-redis-tls-cert" href="#opt-store-redis-tls-cert" title="#opt-store-redis-tls-cert">`store.redis.tls.cert`</a> | TLS certificate | "" | No |
| <a id="opt-store-redis-tls-key" href="#opt-store-redis-tls-key" title="#opt-store-redis-tls-key">`store.redis.tls.key`</a> | TLS key | "" | No |
| <a id="opt-store-redis-tls-insecureSkipVerify" href="#opt-store-redis-tls-insecureSkipVerify" title="#opt-store-redis-tls-insecureSkipVerify">`store.redis.tls.insecureSkipVerify`</a> | Allow skipping the TLS verification | "" | No |
| <a id="opt-store-redis-sentinel-masterSet" href="#opt-store-redis-sentinel-masterSet" title="#opt-store-redis-sentinel-masterSet">`store.redis.sentinel.masterSet`</a> | Name of the set of main nodes to use for main selection. Required when using Sentinel. | "" | No |
| <a id="opt-store-redis-sentinel-username" href="#opt-store-redis-sentinel-username" title="#opt-store-redis-sentinel-username">`store.redis.sentinel.username`</a> | Username to use for sentinel authentication (can be different from `username`) | "" | No |
| <a id="opt-store-redis-sentinel-password" href="#opt-store-redis-sentinel-password" title="#opt-store-redis-sentinel-password">`store.redis.sentinel.password`</a> | Password to use for sentinel authentication (can be different from `password`) | "" | No |
| <a id="opt-sourceCriterion-requestHost" href="#opt-sourceCriterion-requestHost" title="#opt-sourceCriterion-requestHost">`sourceCriterion.requestHost`</a> | Whether to consider the request host as the source.<br />More information about `sourceCriterion`[here](#sourcecriterion). | false | No |
| <a id="opt-sourceCriterion-requestHeaderName" href="#opt-sourceCriterion-requestHeaderName" title="#opt-sourceCriterion-requestHeaderName">`sourceCriterion.requestHeaderName`</a> | Name of the header used to group incoming requests.<br />More information about `sourceCriterion`[here](#sourcecriterion). | "" | No |
| <a id="opt-sourceCriterion-ipStrategy-depth" href="#opt-sourceCriterion-ipStrategy-depth" title="#opt-sourceCriterion-ipStrategy-depth">`sourceCriterion.ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`depth`](#sourcecriterionipstrategydepth) below. | 0 | No |
| <a id="opt-sourceCriterion-ipStrategy-excludedIPs" href="#opt-sourceCriterion-ipStrategy-excludedIPs" title="#opt-sourceCriterion-ipStrategy-excludedIPs">`sourceCriterion.ipStrategy.excludedIPs`</a> | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`excludedIPs`](#sourcecriterionipstrategyexcludedips) below. | | No |
### sourceCriterion
The `sourceCriterion` option defines what criterion is used to group requests as originating from a common source.
If several strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote address field (as an `ipStrategy`).
### ipStrategy
The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
As a middleware, rate-limiting happens before the actual proxying to the backend takes place.
In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, that is after it has already passed through rate-limiting.
Therefore, during rate-limiting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be found and/or relied upon.
### sourceCriterion.ipStrategy.depth
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).
| `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------|
| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### sourceCriterion.ipStrategy.excludedIPs
Contrary to what the name might suggest, this option is *not* about excluding an IP from the rate limiter, and therefore cannot be used to deactivate rate limiting for some IPs.
`excludedIPs` is meant to address two classes of somewhat distinct use-cases:
1. Distinguish IPs which are behind the same (set of) reverse-proxies so that each of them contributes, independently to the others, to its own rate-limit "bucket" (cf the [token bucket](https://en.wikipedia.org/wiki/Token_bucket)).
In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For IPs` that are to be excluded, in order to find the actual clientIP.
Example to use each IP as a distinct source:
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------|
| <a id="opt-10-0-0-111-0-0-112-0-0-1" href="#opt-10-0-0-111-0-0-112-0-0-1" title="#opt-10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| <a id="opt-10-0-0-211-0-0-112-0-0-1" href="#opt-10-0-0-211-0-0-112-0-0-1" title="#opt-10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source, and all contribute to the same rate-limit bucket.
Example to group IPs together as same source:
| `X-Forwarded-For` | excludedIPs | clientIP |
|--------------------------------|--------------|--------------|
| <a id="opt-10-0-0-111-0-0-112-0-0-1-2" href="#opt-10-0-0-111-0-0-112-0-0-1-2" title="#opt-10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| <a id="opt-10-0-0-211-0-0-112-0-0-1-2" href="#opt-10-0-0-211-0-0-112-0-0-1-2" title="#opt-10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| <a id="opt-10-0-0-311-0-0-112-0-0-1" href="#opt-10-0-0-311-0-0-112-0-0-1" title="#opt-10-0-0-311-0-0-112-0-0-1">`"10.0.0.3,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
### store
A Distributed Rate Limit middleware uses a persistent KV storage to store data.
Refer to the [redis options](#configuration-options) to configure the Redis connection.
Connection parameters to your [Redis](https://redis.io/ "Link to website of Redis") server are attached to your Middleware deployment.
The following Redis modes are supported:
- Single instance mode
- [Redis Cluster](https://redis.io/docs/management/scaling "Link to official Redis documentation about Redis Cluster mode")
- [Redis Sentinel](https://redis.io/docs/management/sentinel "Link to official Redis documentation about Redis Sentinel mode")
For more information about Redis, we recommend the [official Redis documentation](https://redis.io/docs/ "Link to official Redis documentation").
!!! info
If you use Redis in single instance mode or Redis Sentinel, you can configure the `database` field.
This value won't be taken into account if you use Redis Cluster (only database `0` is available).
In this case, a warning is displayed, and the value is ignored.

35
docs/content/reference/routing-configuration/http/middlewares/errorpages.md
View File

@@ -18,6 +18,9 @@ http:
- "501"
- "503"
- "505-599"
statusRewrites:
"418": "404"
"502-504": "500"
service: error-handler-service
query: "/{status}.html"
@@ -33,6 +36,10 @@ http:
service = "error-handler-service"
query = "/{status}.html"
[http.middlewares.test-errors.errors.statusRewrites]
"418" = "404"
"502-504" = "500"
[http.services]
# ... definition of the error-handler-service
```
@@ -41,6 +48,8 @@ http:
# Dynamic Custom Error Page for 5XX Status Code
labels:
- "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
- "traefik.http.middlewares.test-errors.errors.statusRewrites.418=404"
- "traefik.http.middlewares.test-errors.errors.statusRewrites.502-504=500"
- "traefik.http.middlewares.test-errors.errors.service=error-handler-service"
- "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
```
@@ -51,6 +60,8 @@ labels:
// ...
"Tags": [
"traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599",
"traefik.http.middlewares.test-errors.errors.statusRewrites.418=404",
"traefik.http.middlewares.test-errors.errors.statusRewrites.502-504=500",
"traefik.http.middlewares.test-errors.errors.service=error-handler-service",
"traefik.http.middlewares.test-errors.errors.query=/{status}.html"
]
@@ -71,6 +82,9 @@ spec:
- "501"
- "503"
- "505-599"
statusRewrites:
"418": "404"
"502-504": "500"
query: /{status}.html
service:
name: error-handler-service
@@ -81,9 +95,10 @@ spec:
| Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `status` | Defines which status or range of statuses should result in an error page.<br/> The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).<br /> You can define either a status code as a number (`500`), as multiple comma-separated numbers (`500,502`), as ranges by separating two codes with a dash (`505-599`), or a combination of the two (`404,418,505-599`). | [] | No |
| `service` | The service that will serve the new requested error page.<br /> More information [here](#service-and-hostheader). | "" | No |
| `query` | The URL for the error page (hosted by `service`).<br /> More information [here](#query) | "" | No |
| <a id="opt-status" href="#opt-status" title="#opt-status">`status`</a> | Defines which status or range of statuses should result in an error page.<br/> The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).<br /> You can define either a status code as a number (`500`), as multiple comma-separated numbers (`500,502`), as ranges by separating two codes with a dash (`505-599`), or a combination of the two (`404,418,505-599`). | [] | No |
| <a id="opt-statusRewrites" href="#opt-statusRewrites" title="#opt-statusRewrites">`statusRewrites`</a> | An optional mapping of status codes to be rewritten. More information [here](#statusrewrites). | [] | No |
| <a id="opt-service" href="#opt-service" title="#opt-service">`service`</a> | The service that will serve the new requested error page.<br /> More information [here](#service-and-hostheader). | "" | No |
| <a id="opt-query" href="#opt-query" title="#opt-query">`query`</a> | The URL for the error page (hosted by `service`).<br /> More information [here](#query) | "" | No |
### service and HostHeader
@@ -94,6 +109,15 @@ the [`passHostHeader`](../../../../routing/services/index.md#pass-host-header) o
!!!info "Kubernetes"
When specifying a service in Kubernetes (e.g., in an IngressRoute), you need to reference the `name`, `namespace`, and `port` of your Kubernetes Service resource. For example, `my-service.my-namespace@kubernetescrd` (or `my-service.my-namespace@kubernetescrd:80`) ensures that requests go to the correct service and port.
### statusRewrites
`statusRewrites` is an optional mapping of status codes to be rewritten.
For example, if a service returns a 418, you might want to rewrite it to a 404.
You can map individual status codes or even ranges to a different status code.
The syntax for ranges follows the same rules as the <a href="#opt-status">`status`</a> option.
### query
There are multiple variables that can be placed in the `query` option to insert values in the URL.
@@ -102,5 +126,6 @@ The table below lists all the available variables and their associated values.
| Variable | Value |
|------------|------------------------------------------------------------------|
| `{status}` | The response status code. |
| `{url}` | The [escaped](https://pkg.go.dev/net/url#QueryEscape) request URL.|
| <a id="opt-status-2" href="#opt-status-2" title="#opt-status-2">`{status}`</a> | The response status code. |
| <a id="opt-originalStatus" href="#opt-originalStatus" title="#opt-originalStatus">`{originalStatus}`</a> | The original response status code, if it has been modified by the `statusRewrites` option. |
| <a id="opt-url" href="#opt-url" title="#opt-url">`{url}`</a> | The [escaped](https://pkg.go.dev/net/url#QueryEscape) request URL.|

44
docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
View File

@@ -55,23 +55,23 @@ spec:
| Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `address` | Authentication server address. | "" | Yes |
| `trustForwardHeader` | Trust all `X-Forwarded-*` headers. | false | No |
| `authResponseHeaders` | List of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. | [] | No |
| `authResponseHeadersRegex` | Regex to match by the headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.<br /> More information [here](#authresponseheadersregex). | "" | No |
| `authRequestHeaders` | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No |
| `addAuthCookiesToResponse` | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No |
| `forwardBody` | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No |
| `maxBodySize` | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). | -1 | No |
| `headerField` | Defines a header field to store the authenticated user. | "" | No |
| `preserveLocationHeader` | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No |
| `PreserveRequestMethod` | Defines whether to preserve the original request method while forwarding the request to the authentication server. | false | No |
| `tls.ca` | Sets the path to the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. | "" | No |
| `tls.cert` | Sets the path to the public certificate used for the secure connection to the authentication server. When using this option, setting the key option is required. | "" | No |
| `tls.key` | Sets the path to the private key used for the secure connection to the authentication server. When using this option, setting the `cert` option is required. | "" | No |
| `tls.caSecret` | Defines the secret that contains the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. **This option is only available for the Kubernetes CRD**. | | No |
| `tls.certSecret` | Defines the secret that contains both the private and public certificates used for the secure connection to the authentication server. **This option is only available for the Kubernetes CRD**. | | No |
| `tls.insecureSkipVerify` | During TLS connections, if this option is set to `true`, the authentication server will accept any certificate presented by the server regardless of the host names it covers. | false | No |
| <a id="opt-address" href="#opt-address" title="#opt-address">`address`</a> | Authentication server address. | "" | Yes |
| <a id="opt-trustForwardHeader" href="#opt-trustForwardHeader" title="#opt-trustForwardHeader">`trustForwardHeader`</a> | Trust all `X-Forwarded-*` headers. | false | No |
| <a id="opt-authResponseHeaders" href="#opt-authResponseHeaders" title="#opt-authResponseHeaders">`authResponseHeaders`</a> | List of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. | [] | No |
| <a id="opt-authResponseHeadersRegex" href="#opt-authResponseHeadersRegex" title="#opt-authResponseHeadersRegex">`authResponseHeadersRegex`</a> | Regex to match by the headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.<br /> More information [here](#authresponseheadersregex). | "" | No |
| <a id="opt-authRequestHeaders" href="#opt-authRequestHeaders" title="#opt-authRequestHeaders">`authRequestHeaders`</a> | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No |
| <a id="opt-addAuthCookiesToResponse" href="#opt-addAuthCookiesToResponse" title="#opt-addAuthCookiesToResponse">`addAuthCookiesToResponse`</a> | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No |
| <a id="opt-forwardBody" href="#opt-forwardBody" title="#opt-forwardBody">`forwardBody`</a> | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No |
| <a id="opt-maxBodySize" href="#opt-maxBodySize" title="#opt-maxBodySize">`maxBodySize`</a> | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). | -1 | No |
| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Defines a header field to store the authenticated user. | "" | No |
| <a id="opt-preserveLocationHeader" href="#opt-preserveLocationHeader" title="#opt-preserveLocationHeader">`preserveLocationHeader`</a> | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No |
| <a id="opt-preserveRequestMethod" href="#opt-preserveRequestMethod" title="#opt-preserveRequestMethod">`preserveRequestMethod`</a> | Defines whether to preserve the original request method while forwarding the request to the authentication server. | false | No |
| <a id="opt-tls-ca" href="#opt-tls-ca" title="#opt-tls-ca">`tls.ca`</a> | Sets the path to the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. | "" | No |
| <a id="opt-tls-cert" href="#opt-tls-cert" title="#opt-tls-cert">`tls.cert`</a> | Sets the path to the public certificate used for the secure connection to the authentication server. When using this option, setting the key option is required. | "" | No |
| <a id="opt-tls-key" href="#opt-tls-key" title="#opt-tls-key">`tls.key`</a> | Sets the path to the private key used for the secure connection to the authentication server. When using this option, setting the `cert` option is required. | "" | No |
| <a id="opt-tls-caSecret" href="#opt-tls-caSecret" title="#opt-tls-caSecret">`tls.caSecret`</a> | Defines the secret that contains the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. **This option is only available for the Kubernetes CRD**. | | No |
| <a id="opt-tls-certSecret" href="#opt-tls-certSecret" title="#opt-tls-certSecret">`tls.certSecret`</a> | Defines the secret that contains both the private and public certificates used for the secure connection to the authentication server. **This option is only available for the Kubernetes CRD**. | | No |
| <a id="opt-tls-insecureSkipVerify" href="#opt-tls-insecureSkipVerify" title="#opt-tls-insecureSkipVerify">`tls.insecureSkipVerify`</a> | During TLS connections, if this option is set to `true`, the authentication server will accept any certificate presented by the server regardless of the host names it covers. | false | No |
### authResponseHeadersRegex
@@ -87,10 +87,10 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header |
|-------------------|------------------------|
| HTTP Method | X-Forwarded-Method |
| Protocol | X-Forwarded-Proto |
| Host | X-Forwarded-Host |
| Request URI | X-Forwarded-Uri |
| Source IP-Address | X-Forwarded-For |
| <a id="opt-HTTP-Method" href="#opt-HTTP-Method" title="#opt-HTTP-Method">HTTP Method</a> | `X-Forwarded-Method` |
| <a id="opt-Protocol" href="#opt-Protocol" title="#opt-Protocol">Protocol</a> | `X-Forwarded-Proto` |
| <a id="opt-Host" href="#opt-Host" title="#opt-Host">Host</a> | `X-Forwarded-Host` |
| <a id="opt-Request-URI" href="#opt-Request-URI" title="#opt-Request-URI">Request URI</a> | `X-Forwarded-Uri` |
| <a id="opt-Source-IP-Address" href="#opt-Source-IP-Address" title="#opt-Source-IP-Address">Source IP-Address</a> | `X-Forwarded-For` |
{!traefik-for-business-applications.md!}

2
docs/content/reference/routing-configuration/http/middlewares/grpcweb.md
View File

@@ -56,7 +56,7 @@ spec:
| Field | Description | Default | Required |
|:-----------------------------|:------------------------------------------|:--------|:---------|
| `allowOrigins` | List of allowed origins. <br /> A wildcard origin `*` can also be configured to match all requests.<br /> More information [here](#alloworigins). | [] | No |
| <a id="opt-allowOrigins" href="#opt-allowOrigins" title="#opt-allowOrigins">`allowOrigins`</a> | List of allowed origins. <br /> A wildcard origin `*` can also be configured to match all requests.<br /> More information [here](#alloworigins). | [] | No |
### allowOrigins

66
docs/content/reference/routing-configuration/http/middlewares/headers.md
View File

@@ -9,11 +9,11 @@ By default, the following headers are automatically added when proxying requests
| Property | HTTP Header |
|---------------------------|----------------------------|
| Client's IP | X-Forwarded-For, X-Real-Ip |
| Host | X-Forwarded-Host |
| Port | X-Forwarded-Port |
| Protocol | X-Forwarded-Proto |
| Proxy Server's Hostname | X-Forwarded-Server |
| <a id="opt-Clients-IP" href="#opt-Clients-IP" title="#opt-Clients-IP">Client's IP</a> | `X-Forwarded-For`, `X-Real-Ip` |
| <a id="opt-Host" href="#opt-Host" title="#opt-Host">Host</a> | `X-Forwarded-Host` |
| <a id="opt-Port" href="#opt-Port" title="#opt-Port">Port</a> | `X-Forwarded-Port` |
| <a id="opt-Protocol" href="#opt-Protocol" title="#opt-Protocol">Protocol</a> | `X-Forwarded-Proto` |
| <a id="opt-Proxy-Servers-Hostname" href="#opt-Proxy-Servers-Hostname" title="#opt-Proxy-Servers-Hostname">Proxy Server's Hostname</a> | `X-Forwarded-Server` |
## Configuration Examples
@@ -266,34 +266,34 @@ spec:
| Field | Description | Default | Required |
| ----------------------------- | ------------------------------------------------- | --------- | -------- |
| `customRequestHeaders` | Lists the header names and values for requests. | [] | No |
| `customResponseHeaders` | Lists the header names and values for responses. | [] | No |
| `accessControlAllowCredentials` | Indicates if the request can include user credentials.| false | No |
| `accessControlAllowHeaders` | Specifies allowed request header names. | [] | No |
| `accessControlAllowMethods` | Specifies allowed request methods. | [] | No |
| `accessControlAllowOriginList` | Specifies allowed origins. More information [here](#accesscontrolalloworiginlist) | [] | No |
| `accessControlAllowOriginListRegex` | Allows origins matching regex. More information [here](#accesscontrolalloworiginlistregex) | [] | No |
| `accessControlExposeHeaders` | Specifies which headers are safe to expose to the API of a CORS API specification. | [] | No |
| `accessControlMaxAge` | Time (in seconds) to cache preflight requests. | 0 | No |
| `addVaryHeader` | Used in conjunction with `accessControlAllowOriginList` to determine whether the `Vary` header should be added or modified to demonstrate that server responses can differ based on the value of the origin header. | false | No |
| `allowedHosts` | Lists allowed domain names. | [] | No |
| `hostsProxyHeaders` | Specifies header keys for proxied hostname. | [] | No |
| `sslProxyHeaders` | Defines a set of header keys with associated values that would indicate a valid HTTPS request. It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). | {} | No |
| `stsSeconds` | Max age for `Strict-Transport-Security` header. | 0 | No |
| `stsIncludeSubdomains` | If set to `true`, the `includeSubDomains` directive is appended to the `Strict-Transport-Security` header. | false | No |
| `stsPreload` | Adds preload flag to STS header. | false | No |
| `forceSTSHeader` | Adds STS header for HTTP connections. | false | No |
| `frameDeny` | Set `frameDeny` to `true` to add the `X-Frame-Options` header with the value of `DENY`. | false | No |
| `customFrameOptionsValue` | allows the `X-Frame-Options` header value to be set with a custom value. This overrides the `FrameDeny` option. | "" | No |
| `contentTypeNosniff` | Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`. | false | No |
| `browserXssFilter` | Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`. | false | No |
| `customBrowserXSSValue` | allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the `BrowserXssFilter` option. | false | No |
| `contentSecurityPolicy` | allows the `Content-Security-Policy` header value to be set with a custom value. | false | No |
| `contentSecurityPolicyReportOnly` | allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value. | "" | No |
| `publicKey` | Implements HPKP for certificate pinning. | "" | No |
| `referrerPolicy` | Controls forwarding of `Referer` header. | "" | No |
| `permissionsPolicy` | allows sites to control browser features. | "" | No |
| `isDevelopment` | Set `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options. Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain. | false | No |
| <a id="opt-customRequestHeaders" href="#opt-customRequestHeaders" title="#opt-customRequestHeaders">`customRequestHeaders`</a> | Lists the header names and values for requests. | [] | No |
| <a id="opt-customResponseHeaders" href="#opt-customResponseHeaders" title="#opt-customResponseHeaders">`customResponseHeaders`</a> | Lists the header names and values for responses. | [] | No |
| <a id="opt-accessControlAllowCredentials" href="#opt-accessControlAllowCredentials" title="#opt-accessControlAllowCredentials">`accessControlAllowCredentials`</a> | Indicates if the request can include user credentials.| false | No |
| <a id="opt-accessControlAllowHeaders" href="#opt-accessControlAllowHeaders" title="#opt-accessControlAllowHeaders">`accessControlAllowHeaders`</a> | Specifies allowed request header names. | [] | No |
| <a id="opt-accessControlAllowMethods" href="#opt-accessControlAllowMethods" title="#opt-accessControlAllowMethods">`accessControlAllowMethods`</a> | Specifies allowed request methods. | [] | No |
| <a id="opt-accessControlAllowOriginList" href="#opt-accessControlAllowOriginList" title="#opt-accessControlAllowOriginList">`accessControlAllowOriginList`</a> | Specifies allowed origins. More information [here](#accesscontrolalloworiginlist) | [] | No |
| <a id="opt-accessControlAllowOriginListRegex" href="#opt-accessControlAllowOriginListRegex" title="#opt-accessControlAllowOriginListRegex">`accessControlAllowOriginListRegex`</a> | Allows origins matching regex. More information [here](#accesscontrolalloworiginlistregex) | [] | No |
| <a id="opt-accessControlExposeHeaders" href="#opt-accessControlExposeHeaders" title="#opt-accessControlExposeHeaders">`accessControlExposeHeaders`</a> | Specifies which headers are safe to expose to the API of a CORS API specification. | [] | No |
| <a id="opt-accessControlMaxAge" href="#opt-accessControlMaxAge" title="#opt-accessControlMaxAge">`accessControlMaxAge`</a> | Time (in seconds) to cache preflight requests. | 0 | No |
| <a id="opt-addVaryHeader" href="#opt-addVaryHeader" title="#opt-addVaryHeader">`addVaryHeader`</a> | Used in conjunction with `accessControlAllowOriginList` to determine whether the `Vary` header should be added or modified to demonstrate that server responses can differ based on the value of the origin header. | false | No |
| <a id="opt-allowedHosts" href="#opt-allowedHosts" title="#opt-allowedHosts">`allowedHosts`</a> | Lists allowed domain names. | [] | No |
| <a id="opt-hostsProxyHeaders" href="#opt-hostsProxyHeaders" title="#opt-hostsProxyHeaders">`hostsProxyHeaders`</a> | Specifies header keys for proxied hostname. | [] | No |
| <a id="opt-sslProxyHeaders" href="#opt-sslProxyHeaders" title="#opt-sslProxyHeaders">`sslProxyHeaders`</a> | Defines a set of header keys with associated values that would indicate a valid HTTPS request. It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). | {} | No |
| <a id="opt-stsSeconds" href="#opt-stsSeconds" title="#opt-stsSeconds">`stsSeconds`</a> | Max age for `Strict-Transport-Security` header. | 0 | No |
| <a id="opt-stsIncludeSubdomains" href="#opt-stsIncludeSubdomains" title="#opt-stsIncludeSubdomains">`stsIncludeSubdomains`</a> | If set to `true`, the `includeSubDomains` directive is appended to the `Strict-Transport-Security` header. | false | No |
| <a id="opt-stsPreload" href="#opt-stsPreload" title="#opt-stsPreload">`stsPreload`</a> | Adds preload flag to STS header. | false | No |
| <a id="opt-forceSTSHeader" href="#opt-forceSTSHeader" title="#opt-forceSTSHeader">`forceSTSHeader`</a> | Adds STS header for HTTP connections. | false | No |
| <a id="opt-frameDeny" href="#opt-frameDeny" title="#opt-frameDeny">`frameDeny`</a> | Set `frameDeny` to `true` to add the `X-Frame-Options` header with the value of `DENY`. | false | No |
| <a id="opt-customFrameOptionsValue" href="#opt-customFrameOptionsValue" title="#opt-customFrameOptionsValue">`customFrameOptionsValue`</a> | allows the `X-Frame-Options` header value to be set with a custom value. This overrides the `FrameDeny` option. | "" | No |
| <a id="opt-contentTypeNosniff" href="#opt-contentTypeNosniff" title="#opt-contentTypeNosniff">`contentTypeNosniff`</a> | Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`. | false | No |
| <a id="opt-browserXssFilter" href="#opt-browserXssFilter" title="#opt-browserXssFilter">`browserXssFilter`</a> | Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`. | false | No |
| <a id="opt-customBrowserXSSValue" href="#opt-customBrowserXSSValue" title="#opt-customBrowserXSSValue">`customBrowserXSSValue`</a> | allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the `BrowserXssFilter` option. | false | No |
| <a id="opt-contentSecurityPolicy" href="#opt-contentSecurityPolicy" title="#opt-contentSecurityPolicy">`contentSecurityPolicy`</a> | allows the `Content-Security-Policy` header value to be set with a custom value. | false | No |
| <a id="opt-contentSecurityPolicyReportOnly" href="#opt-contentSecurityPolicyReportOnly" title="#opt-contentSecurityPolicyReportOnly">`contentSecurityPolicyReportOnly`</a> | allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value. | "" | No |
| <a id="opt-publicKey" href="#opt-publicKey" title="#opt-publicKey">`publicKey`</a> | Implements HPKP for certificate pinning. | "" | No |
| <a id="opt-referrerPolicy" href="#opt-referrerPolicy" title="#opt-referrerPolicy">`referrerPolicy`</a> | Controls forwarding of `Referer` header. | "" | No |
| <a id="opt-permissionsPolicy" href="#opt-permissionsPolicy" title="#opt-permissionsPolicy">`permissionsPolicy`</a> | allows sites to control browser features. | "" | No |
| <a id="opt-isDevelopment" href="#opt-isDevelopment" title="#opt-isDevelopment">`isDevelopment`</a> | Set `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options. Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain. | false | No |
### `accessControlAllowOriginList`

26
docs/content/reference/routing-configuration/http/middlewares/hmac.md
View File

@@ -52,9 +52,9 @@ spec:
| Field | Description | Default | Required |
|:------------------|:---------------------------------------------|:--------|:---------|
| `keys` | A static set of secret keys to be used by HMAC middleware. | | Yes |
| `validateDigest` | Determines whether the middleware should validate the digest sum of the request body. | true | No |
| `enforcedHeaders` | A set of headers that must be included in the computation of the signature of the request. | | No |
| <a id="opt-keys" href="#opt-keys" title="#opt-keys">`keys`</a> | A static set of secret keys to be used by HMAC middleware. | | Yes |
| <a id="opt-validateDigest" href="#opt-validateDigest" title="#opt-validateDigest">`validateDigest`</a> | Determines whether the middleware should validate the digest sum of the request body. | true | No |
| <a id="opt-enforcedHeaders" href="#opt-enforcedHeaders" title="#opt-enforcedHeaders">`enforcedHeaders`</a> | A set of headers that must be included in the computation of the signature of the request. | | No |
## Authentication Mechanism
@@ -72,12 +72,12 @@ Authorization: Hmac keyId="secret-id-1",algorithm="hmac-sha256",headers="(reques
| Parameter | Description | Example |
|-------------|--------------------------------|------------------------------------|
| `keyId` | Identifier of the key being used by the sender to build the signature | `keyId="secret-key-1"` |
| `algorithm` | Algorithm used to generate the signature.<br /> Supported values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384` and `hmac-sha512`. | `algorithm="hmac-sha512"` |
| `headers` | List of headers to use in order to build the signature string.<br /> Each item **must** be lowercase. | `headers="host content-type"` |
| `signature` | Digital Signature of the request. See [computing the signature](#computing-the-signature). | `signature="c29tZXNpZ25hdHVyZQ=="` |
| `created` | Unix timestamp of the signature creation. | `created="1574453022"` |
| `expires` | Unix timestamp of the signature expiration. | `expires="1574453022"` |
| <a id="opt-keyId" href="#opt-keyId" title="#opt-keyId">`keyId`</a> | Identifier of the key being used by the sender to build the signature | `keyId="secret-key-1"` |
| <a id="opt-algorithm" href="#opt-algorithm" title="#opt-algorithm">`algorithm`</a> | Algorithm used to generate the signature.<br /> Supported values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384` and `hmac-sha512`. | `algorithm="hmac-sha512"` |
| <a id="opt-headers" href="#opt-headers" title="#opt-headers">`headers`</a> | List of headers to use in order to build the signature string.<br /> Each item **must** be lowercase. | `headers="host content-type"` |
| <a id="opt-signature" href="#opt-signature" title="#opt-signature">`signature`</a> | Digital Signature of the request. See [computing the signature](#computing-the-signature). | `signature="c29tZXNpZ25hdHVyZQ=="` |
| <a id="opt-created" href="#opt-created" title="#opt-created">`created`</a> | Unix timestamp of the signature creation. | `created="1574453022"` |
| <a id="opt-expires" href="#opt-expires" title="#opt-expires">`expires`</a> | Unix timestamp of the signature expiration. | `expires="1574453022"` |
!!! danger "Time sensitivity"
If the `created` timestamp is in the future or the `expires` timestamp is in the past, the middleware will refuse the request.
@@ -120,9 +120,9 @@ To allow this, the `headers` parameter accepts special header names that can be
| Value | Description | Signature String Example |
| --------------------- | ------------------------------------------------------------- |------------------------- |
| `(request-target)` | Obtained by concatenating the lowercase `:method`, an ASCII space, and the `:path` pseudo-headers ([as specified in HTTP/2](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)). | `(request-target): get /api/V1/resource?query=foo` |
| `(created)` | Value of the authorization header `created` parameter. | `(created): 1584453022` |
| `(expires)` | Value of the authorization header `expires` parameter. | `(expires): 1584453082` |
| <a id="opt-request-target" href="#opt-request-target" title="#opt-request-target">`(request-target)`</a> | Obtained by concatenating the lowercase `:method`, an ASCII space, and the `:path` pseudo-headers ([as specified in HTTP/2](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)). | `(request-target): get /api/V1/resource?query=foo` |
| <a id="opt-created-2" href="#opt-created-2" title="#opt-created-2">`(created)`</a> | Value of the authorization header `created` parameter. | `(created): 1584453022` |
| <a id="opt-expires-2" href="#opt-expires-2" title="#opt-expires-2">`(expires)`</a> | Value of the authorization header `expires` parameter. | `(expires): 1584453082` |
Their evaluated value is obtained by appending the special header name with an ASCII colon `:` an ASCII space \` \` then the designated value.
@@ -204,4 +204,4 @@ Only SHA-256 and SHA-512 checksums are supported for checksum computation.
To disable this feature and only perform authentication, set the `validateDigest` option to `false` in the middleware configuration.
{!traefik-for-business-applications.md!}
{!traefik-for-business-applications.md!}

Some files were not shown because too many files have changed in this diff Show More