homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Improve the Documentation with a Reference Section

Browse source
This commit is contained in:
Jean-Baptiste Doumenjou 2019-04-05 11:32:04 +02:00 committed by Traefiker Bot
parent 49563e638b
commit 4919b638f9
24 changed files with 1190 additions and 815 deletions
Download patch file Download diff file Expand all files Collapse all files

166
docs/content/reference/acme.md
View file

@ -1,166 +0,0 @@
# ACME - Reference
Every Options for ACME
{: .subtitle}
## TOML
```toml
# Sample entrypoint configuration when using ACME.
[entrypoints]
[entrypoints.web]
address = ":80"
[entrypoints.web-secure]
address = ":443"
# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
# Email address used for registration.
#
# Required
#
email = "test@traefik.io"
# File used for certificates storage.
#
# Optional (Deprecated)
#
#storageFile = "acme.json"
# File or key used for certificates storage.
#
# Required
#
storage = "acme.json"
# or `storage = "traefik/acme/account"` if using KV store.
# Deprecated, replaced by [acme.dnsChallenge].
#
# Optional.
#
# dnsProvider = "digitalocean"
# Deprecated, replaced by [acme.dnsChallenge.delayBeforeCheck].
#
# Optional
# Default: 0
#
# delayDontCheckDNS = 0
# If true, display debug log messages from the acme client library.
#
# Optional
# Default: false
#
# acmeLogging = true
# If true, override certificates in key-value store when using storeconfig.
#
# Optional
# Default: false
#
# overrideCertificates = true
# Deprecated. Enable on demand certificate generation.
#
# Optional
# Default: false
#
# onDemand = true
# Enable certificate generation on frontends host rules.
#
# Optional
# Default: false
#
# onHostRule = true
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
# leave commented to go to prod.
#
# Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory"
#
# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# KeyType to use.
#
# Optional
# Default: "RSA4096"
#
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
#
# KeyType = "RSA4096"
# Use a TLS-ALPN-01 ACME challenge.
#
# Optional (but recommended)
#
[acme.tlsChallenge]
# Use a HTTP-01 ACME challenge.
#
# Optional
#
# [acme.httpChallenge]
# EntryPoint to use for the HTTP-01 challenges.
#
# Required
#
# entryPoint = "http"
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation.
#
# Optional
#
# [acme.dnsChallenge]
# DNS provider used.
#
# Required
#
# provider = "digitalocean"
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
# Useful if internal networks block external DNS queries.
#
# Optional
# Default: 0
#
# delayBeforeCheck = 0
# Use following DNS servers to resolve the FQDN authority.
#
# Optional
# Default: empty
#
# resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
#
# NOT RECOMMENDED:
# Increase the risk of reaching Let's Encrypt's rate limits.
#
# Optional
# Default: false
#
# disablePropagationCheck = true
# Domains list.
# Only domains defined here can generate wildcard certificates.
# The certificates for these domains are negotiated at traefik startup only.
#
# [[acme.domains]]
# main = "local1.com"
# sans = ["test1.local1.com", "test2.local1.com"]
# [[acme.domains]]
# main = "local2.com"
# [[acme.domains]]
# main = "*.local3.com"
# sans = ["local3.com", "test1.test1.local3.com"]
```

8
docs/content/reference/dynamic-configuration/docker.md Normal file
View file

@ -0,0 +1,8 @@
# Docker Configuration Reference
Dynamic configuration with Docker Labels
{: .subtitle }
```yaml
--8<-- "content/reference/dynamic-configuration/docker.yml"
```

145
docs/content/reference/dynamic-configuration/docker.yml Normal file
View file

@ -0,0 +1,145 @@
labels:
- "traefik.HTTP.Middlewares.Middleware0.AddPrefix.Prefix=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.HeaderField=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Realm=foobar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.RemoveHeader=true"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.Users=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware1.BasicAuth.UsersFile=foobar"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxRequestBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MaxResponseBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemRequestBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.MemResponseBodyBytes=42"
- "traefik.HTTP.Middlewares.Middleware2.Buffering.RetryExpression=foobar"
- "traefik.HTTP.Middlewares.Middleware3.Chain.Middlewares=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware4.CircuitBreaker.Expression=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.HeaderField=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Realm=foobar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.RemoveHeader=true"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.Users=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware5.DigestAuth.UsersFile=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Query=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Service=foobar"
- "traefik.HTTP.Middlewares.Middleware6.Errors.Status=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.Address=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.AuthResponseHeaders=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CA=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.CAOptional=true"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Cert=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.InsecureSkipVerify=true"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TLS.Key=foobar"
- "traefik.HTTP.Middlewares.Middleware7.ForwardAuth.TrustForwardHeader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowCredentials=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowHeaders=X-foobar, X-fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowMethods=GET, PUT"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlAllowOrigin=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlExposeHeaders=X-foobar, X-fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AccessControlMaxAge=200"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AddVaryHeader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.AllowedHosts=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.BrowserXSSFilter=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentSecurityPolicy=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ContentTypeNosniff=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomBrowserXSSValue=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomFrameOptionsValue=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ForceSTSHeader=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.FrameDeny=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.HostsProxyHeaders=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.IsDevelopment=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.PublicKey=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.ReferrerPolicy=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLForceHost=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLHost=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name0=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders.name1=foobar"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLRedirect=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.SSLTemporaryRedirect=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSIncludeSubdomains=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSPreload=true"
- "traefik.HTTP.Middlewares.Middleware8.Headers.STSSeconds=42"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.Depth=42"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.IPStrategy.ExcludedIPs=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware9.IPWhiteList.SourceRange=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.Amount=42"
- "traefik.HTTP.Middlewares.Middleware10.MaxConn.ExtractorFunc=foobar"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotAfter=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.NotBefore=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Sans=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Country=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Province=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Locality=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.Organization=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.CommonName=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.SerialNumber=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Subject.DomainComponent=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Country=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Province=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Locality=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.Organization=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.CommonName=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.SerialNumber=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.Info.Issuer.DomainComponent=true"
- "traefik.HTTP.Middlewares.Middleware11.PassTLSClientCert.PEM=true"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.ExtractorFunc=foobar"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Average=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Burst=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate0.Period=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Average=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Burst=42"
- "traefik.HTTP.Middlewares.Middleware12.RateLimit.RateSet.Rate1.Period=42"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Regex=foobar"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Replacement=foobar"
- "traefik.HTTP.Middlewares.Middleware13.RedirectRegex.Permanent=true"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Scheme=https"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Port=80"
- "traefik.HTTP.Middlewares.Middleware13b.RedirectScheme.Permanent=true"
- "traefik.HTTP.Middlewares.Middleware14.ReplacePath.Path=foobar"
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Regex=foobar"
- "traefik.HTTP.Middlewares.Middleware15.ReplacePathRegex.Replacement=foobar"
- "traefik.HTTP.Middlewares.Middleware16.Retry.Attempts=42"
- "traefik.HTTP.Middlewares.Middleware17.StripPrefix.Prefixes=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware18.StripPrefixRegex.Regex=foobar, fiibar"
- "traefik.HTTP.Middlewares.Middleware19.Compress=true"
- "traefik.HTTP.Routers.Router0.EntryPoints=foobar, fiibar"
- "traefik.HTTP.Routers.Router0.Middlewares=foobar, fiibar"
- "traefik.HTTP.Routers.Router0.Priority=42"
- "traefik.HTTP.Routers.Router0.Rule=foobar"
- "traefik.HTTP.Routers.Router0.Service=foobar"
- "traefik.HTTP.Routers.Router0.TLS=true"
- "traefik.HTTP.Routers.Router1.EntryPoints=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Middlewares=foobar, fiibar"
- "traefik.HTTP.Routers.Router1.Priority=42"
- "traefik.HTTP.Routers.Router1.Rule=foobar"
- "traefik.HTTP.Routers.Router1.Service=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name1=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Hostname=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Interval=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Path=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Port=42"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Timeout=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.Method=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.PassHostHeader=true"
- "traefik.HTTP.Services.Service0.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Port=8080"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.server.Weight=42"
- "traefik.HTTP.Services.Service0.LoadBalancer.Stickiness.CookieName=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name0=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Headers.name1=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Hostname=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Interval=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Path=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Port=42"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Scheme=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.HealthCheck.Timeout=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.Method=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.PassHostHeader=true"
- "traefik.HTTP.Services.Service1.LoadBalancer.ResponseForwarding.FlushInterval=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Port=8080"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Scheme=foobar"
- "traefik.HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers.name0=foobar"
- "traefik.HTTP.Services.Service1.LoadBalancer.server.Weight=42"

8
docs/content/reference/dynamic-configuration/file.md Normal file
View file

@ -0,0 +1,8 @@
# File Configuration Reference
Dynamic configuration with toml files
{: .subtitle }
```toml
--8<-- "content/reference/dynamic-configuration/file.toml"
```

265
docs/content/reference/dynamic-configuration/file.toml Normal file
View file

@ -0,0 +1,265 @@
[HTTP]
[HTTP.Routers]
[HTTP.Routers.Router0]
EntryPoints = ["foobar", "foobar"]
Middlewares = ["foobar", "foobar"]
Service = "foobar"
Rule = "foobar"
priority = 42
[HTTP.Routers.Router0.tls]
[HTTP.Middlewares]
[HTTP.Middlewares.Middleware0.AddPrefix]
Prefix = "foobar"
[HTTP.Middlewares.Middleware1.StripPrefix]
Prefixes = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware2.StripPrefixRegex]
Regex = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware3.ReplacePath]
Path = "foobar"
[HTTP.Middlewares.Middleware4.ReplacePathRegex]
Regex = "foobar"
Replacement = "foobar"
[HTTP.Middlewares.Middleware5.Chain]
Middlewares = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware6.IPWhiteList]
SourceRange = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware7.IPWhiteList.IPStrategy]
Depth = 42
ExcludedIPs = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware8.Headers]
AccessControlAllowCredentials = true
AccessControlAllowHeaders = ["foobar", "foobar"]
AccessControlAllowMethods = ["foobar", "foobar"]
AccessControlAllowOrigin = "foobar"
AccessControlExposeHeaders = ["foobar", "foobar"]
AccessControlMaxAge = 42
AddVaryHeader = true
AllowedHosts = ["foobar", "foobar"]
HostsProxyHeaders = ["foobar", "foobar"]
SSLRedirect = true
SSLTemporaryRedirect = true
SSLHost = "foobar"
SSLForceHost = true
STSSeconds = 42
STSIncludeSubdomains = true
STSPreload = true
ForceSTSHeader = true
FrameDeny = true
CustomFrameOptionsValue = "foobar"
ContentTypeNosniff = true
BrowserXSSFilter = true
CustomBrowserXSSValue = "foobar"
ContentSecurityPolicy = "foobar"
PublicKey = "foobar"
ReferrerPolicy = "foobar"
IsDevelopment = true
[HTTP.Middlewares.Middleware8.Headers.CustomRequestHeaders]
name0 = "foobar"
name1 = "foobar"
[HTTP.Middlewares.Middleware8.Headers.CustomResponseHeaders]
name0 = "foobar"
name1 = "foobar"
[HTTP.Middlewares.Middleware8.Headers.SSLProxyHeaders]
name0 = "foobar"
name1 = "foobar"
[HTTP.Middlewares.Middleware9.Errors]
Status = ["foobar", "foobar"]
Service = "foobar"
Query = "foobar"
[HTTP.Middlewares.Middleware10.RateLimit]
ExtractorFunc = "foobar"
[HTTP.Middlewares.Middleware10.RateLimit.RateSet]
[HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate0]
Period = 42
Average = 42
Burst = 42
[HTTP.Middlewares.Middleware10.RateLimit.RateSet.Rate1]
Period = 42
Average = 42
Burst = 42
[HTTP.Middlewares.Middleware11.RedirectRegex]
Regex = "foobar"
Replacement = "foobar"
Permanent = true
[HTTP.Middlewares.Middleware12.RedirectScheme]
Scheme = "foobar"
Port = "foobar"
Permanent = true
[HTTP.Middlewares.Middleware13.BasicAuth]
Users = ["foobar", "foobar"]
UsersFile = "foobar"
Realm = "foobar"
RemoveHeader = true
HeaderField = "foobar"
[HTTP.Middlewares.Middleware14.DigestAuth]
Users = ["foobar", "foobar"]
UsersFile = "foobar"
RemoveHeader = true
Realm = "foobar"
HeaderField = "foobar"
[HTTP.Middlewares.Middleware15.ForwardAuth]
Address = "foobar"
TrustForwardHeader = true
AuthResponseHeaders = ["foobar", "foobar"]
[HTTP.Middlewares.Middleware15.ForwardAuth.TLS]
CA = "foobar"
CAOptional = true
Cert = "foobar"
Key = "foobar"
InsecureSkipVerify = true
[HTTP.Middlewares.Middleware16.MaxConn]
Amount = 42
ExtractorFunc = "foobar"
[HTTP.Middlewares.Middleware17.Buffering]
MaxRequestBodyBytes = 42
MemRequestBodyBytes = 42
MaxResponseBodyBytes = 42
MemResponseBodyBytes = 42
RetryExpression = "foobar"
[HTTP.Middlewares.Middleware18.CircuitBreaker]
Expression = "foobar"
[HTTP.Middlewares.Middleware19.Compress]
[HTTP.Middlewares.Middleware20.PassTLSClientCert]
PEM = true
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info]
NotAfter = true
NotBefore = true
Sans = true
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Subject]
Country = true
Province = true
Locality = true
Organization = true
CommonName = true
SerialNumber = true
DomainComponent = true
[HTTP.Middlewares.Middleware20.PassTLSClientCert.Info.Issuer]
Country = true
Province = true
Locality = true
Organization = true
CommonName = true
SerialNumber = true
DomainComponent = true
[HTTP.Middlewares.Middleware21.Retry]
Attempts = 42
[HTTP.Services]
[HTTP.Services.Service0]
[HTTP.Services.Service0.LoadBalancer]
Method = "foobar"
PassHostHeader = true
[[HTTP.Services.Service0.LoadBalancer.Servers]]
URL = "foobar"
Weight = 42
[HTTP.Services.Service0.LoadBalancer.Stickiness]
CookieName = "foobar"
[[HTTP.Services.Service0.LoadBalancer.Servers]]
URL = "foobar"
Weight = 42
[HTTP.Services.Service0.LoadBalancer.HealthCheck]
Scheme = "foobar"
Path = "foobar"
Port = 42
Interval = "foobar"
Timeout = "foobar"
Hostname = "foobar"
[HTTP.Services.Service0.LoadBalancer.HealthCheck.Headers]
name0 = "foobar"
name1 = "foobar"
[HTTP.Services.Service0.LoadBalancer.ResponseForwarding]
FlushInterval = "foobar"
[TCP]
[TCP.Routers]
[TCP.Routers.TCPRouter0]
EntryPoints = ["foobar", "foobar"]
Service = "foobar"
Rule = "foobar"
[TCP.Routers.TCPRouter0.tls]
passthrough = true
[TCP.Services]
[TCP.Services.TCPService0]
[TCP.Services.TCPService0.LoadBalancer]
Method = "foobar"
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
Address = "foobar"
Weight = 42
[[TCP.Services.TCPService0.LoadBalancer.Servers]]
Address = "foobar"
Weight = 42
[[TLS]]
Stores = ["foobar", "foobar"]
[TLS.Certificate]
CertFile = "foobar"
KeyFile = "foobar"
[[TLS]]
Stores = ["foobar", "foobar"]
[TLS.Certificate]
CertFile = "foobar"
KeyFile = "foobar"
[TLSOptions]
[TLSOptions.TLS0]
MinVersion = "foobar"
CipherSuites = ["foobar", "foobar"]
SniStrict = true
[TLSOptions.TLS0.ClientCA]
Files = ["foobar", "foobar"]
Optional = true
[TLSOptions.TLS1]
MinVersion = "foobar"
CipherSuites = ["foobar", "foobar"]
SniStrict = true
[TLSOptions.TLS1.ClientCA]
Files = ["foobar", "foobar"]
Optional = true
[TLSStores]
[TLSStores.Store0]
[TLSStores.Store0.DefaultCertificate]
CertFile = "foobar"
KeyFile = "foobar"
[TLSStores.Store1]
[TLSStores.Store1.DefaultCertificate]
CertFile = "foobar"
KeyFile = "foobar"

8
docs/content/reference/dynamic-configuration/kubernetes-crd.md Normal file
View file

@ -0,0 +1,8 @@
# Kubernetes Configuration Reference
Dynamic configuration with Kubernetes Custom Resource
{: .subtitle }
```yaml
--8<-- "content/reference/dynamic-configuration/kubernetes-crd.yml"
```

71
docs/content/reference/dynamic-configuration/kubernetes-crd.yml Normal file
View file

@ -0,0 +1,71 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute.crd
spec:
entrypoints:
- web
- web-secure
routes:
- match: Host(`foo.com`) && PathPrefix(`/bar`)
kind: Rule
priority: 12
# defining several services is possible and allowed, but for now the servers of
# all the services (for a given route) get merged altogether under the same
# load-balancing strategy.
services:
- name: s1
port: 80
healthcheck:
path: /health
host: baz.com
intervalseconds: 7
timeoutseconds: 60
# strategy defines the load balancing strategy between the servers. It defaults
# to Round Robin, and for now only Round Robin is supported anyway.
strategy: RoundRobin
- name: s2
port: 433
healthcheck:
path: /health
host: baz.com
intervalseconds: 7
timeoutseconds: 60
- match: PathPrefix(`/misc`)
services:
- name: s3
port: 80
middleware:
- name: stripprefix
- name: addprefix
tls:
secretName: supersecret

35
docs/content/reference/entrypoints.md
View file

@ -1,35 +0,0 @@
# EntryPoints - Reference
Every Options for EntryPoints
{: .subtitle}
## TOML
```toml
# ...
[entrypoints]
[entrypoints.web]
address = ":80"
[entrypoints.web.proxyProtocol]
insecure = true
trustedIPs = ["10.10.10.1", "10.10.10.2"]
[entrypoints.web.forwardedHeaders]
trustedIPs = ["10.10.10.1", "10.10.10.2"]
insecure = false
[entrypoints.web-secure]
# ...
```
## CLI
```ini
Name:foo
Address::80
ProxyProtocol.TrustedIPs:192.168.0.1
ProxyProtocol.Insecure:true
ForwardedHeaders.TrustedIPs:10.0.0.3/24,20.0.0.3/24
```

53
docs/content/reference/logs.md
View file

@ -1,53 +0,0 @@
# Logs - Reference
## TOML
```toml
logLevel = "INFO"
[traefikLog]
filePath = "/path/to/traefik.log"
format = "json"
[accessLog]
filePath = "/path/to/access.log"
format = "json"
[accessLog.filters]
statusCodes = ["200", "300-302"]
retryAttempts = true
minDuration = "10ms"
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"
# ...
[accessLog.fields.headers]
defaultMode = "keep"
[accessLog.fields.headers.names]
"User-Agent" = "redact"
"Authorization" = "drop"
"Content-Type" = "keep"
# ...
```
## CLI
For more information about the CLI, see the documentation about [Traefik command](../../operations/cli).
```shell
--logLevel="DEBUG"
--traefikLog.filePath="/path/to/traefik.log"
--traefikLog.format="json"
--accessLog.filePath="/path/to/access.log"
--accessLog.format="json"
--accessLog.filters.statusCodes="200,300-302"
--accessLog.filters.retryAttempts="true"
--accessLog.filters.minDuration="10ms"
--accessLog.fields.defaultMode="keep"
--accessLog.fields.names="Username=drop Hostname=drop"
--accessLog.fields.headers.defaultMode="keep"
--accessLog.fields.headers.names="User-Agent=redact Authorization=drop Content-Type=keep"
```

180
docs/content/reference/providers/docker.md
View file

@ -1,180 +0,0 @@
# Docker -- Reference
## Docker
```toml
################################################################
# Docker Provider
################################################################
# Enable Docker Provider.
[docker]
# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
#
endpoint = "unix:///var/run/docker.sock"
# Default base domain used for the frontend rules.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Optional
#
domain = "docker.localhost"
# Enable watch docker changes.
#
# Optional
#
watch = true
# Override default configuration template.
# For advanced users :)
#
# Optional
#
# filename = "docker.tmpl"
# Override template version
# For advanced users :)
#
# Optional
# - "1": previous template version (must be used only with older custom templates, see "filename")
# - "2": current template version (must be used to force template version when "filename" is used)
#
# templateVersion = 2
# Expose containers by default in Traefik.
# If set to false, containers that don't have `traefik.enable=true` will be ignored.
#
# Optional
# Default: true
#
exposedByDefault = true
# Use the IP address from the bound port instead of the inner network one.
#
# In case no IP address is attached to the bound port (or in case
# there is no bind), the inner network one will be used as a fallback.
#
# Optional
# Default: false
#
usebindportip = true
# Use Swarm Mode services as data provider.
#
# Optional
# Default: false
#
swarmMode = false
# Polling interval (in seconds) for Swarm Mode.
#
# Optional
# Default: 15
#
swarmModeRefreshSeconds = 15
# Define a default docker network to use for connections to all containers.
# Can be overridden by the traefik.docker.network label.
#
# Optional
#
network = "web"
# Enable docker TLS connection.
#
# Optional
#
# [docker.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
# key = "/etc/ssl/docker.key"
# insecureSkipVerify = true
```
## Docker Swarm Mode
```toml
################################################################
# Docker Swarm Mode Provider
################################################################
# Enable Docker Provider.
[docker]
# Docker server endpoint.
# Can be a tcp or a unix socket endpoint.
#
# Required
# Default: "unix:///var/run/docker.sock"
#
# swarm classic (1.12-)
# endpoint = "tcp://127.0.0.1:2375"
# docker swarm mode (1.12+)
endpoint = "tcp://127.0.0.1:2377"
# Default base domain used for the frontend rules.
# Can be overridden by setting the "traefik.domain" label on a services.
#
# Optional
# Default: ""
#
domain = "docker.localhost"
# Enable watch docker changes.
#
# Optional
# Default: true
#
watch = true
# Use Docker Swarm Mode as data provider.
#
# Optional
# Default: false
#
swarmMode = true
# Define a default docker network to use for connections to all containers.
# Can be overridden by the traefik.docker.network label.
#
# Optional
#
network = "web"
# Override default configuration template.
# For advanced users :)
#
# Optional
#
# filename = "docker.tmpl"
# Override template version
# For advanced users :)
#
# Optional
# - "1": previous template version (must be used only with older custom templates, see "filename")
# - "2": current template version (must be used to force template version when "filename" is used)
#
# templateVersion = 2
# Expose services by default in Traefik.
#
# Optional
# Default: true
#
exposedByDefault = false
# Enable docker TLS connection.
#
# Optional
#
# [docker.tls]
# ca = "/etc/ssl/ca.crt"
# cert = "/etc/ssl/docker.crt"
# key = "/etc/ssl/docker.key"
# insecureSkipVerify = true
```

268
docs/content/reference/providers/file.md
View file

@ -1,268 +0,0 @@
# File -- Reference
## File
```toml
################################################################
# File Provider
################################################################
[providers]
# Enable File Provider.
[providers.file]
# Define one separated configuration file.
#
# Optional
#
filename = "my-conf.toml"
# Define directory that contains a set of configuration files.
#
# Optional
#
directory = "/path/to/config"
# Enable watch file changes.
#
# Optional
#
watch = true
[http]
[http.routers]
[http.routers.router0]
entrypoints = ["foo", "bar"]
middlewares = ["foo", "bar"]
service = "service-foo"
rule = "Path(`foo`)"
priority = 42
[http.routers.router0.tls]
[http.middlewares]
[http.middlewares.my-add-prefix.AddPrefix]
prefix = "/foo"
[http.middlewares.my-strip-prefix.StripPrefix]
prefixes = ["/foo", "/bar"]
[http.middlewares.my-strip-prefix-regex.StripPrefixRegex]
regex = ["/foo/api/", "/bar/{category}/{id:[0-9]+}/"]
[http.middlewares.my-replace-path.ReplacePath]
path = "/foo"
[http.middlewares.my-replace-path-regex.ReplacePathRegex]
regex = "foo/(.*)"
replacement = "/foobar/$1"
[http.middlewares.my-chain.Chain]
middlewares = ["my-add-prefix", "my-basic-auth"]
[http.middlewares.Middleware0.IPWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.Middleware0.IPWhiteList.IPStrategy]
depth = 2
excludedIPs = ["127.0.0.1/16", "192.168.1.7"]
[http.middlewares.my-headers.Headers]
accessControlAllowCredentials = true
accessControlAllowHeaders = ["X-foobar", "X-fiibar"]
accessControlAllowMethods = ["GET", "PUT"]
accessControlAllowOrigin = "*"
accessControlExposeHeaders = ["X-foobar", "X-fiibar"]
accessControlMaxAge = 200
addVaryHeader = true
allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"]
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
stsSeconds = 42
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
frameDeny = true
customFrameOptionsValue = "foobar"
contentTypeNosniff = true
browserXSSFilter = true
customBrowserXSSValue = "foobar"
contentSecurityPolicy = "foobar"
publicKey = "foobar"
referrerPolicy = "foobar"
isDevelopment = true
[http.middlewares.my-headers.Headers.CustomRequestHeaders]
X-Script-Name = "foo"
[http.middlewares.my-headers.Headers.CustomResponseHeaders]
X-Custom-Response-Header = "True"
[http.middlewares.my-headers.Headers.SSLProxyHeaders]
X-Forwarded-Proto = "https"
[http.middlewares.my-errors.Errors]
status = ["400-404", "500-599"]
service = "foo-errors-service"
query = "/error.html"
[http.middlewares.my-rate-limit.RateLimit]
extractorFunc = "client.ip"
[http.middlewares.Middleware0.RateLimit.RateSet]
[http.middlewares.Middleware0.RateLimit.RateSet.Rate0]
period = 10
average = 100
burst = 200
[http.middlewares.my-redirect-regex.RedirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/$1"
permanent = true
[http.middlewares.my-redirect-scheme.RedirectScheme]
scheme = "https"
port = "8443"
permanent = true
[http.middlewares.my-basic-auth.BasicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
usersFile = "etc/traefik/.htpasswd"
realm = "myRealm"
removeHeader = true
headerField = "X-WebAuth-User"
[http.middlewares.my-digest-auth.DigestAuth]
users = ["test:traefik:a2688e031edb4be6a3797f3882655c05", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
usersFile = "etc/traefik/.htdigest"
removeHeader = true
realm = "traefik"
headerField = "X-WebAuth-User"
[http.middlewares.my-forward-auth.ForwardAuth]
address = "https://myauth.server:443"
trustForwardHeader = true
authResponseHeaders = ["X-Forwarded-Foo", "X-Forwarded-Bar"]
[http.middlewares.my-forward-auth.ForwardAuth.TLS]
ca = "/etc/traefik/crt/ca.pem"
caOptional = true
cert = "/etc/traefik/crt/cert.pem"
key = "/etc/traefik/crt/cert.key"
insecureSkipVerify = true
[http.middlewares.my-maxconn.MaxConn]
amount = 10
extractorFunc = "request.host"
[http.middlewares.my-buffering.Buffering]
maxRequestBodyBytes = 25000
memRequestBodyBytes = 25000
maxResponseBodyBytes = 25000
memResponseBodyBytes = 25000
retryExpression = "foobar"
[http.middlewares.my-circuit-breaker.CircuitBreaker]
Expression = "LatencyAtQuantileMS(50.0) > 100"
[http.middlewares.my-compress.Compress]
[http.middlewares.my-pass-tls-client-cert.PassTLSClientCert]
pem = true
[http.middlewares.Middleware0.PassTLSClientCert.Info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.Middleware0.PassTLSClientCert.Info.Subject]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware0.PassTLSClientCert.Info.Issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.my-retry.Retry]
attempts = 4
[http.services]
[http.services.service0]
[http.services.service0.LoadBalancer]
method = "wrr"
passHostHeader = true
[http.services.service0.LoadBalancer.Stickiness]
cookieName = "my-stickiness-cookie-name"
[[http.services.service0.LoadBalancer.Servers]]
url = "http://foo/"
weight = 30
[[http.services.service0.LoadBalancer.Servers]]
url = "http://bar/"
weight = 70
[http.services.service0.LoadBalancer.HealthCheck]
scheme = "https"
path = "/health"
port = 9443
interval = "10s"
timeout = "30s"
hostname = "foobar"
[http.services.service0.LoadBalancer.HealthCheck.Headers]
My-Custom-Header = "foobar"
[http.services.service0.LoadBalancer.ResponseForwarding]
flushInterval = "4s"
[tcp]
[tcp.routers]
[tcp.routers.tcpRouter0]
entryPoints = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
[tcp.routers.tcpRouter0.tlst]
passthrough = true
[tcp.services]
[tcp.services.tcpService0]
[tcp.services.tcpService0.tcpLoadBalancer]
method = "foobar"
[[tcp.services.tcpService0.tcpLoadBalancer.Servers]]
address = "foobar"
weight = 42
[[tcp.services.tcpService0.tcpLoadBalancer.Servers]]
address = "foobar"
weight = 42
[[tls]]
Store = ["my-store-foo", "my-store-bar"]
[tls.Certificate]
certFile = "/etc/traefik/cert.pem"
keyFile = "/etc/traefik/cert.key"
[tlsconfig]
[tlsconfig.TLS0]
minVersion = "VersionTLS12"
cipherSuites = [ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384"]
[tlsconfig.TLS0.ClientCA]
files = ["/etc/traefik/ca-foo.pem", "/etc/traefik/ca-bar.pem"]
optional = true
[tlsstore]
[tlsstore.my-store-foo]
sniStrict = true
[tlsstore.my-store-foo.DefaultCertificate]
certFile = "/etc/traefik/cert.pem"
keyFile = "/etc/traefik/cert.key"
```

81
docs/content/reference/providers/kubernetescrd.md
View file

@ -1,81 +0,0 @@
# Kubernetes -- Reference
## Kubernetes
```yaml
################################################################
# Kubernetes Provider
################################################################
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroute.crd
spec:
entrypoints:
- web
- web-secure
routes:
- match: Host(`foo.com`) && PathPrefix(`/bar`)
kind: Rule
priority: 12
# defining several services is possible and allowed, but for now the servers of
# all the services (for a given route) get merged altogether under the same
# load-balancing strategy.
services:
- name: s1
port: 80
healthcheck:
path: /health
host: baz.com
intervalseconds: 7
timeoutseconds: 60
# strategy defines the load balancing strategy between the servers. It defaults
# to Round Robin, and for now only Round Robin is supported anyway.
strategy: RoundRobin
- name: s2
port: 433
healthcheck:
path: /health
host: baz.com
intervalseconds: 7
timeoutseconds: 60
- match: PathPrefix(`/misc`)
services:
- name: s3
port: 80
middleware:
- name: stripprefix
- name: addprefix
tls:
secretName: supersecret
```

13
docs/content/reference/static-configuration.md Normal file
View file

@ -0,0 +1,13 @@
# Static Configuration
## File
```toml
--8<-- "content/reference/static-configuration.toml"
```
## CLI
```txt
--8<-- "content/reference/static-configuration.txt"
```

238
docs/content/reference/static-configuration.toml Normal file
View file

@ -0,0 +1,238 @@
[Global]
Debug = true
CheckNewVersion = true
SendAnonymousUsage = true
[ServersTransport]
InsecureSkipVerify = true
RootCAs = ["foobar", "foobar"]
MaxIdleConnsPerHost = 42
[ServersTransport.ForwardingTimeouts]
DialTimeout = 42
ResponseHeaderTimeout = 42
[EntryPoints]
[EntryPoints.EntryPoint0]
Address = "foobar"
[EntryPoints.EntryPoint0.Transport]
[EntryPoints.EntryPoint0.Transport.LifeCycle]
RequestAcceptGraceTimeout = 42
GraceTimeOut = 42
[EntryPoints.EntryPoint0.Transport.RespondingTimeouts]
ReadTimeout = 42
WriteTimeout = 42
IdleTimeout = 42
[EntryPoints.EntryPoint0.ProxyProtocol]
Insecure = true
TrustedIPs = ["foobar", "foobar"]
[EntryPoints.EntryPoint0.ForwardedHeaders]
Insecure = true
TrustedIPs = ["foobar", "foobar"]
[Providers]
ProvidersThrottleDuration = 42
[Providers.Docker]
Watch = true
Endpoint = "foobar"
DefaultRule = "foobar"
ExposedByDefault = true
UseBindPortIP = true
SwarmMode = true
Network = "foobar"
SwarmModeRefreshSeconds = 42
[[Providers.Docker.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[[Providers.Docker.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[Providers.Docker.TLS]
CA = "foobar"
CAOptional = true
Cert = "foobar"
Key = "foobar"
InsecureSkipVerify = true
[Providers.File]
Directory = "foobar"
Watch = true
Filename = "foobar"
DebugLogGeneratedTemplate = true
TraefikFile = "foobar"
[Providers.Marathon]
Trace = true
Watch = true
Endpoint = "foobar"
DefaultRule = "foobar"
ExposedByDefault = true
DCOSToken = "foobar"
FilterMarathonConstraints = true
DialerTimeout = 42
ResponseHeaderTimeout = 42
TLSHandshakeTimeout = 42
KeepAlive = 42
ForceTaskHostname = true
RespectReadinessChecks = true
[[Providers.Marathon.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[[Providers.Marathon.Constraints]]
Key = "foobar"
MustMatch = true
Regex = "foobar"
[Providers.Marathon.TLS]
CA = "foobar"
CAOptional = true
Cert = "foobar"
Key = "foobar"
InsecureSkipVerify = true
[Providers.Marathon.Basic]
HTTPBasicAuthUser = "foobar"
HTTPBasicPassword = "foobar"
[Providers.Kubernetes]
Endpoint = "foobar"
Token = "foobar"
CertAuthFilePath = "foobar"
DisablePassHostHeaders = true
Namespaces = ["foobar", "foobar"]
LabelSelector = "foobar"
IngressClass = "foobar"
[Providers.Kubernetes.IngressEndpoint]
IP = "foobar"
Hostname = "foobar"
PublishedService = "foobar"
[Providers.KubernetesCRD]
Endpoint = "foobar"
Token = "foobar"
CertAuthFilePath = "foobar"
DisablePassHostHeaders = true
Namespaces = ["foobar", "foobar"]
LabelSelector = "foobar"
IngressClass = "foobar"
[Providers.Rest]
EntryPoint = "foobar"
[API]
EntryPoint = "foobar"
Dashboard = true
Middlewares = ["foobar", "foobar"]
[API.Statistics]
RecentErrors = 42
[Metrics]
[Metrics.Prometheus]
Buckets = [42.0, 42.0]
EntryPoint = "foobar"
Middlewares = ["foobar", "foobar"]
[Metrics.Datadog]
Address = "foobar"
PushInterval = "foobar"
[Metrics.StatsD]
Address = "foobar"
PushInterval = "foobar"
[Metrics.InfluxDB]
Address = "foobar"
Protocol = "foobar"
PushInterval = "foobar"
Database = "foobar"
RetentionPolicy = "foobar"
Username = "foobar"
Password = "foobar"
[Ping]
EntryPoint = "foobar"
Middlewares = ["foobar", "foobar"]
[Log]
LogLevel = "foobar"
FilePath = "foobar"
Format = "foobar"
[AccessLog]
FilePath = "foobar"
Format = "foobar"
BufferingSize = 42
[AccessLog.Filters]
StatusCodes = ["foobar", "foobar"]
RetryAttempts = true
MinDuration = 42
[AccessLog.Fields]
DefaultMode = "foobar"
[AccessLog.Fields.Names]
name0 = "foobar"
name1 = "foobar"
[AccessLog.Fields.Headers]
DefaultMode = "foobar"
[AccessLog.Fields.Headers.Names]
name0 = "foobar"
name1 = "foobar"
[Tracing]
Backend = "foobar"
ServiceName = "foobar"
SpanNameLimit = 42
[Tracing.Jaeger]
SamplingServerURL = "foobar"
SamplingType = "foobar"
SamplingParam = 42.0
LocalAgentHostPort = "foobar"
Gen128Bit = true
Propagation = "foobar"
TraceContextHeaderName = "foobar"
[Tracing.Zipkin]
HTTPEndpoint = "foobar"
SameSpan = true
ID128Bit = true
Debug = true
SampleRate = 42.0
[Tracing.DataDog]
LocalAgentHostPort = "foobar"
GlobalTag = "foobar"
Debug = true
PrioritySampling = true
TraceIDHeaderName = "foobar"
ParentIDHeaderName = "foobar"
SamplingPriorityHeaderName = "foobar"
BagagePrefixHeaderName = "foobar"
[Tracing.Instana]
LocalAgentHost = "foobar"
LocalAgentPort = 42
LogLevel = "foobar"
[HostResolver]
CnameFlattening = true
ResolvConfig = "foobar"
ResolvDepth = 42
[ACME]
Email = "foobar"
ACMELogging = true
CAServer = "foobar"
Storage = "foobar"
EntryPoint = "foobar"
KeyType = "foobar"
OnHostRule = true
[ACME.DNSChallenge]
Provider = "foobar"
DelayBeforeCheck = 42
Resolvers = ["foobar", "foobar"]
DisablePropagationCheck = true
[ACME.HTTPChallenge]
EntryPoint = "foobar"
[ACME.TLSChallenge]
[[ACME.Domains]]
Main = "foobar"
SANs = ["foobar", "foobar"]
[[ACME.Domains]]
Main = "foobar"
SANs = ["foobar", "foobar"]

196
docs/content/reference/static-configuration.txt Normal file
View file

@ -0,0 +1,196 @@
--accesslog Access log settings (default "false")
--accesslog.bufferingsize Number of access log lines to process in a buffered way. Default 0. (default "0")
--accesslog.fields AccessLogFields (default "false")
--accesslog.fields.defaultmode Default mode for fields: keep | drop (default "keep")
--accesslog.fields.headers Headers to keep, drop or redact (default "false")
--accesslog.fields.headers.defaultmode Default mode for fields: keep | drop | redact (default "keep")
--accesslog.fields.headers.names Override mode for headers (default "map[]")
--accesslog.fields.names Override mode for fields (default "map[]")
--accesslog.filepath Access log file path. Stdout is used when omitted or empty
--accesslog.filters Access log filters, used to keep only specific access logs (default "false")
--accesslog.filters.minduration Keep access logs when request took longer than the specified duration (default "0s")
--accesslog.filters.retryattempts Keep access logs when at least one retry happened (default "false")
--accesslog.filters.statuscodes Keep access logs with status codes in the specified range (default "[]")
--accesslog.format Access log format: json | common (default "common")
--acme Enable ACME (Let's Encrypt): automatic SSL (default "false")
--acme.acmelogging Enable debug logging of ACME actions. (default "false")
--acme.caserver CA server to use.
--acme.dnschallenge Activate DNS-01 Challenge (default "false")
--acme.dnschallenge.delaybeforecheck Assume DNS propagates after a delay in seconds rather than finding and querying (default "0s")
nameservers.
--acme.dnschallenge.disablepropagationcheck Disable the DNS propagation checks before notifying ACME that the DNS challenge (default "false")
is ready. [not recommended]
--acme.dnschallenge.provider Use a DNS-01 based challenge provider rather than HTTPS.
--acme.dnschallenge.resolvers Use following DNS servers to resolve the FQDN authority.
--acme.domains CN and SANs (alternative domains) to each main domain using format: (default "[]")
--acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No
SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge
--acme.email Email address used for registration
--acme.entrypoint EntryPoint to use.
--acme.httpchallenge Activate HTTP-01 Challenge (default "false")
--acme.httpchallenge.entrypoint HTTP challenge EntryPoint
--acme.keytype KeyType used for generating certificate private key. Allow value 'EC256',
'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. Default to 'RSA4096'
--acme.onhostrule Enable certificate generation on frontends Host rules. (default "false")
--acme.storage Storage to use.
--acme.tlschallenge Activate TLS-ALPN-01 Challenge (default "false")
--api Enable api/dashboard (default "false")
--api.dashboard Activate dashboard (default "true")
--api.entrypoint EntryPoint (default "traefik")
--api.middlewares Middleware list
--api.statistics Enable more detailed statistics (default "true")
--api.statistics.recenterrors Number of recent errors logged (default "10")
-c, --configfile Configuration file to use (TOML).
--entrypoints Entrypoints definition using format: --entryPoints='Name:http Address::8000 (default "map[]")
Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442
TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'
--global Global configuration options (default "true")
--global.checknewversion Periodically check if a new version has been released (default "true")
-d, --global.debug Enable debug mode (default "false")
--global.sendanonymoususage send periodically anonymous usage statistics (default "false")
--hostresolver Enable CNAME Flattening (default "false")
--hostresolver.cnameflattening A flag to enable/disable CNAME flattening (default "false")
--hostresolver.resolvconfig resolv.conf used for DNS resolving (default "/etc/resolv.conf")
--hostresolver.resolvdepth The maximal depth of DNS recursive resolving (default "5")
--log Traefik log settings (default "false")
--log.filepath Traefik log file path. Stdout is used when omitted or empty
--log.format Traefik log format: json | common (default "common")
--log.loglevel Log level set to traefik logs.
--metrics Enable a metrics exporter (default "false")
--metrics.datadog DataDog metrics exporter type (default "false")
--metrics.datadog.address DataDog's address (default "localhost:8125")
--metrics.datadog.pushinterval DataDog push interval (default "10s")
--metrics.influxdb InfluxDB metrics exporter type (default "false")
--metrics.influxdb.address InfluxDB address (default "localhost:8089")
--metrics.influxdb.database InfluxDB database used when protocol is http
--metrics.influxdb.password InfluxDB password (only with http)
--metrics.influxdb.protocol InfluxDB address protocol (udp or http) (default "udp")
--metrics.influxdb.pushinterval InfluxDB push interval (default "10s")
--metrics.influxdb.retentionpolicy InfluxDB retention policy used when protocol is http
--metrics.influxdb.username InfluxDB username (only with http)
--metrics.prometheus Prometheus metrics exporter type (default "false")
--metrics.prometheus.buckets Buckets for latency metrics (default "[0.1 0.3 1.2 5]")
--metrics.prometheus.entrypoint EntryPoint (default "traefik")
--metrics.prometheus.middlewares Middlewares
--metrics.statsd StatsD metrics exporter type (default "false")
--metrics.statsd.address StatsD address (default "localhost:8125")
--metrics.statsd.pushinterval StatsD push interval (default "10s")
--ping Enable ping (default "false")
--ping.entrypoint Ping entryPoint (default "traefik")
--ping.middlewares Middleware list
--providers Providers configuration (default "false")
--providers.docker Enable Docker backend with default settings (default "false")
--providers.docker.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.docker.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.docker.endpoint Docker server endpoint. Can be a tcp or a unix socket endpoint (default "unix:///var/run/docker.sock")
--providers.docker.exposedbydefault Expose containers by default (default "true")
--providers.docker.network Default Docker network used
--providers.docker.swarmmode Use Docker on Swarm Mode (default "false")
--providers.docker.swarmmoderefreshseconds Polling interval for swarm mode (in seconds) (default "15")
--providers.docker.tls Enable Docker TLS support (default "false")
--providers.docker.tls.ca TLS CA
--providers.docker.tls.caoptional TLS CA.Optional (default "false")
--providers.docker.tls.cert TLS cert
--providers.docker.tls.insecureskipverify TLS insecure skip verify (default "false")
--providers.docker.tls.key TLS key
--providers.docker.usebindportip Use the ip address from the bound port, rather than from the inner network (default "false")
--providers.docker.watch Watch provider (default "true")
--providers.file Enable File backend with default settings (default "true")
--providers.file.debugloggeneratedtemplate Enable debug logging of generated configuration template. (default "false")
--providers.file.directory Load configuration from one or more .toml files in a directory
--providers.file.filename Override default configuration template. For advanced users :)
--providers.file.watch Watch provider (default "true")
--providers.kubernetes Enable Kubernetes backend with default settings (default "true")
--providers.kubernetes.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
--providers.kubernetes.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
--providers.kubernetes.endpoint Kubernetes server endpoint (required for external cluster client)
--providers.kubernetes.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
--providers.kubernetes.ingressendpoint Kubernetes Ingress Endpoint (default "false")
--providers.kubernetes.ingressendpoint.hostname Hostname used for Kubernetes Ingress endpoints
--providers.kubernetes.ingressendpoint.ip IP used for Kubernetes Ingress endpoints
--providers.kubernetes.ingressendpoint.publishedservice Published Kubernetes Service to copy status from
--providers.kubernetes.labelselector Kubernetes Ingress label selector to use
--providers.kubernetes.namespaces Kubernetes namespaces (default "[]")
--providers.kubernetes.token Kubernetes bearer token (not needed for in-cluster client)
--providers.kubernetescrd Enable Kubernetes backend with default settings (default "false")
--providers.kubernetescrd.certauthfilepath Kubernetes certificate authority file path (not needed for in-cluster client)
--providers.kubernetescrd.disablepasshostheaders Kubernetes disable PassHost Headers (default "false")
--providers.kubernetescrd.endpoint Kubernetes server endpoint (required for external cluster client)
--providers.kubernetescrd.ingressclass Value of kubernetes.io/ingress.class annotation to watch for
--providers.kubernetescrd.labelselector Kubernetes label selector to use
--providers.kubernetescrd.namespaces Kubernetes namespaces (default "[]")
--providers.kubernetescrd.token Kubernetes bearer token (not needed for in-cluster client)
--providers.marathon Enable Marathon backend with default settings (default "false")
--providers.marathon.basic Enable basic authentication (default "false")
--providers.marathon.basic.httpbasicauthuser Basic authentication User
--providers.marathon.basic.httpbasicpassword Basic authentication Password
--providers.marathon.constraints Filter services by constraint, matching with Traefik tags. (default "[]")
--providers.marathon.dcostoken DCOSToken for DCOS environment, This will override the Authorization header
--providers.marathon.defaultrule Default rule (default "Host(`{{ normalize .Name }}`)")
--providers.marathon.dialertimeout Set a dialer timeout for Marathon (default "5s")
--providers.marathon.endpoint Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080")
--providers.marathon.exposedbydefault Expose Marathon apps by default (default "true")
--providers.marathon.filtermarathonconstraints Enable use of Marathon constraints in constraint filtering (default "false")
--providers.marathon.forcetaskhostname Force to use the task's hostname. (default "false")
--providers.marathon.keepalive Set a TCP Keep Alive time in seconds (default "10s")
--providers.marathon.respectreadinesschecks Filter out tasks with non-successful readiness checks during deployments (default "false")
--providers.marathon.responseheadertimeout Set a response header timeout for Marathon (default "1m0s")
--providers.marathon.tls Enable TLS support (default "false")
--providers.marathon.tls.ca TLS CA
--providers.marathon.tls.caoptional TLS CA.Optional (default "false")
--providers.marathon.tls.cert TLS cert
--providers.marathon.tls.insecureskipverify TLS insecure skip verify (default "false")
--providers.marathon.tls.key TLS key
--providers.marathon.tlshandshaketimeout Set a TLS handhsake timeout for Marathon (default "5s")
--providers.marathon.trace Display additional provider logs. (default "false")
--providers.marathon.watch Watch provider (default "true")
--providers.providersthrottleduration Backends throttle duration: minimum duration between 2 events from providers (default "2s")
before applying a new configuration. It avoids unnecessary reloads if multiples
events are sent in a short amount of time.
--providers.rest Enable Rest backend with default settings (default "true")
--providers.rest.entrypoint EntryPoint (default "traefik")
--serverstransport Servers default transport (default "true")
--serverstransport.forwardingtimeouts Timeouts for requests forwarded to the backend servers (default "true")
--serverstransport.forwardingtimeouts.dialtimeout The amount of time to wait until a connection to a backend server can be (default "0s")
established. Defaults to 30 seconds. If zero, no timeout exists
--serverstransport.forwardingtimeouts.responseheadertimeout The amount of time to wait for a server's response headers after fully writing (default "0s")
the request (including its body, if any). If zero, no timeout exists
--serverstransport.insecureskipverify Disable SSL certificate verification (default "false")
--serverstransport.maxidleconnsperhost If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, (default "200")
DefaultMaxIdleConnsPerHost is used
--serverstransport.rootcas Add cert file for self-signed certificate
--tracing OpenTracing configuration (default "false")
--tracing.backend Selects the tracking backend ('jaeger','zipkin','datadog','instana'). (default "jaeger")
--tracing.datadog Settings for DataDog (default "false")
--tracing.datadog.bagageprefixheadername specifies the header name prefix that will be used to store baggage items in a
map.
--tracing.datadog.debug Enable DataDog debug. (default "false")
--tracing.datadog.globaltag Key:Value tag to be set on all the spans.
--tracing.datadog.localagenthostport Set datadog-agent's host:port that the reporter will used. Defaults to (default "localhost:8126")
localhost:8126
--tracing.datadog.parentidheadername Specifies the header name that will be used to store the parent ID.
--tracing.datadog.prioritysampling Enable priority sampling. When using distributed tracing, this option must be (default "false")
enabled in order to get all the parts of a distributed trace sampled.
--tracing.datadog.samplingpriorityheadername Specifies the header name that will be used to store the sampling priority.
--tracing.datadog.traceidheadername Specifies the header name that will be used to store the trace ID.
--tracing.instana Settings for Instana (default "false")
--tracing.instana.localagenthost Set instana-agent's host that the reporter will used. (default "localhost")
--tracing.instana.localagentport Set instana-agent's port that the reporter will used. (default "42699")
--tracing.instana.loglevel Set instana-agent's log level. ('error','warn','info','debug') (default "info")
--tracing.jaeger Settings for jaeger (default "false")
--tracing.jaeger.gen128bit generate 128 bit span IDs. (default "false")
--tracing.jaeger.localagenthostport set jaeger-agent's host:port that the reporter will used. (default "127.0.0.1:6831")
--tracing.jaeger.propagation which propgation format to use (jaeger/b3). (default "jaeger")
--tracing.jaeger.samplingparam set the sampling parameter. (default "1")
--tracing.jaeger.samplingserverurl set the sampling server url. (default "http://localhost:5778/sampling")
--tracing.jaeger.samplingtype set the sampling type. (default "const")
--tracing.jaeger.tracecontextheadername set the header to use for the trace-id. (default "uber-trace-id")
--tracing.servicename Set the name for this service (default "traefik")
--tracing.spannamelimit Set the maximum character limit for Span names (default 0 = no limit) (default "0")
--tracing.zipkin Settings for zipkin (default "false")
--tracing.zipkin.debug Enable Zipkin debug. (default "false")
--tracing.zipkin.httpendpoint HTTP Endpoint to report traces to. (default "http://localhost:9411/api/v1/spans")
--tracing.zipkin.id128bit Use Zipkin 128 bit root span IDs. (default "true")
--tracing.zipkin.samespan Use Zipkin SameSpan RPC style traces. (default "false")
--tracing.zipkin.samplerate The rate between 0.0 and 1.0 of requests to trace. (default "1")
-h, --help Print Help (this message) and exit