homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch v3.0 into master

Browse source
This commit is contained in:
Fernandez Ludovic 2024-04-23 13:25:25 +02:00
commit 9d8fd24730
119 changed files with 16917 additions and 500 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/getting-started/faq.md
View file

@ -93,7 +93,7 @@ The example below is a file provider only version (`yaml`) of what this configur
```yaml tab="Static configuration"
# traefik.yml
entrypoints:
entryPoints:
web:
address: :80

8
docs/content/https/acme.md
View file

@ -116,8 +116,8 @@ Please check the [configuration examples below](#configuration-examples) for mor
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.acme.email=your-email@example.com
--certificatesresolvers.myresolver.acme.storage=acme.json
@ -241,8 +241,8 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
```

63
docs/content/middlewares/http/ipallowlist.md
View file

@ -8,11 +8,11 @@ description: "Learn how to use IPAllowList in HTTP middleware for limiting clien
Limiting Clients to Specific IPs
{: .subtitle }
IPAllowList accepts / refuses requests based on the client IP.
IPAllowList limits allowed requests based on the client IP.
## Configuration Examples
```yaml tab="Docker & Swarm"
```yaml tab="Docker"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
@ -35,6 +35,18 @@ spec:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
}
```
```yaml tab="Rancher"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="File (YAML)"
# Accepts request from defined IP
http:
@ -57,6 +69,8 @@ http:
### `sourceRange`
_Required_
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
### `ipStrategy`
@ -83,7 +97,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
```yaml tab="Docker & Swarm"
```yaml tab="Docker"
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
@ -111,6 +125,20 @@ spec:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
}
```
```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
```
```yaml tab="File (YAML)"
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
http:
@ -149,9 +177,10 @@ http:
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
```yaml tab="Docker & Swarm"
```yaml tab="Docker"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
@ -163,6 +192,9 @@ metadata:
name: test-ipallowlist
spec:
ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy:
excludedIPs:
- 127.0.0.1/32
@ -171,25 +203,44 @@ spec:
```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For`
http:
middlewares:
test-ipallowlist:
ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- 127.0.0.1/32
- 192.168.1.7
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
[http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

17
docs/content/middlewares/http/ipwhitelist.md
View file

@ -10,7 +10,7 @@ Limiting Clients to Specific IPs
![IPWhiteList](../../assets/img/middleware/ipwhitelist.png)
IPWhiteList accepts / refuses requests based on the client IP.
IPWhiteList limits allowed requests based on the client IP.
!!! warning
@ -63,6 +63,8 @@ http:
### `sourceRange`
_Required_
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
### `ipStrategy`
@ -158,6 +160,7 @@ http:
```yaml tab="Docker"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
@ -170,6 +173,9 @@ metadata:
spec:
ipWhiteList:
ipStrategy:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
@ -177,6 +183,7 @@ spec:
```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
@ -186,16 +193,20 @@ http:
middlewares:
test-ipwhitelist:
ipWhiteList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- 127.0.0.1/32
- 192.168.1.7
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

2
docs/content/middlewares/tcp/ipallowlist.md
View file

@ -8,7 +8,7 @@ description: "Learn how to use IPAllowList in TCP middleware for limiting client
Limiting Clients to Specific IPs
{: .subtitle }
IPAllowList accepts / refuses connections based on the client IP.
IPAllowList limits allowed requests based on the client IP.
## Configuration Examples

16
docs/content/migration/v1-to-v2.md
View file

@ -354,7 +354,7 @@ To apply a redirection:
```
```bash tab="CLI"
--entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
--entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
--entryPoints='Name:websecure Address::443 TLS'
```
@ -394,10 +394,10 @@ To apply a redirection:
```bash tab="CLI"
## static configuration
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entrypoint.to=websecure
--entryPoints.web.http.redirections.entrypoint.scheme=https
--entryPoints.websecure.address=:443
--providers.docker=true
```
@ -750,8 +750,8 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--certificatesresolvers.myresolver.acme.email=your-email@example.com
--certificatesresolvers.myresolver.acme.storage=acme.json
--certificatesresolvers.myresolver.acme.tlschallenge=true
@ -1078,7 +1078,7 @@ To activate the dashboard, you can either:
routers:
api:
rule: Host(`traefik.docker.localhost`)
entrypoints:
entryPoints:
- websecure
service: api@internal
middlewares:

4
docs/content/migration/v2-to-v3.md
View file

@ -724,7 +724,7 @@ Here are two possible transition strategies:
Please check the [OpenTelemetry Tracing provider documention](../observability/tracing/opentelemetry.md) for more information.
#### Internal Resources Observability (AccessLogs, Metrics and Tracing)
#### Internal Resources Observability
In v3, observability for internal routers or services (e.g.: `ping@internal`) is disabled by default.
To enable it one should use the new `addInternals` option for AccessLogs, Metrics or Tracing.
@ -732,4 +732,4 @@ Please take a look at the observability documentation for more information:
- [AccessLogs](../observability/access-logs.md#addinternals)
- [Metrics](../observability/metrics/overview.md#addinternals)
- [AccessLogs](../observability/tracing/overview.md#addinternals)
- [Tracing](../observability/tracing/overview.md#addinternals)

60
docs/content/migration/v2.md
View file

@ -580,3 +580,63 @@ the maximum user-defined router priority value is:
- `(MaxInt32 - 1000)` for 32-bit platforms,
- `(MaxInt64 - 1000)` for 64-bit platforms.
### EntryPoint.Transport.RespondingTimeouts.<Timeout>
Starting with `v2.11.1` the following timeout options are deprecated:
- `<entryPoint>.transport.respondingTimeouts.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.idleTimeout`
They have been replaced by:
- `<entryPoint>.transport.respondingTimeouts.http.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.idleTimeout`
### EntryPoint.Transport.RespondingTimeouts.TCP.LingeringTimeout
Starting with `v2.11.1` a new `lingeringTimeout` entryPoints option has been introduced, with a default value of 2s.
The lingering timeout defines the maximum duration between each TCP read operation on the connection.
As a layer 4 timeout, it applies during HTTP handling but respects the configured HTTP server `readTimeout`.
This change avoids Traefik instances with the default configuration hanging while waiting for bytes to be read on the connection.
We suggest to adapt this value accordingly to your situation.
The new default value is purposely narrowed and can close the connection too early.
Increasing the `lingeringTimeout` value could be the solution notably if you are dealing with the following errors:
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
## v2.11.2
### LingeringTimeout
Starting with `v2.11.2` the `<entrypoint>.transport.respondingTimeouts.tcp.lingeringTimeout` introduced in `v2.11.1` has been removed.
### RespondingTimeouts.TCP and RespondingTimeouts.HTTP
Starting with `v2.11.2` the `respondingTimeouts.tcp` and `respondingTimeouts.http` sections introduced in `v2.11.1` have been removed.
To configure the responding timeouts, please use the [`respondingTimeouts`](../routing/entrypoints.md#respondingtimeouts) section.
### EntryPoint.Transport.RespondingTimeouts.ReadTimeout
Starting with `v2.11.2` the entryPoints [`readTimeout`](../routing/entrypoints.md#respondingtimeouts) option default value changed to 60 seconds.
For HTTP, this option defines the maximum duration for reading the entire request, including the body.
For TCP, this option defines the maximum duration for the first bytes to be read on the connection.
The default value was previously set to zero, which means no timeout.
This change has been done to avoid Traefik instances with the default configuration to be hanging forever while waiting for bytes to be read on the connection.
Increasing the `readTimeout` value could be the solution notably if you are dealing with the following errors:
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`

4
docs/content/observability/access-logs.md
View file

@ -30,7 +30,7 @@ accessLog: {}
_Optional, Default="false"_
Enables accessLogs for internal resources.
Enables accessLogs for internal resources (e.g.: `ping@internal`).
```yaml tab="File (YAML)"
accesslog:
@ -187,7 +187,7 @@ accessLog:
[accessLog.fields]
defaultMode = "keep"
[accessLog.fields.names]
"ClientUsername" = "drop"

2
docs/content/observability/metrics/overview.md
View file

@ -21,7 +21,7 @@ and [Kubernetes](https://grafana.com/grafana/dashboards/17347) deployments.
_Optional, Default="false"_
Enables metrics for internal resources.
Enables metrics for internal resources (e.g.: `ping@internals`).
```yaml tab="File (YAML)"
metrics:

4
docs/content/observability/tracing/overview.md
View file

@ -36,7 +36,7 @@ tracing: {}
_Optional, Default="false"_
Enables tracing for internal resources.
Enables tracing for internal resources (e.g.: `ping@internal`).
```yaml tab="File (YAML)"
tracing:
@ -159,4 +159,4 @@ tracing:
```bash tab="CLI"
--tracing.capturedResponseHeaders[0]=X-CustomHeader
```
```

79
docs/content/providers/kubernetes-gateway.md
View file

@ -212,6 +212,85 @@ providers:
--providers.kubernetesgateway.namespaces=default,production
```
### `statusAddress`
#### `ip`
_Optional, Default: ""_
This IP will get copied to the Gateway `status.addresses`, and currently only supports one IP value (IPv4 or IPv6).
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
statusAddress:
ip: "1.2.3.4"
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway.statusAddress]
ip = "1.2.3.4"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.statusaddress.ip=1.2.3.4
```
#### `hostname`
_Optional, Default: ""_
This Hostname will get copied to the Gateway `status.addresses`.
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
statusAddress:
hostname: "example.net"
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway.statusAddress]
hostname = "example.net"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.statusaddress.hostname=example.net
```
#### `service`
_Optional_
The Kubernetes service to copy status addresses from.
When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the gateways.
```yaml tab="File (YAML)"
providers:
kubernetesGateway:
statusAddress:
service:
namespace: default
name: foo
# ...
```
```toml tab="File (TOML)"
[providers.kubernetesGateway.statusAddress.service]
namespace = "default"
name = "foo"
# ...
```
```bash tab="CLI"
--providers.kubernetesgateway.statusaddress.service.namespace=default
--providers.kubernetesgateway.statusaddress.service.name=foo
```
### `experimentalChannel`
_Optional, Default: false_

25
docs/content/providers/nomad.md
View file

@ -163,6 +163,7 @@ providers:
_Optional, Default=""_
Token is used to provide a per-request ACL token, if Nomad ACLs are enabled.
The appropriate ACL privilege for this token is 'read-job', as outlined in the [Nomad documentation on ACL](https://developer.hashicorp.com/nomad/tutorials/access-control/access-control-policies).
```yaml tab="File (YAML)"
providers:
@ -511,3 +512,27 @@ providers:
--providers.nomad.namespaces=ns1,ns2
# ...
```
### `allowEmptyServices`
_Optional, Default: false_
If the parameter is set to `true`,
it allows the creation of an empty [servers load balancer](../routing/services/index.md#servers-load-balancer) if the targeted Nomad service has no endpoints available. This results in a `503` HTTP response instead of a `404`.
```yaml tab="File (YAML)"
providers:
nomad:
allowEmptyServices: true
# ...
```
```toml tab="File (TOML)"
[providers.nomad]
allowEmptyServices = true
# ...
```
```bash tab="CLI"
--providers.nomad.allowEmptyServices=true
```

8
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View file

@ -835,6 +835,10 @@ spec:
breaker will try to recover (as soon as it is in recovering
state).
x-kubernetes-int-or-string: true
responseCode:
description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state.
type: integer
type: object
compress:
description: |-
@ -1331,7 +1335,7 @@ spec:
ipAllowList:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
properties:
ipStrategy:
@ -1385,7 +1389,7 @@ spec:
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation).
of allowed IPs by using CIDR notation). Required.
items:
type: string
type: array

4
docs/content/reference/dynamic-configuration/kubernetes-gateway-traefik-lb-svc.yml
View file

@ -27,8 +27,8 @@ spec:
- name: traefik
image: traefik:v3.0
args:
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --entryPoints.web.address=:80
- --entryPoints.websecure.address=:443
- --experimental.kubernetesgateway
- --providers.kubernetesgateway

0
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml Normal file
View file

8
docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
View file

@ -172,6 +172,10 @@ spec:
breaker will try to recover (as soon as it is in recovering
state).
x-kubernetes-int-or-string: true
responseCode:
description: ResponseCode is the status code that the circuit
breaker will return while it is in the open state.
type: integer
type: object
compress:
description: |-
@ -668,7 +672,7 @@ spec:
ipAllowList:
description: |-
IPAllowList holds the IP allowlist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
This middleware limits allowed requests based on the client IP.
More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/ipallowlist/
properties:
ipStrategy:
@ -722,7 +726,7 @@ spec:
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation).
of allowed IPs by using CIDR notation). Required.
items:
type: string
type: array

20
docs/content/reference/static-configuration/cli-ref.md
View file

@ -202,7 +202,7 @@ Duration to keep accepting requests before Traefik initiates the graceful shutdo
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
`--entrypoints.<name>.transport.respondingtimeouts.readtimeout`:
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```60```)
`--entrypoints.<name>.transport.respondingtimeouts.writetimeout`:
WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
@ -738,6 +738,21 @@ Kubernetes label selector to select specific GatewayClasses.
`--providers.kubernetesgateway.namespaces`:
Kubernetes namespaces.
`--providers.kubernetesgateway.statusaddress.hostname`:
Hostname used for Kubernetes Gateway status address.
`--providers.kubernetesgateway.statusaddress.ip`:
IP used to set Kubernetes Gateway status address.
`--providers.kubernetesgateway.statusaddress.service`:
Published Kubernetes Service to copy status addresses from.
`--providers.kubernetesgateway.statusaddress.service.name`:
Name of the Kubernetes service.
`--providers.kubernetesgateway.statusaddress.service.namespace`:
Namespace of the Kubernetes service.
`--providers.kubernetesgateway.throttleduration`:
Kubernetes refresh throttle duration (Default: ```0```)
@ -789,6 +804,9 @@ Kubernetes bearer token (not needed for in-cluster client). It accepts either a
`--providers.nomad`:
Enable Nomad backend with default settings. (Default: ```false```)
`--providers.nomad.allowemptyservices`:
Allow the creation of services without endpoints. (Default: ```false```)
`--providers.nomad.constraints`:
Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service.

20
docs/content/reference/static-configuration/env-ref.md
View file

@ -202,7 +202,7 @@ Duration to keep accepting requests before Traefik initiates the graceful shutdo
IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. (Default: ```180```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_READTIMEOUT`:
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```0```)
ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. (Default: ```60```)
`TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:
WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
@ -738,6 +738,21 @@ Kubernetes label selector to select specific GatewayClasses.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_NAMESPACES`:
Kubernetes namespaces.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_HOSTNAME`:
Hostname used for Kubernetes Gateway status address.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_IP`:
IP used to set Kubernetes Gateway status address.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_SERVICE`:
Published Kubernetes Service to copy status addresses from.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_SERVICE_NAME`:
Name of the Kubernetes service.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_STATUSADDRESS_SERVICE_NAMESPACE`:
Namespace of the Kubernetes service.
`TRAEFIK_PROVIDERS_KUBERNETESGATEWAY_THROTTLEDURATION`:
Kubernetes refresh throttle duration (Default: ```0```)
@ -789,6 +804,9 @@ Kubernetes bearer token (not needed for in-cluster client). It accepts either a
`TRAEFIK_PROVIDERS_NOMAD`:
Enable Nomad backend with default settings. (Default: ```false```)
`TRAEFIK_PROVIDERS_NOMAD_ALLOWEMPTYSERVICES`:
Allow the creation of services without endpoints. (Default: ```false```)
`TRAEFIK_PROVIDERS_NOMAD_CONSTRAINTS`:
Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service.

7
docs/content/reference/static-configuration/file.toml
View file

@ -147,6 +147,12 @@
labelSelector = "foobar"
throttleDuration = "42s"
experimentalChannel = true
[providers.kubernetesGateway.statusAddress]
ip = "foobar"
hostname = "foobar"
[providers.kubernetesGateway.statusAddress.service]
name = "foobar"
namespace = "foobar"
[providers.rest]
insecure = true
[providers.consulCatalog]
@ -185,6 +191,7 @@
stale = true
exposedByDefault = true
refreshInterval = "42s"
allowEmptyServices = true
namespaces = ["foobar", "foobar"]
[providers.nomad.endpoint]
address = "foobar"

7
docs/content/reference/static-configuration/file.yaml
View file

@ -164,6 +164,12 @@ providers:
labelSelector: foobar
throttleDuration: 42s
experimentalChannel: true
statusAddress:
ip: foobar
hostname: foobar
service:
name: foobar
namespace: foobar
rest:
insecure: true
consulCatalog:
@ -216,6 +222,7 @@ providers:
stale: true
exposedByDefault: true
refreshInterval: 42s
allowEmptyServices: true
namespaces:
- foobar
- foobar

75
docs/content/routing/entrypoints.md
View file

@ -227,8 +227,8 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
```
```bash tab="CLI"
--entrypoints.specificIPv4.address=192.168.2.7:8888
--entrypoints.specificIPv6.address=[2001:db8::1]:8888
--entryPoints.specificIPv4.address=192.168.2.7:8888
--entryPoints.specificIPv6.address=[2001:db8::1]:8888
```
Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
@ -270,8 +270,8 @@ reloading the static configuration without any service downtime.
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.reusePort=true
--entryPoints.web.address=:80
--entryPoints.web.reusePort=true
```
Now it is possible to run multiple Traefik processes with the same EntryPoint configuration.
@ -298,10 +298,10 @@ reloading the static configuration without any service downtime.
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.reusePort=true
--entrypoints.privateWeb.address=192.168.1.2:80
--entrypoints.privateWeb.reusePort=true
--entryPoints.web.address=:80
--entryPoints.web.reusePort=true
--entryPoints.privateWeb.address=192.168.1.2:80
--entryPoints.privateWeb.reusePort=true
```
Requests to `192.168.1.2:80` will only be handled by routers that have `privateWeb` as the entry point.
@ -349,9 +349,9 @@ EntryPoints in this list are used (by default) on HTTP and TCP routers that do n
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.websecure.asDefault=true
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.websecure.asDefault=true
```
### HTTP/2
@ -401,7 +401,7 @@ entryPoints:
```
```bash tab="CLI"
--entrypoints.name.http3
--entryPoints.name.http3
```
??? info "HTTP/3 uses UDP+TLS"
@ -433,7 +433,7 @@ It can be used to override the authority in the `alt-svc` header, for example if
```
```bash tab="CLI"
--entrypoints.name.http3.advertisedport=443
--entryPoints.name.http3.advertisedport=443
```
### Forwarded Headers
@ -509,13 +509,14 @@ Setting them has no effect for UDP entryPoints.
??? info "`transport.respondingTimeouts.readTimeout`"
_Optional, Default=0s_
_Optional, Default=60s_
`readTimeout` is the maximum duration for reading the entire request, including the body.
If zero, no timeout exists.
Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
If no units are provided, the value is parsed assuming seconds.
We strongly suggest to adapt this value accordingly to the your needs.
```yaml tab="File (YAML)"
## Static configuration
@ -869,10 +870,10 @@ This whole section is dedicated to options, keyed by entry point, that will appl
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entryPoint.to=websecure
--entrypoints.web.http.redirections.entryPoint.scheme=https
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entryPoint.to=websecure
--entryPoints.web.http.redirections.entryPoint.scheme=https
--entryPoints.websecure.address=:443
```
#### `entryPoint`
@ -907,7 +908,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.to=websecure
--entryPoints.foo.http.redirections.entryPoint.to=websecure
```
??? info "`entryPoint.scheme`"
@ -937,7 +938,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entryPoint.scheme=https
--entryPoints.foo.http.redirections.entryPoint.scheme=https
```
??? info "`entryPoint.permanent`"
@ -967,7 +968,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.permanent=true
--entryPoints.foo.http.redirections.entrypoint.permanent=true
```
??? info "`entryPoint.priority`"
@ -997,7 +998,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
```
```bash tab="CLI"
--entrypoints.foo.http.redirections.entrypoint.priority=10
--entryPoints.foo.http.redirections.entrypoint.priority=10
```
### EncodeQuerySemicolons
@ -1025,8 +1026,8 @@ entryPoints:
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.encodequerysemicolons=true
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.encodequerysemicolons=true
```
#### Examples
@ -1061,8 +1062,8 @@ entryPoints:
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.middlewares=auth@file,strip@file
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.middlewares=auth@file,strip@file
```
### TLS
@ -1108,13 +1109,13 @@ entryPoints:
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.options=foobar
--entrypoints.websecure.http.tls.certResolver=leresolver
--entrypoints.websecure.http.tls.domains[0].main=example.com
--entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
--entrypoints.websecure.http.tls.domains[1].main=test.com
--entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls.options=foobar
--entryPoints.websecure.http.tls.certResolver=leresolver
--entryPoints.websecure.http.tls.domains[0].main=example.com
--entryPoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
--entryPoints.websecure.http.tls.domains[1].main=test.com
--entryPoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
```
??? example "Let's Encrypt"
@ -1137,8 +1138,8 @@ entryPoints:
```
```bash tab="CLI"
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls.certResolver=leresolver
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls.certResolver=leresolver
```
## UDP Options
@ -1169,8 +1170,8 @@ entryPoints:
```
```bash tab="CLI"
entrypoints.foo.address=:8000/udp
entrypoints.foo.udp.timeout=10s
--entryPoints.foo.address=:8000/udp
--entryPoints.foo.udp.timeout=10s
```
{!traefik-for-business-applications.md!}

6
docs/content/routing/providers/kubernetes-crd.md
View file

@ -53,9 +53,9 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
- --log.level=DEBUG
- --api
- --api.insecure
- --entrypoints.web.address=:80
- --entrypoints.tcpep.address=:8000
- --entrypoints.udpep.address=:9000/udp
- --entryPoints.web.address=:80
- --entryPoints.tcpep.address=:8000
- --entryPoints.udpep.address=:9000/udp
- --providers.kubernetescrd
ports:
- name: web

76
docs/content/routing/providers/kubernetes-gateway.md
View file

@ -234,7 +234,7 @@ Kubernetes cluster before creating `HTTPRoute` objects.
- headers: # [11]
name: foo # [12]
value: bar # [13]
- backendRefs: # [14]
backendRefs: # [14]
- name: whoamitcp # [15]
weight: 1 # [16]
port: 8080 # [17]
@ -251,39 +251,51 @@ Kubernetes cluster before creating `HTTPRoute` objects.
requestRedirect: # [27]
scheme: https # [28]
statusCode: 301 # [29]
- type: RequestHeaderModifier # [30]
requestHeaderModifier: # [31]
set:
- name: X-Foo
value: Bar
add:
- name: X-Bar
value: Foo
remove:
- X-Baz
```
| Ref | Attribute | Description |
|------|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `hostnames` | A set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. |
| [6] | `rules` | A list of HTTP matchers, filters and actions. |
| [7] | `matches` | Conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. |
| [8] | `path` | An HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided. |
| [9] | `type` | Type of match against the path Value (supported types: `Exact`, `Prefix`). |
| [10] | `value` | The value of the HTTP path to match against. |
| [11] | `headers` | Conditions to select a HTTP route by matching HTTP request headers. |
| [12] | `name` | Name of the HTTP header to be matched. |
| [13] | `value` | Value of HTTP Header to be matched. |
| [14] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [15] | `name` | The name of the referent service. |
| [16] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [17] | `port` | The port of the referent service. |
| [18] | `group` | Group is the group of the referent. Only `traefik.io` and `gateway.networking.k8s.io` values are supported. |
| [19] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
| [20] | `filters` | Defines the filters (middlewares) applied to the route. |
| [21] | `type` | Defines the type of filter; ExtensionRef is used for configuring custom HTTP filters. |
| [22] | `extensionRef` | Configuration of the custom HTTP filter. |
| [23] | `group` | Group of the kubernetes object to reference. |
| [24] | `kind` | Kind of the kubernetes object to reference. |
| [25] | `name` | Name of the kubernetes object to reference. |
| [26] | `type` | Defines the type of filter; RequestRedirect redirects a request to another location. |
| [27] | `requestRedirect` | Configuration of redirect filter. |
| [28] | `scheme` | Scheme is the scheme to be used in the value of the Location header in the response. |
| [29] | `statusCode` | StatusCode is the HTTP status code to be used in response. |
| Ref | Attribute | Description |
|------|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [1] | `parentRefs` | References the resources (usually Gateways) that a Route wants to be attached to. |
| [2] | `name` | Name of the referent. |
| [3] | `namespace` | Namespace of the referent. When unspecified (or empty string), this refers to the local namespace of the Route. |
| [4] | `sectionName` | Name of a section within the target resource (the Listener name). |
| [5] | `hostnames` | A set of hostname that should match against the HTTP Host header to select a HTTPRoute to process the request. |
| [6] | `rules` | A list of HTTP matchers, filters and actions. |
| [7] | `matches` | Conditions used for matching the rule against incoming HTTP requests. Each match is independent, i.e. this rule will be matched if **any** one of the matches is satisfied. |
| [8] | `path` | An HTTP request path matcher. If this field is not specified, a default prefix match on the "/" path is provided. |
| [9] | `type` | Type of match against the path Value (supported types: `Exact`, `PathPrefix`). |
| [10] | `value` | The value of the HTTP path to match against. |
| [11] | `headers` | Conditions to select a HTTP route by matching HTTP request headers. |
| [12] | `name` | Name of the HTTP header to be matched. |
| [13] | `value` | Value of HTTP Header to be matched. |
| [14] | `backendRefs` | Defines the backend(s) where matching requests should be sent. |
| [15] | `name` | The name of the referent service. |
| [16] | `weight` | The proportion of traffic forwarded to a targetRef, computed as weight/(sum of all weights in targetRefs). |
| [17] | `port` | The port of the referent service. |
| [18] | `group` | Group is the group of the referent. Only `traefik.io` and `gateway.networking.k8s.io` values are supported. |
| [19] | `kind` | Kind is kind of the referent. Only `TraefikService` and `Service` values are supported. |
| [20] | `filters` | Defines the filters (middlewares) applied to the route. |
| [21] | `type` | Defines the type of filter; ExtensionRef is used for configuring custom HTTP filters. |
| [22] | `extensionRef` | Configuration of the custom HTTP filter. |
| [23] | `group` | Group of the kubernetes object to reference. |
| [24] | `kind` | Kind of the kubernetes object to reference. |
| [25] | `name` | Name of the kubernetes object to reference. |
| [26] | `type` | Defines the type of filter; RequestRedirect redirects a request to another location. |
| [27] | `requestRedirect` | Configuration of redirect filter. |
| [28] | `scheme` | Scheme is the scheme to be used in the value of the Location header in the response. |
| [29] | `statusCode` | StatusCode is the HTTP status code to be used in response. |
| [30] | `type` | Defines the type of filter; RequestHeaderModifier modifies request headers. |
| [31] | `requestHeaderModifier` | Configuration of RequestHeaderModifier filter. |
### Kind: `TCPRoute`

12
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -126,7 +126,7 @@ which in turn will create the resulting routers, services, handlers, etc.
- name: traefik
image: traefik:v3.0
args:
- --entrypoints.web.address=:80
- --entryPoints.web.address=:80
- --providers.kubernetesingress
ports:
- name: web
@ -391,8 +391,8 @@ TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entry
```bash tab="CLI"
# Static configuration
--entrypoints.websecure.address=:443
--entrypoints.websecure.http.tls
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls
```
```yaml tab="File (YAML)"
@ -524,8 +524,8 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
- name: traefik
image: traefik:v3.0
args:
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.http.tls
- --entryPoints.websecure.address=:443
- --entryPoints.websecure.http.tls
- --providers.kubernetesingress
ports:
- name: websecure
@ -710,7 +710,7 @@ For more options, please refer to the available [annotations](#on-ingress).
- name: traefik
image: traefik:v3.0
args:
- --entrypoints.websecure.address=:443
- --entryPoints.websecure.address=:443
- --providers.kubernetesingress
ports:
- name: websecure

36
docs/content/routing/routers/index.md
View file

@ -146,9 +146,9 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
```
??? example "Listens to Specific EntryPoints"
@ -204,9 +204,9 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
```
### Rule
@ -959,9 +959,9 @@ If you want to limit the router scope to a set of entry points, set the entry po
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
```
??? example "Listens to Specific EntryPoints"
@ -1023,9 +1023,9 @@ If you want to limit the router scope to a set of entry points, set the entry po
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entrypoints.other.address=:9090
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.other.address=:9090
```
### Rule
@ -1610,9 +1610,9 @@ If one wants to limit the router scope to a set of EntryPoints, one should set t
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=":80"
--entrypoints.other.address=":9090/udp"
--entrypoints.streaming.address=":9191/udp"
--entryPoints.web.address=":80"
--entryPoints.other.address=":9090/udp"
--entryPoints.streaming.address=":9191/udp"
```
??? example "Listens to Specific EntryPoints"
@ -1667,9 +1667,9 @@ If one wants to limit the router scope to a set of EntryPoints, one should set t
```bash tab="CLI"
## Static configuration
--entrypoints.web.address=":80"
--entrypoints.other.address=":9090/udp"
--entrypoints.streaming.address=":9191/udp"
--entryPoints.web.address=":80"
--entryPoints.other.address=":9090/udp"
--entryPoints.streaming.address=":9191/udp"
```
### Services

4
docs/content/user-guides/crd-acme/03-deployments.yml
View file

@ -30,8 +30,8 @@ spec:
args:
- --api.insecure
- --accesslog
- --entrypoints.web.Address=:8000
- --entrypoints.websecure.Address=:4443
- --entryPoints.web.Address=:8000
- --entryPoints.websecure.Address=:4443
- --providers.kubernetescrd
- --certificatesresolvers.myresolver.acme.tlschallenge
- --certificatesresolvers.myresolver.acme.email=foo@you.com

4
docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
View file

@ -10,8 +10,8 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

4
docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
View file

@ -20,8 +20,8 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.dnschallenge=true"
- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

2
docs/content/user-guides/docker-compose/acme-dns/index.md
View file

@ -64,7 +64,7 @@ What changed between the initial setup:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entrypoints.websecure.address=:443"
- "--entryPoints.websecure.address=:443"
ports:
- "443:443"
```

4
docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
View file

@ -10,8 +10,8 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"

2
docs/content/user-guides/docker-compose/acme-http/index.md
View file

@ -50,7 +50,7 @@ What changed between the basic example:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entrypoints.websecure.address=:443"
- "--entryPoints.websecure.address=:443"
ports:
- "443:443"
```

2
docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
View file

@ -10,7 +10,7 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
#- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"

2
docs/content/user-guides/docker-compose/acme-tls/index.md
View file

@ -50,7 +50,7 @@ What changed between the basic example:
```yaml
command:
# Traefik will listen to incoming request on the port 443 (https)
- "--entrypoints.websecure.address=:443"
- "--entryPoints.websecure.address=:443"
ports:
- "443:443"
```

2
docs/content/user-guides/docker-compose/basic-example/docker-compose.yml
View file

@ -10,7 +10,7 @@ services:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entryPoints.web.address=:80"
ports:
- "80:80"
- "8080:8080"

2
docs/content/user-guides/docker-compose/basic-example/index.md
View file

@ -86,7 +86,7 @@ Second, you define an entry point, along with the exposure of the matching port
```yaml
command:
# Traefik will listen to incoming request on the port 80 (HTTP)
- "--entrypoints.web.address=:80"
- "--entryPoints.web.address=:80"
ports:
- "80:80"