homelab/traefik
1
0
Fork 0
Code Activity

Add an anchor on the options names.

Browse source
This commit is contained in:
Nicolas Mengin 2025-09-09 17:26:05 +02:00 committed by GitHub
parent 0b240ca97a
commit c294b87a45
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
83 changed files with 2893 additions and 2586 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/reference/routing-configuration/tcp/middlewares/inflightconn.md
View file

@ -52,4 +52,4 @@ spec:
| Field | Description | Default | Required |
|:------|:------------|------------------|-------|
| `amount` | The `amount` option defines the maximum amount of allowed simultaneous connections. <br /> The middleware closes the connection if there are already `amount` connections opened. | "" | Yes |
| <a id="amount" href="#amount" title="#amount">`amount`</a> | The `amount` option defines the maximum amount of allowed simultaneous connections. <br /> The middleware closes the connection if there are already `amount` connections opened. | "" | Yes |

2
docs/content/reference/routing-configuration/tcp/middlewares/ipallowlist.md
View file

@ -57,4 +57,4 @@ spec:
| Field | Description | Default | Required |
|:------|:------------|------------------|-------|
| `sourceRange` | The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).| | Yes |
| <a id="sourceRange" href="#sourceRange" title="#sourceRange">`sourceRange`</a> | The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).| | Yes |

4
docs/content/reference/routing-configuration/tcp/middlewares/overview.md
View file

@ -108,5 +108,5 @@ spec:
| Middleware | Purpose | Area |
|-------------------------------------------|---------------------------------------------------|-----------------------------|
| [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle |
| [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle |
| <a id="InFlightConn" href="#InFlightConn" title="#InFlightConn">[InFlightConn](inflightconn.md)</a> | Limits the number of simultaneous connections. | Security, Request lifecycle |
| <a id="IPAllowList" href="#IPAllowList" title="#IPAllowList">[IPAllowList](ipallowlist.md)</a> | Limit the allowed client IPs. | Security, Request lifecycle |

8
docs/content/reference/routing-configuration/tcp/router/rules-and-priority.md
View file

@ -18,10 +18,10 @@ The table below lists all the available matchers:
| Rule | Description |
|-------------------------------------------------------------|:-------------------------------------------------------------------------------------------------|
| [```HostSNI(`domain`)```](#hostsni-and-hostsniregexp) | Checks if the connection's Server Name Indication is equal to `domain`.<br /> More information [here](#hostsni-and-hostsniregexp). |
| [```HostSNIRegexp(`regexp`)```](#hostsni-and-hostsniregexp) | Checks if the connection's Server Name Indication matches `regexp`.<br />Use a [Go](https://golang.org/pkg/regexp/) flavored syntax.<br /> More information [here](#hostsni-and-hostsniregexp). |
| [```ClientIP(`ip`)```](#clientip) | Checks if the connection's client IP correspond to `ip`. It accepts IPv4, IPv6 and CIDR formats.<br /> More information [here](#clientip). |
| [```ALPN(`protocol`)```](#alpn) | Checks if the connection's ALPN protocol equals `protocol`.<br /> More information [here](#alpn). |
| <a id="HostSNIdomain" href="#HostSNIdomain" title="#HostSNIdomain">[```HostSNI(`domain`)```](#hostsni-and-hostsniregexp)</a> | Checks if the connection's Server Name Indication is equal to `domain`.<br /> More information [here](#hostsni-and-hostsniregexp). |
| <a id="HostSNIRegexpregexp" href="#HostSNIRegexpregexp" title="#HostSNIRegexpregexp">[```HostSNIRegexp(`regexp`)```](#hostsni-and-hostsniregexp)</a> | Checks if the connection's Server Name Indication matches `regexp`.<br />Use a [Go](https://golang.org/pkg/regexp/) flavored syntax.<br /> More information [here](#hostsni-and-hostsniregexp). |
| <a id="ClientIPip" href="#ClientIPip" title="#ClientIPip">[```ClientIP(`ip`)```](#clientip)</a> | Checks if the connection's client IP correspond to `ip`. It accepts IPv4, IPv6 and CIDR formats.<br /> More information [here](#clientip). |
| <a id="ALPNprotocol" href="#ALPNprotocol" title="#ALPNprotocol">[```ALPN(`protocol`)```](#alpn)</a> | Checks if the connection's ALPN protocol equals `protocol`.<br /> More information [here](#alpn). |
!!! tip "Backticks or Quotes?"

26
docs/content/reference/routing-configuration/tcp/serverstransport.md
View file

@ -86,19 +86,19 @@ labels:
| Field | Description | Default | Required |
|:----------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `serverstransport.`<br />`dialTimeout` | Defines the timeout when dialing the backend TCP service. If zero, no timeout exists. | 30s | No |
| `serverstransport.`<br />`dialKeepAlive` | Defines the interval between keep-alive probes for an active network connection. | 15s | No |
| `serverstransport.`<br />`terminationDelay` | Sets the time limit for the proxy to fully terminate connections on both sides after initiating the termination sequence, with a negative value indicating no deadline. More Information [here](#terminationdelay) | 100ms | No |
| `serverstransport.`<br />`proxyProtocol` | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No |
| `serverstransport.`<br />`proxyProtocol.version` | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. More Information [here](#proxyprotocolversion) | 2 | No |
| `serverstransport.`<br />`tls` | Defines the TLS configuration. An empty `tls` section enables TLS. | | No |
| `serverstransport.`<br />`tls`<br />`.serverName` | Configures the server name that will be used for SNI. | | No |
| `serverstransport.`<br />`tls`<br />`.certificates` | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | | No |
| `serverstransport.`<br />`tls`<br />`.insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No |
| `serverstransport.`<br />`tls`<br />`.rootcas` | Defines the root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No |
| `serverstransport.`<br />`tls.`<br />`peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | false | No |
| `serverstransport.`<br />`spiffe`<br />`.ids` | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
| `serverstransport.`<br />`spiffe`<br />`.trustDomain` | Allow SPIFFE trust domain. | "" | No |
| <a id="serverstransport-dialTimeout" href="#serverstransport-dialTimeout" title="#serverstransport-dialTimeout">`serverstransport.`<br />`dialTimeout`</a> | Defines the timeout when dialing the backend TCP service. If zero, no timeout exists. | 30s | No |
| <a id="serverstransport-dialKeepAlive" href="#serverstransport-dialKeepAlive" title="#serverstransport-dialKeepAlive">`serverstransport.`<br />`dialKeepAlive`</a> | Defines the interval between keep-alive probes for an active network connection. | 15s | No |
| <a id="serverstransport-terminationDelay" href="#serverstransport-terminationDelay" title="#serverstransport-terminationDelay">`serverstransport.`<br />`terminationDelay`</a> | Sets the time limit for the proxy to fully terminate connections on both sides after initiating the termination sequence, with a negative value indicating no deadline. More Information [here](#terminationdelay) | 100ms | No |
| <a id="serverstransport-proxyProtocol" href="#serverstransport-proxyProtocol" title="#serverstransport-proxyProtocol">`serverstransport.`<br />`proxyProtocol`</a> | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No |
| <a id="serverstransport-proxyProtocol-version" href="#serverstransport-proxyProtocol-version" title="#serverstransport-proxyProtocol-version">`serverstransport.`<br />`proxyProtocol.version`</a> | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. More Information [here](#proxyprotocolversion) | 2 | No |
| <a id="serverstransport-tls" href="#serverstransport-tls" title="#serverstransport-tls">`serverstransport.`<br />`tls`</a> | Defines the TLS configuration. An empty `tls` section enables TLS. | | No |
| <a id="serverstransport-tls-serverName" href="#serverstransport-tls-serverName" title="#serverstransport-tls-serverName">`serverstransport.`<br />`tls`<br />`.serverName`</a> | Configures the server name that will be used for SNI. | | No |
| <a id="serverstransport-tls-certificates" href="#serverstransport-tls-certificates" title="#serverstransport-tls-certificates">`serverstransport.`<br />`tls`<br />`.certificates`</a> | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | | No |
| <a id="serverstransport-tls-insecureSkipVerify" href="#serverstransport-tls-insecureSkipVerify" title="#serverstransport-tls-insecureSkipVerify">`serverstransport.`<br />`tls`<br />`.insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
| <a id="serverstransport-tls-rootcas" href="#serverstransport-tls-rootcas" title="#serverstransport-tls-rootcas">`serverstransport.`<br />`tls`<br />`.rootcas`</a> | Defines the root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No |
| <a id="serverstransport-tls-peerCertURI" href="#serverstransport-tls-peerCertURI" title="#serverstransport-tls-peerCertURI">`serverstransport.`<br />`tls.`<br />`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | false | No |
| <a id="serverstransport-spiffe-ids" href="#serverstransport-spiffe-ids" title="#serverstransport-spiffe-ids">`serverstransport.`<br />`spiffe`<br />`.ids`</a> | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
| <a id="serverstransport-spiffe-trustDomain" href="#serverstransport-spiffe-trustDomain" title="#serverstransport-spiffe-trustDomain">`serverstransport.`<br />`spiffe`<br />`.trustDomain`</a> | Allow SPIFFE trust domain. | "" | No |
!!! note "SPIFFE"

10
docs/content/reference/routing-configuration/tcp/service.md
View file

@ -38,10 +38,10 @@ tcp:
| Field | Description | Default |
|----------|------------------------------------------|--------- |
| `servers` | Servers declare a single instance of your program. | "" |
| `servers.address` | The address option (IP:Port) point to a specific instance. | "" |
| `servers.tls` | The `tls` option determines whether to use TLS when dialing with the backend. | false |
| `servers.serversTransport` | `serversTransport` allows to reference a TCP [ServersTransport](./serverstransport.md configuration for the communication between Traefik and your servers. If no serversTransport is specified, the default@internal will be used. | "" |
| <a id="servers" href="#servers" title="#servers">`servers`</a> | Servers declare a single instance of your program. | "" |
| <a id="servers-address" href="#servers-address" title="#servers-address">`servers.address`</a> | The address option (IP:Port) point to a specific instance. | "" |
| <a id="servers-tls" href="#servers-tls" title="#servers-tls">`servers.tls`</a> | The `tls` option determines whether to use TLS when dialing with the backend. | false |
| <a id="servers-serversTransport" href="#servers-serversTransport" title="#servers-serversTransport">`servers.serversTransport`</a> | `serversTransport` allows to reference a TCP [ServersTransport](./serverstransport.md configuration for the communication between Traefik and your servers. If no serversTransport is specified, the default@internal will be used. | "" |
## Weighted Round Robin
@ -95,4 +95,4 @@ tcp:
[[tcp.services.appv2.loadBalancer.servers]]
address = "private-ip-server-2:8080/"
```

8
docs/content/reference/routing-configuration/tcp/tls.md
View file

@ -96,9 +96,9 @@ labels:
| Field | Description | Default | Required |
|:------------------|:--------------------|:-----------------------------------------------|:---------|
|`passthrough`| Defines whether the requests should be forwarded "as is", keeping all data encrypted. | false | No |
|`options`| enables fine-grained control of the TLS parameters. It refers to a [TLS Options](../http/tls/tls-certificates.md#tls-options) and will be applied only if a `HostSNI` rule is defined. | "" | No |
|`domains`| Defines a set of SANs (alternative domains) for each main domain. Every domain must have A/AAAA records pointing to Traefik. Each domain & SAN will lead to a certificate request.| [] | No |
|`certResolver`| If defined, Traefik will try to generate certificates based on routers `Host` & `HostSNI` rules. | "" | No |
| <a id="passthrough" href="#passthrough" title="#passthrough">`passthrough`</a> | Defines whether the requests should be forwarded "as is", keeping all data encrypted. | false | No |
| <a id="options" href="#options" title="#options">`options`</a> | enables fine-grained control of the TLS parameters. It refers to a [TLS Options](../http/tls/tls-certificates.md#tls-options) and will be applied only if a `HostSNI` rule is defined. | "" | No |
| <a id="domains" href="#domains" title="#domains">`domains`</a> | Defines a set of SANs (alternative domains) for each main domain. Every domain must have A/AAAA records pointing to Traefik. Each domain & SAN will lead to a certificate request.| [] | No |
| <a id="certResolver" href="#certResolver" title="#certResolver">`certResolver`</a> | If defined, Traefik will try to generate certificates based on routers `Host` & `HostSNI` rules. | "" | No |
{!traefik-for-business-applications.md!}