Make the TLS certificates management dynamic.

2017-11-09 12:16:03 +01:00 · 2017-11-09 12:16:03 +01:00 · c469e669fd
commit c469e669fd
parent f6aa147c78
36 changed files with 1257 additions and 513 deletions
--- a/docs/configuration/backends/file.md
+++ b/docs/configuration/backends/file.md
@ -8,6 +8,8 @@ You have three choices:
 - [Rules in a Separate File](/configuration/backends/file/#rules-in-a-separate-file)
 - [Multiple `.toml` Files](/configuration/backends/file/#multiple-toml-files)

+The configuration file allows managing both backends/frontends and HTTPS certificates (which are not [Let's Encrypt](https://letsencrypt.org) certificates generated through Træfik).
+
 ## Simple

 Add your configuration at the end of the global configuration file `traefik.toml`:
@ -23,12 +25,9 @@ defaultEntryPoints = ["http", "https"]
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
-      [[entryPoints.https.tls.certificates]]
-      CertFile = "integration/fixtures/https/snitest.com.cert"
-      KeyFile = "integration/fixtures/https/snitest.com.key"
-      [[entryPoints.https.tls.certificates]]
-      CertFile = "integration/fixtures/https/snitest.org.cert"
-      KeyFile = "integration/fixtures/https/snitest.org.key"
+      [[entryPoints.https.tls.certificates]]		
+      certFile = "integration/fixtures/https/snitest.org.cert"		
+      keyFile = "integration/fixtures/https/snitest.org.key"

 [file]

@ -81,8 +80,19 @@ defaultEntryPoints = ["http", "https"]
  entrypoints = ["http", "https"] # overrides defaultEntryPoints
  backend = "backend2"
  rule = "Path:/test"
+
+# HTTPS certificate
+[[tlsConfiguration]]
+entryPoints = ["https"]
+  [tlsConfiguration.certificate]
+    certFile = "integration/fixtures/https/snitest.com.cert"
+    keyFile = "integration/fixtures/https/snitest.com.key"
 ```

+!!! note
+    adding certificates directly to the entrypoint is still maintained but certificates declared in this way cannot be managed dynamically.
+    It's recommended to use the file provider to declare certificates.
+
 ## Rules in a Separate File

 Put your rules in a separate file, for example `rules.toml`:
@ -97,12 +107,6 @@ Put your rules in a separate file, for example `rules.toml`:
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
-      [[entryPoints.https.tls.certificates]]
-      CertFile = "integration/fixtures/https/snitest.com.cert"
-      KeyFile = "integration/fixtures/https/snitest.com.key"
-      [[entryPoints.https.tls.certificates]]
-      CertFile = "integration/fixtures/https/snitest.org.cert"
-      KeyFile = "integration/fixtures/https/snitest.org.key"

 [file]
 filename = "rules.toml"
@ -149,11 +153,23 @@ filename = "rules.toml"
  entrypoints = ["http", "https"] # overrides defaultEntryPoints
  backend = "backend2"
  rule = "Path:/test"
+# HTTPS certificate
+[[tlsConfiguration]]
+entryPoints = ["https"]
+  [tlsConfiguration.certificate]
+    certFile = "integration/fixtures/https/snitest.com.cert"
+    keyFile = "integration/fixtures/https/snitest.com.key"
+
+[[tlsConfiguration]]
+entryPoints = ["https"]
+  [[tlsConfiguration.certificates]]
+  certFile = "integration/fixtures/https/snitest.org.cert"
+  keyFile = "integration/fixtures/https/snitest.org.key"
 ```

 ## Multiple `.toml` Files

-You could have multiple `.toml` files in a directory:
+You could have multiple `.toml` files in a directory (and recursively in its sub-directories):

 ```toml
 [file]