homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use the same case everywhere

Browse source
This commit is contained in:
Ludovic Fernandez 2019-07-01 11:30:05 +02:00 committed by Traefiker Bot
parent f6436663eb
commit c7d336f958
179 changed files with 5118 additions and 4436 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/content/middlewares/addprefix.md
View file

@ -41,8 +41,8 @@ labels:
```toml tab="File"
# Prefixing with /foo
[http.middlewares]
[http.middlewares.add-foo.AddPrefix]
prefix = "/foo"
[http.middlewares.add-foo.addPrefix]
prefix = "/foo"
```
## Configuration Options

6
docs/content/middlewares/basicauth.md
View file

@ -47,7 +47,7 @@ labels:
```toml tab="File"
# Declaring the user list
[http.middlewares]
[http.middlewares.test-auth.basicauth]
[http.middlewares.test-auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
@ -61,7 +61,7 @@ labels:
Passwords must be encoded using MD5, SHA1, or BCrypt.
!!! tip
Use `htpasswd` to generate the passwords.
### `users`
@ -120,7 +120,7 @@ spec:
```
```toml tab="File"
[http.middlewares.my-auth.basicauth]
[http.middlewares.my-auth.basicAuth]
# ...
headerField = "X-WebAuth-User"
```

2
docs/content/middlewares/buffering.md
View file

@ -46,7 +46,7 @@ labels:
# Sets the maximum request body to 2Mb
[http.middlewares]
[http.middlewares.limit.buffering]
maxRequestBodyBytes = 250000
maxRequestBodyBytes = 250000
```
## Configuration Options

30
docs/content/middlewares/chain.md
View file

@ -111,27 +111,27 @@ labels:
```toml tab="File"
# ...
[http.routers]
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.routers.router1]
service = "service1"
middlewares = ["secured"]
rule = "Host(`mydomain`)"
[http.middlewares]
[http.middlewares.secured.Chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.secured.chain]
middlewares = ["https-only", "known-ips", "auth-users"]
[http.middlewares.auth-users.BasicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.auth-users.basicAuth]
users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.https-only.redirectScheme]
scheme = "https"
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.middlewares.known-ips.ipWhiteList]
sourceRange = ["192.168.1.7", "127.0.0.1/32"]
[http.services]
[http.services.service1]
[http.services.service1.LoadBalancer]
[[http.services.service1.LoadBalancer.Servers]]
URL = "http://127.0.0.1:80"
[http.services.service1.loadBalancer]
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```

10
docs/content/middlewares/circuitbreaker.md
View file

@ -55,8 +55,8 @@ labels:
```toml tab="File"
# Latency Check
[http.middlewares]
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
[http.middlewares.latency-check.circuitBreaker]
expression = "LatencyAtQuantileMS(50.0) > 100"
```
## Possible States
@ -66,7 +66,7 @@ There are three possible states for your circuit breaker:
- Close (your service operates normally)
- Open (the fallback mechanism takes over your service)
- Recovering (the circuit breaker tries to resume normal operations by progressively sending requests to your service)
### Close
While close, the circuit breaker only collects metrics to analyze the behavior of the requests.
@ -95,7 +95,7 @@ The `expression` can check three different metrics:
- The network error ratio (`NetworkErrorRatio`)
- The status code ratio (`ResponseCodeRatio`)
- The latency at quantile, in milliseconds (`LatencyAtQuantileMS`)
#### `NetworkErrorRatio`
If you want the circuit breaker to trigger at a 30% ratio of network errors, the expression will be `NetworkErrorRatio() > 0.30`
@ -151,7 +151,7 @@ Here is the list of supported operators:
### Fallback mechanism
The fallback mechanism returns a `HTTP 503 Service Unavailable` to the client (instead of calling the target service). This behavior cannot be configured.
### `CheckPeriod`
The interval used to evaluate `expression` and decide if the state of the circuit breaker must change. By default, `CheckPeriod` is 100Ms. This value cannot be configured.

2
docs/content/middlewares/compress.md
View file

@ -40,7 +40,7 @@ labels:
```toml tab="File"
# Enable gzip compression
[http.middlewares]
[http.middlewares.test-compress.Compress]
[http.middlewares.test-compress.compress]
```
## Notes

10
docs/content/middlewares/digestauth.md
View file

@ -53,7 +53,7 @@ labels:
## Configuration Options
### `Users`
### `users`
The `users` option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.
@ -61,7 +61,7 @@ The `users` option is an array of authorized users. Each user will be declared u
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
### `UsersFile`
### `usersFile`
The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
@ -78,11 +78,11 @@ The file content is a list of `name:realm:encoded-password`.
If both `users` and `usersFile` are provided, the two are merged. The content of `usersFile` has precedence over `users`.
### `Realm`
### `realm`
You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
### `HeaderField`
### `headerField`
You can customize the header field for the authenticated user using the `headerField`option.
@ -121,6 +121,6 @@ labels:
headerField = "X-WebAuth-User"
```
### `RemoveHeader`
### `removeHeader`
Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)

2
docs/content/middlewares/errorpages.md
View file

@ -52,7 +52,7 @@ labels:
```toml tab="File"
# Custom Error Page for 5XX
[http.middlewares]
[http.middlewares.test-errorpage.Errors]
[http.middlewares.test-errorpage.errors]
status = ["500-599"]
service = "serviceError"
query = "/{status}.html"

54
docs/content/middlewares/forwardauth.md
View file

@ -14,14 +14,14 @@ Otherwise, the response from the authentication server is returned.
```yaml tab="Docker"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```yaml tab="Kubernetes"
@ -45,28 +45,28 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-auth.ForwardAuth.Address": "https://authserver.com/auth",
"traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders": "X-Auth-User,X-Secret",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA": "path/to/local.crt",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional": "true",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert": "path/to/foo.cert",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify": "true",
"traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key": "path/to/foo.key",
"traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader": "true"
"traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth",
"traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders": "X-Auth-User,X-Secret",
"traefik.http.middlewares.test-auth.forwardauth.tls.ca": "path/to/local.crt",
"traefik.http.middlewares.test-auth.forwardauth.tls.caOptional": "true",
"traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
"traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify": "true",
"traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key",
"traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader": "true"
}
```
```yaml tab="Rancher"
# Forward authentication to authserver.com
labels:
- "traefik.http.middlewares.test-auth.ForwardAuth.Address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.ForwardAuth.AuthResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CA=path/to/local.crt"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.CAOptional=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.InsecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.ForwardAuth.TLS.Key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.ForwardAuth.TrustForwardHeader=true"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
- "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
- "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
- "traefik.http.middlewares.test-auth.forwardauth.tls.caOptional=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
- "traefik.http.middlewares.test-auth.forwardauth.tls.InisecureSkipVerify=true"
- "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
- "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
```
```toml tab="File"
@ -77,7 +77,7 @@ labels:
trustForwardHeader = true
authResponseHeaders = ["X-Auth-User", "X-Secret"]
[http.middlewares.test-auth.forwardauth.tls]
[http.middlewares.test-auth.forwardAuth.tls]
ca = "path/to/local.crt"
caOptional = true
cert = "path/to/foo.cert"
@ -92,7 +92,7 @@ The `address` option defines the authentication server address.
### `trustForwardHeader`
Set the `trustForwardHeader` option to true to trust all the existing X-Forwarded-* headers.
Set the `trustForwardHeader` option to `true` to trust all the existing `X-Forwarded-*` headers.
### `authResponseHeaders`
@ -100,4 +100,4 @@ The `authResponseHeaders` option is the list of the headers to copy from the aut
### `tls`
The `tls` option is the tls configuration from Traefik to the authentication server.
The `tls` option is the TLS configuration from Traefik to the authentication server.

103
docs/content/middlewares/headers.md
View file

@ -15,8 +15,8 @@ Add the `X-Script-Name` header to the proxied request and the `X-Custom-Response
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
- "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=True"
```
```yaml tab="Kubernetes"
@ -34,23 +34,23 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name": "test",
"traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header": "True"
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
"traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "True"
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testHeader.Headers.CustomResponseHeaders.X-Custom-Response-Header=True"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=True"
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.CustomRequestHeaders]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test"
[http.middlewares.testHeader.headers.CustomResponseHeaders]
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "True"
```
@ -77,22 +77,22 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name=test"
- "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.CustomRequestHeaders.X-Script-Name": "test",
"traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
}
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]
[http.middlewares.testHeader.headers.CustomRequestHeaders]
[http.middlewares.testHeader.headers.customRequestHeaders]
X-Script-Name = "test" # Adds
X-Custom-Request-Header = "" # Removes
[http.middlewares.testHeader.headers.CustomResponseHeaders]
[http.middlewares.testHeader.headers.customResponseHeaders]
X-Custom-Response-Header = "" # Removes
```
@ -103,8 +103,8 @@ This functionality allows for some easy security features to quickly be set.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
- "traefik.http.middlewares.testHeader.headers.framedeny=true"
- "traefik.http.middlewares.testHeader.headers.sslredirect=true"
```
```yaml tab="Kubernetes"
@ -120,14 +120,14 @@ spec:
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.FrameDeny=true"
- "traefik.http.middlewares.testHeader.Headers.SSLRedirect=true"
- "traefik.http.middlewares.testheader.headers.framedeny=true"
- "traefik.http.middlewares.testheader.headers.sslredirect=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.FrameDeny": "true",
"traefik.http.middlewares.testHeader.Headers.SSLRedirect": "true"
"traefik.http.middlewares.testheader.headers.framedeny": "true",
"traefik.http.middlewares.testheader.headers.sslredirect": "true"
}
```
@ -145,10 +145,10 @@ This functionality allows for more advanced security features to quickly be set.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
- "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```yaml tab="Kubernetes"
@ -158,39 +158,39 @@ metadata:
name: testHeader
spec:
headers:
AccessControlAllowMethods:
accessControlAllowMethods:
- "GET"
- "OPTIONS"
- "PUT"
AccessControlAllowOrigin: "origin-list-or-null"
AccessControlMaxAge: 100
AddVaryHeader: "true"
accessControlAllowOrigin: "origin-list-or-null"
accessControlMaxAge: 100
addVaryHeader: "true"
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin=origin-list-or-null"
- "traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge=100"
- "traefik.http.middlewares.testHeader.Headers.AddVaryHeader=true"
- "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
- "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
- "traefik.http.middlewares.testheader.headers.addvaryheader=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testHeader.Headers.AccessControlAllowMethods": "GET,OPTIONS,PUT",
"traefik.http.middlewares.testHeader.Headers.AccessControlAllowOrigin": "origin-list-or-null",
"traefik.http.middlewares.testHeader.Headers.AccessControlMaxAge": "100",
"traefik.http.middlewares.testHeader.Headers.AddVaryHeader": "true"
"traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
"traefik.http.middlewares.testheader.headers.accesscontrolalloworigin": "origin-list-or-null",
"traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
"traefik.http.middlewares.testheader.headers.addvaryheader": "true"
}
```
```toml tab="File"
[http.middlewares]
[http.middlewares.testHeader.headers]
AccessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
AccessControlAllowOrigin = "origin-list-or-null"
AccessControlMaxAge = 100
AddVaryHeader = true
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowOrigin = "origin-list-or-null"
accessControlMaxAge = 100
addVaryHeader = true
```
## Configuration Options
@ -225,7 +225,8 @@ The `accessControlAllowMethods` indicates which methods can be used during requ
### `accessControlAllowOrigin`
The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values. The three options for this value are:
The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values.
The three options for this value are:
- `origin-list-or-null`
- `*`
@ -261,11 +262,12 @@ Set the `sslTemporaryRedirect` to `true` to force an SSL redirection using a 302
### `sslHost`
The `SSLHost` option is the host name that is used to redirect http requests to https.
The `sslHost` option is the host name that is used to redirect http requests to https.
### `sslProxyHeaders`
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request. Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
The `sslProxyHeaders` option is set of header keys with associated values that would indicate a valid https request.
Useful when using other proxies with header like: `"X-Forwarded-Proto": "https"`.
### `sslForceHost`
@ -273,7 +275,8 @@ Set `sslForceHost` to true and set SSLHost to forced requests to use `SSLHost` e
### `stsSeconds`
The `stsSeconds` is the max-age of the Strict-Transport-Security header. If set to 0, would NOT include the header.
The `stsSeconds` is the max-age of the Strict-Transport-Security header.
If set to 0, would NOT include the header.
### `stsIncludeSubdomains`
@ -281,11 +284,11 @@ The `stsIncludeSubdomains` is set to true, the `includeSubdomains` will be appen
### `stsPreload`
Set `STSPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
Set `stsPreload` to true to have the `preload` flag appended to the Strict-Transport-Security header.
### `forceSTSHeader`
Set `ForceSTSHeader` to true, to add the STS header even when the connection is HTTP.
Set `forceSTSHeader` to true, to add the STS header even when the connection is HTTP.
### `frameDeny`
@ -293,7 +296,8 @@ Set `frameDeny` to true to add the `X-Frame-Options` header with the value of `D
### `customFrameOptionsValue`
The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value. This overrides the FrameDeny option.
The `customFrameOptionsValue` allows the `X-Frame-Options` header value to be set with a custom value.
This overrides the FrameDeny option.
### `contentTypeNosniff`
@ -301,11 +305,12 @@ Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with
### `browserXssFilter`
Set `BrowserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.
### `customBrowserXSSValue`
The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the BrowserXssFilter option.
The `customBrowserXssValue` option allows the `X-XSS-Protection` header value to be set with a custom value.
This overrides the BrowserXssFilter option.
### `contentSecurityPolicy`
@ -321,5 +326,7 @@ The `referrerPolicy` allows sites to control when browsers will pass the Referer
### `isDevelopment`
Set `isDevelopment` to true when developing. The AllowedHosts, SSL, and STS options can cause some unwanted effects. Usually testing happens on http, not https, and on localhost, not your production domain.
Set `isDevelopment` to true when developing.
The AllowedHosts, SSL, and STS options can cause some unwanted effects.
Usually testing happens on http, not https, and on localhost, not your production domain.
If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as false.

26
docs/content/middlewares/ipwhitelist.md
View file

@ -12,7 +12,7 @@ IPWhitelist accepts / refuses requests based on the client IP.
```yaml tab="Docker"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
@ -29,14 +29,14 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange": "127.0.0.1/32,192.168.1.7"
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32,192.168.1.7"
}
```
```yaml tab="Rancher"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipwhitelist.IPWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File"
@ -75,7 +75,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
@ -87,23 +87,23 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
name: testIPwhitelist
spec:
ipWhiteList:
SourceRange:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
ipstrategy:
ipStrategy:
depth: 2
```
```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth=2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.testIPwhitelist.ipWhiteList.SourceRange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.testIPwhitelist.ipwhitelist.ipstrategy.depth": "2"
}
```
@ -114,7 +114,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
depth = 2
depth = 2
```
!!! note
@ -142,7 +142,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
```yaml tab="Docker"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
@ -153,7 +153,7 @@ metadata:
name: test-ipwhitelist
spec:
ipWhiteList:
ipstrategy:
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
@ -162,12 +162,12 @@ spec:
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedIPs": "127.0.0.1/32, 192.168.1.7"
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```

4
docs/content/middlewares/maxconnection.md
View file

@ -40,8 +40,8 @@ labels:
```toml tab="File"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-maxconn.maxconn]
amount = 10
[http.middlewares.test-maxconn.maxConn]
amount = 10
```
## Configuration Options

26
docs/content/middlewares/overview.md
View file

@ -22,7 +22,7 @@ whoami:
# Create a middleware named `foo-add-prefix`
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# Apply the middleware named `foo-add-prefix` to the router named `router1`
- "traefik.http.router.router1.Middlewares=foo-add-prefix@docker"
- "traefik.http.router.router1.middlewares=foo-add-prefix@docker"
```
```yaml tab="Kubernetes"
@ -46,7 +46,7 @@ kind: Middleware
metadata:
name: stripprefix
spec:
stripprefix:
stripPrefix:
prefixes:
- /stripit
@ -66,7 +66,7 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo",
"traefik.http.router.router1.Middlewares": "foo-add-prefix@marathon"
"traefik.http.router.router1.middlewares": "foo-add-prefix@marathon"
}
```
@ -76,30 +76,30 @@ labels:
# Create a middleware named `foo-add-prefix`
- "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
# Apply the middleware named `foo-add-prefix` to the router named `router1`
- "traefik.http.router.router1.Middlewares=foo-add-prefix@rancher"
- "traefik.http.router.router1.middlewares=foo-add-prefix@rancher"
```
```toml tab="File"
# As Toml Configuration File
[providers]
[providers.file]
[providers.file]
[http.routers]
[http.routers.router1]
Service = "myService"
Middlewares = ["foo-add-prefix"]
Rule = "Host(`example.com`)"
service = "myService"
middlewares = ["foo-add-prefix"]
rule = "Host(`example.com`)"
[http.middlewares]
[http.middlewares.foo-add-prefix.AddPrefix]
[http.middlewares.foo-add-prefix.addPrefix]
prefix = "/foo"
[http.services]
[http.services.service1]
[http.services.service1.LoadBalancer]
[http.services.service1.loadBalancer]
[[http.services.service1.LoadBalancer.Servers]]
URL = "http://127.0.0.1:80"
[[http.services.service1.loadBalancer.servers]]
url = "http://127.0.0.1:80"
```
## Provider Namespace
@ -132,7 +132,7 @@ and therefore this specification would be ignored even if present.
[providers.file]
[http.middlewares]
[http.middlewares.add-foo-prefix.AddPrefix]
[http.middlewares.add-foo-prefix.addPrefix]
prefix = "/foo"
```

50
docs/content/middlewares/passtlsclientcert.md
View file

@ -23,7 +23,7 @@ kind: Middleware
metadata:
name: addprefix
spec:
passtlsclientcert:
passTLSClientCert:
pem: true
```
@ -42,7 +42,7 @@ labels:
```toml tab="File"
# Pass the escaped pem in the `X-Forwarded-Tls-Client-Cert` header.
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passtlsclientcert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
pem = true
```
@ -77,7 +77,7 @@ labels:
metadata:
name: test-passtlsclientcert
spec:
passtlsclientcert:
passTLSClientCert:
info:
notAfter: true
notBefore: true
@ -147,12 +147,12 @@ labels:
```toml tab="File"
# Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
[http.middlewares]
[http.middlewares.test-passtlsclientcert.passtlsclientcert]
[http.middlewares.test-passtlsclientcert.passtlsclientcert.info]
[http.middlewares.test-passtlsclientcert.passTLSClientCert]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
[http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.subject]
country = true
province = true
locality = true
@ -160,7 +160,7 @@ labels:
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer]
[http.middlewares.test-passtlsclientcert.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
@ -360,9 +360,9 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
If there are more than one certificate, they are separated by a `;`.
#### `info.notafter`
#### `info.notAfter`
Set the `info.notafter` option to `true` to add the `Not After` information from the `Validity` part.
Set the `info.notAfter` option to `true` to add the `Not After` information from the `Validity` part.
The data are taken from the following certificate part:
@ -371,15 +371,15 @@ The data are taken from the following certificate part:
Not After : Dec 5 11:10:16 2020 GMT
```
The escape `notafter` info part will be like:
The escape `notAfter` info part will be like:
```text
NA=1607166616
```
#### `info.notbefore`
#### `info.notBefore`
Set the `info.notafter` option to `true` to add the `Not Before` information from the `Validity` part.
Set the `info.notBefore` option to `true` to add the `Not Before` information from the `Validity` part.
The data are taken from the following certificate part:
@ -388,7 +388,7 @@ Validity
Not Before: Dec 6 11:10:16 2018 GMT
```
The escape `notafter` info part will be like:
The escape `notBefore` info part will be like:
```text
NB=1544094616
@ -471,9 +471,9 @@ The escape organization info in the subject part will be like :
O=Cheese,O=Cheese 2
```
##### `info.subject.commonname`
##### `info.subject.commonName`
Set the `info.subject.commonname` option to true to add the `commonname` information into the subject.
Set the `info.subject.commonName` option to true to add the `commonName` information into the subject.
The data are taken from the subject part with the `CN` key.
@ -483,9 +483,9 @@ The escape common name info in the subject part will be like :
CN=*.cheese.com
```
##### `info.subject.serialnumber`
##### `info.subject.serialNumber`
Set the `info.subject.serialnumber` option to true to add the `serialnumber` information into the subject.
Set the `info.subject.serialNumber` option to true to add the `serialNumber` information into the subject.
The data are taken from the subject part with the `SN` key.
@ -495,9 +495,9 @@ The escape serial number info in the subject part will be like :
SN=1234567890
```
##### `info.subject.domaincomponent`
##### `info.subject.domainComponent`
Set the `info.subject.domaincomponent` option to true to add the `domaincomponent` information into the subject.
Set the `info.subject.domainComponent` option to true to add the `domainComponent` information into the subject.
The data are taken from the subject part with the `DC` key.
@ -563,9 +563,9 @@ The escape organization info in the issuer part will be like :
O=Cheese,O=Cheese 2
```
##### `info.issuer.commonname`
##### `info.issuer.commonName`
Set the `info.issuer.commonname` option to true to add the `commonname` information into the issuer.
Set the `info.issuer.commonName` option to true to add the `commonName` information into the issuer.
The data are taken from the issuer part with the `CN` key.
@ -575,9 +575,9 @@ The escape common name info in the issuer part will be like :
CN=Simple Signing CA 2
```
##### `info.issuer.serialnumber`
##### `info.issuer.serialNumber`
Set the `info.issuer.serialnumber` option to true to add the `serialnumber` information into the issuer.
Set the `info.issuer.serialNumber` option to true to add the `serialNumber` information into the issuer.
The data are taken from the issuer part with the `SN` key.
@ -587,9 +587,9 @@ The escape serial number info in the issuer part will be like :
SN=1234567890
```
##### `info.issuer.domaincomponent`
##### `info.issuer.domainComponent`
Set the `info.issuer.domaincomponent` option to true to add the `domaincomponent` information into the issuer.
Set the `info.issuer.domainComponent` option to true to add the `domainComponent` information into the issuer.
The data are taken from the issuer part with the `DC` key.

10
docs/content/middlewares/ratelimit.md
View file

@ -33,7 +33,7 @@ metadata:
spec:
rateLimit:
extractorFunc: client.ip
rateset:
rateSet:
rate0:
period: 10s
average: 100
@ -74,15 +74,15 @@ labels:
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
[http.middlewares]
[http.middlewares.test-ratelimit.ratelimit]
[http.middlewares.test-ratelimit.rateLimit]
extractorfunc = "client.ip"
[http.middlewares.test-ratelimit.ratelimit.rateset.rate0]
[http.middlewares.test-ratelimit.rateLimit.rateSet.rate0]
period = "10s"
average = 100
burst = 200
[http.middlewares.test-ratelimit.ratelimit.rateset.rate1]
[http.middlewares.test-ratelimit.rateLimit.rateSet.rate1]
period = "3s"
average = 5
burst = 10
@ -100,7 +100,7 @@ The possible values are:
- `client.ip` categorizes requests based on the client ip.
- `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.
### `ratelimit`
### `rateSet`
You can combine multiple rate limits.
The rate limit will trigger with the first reached limit.

4
docs/content/middlewares/redirectregex.md
View file

@ -45,7 +45,7 @@ labels:
```toml tab="File"
# Redirect with domain replacement
[http.middlewares]
[http.middlewares.test-redirectregex.redirectregex]
[http.middlewares.test-redirectregex.redirectRegex]
regex = "^http://localhost/(.*)"
replacement = "http://mydomain/$1"
```
@ -58,7 +58,7 @@ Set the `permanent` option to `true` to apply a permanent redirection.
### `regex`
The `Regex` option is the regular expression to match and capture elements from the request URL.
The `regex` option is the regular expression to match and capture elements from the request URL.
!!! warning

2
docs/content/middlewares/redirectscheme.md
View file

@ -41,7 +41,7 @@ labels:
```toml tab="File"
# Redirect to https
[http.middlewares]
[http.middlewares.test-redirectscheme.redirectscheme]
[http.middlewares.test-redirectscheme.redirectScheme]
scheme = "https"
```

4
docs/content/middlewares/replacepath.md
View file

@ -41,8 +41,8 @@ labels:
```toml tab="File"
# Replace the path by /foo
[http.middlewares]
[http.middlewares.test-replacepath.ReplacePath]
path = "/foo"
[http.middlewares.test-replacepath.replacePath]
path = "/foo"
```
## Configuration Options

2
docs/content/middlewares/replacepathregex.md
View file

@ -61,7 +61,7 @@ The ReplacePathRegex middleware will:
### `regex`
The `Regex` option is the regular expression to match and capture the path from the request URL.
The `regex` option is the regular expression to match and capture the path from the request URL.
!!! warning

2
docs/content/middlewares/retry.md
View file

@ -41,7 +41,7 @@ labels:
```toml tab="File"
# Retry to send request 4 times
[http.middlewares]
[http.middlewares.test-retry.Retry]
[http.middlewares.test-retry.retry]
attempts = 4
```

4
docs/content/middlewares/stripprefix.md
View file

@ -43,8 +43,8 @@ labels:
```toml tab="File"
# Strip prefix /foobar and /fiibar
[http.middlewares]
[http.middlewares.test-stripprefix.StripPrefix]
prefixes = ["/foobar", "/fiibar"]
[http.middlewares.test-stripprefix.stripPrefix]
prefixes = ["/foobar", "/fiibar"]
```
## Configuration Options

4
docs/content/middlewares/stripprefixregex.md
View file

@ -41,7 +41,7 @@ labels:
```toml tab="File"
# Replace the path by /foo
[http.middlewares]
[http.middlewares.test-stripprefixregex.StripPrefixRegex]
[http.middlewares.test-stripprefixregex.stripPrefixRegex]
regex: "^/foo/(.*)"
```
@ -56,7 +56,7 @@ The StripPrefixRegex middleware will:
!!! tip
Use a `StripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
Use a `stripPrefixRegex` middleware if your backend listens on the root path (`/`) but should be routeable on a specific prefix.
### `regex`