homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge current v3.1 into master

Browse source
This commit is contained in:
mmatur 2024-07-30 15:54:24 +02:00
commit e8324132f9
No known key found for this signature in database
GPG key ID: 2FFE42FC256CFF8E
38 changed files with 587 additions and 383 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/contributing/submitting-pull-requests.md
View file

@ -54,6 +54,7 @@ Merging a PR requires the following steps to be completed before it is merged au
* Keep "allows edit from maintainer" checked.
* Use semantic line breaks for documentation.
* Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
* Ensure that the dependencies in the `go.mod` file reference a tag. If referencing a tag is not possible, add a comment explaining why.
* Pass the validation check.
* Pass all tests.
* Receive 2 approving reviews from maintainers.
@ -89,6 +90,7 @@ in short, it looks like this:
You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration.
Your PR will not be reviewed until these are green on the CI.
* `make generate`
* `make validate`
* `make pull-images`
* `make test`

3
docs/content/deprecation/releases.md
View file

@ -6,7 +6,8 @@ Below is a non-exhaustive list of versions and their maintenance status:
| Version | Release Date | Community Support |
|---------|--------------|--------------------|
| 3.0 | Apr 29, 2024 | Yes |
| 3.1 | Jul 15, 2024 | Yes |
| 3.0 | Apr 29, 2024 | Ended Jul 15, 2024 |
| 2.11 | Feb 12, 2024 | Ends Apr 29, 2025 |
| 2.10 | Apr 24, 2023 | Ended Feb 12, 2024 |
| 2.9 | Oct 03, 2022 | Ended Apr 24, 2023 |

27
docs/content/https/acme.md
View file

@ -606,9 +606,21 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
_Optional, Default=2160_
The `certificatesDuration` option defines the certificates' duration in hours.
`certificatesDuration` is used to calculate two durations:
- `Renew Period`: the period before the end of the certificate duration, during which the certificate should be renewed.
- `Renew Interval`: the interval between renew attempts.
It defaults to `2160` (90 days) to follow Let's Encrypt certificates' duration.
| Certificate Duration | Renew Period | Renew Interval |
|----------------------|-------------------|-------------------------|
| >= 1 year | 4 months | 1 week |
| >= 90 days | 30 days | 1 day |
| >= 7 days | 1 day | 1 hour |
| >= 24 hours | 6 hours | 10 min |
| < 24 hours | 20 min | 1 min |
!!! warning "Traefik cannot manage certificates with a duration lower than 1 hour."
```yaml tab="File (YAML)"
@ -633,19 +645,6 @@ certificatesResolvers:
# ...
```
`certificatesDuration` is used to calculate two durations:
- `Renew Period`: the period before the end of the certificate duration, during which the certificate should be renewed.
- `Renew Interval`: the interval between renew attempts.
| Certificate Duration | Renew Period | Renew Interval |
|----------------------|-------------------|-------------------------|
| >= 1 year | 4 months | 1 week |
| >= 90 days | 30 days | 1 day |
| >= 7 days | 1 day | 1 hour |
| >= 24 hours | 6 hours | 10 min |
| < 24 hours | 20 min | 1 min |
### `preferredChain`
_Optional, Default=""_

10
docs/content/operations/api.md
View file

@ -16,13 +16,9 @@ including sensitive data.
In production, it should be at least secured by authentication and authorizations.
A good sane default (non exhaustive) set of recommendations
would be to apply the following protection mechanisms:
* At the transport level:
NOT publicly exposing the API's port,
keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
!!! info
It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
## Configuration

12
docs/content/providers/docker.md
View file

@ -20,7 +20,7 @@ This provider works with [Docker (standalone) Engine](https://docs.docker.com/en
## Configuration Examples
??? example "Configuring Docker & Deploying / Exposing Services"
??? example "Configuring Docker & Deploying / Exposing one Service"
Enabling the docker provider
@ -73,12 +73,14 @@ When using Docker Compose, labels are specified by the directive
Traefik retrieves the private IP and port of containers from the Docker API.
Port detection works as follows:
Port detection for private communication works as follows:
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) a single port,
then Traefik uses this port for private communication.
then Traefik uses this port.
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports,
or does not expose any port, then you must manually specify which port Traefik should use for communication
then Traefik uses the lowest port. E.g. if `80` and `8080` are exposed, Traefik will use `80`.
- If a container does not expose any port, or the selection from multiple ports does not fit,
then you must manually specify which port Traefik should use for communication
by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
(Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#services)).
@ -586,7 +588,7 @@ providers:
_Optional, Default=false_
If the parameter is set to `true`,
any [servers load balancer](../routing/services/index.md#servers-load-balancer) defined for Docker containers is created
any [servers load balancer](../routing/services/index.md#servers-load-balancer) defined for Docker containers is created
regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers.
It also then stays alive and responsive even at times when it becomes empty,
i.e. when all its children containers become unhealthy.

2
docs/content/providers/kubernetes-gateway.md
View file

@ -34,7 +34,7 @@ For more details, check out the conformance [report](https://github.com/kubernet
```bash
# Install Traefik RBACs.
kubectl apply -f kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.1/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
```
3. Deploy Traefik and enable the `kubernetesGateway` provider in the static configuration as detailed below:

6
docs/content/providers/swarm.md
View file

@ -20,7 +20,7 @@ This provider works with [Docker Swarm Mode](https://docs.docker.com/engine/swar
## Configuration Examples
??? example "Configuring Docker Swarm & Deploying / Exposing Services"
??? example "Configuring Docker Swarm & Deploying / Exposing one Service"
Enabling the Swarm provider
@ -48,7 +48,9 @@ This provider works with [Docker Swarm Mode](https://docs.docker.com/engine/swar
--providers.swarm.endpoint=tcp://127.0.0.1:2377
```
Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
Attach labels to a single service (not containers) while in Swarm mode (in your Docker compose file).
When there is only one service, and the router does not specify a service,
then that service is automatically assigned to the router.
```yaml
version: "3"

22
docs/content/routing/providers/docker.md
View file

@ -22,7 +22,7 @@ With Docker, Traefik can leverage labels attached to a container to generate rou
## Configuration Examples
??? example "Configuring Docker & Deploying / Exposing Services"
??? example "Configuring Docker & Deploying / Exposing one Service"
Enabling the docker provider
@ -109,7 +109,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
--8<-- "content/routing/providers/service-by-label.md"
??? example "Automatic service assignment with labels"
??? example "Automatic assignment with one Service"
With labels in a compose file
@ -120,7 +120,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
- "traefik.http.services.myservice.loadbalancer.server.port=80"
```
??? example "Automatic service creation and assignment with labels"
??? example "Automatic service creation with one Router"
With labels in a compose file
@ -131,6 +131,18 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
- "traefik.http.routers.myproxy.rule=Host(`example.net`)"
```
??? example "Explicit definition with one Service"
With labels in a compose file
```yaml
labels:
- traefik.http.routers.www-router.rule=Host(`example-a.com`)
# Explicit link between the router and the service
- traefik.http.routers.www-router.service=www-service
- traefik.http.services.www-service.loadbalancer.server.port=8000
```
### Routers
To update the configuration of the Router automatically attached to the container,
@ -433,7 +445,7 @@ More information about available middlewares in the dedicated [middlewares secti
You can declare TCP Routers and/or Services using labels.
??? example "Declaring TCP Routers and Services"
??? example "Declaring TCP Routers with one Service"
```yaml
services:
@ -571,7 +583,7 @@ You can declare TCP Routers and/or Services using labels.
You can declare UDP Routers and/or Services using labels.
??? example "Declaring UDP Routers and Services"
??? example "Declaring UDP Routers with one Service"
```yaml
services:

32
docs/content/routing/providers/swarm.md
View file

@ -22,7 +22,7 @@ With Docker Swarm, Traefik can leverage labels attached to a service to generate
## Configuration Examples
??? example "Configuring Docker Swarm & Deploying / Exposing Services"
??? example "Configuring Docker Swarm & Deploying / Exposing one Service"
Enabling the docker provider (Swarm Mode)
@ -50,7 +50,9 @@ With Docker Swarm, Traefik can leverage labels attached to a service to generate
--providers.swarm.endpoint=tcp://127.0.0.1:2377
```
Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
Attach labels to services (not containers) while in Swarm mode (in your Docker compose file).
When there is only one service, and the router does not specify a service,
then that service is automatically assigned to the router.
```yaml
version: "3"
@ -67,6 +69,30 @@ With Docker Swarm, Traefik can leverage labels attached to a service to generate
Therefore, if you use a compose file with Swarm Mode, labels should be defined in the `deploy` part of your service.
This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/compose-file-v3/#labels-1)).
??? example "Specify a Custom Port for the Container"
Forward requests for `http://example.com` to `http://<private IP of container>:12345`:
```yaml
version: "3"
services:
my-container:
# ...
deploy:
labels:
- traefik.http.routers.my-container.rule=Host(`example.com`)
- traefik.http.routers.my-container.service=my-service"
# Tell Traefik to use the port 12345 to connect to `my-container`
- traefik.http.services.my-service.loadbalancer.server.port=12345
```
!!! important "Traefik Connecting to the Wrong Port: `HTTP/502 Gateway Error`"
By default, Traefik uses the lowest exposed port of a container as detailed in
[Port Detection](../providers/swarm.md#port-detection) of the Swarm provider.
Setting the label `traefik.http.services.xxx.loadbalancer.server.port`
overrides this behavior.
??? example "Specifying more than one router and service per container"
Forwarding requests to more than one port on a container requires referencing the service loadbalancer port definition using the service parameter on the router.
@ -232,7 +258,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
Registers a port.
Useful when the container exposes multiples ports.
Mandatory for Docker Swarm (see the section ["Port Detection with Docker Swarm"](../../providers/docker.md#port-detection)).
Mandatory for Docker Swarm (see the section ["Port Detection with Docker Swarm"](../../providers/swarm.md#port-detection)).
{: #port }
```yaml