From ffb53c07b840e126d6a0d30b8d3c1b3390f530d0 Mon Sep 17 00:00:00 2001 From: Fernandez Ludovic Date: Mon, 28 Aug 2017 18:07:37 +0200 Subject: [PATCH] refactor: basic configuration. --- traefik.sample.toml | 1346 +------------------------------------------ 1 file changed, 12 insertions(+), 1334 deletions(-) diff --git a/traefik.sample.toml b/traefik.sample.toml index 5910be48d..ac2e94d9f 100644 --- a/traefik.sample.toml +++ b/traefik.sample.toml @@ -2,16 +2,6 @@ # Global configuration ################################################################ -# Duration to give active requests a chance to finish before Traefik stops. -# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). -# If no units are provided, the value is parsed assuming seconds. -# Note: in this time frame no new requests are accepted. -# -# Optional -# Default: "10s" -# -# graceTimeOut = "10s" - # Enable debug mode # # Optional @@ -19,13 +9,6 @@ # # debug = true -# Periodically check if a new version has been released -# -# Optional -# Default: true -# -# checkNewVersion = false - # Traefik logs file # If not defined, logs to stdout # @@ -33,13 +16,6 @@ # # traefikLogsFile = "log/traefik.log" -# Access logs file -# -# Optional -# DEPRECATED - see [accessLog] lower down -# -# accessLogsFile = "log/access.log" - # Log level # # Optional @@ -47,42 +23,6 @@ # # logLevel = "ERROR" -# Backends throttle duration: minimum duration in seconds between 2 events from providers -# before applying a new configuration. It avoids unnecessary reloads if multiples events -# are sent in a short amount of time. -# Can be provided in a format supported by Go's time.ParseDuration function or -# as raw values (digits). If no units are provided, the value is parsed assuming -# seconds. -# -# Optional -# Default: "2s" -# -# ProvidersThrottleDuration = "5s" - -# Controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost -# from the Go standard library net/http module is used. -# If you encounter 'too many open files' errors, you can either increase this -# value or change the `ulimit`. -# -# Optional -# Default: 200 -# -# MaxIdleConnsPerHost = 200 - -# If set to true invalid SSL certificates are accepted for backends. -# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks. -# Optional -# Default: false -# -# InsecureSkipVerify = true - -# Register Certificates in the RootCA. This certificates will be use for backends calls. -# Note: You can use file path or cert content directly -# Optional -# Default: [] -# -# RootCAs = [ "/mycert.cert" ] - # Entrypoints to be used by frontends that do not specify any entrypoint. # Each frontend can specify its own entrypoints. # @@ -91,141 +31,13 @@ # # defaultEntryPoints = ["http", "https"] -# Constraints definition +# Entrypoints definition # # Optional -# -# Simple matching constraint -# constraints = ["tag==api"] -# -# Simple mismatching constraint -# constraints = ["tag!=api"] -# -# Globbing -# constraints = ["tag==us-*"] -# -# Backend-specific constraint -# [consulCatalog] -# endpoint = "127.0.0.1:8500" -# constraints = ["tag==api"] -# -# Multiple constraints -# - "tag==" must match with at least one tag -# - "tag!=" must match with none of tags -# constraints = ["tag!=us-*", "tag!=asia-*"] -# [consulCatalog] -# endpoint = "127.0.0.1:8500" -# constraints = ["tag==api", "tag!=v*-beta"] - -# Enable ACME (Let's Encrypt): automatic SSL -# -# Optional -# -# [acme] - -# Email address used for registration -# -# Required -# -# email = "test@traefik.io" - -# File or key used for certificates storage. -# WARNING, if you use Traefik in Docker, you have 2 options: -# - create a file on your host and mount it as a volume -# storageFile = "acme.json" -# $ docker run -v "/my/host/acme.json:acme.json" traefik -# - mount the folder containing the file as a volume -# storageFile = "/etc/traefik/acme/acme.json" -# $ docker run -v "/my/host/acme:/etc/traefik/acme" traefik -# -# Required -# -# storage = "acme.json" # or "traefik/acme/account" if using KV store - -# Entrypoint to proxy acme challenge/apply certificates to. -# WARNING, must point to an entrypoint on port 443 -# -# Required -# -# entryPoint = "https" - -# Use a DNS based acme challenge rather than external HTTPS access, e.g. for a firewalled server -# Select the provider that matches the DNS domain that will host the challenge TXT record, -# and provide environment variables with access keys to enable setting it: -# - cloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY -# - digitalocean: DO_AUTH_TOKEN -# - dnsimple: DNSIMPLE_EMAIL, DNSIMPLE_OAUTH_TOKEN -# - dnsmadeeasy: DNSMADEEASY_API_KEY, DNSMADEEASY_API_SECRET -# - exoscale: EXOSCALE_API_KEY, EXOSCALE_API_SECRET -# - gandi: GANDI_API_KEY -# - linode: LINODE_API_KEY -# - manual: none, but run traefik interactively & turn on acmeLogging to see instructions & press Enter -# - namecheap: NAMECHEAP_API_USER, NAMECHEAP_API_KEY -# - rfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER -# - route53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, or configured user/instance IAM profile -# - dyn: DYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD -# - vultr: VULTR_API_KEY -# - ovh: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY -# - pdns: PDNS_API_KEY, PDNS_API_URL -# -# Optional -# -# dnsProvider = "digitalocean" - -# By default, the dnsProvider will verify the TXT DNS challenge record before letting ACME verify -# If delayDontCheckDNS is greater than zero, avoid this & instead just wait so many seconds. -# Useful if internal networks block external DNS queries -# -# Optional -# -# delayDontCheckDNS = 0 - -# If true, display debug log messages from the acme client library -# -# Optional -# -# acmeLogging = true - -# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate. -# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks. -# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits -# -# Optional -# -# onDemand = true - -# Enable certificate generation on frontends Host rules. This will request a certificate from Let's Encrypt for each frontend with a Host rule. -# For example, a rule Host:test1.traefik.io,test2.traefik.io will request a certificate with main domain test1.traefik.io and SAN test2.traefik.io. -# -# Optional -# -# OnHostRule = true - -# CA server to use -# Uncomment the line to run on the staging let's encrypt server -# Leave comment to go to prod -# -# Optional -# -# caServer = "https://acme-staging.api.letsencrypt.org/directory" - -# Domains list -# You can provide SANs (alternative domains) to each main domain -# All domains must have A/AAAA records pointing to Traefik -# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits -# Each domain & SANs will lead to a certificate request. -# -# [[acme.domains]] -# main = "local1.com" -# sans = ["test1.local1.com", "test2.local1.com"] -# [[acme.domains]] -# main = "local2.com" -# sans = ["test1.local2.com", "test2x.local2.com"] -# [[acme.domains]] -# main = "local3.com" -# [[acme.domains]] -# main = "local4.com" - +# Default: +[entryPoints] + [entryPoints.http] + address = ":80" # Enable access logs # By default it will write to stdout and produce logs in the textual @@ -250,1178 +62,44 @@ # # format = "common" -# Entrypoints definition -# -# Optional -# Default: -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# -# To redirect an http entrypoint to an https entrypoint (with SNI support): -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# [entryPoints.http.redirect] -# entryPoint = "https" -# [entryPoints.https] -# address = ":443" -# [entryPoints.https.tls] -# [[entryPoints.https.tls.certificates]] -# CertFile = "integration/fixtures/https/snitest.com.cert" -# KeyFile = "integration/fixtures/https/snitest.com.key" -# [[entryPoints.https.tls.certificates]] -# CertFile = "integration/fixtures/https/snitest.org.cert" -# KeyFile = "integration/fixtures/https/snitest.org.key" -# -# To redirect an entrypoint rewriting the URL: -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# [entryPoints.http.redirect] -# regex = "^http://localhost/(.*)" -# replacement = "http://mydomain/$1" -# -# To enable basic auth on an entrypoint -# with 2 user/pass: test:test and test2:test2 -# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones -# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# [entryPoints.http.auth.basic] -# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] -# usersFile = "/path/to/.htpasswd" -# -# To enable digest auth on an entrypoint -# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2 -# You can use htdigest to generate those ones -# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# [entryPoints.http.auth.basic] -# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"] -# usersFile = "/path/to/.htdigest" -# -# To enable forward auth on an entrypoint -# This configuration will first forward the request to http://authserver.com/auth. If the response code is 2XX, -# access is granted and the original request is performed. Otherwise, the response from the auth server is returned. -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# [entryPoints.http.auth.forward] -# address = "http://authserver.com/auth" -# -# To specify an https entrypoint with a minimum TLS version, and specifying an array of cipher suites (from crypto/tls): -# [entryPoints] -# [entryPoints.https] -# address = ":443" -# [entryPoints.https.tls] -# MinVersion = "VersionTLS12" -# CipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"] -# [[entryPoints.https.tls.certificates]] -# CertFile = "integration/fixtures/https/snitest.com.cert" -# KeyFile = "integration/fixtures/https/snitest.com.key" -# [[entryPoints.https.tls.certificates]] -# CertFile = "integration/fixtures/https/snitest.org.cert" -# KeyFile = "integration/fixtures/https/snitest.org.key" - -# To enable compression support using gzip format: -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# compress = true - -# To bind to a particular IP address only: -# [entryPoints] -# [entryPoints.http] -# address = "10.42.13.37:80" - -# To enable IP whitelisting at the entrypoint level: -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# whiteListSourceRange = ["127.0.0.1/32"] - -# To enable ProxyProtocol support (https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt): -# [entryPoints] -# [entryPoints.http] -# address = ":80" -# proxyprotocol = true - -# Enable retry sending request if network error -# -# Optional -# -# [retry] - -# Number of attempts -# -# Optional -# Default: (number servers in backend) -1 -# -# attempts = 3 - -# Enable custom health check options. -# -# Optional -# -# [healthcheck] - -# Set the default health check interval. Will only be effective if health check -# paths are defined. Given provider-specific support, the value may be -# overridden on a per-backend basis. -# Can be provided in a format supported by Go's time.ParseDuration function or -# as raw values (digits). If no units are provided, the value is parsed assuming -# seconds. -# -# Optional -# Default: "30s" -# -# interval = "30s" - -# Timeout settings for the http servers Traefik starts -# -# Optional -# -# [respondingTimeouts] - -# ReadTimeout is the maximum duration for reading the entire request, including the body. -# If zero, no timeout exists. -# -# Optional -# Default: "0s" -# -# readTimeout = "5s" - -# WriteTimeout is the maximum duration before timing out writes of the response. -# If zero, no timeout exists. -# -# Optional -# Default: "0s" -# -# writeTimeout = "5s" - -# IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. -# Defaults to 180 seconds. -# If zero, no timeout exists. -# -# Optional -# Default: "180s" -# -# idleTimeout = "360s" - -# Timeout settings for requests forwarded to the Backend Servers -# -# Optional -# -# [forwardingTimeouts] - -# The amount of time to wait until a connection to a Backend Server can be established. -# If zero, no timeout exists. -# -# Optional -# Default: "30s" -# -# dialTimeout = "30s" - -# The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists -# -# Optional -# Default: "0s" -# -# responseHeaderTimeout = "0s" - - ################################################################ # Web configuration backend ################################################################ # Enable web configuration backend -# -# Optional -# -# [web] +[web] # Web administration port # # Required # -# address = ":8080" - -# SSL certificate and key used -# -# Optional -# -# CertFile = "traefik.crt" -# KeyFile = "traefik.key" - -# Set REST API to read-only mode -# -# Optional -# ReadOnly = false - -# Enable more detailed statistics -# [web.statistics] -# RecentErrors = 10 - -# To enable Traefik to export internal metrics to Prometheus -# [web.metrics.prometheus] -# Buckets=[0.1,0.3,1.2,5.0] -# - -# DataDog metrics exporter type -# [web.metrics.datadog] -# Address = "localhost:8125" -# Pushinterval = "10s" - -# StatsD metrics exporter type -# [web.metrics.statsd] -# Address = "localhost:8125" -# Pushinterval = "10s" - -# To enable basic auth on the webui -# with 2 user/pass: test:test and test2:test2 -# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones -# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence -# [web.auth.basic] -# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] -# usersFile = "/path/to/.htpasswd" -# To enable digest auth on the webui -# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2 -# You can use htdigest to generate those ones -# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence -# [web.auth.digest] -# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"] -# usersFile = "/path/to/.htdigest" - - -################################################################ -# File configuration backend -################################################################ - -# Enable file configuration backend -# -# Optional -# -# [file] - -# Rules file -# If defined, traefik will load rules from this file, -# otherwise, it will load rules from current file (cf Sample rules below). -# -# Optional -# -# filename = "rules.toml" - -# Rules file -# If defined, traefik will load rules from .toml files in this directory. -# -# Optional -# -# directory = "/path/to/config/" - -# Enable watch file changes -# -# Optional -# -# watch = true - +address = ":8080" ################################################################ # Docker configuration backend ################################################################ # Enable Docker configuration backend -# -# Optional -# -# [docker] +[docker] # Docker server endpoint. Can be a tcp or a unix socket endpoint. # # Required +# Default: "unix:///var/run/docker.sock" # -# endpoint = "unix:///var/run/docker.sock" +# endpoint = "tcp://10.10.10.10:2375" # Default domain used. # Can be overridden by setting the "traefik.domain" label on a container. # -# Required +# Optional +# Default: "" # # domain = "docker.localhost" -# Enable watch docker changes -# -# Optional -# -# watch = true - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "docker.tmpl" - # Expose containers by default in traefik # # Optional # Default: true # # exposedbydefault = true - -# Enable docker TLS connection -# -# Optional -# -# [docker.tls] -# ca = "/etc/ssl/ca.crt" -# cert = "/etc/ssl/docker.crt" -# key = "/etc/ssl/docker.key" -# insecureskipverify = true - - -################################################################ -# Docker Swarmmode configuration backend -################################################################ - -# Enable Docker configuration backend -# -# Optional -# -# [docker] - -# Docker server endpoint. Can be a tcp or a unix socket endpoint. -# -# Required -# -# endpoint = "tcp://127.0.0.1:2375" - -# Default domain used. -# Can be overridden by setting the "traefik.domain" label on a services. -# -# Required -# -# domain = "docker.localhost" - -# Enable watch docker changes -# -# Optional -# -# watch = true - -# Use Docker Swarm Mode as data provider -# -# Optional -# -# swarmmode = true - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "docker.tmpl" - -# Expose services by default in traefik -# -# Optional -# Default: true -# -# exposedbydefault = true - -# Enable docker TLS connection -# -# Optional -# -# [swarm.tls] -# ca = "/etc/ssl/ca.crt" -# cert = "/etc/ssl/docker.crt" -# key = "/etc/ssl/docker.key" -# insecureskipverify = true - -# Constraints -# -# Optional -# -# constraints = ["tag==api", "tag==he*ld"] -# Matching with containers having the label "traefik.tags" set to "api,helloworld" -# ex: $ docker run -d -P --label traefik.tags=api,helloworld emilevauge/whoami - - -################################################################ -# Mesos/Marathon configuration backend -################################################################ - -# Enable Marathon configuration backend -# -# Optional -# -# [marathon] - -# Marathon server endpoint. -# You can also specify multiple endpoint for Marathon: -# endpoint := "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080" -# -# Required -# -# endpoint = "http://127.0.0.1:8080" - -# Enable watch Marathon changes -# -# Optional -# -# watch = true - -# Default domain used. -# Can be overridden by setting the "traefik.domain" label on an application. -# -# Required -# -# domain = "marathon.localhost" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "marathon.tmpl" - -# Expose Marathon apps by default in traefik -# -# Optional -# Default: true -# -# exposedByDefault = true - -# Convert Marathon groups to subdomains -# Default behavior: /foo/bar/myapp => foo-bar-myapp.{defaultDomain} -# with groupsAsSubDomains enabled: /foo/bar/myapp => myapp.bar.foo.{defaultDomain} -# -# Optional -# Default: false -# -# groupsAsSubDomains = true - -# Enable compatibility with marathon-lb labels -# -# Optional -# Default: false -# -# marathonLBCompatibility = true - -# Enable Marathon basic authentication -# -# Optional -# -# [marathon.basic] -# httpBasicAuthUser = "foo" -# httpBasicPassword = "bar" - -# TLS client configuration. https://golang.org/pkg/crypto/tls/#Config -# -# Optional -# -# [marathon.TLS] -# CA = "/etc/ssl/ca.crt" -# Cert = "/etc/ssl/marathon.cert" -# Key = "/etc/ssl/marathon.key" -# InsecureSkipVerify = true - -# DCOSToken for DCOS environment, This will override the Authorization header -# -# Optional -# -# dcosToken = "xxxxxx" - -# Override DialerTimeout -# Amount of time to allow the Marathon provider to wait to open a TCP connection -# to a Marathon master. -# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw -# values (digits). If no units are provided, the value is parsed assuming -# seconds. -# -# Optional -# Default: "60s" -# dialerTimeout = "60s" - -# Set the TCP Keep Alive interval for the Marathon HTTP Client. -# Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw -# values (digits). If no units are provided, the value is parsed assuming -# seconds. -# -# Optional -# Default: "10s" -# -# keepAlive = "10s" - -# By default, a task's IP address (as returned by the Marathon API) is used as -# backend server if an IP-per-task configuration can be found; otherwise, the -# name of the host running the task is used. -# The latter behavior can be enforced by enabling this switch. -# -# Optional -# Default: false -# -# forceTaskHostname = false - -# Applications may define readiness checks which are probed by Marathon during -# deployments periodically and the results exposed via the API. Enabling the -# following parameter causes Traefik to filter out tasks whose readiness checks -# have not succeeded. -# Note that the checks are only valid at deployment times. See the Marathon -# guide for details. -# -# Optional -# Default: false -# -# respectReadinessChecks = false - - -################################################################ -# Mesos configuration backend -################################################################ - -# Enable Mesos configuration backend -# -# Optional -# -# [mesos] - -# Mesos server endpoint. -# You can also specify multiple endpoint for Mesos: -# endpoint = "192.168.35.40:5050,192.168.35.41:5050,192.168.35.42:5050" -# endpoint = "zk://192.168.35.20:2181,192.168.35.21:2181,192.168.35.22:2181/mesos" -# -# Required -# -# endpoint = "http://127.0.0.1:8080" - -# Enable watch Mesos changes -# -# Optional -# -# watch = true - -# Default domain used. -# Can be overridden by setting the "traefik.domain" label on an application. -# -# Required -# -# domain = "mesos.localhost" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "mesos.tmpl" - -# Expose Mesos apps by default in traefik -# -# Optional -# Default: false -# -# ExposedByDefault = true - -# TLS client configuration. https://golang.org/pkg/crypto/tls/#Config -# -# Optional -# -# [mesos.TLS] -# InsecureSkipVerify = true - -# Zookeeper timeout (in seconds) -# -# Optional -# Default: 30 -# -# ZkDetectionTimeout = 30 - -# Polling interval (in seconds) -# -# Optional -# Default: 30 -# -# RefreshSeconds = 30 - -# IP sources (e.g. host, docker, mesos, rkt) -# -# Optional -# -# IPSources = "host" - -# HTTP Timeout (in seconds) -# -# Optional -# Default: 30 -# -# StateTimeoutSecond = "30" - - -################################################################ -# Kubernetes Ingress configuration backend -################################################################ -# Enable Kubernetes Ingress configuration backend -# -# Optional -# -# [kubernetes] - -# Kubernetes server endpoint -# -# When deployed as a replication controller in Kubernetes, Traefik will use -# the environment variables KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT -# to construct the endpoint. -# Secure token will be found in /var/run/secrets/kubernetes.io/serviceaccount/token -# and SSL CA cert in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -# -# The endpoint may be given to override the environment variable values. -# -# When the environment variables are not found, Traefik will try to connect to -# the Kubernetes API server with an external-cluster client. In this case, the -# endpoint is required. Specifically, it may be set to the URL used by -# `kubectl proxy` to connect to a Kubernetes cluster from localhost. -# -# Optional for in-cluster configuration, required otherwise -# Default: empty -# -# endpoint = "http://127.0.0.1:8001" - -# Bearer token used for the Kubernetes client configuration. -# -# Optional -# Default: empty -# -# token = "my token" - -# Path to the certificate authority file used for the Kubernetes client -# configuration. -# -# Optional -# Default: empty -# -# certAuthFilePath = "/my/ca.crt" - -# Array of namespaces to watch. -# -# Optional -# Default: all namespaces (empty array). -# -# namespaces = ["default"] - -# Ingress label selector to identify Ingress objects that should be processed. -# See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors for details. -# -# Optional -# Default: empty (process all Ingresses) -# -# labelselector = "A and not B" - - -################################################################ -# Consul KV configuration backend -################################################################ - -# Enable Consul KV configuration backend -# -# Optional -# -# [consul] - -# Consul server endpoint -# -# Required -# -# endpoint = "127.0.0.1:8500" - -# Enable watch Consul changes -# -# Optional -# -# watch = true - -# Prefix used for KV store. -# -# Optional -# -# prefix = "traefik" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "consul.tmpl" - -# Enable consul TLS connection -# -# Optional -# -# [consul.tls] -# ca = "/etc/ssl/ca.crt" -# cert = "/etc/ssl/consul.crt" -# key = "/etc/ssl/consul.key" -# insecureskipverify = true - - -################################################################ -# Consul Catalog configuration backend -################################################################ - -# Enable Consul Catalog configuration backend -# -# Optional -# -# [consulCatalog] - -# Consul server endpoint -# -# Required -# -# endpoint = "127.0.0.1:8500" - -# Default domain used. -# -# Optional -# -# domain = "consul.localhost" - -# Expose Consul catalog services by default in traefik -# -# Optional -# -# exposedByDefault = true - -# Prefix for Consul catalog tags -# -# Optional -# -# prefix = "traefik" - -# Default frontEnd Rule for Consul services -# -# The format is a Go Template with: -# - ".ServiceName", ".Domain" and ".Attributes" available -# - "getTag(name, tags, defaultValue)", "hasTag(name, tags)" and "getAttribute(name, tags, defaultValue)" functions are available -# - "getAttribute(...)" function uses prefixed tag names based on "prefix" value -# -# Optional -# -#frontEndRule = "Host:{{.ServiceName}}.{{Domain}}" - -# Constraints -# -# Optional -# -# constraints = ["tag==api", "tag==he*ld"] -# Matching with containers having this tag: "traefik.tags=api,helloworld" - - -################################################################ -# Etcd configuration backend -################################################################ - -# Enable Etcd configuration backend -# -# Optional -# -# [etcd] - -# Etcd server endpoint -# -# Required -# -# endpoint = "127.0.0.1:2379" - -# Enable watch Etcd changes -# -# Optional -# -# watch = true - -# Prefix used for KV store. -# -# Optional -# -# prefix = "/traefik" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "etcd.tmpl" - -# Use etcd user/pass authentication -# -# Optional -# -# username = foo -# password = bar - -# Enable etcd TLS connection -# -# Optional -# -# [etcd.tls] -# ca = "/etc/ssl/ca.crt" -# cert = "/etc/ssl/etcd.crt" -# key = "/etc/ssl/etcd.key" -# insecureskipverify = true - - -################################################################ -# Eureka configuration backend -################################################################ - -# Enable Eureka configuration backend -# -# Optional -# -# [eureka] - -# Eureka server endpoint. -# endpoint := "http://my.eureka.server/eureka" -# -# Required -# -# endpoint = "http://my.eureka.server/eureka" - -# Override default configuration time between refresh -# -# Optional -# default 30s -# delay = "1m" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "eureka.tmpl" - - -################################################################ -# Zookeeper configuration backend -################################################################ - -# Enable Zookeeperconfiguration backend -# -# Optional -# -# [zookeeper] - -# Zookeeper server endpoint -# -# Required -# -# endpoint = "127.0.0.1:2181" - -# Enable watch Zookeeper changes -# -# Optional -# -# watch = true - -# Prefix used for KV store. -# -# Optional -# -# prefix = "/traefik" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "zookeeper.tmpl" - - -################################################################ -# BoltDB configuration backend -################################################################ - -# Enable BoltDB configuration backend -# -# Optional -# -# [boltdb] - -# BoltDB file -# -# Required -# -# endpoint = "/my.db" - -# Enable watch BoltDB changes -# -# Optional -# -# watch = true - -# Prefix used for KV store. -# -# Optional -# -# prefix = "/traefik" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "boltdb.tmpl" - - -################################################################ -# ECS configuration backend -################################################################ - -# Enable ECS configuration backend -# -# Optional -# -# [ecs] - -# ECS Cluster Name -# -# DEPRECATED - Please use Clusters -# -# Cluster = "default" - -# ECS Clusters Name -# -# Optional -# Default: ["default"] -# -# Clusters = ["default"] - -# Enable watch ECS changes -# -# Optional -# Default: true -# -# Watch = true - -# Enable auto discover ECS clusters -# -# Optional -# Default: false -# -# AutoDiscoverClusters = false - -# Polling interval (in seconds) -# -# Optional -# Default: 15 -# -# RefreshSeconds = 15 - -# Expose ECS services by default in traefik -# -# Optional -# Default: true -# -# ExposedByDefault = false - -# Region to use when connecting to AWS -# -# Optional -# -# Region = "us-east-1" - -# AccessKeyID to use when connecting to AWS -# -# Optional -# -# AccessKeyID = "abc" - -# SecretAccessKey to use when connecting to AWS -# -# Optional -# -# SecretAccessKey = "123" - -# Override default configuration template. For advanced users :) -# -# Optional -# -# filename = "ecs.tmpl" - - -################################################################ -# Rancher configuration backend -################################################################ - -# Enable Rancher configuration backend -# -# Optional -# -# [rancher] - -# Default domain used. -# Can be overridden by setting the "traefik.domain" label on an service. -# -# Required -# -# domain = "rancher.localhost" - -# Enable watch Rancher changes -# -# Optional -# Default: true -# -# Watch = true - -# Polling interval (in seconds) -# -# Optional -# -# RefreshSeconds = 15 - -# Expose Rancher services by default in traefik -# -# Optional -# Default: true -# -# ExposedByDefault = false - -# Filter services with unhealthy states and inactive states -# -# Optional -# Default: false -# -# EnableServiceHealthFilter = true - -# Enable Rancher metadata service configuration backend instead of the API -# configuration backend -# -# Optional -# Default: false -# -# [rancher.metadata] - -# Poll the Rancher metadata service for changes every `rancher.RefreshSeconds` -# NOTE: this is less accurate than the default long polling technique which -# will provide near instantaneous updates to Traefik -# -# Optional -# Default: false -# -# IntervalPoll = true - -# Prefix used for accessing the Rancher metadata service -# -# Optional -# Default: "/latest" -# -# Prefix = "/2016-07-29" - -# Enable Rancher API configuration backend -# -# Optional -# Default: true -# -# [rancher.api] - -# Endpoint to use when connecting to the Rancher API -# -# Required -# Endpoint = "http://rancherserver.example.com/v1" - -# AccessKey to use when connecting to the Rancher API -# -# Required -# AccessKey = "XXXXXXXXXXXXXXXXXXXX" - -# SecretKey to use when connecting to the Rancher API -# -# Required -# SecretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" - - -################################################################ -# DynamoDB configuration backend -################################################################ - -# Enable DynamoDB configuration backend -# -# Optional -# -# [dynamodb] - -# DynamoDB Table Name -# -# Optional -# -# TableName = "traefik" - -# Enable watch DynamoDB changes -# -# Optional -# -# Watch = true - -# Polling interval (in seconds) -# -# Optional -# -# RefreshSeconds = 15 - -# Region to use when connecting to AWS -# -# Required -# -# Region = "us-east-1" - -# AccessKeyID to use when connecting to AWS -# -# Optional -# -# AccessKeyID = "abc" - -# SecretAccessKey to use when connecting to AWS -# -# Optional -# -# SecretAccessKey = "123" - -# Endpoint of dynamodb when testing locally -# -# Optional -# -# Endpoint = "http://localhost:8080" - - -################################################################ -# Sample rules -################################################################ -# [backends] -# [backends.backend1] -# [backends.backend1.circuitbreaker] -# expression = "NetworkErrorRatio() > 0.5" -# [backends.backend1.servers.server1] -# url = "http://172.17.0.2:80" -# weight = 10 -# [backends.backend1.servers.server2] -# url = "http://172.17.0.3:80" -# weight = 1 -# [backends.backend2] -# [backends.backend2.LoadBalancer] -# method = "drr" -# [backends.backend2.servers.server1] -# url = "http://172.17.0.4:80" -# weight = 1 -# [backends.backend2.servers.server2] -# url = "http://172.17.0.5:80" -# weight = 2 -# -# [frontends] -# [frontends.frontend1] -# backend = "backend2" -# [frontends.frontend1.routes.test_1] -# rule = "Host: test.localhost, other.localhost" -# [frontends.frontend2] -# backend = "backend1" -# passHostHeader = true -# entrypoints = ["https"] # overrides defaultEntryPoints -# [frontends.frontend2.routes.test_1] -# rule = "Host:{subdomain:[a-z]+}.localhost" -# [frontends.frontend3] -# entrypoints = ["http", "https"] # overrides defaultEntryPoints -# backend = "backend2" -# rule = "Path: /test, /other"