primal/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik synced 2026-02-03 08:50:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add an anchor on the options names.

Browse Source
This commit is contained in:
Nicolas Mengin
2025-09-09 17:26:05 +02:00
committed by GitHub
parent 0b240ca97a
commit c294b87a45
83 changed files with 2893 additions and 2586 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/content/reference/dynamic-configuration/kv-ref.md
+461 -461
View File
@@ -5,464 +5,464 @@ THIS FILE MUST NOT BE EDITED BY HAND
| Key (Path) | Value | | Key (Path) | Value |
|------------|-------| |------------|-------|
| `traefik/http/middlewares/Middleware01/addPrefix/prefix` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware01addPrefixprefix" href="#traefikhttpmiddlewaresMiddleware01addPrefixprefix" title="#traefikhttpmiddlewaresMiddleware01addPrefixprefix">`traefik/http/middlewares/Middleware01/addPrefix/prefix`</a> | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/headerField` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware02basicAuthheaderField" href="#traefikhttpmiddlewaresMiddleware02basicAuthheaderField" title="#traefikhttpmiddlewaresMiddleware02basicAuthheaderField">`traefik/http/middlewares/Middleware02/basicAuth/headerField`</a> | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/realm` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware02basicAuthrealm" href="#traefikhttpmiddlewaresMiddleware02basicAuthrealm" title="#traefikhttpmiddlewaresMiddleware02basicAuthrealm">`traefik/http/middlewares/Middleware02/basicAuth/realm`</a> | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/removeHeader` | `true` | | <a id="traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader" href="#traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader" title="#traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader">`traefik/http/middlewares/Middleware02/basicAuth/removeHeader`</a> | `true` |
| `traefik/http/middlewares/Middleware02/basicAuth/users/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware02basicAuthusers0" href="#traefikhttpmiddlewaresMiddleware02basicAuthusers0" title="#traefikhttpmiddlewaresMiddleware02basicAuthusers0">`traefik/http/middlewares/Middleware02/basicAuth/users/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/users/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware02basicAuthusers1" href="#traefikhttpmiddlewaresMiddleware02basicAuthusers1" title="#traefikhttpmiddlewaresMiddleware02basicAuthusers1">`traefik/http/middlewares/Middleware02/basicAuth/users/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware02/basicAuth/usersFile` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware02basicAuthusersFile" href="#traefikhttpmiddlewaresMiddleware02basicAuthusersFile" title="#traefikhttpmiddlewaresMiddleware02basicAuthusersFile">`traefik/http/middlewares/Middleware02/basicAuth/usersFile`</a> | `foobar` |
| `traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes` | `42` | | <a id="traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes" href="#traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes" title="#traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes">`traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes`</a> | `42` |
| `traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes` | `42` | | <a id="traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes" href="#traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes" title="#traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes">`traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes`</a> | `42` |
| `traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes` | `42` | | <a id="traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes" href="#traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes" title="#traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes">`traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes`</a> | `42` |
| `traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes` | `42` | | <a id="traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes" href="#traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes" title="#traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes">`traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes`</a> | `42` |
| `traefik/http/middlewares/Middleware03/buffering/retryExpression` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware03bufferingretryExpression" href="#traefikhttpmiddlewaresMiddleware03bufferingretryExpression" title="#traefikhttpmiddlewaresMiddleware03bufferingretryExpression">`traefik/http/middlewares/Middleware03/buffering/retryExpression`</a> | `foobar` |
| `traefik/http/middlewares/Middleware04/chain/middlewares/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware04chainmiddlewares0" href="#traefikhttpmiddlewaresMiddleware04chainmiddlewares0" title="#traefikhttpmiddlewaresMiddleware04chainmiddlewares0">`traefik/http/middlewares/Middleware04/chain/middlewares/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware04/chain/middlewares/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware04chainmiddlewares1" href="#traefikhttpmiddlewaresMiddleware04chainmiddlewares1" title="#traefikhttpmiddlewaresMiddleware04chainmiddlewares1">`traefik/http/middlewares/Middleware04/chain/middlewares/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod" href="#traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod" title="#traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod">`traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod`</a> | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware05circuitBreakerexpression" href="#traefikhttpmiddlewaresMiddleware05circuitBreakerexpression" title="#traefikhttpmiddlewaresMiddleware05circuitBreakerexpression">`traefik/http/middlewares/Middleware05/circuitBreaker/expression`</a> | `foobar` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration" href="#traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration" title="#traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration">`traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration`</a> | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration" href="#traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration" title="#traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration">`traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration`</a> | `42s` |
| `traefik/http/middlewares/Middleware05/circuitBreaker/responseCode` | `42` | | <a id="traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode" href="#traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode" title="#traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode">`traefik/http/middlewares/Middleware05/circuitBreaker/responseCode`</a> | `42` |
| `traefik/http/middlewares/Middleware06/compress/defaultEncoding` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware06compressdefaultEncoding" href="#traefikhttpmiddlewaresMiddleware06compressdefaultEncoding" title="#traefikhttpmiddlewaresMiddleware06compressdefaultEncoding">`traefik/http/middlewares/Middleware06/compress/defaultEncoding`</a> | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/encodings/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware06compressencodings0" href="#traefikhttpmiddlewaresMiddleware06compressencodings0" title="#traefikhttpmiddlewaresMiddleware06compressencodings0">`traefik/http/middlewares/Middleware06/compress/encodings/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/encodings/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware06compressencodings1" href="#traefikhttpmiddlewaresMiddleware06compressencodings1" title="#traefikhttpmiddlewaresMiddleware06compressencodings1">`traefik/http/middlewares/Middleware06/compress/encodings/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0" href="#traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0" title="#traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0">`traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1" href="#traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1" title="#traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1">`traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0" href="#traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0" title="#traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0">`traefik/http/middlewares/Middleware06/compress/includedContentTypes/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1" href="#traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1" title="#traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1">`traefik/http/middlewares/Middleware06/compress/includedContentTypes/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` | | <a id="traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes" href="#traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes" title="#traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes">`traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes`</a> | `42` |
| `traefik/http/middlewares/Middleware07/contentType/autoDetect` | `true` | | <a id="traefikhttpmiddlewaresMiddleware07contentTypeautoDetect" href="#traefikhttpmiddlewaresMiddleware07contentTypeautoDetect" title="#traefikhttpmiddlewaresMiddleware07contentTypeautoDetect">`traefik/http/middlewares/Middleware07/contentType/autoDetect`</a> | `true` |
| `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware08digestAuthheaderField" href="#traefikhttpmiddlewaresMiddleware08digestAuthheaderField" title="#traefikhttpmiddlewaresMiddleware08digestAuthheaderField">`traefik/http/middlewares/Middleware08/digestAuth/headerField`</a> | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware08digestAuthrealm" href="#traefikhttpmiddlewaresMiddleware08digestAuthrealm" title="#traefikhttpmiddlewaresMiddleware08digestAuthrealm">`traefik/http/middlewares/Middleware08/digestAuth/realm`</a> | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` | | <a id="traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader" href="#traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader" title="#traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader">`traefik/http/middlewares/Middleware08/digestAuth/removeHeader`</a> | `true` |
| `traefik/http/middlewares/Middleware08/digestAuth/users/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware08digestAuthusers0" href="#traefikhttpmiddlewaresMiddleware08digestAuthusers0" title="#traefikhttpmiddlewaresMiddleware08digestAuthusers0">`traefik/http/middlewares/Middleware08/digestAuth/users/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/users/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware08digestAuthusers1" href="#traefikhttpmiddlewaresMiddleware08digestAuthusers1" title="#traefikhttpmiddlewaresMiddleware08digestAuthusers1">`traefik/http/middlewares/Middleware08/digestAuth/users/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware08/digestAuth/usersFile` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware08digestAuthusersFile" href="#traefikhttpmiddlewaresMiddleware08digestAuthusersFile" title="#traefikhttpmiddlewaresMiddleware08digestAuthusersFile">`traefik/http/middlewares/Middleware08/digestAuth/usersFile`</a> | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/query` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware09errorsquery" href="#traefikhttpmiddlewaresMiddleware09errorsquery" title="#traefikhttpmiddlewaresMiddleware09errorsquery">`traefik/http/middlewares/Middleware09/errors/query`</a> | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/service` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware09errorsservice" href="#traefikhttpmiddlewaresMiddleware09errorsservice" title="#traefikhttpmiddlewaresMiddleware09errorsservice">`traefik/http/middlewares/Middleware09/errors/service`</a> | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/status/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware09errorsstatus0" href="#traefikhttpmiddlewaresMiddleware09errorsstatus0" title="#traefikhttpmiddlewaresMiddleware09errorsstatus0">`traefik/http/middlewares/Middleware09/errors/status/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/status/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware09errorsstatus1" href="#traefikhttpmiddlewaresMiddleware09errorsstatus1" title="#traefikhttpmiddlewaresMiddleware09errorsstatus1">`traefik/http/middlewares/Middleware09/errors/status/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware09/errors/statusRewrites/name0` | `42` | | <a id="traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0" href="#traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0" title="#traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0">`traefik/http/middlewares/Middleware09/errors/statusRewrites/name0`</a> | `42` |
| `traefik/http/middlewares/Middleware09/errors/statusRewrites/name1` | `42` | | <a id="traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1" href="#traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1" title="#traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1">`traefik/http/middlewares/Middleware09/errors/statusRewrites/name1`</a> | `42` |
| `traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0" href="#traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0" title="#traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0">`traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1" href="#traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1" title="#traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1">`traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/address` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthaddress" href="#traefikhttpmiddlewaresMiddleware10forwardAuthaddress" title="#traefikhttpmiddlewaresMiddleware10forwardAuthaddress">`traefik/http/middlewares/Middleware10/forwardAuth/address`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0" href="#traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0" title="#traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0">`traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1" href="#traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1" title="#traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1">`traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0" href="#traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0" title="#traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1" href="#traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1" title="#traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex" href="#traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex" title="#traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/forwardBody` | `true` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody" href="#traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody" title="#traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody">`traefik/http/middlewares/Middleware10/forwardAuth/forwardBody`</a> | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/headerField` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthheaderField" href="#traefikhttpmiddlewaresMiddleware10forwardAuthheaderField" title="#traefikhttpmiddlewaresMiddleware10forwardAuthheaderField">`traefik/http/middlewares/Middleware10/forwardAuth/headerField`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/maxBodySize` | `42` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize" href="#traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize" title="#traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize">`traefik/http/middlewares/Middleware10/forwardAuth/maxBodySize`</a> | `42` |
| `traefik/http/middlewares/Middleware10/forwardAuth/preserveLocationHeader` | `true` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader" href="#traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader" title="#traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader">`traefik/http/middlewares/Middleware10/forwardAuth/preserveLocationHeader`</a> | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/preserveRequestMethod` | `true` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod" href="#traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod" title="#traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod">`traefik/http/middlewares/Middleware10/forwardAuth/preserveRequestMethod`</a> | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthtlsca" href="#traefikhttpmiddlewaresMiddleware10forwardAuthtlsca" title="#traefikhttpmiddlewaresMiddleware10forwardAuthtlsca">`traefik/http/middlewares/Middleware10/forwardAuth/tls/ca`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional" href="#traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional" title="#traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional">`traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional`</a> | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthtlscert" href="#traefikhttpmiddlewaresMiddleware10forwardAuthtlscert" title="#traefikhttpmiddlewaresMiddleware10forwardAuthtlscert">`traefik/http/middlewares/Middleware10/forwardAuth/tls/cert`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify" href="#traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify" title="#traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify">`traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify`</a> | `true` |
| `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthtlskey" href="#traefikhttpmiddlewaresMiddleware10forwardAuthtlskey" title="#traefikhttpmiddlewaresMiddleware10forwardAuthtlskey">`traefik/http/middlewares/Middleware10/forwardAuth/tls/key`</a> | `foobar` |
| `traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader` | `true` | | <a id="traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader" href="#traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader" title="#traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader">`traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader`</a> | `true` |
| `traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0" href="#traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0" title="#traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0">`traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1" href="#traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1" title="#traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1">`traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowCredentials` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials">`traefik/http/middlewares/Middleware12/headers/accessControlAllowCredentials`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0">`traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1">`traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/accessControlMaxAge` | `42` | | <a id="traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge" href="#traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge" title="#traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge">`traefik/http/middlewares/Middleware12/headers/accessControlMaxAge`</a> | `42` |
| `traefik/http/middlewares/Middleware12/headers/addVaryHeader` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersaddVaryHeader" href="#traefikhttpmiddlewaresMiddleware12headersaddVaryHeader" title="#traefikhttpmiddlewaresMiddleware12headersaddVaryHeader">`traefik/http/middlewares/Middleware12/headers/addVaryHeader`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/allowedHosts/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersallowedHosts0" href="#traefikhttpmiddlewaresMiddleware12headersallowedHosts0" title="#traefikhttpmiddlewaresMiddleware12headersallowedHosts0">`traefik/http/middlewares/Middleware12/headers/allowedHosts/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/allowedHosts/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersallowedHosts1" href="#traefikhttpmiddlewaresMiddleware12headersallowedHosts1" title="#traefikhttpmiddlewaresMiddleware12headersallowedHosts1">`traefik/http/middlewares/Middleware12/headers/allowedHosts/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/browserXssFilter` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter" href="#traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter" title="#traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter">`traefik/http/middlewares/Middleware12/headers/browserXssFilter`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy" href="#traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy" title="#traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy">`traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly" href="#traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly" title="#traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly">`traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/contentTypeNosniff` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff" href="#traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff" title="#traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff">`traefik/http/middlewares/Middleware12/headers/contentTypeNosniff`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue" href="#traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue" title="#traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue">`traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue" href="#traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue" title="#traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue">`traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0" href="#traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0" title="#traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0">`traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1" href="#traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1" title="#traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1">`traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0" href="#traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0" title="#traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0">`traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1" href="#traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1" title="#traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1">`traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/featurePolicy` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersfeaturePolicy" href="#traefikhttpmiddlewaresMiddleware12headersfeaturePolicy" title="#traefikhttpmiddlewaresMiddleware12headersfeaturePolicy">`traefik/http/middlewares/Middleware12/headers/featurePolicy`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/forceSTSHeader` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersforceSTSHeader" href="#traefikhttpmiddlewaresMiddleware12headersforceSTSHeader" title="#traefikhttpmiddlewaresMiddleware12headersforceSTSHeader">`traefik/http/middlewares/Middleware12/headers/forceSTSHeader`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/frameDeny` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersframeDeny" href="#traefikhttpmiddlewaresMiddleware12headersframeDeny" title="#traefikhttpmiddlewaresMiddleware12headersframeDeny">`traefik/http/middlewares/Middleware12/headers/frameDeny`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0" href="#traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0" title="#traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0">`traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1" href="#traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1" title="#traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1">`traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/isDevelopment` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersisDevelopment" href="#traefikhttpmiddlewaresMiddleware12headersisDevelopment" title="#traefikhttpmiddlewaresMiddleware12headersisDevelopment">`traefik/http/middlewares/Middleware12/headers/isDevelopment`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/permissionsPolicy` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy" href="#traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy" title="#traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy">`traefik/http/middlewares/Middleware12/headers/permissionsPolicy`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/publicKey` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerspublicKey" href="#traefikhttpmiddlewaresMiddleware12headerspublicKey" title="#traefikhttpmiddlewaresMiddleware12headerspublicKey">`traefik/http/middlewares/Middleware12/headers/publicKey`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/referrerPolicy` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headersreferrerPolicy" href="#traefikhttpmiddlewaresMiddleware12headersreferrerPolicy" title="#traefikhttpmiddlewaresMiddleware12headersreferrerPolicy">`traefik/http/middlewares/Middleware12/headers/referrerPolicy`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslForceHost` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headerssslForceHost" href="#traefikhttpmiddlewaresMiddleware12headerssslForceHost" title="#traefikhttpmiddlewaresMiddleware12headerssslForceHost">`traefik/http/middlewares/Middleware12/headers/sslForceHost`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/sslHost` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerssslHost" href="#traefikhttpmiddlewaresMiddleware12headerssslHost" title="#traefikhttpmiddlewaresMiddleware12headerssslHost">`traefik/http/middlewares/Middleware12/headers/sslHost`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0" href="#traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0" title="#traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0">`traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1" href="#traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1" title="#traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1">`traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware12/headers/sslRedirect` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headerssslRedirect" href="#traefikhttpmiddlewaresMiddleware12headerssslRedirect" title="#traefikhttpmiddlewaresMiddleware12headerssslRedirect">`traefik/http/middlewares/Middleware12/headers/sslRedirect`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect" href="#traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect" title="#traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect">`traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains" href="#traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains" title="#traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains">`traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsPreload` | `true` | | <a id="traefikhttpmiddlewaresMiddleware12headersstsPreload" href="#traefikhttpmiddlewaresMiddleware12headersstsPreload" title="#traefikhttpmiddlewaresMiddleware12headersstsPreload">`traefik/http/middlewares/Middleware12/headers/stsPreload`</a> | `true` |
| `traefik/http/middlewares/Middleware12/headers/stsSeconds` | `42` | | <a id="traefikhttpmiddlewaresMiddleware12headersstsSeconds" href="#traefikhttpmiddlewaresMiddleware12headersstsSeconds" title="#traefikhttpmiddlewaresMiddleware12headersstsSeconds">`traefik/http/middlewares/Middleware12/headers/stsSeconds`</a> | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/depth` | `42` | | <a id="traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth" href="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth" title="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/depth`</a> | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0" href="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0" title="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1" href="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1" title="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/ipv6Subnet` | `42` | | <a id="traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet" href="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet" title="#traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/ipv6Subnet`</a> | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/rejectStatusCode` | `42` | | <a id="traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode" href="#traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode" title="#traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode">`traefik/http/middlewares/Middleware13/ipAllowList/rejectStatusCode`</a> | `42` |
| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0" href="#traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0" title="#traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0">`traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1" href="#traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1" title="#traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1">`traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/depth` | `42` | | <a id="traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth" href="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth" title="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/depth`</a> | `42` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0" href="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0" title="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1" href="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1" title="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/ipv6Subnet` | `42` | | <a id="traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet" href="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet" title="#traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/ipv6Subnet`</a> | `42` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0" href="#traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0" title="#traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0">`traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1" href="#traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1" title="#traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1">`traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/amount` | `42` | | <a id="traefikhttpmiddlewaresMiddleware15inFlightReqamount" href="#traefikhttpmiddlewaresMiddleware15inFlightReqamount" title="#traefikhttpmiddlewaresMiddleware15inFlightReqamount">`traefik/http/middlewares/Middleware15/inFlightReq/amount`</a> | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` | | <a id="traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth" href="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth" title="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/depth`</a> | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0" href="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0" title="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1" href="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1" title="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/ipv6Subnet` | `42` | | <a id="traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet" href="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet" title="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/ipv6Subnet`</a> | `42` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName" href="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName" title="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHeaderName`</a> | `foobar` |
| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHost` | `true` | | <a id="traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost" href="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost" title="#traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHost`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/commonName` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/commonName`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/country` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/country`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/domainComponent` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/domainComponent`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/locality` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/locality`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/organization` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/organization`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/province` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/province`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/serialNumber` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/serialNumber`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/notAfter` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/notAfter`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/notBefore` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/notBefore`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/sans` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/sans`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/serialNumber` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/serialNumber`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/commonName` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/commonName`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/country` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/country`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/domainComponent` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/domainComponent`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/locality` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/locality`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organization` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organization`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organizationalUnit` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organizationalUnit`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/province` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/province`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/serialNumber` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/serialNumber`</a> | `true` |
| `traefik/http/middlewares/Middleware16/passTLSClientCert/pem` | `true` | | <a id="traefikhttpmiddlewaresMiddleware16passTLSClientCertpem" href="#traefikhttpmiddlewaresMiddleware16passTLSClientCertpem" title="#traefikhttpmiddlewaresMiddleware16passTLSClientCertpem">`traefik/http/middlewares/Middleware16/passTLSClientCert/pem`</a> | `true` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf0/name0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0" href="#traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0" title="#traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0">`traefik/http/middlewares/Middleware17/plugin/PluginConf0/name0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf0/name1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1" href="#traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1" title="#traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1">`traefik/http/middlewares/Middleware17/plugin/PluginConf0/name1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf1/name0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0" href="#traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0" title="#traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0">`traefik/http/middlewares/Middleware17/plugin/PluginConf1/name0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware17/plugin/PluginConf1/name1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1" href="#traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1" title="#traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1">`traefik/http/middlewares/Middleware17/plugin/PluginConf1/name1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/average` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitaverage" href="#traefikhttpmiddlewaresMiddleware18rateLimitaverage" title="#traefikhttpmiddlewaresMiddleware18rateLimitaverage">`traefik/http/middlewares/Middleware18/rateLimit/average`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/burst` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitburst" href="#traefikhttpmiddlewaresMiddleware18rateLimitburst" title="#traefikhttpmiddlewaresMiddleware18rateLimitburst">`traefik/http/middlewares/Middleware18/rateLimit/burst`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/period` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitperiod" href="#traefikhttpmiddlewaresMiddleware18rateLimitperiod" title="#traefikhttpmiddlewaresMiddleware18rateLimitperiod">`traefik/http/middlewares/Middleware18/rateLimit/period`</a> | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/db` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredisdb" href="#traefikhttpmiddlewaresMiddleware18rateLimitredisdb" title="#traefikhttpmiddlewaresMiddleware18rateLimitredisdb">`traefik/http/middlewares/Middleware18/rateLimit/redis/db`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/dialTimeout` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout" href="#traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout" title="#traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/dialTimeout`</a> | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0" href="#traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0" title="#traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0">`traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1" href="#traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1" title="#traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1">`traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/maxActiveConns` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns" href="#traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns" title="#traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns">`traefik/http/middlewares/Middleware18/rateLimit/redis/maxActiveConns`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/minIdleConns` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns" href="#traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns" title="#traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns">`traefik/http/middlewares/Middleware18/rateLimit/redis/minIdleConns`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/password` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredispassword" href="#traefikhttpmiddlewaresMiddleware18rateLimitredispassword" title="#traefikhttpmiddlewaresMiddleware18rateLimitredispassword">`traefik/http/middlewares/Middleware18/rateLimit/redis/password`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/poolSize` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize" href="#traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize" title="#traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize">`traefik/http/middlewares/Middleware18/rateLimit/redis/poolSize`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/readTimeout` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout" href="#traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout" title="#traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/readTimeout`</a> | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/ca` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredistlsca" href="#traefikhttpmiddlewaresMiddleware18rateLimitredistlsca" title="#traefikhttpmiddlewaresMiddleware18rateLimitredistlsca">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/ca`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/cert` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredistlscert" href="#traefikhttpmiddlewaresMiddleware18rateLimitredistlscert" title="#traefikhttpmiddlewaresMiddleware18rateLimitredistlscert">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/cert`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/insecureSkipVerify` | `true` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify" href="#traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify" title="#traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/insecureSkipVerify`</a> | `true` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/key` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredistlskey" href="#traefikhttpmiddlewaresMiddleware18rateLimitredistlskey" title="#traefikhttpmiddlewaresMiddleware18rateLimitredistlskey">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/key`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/username` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitredisusername" href="#traefikhttpmiddlewaresMiddleware18rateLimitredisusername" title="#traefikhttpmiddlewaresMiddleware18rateLimitredisusername">`traefik/http/middlewares/Middleware18/rateLimit/redis/username`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/redis/writeTimeout` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout" href="#traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout" title="#traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/writeTimeout`</a> | `42s` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/depth` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth" href="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth" title="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/depth`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0" href="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0" title="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1" href="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1" title="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/ipv6Subnet` | `42` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet" href="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet" title="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/ipv6Subnet`</a> | `42` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHeaderName` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName" href="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName" title="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHeaderName`</a> | `foobar` |
| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHost` | `true` | | <a id="traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost" href="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost" title="#traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHost`</a> | `true` |
| `traefik/http/middlewares/Middleware19/redirectRegex/permanent` | `true` | | <a id="traefikhttpmiddlewaresMiddleware19redirectRegexpermanent" href="#traefikhttpmiddlewaresMiddleware19redirectRegexpermanent" title="#traefikhttpmiddlewaresMiddleware19redirectRegexpermanent">`traefik/http/middlewares/Middleware19/redirectRegex/permanent`</a> | `true` |
| `traefik/http/middlewares/Middleware19/redirectRegex/regex` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware19redirectRegexregex" href="#traefikhttpmiddlewaresMiddleware19redirectRegexregex" title="#traefikhttpmiddlewaresMiddleware19redirectRegexregex">`traefik/http/middlewares/Middleware19/redirectRegex/regex`</a> | `foobar` |
| `traefik/http/middlewares/Middleware19/redirectRegex/replacement` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware19redirectRegexreplacement" href="#traefikhttpmiddlewaresMiddleware19redirectRegexreplacement" title="#traefikhttpmiddlewaresMiddleware19redirectRegexreplacement">`traefik/http/middlewares/Middleware19/redirectRegex/replacement`</a> | `foobar` |
| `traefik/http/middlewares/Middleware20/redirectScheme/permanent` | `true` | | <a id="traefikhttpmiddlewaresMiddleware20redirectSchemepermanent" href="#traefikhttpmiddlewaresMiddleware20redirectSchemepermanent" title="#traefikhttpmiddlewaresMiddleware20redirectSchemepermanent">`traefik/http/middlewares/Middleware20/redirectScheme/permanent`</a> | `true` |
| `traefik/http/middlewares/Middleware20/redirectScheme/port` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware20redirectSchemeport" href="#traefikhttpmiddlewaresMiddleware20redirectSchemeport" title="#traefikhttpmiddlewaresMiddleware20redirectSchemeport">`traefik/http/middlewares/Middleware20/redirectScheme/port`</a> | `foobar` |
| `traefik/http/middlewares/Middleware20/redirectScheme/scheme` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware20redirectSchemescheme" href="#traefikhttpmiddlewaresMiddleware20redirectSchemescheme" title="#traefikhttpmiddlewaresMiddleware20redirectSchemescheme">`traefik/http/middlewares/Middleware20/redirectScheme/scheme`</a> | `foobar` |
| `traefik/http/middlewares/Middleware21/replacePath/path` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware21replacePathpath" href="#traefikhttpmiddlewaresMiddleware21replacePathpath" title="#traefikhttpmiddlewaresMiddleware21replacePathpath">`traefik/http/middlewares/Middleware21/replacePath/path`</a> | `foobar` |
| `traefik/http/middlewares/Middleware22/replacePathRegex/regex` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware22replacePathRegexregex" href="#traefikhttpmiddlewaresMiddleware22replacePathRegexregex" title="#traefikhttpmiddlewaresMiddleware22replacePathRegexregex">`traefik/http/middlewares/Middleware22/replacePathRegex/regex`</a> | `foobar` |
| `traefik/http/middlewares/Middleware22/replacePathRegex/replacement` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement" href="#traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement" title="#traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement">`traefik/http/middlewares/Middleware22/replacePathRegex/replacement`</a> | `foobar` |
| `traefik/http/middlewares/Middleware23/retry/attempts` | `42` | | <a id="traefikhttpmiddlewaresMiddleware23retryattempts" href="#traefikhttpmiddlewaresMiddleware23retryattempts" title="#traefikhttpmiddlewaresMiddleware23retryattempts">`traefik/http/middlewares/Middleware23/retry/attempts`</a> | `42` |
| `traefik/http/middlewares/Middleware23/retry/initialInterval` | `42s` | | <a id="traefikhttpmiddlewaresMiddleware23retryinitialInterval" href="#traefikhttpmiddlewaresMiddleware23retryinitialInterval" title="#traefikhttpmiddlewaresMiddleware23retryinitialInterval">`traefik/http/middlewares/Middleware23/retry/initialInterval`</a> | `42s` |
| `traefik/http/middlewares/Middleware24/stripPrefix/forceSlash` | `true` | | <a id="traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash" href="#traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash" title="#traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash">`traefik/http/middlewares/Middleware24/stripPrefix/forceSlash`</a> | `true` |
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0" href="#traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0" title="#traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0">`traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1" href="#traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1" title="#traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1">`traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1`</a> | `foobar` |
| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0" href="#traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0" title="#traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0">`traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0`</a> | `foobar` |
| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/1` | `foobar` | | <a id="traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1" href="#traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1" title="#traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1">`traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/1`</a> | `foobar` |
| `traefik/http/routers/Router0/entryPoints/0` | `foobar` | | <a id="traefikhttproutersRouter0entryPoints0" href="#traefikhttproutersRouter0entryPoints0" title="#traefikhttproutersRouter0entryPoints0">`traefik/http/routers/Router0/entryPoints/0`</a> | `foobar` |
| `traefik/http/routers/Router0/entryPoints/1` | `foobar` | | <a id="traefikhttproutersRouter0entryPoints1" href="#traefikhttproutersRouter0entryPoints1" title="#traefikhttproutersRouter0entryPoints1">`traefik/http/routers/Router0/entryPoints/1`</a> | `foobar` |
| `traefik/http/routers/Router0/middlewares/0` | `foobar` | | <a id="traefikhttproutersRouter0middlewares0" href="#traefikhttproutersRouter0middlewares0" title="#traefikhttproutersRouter0middlewares0">`traefik/http/routers/Router0/middlewares/0`</a> | `foobar` |
| `traefik/http/routers/Router0/middlewares/1` | `foobar` | | <a id="traefikhttproutersRouter0middlewares1" href="#traefikhttproutersRouter0middlewares1" title="#traefikhttproutersRouter0middlewares1">`traefik/http/routers/Router0/middlewares/1`</a> | `foobar` |
| `traefik/http/routers/Router0/observability/accessLogs` | `true` | | <a id="traefikhttproutersRouter0observabilityaccessLogs" href="#traefikhttproutersRouter0observabilityaccessLogs" title="#traefikhttproutersRouter0observabilityaccessLogs">`traefik/http/routers/Router0/observability/accessLogs`</a> | `true` |
| `traefik/http/routers/Router0/observability/metrics` | `true` | | <a id="traefikhttproutersRouter0observabilitymetrics" href="#traefikhttproutersRouter0observabilitymetrics" title="#traefikhttproutersRouter0observabilitymetrics">`traefik/http/routers/Router0/observability/metrics`</a> | `true` |
| `traefik/http/routers/Router0/observability/traceVerbosity` | `foobar` | | <a id="traefikhttproutersRouter0observabilitytraceVerbosity" href="#traefikhttproutersRouter0observabilitytraceVerbosity" title="#traefikhttproutersRouter0observabilitytraceVerbosity">`traefik/http/routers/Router0/observability/traceVerbosity`</a> | `foobar` |
| `traefik/http/routers/Router0/observability/tracing` | `true` | | <a id="traefikhttproutersRouter0observabilitytracing" href="#traefikhttproutersRouter0observabilitytracing" title="#traefikhttproutersRouter0observabilitytracing">`traefik/http/routers/Router0/observability/tracing`</a> | `true` |
| `traefik/http/routers/Router0/priority` | `42` | | <a id="traefikhttproutersRouter0priority" href="#traefikhttproutersRouter0priority" title="#traefikhttproutersRouter0priority">`traefik/http/routers/Router0/priority`</a> | `42` |
| `traefik/http/routers/Router0/rule` | `foobar` | | <a id="traefikhttproutersRouter0rule" href="#traefikhttproutersRouter0rule" title="#traefikhttproutersRouter0rule">`traefik/http/routers/Router0/rule`</a> | `foobar` |
| `traefik/http/routers/Router0/ruleSyntax` | `foobar` | | <a id="traefikhttproutersRouter0ruleSyntax" href="#traefikhttproutersRouter0ruleSyntax" title="#traefikhttproutersRouter0ruleSyntax">`traefik/http/routers/Router0/ruleSyntax`</a> | `foobar` |
| `traefik/http/routers/Router0/service` | `foobar` | | <a id="traefikhttproutersRouter0service" href="#traefikhttproutersRouter0service" title="#traefikhttproutersRouter0service">`traefik/http/routers/Router0/service`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/certResolver` | `foobar` | | <a id="traefikhttproutersRouter0tlscertResolver" href="#traefikhttproutersRouter0tlscertResolver" title="#traefikhttproutersRouter0tlscertResolver">`traefik/http/routers/Router0/tls/certResolver`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` | | <a id="traefikhttproutersRouter0tlsdomains0main" href="#traefikhttproutersRouter0tlsdomains0main" title="#traefikhttproutersRouter0tlsdomains0main">`traefik/http/routers/Router0/tls/domains/0/main`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/domains/0/sans/0` | `foobar` | | <a id="traefikhttproutersRouter0tlsdomains0sans0" href="#traefikhttproutersRouter0tlsdomains0sans0" title="#traefikhttproutersRouter0tlsdomains0sans0">`traefik/http/routers/Router0/tls/domains/0/sans/0`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/domains/0/sans/1` | `foobar` | | <a id="traefikhttproutersRouter0tlsdomains0sans1" href="#traefikhttproutersRouter0tlsdomains0sans1" title="#traefikhttproutersRouter0tlsdomains0sans1">`traefik/http/routers/Router0/tls/domains/0/sans/1`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/domains/1/main` | `foobar` | | <a id="traefikhttproutersRouter0tlsdomains1main" href="#traefikhttproutersRouter0tlsdomains1main" title="#traefikhttproutersRouter0tlsdomains1main">`traefik/http/routers/Router0/tls/domains/1/main`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/domains/1/sans/0` | `foobar` | | <a id="traefikhttproutersRouter0tlsdomains1sans0" href="#traefikhttproutersRouter0tlsdomains1sans0" title="#traefikhttproutersRouter0tlsdomains1sans0">`traefik/http/routers/Router0/tls/domains/1/sans/0`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/domains/1/sans/1` | `foobar` | | <a id="traefikhttproutersRouter0tlsdomains1sans1" href="#traefikhttproutersRouter0tlsdomains1sans1" title="#traefikhttproutersRouter0tlsdomains1sans1">`traefik/http/routers/Router0/tls/domains/1/sans/1`</a> | `foobar` |
| `traefik/http/routers/Router0/tls/options` | `foobar` | | <a id="traefikhttproutersRouter0tlsoptions" href="#traefikhttproutersRouter0tlsoptions" title="#traefikhttproutersRouter0tlsoptions">`traefik/http/routers/Router0/tls/options`</a> | `foobar` |
| `traefik/http/routers/Router1/entryPoints/0` | `foobar` | | <a id="traefikhttproutersRouter1entryPoints0" href="#traefikhttproutersRouter1entryPoints0" title="#traefikhttproutersRouter1entryPoints0">`traefik/http/routers/Router1/entryPoints/0`</a> | `foobar` |
| `traefik/http/routers/Router1/entryPoints/1` | `foobar` | | <a id="traefikhttproutersRouter1entryPoints1" href="#traefikhttproutersRouter1entryPoints1" title="#traefikhttproutersRouter1entryPoints1">`traefik/http/routers/Router1/entryPoints/1`</a> | `foobar` |
| `traefik/http/routers/Router1/middlewares/0` | `foobar` | | <a id="traefikhttproutersRouter1middlewares0" href="#traefikhttproutersRouter1middlewares0" title="#traefikhttproutersRouter1middlewares0">`traefik/http/routers/Router1/middlewares/0`</a> | `foobar` |
| `traefik/http/routers/Router1/middlewares/1` | `foobar` | | <a id="traefikhttproutersRouter1middlewares1" href="#traefikhttproutersRouter1middlewares1" title="#traefikhttproutersRouter1middlewares1">`traefik/http/routers/Router1/middlewares/1`</a> | `foobar` |
| `traefik/http/routers/Router1/observability/accessLogs` | `true` | | <a id="traefikhttproutersRouter1observabilityaccessLogs" href="#traefikhttproutersRouter1observabilityaccessLogs" title="#traefikhttproutersRouter1observabilityaccessLogs">`traefik/http/routers/Router1/observability/accessLogs`</a> | `true` |
| `traefik/http/routers/Router1/observability/metrics` | `true` | | <a id="traefikhttproutersRouter1observabilitymetrics" href="#traefikhttproutersRouter1observabilitymetrics" title="#traefikhttproutersRouter1observabilitymetrics">`traefik/http/routers/Router1/observability/metrics`</a> | `true` |
| `traefik/http/routers/Router1/observability/traceVerbosity` | `foobar` | | <a id="traefikhttproutersRouter1observabilitytraceVerbosity" href="#traefikhttproutersRouter1observabilitytraceVerbosity" title="#traefikhttproutersRouter1observabilitytraceVerbosity">`traefik/http/routers/Router1/observability/traceVerbosity`</a> | `foobar` |
| `traefik/http/routers/Router1/observability/tracing` | `true` | | <a id="traefikhttproutersRouter1observabilitytracing" href="#traefikhttproutersRouter1observabilitytracing" title="#traefikhttproutersRouter1observabilitytracing">`traefik/http/routers/Router1/observability/tracing`</a> | `true` |
| `traefik/http/routers/Router1/priority` | `42` | | <a id="traefikhttproutersRouter1priority" href="#traefikhttproutersRouter1priority" title="#traefikhttproutersRouter1priority">`traefik/http/routers/Router1/priority`</a> | `42` |
| `traefik/http/routers/Router1/rule` | `foobar` | | <a id="traefikhttproutersRouter1rule" href="#traefikhttproutersRouter1rule" title="#traefikhttproutersRouter1rule">`traefik/http/routers/Router1/rule`</a> | `foobar` |
| `traefik/http/routers/Router1/ruleSyntax` | `foobar` | | <a id="traefikhttproutersRouter1ruleSyntax" href="#traefikhttproutersRouter1ruleSyntax" title="#traefikhttproutersRouter1ruleSyntax">`traefik/http/routers/Router1/ruleSyntax`</a> | `foobar` |
| `traefik/http/routers/Router1/service` | `foobar` | | <a id="traefikhttproutersRouter1service" href="#traefikhttproutersRouter1service" title="#traefikhttproutersRouter1service">`traefik/http/routers/Router1/service`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/certResolver` | `foobar` | | <a id="traefikhttproutersRouter1tlscertResolver" href="#traefikhttproutersRouter1tlscertResolver" title="#traefikhttproutersRouter1tlscertResolver">`traefik/http/routers/Router1/tls/certResolver`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` | | <a id="traefikhttproutersRouter1tlsdomains0main" href="#traefikhttproutersRouter1tlsdomains0main" title="#traefikhttproutersRouter1tlsdomains0main">`traefik/http/routers/Router1/tls/domains/0/main`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/domains/0/sans/0` | `foobar` | | <a id="traefikhttproutersRouter1tlsdomains0sans0" href="#traefikhttproutersRouter1tlsdomains0sans0" title="#traefikhttproutersRouter1tlsdomains0sans0">`traefik/http/routers/Router1/tls/domains/0/sans/0`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/domains/0/sans/1` | `foobar` | | <a id="traefikhttproutersRouter1tlsdomains0sans1" href="#traefikhttproutersRouter1tlsdomains0sans1" title="#traefikhttproutersRouter1tlsdomains0sans1">`traefik/http/routers/Router1/tls/domains/0/sans/1`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/domains/1/main` | `foobar` | | <a id="traefikhttproutersRouter1tlsdomains1main" href="#traefikhttproutersRouter1tlsdomains1main" title="#traefikhttproutersRouter1tlsdomains1main">`traefik/http/routers/Router1/tls/domains/1/main`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/domains/1/sans/0` | `foobar` | | <a id="traefikhttproutersRouter1tlsdomains1sans0" href="#traefikhttproutersRouter1tlsdomains1sans0" title="#traefikhttproutersRouter1tlsdomains1sans0">`traefik/http/routers/Router1/tls/domains/1/sans/0`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/domains/1/sans/1` | `foobar` | | <a id="traefikhttproutersRouter1tlsdomains1sans1" href="#traefikhttproutersRouter1tlsdomains1sans1" title="#traefikhttproutersRouter1tlsdomains1sans1">`traefik/http/routers/Router1/tls/domains/1/sans/1`</a> | `foobar` |
| `traefik/http/routers/Router1/tls/options` | `foobar` | | <a id="traefikhttproutersRouter1tlsoptions" href="#traefikhttproutersRouter1tlsoptions" title="#traefikhttproutersRouter1tlsoptions">`traefik/http/routers/Router1/tls/options`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/0/certFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0certificates0certFile" href="#traefikhttpserversTransportsServersTransport0certificates0certFile" title="#traefikhttpserversTransportsServersTransport0certificates0certFile">`traefik/http/serversTransports/ServersTransport0/certificates/0/certFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/0/keyFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0certificates0keyFile" href="#traefikhttpserversTransportsServersTransport0certificates0keyFile" title="#traefikhttpserversTransportsServersTransport0certificates0keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/0/keyFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/1/certFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0certificates1certFile" href="#traefikhttpserversTransportsServersTransport0certificates1certFile" title="#traefikhttpserversTransportsServersTransport0certificates1certFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/certFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/certificates/1/keyFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0certificates1keyFile" href="#traefikhttpserversTransportsServersTransport0certificates1keyFile" title="#traefikhttpserversTransportsServersTransport0certificates1keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/keyFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/disableHTTP2` | `true` | | <a id="traefikhttpserversTransportsServersTransport0disableHTTP2" href="#traefikhttpserversTransportsServersTransport0disableHTTP2" title="#traefikhttpserversTransportsServersTransport0disableHTTP2">`traefik/http/serversTransports/ServersTransport0/disableHTTP2`</a> | `true` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" href="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" title="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" href="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" title="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/pingTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout" href="#traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout" title="#traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/pingTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/readIdleTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout" href="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout" title="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/readIdleTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" href="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" title="#traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport0/insecureSkipVerify` | `true` | | <a id="traefikhttpserversTransportsServersTransport0insecureSkipVerify" href="#traefikhttpserversTransportsServersTransport0insecureSkipVerify" title="#traefikhttpserversTransportsServersTransport0insecureSkipVerify">`traefik/http/serversTransports/ServersTransport0/insecureSkipVerify`</a> | `true` |
| `traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost` | `42` | | <a id="traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" href="#traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" title="#traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost`</a> | `42` |
| `traefik/http/serversTransports/ServersTransport0/peerCertURI` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0peerCertURI" href="#traefikhttpserversTransportsServersTransport0peerCertURI" title="#traefikhttpserversTransportsServersTransport0peerCertURI">`traefik/http/serversTransports/ServersTransport0/peerCertURI`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/rootCAs/0` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0rootCAs0" href="#traefikhttpserversTransportsServersTransport0rootCAs0" title="#traefikhttpserversTransportsServersTransport0rootCAs0">`traefik/http/serversTransports/ServersTransport0/rootCAs/0`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/rootCAs/1` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0rootCAs1" href="#traefikhttpserversTransportsServersTransport0rootCAs1" title="#traefikhttpserversTransportsServersTransport0rootCAs1">`traefik/http/serversTransports/ServersTransport0/rootCAs/1`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/serverName` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0serverName" href="#traefikhttpserversTransportsServersTransport0serverName" title="#traefikhttpserversTransportsServersTransport0serverName">`traefik/http/serversTransports/ServersTransport0/serverName`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/0` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0spiffeids0" href="#traefikhttpserversTransportsServersTransport0spiffeids0" title="#traefikhttpserversTransportsServersTransport0spiffeids0">`traefik/http/serversTransports/ServersTransport0/spiffe/ids/0`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/1` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0spiffeids1" href="#traefikhttpserversTransportsServersTransport0spiffeids1" title="#traefikhttpserversTransportsServersTransport0spiffeids1">`traefik/http/serversTransports/ServersTransport0/spiffe/ids/1`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport0/spiffe/trustDomain` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport0spiffetrustDomain" href="#traefikhttpserversTransportsServersTransport0spiffetrustDomain" title="#traefikhttpserversTransportsServersTransport0spiffetrustDomain">`traefik/http/serversTransports/ServersTransport0/spiffe/trustDomain`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/0/certFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1certificates0certFile" href="#traefikhttpserversTransportsServersTransport1certificates0certFile" title="#traefikhttpserversTransportsServersTransport1certificates0certFile">`traefik/http/serversTransports/ServersTransport1/certificates/0/certFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1certificates0keyFile" href="#traefikhttpserversTransportsServersTransport1certificates0keyFile" title="#traefikhttpserversTransportsServersTransport1certificates0keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/1/certFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1certificates1certFile" href="#traefikhttpserversTransportsServersTransport1certificates1certFile" title="#traefikhttpserversTransportsServersTransport1certificates1certFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/certFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/certificates/1/keyFile` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1certificates1keyFile" href="#traefikhttpserversTransportsServersTransport1certificates1keyFile" title="#traefikhttpserversTransportsServersTransport1certificates1keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/keyFile`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/disableHTTP2` | `true` | | <a id="traefikhttpserversTransportsServersTransport1disableHTTP2" href="#traefikhttpserversTransportsServersTransport1disableHTTP2" title="#traefikhttpserversTransportsServersTransport1disableHTTP2">`traefik/http/serversTransports/ServersTransport1/disableHTTP2`</a> | `true` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" href="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" title="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" href="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" title="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/pingTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout" href="#traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout" title="#traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/pingTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/readIdleTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout" href="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout" title="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/readIdleTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout` | `42s` | | <a id="traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" href="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" title="#traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
| `traefik/http/serversTransports/ServersTransport1/insecureSkipVerify` | `true` | | <a id="traefikhttpserversTransportsServersTransport1insecureSkipVerify" href="#traefikhttpserversTransportsServersTransport1insecureSkipVerify" title="#traefikhttpserversTransportsServersTransport1insecureSkipVerify">`traefik/http/serversTransports/ServersTransport1/insecureSkipVerify`</a> | `true` |
| `traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost` | `42` | | <a id="traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" href="#traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" title="#traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost`</a> | `42` |
| `traefik/http/serversTransports/ServersTransport1/peerCertURI` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1peerCertURI" href="#traefikhttpserversTransportsServersTransport1peerCertURI" title="#traefikhttpserversTransportsServersTransport1peerCertURI">`traefik/http/serversTransports/ServersTransport1/peerCertURI`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1rootCAs0" href="#traefikhttpserversTransportsServersTransport1rootCAs0" title="#traefikhttpserversTransportsServersTransport1rootCAs0">`traefik/http/serversTransports/ServersTransport1/rootCAs/0`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1rootCAs1" href="#traefikhttpserversTransportsServersTransport1rootCAs1" title="#traefikhttpserversTransportsServersTransport1rootCAs1">`traefik/http/serversTransports/ServersTransport1/rootCAs/1`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1serverName" href="#traefikhttpserversTransportsServersTransport1serverName" title="#traefikhttpserversTransportsServersTransport1serverName">`traefik/http/serversTransports/ServersTransport1/serverName`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/0` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1spiffeids0" href="#traefikhttpserversTransportsServersTransport1spiffeids0" title="#traefikhttpserversTransportsServersTransport1spiffeids0">`traefik/http/serversTransports/ServersTransport1/spiffe/ids/0`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/1` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1spiffeids1" href="#traefikhttpserversTransportsServersTransport1spiffeids1" title="#traefikhttpserversTransportsServersTransport1spiffeids1">`traefik/http/serversTransports/ServersTransport1/spiffe/ids/1`</a> | `foobar` |
| `traefik/http/serversTransports/ServersTransport1/spiffe/trustDomain` | `foobar` | | <a id="traefikhttpserversTransportsServersTransport1spiffetrustDomain" href="#traefikhttpserversTransportsServersTransport1spiffetrustDomain" title="#traefikhttpserversTransportsServersTransport1spiffetrustDomain">`traefik/http/serversTransports/ServersTransport1/spiffe/trustDomain`</a> | `foobar` |
| `traefik/http/services/Service01/failover/fallback` | `foobar` | | <a id="traefikhttpservicesService01failoverfallback" href="#traefikhttpservicesService01failoverfallback" title="#traefikhttpservicesService01failoverfallback">`traefik/http/services/Service01/failover/fallback`</a> | `foobar` |
| `traefik/http/services/Service01/failover/healthCheck` | `` | | <a id="traefikhttpservicesService01failoverhealthCheck" href="#traefikhttpservicesService01failoverhealthCheck" title="#traefikhttpservicesService01failoverhealthCheck">`traefik/http/services/Service01/failover/healthCheck`</a> | `` |
| `traefik/http/services/Service01/failover/service` | `foobar` | | <a id="traefikhttpservicesService01failoverservice" href="#traefikhttpservicesService01failoverservice" title="#traefikhttpservicesService01failoverservice">`traefik/http/services/Service01/failover/service`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects` | `true` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects" href="#traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects" title="#traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects">`traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects`</a> | `true` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckheadersname0" href="#traefikhttpservicesService02loadBalancerhealthCheckheadersname0" title="#traefikhttpservicesService02loadBalancerhealthCheckheadersname0">`traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckheadersname1" href="#traefikhttpservicesService02loadBalancerhealthCheckheadersname1" title="#traefikhttpservicesService02loadBalancerhealthCheckheadersname1">`traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/hostname` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckhostname" href="#traefikhttpservicesService02loadBalancerhealthCheckhostname" title="#traefikhttpservicesService02loadBalancerhealthCheckhostname">`traefik/http/services/Service02/loadBalancer/healthCheck/hostname`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/interval` | `42s` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckinterval" href="#traefikhttpservicesService02loadBalancerhealthCheckinterval" title="#traefikhttpservicesService02loadBalancerhealthCheckinterval">`traefik/http/services/Service02/loadBalancer/healthCheck/interval`</a> | `42s` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/method` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckmethod" href="#traefikhttpservicesService02loadBalancerhealthCheckmethod" title="#traefikhttpservicesService02loadBalancerhealthCheckmethod">`traefik/http/services/Service02/loadBalancer/healthCheck/method`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/mode` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckmode" href="#traefikhttpservicesService02loadBalancerhealthCheckmode" title="#traefikhttpservicesService02loadBalancerhealthCheckmode">`traefik/http/services/Service02/loadBalancer/healthCheck/mode`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/path` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckpath" href="#traefikhttpservicesService02loadBalancerhealthCheckpath" title="#traefikhttpservicesService02loadBalancerhealthCheckpath">`traefik/http/services/Service02/loadBalancer/healthCheck/path`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/port` | `42` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckport" href="#traefikhttpservicesService02loadBalancerhealthCheckport" title="#traefikhttpservicesService02loadBalancerhealthCheckport">`traefik/http/services/Service02/loadBalancer/healthCheck/port`</a> | `42` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/scheme` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckscheme" href="#traefikhttpservicesService02loadBalancerhealthCheckscheme" title="#traefikhttpservicesService02loadBalancerhealthCheckscheme">`traefik/http/services/Service02/loadBalancer/healthCheck/scheme`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/status` | `42` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckstatus" href="#traefikhttpservicesService02loadBalancerhealthCheckstatus" title="#traefikhttpservicesService02loadBalancerhealthCheckstatus">`traefik/http/services/Service02/loadBalancer/healthCheck/status`</a> | `42` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/timeout` | `42s` | | <a id="traefikhttpservicesService02loadBalancerhealthChecktimeout" href="#traefikhttpservicesService02loadBalancerhealthChecktimeout" title="#traefikhttpservicesService02loadBalancerhealthChecktimeout">`traefik/http/services/Service02/loadBalancer/healthCheck/timeout`</a> | `42s` |
| `traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval` | `42s` | | <a id="traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval" href="#traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval" title="#traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval">`traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval`</a> | `42s` |
| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` | | <a id="traefikhttpservicesService02loadBalancerpassHostHeader" href="#traefikhttpservicesService02loadBalancerpassHostHeader" title="#traefikhttpservicesService02loadBalancerpassHostHeader">`traefik/http/services/Service02/loadBalancer/passHostHeader`</a> | `true` |
| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` | | <a id="traefikhttpservicesService02loadBalancerresponseForwardingflushInterval" href="#traefikhttpservicesService02loadBalancerresponseForwardingflushInterval" title="#traefikhttpservicesService02loadBalancerresponseForwardingflushInterval">`traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval`</a> | `42s` |
| `traefik/http/services/Service02/loadBalancer/servers/0/preservePath` | `true` | | <a id="traefikhttpservicesService02loadBalancerservers0preservePath" href="#traefikhttpservicesService02loadBalancerservers0preservePath" title="#traefikhttpservicesService02loadBalancerservers0preservePath">`traefik/http/services/Service02/loadBalancer/servers/0/preservePath`</a> | `true` |
| `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerservers0url" href="#traefikhttpservicesService02loadBalancerservers0url" title="#traefikhttpservicesService02loadBalancerservers0url">`traefik/http/services/Service02/loadBalancer/servers/0/url`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/servers/0/weight` | `42` | | <a id="traefikhttpservicesService02loadBalancerservers0weight" href="#traefikhttpservicesService02loadBalancerservers0weight" title="#traefikhttpservicesService02loadBalancerservers0weight">`traefik/http/services/Service02/loadBalancer/servers/0/weight`</a> | `42` |
| `traefik/http/services/Service02/loadBalancer/servers/1/preservePath` | `true` | | <a id="traefikhttpservicesService02loadBalancerservers1preservePath" href="#traefikhttpservicesService02loadBalancerservers1preservePath" title="#traefikhttpservicesService02loadBalancerservers1preservePath">`traefik/http/services/Service02/loadBalancer/servers/1/preservePath`</a> | `true` |
| `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerservers1url" href="#traefikhttpservicesService02loadBalancerservers1url" title="#traefikhttpservicesService02loadBalancerservers1url">`traefik/http/services/Service02/loadBalancer/servers/1/url`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/servers/1/weight` | `42` | | <a id="traefikhttpservicesService02loadBalancerservers1weight" href="#traefikhttpservicesService02loadBalancerservers1weight" title="#traefikhttpservicesService02loadBalancerservers1weight">`traefik/http/services/Service02/loadBalancer/servers/1/weight`</a> | `42` |
| `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerserversTransport" href="#traefikhttpservicesService02loadBalancerserversTransport" title="#traefikhttpservicesService02loadBalancerserversTransport">`traefik/http/services/Service02/loadBalancer/serversTransport`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/domain` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerstickycookiedomain" href="#traefikhttpservicesService02loadBalancerstickycookiedomain" title="#traefikhttpservicesService02loadBalancerstickycookiedomain">`traefik/http/services/Service02/loadBalancer/sticky/cookie/domain`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` | | <a id="traefikhttpservicesService02loadBalancerstickycookiehttpOnly" href="#traefikhttpservicesService02loadBalancerstickycookiehttpOnly" title="#traefikhttpservicesService02loadBalancerstickycookiehttpOnly">`traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly`</a> | `true` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge` | `42` | | <a id="traefikhttpservicesService02loadBalancerstickycookiemaxAge" href="#traefikhttpservicesService02loadBalancerstickycookiemaxAge" title="#traefikhttpservicesService02loadBalancerstickycookiemaxAge">`traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge`</a> | `42` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/name` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerstickycookiename" href="#traefikhttpservicesService02loadBalancerstickycookiename" title="#traefikhttpservicesService02loadBalancerstickycookiename">`traefik/http/services/Service02/loadBalancer/sticky/cookie/name`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/path` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerstickycookiepath" href="#traefikhttpservicesService02loadBalancerstickycookiepath" title="#traefikhttpservicesService02loadBalancerstickycookiepath">`traefik/http/services/Service02/loadBalancer/sticky/cookie/path`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerstickycookiesameSite" href="#traefikhttpservicesService02loadBalancerstickycookiesameSite" title="#traefikhttpservicesService02loadBalancerstickycookiesameSite">`traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite`</a> | `foobar` |
| `traefik/http/services/Service02/loadBalancer/sticky/cookie/secure` | `true` | | <a id="traefikhttpservicesService02loadBalancerstickycookiesecure" href="#traefikhttpservicesService02loadBalancerstickycookiesecure" title="#traefikhttpservicesService02loadBalancerstickycookiesecure">`traefik/http/services/Service02/loadBalancer/sticky/cookie/secure`</a> | `true` |
| `traefik/http/services/Service02/loadBalancer/strategy` | `foobar` | | <a id="traefikhttpservicesService02loadBalancerstrategy" href="#traefikhttpservicesService02loadBalancerstrategy" title="#traefikhttpservicesService02loadBalancerstrategy">`traefik/http/services/Service02/loadBalancer/strategy`</a> | `foobar` |
| `traefik/http/services/Service03/mirroring/healthCheck` | `` | | <a id="traefikhttpservicesService03mirroringhealthCheck" href="#traefikhttpservicesService03mirroringhealthCheck" title="#traefikhttpservicesService03mirroringhealthCheck">`traefik/http/services/Service03/mirroring/healthCheck`</a> | `` |
| `traefik/http/services/Service03/mirroring/maxBodySize` | `42` | | <a id="traefikhttpservicesService03mirroringmaxBodySize" href="#traefikhttpservicesService03mirroringmaxBodySize" title="#traefikhttpservicesService03mirroringmaxBodySize">`traefik/http/services/Service03/mirroring/maxBodySize`</a> | `42` |
| `traefik/http/services/Service03/mirroring/mirrorBody` | `true` | | <a id="traefikhttpservicesService03mirroringmirrorBody" href="#traefikhttpservicesService03mirroringmirrorBody" title="#traefikhttpservicesService03mirroringmirrorBody">`traefik/http/services/Service03/mirroring/mirrorBody`</a> | `true` |
| `traefik/http/services/Service03/mirroring/mirrors/0/name` | `foobar` | | <a id="traefikhttpservicesService03mirroringmirrors0name" href="#traefikhttpservicesService03mirroringmirrors0name" title="#traefikhttpservicesService03mirroringmirrors0name">`traefik/http/services/Service03/mirroring/mirrors/0/name`</a> | `foobar` |
| `traefik/http/services/Service03/mirroring/mirrors/0/percent` | `42` | | <a id="traefikhttpservicesService03mirroringmirrors0percent" href="#traefikhttpservicesService03mirroringmirrors0percent" title="#traefikhttpservicesService03mirroringmirrors0percent">`traefik/http/services/Service03/mirroring/mirrors/0/percent`</a> | `42` |
| `traefik/http/services/Service03/mirroring/mirrors/1/name` | `foobar` | | <a id="traefikhttpservicesService03mirroringmirrors1name" href="#traefikhttpservicesService03mirroringmirrors1name" title="#traefikhttpservicesService03mirroringmirrors1name">`traefik/http/services/Service03/mirroring/mirrors/1/name`</a> | `foobar` |
| `traefik/http/services/Service03/mirroring/mirrors/1/percent` | `42` | | <a id="traefikhttpservicesService03mirroringmirrors1percent" href="#traefikhttpservicesService03mirroringmirrors1percent" title="#traefikhttpservicesService03mirroringmirrors1percent">`traefik/http/services/Service03/mirroring/mirrors/1/percent`</a> | `42` |
| `traefik/http/services/Service03/mirroring/service` | `foobar` | | <a id="traefikhttpservicesService03mirroringservice" href="#traefikhttpservicesService03mirroringservice" title="#traefikhttpservicesService03mirroringservice">`traefik/http/services/Service03/mirroring/service`</a> | `foobar` |
| `traefik/http/services/Service04/weighted/healthCheck` | `` | | <a id="traefikhttpservicesService04weightedhealthCheck" href="#traefikhttpservicesService04weightedhealthCheck" title="#traefikhttpservicesService04weightedhealthCheck">`traefik/http/services/Service04/weighted/healthCheck`</a> | `` |
| `traefik/http/services/Service04/weighted/services/0/name` | `foobar` | | <a id="traefikhttpservicesService04weightedservices0name" href="#traefikhttpservicesService04weightedservices0name" title="#traefikhttpservicesService04weightedservices0name">`traefik/http/services/Service04/weighted/services/0/name`</a> | `foobar` |
| `traefik/http/services/Service04/weighted/services/0/weight` | `42` | | <a id="traefikhttpservicesService04weightedservices0weight" href="#traefikhttpservicesService04weightedservices0weight" title="#traefikhttpservicesService04weightedservices0weight">`traefik/http/services/Service04/weighted/services/0/weight`</a> | `42` |
| `traefik/http/services/Service04/weighted/services/1/name` | `foobar` | | <a id="traefikhttpservicesService04weightedservices1name" href="#traefikhttpservicesService04weightedservices1name" title="#traefikhttpservicesService04weightedservices1name">`traefik/http/services/Service04/weighted/services/1/name`</a> | `foobar` |
| `traefik/http/services/Service04/weighted/services/1/weight` | `42` | | <a id="traefikhttpservicesService04weightedservices1weight" href="#traefikhttpservicesService04weightedservices1weight" title="#traefikhttpservicesService04weightedservices1weight">`traefik/http/services/Service04/weighted/services/1/weight`</a> | `42` |
| `traefik/http/services/Service04/weighted/sticky/cookie/domain` | `foobar` | | <a id="traefikhttpservicesService04weightedstickycookiedomain" href="#traefikhttpservicesService04weightedstickycookiedomain" title="#traefikhttpservicesService04weightedstickycookiedomain">`traefik/http/services/Service04/weighted/sticky/cookie/domain`</a> | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/httpOnly` | `true` | | <a id="traefikhttpservicesService04weightedstickycookiehttpOnly" href="#traefikhttpservicesService04weightedstickycookiehttpOnly" title="#traefikhttpservicesService04weightedstickycookiehttpOnly">`traefik/http/services/Service04/weighted/sticky/cookie/httpOnly`</a> | `true` |
| `traefik/http/services/Service04/weighted/sticky/cookie/maxAge` | `42` | | <a id="traefikhttpservicesService04weightedstickycookiemaxAge" href="#traefikhttpservicesService04weightedstickycookiemaxAge" title="#traefikhttpservicesService04weightedstickycookiemaxAge">`traefik/http/services/Service04/weighted/sticky/cookie/maxAge`</a> | `42` |
| `traefik/http/services/Service04/weighted/sticky/cookie/name` | `foobar` | | <a id="traefikhttpservicesService04weightedstickycookiename" href="#traefikhttpservicesService04weightedstickycookiename" title="#traefikhttpservicesService04weightedstickycookiename">`traefik/http/services/Service04/weighted/sticky/cookie/name`</a> | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/path` | `foobar` | | <a id="traefikhttpservicesService04weightedstickycookiepath" href="#traefikhttpservicesService04weightedstickycookiepath" title="#traefikhttpservicesService04weightedstickycookiepath">`traefik/http/services/Service04/weighted/sticky/cookie/path`</a> | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/sameSite` | `foobar` | | <a id="traefikhttpservicesService04weightedstickycookiesameSite" href="#traefikhttpservicesService04weightedstickycookiesameSite" title="#traefikhttpservicesService04weightedstickycookiesameSite">`traefik/http/services/Service04/weighted/sticky/cookie/sameSite`</a> | `foobar` |
| `traefik/http/services/Service04/weighted/sticky/cookie/secure` | `true` | | <a id="traefikhttpservicesService04weightedstickycookiesecure" href="#traefikhttpservicesService04weightedstickycookiesecure" title="#traefikhttpservicesService04weightedstickycookiesecure">`traefik/http/services/Service04/weighted/sticky/cookie/secure`</a> | `true` |
| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0` | `foobar` | | <a id="traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0" href="#traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0" title="#traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0">`traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0`</a> | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1` | `foobar` | | <a id="traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1" href="#traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1" title="#traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1">`traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1`</a> | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0` | `foobar` | | <a id="traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0" href="#traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0" title="#traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0">`traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0`</a> | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1` | `foobar` | | <a id="traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1" href="#traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1" title="#traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1">`traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1`</a> | `foobar` |
| `traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount` | `42` | | <a id="traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount" href="#traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount" title="#traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount">`traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount`</a> | `42` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` | | <a id="traefiktcproutersTCPRouter0entryPoints0" href="#traefiktcproutersTCPRouter0entryPoints0" title="#traefiktcproutersTCPRouter0entryPoints0">`traefik/tcp/routers/TCPRouter0/entryPoints/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` | | <a id="traefiktcproutersTCPRouter0entryPoints1" href="#traefiktcproutersTCPRouter0entryPoints1" title="#traefiktcproutersTCPRouter0entryPoints1">`traefik/tcp/routers/TCPRouter0/entryPoints/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/middlewares/0` | `foobar` | | <a id="traefiktcproutersTCPRouter0middlewares0" href="#traefiktcproutersTCPRouter0middlewares0" title="#traefiktcproutersTCPRouter0middlewares0">`traefik/tcp/routers/TCPRouter0/middlewares/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` | | <a id="traefiktcproutersTCPRouter0middlewares1" href="#traefiktcproutersTCPRouter0middlewares1" title="#traefiktcproutersTCPRouter0middlewares1">`traefik/tcp/routers/TCPRouter0/middlewares/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/priority` | `42` | | <a id="traefiktcproutersTCPRouter0priority" href="#traefiktcproutersTCPRouter0priority" title="#traefiktcproutersTCPRouter0priority">`traefik/tcp/routers/TCPRouter0/priority`</a> | `42` |
| `traefik/tcp/routers/TCPRouter0/rule` | `foobar` | | <a id="traefiktcproutersTCPRouter0rule" href="#traefiktcproutersTCPRouter0rule" title="#traefiktcproutersTCPRouter0rule">`traefik/tcp/routers/TCPRouter0/rule`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/ruleSyntax` | `foobar` | | <a id="traefiktcproutersTCPRouter0ruleSyntax" href="#traefiktcproutersTCPRouter0ruleSyntax" title="#traefiktcproutersTCPRouter0ruleSyntax">`traefik/tcp/routers/TCPRouter0/ruleSyntax`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/service` | `foobar` | | <a id="traefiktcproutersTCPRouter0service" href="#traefiktcproutersTCPRouter0service" title="#traefiktcproutersTCPRouter0service">`traefik/tcp/routers/TCPRouter0/service`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlscertResolver" href="#traefiktcproutersTCPRouter0tlscertResolver" title="#traefiktcproutersTCPRouter0tlscertResolver">`traefik/tcp/routers/TCPRouter0/tls/certResolver`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlsdomains0main" href="#traefiktcproutersTCPRouter0tlsdomains0main" title="#traefiktcproutersTCPRouter0tlsdomains0main">`traefik/tcp/routers/TCPRouter0/tls/domains/0/main`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/0` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlsdomains0sans0" href="#traefiktcproutersTCPRouter0tlsdomains0sans0" title="#traefiktcproutersTCPRouter0tlsdomains0sans0">`traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/1` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlsdomains0sans1" href="#traefiktcproutersTCPRouter0tlsdomains0sans1" title="#traefiktcproutersTCPRouter0tlsdomains0sans1">`traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/1/main` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlsdomains1main" href="#traefiktcproutersTCPRouter0tlsdomains1main" title="#traefiktcproutersTCPRouter0tlsdomains1main">`traefik/tcp/routers/TCPRouter0/tls/domains/1/main`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/0` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlsdomains1sans0" href="#traefiktcproutersTCPRouter0tlsdomains1sans0" title="#traefiktcproutersTCPRouter0tlsdomains1sans0">`traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/1` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlsdomains1sans1" href="#traefiktcproutersTCPRouter0tlsdomains1sans1" title="#traefiktcproutersTCPRouter0tlsdomains1sans1">`traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/options` | `foobar` | | <a id="traefiktcproutersTCPRouter0tlsoptions" href="#traefiktcproutersTCPRouter0tlsoptions" title="#traefiktcproutersTCPRouter0tlsoptions">`traefik/tcp/routers/TCPRouter0/tls/options`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter0/tls/passthrough` | `true` | | <a id="traefiktcproutersTCPRouter0tlspassthrough" href="#traefiktcproutersTCPRouter0tlspassthrough" title="#traefiktcproutersTCPRouter0tlspassthrough">`traefik/tcp/routers/TCPRouter0/tls/passthrough`</a> | `true` |
| `traefik/tcp/routers/TCPRouter1/entryPoints/0` | `foobar` | | <a id="traefiktcproutersTCPRouter1entryPoints0" href="#traefiktcproutersTCPRouter1entryPoints0" title="#traefiktcproutersTCPRouter1entryPoints0">`traefik/tcp/routers/TCPRouter1/entryPoints/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/entryPoints/1` | `foobar` | | <a id="traefiktcproutersTCPRouter1entryPoints1" href="#traefiktcproutersTCPRouter1entryPoints1" title="#traefiktcproutersTCPRouter1entryPoints1">`traefik/tcp/routers/TCPRouter1/entryPoints/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/middlewares/0` | `foobar` | | <a id="traefiktcproutersTCPRouter1middlewares0" href="#traefiktcproutersTCPRouter1middlewares0" title="#traefiktcproutersTCPRouter1middlewares0">`traefik/tcp/routers/TCPRouter1/middlewares/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` | | <a id="traefiktcproutersTCPRouter1middlewares1" href="#traefiktcproutersTCPRouter1middlewares1" title="#traefiktcproutersTCPRouter1middlewares1">`traefik/tcp/routers/TCPRouter1/middlewares/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/priority` | `42` | | <a id="traefiktcproutersTCPRouter1priority" href="#traefiktcproutersTCPRouter1priority" title="#traefiktcproutersTCPRouter1priority">`traefik/tcp/routers/TCPRouter1/priority`</a> | `42` |
| `traefik/tcp/routers/TCPRouter1/rule` | `foobar` | | <a id="traefiktcproutersTCPRouter1rule" href="#traefiktcproutersTCPRouter1rule" title="#traefiktcproutersTCPRouter1rule">`traefik/tcp/routers/TCPRouter1/rule`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/ruleSyntax` | `foobar` | | <a id="traefiktcproutersTCPRouter1ruleSyntax" href="#traefiktcproutersTCPRouter1ruleSyntax" title="#traefiktcproutersTCPRouter1ruleSyntax">`traefik/tcp/routers/TCPRouter1/ruleSyntax`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/service` | `foobar` | | <a id="traefiktcproutersTCPRouter1service" href="#traefiktcproutersTCPRouter1service" title="#traefiktcproutersTCPRouter1service">`traefik/tcp/routers/TCPRouter1/service`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlscertResolver" href="#traefiktcproutersTCPRouter1tlscertResolver" title="#traefiktcproutersTCPRouter1tlscertResolver">`traefik/tcp/routers/TCPRouter1/tls/certResolver`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlsdomains0main" href="#traefiktcproutersTCPRouter1tlsdomains0main" title="#traefiktcproutersTCPRouter1tlsdomains0main">`traefik/tcp/routers/TCPRouter1/tls/domains/0/main`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/0` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlsdomains0sans0" href="#traefiktcproutersTCPRouter1tlsdomains0sans0" title="#traefiktcproutersTCPRouter1tlsdomains0sans0">`traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/1` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlsdomains0sans1" href="#traefiktcproutersTCPRouter1tlsdomains0sans1" title="#traefiktcproutersTCPRouter1tlsdomains0sans1">`traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/1/main` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlsdomains1main" href="#traefiktcproutersTCPRouter1tlsdomains1main" title="#traefiktcproutersTCPRouter1tlsdomains1main">`traefik/tcp/routers/TCPRouter1/tls/domains/1/main`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/0` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlsdomains1sans0" href="#traefiktcproutersTCPRouter1tlsdomains1sans0" title="#traefiktcproutersTCPRouter1tlsdomains1sans0">`traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/0`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/1` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlsdomains1sans1" href="#traefiktcproutersTCPRouter1tlsdomains1sans1" title="#traefiktcproutersTCPRouter1tlsdomains1sans1">`traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/1`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/options` | `foobar` | | <a id="traefiktcproutersTCPRouter1tlsoptions" href="#traefiktcproutersTCPRouter1tlsoptions" title="#traefiktcproutersTCPRouter1tlsoptions">`traefik/tcp/routers/TCPRouter1/tls/options`</a> | `foobar` |
| `traefik/tcp/routers/TCPRouter1/tls/passthrough` | `true` | | <a id="traefiktcproutersTCPRouter1tlspassthrough" href="#traefiktcproutersTCPRouter1tlspassthrough" title="#traefiktcproutersTCPRouter1tlspassthrough">`traefik/tcp/routers/TCPRouter1/tls/passthrough`</a> | `true` |
| `traefik/tcp/serversTransports/TCPServersTransport0/dialKeepAlive` | `42s` | | <a id="traefiktcpserversTransportsTCPServersTransport0dialKeepAlive" href="#traefiktcpserversTransportsTCPServersTransport0dialKeepAlive" title="#traefiktcpserversTransportsTCPServersTransport0dialKeepAlive">`traefik/tcp/serversTransports/TCPServersTransport0/dialKeepAlive`</a> | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport0/dialTimeout` | `42s` | | <a id="traefiktcpserversTransportsTCPServersTransport0dialTimeout" href="#traefiktcpserversTransportsTCPServersTransport0dialTimeout" title="#traefiktcpserversTransportsTCPServersTransport0dialTimeout">`traefik/tcp/serversTransports/TCPServersTransport0/dialTimeout`</a> | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport0/proxyProtocol/version` | `42` | | <a id="traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion" href="#traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion" title="#traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion">`traefik/tcp/serversTransports/TCPServersTransport0/proxyProtocol/version`</a> | `42` |
| `traefik/tcp/serversTransports/TCPServersTransport0/terminationDelay` | `42s` | | <a id="traefiktcpserversTransportsTCPServersTransport0terminationDelay" href="#traefiktcpserversTransportsTCPServersTransport0terminationDelay" title="#traefiktcpserversTransportsTCPServersTransport0terminationDelay">`traefik/tcp/serversTransports/TCPServersTransport0/terminationDelay`</a> | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/certFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile" href="#traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile" title="#traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/certFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/keyFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile" href="#traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile" title="#traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/keyFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/certFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile" href="#traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile" title="#traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/certFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/keyFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile" href="#traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile" title="#traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/keyFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/insecureSkipVerify` | `true` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify" href="#traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify" title="#traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify">`traefik/tcp/serversTransports/TCPServersTransport0/tls/insecureSkipVerify`</a> | `true` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/peerCertURI` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI" href="#traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI" title="#traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI">`traefik/tcp/serversTransports/TCPServersTransport0/tls/peerCertURI`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/0` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0" href="#traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0" title="#traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0">`traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/0`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/1` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1" href="#traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1" title="#traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1">`traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/1`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/serverName` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlsserverName" href="#traefiktcpserversTransportsTCPServersTransport0tlsserverName" title="#traefiktcpserversTransportsTCPServersTransport0tlsserverName">`traefik/tcp/serversTransports/TCPServersTransport0/tls/serverName`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/0` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0" href="#traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0" title="#traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/0`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/1` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1" href="#traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1" title="#traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/1`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/trustDomain` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain" href="#traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain" title="#traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/trustDomain`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/dialKeepAlive` | `42s` | | <a id="traefiktcpserversTransportsTCPServersTransport1dialKeepAlive" href="#traefiktcpserversTransportsTCPServersTransport1dialKeepAlive" title="#traefiktcpserversTransportsTCPServersTransport1dialKeepAlive">`traefik/tcp/serversTransports/TCPServersTransport1/dialKeepAlive`</a> | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport1/dialTimeout` | `42s` | | <a id="traefiktcpserversTransportsTCPServersTransport1dialTimeout" href="#traefiktcpserversTransportsTCPServersTransport1dialTimeout" title="#traefiktcpserversTransportsTCPServersTransport1dialTimeout">`traefik/tcp/serversTransports/TCPServersTransport1/dialTimeout`</a> | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport1/proxyProtocol/version` | `42` | | <a id="traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion" href="#traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion" title="#traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion">`traefik/tcp/serversTransports/TCPServersTransport1/proxyProtocol/version`</a> | `42` |
| `traefik/tcp/serversTransports/TCPServersTransport1/terminationDelay` | `42s` | | <a id="traefiktcpserversTransportsTCPServersTransport1terminationDelay" href="#traefiktcpserversTransportsTCPServersTransport1terminationDelay" title="#traefiktcpserversTransportsTCPServersTransport1terminationDelay">`traefik/tcp/serversTransports/TCPServersTransport1/terminationDelay`</a> | `42s` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/certFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile" href="#traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile" title="#traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/certFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/keyFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile" href="#traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile" title="#traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/keyFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/certFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile" href="#traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile" title="#traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/certFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/keyFile` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile" href="#traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile" title="#traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/keyFile`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/insecureSkipVerify` | `true` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify" href="#traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify" title="#traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify">`traefik/tcp/serversTransports/TCPServersTransport1/tls/insecureSkipVerify`</a> | `true` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/peerCertURI` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI" href="#traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI" title="#traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI">`traefik/tcp/serversTransports/TCPServersTransport1/tls/peerCertURI`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/0` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0" href="#traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0" title="#traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0">`traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/0`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/1` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1" href="#traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1" title="#traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1">`traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/1`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/serverName` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlsserverName" href="#traefiktcpserversTransportsTCPServersTransport1tlsserverName" title="#traefiktcpserversTransportsTCPServersTransport1tlsserverName">`traefik/tcp/serversTransports/TCPServersTransport1/tls/serverName`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/0` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0" href="#traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0" title="#traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/0`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/1` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1" href="#traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1" title="#traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/1`</a> | `foobar` |
| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/trustDomain` | `foobar` | | <a id="traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain" href="#traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain" title="#traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/trustDomain`</a> | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/proxyProtocol/version` | `42` | | <a id="traefiktcpservicesTCPService01loadBalancerproxyProtocolversion" href="#traefiktcpservicesTCPService01loadBalancerproxyProtocolversion" title="#traefiktcpservicesTCPService01loadBalancerproxyProtocolversion">`traefik/tcp/services/TCPService01/loadBalancer/proxyProtocol/version`</a> | `42` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/0/address` | `foobar` | | <a id="traefiktcpservicesTCPService01loadBalancerservers0address" href="#traefiktcpservicesTCPService01loadBalancerservers0address" title="#traefiktcpservicesTCPService01loadBalancerservers0address">`traefik/tcp/services/TCPService01/loadBalancer/servers/0/address`</a> | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/0/tls` | `true` | | <a id="traefiktcpservicesTCPService01loadBalancerservers0tls" href="#traefiktcpservicesTCPService01loadBalancerservers0tls" title="#traefiktcpservicesTCPService01loadBalancerservers0tls">`traefik/tcp/services/TCPService01/loadBalancer/servers/0/tls`</a> | `true` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/address` | `foobar` | | <a id="traefiktcpservicesTCPService01loadBalancerservers1address" href="#traefiktcpservicesTCPService01loadBalancerservers1address" title="#traefiktcpservicesTCPService01loadBalancerservers1address">`traefik/tcp/services/TCPService01/loadBalancer/servers/1/address`</a> | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls` | `true` | | <a id="traefiktcpservicesTCPService01loadBalancerservers1tls" href="#traefiktcpservicesTCPService01loadBalancerservers1tls" title="#traefiktcpservicesTCPService01loadBalancerservers1tls">`traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls`</a> | `true` |
| `traefik/tcp/services/TCPService01/loadBalancer/serversTransport` | `foobar` | | <a id="traefiktcpservicesTCPService01loadBalancerserversTransport" href="#traefiktcpservicesTCPService01loadBalancerserversTransport" title="#traefiktcpservicesTCPService01loadBalancerserversTransport">`traefik/tcp/services/TCPService01/loadBalancer/serversTransport`</a> | `foobar` |
| `traefik/tcp/services/TCPService01/loadBalancer/terminationDelay` | `42` | | <a id="traefiktcpservicesTCPService01loadBalancerterminationDelay" href="#traefiktcpservicesTCPService01loadBalancerterminationDelay" title="#traefiktcpservicesTCPService01loadBalancerterminationDelay">`traefik/tcp/services/TCPService01/loadBalancer/terminationDelay`</a> | `42` |
| `traefik/tcp/services/TCPService02/weighted/services/0/name` | `foobar` | | <a id="traefiktcpservicesTCPService02weightedservices0name" href="#traefiktcpservicesTCPService02weightedservices0name" title="#traefiktcpservicesTCPService02weightedservices0name">`traefik/tcp/services/TCPService02/weighted/services/0/name`</a> | `foobar` |
| `traefik/tcp/services/TCPService02/weighted/services/0/weight` | `42` | | <a id="traefiktcpservicesTCPService02weightedservices0weight" href="#traefiktcpservicesTCPService02weightedservices0weight" title="#traefiktcpservicesTCPService02weightedservices0weight">`traefik/tcp/services/TCPService02/weighted/services/0/weight`</a> | `42` |
| `traefik/tcp/services/TCPService02/weighted/services/1/name` | `foobar` | | <a id="traefiktcpservicesTCPService02weightedservices1name" href="#traefiktcpservicesTCPService02weightedservices1name" title="#traefiktcpservicesTCPService02weightedservices1name">`traefik/tcp/services/TCPService02/weighted/services/1/name`</a> | `foobar` |
| `traefik/tcp/services/TCPService02/weighted/services/1/weight` | `42` | | <a id="traefiktcpservicesTCPService02weightedservices1weight" href="#traefiktcpservicesTCPService02weightedservices1weight" title="#traefiktcpservicesTCPService02weightedservices1weight">`traefik/tcp/services/TCPService02/weighted/services/1/weight`</a> | `42` |
| `traefik/tls/certificates/0/certFile` | `foobar` | | <a id="traefiktlscertificates0certFile" href="#traefiktlscertificates0certFile" title="#traefiktlscertificates0certFile">`traefik/tls/certificates/0/certFile`</a> | `foobar` |
| `traefik/tls/certificates/0/keyFile` | `foobar` | | <a id="traefiktlscertificates0keyFile" href="#traefiktlscertificates0keyFile" title="#traefiktlscertificates0keyFile">`traefik/tls/certificates/0/keyFile`</a> | `foobar` |
| `traefik/tls/certificates/0/stores/0` | `foobar` | | <a id="traefiktlscertificates0stores0" href="#traefiktlscertificates0stores0" title="#traefiktlscertificates0stores0">`traefik/tls/certificates/0/stores/0`</a> | `foobar` |
| `traefik/tls/certificates/0/stores/1` | `foobar` | | <a id="traefiktlscertificates0stores1" href="#traefiktlscertificates0stores1" title="#traefiktlscertificates0stores1">`traefik/tls/certificates/0/stores/1`</a> | `foobar` |
| `traefik/tls/certificates/1/certFile` | `foobar` | | <a id="traefiktlscertificates1certFile" href="#traefiktlscertificates1certFile" title="#traefiktlscertificates1certFile">`traefik/tls/certificates/1/certFile`</a> | `foobar` |
| `traefik/tls/certificates/1/keyFile` | `foobar` | | <a id="traefiktlscertificates1keyFile" href="#traefiktlscertificates1keyFile" title="#traefiktlscertificates1keyFile">`traefik/tls/certificates/1/keyFile`</a> | `foobar` |
| `traefik/tls/certificates/1/stores/0` | `foobar` | | <a id="traefiktlscertificates1stores0" href="#traefiktlscertificates1stores0" title="#traefiktlscertificates1stores0">`traefik/tls/certificates/1/stores/0`</a> | `foobar` |
| `traefik/tls/certificates/1/stores/1` | `foobar` | | <a id="traefiktlscertificates1stores1" href="#traefiktlscertificates1stores1" title="#traefiktlscertificates1stores1">`traefik/tls/certificates/1/stores/1`</a> | `foobar` |
| `traefik/tls/options/Options0/alpnProtocols/0` | `foobar` | | <a id="traefiktlsoptionsOptions0alpnProtocols0" href="#traefiktlsoptionsOptions0alpnProtocols0" title="#traefiktlsoptionsOptions0alpnProtocols0">`traefik/tls/options/Options0/alpnProtocols/0`</a> | `foobar` |
| `traefik/tls/options/Options0/alpnProtocols/1` | `foobar` | | <a id="traefiktlsoptionsOptions0alpnProtocols1" href="#traefiktlsoptionsOptions0alpnProtocols1" title="#traefiktlsoptionsOptions0alpnProtocols1">`traefik/tls/options/Options0/alpnProtocols/1`</a> | `foobar` |
| `traefik/tls/options/Options0/cipherSuites/0` | `foobar` | | <a id="traefiktlsoptionsOptions0cipherSuites0" href="#traefiktlsoptionsOptions0cipherSuites0" title="#traefiktlsoptionsOptions0cipherSuites0">`traefik/tls/options/Options0/cipherSuites/0`</a> | `foobar` |
| `traefik/tls/options/Options0/cipherSuites/1` | `foobar` | | <a id="traefiktlsoptionsOptions0cipherSuites1" href="#traefiktlsoptionsOptions0cipherSuites1" title="#traefiktlsoptionsOptions0cipherSuites1">`traefik/tls/options/Options0/cipherSuites/1`</a> | `foobar` |
| `traefik/tls/options/Options0/clientAuth/caFiles/0` | `foobar` | | <a id="traefiktlsoptionsOptions0clientAuthcaFiles0" href="#traefiktlsoptionsOptions0clientAuthcaFiles0" title="#traefiktlsoptionsOptions0clientAuthcaFiles0">`traefik/tls/options/Options0/clientAuth/caFiles/0`</a> | `foobar` |
| `traefik/tls/options/Options0/clientAuth/caFiles/1` | `foobar` | | <a id="traefiktlsoptionsOptions0clientAuthcaFiles1" href="#traefiktlsoptionsOptions0clientAuthcaFiles1" title="#traefiktlsoptionsOptions0clientAuthcaFiles1">`traefik/tls/options/Options0/clientAuth/caFiles/1`</a> | `foobar` |
| `traefik/tls/options/Options0/clientAuth/clientAuthType` | `foobar` | | <a id="traefiktlsoptionsOptions0clientAuthclientAuthType" href="#traefiktlsoptionsOptions0clientAuthclientAuthType" title="#traefiktlsoptionsOptions0clientAuthclientAuthType">`traefik/tls/options/Options0/clientAuth/clientAuthType`</a> | `foobar` |
| `traefik/tls/options/Options0/curvePreferences/0` | `foobar` | | <a id="traefiktlsoptionsOptions0curvePreferences0" href="#traefiktlsoptionsOptions0curvePreferences0" title="#traefiktlsoptionsOptions0curvePreferences0">`traefik/tls/options/Options0/curvePreferences/0`</a> | `foobar` |
| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` | | <a id="traefiktlsoptionsOptions0curvePreferences1" href="#traefiktlsoptionsOptions0curvePreferences1" title="#traefiktlsoptionsOptions0curvePreferences1">`traefik/tls/options/Options0/curvePreferences/1`</a> | `foobar` |
| `traefik/tls/options/Options0/disableSessionTickets` | `true` | | <a id="traefiktlsoptionsOptions0disableSessionTickets" href="#traefiktlsoptionsOptions0disableSessionTickets" title="#traefiktlsoptionsOptions0disableSessionTickets">`traefik/tls/options/Options0/disableSessionTickets`</a> | `true` |
| `traefik/tls/options/Options0/maxVersion` | `foobar` | | <a id="traefiktlsoptionsOptions0maxVersion" href="#traefiktlsoptionsOptions0maxVersion" title="#traefiktlsoptionsOptions0maxVersion">`traefik/tls/options/Options0/maxVersion`</a> | `foobar` |
| `traefik/tls/options/Options0/minVersion` | `foobar` | | <a id="traefiktlsoptionsOptions0minVersion" href="#traefiktlsoptionsOptions0minVersion" title="#traefiktlsoptionsOptions0minVersion">`traefik/tls/options/Options0/minVersion`</a> | `foobar` |
| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` | | <a id="traefiktlsoptionsOptions0preferServerCipherSuites" href="#traefiktlsoptionsOptions0preferServerCipherSuites" title="#traefiktlsoptionsOptions0preferServerCipherSuites">`traefik/tls/options/Options0/preferServerCipherSuites`</a> | `true` |
| `traefik/tls/options/Options0/sniStrict` | `true` | | <a id="traefiktlsoptionsOptions0sniStrict" href="#traefiktlsoptionsOptions0sniStrict" title="#traefiktlsoptionsOptions0sniStrict">`traefik/tls/options/Options0/sniStrict`</a> | `true` |
| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` | | <a id="traefiktlsoptionsOptions1alpnProtocols0" href="#traefiktlsoptionsOptions1alpnProtocols0" title="#traefiktlsoptionsOptions1alpnProtocols0">`traefik/tls/options/Options1/alpnProtocols/0`</a> | `foobar` |
| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` | | <a id="traefiktlsoptionsOptions1alpnProtocols1" href="#traefiktlsoptionsOptions1alpnProtocols1" title="#traefiktlsoptionsOptions1alpnProtocols1">`traefik/tls/options/Options1/alpnProtocols/1`</a> | `foobar` |
| `traefik/tls/options/Options1/cipherSuites/0` | `foobar` | | <a id="traefiktlsoptionsOptions1cipherSuites0" href="#traefiktlsoptionsOptions1cipherSuites0" title="#traefiktlsoptionsOptions1cipherSuites0">`traefik/tls/options/Options1/cipherSuites/0`</a> | `foobar` |
| `traefik/tls/options/Options1/cipherSuites/1` | `foobar` | | <a id="traefiktlsoptionsOptions1cipherSuites1" href="#traefiktlsoptionsOptions1cipherSuites1" title="#traefiktlsoptionsOptions1cipherSuites1">`traefik/tls/options/Options1/cipherSuites/1`</a> | `foobar` |
| `traefik/tls/options/Options1/clientAuth/caFiles/0` | `foobar` | | <a id="traefiktlsoptionsOptions1clientAuthcaFiles0" href="#traefiktlsoptionsOptions1clientAuthcaFiles0" title="#traefiktlsoptionsOptions1clientAuthcaFiles0">`traefik/tls/options/Options1/clientAuth/caFiles/0`</a> | `foobar` |
| `traefik/tls/options/Options1/clientAuth/caFiles/1` | `foobar` | | <a id="traefiktlsoptionsOptions1clientAuthcaFiles1" href="#traefiktlsoptionsOptions1clientAuthcaFiles1" title="#traefiktlsoptionsOptions1clientAuthcaFiles1">`traefik/tls/options/Options1/clientAuth/caFiles/1`</a> | `foobar` |
| `traefik/tls/options/Options1/clientAuth/clientAuthType` | `foobar` | | <a id="traefiktlsoptionsOptions1clientAuthclientAuthType" href="#traefiktlsoptionsOptions1clientAuthclientAuthType" title="#traefiktlsoptionsOptions1clientAuthclientAuthType">`traefik/tls/options/Options1/clientAuth/clientAuthType`</a> | `foobar` |
| `traefik/tls/options/Options1/curvePreferences/0` | `foobar` | | <a id="traefiktlsoptionsOptions1curvePreferences0" href="#traefiktlsoptionsOptions1curvePreferences0" title="#traefiktlsoptionsOptions1curvePreferences0">`traefik/tls/options/Options1/curvePreferences/0`</a> | `foobar` |
| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` | | <a id="traefiktlsoptionsOptions1curvePreferences1" href="#traefiktlsoptionsOptions1curvePreferences1" title="#traefiktlsoptionsOptions1curvePreferences1">`traefik/tls/options/Options1/curvePreferences/1`</a> | `foobar` |
| `traefik/tls/options/Options1/disableSessionTickets` | `true` | | <a id="traefiktlsoptionsOptions1disableSessionTickets" href="#traefiktlsoptionsOptions1disableSessionTickets" title="#traefiktlsoptionsOptions1disableSessionTickets">`traefik/tls/options/Options1/disableSessionTickets`</a> | `true` |
| `traefik/tls/options/Options1/maxVersion` | `foobar` | | <a id="traefiktlsoptionsOptions1maxVersion" href="#traefiktlsoptionsOptions1maxVersion" title="#traefiktlsoptionsOptions1maxVersion">`traefik/tls/options/Options1/maxVersion`</a> | `foobar` |
| `traefik/tls/options/Options1/minVersion` | `foobar` | | <a id="traefiktlsoptionsOptions1minVersion" href="#traefiktlsoptionsOptions1minVersion" title="#traefiktlsoptionsOptions1minVersion">`traefik/tls/options/Options1/minVersion`</a> | `foobar` |
| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` | | <a id="traefiktlsoptionsOptions1preferServerCipherSuites" href="#traefiktlsoptionsOptions1preferServerCipherSuites" title="#traefiktlsoptionsOptions1preferServerCipherSuites">`traefik/tls/options/Options1/preferServerCipherSuites`</a> | `true` |
| `traefik/tls/options/Options1/sniStrict` | `true` | | <a id="traefiktlsoptionsOptions1sniStrict" href="#traefiktlsoptionsOptions1sniStrict" title="#traefiktlsoptionsOptions1sniStrict">`traefik/tls/options/Options1/sniStrict`</a> | `true` |
| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` | | <a id="traefiktlsstoresStore0defaultCertificatecertFile" href="#traefiktlsstoresStore0defaultCertificatecertFile" title="#traefiktlsstoresStore0defaultCertificatecertFile">`traefik/tls/stores/Store0/defaultCertificate/certFile`</a> | `foobar` |
| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` | | <a id="traefiktlsstoresStore0defaultCertificatekeyFile" href="#traefiktlsstoresStore0defaultCertificatekeyFile" title="#traefiktlsstoresStore0defaultCertificatekeyFile">`traefik/tls/stores/Store0/defaultCertificate/keyFile`</a> | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/main` | `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertdomainmain" href="#traefiktlsstoresStore0defaultGeneratedCertdomainmain" title="#traefiktlsstoresStore0defaultGeneratedCertdomainmain">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/main`</a> | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0` | `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertdomainsans0" href="#traefiktlsstoresStore0defaultGeneratedCertdomainsans0" title="#traefiktlsstoresStore0defaultGeneratedCertdomainsans0">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0`</a> | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1` | `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertdomainsans1" href="#traefiktlsstoresStore0defaultGeneratedCertdomainsans1" title="#traefiktlsstoresStore0defaultGeneratedCertdomainsans1">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1`</a> | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/resolver` | `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertresolver" href="#traefiktlsstoresStore0defaultGeneratedCertresolver" title="#traefiktlsstoresStore0defaultGeneratedCertresolver">`traefik/tls/stores/Store0/defaultGeneratedCert/resolver`</a> | `foobar` |
| `traefik/tls/stores/Store1/defaultCertificate/certFile` | `foobar` | | <a id="traefiktlsstoresStore1defaultCertificatecertFile" href="#traefiktlsstoresStore1defaultCertificatecertFile" title="#traefiktlsstoresStore1defaultCertificatecertFile">`traefik/tls/stores/Store1/defaultCertificate/certFile`</a> | `foobar` |
| `traefik/tls/stores/Store1/defaultCertificate/keyFile` | `foobar` | | <a id="traefiktlsstoresStore1defaultCertificatekeyFile" href="#traefiktlsstoresStore1defaultCertificatekeyFile" title="#traefiktlsstoresStore1defaultCertificatekeyFile">`traefik/tls/stores/Store1/defaultCertificate/keyFile`</a> | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/main` | `foobar` | | <a id="traefiktlsstoresStore1defaultGeneratedCertdomainmain" href="#traefiktlsstoresStore1defaultGeneratedCertdomainmain" title="#traefiktlsstoresStore1defaultGeneratedCertdomainmain">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/main`</a> | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/0` | `foobar` | | <a id="traefiktlsstoresStore1defaultGeneratedCertdomainsans0" href="#traefiktlsstoresStore1defaultGeneratedCertdomainsans0" title="#traefiktlsstoresStore1defaultGeneratedCertdomainsans0">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/0`</a> | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/1` | `foobar` | | <a id="traefiktlsstoresStore1defaultGeneratedCertdomainsans1" href="#traefiktlsstoresStore1defaultGeneratedCertdomainsans1" title="#traefiktlsstoresStore1defaultGeneratedCertdomainsans1">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/1`</a> | `foobar` |
| `traefik/tls/stores/Store1/defaultGeneratedCert/resolver` | `foobar` | | <a id="traefiktlsstoresStore1defaultGeneratedCertresolver" href="#traefiktlsstoresStore1defaultGeneratedCertresolver" title="#traefiktlsstoresStore1defaultGeneratedCertresolver">`traefik/tls/stores/Store1/defaultGeneratedCert/resolver`</a> | `foobar` |
| `traefik/udp/routers/UDPRouter0/entryPoints/0` | `foobar` | | <a id="traefikudproutersUDPRouter0entryPoints0" href="#traefikudproutersUDPRouter0entryPoints0" title="#traefikudproutersUDPRouter0entryPoints0">`traefik/udp/routers/UDPRouter0/entryPoints/0`</a> | `foobar` |
| `traefik/udp/routers/UDPRouter0/entryPoints/1` | `foobar` | | <a id="traefikudproutersUDPRouter0entryPoints1" href="#traefikudproutersUDPRouter0entryPoints1" title="#traefikudproutersUDPRouter0entryPoints1">`traefik/udp/routers/UDPRouter0/entryPoints/1`</a> | `foobar` |
| `traefik/udp/routers/UDPRouter0/service` | `foobar` | | <a id="traefikudproutersUDPRouter0service" href="#traefikudproutersUDPRouter0service" title="#traefikudproutersUDPRouter0service">`traefik/udp/routers/UDPRouter0/service`</a> | `foobar` |
| `traefik/udp/routers/UDPRouter1/entryPoints/0` | `foobar` | | <a id="traefikudproutersUDPRouter1entryPoints0" href="#traefikudproutersUDPRouter1entryPoints0" title="#traefikudproutersUDPRouter1entryPoints0">`traefik/udp/routers/UDPRouter1/entryPoints/0`</a> | `foobar` |
| `traefik/udp/routers/UDPRouter1/entryPoints/1` | `foobar` | | <a id="traefikudproutersUDPRouter1entryPoints1" href="#traefikudproutersUDPRouter1entryPoints1" title="#traefikudproutersUDPRouter1entryPoints1">`traefik/udp/routers/UDPRouter1/entryPoints/1`</a> | `foobar` |
| `traefik/udp/routers/UDPRouter1/service` | `foobar` | | <a id="traefikudproutersUDPRouter1service" href="#traefikudproutersUDPRouter1service" title="#traefikudproutersUDPRouter1service">`traefik/udp/routers/UDPRouter1/service`</a> | `foobar` |
| `traefik/udp/services/UDPService01/loadBalancer/servers/0/address` | `foobar` | | <a id="traefikudpservicesUDPService01loadBalancerservers0address" href="#traefikudpservicesUDPService01loadBalancerservers0address" title="#traefikudpservicesUDPService01loadBalancerservers0address">`traefik/udp/services/UDPService01/loadBalancer/servers/0/address`</a> | `foobar` |
| `traefik/udp/services/UDPService01/loadBalancer/servers/1/address` | `foobar` | | <a id="traefikudpservicesUDPService01loadBalancerservers1address" href="#traefikudpservicesUDPService01loadBalancerservers1address" title="#traefikudpservicesUDPService01loadBalancerservers1address">`traefik/udp/services/UDPService01/loadBalancer/servers/1/address`</a> | `foobar` |
| `traefik/udp/services/UDPService02/weighted/services/0/name` | `foobar` | | <a id="traefikudpservicesUDPService02weightedservices0name" href="#traefikudpservicesUDPService02weightedservices0name" title="#traefikudpservicesUDPService02weightedservices0name">`traefik/udp/services/UDPService02/weighted/services/0/name`</a> | `foobar` |
| `traefik/udp/services/UDPService02/weighted/services/0/weight` | `42` | | <a id="traefikudpservicesUDPService02weightedservices0weight" href="#traefikudpservicesUDPService02weightedservices0weight" title="#traefikudpservicesUDPService02weightedservices0weight">`traefik/udp/services/UDPService02/weighted/services/0/weight`</a> | `42` |
| `traefik/udp/services/UDPService02/weighted/services/1/name` | `foobar` | | <a id="traefikudpservicesUDPService02weightedservices1name" href="#traefikudpservicesUDPService02weightedservices1name" title="#traefikudpservicesUDPService02weightedservices1name">`traefik/udp/services/UDPService02/weighted/services/1/name`</a> | `foobar` |
| `traefik/udp/services/UDPService02/weighted/services/1/weight` | `42` | | <a id="traefikudpservicesUDPService02weightedservices1weight" href="#traefikudpservicesUDPService02weightedservices1weight" title="#traefikudpservicesUDPService02weightedservices1weight">`traefik/udp/services/UDPService02/weighted/services/1/weight`</a> | `42` |
docs/content/reference/install-configuration/api-dashboard.md
+32 -32
View File
@@ -155,11 +155,11 @@ enabing the dashboard [here](https://github.com/traefik/traefik-helm-chart/blob/
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:---------------------------------|:--------|:---------| |:-----------|:---------------------------------|:--------|:---------|
| `api` | Enable api/dashboard. When set to `true`, its sub option `api.dashboard` is also set to true.| false | No | | <a id="api" href="#api" title="#api">`api`</a> | Enable api/dashboard. When set to `true`, its sub option `api.dashboard` is also set to true.| false | No |
| `api.dashboard` | Enable dashboard. | false | No | | <a id="api-dashboard" href="#api-dashboard" title="#api-dashboard">`api.dashboard`</a> | Enable dashboard. | false | No |
| `api.debug` | Enable additional endpoints for debugging and profiling. | false | No | | <a id="api-debug" href="#api-debug" title="#api-debug">`api.debug`</a> | Enable additional endpoints for debugging and profiling. | false | No |
| `api.disabledashboardad` | Disable the advertisement from the dashboard. | false | No | | <a id="api-disabledashboardad" href="#api-disabledashboardad" title="#api-disabledashboardad">`api.disabledashboardad`</a> | Disable the advertisement from the dashboard. | false | No |
| `api.insecure` | Enable the API and the dashboard on the entryPoint named traefik.| false | No | | <a id="api-insecure" href="#api-insecure" title="#api-insecure">`api.insecure`</a> | Enable the API and the dashboard on the entryPoint named traefik.| false | No |
## Endpoints ## Endpoints
@@ -167,33 +167,33 @@ All the following endpoints must be accessed with a `GET` HTTP request.
| Path | Description | | Path | Description |
|--------------------------------|---------------------------------------------------------------------------------------------| |--------------------------------|---------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. | | <a id="apihttprouters" href="#apihttprouters" title="#apihttprouters">`/api/http/routers`</a> | Lists all the HTTP routers information. |
| `/api/http/routers/{name}` | Returns the information of the HTTP router specified by `name`. | | <a id="apihttproutersname" href="#apihttproutersname" title="#apihttproutersname">`/api/http/routers/{name}`</a> | Returns the information of the HTTP router specified by `name`. |
| `/api/http/services` | Lists all the HTTP services information. | | <a id="apihttpservices" href="#apihttpservices" title="#apihttpservices">`/api/http/services`</a> | Lists all the HTTP services information. |
| `/api/http/services/{name}` | Returns the information of the HTTP service specified by `name`. | | <a id="apihttpservicesname" href="#apihttpservicesname" title="#apihttpservicesname">`/api/http/services/{name}`</a> | Returns the information of the HTTP service specified by `name`. |
| `/api/http/middlewares` | Lists all the HTTP middlewares information. | | <a id="apihttpmiddlewares" href="#apihttpmiddlewares" title="#apihttpmiddlewares">`/api/http/middlewares`</a> | Lists all the HTTP middlewares information. |
| `/api/http/middlewares/{name}` | Returns the information of the HTTP middleware specified by `name`. | | <a id="apihttpmiddlewaresname" href="#apihttpmiddlewaresname" title="#apihttpmiddlewaresname">`/api/http/middlewares/{name}`</a> | Returns the information of the HTTP middleware specified by `name`. |
| `/api/tcp/routers` | Lists all the TCP routers information. | | <a id="apitcprouters" href="#apitcprouters" title="#apitcprouters">`/api/tcp/routers`</a> | Lists all the TCP routers information. |
| `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name`. | | <a id="apitcproutersname" href="#apitcproutersname" title="#apitcproutersname">`/api/tcp/routers/{name}`</a> | Returns the information of the TCP router specified by `name`. |
| `/api/tcp/services` | Lists all the TCP services information. | | <a id="apitcpservices" href="#apitcpservices" title="#apitcpservices">`/api/tcp/services`</a> | Lists all the TCP services information. |
| `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name`. | | <a id="apitcpservicesname" href="#apitcpservicesname" title="#apitcpservicesname">`/api/tcp/services/{name}`</a> | Returns the information of the TCP service specified by `name`. |
| `/api/tcp/middlewares` | Lists all the TCP middlewares information. | | <a id="apitcpmiddlewares" href="#apitcpmiddlewares" title="#apitcpmiddlewares">`/api/tcp/middlewares`</a> | Lists all the TCP middlewares information. |
| `/api/tcp/middlewares/{name}` | Returns the information of the TCP middleware specified by `name`. | | <a id="apitcpmiddlewaresname" href="#apitcpmiddlewaresname" title="#apitcpmiddlewaresname">`/api/tcp/middlewares/{name}`</a> | Returns the information of the TCP middleware specified by `name`. |
| `/api/udp/routers` | Lists all the UDP routers information. | | <a id="apiudprouters" href="#apiudprouters" title="#apiudprouters">`/api/udp/routers`</a> | Lists all the UDP routers information. |
| `/api/udp/routers/{name}` | Returns the information of the UDP router specified by `name`. | | <a id="apiudproutersname" href="#apiudproutersname" title="#apiudproutersname">`/api/udp/routers/{name}`</a> | Returns the information of the UDP router specified by `name`. |
| `/api/udp/services` | Lists all the UDP services information. | | <a id="apiudpservices" href="#apiudpservices" title="#apiudpservices">`/api/udp/services`</a> | Lists all the UDP services information. |
| `/api/udp/services/{name}` | Returns the information of the UDP service specified by `name`. | | <a id="apiudpservicesname" href="#apiudpservicesname" title="#apiudpservicesname">`/api/udp/services/{name}`</a> | Returns the information of the UDP service specified by `name`. |
| `/api/entrypoints` | Lists all the entry points information. | | <a id="apientrypoints" href="#apientrypoints" title="#apientrypoints">`/api/entrypoints`</a> | Lists all the entry points information. |
| `/api/entrypoints/{name}` | Returns the information of the entry point specified by `name`. | | <a id="apientrypointsname" href="#apientrypointsname" title="#apientrypointsname">`/api/entrypoints/{name}`</a> | Returns the information of the entry point specified by `name`. |
| `/api/overview` | Returns statistic information about HTTP, TCP and about enabled features and providers. | | <a id="apioverview" href="#apioverview" title="#apioverview">`/api/overview`</a> | Returns statistic information about HTTP, TCP and about enabled features and providers. |
| `/api/rawdata` | Returns information about dynamic configurations, errors, status and dependency relations. | | <a id="apirawdata" href="#apirawdata" title="#apirawdata">`/api/rawdata`</a> | Returns information about dynamic configurations, errors, status and dependency relations. |
| `/api/version` | Returns information about Traefik version. | | <a id="apiversion" href="#apiversion" title="#apiversion">`/api/version`</a> | Returns information about Traefik version. |
| `/debug/vars` | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. | | <a id="debugvars" href="#debugvars" title="#debugvars">`/debug/vars`</a> | See the [expvar](https://golang.org/pkg/expvar/) Go documentation. |
| `/debug/pprof/` | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. | | <a id="debugpprof" href="#debugpprof" title="#debugpprof">`/debug/pprof/`</a> | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation. |
| `/debug/pprof/cmdline` | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation. | | <a id="debugpprofcmdline" href="#debugpprofcmdline" title="#debugpprofcmdline">`/debug/pprof/cmdline`</a> | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation. |
| `/debug/pprof/profile` | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. | | <a id="debugpprofprofile" href="#debugpprofprofile" title="#debugpprofprofile">`/debug/pprof/profile`</a> | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. |
| `/debug/pprof/symbol` | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. | | <a id="debugpprofsymbol" href="#debugpprofsymbol" title="#debugpprofsymbol">`/debug/pprof/symbol`</a> | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. |
| `/debug/pprof/trace` | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. | | <a id="debugpproftrace" href="#debugpproftrace" title="#debugpproftrace">`/debug/pprof/trace`</a> | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. |
## Dashboard ## Dashboard
docs/content/reference/install-configuration/configuration-options.md
+472 -472
View File
@@ -7,475 +7,475 @@ THIS FILE MUST NOT BE EDITED BY HAND
| Field | Description | Default | | Field | Description | Default |
|:-------|:------------|:-------| |:-------|:------------|:-------|
| accesslog | Access log settings. | false | | <a id="accesslog" href="#accesslog" title="#accesslog">accesslog</a> | Access log settings. | false |
| accesslog.addinternals | Enables access log for internal services (ping, dashboard, etc...). | false | | <a id="accesslog-addinternals" href="#accesslog-addinternals" title="#accesslog-addinternals">accesslog.addinternals</a> | Enables access log for internal services (ping, dashboard, etc...). | false |
| accesslog.bufferingsize | Number of access log lines to process in a buffered way. | 0 | | <a id="accesslog-bufferingsize" href="#accesslog-bufferingsize" title="#accesslog-bufferingsize">accesslog.bufferingsize</a> | Number of access log lines to process in a buffered way. | 0 |
| accesslog.fields.defaultmode | Default mode for fields: keep | drop | keep | | <a id="accesslog-fields-defaultmode" href="#accesslog-fields-defaultmode" title="#accesslog-fields-defaultmode">accesslog.fields.defaultmode</a> | Default mode for fields: keep | drop | keep |
| accesslog.fields.headers.defaultmode | Default mode for fields: keep | drop | redact | drop | | <a id="accesslog-fields-headers-defaultmode" href="#accesslog-fields-headers-defaultmode" title="#accesslog-fields-headers-defaultmode">accesslog.fields.headers.defaultmode</a> | Default mode for fields: keep | drop | redact | drop |
| accesslog.fields.headers.names._name_ | Override mode for headers | | | <a id="accesslog-fields-headers-names-name" href="#accesslog-fields-headers-names-name" title="#accesslog-fields-headers-names-name">accesslog.fields.headers.names._name_</a> | Override mode for headers | |
| accesslog.fields.names._name_ | Override mode for fields | | | <a id="accesslog-fields-names-name" href="#accesslog-fields-names-name" title="#accesslog-fields-names-name">accesslog.fields.names._name_</a> | Override mode for fields | |
| accesslog.filepath | Access log file path. Stdout is used when omitted or empty. | | | <a id="accesslog-filepath" href="#accesslog-filepath" title="#accesslog-filepath">accesslog.filepath</a> | Access log file path. Stdout is used when omitted or empty. | |
| accesslog.filters.minduration | Keep access logs when request took longer than the specified duration. | 0 | | <a id="accesslog-filters-minduration" href="#accesslog-filters-minduration" title="#accesslog-filters-minduration">accesslog.filters.minduration</a> | Keep access logs when request took longer than the specified duration. | 0 |
| accesslog.filters.retryattempts | Keep access logs when at least one retry happened. | false | | <a id="accesslog-filters-retryattempts" href="#accesslog-filters-retryattempts" title="#accesslog-filters-retryattempts">accesslog.filters.retryattempts</a> | Keep access logs when at least one retry happened. | false |
| accesslog.filters.statuscodes | Keep access logs with status codes in the specified range. | | | <a id="accesslog-filters-statuscodes" href="#accesslog-filters-statuscodes" title="#accesslog-filters-statuscodes">accesslog.filters.statuscodes</a> | Keep access logs with status codes in the specified range. | |
| accesslog.format | Access log format: json, common, or genericCLF | common | | <a id="accesslog-format" href="#accesslog-format" title="#accesslog-format">accesslog.format</a> | Access log format: json, common, or genericCLF | common |
| accesslog.otlp | Settings for OpenTelemetry. | false | | <a id="accesslog-otlp" href="#accesslog-otlp" title="#accesslog-otlp">accesslog.otlp</a> | Settings for OpenTelemetry. | false |
| accesslog.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false | | <a id="accesslog-otlp-grpc" href="#accesslog-otlp-grpc" title="#accesslog-otlp-grpc">accesslog.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| accesslog.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 | | <a id="accesslog-otlp-grpc-endpoint" href="#accesslog-otlp-grpc-endpoint" title="#accesslog-otlp-grpc-endpoint">accesslog.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| accesslog.otlp.grpc.headers._name_ | Headers sent with payload. | | | <a id="accesslog-otlp-grpc-headers-name" href="#accesslog-otlp-grpc-headers-name" title="#accesslog-otlp-grpc-headers-name">accesslog.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| accesslog.otlp.grpc.insecure | Disables client transport security for the exporter. | false | | <a id="accesslog-otlp-grpc-insecure" href="#accesslog-otlp-grpc-insecure" title="#accesslog-otlp-grpc-insecure">accesslog.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| accesslog.otlp.grpc.tls.ca | TLS CA | | | <a id="accesslog-otlp-grpc-tls-ca" href="#accesslog-otlp-grpc-tls-ca" title="#accesslog-otlp-grpc-tls-ca">accesslog.otlp.grpc.tls.ca</a> | TLS CA | |
| accesslog.otlp.grpc.tls.cert | TLS cert | | | <a id="accesslog-otlp-grpc-tls-cert" href="#accesslog-otlp-grpc-tls-cert" title="#accesslog-otlp-grpc-tls-cert">accesslog.otlp.grpc.tls.cert</a> | TLS cert | |
| accesslog.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="accesslog-otlp-grpc-tls-insecureskipverify" href="#accesslog-otlp-grpc-tls-insecureskipverify" title="#accesslog-otlp-grpc-tls-insecureskipverify">accesslog.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| accesslog.otlp.grpc.tls.key | TLS key | | | <a id="accesslog-otlp-grpc-tls-key" href="#accesslog-otlp-grpc-tls-key" title="#accesslog-otlp-grpc-tls-key">accesslog.otlp.grpc.tls.key</a> | TLS key | |
| accesslog.otlp.http | HTTP configuration for the OpenTelemetry collector. | false | | <a id="accesslog-otlp-http" href="#accesslog-otlp-http" title="#accesslog-otlp-http">accesslog.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| accesslog.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 | | <a id="accesslog-otlp-http-endpoint" href="#accesslog-otlp-http-endpoint" title="#accesslog-otlp-http-endpoint">accesslog.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| accesslog.otlp.http.headers._name_ | Headers sent with payload. | | | <a id="accesslog-otlp-http-headers-name" href="#accesslog-otlp-http-headers-name" title="#accesslog-otlp-http-headers-name">accesslog.otlp.http.headers._name_</a> | Headers sent with payload. | |
| accesslog.otlp.http.tls.ca | TLS CA | | | <a id="accesslog-otlp-http-tls-ca" href="#accesslog-otlp-http-tls-ca" title="#accesslog-otlp-http-tls-ca">accesslog.otlp.http.tls.ca</a> | TLS CA | |
| accesslog.otlp.http.tls.cert | TLS cert | | | <a id="accesslog-otlp-http-tls-cert" href="#accesslog-otlp-http-tls-cert" title="#accesslog-otlp-http-tls-cert">accesslog.otlp.http.tls.cert</a> | TLS cert | |
| accesslog.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="accesslog-otlp-http-tls-insecureskipverify" href="#accesslog-otlp-http-tls-insecureskipverify" title="#accesslog-otlp-http-tls-insecureskipverify">accesslog.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| accesslog.otlp.http.tls.key | TLS key | | | <a id="accesslog-otlp-http-tls-key" href="#accesslog-otlp-http-tls-key" title="#accesslog-otlp-http-tls-key">accesslog.otlp.http.tls.key</a> | TLS key | |
| accesslog.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | | | <a id="accesslog-otlp-resourceattributes-name" href="#accesslog-otlp-resourceattributes-name" title="#accesslog-otlp-resourceattributes-name">accesslog.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| accesslog.otlp.servicename | Defines the service name resource attribute. | traefik | | <a id="accesslog-otlp-servicename" href="#accesslog-otlp-servicename" title="#accesslog-otlp-servicename">accesslog.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| api | Enable api/dashboard. | false | | <a id="api" href="#api" title="#api">api</a> | Enable api/dashboard. | false |
| api.basepath | Defines the base path where the API and Dashboard will be exposed. | / | | <a id="api-basepath" href="#api-basepath" title="#api-basepath">api.basepath</a> | Defines the base path where the API and Dashboard will be exposed. | / |
| api.dashboard | Activate dashboard. | true | | <a id="api-dashboard" href="#api-dashboard" title="#api-dashboard">api.dashboard</a> | Activate dashboard. | true |
| api.debug | Enable additional endpoints for debugging and profiling. | false | | <a id="api-debug" href="#api-debug" title="#api-debug">api.debug</a> | Enable additional endpoints for debugging and profiling. | false |
| api.disabledashboardad | Disable ad in the dashboard. | false | | <a id="api-disabledashboardad" href="#api-disabledashboardad" title="#api-disabledashboardad">api.disabledashboardad</a> | Disable ad in the dashboard. | false |
| api.insecure | Activate API directly on the entryPoint named traefik. | false | | <a id="api-insecure" href="#api-insecure" title="#api-insecure">api.insecure</a> | Activate API directly on the entryPoint named traefik. | false |
| certificatesresolvers._name_ | Certificates resolvers configuration. | false | | <a id="certificatesresolvers-name" href="#certificatesresolvers-name" title="#certificatesresolvers-name">certificatesresolvers._name_</a> | Certificates resolvers configuration. | false |
| certificatesresolvers._name_.acme.cacertificates | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | | | <a id="certificatesresolvers-name-acme-cacertificates" href="#certificatesresolvers-name-acme-cacertificates" title="#certificatesresolvers-name-acme-cacertificates">certificatesresolvers._name_.acme.cacertificates</a> | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| certificatesresolvers._name_.acme.caserver | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | | <a id="certificatesresolvers-name-acme-caserver" href="#certificatesresolvers-name-acme-caserver" title="#certificatesresolvers-name-acme-caserver">certificatesresolvers._name_.acme.caserver</a> | CA server to use. | https://acme-v02.api.letsencrypt.org/directory |
| certificatesresolvers._name_.acme.caservername | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | | | <a id="certificatesresolvers-name-acme-caservername" href="#certificatesresolvers-name-acme-caservername" title="#certificatesresolvers-name-acme-caservername">certificatesresolvers._name_.acme.caservername</a> | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| certificatesresolvers._name_.acme.casystemcertpool | Define if the certificates pool must use a copy of the system cert pool. | false | | <a id="certificatesresolvers-name-acme-casystemcertpool" href="#certificatesresolvers-name-acme-casystemcertpool" title="#certificatesresolvers-name-acme-casystemcertpool">certificatesresolvers._name_.acme.casystemcertpool</a> | Define if the certificates pool must use a copy of the system cert pool. | false |
| certificatesresolvers._name_.acme.certificatesduration | Certificates' duration in hours. | 2160 | | <a id="certificatesresolvers-name-acme-certificatesduration" href="#certificatesresolvers-name-acme-certificatesduration" title="#certificatesresolvers-name-acme-certificatesduration">certificatesresolvers._name_.acme.certificatesduration</a> | Certificates' duration in hours. | 2160 |
| certificatesresolvers._name_.acme.clientresponseheadertimeout | Timeout for receiving the response headers when communicating with the ACME server. | 30 | | <a id="certificatesresolvers-name-acme-clientresponseheadertimeout" href="#certificatesresolvers-name-acme-clientresponseheadertimeout" title="#certificatesresolvers-name-acme-clientresponseheadertimeout">certificatesresolvers._name_.acme.clientresponseheadertimeout</a> | Timeout for receiving the response headers when communicating with the ACME server. | 30 |
| certificatesresolvers._name_.acme.clienttimeout | Timeout for a complete HTTP transaction with the ACME server. | 120 | | <a id="certificatesresolvers-name-acme-clienttimeout" href="#certificatesresolvers-name-acme-clienttimeout" title="#certificatesresolvers-name-acme-clienttimeout">certificatesresolvers._name_.acme.clienttimeout</a> | Timeout for a complete HTTP transaction with the ACME server. | 120 |
| certificatesresolvers._name_.acme.dnschallenge | Activate DNS-01 Challenge. | false | | <a id="certificatesresolvers-name-acme-dnschallenge" href="#certificatesresolvers-name-acme-dnschallenge" title="#certificatesresolvers-name-acme-dnschallenge">certificatesresolvers._name_.acme.dnschallenge</a> | Activate DNS-01 Challenge. | false |
| certificatesresolvers._name_.acme.dnschallenge.delaybeforecheck | (Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. | 0 | | <a id="certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" href="#certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" title="#certificatesresolvers-name-acme-dnschallenge-delaybeforecheck">certificatesresolvers._name_.acme.dnschallenge.delaybeforecheck</a> | (Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. | 0 |
| certificatesresolvers._name_.acme.dnschallenge.disablepropagationcheck | (Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] | false | | <a id="certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" href="#certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" title="#certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck">certificatesresolvers._name_.acme.dnschallenge.disablepropagationcheck</a> | (Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation | DNS propagation checks configuration | false | | <a id="certificatesresolvers-name-acme-dnschallenge-propagation" href="#certificatesresolvers-name-acme-dnschallenge-propagation" title="#certificatesresolvers-name-acme-dnschallenge-propagation">certificatesresolvers._name_.acme.dnschallenge.propagation</a> | DNS propagation checks configuration | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation.delaybeforechecks | Defines the delay before checking the challenge TXT record propagation. | 0 | | <a id="certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" href="#certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" title="#certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.delaybeforechecks</a> | Defines the delay before checking the challenge TXT record propagation. | 0 |
| certificatesresolvers._name_.acme.dnschallenge.propagation.disableanschecks | Disables the challenge TXT record propagation checks against authoritative nameservers. | false | | <a id="certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" href="#certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" title="#certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disableanschecks</a> | Disables the challenge TXT record propagation checks against authoritative nameservers. | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation.disablechecks | Disables the challenge TXT record propagation checks (not recommended). | false | | <a id="certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" href="#certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" title="#certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disablechecks</a> | Disables the challenge TXT record propagation checks (not recommended). | false |
| certificatesresolvers._name_.acme.dnschallenge.propagation.requireallrns | Requires the challenge TXT record to be propagated to all recursive nameservers. | false | | <a id="certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" href="#certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" title="#certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns">certificatesresolvers._name_.acme.dnschallenge.propagation.requireallrns</a> | Requires the challenge TXT record to be propagated to all recursive nameservers. | false |
| certificatesresolvers._name_.acme.dnschallenge.provider | Use a DNS-01 based challenge provider rather than HTTPS. | | | <a id="certificatesresolvers-name-acme-dnschallenge-provider" href="#certificatesresolvers-name-acme-dnschallenge-provider" title="#certificatesresolvers-name-acme-dnschallenge-provider">certificatesresolvers._name_.acme.dnschallenge.provider</a> | Use a DNS-01 based challenge provider rather than HTTPS. | |
| certificatesresolvers._name_.acme.dnschallenge.resolvers | Use following DNS servers to resolve the FQDN authority. | | | <a id="certificatesresolvers-name-acme-dnschallenge-resolvers" href="#certificatesresolvers-name-acme-dnschallenge-resolvers" title="#certificatesresolvers-name-acme-dnschallenge-resolvers">certificatesresolvers._name_.acme.dnschallenge.resolvers</a> | Use following DNS servers to resolve the FQDN authority. | |
| certificatesresolvers._name_.acme.eab.hmacencoded | Base64 encoded HMAC key from External CA. | | | <a id="certificatesresolvers-name-acme-eab-hmacencoded" href="#certificatesresolvers-name-acme-eab-hmacencoded" title="#certificatesresolvers-name-acme-eab-hmacencoded">certificatesresolvers._name_.acme.eab.hmacencoded</a> | Base64 encoded HMAC key from External CA. | |
| certificatesresolvers._name_.acme.eab.kid | Key identifier from External CA. | | | <a id="certificatesresolvers-name-acme-eab-kid" href="#certificatesresolvers-name-acme-eab-kid" title="#certificatesresolvers-name-acme-eab-kid">certificatesresolvers._name_.acme.eab.kid</a> | Key identifier from External CA. | |
| certificatesresolvers._name_.acme.email | Email address used for registration. | | | <a id="certificatesresolvers-name-acme-email" href="#certificatesresolvers-name-acme-email" title="#certificatesresolvers-name-acme-email">certificatesresolvers._name_.acme.email</a> | Email address used for registration. | |
| certificatesresolvers._name_.acme.emailaddresses | CSR email addresses to use. | | | <a id="certificatesresolvers-name-acme-emailaddresses" href="#certificatesresolvers-name-acme-emailaddresses" title="#certificatesresolvers-name-acme-emailaddresses">certificatesresolvers._name_.acme.emailaddresses</a> | CSR email addresses to use. | |
| certificatesresolvers._name_.acme.httpchallenge | Activate HTTP-01 Challenge. | false | | <a id="certificatesresolvers-name-acme-httpchallenge" href="#certificatesresolvers-name-acme-httpchallenge" title="#certificatesresolvers-name-acme-httpchallenge">certificatesresolvers._name_.acme.httpchallenge</a> | Activate HTTP-01 Challenge. | false |
| certificatesresolvers._name_.acme.httpchallenge.delay | Delay between the creation of the challenge and the validation. | 0 | | <a id="certificatesresolvers-name-acme-httpchallenge-delay" href="#certificatesresolvers-name-acme-httpchallenge-delay" title="#certificatesresolvers-name-acme-httpchallenge-delay">certificatesresolvers._name_.acme.httpchallenge.delay</a> | Delay between the creation of the challenge and the validation. | 0 |
| certificatesresolvers._name_.acme.httpchallenge.entrypoint | HTTP challenge EntryPoint | | | <a id="certificatesresolvers-name-acme-httpchallenge-entrypoint" href="#certificatesresolvers-name-acme-httpchallenge-entrypoint" title="#certificatesresolvers-name-acme-httpchallenge-entrypoint">certificatesresolvers._name_.acme.httpchallenge.entrypoint</a> | HTTP challenge EntryPoint | |
| certificatesresolvers._name_.acme.keytype | KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. | RSA4096 | | <a id="certificatesresolvers-name-acme-keytype" href="#certificatesresolvers-name-acme-keytype" title="#certificatesresolvers-name-acme-keytype">certificatesresolvers._name_.acme.keytype</a> | KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. | RSA4096 |
| certificatesresolvers._name_.acme.preferredchain | Preferred chain to use. | | | <a id="certificatesresolvers-name-acme-preferredchain" href="#certificatesresolvers-name-acme-preferredchain" title="#certificatesresolvers-name-acme-preferredchain">certificatesresolvers._name_.acme.preferredchain</a> | Preferred chain to use. | |
| certificatesresolvers._name_.acme.profile | Certificate profile to use. | | | <a id="certificatesresolvers-name-acme-profile" href="#certificatesresolvers-name-acme-profile" title="#certificatesresolvers-name-acme-profile">certificatesresolvers._name_.acme.profile</a> | Certificate profile to use. | |
| certificatesresolvers._name_.acme.storage | Storage to use. | acme.json | | <a id="certificatesresolvers-name-acme-storage" href="#certificatesresolvers-name-acme-storage" title="#certificatesresolvers-name-acme-storage">certificatesresolvers._name_.acme.storage</a> | Storage to use. | acme.json |
| certificatesresolvers._name_.acme.tlschallenge | Activate TLS-ALPN-01 Challenge. | true | | <a id="certificatesresolvers-name-acme-tlschallenge" href="#certificatesresolvers-name-acme-tlschallenge" title="#certificatesresolvers-name-acme-tlschallenge">certificatesresolvers._name_.acme.tlschallenge</a> | Activate TLS-ALPN-01 Challenge. | true |
| certificatesresolvers._name_.tailscale | Enables Tailscale certificate resolution. | true | | <a id="certificatesresolvers-name-tailscale" href="#certificatesresolvers-name-tailscale" title="#certificatesresolvers-name-tailscale">certificatesresolvers._name_.tailscale</a> | Enables Tailscale certificate resolution. | true |
| core.defaultrulesyntax | Defines the rule parser default syntax (v2 or v3) | v3 | | <a id="core-defaultrulesyntax" href="#core-defaultrulesyntax" title="#core-defaultrulesyntax">core.defaultrulesyntax</a> | Defines the rule parser default syntax (v2 or v3) | v3 |
| entrypoints._name_ | Entry points definition. | false | | <a id="entrypoints-name" href="#entrypoints-name" title="#entrypoints-name">entrypoints._name_</a> | Entry points definition. | false |
| entrypoints._name_.address | Entry point address. | | | <a id="entrypoints-name-address" href="#entrypoints-name-address" title="#entrypoints-name-address">entrypoints._name_.address</a> | Entry point address. | |
| entrypoints._name_.allowacmebypass | Enables handling of ACME TLS and HTTP challenges with custom routers. | false | | <a id="entrypoints-name-allowacmebypass" href="#entrypoints-name-allowacmebypass" title="#entrypoints-name-allowacmebypass">entrypoints._name_.allowacmebypass</a> | Enables handling of ACME TLS and HTTP challenges with custom routers. | false |
| entrypoints._name_.asdefault | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false | | <a id="entrypoints-name-asdefault" href="#entrypoints-name-asdefault" title="#entrypoints-name-asdefault">entrypoints._name_.asdefault</a> | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false |
| entrypoints._name_.forwardedheaders.connection | List of Connection headers that are allowed to pass through the middleware chain before being removed. | | | <a id="entrypoints-name-forwardedheaders-connection" href="#entrypoints-name-forwardedheaders-connection" title="#entrypoints-name-forwardedheaders-connection">entrypoints._name_.forwardedheaders.connection</a> | List of Connection headers that are allowed to pass through the middleware chain before being removed. | |
| entrypoints._name_.forwardedheaders.insecure | Trust all forwarded headers. | false | | <a id="entrypoints-name-forwardedheaders-insecure" href="#entrypoints-name-forwardedheaders-insecure" title="#entrypoints-name-forwardedheaders-insecure">entrypoints._name_.forwardedheaders.insecure</a> | Trust all forwarded headers. | false |
| entrypoints._name_.forwardedheaders.trustedips | Trust only forwarded headers from selected IPs. | | | <a id="entrypoints-name-forwardedheaders-trustedips" href="#entrypoints-name-forwardedheaders-trustedips" title="#entrypoints-name-forwardedheaders-trustedips">entrypoints._name_.forwardedheaders.trustedips</a> | Trust only forwarded headers from selected IPs. | |
| entrypoints._name_.http | HTTP configuration. | | | <a id="entrypoints-name-http" href="#entrypoints-name-http" title="#entrypoints-name-http">entrypoints._name_.http</a> | HTTP configuration. | |
| entrypoints._name_.http.encodequerysemicolons | Defines whether request query semicolons should be URLEncoded. | false | | <a id="entrypoints-name-http-encodequerysemicolons" href="#entrypoints-name-http-encodequerysemicolons" title="#entrypoints-name-http-encodequerysemicolons">entrypoints._name_.http.encodequerysemicolons</a> | Defines whether request query semicolons should be URLEncoded. | false |
| entrypoints._name_.http.maxheaderbytes | Maximum size of request headers in bytes. | 1048576 | | <a id="entrypoints-name-http-maxheaderbytes" href="#entrypoints-name-http-maxheaderbytes" title="#entrypoints-name-http-maxheaderbytes">entrypoints._name_.http.maxheaderbytes</a> | Maximum size of request headers in bytes. | 1048576 |
| entrypoints._name_.http.middlewares | Default middlewares for the routers linked to the entry point. | | | <a id="entrypoints-name-http-middlewares" href="#entrypoints-name-http-middlewares" title="#entrypoints-name-http-middlewares">entrypoints._name_.http.middlewares</a> | Default middlewares for the routers linked to the entry point. | |
| entrypoints._name_.http.redirections.entrypoint.permanent | Applies a permanent redirection. | true | | <a id="entrypoints-name-http-redirections-entrypoint-permanent" href="#entrypoints-name-http-redirections-entrypoint-permanent" title="#entrypoints-name-http-redirections-entrypoint-permanent">entrypoints._name_.http.redirections.entrypoint.permanent</a> | Applies a permanent redirection. | true |
| entrypoints._name_.http.redirections.entrypoint.priority | Priority of the generated router. | 9223372036854775806 | | <a id="entrypoints-name-http-redirections-entrypoint-priority" href="#entrypoints-name-http-redirections-entrypoint-priority" title="#entrypoints-name-http-redirections-entrypoint-priority">entrypoints._name_.http.redirections.entrypoint.priority</a> | Priority of the generated router. | 9223372036854775806 |
| entrypoints._name_.http.redirections.entrypoint.scheme | Scheme used for the redirection. | https | | <a id="entrypoints-name-http-redirections-entrypoint-scheme" href="#entrypoints-name-http-redirections-entrypoint-scheme" title="#entrypoints-name-http-redirections-entrypoint-scheme">entrypoints._name_.http.redirections.entrypoint.scheme</a> | Scheme used for the redirection. | https |
| entrypoints._name_.http.redirections.entrypoint.to | Targeted entry point of the redirection. | | | <a id="entrypoints-name-http-redirections-entrypoint-to" href="#entrypoints-name-http-redirections-entrypoint-to" title="#entrypoints-name-http-redirections-entrypoint-to">entrypoints._name_.http.redirections.entrypoint.to</a> | Targeted entry point of the redirection. | |
| entrypoints._name_.http.sanitizepath | Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences). | true | | <a id="entrypoints-name-http-sanitizepath" href="#entrypoints-name-http-sanitizepath" title="#entrypoints-name-http-sanitizepath">entrypoints._name_.http.sanitizepath</a> | Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences). | true |
| entrypoints._name_.http.tls | Default TLS configuration for the routers linked to the entry point. | false | | <a id="entrypoints-name-http-tls" href="#entrypoints-name-http-tls" title="#entrypoints-name-http-tls">entrypoints._name_.http.tls</a> | Default TLS configuration for the routers linked to the entry point. | false |
| entrypoints._name_.http.tls.certresolver | Default certificate resolver for the routers linked to the entry point. | | | <a id="entrypoints-name-http-tls-certresolver" href="#entrypoints-name-http-tls-certresolver" title="#entrypoints-name-http-tls-certresolver">entrypoints._name_.http.tls.certresolver</a> | Default certificate resolver for the routers linked to the entry point. | |
| entrypoints._name_.http.tls.domains | Default TLS domains for the routers linked to the entry point. | | | <a id="entrypoints-name-http-tls-domains" href="#entrypoints-name-http-tls-domains" title="#entrypoints-name-http-tls-domains">entrypoints._name_.http.tls.domains</a> | Default TLS domains for the routers linked to the entry point. | |
| entrypoints._name_.http.tls.domains[0].main | Default subject name. | | | <a id="entrypoints-name-http-tls-domains0-main" href="#entrypoints-name-http-tls-domains0-main" title="#entrypoints-name-http-tls-domains0-main">entrypoints._name_.http.tls.domains[0].main</a> | Default subject name. | |
| entrypoints._name_.http.tls.domains[0].sans | Subject alternative names. | | | <a id="entrypoints-name-http-tls-domains0-sans" href="#entrypoints-name-http-tls-domains0-sans" title="#entrypoints-name-http-tls-domains0-sans">entrypoints._name_.http.tls.domains[0].sans</a> | Subject alternative names. | |
| entrypoints._name_.http.tls.options | Default TLS options for the routers linked to the entry point. | | | <a id="entrypoints-name-http-tls-options" href="#entrypoints-name-http-tls-options" title="#entrypoints-name-http-tls-options">entrypoints._name_.http.tls.options</a> | Default TLS options for the routers linked to the entry point. | |
| entrypoints._name_.http2.maxconcurrentstreams | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 | | <a id="entrypoints-name-http2-maxconcurrentstreams" href="#entrypoints-name-http2-maxconcurrentstreams" title="#entrypoints-name-http2-maxconcurrentstreams">entrypoints._name_.http2.maxconcurrentstreams</a> | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 |
| entrypoints._name_.http3 | HTTP/3 configuration. | false | | <a id="entrypoints-name-http3" href="#entrypoints-name-http3" title="#entrypoints-name-http3">entrypoints._name_.http3</a> | HTTP/3 configuration. | false |
| entrypoints._name_.http3.advertisedport | UDP port to advertise, on which HTTP/3 is available. | 0 | | <a id="entrypoints-name-http3-advertisedport" href="#entrypoints-name-http3-advertisedport" title="#entrypoints-name-http3-advertisedport">entrypoints._name_.http3.advertisedport</a> | UDP port to advertise, on which HTTP/3 is available. | 0 |
| entrypoints._name_.observability.accesslogs | Enables access-logs for this entryPoint. | true | | <a id="entrypoints-name-observability-accesslogs" href="#entrypoints-name-observability-accesslogs" title="#entrypoints-name-observability-accesslogs">entrypoints._name_.observability.accesslogs</a> | Enables access-logs for this entryPoint. | true |
| entrypoints._name_.observability.metrics | Enables metrics for this entryPoint. | true | | <a id="entrypoints-name-observability-metrics" href="#entrypoints-name-observability-metrics" title="#entrypoints-name-observability-metrics">entrypoints._name_.observability.metrics</a> | Enables metrics for this entryPoint. | true |
| entrypoints._name_.observability.traceverbosity | Defines the tracing verbosity level for this entryPoint. | minimal | | <a id="entrypoints-name-observability-traceverbosity" href="#entrypoints-name-observability-traceverbosity" title="#entrypoints-name-observability-traceverbosity">entrypoints._name_.observability.traceverbosity</a> | Defines the tracing verbosity level for this entryPoint. | minimal |
| entrypoints._name_.observability.tracing | Enables tracing for this entryPoint. | true | | <a id="entrypoints-name-observability-tracing" href="#entrypoints-name-observability-tracing" title="#entrypoints-name-observability-tracing">entrypoints._name_.observability.tracing</a> | Enables tracing for this entryPoint. | true |
| entrypoints._name_.proxyprotocol | Proxy-Protocol configuration. | false | | <a id="entrypoints-name-proxyprotocol" href="#entrypoints-name-proxyprotocol" title="#entrypoints-name-proxyprotocol">entrypoints._name_.proxyprotocol</a> | Proxy-Protocol configuration. | false |
| entrypoints._name_.proxyprotocol.insecure | Trust all. | false | | <a id="entrypoints-name-proxyprotocol-insecure" href="#entrypoints-name-proxyprotocol-insecure" title="#entrypoints-name-proxyprotocol-insecure">entrypoints._name_.proxyprotocol.insecure</a> | Trust all. | false |
| entrypoints._name_.proxyprotocol.trustedips | Trust only selected IPs. | | | <a id="entrypoints-name-proxyprotocol-trustedips" href="#entrypoints-name-proxyprotocol-trustedips" title="#entrypoints-name-proxyprotocol-trustedips">entrypoints._name_.proxyprotocol.trustedips</a> | Trust only selected IPs. | |
| entrypoints._name_.reuseport | Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. | false | | <a id="entrypoints-name-reuseport" href="#entrypoints-name-reuseport" title="#entrypoints-name-reuseport">entrypoints._name_.reuseport</a> | Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. | false |
| entrypoints._name_.transport.keepalivemaxrequests | Maximum number of requests before closing a keep-alive connection. | 0 | | <a id="entrypoints-name-transport-keepalivemaxrequests" href="#entrypoints-name-transport-keepalivemaxrequests" title="#entrypoints-name-transport-keepalivemaxrequests">entrypoints._name_.transport.keepalivemaxrequests</a> | Maximum number of requests before closing a keep-alive connection. | 0 |
| entrypoints._name_.transport.keepalivemaxtime | Maximum duration before closing a keep-alive connection. | 0 | | <a id="entrypoints-name-transport-keepalivemaxtime" href="#entrypoints-name-transport-keepalivemaxtime" title="#entrypoints-name-transport-keepalivemaxtime">entrypoints._name_.transport.keepalivemaxtime</a> | Maximum duration before closing a keep-alive connection. | 0 |
| entrypoints._name_.transport.lifecycle.gracetimeout | Duration to give active requests a chance to finish before Traefik stops. | 10 | | <a id="entrypoints-name-transport-lifecycle-gracetimeout" href="#entrypoints-name-transport-lifecycle-gracetimeout" title="#entrypoints-name-transport-lifecycle-gracetimeout">entrypoints._name_.transport.lifecycle.gracetimeout</a> | Duration to give active requests a chance to finish before Traefik stops. | 10 |
| entrypoints._name_.transport.lifecycle.requestacceptgracetimeout | Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. | 0 | | <a id="entrypoints-name-transport-lifecycle-requestacceptgracetimeout" href="#entrypoints-name-transport-lifecycle-requestacceptgracetimeout" title="#entrypoints-name-transport-lifecycle-requestacceptgracetimeout">entrypoints._name_.transport.lifecycle.requestacceptgracetimeout</a> | Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. | 0 |
| entrypoints._name_.transport.respondingtimeouts.idletimeout | IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. | 180 | | <a id="entrypoints-name-transport-respondingtimeouts-idletimeout" href="#entrypoints-name-transport-respondingtimeouts-idletimeout" title="#entrypoints-name-transport-respondingtimeouts-idletimeout">entrypoints._name_.transport.respondingtimeouts.idletimeout</a> | IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. | 180 |
| entrypoints._name_.transport.respondingtimeouts.readtimeout | ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. | 60 | | <a id="entrypoints-name-transport-respondingtimeouts-readtimeout" href="#entrypoints-name-transport-respondingtimeouts-readtimeout" title="#entrypoints-name-transport-respondingtimeouts-readtimeout">entrypoints._name_.transport.respondingtimeouts.readtimeout</a> | ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. | 60 |
| entrypoints._name_.transport.respondingtimeouts.writetimeout | WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. | 0 | | <a id="entrypoints-name-transport-respondingtimeouts-writetimeout" href="#entrypoints-name-transport-respondingtimeouts-writetimeout" title="#entrypoints-name-transport-respondingtimeouts-writetimeout">entrypoints._name_.transport.respondingtimeouts.writetimeout</a> | WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. | 0 |
| entrypoints._name_.udp.timeout | Timeout defines how long to wait on an idle session before releasing the related resources. | 3 | | <a id="entrypoints-name-udp-timeout" href="#entrypoints-name-udp-timeout" title="#entrypoints-name-udp-timeout">entrypoints._name_.udp.timeout</a> | Timeout defines how long to wait on an idle session before releasing the related resources. | 3 |
| experimental.abortonpluginfailure | Defines whether all plugins must be loaded successfully for Traefik to start. | false | | <a id="experimental-abortonpluginfailure" href="#experimental-abortonpluginfailure" title="#experimental-abortonpluginfailure">experimental.abortonpluginfailure</a> | Defines whether all plugins must be loaded successfully for Traefik to start. | false |
| experimental.fastproxy | Enables the FastProxy implementation. | false | | <a id="experimental-fastproxy" href="#experimental-fastproxy" title="#experimental-fastproxy">experimental.fastproxy</a> | Enables the FastProxy implementation. | false |
| experimental.fastproxy.debug | Enable debug mode for the FastProxy implementation. | false | | <a id="experimental-fastproxy-debug" href="#experimental-fastproxy-debug" title="#experimental-fastproxy-debug">experimental.fastproxy.debug</a> | Enable debug mode for the FastProxy implementation. | false |
| experimental.kubernetesgateway | (Deprecated) Allow the Kubernetes gateway api provider usage. | false | | <a id="experimental-kubernetesgateway" href="#experimental-kubernetesgateway" title="#experimental-kubernetesgateway">experimental.kubernetesgateway</a> | (Deprecated) Allow the Kubernetes gateway api provider usage. | false |
| experimental.kubernetesingressnginx | Allow the Kubernetes Ingress NGINX provider usage. | false | | <a id="experimental-kubernetesingressnginx" href="#experimental-kubernetesingressnginx" title="#experimental-kubernetesingressnginx">experimental.kubernetesingressnginx</a> | Allow the Kubernetes Ingress NGINX provider usage. | false |
| experimental.localplugins._name_ | Local plugins configuration. | false | | <a id="experimental-localplugins-name" href="#experimental-localplugins-name" title="#experimental-localplugins-name">experimental.localplugins._name_</a> | Local plugins configuration. | false |
| experimental.localplugins._name_.modulename | Plugin's module name. | | | <a id="experimental-localplugins-name-modulename" href="#experimental-localplugins-name-modulename" title="#experimental-localplugins-name-modulename">experimental.localplugins._name_.modulename</a> | Plugin's module name. | |
| experimental.localplugins._name_.settings | Plugin's settings (works only for wasm plugins). | | | <a id="experimental-localplugins-name-settings" href="#experimental-localplugins-name-settings" title="#experimental-localplugins-name-settings">experimental.localplugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
| experimental.localplugins._name_.settings.envs | Environment variables to forward to the wasm guest. | | | <a id="experimental-localplugins-name-settings-envs" href="#experimental-localplugins-name-settings-envs" title="#experimental-localplugins-name-settings-envs">experimental.localplugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
| experimental.localplugins._name_.settings.mounts | Directory to mount to the wasm guest. | | | <a id="experimental-localplugins-name-settings-mounts" href="#experimental-localplugins-name-settings-mounts" title="#experimental-localplugins-name-settings-mounts">experimental.localplugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
| experimental.localplugins._name_.settings.useunsafe | Allow the plugin to use unsafe package. | false | | <a id="experimental-localplugins-name-settings-useunsafe" href="#experimental-localplugins-name-settings-useunsafe" title="#experimental-localplugins-name-settings-useunsafe">experimental.localplugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
| experimental.otlplogs | Enables the OpenTelemetry logs integration. | false | | <a id="experimental-otlplogs" href="#experimental-otlplogs" title="#experimental-otlplogs">experimental.otlplogs</a> | Enables the OpenTelemetry logs integration. | false |
| experimental.plugins._name_.modulename | plugin's module name. | | | <a id="experimental-plugins-name-modulename" href="#experimental-plugins-name-modulename" title="#experimental-plugins-name-modulename">experimental.plugins._name_.modulename</a> | plugin's module name. | |
| experimental.plugins._name_.settings | Plugin's settings (works only for wasm plugins). | | | <a id="experimental-plugins-name-settings" href="#experimental-plugins-name-settings" title="#experimental-plugins-name-settings">experimental.plugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
| experimental.plugins._name_.settings.envs | Environment variables to forward to the wasm guest. | | | <a id="experimental-plugins-name-settings-envs" href="#experimental-plugins-name-settings-envs" title="#experimental-plugins-name-settings-envs">experimental.plugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
| experimental.plugins._name_.settings.mounts | Directory to mount to the wasm guest. | | | <a id="experimental-plugins-name-settings-mounts" href="#experimental-plugins-name-settings-mounts" title="#experimental-plugins-name-settings-mounts">experimental.plugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
| experimental.plugins._name_.settings.useunsafe | Allow the plugin to use unsafe package. | false | | <a id="experimental-plugins-name-settings-useunsafe" href="#experimental-plugins-name-settings-useunsafe" title="#experimental-plugins-name-settings-useunsafe">experimental.plugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
| experimental.plugins._name_.version | plugin's version. | | | <a id="experimental-plugins-name-version" href="#experimental-plugins-name-version" title="#experimental-plugins-name-version">experimental.plugins._name_.version</a> | plugin's version. | |
| global.checknewversion | Periodically check if a new version has been released. | true | | <a id="global-checknewversion" href="#global-checknewversion" title="#global-checknewversion">global.checknewversion</a> | Periodically check if a new version has been released. | true |
| global.sendanonymoususage | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false | | <a id="global-sendanonymoususage" href="#global-sendanonymoususage" title="#global-sendanonymoususage">global.sendanonymoususage</a> | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false |
| hostresolver | Enable CNAME Flattening. | false | | <a id="hostresolver" href="#hostresolver" title="#hostresolver">hostresolver</a> | Enable CNAME Flattening. | false |
| hostresolver.cnameflattening | A flag to enable/disable CNAME flattening | false | | <a id="hostresolver-cnameflattening" href="#hostresolver-cnameflattening" title="#hostresolver-cnameflattening">hostresolver.cnameflattening</a> | A flag to enable/disable CNAME flattening | false |
| hostresolver.resolvconfig | resolv.conf used for DNS resolving | /etc/resolv.conf | | <a id="hostresolver-resolvconfig" href="#hostresolver-resolvconfig" title="#hostresolver-resolvconfig">hostresolver.resolvconfig</a> | resolv.conf used for DNS resolving | /etc/resolv.conf |
| hostresolver.resolvdepth | The maximal depth of DNS recursive resolving | 5 | | <a id="hostresolver-resolvdepth" href="#hostresolver-resolvdepth" title="#hostresolver-resolvdepth">hostresolver.resolvdepth</a> | The maximal depth of DNS recursive resolving | 5 |
| log | Traefik log settings. | false | | <a id="log" href="#log" title="#log">log</a> | Traefik log settings. | false |
| log.compress | Determines if the rotated log files should be compressed using gzip. | false | | <a id="log-compress" href="#log-compress" title="#log-compress">log.compress</a> | Determines if the rotated log files should be compressed using gzip. | false |
| log.filepath | Traefik log file path. Stdout is used when omitted or empty. | | | <a id="log-filepath" href="#log-filepath" title="#log-filepath">log.filepath</a> | Traefik log file path. Stdout is used when omitted or empty. | |
| log.format | Traefik log format: json | common | common | | <a id="log-format" href="#log-format" title="#log-format">log.format</a> | Traefik log format: json | common | common |
| log.level | Log level set to traefik logs. | ERROR | | <a id="log-level" href="#log-level" title="#log-level">log.level</a> | Log level set to traefik logs. | ERROR |
| log.maxage | Maximum number of days to retain old log files based on the timestamp encoded in their filename. | 0 | | <a id="log-maxage" href="#log-maxage" title="#log-maxage">log.maxage</a> | Maximum number of days to retain old log files based on the timestamp encoded in their filename. | 0 |
| log.maxbackups | Maximum number of old log files to retain. | 0 | | <a id="log-maxbackups" href="#log-maxbackups" title="#log-maxbackups">log.maxbackups</a> | Maximum number of old log files to retain. | 0 |
| log.maxsize | Maximum size in megabytes of the log file before it gets rotated. | 0 | | <a id="log-maxsize" href="#log-maxsize" title="#log-maxsize">log.maxsize</a> | Maximum size in megabytes of the log file before it gets rotated. | 0 |
| log.nocolor | When using the 'common' format, disables the colorized output. | false | | <a id="log-nocolor" href="#log-nocolor" title="#log-nocolor">log.nocolor</a> | When using the 'common' format, disables the colorized output. | false |
| log.otlp | Settings for OpenTelemetry. | false | | <a id="log-otlp" href="#log-otlp" title="#log-otlp">log.otlp</a> | Settings for OpenTelemetry. | false |
| log.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false | | <a id="log-otlp-grpc" href="#log-otlp-grpc" title="#log-otlp-grpc">log.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| log.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 | | <a id="log-otlp-grpc-endpoint" href="#log-otlp-grpc-endpoint" title="#log-otlp-grpc-endpoint">log.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| log.otlp.grpc.headers._name_ | Headers sent with payload. | | | <a id="log-otlp-grpc-headers-name" href="#log-otlp-grpc-headers-name" title="#log-otlp-grpc-headers-name">log.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| log.otlp.grpc.insecure | Disables client transport security for the exporter. | false | | <a id="log-otlp-grpc-insecure" href="#log-otlp-grpc-insecure" title="#log-otlp-grpc-insecure">log.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| log.otlp.grpc.tls.ca | TLS CA | | | <a id="log-otlp-grpc-tls-ca" href="#log-otlp-grpc-tls-ca" title="#log-otlp-grpc-tls-ca">log.otlp.grpc.tls.ca</a> | TLS CA | |
| log.otlp.grpc.tls.cert | TLS cert | | | <a id="log-otlp-grpc-tls-cert" href="#log-otlp-grpc-tls-cert" title="#log-otlp-grpc-tls-cert">log.otlp.grpc.tls.cert</a> | TLS cert | |
| log.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="log-otlp-grpc-tls-insecureskipverify" href="#log-otlp-grpc-tls-insecureskipverify" title="#log-otlp-grpc-tls-insecureskipverify">log.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| log.otlp.grpc.tls.key | TLS key | | | <a id="log-otlp-grpc-tls-key" href="#log-otlp-grpc-tls-key" title="#log-otlp-grpc-tls-key">log.otlp.grpc.tls.key</a> | TLS key | |
| log.otlp.http | HTTP configuration for the OpenTelemetry collector. | false | | <a id="log-otlp-http" href="#log-otlp-http" title="#log-otlp-http">log.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| log.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 | | <a id="log-otlp-http-endpoint" href="#log-otlp-http-endpoint" title="#log-otlp-http-endpoint">log.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| log.otlp.http.headers._name_ | Headers sent with payload. | | | <a id="log-otlp-http-headers-name" href="#log-otlp-http-headers-name" title="#log-otlp-http-headers-name">log.otlp.http.headers._name_</a> | Headers sent with payload. | |
| log.otlp.http.tls.ca | TLS CA | | | <a id="log-otlp-http-tls-ca" href="#log-otlp-http-tls-ca" title="#log-otlp-http-tls-ca">log.otlp.http.tls.ca</a> | TLS CA | |
| log.otlp.http.tls.cert | TLS cert | | | <a id="log-otlp-http-tls-cert" href="#log-otlp-http-tls-cert" title="#log-otlp-http-tls-cert">log.otlp.http.tls.cert</a> | TLS cert | |
| log.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="log-otlp-http-tls-insecureskipverify" href="#log-otlp-http-tls-insecureskipverify" title="#log-otlp-http-tls-insecureskipverify">log.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| log.otlp.http.tls.key | TLS key | | | <a id="log-otlp-http-tls-key" href="#log-otlp-http-tls-key" title="#log-otlp-http-tls-key">log.otlp.http.tls.key</a> | TLS key | |
| log.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | | | <a id="log-otlp-resourceattributes-name" href="#log-otlp-resourceattributes-name" title="#log-otlp-resourceattributes-name">log.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| log.otlp.servicename | Defines the service name resource attribute. | traefik | | <a id="log-otlp-servicename" href="#log-otlp-servicename" title="#log-otlp-servicename">log.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| metrics.addinternals | Enables metrics for internal services (ping, dashboard, etc...). | false | | <a id="metrics-addinternals" href="#metrics-addinternals" title="#metrics-addinternals">metrics.addinternals</a> | Enables metrics for internal services (ping, dashboard, etc...). | false |
| metrics.datadog | Datadog metrics exporter type. | false | | <a id="metrics-datadog" href="#metrics-datadog" title="#metrics-datadog">metrics.datadog</a> | Datadog metrics exporter type. | false |
| metrics.datadog.addentrypointslabels | Enable metrics on entry points. | true | | <a id="metrics-datadog-addentrypointslabels" href="#metrics-datadog-addentrypointslabels" title="#metrics-datadog-addentrypointslabels">metrics.datadog.addentrypointslabels</a> | Enable metrics on entry points. | true |
| metrics.datadog.address | Datadog's address. | localhost:8125 | | <a id="metrics-datadog-address" href="#metrics-datadog-address" title="#metrics-datadog-address">metrics.datadog.address</a> | Datadog's address. | localhost:8125 |
| metrics.datadog.addrouterslabels | Enable metrics on routers. | false | | <a id="metrics-datadog-addrouterslabels" href="#metrics-datadog-addrouterslabels" title="#metrics-datadog-addrouterslabels">metrics.datadog.addrouterslabels</a> | Enable metrics on routers. | false |
| metrics.datadog.addserviceslabels | Enable metrics on services. | true | | <a id="metrics-datadog-addserviceslabels" href="#metrics-datadog-addserviceslabels" title="#metrics-datadog-addserviceslabels">metrics.datadog.addserviceslabels</a> | Enable metrics on services. | true |
| metrics.datadog.prefix | Prefix to use for metrics collection. | traefik | | <a id="metrics-datadog-prefix" href="#metrics-datadog-prefix" title="#metrics-datadog-prefix">metrics.datadog.prefix</a> | Prefix to use for metrics collection. | traefik |
| metrics.datadog.pushinterval | Datadog push interval. | 10 | | <a id="metrics-datadog-pushinterval" href="#metrics-datadog-pushinterval" title="#metrics-datadog-pushinterval">metrics.datadog.pushinterval</a> | Datadog push interval. | 10 |
| metrics.influxdb2 | InfluxDB v2 metrics exporter type. | false | | <a id="metrics-influxdb2" href="#metrics-influxdb2" title="#metrics-influxdb2">metrics.influxdb2</a> | InfluxDB v2 metrics exporter type. | false |
| metrics.influxdb2.addentrypointslabels | Enable metrics on entry points. | true | | <a id="metrics-influxdb2-addentrypointslabels" href="#metrics-influxdb2-addentrypointslabels" title="#metrics-influxdb2-addentrypointslabels">metrics.influxdb2.addentrypointslabels</a> | Enable metrics on entry points. | true |
| metrics.influxdb2.additionallabels._name_ | Additional labels (influxdb tags) on all metrics | | | <a id="metrics-influxdb2-additionallabels-name" href="#metrics-influxdb2-additionallabels-name" title="#metrics-influxdb2-additionallabels-name">metrics.influxdb2.additionallabels._name_</a> | Additional labels (influxdb tags) on all metrics | |
| metrics.influxdb2.address | InfluxDB v2 address. | http://localhost:8086 | | <a id="metrics-influxdb2-address" href="#metrics-influxdb2-address" title="#metrics-influxdb2-address">metrics.influxdb2.address</a> | InfluxDB v2 address. | http://localhost:8086 |
| metrics.influxdb2.addrouterslabels | Enable metrics on routers. | false | | <a id="metrics-influxdb2-addrouterslabels" href="#metrics-influxdb2-addrouterslabels" title="#metrics-influxdb2-addrouterslabels">metrics.influxdb2.addrouterslabels</a> | Enable metrics on routers. | false |
| metrics.influxdb2.addserviceslabels | Enable metrics on services. | true | | <a id="metrics-influxdb2-addserviceslabels" href="#metrics-influxdb2-addserviceslabels" title="#metrics-influxdb2-addserviceslabels">metrics.influxdb2.addserviceslabels</a> | Enable metrics on services. | true |
| metrics.influxdb2.bucket | InfluxDB v2 bucket ID. | | | <a id="metrics-influxdb2-bucket" href="#metrics-influxdb2-bucket" title="#metrics-influxdb2-bucket">metrics.influxdb2.bucket</a> | InfluxDB v2 bucket ID. | |
| metrics.influxdb2.org | InfluxDB v2 org ID. | | | <a id="metrics-influxdb2-org" href="#metrics-influxdb2-org" title="#metrics-influxdb2-org">metrics.influxdb2.org</a> | InfluxDB v2 org ID. | |
| metrics.influxdb2.pushinterval | InfluxDB v2 push interval. | 10 | | <a id="metrics-influxdb2-pushinterval" href="#metrics-influxdb2-pushinterval" title="#metrics-influxdb2-pushinterval">metrics.influxdb2.pushinterval</a> | InfluxDB v2 push interval. | 10 |
| metrics.influxdb2.token | InfluxDB v2 access token. | | | <a id="metrics-influxdb2-token" href="#metrics-influxdb2-token" title="#metrics-influxdb2-token">metrics.influxdb2.token</a> | InfluxDB v2 access token. | |
| metrics.otlp | OpenTelemetry metrics exporter type. | false | | <a id="metrics-otlp" href="#metrics-otlp" title="#metrics-otlp">metrics.otlp</a> | OpenTelemetry metrics exporter type. | false |
| metrics.otlp.addentrypointslabels | Enable metrics on entry points. | true | | <a id="metrics-otlp-addentrypointslabels" href="#metrics-otlp-addentrypointslabels" title="#metrics-otlp-addentrypointslabels">metrics.otlp.addentrypointslabels</a> | Enable metrics on entry points. | true |
| metrics.otlp.addrouterslabels | Enable metrics on routers. | false | | <a id="metrics-otlp-addrouterslabels" href="#metrics-otlp-addrouterslabels" title="#metrics-otlp-addrouterslabels">metrics.otlp.addrouterslabels</a> | Enable metrics on routers. | false |
| metrics.otlp.addserviceslabels | Enable metrics on services. | true | | <a id="metrics-otlp-addserviceslabels" href="#metrics-otlp-addserviceslabels" title="#metrics-otlp-addserviceslabels">metrics.otlp.addserviceslabels</a> | Enable metrics on services. | true |
| metrics.otlp.explicitboundaries | Boundaries for latency metrics. | 0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000 | | <a id="metrics-otlp-explicitboundaries" href="#metrics-otlp-explicitboundaries" title="#metrics-otlp-explicitboundaries">metrics.otlp.explicitboundaries</a> | Boundaries for latency metrics. | 0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000 |
| metrics.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false | | <a id="metrics-otlp-grpc" href="#metrics-otlp-grpc" title="#metrics-otlp-grpc">metrics.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| metrics.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 | | <a id="metrics-otlp-grpc-endpoint" href="#metrics-otlp-grpc-endpoint" title="#metrics-otlp-grpc-endpoint">metrics.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| metrics.otlp.grpc.headers._name_ | Headers sent with payload. | | | <a id="metrics-otlp-grpc-headers-name" href="#metrics-otlp-grpc-headers-name" title="#metrics-otlp-grpc-headers-name">metrics.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| metrics.otlp.grpc.insecure | Disables client transport security for the exporter. | false | | <a id="metrics-otlp-grpc-insecure" href="#metrics-otlp-grpc-insecure" title="#metrics-otlp-grpc-insecure">metrics.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| metrics.otlp.grpc.tls.ca | TLS CA | | | <a id="metrics-otlp-grpc-tls-ca" href="#metrics-otlp-grpc-tls-ca" title="#metrics-otlp-grpc-tls-ca">metrics.otlp.grpc.tls.ca</a> | TLS CA | |
| metrics.otlp.grpc.tls.cert | TLS cert | | | <a id="metrics-otlp-grpc-tls-cert" href="#metrics-otlp-grpc-tls-cert" title="#metrics-otlp-grpc-tls-cert">metrics.otlp.grpc.tls.cert</a> | TLS cert | |
| metrics.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="metrics-otlp-grpc-tls-insecureskipverify" href="#metrics-otlp-grpc-tls-insecureskipverify" title="#metrics-otlp-grpc-tls-insecureskipverify">metrics.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| metrics.otlp.grpc.tls.key | TLS key | | | <a id="metrics-otlp-grpc-tls-key" href="#metrics-otlp-grpc-tls-key" title="#metrics-otlp-grpc-tls-key">metrics.otlp.grpc.tls.key</a> | TLS key | |
| metrics.otlp.http | HTTP configuration for the OpenTelemetry collector. | false | | <a id="metrics-otlp-http" href="#metrics-otlp-http" title="#metrics-otlp-http">metrics.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| metrics.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 | | <a id="metrics-otlp-http-endpoint" href="#metrics-otlp-http-endpoint" title="#metrics-otlp-http-endpoint">metrics.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| metrics.otlp.http.headers._name_ | Headers sent with payload. | | | <a id="metrics-otlp-http-headers-name" href="#metrics-otlp-http-headers-name" title="#metrics-otlp-http-headers-name">metrics.otlp.http.headers._name_</a> | Headers sent with payload. | |
| metrics.otlp.http.tls.ca | TLS CA | | | <a id="metrics-otlp-http-tls-ca" href="#metrics-otlp-http-tls-ca" title="#metrics-otlp-http-tls-ca">metrics.otlp.http.tls.ca</a> | TLS CA | |
| metrics.otlp.http.tls.cert | TLS cert | | | <a id="metrics-otlp-http-tls-cert" href="#metrics-otlp-http-tls-cert" title="#metrics-otlp-http-tls-cert">metrics.otlp.http.tls.cert</a> | TLS cert | |
| metrics.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="metrics-otlp-http-tls-insecureskipverify" href="#metrics-otlp-http-tls-insecureskipverify" title="#metrics-otlp-http-tls-insecureskipverify">metrics.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| metrics.otlp.http.tls.key | TLS key | | | <a id="metrics-otlp-http-tls-key" href="#metrics-otlp-http-tls-key" title="#metrics-otlp-http-tls-key">metrics.otlp.http.tls.key</a> | TLS key | |
| metrics.otlp.pushinterval | Period between calls to collect a checkpoint. | 10 | | <a id="metrics-otlp-pushinterval" href="#metrics-otlp-pushinterval" title="#metrics-otlp-pushinterval">metrics.otlp.pushinterval</a> | Period between calls to collect a checkpoint. | 10 |
| metrics.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | | | <a id="metrics-otlp-resourceattributes-name" href="#metrics-otlp-resourceattributes-name" title="#metrics-otlp-resourceattributes-name">metrics.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| metrics.otlp.servicename | Defines the service name resource attribute. | traefik | | <a id="metrics-otlp-servicename" href="#metrics-otlp-servicename" title="#metrics-otlp-servicename">metrics.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| metrics.prometheus | Prometheus metrics exporter type. | false | | <a id="metrics-prometheus" href="#metrics-prometheus" title="#metrics-prometheus">metrics.prometheus</a> | Prometheus metrics exporter type. | false |
| metrics.prometheus.addentrypointslabels | Enable metrics on entry points. | true | | <a id="metrics-prometheus-addentrypointslabels" href="#metrics-prometheus-addentrypointslabels" title="#metrics-prometheus-addentrypointslabels">metrics.prometheus.addentrypointslabels</a> | Enable metrics on entry points. | true |
| metrics.prometheus.addrouterslabels | Enable metrics on routers. | false | | <a id="metrics-prometheus-addrouterslabels" href="#metrics-prometheus-addrouterslabels" title="#metrics-prometheus-addrouterslabels">metrics.prometheus.addrouterslabels</a> | Enable metrics on routers. | false |
| metrics.prometheus.addserviceslabels | Enable metrics on services. | true | | <a id="metrics-prometheus-addserviceslabels" href="#metrics-prometheus-addserviceslabels" title="#metrics-prometheus-addserviceslabels">metrics.prometheus.addserviceslabels</a> | Enable metrics on services. | true |
| metrics.prometheus.buckets | Buckets for latency metrics. | 0.100000, 0.300000, 1.200000, 5.000000 | | <a id="metrics-prometheus-buckets" href="#metrics-prometheus-buckets" title="#metrics-prometheus-buckets">metrics.prometheus.buckets</a> | Buckets for latency metrics. | 0.100000, 0.300000, 1.200000, 5.000000 |
| metrics.prometheus.entrypoint | EntryPoint | traefik | | <a id="metrics-prometheus-entrypoint" href="#metrics-prometheus-entrypoint" title="#metrics-prometheus-entrypoint">metrics.prometheus.entrypoint</a> | EntryPoint | traefik |
| metrics.prometheus.headerlabels._name_ | Defines the extra labels for the requests_total metrics, and for each of them, the request header containing the value for this label. | | | <a id="metrics-prometheus-headerlabels-name" href="#metrics-prometheus-headerlabels-name" title="#metrics-prometheus-headerlabels-name">metrics.prometheus.headerlabels._name_</a> | Defines the extra labels for the requests_total metrics, and for each of them, the request header containing the value for this label. | |
| metrics.prometheus.manualrouting | Manual routing | false | | <a id="metrics-prometheus-manualrouting" href="#metrics-prometheus-manualrouting" title="#metrics-prometheus-manualrouting">metrics.prometheus.manualrouting</a> | Manual routing | false |
| metrics.statsd | StatsD metrics exporter type. | false | | <a id="metrics-statsd" href="#metrics-statsd" title="#metrics-statsd">metrics.statsd</a> | StatsD metrics exporter type. | false |
| metrics.statsd.addentrypointslabels | Enable metrics on entry points. | true | | <a id="metrics-statsd-addentrypointslabels" href="#metrics-statsd-addentrypointslabels" title="#metrics-statsd-addentrypointslabels">metrics.statsd.addentrypointslabels</a> | Enable metrics on entry points. | true |
| metrics.statsd.address | StatsD address. | localhost:8125 | | <a id="metrics-statsd-address" href="#metrics-statsd-address" title="#metrics-statsd-address">metrics.statsd.address</a> | StatsD address. | localhost:8125 |
| metrics.statsd.addrouterslabels | Enable metrics on routers. | false | | <a id="metrics-statsd-addrouterslabels" href="#metrics-statsd-addrouterslabels" title="#metrics-statsd-addrouterslabels">metrics.statsd.addrouterslabels</a> | Enable metrics on routers. | false |
| metrics.statsd.addserviceslabels | Enable metrics on services. | true | | <a id="metrics-statsd-addserviceslabels" href="#metrics-statsd-addserviceslabels" title="#metrics-statsd-addserviceslabels">metrics.statsd.addserviceslabels</a> | Enable metrics on services. | true |
| metrics.statsd.prefix | Prefix to use for metrics collection. | traefik | | <a id="metrics-statsd-prefix" href="#metrics-statsd-prefix" title="#metrics-statsd-prefix">metrics.statsd.prefix</a> | Prefix to use for metrics collection. | traefik |
| metrics.statsd.pushinterval | StatsD push interval. | 10 | | <a id="metrics-statsd-pushinterval" href="#metrics-statsd-pushinterval" title="#metrics-statsd-pushinterval">metrics.statsd.pushinterval</a> | StatsD push interval. | 10 |
| ocsp | OCSP configuration. | false | | <a id="ocsp" href="#ocsp" title="#ocsp">ocsp</a> | OCSP configuration. | false |
| ocsp.responderoverrides._name_ | Defines a map of OCSP responders to replace for querying OCSP servers. | | | <a id="ocsp-responderoverrides-name" href="#ocsp-responderoverrides-name" title="#ocsp-responderoverrides-name">ocsp.responderoverrides._name_</a> | Defines a map of OCSP responders to replace for querying OCSP servers. | |
| ping | Enable ping. | false | | <a id="ping" href="#ping" title="#ping">ping</a> | Enable ping. | false |
| ping.entrypoint | EntryPoint | traefik | | <a id="ping-entrypoint" href="#ping-entrypoint" title="#ping-entrypoint">ping.entrypoint</a> | EntryPoint | traefik |
| ping.manualrouting | Manual routing | false | | <a id="ping-manualrouting" href="#ping-manualrouting" title="#ping-manualrouting">ping.manualrouting</a> | Manual routing | false |
| ping.terminatingstatuscode | Terminating status code | 503 | | <a id="ping-terminatingstatuscode" href="#ping-terminatingstatuscode" title="#ping-terminatingstatuscode">ping.terminatingstatuscode</a> | Terminating status code | 503 |
| providers.consul | Enable Consul backend with default settings. | false | | <a id="providers-consul" href="#providers-consul" title="#providers-consul">providers.consul</a> | Enable Consul backend with default settings. | false |
| providers.consul.endpoints | KV store endpoints. | 127.0.0.1:8500 | | <a id="providers-consul-endpoints" href="#providers-consul-endpoints" title="#providers-consul-endpoints">providers.consul.endpoints</a> | KV store endpoints. | 127.0.0.1:8500 |
| providers.consul.namespaces | Sets the namespaces used to discover the configuration (Consul Enterprise only). | | | <a id="providers-consul-namespaces" href="#providers-consul-namespaces" title="#providers-consul-namespaces">providers.consul.namespaces</a> | Sets the namespaces used to discover the configuration (Consul Enterprise only). | |
| providers.consul.rootkey | Root key used for KV store. | traefik | | <a id="providers-consul-rootkey" href="#providers-consul-rootkey" title="#providers-consul-rootkey">providers.consul.rootkey</a> | Root key used for KV store. | traefik |
| providers.consul.tls.ca | TLS CA | | | <a id="providers-consul-tls-ca" href="#providers-consul-tls-ca" title="#providers-consul-tls-ca">providers.consul.tls.ca</a> | TLS CA | |
| providers.consul.tls.cert | TLS cert | | | <a id="providers-consul-tls-cert" href="#providers-consul-tls-cert" title="#providers-consul-tls-cert">providers.consul.tls.cert</a> | TLS cert | |
| providers.consul.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-consul-tls-insecureskipverify" href="#providers-consul-tls-insecureskipverify" title="#providers-consul-tls-insecureskipverify">providers.consul.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.consul.tls.key | TLS key | | | <a id="providers-consul-tls-key" href="#providers-consul-tls-key" title="#providers-consul-tls-key">providers.consul.tls.key</a> | TLS key | |
| providers.consul.token | Per-request ACL token. | | | <a id="providers-consul-token" href="#providers-consul-token" title="#providers-consul-token">providers.consul.token</a> | Per-request ACL token. | |
| providers.consulcatalog | Enable ConsulCatalog backend with default settings. | false | | <a id="providers-consulcatalog" href="#providers-consulcatalog" title="#providers-consulcatalog">providers.consulcatalog</a> | Enable ConsulCatalog backend with default settings. | false |
| providers.consulcatalog.cache | Use local agent caching for catalog reads. | false | | <a id="providers-consulcatalog-cache" href="#providers-consulcatalog-cache" title="#providers-consulcatalog-cache">providers.consulcatalog.cache</a> | Use local agent caching for catalog reads. | false |
| providers.consulcatalog.connectaware | Enable Consul Connect support. | false | | <a id="providers-consulcatalog-connectaware" href="#providers-consulcatalog-connectaware" title="#providers-consulcatalog-connectaware">providers.consulcatalog.connectaware</a> | Enable Consul Connect support. | false |
| providers.consulcatalog.connectbydefault | Consider every service as Connect capable by default. | false | | <a id="providers-consulcatalog-connectbydefault" href="#providers-consulcatalog-connectbydefault" title="#providers-consulcatalog-connectbydefault">providers.consulcatalog.connectbydefault</a> | Consider every service as Connect capable by default. | false |
| providers.consulcatalog.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | | | <a id="providers-consulcatalog-constraints" href="#providers-consulcatalog-constraints" title="#providers-consulcatalog-constraints">providers.consulcatalog.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.consulcatalog.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) | | <a id="providers-consulcatalog-defaultrule" href="#providers-consulcatalog-defaultrule" title="#providers-consulcatalog-defaultrule">providers.consulcatalog.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.consulcatalog.endpoint.address | The address of the Consul server | | | <a id="providers-consulcatalog-endpoint-address" href="#providers-consulcatalog-endpoint-address" title="#providers-consulcatalog-endpoint-address">providers.consulcatalog.endpoint.address</a> | The address of the Consul server | |
| providers.consulcatalog.endpoint.datacenter | Data center to use. If not provided, the default agent data center is used | | | <a id="providers-consulcatalog-endpoint-datacenter" href="#providers-consulcatalog-endpoint-datacenter" title="#providers-consulcatalog-endpoint-datacenter">providers.consulcatalog.endpoint.datacenter</a> | Data center to use. If not provided, the default agent data center is used | |
| providers.consulcatalog.endpoint.endpointwaittime | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 | | <a id="providers-consulcatalog-endpoint-endpointwaittime" href="#providers-consulcatalog-endpoint-endpointwaittime" title="#providers-consulcatalog-endpoint-endpointwaittime">providers.consulcatalog.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| providers.consulcatalog.endpoint.httpauth.password | Basic Auth password | | | <a id="providers-consulcatalog-endpoint-httpauth-password" href="#providers-consulcatalog-endpoint-httpauth-password" title="#providers-consulcatalog-endpoint-httpauth-password">providers.consulcatalog.endpoint.httpauth.password</a> | Basic Auth password | |
| providers.consulcatalog.endpoint.httpauth.username | Basic Auth username | | | <a id="providers-consulcatalog-endpoint-httpauth-username" href="#providers-consulcatalog-endpoint-httpauth-username" title="#providers-consulcatalog-endpoint-httpauth-username">providers.consulcatalog.endpoint.httpauth.username</a> | Basic Auth username | |
| providers.consulcatalog.endpoint.scheme | The URI scheme for the Consul server | | | <a id="providers-consulcatalog-endpoint-scheme" href="#providers-consulcatalog-endpoint-scheme" title="#providers-consulcatalog-endpoint-scheme">providers.consulcatalog.endpoint.scheme</a> | The URI scheme for the Consul server | |
| providers.consulcatalog.endpoint.tls.ca | TLS CA | | | <a id="providers-consulcatalog-endpoint-tls-ca" href="#providers-consulcatalog-endpoint-tls-ca" title="#providers-consulcatalog-endpoint-tls-ca">providers.consulcatalog.endpoint.tls.ca</a> | TLS CA | |
| providers.consulcatalog.endpoint.tls.cert | TLS cert | | | <a id="providers-consulcatalog-endpoint-tls-cert" href="#providers-consulcatalog-endpoint-tls-cert" title="#providers-consulcatalog-endpoint-tls-cert">providers.consulcatalog.endpoint.tls.cert</a> | TLS cert | |
| providers.consulcatalog.endpoint.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-consulcatalog-endpoint-tls-insecureskipverify" href="#providers-consulcatalog-endpoint-tls-insecureskipverify" title="#providers-consulcatalog-endpoint-tls-insecureskipverify">providers.consulcatalog.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.consulcatalog.endpoint.tls.key | TLS key | | | <a id="providers-consulcatalog-endpoint-tls-key" href="#providers-consulcatalog-endpoint-tls-key" title="#providers-consulcatalog-endpoint-tls-key">providers.consulcatalog.endpoint.tls.key</a> | TLS key | |
| providers.consulcatalog.endpoint.token | Token is used to provide a per-request ACL token which overrides the agent's default token | | | <a id="providers-consulcatalog-endpoint-token" href="#providers-consulcatalog-endpoint-token" title="#providers-consulcatalog-endpoint-token">providers.consulcatalog.endpoint.token</a> | Token is used to provide a per-request ACL token which overrides the agent's default token | |
| providers.consulcatalog.exposedbydefault | Expose containers by default. | true | | <a id="providers-consulcatalog-exposedbydefault" href="#providers-consulcatalog-exposedbydefault" title="#providers-consulcatalog-exposedbydefault">providers.consulcatalog.exposedbydefault</a> | Expose containers by default. | true |
| providers.consulcatalog.namespaces | Sets the namespaces used to discover services (Consul Enterprise only). | | | <a id="providers-consulcatalog-namespaces" href="#providers-consulcatalog-namespaces" title="#providers-consulcatalog-namespaces">providers.consulcatalog.namespaces</a> | Sets the namespaces used to discover services (Consul Enterprise only). | |
| providers.consulcatalog.prefix | Prefix for consul service tags. | traefik | | <a id="providers-consulcatalog-prefix" href="#providers-consulcatalog-prefix" title="#providers-consulcatalog-prefix">providers.consulcatalog.prefix</a> | Prefix for consul service tags. | traefik |
| providers.consulcatalog.refreshinterval | Interval for check Consul API. | 15 | | <a id="providers-consulcatalog-refreshinterval" href="#providers-consulcatalog-refreshinterval" title="#providers-consulcatalog-refreshinterval">providers.consulcatalog.refreshinterval</a> | Interval for check Consul API. | 15 |
| providers.consulcatalog.requireconsistent | Forces the read to be fully consistent. | false | | <a id="providers-consulcatalog-requireconsistent" href="#providers-consulcatalog-requireconsistent" title="#providers-consulcatalog-requireconsistent">providers.consulcatalog.requireconsistent</a> | Forces the read to be fully consistent. | false |
| providers.consulcatalog.servicename | Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). | traefik | | <a id="providers-consulcatalog-servicename" href="#providers-consulcatalog-servicename" title="#providers-consulcatalog-servicename">providers.consulcatalog.servicename</a> | Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). | traefik |
| providers.consulcatalog.stale | Use stale consistency for catalog reads. | false | | <a id="providers-consulcatalog-stale" href="#providers-consulcatalog-stale" title="#providers-consulcatalog-stale">providers.consulcatalog.stale</a> | Use stale consistency for catalog reads. | false |
| providers.consulcatalog.strictchecks | A list of service health statuses to allow taking traffic. | passing, warning | | <a id="providers-consulcatalog-strictchecks" href="#providers-consulcatalog-strictchecks" title="#providers-consulcatalog-strictchecks">providers.consulcatalog.strictchecks</a> | A list of service health statuses to allow taking traffic. | passing, warning |
| providers.consulcatalog.watch | Watch Consul API events. | false | | <a id="providers-consulcatalog-watch" href="#providers-consulcatalog-watch" title="#providers-consulcatalog-watch">providers.consulcatalog.watch</a> | Watch Consul API events. | false |
| providers.docker | Enable Docker backend with default settings. | false | | <a id="providers-docker" href="#providers-docker" title="#providers-docker">providers.docker</a> | Enable Docker backend with default settings. | false |
| providers.docker.allowemptyservices | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false | | <a id="providers-docker-allowemptyservices" href="#providers-docker-allowemptyservices" title="#providers-docker-allowemptyservices">providers.docker.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| providers.docker.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | | | <a id="providers-docker-constraints" href="#providers-docker-constraints" title="#providers-docker-constraints">providers.docker.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.docker.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) | | <a id="providers-docker-defaultrule" href="#providers-docker-defaultrule" title="#providers-docker-defaultrule">providers.docker.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.docker.endpoint | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock | | <a id="providers-docker-endpoint" href="#providers-docker-endpoint" title="#providers-docker-endpoint">providers.docker.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| providers.docker.exposedbydefault | Expose containers by default. | true | | <a id="providers-docker-exposedbydefault" href="#providers-docker-exposedbydefault" title="#providers-docker-exposedbydefault">providers.docker.exposedbydefault</a> | Expose containers by default. | true |
| providers.docker.httpclienttimeout | Client timeout for HTTP connections. | 0 | | <a id="providers-docker-httpclienttimeout" href="#providers-docker-httpclienttimeout" title="#providers-docker-httpclienttimeout">providers.docker.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
| providers.docker.network | Default Docker network used. | | | <a id="providers-docker-network" href="#providers-docker-network" title="#providers-docker-network">providers.docker.network</a> | Default Docker network used. | |
| providers.docker.password | Password for Basic HTTP authentication. | | | <a id="providers-docker-password" href="#providers-docker-password" title="#providers-docker-password">providers.docker.password</a> | Password for Basic HTTP authentication. | |
| providers.docker.tls.ca | TLS CA | | | <a id="providers-docker-tls-ca" href="#providers-docker-tls-ca" title="#providers-docker-tls-ca">providers.docker.tls.ca</a> | TLS CA | |
| providers.docker.tls.cert | TLS cert | | | <a id="providers-docker-tls-cert" href="#providers-docker-tls-cert" title="#providers-docker-tls-cert">providers.docker.tls.cert</a> | TLS cert | |
| providers.docker.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-docker-tls-insecureskipverify" href="#providers-docker-tls-insecureskipverify" title="#providers-docker-tls-insecureskipverify">providers.docker.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.docker.tls.key | TLS key | | | <a id="providers-docker-tls-key" href="#providers-docker-tls-key" title="#providers-docker-tls-key">providers.docker.tls.key</a> | TLS key | |
| providers.docker.usebindportip | Use the ip address from the bound port, rather than from the inner network. | false | | <a id="providers-docker-usebindportip" href="#providers-docker-usebindportip" title="#providers-docker-usebindportip">providers.docker.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
| providers.docker.username | Username for Basic HTTP authentication. | | | <a id="providers-docker-username" href="#providers-docker-username" title="#providers-docker-username">providers.docker.username</a> | Username for Basic HTTP authentication. | |
| providers.docker.watch | Watch Docker events. | true | | <a id="providers-docker-watch" href="#providers-docker-watch" title="#providers-docker-watch">providers.docker.watch</a> | Watch Docker events. | true |
| providers.ecs | Enable AWS ECS backend with default settings. | false | | <a id="providers-ecs" href="#providers-ecs" title="#providers-ecs">providers.ecs</a> | Enable AWS ECS backend with default settings. | false |
| providers.ecs.accesskeyid | AWS credentials access key ID to use for making requests. | | | <a id="providers-ecs-accesskeyid" href="#providers-ecs-accesskeyid" title="#providers-ecs-accesskeyid">providers.ecs.accesskeyid</a> | AWS credentials access key ID to use for making requests. | |
| providers.ecs.autodiscoverclusters | Auto discover cluster. | false | | <a id="providers-ecs-autodiscoverclusters" href="#providers-ecs-autodiscoverclusters" title="#providers-ecs-autodiscoverclusters">providers.ecs.autodiscoverclusters</a> | Auto discover cluster. | false |
| providers.ecs.clusters | ECS Cluster names. | default | | <a id="providers-ecs-clusters" href="#providers-ecs-clusters" title="#providers-ecs-clusters">providers.ecs.clusters</a> | ECS Cluster names. | default |
| providers.ecs.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | | | <a id="providers-ecs-constraints" href="#providers-ecs-constraints" title="#providers-ecs-constraints">providers.ecs.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.ecs.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) | | <a id="providers-ecs-defaultrule" href="#providers-ecs-defaultrule" title="#providers-ecs-defaultrule">providers.ecs.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.ecs.ecsanywhere | Enable ECS Anywhere support. | false | | <a id="providers-ecs-ecsanywhere" href="#providers-ecs-ecsanywhere" title="#providers-ecs-ecsanywhere">providers.ecs.ecsanywhere</a> | Enable ECS Anywhere support. | false |
| providers.ecs.exposedbydefault | Expose services by default. | true | | <a id="providers-ecs-exposedbydefault" href="#providers-ecs-exposedbydefault" title="#providers-ecs-exposedbydefault">providers.ecs.exposedbydefault</a> | Expose services by default. | true |
| providers.ecs.healthytasksonly | Determines whether to discover only healthy tasks. | false | | <a id="providers-ecs-healthytasksonly" href="#providers-ecs-healthytasksonly" title="#providers-ecs-healthytasksonly">providers.ecs.healthytasksonly</a> | Determines whether to discover only healthy tasks. | false |
| providers.ecs.refreshseconds | Polling interval (in seconds). | 15 | | <a id="providers-ecs-refreshseconds" href="#providers-ecs-refreshseconds" title="#providers-ecs-refreshseconds">providers.ecs.refreshseconds</a> | Polling interval (in seconds). | 15 |
| providers.ecs.region | AWS region to use for requests. | | | <a id="providers-ecs-region" href="#providers-ecs-region" title="#providers-ecs-region">providers.ecs.region</a> | AWS region to use for requests. | |
| providers.ecs.secretaccesskey | AWS credentials access key to use for making requests. | | | <a id="providers-ecs-secretaccesskey" href="#providers-ecs-secretaccesskey" title="#providers-ecs-secretaccesskey">providers.ecs.secretaccesskey</a> | AWS credentials access key to use for making requests. | |
| providers.etcd | Enable Etcd backend with default settings. | false | | <a id="providers-etcd" href="#providers-etcd" title="#providers-etcd">providers.etcd</a> | Enable Etcd backend with default settings. | false |
| providers.etcd.endpoints | KV store endpoints. | 127.0.0.1:2379 | | <a id="providers-etcd-endpoints" href="#providers-etcd-endpoints" title="#providers-etcd-endpoints">providers.etcd.endpoints</a> | KV store endpoints. | 127.0.0.1:2379 |
| providers.etcd.password | Password for authentication. | | | <a id="providers-etcd-password" href="#providers-etcd-password" title="#providers-etcd-password">providers.etcd.password</a> | Password for authentication. | |
| providers.etcd.rootkey | Root key used for KV store. | traefik | | <a id="providers-etcd-rootkey" href="#providers-etcd-rootkey" title="#providers-etcd-rootkey">providers.etcd.rootkey</a> | Root key used for KV store. | traefik |
| providers.etcd.tls.ca | TLS CA | | | <a id="providers-etcd-tls-ca" href="#providers-etcd-tls-ca" title="#providers-etcd-tls-ca">providers.etcd.tls.ca</a> | TLS CA | |
| providers.etcd.tls.cert | TLS cert | | | <a id="providers-etcd-tls-cert" href="#providers-etcd-tls-cert" title="#providers-etcd-tls-cert">providers.etcd.tls.cert</a> | TLS cert | |
| providers.etcd.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-etcd-tls-insecureskipverify" href="#providers-etcd-tls-insecureskipverify" title="#providers-etcd-tls-insecureskipverify">providers.etcd.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.etcd.tls.key | TLS key | | | <a id="providers-etcd-tls-key" href="#providers-etcd-tls-key" title="#providers-etcd-tls-key">providers.etcd.tls.key</a> | TLS key | |
| providers.etcd.username | Username for authentication. | | | <a id="providers-etcd-username" href="#providers-etcd-username" title="#providers-etcd-username">providers.etcd.username</a> | Username for authentication. | |
| providers.file.debugloggeneratedtemplate | Enable debug logging of generated configuration template. | false | | <a id="providers-file-debugloggeneratedtemplate" href="#providers-file-debugloggeneratedtemplate" title="#providers-file-debugloggeneratedtemplate">providers.file.debugloggeneratedtemplate</a> | Enable debug logging of generated configuration template. | false |
| providers.file.directory | Load dynamic configuration from one or more .yml or .toml files in a directory. | | | <a id="providers-file-directory" href="#providers-file-directory" title="#providers-file-directory">providers.file.directory</a> | Load dynamic configuration from one or more .yml or .toml files in a directory. | |
| providers.file.filename | Load dynamic configuration from a file. | | | <a id="providers-file-filename" href="#providers-file-filename" title="#providers-file-filename">providers.file.filename</a> | Load dynamic configuration from a file. | |
| providers.file.watch | Watch provider. | true | | <a id="providers-file-watch" href="#providers-file-watch" title="#providers-file-watch">providers.file.watch</a> | Watch provider. | true |
| providers.http | Enable HTTP backend with default settings. | false | | <a id="providers-http" href="#providers-http" title="#providers-http">providers.http</a> | Enable HTTP backend with default settings. | false |
| providers.http.endpoint | Load configuration from this endpoint. | | | <a id="providers-http-endpoint" href="#providers-http-endpoint" title="#providers-http-endpoint">providers.http.endpoint</a> | Load configuration from this endpoint. | |
| providers.http.headers._name_ | Define custom headers to be sent to the endpoint. | | | <a id="providers-http-headers-name" href="#providers-http-headers-name" title="#providers-http-headers-name">providers.http.headers._name_</a> | Define custom headers to be sent to the endpoint. | |
| providers.http.pollinterval | Polling interval for endpoint. | 5 | | <a id="providers-http-pollinterval" href="#providers-http-pollinterval" title="#providers-http-pollinterval">providers.http.pollinterval</a> | Polling interval for endpoint. | 5 |
| providers.http.polltimeout | Polling timeout for endpoint. | 5 | | <a id="providers-http-polltimeout" href="#providers-http-polltimeout" title="#providers-http-polltimeout">providers.http.polltimeout</a> | Polling timeout for endpoint. | 5 |
| providers.http.tls.ca | TLS CA | | | <a id="providers-http-tls-ca" href="#providers-http-tls-ca" title="#providers-http-tls-ca">providers.http.tls.ca</a> | TLS CA | |
| providers.http.tls.cert | TLS cert | | | <a id="providers-http-tls-cert" href="#providers-http-tls-cert" title="#providers-http-tls-cert">providers.http.tls.cert</a> | TLS cert | |
| providers.http.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-http-tls-insecureskipverify" href="#providers-http-tls-insecureskipverify" title="#providers-http-tls-insecureskipverify">providers.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.http.tls.key | TLS key | | | <a id="providers-http-tls-key" href="#providers-http-tls-key" title="#providers-http-tls-key">providers.http.tls.key</a> | TLS key | |
| providers.kubernetescrd | Enable Kubernetes backend with default settings. | false | | <a id="providers-kubernetescrd" href="#providers-kubernetescrd" title="#providers-kubernetescrd">providers.kubernetescrd</a> | Enable Kubernetes backend with default settings. | false |
| providers.kubernetescrd.allowcrossnamespace | Allow cross namespace resource reference. | false | | <a id="providers-kubernetescrd-allowcrossnamespace" href="#providers-kubernetescrd-allowcrossnamespace" title="#providers-kubernetescrd-allowcrossnamespace">providers.kubernetescrd.allowcrossnamespace</a> | Allow cross namespace resource reference. | false |
| providers.kubernetescrd.allowemptyservices | Allow the creation of services without endpoints. | false | | <a id="providers-kubernetescrd-allowemptyservices" href="#providers-kubernetescrd-allowemptyservices" title="#providers-kubernetescrd-allowemptyservices">providers.kubernetescrd.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
| providers.kubernetescrd.allowexternalnameservices | Allow ExternalName services. | false | | <a id="providers-kubernetescrd-allowexternalnameservices" href="#providers-kubernetescrd-allowexternalnameservices" title="#providers-kubernetescrd-allowexternalnameservices">providers.kubernetescrd.allowexternalnameservices</a> | Allow ExternalName services. | false |
| providers.kubernetescrd.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | | | <a id="providers-kubernetescrd-certauthfilepath" href="#providers-kubernetescrd-certauthfilepath" title="#providers-kubernetescrd-certauthfilepath">providers.kubernetescrd.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetescrd.disableclusterscoperesources | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false | | <a id="providers-kubernetescrd-disableclusterscoperesources" href="#providers-kubernetescrd-disableclusterscoperesources" title="#providers-kubernetescrd-disableclusterscoperesources">providers.kubernetescrd.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| providers.kubernetescrd.endpoint | Kubernetes server endpoint (required for external cluster client). | | | <a id="providers-kubernetescrd-endpoint" href="#providers-kubernetescrd-endpoint" title="#providers-kubernetescrd-endpoint">providers.kubernetescrd.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetescrd.ingressclass | Value of kubernetes.io/ingress.class annotation to watch for. | | | <a id="providers-kubernetescrd-ingressclass" href="#providers-kubernetescrd-ingressclass" title="#providers-kubernetescrd-ingressclass">providers.kubernetescrd.ingressclass</a> | Value of kubernetes.io/ingress.class annotation to watch for. | |
| providers.kubernetescrd.labelselector | Kubernetes label selector to use. | | | <a id="providers-kubernetescrd-labelselector" href="#providers-kubernetescrd-labelselector" title="#providers-kubernetescrd-labelselector">providers.kubernetescrd.labelselector</a> | Kubernetes label selector to use. | |
| providers.kubernetescrd.namespaces | Kubernetes namespaces. | | | <a id="providers-kubernetescrd-namespaces" href="#providers-kubernetescrd-namespaces" title="#providers-kubernetescrd-namespaces">providers.kubernetescrd.namespaces</a> | Kubernetes namespaces. | |
| providers.kubernetescrd.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing mode by default. | false | | <a id="providers-kubernetescrd-nativelbbydefault" href="#providers-kubernetescrd-nativelbbydefault" title="#providers-kubernetescrd-nativelbbydefault">providers.kubernetescrd.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| providers.kubernetescrd.throttleduration | Ingress refresh throttle duration | 0 | | <a id="providers-kubernetescrd-throttleduration" href="#providers-kubernetescrd-throttleduration" title="#providers-kubernetescrd-throttleduration">providers.kubernetescrd.throttleduration</a> | Ingress refresh throttle duration | 0 |
| providers.kubernetescrd.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | | | <a id="providers-kubernetescrd-token" href="#providers-kubernetescrd-token" title="#providers-kubernetescrd-token">providers.kubernetescrd.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesgateway | Enable Kubernetes gateway api provider with default settings. | false | | <a id="providers-kubernetesgateway" href="#providers-kubernetesgateway" title="#providers-kubernetesgateway">providers.kubernetesgateway</a> | Enable Kubernetes gateway api provider with default settings. | false |
| providers.kubernetesgateway.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | | | <a id="providers-kubernetesgateway-certauthfilepath" href="#providers-kubernetesgateway-certauthfilepath" title="#providers-kubernetesgateway-certauthfilepath">providers.kubernetesgateway.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetesgateway.endpoint | Kubernetes server endpoint (required for external cluster client). | | | <a id="providers-kubernetesgateway-endpoint" href="#providers-kubernetesgateway-endpoint" title="#providers-kubernetesgateway-endpoint">providers.kubernetesgateway.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetesgateway.experimentalchannel | Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). | false | | <a id="providers-kubernetesgateway-experimentalchannel" href="#providers-kubernetesgateway-experimentalchannel" title="#providers-kubernetesgateway-experimentalchannel">providers.kubernetesgateway.experimentalchannel</a> | Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). | false |
| providers.kubernetesgateway.labelselector | Kubernetes label selector to select specific GatewayClasses. | | | <a id="providers-kubernetesgateway-labelselector" href="#providers-kubernetesgateway-labelselector" title="#providers-kubernetesgateway-labelselector">providers.kubernetesgateway.labelselector</a> | Kubernetes label selector to select specific GatewayClasses. | |
| providers.kubernetesgateway.namespaces | Kubernetes namespaces. | | | <a id="providers-kubernetesgateway-namespaces" href="#providers-kubernetesgateway-namespaces" title="#providers-kubernetesgateway-namespaces">providers.kubernetesgateway.namespaces</a> | Kubernetes namespaces. | |
| providers.kubernetesgateway.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing by default. | false | | <a id="providers-kubernetesgateway-nativelbbydefault" href="#providers-kubernetesgateway-nativelbbydefault" title="#providers-kubernetesgateway-nativelbbydefault">providers.kubernetesgateway.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing by default. | false |
| providers.kubernetesgateway.statusaddress.hostname | Hostname used for Kubernetes Gateway status address. | | | <a id="providers-kubernetesgateway-statusaddress-hostname" href="#providers-kubernetesgateway-statusaddress-hostname" title="#providers-kubernetesgateway-statusaddress-hostname">providers.kubernetesgateway.statusaddress.hostname</a> | Hostname used for Kubernetes Gateway status address. | |
| providers.kubernetesgateway.statusaddress.ip | IP used to set Kubernetes Gateway status address. | | | <a id="providers-kubernetesgateway-statusaddress-ip" href="#providers-kubernetesgateway-statusaddress-ip" title="#providers-kubernetesgateway-statusaddress-ip">providers.kubernetesgateway.statusaddress.ip</a> | IP used to set Kubernetes Gateway status address. | |
| providers.kubernetesgateway.statusaddress.service | Published Kubernetes Service to copy status addresses from. | | | <a id="providers-kubernetesgateway-statusaddress-service" href="#providers-kubernetesgateway-statusaddress-service" title="#providers-kubernetesgateway-statusaddress-service">providers.kubernetesgateway.statusaddress.service</a> | Published Kubernetes Service to copy status addresses from. | |
| providers.kubernetesgateway.statusaddress.service.name | Name of the Kubernetes service. | | | <a id="providers-kubernetesgateway-statusaddress-service-name" href="#providers-kubernetesgateway-statusaddress-service-name" title="#providers-kubernetesgateway-statusaddress-service-name">providers.kubernetesgateway.statusaddress.service.name</a> | Name of the Kubernetes service. | |
| providers.kubernetesgateway.statusaddress.service.namespace | Namespace of the Kubernetes service. | | | <a id="providers-kubernetesgateway-statusaddress-service-namespace" href="#providers-kubernetesgateway-statusaddress-service-namespace" title="#providers-kubernetesgateway-statusaddress-service-namespace">providers.kubernetesgateway.statusaddress.service.namespace</a> | Namespace of the Kubernetes service. | |
| providers.kubernetesgateway.throttleduration | Kubernetes refresh throttle duration | 0 | | <a id="providers-kubernetesgateway-throttleduration" href="#providers-kubernetesgateway-throttleduration" title="#providers-kubernetesgateway-throttleduration">providers.kubernetesgateway.throttleduration</a> | Kubernetes refresh throttle duration | 0 |
| providers.kubernetesgateway.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | | | <a id="providers-kubernetesgateway-token" href="#providers-kubernetesgateway-token" title="#providers-kubernetesgateway-token">providers.kubernetesgateway.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesingress | Enable Kubernetes backend with default settings. | false | | <a id="providers-kubernetesingress" href="#providers-kubernetesingress" title="#providers-kubernetesingress">providers.kubernetesingress</a> | Enable Kubernetes backend with default settings. | false |
| providers.kubernetesingress.allowemptyservices | Allow creation of services without endpoints. | false | | <a id="providers-kubernetesingress-allowemptyservices" href="#providers-kubernetesingress-allowemptyservices" title="#providers-kubernetesingress-allowemptyservices">providers.kubernetesingress.allowemptyservices</a> | Allow creation of services without endpoints. | false |
| providers.kubernetesingress.allowexternalnameservices | Allow ExternalName services. | false | | <a id="providers-kubernetesingress-allowexternalnameservices" href="#providers-kubernetesingress-allowexternalnameservices" title="#providers-kubernetesingress-allowexternalnameservices">providers.kubernetesingress.allowexternalnameservices</a> | Allow ExternalName services. | false |
| providers.kubernetesingress.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | | | <a id="providers-kubernetesingress-certauthfilepath" href="#providers-kubernetesingress-certauthfilepath" title="#providers-kubernetesingress-certauthfilepath">providers.kubernetesingress.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetesingress.disableclusterscoperesources | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false | | <a id="providers-kubernetesingress-disableclusterscoperesources" href="#providers-kubernetesingress-disableclusterscoperesources" title="#providers-kubernetesingress-disableclusterscoperesources">providers.kubernetesingress.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| providers.kubernetesingress.disableingressclasslookup | Disables the lookup of IngressClasses (Deprecated, please use DisableClusterScopeResources). | false | | <a id="providers-kubernetesingress-disableingressclasslookup" href="#providers-kubernetesingress-disableingressclasslookup" title="#providers-kubernetesingress-disableingressclasslookup">providers.kubernetesingress.disableingressclasslookup</a> | Disables the lookup of IngressClasses (Deprecated, please use DisableClusterScopeResources). | false |
| providers.kubernetesingress.endpoint | Kubernetes server endpoint (required for external cluster client). | | | <a id="providers-kubernetesingress-endpoint" href="#providers-kubernetesingress-endpoint" title="#providers-kubernetesingress-endpoint">providers.kubernetesingress.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetesingress.ingressclass | Value of kubernetes.io/ingress.class annotation or IngressClass name to watch for. | | | <a id="providers-kubernetesingress-ingressclass" href="#providers-kubernetesingress-ingressclass" title="#providers-kubernetesingress-ingressclass">providers.kubernetesingress.ingressclass</a> | Value of kubernetes.io/ingress.class annotation or IngressClass name to watch for. | |
| providers.kubernetesingress.ingressendpoint.hostname | Hostname used for Kubernetes Ingress endpoints. | | | <a id="providers-kubernetesingress-ingressendpoint-hostname" href="#providers-kubernetesingress-ingressendpoint-hostname" title="#providers-kubernetesingress-ingressendpoint-hostname">providers.kubernetesingress.ingressendpoint.hostname</a> | Hostname used for Kubernetes Ingress endpoints. | |
| providers.kubernetesingress.ingressendpoint.ip | IP used for Kubernetes Ingress endpoints. | | | <a id="providers-kubernetesingress-ingressendpoint-ip" href="#providers-kubernetesingress-ingressendpoint-ip" title="#providers-kubernetesingress-ingressendpoint-ip">providers.kubernetesingress.ingressendpoint.ip</a> | IP used for Kubernetes Ingress endpoints. | |
| providers.kubernetesingress.ingressendpoint.publishedservice | Published Kubernetes Service to copy status from. | | | <a id="providers-kubernetesingress-ingressendpoint-publishedservice" href="#providers-kubernetesingress-ingressendpoint-publishedservice" title="#providers-kubernetesingress-ingressendpoint-publishedservice">providers.kubernetesingress.ingressendpoint.publishedservice</a> | Published Kubernetes Service to copy status from. | |
| providers.kubernetesingress.labelselector | Kubernetes Ingress label selector to use. | | | <a id="providers-kubernetesingress-labelselector" href="#providers-kubernetesingress-labelselector" title="#providers-kubernetesingress-labelselector">providers.kubernetesingress.labelselector</a> | Kubernetes Ingress label selector to use. | |
| providers.kubernetesingress.namespaces | Kubernetes namespaces. | | | <a id="providers-kubernetesingress-namespaces" href="#providers-kubernetesingress-namespaces" title="#providers-kubernetesingress-namespaces">providers.kubernetesingress.namespaces</a> | Kubernetes namespaces. | |
| providers.kubernetesingress.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing mode by default. | false | | <a id="providers-kubernetesingress-nativelbbydefault" href="#providers-kubernetesingress-nativelbbydefault" title="#providers-kubernetesingress-nativelbbydefault">providers.kubernetesingress.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| providers.kubernetesingress.strictprefixmatching | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). | false | | <a id="providers-kubernetesingress-strictprefixmatching" href="#providers-kubernetesingress-strictprefixmatching" title="#providers-kubernetesingress-strictprefixmatching">providers.kubernetesingress.strictprefixmatching</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). | false |
| providers.kubernetesingress.throttleduration | Ingress refresh throttle duration | 0 | | <a id="providers-kubernetesingress-throttleduration" href="#providers-kubernetesingress-throttleduration" title="#providers-kubernetesingress-throttleduration">providers.kubernetesingress.throttleduration</a> | Ingress refresh throttle duration | 0 |
| providers.kubernetesingress.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | | | <a id="providers-kubernetesingress-token" href="#providers-kubernetesingress-token" title="#providers-kubernetesingress-token">providers.kubernetesingress.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesingressnginx | Enable Kubernetes Ingress NGINX provider. | false | | <a id="providers-kubernetesingressnginx" href="#providers-kubernetesingressnginx" title="#providers-kubernetesingressnginx">providers.kubernetesingressnginx</a> | Enable Kubernetes Ingress NGINX provider. | false |
| providers.kubernetesingressnginx.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | | | <a id="providers-kubernetesingressnginx-certauthfilepath" href="#providers-kubernetesingressnginx-certauthfilepath" title="#providers-kubernetesingressnginx-certauthfilepath">providers.kubernetesingressnginx.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| providers.kubernetesingressnginx.controllerclass | Ingress Class Controller value this controller satisfies. | k8s.io/ingress-nginx | | <a id="providers-kubernetesingressnginx-controllerclass" href="#providers-kubernetesingressnginx-controllerclass" title="#providers-kubernetesingressnginx-controllerclass">providers.kubernetesingressnginx.controllerclass</a> | Ingress Class Controller value this controller satisfies. | k8s.io/ingress-nginx |
| providers.kubernetesingressnginx.defaultbackendservice | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | | | <a id="providers-kubernetesingressnginx-defaultbackendservice" href="#providers-kubernetesingressnginx-defaultbackendservice" title="#providers-kubernetesingressnginx-defaultbackendservice">providers.kubernetesingressnginx.defaultbackendservice</a> | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | |
| providers.kubernetesingressnginx.disablesvcexternalname | Disable support for Services of type ExternalName. | false | | <a id="providers-kubernetesingressnginx-disablesvcexternalname" href="#providers-kubernetesingressnginx-disablesvcexternalname" title="#providers-kubernetesingressnginx-disablesvcexternalname">providers.kubernetesingressnginx.disablesvcexternalname</a> | Disable support for Services of type ExternalName. | false |
| providers.kubernetesingressnginx.endpoint | Kubernetes server endpoint (required for external cluster client). | | | <a id="providers-kubernetesingressnginx-endpoint" href="#providers-kubernetesingressnginx-endpoint" title="#providers-kubernetesingressnginx-endpoint">providers.kubernetesingressnginx.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| providers.kubernetesingressnginx.ingressclass | Name of the ingress class this controller satisfies. | nginx | | <a id="providers-kubernetesingressnginx-ingressclass" href="#providers-kubernetesingressnginx-ingressclass" title="#providers-kubernetesingressnginx-ingressclass">providers.kubernetesingressnginx.ingressclass</a> | Name of the ingress class this controller satisfies. | nginx |
| providers.kubernetesingressnginx.ingressclassbyname | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false | | <a id="providers-kubernetesingressnginx-ingressclassbyname" href="#providers-kubernetesingressnginx-ingressclassbyname" title="#providers-kubernetesingressnginx-ingressclassbyname">providers.kubernetesingressnginx.ingressclassbyname</a> | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false |
| providers.kubernetesingressnginx.publishservice | Service fronting the Ingress controller. Takes the form 'namespace/name'. | | | <a id="providers-kubernetesingressnginx-publishservice" href="#providers-kubernetesingressnginx-publishservice" title="#providers-kubernetesingressnginx-publishservice">providers.kubernetesingressnginx.publishservice</a> | Service fronting the Ingress controller. Takes the form 'namespace/name'. | |
| providers.kubernetesingressnginx.publishstatusaddress | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | | | <a id="providers-kubernetesingressnginx-publishstatusaddress" href="#providers-kubernetesingressnginx-publishstatusaddress" title="#providers-kubernetesingressnginx-publishstatusaddress">providers.kubernetesingressnginx.publishstatusaddress</a> | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | |
| providers.kubernetesingressnginx.throttleduration | Ingress refresh throttle duration. | 0 | | <a id="providers-kubernetesingressnginx-throttleduration" href="#providers-kubernetesingressnginx-throttleduration" title="#providers-kubernetesingressnginx-throttleduration">providers.kubernetesingressnginx.throttleduration</a> | Ingress refresh throttle duration. | 0 |
| providers.kubernetesingressnginx.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | | | <a id="providers-kubernetesingressnginx-token" href="#providers-kubernetesingressnginx-token" title="#providers-kubernetesingressnginx-token">providers.kubernetesingressnginx.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| providers.kubernetesingressnginx.watchingresswithoutclass | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false | | <a id="providers-kubernetesingressnginx-watchingresswithoutclass" href="#providers-kubernetesingressnginx-watchingresswithoutclass" title="#providers-kubernetesingressnginx-watchingresswithoutclass">providers.kubernetesingressnginx.watchingresswithoutclass</a> | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false |
| providers.kubernetesingressnginx.watchnamespace | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | | | <a id="providers-kubernetesingressnginx-watchnamespace" href="#providers-kubernetesingressnginx-watchnamespace" title="#providers-kubernetesingressnginx-watchnamespace">providers.kubernetesingressnginx.watchnamespace</a> | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | |
| providers.kubernetesingressnginx.watchnamespaceselector | Selector selects namespaces the controller watches for updates to Kubernetes objects. | | | <a id="providers-kubernetesingressnginx-watchnamespaceselector" href="#providers-kubernetesingressnginx-watchnamespaceselector" title="#providers-kubernetesingressnginx-watchnamespaceselector">providers.kubernetesingressnginx.watchnamespaceselector</a> | Selector selects namespaces the controller watches for updates to Kubernetes objects. | |
| providers.nomad | Enable Nomad backend with default settings. | false | | <a id="providers-nomad" href="#providers-nomad" title="#providers-nomad">providers.nomad</a> | Enable Nomad backend with default settings. | false |
| providers.nomad.allowemptyservices | Allow the creation of services without endpoints. | false | | <a id="providers-nomad-allowemptyservices" href="#providers-nomad-allowemptyservices" title="#providers-nomad-allowemptyservices">providers.nomad.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
| providers.nomad.constraints | Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service. | | | <a id="providers-nomad-constraints" href="#providers-nomad-constraints" title="#providers-nomad-constraints">providers.nomad.constraints</a> | Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service. | |
| providers.nomad.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) | | <a id="providers-nomad-defaultrule" href="#providers-nomad-defaultrule" title="#providers-nomad-defaultrule">providers.nomad.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.nomad.endpoint.address | The address of the Nomad server, including scheme and port. | http://127.0.0.1:4646 | | <a id="providers-nomad-endpoint-address" href="#providers-nomad-endpoint-address" title="#providers-nomad-endpoint-address">providers.nomad.endpoint.address</a> | The address of the Nomad server, including scheme and port. | http://127.0.0.1:4646 |
| providers.nomad.endpoint.endpointwaittime | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 | | <a id="providers-nomad-endpoint-endpointwaittime" href="#providers-nomad-endpoint-endpointwaittime" title="#providers-nomad-endpoint-endpointwaittime">providers.nomad.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| providers.nomad.endpoint.region | Nomad region to use. If not provided, the local agent region is used. | | | <a id="providers-nomad-endpoint-region" href="#providers-nomad-endpoint-region" title="#providers-nomad-endpoint-region">providers.nomad.endpoint.region</a> | Nomad region to use. If not provided, the local agent region is used. | |
| providers.nomad.endpoint.tls.ca | TLS CA | | | <a id="providers-nomad-endpoint-tls-ca" href="#providers-nomad-endpoint-tls-ca" title="#providers-nomad-endpoint-tls-ca">providers.nomad.endpoint.tls.ca</a> | TLS CA | |
| providers.nomad.endpoint.tls.cert | TLS cert | | | <a id="providers-nomad-endpoint-tls-cert" href="#providers-nomad-endpoint-tls-cert" title="#providers-nomad-endpoint-tls-cert">providers.nomad.endpoint.tls.cert</a> | TLS cert | |
| providers.nomad.endpoint.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-nomad-endpoint-tls-insecureskipverify" href="#providers-nomad-endpoint-tls-insecureskipverify" title="#providers-nomad-endpoint-tls-insecureskipverify">providers.nomad.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.nomad.endpoint.tls.key | TLS key | | | <a id="providers-nomad-endpoint-tls-key" href="#providers-nomad-endpoint-tls-key" title="#providers-nomad-endpoint-tls-key">providers.nomad.endpoint.tls.key</a> | TLS key | |
| providers.nomad.endpoint.token | Token is used to provide a per-request ACL token. | | | <a id="providers-nomad-endpoint-token" href="#providers-nomad-endpoint-token" title="#providers-nomad-endpoint-token">providers.nomad.endpoint.token</a> | Token is used to provide a per-request ACL token. | |
| providers.nomad.exposedbydefault | Expose Nomad services by default. | true | | <a id="providers-nomad-exposedbydefault" href="#providers-nomad-exposedbydefault" title="#providers-nomad-exposedbydefault">providers.nomad.exposedbydefault</a> | Expose Nomad services by default. | true |
| providers.nomad.namespaces | Sets the Nomad namespaces used to discover services. | | | <a id="providers-nomad-namespaces" href="#providers-nomad-namespaces" title="#providers-nomad-namespaces">providers.nomad.namespaces</a> | Sets the Nomad namespaces used to discover services. | |
| providers.nomad.prefix | Prefix for nomad service tags. | traefik | | <a id="providers-nomad-prefix" href="#providers-nomad-prefix" title="#providers-nomad-prefix">providers.nomad.prefix</a> | Prefix for nomad service tags. | traefik |
| providers.nomad.refreshinterval | Interval for polling Nomad API. | 15 | | <a id="providers-nomad-refreshinterval" href="#providers-nomad-refreshinterval" title="#providers-nomad-refreshinterval">providers.nomad.refreshinterval</a> | Interval for polling Nomad API. | 15 |
| providers.nomad.stale | Use stale consistency for catalog reads. | false | | <a id="providers-nomad-stale" href="#providers-nomad-stale" title="#providers-nomad-stale">providers.nomad.stale</a> | Use stale consistency for catalog reads. | false |
| providers.nomad.throttleduration | Watch throttle duration. | 0 | | <a id="providers-nomad-throttleduration" href="#providers-nomad-throttleduration" title="#providers-nomad-throttleduration">providers.nomad.throttleduration</a> | Watch throttle duration. | 0 |
| providers.nomad.watch | Watch Nomad Service events. | false | | <a id="providers-nomad-watch" href="#providers-nomad-watch" title="#providers-nomad-watch">providers.nomad.watch</a> | Watch Nomad Service events. | false |
| providers.plugin._name_ | Plugins configuration. | | | <a id="providers-plugin-name" href="#providers-plugin-name" title="#providers-plugin-name">providers.plugin._name_</a> | Plugins configuration. | |
| providers.providersthrottleduration | Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. | 2 | | <a id="providers-providersthrottleduration" href="#providers-providersthrottleduration" title="#providers-providersthrottleduration">providers.providersthrottleduration</a> | Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. | 2 |
| providers.redis | Enable Redis backend with default settings. | false | | <a id="providers-redis" href="#providers-redis" title="#providers-redis">providers.redis</a> | Enable Redis backend with default settings. | false |
| providers.redis.db | Database to be selected after connecting to the server. | 0 | | <a id="providers-redis-db" href="#providers-redis-db" title="#providers-redis-db">providers.redis.db</a> | Database to be selected after connecting to the server. | 0 |
| providers.redis.endpoints | KV store endpoints. | 127.0.0.1:6379 | | <a id="providers-redis-endpoints" href="#providers-redis-endpoints" title="#providers-redis-endpoints">providers.redis.endpoints</a> | KV store endpoints. | 127.0.0.1:6379 |
| providers.redis.password | Password for authentication. | | | <a id="providers-redis-password" href="#providers-redis-password" title="#providers-redis-password">providers.redis.password</a> | Password for authentication. | |
| providers.redis.rootkey | Root key used for KV store. | traefik | | <a id="providers-redis-rootkey" href="#providers-redis-rootkey" title="#providers-redis-rootkey">providers.redis.rootkey</a> | Root key used for KV store. | traefik |
| providers.redis.sentinel.latencystrategy | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false | | <a id="providers-redis-sentinel-latencystrategy" href="#providers-redis-sentinel-latencystrategy" title="#providers-redis-sentinel-latencystrategy">providers.redis.sentinel.latencystrategy</a> | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false |
| providers.redis.sentinel.mastername | Name of the master. | | | <a id="providers-redis-sentinel-mastername" href="#providers-redis-sentinel-mastername" title="#providers-redis-sentinel-mastername">providers.redis.sentinel.mastername</a> | Name of the master. | |
| providers.redis.sentinel.password | Password for Sentinel authentication. | | | <a id="providers-redis-sentinel-password" href="#providers-redis-sentinel-password" title="#providers-redis-sentinel-password">providers.redis.sentinel.password</a> | Password for Sentinel authentication. | |
| providers.redis.sentinel.randomstrategy | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | | <a id="providers-redis-sentinel-randomstrategy" href="#providers-redis-sentinel-randomstrategy" title="#providers-redis-sentinel-randomstrategy">providers.redis.sentinel.randomstrategy</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false |
| providers.redis.sentinel.replicastrategy | Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). | false | | <a id="providers-redis-sentinel-replicastrategy" href="#providers-redis-sentinel-replicastrategy" title="#providers-redis-sentinel-replicastrategy">providers.redis.sentinel.replicastrategy</a> | Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). | false |
| providers.redis.sentinel.usedisconnectedreplicas | Use replicas disconnected with master when cannot get connected replicas. | false | | <a id="providers-redis-sentinel-usedisconnectedreplicas" href="#providers-redis-sentinel-usedisconnectedreplicas" title="#providers-redis-sentinel-usedisconnectedreplicas">providers.redis.sentinel.usedisconnectedreplicas</a> | Use replicas disconnected with master when cannot get connected replicas. | false |
| providers.redis.sentinel.username | Username for Sentinel authentication. | | | <a id="providers-redis-sentinel-username" href="#providers-redis-sentinel-username" title="#providers-redis-sentinel-username">providers.redis.sentinel.username</a> | Username for Sentinel authentication. | |
| providers.redis.tls.ca | TLS CA | | | <a id="providers-redis-tls-ca" href="#providers-redis-tls-ca" title="#providers-redis-tls-ca">providers.redis.tls.ca</a> | TLS CA | |
| providers.redis.tls.cert | TLS cert | | | <a id="providers-redis-tls-cert" href="#providers-redis-tls-cert" title="#providers-redis-tls-cert">providers.redis.tls.cert</a> | TLS cert | |
| providers.redis.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-redis-tls-insecureskipverify" href="#providers-redis-tls-insecureskipverify" title="#providers-redis-tls-insecureskipverify">providers.redis.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.redis.tls.key | TLS key | | | <a id="providers-redis-tls-key" href="#providers-redis-tls-key" title="#providers-redis-tls-key">providers.redis.tls.key</a> | TLS key | |
| providers.redis.username | Username for authentication. | | | <a id="providers-redis-username" href="#providers-redis-username" title="#providers-redis-username">providers.redis.username</a> | Username for authentication. | |
| providers.rest | Enable Rest backend with default settings. | false | | <a id="providers-rest" href="#providers-rest" title="#providers-rest">providers.rest</a> | Enable Rest backend with default settings. | false |
| providers.rest.insecure | Activate REST Provider directly on the entryPoint named traefik. | false | | <a id="providers-rest-insecure" href="#providers-rest-insecure" title="#providers-rest-insecure">providers.rest.insecure</a> | Activate REST Provider directly on the entryPoint named traefik. | false |
| providers.swarm | Enable Docker Swarm backend with default settings. | false | | <a id="providers-swarm" href="#providers-swarm" title="#providers-swarm">providers.swarm</a> | Enable Docker Swarm backend with default settings. | false |
| providers.swarm.allowemptyservices | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false | | <a id="providers-swarm-allowemptyservices" href="#providers-swarm-allowemptyservices" title="#providers-swarm-allowemptyservices">providers.swarm.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| providers.swarm.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | | | <a id="providers-swarm-constraints" href="#providers-swarm-constraints" title="#providers-swarm-constraints">providers.swarm.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| providers.swarm.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) | | <a id="providers-swarm-defaultrule" href="#providers-swarm-defaultrule" title="#providers-swarm-defaultrule">providers.swarm.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| providers.swarm.endpoint | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock | | <a id="providers-swarm-endpoint" href="#providers-swarm-endpoint" title="#providers-swarm-endpoint">providers.swarm.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| providers.swarm.exposedbydefault | Expose containers by default. | true | | <a id="providers-swarm-exposedbydefault" href="#providers-swarm-exposedbydefault" title="#providers-swarm-exposedbydefault">providers.swarm.exposedbydefault</a> | Expose containers by default. | true |
| providers.swarm.httpclienttimeout | Client timeout for HTTP connections. | 0 | | <a id="providers-swarm-httpclienttimeout" href="#providers-swarm-httpclienttimeout" title="#providers-swarm-httpclienttimeout">providers.swarm.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
| providers.swarm.network | Default Docker network used. | | | <a id="providers-swarm-network" href="#providers-swarm-network" title="#providers-swarm-network">providers.swarm.network</a> | Default Docker network used. | |
| providers.swarm.password | Password for Basic HTTP authentication. | | | <a id="providers-swarm-password" href="#providers-swarm-password" title="#providers-swarm-password">providers.swarm.password</a> | Password for Basic HTTP authentication. | |
| providers.swarm.refreshseconds | Polling interval for swarm mode. | 15 | | <a id="providers-swarm-refreshseconds" href="#providers-swarm-refreshseconds" title="#providers-swarm-refreshseconds">providers.swarm.refreshseconds</a> | Polling interval for swarm mode. | 15 |
| providers.swarm.tls.ca | TLS CA | | | <a id="providers-swarm-tls-ca" href="#providers-swarm-tls-ca" title="#providers-swarm-tls-ca">providers.swarm.tls.ca</a> | TLS CA | |
| providers.swarm.tls.cert | TLS cert | | | <a id="providers-swarm-tls-cert" href="#providers-swarm-tls-cert" title="#providers-swarm-tls-cert">providers.swarm.tls.cert</a> | TLS cert | |
| providers.swarm.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="providers-swarm-tls-insecureskipverify" href="#providers-swarm-tls-insecureskipverify" title="#providers-swarm-tls-insecureskipverify">providers.swarm.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| providers.swarm.tls.key | TLS key | | | <a id="providers-swarm-tls-key" href="#providers-swarm-tls-key" title="#providers-swarm-tls-key">providers.swarm.tls.key</a> | TLS key | |
| providers.swarm.usebindportip | Use the ip address from the bound port, rather than from the inner network. | false | | <a id="providers-swarm-usebindportip" href="#providers-swarm-usebindportip" title="#providers-swarm-usebindportip">providers.swarm.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
| providers.swarm.username | Username for Basic HTTP authentication. | | | <a id="providers-swarm-username" href="#providers-swarm-username" title="#providers-swarm-username">providers.swarm.username</a> | Username for Basic HTTP authentication. | |
| providers.swarm.watch | Watch Docker events. | true | | <a id="providers-swarm-watch" href="#providers-swarm-watch" title="#providers-swarm-watch">providers.swarm.watch</a> | Watch Docker events. | true |
| providers.zookeeper | Enable ZooKeeper backend with default settings. | false | | <a id="providers-zookeeper" href="#providers-zookeeper" title="#providers-zookeeper">providers.zookeeper</a> | Enable ZooKeeper backend with default settings. | false |
| providers.zookeeper.endpoints | KV store endpoints. | 127.0.0.1:2181 | | <a id="providers-zookeeper-endpoints" href="#providers-zookeeper-endpoints" title="#providers-zookeeper-endpoints">providers.zookeeper.endpoints</a> | KV store endpoints. | 127.0.0.1:2181 |
| providers.zookeeper.password | Password for authentication. | | | <a id="providers-zookeeper-password" href="#providers-zookeeper-password" title="#providers-zookeeper-password">providers.zookeeper.password</a> | Password for authentication. | |
| providers.zookeeper.rootkey | Root key used for KV store. | traefik | | <a id="providers-zookeeper-rootkey" href="#providers-zookeeper-rootkey" title="#providers-zookeeper-rootkey">providers.zookeeper.rootkey</a> | Root key used for KV store. | traefik |
| providers.zookeeper.username | Username for authentication. | | | <a id="providers-zookeeper-username" href="#providers-zookeeper-username" title="#providers-zookeeper-username">providers.zookeeper.username</a> | Username for authentication. | |
| serverstransport.forwardingtimeouts.dialtimeout | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 | | <a id="serverstransport-forwardingtimeouts-dialtimeout" href="#serverstransport-forwardingtimeouts-dialtimeout" title="#serverstransport-forwardingtimeouts-dialtimeout">serverstransport.forwardingtimeouts.dialtimeout</a> | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| serverstransport.forwardingtimeouts.idleconntimeout | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself | 90 | | <a id="serverstransport-forwardingtimeouts-idleconntimeout" href="#serverstransport-forwardingtimeouts-idleconntimeout" title="#serverstransport-forwardingtimeouts-idleconntimeout">serverstransport.forwardingtimeouts.idleconntimeout</a> | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself | 90 |
| serverstransport.forwardingtimeouts.responseheadertimeout | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. | 0 | | <a id="serverstransport-forwardingtimeouts-responseheadertimeout" href="#serverstransport-forwardingtimeouts-responseheadertimeout" title="#serverstransport-forwardingtimeouts-responseheadertimeout">serverstransport.forwardingtimeouts.responseheadertimeout</a> | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. | 0 |
| serverstransport.insecureskipverify | Disable SSL certificate verification. | false | | <a id="serverstransport-insecureskipverify" href="#serverstransport-insecureskipverify" title="#serverstransport-insecureskipverify">serverstransport.insecureskipverify</a> | Disable SSL certificate verification. | false |
| serverstransport.maxidleconnsperhost | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used | 200 | | <a id="serverstransport-maxidleconnsperhost" href="#serverstransport-maxidleconnsperhost" title="#serverstransport-maxidleconnsperhost">serverstransport.maxidleconnsperhost</a> | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used | 200 |
| serverstransport.rootcas | Add cert file for self-signed certificate. | | | <a id="serverstransport-rootcas" href="#serverstransport-rootcas" title="#serverstransport-rootcas">serverstransport.rootcas</a> | Add cert file for self-signed certificate. | |
| serverstransport.spiffe | Defines the SPIFFE configuration. | false | | <a id="serverstransport-spiffe" href="#serverstransport-spiffe" title="#serverstransport-spiffe">serverstransport.spiffe</a> | Defines the SPIFFE configuration. | false |
| serverstransport.spiffe.ids | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | | | <a id="serverstransport-spiffe-ids" href="#serverstransport-spiffe-ids" title="#serverstransport-spiffe-ids">serverstransport.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| serverstransport.spiffe.trustdomain | Defines the allowed SPIFFE trust domain. | | | <a id="serverstransport-spiffe-trustdomain" href="#serverstransport-spiffe-trustdomain" title="#serverstransport-spiffe-trustdomain">serverstransport.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
| spiffe.workloadapiaddr | Defines the workload API address. | | | <a id="spiffe-workloadapiaddr" href="#spiffe-workloadapiaddr" title="#spiffe-workloadapiaddr">spiffe.workloadapiaddr</a> | Defines the workload API address. | |
| tcpserverstransport.dialkeepalive | Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled | 15 | | <a id="tcpserverstransport-dialkeepalive" href="#tcpserverstransport-dialkeepalive" title="#tcpserverstransport-dialkeepalive">tcpserverstransport.dialkeepalive</a> | Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled | 15 |
| tcpserverstransport.dialtimeout | Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 | | <a id="tcpserverstransport-dialtimeout" href="#tcpserverstransport-dialtimeout" title="#tcpserverstransport-dialtimeout">tcpserverstransport.dialtimeout</a> | Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| tcpserverstransport.terminationdelay | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 0 | | <a id="tcpserverstransport-terminationdelay" href="#tcpserverstransport-terminationdelay" title="#tcpserverstransport-terminationdelay">tcpserverstransport.terminationdelay</a> | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 0 |
| tcpserverstransport.tls | Defines the TLS configuration. | false | | <a id="tcpserverstransport-tls" href="#tcpserverstransport-tls" title="#tcpserverstransport-tls">tcpserverstransport.tls</a> | Defines the TLS configuration. | false |
| tcpserverstransport.tls.insecureskipverify | Disables SSL certificate verification. | false | | <a id="tcpserverstransport-tls-insecureskipverify" href="#tcpserverstransport-tls-insecureskipverify" title="#tcpserverstransport-tls-insecureskipverify">tcpserverstransport.tls.insecureskipverify</a> | Disables SSL certificate verification. | false |
| tcpserverstransport.tls.rootcas | Defines a list of CA secret used to validate self-signed certificate | | | <a id="tcpserverstransport-tls-rootcas" href="#tcpserverstransport-tls-rootcas" title="#tcpserverstransport-tls-rootcas">tcpserverstransport.tls.rootcas</a> | Defines a list of CA secret used to validate self-signed certificate | |
| tcpserverstransport.tls.spiffe | Defines the SPIFFE TLS configuration. | false | | <a id="tcpserverstransport-tls-spiffe" href="#tcpserverstransport-tls-spiffe" title="#tcpserverstransport-tls-spiffe">tcpserverstransport.tls.spiffe</a> | Defines the SPIFFE TLS configuration. | false |
| tcpserverstransport.tls.spiffe.ids | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | | | <a id="tcpserverstransport-tls-spiffe-ids" href="#tcpserverstransport-tls-spiffe-ids" title="#tcpserverstransport-tls-spiffe-ids">tcpserverstransport.tls.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| tcpserverstransport.tls.spiffe.trustdomain | Defines the allowed SPIFFE trust domain. | | | <a id="tcpserverstransport-tls-spiffe-trustdomain" href="#tcpserverstransport-tls-spiffe-trustdomain" title="#tcpserverstransport-tls-spiffe-trustdomain">tcpserverstransport.tls.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
| tracing | Tracing configuration. | false | | <a id="tracing" href="#tracing" title="#tracing">tracing</a> | Tracing configuration. | false |
| tracing.addinternals | Enables tracing for internal services (ping, dashboard, etc...). | false | | <a id="tracing-addinternals" href="#tracing-addinternals" title="#tracing-addinternals">tracing.addinternals</a> | Enables tracing for internal services (ping, dashboard, etc...). | false |
| tracing.capturedrequestheaders | Request headers to add as attributes for server and client spans. | | | <a id="tracing-capturedrequestheaders" href="#tracing-capturedrequestheaders" title="#tracing-capturedrequestheaders">tracing.capturedrequestheaders</a> | Request headers to add as attributes for server and client spans. | |
| tracing.capturedresponseheaders | Response headers to add as attributes for server and client spans. | | | <a id="tracing-capturedresponseheaders" href="#tracing-capturedresponseheaders" title="#tracing-capturedresponseheaders">tracing.capturedresponseheaders</a> | Response headers to add as attributes for server and client spans. | |
| tracing.globalattributes._name_ | (Deprecated) Defines additional resource attributes (key:value). | | | <a id="tracing-globalattributes-name" href="#tracing-globalattributes-name" title="#tracing-globalattributes-name">tracing.globalattributes._name_</a> | (Deprecated) Defines additional resource attributes (key:value). | |
| tracing.otlp | Settings for OpenTelemetry. | false | | <a id="tracing-otlp" href="#tracing-otlp" title="#tracing-otlp">tracing.otlp</a> | Settings for OpenTelemetry. | false |
| tracing.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false | | <a id="tracing-otlp-grpc" href="#tracing-otlp-grpc" title="#tracing-otlp-grpc">tracing.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| tracing.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 | | <a id="tracing-otlp-grpc-endpoint" href="#tracing-otlp-grpc-endpoint" title="#tracing-otlp-grpc-endpoint">tracing.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| tracing.otlp.grpc.headers._name_ | Headers sent with payload. | | | <a id="tracing-otlp-grpc-headers-name" href="#tracing-otlp-grpc-headers-name" title="#tracing-otlp-grpc-headers-name">tracing.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| tracing.otlp.grpc.insecure | Disables client transport security for the exporter. | false | | <a id="tracing-otlp-grpc-insecure" href="#tracing-otlp-grpc-insecure" title="#tracing-otlp-grpc-insecure">tracing.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| tracing.otlp.grpc.tls.ca | TLS CA | | | <a id="tracing-otlp-grpc-tls-ca" href="#tracing-otlp-grpc-tls-ca" title="#tracing-otlp-grpc-tls-ca">tracing.otlp.grpc.tls.ca</a> | TLS CA | |
| tracing.otlp.grpc.tls.cert | TLS cert | | | <a id="tracing-otlp-grpc-tls-cert" href="#tracing-otlp-grpc-tls-cert" title="#tracing-otlp-grpc-tls-cert">tracing.otlp.grpc.tls.cert</a> | TLS cert | |
| tracing.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="tracing-otlp-grpc-tls-insecureskipverify" href="#tracing-otlp-grpc-tls-insecureskipverify" title="#tracing-otlp-grpc-tls-insecureskipverify">tracing.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| tracing.otlp.grpc.tls.key | TLS key | | | <a id="tracing-otlp-grpc-tls-key" href="#tracing-otlp-grpc-tls-key" title="#tracing-otlp-grpc-tls-key">tracing.otlp.grpc.tls.key</a> | TLS key | |
| tracing.otlp.http | HTTP configuration for the OpenTelemetry collector. | false | | <a id="tracing-otlp-http" href="#tracing-otlp-http" title="#tracing-otlp-http">tracing.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| tracing.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 | | <a id="tracing-otlp-http-endpoint" href="#tracing-otlp-http-endpoint" title="#tracing-otlp-http-endpoint">tracing.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| tracing.otlp.http.headers._name_ | Headers sent with payload. | | | <a id="tracing-otlp-http-headers-name" href="#tracing-otlp-http-headers-name" title="#tracing-otlp-http-headers-name">tracing.otlp.http.headers._name_</a> | Headers sent with payload. | |
| tracing.otlp.http.tls.ca | TLS CA | | | <a id="tracing-otlp-http-tls-ca" href="#tracing-otlp-http-tls-ca" title="#tracing-otlp-http-tls-ca">tracing.otlp.http.tls.ca</a> | TLS CA | |
| tracing.otlp.http.tls.cert | TLS cert | | | <a id="tracing-otlp-http-tls-cert" href="#tracing-otlp-http-tls-cert" title="#tracing-otlp-http-tls-cert">tracing.otlp.http.tls.cert</a> | TLS cert | |
| tracing.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false | | <a id="tracing-otlp-http-tls-insecureskipverify" href="#tracing-otlp-http-tls-insecureskipverify" title="#tracing-otlp-http-tls-insecureskipverify">tracing.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| tracing.otlp.http.tls.key | TLS key | | | <a id="tracing-otlp-http-tls-key" href="#tracing-otlp-http-tls-key" title="#tracing-otlp-http-tls-key">tracing.otlp.http.tls.key</a> | TLS key | |
| tracing.resourceattributes._name_ | Defines additional resource attributes (key:value). | | | <a id="tracing-resourceattributes-name" href="#tracing-resourceattributes-name" title="#tracing-resourceattributes-name">tracing.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| tracing.safequeryparams | Query params to not redact. | | | <a id="tracing-safequeryparams" href="#tracing-safequeryparams" title="#tracing-safequeryparams">tracing.safequeryparams</a> | Query params to not redact. | |
| tracing.samplerate | Sets the rate between 0.0 and 1.0 of requests to trace. | 1.000000 | | <a id="tracing-samplerate" href="#tracing-samplerate" title="#tracing-samplerate">tracing.samplerate</a> | Sets the rate between 0.0 and 1.0 of requests to trace. | 1.000000 |
| tracing.servicename | Defines the service name resource attribute. | traefik | | <a id="tracing-servicename" href="#tracing-servicename" title="#tracing-servicename">tracing.servicename</a> | Defines the service name resource attribute. | traefik |
docs/content/reference/install-configuration/entrypoints.md
+44 -44
View File
@@ -85,38 +85,38 @@ additionalArguments:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:----------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------|:---------| |:----------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------|:---------|
| `address` | Define the port, and optionally the hostname, on which to listen for incoming connections and packets.<br /> It also defines the protocol to use (TCP or UDP).<br /> If no protocol is specified, the default is TCP. The format is:`[host]:port[/tcp\|/udp] | - | Yes | | <a id="address" href="#address" title="#address">`address`</a> | Define the port, and optionally the hostname, on which to listen for incoming connections and packets.<br /> It also defines the protocol to use (TCP or UDP).<br /> If no protocol is specified, the default is TCP. The format is:`[host]:port[/tcp\|/udp] | - | Yes |
| `asDefault` | Mark the `entryPoint` to be in the list of default `entryPoints`.<br /> `entryPoints`in this list are used (by default) on HTTP and TCP routers that do not define their own `entryPoints` option.<br /> More information [here](#asdefault). | false | No | | <a id="asDefault" href="#asDefault" title="#asDefault">`asDefault`</a> | Mark the `entryPoint` to be in the list of default `entryPoints`.<br /> `entryPoints`in this list are used (by default) on HTTP and TCP routers that do not define their own `entryPoints` option.<br /> More information [here](#asdefault). | false | No |
| `forwardedHeaders.trustedIPs` | Set the IPs or CIDR from where Traefik trusts the forwarded headers information (`X-Forwarded-*`). | - | No | | <a id="forwardedHeaders-trustedIPs" href="#forwardedHeaders-trustedIPs" title="#forwardedHeaders-trustedIPs">`forwardedHeaders.trustedIPs`</a> | Set the IPs or CIDR from where Traefik trusts the forwarded headers information (`X-Forwarded-*`). | - | No |
| `forwardedHeaders.insecure` | Set the insecure mode to always trust the forwarded headers information (`X-Forwarded-*`).<br />We recommend to use this option only for tests purposes, not in production. | false | No | | <a id="forwardedHeaders-insecure" href="#forwardedHeaders-insecure" title="#forwardedHeaders-insecure">`forwardedHeaders.insecure`</a> | Set the insecure mode to always trust the forwarded headers information (`X-Forwarded-*`).<br />We recommend to use this option only for tests purposes, not in production. | false | No |
| `http.redirections.`<br />`entryPoint.to` | The target element to enable (permanent) redirecting of all incoming requests on an entry point to another one. <br /> The target element can be an entry point name (ex: `websecure`), or a port (`:443`). | - | Yes | | <a id="http-redirections-entryPoint-to" href="#http-redirections-entryPoint-to" title="#http-redirections-entryPoint-to">`http.redirections.`<br />`entryPoint.to`</a> | The target element to enable (permanent) redirecting of all incoming requests on an entry point to another one. <br /> The target element can be an entry point name (ex: `websecure`), or a port (`:443`). | - | Yes |
| `http.redirections.`<br />`entryPoint.scheme` | The target scheme to use for (permanent) redirection of all incoming requests. | https | No | | <a id="http-redirections-entryPoint-scheme" href="#http-redirections-entryPoint-scheme" title="#http-redirections-entryPoint-scheme">`http.redirections.`<br />`entryPoint.scheme`</a> | The target scheme to use for (permanent) redirection of all incoming requests. | https | No |
| `http.redirections.`<br />`entryPoint.permanent` | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`). | false | No | | <a id="http-redirections-entryPoint-permanent" href="#http-redirections-entryPoint-permanent" title="#http-redirections-entryPoint-permanent">`http.redirections.`<br />`entryPoint.permanent`</a> | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`). | false | No |
| `http.redirections.`<br />`entryPoint.priority` | Default priority applied to the routers attached to the `entryPoint`. | MaxInt32-1 (2147483646) | No | | <a id="http-redirections-entryPoint-priority" href="#http-redirections-entryPoint-priority" title="#http-redirections-entryPoint-priority">`http.redirections.`<br />`entryPoint.priority`</a> | Default priority applied to the routers attached to the `entryPoint`. | MaxInt32-1 (2147483646) | No |
| `http.encodeQuerySemicolons` | Enable query semicolons encoding. <br /> Use this option to avoid non-encoded semicolons to be interpreted as query parameter separators by Traefik. <br /> When using this option, the non-encoded semicolons characters in query will be transmitted encoded to the backend.<br /> More information [here](#encodequerysemicolons). | false | No | | <a id="http-encodeQuerySemicolons" href="#http-encodeQuerySemicolons" title="#http-encodeQuerySemicolons">`http.encodeQuerySemicolons`</a> | Enable query semicolons encoding. <br /> Use this option to avoid non-encoded semicolons to be interpreted as query parameter separators by Traefik. <br /> When using this option, the non-encoded semicolons characters in query will be transmitted encoded to the backend.<br /> More information [here](#encodequerysemicolons). | false | No |
| `http.sanitizePath` | Defines whether to enable the request path sanitization.<br /> More information [here](#sanitizepath). | false | No | | <a id="http-sanitizePath" href="#http-sanitizePath" title="#http-sanitizePath">`http.sanitizePath`</a> | Defines whether to enable the request path sanitization.<br /> More information [here](#sanitizepath). | false | No |
| `http.middlewares` | Set the list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. <br />More information [here](#httpmiddlewares). | - | No | | <a id="http-middlewares" href="#http-middlewares" title="#http-middlewares">`http.middlewares`</a> | Set the list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. <br />More information [here](#httpmiddlewares). | - | No |
| `http.tls` | Enable TLS on every router attached to the `entryPoint`. <br /> If no certificate are set, a default self-signed certificate is generates by Traefik. <br /> We recommend to not use self signed certificates in production. | - | No | | <a id="http-tls" href="#http-tls" title="#http-tls">`http.tls`</a> | Enable TLS on every router attached to the `entryPoint`. <br /> If no certificate are set, a default self-signed certificate is generates by Traefik. <br /> We recommend to not use self signed certificates in production. | - | No |
| `http.tls.options` | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption). | - | No | | <a id="http-tls-options" href="#http-tls-options" title="#http-tls-options">`http.tls.options`</a> | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption). | - | No |
| `http.tls.certResolver` | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md). | - | No | | <a id="http-tls-certResolver" href="#http-tls-certResolver" title="#http-tls-certResolver">`http.tls.certResolver`</a> | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md). | - | No |
| `http2.maxConcurrentStreams` | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero. | 250 | No | | <a id="http2-maxConcurrentStreams" href="#http2-maxConcurrentStreams" title="#http2-maxConcurrentStreams">`http2.maxConcurrentStreams`</a> | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero. | 250 | No |
| `http3` | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3). | - | No | | <a id="http3" href="#http3" title="#http3">`http3`</a> | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3). | - | No |
| `http3.advertisedPort` | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening. | - | No | | <a id="http3-advertisedPort" href="#http3-advertisedPort" title="#http3-advertisedPort">`http3.advertisedPort`</a> | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening. | - | No |
| `observability.accessLogs` | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No | | <a id="observability-accessLogs" href="#observability-accessLogs" title="#observability-accessLogs">`observability.accessLogs`</a> | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| `observability.metrics` | Defines whether a router attached to this EntryPoint produces metrics by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No | | <a id="observability-metrics" href="#observability-metrics" title="#observability-metrics">`observability.metrics`</a> | Defines whether a router attached to this EntryPoint produces metrics by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| `observability.tracing` | Defines whether a router attached to this EntryPoint produces traces by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No | | <a id="observability-tracing" href="#observability-tracing" title="#observability-tracing">`observability.tracing`</a> | Defines whether a router attached to this EntryPoint produces traces by default. Nonetheless, a router defining its own observability configuration will opt-out from this default. | true | No |
| `observability.traceVerbosity` | Defines the tracing verbosity level for routers attached to this EntryPoint. Possible values: `minimal` (default), `detailed`. Routers can override this value in their own observability configuration. <br /> More information [here](#traceverbosity). | minimal | No | | <a id="observability-traceVerbosity" href="#observability-traceVerbosity" title="#observability-traceVerbosity">`observability.traceVerbosity`</a> | Defines the tracing verbosity level for routers attached to this EntryPoint. Possible values: `minimal` (default), `detailed`. Routers can override this value in their own observability configuration. <br /> More information [here](#traceverbosity). | minimal | No |
| `proxyProtocol.trustedIPs` | Enable PROXY protocol with Trusted IPs. <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No | | <a id="proxyProtocol-trustedIPs" href="#proxyProtocol-trustedIPs" title="#proxyProtocol-trustedIPs">`proxyProtocol.trustedIPs`</a> | Enable PROXY protocol with Trusted IPs. <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No |
| `proxyProtocol.insecure` | Enable PROXY protocol trusting every incoming connection. <br /> Every remote client address will be replaced (`trustedIPs`) won't have any effect). <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br />We recommend to use this option only for tests purposes, not in production.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No | | <a id="proxyProtocol-insecure" href="#proxyProtocol-insecure" title="#proxyProtocol-insecure">`proxyProtocol.insecure`</a> | Enable PROXY protocol trusting every incoming connection. <br /> Every remote client address will be replaced (`trustedIPs`) won't have any effect). <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br />We recommend to use this option only for tests purposes, not in production.<br /> More information [here](#proxyprotocol-and-load-balancers). | - | No |
| `reusePort` | Enable `entryPoints` from the same or different processes listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option. <br /> It also allows the kernel to act like a load balancer to distribute incoming connections between entry points.<br /> More information [here](#reuseport). | false | No | | <a id="reusePort" href="#reusePort" title="#reusePort">`reusePort`</a> | Enable `entryPoints` from the same or different processes listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option. <br /> It also allows the kernel to act like a load balancer to distribute incoming connections between entry points.<br /> More information [here](#reuseport). | false | No |
| `transport.`<br />`respondingTimeouts.`<br />`readTimeout` | Set the timeouts for incoming requests to the Traefik instance. This is the maximum duration for reading the entire request, including the body. Setting them has no effect for UDP `entryPoints`.<br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 60s (seconds) | No | | <a id="transport-respondingTimeouts-readTimeout" href="#transport-respondingTimeouts-readTimeout" title="#transport-respondingTimeouts-readTimeout">`transport.`<br />`respondingTimeouts.`<br />`readTimeout`</a> | Set the timeouts for incoming requests to the Traefik instance. This is the maximum duration for reading the entire request, including the body. Setting them has no effect for UDP `entryPoints`.<br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 60s (seconds) | No |
| `transport.`<br />`respondingTimeouts.`<br />`writeTimeout` | Maximum duration before timing out writes of the response. <br /> It covers the time from the end of the request header read to the end of the response write. <br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 0s (seconds) | No | | <a id="transport-respondingTimeouts-writeTimeout" href="#transport-respondingTimeouts-writeTimeout" title="#transport-respondingTimeouts-writeTimeout">`transport.`<br />`respondingTimeouts.`<br />`writeTimeout`</a> | Maximum duration before timing out writes of the response. <br /> It covers the time from the end of the request header read to the end of the response write. <br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds. | 0s (seconds) | No |
| `transport.`<br />`respondingTimeouts.`<br />`idleTimeout` | Maximum duration an idle (keep-alive) connection will remain idle before closing itself. <br /> If zero, no timeout exists <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 180s (seconds) | No | | <a id="transport-respondingTimeouts-idleTimeout" href="#transport-respondingTimeouts-idleTimeout" title="#transport-respondingTimeouts-idleTimeout">`transport.`<br />`respondingTimeouts.`<br />`idleTimeout`</a> | Maximum duration an idle (keep-alive) connection will remain idle before closing itself. <br /> If zero, no timeout exists <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 180s (seconds) | No |
| `transport.`<br />`lifeCycle.`<br />`graceTimeOut` | Set the duration to give active requests a chance to finish before Traefik stops. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds <br /> In this time frame no new requests are accepted. | 10s (seconds) | No | | <a id="transport-lifeCycle-graceTimeOut" href="#transport-lifeCycle-graceTimeOut" title="#transport-lifeCycle-graceTimeOut">`transport.`<br />`lifeCycle.`<br />`graceTimeOut`</a> | Set the duration to give active requests a chance to finish before Traefik stops. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds <br /> In this time frame no new requests are accepted. | 10s (seconds) | No |
| `transport.`<br />`lifeCycle.`<br />`requestAcceptGraceTimeout` | Set the duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `transportlifeCycle.graceTimeOut` option). <br /> This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 0s (seconds) | No | | <a id="transport-lifeCycle-requestAcceptGraceTimeout" href="#transport-lifeCycle-requestAcceptGraceTimeout" title="#transport-lifeCycle-requestAcceptGraceTimeout">`transport.`<br />`lifeCycle.`<br />`requestAcceptGraceTimeout`</a> | Set the duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `transportlifeCycle.graceTimeOut` option). <br /> This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds | 0s (seconds) | No |
| `transport.`<br />`keepAliveMaxRequests` | Set the maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). <br /> Zero means no limit. | 0 | No | | <a id="transport-keepAliveMaxRequests" href="#transport-keepAliveMaxRequests" title="#transport-keepAliveMaxRequests">`transport.`<br />`keepAliveMaxRequests`</a> | Set the maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). <br /> Zero means no limit. | 0 | No |
| `transport.`<br />`keepAliveMaxTime` | Set the maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit. | 0s (seconds) | No | | <a id="transport-keepAliveMaxTime" href="#transport-keepAliveMaxTime" title="#transport-keepAliveMaxTime">`transport.`<br />`keepAliveMaxTime`</a> | Set the maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit. | 0s (seconds) | No |
| `udp.timeout` | Define how long to wait on an idle session before releasing the related resources. <br />The Timeout value must be greater than zero. | 3s (seconds) | No | | <a id="udp-timeout" href="#udp-timeout" title="#udp-timeout">`udp.timeout`</a> | Define how long to wait on an idle session before releasing the related resources. <br />The Timeout value must be greater than zero. | 3s (seconds) | No |
### asDefault ### asDefault
@@ -171,10 +171,10 @@ Behavior examples:
| EncodeQuerySemicolons | Request Query | Resulting Request Query | | EncodeQuerySemicolons | Request Query | Resulting Request Query |
|-----------------------|---------------------|-------------------------| |-----------------------|---------------------|-------------------------|
| false | foo=bar;baz=bar | foo=bar&baz=bar | | <a id="false" href="#false" title="#false">false</a> | foo=bar;baz=bar | foo=bar&baz=bar |
| true | foo=bar;baz=bar | foo=bar%3Bbaz=bar | | <a id="true" href="#true" title="#true">true</a> | foo=bar;baz=bar | foo=bar%3Bbaz=bar |
| false | foo=bar&baz=bar;foo | foo=bar&baz=bar&foo | | <a id="false-2" href="#false-2" title="#false-2">false</a> | foo=bar&baz=bar;foo | foo=bar&baz=bar&foo |
| true | foo=bar&baz=bar;foo | foo=bar&baz=bar%3Bfoo | | <a id="true-2" href="#true-2" title="#true-2">true</a> | foo=bar&baz=bar;foo | foo=bar&baz=bar%3Bfoo |
### SanitizePath ### SanitizePath
@@ -194,14 +194,14 @@ it can lead to unsafe routing when the `sanitizePath` option is set to `false`.
| SanitizePath | Request Path | Resulting Request Path | | SanitizePath | Request Path | Resulting Request Path |
|--------------|-----------------|------------------------| |--------------|-----------------|------------------------|
| false | /./foo/bar | /./foo/bar | | <a id="false-3" href="#false-3" title="#false-3">false</a> | /./foo/bar | /./foo/bar |
| true | /./foo/bar | /foo/bar | | <a id="true-3" href="#true-3" title="#true-3">true</a> | /./foo/bar | /foo/bar |
| false | /foo/../bar | /foo/../bar | | <a id="false-4" href="#false-4" title="#false-4">false</a> | /foo/../bar | /foo/../bar |
| true | /foo/../bar | /bar | | <a id="true-4" href="#true-4" title="#true-4">true</a> | /foo/../bar | /bar |
| false | /foo/bar// | /foo/bar// | | <a id="false-5" href="#false-5" title="#false-5">false</a> | /foo/bar// | /foo/bar// |
| true | /foo/bar// | /foo/bar/ | | <a id="true-5" href="#true-5" title="#true-5">true</a> | /foo/bar// | /foo/bar/ |
| false | /./foo/../bar// | /./foo/../bar// | | <a id="false-6" href="#false-6" title="#false-6">false</a> | /./foo/../bar// | /./foo/../bar// |
| true | /./foo/../bar// | /bar/ | | <a id="true-6" href="#true-6" title="#true-6">true</a> | /./foo/../bar// | /bar/ |
### HTTP3 ### HTTP3
docs/content/reference/install-configuration/observability/healthcheck.md
+4 -4
View File
@@ -36,7 +36,7 @@ whose default value is `traefik` (port `8080`).
| Path | Method | Description | | Path | Method | Description |
|---------|---------------|-----------------------------------------------------------------------------------------------------| |---------|---------------|-----------------------------------------------------------------------------------------------------|
| `/ping` | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` | | <a id="ping" href="#ping" title="#ping">`/ping`</a> | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
### Configuration Example ### Configuration Example
@@ -58,9 +58,9 @@ ping: {}
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `ping.entryPoint` | Enables `/ping` on a dedicated EntryPoint. | traefik | No | | <a id="ping-entryPoint" href="#ping-entryPoint" title="#ping-entryPoint">`ping.entryPoint`</a> | Enables `/ping` on a dedicated EntryPoint. | traefik | No |
| `ping.manualRouting` | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No | | <a id="ping-manualRouting" href="#ping-manualRouting" title="#ping-manualRouting">`ping.manualRouting`</a> | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No |
| `ping.terminatingStatusCode` | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No | | <a id="ping-terminatingStatusCode" href="#ping-terminatingStatusCode" title="#ping-terminatingStatusCode">`ping.terminatingStatusCode`</a> | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No |
#### `terminatingStatusCode` #### `terminatingStatusCode`
docs/content/reference/install-configuration/observability/healthcheck/ping.md
+3 -3
View File
@@ -37,9 +37,9 @@ You can define it using the same [configuration methods](../../boot-environment.
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `ping.entryPoint` | Enables `/ping` on a dedicated EntryPoint. | traefik | No | | <a id="ping-entryPoint" href="#ping-entryPoint" title="#ping-entryPoint">`ping.entryPoint`</a> | Enables `/ping` on a dedicated EntryPoint. | traefik | No |
| `ping.manualRouting` | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No | | <a id="ping-manualRouting" href="#ping-manualRouting" title="#ping-manualRouting">`ping.manualRouting`</a> | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No |
| `ping.terminatingStatusCode` | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No | | <a id="ping-terminatingStatusCode" href="#ping-terminatingStatusCode" title="#ping-terminatingStatusCode">`ping.terminatingStatusCode`</a> | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No |
### `terminatingStatusCode` ### `terminatingStatusCode`
docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
+105 -95
View File
@@ -35,14 +35,14 @@ The section below describe how to configure Traefik logs using the static config
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:----------------------------|:--------|:---------| |:-----------|:----------------------------|:--------|:---------|
| `log.filePath` | By default, the logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| - | No | | <a id="log-filePath" href="#log-filePath" title="#log-filePath">`log.filePath`</a> | By default, the logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| - | No |
| `log.format` | Log format (`common`or `json`).<br /> The fields displayed with the format `common` cannot be customized. | "common" | No | | <a id="log-format" href="#log-format" title="#log-format">`log.format`</a> | Log format (`common`or `json`).<br /> The fields displayed with the format `common` cannot be customized. | "common" | No |
| `log.level` | Log level (`TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`)| ERROR | No | | <a id="log-level" href="#log-level" title="#log-level">`log.level`</a> | Log level (`TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`)| ERROR | No |
| `log.noColor` | When using the format `common`, disables the colorized output. | false | No | | <a id="log-noColor" href="#log-noColor" title="#log-noColor">`log.noColor`</a> | When using the format `common`, disables the colorized output. | false | No |
| `log.maxSize` | Maximum size in megabytes of the log file before it gets rotated. | 100MB | No | | <a id="log-maxSize" href="#log-maxSize" title="#log-maxSize">`log.maxSize`</a> | Maximum size in megabytes of the log file before it gets rotated. | 100MB | No |
| `log.maxAge` | Maximum number of days to retain old log files based on the timestamp encoded in their filename.<br /> A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.<br />By default files are not removed based on their age. | 0 | No | | <a id="log-maxAge" href="#log-maxAge" title="#log-maxAge">`log.maxAge`</a> | Maximum number of days to retain old log files based on the timestamp encoded in their filename.<br /> A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.<br />By default files are not removed based on their age. | 0 | No |
| `log.maxBackups` | Maximum number of old log files to retain.<br />The default is to retain all old log files. | 0 | No | | <a id="log-maxBackups" href="#log-maxBackups" title="#log-maxBackups">`log.maxBackups`</a> | Maximum number of old log files to retain.<br />The default is to retain all old log files. | 0 | No |
| `log.compress` | Compress log files in gzip after rotation. | false | No | | <a id="log-compress" href="#log-compress" title="#log-compress">`log.compress`</a> | Compress log files in gzip after rotation. | false | No |
### OpenTelemetry ### OpenTelemetry
@@ -98,25 +98,25 @@ log:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:---------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------| |:---------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
| `log.otlp.serviceName` | Service name used in selected backend. | "traefik" | No | | <a id="log-otlp-serviceName" href="#log-otlp-serviceName" title="#log-otlp-serviceName">`log.otlp.serviceName`</a> | Service name used in selected backend. | "traefik" | No |
| `log.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No | | <a id="log-otlp-resourceAttributes" href="#log-otlp-resourceAttributes" title="#log-otlp-resourceAttributes">`log.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. | [] | No |
| `log.otlp.http` | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP. | | No | | <a id="log-otlp-http" href="#log-otlp-http" title="#log-otlp-http">`log.otlp.http`</a> | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP. | | No |
| `log.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No | | <a id="log-otlp-http-endpoint" href="#log-otlp-http-endpoint" title="#log-otlp-http-endpoint">`log.otlp.http.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| `log.otlp.http.headers` | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No | | <a id="log-otlp-http-headers" href="#log-otlp-http-headers" title="#log-otlp-http-headers">`log.otlp.http.headers`</a> | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `log.otlp.http.tls` | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No | | <a id="log-otlp-http-tls" href="#log-otlp-http-tls" title="#log-otlp-http-tls">`log.otlp.http.tls`</a> | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No | | <a id="log-otlp-http-tls-ca" href="#log-otlp-http-tls-ca" title="#log-otlp-http-tls-ca">`log.otlp.http.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `log.otlp.http.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No | | <a id="log-otlp-http-tls-cert" href="#log-otlp-http-tls-cert" title="#log-otlp-http-tls-cert">`log.otlp.http.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No | | <a id="log-otlp-http-tls-key" href="#log-otlp-http-tls-key" title="#log-otlp-http-tls-key">`log.otlp.http.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| `log.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No | | <a id="log-otlp-http-tls-insecureSkipVerify" href="#log-otlp-http-tls-insecureSkipVerify" title="#log-otlp-http-tls-insecureSkipVerify">`log.otlp.http.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| `log.otlp.grpc` | This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC. | | No | | <a id="log-otlp-grpc" href="#log-otlp-grpc" title="#log-otlp-grpc">`log.otlp.grpc`</a> | This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC. | | No |
| `log.otlp.grpc.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No | | <a id="log-otlp-grpc-endpoint" href="#log-otlp-grpc-endpoint" title="#log-otlp-grpc-endpoint">`log.otlp.grpc.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| `log.otlp.grpc.headers` | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No | | <a id="log-otlp-grpc-headers" href="#log-otlp-grpc-headers" title="#log-otlp-grpc-headers">`log.otlp.grpc.headers`</a> | Additional headers sent with logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `log.otlp.grpc.insecure` | Instructs the exporter to send logs to the OpenTelemetry Collector using an insecure protocol. | false | No | | <a id="log-otlp-grpc-insecure" href="#log-otlp-grpc-insecure" title="#log-otlp-grpc-insecure">`log.otlp.grpc.insecure`</a> | Instructs the exporter to send logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| `log.otlp.grpc.tls` | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No | | <a id="log-otlp-grpc-tls" href="#log-otlp-grpc-tls" title="#log-otlp-grpc-tls">`log.otlp.grpc.tls`</a> | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No | | <a id="log-otlp-grpc-tls-ca" href="#log-otlp-grpc-tls-ca" title="#log-otlp-grpc-tls-ca">`log.otlp.grpc.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `log.otlp.grpc.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No | | <a id="log-otlp-grpc-tls-cert" href="#log-otlp-grpc-tls-cert" title="#log-otlp-grpc-tls-cert">`log.otlp.grpc.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No | | <a id="log-otlp-grpc-tls-key" href="#log-otlp-grpc-tls-key" title="#log-otlp-grpc-tls-key">`log.otlp.grpc.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| `log.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No | | <a id="log-otlp-grpc-tls-insecureSkipVerify" href="#log-otlp-grpc-tls-insecureSkipVerify" title="#log-otlp-grpc-tls-insecureSkipVerify">`log.otlp.grpc.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
## AccessLogs ## AccessLogs
@@ -187,24 +187,23 @@ accessLog:
--accesslog.fields.headers.names.Authorization=drop --accesslog.fields.headers.names.Authorization=drop
``` ```
### Configuration Options ### Configuration Options
The section below describes how to configure Traefik access logs using the static configuration. The section below describes how to configure Traefik access logs using the static configuration.
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:--------------------------|:--------|:---------| |:-----------|:--------------------------|:--------|:---------|
| `accesslog.filePath` | By default, the access logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| | No | | <a id="accesslog-filePath" href="#accesslog-filePath" title="#accesslog-filePath">`accesslog.filePath`</a> | By default, the access logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| | No |
| `accesslog.format` | By default, logs are written using the Traefik Common Log Format (CLF).<br />Available formats: `common` (Traefik's extended CLF), `genericCLF` (standard CLF compatible with analyzers), or `json`.<br />If the given format is unsupported, the default (`common`) is used instead.<br />More information about CLF fields [here](#clf-format-fields). | "common" | No | | <a id="accesslog-format" href="#accesslog-format" title="#accesslog-format">`accesslog.format`</a> | By default, logs are written using the Traefik Common Log Format (CLF).<br />Available formats: [`common`](#traefik-clf-format-fields) (Traefik extended CLF), [`genericCLF`](#generic-clf-format-fields) (standard CLF compatible with analyzers), or [`json`](#json-format-fields).<br />If the given format is unsupported, the default (`common`) is used instead. | "common" | No |
| `accesslog.bufferingSize` | To write the logs in an asynchronous fashion, specify a `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No | | <a id="accesslog-bufferingSize" href="#accesslog-bufferingSize" title="#accesslog-bufferingSize">`accesslog.bufferingSize`</a> | To write the logs in an asynchronous fashion, specify a `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No |
| `accesslog.addInternals` | Enables access logs for internal resources (e.g.: `ping@internal`). | false | No | | <a id="accesslog-addInternals" href="#accesslog-addInternals" title="#accesslog-addInternals">`accesslog.addInternals`</a> | Enables access logs for internal resources (e.g.: `ping@internal`). | false | No |
| `accesslog.filters.statusCodes` | Limit the access logs to requests with a status codes in the specified range. | [ ] | No | | <a id="accesslog-filters-statusCodes" href="#accesslog-filters-statusCodes" title="#accesslog-filters-statusCodes">`accesslog.filters.statusCodes`</a> | Limit the access logs to requests with a status codes in the specified range. | [ ] | No |
| `accesslog.filters.retryAttempts` | Keep the access logs when at least one retry has happened. | false | No | | <a id="accesslog-filters-retryAttempts" href="#accesslog-filters-retryAttempts" title="#accesslog-filters-retryAttempts">`accesslog.filters.retryAttempts`</a> | Keep the access logs when at least one retry has happened. | false | No |
| `accesslog.filters.minDuration` | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)). | 0 | No | | <a id="accesslog-filters-minDuration" href="#accesslog-filters-minDuration" title="#accesslog-filters-minDuration">`accesslog.filters.minDuration`</a> | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)). | 0 | No |
| `accesslog.fields.defaultMode` | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No | | <a id="accesslog-fields-defaultMode" href="#accesslog-fields-defaultMode" title="#accesslog-fields-defaultMode">`accesslog.fields.defaultMode`</a> | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No |
| `accesslog.fields.names` | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#available-fields). | [ ] | No | | <a id="accesslog-fields-names" href="#accesslog-fields-names" title="#accesslog-fields-names">`accesslog.fields.names`</a> | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#available-fields). | [ ] | No |
| `accesslog.fields.headers.defaultMode` | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No | | <a id="accesslog-fields-headers-defaultMode" href="#accesslog-fields-headers-defaultMode" title="#accesslog-fields-headers-defaultMode">`accesslog.fields.headers.defaultMode`</a> | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No |
| `accesslog.fields.headers.names` | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No | | <a id="accesslog-fields-headers-names" href="#accesslog-fields-headers-names" title="#accesslog-fields-headers-names">`accesslog.fields.headers.names`</a> | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No |
### OpenTelemetry ### OpenTelemetry
@@ -260,29 +259,30 @@ accesslog:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:---------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------| |:---------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
| `accesslog.otlp.serviceName` | Defines the service name resource attribute. | "traefik" | No | | <a id="accesslog-otlp-serviceName" href="#accesslog-otlp-serviceName" title="#accesslog-otlp-serviceName">`accesslog.otlp.serviceName`</a> | Defines the service name resource attribute. | "traefik" | No |
| `accesslog.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No | | <a id="accesslog-otlp-resourceAttributes" href="#accesslog-otlp-resourceAttributes" title="#accesslog-otlp-resourceAttributes">`accesslog.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. | [] | No |
| `accesslog.otlp.http` | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP. | | No | | <a id="accesslog-otlp-http" href="#accesslog-otlp-http" title="#accesslog-otlp-http">`accesslog.otlp.http`</a> | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP. | | No |
| `accesslog.otlp.http.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No | | <a id="accesslog-otlp-http-endpoint" href="#accesslog-otlp-http-endpoint" title="#accesslog-otlp-http-endpoint">`accesslog.otlp.http.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`) | `https://localhost:4318/v1/logs` | No |
| `accesslog.otlp.http.headers` | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No | | <a id="accesslog-otlp-http-headers" href="#accesslog-otlp-http-headers" title="#accesslog-otlp-http-headers">`accesslog.otlp.http.headers`</a> | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `accesslog.otlp.http.tls` | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No | | <a id="accesslog-otlp-http-tls" href="#accesslog-otlp-http-tls" title="#accesslog-otlp-http-tls">`accesslog.otlp.http.tls`</a> | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No | | <a id="accesslog-otlp-http-tls-ca" href="#accesslog-otlp-http-tls-ca" title="#accesslog-otlp-http-tls-ca">`accesslog.otlp.http.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `accesslog.otlp.http.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No | | <a id="accesslog-otlp-http-tls-cert" href="#accesslog-otlp-http-tls-cert" title="#accesslog-otlp-http-tls-cert">`accesslog.otlp.http.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No | | <a id="accesslog-otlp-http-tls-key" href="#accesslog-otlp-http-tls-key" title="#accesslog-otlp-http-tls-key">`accesslog.otlp.http.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No | | <a id="accesslog-otlp-http-tls-insecureSkipVerify" href="#accesslog-otlp-http-tls-insecureSkipVerify" title="#accesslog-otlp-http-tls-insecureSkipVerify">`accesslog.otlp.http.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
| `accesslog.otlp.grpc` | This instructs the exporter to send access logs to the OpenTelemetry Collector using gRPC. | | No | | <a id="accesslog-otlp-grpc" href="#accesslog-otlp-grpc" title="#accesslog-otlp-grpc">`accesslog.otlp.grpc`</a> | This instructs the exporter to send access logs to the OpenTelemetry Collector using gRPC. | | No |
| `accesslog.otlp.grpc.endpoint` | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No | | <a id="accesslog-otlp-grpc-endpoint" href="#accesslog-otlp-grpc-endpoint" title="#accesslog-otlp-grpc-endpoint">`accesslog.otlp.grpc.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`) | `localhost:4317` | No |
| `accesslog.otlp.grpc.headers` | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No | | <a id="accesslog-otlp-grpc-headers" href="#accesslog-otlp-grpc-headers" title="#accesslog-otlp-grpc-headers">`accesslog.otlp.grpc.headers`</a> | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector. | [ ] | No |
| `accesslog.otlp.grpc.insecure` | Instructs the exporter to send access logs to the OpenTelemetry Collector using an insecure protocol. | false | No | | <a id="accesslog-otlp-grpc-insecure" href="#accesslog-otlp-grpc-insecure" title="#accesslog-otlp-grpc-insecure">`accesslog.otlp.grpc.insecure`</a> | Instructs the exporter to send access logs to the OpenTelemetry Collector using an insecure protocol. | false | No |
| `accesslog.otlp.grpc.tls` | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No | | <a id="accesslog-otlp-grpc-tls" href="#accesslog-otlp-grpc-tls" title="#accesslog-otlp-grpc-tls">`accesslog.otlp.grpc.tls`</a> | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.ca` | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No | | <a id="accesslog-otlp-grpc-tls-ca" href="#accesslog-otlp-grpc-tls-ca" title="#accesslog-otlp-grpc-tls-ca">`accesslog.otlp.grpc.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | | No |
| `accesslog.otlp.grpc.tls.cert` | The path to the certificate to use for the OpenTelemetry Collector. | | No | | <a id="accesslog-otlp-grpc-tls-cert" href="#accesslog-otlp-grpc-tls-cert" title="#accesslog-otlp-grpc-tls-cert">`accesslog.otlp.grpc.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.key` | The path to the key to use for the OpenTelemetry Collector. | | No | | <a id="accesslog-otlp-grpc-tls-key" href="#accesslog-otlp-grpc-tls-key" title="#accesslog-otlp-grpc-tls-key">`accesslog.otlp.grpc.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector. | | No |
| `accesslog.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No | | <a id="accesslog-otlp-grpc-tls-insecureSkipVerify" href="#accesslog-otlp-grpc-tls-insecureSkipVerify" title="#accesslog-otlp-grpc-tls-insecureSkipVerify">`accesslog.otlp.grpc.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false | No |
### CLF format fields ### Traefik CLF format fields
Below the fields displayed with the CLF format: It's the default format provided by Traefik.
Below the fields displayed with the Traefik CLF format:
```html ```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] <remote_IP_address> - <client_user_name_if_available> [<timestamp>]
@@ -291,44 +291,54 @@ Below the fields displayed with the CLF format:
"<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
``` ```
### Available Fields ### Generic CLF format fields
Below the fields displayed with the generic CLF format:
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>]
"<request_method> <request_path> <request_protocol>" <HTTP_status> <content-length>
"<request_referrer>" "<request_user_agent>"
```
### JSON format fields
| Field | Description | | Field | Description |
|-------------------------|------------------| |-------------------------|------------------|
| `StartUTC` | The time at which request processing started. | | <a id="StartUTC" href="#StartUTC" title="#StartUTC">`StartUTC`</a> | The time at which request processing started. |
| `StartLocal` | The local time at which request processing started. | | <a id="StartLocal" href="#StartLocal" title="#StartLocal">`StartLocal`</a> | The local time at which request processing started. |
| `Duration` | The total time taken (in nanoseconds) by processing the response, including the origin server's time but not the log writing time. | | <a id="Duration" href="#Duration" title="#Duration">`Duration`</a> | The total time taken (in nanoseconds) by processing the response, including the origin server's time but not the log writing time. |
| `RouterName` | The name of the Traefik router. | | <a id="RouterName" href="#RouterName" title="#RouterName">`RouterName`</a> | The name of the Traefik router. |
| `ServiceName` | The name of the Traefik backend. | | <a id="ServiceName" href="#ServiceName" title="#ServiceName">`ServiceName`</a> | The name of the Traefik backend. |
| `ServiceURL` | The URL of the Traefik backend. | | <a id="ServiceURL" href="#ServiceURL" title="#ServiceURL">`ServiceURL`</a> | The URL of the Traefik backend. |
| `ServiceAddr` | The IP:port of the Traefik backend (extracted from `ServiceURL`). | | <a id="ServiceAddr" href="#ServiceAddr" title="#ServiceAddr">`ServiceAddr`</a> | The IP:port of the Traefik backend (extracted from `ServiceURL`). |
| `ClientAddr` | The remote address in its original form (usually IP:port). | | <a id="ClientAddr" href="#ClientAddr" title="#ClientAddr">`ClientAddr`</a> | The remote address in its original form (usually IP:port). |
| `ClientHost` | The remote IP address from which the client request was received. | | <a id="ClientHost" href="#ClientHost" title="#ClientHost">`ClientHost`</a> | The remote IP address from which the client request was received. |
| `ClientPort` | The remote TCP port from which the client request was received. | | <a id="ClientPort" href="#ClientPort" title="#ClientPort">`ClientPort`</a> | The remote TCP port from which the client request was received. |
| `ClientUsername` | The username provided in the URL, if present. | | <a id="ClientUsername" href="#ClientUsername" title="#ClientUsername">`ClientUsername`</a> | The username provided in the URL, if present. |
| `RequestAddr` | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API. | | <a id="RequestAddr" href="#RequestAddr" title="#RequestAddr">`RequestAddr`</a> | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API. |
| `RequestHost` | The HTTP Host server name (not including port). | | <a id="RequestHost" href="#RequestHost" title="#RequestHost">`RequestHost`</a> | The HTTP Host server name (not including port). |
| `RequestPort` | The TCP port from the HTTP Host. | | <a id="RequestPort" href="#RequestPort" title="#RequestPort">`RequestPort`</a> | The TCP port from the HTTP Host. |
| `RequestMethod` | The HTTP method. | | <a id="RequestMethod" href="#RequestMethod" title="#RequestMethod">`RequestMethod`</a> | The HTTP method. |
| `RequestPath` | The HTTP request URI, not including the scheme, host or port. | | <a id="RequestPath" href="#RequestPath" title="#RequestPath">`RequestPath`</a> | The HTTP request URI, not including the scheme, host or port. |
| `RequestProtocol` | The version of HTTP requested. | | <a id="RequestProtocol" href="#RequestProtocol" title="#RequestProtocol">`RequestProtocol`</a> | The version of HTTP requested. |
| `RequestScheme` | The HTTP scheme requested `http` or `https`. | | <a id="RequestScheme" href="#RequestScheme" title="#RequestScheme">`RequestScheme`</a> | The HTTP scheme requested `http` or `https`. |
| `RequestLine` | The `RequestMethod`, + `RequestPath` and `RequestProtocol`. | | <a id="RequestLine" href="#RequestLine" title="#RequestLine">`RequestLine`</a> | The `RequestMethod`, + `RequestPath` and `RequestProtocol`. |
| `RequestContentSize` | The number of bytes in the request entity (a.k.a. body) sent by the client. | | <a id="RequestContentSize" href="#RequestContentSize" title="#RequestContentSize">`RequestContentSize`</a> | The number of bytes in the request entity (a.k.a. body) sent by the client. |
| `OriginDuration` | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. | | <a id="OriginDuration" href="#OriginDuration" title="#OriginDuration">`OriginDuration`</a> | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. |
| `OriginContentSize` | The content length specified by the origin server, or 0 if unspecified. | | <a id="OriginContentSize" href="#OriginContentSize" title="#OriginContentSize">`OriginContentSize`</a> | The content length specified by the origin server, or 0 if unspecified. |
| `OriginStatus` | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). | | <a id="OriginStatus" href="#OriginStatus" title="#OriginStatus">`OriginStatus`</a> | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). |
| `OriginStatusLine` | `OriginStatus` + Status code explanation | | <a id="OriginStatusLine" href="#OriginStatusLine" title="#OriginStatusLine">`OriginStatusLine`</a> | `OriginStatus` + Status code explanation |
| `DownstreamStatus` | The HTTP status code returned to the client. | | <a id="DownstreamStatus" href="#DownstreamStatus" title="#DownstreamStatus">`DownstreamStatus`</a> | The HTTP status code returned to the client. |
| `DownstreamStatusLine` | The `DownstreamStatus` and status code explanation. | | <a id="DownstreamStatusLine" href="#DownstreamStatusLine" title="#DownstreamStatusLine">`DownstreamStatusLine`</a> | The `DownstreamStatus` and status code explanation. |
| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. | | <a id="DownstreamContentSize" href="#DownstreamContentSize" title="#DownstreamContentSize">`DownstreamContentSize`</a> | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
| `RequestCount` | The number of requests received since the Traefik instance started. | | <a id="RequestCount" href="#RequestCount" title="#RequestCount">`RequestCount`</a> | The number of requests received since the Traefik instance started. |
| `GzipRatio` | The response body compression ratio achieved. | | <a id="GzipRatio" href="#GzipRatio" title="#GzipRatio">`GzipRatio`</a> | The response body compression ratio achieved. |
| `Overhead` | The processing time overhead (in nanoseconds) caused by Traefik. | | <a id="Overhead" href="#Overhead" title="#Overhead">`Overhead`</a> | The processing time overhead (in nanoseconds) caused by Traefik. |
| `RetryAttempts` | The amount of attempts the request was retried. | | <a id="RetryAttempts" href="#RetryAttempts" title="#RetryAttempts">`RetryAttempts`</a> | The amount of attempts the request was retried. |
| `TLSVersion` | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS). | | <a id="TLSVersion" href="#TLSVersion" title="#TLSVersion">`TLSVersion`</a> | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS). |
| `TLSCipher` | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS). | | <a id="TLSCipher" href="#TLSCipher" title="#TLSCipher">`TLSCipher`</a> | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS). |
| `TLSClientSubject` | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`). | | <a id="TLSClientSubject" href="#TLSClientSubject" title="#TLSClientSubject">`TLSClientSubject`</a> | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`). |
### Log Rotation ### Log Rotation
docs/content/reference/install-configuration/observability/metrics.md
+194 -194
View File
@@ -62,29 +62,29 @@ metrics:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------|:---------| |:-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------|:---------|
| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No | | <a id="metrics-addInternals" href="#metrics-addInternals" title="#metrics-addInternals">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| `metrics.otlp.serviceName` | Defines the service name resource attribute. | "traefik" | No | | <a id="metrics-otlp-serviceName" href="#metrics-otlp-serviceName" title="#metrics-otlp-serviceName">`metrics.otlp.serviceName`</a> | Defines the service name resource attribute. | "traefik" | No |
| `metrics.otlp.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No | | <a id="metrics-otlp-resourceAttributes" href="#metrics-otlp-resourceAttributes" title="#metrics-otlp-resourceAttributes">`metrics.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. | [] | No |
| `metrics.otlp.addEntryPointsLabels` | Enable metrics on entry points. | true | No | | <a id="metrics-otlp-addEntryPointsLabels" href="#metrics-otlp-addEntryPointsLabels" title="#metrics-otlp-addEntryPointsLabels">`metrics.otlp.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| `metrics.otlp.addRoutersLabels` | Enable metrics on routers. | false | No | | <a id="metrics-otlp-addRoutersLabels" href="#metrics-otlp-addRoutersLabels" title="#metrics-otlp-addRoutersLabels">`metrics.otlp.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| `metrics.otlp.addServicesLabels` | Enable metrics on services. | true | No | | <a id="metrics-otlp-addServicesLabels" href="#metrics-otlp-addServicesLabels" title="#metrics-otlp-addServicesLabels">`metrics.otlp.addServicesLabels`</a> | Enable metrics on services. | true | No |
| `metrics.otlp.explicitBoundaries` | Explicit boundaries for Histogram data points. | ".005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10" | No | | <a id="metrics-otlp-explicitBoundaries" href="#metrics-otlp-explicitBoundaries" title="#metrics-otlp-explicitBoundaries">`metrics.otlp.explicitBoundaries`</a> | Explicit boundaries for Histogram data points. | ".005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10" | No |
| `metrics.otlp.pushInterval` | Interval at which metrics are sent to the OpenTelemetry Collector. | 10s | No | | <a id="metrics-otlp-pushInterval" href="#metrics-otlp-pushInterval" title="#metrics-otlp-pushInterval">`metrics.otlp.pushInterval`</a> | Interval at which metrics are sent to the OpenTelemetry Collector. | 10s | No |
| `metrics.otlp.http` | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No | | <a id="metrics-otlp-http" href="#metrics-otlp-http" title="#metrics-otlp-http">`metrics.otlp.http`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `metrics.otlp.http.endpoint` | URL of the OpenTelemetry Collector to send metrics to.<br /> Format="`<scheme>://<host>:<port><path>`" | "http://localhost:4318/v1/metrics" | Yes | | <a id="metrics-otlp-http-endpoint" href="#metrics-otlp-http-endpoint" title="#metrics-otlp-http-endpoint">`metrics.otlp.http.endpoint`</a> | URL of the OpenTelemetry Collector to send metrics to.<br /> Format="`<scheme>://<host>:<port><path>`" | "http://localhost:4318/v1/metrics" | Yes |
| `metrics.otlp.http.headers` | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No | | <a id="metrics-otlp-http-headers" href="#metrics-otlp-http-headers" title="#metrics-otlp-http-headers">`metrics.otlp.http.headers`</a> | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No |
| `metrics.otlp.http.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | "" | No | | <a id="metrics-otlp-http-tls-ca" href="#metrics-otlp-http-tls-ca" title="#metrics-otlp-http-tls-ca">`metrics.otlp.http.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | "" | No |
| `metrics.otlp.http.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | "" | No | | <a id="metrics-otlp-http-tls-cert" href="#metrics-otlp-http-tls-cert" title="#metrics-otlp-http-tls-cert">`metrics.otlp.http.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | "" | No |
| `metrics.otlp.http.tls.key` | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No | | <a id="metrics-otlp-http-tls-key" href="#metrics-otlp-http-tls-key" title="#metrics-otlp-http-tls-key">`metrics.otlp.http.tls.key`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `metrics.otlp.http.tls.insecureskipverify` | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes | | <a id="metrics-otlp-http-tls-insecureskipverify" href="#metrics-otlp-http-tls-insecureskipverify" title="#metrics-otlp-http-tls-insecureskipverify">`metrics.otlp.http.tls.insecureskipverify`</a> | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| `metrics.otlp.grpc` | This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC. | null/false | No | | <a id="metrics-otlp-grpc" href="#metrics-otlp-grpc" title="#metrics-otlp-grpc">`metrics.otlp.grpc`</a> | This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC. | null/false | No |
| `metrics.otlp.grpc.endpoint` | Address of the OpenTelemetry Collector to send metrics to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes | | <a id="metrics-otlp-grpc-endpoint" href="#metrics-otlp-grpc-endpoint" title="#metrics-otlp-grpc-endpoint">`metrics.otlp.grpc.endpoint`</a> | Address of the OpenTelemetry Collector to send metrics to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes |
| `metrics.otlp.grpc.headers` | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No | | <a id="metrics-otlp-grpc-headers" href="#metrics-otlp-grpc-headers" title="#metrics-otlp-grpc-headers">`metrics.otlp.grpc.headers`</a> | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector. | - | No |
| `metrics.otlp.http.grpc.insecure` | Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol. | false | Yes | | <a id="metrics-otlp-http-grpc-insecure" href="#metrics-otlp-http-grpc-insecure" title="#metrics-otlp-http-grpc-insecure">`metrics.otlp.http.grpc.insecure`</a> | Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
| `metrics.otlp.grpc.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | - | No | | <a id="metrics-otlp-grpc-tls-ca" href="#metrics-otlp-grpc-tls-ca" title="#metrics-otlp-grpc-tls-ca">`metrics.otlp.grpc.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle. | - | No |
| `metrics.otlp.grpc.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | - | No | | <a id="metrics-otlp-grpc-tls-cert" href="#metrics-otlp-grpc-tls-cert" title="#metrics-otlp-grpc-tls-cert">`metrics.otlp.grpc.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | - | No |
| `metrics.otlp.grpc.tls.key` | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No | | <a id="metrics-otlp-grpc-tls-key" href="#metrics-otlp-grpc-tls-key" title="#metrics-otlp-grpc-tls-key">`metrics.otlp.grpc.tls.key`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `metrics.otlp.grpc.tls.insecureskipverify` | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes | | <a id="metrics-otlp-grpc-tls-insecureskipverify" href="#metrics-otlp-grpc-tls-insecureskipverify" title="#metrics-otlp-grpc-tls-insecureskipverify">`metrics.otlp.grpc.tls.insecureskipverify`</a> | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
## Vendors ## Vendors
@@ -112,13 +112,13 @@ metrics:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:-------------------------------|:---------------------|:---------| |:------|:-------------------------------|:---------------------|:---------|
| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No | | <a id="metrics-addInternals-2" href="#metrics-addInternals-2" title="#metrics-addInternals-2">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| `datadog.address` | Defines the address for the exporter to send metrics to datadog-agent. More information [here](#address)| `127.0.0.1:8125` | Yes | | <a id="datadog-address" href="#datadog-address" title="#datadog-address">`datadog.address`</a> | Defines the address for the exporter to send metrics to datadog-agent. More information [here](#address)| `127.0.0.1:8125` | Yes |
| `datadog.addEntryPointsLabels` | Enable metrics on entry points. | true | No | | <a id="datadog-addEntryPointsLabels" href="#datadog-addEntryPointsLabels" title="#datadog-addEntryPointsLabels">`datadog.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| `datadog.addRoutersLabels` | Enable metrics on routers. | false | No | | <a id="datadog-addRoutersLabels" href="#datadog-addRoutersLabels" title="#datadog-addRoutersLabels">`datadog.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| `datadog.addServicesLabels` | Enable metrics on services. | true | No | | <a id="datadog-addServicesLabels" href="#datadog-addServicesLabels" title="#datadog-addServicesLabels">`datadog.addServicesLabels`</a> | Enable metrics on services. | true | No |
| `datadog.pushInterval` | Defines the interval used by the exporter to push metrics to datadog-agent. | 10s | No | | <a id="datadog-pushInterval" href="#datadog-pushInterval" title="#datadog-pushInterval">`datadog.pushInterval`</a> | Defines the interval used by the exporter to push metrics to datadog-agent. | 10s | No |
| `datadog.prefix` | Defines the prefix to use for metrics collection. | "traefik" | No | | <a id="datadog-prefix" href="#datadog-prefix" title="#datadog-prefix">`datadog.prefix`</a> | Defines the prefix to use for metrics collection. | "traefik" | No |
##### `address` ##### `address`
@@ -170,16 +170,16 @@ metrics:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|-------------------------|:--------|:---------| |:-----------|-------------------------|:--------|:---------|
| `metrics.addInternal` | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No | | <a id="metrics-addInternal" href="#metrics-addInternal" title="#metrics-addInternal">`metrics.addInternal`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false | No |
| `metrics.influxDB2.addEntryPointsLabels` | Enable metrics on entry points. | true | No | | <a id="metrics-influxDB2-addEntryPointsLabels" href="#metrics-influxDB2-addEntryPointsLabels" title="#metrics-influxDB2-addEntryPointsLabels">`metrics.influxDB2.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| `metrics.influxDB2.addRoutersLabels` | Enable metrics on routers. | false | No | | <a id="metrics-influxDB2-addRoutersLabels" href="#metrics-influxDB2-addRoutersLabels" title="#metrics-influxDB2-addRoutersLabels">`metrics.influxDB2.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| `metrics.influxDB2.addServicesLabels` | Enable metrics on services.| true | No | | <a id="metrics-influxDB2-addServicesLabels" href="#metrics-influxDB2-addServicesLabels" title="#metrics-influxDB2-addServicesLabels">`metrics.influxDB2.addServicesLabels`</a> | Enable metrics on services.| true | No |
| `metrics.influxDB2.additionalLabels` | Additional labels (InfluxDB tags) on all metrics. | - | No | | <a id="metrics-influxDB2-additionalLabels" href="#metrics-influxDB2-additionalLabels" title="#metrics-influxDB2-additionalLabels">`metrics.influxDB2.additionalLabels`</a> | Additional labels (InfluxDB tags) on all metrics. | - | No |
| `metrics.influxDB2.pushInterval` | The interval used by the exporter to push metrics to InfluxDB server. | 10s | No | | <a id="metrics-influxDB2-pushInterval" href="#metrics-influxDB2-pushInterval" title="#metrics-influxDB2-pushInterval">`metrics.influxDB2.pushInterval`</a> | The interval used by the exporter to push metrics to InfluxDB server. | 10s | No |
| `metrics.influxDB2.address` | Address of the InfluxDB v2 instance. | "http://localhost:8086" | Yes | | <a id="metrics-influxDB2-address" href="#metrics-influxDB2-address" title="#metrics-influxDB2-address">`metrics.influxDB2.address`</a> | Address of the InfluxDB v2 instance. | "http://localhost:8086" | Yes |
| `metrics.influxDB2.token` | Token with which to connect to InfluxDB v2. | - | Yes | | <a id="metrics-influxDB2-token" href="#metrics-influxDB2-token" title="#metrics-influxDB2-token">`metrics.influxDB2.token`</a> | Token with which to connect to InfluxDB v2. | - | Yes |
| `metrics.influxDB2.org` | Organisation where metrics will be stored. | - | Yes | | <a id="metrics-influxDB2-org" href="#metrics-influxDB2-org" title="#metrics-influxDB2-org">`metrics.influxDB2.org`</a> | Organisation where metrics will be stored. | - | Yes |
| `metrics.influxDB2.bucket` | Bucket where metrics will be stored. | - | Yes | | <a id="metrics-influxDB2-bucket" href="#metrics-influxDB2-bucket" title="#metrics-influxDB2-bucket">`metrics.influxDB2.bucket`</a> | Bucket where metrics will be stored. | - | Yes |
### Prometheus ### Prometheus
@@ -215,14 +215,14 @@ metrics:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|---------------------|:--------|:---------| |:-----------|---------------------|:--------|:---------|
| `metrics.prometheus.addInternals` | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No | | <a id="metrics-prometheus-addInternals" href="#metrics-prometheus-addInternals" title="#metrics-prometheus-addInternals">`metrics.prometheus.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| `metrics.prometheus.addEntryPointsLabels` | Enable metrics on entry points. | true | No | | <a id="metrics-prometheus-addEntryPointsLabels" href="#metrics-prometheus-addEntryPointsLabels" title="#metrics-prometheus-addEntryPointsLabels">`metrics.prometheus.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| `metrics.prometheus.addRoutersLabels` | Enable metrics on routers. | false | No | | <a id="metrics-prometheus-addRoutersLabels" href="#metrics-prometheus-addRoutersLabels" title="#metrics-prometheus-addRoutersLabels">`metrics.prometheus.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| `metrics.prometheus.addServicesLabels` | Enable metrics on services.| true | No | | <a id="metrics-prometheus-addServicesLabels" href="#metrics-prometheus-addServicesLabels" title="#metrics-prometheus-addServicesLabels">`metrics.prometheus.addServicesLabels`</a> | Enable metrics on services.| true | No |
| `metrics.prometheus.buckets` | Buckets for latency metrics. |"0.100000, 0.300000, 1.200000, 5.000000" | No | | <a id="metrics-prometheus-buckets" href="#metrics-prometheus-buckets" title="#metrics-prometheus-buckets">`metrics.prometheus.buckets`</a> | Buckets for latency metrics. |"0.100000, 0.300000, 1.200000, 5.000000" | No |
| `metrics.prometheus.manualRouting` | Set to _true_, it disables the default internal router in order to allow creating a custom router for the `prometheus@internal` service. | false | No | | <a id="metrics-prometheus-manualRouting" href="#metrics-prometheus-manualRouting" title="#metrics-prometheus-manualRouting">`metrics.prometheus.manualRouting`</a> | Set to _true_, it disables the default internal router in order to allow creating a custom router for the `prometheus@internal` service. | false | No |
| `metrics.prometheus.entryPoint` | Traefik Entrypoint name used to expose metrics. | "traefik" | No | | <a id="metrics-prometheus-entryPoint" href="#metrics-prometheus-entryPoint" title="#metrics-prometheus-entryPoint">`metrics.prometheus.entryPoint`</a> | Traefik Entrypoint name used to expose metrics. | "traefik" | No |
| `metrics.prometheus.headerLabels` | Defines extra labels extracted from request headers for the `requests_total` metrics.<br />More information [here](#headerlabels). | | Yes | | <a id="metrics-prometheus-headerLabels" href="#metrics-prometheus-headerLabels" title="#metrics-prometheus-headerLabels">`metrics.prometheus.headerLabels`</a> | Defines extra labels extracted from request headers for the `requests_total` metrics.<br />More information [here](#headerlabels). | | Yes |
##### headerLabels ##### headerLabels
@@ -288,13 +288,13 @@ metrics:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:-------------------------|:--------|:---------| |:-----------|:-------------------------|:--------|:---------|
| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No | | <a id="metrics-addInternals-3" href="#metrics-addInternals-3" title="#metrics-addInternals-3">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false | No |
| `metrics.statsD.addEntryPointsLabels` | Enable metrics on entry points. | true | No | | <a id="metrics-statsD-addEntryPointsLabels" href="#metrics-statsD-addEntryPointsLabels" title="#metrics-statsD-addEntryPointsLabels">`metrics.statsD.addEntryPointsLabels`</a> | Enable metrics on entry points. | true | No |
| `metrics.statsD.addRoutersLabels` | Enable metrics on routers. | false | No | | <a id="metrics-statsD-addRoutersLabels" href="#metrics-statsD-addRoutersLabels" title="#metrics-statsD-addRoutersLabels">`metrics.statsD.addRoutersLabels`</a> | Enable metrics on routers. | false | No |
| `metrics.statsD.addServicesLabels` | Enable metrics on services.| true | No | | <a id="metrics-statsD-addServicesLabels" href="#metrics-statsD-addServicesLabels" title="#metrics-statsD-addServicesLabels">`metrics.statsD.addServicesLabels`</a> | Enable metrics on services.| true | No |
| `metrics.statsD.pushInterval` | The interval used by the exporter to push metrics to DataDog server. | 10s | No | | <a id="metrics-statsD-pushInterval" href="#metrics-statsD-pushInterval" title="#metrics-statsD-pushInterval">`metrics.statsD.pushInterval`</a> | The interval used by the exporter to push metrics to DataDog server. | 10s | No |
| `metrics.statsD.address` | Address instructs exporter to send metrics to statsd at this address. | "127.0.0.1:8125" | Yes | | <a id="metrics-statsD-address" href="#metrics-statsD-address" title="#metrics-statsD-address">`metrics.statsD.address`</a> | Address instructs exporter to send metrics to statsd at this address. | "127.0.0.1:8125" | Yes |
| `metrics.statsD.prefix` | The prefix to use for metrics collection. | "traefik" | No | | <a id="metrics-statsD-prefix" href="#metrics-statsD-prefix" title="#metrics-statsD-prefix">`metrics.statsD.prefix`</a> | The prefix to use for metrics collection. | "traefik" | No |
## Metrics Provided ## Metrics Provided
@@ -303,42 +303,42 @@ metrics:
=== "OpenTelemetry" === "OpenTelemetry"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------| |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `traefik_config_reloads_total` | Count | | The total count of configuration reloads. | | <a id="traefik-config-reloads-total" href="#traefik-config-reloads-total" title="#traefik-config-reloads-total">`traefik_config_reloads_total`</a> | Count | | The total count of configuration reloads. |
| `traefik_config_last_reload_success` | Gauge | | The timestamp of the last configuration reload success. | | <a id="traefik-config-last-reload-success" href="#traefik-config-last-reload-success" title="#traefik-config-last-reload-success">`traefik_config_last_reload_success`</a> | Gauge | | The timestamp of the last configuration reload success. |
| `traefik_open_connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. | | <a id="traefik-open-connections" href="#traefik-open-connections" title="#traefik-open-connections">`traefik_open_connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `traefik_tls_certs_not_after` | Gauge | | The expiration date of certificates. | | <a id="traefik-tls-certs-not-after" href="#traefik-tls-certs-not-after" title="#traefik-tls-certs-not-after">`traefik_tls_certs_not_after`</a> | Gauge | | The expiration date of certificates. |
=== "Prometheus" === "Prometheus"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------| |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `traefik_config_reloads_total` | Count | | The total count of configuration reloads. | | <a id="traefik-config-reloads-total-2" href="#traefik-config-reloads-total-2" title="#traefik-config-reloads-total-2">`traefik_config_reloads_total`</a> | Count | | The total count of configuration reloads. |
| `traefik_config_last_reload_success` | Gauge | | The timestamp of the last configuration reload success. | | <a id="traefik-config-last-reload-success-2" href="#traefik-config-last-reload-success-2" title="#traefik-config-last-reload-success-2">`traefik_config_last_reload_success`</a> | Gauge | | The timestamp of the last configuration reload success. |
| `traefik_open_connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. | | <a id="traefik-open-connections-2" href="#traefik-open-connections-2" title="#traefik-open-connections-2">`traefik_open_connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `traefik_tls_certs_not_after` | Gauge | | The expiration date of certificates. | | <a id="traefik-tls-certs-not-after-2" href="#traefik-tls-certs-not-after-2" title="#traefik-tls-certs-not-after-2">`traefik_tls_certs_not_after`</a> | Gauge | | The expiration date of certificates. |
=== "Datadog" === "Datadog"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------| |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `config.reload.total` | Count | | The total count of configuration reloads. | | <a id="config-reload-total" href="#config-reload-total" title="#config-reload-total">`config.reload.total`</a> | Count | | The total count of configuration reloads. |
| `config.reload.lastSuccessTimestamp` | Gauge | | The timestamp of the last configuration reload success. | | <a id="config-reload-lastSuccessTimestamp" href="#config-reload-lastSuccessTimestamp" title="#config-reload-lastSuccessTimestamp">`config.reload.lastSuccessTimestamp`</a> | Gauge | | The timestamp of the last configuration reload success. |
| `open.connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. | | <a id="open-connections" href="#open-connections" title="#open-connections">`open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `tls.certs.notAfterTimestamp` | Gauge | | The expiration date of certificates. | | <a id="tls-certs-notAfterTimestamp" href="#tls-certs-notAfterTimestamp" title="#tls-certs-notAfterTimestamp">`tls.certs.notAfterTimestamp`</a> | Gauge | | The expiration date of certificates. |
=== "InfluxDB2" === "InfluxDB2"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------| |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `traefik.config.reload.total` | Count | | The total count of configuration reloads. | | <a id="traefik-config-reload-total" href="#traefik-config-reload-total" title="#traefik-config-reload-total">`traefik.config.reload.total`</a> | Count | | The total count of configuration reloads. |
| `traefik.config.reload.lastSuccessTimestamp` | Gauge | | The timestamp of the last configuration reload success. | | <a id="traefik-config-reload-lastSuccessTimestamp" href="#traefik-config-reload-lastSuccessTimestamp" title="#traefik-config-reload-lastSuccessTimestamp">`traefik.config.reload.lastSuccessTimestamp`</a> | Gauge | | The timestamp of the last configuration reload success. |
| `traefik.open.connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. | | <a id="traefik-open-connections-3" href="#traefik-open-connections-3" title="#traefik-open-connections-3">`traefik.open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `traefik.tls.certs.notAfterTimestamp` | Gauge | | The expiration date of certificates. | | <a id="traefik-tls-certs-notAfterTimestamp" href="#traefik-tls-certs-notAfterTimestamp" title="#traefik-tls-certs-notAfterTimestamp">`traefik.tls.certs.notAfterTimestamp`</a> | Gauge | | The expiration date of certificates. |
=== "StatsD" === "StatsD"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------| |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `{prefix}.config.reload.total` | Count | | The total count of configuration reloads. | | <a id="prefix-config-reload-total" href="#prefix-config-reload-total" title="#prefix-config-reload-total">`{prefix}.config.reload.total`</a> | Count | | The total count of configuration reloads. |
| `{prefix}.config.reload.lastSuccessTimestamp` | Gauge | | The timestamp of the last configuration reload success. | | <a id="prefix-config-reload-lastSuccessTimestamp" href="#prefix-config-reload-lastSuccessTimestamp" title="#prefix-config-reload-lastSuccessTimestamp">`{prefix}.config.reload.lastSuccessTimestamp`</a> | Gauge | | The timestamp of the last configuration reload success. |
| `{prefix}.open.connections` | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. | | <a id="prefix-open-connections" href="#prefix-open-connections" title="#prefix-open-connections">`{prefix}.open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
| `{prefix}.tls.certs.notAfterTimestamp` | Gauge | | The expiration date of certificates. | | <a id="prefix-tls-certs-notAfterTimestamp" href="#prefix-tls-certs-notAfterTimestamp" title="#prefix-tls-certs-notAfterTimestamp">`{prefix}.tls.certs.notAfterTimestamp`</a> | Gauge | | The expiration date of certificates. |
!!! note "\{prefix\} Default Value" !!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`. By default, \{prefix\} value is `traefik`.
@@ -349,8 +349,8 @@ Here is a comprehensive list of labels that are provided by the global metrics:
| Label | Description | example | | Label | Description | example |
|--------------|----------------------------------------|----------------------| |--------------|----------------------------------------|----------------------|
| `entrypoint` | Entrypoint that handled the connection | "example_entrypoint" | | <a id="entrypoint" href="#entrypoint" title="#entrypoint">`entrypoint`</a> | Entrypoint that handled the connection | "example_entrypoint" |
| `protocol` | Connection protocol | "TCP" | | <a id="protocol" href="#protocol" title="#protocol">`protocol`</a> | Connection protocol | "TCP" |
### OpenTelemetry Semantic Conventions ### OpenTelemetry Semantic Conventions
@@ -360,7 +360,7 @@ Traefik Proxy follows [official OpenTelemetry semantic conventions v1.23.1](http
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|----------|-----------|-------------------------|------------------| |----------|-----------|-------------------------|------------------|
| `http.server.request.duration` | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP server requests | | <a id="http-server-request-duration" href="#http-server-request-duration" title="#http-server-request-duration">`http.server.request.duration`</a> | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP server requests |
##### Labels ##### Labels
@@ -368,35 +368,35 @@ Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example | | Label | Description | example |
|-----------------------------|--------|---------------| |-----------------------------|--------|---------------|
| `error.type` | Describes a class of error the operation ended with | "500" | | <a id="error-type" href="#error-type" title="#error-type">`error.type`</a> | Describes a class of error the operation ended with | "500" |
| `http.request.method` | HTTP request method | "GET" | | <a id="http-request-method" href="#http-request-method" title="#http-request-method">`http.request.method`</a> | HTTP request method | "GET" |
| `http.response.status_code` | HTTP response status code | "200" | | <a id="http-response-status-code" href="#http-response-status-code" title="#http-response-status-code">`http.response.status_code`</a> | HTTP response status code | "200" |
| `network.protocol.name` | OSI application layer or non-OSI equivalent | "http/1.1" | | <a id="network-protocol-name" href="#network-protocol-name" title="#network-protocol-name">`network.protocol.name`</a> | OSI application layer or non-OSI equivalent | "http/1.1" |
| `network.protocol.version` | Version of the protocol specified in `network.protocol.name` | "1.1" | | <a id="network-protocol-version" href="#network-protocol-version" title="#network-protocol-version">`network.protocol.version`</a> | Version of the protocol specified in `network.protocol.name` | "1.1" |
| `server.address` | Name of the local HTTP server that received the request | "example.com" | | <a id="server-address" href="#server-address" title="#server-address">`server.address`</a> | Name of the local HTTP server that received the request | "example.com" |
| `server.port` | Port of the local HTTP server that received the request | "80" | | <a id="server-port" href="#server-port" title="#server-port">`server.port`</a> | Port of the local HTTP server that received the request | "80" |
| `url.scheme` | The URI scheme component identifying the used protocol | "http" | | <a id="url-scheme" href="#url-scheme" title="#url-scheme">`url.scheme`</a> | The URI scheme component identifying the used protocol | "http" |
#### HTTP Client #### HTTP Client
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-------------------------------|-----------|-----------------|--------| |-------------------------------|-----------|-----------------|--------|
| `http.client.request.duration` | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP client requests | | <a id="http-client-request-duration" href="#http-client-request-duration" title="#http-client-request-duration">`http.client.request.duration`</a> | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP client requests |
##### Labels ##### Labels
Here is a comprehensive list of labels that are provided by the metrics: Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example | | <a id="Label" href="#Label" title="#Label">Label</a> | Description | example |
|------ -----|------------|---------------| | <a id="row" href="#row" title="#row">------ -----</a> |------------|---------------|
| `error.type` | Describes a class of error the operation ended with | "500" | | <a id="error-type-2" href="#error-type-2" title="#error-type-2">`error.type`</a> | Describes a class of error the operation ended with | "500" |
| `http.request.method` | HTTP request method | "GET" | | <a id="http-request-method-2" href="#http-request-method-2" title="#http-request-method-2">`http.request.method`</a> | HTTP request method | "GET" |
| `http.response.status_code` | HTTP response status code | "200" | | <a id="http-response-status-code-2" href="#http-response-status-code-2" title="#http-response-status-code-2">`http.response.status_code`</a> | HTTP response status code | "200" |
| `network.protocol.name` | OSI application layer or non-OSI equivalent | "http/1.1" | | <a id="network-protocol-name-2" href="#network-protocol-name-2" title="#network-protocol-name-2">`network.protocol.name`</a> | OSI application layer or non-OSI equivalent | "http/1.1" |
| `network.protocol.version` | Version of the protocol specified in `network.protocol.name` | "1.1" | | <a id="network-protocol-version-2" href="#network-protocol-version-2" title="#network-protocol-version-2">`network.protocol.version`</a> | Version of the protocol specified in `network.protocol.name` | "1.1" |
| `server.address` | Name of the local HTTP server that received the request | "example.com" | | <a id="server-address-2" href="#server-address-2" title="#server-address-2">`server.address`</a> | Name of the local HTTP server that received the request | "example.com" |
| `server.port` | Port of the local HTTP server that received the request | "80" | | <a id="server-port-2" href="#server-port-2" title="#server-port-2">`server.port`</a> | Port of the local HTTP server that received the request | "80" |
| `url.scheme` | The URI scheme component identifying the used protocol | "http" | | <a id="url-scheme-2" href="#url-scheme-2" title="#url-scheme-2">`url.scheme`</a> | The URI scheme component identifying the used protocol | "http" |
### HTTP Metrics ### HTTP Metrics
@@ -408,51 +408,51 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|--------------------|--------------------------| |-----------------------|-----------|--------------------|--------------------------|
| `traefik_entrypoint_requests_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. | | <a id="traefik-entrypoint-requests-total" href="#traefik-entrypoint-requests-total" title="#traefik-entrypoint-requests-total">`traefik_entrypoint_requests_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `traefik_entrypoint_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. | | <a id="traefik-entrypoint-requests-tls-total" href="#traefik-entrypoint-requests-tls-total" title="#traefik-entrypoint-requests-tls-total">`traefik_entrypoint_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `traefik_entrypoint_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. | | <a id="traefik-entrypoint-request-duration-seconds" href="#traefik-entrypoint-request-duration-seconds" title="#traefik-entrypoint-request-duration-seconds">`traefik_entrypoint_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `traefik_entrypoint_requests_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. | | <a id="traefik-entrypoint-requests-bytes-total" href="#traefik-entrypoint-requests-bytes-total" title="#traefik-entrypoint-requests-bytes-total">`traefik_entrypoint_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `traefik_entrypoint_responses_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. | | <a id="traefik-entrypoint-responses-bytes-total" href="#traefik-entrypoint-responses-bytes-total" title="#traefik-entrypoint-responses-bytes-total">`traefik_entrypoint_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "Prometheus" === "Prometheus"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|------------------------|-------------------------| |-----------------------|-----------|------------------------|-------------------------|
| `traefik_entrypoint_requests_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. | | <a id="traefik-entrypoint-requests-total-2" href="#traefik-entrypoint-requests-total-2" title="#traefik-entrypoint-requests-total-2">`traefik_entrypoint_requests_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `traefik_entrypoint_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. | | <a id="traefik-entrypoint-requests-tls-total-2" href="#traefik-entrypoint-requests-tls-total-2" title="#traefik-entrypoint-requests-tls-total-2">`traefik_entrypoint_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `traefik_entrypoint_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. | | <a id="traefik-entrypoint-request-duration-seconds-2" href="#traefik-entrypoint-request-duration-seconds-2" title="#traefik-entrypoint-request-duration-seconds-2">`traefik_entrypoint_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `traefik_entrypoint_requests_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. | | <a id="traefik-entrypoint-requests-bytes-total-2" href="#traefik-entrypoint-requests-bytes-total-2" title="#traefik-entrypoint-requests-bytes-total-2">`traefik_entrypoint_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `traefik_entrypoint_responses_bytes_total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. | | <a id="traefik-entrypoint-responses-bytes-total-2" href="#traefik-entrypoint-responses-bytes-total-2" title="#traefik-entrypoint-responses-bytes-total-2">`traefik_entrypoint_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "Datadog" === "Datadog"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|------------------|---------------------------| |-----------------------|-----------|------------------|---------------------------|
| `entrypoint.requests.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. | | <a id="entrypoint-requests-total" href="#entrypoint-requests-total" title="#entrypoint-requests-total">`entrypoint.requests.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `entrypoint.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. | | <a id="entrypoint-requests-tls-total" href="#entrypoint-requests-tls-total" title="#entrypoint-requests-tls-total">`entrypoint.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `entrypoint.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. | | <a id="entrypoint-request-duration-seconds" href="#entrypoint-request-duration-seconds" title="#entrypoint-request-duration-seconds">`entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `entrypoint.requests.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. | | <a id="entrypoint-requests-bytes-total" href="#entrypoint-requests-bytes-total" title="#entrypoint-requests-bytes-total">`entrypoint.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `entrypoint.responses.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. | | <a id="entrypoint-responses-bytes-total" href="#entrypoint-responses-bytes-total" title="#entrypoint-responses-bytes-total">`entrypoint.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "InfluxDB2" === "InfluxDB2"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|------------|-----------|-------------------|-----------------| |------------|-----------|-------------------|-----------------|
| `traefik.entrypoint.requests.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. | | <a id="traefik-entrypoint-requests-total-3" href="#traefik-entrypoint-requests-total-3" title="#traefik-entrypoint-requests-total-3">`traefik.entrypoint.requests.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `traefik.entrypoint.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. | | <a id="traefik-entrypoint-requests-tls-total-3" href="#traefik-entrypoint-requests-tls-total-3" title="#traefik-entrypoint-requests-tls-total-3">`traefik.entrypoint.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `traefik.entrypoint.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. | | <a id="traefik-entrypoint-request-duration-seconds-3" href="#traefik-entrypoint-request-duration-seconds-3" title="#traefik-entrypoint-request-duration-seconds-3">`traefik.entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `traefik.entrypoint.requests.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. | | <a id="traefik-entrypoint-requests-bytes-total-3" href="#traefik-entrypoint-requests-bytes-total-3" title="#traefik-entrypoint-requests-bytes-total-3">`traefik.entrypoint.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `traefik.entrypoint.responses.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. | | <a id="traefik-entrypoint-responses-bytes-total-3" href="#traefik-entrypoint-responses-bytes-total-3" title="#traefik-entrypoint-responses-bytes-total-3">`traefik.entrypoint.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
=== "StatsD" === "StatsD"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|----------------------------|-------|--------------------------|--------------------------------------------------------------------| |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
| `{prefix}.entrypoint.requests.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. | | <a id="prefix-entrypoint-requests-total" href="#prefix-entrypoint-requests-total" title="#prefix-entrypoint-requests-total">`{prefix}.entrypoint.requests.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint. |
| `{prefix}.entrypoint.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. | | <a id="prefix-entrypoint-requests-tls-total" href="#prefix-entrypoint-requests-tls-total" title="#prefix-entrypoint-requests-tls-total">`{prefix}.entrypoint.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `entrypoint` | The total count of HTTPS requests received by an entrypoint. |
| `{prefix}.entrypoint.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. | | <a id="prefix-entrypoint-request-duration-seconds" href="#prefix-entrypoint-request-duration-seconds" title="#prefix-entrypoint-request-duration-seconds">`{prefix}.entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint. |
| `{prefix}.entrypoint.requests.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. | | <a id="prefix-entrypoint-requests-bytes-total" href="#prefix-entrypoint-requests-bytes-total" title="#prefix-entrypoint-requests-bytes-total">`{prefix}.entrypoint.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint. |
| `{prefix}.entrypoint.responses.bytes.total` | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. | | <a id="prefix-entrypoint-responses-bytes-total" href="#prefix-entrypoint-responses-bytes-total" title="#prefix-entrypoint-responses-bytes-total">`{prefix}.entrypoint.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
!!! note "\{prefix\} Default Value" !!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`. By default, \{prefix\} value is `traefik`.
@@ -463,51 +463,51 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|----------------------|--------------------------------| |-----------------------|-----------|----------------------|--------------------------------|
| `traefik_router_requests_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. | | <a id="traefik-router-requests-total" href="#traefik-router-requests-total" title="#traefik-router-requests-total">`traefik_router_requests_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `traefik_router_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. | | <a id="traefik-router-requests-tls-total" href="#traefik-router-requests-tls-total" title="#traefik-router-requests-tls-total">`traefik_router_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `traefik_router_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. | | <a id="traefik-router-request-duration-seconds" href="#traefik-router-request-duration-seconds" title="#traefik-router-request-duration-seconds">`traefik_router_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `traefik_router_requests_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. | | <a id="traefik-router-requests-bytes-total" href="#traefik-router-requests-bytes-total" title="#traefik-router-requests-bytes-total">`traefik_router_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `traefik_router_responses_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. | | <a id="traefik-router-responses-bytes-total" href="#traefik-router-responses-bytes-total" title="#traefik-router-responses-bytes-total">`traefik_router_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "Prometheus" === "Prometheus"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------| |-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
| `traefik_router_requests_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. | | <a id="traefik-router-requests-total-2" href="#traefik-router-requests-total-2" title="#traefik-router-requests-total-2">`traefik_router_requests_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `traefik_router_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. | | <a id="traefik-router-requests-tls-total-2" href="#traefik-router-requests-tls-total-2" title="#traefik-router-requests-tls-total-2">`traefik_router_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `traefik_router_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. | | <a id="traefik-router-request-duration-seconds-2" href="#traefik-router-request-duration-seconds-2" title="#traefik-router-request-duration-seconds-2">`traefik_router_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `traefik_router_requests_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. | | <a id="traefik-router-requests-bytes-total-2" href="#traefik-router-requests-bytes-total-2" title="#traefik-router-requests-bytes-total-2">`traefik_router_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `traefik_router_responses_bytes_total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. | | <a id="traefik-router-responses-bytes-total-2" href="#traefik-router-responses-bytes-total-2" title="#traefik-router-responses-bytes-total-2">`traefik_router_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "Datadog" === "Datadog"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-------------|-----------|---------------|---------------------| |-------------|-----------|---------------|---------------------|
| `router.requests.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. | | <a id="router-requests-total" href="#router-requests-total" title="#router-requests-total">`router.requests.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `router.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. | | <a id="router-requests-tls-total" href="#router-requests-tls-total" title="#router-requests-tls-total">`router.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `router.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. | | <a id="router-request-duration-seconds" href="#router-request-duration-seconds" title="#router-request-duration-seconds">`router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `router.requests.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. | | <a id="router-requests-bytes-total" href="#router-requests-bytes-total" title="#router-requests-bytes-total">`router.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `router.responses.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. | | <a id="router-responses-bytes-total" href="#router-responses-bytes-total" title="#router-responses-bytes-total">`router.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "InfluxDB2" === "InfluxDB2"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------| |-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
| `traefik.router.requests.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. | | <a id="traefik-router-requests-total-3" href="#traefik-router-requests-total-3" title="#traefik-router-requests-total-3">`traefik.router.requests.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `traefik.router.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. | | <a id="traefik-router-requests-tls-total-3" href="#traefik-router-requests-tls-total-3" title="#traefik-router-requests-tls-total-3">`traefik.router.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `traefik.router.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. | | <a id="traefik-router-request-duration-seconds-3" href="#traefik-router-request-duration-seconds-3" title="#traefik-router-request-duration-seconds-3">`traefik.router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `traefik.router.requests.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. | | <a id="traefik-router-requests-bytes-total-3" href="#traefik-router-requests-bytes-total-3" title="#traefik-router-requests-bytes-total-3">`traefik.router.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `traefik.router.responses.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. | | <a id="traefik-router-responses-bytes-total-3" href="#traefik-router-responses-bytes-total-3" title="#traefik-router-responses-bytes-total-3">`traefik.router.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
=== "StatsD" === "StatsD"
| Metric | Type | [Labels](#labels) | Description | | Metric | Type | [Labels](#labels) | Description |
|-----------------------|-----------|---------------|-------------| |-----------------------|-----------|---------------|-------------|
| `{prefix}.router.requests.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. | | <a id="prefix-router-requests-total" href="#prefix-router-requests-total" title="#prefix-router-requests-total">`{prefix}.router.requests.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router. |
| `{prefix}.router.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. | | <a id="prefix-router-requests-tls-total" href="#prefix-router-requests-tls-total" title="#prefix-router-requests-tls-total">`{prefix}.router.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `router`, `service` | The total count of HTTPS requests handled by a router. |
| `{prefix}.router.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. | | <a id="prefix-router-request-duration-seconds" href="#prefix-router-request-duration-seconds" title="#prefix-router-request-duration-seconds">`{prefix}.router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router. |
| `{prefix}.router.requests.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. | | <a id="prefix-router-requests-bytes-total" href="#prefix-router-requests-bytes-total" title="#prefix-router-requests-bytes-total">`{prefix}.router.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router. |
| `{prefix}.router.responses.bytes.total` | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. | | <a id="prefix-router-responses-bytes-total" href="#prefix-router-responses-bytes-total" title="#prefix-router-responses-bytes-total">`{prefix}.router.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
!!! note "\{prefix\} Default Value" !!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`. By default, \{prefix\} value is `traefik`.
@@ -518,61 +518,61 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its
| Metric | Type | Labels | Description | | Metric | Type | Labels | Description |
|-----------------------|-----------|------------|------------| |-----------------------|-----------|------------|------------|
| `traefik_service_requests_total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. | | <a id="traefik-service-requests-total" href="#traefik-service-requests-total" title="#traefik-service-requests-total">`traefik_service_requests_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `traefik_service_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. | | <a id="traefik-service-requests-tls-total" href="#traefik-service-requests-tls-total" title="#traefik-service-requests-tls-total">`traefik_service_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `traefik_service_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. | | <a id="traefik-service-request-duration-seconds" href="#traefik-service-request-duration-seconds" title="#traefik-service-request-duration-seconds">`traefik_service_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `traefik_service_retries_total` | Count | `service` | The count of requests retries on a service. | | <a id="traefik-service-retries-total" href="#traefik-service-retries-total" title="#traefik-service-retries-total">`traefik_service_retries_total`</a> | Count | `service` | The count of requests retries on a service. |
| `traefik_service_server_up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. | | <a id="traefik-service-server-up" href="#traefik-service-server-up" title="#traefik-service-server-up">`traefik_service_server_up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `traefik_service_requests_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. | | <a id="traefik-service-requests-bytes-total" href="#traefik-service-requests-bytes-total" title="#traefik-service-requests-bytes-total">`traefik_service_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `traefik_service_responses_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. | | <a id="traefik-service-responses-bytes-total" href="#traefik-service-responses-bytes-total" title="#traefik-service-responses-bytes-total">`traefik_service_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "Prometheus" === "Prometheus"
| Metric | Type | Labels | Description | | Metric | Type | Labels | Description |
|-----------------------|-----------|-------|------------| |-----------------------|-----------|-------|------------|
| `traefik_service_requests_total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. | | <a id="traefik-service-requests-total-2" href="#traefik-service-requests-total-2" title="#traefik-service-requests-total-2">`traefik_service_requests_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `traefik_service_requests_tls_total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. | | <a id="traefik-service-requests-tls-total-2" href="#traefik-service-requests-tls-total-2" title="#traefik-service-requests-tls-total-2">`traefik_service_requests_tls_total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `traefik_service_request_duration_seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. | | <a id="traefik-service-request-duration-seconds-2" href="#traefik-service-request-duration-seconds-2" title="#traefik-service-request-duration-seconds-2">`traefik_service_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `traefik_service_retries_total` | Count | `service` | The count of requests retries on a service. | | <a id="traefik-service-retries-total-2" href="#traefik-service-retries-total-2" title="#traefik-service-retries-total-2">`traefik_service_retries_total`</a> | Count | `service` | The count of requests retries on a service. |
| `traefik_service_server_up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. | | <a id="traefik-service-server-up-2" href="#traefik-service-server-up-2" title="#traefik-service-server-up-2">`traefik_service_server_up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `traefik_service_requests_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. | | <a id="traefik-service-requests-bytes-total-2" href="#traefik-service-requests-bytes-total-2" title="#traefik-service-requests-bytes-total-2">`traefik_service_requests_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `traefik_service_responses_bytes_total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. | | <a id="traefik-service-responses-bytes-total-2" href="#traefik-service-responses-bytes-total-2" title="#traefik-service-responses-bytes-total-2">`traefik_service_responses_bytes_total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "Datadog" === "Datadog"
| Metric | Type | Labels | Description | | Metric | Type | Labels | Description |
|-----------------------|-----------|--------|------------------| |-----------------------|-----------|--------|------------------|
| `service.requests.total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. | | <a id="service-requests-total" href="#service-requests-total" title="#service-requests-total">`service.requests.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `router.service.tls.total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. | | <a id="router-service-tls-total" href="#router-service-tls-total" title="#router-service-tls-total">`router.service.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `service.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. | | <a id="service-request-duration-seconds" href="#service-request-duration-seconds" title="#service-request-duration-seconds">`service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `service.retries.total` | Count | `service` | The count of requests retries on a service. | | <a id="service-retries-total" href="#service-retries-total" title="#service-retries-total">`service.retries.total`</a> | Count | `service` | The count of requests retries on a service. |
| `service.server.up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. | | <a id="service-server-up" href="#service-server-up" title="#service-server-up">`service.server.up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `service.requests.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. | | <a id="service-requests-bytes-total" href="#service-requests-bytes-total" title="#service-requests-bytes-total">`service.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `service.responses.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. | | <a id="service-responses-bytes-total" href="#service-responses-bytes-total" title="#service-responses-bytes-total">`service.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "InfluxDB2" === "InfluxDB2"
| Metric | Type | Labels | Description | | Metric | Type | Labels | Description |
|-----------------------|-----------|-----------------------------------------|-------------------------------------------------------------| |-----------------------|-----------|-----------------------------------------|-------------------------------------------------------------|
| `traefik.service.requests.total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. | | <a id="traefik-service-requests-total-3" href="#traefik-service-requests-total-3" title="#traefik-service-requests-total-3">`traefik.service.requests.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `traefik.service.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. | | <a id="traefik-service-requests-tls-total-3" href="#traefik-service-requests-tls-total-3" title="#traefik-service-requests-tls-total-3">`traefik.service.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `traefik.service.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. | | <a id="traefik-service-request-duration-seconds-3" href="#traefik-service-request-duration-seconds-3" title="#traefik-service-request-duration-seconds-3">`traefik.service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `traefik.service.retries.total` | Count | `service` | The count of requests retries on a service. | | <a id="traefik-service-retries-total-3" href="#traefik-service-retries-total-3" title="#traefik-service-retries-total-3">`traefik.service.retries.total`</a> | Count | `service` | The count of requests retries on a service. |
| `traefik.service.server.up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. | | <a id="traefik-service-server-up-3" href="#traefik-service-server-up-3" title="#traefik-service-server-up-3">`traefik.service.server.up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `traefik.service.requests.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. | | <a id="traefik-service-requests-bytes-total-3" href="#traefik-service-requests-bytes-total-3" title="#traefik-service-requests-bytes-total-3">`traefik.service.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `traefik.service.responses.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. | | <a id="traefik-service-responses-bytes-total-3" href="#traefik-service-responses-bytes-total-3" title="#traefik-service-responses-bytes-total-3">`traefik.service.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
=== "StatsD" === "StatsD"
| Metric | Type | Labels | Description | | Metric | Type | Labels | Description |
|-----------------------|-----------|-----|---------| |-----------------------|-----------|-----|---------|
| `{prefix}.service.requests.total` | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. | | <a id="prefix-service-requests-total" href="#prefix-service-requests-total" title="#prefix-service-requests-total">`{prefix}.service.requests.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service. |
| `{prefix}.service.requests.tls.total` | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. | | <a id="prefix-service-requests-tls-total" href="#prefix-service-requests-tls-total" title="#prefix-service-requests-tls-total">`{prefix}.service.requests.tls.total`</a> | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| `{prefix}.service.request.duration.seconds` | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. | | <a id="prefix-service-request-duration-seconds" href="#prefix-service-request-duration-seconds" title="#prefix-service-request-duration-seconds">`{prefix}.service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| `{prefix}.service.retries.total` | Count | `service` | The count of requests retries on a service. | | <a id="prefix-service-retries-total" href="#prefix-service-retries-total" title="#prefix-service-retries-total">`{prefix}.service.retries.total`</a> | Count | `service` | The count of requests retries on a service. |
| `{prefix}.service.server.up` | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. | | <a id="prefix-service-server-up" href="#prefix-service-server-up" title="#prefix-service-server-up">`{prefix}.service.server.up`</a> | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| `{prefix}.service.requests.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. | | <a id="prefix-service-requests-bytes-total" href="#prefix-service-requests-bytes-total" title="#prefix-service-requests-bytes-total">`{prefix}.service.requests.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| `{prefix}.service.responses.bytes.total` | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. | | <a id="prefix-service-responses-bytes-total" href="#prefix-service-responses-bytes-total" title="#prefix-service-responses-bytes-total">`{prefix}.service.responses.bytes.total`</a> | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
!!! note "\{prefix\} Default Value" !!! note "\{prefix\} Default Value"
By default, \{prefix\} value is `traefik`. By default, \{prefix\} value is `traefik`.
@@ -583,18 +583,18 @@ Here is a comprehensive list of labels that are provided by the metrics:
| Label | Description | example | | Label | Description | example |
|---------------|-------------------|----------------------------| |---------------|-------------------|----------------------------|
| `cn` | Certificate Common Name | "example.com" | | <a id="cn" href="#cn" title="#cn">`cn`</a> | Certificate Common Name | "example.com" |
| `code` | Request code | "200" | | <a id="code" href="#code" title="#code">`code`</a> | Request code | "200" |
| `entrypoint` | Entrypoint that handled the request | "example_entrypoint" | | <a id="entrypoint-2" href="#entrypoint-2" title="#entrypoint-2">`entrypoint`</a> | Entrypoint that handled the request | "example_entrypoint" |
| `method` | Request Method | "GET" | | <a id="method" href="#method" title="#method">`method`</a> | Request Method | "GET" |
| `protocol` | Request protocol | "http" | | <a id="protocol-2" href="#protocol-2" title="#protocol-2">`protocol`</a> | Request protocol | "http" |
| `router` | Router that handled the request | "example_router" | | <a id="router" href="#router" title="#router">`router`</a> | Router that handled the request | "example_router" |
| `sans` | Certificate Subject Alternative NameS | "example.com" | | <a id="sans" href="#sans" title="#sans">`sans`</a> | Certificate Subject Alternative NameS | "example.com" |
| `serial` | Certificate Serial Number | "123..." | | <a id="serial" href="#serial" title="#serial">`serial`</a> | Certificate Serial Number | "123..." |
| `service` | Service that handled the request | "example_service@provider" | | <a id="service" href="#service" title="#service">`service`</a> | Service that handled the request | "example_service@provider" |
| `tls_cipher` | TLS cipher used for the request | "TLS_FALLBACK_SCSV" | | <a id="tls-cipher" href="#tls-cipher" title="#tls-cipher">`tls_cipher`</a> | TLS cipher used for the request | "TLS_FALLBACK_SCSV" |
| `tls_version` | TLS version used for the request | "1.0" | | <a id="tls-version" href="#tls-version" title="#tls-version">`tls_version`</a> | TLS version used for the request | "1.0" |
| `url` | Service server url | "http://example.com" | | <a id="url" href="#url" title="#url">`url`</a> | Service server url | "http://example.com" |
!!! info "`method` label value" !!! info "`method` label value"
docs/content/reference/install-configuration/observability/tracing.md
+22 -22
View File
@@ -38,25 +38,25 @@ tracing: {}
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------|:---------| |:-------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------|:---------|
| `tracing.addInternals` | Enables tracing for internal resources (e.g.: `ping@internal`). | false | No | | <a id="tracing-addInternals" href="#tracing-addInternals" title="#tracing-addInternals">`tracing.addInternals`</a> | Enables tracing for internal resources (e.g.: `ping@internal`). | false | No |
| `tracing.serviceName` | Defines the service name resource attribute. | "traefik" | No | | <a id="tracing-serviceName" href="#tracing-serviceName" title="#tracing-serviceName">`tracing.serviceName`</a> | Defines the service name resource attribute. | "traefik" | No |
| `tracing.resourceAttributes` | Defines additional resource attributes to be sent to the collector. | [] | No | | <a id="tracing-resourceAttributes" href="#tracing-resourceAttributes" title="#tracing-resourceAttributes">`tracing.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. | [] | No |
| `tracing.sampleRate` | The proportion of requests to trace, specified between 0.0 and 1.0. | 1.0 | No | | <a id="tracing-sampleRate" href="#tracing-sampleRate" title="#tracing-sampleRate">`tracing.sampleRate`</a> | The proportion of requests to trace, specified between 0.0 and 1.0. | 1.0 | No |
| `tracing.capturedRequestHeaders` | Defines the list of request headers to add as attributes.<br />It applies to client and server kind spans. | [] | No | | <a id="tracing-capturedRequestHeaders" href="#tracing-capturedRequestHeaders" title="#tracing-capturedRequestHeaders">`tracing.capturedRequestHeaders`</a> | Defines the list of request headers to add as attributes.<br />It applies to client and server kind spans. | [] | No |
| `tracing.capturedResponseHeaders` | Defines the list of response headers to add as attributes.<br />It applies to client and server kind spans. | [] | False | | <a id="tracing-capturedResponseHeaders" href="#tracing-capturedResponseHeaders" title="#tracing-capturedResponseHeaders">`tracing.capturedResponseHeaders`</a> | Defines the list of response headers to add as attributes.<br />It applies to client and server kind spans. | [] | False |
| `tracing.safeQueryParams` | By default, all query parameters are redacted.<br />Defines the list of query parameters to not redact. | [] | No | | <a id="tracing-safeQueryParams" href="#tracing-safeQueryParams" title="#tracing-safeQueryParams">`tracing.safeQueryParams`</a> | By default, all query parameters are redacted.<br />Defines the list of query parameters to not redact. | [] | No |
| `tracing.otlp.http` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No | | <a id="tracing-otlp-http" href="#tracing-otlp-http" title="#tracing-otlp-http">`tracing.otlp.http`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | null/false | No |
| `tracing.otlp.http.endpoint` | URL of the OpenTelemetry Collector to send tracing to.<br /> Format="`<scheme>://<host>:<port><path>`" | "http://localhost:4318/v1/tracing" | Yes | | <a id="tracing-otlp-http-endpoint" href="#tracing-otlp-http-endpoint" title="#tracing-otlp-http-endpoint">`tracing.otlp.http.endpoint`</a> | URL of the OpenTelemetry Collector to send tracing to.<br /> Format="`<scheme>://<host>:<port><path>`" | "http://localhost:4318/v1/tracing" | Yes |
| `tracing.otlp.http.headers` | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | | No | | <a id="tracing-otlp-http-headers" href="#tracing-otlp-http-headers" title="#tracing-otlp-http-headers">`tracing.otlp.http.headers`</a> | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | | No |
| `tracing.otlp.http.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No | | <a id="tracing-otlp-http-tls-ca" href="#tracing-otlp-http-tls-ca" title="#tracing-otlp-http-tls-ca">`tracing.otlp.http.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
| `tracing.otlp.http.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No | | <a id="tracing-otlp-http-tls-cert" href="#tracing-otlp-http-tls-cert" title="#tracing-otlp-http-tls-cert">`tracing.otlp.http.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
| `tracing.otlp.http.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No | | <a id="tracing-otlp-http-tls-key" href="#tracing-otlp-http-tls-key" title="#tracing-otlp-http-tls-key">`tracing.otlp.http.tls.key`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No |
| `tracing.otlp.http.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes | | <a id="tracing-otlp-http-tls-insecureskipverify" href="#tracing-otlp-http-tls-insecureskipverify" title="#tracing-otlp-http-tls-insecureskipverify">`tracing.otlp.http.tls.insecureskipverify`</a> | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
| `tracing.otlp.grpc` | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC. | false | No | | <a id="tracing-otlp-grpc" href="#tracing-otlp-grpc" title="#tracing-otlp-grpc">`tracing.otlp.grpc`</a> | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC. | false | No |
| `tracing.otlp.grpc.endpoint` | Address of the OpenTelemetry Collector to send tracing to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes | | <a id="tracing-otlp-grpc-endpoint" href="#tracing-otlp-grpc-endpoint" title="#tracing-otlp-grpc-endpoint">`tracing.otlp.grpc.endpoint`</a> | Address of the OpenTelemetry Collector to send tracing to.<br /> Format="`<host>:<port>`" | "localhost:4317" | Yes |
| `tracing.otlp.grpc.headers` | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | [] | No | | <a id="tracing-otlp-grpc-headers" href="#tracing-otlp-grpc-headers" title="#tracing-otlp-grpc-headers">`tracing.otlp.grpc.headers`</a> | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector. | [] | No |
| `tracing.otlp.grpc.insecure` | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol. | false | Yes | | <a id="tracing-otlp-grpc-insecure" href="#tracing-otlp-grpc-insecure" title="#tracing-otlp-grpc-insecure">`tracing.otlp.grpc.insecure`</a> | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol. | false | Yes |
| `tracing.otlp.grpc.tls.ca` | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No | | <a id="tracing-otlp-grpc-tls-ca" href="#tracing-otlp-grpc-tls-ca" title="#tracing-otlp-grpc-tls-ca">`tracing.otlp.grpc.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. | "" | No |
| `tracing.otlp.grpc.tls.cert` | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No | | <a id="tracing-otlp-grpc-tls-cert" href="#tracing-otlp-grpc-tls-cert" title="#tracing-otlp-grpc-tls-cert">`tracing.otlp.grpc.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required. | "" | No |
| `tracing.otlp.grpc.tls.key` | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No | | <a id="tracing-otlp-grpc-tls-key" href="#tracing-otlp-grpc-tls-key" title="#tracing-otlp-grpc-tls-key">`tracing.otlp.grpc.tls.key`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values. | ""null/false "" | No |
| `tracing.otlp.grpc.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes | | <a id="tracing-otlp-grpc-tls-insecureskipverify" href="#tracing-otlp-grpc-tls-insecureskipverify" title="#tracing-otlp-grpc-tls-insecureskipverify">`tracing.otlp.grpc.tls.insecureskipverify`</a> | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false | Yes |
docs/content/reference/install-configuration/providers/docker.md
+23 -23
View File
@@ -40,22 +40,22 @@ services:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.docker.endpoint` | Specifies the Docker API endpoint. See [here](#endpoint) for more information| "unix:///var/run/docker.sock" | Yes | | <a id="providers-docker-endpoint" href="#providers-docker-endpoint" title="#providers-docker-endpoint">`providers.docker.endpoint`</a> | Specifies the Docker API endpoint. See [here](#endpoint) for more information| "unix:///var/run/docker.sock" | Yes |
| `providers.docker.username` | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No | | <a id="providers-docker-username" href="#providers-docker-username" title="#providers-docker-username">`providers.docker.username`</a> | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No |
| `providers.docker.password` | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No | | <a id="providers-docker-password" href="#providers-docker-password" title="#providers-docker-password">`providers.docker.password`</a> | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.| "" | No |
| `providers.docker.useBindPortIP` | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No | | <a id="providers-docker-useBindPortIP" href="#providers-docker-useBindPortIP" title="#providers-docker-useBindPortIP">`providers.docker.useBindPortIP`</a> | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No |
| `providers.docker.exposedByDefault` | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No | | <a id="providers-docker-exposedByDefault" href="#providers-docker-exposedByDefault" title="#providers-docker-exposedByDefault">`providers.docker.exposedByDefault`</a> | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No |
| `providers.docker.network` | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.docker.network` label.| "" | No | | <a id="providers-docker-network" href="#providers-docker-network" title="#providers-docker-network">`providers.docker.network`</a> | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.docker.network` label.| "" | No |
| `providers.docker.defaultRule` | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No | | <a id="providers-docker-defaultRule" href="#providers-docker-defaultRule" title="#providers-docker-defaultRule">`providers.docker.defaultRule`</a> | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.docker.httpClientTimeout` | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No | | <a id="providers-docker-httpClientTimeout" href="#providers-docker-httpClientTimeout" title="#providers-docker-httpClientTimeout">`providers.docker.httpClientTimeout`</a> | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No |
| `providers.docker.watch` | Instructs Traefik to watch Docker events or not. | True | No | | <a id="providers-docker-watch" href="#providers-docker-watch" title="#providers-docker-watch">`providers.docker.watch`</a> | Instructs Traefik to watch Docker events or not. | True | No |
| `providers.docker.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No | | <a id="providers-docker-constraints" href="#providers-docker-constraints" title="#providers-docker-constraints">`providers.docker.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.docker.allowEmptyServices` | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No | | <a id="providers-docker-allowEmptyServices" href="#providers-docker-allowEmptyServices" title="#providers-docker-allowEmptyServices">`providers.docker.allowEmptyServices`</a> | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| `providers.docker.tls.ca` | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No | | <a id="providers-docker-tls-ca" href="#providers-docker-tls-ca" title="#providers-docker-tls-ca">`providers.docker.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No |
| `providers.docker.tls.cert` | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes | | <a id="providers-docker-tls-cert" href="#providers-docker-tls-cert" title="#providers-docker-tls-cert">`providers.docker.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.docker.tls.key` | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-docker-tls-key" href="#providers-docker-tls-key" title="#providers-docker-tls-key">`providers.docker.tls.key`</a> | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.docker.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-docker-tls-insecureSkipVerify" href="#providers-docker-tls-insecureSkipVerify" title="#providers-docker-tls-insecureSkipVerify">`providers.docker.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `endpoint` ### `endpoint`
@@ -192,13 +192,13 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that
| port label | Container's binding | Routes to | | port label | Container's binding | Routes to |
|--------------------|----------------------------------------------------|----------------| |--------------------|----------------------------------------------------|----------------|
| - | - | IntIP:IntPort | | <a id="row" href="#row" title="#row">-</a> | - | IntIP:IntPort |
| - | ExtPort:IntPort | IntIP:IntPort | | <a id="row-2" href="#row-2" title="#row-2">-</a> | ExtPort:IntPort | IntIP:IntPort |
| - | ExtIp:ExtPort:IntPort | ExtIp:ExtPort | | <a id="row-3" href="#row-3" title="#row-3">-</a> | ExtIp:ExtPort:IntPort | ExtIp:ExtPort |
| LblPort | - | IntIp:LblPort | | <a id="LblPort" href="#LblPort" title="#LblPort">LblPort</a> | - | IntIp:LblPort |
| LblPort | ExtIp:ExtPort:LblPort | ExtIp:ExtPort | | <a id="LblPort-2" href="#LblPort-2" title="#LblPort-2">LblPort</a> | ExtIp:ExtPort:LblPort | ExtIp:ExtPort |
| LblPort | ExtIp:ExtPort:OtherPort | IntIp:LblPort | | <a id="LblPort-3" href="#LblPort-3" title="#LblPort-3">LblPort</a> | ExtIp:ExtPort:OtherPort | IntIp:LblPort |
| LblPort | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort | | <a id="LblPort-4" href="#LblPort-4" title="#LblPort-4">LblPort</a> | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
!!! info "" !!! info ""
In the above table: In the above table:
docs/content/reference/install-configuration/providers/hashicorp/consul-catalog.md
+28 -28
View File
@@ -32,34 +32,34 @@ Attaching tags to services:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.consulCatalog.refreshInterval` | Defines the polling interval.| 15s | No | | <a id="providers-consulCatalog-refreshInterval" href="#providers-consulCatalog-refreshInterval" title="#providers-consulCatalog-refreshInterval">`providers.consulCatalog.refreshInterval`</a> | Defines the polling interval.| 15s | No |
| `providers.consulCatalog.prefix` | Defines the prefix for Consul Catalog tags defining Traefik labels.| traefik | yes | | <a id="providers-consulCatalog-prefix" href="#providers-consulCatalog-prefix" title="#providers-consulCatalog-prefix">`providers.consulCatalog.prefix`</a> | Defines the prefix for Consul Catalog tags defining Traefik labels.| traefik | yes |
| `providers.consulCatalog.requireConsistent` | Forces the read to be fully consistent. See [here](#requireconsistent) for more information.| false | yes | | <a id="providers-consulCatalog-requireConsistent" href="#providers-consulCatalog-requireConsistent" title="#providers-consulCatalog-requireConsistent">`providers.consulCatalog.requireConsistent`</a> | Forces the read to be fully consistent. See [here](#requireconsistent) for more information.| false | yes |
| `providers.consulCatalog.exposedByDefault` | Expose Consul Catalog services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery). | true | no | | <a id="providers-consulCatalog-exposedByDefault" href="#providers-consulCatalog-exposedByDefault" title="#providers-consulCatalog-exposedByDefault">`providers.consulCatalog.exposedByDefault`</a> | Expose Consul Catalog services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery). | true | no |
| `providers.consulCatalog.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No | | <a id="providers-consulCatalog-defaultRule" href="#providers-consulCatalog-defaultRule" title="#providers-consulCatalog-defaultRule">`providers.consulCatalog.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.consulCatalog.connectAware` | Enable Consul Connect support. If set to `true`, Traefik will be enabled to communicate with Connect services. | false | No | | <a id="providers-consulCatalog-connectAware" href="#providers-consulCatalog-connectAware" title="#providers-consulCatalog-connectAware">`providers.consulCatalog.connectAware`</a> | Enable Consul Connect support. If set to `true`, Traefik will be enabled to communicate with Connect services. | false | No |
| `providers.consulCatalog.connectByDefault` | Consider every service as Connect capable by default. If set to true, Traefik will consider every Consul Catalog service to be Connect capable by default. The option can be overridden on an instance basis with the traefik.consulcatalog.connect tag. | false | No | | <a id="providers-consulCatalog-connectByDefault" href="#providers-consulCatalog-connectByDefault" title="#providers-consulCatalog-connectByDefault">`providers.consulCatalog.connectByDefault`</a> | Consider every service as Connect capable by default. If set to true, Traefik will consider every Consul Catalog service to be Connect capable by default. The option can be overridden on an instance basis with the traefik.consulcatalog.connect tag. | false | No |
| `providers.consulCatalog.serviceName` | Defines the name of the Traefik service in Consul Catalog. | "traefik" | No | | <a id="providers-consulCatalog-serviceName" href="#providers-consulCatalog-serviceName" title="#providers-consulCatalog-serviceName">`providers.consulCatalog.serviceName`</a> | Defines the name of the Traefik service in Consul Catalog. | "traefik" | No |
| `providers.consulCatalog.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No | | <a id="providers-consulCatalog-constraints" href="#providers-consulCatalog-constraints" title="#providers-consulCatalog-constraints">`providers.consulCatalog.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.consulCatalog.namespaces` | Defines the namespaces to query. See [here](#namespaces) for more information. | "" | no | | <a id="providers-consulCatalog-namespaces" href="#providers-consulCatalog-namespaces" title="#providers-consulCatalog-namespaces">`providers.consulCatalog.namespaces`</a> | Defines the namespaces to query. See [here](#namespaces) for more information. | "" | no |
| `providers.consulCatalog.stale` | Instruct Traefik to use stale consistency for catalog reads. | false | no | | <a id="providers-consulCatalog-stale" href="#providers-consulCatalog-stale" title="#providers-consulCatalog-stale">`providers.consulCatalog.stale`</a> | Instruct Traefik to use stale consistency for catalog reads. | false | no |
| `providers.consulCatalog.cache` | Instruct Traefik to use local agent caching for catalog reads. | false | no | | <a id="providers-consulCatalog-cache" href="#providers-consulCatalog-cache" title="#providers-consulCatalog-cache">`providers.consulCatalog.cache`</a> | Instruct Traefik to use local agent caching for catalog reads. | false | no |
| `providers.consulCatalog.endpoint` | Defines the Consul server endpoint. | - | yes | | <a id="providers-consulCatalog-endpoint" href="#providers-consulCatalog-endpoint" title="#providers-consulCatalog-endpoint">`providers.consulCatalog.endpoint`</a> | Defines the Consul server endpoint. | - | yes |
| `providers.consulCatalog.endpoint.address` | Defines the address of the Consul server. | 127.0.0.1:8500 | no | | <a id="providers-consulCatalog-endpoint-address" href="#providers-consulCatalog-endpoint-address" title="#providers-consulCatalog-endpoint-address">`providers.consulCatalog.endpoint.address`</a> | Defines the address of the Consul server. | 127.0.0.1:8500 | no |
| `providers.consulCatalog.endpoint.scheme` | Defines the URI scheme for the Consul server. | "" | no | | <a id="providers-consulCatalog-endpoint-scheme" href="#providers-consulCatalog-endpoint-scheme" title="#providers-consulCatalog-endpoint-scheme">`providers.consulCatalog.endpoint.scheme`</a> | Defines the URI scheme for the Consul server. | "" | no |
| `providers.consulCatalog.endpoint.datacenter` | Defines the datacenter to use. If not provided in Traefik, Consul uses the default agent datacenter. | "" | no | | <a id="providers-consulCatalog-endpoint-datacenter" href="#providers-consulCatalog-endpoint-datacenter" title="#providers-consulCatalog-endpoint-datacenter">`providers.consulCatalog.endpoint.datacenter`</a> | Defines the datacenter to use. If not provided in Traefik, Consul uses the default agent datacenter. | "" | no |
| `providers.consulCatalog.endpoint.token` | Defines a per-request ACL token which overwrites the agent's default token. | "" | no | | <a id="providers-consulCatalog-endpoint-token" href="#providers-consulCatalog-endpoint-token" title="#providers-consulCatalog-endpoint-token">`providers.consulCatalog.endpoint.token`</a> | Defines a per-request ACL token which overwrites the agent's default token. | "" | no |
| `providers.consulCatalog.endpoint.endpointWaitTime` | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | no | | <a id="providers-consulCatalog-endpoint-endpointWaitTime" href="#providers-consulCatalog-endpoint-endpointWaitTime" title="#providers-consulCatalog-endpoint-endpointWaitTime">`providers.consulCatalog.endpoint.endpointWaitTime`</a> | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | no |
| `providers.consulCatalog.endpoint.httpAuth` | Defines authentication settings for the HTTP client using HTTP Basic Authentication. | N/A | no | | <a id="providers-consulCatalog-endpoint-httpAuth" href="#providers-consulCatalog-endpoint-httpAuth" title="#providers-consulCatalog-endpoint-httpAuth">`providers.consulCatalog.endpoint.httpAuth`</a> | Defines authentication settings for the HTTP client using HTTP Basic Authentication. | N/A | no |
| `providers.consulCatalog.endpoint.httpAuth.username` | Defines the username to use for HTTP Basic Authentication. | "" | no | | <a id="providers-consulCatalog-endpoint-httpAuth-username" href="#providers-consulCatalog-endpoint-httpAuth-username" title="#providers-consulCatalog-endpoint-httpAuth-username">`providers.consulCatalog.endpoint.httpAuth.username`</a> | Defines the username to use for HTTP Basic Authentication. | "" | no |
| `providers.consulCatalog.endpoint.httpAuth.password` | Defines the password to use for HTTP Basic Authentication. | "" | no | | <a id="providers-consulCatalog-endpoint-httpAuth-password" href="#providers-consulCatalog-endpoint-httpAuth-password" title="#providers-consulCatalog-endpoint-httpAuth-password">`providers.consulCatalog.endpoint.httpAuth.password`</a> | Defines the password to use for HTTP Basic Authentication. | "" | no |
| `providers.consulCatalog.strictChecks` | Define which [Consul Service health checks](https://developer.hashicorp.com/consul/docs/services/usage/checks#define-initial-health-check-status) are allowed to take on traffic. | "passing,warning" | no | | <a id="providers-consulCatalog-strictChecks" href="#providers-consulCatalog-strictChecks" title="#providers-consulCatalog-strictChecks">`providers.consulCatalog.strictChecks`</a> | Define which [Consul Service health checks](https://developer.hashicorp.com/consul/docs/services/usage/checks#define-initial-health-check-status) are allowed to take on traffic. | "passing,warning" | no |
| `providers.consulCatalog.tls.ca` | Defines the path to the certificate authority used for the secure connection to Consul Calatog, it defaults to the system bundle. | "" | No | | <a id="providers-consulCatalog-tls-ca" href="#providers-consulCatalog-tls-ca" title="#providers-consulCatalog-tls-ca">`providers.consulCatalog.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Consul Calatog, it defaults to the system bundle. | "" | No |
| `providers.consulCatalog.tls.cert` | Defines the path to the public certificate used for the secure connection to Consul Calatog. When using this option, setting the `key` option is required. | "" | Yes | | <a id="providers-consulCatalog-tls-cert" href="#providers-consulCatalog-tls-cert" title="#providers-consulCatalog-tls-cert">`providers.consulCatalog.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Consul Calatog. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.consulCatalog.tls.key` | Defines the path to the private key used for the secure connection to Consul Catalog. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-consulCatalog-tls-key" href="#providers-consulCatalog-tls-key" title="#providers-consulCatalog-tls-key">`providers.consulCatalog.tls.key`</a> | Defines the path to the private key used for the secure connection to Consul Catalog. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.consulCatalog.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Consul Catalog when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-consulCatalog-tls-insecureSkipVerify" href="#providers-consulCatalog-tls-insecureSkipVerify" title="#providers-consulCatalog-tls-insecureSkipVerify">`providers.consulCatalog.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Consul Catalog when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| `providers.consulCatalog.watch` | When set to `true`, watches for Consul changes ([Consul watches checks](https://www.consul.io/docs/dynamic-app-config/watches#checks)). | false | No | | <a id="providers-consulCatalog-watch" href="#providers-consulCatalog-watch" title="#providers-consulCatalog-watch">`providers.consulCatalog.watch`</a> | When set to `true`, watches for Consul changes ([Consul watches checks](https://www.consul.io/docs/dynamic-app-config/watches#checks)). | false | No |
### `requireConsistent` ### `requireConsistent`
docs/content/reference/install-configuration/providers/hashicorp/consul.md
+12 -12
View File
@@ -26,18 +26,18 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.consul.endpoints` | Defines the endpoint to access Consul. | "127.0.0.1:8500" | yes | | <a id="providers-consul-endpoints" href="#providers-consul-endpoints" title="#providers-consul-endpoints">`providers.consul.endpoints`</a> | Defines the endpoint to access Consul. | "127.0.0.1:8500" | yes |
| `providers.consul.rootKey` | Defines the root key of the configuration. | "traefik" | yes | | <a id="providers-consul-rootKey" href="#providers-consul-rootKey" title="#providers-consul-rootKey">`providers.consul.rootKey`</a> | Defines the root key of the configuration. | "traefik" | yes |
| `providers.consul.namespaces` | Defines the namespaces to query. See [here](#namespaces) for more information | "" | no | | <a id="providers-consul-namespaces" href="#providers-consul-namespaces" title="#providers-consul-namespaces">`providers.consul.namespaces`</a> | Defines the namespaces to query. See [here](#namespaces) for more information | "" | no |
| `providers.consul.username` | Defines a username to connect to Consul with. | "" | no | | <a id="providers-consul-username" href="#providers-consul-username" title="#providers-consul-username">`providers.consul.username`</a> | Defines a username to connect to Consul with. | "" | no |
| `providers.consul.password` | Defines a password with which to connect to Consul. | "" | no | | <a id="providers-consul-password" href="#providers-consul-password" title="#providers-consul-password">`providers.consul.password`</a> | Defines a password with which to connect to Consul. | "" | no |
| `providers.consul.token` | Defines a token with which to connect to Consul. | "" | no | | <a id="providers-consul-token" href="#providers-consul-token" title="#providers-consul-token">`providers.consul.token`</a> | Defines a token with which to connect to Consul. | "" | no |
| `providers.consul.tls` | Defines the TLS configuration used for the secure connection to Consul | - | No | | <a id="providers-consul-tls" href="#providers-consul-tls" title="#providers-consul-tls">`providers.consul.tls`</a> | Defines the TLS configuration used for the secure connection to Consul | - | No |
| `providers.consul.tls.ca` | Defines the path to the certificate authority used for the secure connection to Consul, it defaults to the system bundle. | - | Yes | | <a id="providers-consul-tls-ca" href="#providers-consul-tls-ca" title="#providers-consul-tls-ca">`providers.consul.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Consul, it defaults to the system bundle. | - | Yes |
| `providers.consul.tls.cert` | Defines the path to the public certificate used for the secure connection to Consul. When using this option, setting the `key` option is required. | - | Yes | | <a id="providers-consul-tls-cert" href="#providers-consul-tls-cert" title="#providers-consul-tls-cert">`providers.consul.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Consul. When using this option, setting the `key` option is required. | - | Yes |
| `providers.consul.tls.key` | Defines the path to the private key used for the secure connection to Consul. When using this option, setting the `cert` option is required. | - | Yes | | <a id="providers-consul-tls-key" href="#providers-consul-tls-key" title="#providers-consul-tls-key">`providers.consul.tls.key`</a> | Defines the path to the private key used for the secure connection to Consul. When using this option, setting the `cert` option is required. | - | Yes |
| `providers.consul.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Consul when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-consul-tls-insecureSkipVerify" href="#providers-consul-tls-insecureSkipVerify" title="#providers-consul-tls-insecureSkipVerify">`providers.consul.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Consul when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `namespaces` ### `namespaces`
docs/content/reference/install-configuration/providers/hashicorp/nomad.md
+19 -19
View File
@@ -39,25 +39,25 @@ service {
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.nomad.namespaces` | Defines the namespaces in which the nomad services will be discovered.| "" | No | | <a id="providers-nomad-namespaces" href="#providers-nomad-namespaces" title="#providers-nomad-namespaces">`providers.nomad.namespaces`</a> | Defines the namespaces in which the nomad services will be discovered.| "" | No |
| `providers.nomad.refreshInterval` | Defines the polling interval. This option is ignored when the `watch` option is enabled | 15s | No | | <a id="providers-nomad-refreshInterval" href="#providers-nomad-refreshInterval" title="#providers-nomad-refreshInterval">`providers.nomad.refreshInterval`</a> | Defines the polling interval. This option is ignored when the `watch` option is enabled | 15s | No |
| `providers.nomad.watch` | Enables the watch mode to refresh the configuration on a per-event basis. | false | No | | <a id="providers-nomad-watch" href="#providers-nomad-watch" title="#providers-nomad-watch">`providers.nomad.watch`</a> | Enables the watch mode to refresh the configuration on a per-event basis. | false | No |
| `providers.nomad.throttleDuration` | Defines how often the provider is allowed to handle service events from Nomad. This option is only compatible when the `watch` option is enabled | 0s | No | | <a id="providers-nomad-throttleDuration" href="#providers-nomad-throttleDuration" title="#providers-nomad-throttleDuration">`providers.nomad.throttleDuration`</a> | Defines how often the provider is allowed to handle service events from Nomad. This option is only compatible when the `watch` option is enabled | 0s | No |
| `providers.nomad.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No | | <a id="providers-nomad-defaultRule" href="#providers-nomad-defaultRule" title="#providers-nomad-defaultRule">`providers.nomad.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.nomad.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No | | <a id="providers-nomad-constraints" href="#providers-nomad-constraints" title="#providers-nomad-constraints">`providers.nomad.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.nomad.exposedByDefault` | Expose Nomad services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No | | <a id="providers-nomad-exposedByDefault" href="#providers-nomad-exposedByDefault" title="#providers-nomad-exposedByDefault">`providers.nomad.exposedByDefault`</a> | Expose Nomad services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No |
| `providers.nomad.allowEmptyServices` | Instructs the provider to create any [servers load balancer](../../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No | | <a id="providers-nomad-allowEmptyServices" href="#providers-nomad-allowEmptyServices" title="#providers-nomad-allowEmptyServices">`providers.nomad.allowEmptyServices`</a> | Instructs the provider to create any [servers load balancer](../../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| `providers.nomad.prefix` | Defines the prefix for Nomad service tags defining Traefik labels. | `traefik` | yes | | <a id="providers-nomad-prefix" href="#providers-nomad-prefix" title="#providers-nomad-prefix">`providers.nomad.prefix`</a> | Defines the prefix for Nomad service tags defining Traefik labels. | `traefik` | yes |
| `providers.nomad.stale` | Instructs Traefik to use stale consistency for Nomad service API reads. See [here](#stale) for more information | false | No | | <a id="providers-nomad-stale" href="#providers-nomad-stale" title="#providers-nomad-stale">`providers.nomad.stale`</a> | Instructs Traefik to use stale consistency for Nomad service API reads. See [here](#stale) for more information | false | No |
| `providers.nomad.endpoint.address` | Defines the Address of the Nomad server. | `http://127.0.0.1:4646` | No | | <a id="providers-nomad-endpoint-address" href="#providers-nomad-endpoint-address" title="#providers-nomad-endpoint-address">`providers.nomad.endpoint.address`</a> | Defines the Address of the Nomad server. | `http://127.0.0.1:4646` | No |
| `providers.nomad.endpoint.token` | Defines a per-request ACL token if Nomad ACLs are enabled. See [here](#token) for more information | "" | No | | <a id="providers-nomad-endpoint-token" href="#providers-nomad-endpoint-token" title="#providers-nomad-endpoint-token">`providers.nomad.endpoint.token`</a> | Defines a per-request ACL token if Nomad ACLs are enabled. See [here](#token) for more information | "" | No |
| `providers.nomad.endpoint.endpointWaitTime` | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | No | | <a id="providers-nomad-endpoint-endpointWaitTime" href="#providers-nomad-endpoint-endpointWaitTime" title="#providers-nomad-endpoint-endpointWaitTime">`providers.nomad.endpoint.endpointWaitTime`</a> | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | "" | No |
| `providers.nomad.endpoint.tls` | Defines the TLS configuration used for the secure connection to the Nomad APi. | - | No | | <a id="providers-nomad-endpoint-tls" href="#providers-nomad-endpoint-tls" title="#providers-nomad-endpoint-tls">`providers.nomad.endpoint.tls`</a> | Defines the TLS configuration used for the secure connection to the Nomad APi. | - | No |
| `providers.nomad.endpoint.tls.ca` | Defines the path to the certificate authority used for the secure connection to the Nomad API, it defaults to the system bundle. | "" | No | | <a id="providers-nomad-endpoint-tls-ca" href="#providers-nomad-endpoint-tls-ca" title="#providers-nomad-endpoint-tls-ca">`providers.nomad.endpoint.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to the Nomad API, it defaults to the system bundle. | "" | No |
| `providers.nomad.endpoint.tls.cert` | Defines the path to the public certificate used for the secure connection to the Nomad API. When using this option, setting the `key` option is required. | '" | Yes | | <a id="providers-nomad-endpoint-tls-cert" href="#providers-nomad-endpoint-tls-cert" title="#providers-nomad-endpoint-tls-cert">`providers.nomad.endpoint.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to the Nomad API. When using this option, setting the `key` option is required. | '" | Yes |
| `providers.nomad.endpoint.tls.key` | Defines the path to the private key used for the secure connection to the Nomad API. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-nomad-endpoint-tls-key" href="#providers-nomad-endpoint-tls-key" title="#providers-nomad-endpoint-tls-key">`providers.nomad.endpoint.tls.key`</a> | Defines the path to the private key used for the secure connection to the Nomad API. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.nomad.endpoint.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Nomad when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-nomad-endpoint-tls-insecureSkipVerify" href="#providers-nomad-endpoint-tls-insecureSkipVerify" title="#providers-nomad-endpoint-tls-insecureSkipVerify">`providers.nomad.endpoint.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Nomad when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `namespaces` ### `namespaces`
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-crd.md
+23 -23
View File
@@ -54,19 +54,19 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:--------|:---------| |:------|:----------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesCRD.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No | | <a id="providers-kubernetesCRD-endpoint" href="#providers-kubernetesCRD-endpoint" title="#providers-kubernetesCRD-endpoint">`providers.kubernetesCRD.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesCRD.token` | Bearer token used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesCRD-token" href="#providers-kubernetesCRD-token" title="#providers-kubernetesCRD-token">`providers.kubernetesCRD.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesCRD.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesCRD-certAuthFilePath" href="#providers-kubernetesCRD-certAuthFilePath" title="#providers-kubernetesCRD-certAuthFilePath">`providers.kubernetesCRD.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesCRD.namespaces` | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No | | <a id="providers-kubernetesCRD-namespaces" href="#providers-kubernetesCRD-namespaces" title="#providers-kubernetesCRD-namespaces">`providers.kubernetesCRD.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No |
| `providers.kubernetesCRD.labelselector` | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No | | <a id="providers-kubernetesCRD-labelselector" href="#providers-kubernetesCRD-labelselector" title="#providers-kubernetesCRD-labelselector">`providers.kubernetesCRD.labelselector`</a> | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| `providers.kubernetesCRD.ingressClass` | Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No | | <a id="providers-kubernetesCRD-ingressClass" href="#providers-kubernetesCRD-ingressClass" title="#providers-kubernetesCRD-ingressClass">`providers.kubernetesCRD.ingressClass`</a> | Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| `providers.kubernetesCRD.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No | | <a id="providers-kubernetesCRD-throttleDuration" href="#providers-kubernetesCRD-throttleDuration" title="#providers-kubernetesCRD-throttleDuration">`providers.kubernetesCRD.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesCRD.allowEmptyServices` | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No | | <a id="providers-kubernetesCRD-allowEmptyServices" href="#providers-kubernetesCRD-allowEmptyServices" title="#providers-kubernetesCRD-allowEmptyServices">`providers.kubernetesCRD.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| `providers.kubernetesCRD.allowCrossNamespace` | Allows the `IngressRoutes` to reference resources in namespaces other than theirs. | false | No | | <a id="providers-kubernetesCRD-allowCrossNamespace" href="#providers-kubernetesCRD-allowCrossNamespace" title="#providers-kubernetesCRD-allowCrossNamespace">`providers.kubernetesCRD.allowCrossNamespace`</a> | Allows the `IngressRoutes` to reference resources in namespaces other than theirs. | false | No |
| `providers.kubernetesCRD.allowExternalNameServices` | Allows the `IngressRoutes` to reference ExternalName services. | false | No | | <a id="providers-kubernetesCRD-allowExternalNameServices" href="#providers-kubernetesCRD-allowExternalNameServices" title="#providers-kubernetesCRD-allowExternalNameServices">`providers.kubernetesCRD.allowExternalNameServices`</a> | Allows the `IngressRoutes` to reference ExternalName services. | false | No |
| `providers.kubernetesCRD.nativeLBByDefault` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `IngressRoute` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No | | <a id="providers-kubernetesCRD-nativeLBByDefault" href="#providers-kubernetesCRD-nativeLBByDefault" title="#providers-kubernetesCRD-nativeLBByDefault">`providers.kubernetesCRD.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `IngressRoute` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| `providers.kubernetesCRD.disableClusterScopeResources` | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle IngressRoutes with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No | | <a id="providers-kubernetesCRD-disableClusterScopeResources" href="#providers-kubernetesCRD-disableClusterScopeResources" title="#providers-kubernetesCRD-disableClusterScopeResources">`providers.kubernetesCRD.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle IngressRoutes with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
### endpoint ### endpoint
@@ -110,16 +110,16 @@ See the dedicated section in [routing](../../../../routing/providers/kubernetes-
| Resource | Purpose | | Resource | Purpose |
|--------------------------------------------------|--------------------------------------------------------------------| |--------------------------------------------------|--------------------------------------------------------------------|
| [IngressRoute](../../../../routing/providers/kubernetes-crd.md#kind-ingressroute) | HTTP Routing | | <a id="IngressRoute" href="#IngressRoute" title="#IngressRoute">[IngressRoute](../../../../routing/providers/kubernetes-crd.md#kind-ingressroute)</a> | HTTP Routing |
| [Middleware](../../../../middlewares/http/overview.md) | Tweaks the HTTP requests before they are sent to your service | | <a id="Middleware" href="#Middleware" title="#Middleware">[Middleware](../../../../middlewares/http/overview.md)</a> | Tweaks the HTTP requests before they are sent to your service |
| [TraefikService](../../../../routing/providers/kubernetes-crd.md#kind-traefikservice) | Abstraction for HTTP loadbalancing/mirroring | | <a id="TraefikService" href="#TraefikService" title="#TraefikService">[TraefikService](../../../../routing/providers/kubernetes-crd.md#kind-traefikservice)</a> | Abstraction for HTTP loadbalancing/mirroring |
| [TLSOptions](../../../../routing/providers/kubernetes-crd.md#kind-tlsoption) | Allows configuring some parameters of the TLS connection | | <a id="TLSOptions" href="#TLSOptions" title="#TLSOptions">[TLSOptions](../../../../routing/providers/kubernetes-crd.md#kind-tlsoption)</a> | Allows configuring some parameters of the TLS connection |
| [TLSStores](../../../../routing/providers/kubernetes-crd.md#kind-tlsstore) | Allows configuring the default TLS store | | <a id="TLSStores" href="#TLSStores" title="#TLSStores">[TLSStores](../../../../routing/providers/kubernetes-crd.md#kind-tlsstore)</a> | Allows configuring the default TLS store |
| [ServersTransport](../../../../routing/providers/kubernetes-crd.md#kind-serverstransport) | Allows configuring the transport between Traefik and the backends | | <a id="ServersTransport" href="#ServersTransport" title="#ServersTransport">[ServersTransport](../../../../routing/providers/kubernetes-crd.md#kind-serverstransport)</a> | Allows configuring the transport between Traefik and the backends |
| [IngressRouteTCP](../../../../routing/providers/kubernetes-crd.md#kind-ingressroutetcp) | TCP Routing | | <a id="IngressRouteTCP" href="#IngressRouteTCP" title="#IngressRouteTCP">[IngressRouteTCP](../../../../routing/providers/kubernetes-crd.md#kind-ingressroutetcp)</a> | TCP Routing |
| [MiddlewareTCP](../../../../routing/providers/kubernetes-crd.md#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | | <a id="MiddlewareTCP" href="#MiddlewareTCP" title="#MiddlewareTCP">[MiddlewareTCP](../../../../routing/providers/kubernetes-crd.md#kind-middlewaretcp)</a> | Tweaks the TCP requests before they are sent to your service |
| [ServersTransportTCP](../../../../routing/providers/kubernetes-crd.md#kind-serverstransporttc) | Allows configuring the transport between Traefik and the backends | | <a id="ServersTransportTCP" href="#ServersTransportTCP" title="#ServersTransportTCP">[ServersTransportTCP](../../../../routing/providers/kubernetes-crd.md#kind-serverstransporttc)</a> | Allows configuring the transport between Traefik and the backends |
| [IngressRouteUDP](../../../../routing/providers/kubernetes-crd.md#kind-ingressrouteudp) | UDP Routing | | <a id="IngressRouteUDP" href="#IngressRouteUDP" title="#IngressRouteUDP">[IngressRouteUDP](../../../../routing/providers/kubernetes-crd.md#kind-ingressrouteudp)</a> | UDP Routing |
## Particularities ## Particularities
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-gateway.md
+13 -13
View File
@@ -69,19 +69,19 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:----------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:----------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesGateway.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No | | <a id="providers-kubernetesGateway-endpoint" href="#providers-kubernetesGateway-endpoint" title="#providers-kubernetesGateway-endpoint">`providers.kubernetesGateway.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesGateway.experimentalChannel` | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute` and `TLSRoute`) | false | No | | <a id="providers-kubernetesGateway-experimentalChannel" href="#providers-kubernetesGateway-experimentalChannel" title="#providers-kubernetesGateway-experimentalChannel">`providers.kubernetesGateway.experimentalChannel`</a> | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute` and `TLSRoute`) | false | No |
| `providers.kubernetesGateway.token` | Bearer token used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesGateway-token" href="#providers-kubernetesGateway-token" title="#providers-kubernetesGateway-token">`providers.kubernetesGateway.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesGateway.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesGateway-certAuthFilePath" href="#providers-kubernetesGateway-certAuthFilePath" title="#providers-kubernetesGateway-certAuthFilePath">`providers.kubernetesGateway.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesGateway.namespaces` | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No | | <a id="providers-kubernetesGateway-namespaces" href="#providers-kubernetesGateway-namespaces" title="#providers-kubernetesGateway-namespaces">`providers.kubernetesGateway.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | [] | No |
| `providers.kubernetesGateway.labelselector` | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](./kubernetes-crd.md#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No | | <a id="providers-kubernetesGateway-labelselector" href="#providers-kubernetesGateway-labelselector" title="#providers-kubernetesGateway-labelselector">`providers.kubernetesGateway.labelselector`</a> | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](./kubernetes-crd.md#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| `providers.kubernetesGateway.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No | | <a id="providers-kubernetesGateway-throttleDuration" href="#providers-kubernetesGateway-throttleDuration" title="#providers-kubernetesGateway-throttleDuration">`providers.kubernetesGateway.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesGateway.nativeLBByDefault` | Defines whether to use Native Kubernetes load-balancing mode by default. For more information, please check out the `traefik.io/service.nativelb` service annotation documentation. | false | No | | <a id="providers-kubernetesGateway-nativeLBByDefault" href="#providers-kubernetesGateway-nativeLBByDefault" title="#providers-kubernetesGateway-nativeLBByDefault">`providers.kubernetesGateway.nativeLBByDefault`</a> | Defines whether to use Native Kubernetes load-balancing mode by default. For more information, please check out the `traefik.io/service.nativelb` service annotation documentation. | false | No |
| `providers.kubernetesGateway.`<br />`statusAddress.hostname` | Hostname copied to the Gateway `status.addresses`. | "" | No | | <a id="providers-kubernetesGateway-statusAddress-hostname" href="#providers-kubernetesGateway-statusAddress-hostname" title="#providers-kubernetesGateway-statusAddress-hostname">`providers.kubernetesGateway.`<br />`statusAddress.hostname`</a> | Hostname copied to the Gateway `status.addresses`. | "" | No |
| `providers.kubernetesGateway.`<br />`statusAddress.ip` | IP address copied to the Gateway `status.addresses`, and currently only supports one IP value (IPv4 or IPv6). | "" | No | | <a id="providers-kubernetesGateway-statusAddress-ip" href="#providers-kubernetesGateway-statusAddress-ip" title="#providers-kubernetesGateway-statusAddress-ip">`providers.kubernetesGateway.`<br />`statusAddress.ip`</a> | IP address copied to the Gateway `status.addresses`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| `providers.kubernetesGateway.`<br />`statusAddress.service.namespace` | The namespace of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No | | <a id="providers-kubernetesGateway-statusAddress-service-namespace" href="#providers-kubernetesGateway-statusAddress-service-namespace" title="#providers-kubernetesGateway-statusAddress-service-namespace">`providers.kubernetesGateway.`<br />`statusAddress.service.namespace`</a> | The namespace of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No |
| `providers.kubernetesGateway.`<br />`statusAddress.service.name` | The name of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No | | <a id="providers-kubernetesGateway-statusAddress-service-name" href="#providers-kubernetesGateway-statusAddress-service-name" title="#providers-kubernetesGateway-statusAddress-service-name">`providers.kubernetesGateway.`<br />`statusAddress.service.name`</a> | The name of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`. | "" | No |
<!-- markdownlint-enable MD013 --> <!-- markdownlint-enable MD013 -->
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md
+15 -15
View File
@@ -49,21 +49,21 @@ which in turn creates the resulting routers, services, handlers, etc.
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesIngressNGINX.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No | | <a id="providers-kubernetesIngressNGINX-endpoint" href="#providers-kubernetesIngressNGINX-endpoint" title="#providers-kubernetesIngressNGINX-endpoint">`providers.kubernetesIngressNGINX.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesIngressNGINX.token` | Bearer token used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesIngressNGINX-token" href="#providers-kubernetesIngressNGINX-token" title="#providers-kubernetesIngressNGINX-token">`providers.kubernetesIngressNGINX.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngressNGINX.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesIngressNGINX-certAuthFilePath" href="#providers-kubernetesIngressNGINX-certAuthFilePath" title="#providers-kubernetesIngressNGINX-certAuthFilePath">`providers.kubernetesIngressNGINX.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngressNGINX.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No | | <a id="providers-kubernetesIngressNGINX-throttleDuration" href="#providers-kubernetesIngressNGINX-throttleDuration" title="#providers-kubernetesIngressNGINX-throttleDuration">`providers.kubernetesIngressNGINX.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesIngressNGINX.watchNamespace` | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | "" | No | | <a id="providers-kubernetesIngressNGINX-watchNamespace" href="#providers-kubernetesIngressNGINX-watchNamespace" title="#providers-kubernetesIngressNGINX-watchNamespace">`providers.kubernetesIngressNGINX.watchNamespace`</a> | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | "" | No |
| `providers.kubernetesIngressNGINX.watchNamespaceSelector` | Selector selects namespaces the controller watches for updates to Kubernetes objects. | "" | No | | <a id="providers-kubernetesIngressNGINX-watchNamespaceSelector" href="#providers-kubernetesIngressNGINX-watchNamespaceSelector" title="#providers-kubernetesIngressNGINX-watchNamespaceSelector">`providers.kubernetesIngressNGINX.watchNamespaceSelector`</a> | Selector selects namespaces the controller watches for updates to Kubernetes objects. | "" | No |
| `providers.kubernetesIngressNGINX.ingressClass` | Name of the ingress class this controller satisfies. | "" | No | | <a id="providers-kubernetesIngressNGINX-ingressClass" href="#providers-kubernetesIngressNGINX-ingressClass" title="#providers-kubernetesIngressNGINX-ingressClass">`providers.kubernetesIngressNGINX.ingressClass`</a> | Name of the ingress class this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.controllerClass` | Ingress Class Controller value this controller satisfies. | "" | No | | <a id="providers-kubernetesIngressNGINX-controllerClass" href="#providers-kubernetesIngressNGINX-controllerClass" title="#providers-kubernetesIngressNGINX-controllerClass">`providers.kubernetesIngressNGINX.controllerClass`</a> | Ingress Class Controller value this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.watchIngressWithoutClass` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false | No | | <a id="providers-kubernetesIngressNGINX-watchIngressWithoutClass" href="#providers-kubernetesIngressNGINX-watchIngressWithoutClass" title="#providers-kubernetesIngressNGINX-watchIngressWithoutClass">`providers.kubernetesIngressNGINX.watchIngressWithoutClass`</a> | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false | No |
| `providers.kubernetesIngressNGINX.ingressClassByName` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false | No | | <a id="providers-kubernetesIngressNGINX-ingressClassByName" href="#providers-kubernetesIngressNGINX-ingressClassByName" title="#providers-kubernetesIngressNGINX-ingressClassByName">`providers.kubernetesIngressNGINX.ingressClassByName`</a> | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false | No |
| `providers.kubernetesIngressNGINX.publishService` | Service fronting the Ingress controller. Takes the form namespace/name. | "" | No | | <a id="providers-kubernetesIngressNGINX-publishService" href="#providers-kubernetesIngressNGINX-publishService" title="#providers-kubernetesIngressNGINX-publishService">`providers.kubernetesIngressNGINX.publishService`</a> | Service fronting the Ingress controller. Takes the form namespace/name. | "" | No |
| `providers.kubernetesIngressNGINX.publishStatusAddress` | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | "" | No | | <a id="providers-kubernetesIngressNGINX-publishStatusAddress" href="#providers-kubernetesIngressNGINX-publishStatusAddress" title="#providers-kubernetesIngressNGINX-publishStatusAddress">`providers.kubernetesIngressNGINX.publishStatusAddress`</a> | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | "" | No |
| `providers.kubernetesIngressNGINX.defaultBackendService` | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | "" | No | | <a id="providers-kubernetesIngressNGINX-defaultBackendService" href="#providers-kubernetesIngressNGINX-defaultBackendService" title="#providers-kubernetesIngressNGINX-defaultBackendService">`providers.kubernetesIngressNGINX.defaultBackendService`</a> | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | "" | No |
| `providers.kubernetesIngressNGINX.disableSvcExternalName` | Disable support for Services of type ExternalName. | false | No | | <a id="providers-kubernetesIngressNGINX-disableSvcExternalName" href="#providers-kubernetesIngressNGINX-disableSvcExternalName" title="#providers-kubernetesIngressNGINX-disableSvcExternalName">`providers.kubernetesIngressNGINX.disableSvcExternalName`</a> | Disable support for Services of type ExternalName. | false | No |
<!-- markdownlint-enable MD013 --> <!-- markdownlint-enable MD013 -->
docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress.md
+18 -18
View File
@@ -46,24 +46,24 @@ which in turn creates the resulting routers, services, handlers, etc.
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.kubernetesIngress.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | "" | No | | <a id="providers-kubernetesIngress-endpoint" href="#providers-kubernetesIngress-endpoint" title="#providers-kubernetesIngress-endpoint">`providers.kubernetesIngress.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | "" | No |
| `providers.kubernetesIngress.token` | Bearer token used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesIngress-token" href="#providers-kubernetesIngress-token" title="#providers-kubernetesIngress-token">`providers.kubernetesIngress.token`</a> | Bearer token used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesIngress.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No | | <a id="providers-kubernetesIngress-certAuthFilePath" href="#providers-kubernetesIngress-certAuthFilePath" title="#providers-kubernetesIngress-certAuthFilePath">`providers.kubernetesIngress.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | "" | No |
| `providers.kubernetesCRD.namespaces` | Array of namespaces to watch.<br />If left empty, watch all namespaces. | | No | | <a id="providers-kubernetesCRD-namespaces" href="#providers-kubernetesCRD-namespaces" title="#providers-kubernetesCRD-namespaces">`providers.kubernetesCRD.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | | No |
| `providers.kubernetesIngress.labelselector` | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No | | <a id="providers-kubernetesIngress-labelselector" href="#providers-kubernetesIngress-labelselector" title="#providers-kubernetesIngress-labelselector">`providers.kubernetesIngress.labelselector`</a> | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | "" | No |
| `providers.kubernetesIngress.ingressClass` | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No | | <a id="providers-kubernetesIngress-ingressClass" href="#providers-kubernetesIngress-ingressClass" title="#providers-kubernetesIngress-ingressClass">`providers.kubernetesIngress.ingressClass`</a> | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | "" | No |
| `providers.kubernetesIngress.disableIngressClassLookup` | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option. | false | No | | <a id="providers-kubernetesIngress-disableIngressClassLookup" href="#providers-kubernetesIngress-disableIngressClassLookup" title="#providers-kubernetesIngress-disableIngressClassLookup">`providers.kubernetesIngress.disableIngressClassLookup`</a> | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option. | false | No |
| `providers.kubernetesIngress.`<br />`ingressEndpoint.hostname` | Hostname used for Kubernetes Ingress endpoints. | "" | No | | <a id="providers-kubernetesIngress-ingressEndpoint-hostname" href="#providers-kubernetesIngress-ingressEndpoint-hostname" title="#providers-kubernetesIngress-ingressEndpoint-hostname">`providers.kubernetesIngress.`<br />`ingressEndpoint.hostname`</a> | Hostname used for Kubernetes Ingress endpoints. | "" | No |
| `providers.kubernetesIngress.`<br />`ingressEndpoint.ip` | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6). | "" | No | | <a id="providers-kubernetesIngress-ingressEndpoint-ip" href="#providers-kubernetesIngress-ingressEndpoint-ip" title="#providers-kubernetesIngress-ingressEndpoint-ip">`providers.kubernetesIngress.`<br />`ingressEndpoint.ip`</a> | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6). | "" | No |
| `providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService` | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice). | "" | No | | <a id="providers-kubernetesIngress-ingressEndpoint-publishedService" href="#providers-kubernetesIngress-ingressEndpoint-publishedService" title="#providers-kubernetesIngress-ingressEndpoint-publishedService">`providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService`</a> | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice). | "" | No |
| `providers.kubernetesIngress.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No | | <a id="providers-kubernetesIngress-throttleDuration" href="#providers-kubernetesIngress-throttleDuration" title="#providers-kubernetesIngress-throttleDuration">`providers.kubernetesIngress.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s | No |
| `providers.kubernetesIngress.allowEmptyServices` | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No | | <a id="providers-kubernetesIngress-allowEmptyServices" href="#providers-kubernetesIngress-allowEmptyServices" title="#providers-kubernetesIngress-allowEmptyServices">`providers.kubernetesIngress.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status. | false | No |
| `providers.kubernetesIngress.allowCrossNamespace` | Allows the `Ingress` to reference resources in namespaces other than theirs. | false | No | | <a id="providers-kubernetesIngress-allowCrossNamespace" href="#providers-kubernetesIngress-allowCrossNamespace" title="#providers-kubernetesIngress-allowCrossNamespace">`providers.kubernetesIngress.allowCrossNamespace`</a> | Allows the `Ingress` to reference resources in namespaces other than theirs. | false | No |
| `providers.kubernetesIngress.allowExternalNameServices` | Allows the `Ingress` to reference ExternalName services. | false | No | | <a id="providers-kubernetesIngress-allowExternalNameServices" href="#providers-kubernetesIngress-allowExternalNameServices" title="#providers-kubernetesIngress-allowExternalNameServices">`providers.kubernetesIngress.allowExternalNameServices`</a> | Allows the `Ingress` to reference ExternalName services. | false | No |
| `providers.kubernetesIngress.nativeLBByDefault` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No | | <a id="providers-kubernetesIngress-nativeLBByDefault" href="#providers-kubernetesIngress-nativeLBByDefault" title="#providers-kubernetesIngress-nativeLBByDefault">`providers.kubernetesIngress.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false | No |
| `providers.kubernetesIngress.disableClusterScopeResources` | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No | | <a id="providers-kubernetesIngress-disableClusterScopeResources" href="#providers-kubernetesIngress-disableClusterScopeResources" title="#providers-kubernetesIngress-disableClusterScopeResources">`providers.kubernetesIngress.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false | No |
| `providers.kubernetesIngress.strictPrefixMatching` | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`. | false | No | | <a id="providers-kubernetesIngress-strictPrefixMatching" href="#providers-kubernetesIngress-strictPrefixMatching" title="#providers-kubernetesIngress-strictPrefixMatching">`providers.kubernetesIngress.strictPrefixMatching`</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`. | false | No |
<!-- markdownlint-enable MD013 --> <!-- markdownlint-enable MD013 -->
docs/content/reference/install-configuration/providers/kv/etcd.md
+10 -10
View File
@@ -26,16 +26,16 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.etcd.endpoints` | Defines the endpoint to access etcd. | "127.0.0.1:2379" | Yes | | <a id="providers-etcd-endpoints" href="#providers-etcd-endpoints" title="#providers-etcd-endpoints">`providers.etcd.endpoints`</a> | Defines the endpoint to access etcd. | "127.0.0.1:2379" | Yes |
| `providers.etcd.rootKey` | Defines the root key for the configuration. | "traefik" | Yes | | <a id="providers-etcd-rootKey" href="#providers-etcd-rootKey" title="#providers-etcd-rootKey">`providers.etcd.rootKey`</a> | Defines the root key for the configuration. | "traefik" | Yes |
| `providers.etcd.username` | Defines a username with which to connect to etcd. | "" | No | | <a id="providers-etcd-username" href="#providers-etcd-username" title="#providers-etcd-username">`providers.etcd.username`</a> | Defines a username with which to connect to etcd. | "" | No |
| `providers.etcd.password` | Defines a password for connecting to etcd. | "" | No | | <a id="providers-etcd-password" href="#providers-etcd-password" title="#providers-etcd-password">`providers.etcd.password`</a> | Defines a password for connecting to etcd. | "" | No |
| `providers.etcd.tls` | Defines the TLS configuration used for the secure connection to etcd. | - | No | | <a id="providers-etcd-tls" href="#providers-etcd-tls" title="#providers-etcd-tls">`providers.etcd.tls`</a> | Defines the TLS configuration used for the secure connection to etcd. | - | No |
| `providers.etcd.tls.ca` | Defines the path to the certificate authority used for the secure connection to etcd, it defaults to the system bundle. | "" | No | | <a id="providers-etcd-tls-ca" href="#providers-etcd-tls-ca" title="#providers-etcd-tls-ca">`providers.etcd.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to etcd, it defaults to the system bundle. | "" | No |
| `providers.etcd.tls.cert` | Defines the path to the public certificate used for the secure connection to etcd. When using this option, setting the `key` option is required. | "" | Yes | | <a id="providers-etcd-tls-cert" href="#providers-etcd-tls-cert" title="#providers-etcd-tls-cert">`providers.etcd.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to etcd. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.etcd.tls.key` | Defines the path to the private key used for the secure connection to etcd. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-etcd-tls-key" href="#providers-etcd-tls-key" title="#providers-etcd-tls-key">`providers.etcd.tls.key`</a> | Defines the path to the private key used for the secure connection to etcd. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.etcd.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-etcd-tls-insecureSkipVerify" href="#providers-etcd-tls-insecureSkipVerify" title="#providers-etcd-tls-insecureSkipVerify">`providers.etcd.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
## Routing Configuration ## Routing Configuration
docs/content/reference/install-configuration/providers/kv/redis.md
+19 -19
View File
@@ -26,25 +26,25 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.redis.endpoints` | Defines the endpoint to access Redis. | "127.0.0.1:6379" | Yes | | <a id="providers-redis-endpoints" href="#providers-redis-endpoints" title="#providers-redis-endpoints">`providers.redis.endpoints`</a> | Defines the endpoint to access Redis. | "127.0.0.1:6379" | Yes |
| `providers.redis.rootKey` | Defines the root key for the configuration. | "traefik" | Yes | | <a id="providers-redis-rootKey" href="#providers-redis-rootKey" title="#providers-redis-rootKey">`providers.redis.rootKey`</a> | Defines the root key for the configuration. | "traefik" | Yes |
| `providers.redis.username` | Defines a username for connecting to Redis. | "" | No | | <a id="providers-redis-username" href="#providers-redis-username" title="#providers-redis-username">`providers.redis.username`</a> | Defines a username for connecting to Redis. | "" | No |
| `providers.redis.password` | Defines a password for connecting to Redis. | "" | No | | <a id="providers-redis-password" href="#providers-redis-password" title="#providers-redis-password">`providers.redis.password`</a> | Defines a password for connecting to Redis. | "" | No |
| `providers.redis.db` | Defines the database to be selected after connecting to the Redis. | 0 | No | | <a id="providers-redis-db" href="#providers-redis-db" title="#providers-redis-db">`providers.redis.db`</a> | Defines the database to be selected after connecting to the Redis. | 0 | No |
| `providers.redis.tls` | Defines the TLS configuration used for the secure connection to Redis. | - | No | | <a id="providers-redis-tls" href="#providers-redis-tls" title="#providers-redis-tls">`providers.redis.tls`</a> | Defines the TLS configuration used for the secure connection to Redis. | - | No |
| `providers.redis.tls.ca` | Defines the path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle. | "" | No | | <a id="providers-redis-tls-ca" href="#providers-redis-tls-ca" title="#providers-redis-tls-ca">`providers.redis.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle. | "" | No |
| `providers.redis.tls.cert` | Defines the path to the public certificate used for the secure connection to Redis. When using this option, setting the `key` option is required. | "" | Yes | | <a id="providers-redis-tls-cert" href="#providers-redis-tls-cert" title="#providers-redis-tls-cert">`providers.redis.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Redis. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.redis.tls.key` | Defines the path to the private key used for the secure connection to Redis. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-redis-tls-key" href="#providers-redis-tls-key" title="#providers-redis-tls-key">`providers.redis.tls.key`</a> | Defines the path to the private key used for the secure connection to Redis. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.redis.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Redis when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-redis-tls-insecureSkipVerify" href="#providers-redis-tls-insecureSkipVerify" title="#providers-redis-tls-insecureSkipVerify">`providers.redis.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Redis when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
| `providers.redis.sentinel` | Defines the Sentinel configuration used to interact with Redis Sentinel. | - | No | | <a id="providers-redis-sentinel" href="#providers-redis-sentinel" title="#providers-redis-sentinel">`providers.redis.sentinel`</a> | Defines the Sentinel configuration used to interact with Redis Sentinel. | - | No |
| `providers.redis.sentinel.masterName` | Defines the name of the Sentinel master. | "" | Yes | | <a id="providers-redis-sentinel-masterName" href="#providers-redis-sentinel-masterName" title="#providers-redis-sentinel-masterName">`providers.redis.sentinel.masterName`</a> | Defines the name of the Sentinel master. | "" | Yes |
| `providers.redis.sentinel.username` | Defines the username for Sentinel authentication. | "" | No | | <a id="providers-redis-sentinel-username" href="#providers-redis-sentinel-username" title="#providers-redis-sentinel-username">`providers.redis.sentinel.username`</a> | Defines the username for Sentinel authentication. | "" | No |
| `providers.redis.sentinel.password` | Defines the password for Sentinel authentication. | "" | No | | <a id="providers-redis-sentinel-password" href="#providers-redis-sentinel-password" title="#providers-redis-sentinel-password">`providers.redis.sentinel.password`</a> | Defines the password for Sentinel authentication. | "" | No |
| `providers.redis.sentinel.latencyStrategy` | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false | No | | <a id="providers-redis-sentinel-latencyStrategy" href="#providers-redis-sentinel-latencyStrategy" title="#providers-redis-sentinel-latencyStrategy">`providers.redis.sentinel.latencyStrategy`</a> | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false | No |
| `providers.redis.sentinel.randomStrategy` | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No | | <a id="providers-redis-sentinel-randomStrategy" href="#providers-redis-sentinel-randomStrategy" title="#providers-redis-sentinel-randomStrategy">`providers.redis.sentinel.randomStrategy`</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No |
| `providers.redis.sentinel.replicaStrategy` | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No | | <a id="providers-redis-sentinel-replicaStrategy" href="#providers-redis-sentinel-replicaStrategy" title="#providers-redis-sentinel-replicaStrategy">`providers.redis.sentinel.replicaStrategy`</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false | No |
| `providers.redis.sentinel.useDisconnectedReplicas` | Defines whether to use replicas disconnected with master when cannot get connected replicas. | false | false | | <a id="providers-redis-sentinel-useDisconnectedReplicas" href="#providers-redis-sentinel-useDisconnectedReplicas" title="#providers-redis-sentinel-useDisconnectedReplicas">`providers.redis.sentinel.useDisconnectedReplicas`</a> | Defines whether to use replicas disconnected with master when cannot get connected replicas. | false | false |
## Routing Configuration ## Routing Configuration
docs/content/reference/install-configuration/providers/kv/zk.md
+10 -10
View File
@@ -26,16 +26,16 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.zooKeeper.endpoints` | Defines the endpoint to access ZooKeeper. | "127.0.0.1:2181" | Yes | | <a id="providers-zooKeeper-endpoints" href="#providers-zooKeeper-endpoints" title="#providers-zooKeeper-endpoints">`providers.zooKeeper.endpoints`</a> | Defines the endpoint to access ZooKeeper. | "127.0.0.1:2181" | Yes |
| `providers.zooKeeper.rootKey` | Defines the root key for the configuration. | "traefik" | Yes | | <a id="providers-zooKeeper-rootKey" href="#providers-zooKeeper-rootKey" title="#providers-zooKeeper-rootKey">`providers.zooKeeper.rootKey`</a> | Defines the root key for the configuration. | "traefik" | Yes |
| `providers.zooKeeper.username` | Defines a username with which to connect to zooKeeper. | "" | No | | <a id="providers-zooKeeper-username" href="#providers-zooKeeper-username" title="#providers-zooKeeper-username">`providers.zooKeeper.username`</a> | Defines a username with which to connect to zooKeeper. | "" | No |
| `providers.zooKeeper.password` | Defines a password for connecting to zooKeeper. | "" | No | | <a id="providers-zooKeeper-password" href="#providers-zooKeeper-password" title="#providers-zooKeeper-password">`providers.zooKeeper.password`</a> | Defines a password for connecting to zooKeeper. | "" | No |
| `providers.zooKeeper.tls` | Defines the TLS configuration used for the secure connection to zooKeeper. | - | No | | <a id="providers-zooKeeper-tls" href="#providers-zooKeeper-tls" title="#providers-zooKeeper-tls">`providers.zooKeeper.tls`</a> | Defines the TLS configuration used for the secure connection to zooKeeper. | - | No |
| `providers.zooKeeper.tls.ca` | Defines the path to the certificate authority used for the secure connection to zooKeeper, it defaults to the system bundle. | "" | No | | <a id="providers-zooKeeper-tls-ca" href="#providers-zooKeeper-tls-ca" title="#providers-zooKeeper-tls-ca">`providers.zooKeeper.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to zooKeeper, it defaults to the system bundle. | "" | No |
| `providers.zooKeeper.tls.cert` | Defines the path to the public certificate used for the secure connection to zooKeeper. When using this option, setting the `key` option is required. | "" | Yes | | <a id="providers-zooKeeper-tls-cert" href="#providers-zooKeeper-tls-cert" title="#providers-zooKeeper-tls-cert">`providers.zooKeeper.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to zooKeeper. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.zooKeeper.tls.key` | Defines the path to the private key used for the secure connection to zooKeeper. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-zooKeeper-tls-key" href="#providers-zooKeeper-tls-key" title="#providers-zooKeeper-tls-key">`providers.zooKeeper.tls.key`</a> | Defines the path to the private key used for the secure connection to zooKeeper. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.zooKeeper.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-zooKeeper-tls-insecureSkipVerify" href="#providers-zooKeeper-tls-insecureSkipVerify" title="#providers-zooKeeper-tls-insecureSkipVerify">`providers.zooKeeper.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
## Routing Configuration ## Routing Configuration
docs/content/reference/install-configuration/providers/others/ecs.md
+12 -12
View File
@@ -26,18 +26,18 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.ecs.autoDiscoverClusters` | Search for services in cluster list. If set to `true` service discovery is enabled for all clusters. | false | No | | <a id="providers-ecs-autoDiscoverClusters" href="#providers-ecs-autoDiscoverClusters" title="#providers-ecs-autoDiscoverClusters">`providers.ecs.autoDiscoverClusters`</a> | Search for services in cluster list. If set to `true` service discovery is enabled for all clusters. | false | No |
| `providers.ecs.ecsAnywhere` | Enable ECS Anywhere support. | false | No | | <a id="providers-ecs-ecsAnywhere" href="#providers-ecs-ecsAnywhere" title="#providers-ecs-ecsAnywhere">`providers.ecs.ecsAnywhere`</a> | Enable ECS Anywhere support. | false | No |
| `providers.ecs.clusters` | Search for services in cluster list. This option is ignored if `autoDiscoverClusters` is set to `true`. | `["default"]` | No | | <a id="providers-ecs-clusters" href="#providers-ecs-clusters" title="#providers-ecs-clusters">`providers.ecs.clusters`</a> | Search for services in cluster list. This option is ignored if `autoDiscoverClusters` is set to `true`. | `["default"]` | No |
| `providers.ecs.exposedByDefault` | Expose ECS services by default in Traefik. | true | No | | <a id="providers-ecs-exposedByDefault" href="#providers-ecs-exposedByDefault" title="#providers-ecs-exposedByDefault">`providers.ecs.exposedByDefault`</a> | Expose ECS services by default in Traefik. | true | No |
| `providers.ecs.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | true | No | | <a id="providers-ecs-constraints" href="#providers-ecs-constraints" title="#providers-ecs-constraints">`providers.ecs.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | true | No |
| `providers.ecs.healthyTasksOnly` | Defines whether Traefik discovers only healthy tasks (`HEALTHY` healthStatus). | false | No | | <a id="providers-ecs-healthyTasksOnly" href="#providers-ecs-healthyTasksOnly" title="#providers-ecs-healthyTasksOnly">`providers.ecs.healthyTasksOnly`</a> | Defines whether Traefik discovers only healthy tasks (`HEALTHY` healthStatus). | false | No |
| `providers.ecs.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No | | <a id="providers-ecs-defaultRule" href="#providers-ecs-defaultRule" title="#providers-ecs-defaultRule">`providers.ecs.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information. | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.ecs.refreshSeconds` | Defines the polling interval (in seconds). | 15 | No | | <a id="providers-ecs-refreshSeconds" href="#providers-ecs-refreshSeconds" title="#providers-ecs-refreshSeconds">`providers.ecs.refreshSeconds`</a> | Defines the polling interval (in seconds). | 15 | No |
| `providers.ecs.region` | Defines the region of the ECS instance. See [here](#credentials) for more information. | "" | No | | <a id="providers-ecs-region" href="#providers-ecs-region" title="#providers-ecs-region">`providers.ecs.region`</a> | Defines the region of the ECS instance. See [here](#credentials) for more information. | "" | No |
| `providers.ecs.accessKeyID` | Defines the Access Key ID for the ECS instance. See [here](#credentials) for more information. | "" | No | | <a id="providers-ecs-accessKeyID" href="#providers-ecs-accessKeyID" title="#providers-ecs-accessKeyID">`providers.ecs.accessKeyID`</a> | Defines the Access Key ID for the ECS instance. See [here](#credentials) for more information. | "" | No |
| `providers.ecs.secretAccessKey` | Defines the Secret Access Key for the ECS instance. See [here](#credentials) for more information. | "" | No | | <a id="providers-ecs-secretAccessKey" href="#providers-ecs-secretAccessKey" title="#providers-ecs-secretAccessKey">`providers.ecs.secretAccessKey`</a> | Defines the Secret Access Key for the ECS instance. See [here](#credentials) for more information. | "" | No |
### `constraints` ### `constraints`
docs/content/reference/install-configuration/providers/others/file.md
+4 -4
View File
@@ -100,10 +100,10 @@ http:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.file.filename` | Defines the path to the configuration file. | "" | Yes | | <a id="providers-file-filename" href="#providers-file-filename" title="#providers-file-filename">`providers.file.filename`</a> | Defines the path to the configuration file. | "" | Yes |
| `providers.file.directory` | Defines the path to the directory that contains the configuration files. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`. | "" | Yes | | <a id="providers-file-directory" href="#providers-file-directory" title="#providers-file-directory">`providers.file.directory`</a> | Defines the path to the directory that contains the configuration files. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`. | "" | Yes |
| `providers.file.watch` | Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. | true | No | | <a id="providers-file-watch" href="#providers-file-watch" title="#providers-file-watch">`providers.file.watch`</a> | Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. | true | No |
!!! warning "Limitations" !!! warning "Limitations"
docs/content/reference/install-configuration/providers/others/http.md
+9 -9
View File
@@ -30,15 +30,15 @@ providers:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.http.endpoint` | Defines the HTTP(S) endpoint to poll. | "" | Yes | | <a id="providers-http-endpoint" href="#providers-http-endpoint" title="#providers-http-endpoint">`providers.http.endpoint`</a> | Defines the HTTP(S) endpoint to poll. | "" | Yes |
| `providers.http.pollInterval` | Defines the polling interval. | 5s | No | | <a id="providers-http-pollInterval" href="#providers-http-pollInterval" title="#providers-http-pollInterval">`providers.http.pollInterval`</a> | Defines the polling interval. | 5s | No |
| `providers.http.pollTimeout` | Defines the polling timeout when connecting to the endpoint. | 5s | No | | <a id="providers-http-pollTimeout" href="#providers-http-pollTimeout" title="#providers-http-pollTimeout">`providers.http.pollTimeout`</a> | Defines the polling timeout when connecting to the endpoint. | 5s | No |
| `providers.http.headers` | Defines custom headers to be sent to the endpoint. | "" | No | | <a id="providers-http-headers" href="#providers-http-headers" title="#providers-http-headers">`providers.http.headers`</a> | Defines custom headers to be sent to the endpoint. | "" | No |
| `providers.http.tls.ca` | Defines the path to the certificate authority used for the secure connection to the endpoint, it defaults to the system bundle. | "" | No | | <a id="providers-http-tls-ca" href="#providers-http-tls-ca" title="#providers-http-tls-ca">`providers.http.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to the endpoint, it defaults to the system bundle. | "" | No |
| `providers.http.tls.cert` | Defines the path to the public certificate used for the secure connection to the endpoint. When using this option, setting the `key` option is required. | "" | Yes | | <a id="providers-http-tls-cert" href="#providers-http-tls-cert" title="#providers-http-tls-cert">`providers.http.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to the endpoint. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.http.tls.key` | Defines the path to the private key used for the secure connection to the endpoint. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-http-tls-key" href="#providers-http-tls-key" title="#providers-http-tls-key">`providers.http.tls.key`</a> | Defines the path to the private key used for the secure connection to the endpoint. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.http.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by endpoint when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-http-tls-insecureSkipVerify" href="#providers-http-tls-insecureSkipVerify" title="#providers-http-tls-insecureSkipVerify">`providers.http.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by endpoint when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### headers ### headers
docs/content/reference/install-configuration/providers/overview.md
+14 -14
View File
@@ -51,20 +51,20 @@ Below is the list of the currently supported providers in Traefik.
| Provider | Type | Configuration Type | Provider Name | | Provider | Type | Configuration Type | Provider Name |
|--------------------------------------------------------------|--------------|----------------------|---------------------| |--------------------------------------------------------------|--------------|----------------------|---------------------|
| [Docker](./docker.md) | Orchestrator | Label | `docker` | | <a id="Docker" href="#Docker" title="#Docker">[Docker](./docker.md)</a> | Orchestrator | Label | `docker` |
| [Docker Swarm](./swarm.md) | Orchestrator | Label | `swarm` | | <a id="Docker-Swarm" href="#Docker-Swarm" title="#Docker-Swarm">[Docker Swarm](./swarm.md)</a> | Orchestrator | Label | `swarm` |
| [Kubernetes IngressRoute](./kubernetes/kubernetes-crd.md) | Orchestrator | Custom Resource | `kubernetescrd` | | <a id="Kubernetes-IngressRoute" href="#Kubernetes-IngressRoute" title="#Kubernetes-IngressRoute">[Kubernetes IngressRoute](./kubernetes/kubernetes-crd.md)</a> | Orchestrator | Custom Resource | `kubernetescrd` |
| [Kubernetes Ingress](./kubernetes/kubernetes-ingress.md) | Orchestrator | Ingress | `kubernetes` | | <a id="Kubernetes-Ingress" href="#Kubernetes-Ingress" title="#Kubernetes-Ingress">[Kubernetes Ingress](./kubernetes/kubernetes-ingress.md)</a> | Orchestrator | Ingress | `kubernetes` |
| [Kubernetes Gateway API](./kubernetes/kubernetes-gateway.md) | Orchestrator | Gateway API Resource | `kubernetesgateway` | | <a id="Kubernetes-Gateway-API" href="#Kubernetes-Gateway-API" title="#Kubernetes-Gateway-API">[Kubernetes Gateway API](./kubernetes/kubernetes-gateway.md)</a> | Orchestrator | Gateway API Resource | `kubernetesgateway` |
| [Consul Catalog](./hashicorp/consul-catalog.md) | Orchestrator | Label | `consulcatalog` | | <a id="Consul-Catalog" href="#Consul-Catalog" title="#Consul-Catalog">[Consul Catalog](./hashicorp/consul-catalog.md)</a> | Orchestrator | Label | `consulcatalog` |
| [Nomad](./hashicorp/nomad.md) | Orchestrator | Label | `nomad` | | <a id="Nomad" href="#Nomad" title="#Nomad">[Nomad](./hashicorp/nomad.md)</a> | Orchestrator | Label | `nomad` |
| [ECS](./others/ecs.md) | Orchestrator | Label | `ecs` | | <a id="ECS" href="#ECS" title="#ECS">[ECS](./others/ecs.md)</a> | Orchestrator | Label | `ecs` |
| [File](./others/file.md) | Manual | YAML/TOML format | `file` | | <a id="File" href="#File" title="#File">[File](./others/file.md)</a> | Manual | YAML/TOML format | `file` |
| [Consul](./hashicorp/consul.md) | KV | KV | `consul` | | <a id="Consul" href="#Consul" title="#Consul">[Consul](./hashicorp/consul.md)</a> | KV | KV | `consul` |
| [Etcd](./kv/etcd.md) | KV | KV | `etcd` | | <a id="Etcd" href="#Etcd" title="#Etcd">[Etcd](./kv/etcd.md)</a> | KV | KV | `etcd` |
| [ZooKeeper](./kv/zk.md) | KV | KV | `zookeeper` | | <a id="ZooKeeper" href="#ZooKeeper" title="#ZooKeeper">[ZooKeeper](./kv/zk.md)</a> | KV | KV | `zookeeper` |
| [Redis](./kv/redis.md) | KV | KV | `redis` | | <a id="Redis" href="#Redis" title="#Redis">[Redis](./kv/redis.md)</a> | KV | KV | `redis` |
| [HTTP](./others/http.md) | Manual | JSON/YAML format | `http` | | <a id="HTTP" href="#HTTP" title="#HTTP">[HTTP](./others/http.md)</a> | Manual | JSON/YAML format | `http` |
!!! info "More Providers" !!! info "More Providers"
docs/content/reference/install-configuration/providers/swarm.md
+24 -24
View File
@@ -45,23 +45,23 @@ services:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:---------| |:-----------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:---------|
| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No | | <a id="providers-providersThrottleDuration" href="#providers-providersThrottleDuration" title="#providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s | No |
| `providers.swarm.endpoint` | Specifies the Docker API endpoint. See [here](#endpoint) for more information | `unix:///var/run/docker.sock` | Yes | | <a id="providers-swarm-endpoint" href="#providers-swarm-endpoint" title="#providers-swarm-endpoint">`providers.swarm.endpoint`</a> | Specifies the Docker API endpoint. See [here](#endpoint) for more information | `unix:///var/run/docker.sock` | Yes |
| `providers.swarm.username` | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No | | <a id="providers-swarm-username" href="#providers-swarm-username" title="#providers-swarm-username">`providers.swarm.username`</a> | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No |
| `providers.swarm.password` | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No | | <a id="providers-swarm-password" href="#providers-swarm-password" title="#providers-swarm-password">`providers.swarm.password`</a> | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication. | "" | No |
| `providers.swarm.useBindPortIP` | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No | | <a id="providers-swarm-useBindPortIP" href="#providers-swarm-useBindPortIP" title="#providers-swarm-useBindPortIP">`providers.swarm.useBindPortIP`</a> | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information | false | No |
| `providers.swarm.exposedByDefault` | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No | | <a id="providers-swarm-exposedByDefault" href="#providers-swarm-exposedByDefault" title="#providers-swarm-exposedByDefault">`providers.swarm.exposedByDefault`</a> | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information | true | No |
| `providers.swarm.network` | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.swarm.network` label. | "" | No | | <a id="providers-swarm-network" href="#providers-swarm-network" title="#providers-swarm-network">`providers.swarm.network`</a> | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.swarm.network` label. | "" | No |
| `providers.swarm.defaultRule` | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No | | <a id="providers-swarm-defaultRule" href="#providers-swarm-defaultRule" title="#providers-swarm-defaultRule">`providers.swarm.defaultRule`</a> | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information | ```"Host(`{{ normalize .Name }}`)"``` | No |
| `providers.swarm.refreshSeconds` | Defines the polling interval for Swarm Mode. | "15s" | No | | <a id="providers-swarm-refreshSeconds" href="#providers-swarm-refreshSeconds" title="#providers-swarm-refreshSeconds">`providers.swarm.refreshSeconds`</a> | Defines the polling interval for Swarm Mode. | "15s" | No |
| `providers.swarm.httpClientTimeout` | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No | | <a id="providers-swarm-httpClientTimeout" href="#providers-swarm-httpClientTimeout" title="#providers-swarm-httpClientTimeout">`providers.swarm.httpClientTimeout`</a> | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. | 0 | No |
| `providers.swarm.watch` | Instructs Traefik to watch Docker events or not. | True | No | | <a id="providers-swarm-watch" href="#providers-swarm-watch" title="#providers-swarm-watch">`providers.swarm.watch`</a> | Instructs Traefik to watch Docker events or not. | True | No |
| `providers.swarm.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No | | <a id="providers-swarm-constraints" href="#providers-swarm-constraints" title="#providers-swarm-constraints">`providers.swarm.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | "" | No |
| `providers.swarm.allowEmptyServices` | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No | | <a id="providers-swarm-allowEmptyServices" href="#providers-swarm-allowEmptyServices" title="#providers-swarm-allowEmptyServices">`providers.swarm.allowEmptyServices`</a> | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. | false | No |
| `providers.swarm.tls.ca` | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No | | <a id="providers-swarm-tls-ca" href="#providers-swarm-tls-ca" title="#providers-swarm-tls-ca">`providers.swarm.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle. | "" | No |
| `providers.swarm.tls.cert` | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes | | <a id="providers-swarm-tls-cert" href="#providers-swarm-tls-cert" title="#providers-swarm-tls-cert">`providers.swarm.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. | "" | Yes |
| `providers.swarm.tls.key` | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes | | <a id="providers-swarm-tls-key" href="#providers-swarm-tls-key" title="#providers-swarm-tls-key">`providers.swarm.tls.key`</a> | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. | "" | Yes |
| `providers.swarm.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No | | <a id="providers-swarm-tls-insecureSkipVerify" href="#providers-swarm-tls-insecureSkipVerify" title="#providers-swarm-tls-insecureSkipVerify">`providers.swarm.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false | No |
### `endpoint` ### `endpoint`
@@ -198,13 +198,13 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that
| port label | Container's binding | Routes to | | port label | Container's binding | Routes to |
|--------------------|----------------------------------------------------|----------------| |--------------------|----------------------------------------------------|----------------|
| - | - | IntIP:IntPort | | <a id="row" href="#row" title="#row">-</a> | - | IntIP:IntPort |
| - | ExtPort:IntPort | IntIP:IntPort | | <a id="row-2" href="#row-2" title="#row-2">-</a> | ExtPort:IntPort | IntIP:IntPort |
| - | ExtIp:ExtPort:IntPort | ExtIp:ExtPort | | <a id="row-3" href="#row-3" title="#row-3">-</a> | ExtIp:ExtPort:IntPort | ExtIp:ExtPort |
| LblPort | - | IntIp:LblPort | | <a id="LblPort" href="#LblPort" title="#LblPort">LblPort</a> | - | IntIp:LblPort |
| LblPort | ExtIp:ExtPort:LblPort | ExtIp:ExtPort | | <a id="LblPort-2" href="#LblPort-2" title="#LblPort-2">LblPort</a> | ExtIp:ExtPort:LblPort | ExtIp:ExtPort |
| LblPort | ExtIp:ExtPort:OtherPort | IntIp:LblPort | | <a id="LblPort-3" href="#LblPort-3" title="#LblPort-3">LblPort</a> | ExtIp:ExtPort:OtherPort | IntIp:LblPort |
| LblPort | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort | | <a id="LblPort-4" href="#LblPort-4" title="#LblPort-4">LblPort</a> | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
!!! info "" !!! info ""
In the above table: In the above table:
docs/content/reference/install-configuration/tls/certificate-resolvers/acme.md
+22 -22
View File
@@ -75,28 +75,28 @@ ACME certificate resolvers have the following configuration options:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:--------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------|:---------| |:--------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------|:---------|
| `acme.email` | Email address used for registration. | "" | Yes | | <a id="acme-email" href="#acme-email" title="#acme-email">`acme.email`</a> | Email address used for registration. | "" | Yes |
| `acme.caServer` | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | No | | <a id="acme-caServer" href="#acme-caServer" title="#acme-caServer">`acme.caServer`</a> | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | No |
| `acme.preferredChain` | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. | "" | No | | <a id="acme-preferredChain" href="#acme-preferredChain" title="#acme-preferredChain">`acme.preferredChain`</a> | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. | "" | No |
| `acme.keyType` | KeyType to use. | "RSA4096" | No | | <a id="acme-keyType" href="#acme-keyType" title="#acme-keyType">`acme.keyType`</a> | KeyType to use. | "RSA4096" | No |
| `acme.eab` | Enable external account binding. | | No | | <a id="acme-eab" href="#acme-eab" title="#acme-eab">`acme.eab`</a> | Enable external account binding. | | No |
| `acme.eab.kid` | Key identifier from External CA. | "" | No | | <a id="acme-eab-kid" href="#acme-eab-kid" title="#acme-eab-kid">`acme.eab.kid`</a> | Key identifier from External CA. | "" | No |
| `acme.eab.hmacEncoded` | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No | | <a id="acme-eab-hmacEncoded" href="#acme-eab-hmacEncoded" title="#acme-eab-hmacEncoded">`acme.eab.hmacEncoded`</a> | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No |
| `acme.certificatesDuration` | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No | | <a id="acme-certificatesDuration" href="#acme-certificatesDuration" title="#acme-certificatesDuration">`acme.certificatesDuration`</a> | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
| `acme.clientTimeout` | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No | | <a id="acme-clientTimeout" href="#acme-clientTimeout" title="#acme-clientTimeout">`acme.clientTimeout`</a> | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No |
| `acme.clientResponseHeaderTimeout` | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No | | <a id="acme-clientResponseHeaderTimeout" href="#acme-clientResponseHeaderTimeout" title="#acme-clientResponseHeaderTimeout">`acme.clientResponseHeaderTimeout`</a> | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No |
| `acme.dnsChallenge` | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No | | <a id="acme-dnsChallenge" href="#acme-dnsChallenge" title="#acme-dnsChallenge">`acme.dnsChallenge`</a> | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
| `acme.dnsChallenge.provider` | DNS provider to use. | "" | No | | <a id="acme-dnsChallenge-provider" href="#acme-dnsChallenge-provider" title="#acme-dnsChallenge-provider">`acme.dnsChallenge.provider`</a> | DNS provider to use. | "" | No |
| `acme.dnsChallenge.resolvers` | DNS servers to resolve the FQDN authority. | [] | No | | <a id="acme-dnsChallenge-resolvers" href="#acme-dnsChallenge-resolvers" title="#acme-dnsChallenge-resolvers">`acme.dnsChallenge.resolvers`</a> | DNS servers to resolve the FQDN authority. | [] | No |
| `acme.dnsChallenge.propagation.delayBeforeChecks` | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries. | 0s | No | | <a id="acme-dnsChallenge-propagation-delayBeforeChecks" href="#acme-dnsChallenge-propagation-delayBeforeChecks" title="#acme-dnsChallenge-propagation-delayBeforeChecks">`acme.dnsChallenge.propagation.delayBeforeChecks`</a> | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries. | 0s | No |
| `acme.dnsChallenge.propagation.disableChecks` | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding. | false | No | | <a id="acme-dnsChallenge-propagation-disableChecks" href="#acme-dnsChallenge-propagation-disableChecks" title="#acme-dnsChallenge-propagation-disableChecks">`acme.dnsChallenge.propagation.disableChecks`</a> | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding. | false | No |
| `acme.dnsChallenge.propagation.requireAllRNS` | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead. | false | No | | <a id="acme-dnsChallenge-propagation-requireAllRNS" href="#acme-dnsChallenge-propagation-requireAllRNS" title="#acme-dnsChallenge-propagation-requireAllRNS">`acme.dnsChallenge.propagation.requireAllRNS`</a> | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead. | false | No |
| `acme.dnsChallenge.propagation.disableANSChecks` | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable. | false | No | | <a id="acme-dnsChallenge-propagation-disableANSChecks" href="#acme-dnsChallenge-propagation-disableANSChecks" title="#acme-dnsChallenge-propagation-disableANSChecks">`acme.dnsChallenge.propagation.disableANSChecks`</a> | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable. | false | No |
| `acme.httpChallenge` | Enable HTTP-01 challenge. More information [here](#httpchallenge). | | No | | <a id="acme-httpChallenge" href="#acme-httpChallenge" title="#acme-httpChallenge">`acme.httpChallenge`</a> | Enable HTTP-01 challenge. More information [here](#httpchallenge). | | No |
| `acme.httpChallenge.entryPoint` | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80 | "" | Yes | | <a id="acme-httpChallenge-entryPoint" href="#acme-httpChallenge-entryPoint" title="#acme-httpChallenge-entryPoint">`acme.httpChallenge.entryPoint`</a> | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80 | "" | Yes |
| `acme.httpChallenge.delay` | The delay between the creation of the challenge and the validation. A value lower than or equal to zero means no delay. | 0 | No | | <a id="acme-httpChallenge-delay" href="#acme-httpChallenge-delay" title="#acme-httpChallenge-delay">`acme.httpChallenge.delay`</a> | The delay between the creation of the challenge and the validation. A value lower than or equal to zero means no delay. | 0 | No |
| `acme.tlsChallenge` | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge). | - | No | | <a id="acme-tlsChallenge" href="#acme-tlsChallenge" title="#acme-tlsChallenge">`acme.tlsChallenge`</a> | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge). | - | No |
| `acme.storage` | File path used for certificates storage. | "acme.json" | Yes | | <a id="acme-storage" href="#acme-storage" title="#acme-storage">`acme.storage`</a> | File path used for certificates storage. | "acme.json" | Yes |
## Automatic Certificate Renewal ## Automatic Certificate Renewal
docs/content/reference/routing-configuration/http/load-balancing/serverstransport.md
+14 -14
View File
@@ -96,17 +96,17 @@ labels:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `serverName` | Configures the server name that will be used as the SNI. | "" | No | | <a id="serverName" href="#serverName" title="#serverName">`serverName`</a> | Configures the server name that will be used as the SNI. | "" | No |
| `certificates` | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | [] | No | | <a id="certificates" href="#certificates" title="#certificates">`certificates`</a> | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | [] | No |
| `insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No | | <a id="insecureSkipVerify" href="#insecureSkipVerify" title="#insecureSkipVerify">`insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
| `rootcas` | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | [] | No | | <a id="rootcas" href="#rootcas" title="#rootcas">`rootcas`</a> | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | [] | No |
| `maxIdleConnsPerHost` | Maximum idle (keep-alive) connections to keep per-host. | 200 | No | | <a id="maxIdleConnsPerHost" href="#maxIdleConnsPerHost" title="#maxIdleConnsPerHost">`maxIdleConnsPerHost`</a> | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
| `disableHTTP2` | Disables HTTP/2 for connections with servers. | false | No | | <a id="disableHTTP2" href="#disableHTTP2" title="#disableHTTP2">`disableHTTP2`</a> | Disables HTTP/2 for connections with servers. | false | No |
| `peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No | | <a id="peerCertURI" href="#peerCertURI" title="#peerCertURI">`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
| `forwardingTimeouts.dialTimeout` | Amount of time to wait until a connection to a server can be established.<br />0 = no timeout | 30s | No | | <a id="forwardingTimeouts-dialTimeout" href="#forwardingTimeouts-dialTimeout" title="#forwardingTimeouts-dialTimeout">`forwardingTimeouts.dialTimeout`</a> | Amount of time to wait until a connection to a server can be established.<br />0 = no timeout | 30s | No |
| `forwardingTimeouts.responseHeaderTimeout` | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />0 = no timeout | 0s | No | | <a id="forwardingTimeouts-responseHeaderTimeout" href="#forwardingTimeouts-responseHeaderTimeout" title="#forwardingTimeouts-responseHeaderTimeout">`forwardingTimeouts.responseHeaderTimeout`</a> | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />0 = no timeout | 0s | No |
| `forwardingTimeouts.idleConnTimeout` | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />0 = no timeout | 90s | No | | <a id="forwardingTimeouts-idleConnTimeout" href="#forwardingTimeouts-idleConnTimeout" title="#forwardingTimeouts-idleConnTimeout">`forwardingTimeouts.idleConnTimeout`</a> | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />0 = no timeout | 90s | No |
| `forwardingTimeouts.readIdleTimeout` | Defines the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. | 0s | No | | <a id="forwardingTimeouts-readIdleTimeout" href="#forwardingTimeouts-readIdleTimeout" title="#forwardingTimeouts-readIdleTimeout">`forwardingTimeouts.readIdleTimeout`</a> | Defines the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. | 0s | No |
| `forwardingTimeouts.pingTimeout` | Defines the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. | 15s | No | | <a id="forwardingTimeouts-pingTimeout" href="#forwardingTimeouts-pingTimeout" title="#forwardingTimeouts-pingTimeout">`forwardingTimeouts.pingTimeout`</a> | Defines the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. | 15s | No |
| `spiffe.ids` | Defines the allowed SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | [] | No | | <a id="spiffe-ids" href="#spiffe-ids" title="#spiffe-ids">`spiffe.ids`</a> | Defines the allowed SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | [] | No |
| `spiffe.trustDomain` | Defines the SPIFFE trust domain. | "" | No | | <a id="spiffe-trustDomain" href="#spiffe-trustDomain" title="#spiffe-trustDomain">`spiffe.trustDomain`</a> | Defines the SPIFFE trust domain. | "" | No |
docs/content/reference/routing-configuration/http/load-balancing/service.md
+23 -23
View File
@@ -89,13 +89,13 @@ labels:
| Field | Description | Required | | Field | Description | Required |
|------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------| |------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
| `servers` | Represents individual backend instances for your service | Yes | | <a id="servers" href="#servers" title="#servers">`servers`</a> | Represents individual backend instances for your service | Yes |
| `sticky` | Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. | No | | <a id="sticky" href="#sticky" title="#sticky">`sticky`</a> | Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response. | No |
| `healthcheck` | Configures health check to remove unhealthy servers from the load balancing rotation. | No | | <a id="healthcheck" href="#healthcheck" title="#healthcheck">`healthcheck`</a> | Configures health check to remove unhealthy servers from the load balancing rotation. | No |
| `passHostHeader` | Allows forwarding of the client Host header to server. By default, `passHostHeader` is true. | No | | <a id="passHostHeader" href="#passHostHeader" title="#passHostHeader">`passHostHeader`</a> | Allows forwarding of the client Host header to server. By default, `passHostHeader` is true. | No |
| `serversTransport` | Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used. | No | | <a id="serversTransport" href="#serversTransport" title="#serversTransport">`serversTransport`</a> | Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used. | No |
| `responseForwarding` | Configures how Traefik forwards the response from the backend server to the client. | No | | <a id="responseForwarding" href="#responseForwarding" title="#responseForwarding">`responseForwarding`</a> | Configures how Traefik forwards the response from the backend server to the client. | No |
| `responseForwarding.FlushInterval` | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No | | <a id="responseForwarding-FlushInterval" href="#responseForwarding-FlushInterval" title="#responseForwarding-FlushInterval">`responseForwarding.FlushInterval`</a> | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No |
#### Servers #### Servers
@@ -105,9 +105,9 @@ Servers represent individual backend instances for your service. The [service lo
| Field | Description | Required | | Field | Description | Required |
|----------------|----------------------------------------------------|----------------------------------------------------------------------------------| |----------------|----------------------------------------------------|----------------------------------------------------------------------------------|
| `url` | Points to a specific instance. | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) | | <a id="url" href="#url" title="#url">`url`</a> | Points to a specific instance. | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) |
| `weight` | Allows for weighted load balancing on the servers. | No | | <a id="weight" href="#weight" title="#weight">`weight`</a> | Allows for weighted load balancing on the servers. | No |
| `preservePath` | Allows to preserve the URL path. | No | | <a id="preservePath" href="#preservePath" title="#preservePath">`preservePath`</a> | Allows to preserve the URL path. | No |
#### Health Check #### Health Check
@@ -119,19 +119,19 @@ Below are the available options for the health check mechanism:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|---------------------|-------------------------------------------------------------------------------------------------------------------------------|---------|----------| |---------------------|-------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| `path` | Defines the server URL path for the health check endpoint. | "" | Yes | | <a id="path" href="#path" title="#path">`path`</a> | Defines the server URL path for the health check endpoint. | "" | Yes |
| `scheme` | Replaces the server URL scheme for the health check endpoint. | | No | | <a id="scheme" href="#scheme" title="#scheme">`scheme`</a> | Replaces the server URL scheme for the health check endpoint. | | No |
| `mode` | If defined to `grpc`, will use the gRPC health check protocol to probe the server. | http | No | | <a id="mode" href="#mode" title="#mode">`mode`</a> | If defined to `grpc`, will use the gRPC health check protocol to probe the server. | http | No |
| `hostname` | Defines the value of hostname in the Host header of the health check request. | "" | No | | <a id="hostname" href="#hostname" title="#hostname">`hostname`</a> | Defines the value of hostname in the Host header of the health check request. | "" | No |
| `port` | Replaces the server URL port for the health check endpoint. | | No | | <a id="port" href="#port" title="#port">`port`</a> | Replaces the server URL port for the health check endpoint. | | No |
| `interval` | Defines the frequency of the health check calls for healthy targets. | 30s | No | | <a id="interval" href="#interval" title="#interval">`interval`</a> | Defines the frequency of the health check calls for healthy targets. | 30s | No |
| `unhealthyInterval` | Defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value. | 30s | No | | <a id="unhealthyInterval" href="#unhealthyInterval" title="#unhealthyInterval">`unhealthyInterval`</a> | Defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value. | 30s | No |
| `timeout` | Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. | 5s | No | | <a id="timeout" href="#timeout" title="#timeout">`timeout`</a> | Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy. | 5s | No |
| `headers` | Defines custom headers to be sent to the health check endpoint. | | No | | <a id="headers" href="#headers" title="#headers">`headers`</a> | Defines custom headers to be sent to the health check endpoint. | | No |
| `followRedirects` | Defines whether redirects should be followed during the health check calls. | true | No | | <a id="followRedirects" href="#followRedirects" title="#followRedirects">`followRedirects`</a> | Defines whether redirects should be followed during the health check calls. | true | No |
| `hostname` | Defines the value of hostname in the Host header of the health check request. | "" | No | | <a id="hostname-2" href="#hostname-2" title="#hostname-2">`hostname`</a> | Defines the value of hostname in the Host header of the health check request. | "" | No |
| `method` | Defines the HTTP method that will be used while connecting to the endpoint. | GET | No | | <a id="method" href="#method" title="#method">`method`</a> | Defines the HTTP method that will be used while connecting to the endpoint. | GET | No |
| `status` | Defines the expected HTTP status code of the response to the health check request. | | No | | <a id="status" href="#status" title="#status">`status`</a> | Defines the expected HTTP status code of the response to the health check request. | | No |
#### Sticky sessions #### Sticky sessions
docs/content/reference/routing-configuration/http/middlewares/addprefix.md
+1 -1
View File
@@ -54,4 +54,4 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `prefix` | String to add **before** the current path in the requested URL. It should include a leading slash (`/`). | "" | Yes | | <a id="prefix" href="#prefix" title="#prefix">`prefix`</a> | String to add **before** the current path in the requested URL. It should include a leading slash (`/`). | "" | Yes |
docs/content/reference/routing-configuration/http/middlewares/apikey.md
+6 -6
View File
@@ -46,11 +46,11 @@ stringData:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:------------------------------------------------|:--------|:---------| |:-----------------------------|:------------------------------------------------|:--------|:---------|
| `keySource.header` | Defines the header name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No | | <a id="keySource-header" href="#keySource-header" title="#keySource-header">`keySource.header`</a> | Defines the header name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| `keySource.headerAuthScheme` | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax). | "" | No | | <a id="keySource-headerAuthScheme" href="#keySource-headerAuthScheme" title="#keySource-headerAuthScheme">`keySource.headerAuthScheme`</a> | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax). | "" | No |
| `keySource.query` | Defines the query parameter name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No | | <a id="keySource-query" href="#keySource-query" title="#keySource-query">`keySource.query`</a> | Defines the query parameter name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| `keySource.cookie` | Defines the cookie name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No | | <a id="keySource-cookie" href="#keySource-cookie" title="#keySource-cookie">`keySource.cookie`</a> | Defines the cookie name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set. | "" | No |
| `secretNonBase64Encoded` | Defines whether the secret sent by the client is base64 encoded. | false | No | | <a id="secretNonBase64Encoded" href="#secretNonBase64Encoded" title="#secretNonBase64Encoded">`secretNonBase64Encoded`</a> | Defines whether the secret sent by the client is base64 encoded. | false | No |
| `secretValues` | Contain the hash of the API keys. <br /> Supported hashing algorithms are Bcrypt, SHA1 and MD5. <br /> The hash should be generated using `htpasswd`.<br />Can reference a Kubernetes Secret using the URN format: `urn:k8s:secret:[name]:[valueKey]` | [] | Yes | | <a id="secretValues" href="#secretValues" title="#secretValues">`secretValues`</a> | Contain the hash of the API keys. <br /> Supported hashing algorithms are Bcrypt, SHA1 and MD5. <br /> The hash should be generated using `htpasswd`.<br />Can reference a Kubernetes Secret using the URN format: `urn:k8s:secret:[name]:[valueKey]` | [] | Yes |
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/middlewares/basicauth.md
+5 -5
View File
@@ -64,11 +64,11 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `users` | Array of authorized users. Each user must be declared using the `name:hashed-password` format. (More information [here](#users))| "" | No | | <a id="users" href="#users" title="#users">`users`</a> | Array of authorized users. Each user must be declared using the `name:hashed-password` format. (More information [here](#users))| "" | No |
| `usersFile` | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:hashed-password`. (More information [here](#usersfile)) | "" | No | | <a id="usersFile" href="#usersFile" title="#usersFile">`usersFile`</a> | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:hashed-password`. (More information [here](#usersfile)) | "" | No |
| `realm` | Allow customizing the realm for the authentication.| "traefik" | No | | <a id="realm" href="#realm" title="#realm">`realm`</a> | Allow customizing the realm for the authentication.| "traefik" | No |
| `headerField` | Allow defining a header field to store the authenticated user.| "" | No | | <a id="headerField" href="#headerField" title="#headerField">`headerField`</a> | Allow defining a header field to store the authenticated user.| "" | No |
| `removeHeader` | Allow removing the authorization header before forwarding the request to your service. | false | No | | <a id="removeHeader" href="#removeHeader" title="#removeHeader">`removeHeader`</a> | Allow removing the authorization header before forwarding the request to your service. | false | No |
### Passwords format ### Passwords format
docs/content/reference/routing-configuration/http/middlewares/buffering.md
+5 -5
View File
@@ -58,11 +58,11 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|:--------|:---------| |:------|:------------|:--------|:---------|
| `maxRequestBodyBytes` | Maximum allowed body size for the request (in bytes). <br /> If the request exceeds the allowed size, it is not forwarded to the Service, and the client gets a `413` (Request Entity Too Large) response. | 0 | No | | <a id="maxRequestBodyBytes" href="#maxRequestBodyBytes" title="#maxRequestBodyBytes">`maxRequestBodyBytes`</a> | Maximum allowed body size for the request (in bytes). <br /> If the request exceeds the allowed size, it is not forwarded to the Service, and the client gets a `413` (Request Entity Too Large) response. | 0 | No |
| `memRequestBodyBytes` | Threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.| 1048576 | No | | <a id="memRequestBodyBytes" href="#memRequestBodyBytes" title="#memRequestBodyBytes">`memRequestBodyBytes`</a> | Threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.| 1048576 | No |
| `maxResponseBodyBytes` | Maximum allowed response size from the Service (in bytes). <br /> If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead. | 0 | No | | <a id="maxResponseBodyBytes" href="#maxResponseBodyBytes" title="#maxResponseBodyBytes">`maxResponseBodyBytes`</a> | Maximum allowed response size from the Service (in bytes). <br /> If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead. | 0 | No |
| `memResponseBodyBytes` | Threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.| 1048576 | No | | <a id="memResponseBodyBytes" href="#memResponseBodyBytes" title="#memResponseBodyBytes">`memResponseBodyBytes`</a> | Threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.| 1048576 | No |
| `retryExpression` | Replay the request using `retryExpression`.<br /> More information [here](#retryexpression). | "" | No | | <a id="retryExpression" href="#retryExpression" title="#retryExpression">`retryExpression`</a> | Replay the request using `retryExpression`.<br /> More information [here](#retryexpression). | "" | No |
### retryExpression ### retryExpression
docs/content/reference/routing-configuration/http/middlewares/chain.md
+1 -1
View File
@@ -168,4 +168,4 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|:--------|:---------| |:------|:------------|:--------|:---------|
| `middlewares` | List of middlewares to chain.<br /> The middlewares have to be in the same namespace as the `chain` middleware. | [] | Yes | | <a id="middlewares" href="#middlewares" title="#middlewares">`middlewares`</a> | List of middlewares to chain.<br /> The middlewares have to be in the same namespace as the `chain` middleware. | [] | Yes |
docs/content/reference/routing-configuration/http/middlewares/circuitbreaker.md
+8 -8
View File
@@ -65,11 +65,11 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|:--------|:---------| |:------|:------------|:--------|:---------|
| `expression` | Condition to open the circuit breaker and applies the fallback mechanism instead of calling your services.<br />More information [here](#expression) | 100ms | No | | <a id="expression" href="#expression" title="#expression">`expression`</a> | Condition to open the circuit breaker and applies the fallback mechanism instead of calling your services.<br />More information [here](#expression) | 100ms | No |
| `checkPeriod` | The interval between successive checks of the circuit breaker condition (when in standby state). | 100ms | No | | <a id="checkPeriod" href="#checkPeriod" title="#checkPeriod">`checkPeriod`</a> | The interval between successive checks of the circuit breaker condition (when in standby state). | 100ms | No |
| `fallbackDuration` | The duration for which the circuit breaker will wait before trying to recover (from a tripped state). | 10s | No | | <a id="fallbackDuration" href="#fallbackDuration" title="#fallbackDuration">`fallbackDuration`</a> | The duration for which the circuit breaker will wait before trying to recover (from a tripped state). | 10s | No |
| `recoveryDuration` | The duration for which the circuit breaker will try to recover (as soon as it is in recovering state). | 10s | No | | <a id="recoveryDuration" href="#recoveryDuration" title="#recoveryDuration">`recoveryDuration`</a> | The duration for which the circuit breaker will try to recover (as soon as it is in recovering state). | 10s | No |
| `responseCode` | The status code that the circuit breaker will return while it is in the open state. | 503 | No | | <a id="responseCode" href="#responseCode" title="#responseCode">`responseCode`</a> | The status code that the circuit breaker will return while it is in the open state. | 503 | No |
### expression ### expression
@@ -77,9 +77,9 @@ The `expression` option can check three different metrics:
| Metrics | Description | Example | | Metrics | Description | Example |
|:------|:------------|:--------| |:------|:------------|:--------|
| `NetworkErrorRatio` | The network error ratio to open the circuit breaker. | `NetworkErrorRatio() > 0.30` opens the circuit breaker at a 30% ratio of network errors | | <a id="NetworkErrorRatio" href="#NetworkErrorRatio" title="#NetworkErrorRatio">`NetworkErrorRatio`</a> | The network error ratio to open the circuit breaker. | `NetworkErrorRatio() > 0.30` opens the circuit breaker at a 30% ratio of network errors |
| `ResponseCodeRatio` | The status code ratio to open the circuit breaker.<br />More information [below](#responsecoderatio) | `ResponseCodeRatio(500, 600, 0, 600) > 0.25` opens the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX) | | <a id="ResponseCodeRatio" href="#ResponseCodeRatio" title="#ResponseCodeRatio">`ResponseCodeRatio`</a> | The status code ratio to open the circuit breaker.<br />More information [below](#responsecoderatio) | `ResponseCodeRatio(500, 600, 0, 600) > 0.25` opens the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX) |
| `LatencyAtQuantileMS` | The latency at a quantile in milliseconds to open the circuit breaker when a given proportion of your requests become too slow.<br /> Only floating point number (with the trailing .0) for the quantile value. | `LatencyAtQuantileMS(50.0) > 100` opens the circuit breaker when the median latency (quantile 50) reaches 100ms. | | <a id="LatencyAtQuantileMS" href="#LatencyAtQuantileMS" title="#LatencyAtQuantileMS">`LatencyAtQuantileMS`</a> | The latency at a quantile in milliseconds to open the circuit breaker when a given proportion of your requests become too slow.<br /> Only floating point number (with the trailing .0) for the quantile value. | `LatencyAtQuantileMS(50.0) > 100` opens the circuit breaker when the median latency (quantile 50) reaches 100ms. |
#### ResponseCodeRatio #### ResponseCodeRatio
docs/content/reference/routing-configuration/http/middlewares/compress.md
+5 -5
View File
@@ -51,11 +51,11 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
|`excludedContentTypes` | List of content types to compare the `Content-Type` header of the incoming requests and responses before compressing. <br /> The responses with content types defined in `excludedContentTypes` are not compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner. <br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No | | <a id="excludedContentTypes" href="#excludedContentTypes" title="#excludedContentTypes">`excludedContentTypes`</a> | List of content types to compare the `Content-Type` header of the incoming requests and responses before compressing. <br /> The responses with content types defined in `excludedContentTypes` are not compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner. <br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
|`defaultEncoding` | specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). | "" | No | | <a id="defaultEncoding" href="#defaultEncoding" title="#defaultEncoding">`defaultEncoding`</a> | specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). | "" | No |
|`encodings` | Specifies the list of supported compression encodings. At least one encoding value must be specified, and valid entries are `zstd` (Zstandard), `br` (Brotli), and `gzip` (Gzip). The order of the list also sets the priority, the top entry has the highest priority. | zstd, br, gzip | No | | <a id="encodings" href="#encodings" title="#encodings">`encodings`</a> | Specifies the list of supported compression encodings. At least one encoding value must be specified, and valid entries are `zstd` (Zstandard), `br` (Brotli), and `gzip` (Gzip). The order of the list also sets the priority, the top entry has the highest priority. | zstd, br, gzip | No |
| `includedContentTypes` | List of content types to compare the `Content-Type` header of the responses before compressing. <br /> The responses with content types defined in `includedContentTypes` are compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner.<br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No | | <a id="includedContentTypes" href="#includedContentTypes" title="#includedContentTypes">`includedContentTypes`</a> | List of content types to compare the `Content-Type` header of the responses before compressing. <br /> The responses with content types defined in `includedContentTypes` are compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner.<br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
| `minResponseBodyBytes` | `Minimum amount of bytes a response body must have to be compressed. <br />Responses smaller than the specified values will **not** be compressed. | 1024 | No | | <a id="minResponseBodyBytes" href="#minResponseBodyBytes" title="#minResponseBodyBytes">`minResponseBodyBytes`</a> | `Minimum amount of bytes a response body must have to be compressed. <br />Responses smaller than the specified values will **not** be compressed. | 1024 | No |
## Compression activation ## Compression activation
docs/content/reference/routing-configuration/http/middlewares/digestauth.md
+5 -5
View File
@@ -59,11 +59,11 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:---------------------------------------------------------------------------------|:--------|:---------| |:-----------|:---------------------------------------------------------------------------------|:--------|:---------|
| `users` | Array of authorized users. Each user must be declared using the `name:realm:encoded-password` format.<br /> The option `users` supports Kubernetes secrets.<br />(More information [here](#users--usersfile))| [] | No | | <a id="users" href="#users" title="#users">`users`</a> | Array of authorized users. Each user must be declared using the `name:realm:encoded-password` format.<br /> The option `users` supports Kubernetes secrets.<br />(More information [here](#users--usersfile))| [] | No |
| `usersFile` | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:realm:encoded-password`. (More information [here](#users--usersfile)) | "" | No | | <a id="usersFile" href="#usersFile" title="#usersFile">`usersFile`</a> | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:realm:encoded-password`. (More information [here](#users--usersfile)) | "" | No |
| `realm` | Allow customizing the realm for the authentication.| "traefik" | No | | <a id="realm" href="#realm" title="#realm">`realm`</a> | Allow customizing the realm for the authentication.| "traefik" | No |
| `headerField` | Allow defining a header field to store the authenticated user.| "" | No | | <a id="headerField" href="#headerField" title="#headerField">`headerField`</a> | Allow defining a header field to store the authenticated user.| "" | No |
| `removeHeader` | Allow removing the authorization header before forwarding the request to your service. | false | No | | <a id="removeHeader" href="#removeHeader" title="#removeHeader">`removeHeader`</a> | Allow removing the authorization header before forwarding the request to your service. | false | No |
### Passwords format ### Passwords format
docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
+29 -29
View File
@@ -85,27 +85,27 @@ When the bucket is not full, on token is generated every 10 seconds (6 every 1 m
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `limit` | Number of requests used to define the rate using the `period`.<br /> 0 means **no rate limiting**.<br />More information [here](#rate-and-burst).| 0 | No | | <a id="limit" href="#limit" title="#limit">`limit`</a> | Number of requests used to define the rate using the `period`.<br /> 0 means **no rate limiting**.<br />More information [here](#rate-and-burst).| 0 | No |
| `period` | Period of time used to define the rate.<br />More information [here](#rate-and-burst).| 1s | No | | <a id="period" href="#period" title="#period">`period`</a> | Period of time used to define the rate.<br />More information [here](#rate-and-burst).| 1s | No |
| `burst` | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst). | 1 | No | | <a id="burst" href="#burst" title="#burst">`burst`</a> | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst). | 1 | No |
| `denyOnError` | Forces to return a 429 error if the number of remaining requests accepted cannot be get.<br /> Set to `false`, this option allows the request to reach the backend. | true | No | | <a id="denyOnError" href="#denyOnError" title="#denyOnError">`denyOnError`</a> | Forces to return a 429 error if the number of remaining requests accepted cannot be get.<br /> Set to `false`, this option allows the request to reach the backend. | true | No |
| `responseHeaders` | Injects the following rate limiting headers in the response:<br />- X-Rate-Limit-Remaining<br />- X-Rate-Limit-Limit<br />- X-Rate-Limit-Period<br />- X-Rate-Limit-Reset<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No | | <a id="responseHeaders" href="#responseHeaders" title="#responseHeaders">`responseHeaders`</a> | Injects the following rate limiting headers in the response:<br />- X-Rate-Limit-Remaining<br />- X-Rate-Limit-Limit<br />- X-Rate-Limit-Period<br />- X-Rate-Limit-Reset<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false | No |
| `store.redis.endpoints` | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes | | <a id="store-redis-endpoints" href="#store-redis-endpoints" title="#store-redis-endpoints">`store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes |
| `store.redis.username` | The username Traefik Hub will use to connect to Redis | "" | No | | <a id="store-redis-username" href="#store-redis-username" title="#store-redis-username">`store.redis.username`</a> | The username Traefik Hub will use to connect to Redis | "" | No |
| `store.redis.password` | The password Traefik Hub will use to connect to Redis | "" | No | | <a id="store-redis-password" href="#store-redis-password" title="#store-redis-password">`store.redis.password`</a> | The password Traefik Hub will use to connect to Redis | "" | No |
| `store.redis.database` | The database Traefik Hub will use to sore information (default: `0`) | "" | No | | <a id="store-redis-database" href="#store-redis-database" title="#store-redis-database">`store.redis.database`</a> | The database Traefik Hub will use to sore information (default: `0`) | "" | No |
| `store.redis.cluster` | Enable Redis Cluster | "" | No | | <a id="store-redis-cluster" href="#store-redis-cluster" title="#store-redis-cluster">`store.redis.cluster`</a> | Enable Redis Cluster | "" | No |
| `store.redis.tls.caBundle` | Custom CA bundle | "" | No | | <a id="store-redis-tls-caBundle" href="#store-redis-tls-caBundle" title="#store-redis-tls-caBundle">`store.redis.tls.caBundle`</a> | Custom CA bundle | "" | No |
| `store.redis.tls.cert` | TLS certificate | "" | No | | <a id="store-redis-tls-cert" href="#store-redis-tls-cert" title="#store-redis-tls-cert">`store.redis.tls.cert`</a> | TLS certificate | "" | No |
| `store.redis.tls.key` | TLS key | "" | No | | <a id="store-redis-tls-key" href="#store-redis-tls-key" title="#store-redis-tls-key">`store.redis.tls.key`</a> | TLS key | "" | No |
| `store.redis.tls.insecureSkipVerify` | Allow skipping the TLS verification | "" | No | | <a id="store-redis-tls-insecureSkipVerify" href="#store-redis-tls-insecureSkipVerify" title="#store-redis-tls-insecureSkipVerify">`store.redis.tls.insecureSkipVerify`</a> | Allow skipping the TLS verification | "" | No |
| `store.redis.sentinel.masterSet` | Name of the set of main nodes to use for main selection. Required when using Sentinel. | "" | No | | <a id="store-redis-sentinel-masterSet" href="#store-redis-sentinel-masterSet" title="#store-redis-sentinel-masterSet">`store.redis.sentinel.masterSet`</a> | Name of the set of main nodes to use for main selection. Required when using Sentinel. | "" | No |
| `store.redis.sentinel.username` | Username to use for sentinel authentication (can be different from `username`) | "" | No | | <a id="store-redis-sentinel-username" href="#store-redis-sentinel-username" title="#store-redis-sentinel-username">`store.redis.sentinel.username`</a> | Username to use for sentinel authentication (can be different from `username`) | "" | No |
| `store.redis.sentinel.password` | Password to use for sentinel authentication (can be different from `password`) | "" | No | | <a id="store-redis-sentinel-password" href="#store-redis-sentinel-password" title="#store-redis-sentinel-password">`store.redis.sentinel.password`</a> | Password to use for sentinel authentication (can be different from `password`) | "" | No |
| `sourceCriterion.requestHost` | Whether to consider the request host as the source.<br />More information about `sourceCriterion`[here](#sourcecriterion). | false | No | | <a id="sourceCriterion-requestHost" href="#sourceCriterion-requestHost" title="#sourceCriterion-requestHost">`sourceCriterion.requestHost`</a> | Whether to consider the request host as the source.<br />More information about `sourceCriterion`[here](#sourcecriterion). | false | No |
| `sourceCriterion.requestHeaderName` | Name of the header used to group incoming requests.<br />More information about `sourceCriterion`[here](#sourcecriterion). | "" | No | | <a id="sourceCriterion-requestHeaderName" href="#sourceCriterion-requestHeaderName" title="#sourceCriterion-requestHeaderName">`sourceCriterion.requestHeaderName`</a> | Name of the header used to group incoming requests.<br />More information about `sourceCriterion`[here](#sourcecriterion). | "" | No |
| `sourceCriterion.ipStrategy.depth` | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`depth`](#sourcecriterionipstrategydepth) below. | 0 | No | | <a id="sourceCriterion-ipStrategy-depth" href="#sourceCriterion-ipStrategy-depth" title="#sourceCriterion-ipStrategy-depth">`sourceCriterion.ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`depth`](#sourcecriterionipstrategydepth) below. | 0 | No |
| `sourceCriterion.ipStrategy.excludedIPs` | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`excludedIPs`](#sourcecriterionipstrategyexcludedips) below. | | No | | <a id="sourceCriterion-ipStrategy-excludedIPs" href="#sourceCriterion-ipStrategy-excludedIPs" title="#sourceCriterion-ipStrategy-excludedIPs">`sourceCriterion.ipStrategy.excludedIPs`</a> | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`excludedIPs`](#sourcecriterionipstrategyexcludedips) below. | | No |
### sourceCriterion ### sourceCriterion
@@ -129,9 +129,9 @@ If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,1
| `X-Forwarded-For` | `depth` | clientIP | | `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------| |-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### sourceCriterion.ipStrategy.excludedIPs ### sourceCriterion.ipStrategy.excludedIPs
@@ -146,8 +146,8 @@ Example to use each IP as a distinct source:
| X-Forwarded-For | excludedIPs | clientIP | | X-Forwarded-For | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------| |--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-1" href="#10-0-0-111-0-0-112-0-0-1" title="#10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` | | <a id="10-0-0-211-0-0-112-0-0-1" href="#10-0-0-211-0-0-112-0-0-1" title="#10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source, and all contribute to the same rate-limit bucket. 2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source, and all contribute to the same rate-limit bucket.
@@ -155,9 +155,9 @@ Example to group IPs together as same source:
| X-Forwarded-For | excludedIPs | clientIP | | X-Forwarded-For | excludedIPs | clientIP |
|--------------------------------|--------------|--------------| |--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-211-0-0-112-0-0-1-2" href="#10-0-0-211-0-0-112-0-0-1-2" title="#10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.3,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-311-0-0-112-0-0-1" href="#10-0-0-311-0-0-112-0-0-1" title="#10-0-0-311-0-0-112-0-0-1">`"10.0.0.3,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
### store ### store
docs/content/reference/routing-configuration/http/middlewares/errorpages.md
+5 -5
View File
@@ -81,9 +81,9 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `status` | Defines which status or range of statuses should result in an error page.<br/> The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).<br /> You can define either a status code as a number (`500`), as multiple comma-separated numbers (`500,502`), as ranges by separating two codes with a dash (`505-599`), or a combination of the two (`404,418,505-599`). | [] | No | | <a id="status" href="#status" title="#status">`status`</a> | Defines which status or range of statuses should result in an error page.<br/> The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).<br /> You can define either a status code as a number (`500`), as multiple comma-separated numbers (`500,502`), as ranges by separating two codes with a dash (`505-599`), or a combination of the two (`404,418,505-599`). | [] | No |
| `service` | The service that will serve the new requested error page.<br /> More information [here](#service-and-hostheader). | "" | No | | <a id="service" href="#service" title="#service">`service`</a> | The service that will serve the new requested error page.<br /> More information [here](#service-and-hostheader). | "" | No |
| `query` | The URL for the error page (hosted by `service`).<br /> More information [here](#query) | "" | No | | <a id="query" href="#query" title="#query">`query`</a> | The URL for the error page (hosted by `service`).<br /> More information [here](#query) | "" | No |
### service and HostHeader ### service and HostHeader
@@ -102,5 +102,5 @@ The table below lists all the available variables and their associated values.
| Variable | Value | | Variable | Value |
|------------|------------------------------------------------------------------| |------------|------------------------------------------------------------------|
| `{status}` | The response status code. | | <a id="status-2" href="#status-2" title="#status-2">`{status}`</a> | The response status code. |
| `{url}` | The [escaped](https://pkg.go.dev/net/url#QueryEscape) request URL.| | <a id="url" href="#url" title="#url">`{url}`</a> | The [escaped](https://pkg.go.dev/net/url#QueryEscape) request URL.|
docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
+22 -22
View File
@@ -55,23 +55,23 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `address` | Authentication server address. | "" | Yes | | <a id="address" href="#address" title="#address">`address`</a> | Authentication server address. | "" | Yes |
| `trustForwardHeader` | Trust all `X-Forwarded-*` headers. | false | No | | <a id="trustForwardHeader" href="#trustForwardHeader" title="#trustForwardHeader">`trustForwardHeader`</a> | Trust all `X-Forwarded-*` headers. | false | No |
| `authResponseHeaders` | List of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. | [] | No | | <a id="authResponseHeaders" href="#authResponseHeaders" title="#authResponseHeaders">`authResponseHeaders`</a> | List of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. | [] | No |
| `authResponseHeadersRegex` | Regex to match by the headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.<br /> More information [here](#authresponseheadersregex). | "" | No | | <a id="authResponseHeadersRegex" href="#authResponseHeadersRegex" title="#authResponseHeadersRegex">`authResponseHeadersRegex`</a> | Regex to match by the headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.<br /> More information [here](#authresponseheadersregex). | "" | No |
| `authRequestHeaders` | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No | | <a id="authRequestHeaders" href="#authRequestHeaders" title="#authRequestHeaders">`authRequestHeaders`</a> | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No |
| `addAuthCookiesToResponse` | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No | | <a id="addAuthCookiesToResponse" href="#addAuthCookiesToResponse" title="#addAuthCookiesToResponse">`addAuthCookiesToResponse`</a> | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No |
| `forwardBody` | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No | | <a id="forwardBody" href="#forwardBody" title="#forwardBody">`forwardBody`</a> | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No |
| `maxBodySize` | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). | -1 | No | | <a id="maxBodySize" href="#maxBodySize" title="#maxBodySize">`maxBodySize`</a> | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). | -1 | No |
| `headerField` | Defines a header field to store the authenticated user. | "" | No | | <a id="headerField" href="#headerField" title="#headerField">`headerField`</a> | Defines a header field to store the authenticated user. | "" | No |
| `preserveLocationHeader` | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No | | <a id="preserveLocationHeader" href="#preserveLocationHeader" title="#preserveLocationHeader">`preserveLocationHeader`</a> | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No |
| `PreserveRequestMethod` | Defines whether to preserve the original request method while forwarding the request to the authentication server. | false | No | | <a id="PreserveRequestMethod" href="#PreserveRequestMethod" title="#PreserveRequestMethod">`PreserveRequestMethod`</a> | Defines whether to preserve the original request method while forwarding the request to the authentication server. | false | No |
| `tls.ca` | Sets the path to the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. | "" | No | | <a id="tls-ca" href="#tls-ca" title="#tls-ca">`tls.ca`</a> | Sets the path to the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. | "" | No |
| `tls.cert` | Sets the path to the public certificate used for the secure connection to the authentication server. When using this option, setting the key option is required. | "" | No | | <a id="tls-cert" href="#tls-cert" title="#tls-cert">`tls.cert`</a> | Sets the path to the public certificate used for the secure connection to the authentication server. When using this option, setting the key option is required. | "" | No |
| `tls.key` | Sets the path to the private key used for the secure connection to the authentication server. When using this option, setting the `cert` option is required. | "" | No | | <a id="tls-key" href="#tls-key" title="#tls-key">`tls.key`</a> | Sets the path to the private key used for the secure connection to the authentication server. When using this option, setting the `cert` option is required. | "" | No |
| `tls.caSecret` | Defines the secret that contains the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. **This option is only available for the Kubernetes CRD**. | | No | | <a id="tls-caSecret" href="#tls-caSecret" title="#tls-caSecret">`tls.caSecret`</a> | Defines the secret that contains the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. **This option is only available for the Kubernetes CRD**. | | No |
| `tls.certSecret` | Defines the secret that contains both the private and public certificates used for the secure connection to the authentication server. **This option is only available for the Kubernetes CRD**. | | No | | <a id="tls-certSecret" href="#tls-certSecret" title="#tls-certSecret">`tls.certSecret`</a> | Defines the secret that contains both the private and public certificates used for the secure connection to the authentication server. **This option is only available for the Kubernetes CRD**. | | No |
| `tls.insecureSkipVerify` | During TLS connections, if this option is set to `true`, the authentication server will accept any certificate presented by the server regardless of the host names it covers. | false | No | | <a id="tls-insecureSkipVerify" href="#tls-insecureSkipVerify" title="#tls-insecureSkipVerify">`tls.insecureSkipVerify`</a> | During TLS connections, if this option is set to `true`, the authentication server will accept any certificate presented by the server regardless of the host names it covers. | false | No |
### authResponseHeadersRegex ### authResponseHeadersRegex
@@ -87,10 +87,10 @@ The following request properties are provided to the forward-auth target endpoin
| Property | Forward-Request Header | | Property | Forward-Request Header |
|-------------------|------------------------| |-------------------|------------------------|
| HTTP Method | X-Forwarded-Method | | <a id="HTTP-Method" href="#HTTP-Method" title="#HTTP-Method">HTTP Method</a> | X-Forwarded-Method |
| Protocol | X-Forwarded-Proto | | <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | X-Forwarded-Proto |
| Host | X-Forwarded-Host | | <a id="Host" href="#Host" title="#Host">Host</a> | X-Forwarded-Host |
| Request URI | X-Forwarded-Uri | | <a id="Request-URI" href="#Request-URI" title="#Request-URI">Request URI</a> | X-Forwarded-Uri |
| Source IP-Address | X-Forwarded-For | | <a id="Source-IP-Address" href="#Source-IP-Address" title="#Source-IP-Address">Source IP-Address</a> | X-Forwarded-For |
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/middlewares/grpcweb.md
+1 -1
View File
@@ -56,7 +56,7 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:------------------------------------------|:--------|:---------| |:-----------------------------|:------------------------------------------|:--------|:---------|
| `allowOrigins` | List of allowed origins. <br /> A wildcard origin `*` can also be configured to match all requests.<br /> More information [here](#alloworigins). | [] | No | | <a id="allowOrigins" href="#allowOrigins" title="#allowOrigins">`allowOrigins`</a> | List of allowed origins. <br /> A wildcard origin `*` can also be configured to match all requests.<br /> More information [here](#alloworigins). | [] | No |
### allowOrigins ### allowOrigins
docs/content/reference/routing-configuration/http/middlewares/headers.md
+33 -33
View File
@@ -9,11 +9,11 @@ By default, the following headers are automatically added when proxying requests
| Property | HTTP Header | | Property | HTTP Header |
|---------------------------|----------------------------| |---------------------------|----------------------------|
| Client's IP | X-Forwarded-For, X-Real-Ip | | <a id="Clients-IP" href="#Clients-IP" title="#Clients-IP">Client's IP</a> | X-Forwarded-For, X-Real-Ip |
| Host | X-Forwarded-Host | | <a id="Host" href="#Host" title="#Host">Host</a> | X-Forwarded-Host |
| Port | X-Forwarded-Port | | <a id="Port" href="#Port" title="#Port">Port</a> | X-Forwarded-Port |
| Protocol | X-Forwarded-Proto | | <a id="Protocol" href="#Protocol" title="#Protocol">Protocol</a> | X-Forwarded-Proto |
| Proxy Server's Hostname | X-Forwarded-Server | | <a id="Proxy-Servers-Hostname" href="#Proxy-Servers-Hostname" title="#Proxy-Servers-Hostname">Proxy Server's Hostname</a> | X-Forwarded-Server |
## Configuration Examples ## Configuration Examples
@@ -266,34 +266,34 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
| ----------------------------- | ------------------------------------------------- | --------- | -------- | | ----------------------------- | ------------------------------------------------- | --------- | -------- |
| `customRequestHeaders` | Lists the header names and values for requests. | [] | No | | <a id="customRequestHeaders" href="#customRequestHeaders" title="#customRequestHeaders">`customRequestHeaders`</a> | Lists the header names and values for requests. | [] | No |
| `customResponseHeaders` | Lists the header names and values for responses. | [] | No | | <a id="customResponseHeaders" href="#customResponseHeaders" title="#customResponseHeaders">`customResponseHeaders`</a> | Lists the header names and values for responses. | [] | No |
| `accessControlAllowCredentials` | Indicates if the request can include user credentials.| false | No | | <a id="accessControlAllowCredentials" href="#accessControlAllowCredentials" title="#accessControlAllowCredentials">`accessControlAllowCredentials`</a> | Indicates if the request can include user credentials.| false | No |
| `accessControlAllowHeaders` | Specifies allowed request header names. | [] | No | | <a id="accessControlAllowHeaders" href="#accessControlAllowHeaders" title="#accessControlAllowHeaders">`accessControlAllowHeaders`</a> | Specifies allowed request header names. | [] | No |
| `accessControlAllowMethods` | Specifies allowed request methods. | [] | No | | <a id="accessControlAllowMethods" href="#accessControlAllowMethods" title="#accessControlAllowMethods">`accessControlAllowMethods`</a> | Specifies allowed request methods. | [] | No |
| `accessControlAllowOriginList` | Specifies allowed origins. More information [here](#accesscontrolalloworiginlist) | [] | No | | <a id="accessControlAllowOriginList" href="#accessControlAllowOriginList" title="#accessControlAllowOriginList">`accessControlAllowOriginList`</a> | Specifies allowed origins. More information [here](#accesscontrolalloworiginlist) | [] | No |
| `accessControlAllowOriginListRegex` | Allows origins matching regex. More information [here](#accesscontrolalloworiginlistregex) | [] | No | | <a id="accessControlAllowOriginListRegex" href="#accessControlAllowOriginListRegex" title="#accessControlAllowOriginListRegex">`accessControlAllowOriginListRegex`</a> | Allows origins matching regex. More information [here](#accesscontrolalloworiginlistregex) | [] | No |
| `accessControlExposeHeaders` | Specifies which headers are safe to expose to the API of a CORS API specification. | [] | No | | <a id="accessControlExposeHeaders" href="#accessControlExposeHeaders" title="#accessControlExposeHeaders">`accessControlExposeHeaders`</a> | Specifies which headers are safe to expose to the API of a CORS API specification. | [] | No |
| `accessControlMaxAge` | Time (in seconds) to cache preflight requests. | 0 | No | | <a id="accessControlMaxAge" href="#accessControlMaxAge" title="#accessControlMaxAge">`accessControlMaxAge`</a> | Time (in seconds) to cache preflight requests. | 0 | No |
| `addVaryHeader` | Used in conjunction with `accessControlAllowOriginList` to determine whether the `Vary` header should be added or modified to demonstrate that server responses can differ based on the value of the origin header. | false | No | | <a id="addVaryHeader" href="#addVaryHeader" title="#addVaryHeader">`addVaryHeader`</a> | Used in conjunction with `accessControlAllowOriginList` to determine whether the `Vary` header should be added or modified to demonstrate that server responses can differ based on the value of the origin header. | false | No |
| `allowedHosts` | Lists allowed domain names. | [] | No | | <a id="allowedHosts" href="#allowedHosts" title="#allowedHosts">`allowedHosts`</a> | Lists allowed domain names. | [] | No |
| `hostsProxyHeaders` | Specifies header keys for proxied hostname. | [] | No | | <a id="hostsProxyHeaders" href="#hostsProxyHeaders" title="#hostsProxyHeaders">`hostsProxyHeaders`</a> | Specifies header keys for proxied hostname. | [] | No |
| `sslProxyHeaders` | Defines a set of header keys with associated values that would indicate a valid HTTPS request. It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). | {} | No | | <a id="sslProxyHeaders" href="#sslProxyHeaders" title="#sslProxyHeaders">`sslProxyHeaders`</a> | Defines a set of header keys with associated values that would indicate a valid HTTPS request. It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`). | {} | No |
| `stsSeconds` | Max age for `Strict-Transport-Security` header. | 0 | No | | <a id="stsSeconds" href="#stsSeconds" title="#stsSeconds">`stsSeconds`</a> | Max age for `Strict-Transport-Security` header. | 0 | No |
| `stsIncludeSubdomains` | If set to `true`, the `includeSubDomains` directive is appended to the `Strict-Transport-Security` header. | false | No | | <a id="stsIncludeSubdomains" href="#stsIncludeSubdomains" title="#stsIncludeSubdomains">`stsIncludeSubdomains`</a> | If set to `true`, the `includeSubDomains` directive is appended to the `Strict-Transport-Security` header. | false | No |
| `stsPreload` | Adds preload flag to STS header. | false | No | | <a id="stsPreload" href="#stsPreload" title="#stsPreload">`stsPreload`</a> | Adds preload flag to STS header. | false | No |
| `forceSTSHeader` | Adds STS header for HTTP connections. | false | No | | <a id="forceSTSHeader" href="#forceSTSHeader" title="#forceSTSHeader">`forceSTSHeader`</a> | Adds STS header for HTTP connections. | false | No |
| `frameDeny` | Set `frameDeny` to `true` to add the `X-Frame-Options` header with the value of `DENY`. | false | No | | <a id="frameDeny" href="#frameDeny" title="#frameDeny">`frameDeny`</a> | Set `frameDeny` to `true` to add the `X-Frame-Options` header with the value of `DENY`. | false | No |
| `customFrameOptionsValue` | allows the `X-Frame-Options` header value to be set with a custom value. This overrides the `FrameDeny` option. | "" | No | | <a id="customFrameOptionsValue" href="#customFrameOptionsValue" title="#customFrameOptionsValue">`customFrameOptionsValue`</a> | allows the `X-Frame-Options` header value to be set with a custom value. This overrides the `FrameDeny` option. | "" | No |
| `contentTypeNosniff` | Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`. | false | No | | <a id="contentTypeNosniff" href="#contentTypeNosniff" title="#contentTypeNosniff">`contentTypeNosniff`</a> | Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`. | false | No |
| `browserXssFilter` | Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`. | false | No | | <a id="browserXssFilter" href="#browserXssFilter" title="#browserXssFilter">`browserXssFilter`</a> | Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`. | false | No |
| `customBrowserXSSValue` | allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the `BrowserXssFilter` option. | false | No | | <a id="customBrowserXSSValue" href="#customBrowserXSSValue" title="#customBrowserXSSValue">`customBrowserXSSValue`</a> | allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the `BrowserXssFilter` option. | false | No |
| `contentSecurityPolicy` | allows the `Content-Security-Policy` header value to be set with a custom value. | false | No | | <a id="contentSecurityPolicy" href="#contentSecurityPolicy" title="#contentSecurityPolicy">`contentSecurityPolicy`</a> | allows the `Content-Security-Policy` header value to be set with a custom value. | false | No |
| `contentSecurityPolicyReportOnly` | allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value. | "" | No | | <a id="contentSecurityPolicyReportOnly" href="#contentSecurityPolicyReportOnly" title="#contentSecurityPolicyReportOnly">`contentSecurityPolicyReportOnly`</a> | allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value. | "" | No |
| `publicKey` | Implements HPKP for certificate pinning. | "" | No | | <a id="publicKey" href="#publicKey" title="#publicKey">`publicKey`</a> | Implements HPKP for certificate pinning. | "" | No |
| `referrerPolicy` | Controls forwarding of `Referer` header. | "" | No | | <a id="referrerPolicy" href="#referrerPolicy" title="#referrerPolicy">`referrerPolicy`</a> | Controls forwarding of `Referer` header. | "" | No |
| `permissionsPolicy` | allows sites to control browser features. | "" | No | | <a id="permissionsPolicy" href="#permissionsPolicy" title="#permissionsPolicy">`permissionsPolicy`</a> | allows sites to control browser features. | "" | No |
| `isDevelopment` | Set `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options. Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain. | false | No | | <a id="isDevelopment" href="#isDevelopment" title="#isDevelopment">`isDevelopment`</a> | Set `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options. Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain. | false | No |
### `accessControlAllowOriginList` ### `accessControlAllowOriginList`
docs/content/reference/routing-configuration/http/middlewares/hmac.md
+13 -13
View File
@@ -52,9 +52,9 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------------------|:---------------------------------------------|:--------|:---------| |:------------------|:---------------------------------------------|:--------|:---------|
| `keys` | A static set of secret keys to be used by HMAC middleware. | | Yes | | <a id="keys" href="#keys" title="#keys">`keys`</a> | A static set of secret keys to be used by HMAC middleware. | | Yes |
| `validateDigest` | Determines whether the middleware should validate the digest sum of the request body. | true | No | | <a id="validateDigest" href="#validateDigest" title="#validateDigest">`validateDigest`</a> | Determines whether the middleware should validate the digest sum of the request body. | true | No |
| `enforcedHeaders` | A set of headers that must be included in the computation of the signature of the request. | | No | | <a id="enforcedHeaders" href="#enforcedHeaders" title="#enforcedHeaders">`enforcedHeaders`</a> | A set of headers that must be included in the computation of the signature of the request. | | No |
## Authentication Mechanism ## Authentication Mechanism
@@ -72,12 +72,12 @@ Authorization: Hmac keyId="secret-id-1",algorithm="hmac-sha256",headers="(reques
| Parameter | Description | Example | | Parameter | Description | Example |
|-------------|--------------------------------|------------------------------------| |-------------|--------------------------------|------------------------------------|
| `keyId` | Identifier of the key being used by the sender to build the signature | `keyId="secret-key-1"` | | <a id="keyId" href="#keyId" title="#keyId">`keyId`</a> | Identifier of the key being used by the sender to build the signature | `keyId="secret-key-1"` |
| `algorithm` | Algorithm used to generate the signature.<br /> Supported values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384` and `hmac-sha512`. | `algorithm="hmac-sha512"` | | <a id="algorithm" href="#algorithm" title="#algorithm">`algorithm`</a> | Algorithm used to generate the signature.<br /> Supported values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384` and `hmac-sha512`. | `algorithm="hmac-sha512"` |
| `headers` | List of headers to use in order to build the signature string.<br /> Each item **must** be lowercase. | `headers="host content-type"` | | <a id="headers" href="#headers" title="#headers">`headers`</a> | List of headers to use in order to build the signature string.<br /> Each item **must** be lowercase. | `headers="host content-type"` |
| `signature` | Digital Signature of the request. See [computing the signature](#computing-the-signature). | `signature="c29tZXNpZ25hdHVyZQ=="` | | <a id="signature" href="#signature" title="#signature">`signature`</a> | Digital Signature of the request. See [computing the signature](#computing-the-signature). | `signature="c29tZXNpZ25hdHVyZQ=="` |
| `created` | Unix timestamp of the signature creation. | `created="1574453022"` | | <a id="created" href="#created" title="#created">`created`</a> | Unix timestamp of the signature creation. | `created="1574453022"` |
| `expires` | Unix timestamp of the signature expiration. | `expires="1574453022"` | | <a id="expires" href="#expires" title="#expires">`expires`</a> | Unix timestamp of the signature expiration. | `expires="1574453022"` |
!!! danger "Time sensitivity" !!! danger "Time sensitivity"
If the `created` timestamp is in the future or the `expires` timestamp is in the past, the middleware will refuse the request. If the `created` timestamp is in the future or the `expires` timestamp is in the past, the middleware will refuse the request.
@@ -120,9 +120,9 @@ To allow this, the `headers` parameter accepts special header names that can be
| Value | Description | Signature String Example | | Value | Description | Signature String Example |
| --------------------- | ------------------------------------------------------------- |------------------------- | | --------------------- | ------------------------------------------------------------- |------------------------- |
| `(request-target)` | Obtained by concatenating the lowercase `:method`, an ASCII space, and the `:path` pseudo-headers ([as specified in HTTP/2](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)). | `(request-target): get /api/V1/resource?query=foo` | | <a id="request-target" href="#request-target" title="#request-target">`(request-target)`</a> | Obtained by concatenating the lowercase `:method`, an ASCII space, and the `:path` pseudo-headers ([as specified in HTTP/2](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)). | `(request-target): get /api/V1/resource?query=foo` |
| `(created)` | Value of the authorization header `created` parameter. | `(created): 1584453022` | | <a id="created-2" href="#created-2" title="#created-2">`(created)`</a> | Value of the authorization header `created` parameter. | `(created): 1584453022` |
| `(expires)` | Value of the authorization header `expires` parameter. | `(expires): 1584453082` | | <a id="expires-2" href="#expires-2" title="#expires-2">`(expires)`</a> | Value of the authorization header `expires` parameter. | `(expires): 1584453082` |
Their evaluated value is obtained by appending the special header name with an ASCII colon `:` an ASCII space \` \` then the designated value. Their evaluated value is obtained by appending the special header name with an ASCII colon `:` an ASCII space \` \` then the designated value.
@@ -204,4 +204,4 @@ Only SHA-256 and SHA-512 checksums are supported for checksum computation.
To disable this feature and only perform authentication, set the `validateDigest` option to `false` in the middleware configuration. To disable this feature and only perform authentication, set the `validateDigest` option to `false` in the middleware configuration.
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
+17 -17
View File
@@ -54,12 +54,12 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `amount` | The `amount` option defines the maximum amount of allowed simultaneous in-flight request. <br /> The middleware responds with `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `sourceCriterion` strategy). | 0 | No | | <a id="amount" href="#amount" title="#amount">`amount`</a> | The `amount` option defines the maximum amount of allowed simultaneous in-flight request. <br /> The middleware responds with `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `sourceCriterion` strategy). | 0 | No |
| `sourceCriterion.requestHost` | Whether to consider the request host as the source.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | false | No | | <a id="sourceCriterion-requestHost" href="#sourceCriterion-requestHost" title="#sourceCriterion-requestHost">`sourceCriterion.requestHost`</a> | Whether to consider the request host as the source.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | false | No |
| `sourceCriterion.requestHeaderName` | Name of the header used to group incoming requests.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | "" | No | | <a id="sourceCriterion-requestHeaderName" href="#sourceCriterion-requestHeaderName" title="#sourceCriterion-requestHeaderName">`sourceCriterion.requestHeaderName`</a> | Name of the header used to group incoming requests.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | "" | No |
| `sourceCriterion.ipStrategy.depth` | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0 | No | | <a id="sourceCriterion-ipStrategy-depth" href="#sourceCriterion-ipStrategy-depth" title="#sourceCriterion-ipStrategy-depth">`sourceCriterion.ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0 | No |
| `sourceCriterion.ipStrategy.excludedIPs` | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No | | <a id="sourceCriterion-ipStrategy-excludedIPs" href="#sourceCriterion-ipStrategy-excludedIPs" title="#sourceCriterion-ipStrategy-excludedIPs">`sourceCriterion.ipStrategy.excludedIPs`</a> | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No |
| `sourceCriterion.ipStrategy.ipv6Subnet` | If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No | | <a id="sourceCriterion-ipStrategy-ipv6Subnet" href="#sourceCriterion-ipStrategy-ipv6Subnet" title="#sourceCriterion-ipStrategy-ipv6Subnet">`sourceCriterion.ipStrategy.ipv6Subnet`</a> | If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No |
### sourceCriterion ### sourceCriterion
@@ -90,9 +90,9 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| IP | ipv6Subnet | clientIP | | IP | ipv6Subnet | clientIP |
|---------------------------|--------------|-----------------------| |---------------------------|--------------|-----------------------|
| `"::abcd:1111:2222:3333"` | `64` | `"::0:0:0:0"` | | <a id="abcd111122223333" href="#abcd111122223333" title="#abcd111122223333">`"::abcd:1111:2222:3333"`</a> | `64` | `"::0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` | | <a id="abcd111122223333-2" href="#abcd111122223333-2" title="#abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` | | <a id="abcd111122223333-3" href="#abcd111122223333-3" title="#abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96` | `"::abcd:1111:0:0:0"` |
### Example of Depth & X-Forwarded-For ### Example of Depth & X-Forwarded-For
@@ -100,16 +100,16 @@ If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,1
| X-Forwarded-For | depth | clientIP | | X-Forwarded-For | depth | clientIP |
|-----------------------------------------|---------|--------------| |-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### Example of ExcludedIPs & X-Forwarded-For ### Example of ExcludedIPs & X-Forwarded-For
| X-Forwarded-For | excludedIPs | clientIP | | X-Forwarded-For | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------| |-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-6" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-6" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-6">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-7" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-7" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-7">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` | | <a id="10-0-0-111-0-0-1" href="#10-0-0-111-0-0-1" title="#10-0-0-111-0-0-1">`"10.0.0.1,11.0.0.1"`</a> | `"10.0.0.1,11.0.0.1"` | `""` |
docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
+15 -15
View File
@@ -56,10 +56,10 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:------------------------------|:--------|:---------| |:-----------|:------------------------------|:--------|:---------|
| `sourceRange` | List of allowed IPs (or ranges of allowed IPs by using CIDR notation). | | Yes | | <a id="sourceRange" href="#sourceRange" title="#sourceRange">`sourceRange`</a> | List of allowed IPs (or ranges of allowed IPs by using CIDR notation). | | Yes |
| `ipStrategy.depth` | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br /> If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0 | No | | <a id="ipStrategy-depth" href="#ipStrategy-depth" title="#ipStrategy-depth">`ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br /> If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0 | No |
| `ipStrategy.excludedIPs` | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No | | <a id="ipStrategy-excludedIPs" href="#ipStrategy-excludedIPs" title="#ipStrategy-excludedIPs">`ipStrategy.excludedIPs`</a> | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No |
| `ipStrategy.ipv6Subnet` | If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br />More information about [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No | | <a id="ipStrategy-ipv6Subnet" href="#ipStrategy-ipv6Subnet" title="#ipStrategy-ipv6Subnet">`ipStrategy.ipv6Subnet`</a> | If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br />More information about [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No |
### ipStrategy ### ipStrategy
@@ -95,9 +95,9 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| IP | ipv6Subnet | clientIP | | IP | ipv6Subnet | clientIP |
|---------------------------|--------------|-----------------------| |---------------------------|--------------|-----------------------|
| `"::abcd:1111:2222:3333"` | `64` | `"::0:0:0:0"` | | <a id="abcd111122223333" href="#abcd111122223333" title="#abcd111122223333">`"::abcd:1111:2222:3333"`</a> | `64` | `"::0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` | | <a id="abcd111122223333-2" href="#abcd111122223333-2" title="#abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` | | <a id="abcd111122223333-3" href="#abcd111122223333-3" title="#abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96` | `"::abcd:1111:0:0:0"` |
### Example of Depth & X-Forwarded-For ### Example of Depth & X-Forwarded-For
@@ -105,16 +105,16 @@ If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,1
| X-Forwarded-For | depth | clientIP | | X-Forwarded-For | depth | clientIP |
|-----------------------------------------|---------|--------------| |-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### Example of ExcludedIPs & X-Forwarded-For ### Example of ExcludedIPs & X-Forwarded-For
| X-Forwarded-For | excludedIPs | clientIP | | X-Forwarded-For | excludedIPs | clientIP |
|-----------------------------------------|-----------------------|--------------| |-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-6" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-6" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-6">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-7" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-7" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-7">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` | | <a id="10-0-0-111-0-0-1" href="#10-0-0-111-0-0-1" title="#10-0-0-111-0-0-1">`"10.0.0.1,11.0.0.1"`</a> | `"10.0.0.1,11.0.0.1"` | `""` |
docs/content/reference/routing-configuration/http/middlewares/jwt.md
+26 -26
View File
@@ -36,22 +36,22 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:----------------|:------------------------------------------------|:--------|:---------| |:----------------|:------------------------------------------------|:--------|:---------|
| `signingSecret` | Defines the secret used for signing the JWT certificates. <br /> It is then used by the middleware to verify incoming requests. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#signingsecret)) | "" | No | | <a id="signingSecret" href="#signingSecret" title="#signingSecret">`signingSecret`</a> | Defines the secret used for signing the JWT certificates. <br /> It is then used by the middleware to verify incoming requests. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#signingsecret)) | "" | No |
| `signingSecretBase64Encoded` | Defines whether the `signingSecret` is base64-encoded. <br /> If set to `true`, the `signingSecret` is base64-decoded before being used. | false | No | | <a id="signingSecretBase64Encoded" href="#signingSecretBase64Encoded" title="#signingSecretBase64Encoded">`signingSecretBase64Encoded`</a> | Defines whether the `signingSecret` is base64-encoded. <br /> If set to `true`, the `signingSecret` is base64-decoded before being used. | false | No |
| `publicKey` | Defines the public key used to verify secret signature in incoming requests. <br /> In that case, users should sign their token using a private key corresponding to the configured public key. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. | "" | No | | <a id="publicKey" href="#publicKey" title="#publicKey">`publicKey`</a> | Defines the public key used to verify secret signature in incoming requests. <br /> In that case, users should sign their token using a private key corresponding to the configured public key. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. | "" | No |
| `jwksFile` | Defines a set of [JWK](https://tools.ietf.org/html/rfc7517) to be used to verify the signature of JWTs. <br /> The option can either be a path to a file mounted on the API Gateway or directly the content of a JWK set file. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#jwksfile)) | "" | No | | <a id="jwksFile" href="#jwksFile" title="#jwksFile">`jwksFile`</a> | Defines a set of [JWK](https://tools.ietf.org/html/rfc7517) to be used to verify the signature of JWTs. <br /> The option can either be a path to a file mounted on the API Gateway or directly the content of a JWK set file. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#jwksfile)) | "" | No |
| `jwksUrl` | Defines the URL of the host serving a [JWK](https://tools.ietf.org/html/rfc7517) set. <br />The keys are cached if the HTTP Cache Control allows for caching. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set.<br />(More information [here](#jwksurl)) | "" | No | | <a id="jwksUrl" href="#jwksUrl" title="#jwksUrl">`jwksUrl`</a> | Defines the URL of the host serving a [JWK](https://tools.ietf.org/html/rfc7517) set. <br />The keys are cached if the HTTP Cache Control allows for caching. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set.<br />(More information [here](#jwksurl)) | "" | No |
| `forwardAuthorization` | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false | No | | <a id="forwardAuthorization" href="#forwardAuthorization" title="#forwardAuthorization">`forwardAuthorization`</a> | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false | No |
| `tokenKey` | Defines the name of the query and form data parameter used for passing the JWT, for applications that can't pass it in the `Authorization` header. <br /> The middleware always looks in the `Authorization` header first, even with this option enabled. <br /> This option should only be enabled if the JWT cannot be passed as an Authorization header, as it is not recommended by the [RFC](https://www.rfc-editor.org/rfc/rfc6750#section-2). | "" | No | | <a id="tokenKey" href="#tokenKey" title="#tokenKey">`tokenKey`</a> | Defines the name of the query and form data parameter used for passing the JWT, for applications that can't pass it in the `Authorization` header. <br /> The middleware always looks in the `Authorization` header first, even with this option enabled. <br /> This option should only be enabled if the JWT cannot be passed as an Authorization header, as it is not recommended by the [RFC](https://www.rfc-editor.org/rfc/rfc6750#section-2). | "" | No |
| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No | | <a id="claims" href="#claims" title="#claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No |
| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No | | <a id="usernameClaim" href="#usernameClaim" title="#usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No |
| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No | | <a id="forwardHeaders" href="#forwardHeaders" title="#forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No |
| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-ca" href="#clientConfig-tls-ca" title="#clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-cert" href="#clientConfig-tls-cert" title="#clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.key` | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-key" href="#clientConfig-tls-key" title="#clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-insecureSkipVerify" href="#clientConfig-tls-insecureSkipVerify" title="#clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server. | 5 | No | | <a id="clientConfig-timeoutSeconds" href="#clientConfig-timeoutSeconds" title="#clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server. | 5 | No |
| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3 | No | | <a id="clientConfig-maxRetries" href="#clientConfig-maxRetries" title="#clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3 | No |
### claims ### claims
@@ -61,20 +61,20 @@ The following functions are supported in `claims`:
| Function | Description | Example | | Function | Description | Example |
|-------------------|--------------------|-----------------| |-------------------|--------------------|-----------------|
| Equals | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) | | <a id="Equals" href="#Equals" title="#Equals">Equals</a> | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) |
| Prefix | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) | | <a id="Prefix" href="#Prefix" title="#Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) |
| Contains (string) | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) | | <a id="Contains-string" href="#Contains-string" title="#Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) |
| Contains (array) | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) | | <a id="Contains-array" href="#Contains-array" title="#Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) |
| SplitContains | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) | | <a id="SplitContains" href="#SplitContains" title="#SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) |
| OneOf | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) | | <a id="OneOf" href="#OneOf" title="#OneOf">OneOf</a> | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) |
All functions can be joined by boolean operands. The supported operands are: All functions can be joined by boolean operands. The supported operands are:
| Operand | Description | Example | | Operand | Description | Example |
|---------|--------------------|-----------------| |---------|--------------------|-----------------|
| && | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) | | <a id="row" href="#row" title="#row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) |
| \|\| | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) | | <a id="row-2" href="#row-2" title="#row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
| ! | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) | | <a id="row-3" href="#row-3" title="#row-3">!</a> | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) |
All examples will return true for the following data structure: All examples will return true for the following data structure:
@@ -230,4 +230,4 @@ The reference to a Kubernetes secret takes the form of a URN:
urn:k8s:secret:[name]:[valueKey] urn:k8s:secret:[name]:[valueKey]
``` ```
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/middlewares/ldap.md
+19 -19
View File
@@ -64,24 +64,24 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|:--------|:---------| |:------|:------------|:--------|:---------|
| `url` | LDAP server URL. Either the `ldaps` or `ldap` protocol and end with a port (ex: `ldaps://ldap.example.org:636`). | "" | Yes | | <a id="url" href="#url" title="#url">`url`</a> | LDAP server URL. Either the `ldaps` or `ldap` protocol and end with a port (ex: `ldaps://ldap.example.org:636`). | "" | Yes |
| `startTLS` | Enable [`StartTLS`](https://tools.ietf.org/html/rfc4511#section-4.14) request when initializing the connection with the LDAP server. | false | No | | <a id="startTLS" href="#startTLS" title="#startTLS">`startTLS`</a> | Enable [`StartTLS`](https://tools.ietf.org/html/rfc4511#section-4.14) request when initializing the connection with the LDAP server. | false | No |
| `certificateAuthority` | PEM-encoded certificate to use to establish a connection with the LDAP server if the connection uses TLS but that the certificate was signed by a custom Certificate Authority. | "" | No | | <a id="certificateAuthority" href="#certificateAuthority" title="#certificateAuthority">`certificateAuthority`</a> | PEM-encoded certificate to use to establish a connection with the LDAP server if the connection uses TLS but that the certificate was signed by a custom Certificate Authority. | "" | No |
| `insecureSkipVerify` | Allow proceeding and operating even for server TLS connections otherwise considered insecure. | false | No | | <a id="insecureSkipVerify" href="#insecureSkipVerify" title="#insecureSkipVerify">`insecureSkipVerify`</a> | Allow proceeding and operating even for server TLS connections otherwise considered insecure. | false | No |
| `bindDN` | Domain name to bind to in order to authenticate to the LDAP server when running on search mode.<br /> Leaving this empty with search mode means binds are anonymous, which is rarely expected behavior.<br /> Not used when running in [bind mode](#bind-mode-vs-search-mode). | "" | No | | <a id="bindDN" href="#bindDN" title="#bindDN">`bindDN`</a> | Domain name to bind to in order to authenticate to the LDAP server when running on search mode.<br /> Leaving this empty with search mode means binds are anonymous, which is rarely expected behavior.<br /> Not used when running in [bind mode](#bind-mode-vs-search-mode). | "" | No |
| `bindPassword` | Password for the `bindDN` used in search mode to authenticate with the LDAP server. More information [here](#bindpassword) | "" | No | | <a id="bindPassword" href="#bindPassword" title="#bindPassword">`bindPassword`</a> | Password for the `bindDN` used in search mode to authenticate with the LDAP server. More information [here](#bindpassword) | "" | No |
| `connPool` | Pool of connections to the LDAP server (to minimize the impact on the performance). | None | No | | <a id="connPool" href="#connPool" title="#connPool">`connPool`</a> | Pool of connections to the LDAP server (to minimize the impact on the performance). | None | No |
| `connPool.size` | Number of connections managed by the pool can be customized with the `size` property. | 10 | No | | <a id="connPool-size" href="#connPool-size" title="#connPool-size">`connPool.size`</a> | Number of connections managed by the pool can be customized with the `size` property. | 10 | No |
| `connPool.burst` | Ephemeral connections that are opened when the pool is already full. Once the number of connection exceeds `size` + `burst`, a `Too Many Connections` error is returned. | 5 | No | | <a id="connPool-burst" href="#connPool-burst" title="#connPool-burst">`connPool.burst`</a> | Ephemeral connections that are opened when the pool is already full. Once the number of connection exceeds `size` + `burst`, a `Too Many Connections` error is returned. | 5 | No |
| `connPool.ttl` | Pooled connections are still meant to be short-lived, so they are closed after roughly one minute by default. This behavior can be modified with the `ttl` property. | 60s | No | | <a id="connPool-ttl" href="#connPool-ttl" title="#connPool-ttl">`connPool.ttl`</a> | Pooled connections are still meant to be short-lived, so they are closed after roughly one minute by default. This behavior can be modified with the `ttl` property. | 60s | No |
| `baseDN` | Base domain name that should be used for bind and search queries. | "" | Yes | | <a id="baseDN" href="#baseDN" title="#baseDN">`baseDN`</a> | Base domain name that should be used for bind and search queries. | "" | Yes |
| `attribute` | The attribute used to bind a user. Bind queries use this pattern: `<attr>=<username>,<baseDN>`, where the username is extracted from the request header. | cn | Yes | | <a id="attribute" href="#attribute" title="#attribute">`attribute`</a> | The attribute used to bind a user. Bind queries use this pattern: `<attr>=<username>,<baseDN>`, where the username is extracted from the request header. | cn | Yes |
| `forwardUsername` | Forward the username in a specific header, defined using the `forwardUsernameHeader` option. | "" | No | | <a id="forwardUsername" href="#forwardUsername" title="#forwardUsername">`forwardUsername`</a> | Forward the username in a specific header, defined using the `forwardUsernameHeader` option. | "" | No |
| `forwardUsernameHeader` | Name of the header to put the username in when forwarding it. This is not used if the `forwardUsername` option is set to `false`. | Username | Yes | | <a id="forwardUsernameHeader" href="#forwardUsernameHeader" title="#forwardUsernameHeader">`forwardUsernameHeader`</a> | Name of the header to put the username in when forwarding it. This is not used if the `forwardUsername` option is set to `false`. | Username | Yes |
| `forwardAuthorization` | Enable to forward the authorization header from the request after it has been approved by the middleware. | false | Yes | | <a id="forwardAuthorization" href="#forwardAuthorization" title="#forwardAuthorization">`forwardAuthorization`</a> | Enable to forward the authorization header from the request after it has been approved by the middleware. | false | Yes |
| `searchFilter` | If not empty, the middleware will run in [search mode](#bind-mode-vs-search-mode), filtering search results with the given query.<br />Filter queries can use the `%s` placeholder that is replaced by the username provided in the `Authorization` header of the request (for example: `(&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))`). | "" | No | | <a id="searchFilter" href="#searchFilter" title="#searchFilter">`searchFilter`</a> | If not empty, the middleware will run in [search mode](#bind-mode-vs-search-mode), filtering search results with the given query.<br />Filter queries can use the `%s` placeholder that is replaced by the username provided in the `Authorization` header of the request (for example: `(&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))`). | "" | No |
| `wwwAuthenticateHeader` | Allow setting a `WWW-Authenticate` header in the `401 Unauthorized` response. See [the WWW-Authenticate header documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) for more information.<br /> The `realm` directive of the `WWW-Authenticate` header can be customized with the `wwwAuthenticateHeaderRealm` option. | false | No | | <a id="wwwAuthenticateHeader" href="#wwwAuthenticateHeader" title="#wwwAuthenticateHeader">`wwwAuthenticateHeader`</a> | Allow setting a `WWW-Authenticate` header in the `401 Unauthorized` response. See [the WWW-Authenticate header documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) for more information.<br /> The `realm` directive of the `WWW-Authenticate` header can be customized with the `wwwAuthenticateHeaderRealm` option. | false | No |
| `wwwAuthenticateHeaderRealm` | Realm name to set in the `WWW-Authenticate` header. This option is ineffective unless the `wwwAuthenticateHeader` option is set to `true`. | "" | No | | <a id="wwwAuthenticateHeaderRealm" href="#wwwAuthenticateHeaderRealm" title="#wwwAuthenticateHeaderRealm">`wwwAuthenticateHeaderRealm`</a> | Realm name to set in the `WWW-Authenticate` header. This option is ineffective unless the `wwwAuthenticateHeader` option is set to `true`. | "" | No |
### bindPassword ### bindPassword
@@ -102,4 +102,4 @@ and a `bindPassword`, then the middleware runs in search mode. In this mode, a s
issued to the LDAP server before trying to bind. If result of this search returns only 1 record, issued to the LDAP server before trying to bind. If result of this search returns only 1 record,
it tries to issue a bind request with this record, otherwise it aborts a `401 Unauthorized` status code. it tries to issue a bind request with this record, otherwise it aborts a `401 Unauthorized` status code.
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/middlewares/oauth2-client-credentials.md
+35 -35
View File
@@ -49,32 +49,32 @@ stringData:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:--------------------------------------------------------------------------------------------|:--------|:---------| |:------|:--------------------------------------------------------------------------------------------|:--------|:---------|
| `audience` | Defines the audience configured in your authorization server. <br /> The audience value is the base address of the resource being accessed, for example: https://api.example.com. | "" | Yes | | <a id="audience" href="#audience" title="#audience">`audience`</a> | Defines the audience configured in your authorization server. <br /> The audience value is the base address of the resource being accessed, for example: https://api.example.com. | "" | Yes |
| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No | | <a id="claims" href="#claims" title="#claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No |
| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-ca" href="#clientConfig-tls-ca" title="#clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-cert" href="#clientConfig-tls-cert" title="#clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.key` | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-key" href="#clientConfig-tls-key" title="#clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-insecureSkipVerify" href="#clientConfig-tls-insecureSkipVerify" title="#clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server. | 5 | No | | <a id="clientConfig-timeoutSeconds" href="#clientConfig-timeoutSeconds" title="#clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server. | 5 | No |
| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3 | No | | <a id="clientConfig-maxRetries" href="#clientConfig-maxRetries" title="#clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3 | No |
| `clientID` | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | "" | Yes | | <a id="clientID" href="#clientID" title="#clientID">`clientID`</a> | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | "" | Yes |
| `clientSecret` | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | "" | Yes | | <a id="clientSecret" href="#clientSecret" title="#clientSecret">`clientSecret`</a> | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | "" | Yes |
| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No | | <a id="forwardHeaders" href="#forwardHeaders" title="#forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No |
| `store.keyPrefix` | Defines the prefix of the key for the entries that store the sessions. | "" | No | | <a id="store-keyPrefix" href="#store-keyPrefix" title="#store-keyPrefix">`store.keyPrefix`</a> | Defines the prefix of the key for the entries that store the sessions. | "" | No |
| `store.redis.endpoints` | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes | | <a id="store-redis-endpoints" href="#store-redis-endpoints" title="#store-redis-endpoints">`store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes |
| `store.redis.username` | The username Traefik Hub will use to connect to Redis | "" | No | | <a id="store-redis-username" href="#store-redis-username" title="#store-redis-username">`store.redis.username`</a> | The username Traefik Hub will use to connect to Redis | "" | No |
| `store.redis.password` | The password Traefik Hub will use to connect to Redis | "" | No | | <a id="store-redis-password" href="#store-redis-password" title="#store-redis-password">`store.redis.password`</a> | The password Traefik Hub will use to connect to Redis | "" | No |
| `store.redis.database` | The database Traefik Hub will use to sore information (default: `0`) | "" | No | | <a id="store-redis-database" href="#store-redis-database" title="#store-redis-database">`store.redis.database`</a> | The database Traefik Hub will use to sore information (default: `0`) | "" | No |
| `store.redis.cluster` | Enable Redis Cluster | "" | No | | <a id="store-redis-cluster" href="#store-redis-cluster" title="#store-redis-cluster">`store.redis.cluster`</a> | Enable Redis Cluster | "" | No |
| `store.redis.tls.caBundle` | Custom CA bundle | "" | No | | <a id="store-redis-tls-caBundle" href="#store-redis-tls-caBundle" title="#store-redis-tls-caBundle">`store.redis.tls.caBundle`</a> | Custom CA bundle | "" | No |
| `store.redis.tls.cert` | TLS certificate | "" | No | | <a id="store-redis-tls-cert" href="#store-redis-tls-cert" title="#store-redis-tls-cert">`store.redis.tls.cert`</a> | TLS certificate | "" | No |
| `store.redis.tls.key` | TLS | "" | No | | <a id="store-redis-tls-key" href="#store-redis-tls-key" title="#store-redis-tls-key">`store.redis.tls.key`</a> | TLS | "" | No |
| `store.redis.tls.insecureSkipVerify` | Allow skipping the TLS verification | "" | No | | <a id="store-redis-tls-insecureSkipVerify" href="#store-redis-tls-insecureSkipVerify" title="#store-redis-tls-insecureSkipVerify">`store.redis.tls.insecureSkipVerify`</a> | Allow skipping the TLS verification | "" | No |
| `store.redis.sentinel.masterSet` | Name of the set of main nodes to use for main selection. Required when using Sentinel. | "" | No | | <a id="store-redis-sentinel-masterSet" href="#store-redis-sentinel-masterSet" title="#store-redis-sentinel-masterSet">`store.redis.sentinel.masterSet`</a> | Name of the set of main nodes to use for main selection. Required when using Sentinel. | "" | No |
| `store.redis.sentinel.username` | Username to use for sentinel authentication (can be different from `username`) | "" | No | | <a id="store-redis-sentinel-username" href="#store-redis-sentinel-username" title="#store-redis-sentinel-username">`store.redis.sentinel.username`</a> | Username to use for sentinel authentication (can be different from `username`) | "" | No |
| `store.redis.sentinel.password` | Password to use for sentinel authentication (can be different from `password`) | "" | No | | <a id="store-redis-sentinel-password" href="#store-redis-sentinel-password" title="#store-redis-sentinel-password">`store.redis.sentinel.password`</a> | Password to use for sentinel authentication (can be different from `password`) | "" | No |
| `url` | Defines the authorization server URL (for example: `https://tenant.auth0.com/oauth/token`). | "" | Yes | | <a id="url" href="#url" title="#url">`url`</a> | Defines the authorization server URL (for example: `https://tenant.auth0.com/oauth/token`). | "" | Yes |
| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No | | <a id="usernameClaim" href="#usernameClaim" title="#usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No |
### Storing secret values in Kubernetes secrets ### Storing secret values in Kubernetes secrets
@@ -93,20 +93,20 @@ The following functions are supported in `claims`:
| Function | Description | Example | | Function | Description | Example |
|-------------------|--------------------|-----------------| |-------------------|--------------------|-----------------|
| Equals | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) | | <a id="Equals" href="#Equals" title="#Equals">Equals</a> | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) |
| Prefix | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) | | <a id="Prefix" href="#Prefix" title="#Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) |
| Contains (string) | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) | | <a id="Contains-string" href="#Contains-string" title="#Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) |
| Contains (array) | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) | | <a id="Contains-array" href="#Contains-array" title="#Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) |
| SplitContains | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) | | <a id="SplitContains" href="#SplitContains" title="#SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) |
| OneOf | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) | | <a id="OneOf" href="#OneOf" title="#OneOf">OneOf</a> | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) |
All functions can be joined by boolean operands. The supported operands are: All functions can be joined by boolean operands. The supported operands are:
| Operand | Description | Example | | Operand | Description | Example |
|---------|--------------------|-----------------| |---------|--------------------|-----------------|
| && | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) | | <a id="row" href="#row" title="#row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) |
| \|\| | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) | | <a id="row-2" href="#row-2" title="#row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
| ! | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) | | <a id="row-3" href="#row-3" title="#row-3">!</a> | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) |
All examples will return true for the following data structure: All examples will return true for the following data structure:
docs/content/reference/routing-configuration/http/middlewares/oauth2-token-introspection.md
+26 -26
View File
@@ -40,23 +40,23 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|:--------|:---------| |:------|:------------|:--------|:---------|
| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No | | <a id="claims" href="#claims" title="#claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No |
| `clientConfig.url` | Defines the introspection endpoint URL. It must include the scheme and path. | "" | Yes | | <a id="clientConfig-url" href="#clientConfig-url" title="#clientConfig-url">`clientConfig.url`</a> | Defines the introspection endpoint URL. It must include the scheme and path. | "" | Yes |
| `clientConfig.headers` | Defines the headers to send in every introspection request. Values can be plain strings or a valid [Go template](https://pkg.go.dev/text/template). <br /> Currently, a variable of type [`Request`](https://pkg.go.dev/net/http#Request) corresponding to the request being introspected is accessible in templates. | "" | No | | <a id="clientConfig-headers" href="#clientConfig-headers" title="#clientConfig-headers">`clientConfig.headers`</a> | Defines the headers to send in every introspection request. Values can be plain strings or a valid [Go template](https://pkg.go.dev/text/template). <br /> Currently, a variable of type [`Request`](https://pkg.go.dev/net/http#Request) corresponding to the request being introspected is accessible in templates. | "" | No |
| `clientConfig.tokenTypeHint` | Defines the type of token being introspected, sent as a hint to the introspection server. <br /> Please refer to the [official documentation](https://tools.ietf.org/html/rfc7662) for more details. | "" | No | | <a id="clientConfig-tokenTypeHint" href="#clientConfig-tokenTypeHint" title="#clientConfig-tokenTypeHint">`clientConfig.tokenTypeHint`</a> | Defines the type of token being introspected, sent as a hint to the introspection server. <br /> Please refer to the [official documentation](https://tools.ietf.org/html/rfc7662) for more details. | "" | No |
| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-ca" href="#clientConfig-tls-ca" title="#clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-cert" href="#clientConfig-tls-cert" title="#clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.key` | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-key" href="#clientConfig-tls-key" title="#clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-insecureSkipVerify" href="#clientConfig-tls-insecureSkipVerify" title="#clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server. | 5 | No | | <a id="clientConfig-timeoutSeconds" href="#clientConfig-timeoutSeconds" title="#clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server. | 5 | No |
| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3 | No | | <a id="clientConfig-maxRetries" href="#clientConfig-maxRetries" title="#clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3 | No |
| `forwardAuthorization` | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false | No | | <a id="forwardAuthorization" href="#forwardAuthorization" title="#forwardAuthorization">`forwardAuthorization`</a> | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false | No |
| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No | | <a id="forwardHeaders" href="#forwardHeaders" title="#forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No |
| `tokenSource.header` | Defines the header name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| "" | No | | <a id="tokenSource-header" href="#tokenSource-header" title="#tokenSource-header">`tokenSource.header`</a> | Defines the header name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| "" | No |
| `tokenSource.headerAuthScheme` | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax).<br />At least one `tokenSource`option must be set. | "" | No | | <a id="tokenSource-headerAuthScheme" href="#tokenSource-headerAuthScheme" title="#tokenSource-headerAuthScheme">`tokenSource.headerAuthScheme`</a> | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax).<br />At least one `tokenSource`option must be set. | "" | No |
| `tokenSource.query` | Defines the query parameter name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| "" | No | | <a id="tokenSource-query" href="#tokenSource-query" title="#tokenSource-query">`tokenSource.query`</a> | Defines the query parameter name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| "" | No |
| `tokenSource.cookie` | Defines the cookie name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| "" | No | | <a id="tokenSource-cookie" href="#tokenSource-cookie" title="#tokenSource-cookie">`tokenSource.cookie`</a> | Defines the cookie name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| "" | No |
| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No | | <a id="usernameClaim" href="#usernameClaim" title="#usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No |
### claims ### claims
@@ -66,20 +66,20 @@ The following functions are supported in `claims`:
| Function | Description | Example | | Function | Description | Example |
|-------------------|--------------------|-----------------| |-------------------|--------------------|-----------------|
| Equals | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) | | <a id="Equals" href="#Equals" title="#Equals">Equals</a> | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) |
| Prefix | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) | | <a id="Prefix" href="#Prefix" title="#Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) |
| Contains (string) | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) | | <a id="Contains-string" href="#Contains-string" title="#Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) |
| Contains (array) | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) | | <a id="Contains-array" href="#Contains-array" title="#Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) |
| SplitContains | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) | | <a id="SplitContains" href="#SplitContains" title="#SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) |
| OneOf | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) | | <a id="OneOf" href="#OneOf" title="#OneOf">OneOf</a> | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) |
All functions can be joined by boolean operands. The supported operands are: All functions can be joined by boolean operands. The supported operands are:
| Operand | Description | Example | | Operand | Description | Example |
|---------|--------------------|-----------------| |---------|--------------------|-----------------|
| && | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) | | <a id="row" href="#row" title="#row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) |
| \|\| | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) | | <a id="row-2" href="#row-2" title="#row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
| ! | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) | | <a id="row-3" href="#row-3" title="#row-3">!</a> | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) |
All examples will return true for the following data structure: All examples will return true for the following data structure:
docs/content/reference/routing-configuration/http/middlewares/oidc.md
+70 -70
View File
@@ -60,61 +60,61 @@ stringData:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|:--------|:---------| |:------|:------------|:--------|:---------|
| `issuer` | Defines the URL to the OpenID Connect provider (for example, `https://accounts.google.com`). <br /> It should point to the server which provides the OpenID Connect configuration. | "" | Yes | | <a id="issuer" href="#issuer" title="#issuer">`issuer`</a> | Defines the URL to the OpenID Connect provider (for example, `https://accounts.google.com`). <br /> It should point to the server which provides the OpenID Connect configuration. | "" | Yes |
| `redirectUrl` | Defines the URL used by the OpenID Connect provider to redirect back to the middleware once the authorization is complete. (More information [here](#redirecturl)) | "" | Yes | | <a id="redirectUrl" href="#redirectUrl" title="#redirectUrl">`redirectUrl`</a> | Defines the URL used by the OpenID Connect provider to redirect back to the middleware once the authorization is complete. (More information [here](#redirecturl)) | "" | Yes |
| `clientID` | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set. (More information [here](#clientid-clientsecret)) | "" | Yes | | <a id="clientID" href="#clientID" title="#clientID">`clientID`</a> | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set. (More information [here](#clientid-clientsecret)) | "" | Yes |
| `clientSecret` | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set. (More information [here](#clientid-clientsecret)) | "" | Yes | | <a id="clientSecret" href="#clientSecret" title="#clientSecret">`clientSecret`</a> | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set. (More information [here](#clientid-clientsecret)) | "" | Yes |
| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No | | <a id="claims" href="#claims" title="#claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No |
| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No | | <a id="usernameClaim" href="#usernameClaim" title="#usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| "" | No |
| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No | | <a id="forwardHeaders" href="#forwardHeaders" title="#forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | [] | No |
| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-ca" href="#clientConfig-tls-ca" title="#clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-cert" href="#clientConfig-tls-cert" title="#clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.key` | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-key" href="#clientConfig-tls-key" title="#clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No | | <a id="clientConfig-tls-insecureSkipVerify" href="#clientConfig-tls-insecureSkipVerify" title="#clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | "" | No |
| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server. | 5 | No | | <a id="clientConfig-timeoutSeconds" href="#clientConfig-timeoutSeconds" title="#clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server. | 5 | No |
| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3 | No | | <a id="clientConfig-maxRetries" href="#clientConfig-maxRetries" title="#clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3 | No |
| `pkce` | Defines the Proof Key for Code Exchange as described in [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636). | false | No | | <a id="pkce" href="#pkce" title="#pkce">`pkce`</a> | Defines the Proof Key for Code Exchange as described in [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636). | false | No |
| `discoveryParams` | A map of arbitrary query parameters to be added to the openid-configuration well-known URI during the discovery mechanism. | "" | No | | <a id="discoveryParams" href="#discoveryParams" title="#discoveryParams">`discoveryParams`</a> | A map of arbitrary query parameters to be added to the openid-configuration well-known URI during the discovery mechanism. | "" | No |
| `scopes` | The scopes to request. Must include `openid`. | openid | No | | <a id="scopes" href="#scopes" title="#scopes">`scopes`</a> | The scopes to request. Must include `openid`. | openid | No |
| `authParams` | A map of the arbitrary query parameters to be passed to the Authentication Provider. <br />When a `prompt` key is set to an empty string in the AuthParams,the prompt parameter is not added to the OAuth2 authorization URL Which means the user won't be prompted for consent.| "" | No | | <a id="authParams" href="#authParams" title="#authParams">`authParams`</a> | A map of the arbitrary query parameters to be passed to the Authentication Provider. <br />When a `prompt` key is set to an empty string in the AuthParams,the prompt parameter is not added to the OAuth2 authorization URL Which means the user won't be prompted for consent.| "" | No |
| `disableLogin` | Disables redirections to the authentication provider <br /> This can be useful for protecting APIs where redirecting to a login page is undesirable. | false | No | | <a id="disableLogin" href="#disableLogin" title="#disableLogin">`disableLogin`</a> | Disables redirections to the authentication provider <br /> This can be useful for protecting APIs where redirecting to a login page is undesirable. | false | No |
| `loginUrl` | Defines the URL used to start authorization when needed. <br /> All other requests that are not already authorized will return a 401 Unauthorized. When left empty, all requests can start authorization. <br /> It can be a path (`/login` for example), a host and a path (`example.com/login`) or a complete URL (`https://example.com/login`). <br /> Only `http` and `https` schemes are supported.| "" | No | | <a id="loginUrl" href="#loginUrl" title="#loginUrl">`loginUrl`</a> | Defines the URL used to start authorization when needed. <br /> All other requests that are not already authorized will return a 401 Unauthorized. When left empty, all requests can start authorization. <br /> It can be a path (`/login` for example), a host and a path (`example.com/login`) or a complete URL (`https://example.com/login`). <br /> Only `http` and `https` schemes are supported.| "" | No |
| `logoutUrl` |Defines the URL on which the session should be deleted in order to log users out. <br /> It can be a path (`/logout` for example), a host and a path (`example.com/logout`) or a complete URL (`https://example.com/logout`). <br /> Only `http` and `https` schemes are supported.| "" | No | | <a id="logoutUrl" href="#logoutUrl" title="#logoutUrl">`logoutUrl`</a> |Defines the URL on which the session should be deleted in order to log users out. <br /> It can be a path (`/logout` for example), a host and a path (`example.com/logout`) or a complete URL (`https://example.com/logout`). <br /> Only `http` and `https` schemes are supported.| "" | No |
| `postLoginRedirectUrl` |If set and used in conjunction with `loginUrl`, the middleware will redirect to this URL after successful login. <br /> It can be a path (`/after/login` for example), a host and a path (`example.com/after/login`) or a complete URL (`https://example.com/after/login`). <br /> Only `http` and `https` schemes are supported. | "" | No | | <a id="postLoginRedirectUrl" href="#postLoginRedirectUrl" title="#postLoginRedirectUrl">`postLoginRedirectUrl`</a> |If set and used in conjunction with `loginUrl`, the middleware will redirect to this URL after successful login. <br /> It can be a path (`/after/login` for example), a host and a path (`example.com/after/login`) or a complete URL (`https://example.com/after/login`). <br /> Only `http` and `https` schemes are supported. | "" | No |
| `postLogoutRedirectUrl` | If set and used in conjunction with `logoutUrl`, the middleware will redirect to this URL after logout. <br /> It can be a path (`/after/logout` for example), a host and a path (`example.com/after/logout`) or a complete URL (`https://example.com/after/logout`). <br /> Only `http` and `https` schemes are supported. | "" | No | | <a id="postLogoutRedirectUrl" href="#postLogoutRedirectUrl" title="#postLogoutRedirectUrl">`postLogoutRedirectUrl`</a> | If set and used in conjunction with `logoutUrl`, the middleware will redirect to this URL after logout. <br /> It can be a path (`/after/logout` for example), a host and a path (`example.com/after/logout`) or a complete URL (`https://example.com/after/logout`). <br /> Only `http` and `https` schemes are supported. | "" | No |
| `backchannelLogoutUrl` | Defines the URL called by the OIDC provider when a user logs out (see https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OpenID.BackChannel). <br /> It can be a path (`/backchannel-logout` for example), a host and a path (`example.com/backchannel-logout`) or a complete URL (`https://example.com/backchannel-logout`). <br /> Only `http` and `https` schemes are supported. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | "" | No | | <a id="backchannelLogoutUrl" href="#backchannelLogoutUrl" title="#backchannelLogoutUrl">`backchannelLogoutUrl`</a> | Defines the URL called by the OIDC provider when a user logs out (see https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OpenID.BackChannel). <br /> It can be a path (`/backchannel-logout` for example), a host and a path (`example.com/backchannel-logout`) or a complete URL (`https://example.com/backchannel-logout`). <br /> Only `http` and `https` schemes are supported. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | "" | No |
| `backchannelLogoutSessionsRequired` | This specifies whether the OIDC provider includes the sid (session ID) Claim in the Logout Token to identify the user session (see https://openid.net/specs/openid-connect-backchannel-1_0.html#BCRegistration). <br/> If omitted, the default value is false. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | false | No | | <a id="backchannelLogoutSessionsRequired" href="#backchannelLogoutSessionsRequired" title="#backchannelLogoutSessionsRequired">`backchannelLogoutSessionsRequired`</a> | This specifies whether the OIDC provider includes the sid (session ID) Claim in the Logout Token to identify the user session (see https://openid.net/specs/openid-connect-backchannel-1_0.html#BCRegistration). <br/> If omitted, the default value is false. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | false | No |
| `stateCookie.name` | Defines the name of the state cookie. |"`MIDDLEWARE_NAME`-state" | No | | <a id="stateCookie-name" href="#stateCookie-name" title="#stateCookie-name">`stateCookie.name`</a> | Defines the name of the state cookie. |"`MIDDLEWARE_NAME`-state" | No |
| `stateCookie.path` | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br /> The `%x2F` ('/') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No | | <a id="stateCookie-path" href="#stateCookie-path" title="#stateCookie-path">`stateCookie.path`</a> | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br /> The `%x2F` ('/') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No |
| `stateCookie.domain` | Defines the hosts that are allowed to receive the cookie. <br />If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`. | "" | No | | <a id="stateCookie-domain" href="#stateCookie-domain" title="#stateCookie-domain">`stateCookie.domain`</a> | Defines the hosts that are allowed to receive the cookie. <br />If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`. | "" | No |
| `stateCookie.maxAge` |Defines the number of seconds after which the state cookie should expire. <br /> A zero or negative number will expire the cookie immediately. | 600 | No | | <a id="stateCookie-maxAge" href="#stateCookie-maxAge" title="#stateCookie-maxAge">`stateCookie.maxAge`</a> |Defines the number of seconds after which the state cookie should expire. <br /> A zero or negative number will expire the cookie immediately. | 600 | No |
| `stateCookie.sameSite` | Informsbrowsers how they should handle the state cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No | | <a id="stateCookie-sameSite" href="#stateCookie-sameSite" title="#stateCookie-sameSite">`stateCookie.sameSite`</a> | Informsbrowsers how they should handle the state cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No |
| `stateCookie.httpOnly` | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No | | <a id="stateCookie-httpOnly" href="#stateCookie-httpOnly" title="#stateCookie-httpOnly">`stateCookie.httpOnly`</a> | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No |
| `stateCookie.secure` | Defines whether the state cookie is only sent to the server when a request is made with the `https` scheme. | false | No | | <a id="stateCookie-secure" href="#stateCookie-secure" title="#stateCookie-secure">`stateCookie.secure`</a> | Defines whether the state cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
| `session.name` | The name of the session cookie. |"`MIDDLEWARE_NAME`-session"| No | | <a id="session-name" href="#session-name" title="#session-name">`session.name`</a> | The name of the session cookie. |"`MIDDLEWARE_NAME`-session"| No |
| `session.path` | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br />The `%x2F` ('/'') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No | | <a id="session-path" href="#session-path" title="#session-path">`session.path`</a> | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br />The `%x2F` ('/'') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No |
| `session.domain` | Specifies the hosts that are allowed to receive the cookie. If specified, then subdomains are always included. If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`.| "" | No | | <a id="session-domain" href="#session-domain" title="#session-domain">`session.domain`</a> | Specifies the hosts that are allowed to receive the cookie. If specified, then subdomains are always included. If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`.| "" | No |
| `session.expiry` | Number of seconds after which the session should expire. A zero or negative number is **prohibited**. | 86400 (24h) | No | | <a id="session-expiry" href="#session-expiry" title="#session-expiry">`session.expiry`</a> | Number of seconds after which the session should expire. A zero or negative number is **prohibited**. | 86400 (24h) | No |
| `session.sliding` | Forces the middleware to renew the session cookie each time an authenticated request is received. | true | No | | <a id="session-sliding" href="#session-sliding" title="#session-sliding">`session.sliding`</a> | Forces the middleware to renew the session cookie each time an authenticated request is received. | true | No |
| `session.refresh` | Enables the access token refresh when it expires. | true | No | | <a id="session-refresh" href="#session-refresh" title="#session-refresh">`session.refresh`</a> | Enables the access token refresh when it expires. | true | No |
| `session.sameSite` | Inform browsers how they should handle the session cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No | | <a id="session-sameSite" href="#session-sameSite" title="#session-sameSite">`session.sameSite`</a> | Inform browsers how they should handle the session cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No |
| `session.httpOnly` | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No | | <a id="session-httpOnly" href="#session-httpOnly" title="#session-httpOnly">`session.httpOnly`</a> | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No |
| `session.secure` | Defines whether the session cookie is only sent to the server when a request is made with the `https` scheme. | false | No | | <a id="session-secure" href="#session-secure" title="#session-secure">`session.secure`</a> | Defines whether the session cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
| `session.store.redis.endpoints` | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes | | <a id="session-store-redis-endpoints" href="#session-store-redis-endpoints" title="#session-store-redis-endpoints">`session.store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes |
| `session.store.redis.username` | The username Traefik Hub will use to connect to Redis | "" | No | | <a id="session-store-redis-username" href="#session-store-redis-username" title="#session-store-redis-username">`session.store.redis.username`</a> | The username Traefik Hub will use to connect to Redis | "" | No |
| `session.store.redis.password` | The password Traefik Hub will use to connect to Redis | "" | No | | <a id="session-store-redis-password" href="#session-store-redis-password" title="#session-store-redis-password">`session.store.redis.password`</a> | The password Traefik Hub will use to connect to Redis | "" | No |
| `session.store.redis.database` | The database Traefik Hub will use to sore information (default: `0`) | "" | No | | <a id="session-store-redis-database" href="#session-store-redis-database" title="#session-store-redis-database">`session.store.redis.database`</a> | The database Traefik Hub will use to sore information (default: `0`) | "" | No |
| `session.store.redis.cluster` | Enable Redis Cluster | "" | No | | <a id="session-store-redis-cluster" href="#session-store-redis-cluster" title="#session-store-redis-cluster">`session.store.redis.cluster`</a> | Enable Redis Cluster | "" | No |
| `session.store.redis.tls.caBundle` | Custom CA bundle | "" | No | | <a id="session-store-redis-tls-caBundle" href="#session-store-redis-tls-caBundle" title="#session-store-redis-tls-caBundle">`session.store.redis.tls.caBundle`</a> | Custom CA bundle | "" | No |
| `session.store.redis.tls.cert` | TLS certificate | "" | No | | <a id="session-store-redis-tls-cert" href="#session-store-redis-tls-cert" title="#session-store-redis-tls-cert">`session.store.redis.tls.cert`</a> | TLS certificate | "" | No |
| `session.store.redis.tls.key` | TLS key | "" | No | | <a id="session-store-redis-tls-key" href="#session-store-redis-tls-key" title="#session-store-redis-tls-key">`session.store.redis.tls.key`</a> | TLS key | "" | No |
| `session.store.redis.tls.insecureSkipVerify` | Allow skipping the TLS verification | "" | No | | <a id="session-store-redis-tls-insecureSkipVerify" href="#session-store-redis-tls-insecureSkipVerify" title="#session-store-redis-tls-insecureSkipVerify">`session.store.redis.tls.insecureSkipVerify`</a> | Allow skipping the TLS verification | "" | No |
| `session.store.redis.sentinel.masterSet` | Name of the set of main nodes to use for main selection. Required when using Sentinel. | "" | No | | <a id="session-store-redis-sentinel-masterSet" href="#session-store-redis-sentinel-masterSet" title="#session-store-redis-sentinel-masterSet">`session.store.redis.sentinel.masterSet`</a> | Name of the set of main nodes to use for main selection. Required when using Sentinel. | "" | No |
| `session.store.redis.sentinel.username` | Username to use for sentinel authentication (can be different from `username`) | "" | No | | <a id="session-store-redis-sentinel-username" href="#session-store-redis-sentinel-username" title="#session-store-redis-sentinel-username">`session.store.redis.sentinel.username`</a> | Username to use for sentinel authentication (can be different from `username`) | "" | No |
| `session.store.redis.sentinel.password` | Password to use for sentinel authentication (can be different from `password`) | "" | No | | <a id="session-store-redis-sentinel-password" href="#session-store-redis-sentinel-password" title="#session-store-redis-sentinel-password">`session.store.redis.sentinel.password`</a> | Password to use for sentinel authentication (can be different from `password`) | "" | No |
| `csrf` | When enabled, a CSRF cookie, named `traefikee-csrf-token`, is bound to the OIDC session to protect service from CSRF attacks. <br /> It is based on the [Signed Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#signed-double-submit-cookie) implementation as defined by the OWASP Foundation.<br />Moreinformation [here](#csrf). | "" | No | | <a id="csrf" href="#csrf" title="#csrf">`csrf`</a> | When enabled, a CSRF cookie, named `traefikee-csrf-token`, is bound to the OIDC session to protect service from CSRF attacks. <br /> It is based on the [Signed Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#signed-double-submit-cookie) implementation as defined by the OWASP Foundation.<br />Moreinformation [here](#csrf). | "" | No |
| `csrf.secure` | Defines whether the CSRF cookie is only sent to the server when a request is made with the `https` scheme. | false | No | | <a id="csrf-secure" href="#csrf-secure" title="#csrf-secure">`csrf.secure`</a> | Defines whether the CSRF cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
| `csrf.headerName` | Defines the name of the header used to send the CSRF token value received previously in the CSRF cookie. | TraefikHub-Csrf-Token | No | | <a id="csrf-headerName" href="#csrf-headerName" title="#csrf-headerName">`csrf.headerName`</a> | Defines the name of the header used to send the CSRF token value received previously in the CSRF cookie. | TraefikHub-Csrf-Token | No |
### redirectUrl ### redirectUrl
@@ -154,19 +154,19 @@ See the following examples.
| Request URL | RedirectURL| Result | | Request URL | RedirectURL| Result |
|:------------|:-----------|:-------| |:------------|:-----------|:-------|
| `http://expl.co` | `/cback` | `http://expl.co/cback` | | <a id="httpexpl-co" href="#httpexpl-co" title="#httpexpl-co">`http://expl.co`</a> | `/cback` | `http://expl.co/cback` |
#### Inherit the Protocol from the Request and Uses the Redirecturls Domain and Path #### Inherit the Protocol from the Request and Uses the Redirecturls Domain and Path
| Request URL | RedirectURL| Result | | Request URL | RedirectURL| Result |
|:------------|:-----------|:-------| |:------------|:-----------|:-------|
| `https://scur.co` | `expl.co/cback`| `https://expl.co/cback` | | <a id="httpsscur-co" href="#httpsscur-co" title="#httpsscur-co">`https://scur.co`</a> | `expl.co/cback`| `https://expl.co/cback` |
#### Replace the Request URL with the Redirect URL since It Is an Absolute URL #### Replace the Request URL with the Redirect URL since It Is an Absolute URL
| Request URL | RedirectURL| Result | | Request URL | RedirectURL| Result |
|:------------|:-----------|:-------| |:------------|:-----------|:-------|
| `https://scur.co` | `http://expl.co/cback` | `http://expl.co/cback` | | <a id="httpsscur-co-2" href="#httpsscur-co-2" title="#httpsscur-co-2">`https://scur.co`</a> | `http://expl.co/cback` | `http://expl.co/cback` |
!!! note "Supported Schemes" !!! note "Supported Schemes"
@@ -205,20 +205,20 @@ The following functions are supported in `claims`:
| Function | Description | Example | | Function | Description | Example |
|-------------------|--------------------|-----------------| |-------------------|--------------------|-----------------|
| Equals | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) | | <a id="Equals" href="#Equals" title="#Equals">Equals</a> | Validates the equality of the value in `key` with `value`. | Equals(\`grp\`, \`admin\`) |
| Prefix | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) | | <a id="Prefix" href="#Prefix" title="#Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`. | Prefix(\`referrer\`, \`http://example.com\`) |
| Contains (string) | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) | | <a id="Contains-string" href="#Contains-string" title="#Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`. | Contains(\`referrer\`, \`/foo/\`) |
| Contains (array) | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) | | <a id="Contains-array" href="#Contains-array" title="#Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`. | Contains(\`areas\`, \`home\`) |
| SplitContains | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) | | <a id="SplitContains" href="#SplitContains" title="#SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`) |
| OneOf | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) | | <a id="OneOf" href="#OneOf" title="#OneOf">OneOf</a> | Validates the `key` array contains one of the `values`. | OneOf(\`areas\`, \`office\`, \`lab\`) |
All functions can be joined by boolean operands. The supported operands are: All functions can be joined by boolean operands. The supported operands are:
| Operand | Description | Example | | Operand | Description | Example |
|---------|--------------------|-----------------| |---------|--------------------|-----------------|
| && | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) | | <a id="row" href="#row" title="#row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`) |
| \|\| | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) | | <a id="row-2" href="#row-2" title="#row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true. | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
| ! | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) | | <a id="row-3" href="#row-3" title="#row-3">!</a> | Returns false if the function is true, otherwise returns true. | !Equals(\`grp\`, \`testers\`) |
All examples will return true for the following data structure: All examples will return true for the following data structure:
@@ -279,9 +279,9 @@ If the `key` contains a `\`, it needs to be doubled `\\`.
| Example | Description | | Example | Description |
| ----------------------------------------- | ------------------------------------------------------------------------------ | | ----------------------------------------- | ------------------------------------------------------------------------------ |
| Equals(\`id_token.grp\`, \`admin\`) | Checks if the value of claim `grp` in the ID token is `admin`. | | <a id="Equalsid-token-grp-admin" href="#Equalsid-token-grp-admin" title="#Equalsid-token-grp-admin">Equals(\`id_token.grp\`, \`admin\`)</a> | Checks if the value of claim `grp` in the ID token is `admin`. |
| Prefix(\`access_token.referrer\`, \`http://example.com\`) | Checks if the value of claim `referrer` in the access token is prefixed by `http://example.com\`.| | <a id="Prefixaccess-token-referrer-httpexample-com" href="#Prefixaccess-token-referrer-httpexample-com" title="#Prefixaccess-token-referrer-httpexample-com">Prefix(\`access_token.referrer\`, \`http://example.com\`)</a> | Checks if the value of claim `referrer` in the access token is prefixed by `http://example.com\`.|
| OneOf(\`areas\`, \`office\`, \`lab\`) | Checks if the value of claim `areas` in the ID token is `office` or `labs`. | | <a id="OneOfareas-office-lab" href="#OneOfareas-office-lab" title="#OneOfareas-office-lab">OneOf(\`areas\`, \`office\`, \`lab\`)</a> | Checks if the value of claim `areas` in the ID token is `office` or `labs`. |
### clientConfig ### clientConfig
docs/content/reference/routing-configuration/http/middlewares/opa.md
+4 -4
View File
@@ -64,9 +64,9 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:---------|-----------------------|:--------|:----------------------------| |:---------|-----------------------|:--------|:----------------------------|
| `policy` | Path or the content of a [policy file](https://www.openpolicyagent.org/docs/v0.66.0/kubernetes-primer/#writing-policies). | "" | No (one of `policy` or `bundlePath` must be set) | | <a id="policy" href="#policy" title="#policy">`policy`</a> | Path or the content of a [policy file](https://www.openpolicyagent.org/docs/v0.66.0/kubernetes-primer/#writing-policies). | "" | No (one of `policy` or `bundlePath` must be set) |
| `bundlePath` | The `bundlePath` option should contain the path to an OPA [bundle](https://www.openpolicyagent.org/docs/v0.66.0/management-bundles/). | "" | No (one of `policy` or `bundlePath` must be set) | | <a id="bundlePath" href="#bundlePath" title="#bundlePath">`bundlePath`</a> | The `bundlePath` option should contain the path to an OPA [bundle](https://www.openpolicyagent.org/docs/v0.66.0/management-bundles/). | "" | No (one of `policy` or `bundlePath` must be set) |
| `allow` | The `allow` option sets the expression to evaluate that determines if the request should be authorized. | "" | No (one of `allow` or `forwardHeaders` must be set) | | <a id="allow" href="#allow" title="#allow">`allow`</a> | The `allow` option sets the expression to evaluate that determines if the request should be authorized. | "" | No (one of `allow` or `forwardHeaders` must be set) |
| `forwardHeaders` | The `forwardHeaders` option sets the HTTP headers to add to requests and populates them with the result of the given expression. | "" | No (one of `allow` or `forwardHeaders` must be set) | | <a id="forwardHeaders" href="#forwardHeaders" title="#forwardHeaders">`forwardHeaders`</a> | The `forwardHeaders` option sets the HTTP headers to add to requests and populates them with the result of the given expression. | "" | No (one of `allow` or `forwardHeaders` must be set) |
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/middlewares/overview.md
+23 -23
View File
@@ -20,29 +20,29 @@ Middlewares that use the same protocol can be combined into chains to fit every
| Middleware | Purpose | Area | | Middleware | Purpose | Area |
|-------------------------------------------|---------------------------------------------------|-----------------------------| |-------------------------------------------|---------------------------------------------------|-----------------------------|
| [AddPrefix](addprefix.md) | Adds a Path Prefix | Path Modifier | | <a id="AddPrefix" href="#AddPrefix" title="#AddPrefix">[AddPrefix](addprefix.md)</a> | Adds a Path Prefix | Path Modifier |
| [BasicAuth](basicauth.md) | Adds Basic Authentication | Security, Authentication | | <a id="BasicAuth" href="#BasicAuth" title="#BasicAuth">[BasicAuth](basicauth.md)</a> | Adds Basic Authentication | Security, Authentication |
| [Buffering](buffering.md) | Buffers the request/response | Request Lifecycle | | <a id="Buffering" href="#Buffering" title="#Buffering">[Buffering](buffering.md)</a> | Buffers the request/response | Request Lifecycle |
| [Chain](chain.md) | Combines multiple pieces of middleware | Misc | | <a id="Chain" href="#Chain" title="#Chain">[Chain](chain.md)</a> | Combines multiple pieces of middleware | Misc |
| [CircuitBreaker](circuitbreaker.md) | Prevents calling unhealthy services | Request Lifecycle | | <a id="CircuitBreaker" href="#CircuitBreaker" title="#CircuitBreaker">[CircuitBreaker](circuitbreaker.md)</a> | Prevents calling unhealthy services | Request Lifecycle |
| [Compress](compress.md) | Compresses the response | Content Modifier | | <a id="Compress" href="#Compress" title="#Compress">[Compress](compress.md)</a> | Compresses the response | Content Modifier |
| [ContentType](contenttype.md) | Handles Content-Type auto-detection | Misc | | <a id="ContentType" href="#ContentType" title="#ContentType">[ContentType](contenttype.md)</a> | Handles Content-Type auto-detection | Misc |
| [DigestAuth](digestauth.md) | Adds Digest Authentication | Security, Authentication | | <a id="DigestAuth" href="#DigestAuth" title="#DigestAuth">[DigestAuth](digestauth.md)</a> | Adds Digest Authentication | Security, Authentication |
| [Errors](errorpages.md) | Defines custom error pages | Request Lifecycle | | <a id="Errors" href="#Errors" title="#Errors">[Errors](errorpages.md)</a> | Defines custom error pages | Request Lifecycle |
| [ForwardAuth](forwardauth.md) | Delegates Authentication | Security, Authentication | | <a id="ForwardAuth" href="#ForwardAuth" title="#ForwardAuth">[ForwardAuth](forwardauth.md)</a> | Delegates Authentication | Security, Authentication |
| [GrpcWeb](grpcweb.md) | Converts gRPC Web requests to HTTP/2 gRPC requests. | Request | | <a id="GrpcWeb" href="#GrpcWeb" title="#GrpcWeb">[GrpcWeb](grpcweb.md)</a> | Converts gRPC Web requests to HTTP/2 gRPC requests. | Request |
| [Headers](headers.md) | Adds / Updates headers | Security | | <a id="Headers" href="#Headers" title="#Headers">[Headers](headers.md)</a> | Adds / Updates headers | Security |
| [IPAllowList](ipallowlist.md) | Limits the allowed client IPs | Security, Request lifecycle | | <a id="IPAllowList" href="#IPAllowList" title="#IPAllowList">[IPAllowList](ipallowlist.md)</a> | Limits the allowed client IPs | Security, Request lifecycle |
| [InFlightReq](inflightreq.md) | Limits the number of simultaneous connections | Security, Request lifecycle | | <a id="InFlightReq" href="#InFlightReq" title="#InFlightReq">[InFlightReq](inflightreq.md)</a> | Limits the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header | Security | | <a id="PassTLSClientCert" href="#PassTLSClientCert" title="#PassTLSClientCert">[PassTLSClientCert](passtlsclientcert.md)</a> | Adds Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limits the call frequency | Security, Request lifecycle | | <a id="RateLimit" href="#RateLimit" title="#RateLimit">[RateLimit](ratelimit.md)</a> | Limits the call frequency | Security, Request lifecycle |
| [RedirectScheme](redirectscheme.md) | Redirects based on scheme | Request lifecycle | | <a id="RedirectScheme" href="#RedirectScheme" title="#RedirectScheme">[RedirectScheme](redirectscheme.md)</a> | Redirects based on scheme | Request lifecycle |
| [RedirectRegex](redirectregex.md) | Redirects based on regex | Request lifecycle | | <a id="RedirectRegex" href="#RedirectRegex" title="#RedirectRegex">[RedirectRegex](redirectregex.md)</a> | Redirects based on regex | Request lifecycle |
| [ReplacePath](replacepath.md) | Changes the path of the request | Path Modifier | | <a id="ReplacePath" href="#ReplacePath" title="#ReplacePath">[ReplacePath](replacepath.md)</a> | Changes the path of the request | Path Modifier |
| [ReplacePathRegex](replacepathregex.md) | Changes the path of the request | Path Modifier | | <a id="ReplacePathRegex" href="#ReplacePathRegex" title="#ReplacePathRegex">[ReplacePathRegex](replacepathregex.md)</a> | Changes the path of the request | Path Modifier |
| [Retry](retry.md) | Automatically retries in case of error | Request lifecycle | | <a id="Retry" href="#Retry" title="#Retry">[Retry](retry.md)</a> | Automatically retries in case of error | Request lifecycle |
| [StripPrefix](stripprefix.md) | Changes the path of the request | Path Modifier | | <a id="StripPrefix" href="#StripPrefix" title="#StripPrefix">[StripPrefix](stripprefix.md)</a> | Changes the path of the request | Path Modifier |
| [StripPrefixRegex](stripprefixregex.md) | Changes the path of the request | Path Modifier | | <a id="StripPrefixRegex" href="#StripPrefixRegex" title="#StripPrefixRegex">[StripPrefixRegex](stripprefixregex.md)</a> | Changes the path of the request | Path Modifier |
## Community Middlewares ## Community Middlewares
docs/content/reference/routing-configuration/http/middlewares/passtlsclientcert.md
+22 -22
View File
@@ -206,28 +206,28 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:------------------------------------------------------------|:--------|:---------| |:-----------|:------------------------------------------------------------|:--------|:---------|
| `pem` | Fills the `X-Forwarded-Tls-Client-Cert` header with the certificate information.<br /> More information [here](#pem). | false | No | | <a id="pem" href="#pem" title="#pem">`pem`</a> | Fills the `X-Forwarded-Tls-Client-Cert` header with the certificate information.<br /> More information [here](#pem). | false | No |
| `info.serialNumber` | Add the `Serial Number` of the certificate.<br /> More information about `info` [here](#info). | false | No | | <a id="info-serialNumber" href="#info-serialNumber" title="#info-serialNumber">`info.serialNumber`</a> | Add the `Serial Number` of the certificate.<br /> More information about `info` [here](#info). | false | No |
| `info.notAfter` | Add the `Not After` information from the `Validity` part. <br /> More information about `info` [here](#info). | false | No | | <a id="info-notAfter" href="#info-notAfter" title="#info-notAfter">`info.notAfter`</a> | Add the `Not After` information from the `Validity` part. <br /> More information about `info` [here](#info). | false | No |
| `info.notBefore` | Add the `Not Before` information from the `Validity` part. <br />More information about `info` [here](#info). | false | No | | <a id="info-notBefore" href="#info-notBefore" title="#info-notBefore">`info.notBefore`</a> | Add the `Not Before` information from the `Validity` part. <br />More information about `info` [here](#info). | false | No |
| `info.sans` | Add the `Subject Alternative Name` information from the `Subject Alternative Name` part. <br /> More information about `info` [here](#info). | false | No | | <a id="info-sans" href="#info-sans" title="#info-sans">`info.sans`</a> | Add the `Subject Alternative Name` information from the `Subject Alternative Name` part. <br /> More information about `info` [here](#info). | false | No |
| `info.subject` | The `info.subject` selects the specific client certificate subject details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header. <br />More information about `info` [here](#info). | false | No | | <a id="info-subject" href="#info-subject" title="#info-subject">`info.subject`</a> | The `info.subject` selects the specific client certificate subject details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header. <br />More information about `info` [here](#info). | false | No |
| `info.subject.country` | Add the `country` information into the subject.<br /> The data is taken from the subject part with the `C` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-subject-country" href="#info-subject-country" title="#info-subject-country">`info.subject.country`</a> | Add the `country` information into the subject.<br /> The data is taken from the subject part with the `C` key. <br />More information about `info` [here](#info). | false | No |
| `info.subject.province` | Add the `province` information into the subject.<br /> The data is taken from the subject part with the `ST` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-subject-province" href="#info-subject-province" title="#info-subject-province">`info.subject.province`</a> | Add the `province` information into the subject.<br /> The data is taken from the subject part with the `ST` key. <br />More information about `info` [here](#info). | false | No |
| `info.subject.locality` | Add the `locality` information into the subject.<br /> The data is taken from the subject part with the `L` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-subject-locality" href="#info-subject-locality" title="#info-subject-locality">`info.subject.locality`</a> | Add the `locality` information into the subject.<br /> The data is taken from the subject part with the `L` key. <br />More information about `info` [here](#info). | false | No |
| `info.subject.organization` | Add the `organization` information into the subject.<br /> The data is taken from the subject part with the `O` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-subject-organization" href="#info-subject-organization" title="#info-subject-organization">`info.subject.organization`</a> | Add the `organization` information into the subject.<br /> The data is taken from the subject part with the `O` key. <br />More information about `info` [here](#info). | false | No |
| `info.subject.organizationalUnit` | Add the `organizationalUnit` information into the subject.<br /> The data is taken from the subject part with the `OU` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-subject-organizationalUnit" href="#info-subject-organizationalUnit" title="#info-subject-organizationalUnit">`info.subject.organizationalUnit`</a> | Add the `organizationalUnit` information into the subject.<br /> The data is taken from the subject part with the `OU` key. <br />More information about `info` [here](#info). | false | No |
| `info.subject.commonName` | Add the `commonName` information into the subject.<br /> The data is taken from the subject part with the `CN` key.| false | No | | <a id="info-subject-commonName" href="#info-subject-commonName" title="#info-subject-commonName">`info.subject.commonName`</a> | Add the `commonName` information into the subject.<br /> The data is taken from the subject part with the `CN` key.| false | No |
| `info.subject.serialNumber` | Add the `serialNumber` information into the subject.<br /> The data is taken from the subject part with the `SN` key.| false | No | | <a id="info-subject-serialNumber" href="#info-subject-serialNumber" title="#info-subject-serialNumber">`info.subject.serialNumber`</a> | Add the `serialNumber` information into the subject.<br /> The data is taken from the subject part with the `SN` key.| false | No |
| `info.subject.domainComponent` | Add the `domainComponent` information into the subject.<br />The data is taken from the subject part with the `DC` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-subject-domainComponent" href="#info-subject-domainComponent" title="#info-subject-domainComponent">`info.subject.domainComponent`</a> | Add the `domainComponent` information into the subject.<br />The data is taken from the subject part with the `DC` key. <br />More information about `info` [here](#info). | false | No |
| `info.issuer` | The `info.issuer` selects the specific client certificate issuer details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer" href="#info-issuer" title="#info-issuer">`info.issuer`</a> | The `info.issuer` selects the specific client certificate issuer details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header. <br />More information about `info` [here](#info). | false | No |
| `info.issuer.country` | Add the `country` information into the issuer.<br /> The data is taken from the issuer part with the `C` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer-country" href="#info-issuer-country" title="#info-issuer-country">`info.issuer.country`</a> | Add the `country` information into the issuer.<br /> The data is taken from the issuer part with the `C` key. <br />More information about `info` [here](#info). | false | No |
| `info.issuer.province` | Add the `province` information into the issuer.<br />The data is taken from the issuer part with the `ST` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer-province" href="#info-issuer-province" title="#info-issuer-province">`info.issuer.province`</a> | Add the `province` information into the issuer.<br />The data is taken from the issuer part with the `ST` key. <br />More information about `info` [here](#info). | false | No |
| `info.issuer.locality` | Add the `locality` information into the issuer.<br /> The data is taken from the issuer part with the `L` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer-locality" href="#info-issuer-locality" title="#info-issuer-locality">`info.issuer.locality`</a> | Add the `locality` information into the issuer.<br /> The data is taken from the issuer part with the `L` key. <br />More information about `info` [here](#info). | false | No |
| `info.issuer.organization` | Add the `organization` information into the issuer.<br /> The data is taken from the issuer part with the `O` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer-organization" href="#info-issuer-organization" title="#info-issuer-organization">`info.issuer.organization`</a> | Add the `organization` information into the issuer.<br /> The data is taken from the issuer part with the `O` key. <br />More information about `info` [here](#info). | false | No |
| `info.issuer.commonName` |Add the `commonName` information into the issuer.<br /> The data is taken from the issuer part with the `CN` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer-commonName" href="#info-issuer-commonName" title="#info-issuer-commonName">`info.issuer.commonName`</a> |Add the `commonName` information into the issuer.<br /> The data is taken from the issuer part with the `CN` key. <br />More information about `info` [here](#info). | false | No |
| `info.issuer.serialNumber` |Add the `serialNumber` information into the issuer.<br /> The data is taken from the issuer part with the `SN` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer-serialNumber" href="#info-issuer-serialNumber" title="#info-issuer-serialNumber">`info.issuer.serialNumber`</a> |Add the `serialNumber` information into the issuer.<br /> The data is taken from the issuer part with the `SN` key. <br />More information about `info` [here](#info). | false | No |
| `info.issuer.domainComponent` | Add the `domainComponent` information into the issuer.<br /> The data is taken from the issuer part with the `DC` key. <br />More information about `info` [here](#info). | false | No | | <a id="info-issuer-domainComponent" href="#info-issuer-domainComponent" title="#info-issuer-domainComponent">`info.issuer.domainComponent`</a> | Add the `domainComponent` information into the issuer.<br /> The data is taken from the issuer part with the `DC` key. <br />More information about `info` [here](#info). | false | No |
### pem ### pem
docs/content/reference/routing-configuration/http/middlewares/ratelimit.md
+34 -34
View File
@@ -188,29 +188,29 @@ data:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------|:-------------------------------------------------------|:--------|:---------| |:-----------|:-------------------------------------------------------|:--------|:---------|
| `average` | Number of requests used to define the rate using the `period`.<br /> 0 means **no rate limiting**.<br />More information [here](#rate-and-burst). | 0 | No | | <a id="average" href="#average" title="#average">`average`</a> | Number of requests used to define the rate using the `period`.<br /> 0 means **no rate limiting**.<br />More information [here](#rate-and-burst). | 0 | No |
| `period` | Period of time used to define the rate.<br />More information [here](#rate-and-burst). | 1s | No | | <a id="period" href="#period" title="#period">`period`</a> | Period of time used to define the rate.<br />More information [here](#rate-and-burst). | 1s | No |
| `burst` | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst).| 1 | No | | <a id="burst" href="#burst" title="#burst">`burst`</a> | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst).| 1 | No |
| `sourceCriterion.requestHost` | Whether to consider the request host as the source.<br />More information about `sourceCriterion`[here](#sourcecriterion). | false | No | | <a id="sourceCriterion-requestHost" href="#sourceCriterion-requestHost" title="#sourceCriterion-requestHost">`sourceCriterion.requestHost`</a> | Whether to consider the request host as the source.<br />More information about `sourceCriterion`[here](#sourcecriterion). | false | No |
| `sourceCriterion.requestHeaderName` | Name of the header used to group incoming requests.<br />More information about `sourceCriterion`[here](#sourcecriterion). | "" | No | | <a id="sourceCriterion-requestHeaderName" href="#sourceCriterion-requestHeaderName" title="#sourceCriterion-requestHeaderName">`sourceCriterion.requestHeaderName`</a> | Name of the header used to group incoming requests.<br />More information about `sourceCriterion`[here](#sourcecriterion). | "" | No |
| `sourceCriterion.ipStrategy.depth` | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`depth`](#sourcecriterionipstrategydepth) below. | 0 | No | | <a id="sourceCriterion-ipStrategy-depth" href="#sourceCriterion-ipStrategy-depth" title="#sourceCriterion-ipStrategy-depth">`sourceCriterion.ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`depth`](#sourcecriterionipstrategydepth) below. | 0 | No |
| `sourceCriterion.ipStrategy.excludedIPs` | Allows scanning the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`excludedIPs`](#sourcecriterionipstrategyexcludedips) below. | | No | | <a id="sourceCriterion-ipStrategy-excludedIPs" href="#sourceCriterion-ipStrategy-excludedIPs" title="#sourceCriterion-ipStrategy-excludedIPs">`sourceCriterion.ipStrategy.excludedIPs`</a> | Allows scanning the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`excludedIPs`](#sourcecriterionipstrategyexcludedips) below. | | No |
| `sourceCriterion.ipStrategy.ipv6Subnet` | If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy.ipv6Subnet`](#sourcecriterionipstrategyipv6subnet) below. | | No | | <a id="sourceCriterion-ipStrategy-ipv6Subnet" href="#sourceCriterion-ipStrategy-ipv6Subnet" title="#sourceCriterion-ipStrategy-ipv6Subnet">`sourceCriterion.ipStrategy.ipv6Subnet`</a> | If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy.ipv6Subnet`](#sourcecriterionipstrategyipv6subnet) below. | | No |
| `redis` | The `redis` configuration enables distributed rate limiting by using Redis to store rate limit tokens across multiple Traefik instances. This allows you to enforce consistent rate limits across a cluster of Traefik proxies. <br />When Redis is not configured, Traefik uses in-memory storage for rate limiting, which works only for the individual Traefik instance.| | No | | <a id="redis" href="#redis" title="#redis">`redis`</a> | The `redis` configuration enables distributed rate limiting by using Redis to store rate limit tokens across multiple Traefik instances. This allows you to enforce consistent rate limits across a cluster of Traefik proxies. <br />When Redis is not configured, Traefik uses in-memory storage for rate limiting, which works only for the individual Traefik instance.| | No |
| `redis.endpoints` | List of Redis server endpoints for distributed rate limiting. You can specify multiple endpoints for Redis cluster or high availability setups. | "127.0.0.1:6379" | No | | <a id="redis-endpoints" href="#redis-endpoints" title="#redis-endpoints">`redis.endpoints`</a> | List of Redis server endpoints for distributed rate limiting. You can specify multiple endpoints for Redis cluster or high availability setups. | "127.0.0.1:6379" | No |
| `redis.username` | Username for Redis authentication. | "" | No | | <a id="redis-username" href="#redis-username" title="#redis-username">`redis.username`</a> | Username for Redis authentication. | "" | No |
| `redis.password` | Password for Redis authentication. In Kubernetes, these can be provided via secrets. | "" | No | | <a id="redis-password" href="#redis-password" title="#redis-password">`redis.password`</a> | Password for Redis authentication. In Kubernetes, these can be provided via secrets. | "" | No |
| `redis.db` | Redis database number to select. | 0 | No | | <a id="redis-db" href="#redis-db" title="#redis-db">`redis.db`</a> | Redis database number to select. | 0 | No |
| `redis.poolSize` | Defines the base number of socket connections in the pool. If set to 0, it defaults to 10 connections per CPU core as reported by `runtime.GOMAXPROCS`. <br />If there are not enough connections in the pool, new connections will be allocated beyond `poolSize`, up to `maxActiveConns`. | 0 | No | | <a id="redis-poolSize" href="#redis-poolSize" title="#redis-poolSize">`redis.poolSize`</a> | Defines the base number of socket connections in the pool. If set to 0, it defaults to 10 connections per CPU core as reported by `runtime.GOMAXPROCS`. <br />If there are not enough connections in the pool, new connections will be allocated beyond `poolSize`, up to `maxActiveConns`. | 0 | No |
| `redis.minIdleConns` | Minimum number of idle connections to maintain in the pool. This is useful when establishing new connections is slow. A value of 0 means idle connections are not automatically closed. | 0 | No | | <a id="redis-minIdleConns" href="#redis-minIdleConns" title="#redis-minIdleConns">`redis.minIdleConns`</a> | Minimum number of idle connections to maintain in the pool. This is useful when establishing new connections is slow. A value of 0 means idle connections are not automatically closed. | 0 | No |
| `redis.maxActiveConns` | Maximum number of connections the pool can allocate at any given time. A value of 0 means no limit. | 0 | No | | <a id="redis-maxActiveConns" href="#redis-maxActiveConns" title="#redis-maxActiveConns">`redis.maxActiveConns`</a> | Maximum number of connections the pool can allocate at any given time. A value of 0 means no limit. | 0 | No |
| `redis.readTimeout` | Timeout for socket reads. If reached, commands will fail with a timeout instead of blocking. Zero means no timeout. | 3s | No | | <a id="redis-readTimeout" href="#redis-readTimeout" title="#redis-readTimeout">`redis.readTimeout`</a> | Timeout for socket reads. If reached, commands will fail with a timeout instead of blocking. Zero means no timeout. | 3s | No |
| `redis.writeTimeout` | Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Zero means no timeout. | 3s | No | | <a id="redis-writeTimeout" href="#redis-writeTimeout" title="#redis-writeTimeout">`redis.writeTimeout`</a> | Timeout for socket writes. If reached, commands will fail with a timeout instead of blocking. Zero means no timeout. | 3s | No |
| `redis.dialTimeout` | Timeout for establishing new connections. Zero means no timeout. | 5s | No | | <a id="redis-dialTimeout" href="#redis-dialTimeout" title="#redis-dialTimeout">`redis.dialTimeout`</a> | Timeout for establishing new connections. Zero means no timeout. | 5s | No |
| `redis.tls.ca` | Path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle. | "" | No | | <a id="redis-tls-ca" href="#redis-tls-ca" title="#redis-tls-ca">`redis.tls.ca`</a> | Path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle. | "" | No |
| `redis.tls.cert` | Path to the public certificate used for the secure connection to Redis. When this option is set, the `key` option is required. | "" | No | | <a id="redis-tls-cert" href="#redis-tls-cert" title="#redis-tls-cert">`redis.tls.cert`</a> | Path to the public certificate used for the secure connection to Redis. When this option is set, the `key` option is required. | "" | No |
| `redis.tls.key` | Path to the private key used for the secure connection to Redis. When this option is set, the `cert` option is required. | "" | No | | <a id="redis-tls-key" href="#redis-tls-key" title="#redis-tls-key">`redis.tls.key`</a> | Path to the private key used for the secure connection to Redis. When this option is set, the `cert` option is required. | "" | No |
| `redis.tls.insecureSkipVerify` | If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers. | false | No | | <a id="redis-tls-insecureSkipVerify" href="#redis-tls-insecureSkipVerify" title="#redis-tls-insecureSkipVerify">`redis.tls.insecureSkipVerify`</a> | If `insecureSkipVerify` is `true`, the TLS connection to Redis accepts any certificate presented by the server regardless of the hostnames it covers. | false | No |
### sourceCriterion ### sourceCriterion
@@ -241,9 +241,9 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.
| `IP` | `ipv6Subnet` | clientIP | | `IP` | `ipv6Subnet` | clientIP |
|---------------------------|--------------|-----------------------| |---------------------------|--------------|-----------------------|
| `"::abcd:1111:2222:3333"` | `64` | `"::0:0:0:0"` | | <a id="abcd111122223333" href="#abcd111122223333" title="#abcd111122223333">`"::abcd:1111:2222:3333"`</a> | `64` | `"::0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `80` | `"::abcd:0:0:0:0"` | | <a id="abcd111122223333-2" href="#abcd111122223333-2" title="#abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80` | `"::abcd:0:0:0:0"` |
| `"::abcd:1111:2222:3333"` | `96` | `"::abcd:1111:0:0:0"` | | <a id="abcd111122223333-3" href="#abcd111122223333-3" title="#abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96` | `"::abcd:1111:0:0:0"` |
### sourceCriterion.ipStrategy.depth ### sourceCriterion.ipStrategy.depth
@@ -251,9 +251,9 @@ If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,1
| `X-Forwarded-For` | `depth` | clientIP | | `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------| |-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1" href="#10-0-0-111-0-0-112-0-0-113-0-0-1" title="#10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` | | <a id="10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5` | `""` |
### sourceCriterion.ipStrategy.excludedIPs ### sourceCriterion.ipStrategy.excludedIPs
@@ -268,8 +268,8 @@ Example to use each IP as a distinct source:
| X-Forwarded-For | excludedIPs | clientIP | | X-Forwarded-For | excludedIPs | clientIP |
|--------------------------------|-----------------------|--------------| |--------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-1" href="#10-0-0-111-0-0-112-0-0-1" title="#10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` | | <a id="10-0-0-211-0-0-112-0-0-1" href="#10-0-0-211-0-0-112-0-0-1" title="#10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source, and all contribute to the same rate-limit bucket. 2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source, and all contribute to the same rate-limit bucket.
@@ -277,6 +277,6 @@ Example to group IPs together as same source:
| X-Forwarded-For | excludedIPs | clientIP | | X-Forwarded-For | excludedIPs | clientIP |
|--------------------------------|--------------|--------------| |--------------------------------|--------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-111-0-0-112-0-0-1-2" href="#10-0-0-111-0-0-112-0-0-1-2" title="#10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-211-0-0-112-0-0-1-2" href="#10-0-0-211-0-0-112-0-0-1-2" title="#10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.3,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` | | <a id="10-0-0-311-0-0-112-0-0-1" href="#10-0-0-311-0-0-112-0-0-1" title="#10-0-0-311-0-0-112-0-0-1">`"10.0.0.3,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
docs/content/reference/routing-configuration/http/middlewares/redirectregex.md
+3 -3
View File
@@ -63,9 +63,9 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `regex` | The `regex` option is the regular expression to match and capture elements from the request URL.| "" | Yes | | <a id="regex" href="#regex" title="#regex">`regex`</a> | The `regex` option is the regular expression to match and capture elements from the request URL.| "" | Yes |
| `permanent` | Enable a permanent redirection. | false | No | | <a id="permanent" href="#permanent" title="#permanent">`permanent`</a> | Enable a permanent redirection. | false | No |
| `replacement` | The `replacement` option defines how to modify the URL to have the new target URL..<br /> `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax. | "" | No | | <a id="replacement" href="#replacement" title="#replacement">`replacement`</a> | The `replacement` option defines how to modify the URL to have the new target URL..<br /> `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax. | "" | No |
### `regex` ### `regex`
docs/content/reference/routing-configuration/http/middlewares/redirectscheme.md
+3 -3
View File
@@ -69,6 +69,6 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|----------------------------------------------------------|:--------|:---------| |:-----------------------------|----------------------------------------------------------|:--------|:---------|
| `scheme` | Scheme of the new URL. | "" | Yes | | <a id="scheme" href="#scheme" title="#scheme">`scheme`</a> | Scheme of the new URL. | "" | Yes |
| `permanent` | Enable a permanent redirection. | false | No | | <a id="permanent" href="#permanent" title="#permanent">`permanent`</a> | Enable a permanent redirection. | false | No |
| `port` | Port of the new URL.<br />Set a string, **not** a numeric value. | "" | No | | <a id="port" href="#port" title="#port">`port`</a> | Port of the new URL.<br />Set a string, **not** a numeric value. | "" | No |
docs/content/reference/routing-configuration/http/middlewares/replacepath.md
+1 -1
View File
@@ -57,4 +57,4 @@ spec:
| Field | Description | | Field | Description |
|:------|:------------| |:------|:------------|
| `path` | The `path` option defines the path to use as replacement in the request URL. | | <a id="path" href="#path" title="#path">`path`</a> | The `path` option defines the path to use as replacement in the request URL. |
docs/content/reference/routing-configuration/http/middlewares/replacepathregex.md
+2 -2
View File
@@ -57,8 +57,8 @@ labels:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `regex` | Regular expression to match and capture the path from the request URL. | | Yes | | <a id="regex" href="#regex" title="#regex">`regex`</a> | Regular expression to match and capture the path from the request URL. | | Yes |
| `replacement` | Replacement path format, which can include captured variables.<br /> `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax. | | No | <a id="replacement" href="#replacement" title="#replacement">`replacement`</a> | Replacement path format, which can include captured variables.<br /> `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax. | | No
!!! tip !!! tip
docs/content/reference/routing-configuration/http/middlewares/retry.md
+2 -2
View File
@@ -64,5 +64,5 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|:--------|:---------| |:------|:------------|:--------|:---------|
| `attempts` | number of times the request should be retried. | | Yes | | <a id="attempts" href="#attempts" title="#attempts">`attempts`</a> | number of times the request should be retried. | | Yes |
| `initialInterval` | First wait time in the exponential backoff series. <br />The maximum interval is calculated as twice the `initialInterval`. <br /> If unspecified, requests will be retried immediately.<br /> Defined in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). | 0 | No | | <a id="initialInterval" href="#initialInterval" title="#initialInterval">`initialInterval`</a> | First wait time in the exponential backoff series. <br />The maximum interval is calculated as twice the `initialInterval`. <br /> If unspecified, requests will be retried immediately.<br /> Defined in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration). | 0 | No |
docs/content/reference/routing-configuration/http/middlewares/stripprefix.md
+1 -1
View File
@@ -61,6 +61,6 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:--------------------------------------------------------------|:--------|:---------| |:-----------------------------|:--------------------------------------------------------------|:--------|:---------|
| `prefixes` | List of prefixes to strip from the request URL.<br />If your backend is serving assets (for example, images or JavaScript files), it can use the `X-Forwarded-Prefix` header to construct relative URLs. | [] | No | | <a id="prefixes" href="#prefixes" title="#prefixes">`prefixes`</a> | List of prefixes to strip from the request URL.<br />If your backend is serving assets (for example, images or JavaScript files), it can use the `X-Forwarded-Prefix` header to construct relative URLs. | [] | No |
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/middlewares/stripprefixregex.md
+1 -1
View File
@@ -56,7 +56,7 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `regex` | List of regular expressions to match the path prefix from the request URL.<br /> For instance, `/products` also matches `/products/shoes` and `/products/shirts`.<br />More information [here](#regex). | | No | | <a id="regex" href="#regex" title="#regex">`regex`</a> | List of regular expressions to match the path prefix from the request URL.<br /> For instance, `/products` also matches `/products/shoes` and `/products/shirts`.<br />More information [here](#regex). | | No |
### regex ### regex
docs/content/reference/routing-configuration/http/middlewares/waf.md
+2 -2
View File
@@ -58,7 +58,7 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:---------|:-----------------------|:--------|:----------------------------| |:---------|:-----------------------|:--------|:----------------------------|
| `directives` | List of WAF rules to enforce. | | Yes | | <a id="directives" href="#directives" title="#directives">`directives`</a> | List of WAF rules to enforce. | | Yes |
| `crsEnabled` | Enable [CRS rulesets](https://github.com/corazawaf/coraza-coreruleset/tree/main/rules/%40owasp_crs).<br /> Once the ruleset is enabled, it can be used in the middleware. | false | False | | <a id="crsEnabled" href="#crsEnabled" title="#crsEnabled">`crsEnabled`</a> | Enable [CRS rulesets](https://github.com/corazawaf/coraza-coreruleset/tree/main/rules/%40owasp_crs).<br /> Once the ruleset is enabled, it can be used in the middleware. | false | False |
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
docs/content/reference/routing-configuration/http/router/observability.md
+4 -4
View File
@@ -79,10 +79,10 @@ labels:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:-----------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:---------| |:-----------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------|:---------|
| `accessLogs` | The `accessLogs` option controls whether the router will produce access-logs. | `true` | No | | <a id="accessLogs" href="#accessLogs" title="#accessLogs">`accessLogs`</a> | The `accessLogs` option controls whether the router will produce access-logs. | `true` | No |
| `metrics` | The `metrics` option controls whether the router will produce metrics. | `true` | No | | <a id="metrics" href="#metrics" title="#metrics">`metrics`</a> | The `metrics` option controls whether the router will produce metrics. | `true` | No |
| `tracing` | The `tracing` option controls whether the router will produce traces. | `true` | No | | <a id="tracing" href="#tracing" title="#tracing">`tracing`</a> | The `tracing` option controls whether the router will produce traces. | `true` | No |
| `traceVerbosity` | The `traceVerbosity` option controls the tracing verbosity level for the router. Possible values: `minimal` (default), `detailed`. If not set, the value is inherited from the entryPoint. | `minimal` | No | | <a id="traceVerbosity" href="#traceVerbosity" title="#traceVerbosity">`traceVerbosity`</a> | The `traceVerbosity` option controls the tracing verbosity level for the router. Possible values: `minimal` (default), `detailed`. If not set, the value is inherited from the entryPoint. | `minimal` | No |
#### traceVerbosity #### traceVerbosity
docs/content/reference/routing-configuration/http/router/rules-and-priority.md
+35 -35
View File
@@ -22,17 +22,17 @@ The table below lists all the available matchers:
| Matcher | Description | | Matcher | Description |
|-----------------------------------------------------------------|:-------------------------------------------------------------------------------| |-----------------------------------------------------------------|:-------------------------------------------------------------------------------|
| [```Header(`key`, `value`)```](#header-and-headerregexp) | Matches requests containing a header named `key` set to `value`. | | <a id="Headerkey-value" href="#Headerkey-value" title="#Headerkey-value">[```Header(`key`, `value`)```](#header-and-headerregexp)</a> | Matches requests containing a header named `key` set to `value`. |
| [```HeaderRegexp(`key`, `regexp`)```](#header-and-headerregexp) | Matches requests containing a header named `key` matching `regexp`. | | <a id="HeaderRegexpkey-regexp" href="#HeaderRegexpkey-regexp" title="#HeaderRegexpkey-regexp">[```HeaderRegexp(`key`, `regexp`)```](#header-and-headerregexp)</a> | Matches requests containing a header named `key` matching `regexp`. |
| [```Host(`domain`)```](#host-and-hostregexp) | Matches requests host set to `domain`. | | <a id="Hostdomain" href="#Hostdomain" title="#Hostdomain">[```Host(`domain`)```](#host-and-hostregexp)</a> | Matches requests host set to `domain`. |
| [```HostRegexp(`regexp`)```](#host-and-hostregexp) | Matches requests host matching `regexp`. | | <a id="HostRegexpregexp" href="#HostRegexpregexp" title="#HostRegexpregexp">[```HostRegexp(`regexp`)```](#host-and-hostregexp)</a> | Matches requests host matching `regexp`. |
| [```Method(`method`)```](#method) | Matches requests method set to `method`. | | <a id="Methodmethod" href="#Methodmethod" title="#Methodmethod">[```Method(`method`)```](#method)</a> | Matches requests method set to `method`. |
| [```Path(`path`)```](#path-pathprefix-and-pathregexp) | Matches requests path set to `path`. | | <a id="Pathpath" href="#Pathpath" title="#Pathpath">[```Path(`path`)```](#path-pathprefix-and-pathregexp)</a> | Matches requests path set to `path`. |
| [```PathPrefix(`prefix`)```](#path-pathprefix-and-pathregexp) | Matches requests path prefix set to `prefix`. | | <a id="PathPrefixprefix" href="#PathPrefixprefix" title="#PathPrefixprefix">[```PathPrefix(`prefix`)```](#path-pathprefix-and-pathregexp)</a> | Matches requests path prefix set to `prefix`. |
| [```PathRegexp(`regexp`)```](#path-pathprefix-and-pathregexp) | Matches request path using `regexp`. | | <a id="PathRegexpregexp" href="#PathRegexpregexp" title="#PathRegexpregexp">[```PathRegexp(`regexp`)```](#path-pathprefix-and-pathregexp)</a> | Matches request path using `regexp`. |
| [```Query(`key`, `value`)```](#query-and-queryregexp) | Matches requests query parameters named `key` set to `value`. | | <a id="Querykey-value" href="#Querykey-value" title="#Querykey-value">[```Query(`key`, `value`)```](#query-and-queryregexp)</a> | Matches requests query parameters named `key` set to `value`. |
| [```QueryRegexp(`key`, `regexp`)```](#query-and-queryregexp) | Matches requests query parameters named `key` matching `regexp`. | | <a id="QueryRegexpkey-regexp" href="#QueryRegexpkey-regexp" title="#QueryRegexpkey-regexp">[```QueryRegexp(`key`, `regexp`)```](#query-and-queryregexp)</a> | Matches requests query parameters named `key` matching `regexp`. |
| [```ClientIP(`ip`)```](#clientip) | Matches requests client IP using `ip`. It accepts IPv4, IPv6 and CIDR formats. | | <a id="ClientIPip" href="#ClientIPip" title="#ClientIPip">[```ClientIP(`ip`)```](#clientip)</a> | Matches requests client IP using `ip`. It accepts IPv4, IPv6 and CIDR formats. |
### Header and HeaderRegexp ### Header and HeaderRegexp
@@ -40,9 +40,9 @@ The `Header` and `HeaderRegexp` matchers allow matching requests that contain sp
| Behavior | Rule | | Behavior | Rule |
|-----------------------------------------------------------------|:------------------------------------------------------------------------| |-----------------------------------------------------------------|:------------------------------------------------------------------------|
| Match requests with a `Content-Type` header set to `application/yaml`.| ```Header(`Content-Type`, `application/yaml`)``` | | <a id="Match-requests-with-a-Content-Type-header-set-to-applicationyaml" href="#Match-requests-with-a-Content-Type-header-set-to-applicationyaml" title="#Match-requests-with-a-Content-Type-header-set-to-applicationyaml">Match requests with a `Content-Type` header set to `application/yaml`.</a> | ```Header(`Content-Type`, `application/yaml`)``` |
| Match requests with a `Content-Type` header set to either `application/json` or `application/yaml`. | ```HeaderRegexp(`Content-Type`, `^application/(json\|yaml)$`)``` | | <a id="Match-requests-with-a-Content-Type-header-set-to-either-applicationjson-or-applicationyaml" href="#Match-requests-with-a-Content-Type-header-set-to-either-applicationjson-or-applicationyaml" title="#Match-requests-with-a-Content-Type-header-set-to-either-applicationjson-or-applicationyaml">Match requests with a `Content-Type` header set to either `application/json` or `application/yaml`.</a> | ```HeaderRegexp(`Content-Type`, `^application/(json\|yaml)$`)``` |
| Match headers [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity). | ```HeaderRegexp(`Content-Type`, `(?i)^application/(json\|yaml)$`)``` | | <a id="Match-headers-case-insensitively" href="#Match-headers-case-insensitively" title="#Match-headers-case-insensitively">Match headers [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity).</a> | ```HeaderRegexp(`Content-Type`, `(?i)^application/(json\|yaml)$`)``` |
### Host and HostRegexp ### Host and HostRegexp
@@ -56,10 +56,10 @@ These matchers will match the request's host in lowercase.
| Behavior | Rule | | Behavior | Rule |
|-----------------------------------------------------------------|:------------------------------------------------------------------------| |-----------------------------------------------------------------|:------------------------------------------------------------------------|
| Match requests with `Host` set to `example.com`. | ```Host(`example.com`)``` | | <a id="Match-requests-with-Host-set-to-example-com" href="#Match-requests-with-Host-set-to-example-com" title="#Match-requests-with-Host-set-to-example-com">Match requests with `Host` set to `example.com`.</a> | ```Host(`example.com`)``` |
| Match requests sent to any subdomain of `example.com`. | ```HostRegexp(`^.+\.example\.com$`)``` | | <a id="Match-requests-sent-to-any-subdomain-of-example-com" href="#Match-requests-sent-to-any-subdomain-of-example-com" title="#Match-requests-sent-to-any-subdomain-of-example-com">Match requests sent to any subdomain of `example.com`.</a> | ```HostRegexp(`^.+\.example\.com$`)``` |
| Match requests with `Host` set to either `example.com` or `example.org`. | ```HostRegexp(`^example\.(com\|org)$`)``` | | <a id="Match-requests-with-Host-set-to-either-example-com-or-example-org" href="#Match-requests-with-Host-set-to-either-example-com-or-example-org" title="#Match-requests-with-Host-set-to-either-example-com-or-example-org">Match requests with `Host` set to either `example.com` or `example.org`.</a> | ```HostRegexp(`^example\.(com\|org)$`)``` |
| Match `Host` [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity). | ```HostRegexp(`(?i)^example\.(com\|org)$`)``` | | <a id="Match-Host-case-insensitively" href="#Match-Host-case-insensitively" title="#Match-Host-case-insensitively">Match `Host` [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity).</a> | ```HostRegexp(`(?i)^example\.(com\|org)$`)``` |
### Method ### Method
@@ -67,7 +67,7 @@ The `Method` matchers allows matching requests sent based on their HTTP method (
| Behavior | Rule | | Behavior | Rule |
|-----------------------------------------------------------------|:------------------------------------------------------------------------| |-----------------------------------------------------------------|:------------------------------------------------------------------------|
| Match `OPTIONS` requests. | ```Method(`OPTIONS`)``` | | <a id="Match-OPTIONS-requests" href="#Match-OPTIONS-requests" title="#Match-OPTIONS-requests">Match `OPTIONS` requests.</a> | ```Method(`OPTIONS`)``` |
### Path, PathPrefix, and PathRegexp ### Path, PathPrefix, and PathRegexp
@@ -79,11 +79,11 @@ Path are always starting with a `/`, except for `PathRegexp`.
| Behavior | Rule | | Behavior | Rule |
|-----------------------------------------------------------------|:------------------------------------------------------------------------| |-----------------------------------------------------------------|:------------------------------------------------------------------------|
| Match `/products` but neither `/products/shoes` nor `/products/`. | ```Path(`/products`)``` | | <a id="Match-products-but-neither-productsshoes-nor-products" href="#Match-products-but-neither-productsshoes-nor-products" title="#Match-products-but-neither-productsshoes-nor-products">Match `/products` but neither `/products/shoes` nor `/products/`.</a> | ```Path(`/products`)``` |
| Match `/products` as well as everything under `/products`, such as `/products/shoes`, `/products/` but also `/products-for-sale`. | ```PathPrefix(`/products`)``` | | <a id="Match-products-as-well-as-everything-under-products-such-as-productsshoes-products-but-also-products-for-sale" href="#Match-products-as-well-as-everything-under-products-such-as-productsshoes-products-but-also-products-for-sale" title="#Match-products-as-well-as-everything-under-products-such-as-productsshoes-products-but-also-products-for-sale">Match `/products` as well as everything under `/products`, such as `/products/shoes`, `/products/` but also `/products-for-sale`.</a> | ```PathPrefix(`/products`)``` |
| Match both `/products/shoes` and `/products/socks` with and ID like `/products/shoes/31`. | ```PathRegexp(`^/products/(shoes\|socks)/[0-9]+$`)``` | | <a id="Match-both-productsshoes-and-productssocks-with-and-ID-like-productsshoes31" href="#Match-both-productsshoes-and-productssocks-with-and-ID-like-productsshoes31" title="#Match-both-productsshoes-and-productssocks-with-and-ID-like-productsshoes31">Match both `/products/shoes` and `/products/socks` with and ID like `/products/shoes/31`.</a> | ```PathRegexp(`^/products/(shoes\|socks)/[0-9]+$`)``` |
| Match requests with a path ending in either `.jpeg`, `.jpg` or `.png`. | ```PathRegexp(`\.(jpeg\|jpg\|png)$`)``` | | <a id="Match-requests-with-a-path-ending-in-either-jpeg-jpg-or-png" href="#Match-requests-with-a-path-ending-in-either-jpeg-jpg-or-png" title="#Match-requests-with-a-path-ending-in-either-jpeg-jpg-or-png">Match requests with a path ending in either `.jpeg`, `.jpg` or `.png`.</a> | ```PathRegexp(`\.(jpeg\|jpg\|png)$`)``` |
| Match `/products` as well as everything under `/products`, such as `/products/shoes`, `/products/` but also `/products-for-sale`, [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity). | ```HostRegexp(`(?i)^/products`)``` | | <a id="Match-products-as-well-as-everything-under-products-such-as-productsshoes-products-but-also-products-for-sale-case-insensitively" href="#Match-products-as-well-as-everything-under-products-such-as-productsshoes-products-but-also-products-for-sale-case-insensitively" title="#Match-products-as-well-as-everything-under-products-such-as-productsshoes-products-but-also-products-for-sale-case-insensitively">Match `/products` as well as everything under `/products`, such as `/products/shoes`, `/products/` but also `/products-for-sale`, [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity).</a> | ```HostRegexp(`(?i)^/products`)``` |
### Query and QueryRegexp ### Query and QueryRegexp
@@ -91,11 +91,11 @@ The `Query` and `QueryRegexp` matchers allow matching requests based on query pa
| Behavior | Rule | | Behavior | Rule |
|-----------------------------------------------------------------|:------------------------------------------------------------------------| |-----------------------------------------------------------------|:------------------------------------------------------------------------|
| Match requests with a `mobile` query parameter set to `true`, such as in `/search?mobile=true`. | ```Query(`mobile`, `true`)``` | | <a id="Match-requests-with-a-mobile-query-parameter-set-to-true-such-as-in-searchmobiletrue" href="#Match-requests-with-a-mobile-query-parameter-set-to-true-such-as-in-searchmobiletrue" title="#Match-requests-with-a-mobile-query-parameter-set-to-true-such-as-in-searchmobiletrue">Match requests with a `mobile` query parameter set to `true`, such as in `/search?mobile=true`.</a> | ```Query(`mobile`, `true`)``` |
| Match requests with a query parameter `mobile` that has no value, such as in `/search?mobile`. | ```Query(`mobile`)``` | | <a id="Match-requests-with-a-query-parameter-mobile-that-has-no-value-such-as-in-searchmobile" href="#Match-requests-with-a-query-parameter-mobile-that-has-no-value-such-as-in-searchmobile" title="#Match-requests-with-a-query-parameter-mobile-that-has-no-value-such-as-in-searchmobile">Match requests with a query parameter `mobile` that has no value, such as in `/search?mobile`.</a> | ```Query(`mobile`)``` |
| Match requests with a `mobile` query parameter set to either `true` or `yes`. | ```QueryRegexp(`mobile`, `^(true\|yes)$`)``` | | <a id="Match-requests-with-a-mobile-query-parameter-set-to-either-true-or-yes" href="#Match-requests-with-a-mobile-query-parameter-set-to-either-true-or-yes" title="#Match-requests-with-a-mobile-query-parameter-set-to-either-true-or-yes">Match requests with a `mobile` query parameter set to either `true` or `yes`.</a> | ```QueryRegexp(`mobile`, `^(true\|yes)$`)``` |
| Match requests with a `mobile` query parameter set to any value (including the empty value). | ```QueryRegexp(`mobile`, `^.*$`)``` | | <a id="Match-requests-with-a-mobile-query-parameter-set-to-any-value-including-the-empty-value" href="#Match-requests-with-a-mobile-query-parameter-set-to-any-value-including-the-empty-value" title="#Match-requests-with-a-mobile-query-parameter-set-to-any-value-including-the-empty-value">Match requests with a `mobile` query parameter set to any value (including the empty value).</a> | ```QueryRegexp(`mobile`, `^.*$`)``` |
| Match query parameters [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity). | ```QueryRegexp(`mobile`, `(?i)^(true\|yes)$`)``` | | <a id="Match-query-parameters-case-insensitively" href="#Match-query-parameters-case-insensitively" title="#Match-query-parameters-case-insensitively">Match query parameters [case-insensitively](https://en.wikipedia.org/wiki/Case_sensitivity).</a> | ```QueryRegexp(`mobile`, `(?i)^(true\|yes)$`)``` |
### ClientIP ### ClientIP
@@ -105,10 +105,10 @@ It only matches the request client IP and does not use the `X-Forwarded-For` hea
| Behavior | Rule | | Behavior | Rule |
|-----------------------------------------------------------------|:------------------------------------------------------------------------| |-----------------------------------------------------------------|:------------------------------------------------------------------------|
| Match requests coming from a given IP (IPv4). | ```ClientIP(`10.76.105.11`)``` | | <a id="Match-requests-coming-from-a-given-IP-IPv4" href="#Match-requests-coming-from-a-given-IP-IPv4" title="#Match-requests-coming-from-a-given-IP-IPv4">Match requests coming from a given IP (IPv4).</a> | ```ClientIP(`10.76.105.11`)``` |
| Match requests coming from a given IP (IPv6). | ```ClientIP(`::1`)``` | | <a id="Match-requests-coming-from-a-given-IP-IPv6" href="#Match-requests-coming-from-a-given-IP-IPv6" title="#Match-requests-coming-from-a-given-IP-IPv6">Match requests coming from a given IP (IPv6).</a> | ```ClientIP(`::1`)``` |
| Match requests coming from a given subnet (IPv4). | ```ClientIP(`192.168.1.0/24`)``` | | <a id="Match-requests-coming-from-a-given-subnet-IPv4" href="#Match-requests-coming-from-a-given-subnet-IPv4" title="#Match-requests-coming-from-a-given-subnet-IPv4">Match requests coming from a given subnet (IPv4).</a> | ```ClientIP(`192.168.1.0/24`)``` |
| Match requests coming from a given subnet (IPv6). | ```ClientIP(`fe80::/10`)``` | | <a id="Match-requests-coming-from-a-given-subnet-IPv6" href="#Match-requests-coming-from-a-given-subnet-IPv6" title="#Match-requests-coming-from-a-given-subnet-IPv6">Match requests coming from a given subnet (IPv6).</a> | ```ClientIP(`fe80::/10`)``` |
### RuleSyntax ### RuleSyntax
@@ -213,8 +213,8 @@ labels:
| Name | Rule | Priority | | Name | Rule | Priority |
|----------|------------------------------------------|----------| |----------|------------------------------------------|----------|
| Router-1 | ```HostRegexp(`[a-z]+\.traefik\.com`)``` | 34 | | <a id="Router-1" href="#Router-1" title="#Router-1">Router-1</a> | ```HostRegexp(`[a-z]+\.traefik\.com`)``` | 34 |
| Router-2 | ```Host(`foobar.traefik.com`)``` | 26 | | <a id="Router-2" href="#Router-2" title="#Router-2">Router-2</a> | ```Host(`foobar.traefik.com`)``` | 26 |
The previous table shows that `Router-1` has a higher priority than `Router-2`. The previous table shows that `Router-1` has a higher priority than `Router-2`.
docs/content/reference/routing-configuration/http/tls/tls-options.md
+5 -5
View File
@@ -194,11 +194,11 @@ The `clientAuth.clientAuthType` option governs the behaviour as follows:
| Option | Operation | | Option | Operation |
| --------- | ----------- | | --------- | ----------- |
| `NoClientCert` | Disregards any client certificate.| | <a id="NoClientCert" href="#NoClientCert" title="#NoClientCert">`NoClientCert`</a> | Disregards any client certificate.|
| `RequestClientCert` | Asks for a certificate but proceeds anyway if none is provided. | | <a id="RequestClientCert" href="#RequestClientCert" title="#RequestClientCert">`RequestClientCert`</a> | Asks for a certificate but proceeds anyway if none is provided. |
| `RequireAnyClientCert` | Requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. | | <a id="RequireAnyClientCert" href="#RequireAnyClientCert" title="#RequireAnyClientCert">`RequireAnyClientCert`</a> | Requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. |
| `VerifyClientCertIfGiven` | If a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. Otherwise proceeds without any certificate. | | <a id="VerifyClientCertIfGiven" href="#VerifyClientCertIfGiven" title="#VerifyClientCertIfGiven">`VerifyClientCertIfGiven`</a> | If a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. Otherwise proceeds without any certificate. |
| `RequireAndVerifyClientCert` | requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. | | <a id="RequireAndVerifyClientCert" href="#RequireAndVerifyClientCert" title="#RequireAndVerifyClientCert">`RequireAndVerifyClientCert`</a> | requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. |
```yaml tab="Structured (YAML)" ```yaml tab="Structured (YAML)"
# Dynamic configuration # Dynamic configuration
docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
+49 -49
View File
@@ -76,55 +76,55 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:---------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------| |:---------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
| `entryPoints` | List of [entry points](../../../../install-configuration/entrypoints.md) names.<br />If not specified, HTTP routers will accept requests from all EntryPoints in the list of default EntryPoints. | | No | | <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of [entry points](../../../../install-configuration/entrypoints.md) names.<br />If not specified, HTTP routers will accept requests from all EntryPoints in the list of default EntryPoints. | | No |
| `routes` | List of routes. | | Yes | | <a id="routes" href="#routes" title="#routes">`routes`</a> | List of routes. | | Yes |
| `routes[n].kind` | Kind of router matching, only `Rule` is allowed yet. | "Rule" | No | | <a id="routesn-kind" href="#routesn-kind" title="#routesn-kind">`routes[n].kind`</a> | Kind of router matching, only `Rule` is allowed yet. | "Rule" | No |
| `routes[n].match` | Defines the [rule](../../../http/router/rules-and-priority.md#rules) corresponding to an underlying router. | | Yes | | <a id="routesn-match" href="#routesn-match" title="#routesn-match">`routes[n].match`</a> | Defines the [rule](../../../http/router/rules-and-priority.md#rules) corresponding to an underlying router. | | Yes |
| `routes[n].priority` | Defines the [priority](../../../http/router/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used. | 0 | No | | <a id="routesn-priority" href="#routesn-priority" title="#routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../http/router/rules-and-priority.md#priority-calculation) to disambiguate rules of the same length, for route matching.<br />If not set, the priority is directly equal to the length of the rule, and so the longest length has the highest priority.<br />A value of `0` for the priority is ignored, the default rules length sorting is used. | 0 | No |
| `routes[n].middlewares` | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No | | <a id="routesn-middlewares" href="#routesn-middlewares" title="#routesn-middlewares">`routes[n].middlewares`</a> | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
| `routes[n].`<br />`middlewares[m].`<br />`name` | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes | | <a id="routesn-middlewaresm-name" href="#routesn-middlewaresm-name" title="#routesn-middlewaresm-name">`routes[n].`<br />`middlewares[m].`<br />`name`</a> | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
| `routes[n].`<br />`middlewares[m].`<br />`namespace` | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No | | <a id="routesn-middlewaresm-namespace" href="#routesn-middlewaresm-namespace" title="#routesn-middlewaresm-namespace">`routes[n].`<br />`middlewares[m].`<br />`namespace`</a> | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
| `routes[n].`<br />`observability.`<br />`accesslogs` | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/router/observability.md) for more information. | false | No | | <a id="routesn-observability-accesslogs" href="#routesn-observability-accesslogs" title="#routesn-observability-accesslogs">`routes[n].`<br />`observability.`<br />`accesslogs`</a> | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/router/observability.md) for more information. | false | No |
| `routes[n].`<br />`observability.`<br />`metrics` | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/router/observability.md) for more information. | false | No | | <a id="routesn-observability-metrics" href="#routesn-observability-metrics" title="#routesn-observability-metrics">`routes[n].`<br />`observability.`<br />`metrics`</a> | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/router/observability.md) for more information. | false | No |
| `routes[n].`<br />`observability.`<br />`tracing` | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/router/observability.md) for more information. | false | No | | <a id="routesn-observability-tracing" href="#routesn-observability-tracing" title="#routesn-observability-tracing">`routes[n].`<br />`observability.`<br />`tracing`</a> | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/router/observability.md) for more information. | false | No |
| `routes[n].`<br />`services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#externalname-service). | | No | | <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].`<br />`services`</a> | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#externalname-service). | | No |
| `routes[n].`<br />`services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> **TraefikService**: Traefik Service.<br />More information [here](#externalname-service). | "Service" | No | | <a id="routesn-servicesm-kind" href="#routesn-servicesm-kind" title="#routesn-servicesm-kind">`routes[n].`<br />`services[m].`<br />`kind`</a> | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> **TraefikService**: Traefik Service.<br />More information [here](#externalname-service). | "Service" | No |
| `routes[n].`<br />`services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes | | <a id="routesn-servicesm-name" href="#routesn-servicesm-name" title="#routesn-servicesm-name">`routes[n].`<br />`services[m].`<br />`name`</a> | Service name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
| `routes[n].`<br />`services[m].`<br />`namespace` | Service namespace.<br />Can be empty if the service belongs to the same namespace as the IngressRoute. <br />More information [here](#externalname-service). | | No | | <a id="routesn-servicesm-namespace" href="#routesn-servicesm-namespace" title="#routesn-servicesm-namespace">`routes[n].`<br />`services[m].`<br />`namespace`</a> | Service namespace.<br />Can be empty if the service belongs to the same namespace as the IngressRoute. <br />More information [here](#externalname-service). | | No |
| `routes[n].`<br />`services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | | No | | <a id="routesn-servicesm-port" href="#routesn-servicesm-port" title="#routesn-servicesm-port">`routes[n].`<br />`services[m].`<br />`port`</a> | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | | No |
| `routes[n].`<br />`services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No | | <a id="routesn-servicesm-responseForwarding-flushInterval" href="#routesn-servicesm-responseForwarding-flushInterval" title="#routesn-servicesm-responseForwarding-flushInterval">`routes[n].`<br />`services[m].`<br />`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
| `routes[n].`<br />`services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No | | <a id="routesn-servicesm-scheme" href="#routesn-servicesm-scheme" title="#routesn-servicesm-scheme">`routes[n].`<br />`services[m].`<br />`scheme`</a> | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
| `routes[n].`<br />`services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No | | <a id="routesn-servicesm-serversTransport" href="#routesn-servicesm-serversTransport" title="#routesn-servicesm-serversTransport">`routes[n].`<br />`services[m].`<br />`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
| `routes[n].`<br />`services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No | | <a id="routesn-servicesm-passHostHeader" href="#routesn-servicesm-passHostHeader" title="#routesn-servicesm-passHostHeader">`routes[n].`<br />`services[m].`<br />`passHostHeader`</a> | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No | | <a id="routesn-servicesm-healthCheck-scheme" href="#routesn-servicesm-healthCheck-scheme" title="#routesn-servicesm-healthCheck-scheme">`routes[n].`<br />`services[m].`<br />`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No | | <a id="routesn-servicesm-healthCheck-mode" href="#routesn-servicesm-healthCheck-mode" title="#routesn-servicesm-healthCheck-mode">`routes[n].`<br />`services[m].`<br />`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "http" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No | | <a id="routesn-servicesm-healthCheck-path" href="#routesn-servicesm-healthCheck-path" title="#routesn-servicesm-healthCheck-path">`routes[n].`<br />`services[m].`<br />`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No | | <a id="routesn-servicesm-healthCheck-interval" href="#routesn-servicesm-healthCheck-interval" title="#routesn-servicesm-healthCheck-interval">`routes[n].`<br />`services[m].`<br />`healthCheck.interval`</a> | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No | | <a id="routesn-servicesm-healthCheck-unhealthyInterval" href="#routesn-servicesm-healthCheck-unhealthyInterval" title="#routesn-servicesm-healthCheck-unhealthyInterval">`routes[n].`<br />`services[m].`<br />`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "100ms" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No | | <a id="routesn-servicesm-healthCheck-method" href="#routesn-servicesm-healthCheck-method" title="#routesn-servicesm-healthCheck-method">`routes[n].`<br />`services[m].`<br />`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "GET" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No | | <a id="routesn-servicesm-healthCheck-status" href="#routesn-servicesm-healthCheck-status" title="#routesn-servicesm-healthCheck-status">`routes[n].`<br />`services[m].`<br />`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No | | <a id="routesn-servicesm-healthCheck-port" href="#routesn-servicesm-healthCheck-port" title="#routesn-servicesm-healthCheck-port">`routes[n].`<br />`services[m].`<br />`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No | | <a id="routesn-servicesm-healthCheck-timeout" href="#routesn-servicesm-healthCheck-timeout" title="#routesn-servicesm-healthCheck-timeout">`routes[n].`<br />`services[m].`<br />`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "5s" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No | | <a id="routesn-servicesm-healthCheck-hostname" href="#routesn-servicesm-healthCheck-hostname" title="#routesn-servicesm-healthCheck-hostname">`routes[n].`<br />`services[m].`<br />`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | "" | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No | | <a id="routesn-servicesm-healthCheck-followRedirect" href="#routesn-servicesm-healthCheck-followRedirect" title="#routesn-servicesm-healthCheck-followRedirect">`routes[n].`<br />`services[m].`<br />`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service). | true | No |
| `routes[n].`<br />`services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No | | <a id="routesn-servicesm-healthCheck-headers" href="#routesn-servicesm-healthCheck-headers" title="#routesn-servicesm-healthCheck-headers">`routes[n].`<br />`services[m].`<br />`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#externalname-service)). | | No |
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind is **Service**. | "" | No | | <a id="routesn-servicesm-sticky-cookie-name" href="#routesn-servicesm-sticky-cookie-name" title="#routesn-servicesm-sticky-cookie-name">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind is **Service**. | "" | No |
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No | | <a id="routesn-servicesm-sticky-cookie-httpOnly" href="#routesn-servicesm-sticky-cookie-httpOnly" title="#routesn-servicesm-sticky-cookie-httpOnly">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No | | <a id="routesn-servicesm-sticky-cookie-secure" href="#routesn-servicesm-sticky-cookie-secure" title="#routesn-servicesm-sticky-cookie-secure">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No | | <a id="routesn-servicesm-sticky-cookie-sameSite" href="#routesn-servicesm-sticky-cookie-sameSite" title="#routesn-servicesm-sticky-cookie-sameSite">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
| `routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No | | <a id="routesn-servicesm-sticky-cookie-maxAge" href="#routesn-servicesm-sticky-cookie-maxAge" title="#routesn-servicesm-sticky-cookie-maxAge">`routes[n].`<br />`services[m].`<br />`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
| `routes[n].`<br />`services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No | | <a id="routesn-servicesm-strategy" href="#routesn-servicesm-strategy" title="#routesn-servicesm-strategy">`routes[n].`<br />`services[m].`<br />`strategy`</a> | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
| `routes[n].`<br />`services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No | | <a id="routesn-servicesm-weight" href="#routesn-servicesm-weight" title="#routesn-servicesm-weight">`routes[n].`<br />`services[m].`<br />`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
| `routes[n].`<br />`services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br /> Evaluated only if the kind is **Service**. | false | No | | <a id="routesn-servicesm-nativeLB" href="#routesn-servicesm-nativeLB" title="#routesn-servicesm-nativeLB">`routes[n].`<br />`services[m].`<br />`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br /> Evaluated only if the kind is **Service**. | false | No |
| `routes[n].`<br />`services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No | | <a id="routesn-servicesm-nodePortLB" href="#routesn-servicesm-nodePortLB" title="#routesn-servicesm-nodePortLB">`routes[n].`<br />`services[m].`<br />`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
| `tls` | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](tlsstore.md) is used if it is defined.) | | No | | <a id="tls" href="#tls" title="#tls">`tls`</a> | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](tlsstore.md) is used if it is defined.) | | No |
| `tls.secretName` | [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the same namesapce as the `IngressRoute`) | "" | No | | <a id="tls-secretName" href="#tls-secretName" title="#tls-secretName">`tls.secretName`</a> | [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the same namesapce as the `IngressRoute`) | "" | No |
| `tls.`<br />`options.name` | Name of the [`TLSOption`](tlsoption.md) to use.<br />More information [here](#tls-options). | "" | No | | <a id="tls-options-name" href="#tls-options-name" title="#tls-options-name">`tls.`<br />`options.name`</a> | Name of the [`TLSOption`](tlsoption.md) to use.<br />More information [here](#tls-options). | "" | No |
| `tls.`<br />`options.namespace` | Namespace of the [`TLSOption`](tlsoption.md) to use. | "" | No | | <a id="tls-options-namespace" href="#tls-options-namespace" title="#tls-options-namespace">`tls.`<br />`options.namespace`</a> | Namespace of the [`TLSOption`](tlsoption.md) to use. | "" | No |
| `tls.certResolver` | Name of the [Certificate Resolver](../../../../install-configuration/tls/certificate-resolvers/overview.md) to use to generate automatic TLS certificates. | "" | No | | <a id="tls-certResolver" href="#tls-certResolver" title="#tls-certResolver">`tls.certResolver`</a> | Name of the [Certificate Resolver](../../../../install-configuration/tls/certificate-resolvers/overview.md) to use to generate automatic TLS certificates. | "" | No |
| `tls.domains` | List of domains to serve using the certificates generates (one `tls.domain`= one certificate).<br />More information in the [dedicated section](../../../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition). | | No | | <a id="tls-domains" href="#tls-domains" title="#tls-domains">`tls.domains`</a> | List of domains to serve using the certificates generates (one `tls.domain`= one certificate).<br />More information in the [dedicated section](../../../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition). | | No |
| `tls.`<br />`domains[n].main` | Main domain name | "" | Yes | | <a id="tls-domainsn-main" href="#tls-domainsn-main" title="#tls-domainsn-main">`tls.`<br />`domains[n].main`</a> | Main domain name | "" | Yes |
| `tls.`<br />`domains[n].sans` | List of alternative domains (SANs) | | No | | <a id="tls-domainsn-sans" href="#tls-domainsn-sans" title="#tls-domainsn-sans">`tls.`<br />`domains[n].sans`</a> | List of alternative domains (SANs) | | No |
### ExternalName Service ### ExternalName Service
docs/content/reference/routing-configuration/kubernetes/crd/http/serverstransport.md
+12 -12
View File
@@ -55,18 +55,18 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:----------------------------------------------------------|:---------------------|:---------| |:------|:----------------------------------------------------------|:---------------------|:---------|
| `serverstransport.`<br />`serverName` | Defines the server name that will be used for SNI. | | No | | <a id="serverstransport-serverName" href="#serverstransport-serverName" title="#serverstransport-serverName">`serverstransport.`<br />`serverName`</a> | Defines the server name that will be used for SNI. | | No |
| `serverstransport.`<br />`insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No | | <a id="serverstransport-insecureSkipVerify" href="#serverstransport-insecureSkipVerify" title="#serverstransport-insecureSkipVerify">`serverstransport.`<br />`insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
| `serverstransport.`<br />`rootcas` | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No | | <a id="serverstransport-rootcas" href="#serverstransport-rootcas" title="#serverstransport-rootcas">`serverstransport.`<br />`rootcas`</a> | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No |
| `serverstransport.`<br />`certificatesSecrets` | Certificates to present to the server for mTLS. | | No | | <a id="serverstransport-certificatesSecrets" href="#serverstransport-certificatesSecrets" title="#serverstransport-certificatesSecrets">`serverstransport.`<br />`certificatesSecrets`</a> | Certificates to present to the server for mTLS. | | No |
| `serverstransport.`<br />`maxIdleConnsPerHost` | Maximum idle (keep-alive) connections to keep per-host. | 200 | No | | <a id="serverstransport-maxIdleConnsPerHost" href="#serverstransport-maxIdleConnsPerHost" title="#serverstransport-maxIdleConnsPerHost">`serverstransport.`<br />`maxIdleConnsPerHost`</a> | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
| `serverstransport.`<br />`disableHTTP2` | Disables HTTP/2 for connections with servers. | false | No | | <a id="serverstransport-disableHTTP2" href="#serverstransport-disableHTTP2" title="#serverstransport-disableHTTP2">`serverstransport.`<br />`disableHTTP2`</a> | Disables HTTP/2 for connections with servers. | false | No |
| `serverstransport.`<br />`peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No | | <a id="serverstransport-peerCertURI" href="#serverstransport-peerCertURI" title="#serverstransport-peerCertURI">`serverstransport.`<br />`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
| `serverstransport.`<br />`forwardingTimeouts.dialTimeout` | Amount of time to wait until a connection to a server can be established.<br />Zero means no timeout. | 30s | No | | <a id="serverstransport-forwardingTimeouts-dialTimeout" href="#serverstransport-forwardingTimeouts-dialTimeout" title="#serverstransport-forwardingTimeouts-dialTimeout">`serverstransport.`<br />`forwardingTimeouts.dialTimeout`</a> | Amount of time to wait until a connection to a server can be established.<br />Zero means no timeout. | 30s | No |
| `serverstransport.`<br />`forwardingTimeouts.responseHeaderTimeout` | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />Zero means no timeout | 0s | No | | <a id="serverstransport-forwardingTimeouts-responseHeaderTimeout" href="#serverstransport-forwardingTimeouts-responseHeaderTimeout" title="#serverstransport-forwardingTimeouts-responseHeaderTimeout">`serverstransport.`<br />`forwardingTimeouts.responseHeaderTimeout`</a> | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />Zero means no timeout | 0s | No |
| `serverstransport.`<br />`forwardingTimeouts.idleConnTimeout` | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />Zero means no timeout. | 90s | No | | <a id="serverstransport-forwardingTimeouts-idleConnTimeout" href="#serverstransport-forwardingTimeouts-idleConnTimeout" title="#serverstransport-forwardingTimeouts-idleConnTimeout">`serverstransport.`<br />`forwardingTimeouts.idleConnTimeout`</a> | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />Zero means no timeout. | 90s | No |
| `serverstransport.`<br />`spiffe.ids` | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No | | <a id="serverstransport-spiffe-ids" href="#serverstransport-spiffe-ids" title="#serverstransport-spiffe-ids">`serverstransport.`<br />`spiffe.ids`</a> | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
| `serverstransport.`<br />`spiffe.trustDomain` | Allow SPIFFE trust domain. | "" | No | | <a id="serverstransport-spiffe-trustDomain" href="#serverstransport-spiffe-trustDomain" title="#serverstransport-spiffe-trustDomain">`serverstransport.`<br />`spiffe.trustDomain`</a> | Allow SPIFFE trust domain. | "" | No |
!!! note "CA Secret" !!! note "CA Secret"
The CA secret must contain a base64 encoded certificate under either a tls.ca or a ca.crt key. The CA secret must contain a base64 encoded certificate under either a tls.ca or a ca.crt key.
docs/content/reference/routing-configuration/kubernetes/crd/http/tlsoption.md
+12 -12
View File
@@ -48,15 +48,15 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:----------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------|:---------| |:----------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------|:---------|
| `minVersion` | Minimum TLS version that is acceptable. | "VersionTLS12" | No | | <a id="minVersion" href="#minVersion" title="#minVersion">`minVersion`</a> | Minimum TLS version that is acceptable. | "VersionTLS12" | No |
| `maxVersion` | Maximum TLS version that is acceptable.<br />We do not recommend setting this option to disable TLS 1.3. | | No | | <a id="maxVersion" href="#maxVersion" title="#maxVersion">`maxVersion`</a> | Maximum TLS version that is acceptable.<br />We do not recommend setting this option to disable TLS 1.3. | | No |
| `cipherSuites` | List of supported [cipher suites](https://godoc.org/crypto/tls#pkg-constants) for TLS versions up to TLS 1.2.<br />[Cipher suites defined for TLS 1.2 and below cannot be used in TLS 1.3, and vice versa.](https://tools.ietf.org/html/rfc8446)<br />With TLS 1.3, [the cipher suites are not configurable](https://golang.org/doc/go1.12#tls_1_3) (all supported cipher suites are safe in this case). | | No | | <a id="cipherSuites" href="#cipherSuites" title="#cipherSuites">`cipherSuites`</a> | List of supported [cipher suites](https://godoc.org/crypto/tls#pkg-constants) for TLS versions up to TLS 1.2.<br />[Cipher suites defined for TLS 1.2 and below cannot be used in TLS 1.3, and vice versa.](https://tools.ietf.org/html/rfc8446)<br />With TLS 1.3, [the cipher suites are not configurable](https://golang.org/doc/go1.12#tls_1_3) (all supported cipher suites are safe in this case). | | No |
| `curvePreferences` | List of the elliptic curves references that will be used in an ECDHE handshake.<br />Use curves names from [`crypto`](https://godoc.org/crypto/tls#CurveID) or the [RFC](https://tools.ietf.org/html/rfc8446#section-4.2.7).<br />See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information. | | No | | <a id="curvePreferences" href="#curvePreferences" title="#curvePreferences">`curvePreferences`</a> | List of the elliptic curves references that will be used in an ECDHE handshake.<br />Use curves names from [`crypto`](https://godoc.org/crypto/tls#CurveID) or the [RFC](https://tools.ietf.org/html/rfc8446#section-4.2.7).<br />See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information. | | No |
| `clientAuth.secretNames` | Client Authentication (mTLS) option.<br />List of names of the referenced Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) (in TLSOption namespace).<br /> The secret must contain a certificate under either a `tls.ca` or a `ca.crt` key. | | No | | <a id="clientAuth-secretNames" href="#clientAuth-secretNames" title="#clientAuth-secretNames">`clientAuth.secretNames`</a> | Client Authentication (mTLS) option.<br />List of names of the referenced Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/) (in TLSOption namespace).<br /> The secret must contain a certificate under either a `tls.ca` or a `ca.crt` key. | | No |
| `clientAuth.clientAuthType` | Client Authentication (mTLS) option.<br />Client authentication type to apply. Available values [here](#client-authentication-mtls). | | No | | <a id="clientAuth-clientAuthType" href="#clientAuth-clientAuthType" title="#clientAuth-clientAuthType">`clientAuth.clientAuthType`</a> | Client Authentication (mTLS) option.<br />Client authentication type to apply. Available values [here](#client-authentication-mtls). | | No |
| `sniStrict` | Allow rejecting connections from clients connections that do not specify a server_name extension.<br />The [default certificate](../../../http/tls/tls-certificates.md#default-certificate) is never served is the option is enabled. | false | No | | <a id="sniStrict" href="#sniStrict" title="#sniStrict">`sniStrict`</a> | Allow rejecting connections from clients connections that do not specify a server_name extension.<br />The [default certificate](../../../http/tls/tls-certificates.md#default-certificate) is never served is the option is enabled. | false | No |
| `alpnProtocols` | List of supported application level protocols for the TLS handshake, in order of preference.<br />If the client supports ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol. | "h2, http/1.1, acme-tls/1" | No | | <a id="alpnProtocols" href="#alpnProtocols" title="#alpnProtocols">`alpnProtocols`</a> | List of supported application level protocols for the TLS handshake, in order of preference.<br />If the client supports ALPN, the selected protocol will be one from this list, and the connection will fail if there is no mutually supported protocol. | "h2, http/1.1, acme-tls/1" | No |
| `disableSessiontTickets` | Allow disabling the use of session tickets, forcing every client to perform a full TLS handshake instead of resuming sessions. | false | No | | <a id="disableSessiontTickets" href="#disableSessiontTickets" title="#disableSessiontTickets">`disableSessiontTickets`</a> | Allow disabling the use of session tickets, forcing every client to perform a full TLS handshake instead of resuming sessions. | false | No |
### Client Authentication (mTLS) ### Client Authentication (mTLS)
@@ -78,6 +78,6 @@ The default behavior is summed up in the table below:
| Configuration | Behavior | | Configuration | Behavior |
|:--------------------------|:------------------------------------------------------------| |:--------------------------|:------------------------------------------------------------|
| No `default` TLS Option | Default internal set of TLS Options by default. | | <a id="No-default-TLS-Option" href="#No-default-TLS-Option" title="#No-default-TLS-Option">No `default` TLS Option</a> | Default internal set of TLS Options by default. |
| One `default` TLS Option | Custom TLS Options applied by default. | | <a id="One-default-TLS-Option" href="#One-default-TLS-Option" title="#One-default-TLS-Option">One `default` TLS Option</a> | Custom TLS Options applied by default. |
| Many `default` TLS Option | Error log + Default internal set of TLS Options by default. | | <a id="Many-default-TLS-Option" href="#Many-default-TLS-Option" title="#Many-default-TLS-Option">Many `default` TLS Option</a> | Error log + Default internal set of TLS Options by default. |
docs/content/reference/routing-configuration/kubernetes/crd/http/tlsstore.md
+5 -5
View File
@@ -29,11 +29,11 @@ spec:
| Field | Description | Required | | Field | Description | Required |
|:---------------------------------------|:-------------------------|:---------| |:---------------------------------------|:-------------------------|:---------|
| `certificates[n].secretName` | List of Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/), each of them holding a key/certificate pair to add to the store. | No | | <a id="certificatesn-secretName" href="#certificatesn-secretName" title="#certificatesn-secretName">`certificates[n].secretName`</a> | List of Kubernetes [Secrets](https://kubernetes.io/docs/concepts/configuration/secret/), each of them holding a key/certificate pair to add to the store. | No |
| `defaultCertificate.secretName` | Name of the Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) served for connections without a SNI, or without a matching domain. If no default certificate is provided, Traefik will use the generated one. Do not use if the option `defaultGeneratedCert` is set. | No | | <a id="defaultCertificate-secretName" href="#defaultCertificate-secretName" title="#defaultCertificate-secretName">`defaultCertificate.secretName`</a> | Name of the Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) served for connections without a SNI, or without a matching domain. If no default certificate is provided, Traefik will use the generated one. Do not use if the option `defaultGeneratedCert` is set. | No |
| `defaultGeneratedCert.resolver` | Name of the ACME resolver to use to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No | | <a id="defaultGeneratedCert-resolver" href="#defaultGeneratedCert-resolver" title="#defaultGeneratedCert-resolver">`defaultGeneratedCert.resolver`</a> | Name of the ACME resolver to use to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
| `defaultGeneratedCert.domain.main` | Main domain used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No | | <a id="defaultGeneratedCert-domain-main" href="#defaultGeneratedCert-domain-main" title="#defaultGeneratedCert-domain-main">`defaultGeneratedCert.domain.main`</a> | Main domain used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
| `defaultGeneratedCert.domain.sans` | List of [Subject Alternative Name](https://en.wikipedia.org/wiki/Subject_Alternative_Name) used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No | | <a id="defaultGeneratedCert-domain-sans" href="#defaultGeneratedCert-domain-sans" title="#defaultGeneratedCert-domain-sans">`defaultGeneratedCert.domain.sans`</a> | List of [Subject Alternative Name](https://en.wikipedia.org/wiki/Subject_Alternative_Name) used to generate the default certificate.<br /> Do not use if the option `defaultCertificate` is set. | No |
!!! note "DefaultCertificate vs DefaultGeneratedCert" !!! note "DefaultCertificate vs DefaultGeneratedCert"
If both `defaultCertificate` and `defaultGeneratedCert` are set, the TLS certificate contained in `defaultCertificate.secretName` is served. The ACME default certificate is not generated. If both `defaultCertificate` and `defaultGeneratedCert` are set, the TLS certificate contained in `defaultCertificate.secretName` is served. The ACME default certificate is not generated.
docs/content/reference/routing-configuration/kubernetes/crd/http/traefikservice.md
+97 -97
View File
@@ -150,41 +150,41 @@ data:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:---------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------| |:---------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
| `services` | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />. | | No | | <a id="services" href="#services" title="#services">`services`</a> | List of any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />. | | No |
| `services[m].`<br />`kind` | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> - **TraefikService**: Traefik Service. | "" | No | | <a id="servicesm-kind" href="#servicesm-kind" title="#servicesm-kind">`services[m].`<br />`kind`</a> | Kind of the service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br /> - **TraefikService**: Traefik Service. | "" | No |
| `services[m].`<br />`name` | Service name.<br />The character `@` is not authorized. | "" | Yes | | <a id="servicesm-name" href="#servicesm-name" title="#servicesm-name">`services[m].`<br />`name`</a> | Service name.<br />The character `@` is not authorized. | "" | Yes |
| `services[m].`<br />`namespace` | Service namespace. | "" | No | | <a id="servicesm-namespace" href="#servicesm-namespace" title="#servicesm-namespace">`services[m].`<br />`namespace`</a> | Service namespace. | "" | No |
| `services[m].`<br />`port` | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | "" | No | | <a id="servicesm-port" href="#servicesm-port" title="#servicesm-port">`services[m].`<br />`port`</a> | Service port (number or port name).<br />Evaluated only if the kind is **Service**. | "" | No |
| `services[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No | | <a id="servicesm-responseForwarding-flushInterval" href="#servicesm-responseForwarding-flushInterval" title="#servicesm-responseForwarding-flushInterval">`services[m].`<br />`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind is **Service**. | 100ms | No |
| `services[m].`<br />`scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No | | <a id="servicesm-scheme" href="#servicesm-scheme" title="#servicesm-scheme">`services[m].`<br />`scheme`</a> | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
| `services[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No | | <a id="servicesm-serversTransport" href="#servicesm-serversTransport" title="#servicesm-serversTransport">`services[m].`<br />`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and your servers.<br />Evaluated only if the kind is **Service**. | "" | No |
| `services[m].`<br />`passHostHeader` | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No | | <a id="servicesm-passHostHeader" href="#servicesm-passHostHeader" title="#servicesm-passHostHeader">`services[m].`<br />`passHostHeader`</a> | Forward client Host header to server.<br />Evaluated only if the kind is **Service**. | true | No |
| `services[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No | | <a id="servicesm-healthCheck-scheme" href="#servicesm-healthCheck-scheme" title="#servicesm-healthCheck-scheme">`services[m].`<br />`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
| `services[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "http" | No | | <a id="servicesm-healthCheck-mode" href="#servicesm-healthCheck-mode" title="#servicesm-healthCheck-mode">`services[m].`<br />`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "http" | No |
| `services[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No | | <a id="servicesm-healthCheck-path" href="#servicesm-healthCheck-path" title="#servicesm-healthCheck-path">`services[m].`<br />`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
| `services[m].`<br />`healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No | | <a id="servicesm-healthCheck-interval" href="#servicesm-healthCheck-interval" title="#servicesm-healthCheck-interval">`services[m].`<br />`healthCheck.interval`</a> | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
| `services[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No | | <a id="servicesm-healthCheck-unhealthyInterval" href="#servicesm-healthCheck-unhealthyInterval" title="#servicesm-healthCheck-unhealthyInterval">`services[m].`<br />`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName]`ExternalName`. | "100ms" | No |
| `services[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "GET" | No | | <a id="servicesm-healthCheck-method" href="#servicesm-healthCheck-method" title="#servicesm-healthCheck-method">`services[m].`<br />`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "GET" | No |
| `services[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No | | <a id="servicesm-healthCheck-status" href="#servicesm-healthCheck-status" title="#servicesm-healthCheck-status">`services[m].`<br />`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind is **Service**. | | No |
| `services[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No | | <a id="servicesm-healthCheck-port" href="#servicesm-healthCheck-port" title="#servicesm-healthCheck-port">`services[m].`<br />`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
| `services[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "5s" | No | | <a id="servicesm-healthCheck-timeout" href="#servicesm-healthCheck-timeout" title="#servicesm-healthCheck-timeout">`services[m].`<br />`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "5s" | No |
| `services[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No | | <a id="servicesm-healthCheck-hostname" href="#servicesm-healthCheck-hostname" title="#servicesm-healthCheck-hostname">`services[m].`<br />`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | "" | No |
| `services[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | true | No | | <a id="servicesm-healthCheck-followRedirect" href="#servicesm-healthCheck-followRedirect" title="#servicesm-healthCheck-followRedirect">`services[m].`<br />`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | true | No |
| `services[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No | | <a id="servicesm-healthCheck-headers" href="#servicesm-healthCheck-headers" title="#servicesm-healthCheck-headers">`services[m].`<br />`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type `ExternalName`. | | No |
| `services[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />Evaluated only if the kind is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No | | <a id="servicesm-sticky-cookie-name" href="#servicesm-sticky-cookie-name" title="#servicesm-sticky-cookie-name">`services[m].`<br />`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness.<br />Evaluated only if the kind is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
| `services[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No | | <a id="servicesm-sticky-cookie-httpOnly" href="#servicesm-sticky-cookie-httpOnly" title="#servicesm-sticky-cookie-httpOnly">`services[m].`<br />`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind is **Service**. | false | No |
| `services[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No | | <a id="servicesm-sticky-cookie-secure" href="#servicesm-sticky-cookie-secure" title="#servicesm-sticky-cookie-secure">`services[m].`<br />`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind is **Service**. | false | No |
| `services[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No | | <a id="servicesm-sticky-cookie-sameSite" href="#servicesm-sticky-cookie-sameSite" title="#servicesm-sticky-cookie-sameSite">`services[m].`<br />`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind is **Service**. | "" | No |
| `services[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No | | <a id="servicesm-sticky-cookie-maxAge" href="#servicesm-sticky-cookie-maxAge" title="#servicesm-sticky-cookie-maxAge">`services[m].`<br />`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind is **Service**. | 0 | No |
| `services[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No | | <a id="servicesm-strategy" href="#servicesm-strategy" title="#servicesm-strategy">`services[m].`<br />`strategy`</a> | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind is **Service**. | "RoundRobin" | No |
| `services[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No | | <a id="servicesm-weight" href="#servicesm-weight" title="#servicesm-weight">`services[m].`<br />`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
| `services[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind is **Service**. | false | No | | <a id="servicesm-nativeLB" href="#servicesm-nativeLB" title="#servicesm-nativeLB">`services[m].`<br />`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind is **Service**. | false | No |
| `services[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No | | <a id="servicesm-nodePortLB" href="#servicesm-nodePortLB" title="#servicesm-nodePortLB">`services[m].`<br />`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind is **Service**. | false | No |
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness at the WRR service level.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | Abbreviation of a sha1<br />(ex: `_1d52e`). | No | | <a id="sticky-cookie-name" href="#sticky-cookie-name" title="#sticky-cookie-name">`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness at the WRR service level.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript.<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No | | <a id="sticky-cookie-httpOnly" href="#sticky-cookie-httpOnly" title="#sticky-cookie-httpOnly">`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie used for the stickiness at the WRR service level to be accessed by client-side APIs, such as JavaScript.<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
| `sticky.`<br />`cookie.secure` | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No | | <a id="sticky-cookie-secure" href="#sticky-cookie-secure" title="#sticky-cookie-secure">`sticky.`<br />`cookie.secure`</a> | Allow the cookie used for the stickiness at the WRR service level to be only transmitted over an encrypted connection (i.e. HTTPS).<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | false | No |
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy for the cookie used for the stickiness at the WRR service level.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | "" | No | | <a id="sticky-cookie-sameSite" href="#sticky-cookie-sameSite" title="#sticky-cookie-sameSite">`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy for the cookie used for the stickiness at the WRR service level.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />More information about WRR stickiness [here](#stickiness-on-multiple-levels) | "" | No |
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie used for the stickiness at the WRR service level expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires. | 0 | No | | <a id="sticky-cookie-maxAge" href="#sticky-cookie-maxAge" title="#sticky-cookie-maxAge">`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie used for the stickiness at the WRR service level expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires. | 0 | No |
#### Stickiness on multiple levels #### Stickiness on multiple levels
@@ -375,65 +375,65 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:--------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------| |:--------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------|:---------|
| `kind` | Kind of the main service.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No | | <a id="kind" href="#kind" title="#kind">`kind`</a> | Kind of the main service.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
| `name` | Main service name.<br />The character `@` is not authorized. | "" | Yes | | <a id="name" href="#name" title="#name">`name`</a> | Main service name.<br />The character `@` is not authorized. | "" | Yes |
| `namespace` | Main service namespace.<br />More information [here](#services). | "" | No | | <a id="namespace" href="#namespace" title="#namespace">`namespace`</a> | Main service namespace.<br />More information [here](#services). | "" | No |
| `port` | Main service port (number or port name).<br />Evaluated only if the kind of the main service is **Service**. | "" | No | | <a id="port" href="#port" title="#port">`port`</a> | Main service port (number or port name).<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
| `responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the main service is **Service**. | 100ms | No | | <a id="responseForwarding-flushInterval" href="#responseForwarding-flushInterval" title="#responseForwarding-flushInterval">`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the main service is **Service**. | 100ms | No |
| `scheme` | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind of the main service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No | | <a id="scheme" href="#scheme" title="#scheme">`scheme`</a> | Scheme to use for the request to the upstream Kubernetes Service.<br />Evaluated only if the kind of the main service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
| `serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers.<br />Evaluated only if the kind of the main service is **Service**. | "" | No | | <a id="serversTransport" href="#serversTransport" title="#serversTransport">`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and the main service's servers.<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
| `passHostHeader` | Forward client Host header to main service's server.<br />Evaluated only if the kind of the main service is **Service**. | true | No | | <a id="passHostHeader" href="#passHostHeader" title="#passHostHeader">`passHostHeader`</a> | Forward client Host header to main service's server.<br />Evaluated only if the kind of the main service is **Service**. | true | No |
| `healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No | | <a id="healthCheck-scheme" href="#healthCheck-scheme" title="#healthCheck-scheme">`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
| `healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No | | <a id="healthCheck-mode" href="#healthCheck-mode" title="#healthCheck-mode">`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
| `healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No | | <a id="healthCheck-path" href="#healthCheck-path" title="#healthCheck-path">`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
| `healthCheck.interval` | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No | | <a id="healthCheck-interval" href="#healthCheck-interval" title="#healthCheck-interval">`healthCheck.interval`</a> | Frequency of the health check calls for healthy targets.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
| `healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No | | <a id="healthCheck-unhealthyInterval" href="#healthCheck-unhealthyInterval" title="#healthCheck-unhealthyInterval">`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
| `healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No | | <a id="healthCheck-method" href="#healthCheck-method" title="#healthCheck-method">`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
| `healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the main service is **Service**. | | No | | <a id="healthCheck-status" href="#healthCheck-status" title="#healthCheck-status">`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the main service is **Service**. | | No |
| `healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No | | <a id="healthCheck-port" href="#healthCheck-port" title="#healthCheck-port">`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
| `healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No | | <a id="healthCheck-timeout" href="#healthCheck-timeout" title="#healthCheck-timeout">`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
| `healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No | | <a id="healthCheck-hostname" href="#healthCheck-hostname" title="#healthCheck-hostname">`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
| `healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No | | <a id="healthCheck-followRedirect" href="#healthCheck-followRedirect" title="#healthCheck-followRedirect">`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
| `healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No | | <a id="healthCheck-headers" href="#healthCheck-headers" title="#healthCheck-headers">`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the main service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
| `sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness on the main service.<br />Evaluated only if the kind of the main service is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No | | <a id="sticky-cookie-name-2" href="#sticky-cookie-name-2" title="#sticky-cookie-name-2">`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness on the main service.<br />Evaluated only if the kind of the main service is **Service**. | Abbreviation of a sha1<br />(ex: `_1d52e`). | No |
| `sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the main service is **Service**. | false | No | | <a id="sticky-cookie-httpOnly-2" href="#sticky-cookie-httpOnly-2" title="#sticky-cookie-httpOnly-2">`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
| `sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the main service is **Service**. | false | No | | <a id="sticky-cookie-secure-2" href="#sticky-cookie-secure-2" title="#sticky-cookie-secure-2">`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the main service is **Service**. | false | No |
| `sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the main service is **Service**. | "" | No | | <a id="sticky-cookie-sameSite-2" href="#sticky-cookie-sameSite-2" title="#sticky-cookie-sameSite-2">`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the main service is **Service**. | "" | No |
| `sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the main service is **Service**. | 0 | No | | <a id="sticky-cookie-maxAge-2" href="#sticky-cookie-maxAge-2" title="#sticky-cookie-maxAge-2">`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the main service is **Service**. | 0 | No |
| `strategy` | Load balancing strategy between the main service's servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the main service is **Service**. | "RoundRobin" | No | | <a id="strategy" href="#strategy" title="#strategy">`strategy`</a> | Load balancing strategy between the main service's servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the main service is **Service**. | "RoundRobin" | No |
| `weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No | | <a id="weight" href="#weight" title="#weight">`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
| `nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the main service is **Service**. | false | No | | <a id="nativeLB" href="#nativeLB" title="#nativeLB">`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
| `nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the main service is **Service**. | false | No | | <a id="nodePortLB" href="#nodePortLB" title="#nodePortLB">`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the main service is **Service**. | false | No |
| `maxBodySize` | Maximum size allowed for the body of the request.<br />If the body is larger, the request is not mirrored.<br />-1 means unlimited size. | -1 | No | | <a id="maxBodySize" href="#maxBodySize" title="#maxBodySize">`maxBodySize`</a> | Maximum size allowed for the body of the request.<br />If the body is larger, the request is not mirrored.<br />-1 means unlimited size. | -1 | No |
| `mirrors` | List of mirrored services to target.<br /> It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#services). | | No | | <a id="mirrors" href="#mirrors" title="#mirrors">`mirrors`</a> | List of mirrored services to target.<br /> It can be any combination of TraefikService and [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). <br />More information [here](#services). | | No |
| `mirrors[m].`<br />`kind` | Kind of the mirrored service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No | | <a id="mirrorsm-kind" href="#mirrorsm-kind" title="#mirrorsm-kind">`mirrors[m].`<br />`kind`</a> | Kind of the mirrored service targeted.<br />Two values allowed:<br />- **Service**: Kubernetes Service<br />- **TraefikService**: Traefik Service.<br />More information [here](#services) | "" | No |
| `mirrors[m].`<br />`name` | Mirrored service name.<br />The character `@` is not authorized. | "" | Yes | | <a id="mirrorsm-name" href="#mirrorsm-name" title="#mirrorsm-name">`mirrors[m].`<br />`name`</a> | Mirrored service name.<br />The character `@` is not authorized. | "" | Yes |
| `mirrors[m].`<br />`namespace` | Mirrored service namespace.<br />More information [here](#services). | "" | No | | <a id="mirrorsm-namespace" href="#mirrorsm-namespace" title="#mirrorsm-namespace">`mirrors[m].`<br />`namespace`</a> | Mirrored service namespace.<br />More information [here](#services). | "" | No |
| `mirrors[m].`<br />`port` | Mirrored service port (number or port name).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No | | <a id="mirrorsm-port" href="#mirrorsm-port" title="#mirrorsm-port">`mirrors[m].`<br />`port`</a> | Mirrored service port (number or port name).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
| `mirrors[m].`<br />`percent` | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No | | <a id="mirrorsm-percent" href="#mirrorsm-percent" title="#mirrorsm-percent">`mirrors[m].`<br />`percent`</a> | Part of the traffic to mirror in percent (from 0 to 100) | 0 | No |
| `mirrors[m].`<br />`responseForwarding.`<br />`flushInterval` | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the mirrored service is **Service**. | 100ms | No | | <a id="mirrorsm-responseForwarding-flushInterval" href="#mirrorsm-responseForwarding-flushInterval" title="#mirrorsm-responseForwarding-flushInterval">`mirrors[m].`<br />`responseForwarding.`<br />`flushInterval`</a> | Interval, in milliseconds, in between flushes to the client while copying the response body.<br />A negative value means to flush immediately after each write to the client.<br />This configuration is ignored when a response is a streaming response; for such responses, writes are flushed to the client immediately.<br />Evaluated only if the kind of the mirrored service is **Service**. | 100ms | No |
| `mirrors[m].`<br />`scheme` | Scheme to use for the request to the mirrored service.<br />Evaluated only if the kind of the mirrored service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No | | <a id="mirrorsm-scheme" href="#mirrorsm-scheme" title="#mirrorsm-scheme">`mirrors[m].`<br />`scheme`</a> | Scheme to use for the request to the mirrored service.<br />Evaluated only if the kind of the mirrored service is **Service**. | "http"<br />"https" if `port` is 443 or contains the string *https*. | No |
| `mirrors[m].`<br />`serversTransport` | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No | | <a id="mirrorsm-serversTransport" href="#mirrorsm-serversTransport" title="#mirrorsm-serversTransport">`mirrors[m].`<br />`serversTransport`</a> | Name of ServersTransport resource to use to configure the transport between Traefik and the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
| `mirrors[m].`<br />`passHostHeader` | Forward client Host header to the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | true | No | | <a id="mirrorsm-passHostHeader" href="#mirrorsm-passHostHeader" title="#mirrorsm-passHostHeader">`mirrors[m].`<br />`passHostHeader`</a> | Forward client Host header to the mirrored service servers.<br />Evaluated only if the kind of the mirrored service is **Service**. | true | No |
| `mirrors[m].`<br />`healthCheck.scheme` | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No | | <a id="mirrorsm-healthCheck-scheme" href="#mirrorsm-healthCheck-scheme" title="#mirrorsm-healthCheck-scheme">`mirrors[m].`<br />`healthCheck.scheme`</a> | Server URL scheme for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
| `mirrors[m].`<br />`healthCheck.mode` | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No | | <a id="mirrorsm-healthCheck-mode" href="#mirrorsm-healthCheck-mode" title="#mirrorsm-healthCheck-mode">`mirrors[m].`<br />`healthCheck.mode`</a> | Health check mode.<br /> If defined to grpc, will use the gRPC health check protocol to probe the server.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "http" | No |
| `mirrors[m].`<br />`healthCheck.path` | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No | | <a id="mirrorsm-healthCheck-path" href="#mirrorsm-healthCheck-path" title="#mirrorsm-healthCheck-path">`mirrors[m].`<br />`healthCheck.path`</a> | Server URL path for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
| `mirrors[m].`<br />`healthCheck.interval` | Frequency of the health check calls.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No | | <a id="mirrorsm-healthCheck-interval" href="#mirrorsm-healthCheck-interval" title="#mirrorsm-healthCheck-interval">`mirrors[m].`<br />`healthCheck.interval`</a> | Frequency of the health check calls.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
| `mirrors[m].`<br />`healthCheck.unhealthyInterval` | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No | | <a id="mirrorsm-healthCheck-unhealthyInterval" href="#mirrorsm-healthCheck-unhealthyInterval" title="#mirrorsm-healthCheck-unhealthyInterval">`mirrors[m].`<br />`healthCheck.unhealthyInterval`</a> | Frequency of the health check calls for unhealthy targets.<br />When not defined, it defaults to the `interval` value.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "100ms" | No |
| `mirrors[m].`<br />`healthCheck.method` | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No | | <a id="mirrorsm-healthCheck-method" href="#mirrorsm-healthCheck-method" title="#mirrorsm-healthCheck-method">`mirrors[m].`<br />`healthCheck.method`</a> | HTTP method for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "GET" | No |
| `mirrors[m].`<br />`healthCheck.status` | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the mirrored service is **Service**. | | No | | <a id="mirrorsm-healthCheck-status" href="#mirrorsm-healthCheck-status" title="#mirrorsm-healthCheck-status">`mirrors[m].`<br />`healthCheck.status`</a> | Expected HTTP status code of the response to the health check request.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type ExternalName.<br />If not set, expect a status between 200 and 399.<br />Evaluated only if the kind of the mirrored service is **Service**. | | No |
| `mirrors[m].`<br />`healthCheck.port` | URL port for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No | | <a id="mirrorsm-healthCheck-port" href="#mirrorsm-healthCheck-port" title="#mirrorsm-healthCheck-port">`mirrors[m].`<br />`healthCheck.port`</a> | URL port for the health check endpoint.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
| `mirrors[m].`<br />`healthCheck.timeout` | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No | | <a id="mirrorsm-healthCheck-timeout" href="#mirrorsm-healthCheck-timeout" title="#mirrorsm-healthCheck-timeout">`mirrors[m].`<br />`healthCheck.timeout`</a> | Maximum duration to wait before considering the server unhealthy.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "5s" | No |
| `mirrors[m].`<br />`healthCheck.hostname` | Value in the Host header of the health check request.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No | | <a id="mirrorsm-healthCheck-hostname" href="#mirrorsm-healthCheck-hostname" title="#mirrorsm-healthCheck-hostname">`mirrors[m].`<br />`healthCheck.hostname`</a> | Value in the Host header of the health check request.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | "" | No |
| `mirrors[m].`<br />`healthCheck.`<br />`followRedirect` | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No | | <a id="mirrorsm-healthCheck-followRedirect" href="#mirrorsm-healthCheck-followRedirect" title="#mirrorsm-healthCheck-followRedirect">`mirrors[m].`<br />`healthCheck.`<br />`followRedirect`</a> | Follow the redirections during the healtchcheck.<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | true | No |
| `mirrors[m].`<br />`healthCheck.headers` | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No | | <a id="mirrorsm-healthCheck-headers" href="#mirrorsm-healthCheck-headers" title="#mirrorsm-healthCheck-headers">`mirrors[m].`<br />`healthCheck.headers`</a> | Map of header to send to the health check endpoint<br />Evaluated only if the kind of the mirrored service is **Service**.<br />Only for [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [ExternalName](#services). | | No |
| `mirrors[m].`<br />`sticky.`<br />`cookie.name` | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No | | <a id="mirrorsm-sticky-cookie-name" href="#mirrorsm-sticky-cookie-name" title="#mirrorsm-sticky-cookie-name">`mirrors[m].`<br />`sticky.`<br />`cookie.name`</a> | Name of the cookie used for the stickiness.<br />When sticky sessions are enabled, a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.<br />On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.<br />If the server pecified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
| `mirrors[m].`<br />`sticky.`<br />`cookie.httpOnly` | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No | | <a id="mirrorsm-sticky-cookie-httpOnly" href="#mirrorsm-sticky-cookie-httpOnly" title="#mirrorsm-sticky-cookie-httpOnly">`mirrors[m].`<br />`sticky.`<br />`cookie.httpOnly`</a> | Allow the cookie can be accessed by client-side APIs, such as JavaScript.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
| `mirrors[m].`<br />`sticky.`<br />`cookie.secure` | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No | | <a id="mirrorsm-sticky-cookie-secure" href="#mirrorsm-sticky-cookie-secure" title="#mirrorsm-sticky-cookie-secure">`mirrors[m].`<br />`sticky.`<br />`cookie.secure`</a> | Allow the cookie can only be transmitted over an encrypted connection (i.e. HTTPS).<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
| `mirrors[m].`<br />`sticky.`<br />`cookie.sameSite` | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No | | <a id="mirrorsm-sticky-cookie-sameSite" href="#mirrorsm-sticky-cookie-sameSite" title="#mirrorsm-sticky-cookie-sameSite">`mirrors[m].`<br />`sticky.`<br />`cookie.sameSite`</a> | [SameSite](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite) policy.<br />Allowed values:<br />-`none`<br />-`lax`<br />`strict`<br />Evaluated only if the kind of the mirrored service is **Service**. | "" | No |
| `mirrors[m].`<br />`sticky.`<br />`cookie.maxAge` | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the mirrored service is **Service**. | 0 | No | | <a id="mirrorsm-sticky-cookie-maxAge" href="#mirrorsm-sticky-cookie-maxAge" title="#mirrorsm-sticky-cookie-maxAge">`mirrors[m].`<br />`sticky.`<br />`cookie.maxAge`</a> | Number of seconds until the cookie expires.<br />Negative number, the cookie expires immediately.<br />0, the cookie never expires.<br />Evaluated only if the kind of the mirrored service is **Service**. | 0 | No |
| `mirrors[m].`<br />`strategy` | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the mirrored service is **Service**. | "RoundRobin" | No | | <a id="mirrorsm-strategy" href="#mirrorsm-strategy" title="#mirrorsm-strategy">`mirrors[m].`<br />`strategy`</a> | Load balancing strategy between the servers.<br />RoundRobin is the only supported value yet.<br />Evaluated only if the kind of the mirrored service is **Service**. | "RoundRobin" | No |
| `mirrors[m].`<br />`weight` | Service weight.<br />To use only to refer to WRR TraefikService | "" | No | | <a id="mirrorsm-weight" href="#mirrorsm-weight" title="#mirrorsm-weight">`mirrors[m].`<br />`weight`</a> | Service weight.<br />To use only to refer to WRR TraefikService | "" | No |
| `mirrors[m].`<br />`nativeLB` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No | | <a id="mirrorsm-nativeLB" href="#mirrorsm-nativeLB" title="#mirrorsm-nativeLB">`mirrors[m].`<br />`nativeLB`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
| `mirrors[m].`<br />`nodePortLB` | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No | | <a id="mirrorsm-nodePortLB" href="#mirrorsm-nodePortLB" title="#mirrorsm-nodePortLB">`mirrors[m].`<br />`nodePortLB`</a> | Use the nodePort IP address when the service type is NodePort.<br />It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes.<br />Evaluated only if the kind of the mirrored service is **Service**. | false | No |
| `mirrorBody` | Defines whether the request body should be mirrored. | true | No | | <a id="mirrorBody" href="#mirrorBody" title="#mirrorBody">`mirrorBody`</a> | Defines whether the request body should be mirrored. | true | No |
docs/content/reference/routing-configuration/kubernetes/crd/tcp/ingressroutetcp.md
+53 -23
View File
@@ -57,31 +57,61 @@ spec:
## Configuration Options ## Configuration Options
<<<<<<< HEAD
| Field | Description | Default | Required | | Field | Description | Default | Required |
|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------| |-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| `entryPoints` | List of entrypoints names. | | No | | <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
| `routes` | List of routes. | | Yes | | <a id="routes" href="#routes" title="#routes">`routes`</a> | List of routes. | | Yes |
| `routes[n].match` | Defines the [rule](../../../tcp/router/rules-and-priority.md#rules) of the underlying router. | | Yes | | <a id="routesn-match" href="#routesn-match" title="#routesn-match">`routes[n].match`</a> | Defines the [rule](../../../tcp/router/rules-and-priority.md#rules) of the underlying router. | | Yes |
| `routes[n].priority` | Defines the [priority](../../../tcp/router/rules-and-priority.md#priority) to disambiguate rules of the same length, for route matching. | | No | | <a id="routesn-priority" href="#routesn-priority" title="#routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../tcp/router/rules-and-priority.md#priority) to disambiguate rules of the same length, for route matching. | | No |
| `routes[n].middlewares[n].name` | Defines the [MiddlewareTCP](./middlewaretcp.md) name. | | Yes | | <a id="routesn-middlewaresn-name" href="#routesn-middlewaresn-name" title="#routesn-middlewaresn-name">`routes[n].middlewares[n].name`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) name. | | Yes |
| `routes[n].middlewares[n].namespace` | Defines the [MiddlewareTCP](./middlewaretcp.md) namespace. | "" | No | | <a id="routesn-middlewaresn-namespace" href="#routesn-middlewaresn-namespace" title="#routesn-middlewaresn-namespace">`routes[n].middlewares[n].namespace`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) namespace. | "" | No |
| `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. | | No | | <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].services`</a> | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. | | No |
| `routes[n].services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes | | <a id="routesn-servicesn-name" href="#routesn-servicesn-name" title="#routesn-servicesn-name">`routes[n].services[n].name`</a> | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
| `routes[n].services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. | | Yes | | <a id="routesn-servicesn-port" href="#routesn-servicesn-port" title="#routesn-servicesn-port">`routes[n].services[n].port`</a> | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port. | | Yes |
| `routes[n].services[n].weight` | Defines the weight to apply to the server load balancing. | 1 | No | | <a id="routesn-servicesn-weight" href="#routesn-servicesn-weight" title="#routesn-servicesn-weight">`routes[n].services[n].weight`</a> | Defines the weight to apply to the server load balancing. | 1 | No |
| `routes[n].services[n].serversTransport` | Defines the [ServersTransportTCP](./serverstransporttcp.md).<br />The `ServersTransport` namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace. | | No | | <a id="routesn-servicesn-serversTransport" href="#routesn-servicesn-serversTransport" title="#routesn-servicesn-serversTransport">`routes[n].services[n].serversTransport`</a> | Defines the [ServersTransportTCP](./serverstransporttcp.md).<br />The `ServersTransport` namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace. | | No |
| `routes[n].services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. See [here](#nativelb) for more information. | false | No | | <a id="routesn-servicesn-nativeLB" href="#routesn-servicesn-nativeLB" title="#routesn-servicesn-nativeLB">`routes[n].services[n].nativeLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. See [here](#nativelb) for more information. | false | No |
| `routes[n].services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is `NodePort`. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. | false | No | | <a id="routesn-servicesn-nodePortLB" href="#routesn-servicesn-nodePortLB" title="#routesn-servicesn-nodePortLB">`routes[n].services[n].nodePortLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is `NodePort`. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. | false | No |
| `tls` | Defines [TLS](../../../../install-configuration/tls/certificate-resolvers/overview.md) certificate configuration. | | No | | <a id="tls" href="#tls" title="#tls">`tls`</a> | Defines [TLS](../../../../install-configuration/tls/certificate-resolvers/overview.md) certificate configuration. | | No |
| `tls.secretName` | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace). | "" | No | | <a id="tls-secretName" href="#tls-secretName" title="#tls-secretName">`tls.secretName`</a> | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace). | "" | No |
| `tls.options` | Defines the reference to a [TLSOption](../http/tlsoption.md). | "" | No | | <a id="tls-options" href="#tls-options" title="#tls-options">`tls.options`</a> | Defines the reference to a [TLSOption](../http/tlsoption.md). | "" | No |
| `tls.options.name` | Defines the [TLSOption](../http/tlsoption.md) name. | "" | No | | <a id="tls-options-name" href="#tls-options-name" title="#tls-options-name">`tls.options.name`</a> | Defines the [TLSOption](../http/tlsoption.md) name. | "" | No |
| `tls.options.namespace` | Defines the [TLSOption](../http/tlsoption.md) namespace. | "" | No | | <a id="tls-options-namespace" href="#tls-options-namespace" title="#tls-options-namespace">`tls.options.namespace`</a> | Defines the [TLSOption](../http/tlsoption.md) namespace. | "" | No |
| `tls.certResolver` | Defines the reference to a [CertResolver](../../../../install-configuration/tls/certificate-resolvers/overview.md). | "" | No | | <a id="tls-certResolver" href="#tls-certResolver" title="#tls-certResolver">`tls.certResolver`</a> | Defines the reference to a [CertResolver](../../../../install-configuration/tls/certificate-resolvers/overview.md). | "" | No |
| `tls.domains` | List of domains. | "" | No | | <a id="tls-domains" href="#tls-domains" title="#tls-domains">`tls.domains`</a> | List of domains. | "" | No |
| `tls.domains[n].main` | Defines the main domain name. | "" | No | | <a id="tls-domainsn-main" href="#tls-domainsn-main" title="#tls-domainsn-main">`tls.domains[n].main`</a> | Defines the main domain name. | "" | No |
| `tls.domains[n].sans` | List of SANs (alternative domains). | "" | No | | <a id="tls-domainsn-sans" href="#tls-domainsn-sans" title="#tls-domainsn-sans">`tls.domains[n].sans`</a> | List of SANs (alternative domains). | "" | No |
| `tls.passthrough` | If `true`, delegates the TLS termination to the backend. | false | No | | <a id="tls-passthrough" href="#tls-passthrough" title="#tls-passthrough">`tls.passthrough`</a> | If `true`, delegates the TLS termination to the backend. | false | No |
=======
| Field | Description | Default | Required |
|-------------------------------------|-----------------------------|-------------------------------------------|-----------------------|
| <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
| <a id="routes" href="#routes" title="#routes">`routes`</a> | List of routes. | | Yes |
| <a id="routesn-match" href="#routesn-match" title="#routesn-match">`routes[n].match`</a> | Defines the [rule](../../../tcp/router/rules-and-priority.md#rules) of the underlying router. | | Yes |
| <a id="routesn-priority" href="#routesn-priority" title="#routesn-priority">`routes[n].priority`</a> | Defines the [priority](../../../tcp/router/rules-and-priority.md#priority) to disambiguate rules of the same length, for route matching. | | No |
| <a id="routesn-middlewaresn-name" href="#routesn-middlewaresn-name" title="#routesn-middlewaresn-name">`routes[n].middlewares[n].name`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) name. | | Yes |
| <a id="routesn-middlewaresn-namespace" href="#routesn-middlewaresn-namespace" title="#routesn-middlewaresn-namespace">`routes[n].middlewares[n].namespace`</a> | Defines the [MiddlewareTCP](./middlewaretcp.md) namespace. | ""| No|
| <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].services`</a> | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. | | No |
| <a id="routesn-servicesn-name" href="#routesn-servicesn-name" title="#routesn-servicesn-name">`routes[n].services[n].name`</a> | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
| <a id="routesn-servicesn-port" href="#routesn-servicesn-port" title="#routesn-servicesn-port">`routes[n].services[n].port`</a> | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port.| | Yes |
| <a id="routesn-servicesn-weight" href="#routesn-servicesn-weight" title="#routesn-servicesn-weight">`routes[n].services[n].weight`</a> | Defines the weight to apply to the server load balancing. | 1 | No |
| <a id="routesn-servicesn-proxyProtocol" href="#routesn-servicesn-proxyProtocol" title="#routesn-servicesn-proxyProtocol">`routes[n].services[n].proxyProtocol`</a> | Defines the [PROXY protocol](../../../../install-configuration/entrypoints.md#proxyprotocol-and-load-balancers) configuration. | | No |
| <a id="routesn-servicesn-proxyProtocol-version" href="#routesn-servicesn-proxyProtocol-version" title="#routesn-servicesn-proxyProtocol-version">`routes[n].services[n].proxyProtocol.version`</a> | Defines the [PROXY protocol](../../../../install-configuration/entrypoints.md#proxyprotocol-and-load-balancers) version. | | No |
| <a id="routesn-servicesn-serversTransport" href="#routesn-servicesn-serversTransport" title="#routesn-servicesn-serversTransport">`routes[n].services[n].serversTransport`</a> | Defines the [ServersTransportTCP](./serverstransporttcp.md).<br />The `ServersTransport` namespace is assumed to be the [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) namespace. | | No |
| <a id="routesn-servicesn-nativeLB" href="#routesn-servicesn-nativeLB" title="#routesn-servicesn-nativeLB">`routes[n].services[n].nativeLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. See [here](#nativelb) for more information. | false | No |
| <a id="routesn-servicesn-nodePortLB" href="#routesn-servicesn-nodePortLB" title="#routesn-servicesn-nodePortLB">`routes[n].services[n].nodePortLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is `NodePort`. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. | false | No |
| <a id="tls" href="#tls" title="#tls">`tls`</a> | Defines [TLS](../../../../install-configuration/tls/certificate-resolvers/overview.md) certificate configuration. | | No |
| <a id="tls-secretName" href="#tls-secretName" title="#tls-secretName">`tls.secretName`</a> | Defines the [secret](https://kubernetes.io/docs/concepts/configuration/secret/) name used to store the certificate (in the `IngressRoute` namespace). | "" | No |
| <a id="tls-options" href="#tls-options" title="#tls-options">`tls.options`</a> | Defines the reference to a [TLSOption](../http/tlsoption.md). | "" | No |
| <a id="tls-options-name" href="#tls-options-name" title="#tls-options-name">`tls.options.name`</a> | Defines the [TLSOption](../http/tlsoption.md) name. | "" | No |
| <a id="tls-options-namespace" href="#tls-options-namespace" title="#tls-options-namespace">`tls.options.namespace`</a> | Defines the [TLSOption](../http/tlsoption.md) namespace. | "" | No |
| <a id="tls-certResolver" href="#tls-certResolver" title="#tls-certResolver">`tls.certResolver`</a> | Defines the reference to a [CertResolver](../../../../install-configuration/tls/certificate-resolvers/overview.md). | "" | No |
| <a id="tls-domains" href="#tls-domains" title="#tls-domains">`tls.domains`</a> | List of domains. | "" | No |
| <a id="tls-domainsn-main" href="#tls-domainsn-main" title="#tls-domainsn-main">`tls.domains[n].main`</a> | Defines the main domain name. | "" | No |
| <a id="tls-domainsn-sans" href="#tls-domainsn-sans" title="#tls-domainsn-sans">`tls.domains[n].sans`</a> | List of SANs (alternative domains). | "" | No |
| <a id="tls-passthrough" href="#tls-passthrough" title="#tls-passthrough">`tls.passthrough`</a> | If `true`, delegates the TLS termination to the backend. | false | No |
>>>>>>> 9c932124f (Add anchors in reference tables)
### ExternalName Service ### ExternalName Service
docs/content/reference/routing-configuration/kubernetes/crd/tcp/serverstransporttcp.md
+13 -13
View File
@@ -41,16 +41,16 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------| |---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------|----------|
| `dialTimeout` | The amount of time to wait until a connection to a server can be established. If zero, no timeout exists. | 30s | No | | <a id="dialTimeout" href="#dialTimeout" title="#dialTimeout">`dialTimeout`</a> | The amount of time to wait until a connection to a server can be established. If zero, no timeout exists. | 30s | No |
| `dialKeepAlive` | The interval between keep-alive probes for an active network connection.<br />If this option is set to zero, keep-alive probes are sent with a default value (currently 15 seconds),<br />if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field.<br />If negative, keep-alive probes are turned off. | 15s | No | | <a id="dialKeepAlive" href="#dialKeepAlive" title="#dialKeepAlive">`dialKeepAlive`</a> | The interval between keep-alive probes for an active network connection.<br />If this option is set to zero, keep-alive probes are sent with a default value (currently 15 seconds),<br />if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field.<br />If negative, keep-alive probes are turned off. | 15s | No |
| `proxyProtocol` | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No | | <a id="proxyProtocol" href="#proxyProtocol" title="#proxyProtocol">`proxyProtocol`</a> | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No |
| `proxyProtocol.version` | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. | | No | | <a id="proxyProtocol-version" href="#proxyProtocol-version" title="#proxyProtocol-version">`proxyProtocol.version`</a> | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. | | No |
| `terminationDelay` | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 100ms | No | | <a id="terminationDelay" href="#terminationDelay" title="#terminationDelay">`terminationDelay`</a> | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 100ms | No |
| `tls.serverName` | ServerName used to contact the server. | "" | No | | <a id="tls-serverName" href="#tls-serverName" title="#tls-serverName">`tls.serverName`</a> | ServerName used to contact the server. | "" | No |
| `tls.insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No | | <a id="tls-insecureSkipVerify" href="#tls-insecureSkipVerify" title="#tls-insecureSkipVerify">`tls.insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
| `tls.peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No | | <a id="tls-peerCertURI" href="#tls-peerCertURI" title="#tls-peerCertURI">`tls.peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
| `tls.rootCAsSecrets` | Defines the set of root certificate authorities to use when verifying server certificates.<br />The CA secret must contain a base64 encoded certificate under either a `tls.ca` or a `ca.crt` key. | "" | No | | <a id="tls-rootCAsSecrets" href="#tls-rootCAsSecrets" title="#tls-rootCAsSecrets">`tls.rootCAsSecrets`</a> | Defines the set of root certificate authorities to use when verifying server certificates.<br />The CA secret must contain a base64 encoded certificate under either a `tls.ca` or a `ca.crt` key. | "" | No |
| `tls.certificatesSecrets` | Certificates to present to the server for mTLS. | "" | No | | <a id="tls-certificatesSecrets" href="#tls-certificatesSecrets" title="#tls-certificatesSecrets">`tls.certificatesSecrets`</a> | Certificates to present to the server for mTLS. | "" | No |
| `spiffe` | Configures [SPIFFE](../../../../install-configuration/tls/spiffe.md) options. | "" | No | | <a id="spiffe" href="#spiffe" title="#spiffe">`spiffe`</a> | Configures [SPIFFE](../../../../install-configuration/tls/spiffe.md) options. | "" | No |
| `spiffe.ids` | Defines the allowed SPIFFE IDs. This takes precedence over the SPIFFE `trustDomain`. | "" | No | | <a id="spiffe-ids" href="#spiffe-ids" title="#spiffe-ids">`spiffe.ids`</a> | Defines the allowed SPIFFE IDs. This takes precedence over the SPIFFE `trustDomain`. | "" | No |
| `spiffe.trustDomain` | Defines the allowed SPIFFE trust domain. | "" | No | | <a id="spiffe-trustDomain" href="#spiffe-trustDomain" title="#spiffe-trustDomain">`spiffe.trustDomain`</a> | Defines the allowed SPIFFE trust domain. | "" | No |
docs/content/reference/routing-configuration/kubernetes/crd/udp/ingressrouteudp.md
+8 -8
View File
@@ -32,14 +32,14 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|------------------------------------|-----------------------------|-------------------------------------------|-----------------------| |------------------------------------|-----------------------------|-------------------------------------------|-----------------------|
| `entryPoints` | List of entrypoints names. | | No | | <a id="entryPoints" href="#entryPoints" title="#entryPoints">`entryPoints`</a> | List of entrypoints names. | | No |
| ` routes ` | List of routes. | | Yes | | <a id="routes" href="#routes" title="#routes">` routes `</a> | List of routes. | | Yes |
| `routes[n].services` | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. See [here](#externalname-service) for `ExternalName Service` setup. | | No | | <a id="routesn-services" href="#routesn-services" title="#routesn-services">`routes[n].services`</a> | List of [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/) definitions. See [here](#externalname-service) for `ExternalName Service` setup. | | No |
| `services[n].name` | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes | | <a id="servicesn-name" href="#servicesn-name" title="#servicesn-name">`services[n].name`</a> | Defines the name of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). | | Yes |
| `routes[n].services[n].port` | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port.| | Yes | | <a id="routesn-servicesn-port" href="#routesn-servicesn-port" title="#routesn-servicesn-port">`routes[n].services[n].port`</a> | Defines the port of a [Kubernetes service](https://kubernetes.io/docs/concepts/services-networking/service/). This can be a reference to a named port.| | Yes |
| `routes[n].services[n].weight` | Defines the weight to apply to the server load balancing. | 1 | No | | <a id="routesn-servicesn-weight" href="#routesn-servicesn-weight" title="#routesn-servicesn-weight">`routes[n].services[n].weight`</a> | Defines the weight to apply to the server load balancing. | 1 | No |
| `routes[n].services[n].nativeLB` | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. | false | No | | <a id="routesn-servicesn-nativeLB" href="#routesn-servicesn-nativeLB" title="#routesn-servicesn-nativeLB">`routes[n].services[n].nativeLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the pods IPs or if the only child is the Kubernetes Service clusterIP. | false | No |
| `routes[n].services[n].nodePortLB` | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. See [here](#nativelb) for more information. | false | No | | <a id="routesn-servicesn-nodePortLB" href="#routesn-servicesn-nodePortLB" title="#routesn-servicesn-nodePortLB">`routes[n].services[n].nodePortLB`</a> | Controls, when creating the load-balancer, whether the LB's children are directly the nodes internal IPs using the nodePort when the service type is NodePort. It allows services to be reachable when Traefik runs externally from the Kubernetes cluster but within the same network of the nodes. See [here](#nativelb) for more information. | false | No |
### ExternalName Service ### ExternalName Service
docs/content/reference/routing-configuration/kubernetes/ingress-nginx.md
+122 -122
View File
@@ -263,36 +263,36 @@ Limitations or behavioral differences are indicated where relevant.
| Annotation | Limitations / Notes | | Annotation | Limitations / Notes |
|-------------------------------------------------------|--------------------------------------------------------------------------------------------| |-------------------------------------------------------|--------------------------------------------------------------------------------------------|
| `nginx.ingress.kubernetes.io/affinity` | | | <a id="nginx-ingress-kubernetes-ioaffinity" href="#nginx-ingress-kubernetes-ioaffinity" title="#nginx-ingress-kubernetes-ioaffinity">`nginx.ingress.kubernetes.io/affinity`</a> | |
| `nginx.ingress.kubernetes.io/affinity-mode` | Only persistent mode supported; balanced/canary not supported. | | <a id="nginx-ingress-kubernetes-ioaffinity-mode" href="#nginx-ingress-kubernetes-ioaffinity-mode" title="#nginx-ingress-kubernetes-ioaffinity-mode">`nginx.ingress.kubernetes.io/affinity-mode`</a> | Only persistent mode supported; balanced/canary not supported. |
| `nginx.ingress.kubernetes.io/auth-type` | | | <a id="nginx-ingress-kubernetes-ioauth-type" href="#nginx-ingress-kubernetes-ioauth-type" title="#nginx-ingress-kubernetes-ioauth-type">`nginx.ingress.kubernetes.io/auth-type`</a> | |
| `nginx.ingress.kubernetes.io/auth-secret` | | | <a id="nginx-ingress-kubernetes-ioauth-secret" href="#nginx-ingress-kubernetes-ioauth-secret" title="#nginx-ingress-kubernetes-ioauth-secret">`nginx.ingress.kubernetes.io/auth-secret`</a> | |
| `nginx.ingress.kubernetes.io/auth-secret-type` | | | <a id="nginx-ingress-kubernetes-ioauth-secret-type" href="#nginx-ingress-kubernetes-ioauth-secret-type" title="#nginx-ingress-kubernetes-ioauth-secret-type">`nginx.ingress.kubernetes.io/auth-secret-type`</a> | |
| `nginx.ingress.kubernetes.io/auth-realm` | | | <a id="nginx-ingress-kubernetes-ioauth-realm" href="#nginx-ingress-kubernetes-ioauth-realm" title="#nginx-ingress-kubernetes-ioauth-realm">`nginx.ingress.kubernetes.io/auth-realm`</a> | |
| `nginx.ingress.kubernetes.io/auth-url` | Only URL and response headers copy supported. Forward auth behaves differently than NGINX. | | <a id="nginx-ingress-kubernetes-ioauth-url" href="#nginx-ingress-kubernetes-ioauth-url" title="#nginx-ingress-kubernetes-ioauth-url">`nginx.ingress.kubernetes.io/auth-url`</a> | Only URL and response headers copy supported. Forward auth behaves differently than NGINX. |
| `nginx.ingress.kubernetes.io/auth-method` | | | <a id="nginx-ingress-kubernetes-ioauth-method" href="#nginx-ingress-kubernetes-ioauth-method" title="#nginx-ingress-kubernetes-ioauth-method">`nginx.ingress.kubernetes.io/auth-method`</a> | |
| `nginx.ingress.kubernetes.io/auth-response-headers` | | | <a id="nginx-ingress-kubernetes-ioauth-response-headers" href="#nginx-ingress-kubernetes-ioauth-response-headers" title="#nginx-ingress-kubernetes-ioauth-response-headers">`nginx.ingress.kubernetes.io/auth-response-headers`</a> | |
| `nginx.ingress.kubernetes.io/ssl-redirect` | Cannot opt-out per route if enabled globally. | | <a id="nginx-ingress-kubernetes-iossl-redirect" href="#nginx-ingress-kubernetes-iossl-redirect" title="#nginx-ingress-kubernetes-iossl-redirect">`nginx.ingress.kubernetes.io/ssl-redirect`</a> | Cannot opt-out per route if enabled globally. |
| `nginx.ingress.kubernetes.io/force-ssl-redirect` | Cannot opt-out per route if enabled globally. | | <a id="nginx-ingress-kubernetes-ioforce-ssl-redirect" href="#nginx-ingress-kubernetes-ioforce-ssl-redirect" title="#nginx-ingress-kubernetes-ioforce-ssl-redirect">`nginx.ingress.kubernetes.io/force-ssl-redirect`</a> | Cannot opt-out per route if enabled globally. |
| `nginx.ingress.kubernetes.io/ssl-passthrough` | Some differences in SNI/default backend handling. | | <a id="nginx-ingress-kubernetes-iossl-passthrough" href="#nginx-ingress-kubernetes-iossl-passthrough" title="#nginx-ingress-kubernetes-iossl-passthrough">`nginx.ingress.kubernetes.io/ssl-passthrough`</a> | Some differences in SNI/default backend handling. |
| `nginx.ingress.kubernetes.io/use-regex` | | | <a id="nginx-ingress-kubernetes-iouse-regex" href="#nginx-ingress-kubernetes-iouse-regex" title="#nginx-ingress-kubernetes-iouse-regex">`nginx.ingress.kubernetes.io/use-regex`</a> | |
| `nginx.ingress.kubernetes.io/session-cookie-name` | | | <a id="nginx-ingress-kubernetes-iosession-cookie-name" href="#nginx-ingress-kubernetes-iosession-cookie-name" title="#nginx-ingress-kubernetes-iosession-cookie-name">`nginx.ingress.kubernetes.io/session-cookie-name`</a> | |
| `nginx.ingress.kubernetes.io/session-cookie-path` | | | <a id="nginx-ingress-kubernetes-iosession-cookie-path" href="#nginx-ingress-kubernetes-iosession-cookie-path" title="#nginx-ingress-kubernetes-iosession-cookie-path">`nginx.ingress.kubernetes.io/session-cookie-path`</a> | |
| `nginx.ingress.kubernetes.io/session-cookie-domain` | | | <a id="nginx-ingress-kubernetes-iosession-cookie-domain" href="#nginx-ingress-kubernetes-iosession-cookie-domain" title="#nginx-ingress-kubernetes-iosession-cookie-domain">`nginx.ingress.kubernetes.io/session-cookie-domain`</a> | |
| `nginx.ingress.kubernetes.io/session-cookie-samesite` | | | <a id="nginx-ingress-kubernetes-iosession-cookie-samesite" href="#nginx-ingress-kubernetes-iosession-cookie-samesite" title="#nginx-ingress-kubernetes-iosession-cookie-samesite">`nginx.ingress.kubernetes.io/session-cookie-samesite`</a> | |
| `nginx.ingress.kubernetes.io/load-balance` | Only round_robin supported; ewma and IP hash not supported. | | <a id="nginx-ingress-kubernetes-ioload-balance" href="#nginx-ingress-kubernetes-ioload-balance" title="#nginx-ingress-kubernetes-ioload-balance">`nginx.ingress.kubernetes.io/load-balance`</a> | Only round_robin supported; ewma and IP hash not supported. |
| `nginx.ingress.kubernetes.io/backend-protocol` | FCGI and AUTO_HTTP not supported. | | <a id="nginx-ingress-kubernetes-iobackend-protocol" href="#nginx-ingress-kubernetes-iobackend-protocol" title="#nginx-ingress-kubernetes-iobackend-protocol">`nginx.ingress.kubernetes.io/backend-protocol`</a> | FCGI and AUTO_HTTP not supported. |
| `nginx.ingress.kubernetes.io/enable-cors` | Partial support. | | <a id="nginx-ingress-kubernetes-ioenable-cors" href="#nginx-ingress-kubernetes-ioenable-cors" title="#nginx-ingress-kubernetes-ioenable-cors">`nginx.ingress.kubernetes.io/enable-cors`</a> | Partial support. |
| `nginx.ingress.kubernetes.io/cors-allow-credentials` | | | <a id="nginx-ingress-kubernetes-iocors-allow-credentials" href="#nginx-ingress-kubernetes-iocors-allow-credentials" title="#nginx-ingress-kubernetes-iocors-allow-credentials">`nginx.ingress.kubernetes.io/cors-allow-credentials`</a> | |
| `nginx.ingress.kubernetes.io/cors-allow-headers` | | | <a id="nginx-ingress-kubernetes-iocors-allow-headers" href="#nginx-ingress-kubernetes-iocors-allow-headers" title="#nginx-ingress-kubernetes-iocors-allow-headers">`nginx.ingress.kubernetes.io/cors-allow-headers`</a> | |
| `nginx.ingress.kubernetes.io/cors-allow-methods` | | | <a id="nginx-ingress-kubernetes-iocors-allow-methods" href="#nginx-ingress-kubernetes-iocors-allow-methods" title="#nginx-ingress-kubernetes-iocors-allow-methods">`nginx.ingress.kubernetes.io/cors-allow-methods`</a> | |
| `nginx.ingress.kubernetes.io/cors-allow-origin` | | | <a id="nginx-ingress-kubernetes-iocors-allow-origin" href="#nginx-ingress-kubernetes-iocors-allow-origin" title="#nginx-ingress-kubernetes-iocors-allow-origin">`nginx.ingress.kubernetes.io/cors-allow-origin`</a> | |
| `nginx.ingress.kubernetes.io/cors-max-age` | | | <a id="nginx-ingress-kubernetes-iocors-max-age" href="#nginx-ingress-kubernetes-iocors-max-age" title="#nginx-ingress-kubernetes-iocors-max-age">`nginx.ingress.kubernetes.io/cors-max-age`</a> | |
| `nginx.ingress.kubernetes.io/proxy-ssl-server-name` | | | <a id="nginx-ingress-kubernetes-ioproxy-ssl-server-name" href="#nginx-ingress-kubernetes-ioproxy-ssl-server-name" title="#nginx-ingress-kubernetes-ioproxy-ssl-server-name">`nginx.ingress.kubernetes.io/proxy-ssl-server-name`</a> | |
| `nginx.ingress.kubernetes.io/proxy-ssl-name` | | | <a id="nginx-ingress-kubernetes-ioproxy-ssl-name" href="#nginx-ingress-kubernetes-ioproxy-ssl-name" title="#nginx-ingress-kubernetes-ioproxy-ssl-name">`nginx.ingress.kubernetes.io/proxy-ssl-name`</a> | |
| `nginx.ingress.kubernetes.io/proxy-ssl-verify` | | | <a id="nginx-ingress-kubernetes-ioproxy-ssl-verify" href="#nginx-ingress-kubernetes-ioproxy-ssl-verify" title="#nginx-ingress-kubernetes-ioproxy-ssl-verify">`nginx.ingress.kubernetes.io/proxy-ssl-verify`</a> | |
| `nginx.ingress.kubernetes.io/proxy-ssl-secret` | | | <a id="nginx-ingress-kubernetes-ioproxy-ssl-secret" href="#nginx-ingress-kubernetes-ioproxy-ssl-secret" title="#nginx-ingress-kubernetes-ioproxy-ssl-secret">`nginx.ingress.kubernetes.io/proxy-ssl-secret`</a> | |
| `nginx.ingress.kubernetes.io/service-upstream` | | | <a id="nginx-ingress-kubernetes-ioservice-upstream" href="#nginx-ingress-kubernetes-ioservice-upstream" title="#nginx-ingress-kubernetes-ioservice-upstream">`nginx.ingress.kubernetes.io/service-upstream`</a> | |
### Unsupported NGINX Annotations ### Unsupported NGINX Annotations
@@ -308,95 +308,95 @@ Limitations or behavioral differences are indicated where relevant.
| Annotation | Notes | | Annotation | Notes |
|-----------------------------------------------------------------------------|------------------------------------------------------| |-----------------------------------------------------------------------------|------------------------------------------------------|
| `nginx.ingress.kubernetes.io/app-root` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioapp-root" href="#nginx-ingress-kubernetes-ioapp-root" title="#nginx-ingress-kubernetes-ioapp-root">`nginx.ingress.kubernetes.io/app-root`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/affinity-canary-behavior` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioaffinity-canary-behavior" href="#nginx-ingress-kubernetes-ioaffinity-canary-behavior" title="#nginx-ingress-kubernetes-ioaffinity-canary-behavior">`nginx.ingress.kubernetes.io/affinity-canary-behavior`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-tls-secret` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-tls-secret" href="#nginx-ingress-kubernetes-ioauth-tls-secret" title="#nginx-ingress-kubernetes-ioauth-tls-secret">`nginx.ingress.kubernetes.io/auth-tls-secret`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-tls-verify-depth` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-tls-verify-depth" href="#nginx-ingress-kubernetes-ioauth-tls-verify-depth" title="#nginx-ingress-kubernetes-ioauth-tls-verify-depth">`nginx.ingress.kubernetes.io/auth-tls-verify-depth`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-tls-verify-client` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-tls-verify-client" href="#nginx-ingress-kubernetes-ioauth-tls-verify-client" title="#nginx-ingress-kubernetes-ioauth-tls-verify-client">`nginx.ingress.kubernetes.io/auth-tls-verify-client`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-tls-error-page` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-tls-error-page" href="#nginx-ingress-kubernetes-ioauth-tls-error-page" title="#nginx-ingress-kubernetes-ioauth-tls-error-page">`nginx.ingress.kubernetes.io/auth-tls-error-page`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-tls-pass-certificate-to-upstream" href="#nginx-ingress-kubernetes-ioauth-tls-pass-certificate-to-upstream" title="#nginx-ingress-kubernetes-ioauth-tls-pass-certificate-to-upstream">`nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-tls-match-cn` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-tls-match-cn" href="#nginx-ingress-kubernetes-ioauth-tls-match-cn" title="#nginx-ingress-kubernetes-ioauth-tls-match-cn">`nginx.ingress.kubernetes.io/auth-tls-match-cn`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-cache-key` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-cache-key" href="#nginx-ingress-kubernetes-ioauth-cache-key" title="#nginx-ingress-kubernetes-ioauth-cache-key">`nginx.ingress.kubernetes.io/auth-cache-key`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-cache-duration` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-cache-duration" href="#nginx-ingress-kubernetes-ioauth-cache-duration" title="#nginx-ingress-kubernetes-ioauth-cache-duration">`nginx.ingress.kubernetes.io/auth-cache-duration`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-keepalive` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-keepalive" href="#nginx-ingress-kubernetes-ioauth-keepalive" title="#nginx-ingress-kubernetes-ioauth-keepalive">`nginx.ingress.kubernetes.io/auth-keepalive`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-keepalive-share-vars` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-keepalive-share-vars" href="#nginx-ingress-kubernetes-ioauth-keepalive-share-vars" title="#nginx-ingress-kubernetes-ioauth-keepalive-share-vars">`nginx.ingress.kubernetes.io/auth-keepalive-share-vars`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-keepalive-requests` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-keepalive-requests" href="#nginx-ingress-kubernetes-ioauth-keepalive-requests" title="#nginx-ingress-kubernetes-ioauth-keepalive-requests">`nginx.ingress.kubernetes.io/auth-keepalive-requests`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-keepalive-timeout` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-keepalive-timeout" href="#nginx-ingress-kubernetes-ioauth-keepalive-timeout" title="#nginx-ingress-kubernetes-ioauth-keepalive-timeout">`nginx.ingress.kubernetes.io/auth-keepalive-timeout`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-proxy-set-headers` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-proxy-set-headers" href="#nginx-ingress-kubernetes-ioauth-proxy-set-headers" title="#nginx-ingress-kubernetes-ioauth-proxy-set-headers">`nginx.ingress.kubernetes.io/auth-proxy-set-headers`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/auth-snippet` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioauth-snippet" href="#nginx-ingress-kubernetes-ioauth-snippet" title="#nginx-ingress-kubernetes-ioauth-snippet">`nginx.ingress.kubernetes.io/auth-snippet`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/enable-global-auth` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioenable-global-auth" href="#nginx-ingress-kubernetes-ioenable-global-auth" title="#nginx-ingress-kubernetes-ioenable-global-auth">`nginx.ingress.kubernetes.io/enable-global-auth`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/canary` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocanary" href="#nginx-ingress-kubernetes-iocanary" title="#nginx-ingress-kubernetes-iocanary">`nginx.ingress.kubernetes.io/canary`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/canary-by-header` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocanary-by-header" href="#nginx-ingress-kubernetes-iocanary-by-header" title="#nginx-ingress-kubernetes-iocanary-by-header">`nginx.ingress.kubernetes.io/canary-by-header`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/canary-by-header-value` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocanary-by-header-value" href="#nginx-ingress-kubernetes-iocanary-by-header-value" title="#nginx-ingress-kubernetes-iocanary-by-header-value">`nginx.ingress.kubernetes.io/canary-by-header-value`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/canary-by-header-pattern` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocanary-by-header-pattern" href="#nginx-ingress-kubernetes-iocanary-by-header-pattern" title="#nginx-ingress-kubernetes-iocanary-by-header-pattern">`nginx.ingress.kubernetes.io/canary-by-header-pattern`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/canary-by-cookie` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocanary-by-cookie" href="#nginx-ingress-kubernetes-iocanary-by-cookie" title="#nginx-ingress-kubernetes-iocanary-by-cookie">`nginx.ingress.kubernetes.io/canary-by-cookie`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/canary-weight` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocanary-weight" href="#nginx-ingress-kubernetes-iocanary-weight" title="#nginx-ingress-kubernetes-iocanary-weight">`nginx.ingress.kubernetes.io/canary-weight`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/canary-weight-total` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocanary-weight-total" href="#nginx-ingress-kubernetes-iocanary-weight-total" title="#nginx-ingress-kubernetes-iocanary-weight-total">`nginx.ingress.kubernetes.io/canary-weight-total`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/client-body-buffer-size` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioclient-body-buffer-size" href="#nginx-ingress-kubernetes-ioclient-body-buffer-size" title="#nginx-ingress-kubernetes-ioclient-body-buffer-size">`nginx.ingress.kubernetes.io/client-body-buffer-size`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/configuration-snippet` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioconfiguration-snippet" href="#nginx-ingress-kubernetes-ioconfiguration-snippet" title="#nginx-ingress-kubernetes-ioconfiguration-snippet">`nginx.ingress.kubernetes.io/configuration-snippet`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/custom-http-errors` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iocustom-http-errors" href="#nginx-ingress-kubernetes-iocustom-http-errors" title="#nginx-ingress-kubernetes-iocustom-http-errors">`nginx.ingress.kubernetes.io/custom-http-errors`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/disable-proxy-intercept-errors` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iodisable-proxy-intercept-errors" href="#nginx-ingress-kubernetes-iodisable-proxy-intercept-errors" title="#nginx-ingress-kubernetes-iodisable-proxy-intercept-errors">`nginx.ingress.kubernetes.io/disable-proxy-intercept-errors`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/default-backend` | Not supported yet; use `defaultBackend` in Ingress spec. | | <a id="nginx-ingress-kubernetes-iodefault-backend" href="#nginx-ingress-kubernetes-iodefault-backend" title="#nginx-ingress-kubernetes-iodefault-backend">`nginx.ingress.kubernetes.io/default-backend`</a> | Not supported yet; use `defaultBackend` in Ingress spec. |
| `nginx.ingress.kubernetes.io/limit-rate-after` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iolimit-rate-after" href="#nginx-ingress-kubernetes-iolimit-rate-after" title="#nginx-ingress-kubernetes-iolimit-rate-after">`nginx.ingress.kubernetes.io/limit-rate-after`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/limit-rate` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iolimit-rate" href="#nginx-ingress-kubernetes-iolimit-rate" title="#nginx-ingress-kubernetes-iolimit-rate">`nginx.ingress.kubernetes.io/limit-rate`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/limit-whitelist` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iolimit-whitelist" href="#nginx-ingress-kubernetes-iolimit-whitelist" title="#nginx-ingress-kubernetes-iolimit-whitelist">`nginx.ingress.kubernetes.io/limit-whitelist`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/limit-rps` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iolimit-rps" href="#nginx-ingress-kubernetes-iolimit-rps" title="#nginx-ingress-kubernetes-iolimit-rps">`nginx.ingress.kubernetes.io/limit-rps`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/limit-rpm` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iolimit-rpm" href="#nginx-ingress-kubernetes-iolimit-rpm" title="#nginx-ingress-kubernetes-iolimit-rpm">`nginx.ingress.kubernetes.io/limit-rpm`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/limit-burst-multiplier` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iolimit-burst-multiplier" href="#nginx-ingress-kubernetes-iolimit-burst-multiplier" title="#nginx-ingress-kubernetes-iolimit-burst-multiplier">`nginx.ingress.kubernetes.io/limit-burst-multiplier`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/limit-connections` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iolimit-connections" href="#nginx-ingress-kubernetes-iolimit-connections" title="#nginx-ingress-kubernetes-iolimit-connections">`nginx.ingress.kubernetes.io/limit-connections`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/global-rate-limit` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioglobal-rate-limit" href="#nginx-ingress-kubernetes-ioglobal-rate-limit" title="#nginx-ingress-kubernetes-ioglobal-rate-limit">`nginx.ingress.kubernetes.io/global-rate-limit`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/global-rate-limit-window` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioglobal-rate-limit-window" href="#nginx-ingress-kubernetes-ioglobal-rate-limit-window" title="#nginx-ingress-kubernetes-ioglobal-rate-limit-window">`nginx.ingress.kubernetes.io/global-rate-limit-window`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/global-rate-limit-key` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioglobal-rate-limit-key" href="#nginx-ingress-kubernetes-ioglobal-rate-limit-key" title="#nginx-ingress-kubernetes-ioglobal-rate-limit-key">`nginx.ingress.kubernetes.io/global-rate-limit-key`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioglobal-rate-limit-ignored-cidrs" href="#nginx-ingress-kubernetes-ioglobal-rate-limit-ignored-cidrs" title="#nginx-ingress-kubernetes-ioglobal-rate-limit-ignored-cidrs">`nginx.ingress.kubernetes.io/global-rate-limit-ignored-cidrs`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/permanent-redirect` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iopermanent-redirect" href="#nginx-ingress-kubernetes-iopermanent-redirect" title="#nginx-ingress-kubernetes-iopermanent-redirect">`nginx.ingress.kubernetes.io/permanent-redirect`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/permanent-redirect-code` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iopermanent-redirect-code" href="#nginx-ingress-kubernetes-iopermanent-redirect-code" title="#nginx-ingress-kubernetes-iopermanent-redirect-code">`nginx.ingress.kubernetes.io/permanent-redirect-code`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/temporal-redirect` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iotemporal-redirect" href="#nginx-ingress-kubernetes-iotemporal-redirect" title="#nginx-ingress-kubernetes-iotemporal-redirect">`nginx.ingress.kubernetes.io/temporal-redirect`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/preserve-trailing-slash` | Not supported yet; Traefik preserves by default. | | <a id="nginx-ingress-kubernetes-iopreserve-trailing-slash" href="#nginx-ingress-kubernetes-iopreserve-trailing-slash" title="#nginx-ingress-kubernetes-iopreserve-trailing-slash">`nginx.ingress.kubernetes.io/preserve-trailing-slash`</a> | Not supported yet; Traefik preserves by default. |
| `nginx.ingress.kubernetes.io/proxy-cookie-domain` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-cookie-domain" href="#nginx-ingress-kubernetes-ioproxy-cookie-domain" title="#nginx-ingress-kubernetes-ioproxy-cookie-domain">`nginx.ingress.kubernetes.io/proxy-cookie-domain`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-cookie-path` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-cookie-path" href="#nginx-ingress-kubernetes-ioproxy-cookie-path" title="#nginx-ingress-kubernetes-ioproxy-cookie-path">`nginx.ingress.kubernetes.io/proxy-cookie-path`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-connect-timeout` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-connect-timeout" href="#nginx-ingress-kubernetes-ioproxy-connect-timeout" title="#nginx-ingress-kubernetes-ioproxy-connect-timeout">`nginx.ingress.kubernetes.io/proxy-connect-timeout`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-send-timeout` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-send-timeout" href="#nginx-ingress-kubernetes-ioproxy-send-timeout" title="#nginx-ingress-kubernetes-ioproxy-send-timeout">`nginx.ingress.kubernetes.io/proxy-send-timeout`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-read-timeout` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-read-timeout" href="#nginx-ingress-kubernetes-ioproxy-read-timeout" title="#nginx-ingress-kubernetes-ioproxy-read-timeout">`nginx.ingress.kubernetes.io/proxy-read-timeout`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-next-upstream` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-next-upstream" href="#nginx-ingress-kubernetes-ioproxy-next-upstream" title="#nginx-ingress-kubernetes-ioproxy-next-upstream">`nginx.ingress.kubernetes.io/proxy-next-upstream`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-next-upstream-timeout` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-next-upstream-timeout" href="#nginx-ingress-kubernetes-ioproxy-next-upstream-timeout" title="#nginx-ingress-kubernetes-ioproxy-next-upstream-timeout">`nginx.ingress.kubernetes.io/proxy-next-upstream-timeout`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-next-upstream-tries` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-next-upstream-tries" href="#nginx-ingress-kubernetes-ioproxy-next-upstream-tries" title="#nginx-ingress-kubernetes-ioproxy-next-upstream-tries">`nginx.ingress.kubernetes.io/proxy-next-upstream-tries`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-request-buffering` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-request-buffering" href="#nginx-ingress-kubernetes-ioproxy-request-buffering" title="#nginx-ingress-kubernetes-ioproxy-request-buffering">`nginx.ingress.kubernetes.io/proxy-request-buffering`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-redirect-from` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-redirect-from" href="#nginx-ingress-kubernetes-ioproxy-redirect-from" title="#nginx-ingress-kubernetes-ioproxy-redirect-from">`nginx.ingress.kubernetes.io/proxy-redirect-from`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-redirect-to` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-redirect-to" href="#nginx-ingress-kubernetes-ioproxy-redirect-to" title="#nginx-ingress-kubernetes-ioproxy-redirect-to">`nginx.ingress.kubernetes.io/proxy-redirect-to`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-http-version` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-http-version" href="#nginx-ingress-kubernetes-ioproxy-http-version" title="#nginx-ingress-kubernetes-ioproxy-http-version">`nginx.ingress.kubernetes.io/proxy-http-version`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-ssl-ciphers` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-ssl-ciphers" href="#nginx-ingress-kubernetes-ioproxy-ssl-ciphers" title="#nginx-ingress-kubernetes-ioproxy-ssl-ciphers">`nginx.ingress.kubernetes.io/proxy-ssl-ciphers`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-ssl-verify-depth` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-ssl-verify-depth" href="#nginx-ingress-kubernetes-ioproxy-ssl-verify-depth" title="#nginx-ingress-kubernetes-ioproxy-ssl-verify-depth">`nginx.ingress.kubernetes.io/proxy-ssl-verify-depth`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-ssl-protocols` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-ssl-protocols" href="#nginx-ingress-kubernetes-ioproxy-ssl-protocols" title="#nginx-ingress-kubernetes-ioproxy-ssl-protocols">`nginx.ingress.kubernetes.io/proxy-ssl-protocols`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/enable-rewrite-log` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioenable-rewrite-log" href="#nginx-ingress-kubernetes-ioenable-rewrite-log" title="#nginx-ingress-kubernetes-ioenable-rewrite-log">`nginx.ingress.kubernetes.io/enable-rewrite-log`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/rewrite-target` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iorewrite-target" href="#nginx-ingress-kubernetes-iorewrite-target" title="#nginx-ingress-kubernetes-iorewrite-target">`nginx.ingress.kubernetes.io/rewrite-target`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/satisfy` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iosatisfy" href="#nginx-ingress-kubernetes-iosatisfy" title="#nginx-ingress-kubernetes-iosatisfy">`nginx.ingress.kubernetes.io/satisfy`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/server-alias` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioserver-alias" href="#nginx-ingress-kubernetes-ioserver-alias" title="#nginx-ingress-kubernetes-ioserver-alias">`nginx.ingress.kubernetes.io/server-alias`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/server-snippet` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioserver-snippet" href="#nginx-ingress-kubernetes-ioserver-snippet" title="#nginx-ingress-kubernetes-ioserver-snippet">`nginx.ingress.kubernetes.io/server-snippet`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iosession-cookie-conditional-samesite-none" href="#nginx-ingress-kubernetes-iosession-cookie-conditional-samesite-none" title="#nginx-ingress-kubernetes-iosession-cookie-conditional-samesite-none">`nginx.ingress.kubernetes.io/session-cookie-conditional-samesite-none`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/session-cookie-expires` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iosession-cookie-expires" href="#nginx-ingress-kubernetes-iosession-cookie-expires" title="#nginx-ingress-kubernetes-iosession-cookie-expires">`nginx.ingress.kubernetes.io/session-cookie-expires`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/session-cookie-change-on-failure` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iosession-cookie-change-on-failure" href="#nginx-ingress-kubernetes-iosession-cookie-change-on-failure" title="#nginx-ingress-kubernetes-iosession-cookie-change-on-failure">`nginx.ingress.kubernetes.io/session-cookie-change-on-failure`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/ssl-ciphers` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iossl-ciphers" href="#nginx-ingress-kubernetes-iossl-ciphers" title="#nginx-ingress-kubernetes-iossl-ciphers">`nginx.ingress.kubernetes.io/ssl-ciphers`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iossl-prefer-server-ciphers" href="#nginx-ingress-kubernetes-iossl-prefer-server-ciphers" title="#nginx-ingress-kubernetes-iossl-prefer-server-ciphers">`nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/connection-proxy-header` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioconnection-proxy-header" href="#nginx-ingress-kubernetes-ioconnection-proxy-header" title="#nginx-ingress-kubernetes-ioconnection-proxy-header">`nginx.ingress.kubernetes.io/connection-proxy-header`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/enable-access-log` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioenable-access-log" href="#nginx-ingress-kubernetes-ioenable-access-log" title="#nginx-ingress-kubernetes-ioenable-access-log">`nginx.ingress.kubernetes.io/enable-access-log`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/enable-opentracing` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioenable-opentracing" href="#nginx-ingress-kubernetes-ioenable-opentracing" title="#nginx-ingress-kubernetes-ioenable-opentracing">`nginx.ingress.kubernetes.io/enable-opentracing`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/opentracing-trust-incoming-span` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioopentracing-trust-incoming-span" href="#nginx-ingress-kubernetes-ioopentracing-trust-incoming-span" title="#nginx-ingress-kubernetes-ioopentracing-trust-incoming-span">`nginx.ingress.kubernetes.io/opentracing-trust-incoming-span`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/enable-opentelemetry` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioenable-opentelemetry" href="#nginx-ingress-kubernetes-ioenable-opentelemetry" title="#nginx-ingress-kubernetes-ioenable-opentelemetry">`nginx.ingress.kubernetes.io/enable-opentelemetry`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioopentelemetry-trust-incoming-span" href="#nginx-ingress-kubernetes-ioopentelemetry-trust-incoming-span" title="#nginx-ingress-kubernetes-ioopentelemetry-trust-incoming-span">`nginx.ingress.kubernetes.io/opentelemetry-trust-incoming-span`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/enable-modsecurity` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioenable-modsecurity" href="#nginx-ingress-kubernetes-ioenable-modsecurity" title="#nginx-ingress-kubernetes-ioenable-modsecurity">`nginx.ingress.kubernetes.io/enable-modsecurity`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/enable-owasp-core-rules` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioenable-owasp-core-rules" href="#nginx-ingress-kubernetes-ioenable-owasp-core-rules" title="#nginx-ingress-kubernetes-ioenable-owasp-core-rules">`nginx.ingress.kubernetes.io/enable-owasp-core-rules`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/modsecurity-transaction-id` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iomodsecurity-transaction-id" href="#nginx-ingress-kubernetes-iomodsecurity-transaction-id" title="#nginx-ingress-kubernetes-iomodsecurity-transaction-id">`nginx.ingress.kubernetes.io/modsecurity-transaction-id`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/modsecurity-snippet` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iomodsecurity-snippet" href="#nginx-ingress-kubernetes-iomodsecurity-snippet" title="#nginx-ingress-kubernetes-iomodsecurity-snippet">`nginx.ingress.kubernetes.io/modsecurity-snippet`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/mirror-request-body` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iomirror-request-body" href="#nginx-ingress-kubernetes-iomirror-request-body" title="#nginx-ingress-kubernetes-iomirror-request-body">`nginx.ingress.kubernetes.io/mirror-request-body`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/mirror-target` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iomirror-target" href="#nginx-ingress-kubernetes-iomirror-target" title="#nginx-ingress-kubernetes-iomirror-target">`nginx.ingress.kubernetes.io/mirror-target`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/mirror-host` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iomirror-host" href="#nginx-ingress-kubernetes-iomirror-host" title="#nginx-ingress-kubernetes-iomirror-host">`nginx.ingress.kubernetes.io/mirror-host`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/x-forwarded-prefix` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iox-forwarded-prefix" href="#nginx-ingress-kubernetes-iox-forwarded-prefix" title="#nginx-ingress-kubernetes-iox-forwarded-prefix">`nginx.ingress.kubernetes.io/x-forwarded-prefix`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/upstream-hash-by` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioupstream-hash-by" href="#nginx-ingress-kubernetes-ioupstream-hash-by" title="#nginx-ingress-kubernetes-ioupstream-hash-by">`nginx.ingress.kubernetes.io/upstream-hash-by`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/upstream-vhost` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioupstream-vhost" href="#nginx-ingress-kubernetes-ioupstream-vhost" title="#nginx-ingress-kubernetes-ioupstream-vhost">`nginx.ingress.kubernetes.io/upstream-vhost`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/denylist-source-range` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iodenylist-source-range" href="#nginx-ingress-kubernetes-iodenylist-source-range" title="#nginx-ingress-kubernetes-iodenylist-source-range">`nginx.ingress.kubernetes.io/denylist-source-range`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/whitelist-source-range` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iowhitelist-source-range" href="#nginx-ingress-kubernetes-iowhitelist-source-range" title="#nginx-ingress-kubernetes-iowhitelist-source-range">`nginx.ingress.kubernetes.io/whitelist-source-range`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-buffering` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-buffering" href="#nginx-ingress-kubernetes-ioproxy-buffering" title="#nginx-ingress-kubernetes-ioproxy-buffering">`nginx.ingress.kubernetes.io/proxy-buffering`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-buffers-number` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-buffers-number" href="#nginx-ingress-kubernetes-ioproxy-buffers-number" title="#nginx-ingress-kubernetes-ioproxy-buffers-number">`nginx.ingress.kubernetes.io/proxy-buffers-number`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-buffer-size` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-buffer-size" href="#nginx-ingress-kubernetes-ioproxy-buffer-size" title="#nginx-ingress-kubernetes-ioproxy-buffer-size">`nginx.ingress.kubernetes.io/proxy-buffer-size`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/proxy-max-temp-file-size` | Not supported yet. | | <a id="nginx-ingress-kubernetes-ioproxy-max-temp-file-size" href="#nginx-ingress-kubernetes-ioproxy-max-temp-file-size" title="#nginx-ingress-kubernetes-ioproxy-max-temp-file-size">`nginx.ingress.kubernetes.io/proxy-max-temp-file-size`</a> | Not supported yet. |
| `nginx.ingress.kubernetes.io/stream-snippet` | Not supported yet. | | <a id="nginx-ingress-kubernetes-iostream-snippet" href="#nginx-ingress-kubernetes-iostream-snippet" title="#nginx-ingress-kubernetes-iostream-snippet">`nginx.ingress.kubernetes.io/stream-snippet`</a> | Not supported yet. |
docs/content/reference/routing-configuration/other-providers/kv.md
+87 -87
View File
@@ -19,23 +19,23 @@ description: "Read the technical documentation to learn the Traefik Routing Conf
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|--------------------------------------|--------------------------------------|----------------------------| |--------------------------------------|--------------------------------------|----------------------------|
| `traefik/http/routers/<router_name>/rule` | See [rule](../http/router/rules-and-priority.md#rules) for more information. | ```Host(`example.com`)``` | | <a id="traefikhttproutersrouter-namerule" href="#traefikhttproutersrouter-namerule" title="#traefikhttproutersrouter-namerule">`traefik/http/routers/<router_name>/rule`</a> | See [rule](../http/router/rules-and-priority.md#rules) for more information. | ```Host(`example.com`)``` |
| `traefik/http/routers/<router_name>/ruleSyntax` | See [rule](../http/router/rules-and-priority.md#rulesyntax) for more information.<br/>RuleSyntax option is deprecated and will be removed in the next major version.<br/>Please do not use this field and rewrite the router rules to use the v3 syntax. | `v3` | | <a id="traefikhttproutersrouter-nameruleSyntax" href="#traefikhttproutersrouter-nameruleSyntax" title="#traefikhttproutersrouter-nameruleSyntax">`traefik/http/routers/<router_name>/ruleSyntax`</a> | See [rule](../http/router/rules-and-priority.md#rulesyntax) for more information.<br/>RuleSyntax option is deprecated and will be removed in the next major version.<br/>Please do not use this field and rewrite the router rules to use the v3 syntax. | `v3` |
| `traefik/http/routers/<router_name>/entrypoints/0` | See [entry points](../../install-configuration/entrypoints.md) for more information. | `web` | | <a id="traefikhttproutersrouter-nameentrypoints0" href="#traefikhttproutersrouter-nameentrypoints0" title="#traefikhttproutersrouter-nameentrypoints0">`traefik/http/routers/<router_name>/entrypoints/0`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `web` |
| `traefik/http/routers/<router_name>/entrypoints/1` | See [entry points](../../install-configuration/entrypoints.md) for more information. | `websecure` | | <a id="traefikhttproutersrouter-nameentrypoints1" href="#traefikhttproutersrouter-nameentrypoints1" title="#traefikhttproutersrouter-nameentrypoints1">`traefik/http/routers/<router_name>/entrypoints/1`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `websecure` |
| `traefik/http/routers/<router_name>/middlewares/0` | See [middlewares overview](../http/middlewares/overview.md) for more information. | `auth` | | <a id="traefikhttproutersrouter-namemiddlewares0" href="#traefikhttproutersrouter-namemiddlewares0" title="#traefikhttproutersrouter-namemiddlewares0">`traefik/http/routers/<router_name>/middlewares/0`</a> | See [middlewares overview](../http/middlewares/overview.md) for more information. | `auth` |
| `traefik/http/routers/<router_name>/middlewares/1` | | `prefix` | | <a id="traefikhttproutersrouter-namemiddlewares1" href="#traefikhttproutersrouter-namemiddlewares1" title="#traefikhttproutersrouter-namemiddlewares1">`traefik/http/routers/<router_name>/middlewares/1`</a> | | `prefix` |
| `traefik/http/routers/<router_name>/service` | See [service](../http/load-balancing/service.md) for more information. | `myservice` | | <a id="traefikhttproutersrouter-nameservice" href="#traefikhttproutersrouter-nameservice" title="#traefikhttproutersrouter-nameservice">`traefik/http/routers/<router_name>/service`</a> | See [service](../http/load-balancing/service.md) for more information. | `myservice` |
| `traefik/http/routers/<router_name>/tls` | See [tls](../http/tls/overview.md) for more information. | `true` | | <a id="traefikhttproutersrouter-nametls" href="#traefikhttproutersrouter-nametls" title="#traefikhttproutersrouter-nametls">`traefik/http/routers/<router_name>/tls`</a> | See [tls](../http/tls/overview.md) for more information. | `true` |
| `traefik/http/routers/<router_name>/tls/certresolver` | See [certResolver](../../install-configuration/tls/certificate-resolvers/overview.md) for more information. | `myresolver` | | <a id="traefikhttproutersrouter-nametlscertresolver" href="#traefikhttproutersrouter-nametlscertresolver" title="#traefikhttproutersrouter-nametlscertresolver">`traefik/http/routers/<router_name>/tls/certresolver`</a> | See [certResolver](../../install-configuration/tls/certificate-resolvers/overview.md) for more information. | `myresolver` |
| `traefik/http/routers/<router_name>/tls/domains/0/main` | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `example.org` | | <a id="traefikhttproutersrouter-nametlsdomains0main" href="#traefikhttproutersrouter-nametlsdomains0main" title="#traefikhttproutersrouter-nametlsdomains0main">`traefik/http/routers/<router_name>/tls/domains/0/main`</a> | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `example.org` |
| `traefik/http/routers/<router_name>/tls/domains/0/sans/0` | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `test.example.org` | | <a id="traefikhttproutersrouter-nametlsdomains0sans0" href="#traefikhttproutersrouter-nametlsdomains0sans0" title="#traefikhttproutersrouter-nametlsdomains0sans0">`traefik/http/routers/<router_name>/tls/domains/0/sans/0`</a> | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `test.example.org` |
| `traefik/http/routers/<router_name>/tls/domains/0/sans/1` | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `dev.example.org` | | <a id="traefikhttproutersrouter-nametlsdomains0sans1" href="#traefikhttproutersrouter-nametlsdomains0sans1" title="#traefikhttproutersrouter-nametlsdomains0sans1">`traefik/http/routers/<router_name>/tls/domains/0/sans/1`</a> | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `dev.example.org` |
| `traefik/http/routers/<router_name>/tls/options` | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` | | <a id="traefikhttproutersrouter-nametlsoptions" href="#traefikhttproutersrouter-nametlsoptions" title="#traefikhttproutersrouter-nametlsoptions">`traefik/http/routers/<router_name>/tls/options`</a> | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` |
| `traefik/http/routers/<router_name>/observability/accesslogs` | The accessLogs option controls whether the router will produce access-logs. | `true` | | <a id="traefikhttproutersrouter-nameobservabilityaccesslogs" href="#traefikhttproutersrouter-nameobservabilityaccesslogs" title="#traefikhttproutersrouter-nameobservabilityaccesslogs">`traefik/http/routers/<router_name>/observability/accesslogs`</a> | The accessLogs option controls whether the router will produce access-logs. | `true` |
| `traefik/http/routers/<router_name>/observability/metrics` | The metrics option controls whether the router will produce metrics. | `true` | | <a id="traefikhttproutersrouter-nameobservabilitymetrics" href="#traefikhttproutersrouter-nameobservabilitymetrics" title="#traefikhttproutersrouter-nameobservabilitymetrics">`traefik/http/routers/<router_name>/observability/metrics`</a> | The metrics option controls whether the router will produce metrics. | `true` |
| `traefik/http/routers/<router_name>/observability/tracing` | The tracing option controls whether the router will produce traces. | `true` | | <a id="traefikhttproutersrouter-nameobservabilitytracing" href="#traefikhttproutersrouter-nameobservabilitytracing" title="#traefikhttproutersrouter-nameobservabilitytracing">`traefik/http/routers/<router_name>/observability/tracing`</a> | The tracing option controls whether the router will produce traces. | `true` |
| `traefik/http/routers/<router_name>/priority` | See [priority](../http/router/rules-and-priority.md#priority-calculation) for more information. | `42` | | <a id="traefikhttproutersrouter-namepriority" href="#traefikhttproutersrouter-namepriority" title="#traefikhttproutersrouter-namepriority">`traefik/http/routers/<router_name>/priority`</a> | See [priority](../http/router/rules-and-priority.md#priority-calculation) for more information. | `42` |
#### Services #### Services
@@ -43,41 +43,41 @@ description: "Read the technical documentation to learn the Traefik Routing Conf
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------| |-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------|
| `traefik/http/services/myservice/loadbalancer/servers/0/url` | See [servers](../http/load-balancing/service.md#servers) for more information. | `http://<ip-server-1>:<port-server-1>/` | | <a id="traefikhttpservicesmyserviceloadbalancerservers0url" href="#traefikhttpservicesmyserviceloadbalancerservers0url" title="#traefikhttpservicesmyserviceloadbalancerservers0url">`traefik/http/services/myservice/loadbalancer/servers/0/url`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `http://<ip-server-1>:<port-server-1>/` |
| `traefik/http/services/myservice/loadbalancer/servers/0/preservePath` | See [servers](../http/load-balancing/service.md#servers) for more information. | `true` | | <a id="traefikhttpservicesmyserviceloadbalancerservers0preservePath" href="#traefikhttpservicesmyserviceloadbalancerservers0preservePath" title="#traefikhttpservicesmyserviceloadbalancerservers0preservePath">`traefik/http/services/myservice/loadbalancer/servers/0/preservePath`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `true` |
| `traefik/http/services/myservice/loadbalancer/servers/0/weight` | See [servers](../http/load-balancing/service.md#servers) for more information. | `1` | | <a id="traefikhttpservicesmyserviceloadbalancerservers0weight" href="#traefikhttpservicesmyserviceloadbalancerservers0weight" title="#traefikhttpservicesmyserviceloadbalancerservers0weight">`traefik/http/services/myservice/loadbalancer/servers/0/weight`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `1` |
| `traefik/http/services/myservice/loadbalancer/serverstransport` | Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.<br/> See [serverstransport](../http/load-balancing/serverstransport.md) for more information. | `foobar@file` | | <a id="traefikhttpservicesmyserviceloadbalancerserverstransport" href="#traefikhttpservicesmyserviceloadbalancerserverstransport" title="#traefikhttpservicesmyserviceloadbalancerserverstransport">`traefik/http/services/myservice/loadbalancer/serverstransport`</a> | Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.<br/> See [serverstransport](../http/load-balancing/serverstransport.md) for more information. | `foobar@file` |
| `traefik/http/services/myservice/loadbalancer/passhostheader` | See [Service](../http/load-balancing/service.md) for more information. | `true` | | <a id="traefikhttpservicesmyserviceloadbalancerpasshostheader" href="#traefikhttpservicesmyserviceloadbalancerpasshostheader" title="#traefikhttpservicesmyserviceloadbalancerpasshostheader">`traefik/http/services/myservice/loadbalancer/passhostheader`</a> | See [Service](../http/load-balancing/service.md) for more information. | `true` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/headers/X-Foo` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `foobar` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckheadersX-Foo" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckheadersX-Foo" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckheadersX-Foo">`traefik/http/services/myservice/loadbalancer/healthcheck/headers/X-Foo`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `foobar` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/hostname` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `example.org` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckhostname" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckhostname" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckhostname">`traefik/http/services/myservice/loadbalancer/healthcheck/hostname`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `example.org` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/interval` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `10` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckinterval" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckinterval" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckinterval">`traefik/http/services/myservice/loadbalancer/healthcheck/interval`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `10` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/path` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `/foo` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckpath" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckpath" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckpath">`traefik/http/services/myservice/loadbalancer/healthcheck/path`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `/foo` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/method` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `foobar` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckmethod" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckmethod" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckmethod">`traefik/http/services/myservice/loadbalancer/healthcheck/method`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `foobar` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/status` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `42` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckstatus" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckstatus" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckstatus">`traefik/http/services/myservice/loadbalancer/healthcheck/status`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `42` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/port` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `42` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckport" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckport" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckport">`traefik/http/services/myservice/loadbalancer/healthcheck/port`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `42` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/scheme` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `http` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthcheckscheme" href="#traefikhttpservicesmyserviceloadbalancerhealthcheckscheme" title="#traefikhttpservicesmyserviceloadbalancerhealthcheckscheme">`traefik/http/services/myservice/loadbalancer/healthcheck/scheme`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `http` |
| `traefik/http/services/myservice/loadbalancer/healthcheck/timeout` | See [health check](../http/load-balancing/service.md#health-check) for more information. | `10` | | <a id="traefikhttpservicesmyserviceloadbalancerhealthchecktimeout" href="#traefikhttpservicesmyserviceloadbalancerhealthchecktimeout" title="#traefikhttpservicesmyserviceloadbalancerhealthchecktimeout">`traefik/http/services/myservice/loadbalancer/healthcheck/timeout`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `10` |
| `traefik/http/services/myservice/loadbalancer/sticky` | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `true` | | <a id="traefikhttpservicesmyserviceloadbalancersticky" href="#traefikhttpservicesmyserviceloadbalancersticky" title="#traefikhttpservicesmyserviceloadbalancersticky">`traefik/http/services/myservice/loadbalancer/sticky`</a> | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `true` |
| `traefik/http/services/myservice/loadbalancer/sticky/cookie/httponly` | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `true` | | <a id="traefikhttpservicesmyserviceloadbalancerstickycookiehttponly" href="#traefikhttpservicesmyserviceloadbalancerstickycookiehttponly" title="#traefikhttpservicesmyserviceloadbalancerstickycookiehttponly">`traefik/http/services/myservice/loadbalancer/sticky/cookie/httponly`</a> | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `true` |
| `traefik/http/services/myservice/loadbalancer/sticky/cookie/name` | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `foobar` | | <a id="traefikhttpservicesmyserviceloadbalancerstickycookiename" href="#traefikhttpservicesmyserviceloadbalancerstickycookiename" title="#traefikhttpservicesmyserviceloadbalancerstickycookiename">`traefik/http/services/myservice/loadbalancer/sticky/cookie/name`</a> | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `foobar` |
| `traefik/http/services/myservice/loadbalancer/sticky/cookie/path` | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `/foobar` | | <a id="traefikhttpservicesmyserviceloadbalancerstickycookiepath" href="#traefikhttpservicesmyserviceloadbalancerstickycookiepath" title="#traefikhttpservicesmyserviceloadbalancerstickycookiepath">`traefik/http/services/myservice/loadbalancer/sticky/cookie/path`</a> | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `/foobar` |
| `traefik/http/services/myservice/loadbalancer/sticky/cookie/secure` | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `true` | | <a id="traefikhttpservicesmyserviceloadbalancerstickycookiesecure" href="#traefikhttpservicesmyserviceloadbalancerstickycookiesecure" title="#traefikhttpservicesmyserviceloadbalancerstickycookiesecure">`traefik/http/services/myservice/loadbalancer/sticky/cookie/secure`</a> | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `true` |
| `traefik/http/services/myservice/loadbalancer/sticky/cookie/samesite` | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `none` | | <a id="traefikhttpservicesmyserviceloadbalancerstickycookiesamesite" href="#traefikhttpservicesmyserviceloadbalancerstickycookiesamesite" title="#traefikhttpservicesmyserviceloadbalancerstickycookiesamesite">`traefik/http/services/myservice/loadbalancer/sticky/cookie/samesite`</a> | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `none` |
| `traefik/http/services/myservice/loadbalancer/sticky/cookie/maxage` | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `42` | | <a id="traefikhttpservicesmyserviceloadbalancerstickycookiemaxage" href="#traefikhttpservicesmyserviceloadbalancerstickycookiemaxage" title="#traefikhttpservicesmyserviceloadbalancerstickycookiemaxage">`traefik/http/services/myservice/loadbalancer/sticky/cookie/maxage`</a> | See [Service](../http/load-balancing/service.md#sticky-sessions) for more information. | `42` |
| `traefik/http/services/myservice/loadbalancer/responseforwarding/flushinterval` | See [Service](../http/load-balancing/service.md) for more information. | `10` | | <a id="traefikhttpservicesmyserviceloadbalancerresponseforwardingflushinterval" href="#traefikhttpservicesmyserviceloadbalancerresponseforwardingflushinterval" title="#traefikhttpservicesmyserviceloadbalancerresponseforwardingflushinterval">`traefik/http/services/myservice/loadbalancer/responseforwarding/flushinterval`</a> | See [Service](../http/load-balancing/service.md) for more information. | `10` |
| `traefik/http/services/<service_name>/mirroring/service` | See [Service](../http/load-balancing/service.md#mirroring) for more information. | `foobar` | | <a id="traefikhttpservicesservice-namemirroringservice" href="#traefikhttpservicesservice-namemirroringservice" title="#traefikhttpservicesservice-namemirroringservice">`traefik/http/services/<service_name>/mirroring/service`</a> | See [Service](../http/load-balancing/service.md#mirroring) for more information. | `foobar` |
| `traefik/http/services/<service_name>/mirroring/mirrors/<n>/name` | See [Service](../http/load-balancing/service.md#mirroring) for more information. | `foobar` | | <a id="traefikhttpservicesservice-namemirroringmirrorsnname" href="#traefikhttpservicesservice-namemirroringmirrorsnname" title="#traefikhttpservicesservice-namemirroringmirrorsnname">`traefik/http/services/<service_name>/mirroring/mirrors/<n>/name`</a> | See [Service](../http/load-balancing/service.md#mirroring) for more information. | `foobar` |
| `traefik/http/services/<service_name>/mirroring/mirrors/<n>/percent` | See [Service](../http/load-balancing/service.md#mirroring)for more information. | `42` | | <a id="traefikhttpservicesservice-namemirroringmirrorsnpercent" href="#traefikhttpservicesservice-namemirroringmirrorsnpercent" title="#traefikhttpservicesservice-namemirroringmirrorsnpercent">`traefik/http/services/<service_name>/mirroring/mirrors/<n>/percent`</a> | See [Service](../http/load-balancing/service.md#mirroring)for more information. | `42` |
| `traefik/http/services/<service_name>/weighted/services/<n>/name` | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `foobar` | | <a id="traefikhttpservicesservice-nameweightedservicesnname" href="#traefikhttpservicesservice-nameweightedservicesnname" title="#traefikhttpservicesservice-nameweightedservicesnname">`traefik/http/services/<service_name>/weighted/services/<n>/name`</a> | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `foobar` |
| `traefik/http/services/<service_name>/weighted/services/<n>/weight` | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `42` | | <a id="traefikhttpservicesservice-nameweightedservicesnweight" href="#traefikhttpservicesservice-nameweightedservicesnweight" title="#traefikhttpservicesservice-nameweightedservicesnweight">`traefik/http/services/<service_name>/weighted/services/<n>/weight`</a> | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `42` |
| `traefik/http/services/<service_name>/weighted/sticky/cookie/name` | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `foobar` | | <a id="traefikhttpservicesservice-nameweightedstickycookiename" href="#traefikhttpservicesservice-nameweightedstickycookiename" title="#traefikhttpservicesservice-nameweightedstickycookiename">`traefik/http/services/<service_name>/weighted/sticky/cookie/name`</a> | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `foobar` |
| `traefik/http/services/<service_name>/weighted/sticky/cookie/secure` | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `true` | | <a id="traefikhttpservicesservice-nameweightedstickycookiesecure" href="#traefikhttpservicesservice-nameweightedstickycookiesecure" title="#traefikhttpservicesservice-nameweightedstickycookiesecure">`traefik/http/services/<service_name>/weighted/sticky/cookie/secure`</a> | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `true` |
| `traefik/http/services/<service_name>/weighted/sticky/cookie/samesite` | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `none` | | <a id="traefikhttpservicesservice-nameweightedstickycookiesamesite" href="#traefikhttpservicesservice-nameweightedstickycookiesamesite" title="#traefikhttpservicesservice-nameweightedstickycookiesamesite">`traefik/http/services/<service_name>/weighted/sticky/cookie/samesite`</a> | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `none` |
| `traefik/http/services/<service_name>/weighted/sticky/cookie/httpOnly` | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `true` | | <a id="traefikhttpservicesservice-nameweightedstickycookiehttpOnly" href="#traefikhttpservicesservice-nameweightedstickycookiehttpOnly" title="#traefikhttpservicesservice-nameweightedstickycookiehttpOnly">`traefik/http/services/<service_name>/weighted/sticky/cookie/httpOnly`</a> | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `true` |
| `traefik/http/services/<service_name>/weighted/sticky/cookie/maxage` | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `42` | | <a id="traefikhttpservicesservice-nameweightedstickycookiemaxage" href="#traefikhttpservicesservice-nameweightedstickycookiemaxage" title="#traefikhttpservicesservice-nameweightedstickycookiemaxage">`traefik/http/services/<service_name>/weighted/sticky/cookie/maxage`</a> | See [Service](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `42` |
| `traefik/http/services/<service_name>/failover/fallback` | See [Failover](../http/load-balancing/service.md#failover) for more information. | `backup` | | <a id="traefikhttpservicesservice-namefailoverfallback" href="#traefikhttpservicesservice-namefailoverfallback" title="#traefikhttpservicesservice-namefailoverfallback">`traefik/http/services/<service_name>/failover/fallback`</a> | See [Failover](../http/load-balancing/service.md#failover) for more information. | `backup` |
| `traefik/http/services/<service_name>/failover/healthcheck` | See [Failover](../http/load-balancing/service.md#failover) for more information. | `{}` | | <a id="traefikhttpservicesservice-namefailoverhealthcheck" href="#traefikhttpservicesservice-namefailoverhealthcheck" title="#traefikhttpservicesservice-namefailoverhealthcheck">`traefik/http/services/<service_name>/failover/healthcheck`</a> | See [Failover](../http/load-balancing/service.md#failover) for more information. | `{}` |
| `traefik/http/services/<service_name>/failover/service` | See [Failover](../http/load-balancing/service.md#failover) for more information. | `main` | | <a id="traefikhttpservicesservice-namefailoverservice" href="#traefikhttpservicesservice-namefailoverservice" title="#traefikhttpservicesservice-namefailoverservice">`traefik/http/services/<service_name>/failover/service`</a> | See [Failover](../http/load-balancing/service.md#failover) for more information. | `main` |
#### Middleware #### Middleware
@@ -85,7 +85,7 @@ description: "Read the technical documentation to learn the Traefik Routing Conf
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------| |-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------|
| `traefik/http/middlewares/mymiddleware/middleware_type/middleware_option` | With `middleware_type` the type of middleware (ex: `forwardAuth`, `headers`, etc)<br/>and `middleware_option` the middleware option to set (ex for the middleware `addPrefix`: `prefix`).<br/> More information about available middlewares in the dedicated [middlewares section](../http/middlewares/overview.md). | `foobar` | | <a id="traefikhttpmiddlewaresmymiddlewaremiddleware-typemiddleware-option" href="#traefikhttpmiddlewaresmymiddlewaremiddleware-typemiddleware-option" title="#traefikhttpmiddlewaresmymiddlewaremiddleware-typemiddleware-option">`traefik/http/middlewares/mymiddleware/middleware_type/middleware_option`</a> | With `middleware_type` the type of middleware (ex: `forwardAuth`, `headers`, etc)<br/>and `middleware_option` the middleware option to set (ex for the middleware `addPrefix`: `prefix`).<br/> More information about available middlewares in the dedicated [middlewares section](../http/middlewares/overview.md). | `foobar` |
!!! warning "The character `@` is not authorized in the middleware name." !!! warning "The character `@` is not authorized in the middleware name."
@@ -108,7 +108,7 @@ traefik/http/routers/<router_name>/middlewares/0=myAddPrefix
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------| |-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------|
| `traefik/http/serversTransports/<serversTransportName>/st_option` | With `st_option` the ServerTransport option to set (ex `maxIdleConnsPerHost`).<br/> More information about available options in the dedicated [ServerTransport section](../http/load-balancing/serverstransport.md). | ServerTransport Options | | <a id="traefikhttpserversTransportsserversTransportNamest-option" href="#traefikhttpserversTransportsserversTransportNamest-option" title="#traefikhttpserversTransportsserversTransportNamest-option">`traefik/http/serversTransports/<serversTransportName>/st_option`</a> | With `st_option` the ServerTransport option to set (ex `maxIdleConnsPerHost`).<br/> More information about available options in the dedicated [ServerTransport section](../http/load-balancing/serverstransport.md). | ServerTransport Options |
##### Configuration Example ##### Configuration Example
@@ -129,29 +129,29 @@ You can declare TCP Routers and/or Services using KV.
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|-------------------------------------------------|-------------------------------------------------|-------| |-------------------------------------------------|-------------------------------------------------|-------|
| `traefik/tcp/routers/mytcprouter/entrypoints/0` | See [entry points](../../install-configuration/entrypoints.md) for more information. | `ep1` | | <a id="traefiktcproutersmytcprouterentrypoints0" href="#traefiktcproutersmytcprouterentrypoints0" title="#traefiktcproutersmytcprouterentrypoints0">`traefik/tcp/routers/mytcprouter/entrypoints/0`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `ep1` |
| `traefik/tcp/routers/mytcprouter/entrypoints/1` | See [entry points](../../install-configuration/entrypoints.md) for more information. | `ep2` | | <a id="traefiktcproutersmytcprouterentrypoints1" href="#traefiktcproutersmytcprouterentrypoints1" title="#traefiktcproutersmytcprouterentrypoints1">`traefik/tcp/routers/mytcprouter/entrypoints/1`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `ep2` |
| `traefik/tcp/routers/my-router/rule` | See [entry points](../../install-configuration/entrypoints.md) for more information. | ```HostSNI(`example.com`)``` | | <a id="traefiktcproutersmy-routerrule" href="#traefiktcproutersmy-routerrule" title="#traefiktcproutersmy-routerrule">`traefik/tcp/routers/my-router/rule`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | ```HostSNI(`example.com`)``` |
| `traefik/tcp/routers/mytcprouter/service` | See [service](../tcp/service.md) for more information. | `myservice` | | <a id="traefiktcproutersmytcprouterservice" href="#traefiktcproutersmytcprouterservice" title="#traefiktcproutersmytcprouterservice">`traefik/tcp/routers/mytcprouter/service`</a> | See [service](../tcp/service.md) for more information. | `myservice` |
| `traefik/tcp/routers/mytcprouter/tls` | See [TLS](../tcp/tls.md) for more information. | `true` | | <a id="traefiktcproutersmytcproutertls" href="#traefiktcproutersmytcproutertls" title="#traefiktcproutersmytcproutertls">`traefik/tcp/routers/mytcprouter/tls`</a> | See [TLS](../tcp/tls.md) for more information. | `true` |
| `traefik/tcp/routers/mytcprouter/tls/certresolver` | See [certResolver](../tcp/tls.md#configuration-options) for more information. | `myresolver` | | <a id="traefiktcproutersmytcproutertlscertresolver" href="#traefiktcproutersmytcproutertlscertresolver" title="#traefiktcproutersmytcproutertlscertresolver">`traefik/tcp/routers/mytcprouter/tls/certresolver`</a> | See [certResolver](../tcp/tls.md#configuration-options) for more information. | `myresolver` |
| `traefik/tcp/routers/mytcprouter/tls/domains/0/main` | See [TLS](../tcp/tls.md) for more information. | `example.org` | | <a id="traefiktcproutersmytcproutertlsdomains0main" href="#traefiktcproutersmytcproutertlsdomains0main" title="#traefiktcproutersmytcproutertlsdomains0main">`traefik/tcp/routers/mytcprouter/tls/domains/0/main`</a> | See [TLS](../tcp/tls.md) for more information. | `example.org` |
| `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0` | See [TLS](../tcp/tls.md) for more information. | `test.example.org` | | <a id="traefiktcproutersmytcproutertlsdomains0sans0" href="#traefiktcproutersmytcproutertlsdomains0sans0" title="#traefiktcproutersmytcproutertlsdomains0sans0">`traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0`</a> | See [TLS](../tcp/tls.md) for more information. | `test.example.org` |
| `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1` | See [TLS](../tcp/tls.md) for more information. | `dev.example.org` | | <a id="traefiktcproutersmytcproutertlsdomains0sans1" href="#traefiktcproutersmytcproutertlsdomains0sans1" title="#traefiktcproutersmytcproutertlsdomains0sans1">`traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1`</a> | See [TLS](../tcp/tls.md) for more information. | `dev.example.org` |
| `traefik/tcp/routers/mytcprouter/tls/options` | See [TLS](../tcp/tls.md) for more information. | `foobar` | | <a id="traefiktcproutersmytcproutertlsoptions" href="#traefiktcproutersmytcproutertlsoptions" title="#traefiktcproutersmytcproutertlsoptions">`traefik/tcp/routers/mytcprouter/tls/options`</a> | See [TLS](../tcp/tls.md) for more information. | `foobar` |
| `traefik/tcp/routers/mytcprouter/tls/passthrough` | See [TLS](../tcp/tls.md) for more information. | `true` | | <a id="traefiktcproutersmytcproutertlspassthrough" href="#traefiktcproutersmytcproutertlspassthrough" title="#traefiktcproutersmytcproutertlspassthrough">`traefik/tcp/routers/mytcprouter/tls/passthrough`</a> | See [TLS](../tcp/tls.md) for more information. | `true` |
| `traefik/tcp/routers/mytcprouter/priority` | See [priority](../tcp/router/rules-and-priority.md#priority) for more information. | `42` | | <a id="traefiktcproutersmytcprouterpriority" href="#traefiktcproutersmytcprouterpriority" title="#traefiktcproutersmytcprouterpriority">`traefik/tcp/routers/mytcprouter/priority`</a> | See [priority](../tcp/router/rules-and-priority.md#priority) for more information. | `42` |
#### Services #### Services
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|--------------------------------------------------------------------|--------------------------------------------------------------------|------------------| |--------------------------------------------------------------------|--------------------------------------------------------------------|------------------|
| `traefik/tcp/services/mytcpservice/loadbalancer/servers/0/address` | See [servers](../tcp/service.md#servers-load-balancer) for more information. | `xx.xx.xx.xx:xx` | | <a id="traefiktcpservicesmytcpserviceloadbalancerservers0address" href="#traefiktcpservicesmytcpserviceloadbalancerservers0address" title="#traefiktcpservicesmytcpserviceloadbalancerservers0address">`traefik/tcp/services/mytcpservice/loadbalancer/servers/0/address`</a> | See [servers](../tcp/service.md#servers-load-balancer) for more information. | `xx.xx.xx.xx:xx` |
| `traefik/tcp/services/mytcpservice/loadbalancer/servers/0/tls` | See [servers](../tcp/service.md#servers-load-balancer) for more information. | `true` | | <a id="traefiktcpservicesmytcpserviceloadbalancerservers0tls" href="#traefiktcpservicesmytcpserviceloadbalancerservers0tls" title="#traefiktcpservicesmytcpserviceloadbalancerservers0tls">`traefik/tcp/services/mytcpservice/loadbalancer/servers/0/tls`</a> | See [servers](../tcp/service.md#servers-load-balancer) for more information. | `true` |
| `traefik/tcp/services/mytcpservice/loadbalancer/proxyprotocol/version` | See [PROXY protocol](../tcp/service.md#proxy-protocol) for more information. | `1` | | <a id="traefiktcpservicesmytcpserviceloadbalancerproxyprotocolversion" href="#traefiktcpservicesmytcpserviceloadbalancerproxyprotocolversion" title="#traefiktcpservicesmytcpserviceloadbalancerproxyprotocolversion">`traefik/tcp/services/mytcpservice/loadbalancer/proxyprotocol/version`</a> | See [PROXY protocol](../tcp/service.md#proxy-protocol) for more information. | `1` |
| `traefik/tcp/services/myservice/loadbalancer/serverstransport` | Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.<br/>See [serverstransport](../tcp/serverstransport.md) for more information. | `foobar@file` | | <a id="traefiktcpservicesmyserviceloadbalancerserverstransport" href="#traefiktcpservicesmyserviceloadbalancerserverstransport" title="#traefiktcpservicesmyserviceloadbalancerserverstransport">`traefik/tcp/services/myservice/loadbalancer/serverstransport`</a> | Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.<br/>See [serverstransport](../tcp/serverstransport.md) for more information. | `foobar@file` |
| `traefik/tcp/services/<service_name>/weighted/services/0/name` | See [Service](../tcp/service.md#weighted-round-robin) for more information. | `foobar` | | <a id="traefiktcpservicesservice-nameweightedservices0name" href="#traefiktcpservicesservice-nameweightedservices0name" title="#traefiktcpservicesservice-nameweightedservices0name">`traefik/tcp/services/<service_name>/weighted/services/0/name`</a> | See [Service](../tcp/service.md#weighted-round-robin) for more information. | `foobar` |
| `traefik/tcp/services/<service_name>/weighted/services/0/weight` | See [Service](../tcp/service.md#weighted-round-robin-wrr) for more information. | `42` | | <a id="traefiktcpservicesservice-nameweightedservices0weight" href="#traefiktcpservicesservice-nameweightedservices0weight" title="#traefiktcpservicesservice-nameweightedservices0weight">`traefik/tcp/services/<service_name>/weighted/services/0/weight`</a> | See [Service](../tcp/service.md#weighted-round-robin-wrr) for more information. | `42` |
#### Middleware #### Middleware
@@ -165,7 +165,7 @@ More information about available middlewares in the dedicated [middlewares secti
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------| |-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------|
| `traefik/tcp/middlewares/mymiddleware/middleware_type/middleware_option` | With `middleware_type` the type of middleware (ex: `inflightconn`)<br/>and `middleware_option` the middleware option to set (ex for the middleware `inflightconn`: `amount`).<br/> More information about available middlewares in the dedicated [middlewares section](../tcp/middlewares/overview.md). | `foobar` | | <a id="traefiktcpmiddlewaresmymiddlewaremiddleware-typemiddleware-option" href="#traefiktcpmiddlewaresmymiddlewaremiddleware-typemiddleware-option" title="#traefiktcpmiddlewaresmymiddlewaremiddleware-typemiddleware-option">`traefik/tcp/middlewares/mymiddleware/middleware_type/middleware_option`</a> | With `middleware_type` the type of middleware (ex: `inflightconn`)<br/>and `middleware_option` the middleware option to set (ex for the middleware `inflightconn`: `amount`).<br/> More information about available middlewares in the dedicated [middlewares section](../tcp/middlewares/overview.md). | `foobar` |
!!! warning "Conflicts in Declaration" !!! warning "Conflicts in Declaration"
@@ -186,7 +186,7 @@ traefik/tcp/routers/<router_name>/middlewares/0=test-inflightconn
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------| |-----------------------------------------------------------------|-----------------------------------------------------------------|-----------------------------------------|
| `traefik/tcp/serversTransports/<serversTransportName>/st_option` | With `st_option` the ServerTransport option to set (ex `maxIdleConnsPerHost`).<br/> More information about available options in the dedicated [ServerTransport section](../tcp/serverstransport.md). | ServerTransport Options | | <a id="traefiktcpserversTransportsserversTransportNamest-option" href="#traefiktcpserversTransportsserversTransportNamest-option" title="#traefiktcpserversTransportsserversTransportNamest-option">`traefik/tcp/serversTransports/<serversTransportName>/st_option`</a> | With `st_option` the ServerTransport option to set (ex `maxIdleConnsPerHost`).<br/> More information about available options in the dedicated [ServerTransport section](../tcp/serverstransport.md). | ServerTransport Options |
##### Configuration Example ##### Configuration Example
@@ -205,16 +205,16 @@ You can declare UDP Routers and/or Services using KV.
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|------------------------------------------------------------------|------------------------------------------------------------------|-------| |------------------------------------------------------------------|------------------------------------------------------------------|-------|
| `traefik/udp/routers/myudprouter/entrypoints/0` | See [UDP Router](../udp/router/rules-priority.md#entrypoints) for more information. | `foobar` | | <a id="traefikudproutersmyudprouterentrypoints0" href="#traefikudproutersmyudprouterentrypoints0" title="#traefikudproutersmyudprouterentrypoints0">`traefik/udp/routers/myudprouter/entrypoints/0`</a> | See [UDP Router](../udp/router/rules-priority.md#entrypoints) for more information. | `foobar` |
| `traefik/udp/routers/myudprouter/service` | See [UDP Router](../udp/router/rules-priority.md#configuration-example) for more information. | `foobar` | | <a id="traefikudproutersmyudprouterservice" href="#traefikudproutersmyudprouterservice" title="#traefikudproutersmyudprouterservice">`traefik/udp/routers/myudprouter/service`</a> | See [UDP Router](../udp/router/rules-priority.md#configuration-example) for more information. | `foobar` |
#### Services #### Services
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|------------------------------------------------------------------|------------------------------------------------------------------|-------| |------------------------------------------------------------------|------------------------------------------------------------------|-------|
| `traefik/udp/services/loadBalancer/servers/<n>/address` | See [UDP Service](../udp/service.md) for more information. | `foobar` | | <a id="traefikudpservicesloadBalancerserversnaddress" href="#traefikudpservicesloadBalancerserversnaddress" title="#traefikudpservicesloadBalancerserversnaddress">`traefik/udp/services/loadBalancer/servers/<n>/address`</a> | See [UDP Service](../udp/service.md) for more information. | `foobar` |
| `traefik/udp/services/weighted/services/0/name` | See [UDP Service](../udp/service.md) for more information. | `foobar` | | <a id="traefikudpservicesweightedservices0name" href="#traefikudpservicesweightedservices0name" title="#traefikudpservicesweightedservices0name">`traefik/udp/services/weighted/services/0/name`</a> | See [UDP Service](../udp/service.md) for more information. | `foobar` |
| `traefik/udp/services/weighted/servers/0/weight` |See [UDP Service](../udp/service.md) for more information. | `42` | | <a id="traefikudpservicesweightedservers0weight" href="#traefikudpservicesweightedservers0weight" title="#traefikudpservicesweightedservers0weight">`traefik/udp/services/weighted/servers/0/weight`</a> |See [UDP Service](../udp/service.md) for more information. | `42` |
## TLS ## TLS
@@ -226,10 +226,10 @@ For example, you can define a basic setup like this:
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|------------------------------------------------------|------------------------------------------------------|----------| |------------------------------------------------------|------------------------------------------------------|----------|
| `traefik/tls/options/Options0/alpnProtocols/0` | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` | | <a id="traefiktlsoptionsOptions0alpnProtocols0" href="#traefiktlsoptionsOptions0alpnProtocols0" title="#traefiktlsoptionsOptions0alpnProtocols0">`traefik/tls/options/Options0/alpnProtocols/0`</a> | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` |
| `traefik/tls/options/Options0/cipherSuites/0` | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` | | <a id="traefiktlsoptionsOptions0cipherSuites0" href="#traefiktlsoptionsOptions0cipherSuites0" title="#traefiktlsoptionsOptions0cipherSuites0">`traefik/tls/options/Options0/cipherSuites/0`</a> | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` |
| `traefik/tls/options/Options0/clientAuth/caFiles/0` | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` | | <a id="traefiktlsoptionsOptions0clientAuthcaFiles0" href="#traefiktlsoptionsOptions0clientAuthcaFiles0" title="#traefiktlsoptionsOptions0clientAuthcaFiles0">`traefik/tls/options/Options0/clientAuth/caFiles/0`</a> | See [TLS Options](../http/tls/tls-options.md) for more information. | `foobar` |
| `traefik/tls/options/Options0/disableSessiontickets` | See [TLS Options](../http/tls/tls-options.md) for more information. | `true` | | <a id="traefiktlsoptionsOptions0disableSessiontickets" href="#traefiktlsoptionsOptions0disableSessiontickets" title="#traefiktlsoptionsOptions0disableSessiontickets">`traefik/tls/options/Options0/disableSessiontickets`</a> | See [TLS Options](../http/tls/tls-options.md) for more information. | `true` |
### TLS Default Generated Certificates ### TLS Default Generated Certificates
@@ -239,7 +239,7 @@ The configuration to resolve the default certificate should be defined in a TLS
| Key (Path) | Description | Value | | Key (Path) | Description | Value |
|----------------------------------------------------------------|----------------------------------------------------------------|----------| |----------------------------------------------------------------|----------------------------------------------------------------|----------|
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/main` | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information. | `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertdomainmain" href="#traefiktlsstoresStore0defaultGeneratedCertdomainmain" title="#traefiktlsstoresStore0defaultGeneratedCertdomainmain">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/main`</a> | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information. | `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0` | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information| `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertdomainsans0" href="#traefiktlsstoresStore0defaultGeneratedCertdomainsans0" title="#traefiktlsstoresStore0defaultGeneratedCertdomainsans0">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0`</a> | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information| `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1` | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information| `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertdomainsans1" href="#traefiktlsstoresStore0defaultGeneratedCertdomainsans1" title="#traefiktlsstoresStore0defaultGeneratedCertdomainsans1">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1`</a> | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information| `foobar` |
| `traefik/tls/stores/Store0/defaultGeneratedCert/resolver` | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information| `foobar` | | <a id="traefiktlsstoresStore0defaultGeneratedCertresolver" href="#traefiktlsstoresStore0defaultGeneratedCertresolver" title="#traefiktlsstoresStore0defaultGeneratedCertresolver">`traefik/tls/stores/Store0/defaultGeneratedCert/resolver`</a> | See [TLS](../http/tls/tls-certificates.md#certificates-stores) for more information| `foobar` |
docs/content/reference/routing-configuration/tcp/middlewares/inflightconn.md
+1 -1
View File
@@ -52,4 +52,4 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|------------------|-------| |:------|:------------|------------------|-------|
| `amount` | The `amount` option defines the maximum amount of allowed simultaneous connections. <br /> The middleware closes the connection if there are already `amount` connections opened. | "" | Yes | | <a id="amount" href="#amount" title="#amount">`amount`</a> | The `amount` option defines the maximum amount of allowed simultaneous connections. <br /> The middleware closes the connection if there are already `amount` connections opened. | "" | Yes |
docs/content/reference/routing-configuration/tcp/middlewares/ipallowlist.md
+1 -1
View File
@@ -57,4 +57,4 @@ spec:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------|:------------|------------------|-------| |:------|:------------|------------------|-------|
| `sourceRange` | The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).| | Yes | | <a id="sourceRange" href="#sourceRange" title="#sourceRange">`sourceRange`</a> | The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).| | Yes |
docs/content/reference/routing-configuration/tcp/middlewares/overview.md
+2 -2
View File
@@ -108,5 +108,5 @@ spec:
| Middleware | Purpose | Area | | Middleware | Purpose | Area |
|-------------------------------------------|---------------------------------------------------|-----------------------------| |-------------------------------------------|---------------------------------------------------|-----------------------------|
| [InFlightConn](inflightconn.md) | Limits the number of simultaneous connections. | Security, Request lifecycle | | <a id="InFlightConn" href="#InFlightConn" title="#InFlightConn">[InFlightConn](inflightconn.md)</a> | Limits the number of simultaneous connections. | Security, Request lifecycle |
| [IPAllowList](ipallowlist.md) | Limit the allowed client IPs. | Security, Request lifecycle | | <a id="IPAllowList" href="#IPAllowList" title="#IPAllowList">[IPAllowList](ipallowlist.md)</a> | Limit the allowed client IPs. | Security, Request lifecycle |
docs/content/reference/routing-configuration/tcp/router/rules-and-priority.md
+4 -4
View File
@@ -18,10 +18,10 @@ The table below lists all the available matchers:
| Rule | Description | | Rule | Description |
|-------------------------------------------------------------|:-------------------------------------------------------------------------------------------------| |-------------------------------------------------------------|:-------------------------------------------------------------------------------------------------|
| [```HostSNI(`domain`)```](#hostsni-and-hostsniregexp) | Checks if the connection's Server Name Indication is equal to `domain`.<br /> More information [here](#hostsni-and-hostsniregexp). | | <a id="HostSNIdomain" href="#HostSNIdomain" title="#HostSNIdomain">[```HostSNI(`domain`)```](#hostsni-and-hostsniregexp)</a> | Checks if the connection's Server Name Indication is equal to `domain`.<br /> More information [here](#hostsni-and-hostsniregexp). |
| [```HostSNIRegexp(`regexp`)```](#hostsni-and-hostsniregexp) | Checks if the connection's Server Name Indication matches `regexp`.<br />Use a [Go](https://golang.org/pkg/regexp/) flavored syntax.<br /> More information [here](#hostsni-and-hostsniregexp). | | <a id="HostSNIRegexpregexp" href="#HostSNIRegexpregexp" title="#HostSNIRegexpregexp">[```HostSNIRegexp(`regexp`)```](#hostsni-and-hostsniregexp)</a> | Checks if the connection's Server Name Indication matches `regexp`.<br />Use a [Go](https://golang.org/pkg/regexp/) flavored syntax.<br /> More information [here](#hostsni-and-hostsniregexp). |
| [```ClientIP(`ip`)```](#clientip) | Checks if the connection's client IP correspond to `ip`. It accepts IPv4, IPv6 and CIDR formats.<br /> More information [here](#clientip). | | <a id="ClientIPip" href="#ClientIPip" title="#ClientIPip">[```ClientIP(`ip`)```](#clientip)</a> | Checks if the connection's client IP correspond to `ip`. It accepts IPv4, IPv6 and CIDR formats.<br /> More information [here](#clientip). |
| [```ALPN(`protocol`)```](#alpn) | Checks if the connection's ALPN protocol equals `protocol`.<br /> More information [here](#alpn). | | <a id="ALPNprotocol" href="#ALPNprotocol" title="#ALPNprotocol">[```ALPN(`protocol`)```](#alpn)</a> | Checks if the connection's ALPN protocol equals `protocol`.<br /> More information [here](#alpn). |
!!! tip "Backticks or Quotes?" !!! tip "Backticks or Quotes?"
docs/content/reference/routing-configuration/tcp/serverstransport.md
+13 -13
View File
@@ -86,19 +86,19 @@ labels:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:----------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------| |:----------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
| `serverstransport.`<br />`dialTimeout` | Defines the timeout when dialing the backend TCP service. If zero, no timeout exists. | 30s | No | | <a id="serverstransport-dialTimeout" href="#serverstransport-dialTimeout" title="#serverstransport-dialTimeout">`serverstransport.`<br />`dialTimeout`</a> | Defines the timeout when dialing the backend TCP service. If zero, no timeout exists. | 30s | No |
| `serverstransport.`<br />`dialKeepAlive` | Defines the interval between keep-alive probes for an active network connection. | 15s | No | | <a id="serverstransport-dialKeepAlive" href="#serverstransport-dialKeepAlive" title="#serverstransport-dialKeepAlive">`serverstransport.`<br />`dialKeepAlive`</a> | Defines the interval between keep-alive probes for an active network connection. | 15s | No |
| `serverstransport.`<br />`terminationDelay` | Sets the time limit for the proxy to fully terminate connections on both sides after initiating the termination sequence, with a negative value indicating no deadline. More Information [here](#terminationdelay) | 100ms | No | | <a id="serverstransport-terminationDelay" href="#serverstransport-terminationDelay" title="#serverstransport-terminationDelay">`serverstransport.`<br />`terminationDelay`</a> | Sets the time limit for the proxy to fully terminate connections on both sides after initiating the termination sequence, with a negative value indicating no deadline. More Information [here](#terminationdelay) | 100ms | No |
| `serverstransport.`<br />`proxyProtocol` | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No | | <a id="serverstransport-proxyProtocol" href="#serverstransport-proxyProtocol" title="#serverstransport-proxyProtocol">`serverstransport.`<br />`proxyProtocol`</a> | Defines the Proxy Protocol configuration. An empty `proxyProtocol` section enables Proxy Protocol version 2. | | No |
| `serverstransport.`<br />`proxyProtocol.version` | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. More Information [here](#proxyprotocolversion) | 2 | No | | <a id="serverstransport-proxyProtocol-version" href="#serverstransport-proxyProtocol-version" title="#serverstransport-proxyProtocol-version">`serverstransport.`<br />`proxyProtocol.version`</a> | Traefik supports PROXY Protocol version 1 and 2 on TCP Services. More Information [here](#proxyprotocolversion) | 2 | No |
| `serverstransport.`<br />`tls` | Defines the TLS configuration. An empty `tls` section enables TLS. | | No | | <a id="serverstransport-tls" href="#serverstransport-tls" title="#serverstransport-tls">`serverstransport.`<br />`tls`</a> | Defines the TLS configuration. An empty `tls` section enables TLS. | | No |
| `serverstransport.`<br />`tls`<br />`.serverName` | Configures the server name that will be used for SNI. | | No | | <a id="serverstransport-tls-serverName" href="#serverstransport-tls-serverName" title="#serverstransport-tls-serverName">`serverstransport.`<br />`tls`<br />`.serverName`</a> | Configures the server name that will be used for SNI. | | No |
| `serverstransport.`<br />`tls`<br />`.certificates` | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | | No | | <a id="serverstransport-tls-certificates" href="#serverstransport-tls-certificates" title="#serverstransport-tls-certificates">`serverstransport.`<br />`tls`<br />`.certificates`</a> | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | | No |
| `serverstransport.`<br />`tls`<br />`.insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false | No | | <a id="serverstransport-tls-insecureSkipVerify" href="#serverstransport-tls-insecureSkipVerify" title="#serverstransport-tls-insecureSkipVerify">`serverstransport.`<br />`tls`<br />`.insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified. | false | No |
| `serverstransport.`<br />`tls`<br />`.rootcas` | Defines the root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No | | <a id="serverstransport-tls-rootcas" href="#serverstransport-tls-rootcas" title="#serverstransport-tls-rootcas">`serverstransport.`<br />`tls`<br />`.rootcas`</a> | Defines the root certificate authorities to use when verifying server certificates. (for mTLS connections). | | No |
| `serverstransport.`<br />`tls.`<br />`peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | false | No | | <a id="serverstransport-tls-peerCertURI" href="#serverstransport-tls-peerCertURI" title="#serverstransport-tls-peerCertURI">`serverstransport.`<br />`tls.`<br />`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification. | false | No |
| `serverstransport.`<br />`spiffe`<br />`.ids` | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No | | <a id="serverstransport-spiffe-ids" href="#serverstransport-spiffe-ids" title="#serverstransport-spiffe-ids">`serverstransport.`<br />`spiffe`<br />`.ids`</a> | Allow SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | | No |
| `serverstransport.`<br />`spiffe`<br />`.trustDomain` | Allow SPIFFE trust domain. | "" | No | | <a id="serverstransport-spiffe-trustDomain" href="#serverstransport-spiffe-trustDomain" title="#serverstransport-spiffe-trustDomain">`serverstransport.`<br />`spiffe`<br />`.trustDomain`</a> | Allow SPIFFE trust domain. | "" | No |
!!! note "SPIFFE" !!! note "SPIFFE"
docs/content/reference/routing-configuration/tcp/service.md
+5 -5
View File
@@ -38,10 +38,10 @@ tcp:
| Field | Description | Default | | Field | Description | Default |
|----------|------------------------------------------|--------- | |----------|------------------------------------------|--------- |
| `servers` | Servers declare a single instance of your program. | "" | | <a id="servers" href="#servers" title="#servers">`servers`</a> | Servers declare a single instance of your program. | "" |
| `servers.address` | The address option (IP:Port) point to a specific instance. | "" | | <a id="servers-address" href="#servers-address" title="#servers-address">`servers.address`</a> | The address option (IP:Port) point to a specific instance. | "" |
| `servers.tls` | The `tls` option determines whether to use TLS when dialing with the backend. | false | | <a id="servers-tls" href="#servers-tls" title="#servers-tls">`servers.tls`</a> | The `tls` option determines whether to use TLS when dialing with the backend. | false |
| `servers.serversTransport` | `serversTransport` allows to reference a TCP [ServersTransport](./serverstransport.md configuration for the communication between Traefik and your servers. If no serversTransport is specified, the default@internal will be used. | "" | | <a id="servers-serversTransport" href="#servers-serversTransport" title="#servers-serversTransport">`servers.serversTransport`</a> | `serversTransport` allows to reference a TCP [ServersTransport](./serverstransport.md configuration for the communication between Traefik and your servers. If no serversTransport is specified, the default@internal will be used. | "" |
## Weighted Round Robin ## Weighted Round Robin
@@ -95,4 +95,4 @@ tcp:
[[tcp.services.appv2.loadBalancer.servers]] [[tcp.services.appv2.loadBalancer.servers]]
address = "private-ip-server-2:8080/" address = "private-ip-server-2:8080/"
``` ```
docs/content/reference/routing-configuration/tcp/tls.md
+4 -4
View File
@@ -96,9 +96,9 @@ labels:
| Field | Description | Default | Required | | Field | Description | Default | Required |
|:------------------|:--------------------|:-----------------------------------------------|:---------| |:------------------|:--------------------|:-----------------------------------------------|:---------|
|`passthrough`| Defines whether the requests should be forwarded "as is", keeping all data encrypted. | false | No | | <a id="passthrough" href="#passthrough" title="#passthrough">`passthrough`</a> | Defines whether the requests should be forwarded "as is", keeping all data encrypted. | false | No |
|`options`| enables fine-grained control of the TLS parameters. It refers to a [TLS Options](../http/tls/tls-certificates.md#tls-options) and will be applied only if a `HostSNI` rule is defined. | "" | No | | <a id="options" href="#options" title="#options">`options`</a> | enables fine-grained control of the TLS parameters. It refers to a [TLS Options](../http/tls/tls-certificates.md#tls-options) and will be applied only if a `HostSNI` rule is defined. | "" | No |
|`domains`| Defines a set of SANs (alternative domains) for each main domain. Every domain must have A/AAAA records pointing to Traefik. Each domain & SAN will lead to a certificate request.| [] | No | | <a id="domains" href="#domains" title="#domains">`domains`</a> | Defines a set of SANs (alternative domains) for each main domain. Every domain must have A/AAAA records pointing to Traefik. Each domain & SAN will lead to a certificate request.| [] | No |
|`certResolver`| If defined, Traefik will try to generate certificates based on routers `Host` & `HostSNI` rules. | "" | No | | <a id="certResolver" href="#certResolver" title="#certResolver">`certResolver`</a> | If defined, Traefik will try to generate certificates based on routers `Host` & `HostSNI` rules. | "" | No |
{!traefik-for-business-applications.md!} {!traefik-for-business-applications.md!}
internal/anchors.go
+266
View File
@@ -0,0 +1,266 @@
package main
import (
"bufio"
"fmt"
"log"
"os"
"path/filepath"
"regexp"
"strings"
)
var (
// detect any existing <a ...> tag in the cell (case-insensitive).
reExistingAnchor = regexp.MustCompile(`(?i)<\s*a\b`)
// separator cell like --- or :---: (3+ dashes, optional leading/trailing colon).
reSepCell = regexp.MustCompile(`^\s*:?-{3,}:?\s*$`)
// markdown link [text](url) → text (used to strip link wrappers in id).
reMdLink = regexp.MustCompile(`\[(.*?)\]\((.*?)\)`)
// collapse multiple hyphens.
reMultiHyphens = regexp.MustCompile(`-+`)
)
// splitTableRow splits a markdown table line on pipes, while keeping escaped pipes.
// parts[1] will be the first data cell for lines that start with '|'.
func splitTableRow(line string) []string {
var parts []string
var b strings.Builder
escaped := false
for _, r := range line {
if escaped {
b.WriteRune(r)
escaped = false
continue
}
if r == '\\' {
escaped = true
b.WriteRune(r)
continue
}
if r == '|' {
parts = append(parts, b.String())
b.Reset()
continue
}
b.WriteRune(r)
}
parts = append(parts, b.String())
return parts
}
func isTableRow(line string) bool {
s := strings.TrimSpace(line)
if !strings.HasPrefix(s, "|") {
return false
}
parts := splitTableRow(line)
return len(parts) >= 3
}
func isSeparatorRow(line string) bool {
if !isTableRow(line) {
return false
}
parts := splitTableRow(line)
// check all middle cells (skip first and last which are outside pipes)
for i := 1; i < len(parts)-1; i++ {
cell := strings.TrimSpace(parts[i])
if cell == "" {
continue
}
if !reSepCell.MatchString(cell) {
return false
}
}
return true
}
// Create ID from cell text, preserving letter case, removing <br /> and markdown decorations.
func makeID(text string) string {
id := strings.TrimSpace(text)
// remove BR tags (common in table cells)
id = strings.ReplaceAll(id, "<br />", " ")
id = strings.ReplaceAll(id, "<br/>", " ")
id = strings.ReplaceAll(id, "<br>", " ")
// remove the dots
id = strings.ReplaceAll(id, ".", "-")
// strip markdown link wrappers [text](url) -> text
id = reMdLink.ReplaceAllString(id, "$1")
// remove inline markdown characters
id = strings.ReplaceAll(id, "`", "")
id = strings.ReplaceAll(id, "*", "")
id = strings.ReplaceAll(id, "~", "")
// replace spaces/underscores with hyphen
id = strings.ReplaceAll(id, " ", "-")
id = strings.ReplaceAll(id, "_", "-")
// keep only letters (both cases), digits and hyphens
var clean []rune
for _, r := range id {
if (r >= 'a' && r <= 'z') ||
(r >= 'A' && r <= 'Z') ||
(r >= '0' && r <= '9') ||
r == '-' || r == '.' {
// keep dot as you requested (we won't replace it)
clean = append(clean, r)
}
}
id = string(clean)
// collapse multiple hyphens and trim
id = reMultiHyphens.ReplaceAllString(id, "-")
id = strings.Trim(id, "-")
if id == "" {
id = "row"
}
return id
}
// Dedupe ID within a file: if id already seen, append -2, -3...
func dedupeID(base string, seen map[string]int) string {
if base == "" {
base = "row"
}
count, ok := seen[base]
if !ok {
seen[base] = 1
return base
}
seen[base] = count + 1
return fmt.Sprintf("%s-%d", base, count+1)
}
// Inject clickable link that is also the target (id + href on same element).
func injectClickableFirstCell(line string, seen map[string]int) string {
parts := splitTableRow(line)
// first data cell is index 1
firstCellRaw := parts[1]
firstTrimmed := strings.TrimSpace(firstCellRaw)
// if there's already an <a ...> tag inside, skip (avoid nesting)
if reExistingAnchor.MatchString(firstTrimmed) {
return line
}
id := makeID(firstTrimmed)
if id == "" {
return line
}
id = dedupeID(id, seen)
// wrap the visible cell content in a link that is also the target
// keep the cell inner HTML/text (firstCellRaw) as-is inside the <a>
parts[1] = fmt.Sprintf(" <a id=\"%s\" href=\"#%s\" title=\"#%s\">%s</a> ", id, id, id, strings.TrimSpace(firstCellRaw))
return strings.Join(parts, "|")
}
func processFile(path string) error {
// read file
f, err := os.Open(path)
if err != nil {
return err
}
var lines []string
sc := bufio.NewScanner(f)
for sc.Scan() {
lines = append(lines, sc.Text())
}
if err := sc.Err(); err != nil {
_ = f.Close()
return err
}
_ = f.Close()
inFence := false
seen := make(map[string]int)
out := make([]string, len(lines))
for i, line := range lines {
trim := strings.TrimSpace(line)
// toggle code fence (``` or ~~~)
if strings.HasPrefix(trim, "```") || strings.HasPrefix(trim, "~~~") {
inFence = !inFence
out[i] = line
continue
}
if inFence {
out[i] = line
continue
}
// not a table row -> copy as-is
if !isTableRow(line) {
out[i] = line
continue
}
// separator row -> copy as-is
if isSeparatorRow(line) {
out[i] = line
continue
}
// detect header row (the row immediately before a separator) and skip it
isHeader := false
for j := i + 1; j < len(lines); j++ {
if strings.TrimSpace(lines[j]) == "" {
continue
}
if isSeparatorRow(lines[j]) {
isHeader = true
}
break
}
if isHeader {
out[i] = line
continue
}
// otherwise inject clickable link in first cell
out[i] = injectClickableFirstCell(line, seen)
}
// overwrite file in place
wf, err := os.Create(path)
if err != nil {
return err
}
bw := bufio.NewWriter(wf)
for _, l := range out {
fmt.Fprintln(bw, l)
}
if err := bw.Flush(); err != nil {
_ = wf.Close()
return err
}
return wf.Close()
}
func genAnchors() {
root := "./docs/content/reference/"
err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
if err != nil {
return err
}
if !info.IsDir() && strings.HasSuffix(strings.ToLower(info.Name()), ".md") {
if perr := processFile(path); perr != nil {
fmt.Printf("⚠️ Error processing %s: %v\n", path, perr)
} else {
fmt.Printf("✅ Processed %s\n", path)
}
}
return nil
})
if err != nil {
log.Fatalf("walk error: %v", err)
}
}
internal/gendoc.go
+1
View File
@@ -26,6 +26,7 @@ var commentGenerated = `## CODE GENERATED AUTOMATICALLY
func main() { func main() {
genRoutingConfDoc() genRoutingConfDoc()
genInstallConfDoc() genInstallConfDoc()
genAnchors()
} }
// Generate the Routing Configuration YAML and TOML files. // Generate the Routing Configuration YAML and TOML files.