205hlab-mirrors/traefik
2
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2026-06-17 19:09:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge current branch v3.6 into v3.7

Browse Source
This commit is contained in:
romain
2026-05-27 13:59:31 +02:00
parent 743a63369c 9d5b03d2ea
commit 6e0198ca1e
22 changed files with 865 additions and 1616 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+113
View File
@@ -0,0 +1,113 @@
# Traefik — Contributor Guide for AI Agents
Traefik is a modern HTTP reverse proxy and load balancer that discovers services from orchestrators (Kubernetes, Docker, Nomad, ...) and wires up routing dynamically. This file is the canonical guide for AI coding agents (Claude Code, Codex, Gemini, Cursor, ...) working in this repository; `CLAUDE.md` is a thin pointer to this file. For everything not covered here, defer to [`CONTRIBUTING.md`](./CONTRIBUTING.md) and [`docs/content/contributing/`](./docs/content/contributing/).
> **Training-data notice.** Traefik evolved significantly between v2 and v3 (label formats, provider names, CRD shapes, middleware names). If anything you think you know about Traefik contradicts this file or the current code, trust this file and the code — not your training data.
## Core vocabulary
These terms appear everywhere in the code and configuration. Use them precisely; they are not interchangeable.
- **EntryPoint** — a network listener (port + protocol).
- **Router** — matches an incoming request and selects a service.
- **Middleware** — transforms a request or response in the routing chain (auth, headers, rate limiting, ...).
- **Service** — defines how to load-balance to backend servers.
- **Provider** — a source of dynamic configuration (Kubernetes CRD, Docker labels, a file, an HTTP endpoint, ...).
- **Static vs Dynamic configuration** — two distinct domains:
- *Static* is set at startup (entrypoints, providers, global options) and lives under [`pkg/config/static`](./pkg/config/static).
- *Dynamic* is produced by providers at runtime (routers, services, middlewares) and lives under [`pkg/config/dynamic`](./pkg/config/dynamic).
These terms are accurate for the code, but user-facing docs deliberately hide the distinction to keep things simpler for readers: when writing or editing under [`docs/content/`](./docs/content), prefer **install configuration** (over *static*) and **routing configuration** (over *dynamic*).
At request time the components chain in this order:
```
Client → EntryPoint → Router → Middleware chain → Service → Backend
```
The middleware chain is ordered: middlewares run in the sequence declared on the router, and the router match happens *before* any middleware runs.
## Where things live
- `cmd/traefik/` — main.
- `pkg/provider/` — one subpackage per provider (Kubernetes, Docker, file, ...).
- `pkg/server/` — routing core, middleware chain, configuration watcher.
- `pkg/middlewares/` — HTTP and TCP middleware implementations.
- `pkg/config/static`, `pkg/config/dynamic` — the two config domains above.
- `pkg/plugins/` — Yaegi and WASM plugin runtimes.
- `pkg/observability/logs/` — logging helpers; the project uses `github.com/rs/zerolog` exclusively.
- `webui/` — React dashboard. Built assets under `webui/static/` are embedded into the Go binary via `//go:embed` (see `webui/embed.go`) and must be regenerated with `make generate-webui` (Docker required) — they are not meant to be hand-edited.
- `integration/` — integration tests; reusable fixtures under `integration/fixtures/`.
- `docs/content/` — MkDocs sources for the public documentation.
## Before you edit
Read two or three existing files in the same package before adding a new one, and copy their structure. Do not invent new directory layouts, file-naming conventions, or abstraction boundaries — match the neighbours. When adding a new provider, read two existing providers under `pkg/provider/`; when adding a middleware, read two under `pkg/middlewares/`.
## Build, test, lint
The Go version is declared in [`go.mod`](./go.mod) — check there rather than hard-coding a version. All day-to-day commands go through `make`:
```bash
make binary # build the traefik binary (runs generate-webui first)
make test-unit # run Go unit tests
make test-integration # run integration tests (requires Docker)
make lint # run golangci-lint
make validate-files # misspell, shellcheck, generated-files check
make validate # lint + validate-files (run this before pushing)
make fmt # gofumpt / goimports
make generate # regenerate non-CRD generated code (deepcopy, etc.)
make generate-crd # regenerate Kubernetes CRD clientset + deepcopy
make generate-webui # rebuild the embedded WebUI assets (Docker required)
make docs-serve # preview the documentation locally
```
Full environment setup (Docker, `GOPATH` layout, Tailscale for Docker Desktop users, how to target a single integration test via `TESTFLAGS`) is documented in [`docs/content/contributing/building-testing.md`](./docs/content/contributing/building-testing.md). CI runs `make validate` and fails if `make generate` or `make generate-crd` leave the tree dirty — always commit regenerated files alongside the source change that triggered them.
## Code style
Standard Go formatting (`gofumpt`/`goimports`) and `golangci-lint` cover most rules automatically; run `make lint` to catch them. Two project-specific rules that tooling does **not** enforce:
- **Comments answer *why*, not *what*.** Comments that restate what the code already says are noise: they go stale and waste review time. Only add a comment when it records *why* the code exists — a constraint, a past incident, a spec reference, an edge case. Comments explaining *how* should be rare and usually indicate the code needs to be clearer. When a comment is present, it **must end with a period**.
- **Assertion messages are minimal.** Prefer `assert.Equal(t, expected, actual)` over `assert.Equal(t, expected, actual, "detailed explanation")`. The test name provides the context; a descriptive message is usually noise.
Prefer modern standard-library packages (`slices`, `maps`, `cmp`, ...) over hand-rolled helpers or third-party libraries when the Go version in `go.mod` supports them.
## Common patterns
- **Logging.** The project uses `github.com/rs/zerolog` exclusively — do not import `log`, `slog`, or `logrus`. Inside a middleware, get a logger via `middlewares.GetLogger(ctx, name, typeName)` (see [`pkg/middlewares/middleware.go`](./pkg/middlewares/middleware.go)) where `typeName` is a package-level `const` like `const typeNameForward = "ForwardAuth"`. Elsewhere, extract the logger from the context with `log.Ctx(ctx)` and attach it to a new context with `.WithContext(ctx)`.
- **Context propagation.** `context.Context` is always the first argument, named `ctx`. Avoid `context.Background()` in request paths; propagate from the caller. Define custom context keys as unexported struct types (`type myKey struct{}`) to prevent collisions.
## Testing conventions
- Unit tests live next to the code as `*_test.go` files using `testing.T` with `testify/assert` and `testify/require`.
- Use `require.*` for preconditions that must stop the test on failure (setup, must-not-be-nil). Use `assert.*` for independent checks where you want the test to keep running and report every failure.
- Integration tests under `integration/` are built on `testify/suite` (see `integration/integration_test.go`) and reuse fixtures from `integration/fixtures/`. New fixtures should follow the pattern of the existing ones.
- New providers require integration tests.
- Prefer running a focused test over the whole suite while iterating. When iterating on a failing test, capture the output to a file once and grep it (`... > /tmp/out.log 2>&1`) rather than re-running the suite with different `TESTFLAGS`. See [`docs/content/contributing/building-testing.md`](./docs/content/contributing/building-testing.md) for the `TESTFLAGS` invocation.
## Documentation
User-facing features need matching documentation updates under `docs/content/`. Integrate new pages into the existing structure rather than creating parallel sections. Preview locally with `make docs-serve`.
## Contributing etiquette
- **Target the right branch** (the [PR template](./.github/PULL_REQUEST_TEMPLATE.md) is authoritative): enhancements go to `master`; bug fixes and documentation updates go to the current maintenance branches (`v3.6` for v3, `v2.11` for v2, security-fixes only). Forward-ports from the maintenance branches up to `master` are handled by maintainers.
- Keep pull requests small and focused; one logical change per PR.
- For anything beyond a bug fix, open an issue first and wait for a maintainer to confirm the direction before investing significant work.
- Follow the full guide in [`docs/content/contributing/submitting-pull-requests.md`](./docs/content/contributing/submitting-pull-requests.md).
## AI assistance disclosure
Traefik welcomes AI-assisted contributions, provided a few simple rules are followed:
- **Declare substantial AI assistance** with an `Assisted-by:` trailer at the bottom of the commit message whenever an agent produced a meaningful portion of the diff — for example `Assisted-by: Claude Opus 4.6`. Trivial edits such as a typo fix or a one-line rename do not need a trailer.
- **Keep issue and PR conversations human.** Do not let an agent post comments, review replies, or triage messages on your behalf. If an agent drafted a message for you, rewrite it in your own voice before sending — maintainers need to know they are talking to a person, not a bot.
- **Align with a maintainer before generating code for anything larger than a bug fix.** An agent can produce thousands of lines in minutes; maintainer review capacity cannot scale the same way. Open an issue, state the intended approach, and wait for confirmation before asking an agent to implement it.
## Things to avoid
- Do not hand-edit generated files — notably `**/zz_generated*.go`, everything under `pkg/provider/kubernetes/crd/generated/`, and `webui/static/`. Regenerate them via `make generate`, `make generate-crd`, or `make generate-webui` and commit the result.
- Do not skip `make lint` and `make validate-files` (or `make validate`) before pushing.
- Do not opportunistically reformat, rename, or refactor files you did not otherwise need to touch. Drive-by changes turn a reviewable diff into noise — scope every PR to one logical change.
- Do not include unrelated refactors, formatting-only changes to untouched files, or speculative abstractions in a feature PR.
CLAUDE.md
+1
View File
@@ -0,0 +1 @@
@AGENTS.md
docs/content/contributing/maintainers.md
+1
View File
@@ -24,6 +24,7 @@ description: "Traefik Proxy is an open source software with a thriving community
* Baptiste Mayelle [@youkoulayley](https://github.com/youkoulayley)
* Jesper Noordsij [@jnoordsij](https://github.com/jnoordsij)
* Gina Adzani [@gndz07](https://github.com/gndz07)
* Mathis Urien [@LBF38](https://github.com/LBF38)
## Past Maintainers
docs/content/migrate/nginx-to-traefik.md
+25 -8
View File
@@ -230,6 +230,10 @@ When you find one of these keys, translate the underlying intent rather than try
```
Install Traefik with the Kubernetes Ingress NGINX provider enabled. Both controllers will serve the same Ingress resources simultaneously.
!!! warning "Read the status race condition note first"
Running both controllers against the same Ingresses creates contention on the `status.loadBalancer.ingress[]` field. Before installing, review the [Ingress Status Race Condition](#status-race) section in Step 3 and decide which mitigation to apply (disable `publishService` on Traefik, or use a transitional IngressClass).
### Add Traefik Helm Repository
```bash
@@ -355,11 +359,20 @@ echo $(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .stat
Some ISPs ignore DNS TTL values to reduce traffic costs, caching records longer than specified. After removing NGINX from DNS, keep NGINX running for at least 24-48 hours before uninstalling to avoid dropping traffic from users whose ISPs have stale DNS caches.
??? info "ExternalDNS Users"
<a id="status-race"></a>
If you use [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) to automatically manage DNS records based on Ingress status, both NGINX and Traefik will compete to update the Ingress status with their LoadBalancer IPs when `publishService` is enabled. Traefik typically wins because it updates faster, which can cause unexpected traffic shifts.
!!! warning "Ingress Status Race Condition During Coexistence"
**Recommended approach for ExternalDNS:**
While both controllers manage the same Ingress resources (same `ingressClassName: nginx`), they will both attempt to write the LoadBalancer address into `status.loadBalancer.ingress[]` on every Ingress they own. Each controller overwrites the other in a tight reconciliation loop, with no error reported in the logs (just repeated `Updated ingress status` info lines on both sides).
Routing itself is not affected: both controllers correctly serve traffic during the coexistence window. The flapping status field affects anything that watches it:
- [ExternalDNS](https://github.com/kubernetes-sigs/external-dns), which may shift DNS records back and forth between the two LoadBalancer IPs.
- kube-state-metrics, monitoring dashboards, and alerting rules that observe Ingress status.
- GitOps tools such as ArgoCD or Flux, which will report a permanent drift on every affected Ingress.
- Custom operators reconciling on the Ingress status field.
**Recommended mitigation (option 1): disable status publishing on Traefik during coexistence**
1. **[Install Traefik](#step-1-install-traefik-alongside-nginx) with `publishService` disabled**:
@@ -372,9 +385,11 @@ echo $(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .stat
enabled: false # Disable to prevent status updates
```
2. **Test Traefik** using [port-forward](#step-2-verify-traefik-is-handling-traffic) or a separate test hostname
Traefik keeps serving the Ingresses normally. It only stops writing the status field, leaving NGINX as the sole writer.
3. **Switch DNS via NGINX** - Configure NGINX to publish Traefik's service address:
2. **Test Traefik** using [port-forward](#step-2-verify-traefik-is-handling-traffic) or a separate test hostname.
3. **Switch DNS via NGINX** (ExternalDNS users only). Configure NGINX to publish Traefik's service address so ExternalDNS points traffic to Traefik:
```yaml
# nginx-values.yaml
@@ -383,11 +398,13 @@ echo $(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .stat
pathOverride: "traefik/traefik" # Points to Traefik's service
```
This makes NGINX update the Ingress status with Traefik's LoadBalancer IP, causing ExternalDNS to point traffic to Traefik.
4. **Verify traffic flows through Traefik**. At this point, you can still roll back by removing the `pathOverride`.
4. **Verify traffic flows through Traefik** - At this point, you can still rollback by removing the `pathOverride`
5. **[Enable `publishService` on Traefik](#step-1-install-traefik-alongside-nginx)** and [uninstall NGINX](#step-4-uninstall-ingress-nginx-controller).
5. **[Enable `publishService` on Traefik](#step-1-install-traefik-alongside-nginx)** and [uninstall NGINX](#step-4-uninstall-ingress-nginx-controller)
**Alternative mitigation (option 2): use a transitional IngressClass**
Give the migrating NGINX a distinct IngressClass (for example `nginx-migration`) so the two controllers never own the same Ingress at the same time. This is the approach SUSE documents for RKE2 migrations: see [SUSE: Migrate from Ingress NGINX to Traefik](https://documentation.suse.com/cloudnative/rke2/latest/en/reference/ingress_migration.html). This avoids any contention on `status.loadBalancer.ingress[]` entirely, at the cost of a short traffic-cutover step instead of a progressive DNS shift.
### Option B: External Load Balancer with Weighted Traffic
docs/content/migrate/v1-to-v2.md
+1 -1
View File
@@ -17,7 +17,7 @@ For more information about the changes in Traefik v2, please refer to the [v2 do
We created a tool to help during the migration: [traefik-migration-tool](https://github.com/traefik/traefik-migration-tool)
This tool allows to:
This tool lets you:
- convert `Ingress` to Traefik `IngressRoute` resources.
- convert `acme.json` file from v1 to v2 format.
docs/content/migrate/v2-to-v3-details.md
+1 -1
View File
@@ -680,7 +680,7 @@ It can be configured in the install configuration.
##### Configure the Syntax Per Router
The rule syntax can also be configured on a per-router basis.
This allows to have heterogeneous router configurations and ease migration.
This allows you to have heterogeneous router configurations and ease migration.
??? example "An example router with syntax configuration"
docs/content/observe/logs-and-access-logs.md
+1
View File
@@ -175,6 +175,7 @@ When using the `json` format, you can customize which fields are included in you
- **Request Fields:** You can choose to `keep`, `drop`, or `redact` any of the standard request fields. A complete list of available fields like `ClientHost`, `RequestMethod`, and `Duration` can be found in the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md#json-format-fields).
- **Request Headers:** You can also specify which request headers should be included in the logs, and whether their values should be `kept`, `dropped`, or `redacted`.
- **Request Query Parameters:** You can choose to `keep` or `drop` the query parameters for a request.
!!! info
For detailed configuration options, refer to the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md).
docs/content/reference/install-configuration/configuration-options.md
+1
View File
@@ -15,6 +15,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| <a id="opt-accesslog-fields-headers-defaultmode" href="#opt-accesslog-fields-headers-defaultmode" title="#opt-accesslog-fields-headers-defaultmode">accesslog.fields.headers.defaultmode</a> | Default mode for fields: keep | drop | redact | drop |
| <a id="opt-accesslog-fields-headers-names-name" href="#opt-accesslog-fields-headers-names-name" title="#opt-accesslog-fields-headers-names-name">accesslog.fields.headers.names._name_</a> | Override mode for headers | |
| <a id="opt-accesslog-fields-names-name" href="#opt-accesslog-fields-names-name" title="#opt-accesslog-fields-names-name">accesslog.fields.names._name_</a> | Override mode for fields | |
| <a id="opt-accesslog-fields-queryparameters-defaultmode" href="#opt-accesslog-fields-queryparameters-defaultmode" title="#opt-accesslog-fields-queryparameters-defaultmode">accesslog.fields.queryparameters.defaultmode</a> | Default mode for query parameters: keep | drop | keep |
| <a id="opt-accesslog-filepath" href="#opt-accesslog-filepath" title="#opt-accesslog-filepath">accesslog.filepath</a> | Access log file path. Stdout is used when omitted or empty. | |
| <a id="opt-accesslog-filters-minduration" href="#opt-accesslog-filters-minduration" title="#opt-accesslog-filters-minduration">accesslog.filters.minduration</a> | Keep access logs when request took longer than the specified duration. | 0 |
| <a id="opt-accesslog-filters-retryattempts" href="#opt-accesslog-filters-retryattempts" title="#opt-accesslog-filters-retryattempts">accesslog.filters.retryattempts</a> | Keep access logs when at least one retry happened. | false |
docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
+8
View File
@@ -171,6 +171,9 @@ accessLog:
User-Agent: redact
# Drop the Authorization header value
Authorization: drop
queryParameters:
# Drop all query parameters
defaultMode: drop
```
```toml tab="File (TOML)"
@@ -194,6 +197,9 @@ accessLog:
[accessLog.fields.headers.names]
User-Agent = "redact"
Authorization = "drop"
[accessLog.fields.queryParameters]
defaultMode = "drop"
```
```sh tab="CLI"
@@ -208,6 +214,7 @@ accessLog:
--accesslog.fields.headers.defaultmode=keep
--accesslog.fields.headers.names.User-Agent=redact
--accesslog.fields.headers.names.Authorization=drop
--accesslog.fields.queryparameters.defaultmode=drop
```
### Configuration Options
@@ -228,6 +235,7 @@ The section below describes how to configure Traefik access logs using the stati
| <a id="opt-accesslog-fields-names" href="#opt-accesslog-fields-names" title="#opt-accesslog-fields-names">`accesslog.fields.names`</a> | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#json-format-fields). | [ ] | No |
| <a id="opt-accesslog-fields-headers-defaultMode" href="#opt-accesslog-fields-headers-defaultMode" title="#opt-accesslog-fields-headers-defaultMode">`accesslog.fields.headers.defaultMode`</a> | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No |
| <a id="opt-accesslog-fields-headers-names" href="#opt-accesslog-fields-headers-names" title="#opt-accesslog-fields-headers-names">`accesslog.fields.headers.names`</a> | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No |
| <a id="opt-accesslog-fields-queryParameters-defaultMode" href="#opt-accesslog-fields-queryParameters-defaultMode" title="#opt-accesslog-fields-queryParameters-defaultMode">`accesslog.fields.queryParameters.defaultMode`</a> | Mode to apply by default to the access logs query parameters (`keep` or `drop`) | keep | No |
### OpenTelemetry
docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
+1 -1
View File
@@ -62,7 +62,7 @@ spec:
| <a id="opt-authRequestHeaders" href="#opt-authRequestHeaders" title="#opt-authRequestHeaders">`authRequestHeaders`</a> | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No |
| <a id="opt-addAuthCookiesToResponse" href="#opt-addAuthCookiesToResponse" title="#opt-addAuthCookiesToResponse">`addAuthCookiesToResponse`</a> | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No |
| <a id="opt-forwardBody" href="#opt-forwardBody" title="#opt-forwardBody">`forwardBody`</a> | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No |
| <a id="opt-maxBodySize" href="#opt-maxBodySize" title="#opt-maxBodySize">`maxBodySize`</a> | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). If left unset, the request body size is unrestricted which can have performance or security implications. < br/>More information [here](#maxbodysize). | -1 | No |
| <a id="opt-maxBodySize" href="#opt-maxBodySize" title="#opt-maxBodySize">`maxBodySize`</a> | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). If left unset, the request body size is unrestricted which can have performance or security implications. <br/>More information [here](#maxbodysize). | -1 | No |
| <a id="opt-maxResponseBodySize" href="#opt-maxResponseBodySize" title="#opt-maxResponseBodySize">`maxResponseBodySize`</a> | Set the `maxResponseBodySize` to limit the response body size from the authentication server in bytes. If the response body exceeds this limit, it returns a 401 (unauthorized). If left unset, the response body size is unrestricted which can have performance or security implications. <br/>More information [here](#maxresponsebodysize).| -1 | No |
| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Defines a header field to store the authenticated user. | "" | No |
| <a id="opt-preserveLocationHeader" href="#opt-preserveLocationHeader" title="#opt-preserveLocationHeader">`preserveLocationHeader`</a> | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No |
docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
+1 -1
View File
@@ -92,7 +92,7 @@ spec:
| <a id="opt-routesn-middlewares" href="#opt-routesn-middlewares" title="#opt-routesn-middlewares">`routes[n].middlewares`</a> | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
| <a id="opt-routesn-middlewaresm-name" href="#opt-routesn-middlewaresm-name" title="#opt-routesn-middlewaresm-name">`routes[n].`<br />`middlewares[m].`<br />`name`</a> | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
| <a id="opt-routesn-middlewaresm-namespace" href="#opt-routesn-middlewaresm-namespace" title="#opt-routesn-middlewaresm-namespace">`routes[n].`<br />`middlewares[m].`<br />`namespace`</a> | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
| <a id="opt-routesn-observability-accesslogs" href="#opt-routesn-observability-accesslogs" title="#opt-routesn-observability-accesslogs">`routes[n].`<br />`observability.`<br />`accesslogs`</a> | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-routesn-observability-accessLogs" href="#opt-routesn-observability-accessLogs" title="#opt-routesn-observability-accessLogs">`routes[n].`<br />`observability.`<br />`accessLogs`</a> | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-routesn-observability-metrics" href="#opt-routesn-observability-metrics" title="#opt-routesn-observability-metrics">`routes[n].`<br />`observability.`<br />`metrics`</a> | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-routesn-observability-tracing" href="#opt-routesn-observability-tracing" title="#opt-routesn-observability-tracing">`routes[n].`<br />`observability.`<br />`tracing`</a> | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-tls" href="#opt-tls" title="#opt-tls">`tls`</a> | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](../tls/tlsstore.md) is used if it is defined.) | | No |
docs/content/reference/routing-configuration/other-providers/file.md
+444 -16
View File
@@ -1,26 +1,454 @@
---
title: "Traefik File Dynamic Configuration"
description: "This guide will provide you with the YAML and TOML files for dynamic configuration in Traefik Proxy. Read the technical documentation."
title: "Traefik File Routing Configuration"
description: "This guide will provide you with the reference for file-based routing configuration in Traefik Proxy. Read the technical documentation."
---
# Traefik File Routing Configuration
# Traefik and Configuration Files
The file provider lets you define routing configuration in YAML or TOML.
Use it to declare routers, services, middlewares, TCP and UDP routing, and TLS options that Traefik should load from a file or a directory.
!!! warning "Work In Progress"
To configure the file provider itself, see the [File provider install configuration](../../install-configuration/providers/others/file.md) page.
This page is still work in progress to provide a better documention of the routing options.
## Configuration Examples
It has been created to provide a centralized page with all the option in YAML and TOML format.
??? example "Configuring the File Provider and Exposing One HTTP Service"
Enabling the file provider:
```yaml tab="Structured (YAML)"
providers:
file:
filename: /etc/traefik/dynamic.yml
```
```toml tab="Structured (TOML)"
[providers.file]
filename = "/etc/traefik/dynamic.toml"
```
```bash tab="CLI"
--providers.file.filename=/etc/traefik/dynamic.yml
```
Declaring the dynamic HTTP configuration:
```yaml tab="Structured (YAML)"
http:
routers:
app:
rule: Host(`example.com`)
entryPoints:
- websecure
service: app
tls: {}
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8080
```
```toml tab="Structured (TOML)"
[http.routers.app]
rule = "Host(`example.com`)"
entryPoints = ["websecure"]
service = "app"
[http.routers.app.tls]
[http.services.app.loadBalancer]
[[http.services.app.loadBalancer.servers]]
url = "http://127.0.0.1:8080"
```
??? example "Specifying More Than One Router and Service"
Define each router and explicitly attach it to the service that should handle matching requests.
```yaml tab="Structured (YAML)"
http:
routers:
app:
rule: Host(`example-a.com`)
service: app
admin:
rule: Host(`example-b.com`)
service: admin
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8000
admin:
loadBalancer:
servers:
- url: http://127.0.0.1:9000
```
```toml tab="Structured (TOML)"
[http.routers.app]
rule = "Host(`example-a.com`)"
service = "app"
[http.routers.admin]
rule = "Host(`example-b.com`)"
service = "admin"
[http.services.app.loadBalancer]
[[http.services.app.loadBalancer.servers]]
url = "http://127.0.0.1:8000"
[http.services.admin.loadBalancer]
[[http.services.admin.loadBalancer.servers]]
url = "http://127.0.0.1:9000"
```
??? example "Declaring and Referencing Middlewares"
Middlewares declared by the file provider can be used by routers from the file provider or by routers from other providers.
When another provider references them, use the `@file` provider suffix.
```yaml tab="Structured (YAML)"
http:
routers:
app:
rule: Host(`secure.example.com`)
entryPoints:
- websecure
middlewares:
- secure-headers
service: app
tls:
options: modern
middlewares:
secure-headers:
headers:
stsSeconds: 31536000
forceSTSHeader: true
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8080
tls:
options:
modern:
minVersion: VersionTLS12
sniStrict: true
```
```toml tab="Structured (TOML)"
[http.routers.app]
rule = "Host(`secure.example.com`)"
entryPoints = ["websecure"]
middlewares = ["secure-headers"]
service = "app"
[http.routers.app.tls]
options = "modern"
[http.middlewares.secure-headers.headers]
stsSeconds = 31536000
forceSTSHeader = true
[http.services.app.loadBalancer]
[[http.services.app.loadBalancer.servers]]
url = "http://127.0.0.1:8080"
[tls.options.modern]
minVersion = "VersionTLS12"
sniStrict = true
```
??? example "Loading Multiple Dynamic Configuration Files"
Configure the file provider with a directory when you want to split dynamic configuration across multiple files.
```yaml tab="Structured (YAML)"
providers:
file:
directory: /etc/traefik/dynamic
watch: true
```
```toml tab="Structured (TOML)"
[providers.file]
directory = "/etc/traefik/dynamic"
watch = true
```
```bash tab="CLI"
--providers.file.directory=/etc/traefik/dynamic
--providers.file.watch=true
```
Example `/etc/traefik/dynamic/http.yml`:
```yaml
http:
routers:
app:
rule: Host(`example.com`)
service: app
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8080
```
Example `/etc/traefik/dynamic/tls.yml`:
```yaml
tls:
certificates:
- certFile: /certs/example.crt
keyFile: /certs/example.key
```
## Configuration Options
```yml tab="YAML"
--8<-- "content/reference/routing-configuration/other-providers/file.yaml"
```
### General
```toml tab="TOML"
--8<-- "content/reference/routing-configuration/other-providers/file.toml"
```
The file provider does not discover services automatically.
Define every router, service, middleware, and TLS resource explicitly in the routing configuration file.
When another provider references a resource declared by the file provider, append the `@file` provider suffix.
For example, a Docker label can reference a file-provider middleware with `secure-headers@file`.
The examples below use YAML-style field paths.
In TOML, use the equivalent table and array syntax, such as `[http.routers.<router_name>]` and `[[http.services.<service_name>.loadBalancer.servers]]`.
### HTTP
#### Routers
Define HTTP routers under `http.routers.<router_name>`.
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-routers-router-name-rule" href="#opt-http-routers-router-name-rule" title="#opt-http-routers-router-name-rule">`http.routers.<router_name>.rule`</a> | See [rule](../http/routing/rules-and-priority.md#rules) for more information. | ```Host(`example.com`)``` |
| <a id="opt-http-routers-router-name-ruleSyntax" href="#opt-http-routers-router-name-ruleSyntax" title="#opt-http-routers-router-name-ruleSyntax">`http.routers.<router_name>.ruleSyntax`</a> | See [ruleSyntax](../http/routing/rules-and-priority.md#rulesyntax) for more information.<br/>RuleSyntax is deprecated and will be removed in the next major version. | `v3` |
| <a id="opt-http-routers-router-name-entryPointsn" href="#opt-http-routers-router-name-entryPointsn" title="#opt-http-routers-router-name-entryPointsn">`http.routers.<router_name>.entryPoints[n]`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `websecure` |
| <a id="opt-http-routers-router-name-middlewaresn" href="#opt-http-routers-router-name-middlewaresn" title="#opt-http-routers-router-name-middlewaresn">`http.routers.<router_name>.middlewares[n]`</a> | See [middlewares overview](../http/middlewares/overview.md) for more information. | `secure-headers` |
| <a id="opt-http-routers-router-name-service" href="#opt-http-routers-router-name-service" title="#opt-http-routers-router-name-service">`http.routers.<router_name>.service`</a> | See [service](../http/load-balancing/service.md) for more information. | `app` |
| <a id="opt-http-routers-router-name-parentRefsn" href="#opt-http-routers-router-name-parentRefsn" title="#opt-http-routers-router-name-parentRefsn">`http.routers.<router_name>.parentRefs[n]`</a> | See [multi-layer routing](../http/routing/multi-layer-routing.md) for more information. | `parent-router@file` |
| <a id="opt-http-routers-router-name-tls" href="#opt-http-routers-router-name-tls" title="#opt-http-routers-router-name-tls">`http.routers.<router_name>.tls`</a> | See [TLS](../http/tls/overview.md) for more information. | `{}` |
| <a id="opt-http-routers-router-name-tls-certResolver" href="#opt-http-routers-router-name-tls-certResolver" title="#opt-http-routers-router-name-tls-certResolver">`http.routers.<router_name>.tls.certResolver`</a> | See [certResolver](../../install-configuration/tls/certificate-resolvers/overview.md) for more information. | `myresolver` |
| <a id="opt-http-routers-router-name-tls-domainsn-main" href="#opt-http-routers-router-name-tls-domainsn-main" title="#opt-http-routers-router-name-tls-domainsn-main">`http.routers.<router_name>.tls.domains[n].main`</a> | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `example.org` |
| <a id="opt-http-routers-router-name-tls-domainsn-sansn" href="#opt-http-routers-router-name-tls-domainsn-sansn" title="#opt-http-routers-router-name-tls-domainsn-sansn">`http.routers.<router_name>.tls.domains[n].sans[n]`</a> | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `www.example.org` |
| <a id="opt-http-routers-router-name-tls-options" href="#opt-http-routers-router-name-tls-options" title="#opt-http-routers-router-name-tls-options">`http.routers.<router_name>.tls.options`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `modern` |
| <a id="opt-http-routers-router-name-observability-accessLogs" href="#opt-http-routers-router-name-observability-accessLogs" title="#opt-http-routers-router-name-observability-accessLogs">`http.routers.<router_name>.observability.accessLogs`</a> | Enables or disables access logs for the router. | `true` |
| <a id="opt-http-routers-router-name-observability-metrics" href="#opt-http-routers-router-name-observability-metrics" title="#opt-http-routers-router-name-observability-metrics">`http.routers.<router_name>.observability.metrics`</a> | Enables or disables metrics for the router. | `true` |
| <a id="opt-http-routers-router-name-observability-tracing" href="#opt-http-routers-router-name-observability-tracing" title="#opt-http-routers-router-name-observability-tracing">`http.routers.<router_name>.observability.tracing`</a> | Enables or disables tracing for the router. | `true` |
| <a id="opt-http-routers-router-name-observability-traceVerbosity" href="#opt-http-routers-router-name-observability-traceVerbosity" title="#opt-http-routers-router-name-observability-traceVerbosity">`http.routers.<router_name>.observability.traceVerbosity`</a> | See [trace verbosity](../http/routing/observability.md#opt-traceVerbosity) for more information. | `minimal` |
| <a id="opt-http-routers-router-name-priority" href="#opt-http-routers-router-name-priority" title="#opt-http-routers-router-name-priority">`http.routers.<router_name>.priority`</a> | See [priority](../http/routing/rules-and-priority.md#priority-calculation) for more information. | `42` |
#### Services
Define HTTP services under `http.services.<service_name>`.
!!! warning "The character `@` is not authorized in the service name `<service_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-services-service-name-loadBalancer-serversn-url" href="#opt-http-services-service-name-loadBalancer-serversn-url" title="#opt-http-services-service-name-loadBalancer-serversn-url">`http.services.<service_name>.loadBalancer.servers[n].url`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `http://127.0.0.1:8080` |
| <a id="opt-http-services-service-name-loadBalancer-serversn-weight" href="#opt-http-services-service-name-loadBalancer-serversn-weight" title="#opt-http-services-service-name-loadBalancer-serversn-weight">`http.services.<service_name>.loadBalancer.servers[n].weight`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `1` |
| <a id="opt-http-services-service-name-loadBalancer-serversn-preservePath" href="#opt-http-services-service-name-loadBalancer-serversn-preservePath" title="#opt-http-services-service-name-loadBalancer-serversn-preservePath">`http.services.<service_name>.loadBalancer.servers[n].preservePath`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `true` |
| <a id="opt-http-services-service-name-loadBalancer-strategy" href="#opt-http-services-service-name-loadBalancer-strategy" title="#opt-http-services-service-name-loadBalancer-strategy">`http.services.<service_name>.loadBalancer.strategy`</a> | See [load balancing strategies](../http/load-balancing/service.md#load-balancing-strategies) for more information. | `wrr` |
| <a id="opt-http-services-service-name-loadBalancer-passHostHeader" href="#opt-http-services-service-name-loadBalancer-passHostHeader" title="#opt-http-services-service-name-loadBalancer-passHostHeader">`http.services.<service_name>.loadBalancer.passHostHeader`</a> | See [service load balancer](../http/load-balancing/service.md) for more information. | `true` |
| <a id="opt-http-services-service-name-loadBalancer-healthCheck" href="#opt-http-services-service-name-loadBalancer-healthCheck" title="#opt-http-services-service-name-loadBalancer-healthCheck">`http.services.<service_name>.loadBalancer.healthCheck.*`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `path: /health` |
| <a id="opt-http-services-service-name-loadBalancer-passiveHealthCheck" href="#opt-http-services-service-name-loadBalancer-passiveHealthCheck" title="#opt-http-services-service-name-loadBalancer-passiveHealthCheck">`http.services.<service_name>.loadBalancer.passiveHealthCheck.*`</a> | See [passive health check](../http/load-balancing/service.md#passive-health-check) for more information. | `maxFailedAttempts: 3` |
| <a id="opt-http-services-service-name-loadBalancer-sticky-cookie" href="#opt-http-services-service-name-loadBalancer-sticky-cookie" title="#opt-http-services-service-name-loadBalancer-sticky-cookie">`http.services.<service_name>.loadBalancer.sticky.cookie.*`</a> | See [sticky sessions](../http/load-balancing/service.md#sticky-sessions) for more information. | `name: app-cookie` |
| <a id="opt-http-services-service-name-loadBalancer-responseForwarding-flushInterval" href="#opt-http-services-service-name-loadBalancer-responseForwarding-flushInterval" title="#opt-http-services-service-name-loadBalancer-responseForwarding-flushInterval">`http.services.<service_name>.loadBalancer.responseForwarding.flushInterval`</a> | See [service load balancer](../http/load-balancing/service.md) for more information. | `100ms` |
| <a id="opt-http-services-service-name-loadBalancer-serversTransport" href="#opt-http-services-service-name-loadBalancer-serversTransport" title="#opt-http-services-service-name-loadBalancer-serversTransport">`http.services.<service_name>.loadBalancer.serversTransport`</a> | See [ServersTransport](../http/load-balancing/serverstransport.md) for more information. | `secure-transport` |
| <a id="opt-http-services-service-name-weighted-servicesn-name" href="#opt-http-services-service-name-weighted-servicesn-name" title="#opt-http-services-service-name-weighted-servicesn-name">`http.services.<service_name>.weighted.services[n].name`</a> | See [weighted round robin](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `app-v1` |
| <a id="opt-http-services-service-name-weighted-servicesn-weight" href="#opt-http-services-service-name-weighted-servicesn-weight" title="#opt-http-services-service-name-weighted-servicesn-weight">`http.services.<service_name>.weighted.services[n].weight`</a> | See [weighted round robin](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `3` |
| <a id="opt-http-services-service-name-weighted-sticky-cookie" href="#opt-http-services-service-name-weighted-sticky-cookie" title="#opt-http-services-service-name-weighted-sticky-cookie">`http.services.<service_name>.weighted.sticky.cookie.*`</a> | See [sticky sessions](../http/load-balancing/service.md#sticky-sessions) for more information. | `name: app-cookie` |
| <a id="opt-http-services-service-name-weighted-healthCheck" href="#opt-http-services-service-name-weighted-healthCheck" title="#opt-http-services-service-name-weighted-healthCheck">`http.services.<service_name>.weighted.healthCheck`</a> | See [weighted service health check](../http/load-balancing/service.md#health-check) for more information. | `{}` |
| <a id="opt-http-services-service-name-highestRandomWeight-servicesn-name" href="#opt-http-services-service-name-highestRandomWeight-servicesn-name" title="#opt-http-services-service-name-highestRandomWeight-servicesn-name">`http.services.<service_name>.highestRandomWeight.services[n].name`</a> | See [highest random weight](../http/load-balancing/service.md#highest-random-weight) for more information. | `app-v1` |
| <a id="opt-http-services-service-name-highestRandomWeight-servicesn-weight" href="#opt-http-services-service-name-highestRandomWeight-servicesn-weight" title="#opt-http-services-service-name-highestRandomWeight-servicesn-weight">`http.services.<service_name>.highestRandomWeight.services[n].weight`</a> | See [highest random weight](../http/load-balancing/service.md#highest-random-weight) for more information. | `3` |
| <a id="opt-http-services-service-name-highestRandomWeight-healthCheck" href="#opt-http-services-service-name-highestRandomWeight-healthCheck" title="#opt-http-services-service-name-highestRandomWeight-healthCheck">`http.services.<service_name>.highestRandomWeight.healthCheck`</a> | See [highest random weight](../http/load-balancing/service.md#highest-random-weight) for more information. | `{}` |
| <a id="opt-http-services-service-name-mirroring-service" href="#opt-http-services-service-name-mirroring-service" title="#opt-http-services-service-name-mirroring-service">`http.services.<service_name>.mirroring.service`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `app-main` |
| <a id="opt-http-services-service-name-mirroring-mirrorBody" href="#opt-http-services-service-name-mirroring-mirrorBody" title="#opt-http-services-service-name-mirroring-mirrorBody">`http.services.<service_name>.mirroring.mirrorBody`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `true` |
| <a id="opt-http-services-service-name-mirroring-maxBodySize" href="#opt-http-services-service-name-mirroring-maxBodySize" title="#opt-http-services-service-name-mirroring-maxBodySize">`http.services.<service_name>.mirroring.maxBodySize`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `1048576` |
| <a id="opt-http-services-service-name-mirroring-mirrorsn-name" href="#opt-http-services-service-name-mirroring-mirrorsn-name" title="#opt-http-services-service-name-mirroring-mirrorsn-name">`http.services.<service_name>.mirroring.mirrors[n].name`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `app-shadow` |
| <a id="opt-http-services-service-name-mirroring-mirrorsn-percent" href="#opt-http-services-service-name-mirroring-mirrorsn-percent" title="#opt-http-services-service-name-mirroring-mirrorsn-percent">`http.services.<service_name>.mirroring.mirrors[n].percent`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `10` |
| <a id="opt-http-services-service-name-mirroring-healthCheck" href="#opt-http-services-service-name-mirroring-healthCheck" title="#opt-http-services-service-name-mirroring-healthCheck">`http.services.<service_name>.mirroring.healthCheck`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `{}` |
| <a id="opt-http-services-service-name-failover-service" href="#opt-http-services-service-name-failover-service" title="#opt-http-services-service-name-failover-service">`http.services.<service_name>.failover.service`</a> | See [failover](../http/load-balancing/service.md#failover) for more information. | `app-main` |
| <a id="opt-http-services-service-name-failover-fallback" href="#opt-http-services-service-name-failover-fallback" title="#opt-http-services-service-name-failover-fallback">`http.services.<service_name>.failover.fallback`</a> | See [failover](../http/load-balancing/service.md#failover) for more information. | `app-backup` |
| <a id="opt-http-services-service-name-failover-healthCheck" href="#opt-http-services-service-name-failover-healthCheck" title="#opt-http-services-service-name-failover-healthCheck">`http.services.<service_name>.failover.healthCheck`</a> | See [failover](../http/load-balancing/service.md#failover) for more information. | `{}` |
| <a id="opt-http-services-service-name-failover-errors-maxRequestBodyBytes" href="#opt-http-services-service-name-failover-errors-maxRequestBodyBytes" title="#opt-http-services-service-name-failover-errors-maxRequestBodyBytes">`http.services.<service_name>.failover.errors.maxRequestBodyBytes`</a> | See [failover errors](../http/load-balancing/service.md#errors) for more information. | `1048576` |
| <a id="opt-http-services-service-name-failover-errors-statusn" href="#opt-http-services-service-name-failover-errors-statusn" title="#opt-http-services-service-name-failover-errors-statusn">`http.services.<service_name>.failover.errors.status[n]`</a> | See [failover errors](../http/load-balancing/service.md#errors) for more information. | `500-599` |
| <a id="opt-http-services-service-name-middlewaresn" href="#opt-http-services-service-name-middlewaresn" title="#opt-http-services-service-name-middlewaresn">`http.services.<service_name>.middlewares[n]`</a> | Adds middlewares to the service. | `service-ratelimit` |
#### Middlewares
Define HTTP middlewares under `http.middlewares.<middleware_name>`.
For example, to declare an [`AddPrefix`](../http/middlewares/addprefix.md) middleware named `add-api`, set `http.middlewares.add-api.addPrefix.prefix=/api`.
More information about available middlewares can be found in the dedicated [middlewares section](../http/middlewares/overview.md).
!!! warning "The character `@` is not authorized in the middleware name `<middleware_name>`."
!!! warning "Conflicts in Declaration"
If you declare multiple middlewares with the same name but different parameters, the middleware fails to be declared.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-middlewares-middleware-name-middleware-type-middleware-option" href="#opt-http-middlewares-middleware-name-middleware-type-middleware-option" title="#opt-http-middlewares-middleware-name-middleware-type-middleware-option">`http.middlewares.<middleware_name>.<middleware_type>.<middleware_option>`</a> | With `middleware_type` the middleware type, such as `addPrefix` or `headers`, and `middleware_option` the option to set. | `prefix: /api` |
#### ServersTransports
Define HTTP ServersTransports under `http.serversTransports.<servers_transport_name>`.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-serversTransports-servers-transport-name" href="#opt-http-serversTransports-servers-transport-name" title="#opt-http-serversTransports-servers-transport-name">`http.serversTransports.<servers_transport_name>.*`</a> | See [ServersTransport](../http/load-balancing/serverstransport.md) for more information. | `serverName: example.org` |
### TCP
You can declare TCP routers, services, middlewares, and ServersTransports with the file provider.
#### TCP Routers
Define TCP routers under `tcp.routers.<router_name>`.
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-routers-router-name-entryPointsn" href="#opt-tcp-routers-router-name-entryPointsn" title="#opt-tcp-routers-router-name-entryPointsn">`tcp.routers.<router_name>.entryPoints[n]`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `websecure` |
| <a id="opt-tcp-routers-router-name-rule" href="#opt-tcp-routers-router-name-rule" title="#opt-tcp-routers-router-name-rule">`tcp.routers.<router_name>.rule`</a> | See [rule](../tcp/routing/rules-and-priority.md#rules) for more information. | ```HostSNI(`example.com`)``` |
| <a id="opt-tcp-routers-router-name-ruleSyntax" href="#opt-tcp-routers-router-name-ruleSyntax" title="#opt-tcp-routers-router-name-ruleSyntax">`tcp.routers.<router_name>.ruleSyntax`</a> | Configures the rule syntax to use for parsing the rule on a per-router basis.<br/>RuleSyntax is deprecated and will be removed in the next major version. | `v3` |
| <a id="opt-tcp-routers-router-name-middlewaresn" href="#opt-tcp-routers-router-name-middlewaresn" title="#opt-tcp-routers-router-name-middlewaresn">`tcp.routers.<router_name>.middlewares[n]`</a> | See [TCP middlewares overview](../tcp/middlewares/overview.md) for more information. | `ip-allowlist` |
| <a id="opt-tcp-routers-router-name-service" href="#opt-tcp-routers-router-name-service" title="#opt-tcp-routers-router-name-service">`tcp.routers.<router_name>.service`</a> | See [service](../tcp/service.md) for more information. | `tcp-app` |
| <a id="opt-tcp-routers-router-name-tls" href="#opt-tcp-routers-router-name-tls" title="#opt-tcp-routers-router-name-tls">`tcp.routers.<router_name>.tls`</a> | See [TLS](../tcp/tls.md) for more information. | `{}` |
| <a id="opt-tcp-routers-router-name-tls-certResolver" href="#opt-tcp-routers-router-name-tls-certResolver" title="#opt-tcp-routers-router-name-tls-certResolver">`tcp.routers.<router_name>.tls.certResolver`</a> | See [certResolver](../tcp/tls.md#configuration-options) for more information. | `myresolver` |
| <a id="opt-tcp-routers-router-name-tls-domainsn-main" href="#opt-tcp-routers-router-name-tls-domainsn-main" title="#opt-tcp-routers-router-name-tls-domainsn-main">`tcp.routers.<router_name>.tls.domains[n].main`</a> | See [TLS](../tcp/tls.md) for more information. | `example.org` |
| <a id="opt-tcp-routers-router-name-tls-domainsn-sansn" href="#opt-tcp-routers-router-name-tls-domainsn-sansn" title="#opt-tcp-routers-router-name-tls-domainsn-sansn">`tcp.routers.<router_name>.tls.domains[n].sans[n]`</a> | See [TLS](../tcp/tls.md) for more information. | `www.example.org` |
| <a id="opt-tcp-routers-router-name-tls-options" href="#opt-tcp-routers-router-name-tls-options" title="#opt-tcp-routers-router-name-tls-options">`tcp.routers.<router_name>.tls.options`</a> | See [TLS](../tcp/tls.md) for more information. | `modern` |
| <a id="opt-tcp-routers-router-name-tls-passthrough" href="#opt-tcp-routers-router-name-tls-passthrough" title="#opt-tcp-routers-router-name-tls-passthrough">`tcp.routers.<router_name>.tls.passthrough`</a> | See [Passthrough](../tcp/tls.md#opt-passthrough) for more information. | `true` |
| <a id="opt-tcp-routers-router-name-priority" href="#opt-tcp-routers-router-name-priority" title="#opt-tcp-routers-router-name-priority">`tcp.routers.<router_name>.priority`</a> | See [priority](../tcp/routing/rules-and-priority.md#priority-calculation) for more information. | `42` |
#### TCP Services
Define TCP services under `tcp.services.<service_name>`.
!!! warning "The character `@` is not authorized in the service name `<service_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-services-service-name-loadBalancer-serversn-address" href="#opt-tcp-services-service-name-loadBalancer-serversn-address" title="#opt-tcp-services-service-name-loadBalancer-serversn-address">`tcp.services.<service_name>.loadBalancer.servers[n].address`</a> | See [servers load balancer](../tcp/service.md#servers-load-balancer) for more information. | `127.0.0.1:9000` |
| <a id="opt-tcp-services-service-name-loadBalancer-serversn-tls" href="#opt-tcp-services-service-name-loadBalancer-serversn-tls" title="#opt-tcp-services-service-name-loadBalancer-serversn-tls">`tcp.services.<service_name>.loadBalancer.servers[n].tls`</a> | Determines whether to use TLS when dialing the backend server. | `true` |
| <a id="opt-tcp-services-service-name-loadBalancer-serversTransport" href="#opt-tcp-services-service-name-loadBalancer-serversTransport" title="#opt-tcp-services-service-name-loadBalancer-serversTransport">`tcp.services.<service_name>.loadBalancer.serversTransport`</a> | See [TCP ServersTransport](../tcp/serverstransport.md) for more information. | `secure-tcp` |
| <a id="opt-tcp-services-service-name-loadBalancer-proxyProtocol-version" href="#opt-tcp-services-service-name-loadBalancer-proxyProtocol-version" title="#opt-tcp-services-service-name-loadBalancer-proxyProtocol-version">`tcp.services.<service_name>.loadBalancer.proxyProtocol.version`</a> | Enables Proxy Protocol for backend connections. | `2` |
| <a id="opt-tcp-services-service-name-loadBalancer-terminationDelay" href="#opt-tcp-services-service-name-loadBalancer-terminationDelay" title="#opt-tcp-services-service-name-loadBalancer-terminationDelay">`tcp.services.<service_name>.loadBalancer.terminationDelay`</a> | Defines the delay before terminating connections. | `100` |
| <a id="opt-tcp-services-service-name-loadBalancer-healthCheck" href="#opt-tcp-services-service-name-loadBalancer-healthCheck" title="#opt-tcp-services-service-name-loadBalancer-healthCheck">`tcp.services.<service_name>.loadBalancer.healthCheck.*`</a> | See [TCP service health check](../tcp/service.md#health-check) for more information. | `interval: 10s` |
| <a id="opt-tcp-services-service-name-weighted-servicesn-name" href="#opt-tcp-services-service-name-weighted-servicesn-name" title="#opt-tcp-services-service-name-weighted-servicesn-name">`tcp.services.<service_name>.weighted.services[n].name`</a> | See [weighted round robin](../tcp/service.md#weighted-round-robin) for more information. | `tcp-v1` |
| <a id="opt-tcp-services-service-name-weighted-servicesn-weight" href="#opt-tcp-services-service-name-weighted-servicesn-weight" title="#opt-tcp-services-service-name-weighted-servicesn-weight">`tcp.services.<service_name>.weighted.services[n].weight`</a> | See [weighted round robin](../tcp/service.md#weighted-round-robin) for more information. | `3` |
| <a id="opt-tcp-services-service-name-weighted-healthCheck" href="#opt-tcp-services-service-name-weighted-healthCheck" title="#opt-tcp-services-service-name-weighted-healthCheck">`tcp.services.<service_name>.weighted.healthCheck`</a> | See [weighted round robin](../tcp/service.md#weighted-round-robin) for more information. | `{}` |
#### TCP Middlewares
Define TCP middlewares under `tcp.middlewares.<middleware_name>`.
For example, to declare an [`InFlightConn`](../tcp/middlewares/inflightconn.md) middleware named `limit`, set `tcp.middlewares.limit.inFlightConn.amount=10`.
More information about available middlewares is available in the dedicated [TCP middlewares section](../tcp/middlewares/overview.md).
!!! warning "The character `@` is not authorized in the middleware name `<middleware_name>`."
!!! warning "Conflicts in Declaration"
If you declare multiple middlewares with the same name but different parameters, the middleware fails to be declared.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-middlewares-middleware-name-middleware-type-middleware-option" href="#opt-tcp-middlewares-middleware-name-middleware-type-middleware-option" title="#opt-tcp-middlewares-middleware-name-middleware-type-middleware-option">`tcp.middlewares.<middleware_name>.<middleware_type>.<middleware_option>`</a> | With `middleware_type` the middleware type, such as `inFlightConn`, and `middleware_option` the option to set. | `amount: 10` |
#### TCP ServersTransports
Define TCP ServersTransports under `tcp.serversTransports.<servers_transport_name>`.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-serversTransports-servers-transport-name" href="#opt-tcp-serversTransports-servers-transport-name" title="#opt-tcp-serversTransports-servers-transport-name">`tcp.serversTransports.<servers_transport_name>.*`</a> | See [TCP ServersTransport](../tcp/serverstransport.md) for more information. | `dialTimeout: 30s` |
### UDP
You can declare UDP routers and services with the file provider.
#### UDP Routers
Define UDP routers under `udp.routers.<router_name>`.
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-udp-routers-router-name-entryPointsn" href="#opt-udp-routers-router-name-entryPointsn" title="#opt-udp-routers-router-name-entryPointsn">`udp.routers.<router_name>.entryPoints[n]`</a> | See [UDP router entrypoints](../udp/routing/rules-priority.md#entrypoints) for more information. | `dns` |
| <a id="opt-udp-routers-router-name-service" href="#opt-udp-routers-router-name-service" title="#opt-udp-routers-router-name-service">`udp.routers.<router_name>.service`</a> | See [UDP router configuration](../udp/routing/rules-priority.md#configuration-example) for more information. | `dns-service` |
#### UDP Services
Define UDP services under `udp.services.<service_name>`.
!!! warning "The character `@` is not authorized in the service name `<service_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-udp-services-service-name-loadBalancer-serversn-address" href="#opt-udp-services-service-name-loadBalancer-serversn-address" title="#opt-udp-services-service-name-loadBalancer-serversn-address">`udp.services.<service_name>.loadBalancer.servers[n].address`</a> | See [UDP service](../udp/service.md) for more information. | `127.0.0.1:5353` |
| <a id="opt-udp-services-service-name-weighted-servicesn-name" href="#opt-udp-services-service-name-weighted-servicesn-name" title="#opt-udp-services-service-name-weighted-servicesn-name">`udp.services.<service_name>.weighted.services[n].name`</a> | See [UDP service](../udp/service.md) for more information. | `dns-v1` |
| <a id="opt-udp-services-service-name-weighted-servicesn-weight" href="#opt-udp-services-service-name-weighted-servicesn-weight" title="#opt-udp-services-service-name-weighted-servicesn-weight">`udp.services.<service_name>.weighted.services[n].weight`</a> | See [UDP service](../udp/service.md) for more information. | `3` |
### TLS
You can declare TLS certificates, options, and stores with the file provider.
#### Certificates
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tls-certificatesn-certFile" href="#opt-tls-certificatesn-certFile" title="#opt-tls-certificatesn-certFile">`tls.certificates[n].certFile`</a> | See [TLS certificates](../http/tls/tls-certificates.md) for more information. | `/certs/example.crt` |
| <a id="opt-tls-certificatesn-keyFile" href="#opt-tls-certificatesn-keyFile" title="#opt-tls-certificatesn-keyFile">`tls.certificates[n].keyFile`</a> | See [TLS certificates](../http/tls/tls-certificates.md) for more information. | `/certs/example.key` |
| <a id="opt-tls-certificatesn-storesn" href="#opt-tls-certificatesn-storesn" title="#opt-tls-certificatesn-storesn">`tls.certificates[n].stores[n]`</a> | See [certificate stores](../http/tls/tls-certificates.md#certificates-stores) for more information. | `default` |
#### TLS Options
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tls-options-options-name-minVersion" href="#opt-tls-options-options-name-minVersion" title="#opt-tls-options-options-name-minVersion">`tls.options.<options_name>.minVersion`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `VersionTLS12` |
| <a id="opt-tls-options-options-name-maxVersion" href="#opt-tls-options-options-name-maxVersion" title="#opt-tls-options-options-name-maxVersion">`tls.options.<options_name>.maxVersion`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `VersionTLS13` |
| <a id="opt-tls-options-options-name-cipherSuitesn" href="#opt-tls-options-options-name-cipherSuitesn" title="#opt-tls-options-options-name-cipherSuitesn">`tls.options.<options_name>.cipherSuites[n]`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` |
| <a id="opt-tls-options-options-name-curvePreferencesn" href="#opt-tls-options-options-name-curvePreferencesn" title="#opt-tls-options-options-name-curvePreferencesn">`tls.options.<options_name>.curvePreferences[n]`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `CurveP256` |
| <a id="opt-tls-options-options-name-clientAuth-caFilesn" href="#opt-tls-options-options-name-clientAuth-caFilesn" title="#opt-tls-options-options-name-clientAuth-caFilesn">`tls.options.<options_name>.clientAuth.caFiles[n]`</a> | See [client authentication](../http/tls/tls-options.md#client-authentication-mtls) for more information. | `/certs/client-ca.crt` |
| <a id="opt-tls-options-options-name-clientAuth-clientAuthType" href="#opt-tls-options-options-name-clientAuth-clientAuthType" title="#opt-tls-options-options-name-clientAuth-clientAuthType">`tls.options.<options_name>.clientAuth.clientAuthType`</a> | See [client authentication](../http/tls/tls-options.md#client-authentication-mtls) for more information. | `RequireAndVerifyClientCert` |
| <a id="opt-tls-options-options-name-sniStrict" href="#opt-tls-options-options-name-sniStrict" title="#opt-tls-options-options-name-sniStrict">`tls.options.<options_name>.sniStrict`</a> | See [strict SNI checking](../http/tls/tls-options.md#strict-sni-checking) for more information. | `true` |
| <a id="opt-tls-options-options-name-alpnProtocolsn" href="#opt-tls-options-options-name-alpnProtocolsn" title="#opt-tls-options-options-name-alpnProtocolsn">`tls.options.<options_name>.alpnProtocols[n]`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `h2` |
| <a id="opt-tls-options-options-name-disableSessionTickets" href="#opt-tls-options-options-name-disableSessionTickets" title="#opt-tls-options-options-name-disableSessionTickets">`tls.options.<options_name>.disableSessionTickets`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `true` |
| <a id="opt-tls-options-options-name-preferServerCipherSuites" href="#opt-tls-options-options-name-preferServerCipherSuites" title="#opt-tls-options-options-name-preferServerCipherSuites">`tls.options.<options_name>.preferServerCipherSuites`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `true` |
#### TLS Stores
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tls-stores-store-name-defaultCertificate-certFile" href="#opt-tls-stores-store-name-defaultCertificate-certFile" title="#opt-tls-stores-store-name-defaultCertificate-certFile">`tls.stores.<store_name>.defaultCertificate.certFile`</a> | See [default certificate](../http/tls/tls-certificates.md#default-certificate) for more information. | `/certs/default.crt` |
| <a id="opt-tls-stores-store-name-defaultCertificate-keyFile" href="#opt-tls-stores-store-name-defaultCertificate-keyFile" title="#opt-tls-stores-store-name-defaultCertificate-keyFile">`tls.stores.<store_name>.defaultCertificate.keyFile`</a> | See [default certificate](../http/tls/tls-certificates.md#default-certificate) for more information. | `/certs/default.key` |
| <a id="opt-tls-stores-store-name-defaultGeneratedCert-resolver" href="#opt-tls-stores-store-name-defaultGeneratedCert-resolver" title="#opt-tls-stores-store-name-defaultGeneratedCert-resolver">`tls.stores.<store_name>.defaultGeneratedCert.resolver`</a> | See [ACME default certificate](../http/tls/tls-certificates.md#acme-default-certificate) for more information. | `myresolver` |
| <a id="opt-tls-stores-store-name-defaultGeneratedCert-domain-main" href="#opt-tls-stores-store-name-defaultGeneratedCert-domain-main" title="#opt-tls-stores-store-name-defaultGeneratedCert-domain-main">`tls.stores.<store_name>.defaultGeneratedCert.domain.main`</a> | See [ACME default certificate](../http/tls/tls-certificates.md#acme-default-certificate) for more information. | `example.org` |
| <a id="opt-tls-stores-store-name-defaultGeneratedCert-domain-sansn" href="#opt-tls-stores-store-name-defaultGeneratedCert-domain-sansn" title="#opt-tls-stores-store-name-defaultGeneratedCert-domain-sansn">`tls.stores.<store_name>.defaultGeneratedCert.domain.sans[n]`</a> | See [ACME default certificate](../http/tls/tls-certificates.md#acme-default-certificate) for more information. | `www.example.org` |
## Go Templating
@@ -69,7 +497,7 @@ To illustrate, it is possible to easily define multiple routers, services, and T
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
stores:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
@@ -101,7 +529,7 @@ To illustrate, it is possible to easily define multiple routers, services, and T
[tcp.services]
{{ range $i, $e := until 100 }}
[http.services.service{{ $e }}]
[tcp.services.service{{ $e }}]
# ...
{{ end }}
@@ -112,9 +540,9 @@ To illustrate, it is possible to easily define multiple routers, services, and T
stores = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
{{ end }}
[tls.config]
[tls.options]
{{ range $i, $e := until 10 }}
[tls.config.TLS{{ $e }}]
[tls.options.TLS{{ $e }}]
# ...
{{ end }}
```
docs/content/reference/routing-configuration/other-providers/file.toml
-667
View File
@@ -1,667 +0,0 @@
## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
[http]
[http.routers]
[http.routers.Router0]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
parentRefs = ["foobar", "foobar"]
ruleSyntax = "foobar"
priority = 42
[http.routers.Router0.tls]
options = "foobar"
certResolver = "foobar"
[[http.routers.Router0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[http.routers.Router0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[http.routers.Router0.observability]
accessLogs = true
metrics = true
tracing = true
traceVerbosity = "foobar"
[http.routers.Router1]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
parentRefs = ["foobar", "foobar"]
ruleSyntax = "foobar"
priority = 42
[http.routers.Router1.tls]
options = "foobar"
certResolver = "foobar"
[[http.routers.Router1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[http.routers.Router1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[http.routers.Router1.observability]
accessLogs = true
metrics = true
tracing = true
traceVerbosity = "foobar"
[http.services]
[http.services.Service01]
[http.services.Service01.failover]
service = "foobar"
fallback = "foobar"
[http.services.Service01.failover.healthCheck]
[http.services.Service01.failover.errors]
maxRequestBodyBytes = 42
status = ["foobar", "foobar"]
[http.services.Service02]
[http.services.Service02.highestRandomWeight]
[[http.services.Service02.highestRandomWeight.services]]
name = "foobar"
weight = 42
[[http.services.Service02.highestRandomWeight.services]]
name = "foobar"
weight = 42
[http.services.Service02.highestRandomWeight.healthCheck]
[http.services.Service03]
[http.services.Service03.loadBalancer]
strategy = "foobar"
passHostHeader = true
serversTransport = "foobar"
[http.services.Service03.loadBalancer.sticky]
[http.services.Service03.loadBalancer.sticky.cookie]
name = "foobar"
secure = true
httpOnly = true
sameSite = "foobar"
maxAge = 42
path = "foobar"
domain = "foobar"
[[http.services.Service03.loadBalancer.servers]]
url = "foobar"
weight = 42
preservePath = true
[[http.services.Service03.loadBalancer.servers]]
url = "foobar"
weight = 42
preservePath = true
[http.services.Service03.loadBalancer.healthCheck]
scheme = "foobar"
mode = "foobar"
path = "foobar"
method = "foobar"
status = 42
port = 42
interval = "42s"
unhealthyInterval = "42s"
timeout = "42s"
hostname = "foobar"
followRedirects = true
[http.services.Service03.loadBalancer.healthCheck.headers]
name0 = "foobar"
name1 = "foobar"
[http.services.Service03.loadBalancer.passiveHealthCheck]
failureWindow = "42s"
maxFailedAttempts = 42
[http.services.Service03.loadBalancer.responseForwarding]
flushInterval = "42s"
[http.services.Service04]
middlewares = ["foobar", "foobar"]
[http.services.Service05]
[http.services.Service05.mirroring]
service = "foobar"
mirrorBody = true
maxBodySize = 42
[[http.services.Service05.mirroring.mirrors]]
name = "foobar"
percent = 42
[[http.services.Service05.mirroring.mirrors]]
name = "foobar"
percent = 42
[http.services.Service05.mirroring.healthCheck]
[http.services.Service06]
[http.services.Service06.weighted]
[[http.services.Service06.weighted.services]]
name = "foobar"
weight = 42
[[http.services.Service06.weighted.services]]
name = "foobar"
weight = 42
[http.services.Service06.weighted.sticky]
[http.services.Service06.weighted.sticky.cookie]
name = "foobar"
secure = true
httpOnly = true
sameSite = "foobar"
maxAge = 42
path = "foobar"
domain = "foobar"
[http.services.Service06.weighted.healthCheck]
[http.middlewares]
[http.middlewares.Middleware01]
[http.middlewares.Middleware01.addPrefix]
prefix = "foobar"
[http.middlewares.Middleware02]
[http.middlewares.Middleware02.basicAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
realm = "foobar"
removeHeader = true
headerField = "foobar"
[http.middlewares.Middleware03]
[http.middlewares.Middleware03.buffering]
maxRequestBodyBytes = 42
memRequestBodyBytes = 42
maxResponseBodyBytes = 42
memResponseBodyBytes = 42
retryExpression = "foobar"
[http.middlewares.Middleware04]
[http.middlewares.Middleware04.chain]
middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware05]
[http.middlewares.Middleware05.circuitBreaker]
expression = "foobar"
checkPeriod = "42s"
fallbackDuration = "42s"
recoveryDuration = "42s"
responseCode = 42
[http.middlewares.Middleware06]
[http.middlewares.Middleware06.compress]
excludedContentTypes = ["foobar", "foobar"]
includedContentTypes = ["foobar", "foobar"]
minResponseBodyBytes = 42
encodings = ["foobar", "foobar"]
defaultEncoding = "foobar"
[http.middlewares.Middleware07]
[http.middlewares.Middleware07.contentType]
autoDetect = true
[http.middlewares.Middleware08]
[http.middlewares.Middleware08.digestAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
removeHeader = true
realm = "foobar"
headerField = "foobar"
[http.middlewares.Middleware09]
[http.middlewares.Middleware09.encodedCharacters]
allowEncodedSlash = true
allowEncodedBackSlash = true
allowEncodedNullCharacter = true
allowEncodedSemicolon = true
allowEncodedPercent = true
allowEncodedQuestionMark = true
allowEncodedHash = true
[http.middlewares.Middleware10]
[http.middlewares.Middleware10.errors]
status = ["foobar", "foobar"]
service = "foobar"
query = "foobar"
errorRequestHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware10.errors.statusRewrites]
name0 = 42
name1 = 42
[http.middlewares.Middleware11]
[http.middlewares.Middleware11.forwardAuth]
address = "foobar"
trustForwardHeader = true
authResponseHeaders = ["foobar", "foobar"]
authResponseHeadersRegex = "foobar"
authRequestHeaders = ["foobar", "foobar"]
maxResponseBodySize = 42
addAuthCookiesToResponse = ["foobar", "foobar"]
headerField = "foobar"
forwardBody = true
maxBodySize = 42
preserveLocationHeader = true
preserveRequestMethod = true
authSigninURL = "foobar"
[http.middlewares.Middleware11.forwardAuth.tls]
ca = "foobar"
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
caOptional = true
[http.middlewares.Middleware12]
[http.middlewares.Middleware12.grpcWeb]
allowOrigins = ["foobar", "foobar"]
[http.middlewares.Middleware13]
[http.middlewares.Middleware13.headers]
accessControlAllowCredentials = true
accessControlAllowHeaders = ["foobar", "foobar"]
accessControlAllowMethods = ["foobar", "foobar"]
accessControlAllowOriginList = ["foobar", "foobar"]
accessControlAllowOriginListRegex = ["foobar", "foobar"]
accessControlExposeHeaders = ["foobar", "foobar"]
accessControlMaxAge = 42
addVaryHeader = true
allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"]
stsSeconds = 42
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
frameDeny = true
customFrameOptionsValue = "foobar"
contentTypeNosniff = true
browserXssFilter = true
customBrowserXSSValue = "foobar"
contentSecurityPolicy = "foobar"
contentSecurityPolicyReportOnly = "foobar"
publicKey = "foobar"
referrerPolicy = "foobar"
permissionsPolicy = "foobar"
isDevelopment = true
featurePolicy = "foobar"
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
[http.middlewares.Middleware13.headers.customRequestHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware13.headers.customResponseHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware13.headers.sslProxyHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.ipAllowList]
sourceRange = ["foobar", "foobar"]
rejectStatusCode = 42
[http.middlewares.Middleware14.ipAllowList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware15.ipWhiteList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.inFlightReq]
amount = 42
[http.middlewares.Middleware16.inFlightReq.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware16.inFlightReq.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.passTLSClientCert]
pem = true
[http.middlewares.Middleware17.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
serialNumber = true
[http.middlewares.Middleware17.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
organizationalUnit = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware17.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware18]
[http.middlewares.Middleware18.plugin]
[http.middlewares.Middleware18.plugin.PluginConf0]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware18.plugin.PluginConf1]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.rateLimit]
average = 42
period = "42s"
burst = 42
[http.middlewares.Middleware19.rateLimit.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware19.rateLimit.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware19.rateLimit.redis]
endpoints = ["foobar", "foobar"]
username = "foobar"
password = "foobar"
db = 42
poolSize = 42
minIdleConns = 42
maxActiveConns = 42
readTimeout = "42s"
writeTimeout = "42s"
dialTimeout = "42s"
[http.middlewares.Middleware19.rateLimit.redis.tls]
ca = "foobar"
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[http.middlewares.Middleware20]
[http.middlewares.Middleware20.redirectRegex]
regex = "foobar"
replacement = "foobar"
permanent = true
[http.middlewares.Middleware21]
[http.middlewares.Middleware21.redirectScheme]
scheme = "foobar"
port = "foobar"
permanent = true
[http.middlewares.Middleware22]
[http.middlewares.Middleware22.replacePath]
path = "foobar"
[http.middlewares.Middleware23]
[http.middlewares.Middleware23.replacePathRegex]
regex = "foobar"
replacement = "foobar"
[http.middlewares.Middleware24]
[http.middlewares.Middleware24.retry]
attempts = 42
timeout = "42s"
initialInterval = "42s"
maxRequestBodyBytes = 42
status = ["foobar", "foobar"]
disableRetryOnNetworkError = true
retryNonIdempotentMethod = true
[http.middlewares.Middleware25]
[http.middlewares.Middleware25.stripPrefix]
prefixes = ["foobar", "foobar"]
forceSlash = true
[http.middlewares.Middleware26]
[http.middlewares.Middleware26.stripPrefixRegex]
regex = ["foobar", "foobar"]
[http.serversTransports]
[http.serversTransports.ServersTransport0]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
cipherSuites = ["foobar", "foobar"]
minVersion = "foobar"
maxVersion = "foobar"
maxIdleConnsPerHost = 42
disableHTTP2 = true
peerCertURI = "foobar"
[[http.serversTransports.ServersTransport0.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[http.serversTransports.ServersTransport0.certificates]]
certFile = "foobar"
keyFile = "foobar"
[http.serversTransports.ServersTransport0.forwardingTimeouts]
dialTimeout = "42s"
responseHeaderTimeout = "42s"
idleConnTimeout = "42s"
readIdleTimeout = "42s"
pingTimeout = "42s"
[http.serversTransports.ServersTransport0.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[http.serversTransports.ServersTransport1]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
cipherSuites = ["foobar", "foobar"]
minVersion = "foobar"
maxVersion = "foobar"
maxIdleConnsPerHost = 42
disableHTTP2 = true
peerCertURI = "foobar"
[[http.serversTransports.ServersTransport1.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[http.serversTransports.ServersTransport1.certificates]]
certFile = "foobar"
keyFile = "foobar"
[http.serversTransports.ServersTransport1.forwardingTimeouts]
dialTimeout = "42s"
responseHeaderTimeout = "42s"
idleConnTimeout = "42s"
readIdleTimeout = "42s"
pingTimeout = "42s"
[http.serversTransports.ServersTransport1.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[tcp]
[tcp.routers]
[tcp.routers.TCPRouter0]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
ruleSyntax = "foobar"
priority = 42
[tcp.routers.TCPRouter0.tls]
passthrough = true
options = "foobar"
certResolver = "foobar"
[[tcp.routers.TCPRouter0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[tcp.routers.TCPRouter0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[tcp.routers.TCPRouter1]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
ruleSyntax = "foobar"
priority = 42
[tcp.routers.TCPRouter1.tls]
passthrough = true
options = "foobar"
certResolver = "foobar"
[[tcp.routers.TCPRouter1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[tcp.routers.TCPRouter1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[tcp.services]
[tcp.services.TCPService01]
[tcp.services.TCPService01.loadBalancer]
serversTransport = "foobar"
terminationDelay = 42
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[tcp.services.TCPService01.loadBalancer.proxyProtocol]
version = 42
[tcp.services.TCPService01.loadBalancer.healthCheck]
port = 42
send = "foobar"
expect = "foobar"
interval = "42s"
unhealthyInterval = "42s"
timeout = "42s"
[tcp.services.TCPService02]
[tcp.services.TCPService02.weighted]
[[tcp.services.TCPService02.weighted.services]]
name = "foobar"
weight = 42
[[tcp.services.TCPService02.weighted.services]]
name = "foobar"
weight = 42
[tcp.services.TCPService02.weighted.healthCheck]
[tcp.middlewares]
[tcp.middlewares.TCPMiddleware01]
[tcp.middlewares.TCPMiddleware01.ipAllowList]
sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware02]
[tcp.middlewares.TCPMiddleware02.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware03]
[tcp.middlewares.TCPMiddleware03.inFlightConn]
amount = 42
[tcp.serversTransports]
[tcp.serversTransports.TCPServersTransport0]
dialKeepAlive = "42s"
dialTimeout = "42s"
terminationDelay = "42s"
[tcp.serversTransports.TCPServersTransport0.proxyProtocol]
version = 42
[tcp.serversTransports.TCPServersTransport0.tls]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
peerCertURI = "foobar"
[[tcp.serversTransports.TCPServersTransport0.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[tcp.serversTransports.TCPServersTransport0.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[tcp.serversTransports.TCPServersTransport0.tls.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[tcp.serversTransports.TCPServersTransport1]
dialKeepAlive = "42s"
dialTimeout = "42s"
terminationDelay = "42s"
[tcp.serversTransports.TCPServersTransport1.proxyProtocol]
version = 42
[tcp.serversTransports.TCPServersTransport1.tls]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
peerCertURI = "foobar"
[[tcp.serversTransports.TCPServersTransport1.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[tcp.serversTransports.TCPServersTransport1.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[tcp.serversTransports.TCPServersTransport1.tls.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[udp]
[udp.routers]
[udp.routers.UDPRouter0]
entryPoints = ["foobar", "foobar"]
service = "foobar"
[udp.routers.UDPRouter1]
entryPoints = ["foobar", "foobar"]
service = "foobar"
[udp.services]
[udp.services.UDPService01]
[udp.services.UDPService01.loadBalancer]
[[udp.services.UDPService01.loadBalancer.servers]]
address = "foobar"
[[udp.services.UDPService01.loadBalancer.servers]]
address = "foobar"
[udp.services.UDPService02]
[udp.services.UDPService02.weighted]
[[udp.services.UDPService02.weighted.services]]
name = "foobar"
weight = 42
[[udp.services.UDPService02.weighted.services]]
name = "foobar"
weight = 42
[tls]
[[tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
stores = ["foobar", "foobar"]
[[tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
stores = ["foobar", "foobar"]
[tls.options]
[tls.options.Options0]
minVersion = "foobar"
maxVersion = "foobar"
cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"]
sniStrict = true
alpnProtocols = ["foobar", "foobar"]
disableSessionTickets = true
preferServerCipherSuites = true
[tls.options.Options0.clientAuth]
caFiles = ["foobar", "foobar"]
clientAuthType = "foobar"
[tls.options.Options1]
minVersion = "foobar"
maxVersion = "foobar"
cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"]
sniStrict = true
alpnProtocols = ["foobar", "foobar"]
disableSessionTickets = true
preferServerCipherSuites = true
[tls.options.Options1.clientAuth]
caFiles = ["foobar", "foobar"]
clientAuthType = "foobar"
[tls.stores]
[tls.stores.Store0]
[tls.stores.Store0.defaultCertificate]
certFile = "foobar"
keyFile = "foobar"
[tls.stores.Store0.defaultGeneratedCert]
resolver = "foobar"
[tls.stores.Store0.defaultGeneratedCert.domain]
main = "foobar"
sans = ["foobar", "foobar"]
[tls.stores.Store1]
[tls.stores.Store1.defaultCertificate]
certFile = "foobar"
keyFile = "foobar"
[tls.stores.Store1.defaultGeneratedCert]
resolver = "foobar"
[tls.stores.Store1.defaultGeneratedCert.domain]
main = "foobar"
sans = ["foobar", "foobar"]
docs/content/reference/routing-configuration/other-providers/file.yaml
-763
View File
@@ -1,763 +0,0 @@
## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
http:
routers:
Router0:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
parentRefs:
- foobar
- foobar
ruleSyntax: foobar
priority: 42
tls:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
observability:
accessLogs: true
metrics: true
tracing: true
traceVerbosity: foobar
Router1:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
parentRefs:
- foobar
- foobar
ruleSyntax: foobar
priority: 42
tls:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
observability:
accessLogs: true
metrics: true
tracing: true
traceVerbosity: foobar
services:
Service01:
failover:
service: foobar
fallback: foobar
healthCheck: {}
errors:
maxRequestBodyBytes: 42
status:
- foobar
- foobar
Service02:
highestRandomWeight:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
healthCheck: {}
Service03:
loadBalancer:
sticky:
cookie:
name: foobar
secure: true
httpOnly: true
sameSite: foobar
maxAge: 42
path: foobar
domain: foobar
servers:
- url: foobar
weight: 42
preservePath: true
- url: foobar
weight: 42
preservePath: true
strategy: foobar
healthCheck:
scheme: foobar
mode: foobar
path: foobar
method: foobar
status: 42
port: 42
interval: 42s
unhealthyInterval: 42s
timeout: 42s
hostname: foobar
followRedirects: true
headers:
name0: foobar
name1: foobar
passiveHealthCheck:
failureWindow: 42s
maxFailedAttempts: 42
passHostHeader: true
responseForwarding:
flushInterval: 42s
serversTransport: foobar
Service04:
middlewares:
- foobar
- foobar
Service05:
mirroring:
service: foobar
mirrorBody: true
maxBodySize: 42
mirrors:
- name: foobar
percent: 42
- name: foobar
percent: 42
healthCheck: {}
Service06:
weighted:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
sticky:
cookie:
name: foobar
secure: true
httpOnly: true
sameSite: foobar
maxAge: 42
path: foobar
domain: foobar
healthCheck: {}
middlewares:
Middleware01:
addPrefix:
prefix: foobar
Middleware02:
basicAuth:
users:
- foobar
- foobar
usersFile: foobar
realm: foobar
removeHeader: true
headerField: foobar
Middleware03:
buffering:
maxRequestBodyBytes: 42
memRequestBodyBytes: 42
maxResponseBodyBytes: 42
memResponseBodyBytes: 42
retryExpression: foobar
Middleware04:
chain:
middlewares:
- foobar
- foobar
Middleware05:
circuitBreaker:
expression: foobar
checkPeriod: 42s
fallbackDuration: 42s
recoveryDuration: 42s
responseCode: 42
Middleware06:
compress:
excludedContentTypes:
- foobar
- foobar
includedContentTypes:
- foobar
- foobar
minResponseBodyBytes: 42
encodings:
- foobar
- foobar
defaultEncoding: foobar
Middleware07:
contentType:
autoDetect: true
Middleware08:
digestAuth:
users:
- foobar
- foobar
usersFile: foobar
removeHeader: true
realm: foobar
headerField: foobar
Middleware09:
encodedCharacters:
allowEncodedSlash: true
allowEncodedBackSlash: true
allowEncodedNullCharacter: true
allowEncodedSemicolon: true
allowEncodedPercent: true
allowEncodedQuestionMark: true
allowEncodedHash: true
Middleware10:
errors:
status:
- foobar
- foobar
statusRewrites:
name0: 42
name1: 42
service: foobar
query: foobar
errorRequestHeaders:
- foobar
- foobar
Middleware11:
forwardAuth:
address: foobar
tls:
ca: foobar
cert: foobar
key: foobar
insecureSkipVerify: true
caOptional: true
trustForwardHeader: true
authResponseHeaders:
- foobar
- foobar
authResponseHeadersRegex: foobar
authRequestHeaders:
- foobar
- foobar
maxResponseBodySize: 42
addAuthCookiesToResponse:
- foobar
- foobar
headerField: foobar
forwardBody: true
maxBodySize: 42
preserveLocationHeader: true
preserveRequestMethod: true
authSigninURL: foobar
Middleware12:
grpcWeb:
allowOrigins:
- foobar
- foobar
Middleware13:
headers:
customRequestHeaders:
name0: foobar
name1: foobar
customResponseHeaders:
name0: foobar
name1: foobar
accessControlAllowCredentials: true
accessControlAllowHeaders:
- foobar
- foobar
accessControlAllowMethods:
- foobar
- foobar
accessControlAllowOriginList:
- foobar
- foobar
accessControlAllowOriginListRegex:
- foobar
- foobar
accessControlExposeHeaders:
- foobar
- foobar
accessControlMaxAge: 42
addVaryHeader: true
allowedHosts:
- foobar
- foobar
hostsProxyHeaders:
- foobar
- foobar
sslProxyHeaders:
name0: foobar
name1: foobar
stsSeconds: 42
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
frameDeny: true
customFrameOptionsValue: foobar
contentTypeNosniff: true
browserXssFilter: true
customBrowserXSSValue: foobar
contentSecurityPolicy: foobar
contentSecurityPolicyReportOnly: foobar
publicKey: foobar
referrerPolicy: foobar
permissionsPolicy: foobar
isDevelopment: true
featurePolicy: foobar
sslRedirect: true
sslTemporaryRedirect: true
sslHost: foobar
sslForceHost: true
Middleware14:
ipAllowList:
sourceRange:
- foobar
- foobar
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
rejectStatusCode: 42
Middleware15:
ipWhiteList:
sourceRange:
- foobar
- foobar
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
Middleware16:
inFlightReq:
amount: 42
sourceCriterion:
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
requestHeaderName: foobar
requestHost: true
Middleware17:
passTLSClientCert:
pem: true
info:
notAfter: true
notBefore: true
sans: true
serialNumber: true
subject:
country: true
province: true
locality: true
organization: true
organizationalUnit: true
commonName: true
serialNumber: true
domainComponent: true
issuer:
country: true
province: true
locality: true
organization: true
commonName: true
serialNumber: true
domainComponent: true
Middleware18:
plugin:
PluginConf0:
name0: foobar
name1: foobar
PluginConf1:
name0: foobar
name1: foobar
Middleware19:
rateLimit:
average: 42
period: 42s
burst: 42
sourceCriterion:
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
requestHeaderName: foobar
requestHost: true
redis:
endpoints:
- foobar
- foobar
tls:
ca: foobar
cert: foobar
key: foobar
insecureSkipVerify: true
username: foobar
password: foobar
db: 42
poolSize: 42
minIdleConns: 42
maxActiveConns: 42
readTimeout: 42s
writeTimeout: 42s
dialTimeout: 42s
Middleware20:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware21:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware22:
replacePath:
path: foobar
Middleware23:
replacePathRegex:
regex: foobar
replacement: foobar
Middleware24:
retry:
attempts: 42
timeout: 42s
initialInterval: 42s
maxRequestBodyBytes: 42
status:
- foobar
- foobar
disableRetryOnNetworkError: true
retryNonIdempotentMethod: true
Middleware25:
stripPrefix:
prefixes:
- foobar
- foobar
forceSlash: true
Middleware26:
stripPrefixRegex:
regex:
- foobar
- foobar
serversTransports:
ServersTransport0:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
cipherSuites:
- foobar
- foobar
minVersion: foobar
maxVersion: foobar
maxIdleConnsPerHost: 42
forwardingTimeouts:
dialTimeout: 42s
responseHeaderTimeout: 42s
idleConnTimeout: 42s
readIdleTimeout: 42s
pingTimeout: 42s
disableHTTP2: true
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
ServersTransport1:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
cipherSuites:
- foobar
- foobar
minVersion: foobar
maxVersion: foobar
maxIdleConnsPerHost: 42
forwardingTimeouts:
dialTimeout: 42s
responseHeaderTimeout: 42s
idleConnTimeout: 42s
readIdleTimeout: 42s
pingTimeout: 42s
disableHTTP2: true
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
tcp:
routers:
TCPRouter0:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
ruleSyntax: foobar
priority: 42
tls:
passthrough: true
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
TCPRouter1:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
ruleSyntax: foobar
priority: 42
tls:
passthrough: true
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
services:
TCPService01:
loadBalancer:
servers:
- address: foobar
tls: true
- address: foobar
tls: true
serversTransport: foobar
proxyProtocol:
version: 42
terminationDelay: 42
healthCheck:
port: 42
send: foobar
expect: foobar
interval: 42s
unhealthyInterval: 42s
timeout: 42s
TCPService02:
weighted:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
healthCheck: {}
middlewares:
TCPMiddleware01:
ipAllowList:
sourceRange:
- foobar
- foobar
TCPMiddleware02:
ipWhiteList:
sourceRange:
- foobar
- foobar
TCPMiddleware03:
inFlightConn:
amount: 42
serversTransports:
TCPServersTransport0:
dialKeepAlive: 42s
dialTimeout: 42s
proxyProtocol:
version: 42
terminationDelay: 42s
tls:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
TCPServersTransport1:
dialKeepAlive: 42s
dialTimeout: 42s
proxyProtocol:
version: 42
terminationDelay: 42s
tls:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
udp:
routers:
UDPRouter0:
entryPoints:
- foobar
- foobar
service: foobar
UDPRouter1:
entryPoints:
- foobar
- foobar
service: foobar
services:
UDPService01:
loadBalancer:
servers:
- address: foobar
- address: foobar
UDPService02:
weighted:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
tls:
certificates:
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
options:
Options0:
minVersion: foobar
maxVersion: foobar
cipherSuites:
- foobar
- foobar
curvePreferences:
- foobar
- foobar
clientAuth:
caFiles:
- foobar
- foobar
clientAuthType: foobar
sniStrict: true
alpnProtocols:
- foobar
- foobar
disableSessionTickets: true
preferServerCipherSuites: true
Options1:
minVersion: foobar
maxVersion: foobar
cipherSuites:
- foobar
- foobar
curvePreferences:
- foobar
- foobar
clientAuth:
caFiles:
- foobar
- foobar
clientAuthType: foobar
sniStrict: true
alpnProtocols:
- foobar
- foobar
disableSessionTickets: true
preferServerCipherSuites: true
stores:
Store0:
defaultCertificate:
certFile: foobar
keyFile: foobar
defaultGeneratedCert:
resolver: foobar
domain:
main: foobar
sans:
- foobar
- foobar
Store1:
defaultCertificate:
certFile: foobar
keyFile: foobar
defaultGeneratedCert:
resolver: foobar
domain:
main: foobar
sans:
- foobar
- foobar
internal/gendoc.go
-109
View File
@@ -1,131 +1,22 @@
package main
import (
"bytes"
"fmt"
"io"
"os"
"reflect"
"sort"
"strings"
"github.com/BurntSushi/toml"
"github.com/rs/zerolog/log"
"github.com/traefik/paerser/flag"
"github.com/traefik/paerser/generator"
"github.com/traefik/traefik/v3/cmd"
"github.com/traefik/traefik/v3/pkg/collector/hydratation"
"github.com/traefik/traefik/v3/pkg/config/dynamic"
"gopkg.in/yaml.v3"
)
var commentGenerated = `## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
`
func main() {
genRoutingConfDoc()
genInstallConfDoc()
genAnchors()
}
// Generate the Routing Configuration YAML and TOML files.
func genRoutingConfDoc() {
logger := log.With().Logger()
dynConf := &dynamic.Configuration{}
err := hydratation.Hydrate(dynConf)
if err != nil {
logger.Fatal().Err(err).Send()
}
dynConf.HTTP.Models = map[string]*dynamic.Model{}
clean(dynConf.HTTP.Middlewares)
clean(dynConf.TCP.Middlewares)
clean(dynConf.HTTP.Services)
clean(dynConf.TCP.Services)
clean(dynConf.UDP.Services)
err = tomlWrite("./docs/content/reference/routing-configuration/other-providers/file.toml", dynConf)
if err != nil {
logger.Fatal().Err(err).Send()
}
err = yamlWrite("./docs/content/reference/routing-configuration/other-providers/file.yaml", dynConf)
if err != nil {
logger.Fatal().Err(err).Send()
}
}
func yamlWrite(outputFile string, element any) error {
file, err := os.OpenFile(outputFile, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o666)
if err != nil {
return err
}
defer file.Close()
// Write the comment at the beginning of the file.
if _, err := file.WriteString(commentGenerated); err != nil {
return err
}
buf := new(bytes.Buffer)
encoder := yaml.NewEncoder(buf)
encoder.SetIndent(2)
err = encoder.Encode(element)
if err != nil {
return err
}
_, err = file.Write(buf.Bytes())
return err
}
func tomlWrite(outputFile string, element any) error {
file, err := os.OpenFile(outputFile, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o666)
if err != nil {
return err
}
defer file.Close()
// Write the comment at the beginning of the file.
if _, err := file.WriteString(commentGenerated); err != nil {
return err
}
return toml.NewEncoder(file).Encode(element)
}
func clean(element any) {
valSvcs := reflect.ValueOf(element)
key := valSvcs.MapKeys()[0]
valueSvcRoot := valSvcs.MapIndex(key).Elem()
var svcFieldNames []string
for i := range valueSvcRoot.NumField() {
field := valueSvcRoot.Type().Field(i)
// do not create empty node for hidden config.
if field.Tag.Get("file") == "-" && field.Tag.Get("kv") == "-" && field.Tag.Get("label") == "-" {
continue
}
svcFieldNames = append(svcFieldNames, field.Name)
}
sort.Strings(svcFieldNames)
for i, fieldName := range svcFieldNames {
v := reflect.New(valueSvcRoot.Type())
v.Elem().FieldByName(fieldName).Set(valueSvcRoot.FieldByName(fieldName))
valSvcs.SetMapIndex(reflect.ValueOf(fmt.Sprintf("%s%.2d", valueSvcRoot.Type().Name(), i+1)), v)
}
valSvcs.SetMapIndex(reflect.ValueOf(fmt.Sprintf("%s0", valueSvcRoot.Type().Name())), reflect.Value{})
valSvcs.SetMapIndex(reflect.ValueOf(fmt.Sprintf("%s1", valueSvcRoot.Type().Name())), reflect.Value{})
}
// Generate the Install Configuration in a table.
func genInstallConfDoc() {
outputFile := "./docs/content/reference/install-configuration/configuration-options.md"
pkg/middlewares/accesslog/logger.go
+8 -2
View File
@@ -230,12 +230,18 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
core[RequestAddr] = req.Host
core[RequestHost], core[RequestPort] = silentSplitHostPort(req.Host)
}
queryParameters := ""
if h.config.Fields.KeepQueryParameters() {
queryParameters = req.URL.RawQuery
}
// copy the URL without the scheme, hostname etc
urlCopy := &url.URL{
Path: req.URL.Path,
RawPath: req.URL.RawPath,
RawQuery: req.URL.RawQuery,
ForceQuery: req.URL.ForceQuery,
RawQuery: queryParameters,
ForceQuery: req.URL.ForceQuery && h.config.Fields.KeepQueryParameters(),
Fragment: req.URL.Fragment,
}
urlCopyString := urlCopy.String()
pkg/middlewares/accesslog/logger_formatters.go
+2 -1
View File
@@ -3,6 +3,7 @@ package accesslog
import (
"bytes"
"fmt"
"strings"
"time"
"github.com/sirupsen/logrus"
@@ -108,7 +109,7 @@ func toLogEntry(s, defaultValue string, quote bool) string {
}
if quote {
return `"` + s + `"`
return `"` + strings.ReplaceAll(s, `"`, `\"`) + `"`
}
return s
}
pkg/middlewares/accesslog/logger_formatters_test.go
+31
View File
@@ -79,6 +79,27 @@ func TestCommonLogFormatter_Format(t *testing.T) {
ServiceURL: "http://10.0.0.2/toto",
},
expectedLog: `10.0.0.1 - Client [10/Nov/2009:14:00:00 -0900] "GET /foo http" 123 132 "referer" "agent" - "foo" "http://10.0.0.2/toto" 123000ms
`,
},
{
name: "user-agent with double quote is escaped",
data: map[string]any{
StartUTC: time.Date(2009, time.November, 10, 23, 0, 0, 0, time.UTC),
Duration: 1 * time.Millisecond,
ClientHost: "10.0.0.1",
ClientUsername: "-",
RequestMethod: http.MethodGet,
RequestPath: "/",
RequestProtocol: "HTTP/1.1",
DownstreamStatus: 200,
DownstreamContentSize: 0,
RequestRefererHeader: "-",
RequestUserAgentHeader: `foo " bar`,
RequestCount: 1,
RouterName: "test@file",
ServiceURL: "http://127.0.0.1:8080",
},
expectedLog: `10.0.0.1 - - [10/Nov/2009:23:00:00 +0000] "GET / HTTP/1.1" 200 0 "-" "foo \" bar" 1 "test@file" "http://127.0.0.1:8080" 1ms
`,
},
}
@@ -221,6 +242,16 @@ func Test_toLog(t *testing.T) {
quoted: true,
expectedLog: `"foo"`,
},
{
desc: "Should escape double quotes in quoted string",
fields: logrus.Fields{
"Powpow": `foo " bar`,
},
fieldName: "Powpow",
defaultValue: defaultValue,
quoted: true,
expectedLog: `"foo \" bar"`,
},
{
desc: "Should return defaultValue if fieldName does not exist",
fields: logrus.Fields{
pkg/middlewares/accesslog/logger_test.go
+158 -32
View File
@@ -39,23 +39,25 @@ import (
const delta float64 = 1e-10
var (
logFileNameSuffix = "/traefik/logger/test.log"
testContent = "Hello, World"
testServiceName = "http://127.0.0.1/testService"
testRouterName = "testRouter"
testStatus = 123
testContentSize int64 = 12
testHostname = "TestHost"
testUsername = "TestUser"
testPath = "testpath"
testPort = 8181
testProto = "HTTP/0.0"
testScheme = "http"
testMethod = http.MethodPost
testReferer = "testReferer"
testUserAgent = "testUserAgent"
testRetryAttempts = 2
testStart = time.Now()
logFileNameSuffix = "/traefik/logger/test.log"
testContent = "Hello, World"
testServiceName = "http://127.0.0.1/testService"
testRouterName = "testRouter"
testStatus = 123
testContentSize int64 = 12
testHostname = "TestHost"
testUsername = "TestUser"
testPath = "testpath"
testQueryParams = "param1=test1&param2=test2"
testPathWithQueryParams = testPath + "?" + testQueryParams
testPort = 8181
testProto = "HTTP/0.0"
testScheme = "http"
testMethod = http.MethodPost
testReferer = "testReferer"
testUserAgent = "testUserAgent"
testRetryAttempts = 2
testStart = time.Now()
)
func TestOTelAccessLogWithBodyAndDualOutput(t *testing.T) {
@@ -458,7 +460,7 @@ func TestCommonLogger(t *testing.T) {
logData, err := os.ReadFile(logFilePath)
require.NoError(t, err)
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 1 "testRouter" "http://127.0.0.1/testService" 1ms`
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 1 "testRouter" "http://127.0.0.1/testService" 1ms`
assertValidCommonLogData(t, expectedLog, logData)
}
@@ -473,6 +475,23 @@ func TestCommonLoggerWithBufferingSize(t *testing.T) {
logData, err := os.ReadFile(logFilePath)
require.NoError(t, err)
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 1 "testRouter" "http://127.0.0.1/testService" 1ms`
assertValidCommonLogData(t, expectedLog, logData)
}
func TestCommonLoggerDropQueryParameters(t *testing.T) {
logFilePath := filepath.Join(t.TempDir(), logFileNameSuffix)
fieldConfig := &otypes.AccessLogFields{
QueryParameters: &otypes.FieldQueryParameters{
DefaultMode: "drop",
},
}
config := &otypes.AccessLog{FilePath: logFilePath, Format: CommonFormat, Fields: fieldConfig}
doLogging(t, config, false, false)
logData, err := os.ReadFile(logFilePath)
require.NoError(t, err)
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 1 "testRouter" "http://127.0.0.1/testService" 1ms`
assertValidCommonLogData(t, expectedLog, logData)
}
@@ -485,7 +504,7 @@ func TestLoggerGenericCLF(t *testing.T) {
logData, err := os.ReadFile(logFilePath)
require.NoError(t, err)
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent"`
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent"`
assertValidGenericCLFLogData(t, expectedLog, logData)
}
@@ -500,6 +519,23 @@ func TestLoggerGenericCLFWithBufferingSize(t *testing.T) {
logData, err := os.ReadFile(logFilePath)
require.NoError(t, err)
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent"`
assertValidGenericCLFLogData(t, expectedLog, logData)
}
func TestLoggerGenericCLFDropQueryParameters(t *testing.T) {
logFilePath := filepath.Join(t.TempDir(), logFileNameSuffix)
fieldConfig := &otypes.AccessLogFields{
QueryParameters: &otypes.FieldQueryParameters{
DefaultMode: "drop",
},
}
config := &otypes.AccessLog{FilePath: logFilePath, Format: GenericCLFFormat, Fields: fieldConfig}
doLogging(t, config, false, false)
logData, err := os.ReadFile(logFilePath)
require.NoError(t, err)
expectedLog := ` TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent"`
assertValidGenericCLFLogData(t, expectedLog, logData)
}
@@ -556,7 +592,7 @@ func TestLoggerJSON(t *testing.T) {
RequestHost: assertString(testHostname),
RequestAddr: assertString(testHostname),
RequestMethod: assertString(testMethod),
RequestPath: assertString(testPath),
RequestPath: assertString(testPathWithQueryParams),
RequestProtocol: assertString(testProto),
RequestScheme: assertString(testScheme),
RequestPort: assertString("-"),
@@ -596,7 +632,7 @@ func TestLoggerJSON(t *testing.T) {
RequestHost: assertString(testHostname),
RequestAddr: assertString(testHostname),
RequestMethod: assertString(testMethod),
RequestPath: assertString(testPath),
RequestPath: assertString(testPathWithQueryParams),
RequestProtocol: assertString(testProto),
RequestScheme: assertString(testScheme),
RequestPort: assertString("-"),
@@ -640,7 +676,7 @@ func TestLoggerJSON(t *testing.T) {
RequestHost: assertString(testHostname),
RequestAddr: assertString(testHostname),
RequestMethod: assertString(testMethod),
RequestPath: assertString(testPath),
RequestPath: assertString(testPath + "?param1=test1&param2=test2"),
RequestProtocol: assertString(testProto),
RequestScheme: assertString(testScheme),
RequestPort: assertString("-"),
@@ -684,7 +720,7 @@ func TestLoggerJSON(t *testing.T) {
RequestHost: assertString(testHostname),
RequestAddr: assertString(testHostname),
RequestMethod: assertString(testMethod),
RequestPath: assertString(testPath),
RequestPath: assertString(testPathWithQueryParams),
RequestProtocol: assertString(testProto),
RequestScheme: assertString("https"),
RequestPort: assertString("-"),
@@ -824,6 +860,94 @@ func TestLoggerJSON(t *testing.T) {
RequestRefererHeader: assertString(testReferer),
},
},
{
desc: "default config, drop query parameters",
config: &otypes.AccessLog{
FilePath: "",
Format: JSONFormat,
Fields: &otypes.AccessLogFields{
QueryParameters: &otypes.FieldQueryParameters{
DefaultMode: "drop",
},
},
},
expected: map[string]func(t *testing.T, value any){
RequestContentSize: assertFloat64(0),
RequestHost: assertString(testHostname),
RequestAddr: assertString(testHostname),
RequestMethod: assertString(testMethod),
RequestPath: assertString(testPath),
RequestProtocol: assertString(testProto),
RequestScheme: assertString(testScheme),
RequestPort: assertString("-"),
DownstreamStatus: assertFloat64(float64(testStatus)),
DownstreamContentSize: assertFloat64(float64(len(testContent))),
OriginContentSize: assertFloat64(float64(len(testContent))),
OriginStatus: assertFloat64(float64(testStatus)),
RequestRefererHeader: assertString(testReferer),
RequestUserAgentHeader: assertString(testUserAgent),
RouterName: assertString(testRouterName),
ServiceURL: assertString(testServiceName),
ClientUsername: assertString(testUsername),
ClientHost: assertString(testHostname),
ClientPort: assertString(strconv.Itoa(testPort)),
ClientAddr: assertString(fmt.Sprintf("%s:%d", testHostname, testPort)),
"level": assertString("info"),
"msg": assertString(""),
"downstream_Content-Type": assertString("text/plain; charset=utf-8"),
RequestCount: assertFloat64NotZero(),
Duration: assertFloat64NotZero(),
Overhead: assertFloat64NotZero(),
RetryAttempts: assertFloat64(float64(testRetryAttempts)),
"time": assertNotEmpty(),
"StartLocal": assertNotEmpty(),
"StartUTC": assertNotEmpty(),
},
},
{
desc: "default config, keep query parameters",
config: &otypes.AccessLog{
FilePath: "",
Format: JSONFormat,
Fields: &otypes.AccessLogFields{
QueryParameters: &otypes.FieldQueryParameters{
DefaultMode: "keep",
},
},
},
expected: map[string]func(t *testing.T, value any){
RequestContentSize: assertFloat64(0),
RequestHost: assertString(testHostname),
RequestAddr: assertString(testHostname),
RequestMethod: assertString(testMethod),
RequestPath: assertString(testPathWithQueryParams),
RequestProtocol: assertString(testProto),
RequestScheme: assertString(testScheme),
RequestPort: assertString("-"),
DownstreamStatus: assertFloat64(float64(testStatus)),
DownstreamContentSize: assertFloat64(float64(len(testContent))),
OriginContentSize: assertFloat64(float64(len(testContent))),
OriginStatus: assertFloat64(float64(testStatus)),
RequestRefererHeader: assertString(testReferer),
RequestUserAgentHeader: assertString(testUserAgent),
RouterName: assertString(testRouterName),
ServiceURL: assertString(testServiceName),
ClientUsername: assertString(testUsername),
ClientHost: assertString(testHostname),
ClientPort: assertString(strconv.Itoa(testPort)),
ClientAddr: assertString(fmt.Sprintf("%s:%d", testHostname, testPort)),
"level": assertString("info"),
"msg": assertString(""),
"downstream_Content-Type": assertString("text/plain; charset=utf-8"),
RequestCount: assertFloat64NotZero(),
Duration: assertFloat64NotZero(),
Overhead: assertFloat64NotZero(),
RetryAttempts: assertFloat64(float64(testRetryAttempts)),
"time": assertNotEmpty(),
"StartLocal": assertNotEmpty(),
"StartUTC": assertNotEmpty(),
},
},
}
for _, test := range testCases {
@@ -925,7 +1049,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
FilePath: "",
Format: CommonFormat,
},
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
},
{
desc: "default config with empty filters",
@@ -934,7 +1058,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
Format: CommonFormat,
Filters: &otypes.AccessLogFilters{},
},
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
},
{
desc: "Status code filter not matching",
@@ -956,7 +1080,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
StatusCodes: []string{"123"},
},
},
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
},
{
desc: "Duration filter not matching",
@@ -978,7 +1102,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
MinDuration: ptypes.Duration(1 * time.Millisecond),
},
},
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
},
{
desc: "Retry attempts filter matching",
@@ -989,7 +1113,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
RetryAttempts: true,
},
},
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
},
{
desc: "Default mode keep",
@@ -1000,7 +1124,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
DefaultMode: "keep",
},
},
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
expectedLog: `TestHost - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
},
{
desc: "Default mode keep with override",
@@ -1014,7 +1138,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
},
},
},
expectedLog: `- - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
expectedLog: `- - TestUser [13/Apr/2016:07:14:19 -0700] "POST testpath?param1=test1&param2=test2 HTTP/0.0" 123 12 "testReferer" "testUserAgent" 23 "testRouter" "http://127.0.0.1/testService" 1ms`,
},
{
desc: "Default mode drop",
@@ -1220,8 +1344,10 @@ func doLoggingTLSOpt(t *testing.T, config *otypes.AccessLog, enableTLS, tracing,
Method: testMethod,
RemoteAddr: fmt.Sprintf("%s:%d", testHostname, testPort),
URL: &url.URL{
User: url.UserPassword(testUsername, ""),
Path: testPath,
User: url.UserPassword(testUsername, ""),
Path: testPath,
RawQuery: testQueryParams,
ForceQuery: true,
},
Body: io.NopCloser(bytes.NewReader([]byte("bar"))),
}
pkg/observability/types/logs.go
+21 -3
View File
@@ -93,9 +93,15 @@ type FieldHeaders struct {
// AccessLogFields holds configuration for access log fields.
type AccessLogFields struct {
DefaultMode string `description:"Default mode for fields: keep | drop" json:"defaultMode,omitempty" toml:"defaultMode,omitempty" yaml:"defaultMode,omitempty" export:"true"`
Names map[string]string `description:"Override mode for fields" json:"names,omitempty" toml:"names,omitempty" yaml:"names,omitempty" export:"true"`
Headers *FieldHeaders `description:"Headers to keep, drop or redact" json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
DefaultMode string `description:"Default mode for fields: keep | drop" json:"defaultMode,omitempty" toml:"defaultMode,omitempty" yaml:"defaultMode,omitempty" export:"true"`
Names map[string]string `description:"Override mode for fields" json:"names,omitempty" toml:"names,omitempty" yaml:"names,omitempty" export:"true"`
Headers *FieldHeaders `description:"Headers to keep, drop or redact" json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true"`
QueryParameters *FieldQueryParameters `description:"Keep or drop all query parameters" json:"queryParameters,omitempty" toml:"queryParameters,omitempty" yaml:"queryParameters,omitempty" export:"true"`
}
// FieldQueryParameters holds configuration for access log query parameters.
type FieldQueryParameters struct {
DefaultMode string `description:"Default mode for query parameters: keep | drop" json:"defaultMode,omitempty" toml:"defaultMode,omitempty" yaml:"defaultMode,omitempty" export:"true"`
}
// SetDefaults sets the default values.
@@ -104,6 +110,9 @@ func (f *AccessLogFields) SetDefaults() {
f.Headers = &FieldHeaders{
DefaultMode: AccessLogDrop,
}
f.QueryParameters = &FieldQueryParameters{
DefaultMode: AccessLogKeep,
}
}
// Keep check if the field need to be kept or dropped.
@@ -132,6 +141,15 @@ func (f *AccessLogFields) KeepHeader(header string) string {
return defaultValue
}
// KeepQueryParameters checks if the query parameters need to be kept or dropped.
func (f *AccessLogFields) KeepQueryParameters() bool {
defaultKeep := true
if f == nil || f.QueryParameters == nil {
return defaultKeep
}
return checkFieldValue(f.QueryParameters.DefaultMode, defaultKeep)
}
func checkFieldValue(value string, defaultKeep bool) bool {
switch value {
case AccessLogKeep:
pkg/provider/kubernetes/gateway/grpcroute.go
+13 -2
View File
@@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"net"
"regexp"
"strconv"
"strings"
@@ -394,14 +395,24 @@ func buildGRPCMethodRule(method *gatev1.GRPCMethodMatch) string {
return `PathPrefix("/")`
}
isExact := method.Type == nil || *method.Type == gatev1.GRPCMethodMatchExact
sExpr := "[^/]+"
if s := ptr.Deref(method.Service, ""); s != "" {
sExpr = s
if isExact {
sExpr = regexp.QuoteMeta(s)
} else {
sExpr = s
}
}
mExpr := "[^/]+"
if m := ptr.Deref(method.Method, ""); m != "" {
mExpr = m
if isExact {
mExpr = regexp.QuoteMeta(m)
} else {
mExpr = m
}
}
return fmt.Sprintf("PathRegexp(%q)", fmt.Sprintf("/%s/%s", sExpr, mExpr))
pkg/provider/kubernetes/gateway/grpcroute_test.go
+34 -9
View File
@@ -118,15 +118,6 @@ func Test_buildGRPCMethodRule(t *testing.T) {
},
expectedRule: `PathRegexp("/[^/]+/bar")`,
},
{
desc: "Exact service and method matching",
method: &gatev1.GRPCMethodMatch{
Type: ptr.To(gatev1.GRPCMethodMatchExact),
Service: ptr.To("foo"),
Method: ptr.To("bar"),
},
expectedRule: `PathRegexp("/foo/bar")`,
},
{
desc: "Regexp service matching",
method: &gatev1.GRPCMethodMatch{
@@ -152,6 +143,40 @@ func Test_buildGRPCMethodRule(t *testing.T) {
},
expectedRule: `PathRegexp("/[^1-9/]/[^1-9/]")`,
},
{
desc: "Exact type with dot in service name escapes dot",
method: &gatev1.GRPCMethodMatch{
Type: ptr.To(gatev1.GRPCMethodMatchExact),
Service: ptr.To("foo.bar"),
Method: ptr.To("Method"),
},
expectedRule: `PathRegexp("/foo\\.bar/Method")`,
},
{
desc: "Nil type defaults to exact and escapes dot",
method: &gatev1.GRPCMethodMatch{
Type: nil,
Service: ptr.To("auth.api"),
Method: ptr.To("Login"),
},
expectedRule: `PathRegexp("/auth\\.api/Login")`,
},
{
desc: "RegularExpression type preserves dot as regex wildcard",
method: &gatev1.GRPCMethodMatch{
Type: ptr.To(gatev1.GRPCMethodMatchRegularExpression),
Service: ptr.To("foo.bar"),
Method: ptr.To(".*"),
},
expectedRule: `PathRegexp("/foo.bar/.*")`,
},
{
desc: "Exact type with neither service nor method uses full wildcard",
method: &gatev1.GRPCMethodMatch{
Type: ptr.To(gatev1.GRPCMethodMatchExact),
},
expectedRule: `PathRegexp("/[^/]+/[^/]+")`,
},
}
for _, test := range testCases {