205hlab-mirrors/traefik
2
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2026-06-18 19:38:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge current branch v3.6 into v3.7

Browse Source
This commit is contained in:
romain
2026-05-27 13:59:31 +02:00
parent 743a63369c 9d5b03d2ea
commit 6e0198ca1e
22 changed files with 865 additions and 1616 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/content/contributing/maintainers.md
+1
View File
@@ -24,6 +24,7 @@ description: "Traefik Proxy is an open source software with a thriving community
* Baptiste Mayelle [@youkoulayley](https://github.com/youkoulayley)
* Jesper Noordsij [@jnoordsij](https://github.com/jnoordsij)
* Gina Adzani [@gndz07](https://github.com/gndz07)
* Mathis Urien [@LBF38](https://github.com/LBF38)
## Past Maintainers
docs/content/migrate/nginx-to-traefik.md
+25 -8
View File
@@ -230,6 +230,10 @@ When you find one of these keys, translate the underlying intent rather than try
```
Install Traefik with the Kubernetes Ingress NGINX provider enabled. Both controllers will serve the same Ingress resources simultaneously.
!!! warning "Read the status race condition note first"
Running both controllers against the same Ingresses creates contention on the `status.loadBalancer.ingress[]` field. Before installing, review the [Ingress Status Race Condition](#status-race) section in Step 3 and decide which mitigation to apply (disable `publishService` on Traefik, or use a transitional IngressClass).
### Add Traefik Helm Repository
```bash
@@ -355,11 +359,20 @@ echo $(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .stat
Some ISPs ignore DNS TTL values to reduce traffic costs, caching records longer than specified. After removing NGINX from DNS, keep NGINX running for at least 24-48 hours before uninstalling to avoid dropping traffic from users whose ISPs have stale DNS caches.
??? info "ExternalDNS Users"
<a id="status-race"></a>
If you use [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) to automatically manage DNS records based on Ingress status, both NGINX and Traefik will compete to update the Ingress status with their LoadBalancer IPs when `publishService` is enabled. Traefik typically wins because it updates faster, which can cause unexpected traffic shifts.
!!! warning "Ingress Status Race Condition During Coexistence"
**Recommended approach for ExternalDNS:**
While both controllers manage the same Ingress resources (same `ingressClassName: nginx`), they will both attempt to write the LoadBalancer address into `status.loadBalancer.ingress[]` on every Ingress they own. Each controller overwrites the other in a tight reconciliation loop, with no error reported in the logs (just repeated `Updated ingress status` info lines on both sides).
Routing itself is not affected: both controllers correctly serve traffic during the coexistence window. The flapping status field affects anything that watches it:
- [ExternalDNS](https://github.com/kubernetes-sigs/external-dns), which may shift DNS records back and forth between the two LoadBalancer IPs.
- kube-state-metrics, monitoring dashboards, and alerting rules that observe Ingress status.
- GitOps tools such as ArgoCD or Flux, which will report a permanent drift on every affected Ingress.
- Custom operators reconciling on the Ingress status field.
**Recommended mitigation (option 1): disable status publishing on Traefik during coexistence**
1. **[Install Traefik](#step-1-install-traefik-alongside-nginx) with `publishService` disabled**:
@@ -372,9 +385,11 @@ echo $(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .stat
enabled: false # Disable to prevent status updates
```
2. **Test Traefik** using [port-forward](#step-2-verify-traefik-is-handling-traffic) or a separate test hostname
Traefik keeps serving the Ingresses normally. It only stops writing the status field, leaving NGINX as the sole writer.
3. **Switch DNS via NGINX** - Configure NGINX to publish Traefik's service address:
2. **Test Traefik** using [port-forward](#step-2-verify-traefik-is-handling-traffic) or a separate test hostname.
3. **Switch DNS via NGINX** (ExternalDNS users only). Configure NGINX to publish Traefik's service address so ExternalDNS points traffic to Traefik:
```yaml
# nginx-values.yaml
@@ -383,11 +398,13 @@ echo $(kubectl get svc -n traefik traefik -o go-template='{{ $ing := index .stat
pathOverride: "traefik/traefik" # Points to Traefik's service
```
This makes NGINX update the Ingress status with Traefik's LoadBalancer IP, causing ExternalDNS to point traffic to Traefik.
4. **Verify traffic flows through Traefik**. At this point, you can still roll back by removing the `pathOverride`.
4. **Verify traffic flows through Traefik** - At this point, you can still rollback by removing the `pathOverride`
5. **[Enable `publishService` on Traefik](#step-1-install-traefik-alongside-nginx)** and [uninstall NGINX](#step-4-uninstall-ingress-nginx-controller).
5. **[Enable `publishService` on Traefik](#step-1-install-traefik-alongside-nginx)** and [uninstall NGINX](#step-4-uninstall-ingress-nginx-controller)
**Alternative mitigation (option 2): use a transitional IngressClass**
Give the migrating NGINX a distinct IngressClass (for example `nginx-migration`) so the two controllers never own the same Ingress at the same time. This is the approach SUSE documents for RKE2 migrations: see [SUSE: Migrate from Ingress NGINX to Traefik](https://documentation.suse.com/cloudnative/rke2/latest/en/reference/ingress_migration.html). This avoids any contention on `status.loadBalancer.ingress[]` entirely, at the cost of a short traffic-cutover step instead of a progressive DNS shift.
### Option B: External Load Balancer with Weighted Traffic
docs/content/migrate/v1-to-v2.md
+1 -1
View File
@@ -17,7 +17,7 @@ For more information about the changes in Traefik v2, please refer to the [v2 do
We created a tool to help during the migration: [traefik-migration-tool](https://github.com/traefik/traefik-migration-tool)
This tool allows to:
This tool lets you:
- convert `Ingress` to Traefik `IngressRoute` resources.
- convert `acme.json` file from v1 to v2 format.
docs/content/migrate/v2-to-v3-details.md
+1 -1
View File
@@ -680,7 +680,7 @@ It can be configured in the install configuration.
##### Configure the Syntax Per Router
The rule syntax can also be configured on a per-router basis.
This allows to have heterogeneous router configurations and ease migration.
This allows you to have heterogeneous router configurations and ease migration.
??? example "An example router with syntax configuration"
docs/content/observe/logs-and-access-logs.md
+1
View File
@@ -175,6 +175,7 @@ When using the `json` format, you can customize which fields are included in you
- **Request Fields:** You can choose to `keep`, `drop`, or `redact` any of the standard request fields. A complete list of available fields like `ClientHost`, `RequestMethod`, and `Duration` can be found in the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md#json-format-fields).
- **Request Headers:** You can also specify which request headers should be included in the logs, and whether their values should be `kept`, `dropped`, or `redacted`.
- **Request Query Parameters:** You can choose to `keep` or `drop` the query parameters for a request.
!!! info
For detailed configuration options, refer to the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md).
docs/content/reference/install-configuration/configuration-options.md
+1
View File
@@ -15,6 +15,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
| <a id="opt-accesslog-fields-headers-defaultmode" href="#opt-accesslog-fields-headers-defaultmode" title="#opt-accesslog-fields-headers-defaultmode">accesslog.fields.headers.defaultmode</a> | Default mode for fields: keep | drop | redact | drop |
| <a id="opt-accesslog-fields-headers-names-name" href="#opt-accesslog-fields-headers-names-name" title="#opt-accesslog-fields-headers-names-name">accesslog.fields.headers.names._name_</a> | Override mode for headers | |
| <a id="opt-accesslog-fields-names-name" href="#opt-accesslog-fields-names-name" title="#opt-accesslog-fields-names-name">accesslog.fields.names._name_</a> | Override mode for fields | |
| <a id="opt-accesslog-fields-queryparameters-defaultmode" href="#opt-accesslog-fields-queryparameters-defaultmode" title="#opt-accesslog-fields-queryparameters-defaultmode">accesslog.fields.queryparameters.defaultmode</a> | Default mode for query parameters: keep | drop | keep |
| <a id="opt-accesslog-filepath" href="#opt-accesslog-filepath" title="#opt-accesslog-filepath">accesslog.filepath</a> | Access log file path. Stdout is used when omitted or empty. | |
| <a id="opt-accesslog-filters-minduration" href="#opt-accesslog-filters-minduration" title="#opt-accesslog-filters-minduration">accesslog.filters.minduration</a> | Keep access logs when request took longer than the specified duration. | 0 |
| <a id="opt-accesslog-filters-retryattempts" href="#opt-accesslog-filters-retryattempts" title="#opt-accesslog-filters-retryattempts">accesslog.filters.retryattempts</a> | Keep access logs when at least one retry happened. | false |
docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
+8
View File
@@ -171,6 +171,9 @@ accessLog:
User-Agent: redact
# Drop the Authorization header value
Authorization: drop
queryParameters:
# Drop all query parameters
defaultMode: drop
```
```toml tab="File (TOML)"
@@ -194,6 +197,9 @@ accessLog:
[accessLog.fields.headers.names]
User-Agent = "redact"
Authorization = "drop"
[accessLog.fields.queryParameters]
defaultMode = "drop"
```
```sh tab="CLI"
@@ -208,6 +214,7 @@ accessLog:
--accesslog.fields.headers.defaultmode=keep
--accesslog.fields.headers.names.User-Agent=redact
--accesslog.fields.headers.names.Authorization=drop
--accesslog.fields.queryparameters.defaultmode=drop
```
### Configuration Options
@@ -228,6 +235,7 @@ The section below describes how to configure Traefik access logs using the stati
| <a id="opt-accesslog-fields-names" href="#opt-accesslog-fields-names" title="#opt-accesslog-fields-names">`accesslog.fields.names`</a> | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#json-format-fields). | [ ] | No |
| <a id="opt-accesslog-fields-headers-defaultMode" href="#opt-accesslog-fields-headers-defaultMode" title="#opt-accesslog-fields-headers-defaultMode">`accesslog.fields.headers.defaultMode`</a> | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`). | drop | No |
| <a id="opt-accesslog-fields-headers-names" href="#opt-accesslog-fields-headers-names" title="#opt-accesslog-fields-headers-names">`accesslog.fields.headers.names`</a> | Set the headers list to display in the access logs (format `name:mode`). | [ ] | No |
| <a id="opt-accesslog-fields-queryParameters-defaultMode" href="#opt-accesslog-fields-queryParameters-defaultMode" title="#opt-accesslog-fields-queryParameters-defaultMode">`accesslog.fields.queryParameters.defaultMode`</a> | Mode to apply by default to the access logs query parameters (`keep` or `drop`) | keep | No |
### OpenTelemetry
docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
+1 -1
View File
@@ -62,7 +62,7 @@ spec:
| <a id="opt-authRequestHeaders" href="#opt-authRequestHeaders" title="#opt-authRequestHeaders">`authRequestHeaders`</a> | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No |
| <a id="opt-addAuthCookiesToResponse" href="#opt-addAuthCookiesToResponse" title="#opt-addAuthCookiesToResponse">`addAuthCookiesToResponse`</a> | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No |
| <a id="opt-forwardBody" href="#opt-forwardBody" title="#opt-forwardBody">`forwardBody`</a> | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No |
| <a id="opt-maxBodySize" href="#opt-maxBodySize" title="#opt-maxBodySize">`maxBodySize`</a> | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). If left unset, the request body size is unrestricted which can have performance or security implications. < br/>More information [here](#maxbodysize). | -1 | No |
| <a id="opt-maxBodySize" href="#opt-maxBodySize" title="#opt-maxBodySize">`maxBodySize`</a> | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). If left unset, the request body size is unrestricted which can have performance or security implications. <br/>More information [here](#maxbodysize). | -1 | No |
| <a id="opt-maxResponseBodySize" href="#opt-maxResponseBodySize" title="#opt-maxResponseBodySize">`maxResponseBodySize`</a> | Set the `maxResponseBodySize` to limit the response body size from the authentication server in bytes. If the response body exceeds this limit, it returns a 401 (unauthorized). If left unset, the response body size is unrestricted which can have performance or security implications. <br/>More information [here](#maxresponsebodysize).| -1 | No |
| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Defines a header field to store the authenticated user. | "" | No |
| <a id="opt-preserveLocationHeader" href="#opt-preserveLocationHeader" title="#opt-preserveLocationHeader">`preserveLocationHeader`</a> | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No |
docs/content/reference/routing-configuration/kubernetes/crd/http/ingressroute.md
+1 -1
View File
@@ -92,7 +92,7 @@ spec:
| <a id="opt-routesn-middlewares" href="#opt-routesn-middlewares" title="#opt-routesn-middlewares">`routes[n].middlewares`</a> | List of middlewares to attach to the IngressRoute. <br />More information [here](#middleware). | "" | No |
| <a id="opt-routesn-middlewaresm-name" href="#opt-routesn-middlewaresm-name" title="#opt-routesn-middlewaresm-name">`routes[n].`<br />`middlewares[m].`<br />`name`</a> | Middleware name.<br />The character `@` is not authorized. <br />More information [here](#middleware). | | Yes |
| <a id="opt-routesn-middlewaresm-namespace" href="#opt-routesn-middlewaresm-namespace" title="#opt-routesn-middlewaresm-namespace">`routes[n].`<br />`middlewares[m].`<br />`namespace`</a> | Middleware namespace.<br />Can be empty if the middleware belongs to the same namespace as the IngressRoute. <br />More information [here](#middleware). | | No |
| <a id="opt-routesn-observability-accesslogs" href="#opt-routesn-observability-accesslogs" title="#opt-routesn-observability-accesslogs">`routes[n].`<br />`observability.`<br />`accesslogs`</a> | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-routesn-observability-accessLogs" href="#opt-routesn-observability-accessLogs" title="#opt-routesn-observability-accessLogs">`routes[n].`<br />`observability.`<br />`accessLogs`</a> | Defines whether the route will produce [access-logs](../../../../install-configuration/observability/logs-and-accesslogs.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-routesn-observability-metrics" href="#opt-routesn-observability-metrics" title="#opt-routesn-observability-metrics">`routes[n].`<br />`observability.`<br />`metrics`</a> | Defines whether the route will produce [metrics](../../../../install-configuration/observability/metrics.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-routesn-observability-tracing" href="#opt-routesn-observability-tracing" title="#opt-routesn-observability-tracing">`routes[n].`<br />`observability.`<br />`tracing`</a> | Defines whether the route will produce [traces](../../../../install-configuration/observability/tracing.md). See [here](../../../http/routing/observability.md) for more information. | false | No |
| <a id="opt-tls" href="#opt-tls" title="#opt-tls">`tls`</a> | TLS configuration.<br />Can be an empty value(`{}`):<br />A self signed is generated in such a case<br />(or the [default certificate](../tls/tlsstore.md) is used if it is defined.) | | No |
docs/content/reference/routing-configuration/other-providers/file.md
+444 -16
View File
@@ -1,26 +1,454 @@
---
title: "Traefik File Dynamic Configuration"
description: "This guide will provide you with the YAML and TOML files for dynamic configuration in Traefik Proxy. Read the technical documentation."
title: "Traefik File Routing Configuration"
description: "This guide will provide you with the reference for file-based routing configuration in Traefik Proxy. Read the technical documentation."
---
# Traefik File Routing Configuration
# Traefik and Configuration Files
The file provider lets you define routing configuration in YAML or TOML.
Use it to declare routers, services, middlewares, TCP and UDP routing, and TLS options that Traefik should load from a file or a directory.
!!! warning "Work In Progress"
To configure the file provider itself, see the [File provider install configuration](../../install-configuration/providers/others/file.md) page.
This page is still work in progress to provide a better documention of the routing options.
## Configuration Examples
It has been created to provide a centralized page with all the option in YAML and TOML format.
??? example "Configuring the File Provider and Exposing One HTTP Service"
Enabling the file provider:
```yaml tab="Structured (YAML)"
providers:
file:
filename: /etc/traefik/dynamic.yml
```
```toml tab="Structured (TOML)"
[providers.file]
filename = "/etc/traefik/dynamic.toml"
```
```bash tab="CLI"
--providers.file.filename=/etc/traefik/dynamic.yml
```
Declaring the dynamic HTTP configuration:
```yaml tab="Structured (YAML)"
http:
routers:
app:
rule: Host(`example.com`)
entryPoints:
- websecure
service: app
tls: {}
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8080
```
```toml tab="Structured (TOML)"
[http.routers.app]
rule = "Host(`example.com`)"
entryPoints = ["websecure"]
service = "app"
[http.routers.app.tls]
[http.services.app.loadBalancer]
[[http.services.app.loadBalancer.servers]]
url = "http://127.0.0.1:8080"
```
??? example "Specifying More Than One Router and Service"
Define each router and explicitly attach it to the service that should handle matching requests.
```yaml tab="Structured (YAML)"
http:
routers:
app:
rule: Host(`example-a.com`)
service: app
admin:
rule: Host(`example-b.com`)
service: admin
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8000
admin:
loadBalancer:
servers:
- url: http://127.0.0.1:9000
```
```toml tab="Structured (TOML)"
[http.routers.app]
rule = "Host(`example-a.com`)"
service = "app"
[http.routers.admin]
rule = "Host(`example-b.com`)"
service = "admin"
[http.services.app.loadBalancer]
[[http.services.app.loadBalancer.servers]]
url = "http://127.0.0.1:8000"
[http.services.admin.loadBalancer]
[[http.services.admin.loadBalancer.servers]]
url = "http://127.0.0.1:9000"
```
??? example "Declaring and Referencing Middlewares"
Middlewares declared by the file provider can be used by routers from the file provider or by routers from other providers.
When another provider references them, use the `@file` provider suffix.
```yaml tab="Structured (YAML)"
http:
routers:
app:
rule: Host(`secure.example.com`)
entryPoints:
- websecure
middlewares:
- secure-headers
service: app
tls:
options: modern
middlewares:
secure-headers:
headers:
stsSeconds: 31536000
forceSTSHeader: true
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8080
tls:
options:
modern:
minVersion: VersionTLS12
sniStrict: true
```
```toml tab="Structured (TOML)"
[http.routers.app]
rule = "Host(`secure.example.com`)"
entryPoints = ["websecure"]
middlewares = ["secure-headers"]
service = "app"
[http.routers.app.tls]
options = "modern"
[http.middlewares.secure-headers.headers]
stsSeconds = 31536000
forceSTSHeader = true
[http.services.app.loadBalancer]
[[http.services.app.loadBalancer.servers]]
url = "http://127.0.0.1:8080"
[tls.options.modern]
minVersion = "VersionTLS12"
sniStrict = true
```
??? example "Loading Multiple Dynamic Configuration Files"
Configure the file provider with a directory when you want to split dynamic configuration across multiple files.
```yaml tab="Structured (YAML)"
providers:
file:
directory: /etc/traefik/dynamic
watch: true
```
```toml tab="Structured (TOML)"
[providers.file]
directory = "/etc/traefik/dynamic"
watch = true
```
```bash tab="CLI"
--providers.file.directory=/etc/traefik/dynamic
--providers.file.watch=true
```
Example `/etc/traefik/dynamic/http.yml`:
```yaml
http:
routers:
app:
rule: Host(`example.com`)
service: app
services:
app:
loadBalancer:
servers:
- url: http://127.0.0.1:8080
```
Example `/etc/traefik/dynamic/tls.yml`:
```yaml
tls:
certificates:
- certFile: /certs/example.crt
keyFile: /certs/example.key
```
## Configuration Options
```yml tab="YAML"
--8<-- "content/reference/routing-configuration/other-providers/file.yaml"
```
### General
```toml tab="TOML"
--8<-- "content/reference/routing-configuration/other-providers/file.toml"
```
The file provider does not discover services automatically.
Define every router, service, middleware, and TLS resource explicitly in the routing configuration file.
When another provider references a resource declared by the file provider, append the `@file` provider suffix.
For example, a Docker label can reference a file-provider middleware with `secure-headers@file`.
The examples below use YAML-style field paths.
In TOML, use the equivalent table and array syntax, such as `[http.routers.<router_name>]` and `[[http.services.<service_name>.loadBalancer.servers]]`.
### HTTP
#### Routers
Define HTTP routers under `http.routers.<router_name>`.
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-routers-router-name-rule" href="#opt-http-routers-router-name-rule" title="#opt-http-routers-router-name-rule">`http.routers.<router_name>.rule`</a> | See [rule](../http/routing/rules-and-priority.md#rules) for more information. | ```Host(`example.com`)``` |
| <a id="opt-http-routers-router-name-ruleSyntax" href="#opt-http-routers-router-name-ruleSyntax" title="#opt-http-routers-router-name-ruleSyntax">`http.routers.<router_name>.ruleSyntax`</a> | See [ruleSyntax](../http/routing/rules-and-priority.md#rulesyntax) for more information.<br/>RuleSyntax is deprecated and will be removed in the next major version. | `v3` |
| <a id="opt-http-routers-router-name-entryPointsn" href="#opt-http-routers-router-name-entryPointsn" title="#opt-http-routers-router-name-entryPointsn">`http.routers.<router_name>.entryPoints[n]`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `websecure` |
| <a id="opt-http-routers-router-name-middlewaresn" href="#opt-http-routers-router-name-middlewaresn" title="#opt-http-routers-router-name-middlewaresn">`http.routers.<router_name>.middlewares[n]`</a> | See [middlewares overview](../http/middlewares/overview.md) for more information. | `secure-headers` |
| <a id="opt-http-routers-router-name-service" href="#opt-http-routers-router-name-service" title="#opt-http-routers-router-name-service">`http.routers.<router_name>.service`</a> | See [service](../http/load-balancing/service.md) for more information. | `app` |
| <a id="opt-http-routers-router-name-parentRefsn" href="#opt-http-routers-router-name-parentRefsn" title="#opt-http-routers-router-name-parentRefsn">`http.routers.<router_name>.parentRefs[n]`</a> | See [multi-layer routing](../http/routing/multi-layer-routing.md) for more information. | `parent-router@file` |
| <a id="opt-http-routers-router-name-tls" href="#opt-http-routers-router-name-tls" title="#opt-http-routers-router-name-tls">`http.routers.<router_name>.tls`</a> | See [TLS](../http/tls/overview.md) for more information. | `{}` |
| <a id="opt-http-routers-router-name-tls-certResolver" href="#opt-http-routers-router-name-tls-certResolver" title="#opt-http-routers-router-name-tls-certResolver">`http.routers.<router_name>.tls.certResolver`</a> | See [certResolver](../../install-configuration/tls/certificate-resolvers/overview.md) for more information. | `myresolver` |
| <a id="opt-http-routers-router-name-tls-domainsn-main" href="#opt-http-routers-router-name-tls-domainsn-main" title="#opt-http-routers-router-name-tls-domainsn-main">`http.routers.<router_name>.tls.domains[n].main`</a> | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `example.org` |
| <a id="opt-http-routers-router-name-tls-domainsn-sansn" href="#opt-http-routers-router-name-tls-domainsn-sansn" title="#opt-http-routers-router-name-tls-domainsn-sansn">`http.routers.<router_name>.tls.domains[n].sans[n]`</a> | See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information. | `www.example.org` |
| <a id="opt-http-routers-router-name-tls-options" href="#opt-http-routers-router-name-tls-options" title="#opt-http-routers-router-name-tls-options">`http.routers.<router_name>.tls.options`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `modern` |
| <a id="opt-http-routers-router-name-observability-accessLogs" href="#opt-http-routers-router-name-observability-accessLogs" title="#opt-http-routers-router-name-observability-accessLogs">`http.routers.<router_name>.observability.accessLogs`</a> | Enables or disables access logs for the router. | `true` |
| <a id="opt-http-routers-router-name-observability-metrics" href="#opt-http-routers-router-name-observability-metrics" title="#opt-http-routers-router-name-observability-metrics">`http.routers.<router_name>.observability.metrics`</a> | Enables or disables metrics for the router. | `true` |
| <a id="opt-http-routers-router-name-observability-tracing" href="#opt-http-routers-router-name-observability-tracing" title="#opt-http-routers-router-name-observability-tracing">`http.routers.<router_name>.observability.tracing`</a> | Enables or disables tracing for the router. | `true` |
| <a id="opt-http-routers-router-name-observability-traceVerbosity" href="#opt-http-routers-router-name-observability-traceVerbosity" title="#opt-http-routers-router-name-observability-traceVerbosity">`http.routers.<router_name>.observability.traceVerbosity`</a> | See [trace verbosity](../http/routing/observability.md#opt-traceVerbosity) for more information. | `minimal` |
| <a id="opt-http-routers-router-name-priority" href="#opt-http-routers-router-name-priority" title="#opt-http-routers-router-name-priority">`http.routers.<router_name>.priority`</a> | See [priority](../http/routing/rules-and-priority.md#priority-calculation) for more information. | `42` |
#### Services
Define HTTP services under `http.services.<service_name>`.
!!! warning "The character `@` is not authorized in the service name `<service_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-services-service-name-loadBalancer-serversn-url" href="#opt-http-services-service-name-loadBalancer-serversn-url" title="#opt-http-services-service-name-loadBalancer-serversn-url">`http.services.<service_name>.loadBalancer.servers[n].url`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `http://127.0.0.1:8080` |
| <a id="opt-http-services-service-name-loadBalancer-serversn-weight" href="#opt-http-services-service-name-loadBalancer-serversn-weight" title="#opt-http-services-service-name-loadBalancer-serversn-weight">`http.services.<service_name>.loadBalancer.servers[n].weight`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `1` |
| <a id="opt-http-services-service-name-loadBalancer-serversn-preservePath" href="#opt-http-services-service-name-loadBalancer-serversn-preservePath" title="#opt-http-services-service-name-loadBalancer-serversn-preservePath">`http.services.<service_name>.loadBalancer.servers[n].preservePath`</a> | See [servers](../http/load-balancing/service.md#servers) for more information. | `true` |
| <a id="opt-http-services-service-name-loadBalancer-strategy" href="#opt-http-services-service-name-loadBalancer-strategy" title="#opt-http-services-service-name-loadBalancer-strategy">`http.services.<service_name>.loadBalancer.strategy`</a> | See [load balancing strategies](../http/load-balancing/service.md#load-balancing-strategies) for more information. | `wrr` |
| <a id="opt-http-services-service-name-loadBalancer-passHostHeader" href="#opt-http-services-service-name-loadBalancer-passHostHeader" title="#opt-http-services-service-name-loadBalancer-passHostHeader">`http.services.<service_name>.loadBalancer.passHostHeader`</a> | See [service load balancer](../http/load-balancing/service.md) for more information. | `true` |
| <a id="opt-http-services-service-name-loadBalancer-healthCheck" href="#opt-http-services-service-name-loadBalancer-healthCheck" title="#opt-http-services-service-name-loadBalancer-healthCheck">`http.services.<service_name>.loadBalancer.healthCheck.*`</a> | See [health check](../http/load-balancing/service.md#health-check) for more information. | `path: /health` |
| <a id="opt-http-services-service-name-loadBalancer-passiveHealthCheck" href="#opt-http-services-service-name-loadBalancer-passiveHealthCheck" title="#opt-http-services-service-name-loadBalancer-passiveHealthCheck">`http.services.<service_name>.loadBalancer.passiveHealthCheck.*`</a> | See [passive health check](../http/load-balancing/service.md#passive-health-check) for more information. | `maxFailedAttempts: 3` |
| <a id="opt-http-services-service-name-loadBalancer-sticky-cookie" href="#opt-http-services-service-name-loadBalancer-sticky-cookie" title="#opt-http-services-service-name-loadBalancer-sticky-cookie">`http.services.<service_name>.loadBalancer.sticky.cookie.*`</a> | See [sticky sessions](../http/load-balancing/service.md#sticky-sessions) for more information. | `name: app-cookie` |
| <a id="opt-http-services-service-name-loadBalancer-responseForwarding-flushInterval" href="#opt-http-services-service-name-loadBalancer-responseForwarding-flushInterval" title="#opt-http-services-service-name-loadBalancer-responseForwarding-flushInterval">`http.services.<service_name>.loadBalancer.responseForwarding.flushInterval`</a> | See [service load balancer](../http/load-balancing/service.md) for more information. | `100ms` |
| <a id="opt-http-services-service-name-loadBalancer-serversTransport" href="#opt-http-services-service-name-loadBalancer-serversTransport" title="#opt-http-services-service-name-loadBalancer-serversTransport">`http.services.<service_name>.loadBalancer.serversTransport`</a> | See [ServersTransport](../http/load-balancing/serverstransport.md) for more information. | `secure-transport` |
| <a id="opt-http-services-service-name-weighted-servicesn-name" href="#opt-http-services-service-name-weighted-servicesn-name" title="#opt-http-services-service-name-weighted-servicesn-name">`http.services.<service_name>.weighted.services[n].name`</a> | See [weighted round robin](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `app-v1` |
| <a id="opt-http-services-service-name-weighted-servicesn-weight" href="#opt-http-services-service-name-weighted-servicesn-weight" title="#opt-http-services-service-name-weighted-servicesn-weight">`http.services.<service_name>.weighted.services[n].weight`</a> | See [weighted round robin](../http/load-balancing/service.md#weighted-round-robin-wrr) for more information. | `3` |
| <a id="opt-http-services-service-name-weighted-sticky-cookie" href="#opt-http-services-service-name-weighted-sticky-cookie" title="#opt-http-services-service-name-weighted-sticky-cookie">`http.services.<service_name>.weighted.sticky.cookie.*`</a> | See [sticky sessions](../http/load-balancing/service.md#sticky-sessions) for more information. | `name: app-cookie` |
| <a id="opt-http-services-service-name-weighted-healthCheck" href="#opt-http-services-service-name-weighted-healthCheck" title="#opt-http-services-service-name-weighted-healthCheck">`http.services.<service_name>.weighted.healthCheck`</a> | See [weighted service health check](../http/load-balancing/service.md#health-check) for more information. | `{}` |
| <a id="opt-http-services-service-name-highestRandomWeight-servicesn-name" href="#opt-http-services-service-name-highestRandomWeight-servicesn-name" title="#opt-http-services-service-name-highestRandomWeight-servicesn-name">`http.services.<service_name>.highestRandomWeight.services[n].name`</a> | See [highest random weight](../http/load-balancing/service.md#highest-random-weight) for more information. | `app-v1` |
| <a id="opt-http-services-service-name-highestRandomWeight-servicesn-weight" href="#opt-http-services-service-name-highestRandomWeight-servicesn-weight" title="#opt-http-services-service-name-highestRandomWeight-servicesn-weight">`http.services.<service_name>.highestRandomWeight.services[n].weight`</a> | See [highest random weight](../http/load-balancing/service.md#highest-random-weight) for more information. | `3` |
| <a id="opt-http-services-service-name-highestRandomWeight-healthCheck" href="#opt-http-services-service-name-highestRandomWeight-healthCheck" title="#opt-http-services-service-name-highestRandomWeight-healthCheck">`http.services.<service_name>.highestRandomWeight.healthCheck`</a> | See [highest random weight](../http/load-balancing/service.md#highest-random-weight) for more information. | `{}` |
| <a id="opt-http-services-service-name-mirroring-service" href="#opt-http-services-service-name-mirroring-service" title="#opt-http-services-service-name-mirroring-service">`http.services.<service_name>.mirroring.service`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `app-main` |
| <a id="opt-http-services-service-name-mirroring-mirrorBody" href="#opt-http-services-service-name-mirroring-mirrorBody" title="#opt-http-services-service-name-mirroring-mirrorBody">`http.services.<service_name>.mirroring.mirrorBody`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `true` |
| <a id="opt-http-services-service-name-mirroring-maxBodySize" href="#opt-http-services-service-name-mirroring-maxBodySize" title="#opt-http-services-service-name-mirroring-maxBodySize">`http.services.<service_name>.mirroring.maxBodySize`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `1048576` |
| <a id="opt-http-services-service-name-mirroring-mirrorsn-name" href="#opt-http-services-service-name-mirroring-mirrorsn-name" title="#opt-http-services-service-name-mirroring-mirrorsn-name">`http.services.<service_name>.mirroring.mirrors[n].name`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `app-shadow` |
| <a id="opt-http-services-service-name-mirroring-mirrorsn-percent" href="#opt-http-services-service-name-mirroring-mirrorsn-percent" title="#opt-http-services-service-name-mirroring-mirrorsn-percent">`http.services.<service_name>.mirroring.mirrors[n].percent`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `10` |
| <a id="opt-http-services-service-name-mirroring-healthCheck" href="#opt-http-services-service-name-mirroring-healthCheck" title="#opt-http-services-service-name-mirroring-healthCheck">`http.services.<service_name>.mirroring.healthCheck`</a> | See [mirroring](../http/load-balancing/service.md#mirroring) for more information. | `{}` |
| <a id="opt-http-services-service-name-failover-service" href="#opt-http-services-service-name-failover-service" title="#opt-http-services-service-name-failover-service">`http.services.<service_name>.failover.service`</a> | See [failover](../http/load-balancing/service.md#failover) for more information. | `app-main` |
| <a id="opt-http-services-service-name-failover-fallback" href="#opt-http-services-service-name-failover-fallback" title="#opt-http-services-service-name-failover-fallback">`http.services.<service_name>.failover.fallback`</a> | See [failover](../http/load-balancing/service.md#failover) for more information. | `app-backup` |
| <a id="opt-http-services-service-name-failover-healthCheck" href="#opt-http-services-service-name-failover-healthCheck" title="#opt-http-services-service-name-failover-healthCheck">`http.services.<service_name>.failover.healthCheck`</a> | See [failover](../http/load-balancing/service.md#failover) for more information. | `{}` |
| <a id="opt-http-services-service-name-failover-errors-maxRequestBodyBytes" href="#opt-http-services-service-name-failover-errors-maxRequestBodyBytes" title="#opt-http-services-service-name-failover-errors-maxRequestBodyBytes">`http.services.<service_name>.failover.errors.maxRequestBodyBytes`</a> | See [failover errors](../http/load-balancing/service.md#errors) for more information. | `1048576` |
| <a id="opt-http-services-service-name-failover-errors-statusn" href="#opt-http-services-service-name-failover-errors-statusn" title="#opt-http-services-service-name-failover-errors-statusn">`http.services.<service_name>.failover.errors.status[n]`</a> | See [failover errors](../http/load-balancing/service.md#errors) for more information. | `500-599` |
| <a id="opt-http-services-service-name-middlewaresn" href="#opt-http-services-service-name-middlewaresn" title="#opt-http-services-service-name-middlewaresn">`http.services.<service_name>.middlewares[n]`</a> | Adds middlewares to the service. | `service-ratelimit` |
#### Middlewares
Define HTTP middlewares under `http.middlewares.<middleware_name>`.
For example, to declare an [`AddPrefix`](../http/middlewares/addprefix.md) middleware named `add-api`, set `http.middlewares.add-api.addPrefix.prefix=/api`.
More information about available middlewares can be found in the dedicated [middlewares section](../http/middlewares/overview.md).
!!! warning "The character `@` is not authorized in the middleware name `<middleware_name>`."
!!! warning "Conflicts in Declaration"
If you declare multiple middlewares with the same name but different parameters, the middleware fails to be declared.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-middlewares-middleware-name-middleware-type-middleware-option" href="#opt-http-middlewares-middleware-name-middleware-type-middleware-option" title="#opt-http-middlewares-middleware-name-middleware-type-middleware-option">`http.middlewares.<middleware_name>.<middleware_type>.<middleware_option>`</a> | With `middleware_type` the middleware type, such as `addPrefix` or `headers`, and `middleware_option` the option to set. | `prefix: /api` |
#### ServersTransports
Define HTTP ServersTransports under `http.serversTransports.<servers_transport_name>`.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-http-serversTransports-servers-transport-name" href="#opt-http-serversTransports-servers-transport-name" title="#opt-http-serversTransports-servers-transport-name">`http.serversTransports.<servers_transport_name>.*`</a> | See [ServersTransport](../http/load-balancing/serverstransport.md) for more information. | `serverName: example.org` |
### TCP
You can declare TCP routers, services, middlewares, and ServersTransports with the file provider.
#### TCP Routers
Define TCP routers under `tcp.routers.<router_name>`.
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-routers-router-name-entryPointsn" href="#opt-tcp-routers-router-name-entryPointsn" title="#opt-tcp-routers-router-name-entryPointsn">`tcp.routers.<router_name>.entryPoints[n]`</a> | See [entry points](../../install-configuration/entrypoints.md) for more information. | `websecure` |
| <a id="opt-tcp-routers-router-name-rule" href="#opt-tcp-routers-router-name-rule" title="#opt-tcp-routers-router-name-rule">`tcp.routers.<router_name>.rule`</a> | See [rule](../tcp/routing/rules-and-priority.md#rules) for more information. | ```HostSNI(`example.com`)``` |
| <a id="opt-tcp-routers-router-name-ruleSyntax" href="#opt-tcp-routers-router-name-ruleSyntax" title="#opt-tcp-routers-router-name-ruleSyntax">`tcp.routers.<router_name>.ruleSyntax`</a> | Configures the rule syntax to use for parsing the rule on a per-router basis.<br/>RuleSyntax is deprecated and will be removed in the next major version. | `v3` |
| <a id="opt-tcp-routers-router-name-middlewaresn" href="#opt-tcp-routers-router-name-middlewaresn" title="#opt-tcp-routers-router-name-middlewaresn">`tcp.routers.<router_name>.middlewares[n]`</a> | See [TCP middlewares overview](../tcp/middlewares/overview.md) for more information. | `ip-allowlist` |
| <a id="opt-tcp-routers-router-name-service" href="#opt-tcp-routers-router-name-service" title="#opt-tcp-routers-router-name-service">`tcp.routers.<router_name>.service`</a> | See [service](../tcp/service.md) for more information. | `tcp-app` |
| <a id="opt-tcp-routers-router-name-tls" href="#opt-tcp-routers-router-name-tls" title="#opt-tcp-routers-router-name-tls">`tcp.routers.<router_name>.tls`</a> | See [TLS](../tcp/tls.md) for more information. | `{}` |
| <a id="opt-tcp-routers-router-name-tls-certResolver" href="#opt-tcp-routers-router-name-tls-certResolver" title="#opt-tcp-routers-router-name-tls-certResolver">`tcp.routers.<router_name>.tls.certResolver`</a> | See [certResolver](../tcp/tls.md#configuration-options) for more information. | `myresolver` |
| <a id="opt-tcp-routers-router-name-tls-domainsn-main" href="#opt-tcp-routers-router-name-tls-domainsn-main" title="#opt-tcp-routers-router-name-tls-domainsn-main">`tcp.routers.<router_name>.tls.domains[n].main`</a> | See [TLS](../tcp/tls.md) for more information. | `example.org` |
| <a id="opt-tcp-routers-router-name-tls-domainsn-sansn" href="#opt-tcp-routers-router-name-tls-domainsn-sansn" title="#opt-tcp-routers-router-name-tls-domainsn-sansn">`tcp.routers.<router_name>.tls.domains[n].sans[n]`</a> | See [TLS](../tcp/tls.md) for more information. | `www.example.org` |
| <a id="opt-tcp-routers-router-name-tls-options" href="#opt-tcp-routers-router-name-tls-options" title="#opt-tcp-routers-router-name-tls-options">`tcp.routers.<router_name>.tls.options`</a> | See [TLS](../tcp/tls.md) for more information. | `modern` |
| <a id="opt-tcp-routers-router-name-tls-passthrough" href="#opt-tcp-routers-router-name-tls-passthrough" title="#opt-tcp-routers-router-name-tls-passthrough">`tcp.routers.<router_name>.tls.passthrough`</a> | See [Passthrough](../tcp/tls.md#opt-passthrough) for more information. | `true` |
| <a id="opt-tcp-routers-router-name-priority" href="#opt-tcp-routers-router-name-priority" title="#opt-tcp-routers-router-name-priority">`tcp.routers.<router_name>.priority`</a> | See [priority](../tcp/routing/rules-and-priority.md#priority-calculation) for more information. | `42` |
#### TCP Services
Define TCP services under `tcp.services.<service_name>`.
!!! warning "The character `@` is not authorized in the service name `<service_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-services-service-name-loadBalancer-serversn-address" href="#opt-tcp-services-service-name-loadBalancer-serversn-address" title="#opt-tcp-services-service-name-loadBalancer-serversn-address">`tcp.services.<service_name>.loadBalancer.servers[n].address`</a> | See [servers load balancer](../tcp/service.md#servers-load-balancer) for more information. | `127.0.0.1:9000` |
| <a id="opt-tcp-services-service-name-loadBalancer-serversn-tls" href="#opt-tcp-services-service-name-loadBalancer-serversn-tls" title="#opt-tcp-services-service-name-loadBalancer-serversn-tls">`tcp.services.<service_name>.loadBalancer.servers[n].tls`</a> | Determines whether to use TLS when dialing the backend server. | `true` |
| <a id="opt-tcp-services-service-name-loadBalancer-serversTransport" href="#opt-tcp-services-service-name-loadBalancer-serversTransport" title="#opt-tcp-services-service-name-loadBalancer-serversTransport">`tcp.services.<service_name>.loadBalancer.serversTransport`</a> | See [TCP ServersTransport](../tcp/serverstransport.md) for more information. | `secure-tcp` |
| <a id="opt-tcp-services-service-name-loadBalancer-proxyProtocol-version" href="#opt-tcp-services-service-name-loadBalancer-proxyProtocol-version" title="#opt-tcp-services-service-name-loadBalancer-proxyProtocol-version">`tcp.services.<service_name>.loadBalancer.proxyProtocol.version`</a> | Enables Proxy Protocol for backend connections. | `2` |
| <a id="opt-tcp-services-service-name-loadBalancer-terminationDelay" href="#opt-tcp-services-service-name-loadBalancer-terminationDelay" title="#opt-tcp-services-service-name-loadBalancer-terminationDelay">`tcp.services.<service_name>.loadBalancer.terminationDelay`</a> | Defines the delay before terminating connections. | `100` |
| <a id="opt-tcp-services-service-name-loadBalancer-healthCheck" href="#opt-tcp-services-service-name-loadBalancer-healthCheck" title="#opt-tcp-services-service-name-loadBalancer-healthCheck">`tcp.services.<service_name>.loadBalancer.healthCheck.*`</a> | See [TCP service health check](../tcp/service.md#health-check) for more information. | `interval: 10s` |
| <a id="opt-tcp-services-service-name-weighted-servicesn-name" href="#opt-tcp-services-service-name-weighted-servicesn-name" title="#opt-tcp-services-service-name-weighted-servicesn-name">`tcp.services.<service_name>.weighted.services[n].name`</a> | See [weighted round robin](../tcp/service.md#weighted-round-robin) for more information. | `tcp-v1` |
| <a id="opt-tcp-services-service-name-weighted-servicesn-weight" href="#opt-tcp-services-service-name-weighted-servicesn-weight" title="#opt-tcp-services-service-name-weighted-servicesn-weight">`tcp.services.<service_name>.weighted.services[n].weight`</a> | See [weighted round robin](../tcp/service.md#weighted-round-robin) for more information. | `3` |
| <a id="opt-tcp-services-service-name-weighted-healthCheck" href="#opt-tcp-services-service-name-weighted-healthCheck" title="#opt-tcp-services-service-name-weighted-healthCheck">`tcp.services.<service_name>.weighted.healthCheck`</a> | See [weighted round robin](../tcp/service.md#weighted-round-robin) for more information. | `{}` |
#### TCP Middlewares
Define TCP middlewares under `tcp.middlewares.<middleware_name>`.
For example, to declare an [`InFlightConn`](../tcp/middlewares/inflightconn.md) middleware named `limit`, set `tcp.middlewares.limit.inFlightConn.amount=10`.
More information about available middlewares is available in the dedicated [TCP middlewares section](../tcp/middlewares/overview.md).
!!! warning "The character `@` is not authorized in the middleware name `<middleware_name>`."
!!! warning "Conflicts in Declaration"
If you declare multiple middlewares with the same name but different parameters, the middleware fails to be declared.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-middlewares-middleware-name-middleware-type-middleware-option" href="#opt-tcp-middlewares-middleware-name-middleware-type-middleware-option" title="#opt-tcp-middlewares-middleware-name-middleware-type-middleware-option">`tcp.middlewares.<middleware_name>.<middleware_type>.<middleware_option>`</a> | With `middleware_type` the middleware type, such as `inFlightConn`, and `middleware_option` the option to set. | `amount: 10` |
#### TCP ServersTransports
Define TCP ServersTransports under `tcp.serversTransports.<servers_transport_name>`.
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tcp-serversTransports-servers-transport-name" href="#opt-tcp-serversTransports-servers-transport-name" title="#opt-tcp-serversTransports-servers-transport-name">`tcp.serversTransports.<servers_transport_name>.*`</a> | See [TCP ServersTransport](../tcp/serverstransport.md) for more information. | `dialTimeout: 30s` |
### UDP
You can declare UDP routers and services with the file provider.
#### UDP Routers
Define UDP routers under `udp.routers.<router_name>`.
!!! warning "The character `@` is not authorized in the router name `<router_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-udp-routers-router-name-entryPointsn" href="#opt-udp-routers-router-name-entryPointsn" title="#opt-udp-routers-router-name-entryPointsn">`udp.routers.<router_name>.entryPoints[n]`</a> | See [UDP router entrypoints](../udp/routing/rules-priority.md#entrypoints) for more information. | `dns` |
| <a id="opt-udp-routers-router-name-service" href="#opt-udp-routers-router-name-service" title="#opt-udp-routers-router-name-service">`udp.routers.<router_name>.service`</a> | See [UDP router configuration](../udp/routing/rules-priority.md#configuration-example) for more information. | `dns-service` |
#### UDP Services
Define UDP services under `udp.services.<service_name>`.
!!! warning "The character `@` is not authorized in the service name `<service_name>`."
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-udp-services-service-name-loadBalancer-serversn-address" href="#opt-udp-services-service-name-loadBalancer-serversn-address" title="#opt-udp-services-service-name-loadBalancer-serversn-address">`udp.services.<service_name>.loadBalancer.servers[n].address`</a> | See [UDP service](../udp/service.md) for more information. | `127.0.0.1:5353` |
| <a id="opt-udp-services-service-name-weighted-servicesn-name" href="#opt-udp-services-service-name-weighted-servicesn-name" title="#opt-udp-services-service-name-weighted-servicesn-name">`udp.services.<service_name>.weighted.services[n].name`</a> | See [UDP service](../udp/service.md) for more information. | `dns-v1` |
| <a id="opt-udp-services-service-name-weighted-servicesn-weight" href="#opt-udp-services-service-name-weighted-servicesn-weight" title="#opt-udp-services-service-name-weighted-servicesn-weight">`udp.services.<service_name>.weighted.services[n].weight`</a> | See [UDP service](../udp/service.md) for more information. | `3` |
### TLS
You can declare TLS certificates, options, and stores with the file provider.
#### Certificates
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tls-certificatesn-certFile" href="#opt-tls-certificatesn-certFile" title="#opt-tls-certificatesn-certFile">`tls.certificates[n].certFile`</a> | See [TLS certificates](../http/tls/tls-certificates.md) for more information. | `/certs/example.crt` |
| <a id="opt-tls-certificatesn-keyFile" href="#opt-tls-certificatesn-keyFile" title="#opt-tls-certificatesn-keyFile">`tls.certificates[n].keyFile`</a> | See [TLS certificates](../http/tls/tls-certificates.md) for more information. | `/certs/example.key` |
| <a id="opt-tls-certificatesn-storesn" href="#opt-tls-certificatesn-storesn" title="#opt-tls-certificatesn-storesn">`tls.certificates[n].stores[n]`</a> | See [certificate stores](../http/tls/tls-certificates.md#certificates-stores) for more information. | `default` |
#### TLS Options
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tls-options-options-name-minVersion" href="#opt-tls-options-options-name-minVersion" title="#opt-tls-options-options-name-minVersion">`tls.options.<options_name>.minVersion`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `VersionTLS12` |
| <a id="opt-tls-options-options-name-maxVersion" href="#opt-tls-options-options-name-maxVersion" title="#opt-tls-options-options-name-maxVersion">`tls.options.<options_name>.maxVersion`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `VersionTLS13` |
| <a id="opt-tls-options-options-name-cipherSuitesn" href="#opt-tls-options-options-name-cipherSuitesn" title="#opt-tls-options-options-name-cipherSuitesn">`tls.options.<options_name>.cipherSuites[n]`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` |
| <a id="opt-tls-options-options-name-curvePreferencesn" href="#opt-tls-options-options-name-curvePreferencesn" title="#opt-tls-options-options-name-curvePreferencesn">`tls.options.<options_name>.curvePreferences[n]`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `CurveP256` |
| <a id="opt-tls-options-options-name-clientAuth-caFilesn" href="#opt-tls-options-options-name-clientAuth-caFilesn" title="#opt-tls-options-options-name-clientAuth-caFilesn">`tls.options.<options_name>.clientAuth.caFiles[n]`</a> | See [client authentication](../http/tls/tls-options.md#client-authentication-mtls) for more information. | `/certs/client-ca.crt` |
| <a id="opt-tls-options-options-name-clientAuth-clientAuthType" href="#opt-tls-options-options-name-clientAuth-clientAuthType" title="#opt-tls-options-options-name-clientAuth-clientAuthType">`tls.options.<options_name>.clientAuth.clientAuthType`</a> | See [client authentication](../http/tls/tls-options.md#client-authentication-mtls) for more information. | `RequireAndVerifyClientCert` |
| <a id="opt-tls-options-options-name-sniStrict" href="#opt-tls-options-options-name-sniStrict" title="#opt-tls-options-options-name-sniStrict">`tls.options.<options_name>.sniStrict`</a> | See [strict SNI checking](../http/tls/tls-options.md#strict-sni-checking) for more information. | `true` |
| <a id="opt-tls-options-options-name-alpnProtocolsn" href="#opt-tls-options-options-name-alpnProtocolsn" title="#opt-tls-options-options-name-alpnProtocolsn">`tls.options.<options_name>.alpnProtocols[n]`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `h2` |
| <a id="opt-tls-options-options-name-disableSessionTickets" href="#opt-tls-options-options-name-disableSessionTickets" title="#opt-tls-options-options-name-disableSessionTickets">`tls.options.<options_name>.disableSessionTickets`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `true` |
| <a id="opt-tls-options-options-name-preferServerCipherSuites" href="#opt-tls-options-options-name-preferServerCipherSuites" title="#opt-tls-options-options-name-preferServerCipherSuites">`tls.options.<options_name>.preferServerCipherSuites`</a> | See [TLS options](../http/tls/tls-options.md) for more information. | `true` |
#### TLS Stores
| Field | Description | Value |
|------|-------------|-------|
| <a id="opt-tls-stores-store-name-defaultCertificate-certFile" href="#opt-tls-stores-store-name-defaultCertificate-certFile" title="#opt-tls-stores-store-name-defaultCertificate-certFile">`tls.stores.<store_name>.defaultCertificate.certFile`</a> | See [default certificate](../http/tls/tls-certificates.md#default-certificate) for more information. | `/certs/default.crt` |
| <a id="opt-tls-stores-store-name-defaultCertificate-keyFile" href="#opt-tls-stores-store-name-defaultCertificate-keyFile" title="#opt-tls-stores-store-name-defaultCertificate-keyFile">`tls.stores.<store_name>.defaultCertificate.keyFile`</a> | See [default certificate](../http/tls/tls-certificates.md#default-certificate) for more information. | `/certs/default.key` |
| <a id="opt-tls-stores-store-name-defaultGeneratedCert-resolver" href="#opt-tls-stores-store-name-defaultGeneratedCert-resolver" title="#opt-tls-stores-store-name-defaultGeneratedCert-resolver">`tls.stores.<store_name>.defaultGeneratedCert.resolver`</a> | See [ACME default certificate](../http/tls/tls-certificates.md#acme-default-certificate) for more information. | `myresolver` |
| <a id="opt-tls-stores-store-name-defaultGeneratedCert-domain-main" href="#opt-tls-stores-store-name-defaultGeneratedCert-domain-main" title="#opt-tls-stores-store-name-defaultGeneratedCert-domain-main">`tls.stores.<store_name>.defaultGeneratedCert.domain.main`</a> | See [ACME default certificate](../http/tls/tls-certificates.md#acme-default-certificate) for more information. | `example.org` |
| <a id="opt-tls-stores-store-name-defaultGeneratedCert-domain-sansn" href="#opt-tls-stores-store-name-defaultGeneratedCert-domain-sansn" title="#opt-tls-stores-store-name-defaultGeneratedCert-domain-sansn">`tls.stores.<store_name>.defaultGeneratedCert.domain.sans[n]`</a> | See [ACME default certificate](../http/tls/tls-certificates.md#acme-default-certificate) for more information. | `www.example.org` |
## Go Templating
@@ -69,7 +497,7 @@ To illustrate, it is possible to easily define multiple routers, services, and T
{{ range $i, $e := until 10 }}
- certFile: "/etc/traefik/cert-{{ $e }}.pem"
keyFile: "/etc/traefik/cert-{{ $e }}.key"
store:
stores:
- "my-store-foo-{{ $e }}"
- "my-store-bar-{{ $e }}"
{{end}}
@@ -101,7 +529,7 @@ To illustrate, it is possible to easily define multiple routers, services, and T
[tcp.services]
{{ range $i, $e := until 100 }}
[http.services.service{{ $e }}]
[tcp.services.service{{ $e }}]
# ...
{{ end }}
@@ -112,9 +540,9 @@ To illustrate, it is possible to easily define multiple routers, services, and T
stores = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
{{ end }}
[tls.config]
[tls.options]
{{ range $i, $e := until 10 }}
[tls.config.TLS{{ $e }}]
[tls.options.TLS{{ $e }}]
# ...
{{ end }}
```
docs/content/reference/routing-configuration/other-providers/file.toml
-667
View File
@@ -1,667 +0,0 @@
## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
[http]
[http.routers]
[http.routers.Router0]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
parentRefs = ["foobar", "foobar"]
ruleSyntax = "foobar"
priority = 42
[http.routers.Router0.tls]
options = "foobar"
certResolver = "foobar"
[[http.routers.Router0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[http.routers.Router0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[http.routers.Router0.observability]
accessLogs = true
metrics = true
tracing = true
traceVerbosity = "foobar"
[http.routers.Router1]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
parentRefs = ["foobar", "foobar"]
ruleSyntax = "foobar"
priority = 42
[http.routers.Router1.tls]
options = "foobar"
certResolver = "foobar"
[[http.routers.Router1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[http.routers.Router1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[http.routers.Router1.observability]
accessLogs = true
metrics = true
tracing = true
traceVerbosity = "foobar"
[http.services]
[http.services.Service01]
[http.services.Service01.failover]
service = "foobar"
fallback = "foobar"
[http.services.Service01.failover.healthCheck]
[http.services.Service01.failover.errors]
maxRequestBodyBytes = 42
status = ["foobar", "foobar"]
[http.services.Service02]
[http.services.Service02.highestRandomWeight]
[[http.services.Service02.highestRandomWeight.services]]
name = "foobar"
weight = 42
[[http.services.Service02.highestRandomWeight.services]]
name = "foobar"
weight = 42
[http.services.Service02.highestRandomWeight.healthCheck]
[http.services.Service03]
[http.services.Service03.loadBalancer]
strategy = "foobar"
passHostHeader = true
serversTransport = "foobar"
[http.services.Service03.loadBalancer.sticky]
[http.services.Service03.loadBalancer.sticky.cookie]
name = "foobar"
secure = true
httpOnly = true
sameSite = "foobar"
maxAge = 42
path = "foobar"
domain = "foobar"
[[http.services.Service03.loadBalancer.servers]]
url = "foobar"
weight = 42
preservePath = true
[[http.services.Service03.loadBalancer.servers]]
url = "foobar"
weight = 42
preservePath = true
[http.services.Service03.loadBalancer.healthCheck]
scheme = "foobar"
mode = "foobar"
path = "foobar"
method = "foobar"
status = 42
port = 42
interval = "42s"
unhealthyInterval = "42s"
timeout = "42s"
hostname = "foobar"
followRedirects = true
[http.services.Service03.loadBalancer.healthCheck.headers]
name0 = "foobar"
name1 = "foobar"
[http.services.Service03.loadBalancer.passiveHealthCheck]
failureWindow = "42s"
maxFailedAttempts = 42
[http.services.Service03.loadBalancer.responseForwarding]
flushInterval = "42s"
[http.services.Service04]
middlewares = ["foobar", "foobar"]
[http.services.Service05]
[http.services.Service05.mirroring]
service = "foobar"
mirrorBody = true
maxBodySize = 42
[[http.services.Service05.mirroring.mirrors]]
name = "foobar"
percent = 42
[[http.services.Service05.mirroring.mirrors]]
name = "foobar"
percent = 42
[http.services.Service05.mirroring.healthCheck]
[http.services.Service06]
[http.services.Service06.weighted]
[[http.services.Service06.weighted.services]]
name = "foobar"
weight = 42
[[http.services.Service06.weighted.services]]
name = "foobar"
weight = 42
[http.services.Service06.weighted.sticky]
[http.services.Service06.weighted.sticky.cookie]
name = "foobar"
secure = true
httpOnly = true
sameSite = "foobar"
maxAge = 42
path = "foobar"
domain = "foobar"
[http.services.Service06.weighted.healthCheck]
[http.middlewares]
[http.middlewares.Middleware01]
[http.middlewares.Middleware01.addPrefix]
prefix = "foobar"
[http.middlewares.Middleware02]
[http.middlewares.Middleware02.basicAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
realm = "foobar"
removeHeader = true
headerField = "foobar"
[http.middlewares.Middleware03]
[http.middlewares.Middleware03.buffering]
maxRequestBodyBytes = 42
memRequestBodyBytes = 42
maxResponseBodyBytes = 42
memResponseBodyBytes = 42
retryExpression = "foobar"
[http.middlewares.Middleware04]
[http.middlewares.Middleware04.chain]
middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware05]
[http.middlewares.Middleware05.circuitBreaker]
expression = "foobar"
checkPeriod = "42s"
fallbackDuration = "42s"
recoveryDuration = "42s"
responseCode = 42
[http.middlewares.Middleware06]
[http.middlewares.Middleware06.compress]
excludedContentTypes = ["foobar", "foobar"]
includedContentTypes = ["foobar", "foobar"]
minResponseBodyBytes = 42
encodings = ["foobar", "foobar"]
defaultEncoding = "foobar"
[http.middlewares.Middleware07]
[http.middlewares.Middleware07.contentType]
autoDetect = true
[http.middlewares.Middleware08]
[http.middlewares.Middleware08.digestAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
removeHeader = true
realm = "foobar"
headerField = "foobar"
[http.middlewares.Middleware09]
[http.middlewares.Middleware09.encodedCharacters]
allowEncodedSlash = true
allowEncodedBackSlash = true
allowEncodedNullCharacter = true
allowEncodedSemicolon = true
allowEncodedPercent = true
allowEncodedQuestionMark = true
allowEncodedHash = true
[http.middlewares.Middleware10]
[http.middlewares.Middleware10.errors]
status = ["foobar", "foobar"]
service = "foobar"
query = "foobar"
errorRequestHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware10.errors.statusRewrites]
name0 = 42
name1 = 42
[http.middlewares.Middleware11]
[http.middlewares.Middleware11.forwardAuth]
address = "foobar"
trustForwardHeader = true
authResponseHeaders = ["foobar", "foobar"]
authResponseHeadersRegex = "foobar"
authRequestHeaders = ["foobar", "foobar"]
maxResponseBodySize = 42
addAuthCookiesToResponse = ["foobar", "foobar"]
headerField = "foobar"
forwardBody = true
maxBodySize = 42
preserveLocationHeader = true
preserveRequestMethod = true
authSigninURL = "foobar"
[http.middlewares.Middleware11.forwardAuth.tls]
ca = "foobar"
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
caOptional = true
[http.middlewares.Middleware12]
[http.middlewares.Middleware12.grpcWeb]
allowOrigins = ["foobar", "foobar"]
[http.middlewares.Middleware13]
[http.middlewares.Middleware13.headers]
accessControlAllowCredentials = true
accessControlAllowHeaders = ["foobar", "foobar"]
accessControlAllowMethods = ["foobar", "foobar"]
accessControlAllowOriginList = ["foobar", "foobar"]
accessControlAllowOriginListRegex = ["foobar", "foobar"]
accessControlExposeHeaders = ["foobar", "foobar"]
accessControlMaxAge = 42
addVaryHeader = true
allowedHosts = ["foobar", "foobar"]
hostsProxyHeaders = ["foobar", "foobar"]
stsSeconds = 42
stsIncludeSubdomains = true
stsPreload = true
forceSTSHeader = true
frameDeny = true
customFrameOptionsValue = "foobar"
contentTypeNosniff = true
browserXssFilter = true
customBrowserXSSValue = "foobar"
contentSecurityPolicy = "foobar"
contentSecurityPolicyReportOnly = "foobar"
publicKey = "foobar"
referrerPolicy = "foobar"
permissionsPolicy = "foobar"
isDevelopment = true
featurePolicy = "foobar"
sslRedirect = true
sslTemporaryRedirect = true
sslHost = "foobar"
sslForceHost = true
[http.middlewares.Middleware13.headers.customRequestHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware13.headers.customResponseHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware13.headers.sslProxyHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.ipAllowList]
sourceRange = ["foobar", "foobar"]
rejectStatusCode = 42
[http.middlewares.Middleware14.ipAllowList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware15.ipWhiteList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.inFlightReq]
amount = 42
[http.middlewares.Middleware16.inFlightReq.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware16.inFlightReq.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.passTLSClientCert]
pem = true
[http.middlewares.Middleware17.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
serialNumber = true
[http.middlewares.Middleware17.passTLSClientCert.info.subject]
country = true
province = true
locality = true
organization = true
organizationalUnit = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware17.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
organization = true
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware18]
[http.middlewares.Middleware18.plugin]
[http.middlewares.Middleware18.plugin.PluginConf0]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware18.plugin.PluginConf1]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.rateLimit]
average = 42
period = "42s"
burst = 42
[http.middlewares.Middleware19.rateLimit.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware19.rateLimit.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
ipv6Subnet = 42
[http.middlewares.Middleware19.rateLimit.redis]
endpoints = ["foobar", "foobar"]
username = "foobar"
password = "foobar"
db = 42
poolSize = 42
minIdleConns = 42
maxActiveConns = 42
readTimeout = "42s"
writeTimeout = "42s"
dialTimeout = "42s"
[http.middlewares.Middleware19.rateLimit.redis.tls]
ca = "foobar"
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[http.middlewares.Middleware20]
[http.middlewares.Middleware20.redirectRegex]
regex = "foobar"
replacement = "foobar"
permanent = true
[http.middlewares.Middleware21]
[http.middlewares.Middleware21.redirectScheme]
scheme = "foobar"
port = "foobar"
permanent = true
[http.middlewares.Middleware22]
[http.middlewares.Middleware22.replacePath]
path = "foobar"
[http.middlewares.Middleware23]
[http.middlewares.Middleware23.replacePathRegex]
regex = "foobar"
replacement = "foobar"
[http.middlewares.Middleware24]
[http.middlewares.Middleware24.retry]
attempts = 42
timeout = "42s"
initialInterval = "42s"
maxRequestBodyBytes = 42
status = ["foobar", "foobar"]
disableRetryOnNetworkError = true
retryNonIdempotentMethod = true
[http.middlewares.Middleware25]
[http.middlewares.Middleware25.stripPrefix]
prefixes = ["foobar", "foobar"]
forceSlash = true
[http.middlewares.Middleware26]
[http.middlewares.Middleware26.stripPrefixRegex]
regex = ["foobar", "foobar"]
[http.serversTransports]
[http.serversTransports.ServersTransport0]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
cipherSuites = ["foobar", "foobar"]
minVersion = "foobar"
maxVersion = "foobar"
maxIdleConnsPerHost = 42
disableHTTP2 = true
peerCertURI = "foobar"
[[http.serversTransports.ServersTransport0.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[http.serversTransports.ServersTransport0.certificates]]
certFile = "foobar"
keyFile = "foobar"
[http.serversTransports.ServersTransport0.forwardingTimeouts]
dialTimeout = "42s"
responseHeaderTimeout = "42s"
idleConnTimeout = "42s"
readIdleTimeout = "42s"
pingTimeout = "42s"
[http.serversTransports.ServersTransport0.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[http.serversTransports.ServersTransport1]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
cipherSuites = ["foobar", "foobar"]
minVersion = "foobar"
maxVersion = "foobar"
maxIdleConnsPerHost = 42
disableHTTP2 = true
peerCertURI = "foobar"
[[http.serversTransports.ServersTransport1.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[http.serversTransports.ServersTransport1.certificates]]
certFile = "foobar"
keyFile = "foobar"
[http.serversTransports.ServersTransport1.forwardingTimeouts]
dialTimeout = "42s"
responseHeaderTimeout = "42s"
idleConnTimeout = "42s"
readIdleTimeout = "42s"
pingTimeout = "42s"
[http.serversTransports.ServersTransport1.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[tcp]
[tcp.routers]
[tcp.routers.TCPRouter0]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
ruleSyntax = "foobar"
priority = 42
[tcp.routers.TCPRouter0.tls]
passthrough = true
options = "foobar"
certResolver = "foobar"
[[tcp.routers.TCPRouter0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[tcp.routers.TCPRouter0.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[tcp.routers.TCPRouter1]
entryPoints = ["foobar", "foobar"]
middlewares = ["foobar", "foobar"]
service = "foobar"
rule = "foobar"
ruleSyntax = "foobar"
priority = 42
[tcp.routers.TCPRouter1.tls]
passthrough = true
options = "foobar"
certResolver = "foobar"
[[tcp.routers.TCPRouter1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[[tcp.routers.TCPRouter1.tls.domains]]
main = "foobar"
sans = ["foobar", "foobar"]
[tcp.services]
[tcp.services.TCPService01]
[tcp.services.TCPService01.loadBalancer]
serversTransport = "foobar"
terminationDelay = 42
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[[tcp.services.TCPService01.loadBalancer.servers]]
address = "foobar"
tls = true
[tcp.services.TCPService01.loadBalancer.proxyProtocol]
version = 42
[tcp.services.TCPService01.loadBalancer.healthCheck]
port = 42
send = "foobar"
expect = "foobar"
interval = "42s"
unhealthyInterval = "42s"
timeout = "42s"
[tcp.services.TCPService02]
[tcp.services.TCPService02.weighted]
[[tcp.services.TCPService02.weighted.services]]
name = "foobar"
weight = 42
[[tcp.services.TCPService02.weighted.services]]
name = "foobar"
weight = 42
[tcp.services.TCPService02.weighted.healthCheck]
[tcp.middlewares]
[tcp.middlewares.TCPMiddleware01]
[tcp.middlewares.TCPMiddleware01.ipAllowList]
sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware02]
[tcp.middlewares.TCPMiddleware02.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware03]
[tcp.middlewares.TCPMiddleware03.inFlightConn]
amount = 42
[tcp.serversTransports]
[tcp.serversTransports.TCPServersTransport0]
dialKeepAlive = "42s"
dialTimeout = "42s"
terminationDelay = "42s"
[tcp.serversTransports.TCPServersTransport0.proxyProtocol]
version = 42
[tcp.serversTransports.TCPServersTransport0.tls]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
peerCertURI = "foobar"
[[tcp.serversTransports.TCPServersTransport0.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[tcp.serversTransports.TCPServersTransport0.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[tcp.serversTransports.TCPServersTransport0.tls.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[tcp.serversTransports.TCPServersTransport1]
dialKeepAlive = "42s"
dialTimeout = "42s"
terminationDelay = "42s"
[tcp.serversTransports.TCPServersTransport1.proxyProtocol]
version = 42
[tcp.serversTransports.TCPServersTransport1.tls]
serverName = "foobar"
insecureSkipVerify = true
rootCAs = ["foobar", "foobar"]
peerCertURI = "foobar"
[[tcp.serversTransports.TCPServersTransport1.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[[tcp.serversTransports.TCPServersTransport1.tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
[tcp.serversTransports.TCPServersTransport1.tls.spiffe]
ids = ["foobar", "foobar"]
trustDomain = "foobar"
[udp]
[udp.routers]
[udp.routers.UDPRouter0]
entryPoints = ["foobar", "foobar"]
service = "foobar"
[udp.routers.UDPRouter1]
entryPoints = ["foobar", "foobar"]
service = "foobar"
[udp.services]
[udp.services.UDPService01]
[udp.services.UDPService01.loadBalancer]
[[udp.services.UDPService01.loadBalancer.servers]]
address = "foobar"
[[udp.services.UDPService01.loadBalancer.servers]]
address = "foobar"
[udp.services.UDPService02]
[udp.services.UDPService02.weighted]
[[udp.services.UDPService02.weighted.services]]
name = "foobar"
weight = 42
[[udp.services.UDPService02.weighted.services]]
name = "foobar"
weight = 42
[tls]
[[tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
stores = ["foobar", "foobar"]
[[tls.certificates]]
certFile = "foobar"
keyFile = "foobar"
stores = ["foobar", "foobar"]
[tls.options]
[tls.options.Options0]
minVersion = "foobar"
maxVersion = "foobar"
cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"]
sniStrict = true
alpnProtocols = ["foobar", "foobar"]
disableSessionTickets = true
preferServerCipherSuites = true
[tls.options.Options0.clientAuth]
caFiles = ["foobar", "foobar"]
clientAuthType = "foobar"
[tls.options.Options1]
minVersion = "foobar"
maxVersion = "foobar"
cipherSuites = ["foobar", "foobar"]
curvePreferences = ["foobar", "foobar"]
sniStrict = true
alpnProtocols = ["foobar", "foobar"]
disableSessionTickets = true
preferServerCipherSuites = true
[tls.options.Options1.clientAuth]
caFiles = ["foobar", "foobar"]
clientAuthType = "foobar"
[tls.stores]
[tls.stores.Store0]
[tls.stores.Store0.defaultCertificate]
certFile = "foobar"
keyFile = "foobar"
[tls.stores.Store0.defaultGeneratedCert]
resolver = "foobar"
[tls.stores.Store0.defaultGeneratedCert.domain]
main = "foobar"
sans = ["foobar", "foobar"]
[tls.stores.Store1]
[tls.stores.Store1.defaultCertificate]
certFile = "foobar"
keyFile = "foobar"
[tls.stores.Store1.defaultGeneratedCert]
resolver = "foobar"
[tls.stores.Store1.defaultGeneratedCert.domain]
main = "foobar"
sans = ["foobar", "foobar"]
docs/content/reference/routing-configuration/other-providers/file.yaml
-763
View File
@@ -1,763 +0,0 @@
## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
http:
routers:
Router0:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
parentRefs:
- foobar
- foobar
ruleSyntax: foobar
priority: 42
tls:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
observability:
accessLogs: true
metrics: true
tracing: true
traceVerbosity: foobar
Router1:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
parentRefs:
- foobar
- foobar
ruleSyntax: foobar
priority: 42
tls:
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
observability:
accessLogs: true
metrics: true
tracing: true
traceVerbosity: foobar
services:
Service01:
failover:
service: foobar
fallback: foobar
healthCheck: {}
errors:
maxRequestBodyBytes: 42
status:
- foobar
- foobar
Service02:
highestRandomWeight:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
healthCheck: {}
Service03:
loadBalancer:
sticky:
cookie:
name: foobar
secure: true
httpOnly: true
sameSite: foobar
maxAge: 42
path: foobar
domain: foobar
servers:
- url: foobar
weight: 42
preservePath: true
- url: foobar
weight: 42
preservePath: true
strategy: foobar
healthCheck:
scheme: foobar
mode: foobar
path: foobar
method: foobar
status: 42
port: 42
interval: 42s
unhealthyInterval: 42s
timeout: 42s
hostname: foobar
followRedirects: true
headers:
name0: foobar
name1: foobar
passiveHealthCheck:
failureWindow: 42s
maxFailedAttempts: 42
passHostHeader: true
responseForwarding:
flushInterval: 42s
serversTransport: foobar
Service04:
middlewares:
- foobar
- foobar
Service05:
mirroring:
service: foobar
mirrorBody: true
maxBodySize: 42
mirrors:
- name: foobar
percent: 42
- name: foobar
percent: 42
healthCheck: {}
Service06:
weighted:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
sticky:
cookie:
name: foobar
secure: true
httpOnly: true
sameSite: foobar
maxAge: 42
path: foobar
domain: foobar
healthCheck: {}
middlewares:
Middleware01:
addPrefix:
prefix: foobar
Middleware02:
basicAuth:
users:
- foobar
- foobar
usersFile: foobar
realm: foobar
removeHeader: true
headerField: foobar
Middleware03:
buffering:
maxRequestBodyBytes: 42
memRequestBodyBytes: 42
maxResponseBodyBytes: 42
memResponseBodyBytes: 42
retryExpression: foobar
Middleware04:
chain:
middlewares:
- foobar
- foobar
Middleware05:
circuitBreaker:
expression: foobar
checkPeriod: 42s
fallbackDuration: 42s
recoveryDuration: 42s
responseCode: 42
Middleware06:
compress:
excludedContentTypes:
- foobar
- foobar
includedContentTypes:
- foobar
- foobar
minResponseBodyBytes: 42
encodings:
- foobar
- foobar
defaultEncoding: foobar
Middleware07:
contentType:
autoDetect: true
Middleware08:
digestAuth:
users:
- foobar
- foobar
usersFile: foobar
removeHeader: true
realm: foobar
headerField: foobar
Middleware09:
encodedCharacters:
allowEncodedSlash: true
allowEncodedBackSlash: true
allowEncodedNullCharacter: true
allowEncodedSemicolon: true
allowEncodedPercent: true
allowEncodedQuestionMark: true
allowEncodedHash: true
Middleware10:
errors:
status:
- foobar
- foobar
statusRewrites:
name0: 42
name1: 42
service: foobar
query: foobar
errorRequestHeaders:
- foobar
- foobar
Middleware11:
forwardAuth:
address: foobar
tls:
ca: foobar
cert: foobar
key: foobar
insecureSkipVerify: true
caOptional: true
trustForwardHeader: true
authResponseHeaders:
- foobar
- foobar
authResponseHeadersRegex: foobar
authRequestHeaders:
- foobar
- foobar
maxResponseBodySize: 42
addAuthCookiesToResponse:
- foobar
- foobar
headerField: foobar
forwardBody: true
maxBodySize: 42
preserveLocationHeader: true
preserveRequestMethod: true
authSigninURL: foobar
Middleware12:
grpcWeb:
allowOrigins:
- foobar
- foobar
Middleware13:
headers:
customRequestHeaders:
name0: foobar
name1: foobar
customResponseHeaders:
name0: foobar
name1: foobar
accessControlAllowCredentials: true
accessControlAllowHeaders:
- foobar
- foobar
accessControlAllowMethods:
- foobar
- foobar
accessControlAllowOriginList:
- foobar
- foobar
accessControlAllowOriginListRegex:
- foobar
- foobar
accessControlExposeHeaders:
- foobar
- foobar
accessControlMaxAge: 42
addVaryHeader: true
allowedHosts:
- foobar
- foobar
hostsProxyHeaders:
- foobar
- foobar
sslProxyHeaders:
name0: foobar
name1: foobar
stsSeconds: 42
stsIncludeSubdomains: true
stsPreload: true
forceSTSHeader: true
frameDeny: true
customFrameOptionsValue: foobar
contentTypeNosniff: true
browserXssFilter: true
customBrowserXSSValue: foobar
contentSecurityPolicy: foobar
contentSecurityPolicyReportOnly: foobar
publicKey: foobar
referrerPolicy: foobar
permissionsPolicy: foobar
isDevelopment: true
featurePolicy: foobar
sslRedirect: true
sslTemporaryRedirect: true
sslHost: foobar
sslForceHost: true
Middleware14:
ipAllowList:
sourceRange:
- foobar
- foobar
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
rejectStatusCode: 42
Middleware15:
ipWhiteList:
sourceRange:
- foobar
- foobar
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
Middleware16:
inFlightReq:
amount: 42
sourceCriterion:
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
requestHeaderName: foobar
requestHost: true
Middleware17:
passTLSClientCert:
pem: true
info:
notAfter: true
notBefore: true
sans: true
serialNumber: true
subject:
country: true
province: true
locality: true
organization: true
organizationalUnit: true
commonName: true
serialNumber: true
domainComponent: true
issuer:
country: true
province: true
locality: true
organization: true
commonName: true
serialNumber: true
domainComponent: true
Middleware18:
plugin:
PluginConf0:
name0: foobar
name1: foobar
PluginConf1:
name0: foobar
name1: foobar
Middleware19:
rateLimit:
average: 42
period: 42s
burst: 42
sourceCriterion:
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
ipv6Subnet: 42
requestHeaderName: foobar
requestHost: true
redis:
endpoints:
- foobar
- foobar
tls:
ca: foobar
cert: foobar
key: foobar
insecureSkipVerify: true
username: foobar
password: foobar
db: 42
poolSize: 42
minIdleConns: 42
maxActiveConns: 42
readTimeout: 42s
writeTimeout: 42s
dialTimeout: 42s
Middleware20:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware21:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware22:
replacePath:
path: foobar
Middleware23:
replacePathRegex:
regex: foobar
replacement: foobar
Middleware24:
retry:
attempts: 42
timeout: 42s
initialInterval: 42s
maxRequestBodyBytes: 42
status:
- foobar
- foobar
disableRetryOnNetworkError: true
retryNonIdempotentMethod: true
Middleware25:
stripPrefix:
prefixes:
- foobar
- foobar
forceSlash: true
Middleware26:
stripPrefixRegex:
regex:
- foobar
- foobar
serversTransports:
ServersTransport0:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
cipherSuites:
- foobar
- foobar
minVersion: foobar
maxVersion: foobar
maxIdleConnsPerHost: 42
forwardingTimeouts:
dialTimeout: 42s
responseHeaderTimeout: 42s
idleConnTimeout: 42s
readIdleTimeout: 42s
pingTimeout: 42s
disableHTTP2: true
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
ServersTransport1:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
cipherSuites:
- foobar
- foobar
minVersion: foobar
maxVersion: foobar
maxIdleConnsPerHost: 42
forwardingTimeouts:
dialTimeout: 42s
responseHeaderTimeout: 42s
idleConnTimeout: 42s
readIdleTimeout: 42s
pingTimeout: 42s
disableHTTP2: true
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
tcp:
routers:
TCPRouter0:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
ruleSyntax: foobar
priority: 42
tls:
passthrough: true
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
TCPRouter1:
entryPoints:
- foobar
- foobar
middlewares:
- foobar
- foobar
service: foobar
rule: foobar
ruleSyntax: foobar
priority: 42
tls:
passthrough: true
options: foobar
certResolver: foobar
domains:
- main: foobar
sans:
- foobar
- foobar
- main: foobar
sans:
- foobar
- foobar
services:
TCPService01:
loadBalancer:
servers:
- address: foobar
tls: true
- address: foobar
tls: true
serversTransport: foobar
proxyProtocol:
version: 42
terminationDelay: 42
healthCheck:
port: 42
send: foobar
expect: foobar
interval: 42s
unhealthyInterval: 42s
timeout: 42s
TCPService02:
weighted:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
healthCheck: {}
middlewares:
TCPMiddleware01:
ipAllowList:
sourceRange:
- foobar
- foobar
TCPMiddleware02:
ipWhiteList:
sourceRange:
- foobar
- foobar
TCPMiddleware03:
inFlightConn:
amount: 42
serversTransports:
TCPServersTransport0:
dialKeepAlive: 42s
dialTimeout: 42s
proxyProtocol:
version: 42
terminationDelay: 42s
tls:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
TCPServersTransport1:
dialKeepAlive: 42s
dialTimeout: 42s
proxyProtocol:
version: 42
terminationDelay: 42s
tls:
serverName: foobar
insecureSkipVerify: true
rootCAs:
- foobar
- foobar
certificates:
- certFile: foobar
keyFile: foobar
- certFile: foobar
keyFile: foobar
peerCertURI: foobar
spiffe:
ids:
- foobar
- foobar
trustDomain: foobar
udp:
routers:
UDPRouter0:
entryPoints:
- foobar
- foobar
service: foobar
UDPRouter1:
entryPoints:
- foobar
- foobar
service: foobar
services:
UDPService01:
loadBalancer:
servers:
- address: foobar
- address: foobar
UDPService02:
weighted:
services:
- name: foobar
weight: 42
- name: foobar
weight: 42
tls:
certificates:
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
- certFile: foobar
keyFile: foobar
stores:
- foobar
- foobar
options:
Options0:
minVersion: foobar
maxVersion: foobar
cipherSuites:
- foobar
- foobar
curvePreferences:
- foobar
- foobar
clientAuth:
caFiles:
- foobar
- foobar
clientAuthType: foobar
sniStrict: true
alpnProtocols:
- foobar
- foobar
disableSessionTickets: true
preferServerCipherSuites: true
Options1:
minVersion: foobar
maxVersion: foobar
cipherSuites:
- foobar
- foobar
curvePreferences:
- foobar
- foobar
clientAuth:
caFiles:
- foobar
- foobar
clientAuthType: foobar
sniStrict: true
alpnProtocols:
- foobar
- foobar
disableSessionTickets: true
preferServerCipherSuites: true
stores:
Store0:
defaultCertificate:
certFile: foobar
keyFile: foobar
defaultGeneratedCert:
resolver: foobar
domain:
main: foobar
sans:
- foobar
- foobar
Store1:
defaultCertificate:
certFile: foobar
keyFile: foobar
defaultGeneratedCert:
resolver: foobar
domain:
main: foobar
sans:
- foobar
- foobar