· 7 years ago · May 06, 2018, 04:58 PM
1################################################################
2# Global configuration
3################################################################
4
5# Duration to give active requests a chance to finish during hot-reloads.
6# Can be provided in a format supported by Go's time.ParseDuration function or
7# as raw values (digits). If no units are provided, the value is parsed assuming
8# seconds.
9#
10# Optional
11# Default: "10s"
12#
13# graceTimeOut = "10s"
14
15# Enable debug mode
16#
17# Optional
18# Default: false
19#
20# debug = true
21
22# Periodically check if a new version has been released
23#
24# Optional
25# Default: true
26#
27# checkNewVersion = false
28
29# Traefik logs file
30# If not defined, logs to stdout
31#
32# Optional
33#
34# traefikLogsFile = "log/traefik.log"
35
36# Access logs file
37#
38# Optional
39# Deprecated - see [accessLog] lower down
40#
41accessLogsFile = "log/access.log"
42
43# Log level
44#
45# Optional
46# Default: "ERROR"
47#
48logLevel = "DEBUG"
49
50# Backends throttle duration: minimum duration in seconds between 2 events from providers
51# before applying a new configuration. It avoids unnecessary reloads if multiples events
52# are sent in a short amount of time.
53# Can be provided in a format supported by Go's time.ParseDuration function or
54# as raw values (digits). If no units are provided, the value is parsed assuming
55# seconds.
56#
57# Optional
58# Default: "2s"
59#
60# ProvidersThrottleDuration = "5s"
61
62# Controls the maximum idle (keep-alive) connections to keep per-host. If zero, DefaultMaxIdleConnsPerHost
63# from the Go standard library net/http module is used.
64# If you encounter 'too many open files' errors, you can either increase this
65# value or change the `ulimit`.
66#
67# Optional
68# Default: 200
69#
70# MaxIdleConnsPerHost = 200
71
72# If set to true invalid SSL certificates are accepted for backends.
73# Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
74# Optional
75# Default: false
76#
77# InsecureSkipVerify = true
78
79# Entrypoints to be used by frontends that do not specify any entrypoint.
80# Each frontend can specify its own entrypoints.
81#
82# Optional
83# Default: ["http"]
84#
85# defaultEntryPoints = ["http", "https"]
86defaultEntryPoints = ["http"]
87
88# Constraints definition
89#
90# Optional
91#
92# Simple matching constraint
93# constraints = ["tag==api"]
94#
95# Simple mismatching constraint
96# constraints = ["tag!=api"]
97#
98# Globbing
99# constraints = ["tag==us-*"]
100#
101# Backend-specific constraint
102# [consulCatalog]
103# endpoint = "127.0.0.1:8500"
104# constraints = ["tag==api"]
105#
106# Multiple constraints
107# - "tag==" must match with at least one tag
108# - "tag!=" must match with none of tags
109# constraints = ["tag!=us-*", "tag!=asia-*"]
110# [consulCatalog]
111# endpoint = "127.0.0.1:8500"
112# constraints = ["tag==api", "tag!=v*-beta"]
113
114# Enable ACME (Let's Encrypt): automatic SSL
115#
116# Optional
117#
118# [acme]
119
120# Email address used for registration
121#
122# Required
123#
124# email = "test@traefik.io"
125
126# File or key used for certificates storage.
127# WARNING, if you use Traefik in Docker, you have 2 options:
128# - create a file on your host and mount it as a volume
129# storageFile = "acme.json"
130# $ docker run -v "/my/host/acme.json:acme.json" traefik
131# - mount the folder containing the file as a volume
132# storageFile = "/etc/traefik/acme/acme.json"
133# $ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
134#
135# Required
136#
137# storage = "acme.json" # or "traefik/acme/account" if using KV store
138
139# Entrypoint to proxy acme challenge/apply certificates to.
140# WARNING, must point to an entrypoint on port 443
141#
142# Required
143#
144# entryPoint = "https"
145
146# Use a DNS based acme challenge rather than external HTTPS access, e.g. for a firewalled server
147# Select the provider that matches the DNS domain that will host the challenge TXT record,
148# and provide environment variables with access keys to enable setting it:
149# - cloudflare: CLOUDFLARE_EMAIL, CLOUDFLARE_API_KEY
150# - digitalocean: DO_AUTH_TOKEN
151# - dnsimple: DNSIMPLE_EMAIL, DNSIMPLE_API_KEY
152# - dnsmadeeasy: DNSMADEEASY_API_KEY, DNSMADEEASY_API_SECRET
153# - exoscale: EXOSCALE_API_KEY, EXOSCALE_API_SECRET
154# - gandi: GANDI_API_KEY
155# - linode: LINODE_API_KEY
156# - manual: none, but run traefik interactively & turn on acmeLogging to see instructions & press Enter
157# - namecheap: NAMECHEAP_API_USER, NAMECHEAP_API_KEY
158# - rfc2136: RFC2136_TSIG_KEY, RFC2136_TSIG_SECRET, RFC2136_TSIG_ALGORITHM, RFC2136_NAMESERVER
159# - route53: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, or configured user/instance IAM profile
160# - dyn: DYN_CUSTOMER_NAME, DYN_USER_NAME, DYN_PASSWORD
161# - vultr: VULTR_API_KEY
162# - ovh: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY
163# - pdns: PDNS_API_KEY, PDNS_API_URL
164#
165# Optional
166#
167# dnsProvider = "digitalocean"
168
169# By default, the dnsProvider will verify the TXT DNS challenge record before letting ACME verify
170# If delayDontCheckDNS is greater than zero, avoid this & instead just wait so many seconds.
171# Useful if internal networks block external DNS queries
172#
173# Optional
174#
175# delayDontCheckDNS = 0
176
177# If true, display debug log messages from the acme client library
178#
179# Optional
180#
181# acmeLogging = true
182
183# Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
184# WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
185# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
186#
187# Optional
188#
189# onDemand = true
190
191# Enable certificate generation on frontends Host rules. This will request a certificate from Let's Encrypt for each frontend with a Host rule.
192# For example, a rule Host:test1.traefik.io,test2.traefik.io will request a certificate with main domain test1.traefik.io and SAN test2.traefik.io.
193#
194# Optional
195#
196# OnHostRule = true
197
198# CA server to use
199# Uncomment the line to run on the staging let's encrypt server
200# Leave comment to go to prod
201#
202# Optional
203#
204# caServer = "https://acme-staging.api.letsencrypt.org/directory"
205
206# Domains list
207# You can provide SANs (alternative domains) to each main domain
208# All domains must have A/AAAA records pointing to Traefik
209# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
210# Each domain & SANs will lead to a certificate request.
211#
212# [[acme.domains]]
213# main = "local1.com"
214# sans = ["test1.local1.com", "test2.local1.com"]
215# [[acme.domains]]
216# main = "local2.com"
217# sans = ["test1.local2.com", "test2x.local2.com"]
218# [[acme.domains]]
219# main = "local3.com"
220# [[acme.domains]]
221# main = "local4.com"
222
223
224# Set access log options
225#
226# Optional
227#
228# [accessLog]
229
230# Sets the file path for the access log. If none is given (the default)
231# no access logs are produced. Intermediate directories are created if
232# necessary.
233#
234# Optional
235# Default: ""
236#
237# filePath = "/path/to/log/log.txt"
238#
239
240# Format is either "json" or "common".
241#
242# Optional
243# Default: "common"
244#
245# format = "common"
246#
247
248# Entrypoints definition
249#
250# Optional
251# Default:
252[entryPoints]
253 [entryPoints.http]
254 address = ":8888"
255#
256# To redirect an http entrypoint to an https entrypoint (with SNI support):
257# [entryPoints]
258# [entryPoints.http]
259# address = ":80"
260# [entryPoints.http.redirect]
261# entryPoint = "https"
262# [entryPoints.https]
263# address = ":443"
264# [entryPoints.https.tls]
265# [[entryPoints.https.tls.certificates]]
266# CertFile = "integration/fixtures/https/snitest.com.cert"
267# KeyFile = "integration/fixtures/https/snitest.com.key"
268# [[entryPoints.https.tls.certificates]]
269# CertFile = "integration/fixtures/https/snitest.org.cert"
270# KeyFile = "integration/fixtures/https/snitest.org.key"
271#
272# To redirect an entrypoint rewriting the URL:
273# [entryPoints]
274# [entryPoints.http]
275# address = ":80"
276# [entryPoints.http.redirect]
277# regex = "^http://localhost/(.*)"
278# replacement = "http://mydomain/$1"
279#
280# To enable basic auth on an entrypoint
281# with 2 user/pass: test:test and test2:test2
282# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
283# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
284# [entryPoints]
285# [entryPoints.http]
286# address = ":80"
287# [entryPoints.http.auth.basic]
288# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
289# usersFile = "/path/to/.htpasswd"
290#
291# To enable digest auth on an entrypoint
292# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
293# You can use htdigest to generate those ones
294# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
295# [entryPoints]
296# [entryPoints.http]
297# address = ":80"
298# [entryPoints.http.auth.basic]
299# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
300# usersFile = "/path/to/.htdigest"
301#
302# To specify an https entrypoint with a minimum TLS version, and specifying an array of cipher suites (from crypto/tls):
303# [entryPoints]
304# [entryPoints.https]
305# address = ":443"
306# [entryPoints.https.tls]
307# MinVersion = "VersionTLS12"
308# CipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"]
309# [[entryPoints.https.tls.certificates]]
310# CertFile = "integration/fixtures/https/snitest.com.cert"
311# KeyFile = "integration/fixtures/https/snitest.com.key"
312# [[entryPoints.https.tls.certificates]]
313# CertFile = "integration/fixtures/https/snitest.org.cert"
314# KeyFile = "integration/fixtures/https/snitest.org.key"
315
316# To enable compression support using gzip format:
317# [entryPoints]
318# [entryPoints.http]
319# address = ":80"
320# compress = true
321
322# To bind to a particular IP address only:
323# [entryPoints]
324# [entryPoints.http]
325# address = "10.42.13.37:80"
326
327# Enable retry sending request if network error
328#
329# Optional
330#
331# [retry]
332
333# Number of attempts
334#
335# Optional
336# Default: (number servers in backend) -1
337#
338# attempts = 3
339
340# Enable custom health check options.
341#
342# Optional
343#
344# [healthcheck]
345
346# Set the default health check interval. Will only be effective if health check
347# paths are defined. Given provider-specific support, the value may be
348# overridden on a per-backend basis.
349# Can be provided in a format supported by Go's time.ParseDuration function or
350# as raw values (digits). If no units are provided, the value is parsed assuming
351# seconds.
352#
353# Optional
354# Default: "30s"
355#
356# interval = "30s"
357
358################################################################
359# Web configuration backend
360################################################################
361
362# Enable web configuration backend
363#
364# Optional
365#
366 [web]
367
368# Web administration port
369#
370# Required
371#
372 address = ":8080"
373
374# SSL certificate and key used
375#
376# Optional
377#
378# CertFile = "traefik.crt"
379# KeyFile = "traefik.key"
380#
381# Set REST API to read-only mode
382#
383# Optional
384# ReadOnly = false
385#
386# Enable more detailed statistics
387# [web.statistics]
388# RecentErrors = 10
389#
390# To enable Traefik to export internal metrics to Prometheus
391# [web.metrics.prometheus]
392# Buckets=[0.1,0.3,1.2,5.0]
393#
394
395# To enable basic auth on the webui
396# with 2 user/pass: test:test and test2:test2
397# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
398# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
399# [web.auth.basic]
400# users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
401# usersFile = "/path/to/.htpasswd"
402# To enable digest auth on the webui
403# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
404# You can use htdigest to generate those ones
405# Users can be specified directly in the toml file, or indirectly by referencing an external file; if both are provided, the two are merged, with external file contents having precedence
406# [web.auth.digest]
407# users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]
408# usersFile = "/path/to/.htdigest"
409
410
411################################################################
412# File configuration backend
413################################################################
414
415# Enable file configuration backend
416#
417# Optional
418#
419# [file]
420
421# Rules file
422# If defined, traefik will load rules from this file,
423# otherwise, it will load rules from current file (cf Sample rules below).
424#
425# Optional
426#
427# filename = "rules.toml"
428
429# Enable watch file changes
430#
431# Optional
432#
433# watch = true
434
435
436################################################################
437# Docker configuration backend
438################################################################
439
440# Enable Docker configuration backend
441#
442# Optional
443#
444 [docker]
445
446# Docker server endpoint. Can be a tcp or a unix socket endpoint.
447#
448# Required
449#
450 endpoint = "unix:///var/run/docker.sock"
451
452# Default domain used.
453# Can be overridden by setting the "traefik.domain" label on a container.
454#
455# Required
456#
457 domain = "catalogador-jenkins.ga"
458
459# Enable watch docker changes
460#
461# Optional
462#
463 watch = true
464
465# Override default configuration template. For advanced users :)
466#
467# Optional
468#
469# filename = "docker.tmpl"
470
471# Expose containers by default in traefik
472#
473# Optional
474# Default: true
475#
476# exposedbydefault = true
477
478# Enable docker TLS connection
479#
480# Optional
481#
482# [docker.tls]
483# ca = "/etc/ssl/ca.crt"
484# cert = "/etc/ssl/docker.crt"
485# key = "/etc/ssl/docker.key"
486# insecureskipverify = true
487
488
489
490################################################################
491# Docker Swarmmode configuration backend
492################################################################
493
494# Enable Docker configuration backend
495#
496# Optional
497#
498# [docker]
499
500# Docker server endpoint. Can be a tcp or a unix socket endpoint.
501#
502# Required
503#
504# endpoint = "tcp://127.0.0.1:2375"
505
506# Default domain used.
507# Can be overridden by setting the "traefik.domain" label on a services.
508#
509# Required
510#
511# domain = "docker.localhost"
512
513# Enable watch docker changes
514#
515# Optional
516#
517# watch = true
518
519# Use Docker Swarm Mode as data provider
520#
521# Optional
522#
523 swarmmode = false
524
525# Override default configuration template. For advanced users :)
526#
527# Optional
528#
529# filename = "docker.tmpl"
530
531# Expose services by default in traefik
532#
533# Optional
534# Default: true
535#
536# exposedbydefault = true
537
538# Enable docker TLS connection
539#
540# Optional
541#
542# [swarm.tls]
543# ca = "/etc/ssl/ca.crt"
544# cert = "/etc/ssl/docker.crt"
545# key = "/etc/ssl/docker.key"
546# insecureskipverify = true
547
548# Constraints
549#
550# Optional
551#
552# constraints = ["tag==api", "tag==he*ld"]
553# Matching with containers having the label "traefik.tags" set to "api,helloworld"
554# ex: $ docker run -d -P --label traefik.tags=api,helloworld emilevauge/whoami
555
556
557################################################################
558# Mesos/Marathon configuration backend
559################################################################
560
561# Enable Marathon configuration backend
562#
563# Optional
564#
565# [marathon]
566
567# Marathon server endpoint.
568# You can also specify multiple endpoint for Marathon:
569# endpoint := "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
570#
571# Required
572#
573# endpoint = "http://127.0.0.1:8080"
574
575# Enable watch Marathon changes
576#
577# Optional
578#
579# watch = true
580
581# Default domain used.
582# Can be overridden by setting the "traefik.domain" label on an application.
583#
584# Required
585#
586# domain = "marathon.localhost"
587
588# Override default configuration template. For advanced users :)
589#
590# Optional
591#
592# filename = "marathon.tmpl"
593
594# Expose Marathon apps by default in traefik
595#
596# Optional
597# Default: true
598#
599# exposedByDefault = true
600
601# Convert Marathon groups to subdomains
602# Default behavior: /foo/bar/myapp => foo-bar-myapp.{defaultDomain}
603# with groupsAsSubDomains enabled: /foo/bar/myapp => myapp.bar.foo.{defaultDomain}
604#
605# Optional
606# Default: false
607#
608# groupsAsSubDomains = true
609
610# Override DialerTimeout
611# Amount of time to allow the Marathon provider to wait to open a TCP connection
612# to a Marathon master.
613# Can be provided in a format supported by Go's time.ParseDuration function or
614# as raw values (digits). If no units are provided, the value is parsed assuming
615# seconds.
616#
617# Optional
618# Default: "60s"
619# dialerTimeout = "60s"
620
621# Enable Marathon basic authentication
622#
623# Optional
624#
625# [marathon.basic]
626# httpBasicAuthUser = "foo"
627# httpBasicPassword = "bar"
628
629# DCOSToken for DCOS environment, This will override the Authorization header
630#
631# Optional
632#
633# dcosToken = "xxxxxx"
634
635
636# Set the TCP Keep Alive interval for the Marathon HTTP Client.
637# Can be provided in a format supported by Go's time.ParseDuration function or
638# as raw values (digits). If no units are provided, the value is parsed assuming
639# seconds.
640#
641# Optional
642# Default: "10s"
643#
644# keepAlive = "10s"
645
646# By default, a task's IP address (as returned by the Marathon API) is used as
647# backend server if an IP-per-task configuration can be found; otherwise, the
648# name of the host running the task is used.
649# The latter behavior can be enforced by enabling this switch.
650#
651# Optional
652# Default: false
653#
654# forceTaskHostname: false
655
656################################################################
657# Mesos configuration backend
658################################################################
659
660# Enable Mesos configuration backend
661#
662# Optional
663#
664# [mesos]
665
666# Mesos server endpoint.
667# You can also specify multiple endpoint for Mesos:
668# endpoint = "192.168.35.40:5050,192.168.35.41:5050,192.168.35.42:5050"
669# endpoint = "zk://192.168.35.20:2181,192.168.35.21:2181,192.168.35.22:2181/mesos"
670#
671# Required
672#
673# endpoint = "http://127.0.0.1:8080"
674
675# Enable watch Mesos changes
676#
677# Optional
678#
679# watch = true
680
681# Default domain used.
682# Can be overridden by setting the "traefik.domain" label on an application.
683#
684# Required
685#
686# domain = "mesos.localhost"
687
688# Override default configuration template. For advanced users :)
689#
690# Optional
691#
692# filename = "mesos.tmpl"
693
694# Expose Mesos apps by default in traefik
695#
696# Optional
697# Default: false
698#
699# ExposedByDefault = true
700
701# TLS client configuration. https://golang.org/pkg/crypto/tls/#Config
702#
703# Optional
704#
705# [mesos.TLS]
706# InsecureSkipVerify = true
707
708# Zookeeper timeout (in seconds)
709#
710# Optional
711# Default: 30
712#
713# ZkDetectionTimeout = 30
714
715# Polling interval (in seconds)
716#
717# Optional
718# Default: 30
719#
720# RefreshSeconds = 30
721
722# IP sources (e.g. host, docker, mesos, rkt)
723#
724# Optional
725#
726# IPSources = "host"
727
728# HTTP Timeout (in seconds)
729#
730# Optional
731# Default: 30
732#
733# StateTimeoutSecond = "30"
734
735################################################################
736# Kubernetes Ingress configuration backend
737################################################################
738# Enable Kubernetes Ingress configuration backend
739#
740# Optional
741#
742# [kubernetes]
743
744# Kubernetes server endpoint
745#
746# When deployed as a replication controller in Kubernetes, Traefik will use
747# the environment variables KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT
748# to construct the endpoint.
749# Secure token will be found in /var/run/secrets/kubernetes.io/serviceaccount/token
750# and SSL CA cert in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
751#
752# The endpoint may be given to override the environment variable values.
753#
754# When the environment variables are not found, Traefik will try to connect to
755# the Kubernetes API server with an external-cluster client. In this case, the
756# endpoint is required. Specifically, it may be set to the URL used by
757# `kubectl proxy` to connect to a Kubernetes cluster from localhost.
758#
759# Optional for in-cluster configuration, required otherwise
760# Default: empty
761#
762# endpoint = "http://127.0.0.1:8001"
763
764# Bearer token used for the Kubernetes client configuration.
765#
766# Optional
767# Default: empty
768#
769# token = "my token"
770
771# Path to the certificate authority file used for the Kubernetes client
772# configuration.
773#
774# Optional
775# Default: empty
776#
777# certAuthFilePath = "/my/ca.crt"
778
779# Array of namespaces to watch.
780#
781# Optional
782# Default: ["default"].
783#
784# namespaces = ["default"]
785
786# See: http://kubernetes.io/docs/user-guide/labels/#list-and-watch-filtering
787# labelselector = "A and not B"
788
789################################################################
790# Consul KV configuration backend
791################################################################
792
793# Enable Consul KV configuration backend
794#
795# Optional
796#
797# [consul]
798
799# Consul server endpoint
800#
801# Required
802#
803# endpoint = "127.0.0.1:8500"
804
805# Enable watch Consul changes
806#
807# Optional
808#
809# watch = true
810
811# Prefix used for KV store.
812#
813# Optional
814#
815# prefix = "traefik"
816
817# Override default configuration template. For advanced users :)
818#
819# Optional
820#
821# filename = "consul.tmpl"
822
823# Enable consul TLS connection
824#
825# Optional
826#
827# [consul.tls]
828# ca = "/etc/ssl/ca.crt"
829# cert = "/etc/ssl/consul.crt"
830# key = "/etc/ssl/consul.key"
831# insecureskipverify = true
832
833################################################################
834# Consul Catalog configuration backend
835################################################################
836
837# Enable Consul Catalog configuration backend
838#
839# Optional
840#
841# [consulCatalog]
842
843# Consul server endpoint
844#
845# Required
846#
847# endpoint = "127.0.0.1:8500"
848
849# Default domain used.
850#
851# Optional
852#
853# domain = "consul.localhost"
854
855# Prefix for Consul catalog tags
856#
857# Optional
858#
859# prefix = "traefik"
860
861# Constraints
862#
863# Optional
864#
865# constraints = ["tag==api", "tag==he*ld"]
866# Matching with containers having this tag: "traefik.tags=api,helloworld"
867
868################################################################
869# Etcd configuration backend
870################################################################
871
872# Enable Etcd configuration backend
873#
874# Optional
875#
876# [etcd]
877
878# Etcd server endpoint
879#
880# Required
881#
882# endpoint = "127.0.0.1:2379"
883
884# Enable watch Etcd changes
885#
886# Optional
887#
888# watch = true
889
890# Prefix used for KV store.
891#
892# Optional
893#
894# prefix = "/traefik"
895
896# Override default configuration template. For advanced users :)
897#
898# Optional
899#
900# filename = "etcd.tmpl"
901
902# Use etcd user/pass authentication
903#
904# Optional
905#
906# username = foo
907# password = bar
908
909# Enable etcd TLS connection
910#
911# Optional
912#
913# [etcd.tls]
914# ca = "/etc/ssl/ca.crt"
915# cert = "/etc/ssl/etcd.crt"
916# key = "/etc/ssl/etcd.key"
917# insecureskipverify = true
918
919################################################################
920# Zookeeper configuration backend
921################################################################
922
923# Enable Zookeeperconfiguration backend
924#
925# Optional
926#
927# [zookeeper]
928
929# Zookeeper server endpoint
930#
931# Required
932#
933# endpoint = "127.0.0.1:2181"
934
935# Enable watch Zookeeper changes
936#
937# Optional
938#
939# watch = true
940
941# Prefix used for KV store.
942#
943# Optional
944#
945# prefix = "/traefik"
946
947# Override default configuration template. For advanced users :)
948#
949# Optional
950#
951# filename = "zookeeper.tmpl"
952
953
954################################################################
955# BoltDB configuration backend
956################################################################
957
958# Enable BoltDB configuration backend
959#
960# Optional
961#
962# [boltdb]
963
964# BoltDB file
965#
966# Required
967#
968# endpoint = "/my.db"
969
970# Enable watch BoltDB changes
971#
972# Optional
973#
974# watch = true
975
976# Prefix used for KV store.
977#
978# Optional
979#
980# prefix = "/traefik"
981
982# Override default configuration template. For advanced users :)
983#
984# Optional
985#
986# filename = "boltdb.tmpl"
987
988
989################################################################
990# ECS configuration backend
991################################################################
992
993# Enable ECS configuration backend
994#
995# Optional
996#
997# [ecs]
998
999# ECS Cluster Name
1000#
1001# Optional
1002# Default: "default"
1003#
1004# Cluster = "default"
1005
1006# Enable watch ECS changes
1007#
1008# Optional
1009# Default: true
1010#
1011# Watch = true
1012
1013# Polling interval (in seconds)
1014#
1015# Optional
1016# Default: 15
1017#
1018# RefreshSeconds = 15
1019
1020# Expose ECS services by default in traefik
1021#
1022# Optional
1023# Default: true
1024#
1025# ExposedByDefault = false
1026
1027# Region to use when connecting to AWS
1028#
1029# Optional
1030#
1031# Region = "us-east-1"
1032
1033# AccessKeyID to use when connecting to AWS
1034#
1035# Optional
1036#
1037# AccessKeyID = "abc"
1038
1039# SecretAccessKey to use when connecting to AWS
1040#
1041# Optional
1042#
1043# SecretAccessKey = "123"
1044
1045# Override default configuration template. For advanced users :)
1046#
1047# Optional
1048#
1049# filename = "ecs.tmpl"
1050
1051################################################################
1052# Rancher configuration backend
1053################################################################
1054
1055# Enable Rancher configuration backend
1056#
1057# Optional
1058#
1059# [rancher]
1060
1061# Default domain used.
1062# Can be overridden by setting the "traefik.domain" label on an service.
1063#
1064# Required
1065#
1066# domain = "rancher.localhost"
1067
1068# Enable watch Rancher changes
1069#
1070# Optional
1071# Default: true
1072#
1073# Watch = true
1074
1075# Polling interval (in seconds)
1076#
1077# Optional
1078#
1079# RefreshSeconds = 15
1080
1081# Expose Rancher services by default in traefik
1082#
1083# Optional
1084# Default: true
1085#
1086# ExposedByDefault = false
1087
1088# Filter services with unhealthy states and health states
1089#
1090# Optional
1091# Default: false
1092#
1093# EnableServiceHealthFilter = false
1094
1095# Endpoint to use when connecting to Rancher
1096#
1097# Required
1098# Endpoint = "http://rancherserver.example.com/v1"
1099
1100# AccessKey to use when connecting to Rancher
1101#
1102# Required
1103# AccessKey = "XXXXXXXXXXXXXXXXXXXX"
1104
1105# SecretKey to use when connecting to Rancher
1106#
1107# Required
1108# SecretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
1109
1110# Constraints
1111#
1112# Optional
1113#
1114# constraints = ["tag==api", "tag==chee*e"]
1115# Matching with containers having this tag: "traefik.tags=cheese,wine"
1116
1117################################################################
1118# DynamoDB configuration backend
1119################################################################
1120
1121# Enable DynamoDB configuration backend
1122#
1123# Optional
1124#
1125# [dynamodb]
1126
1127# DynamoDB Table Name
1128#
1129# Optional
1130#
1131# TableName = "traefik"
1132
1133# Enable watch DynamoDB changes
1134#
1135# Optional
1136#
1137# Watch = true
1138
1139# Polling interval (in seconds)
1140#
1141# Optional
1142#
1143# RefreshSeconds = 15
1144
1145# Region to use when connecting to AWS
1146#
1147# Required
1148#
1149# Region = "us-east-1"
1150
1151# AccessKeyID to use when connecting to AWS
1152#
1153# Optional
1154#
1155# AccessKeyID = "abc"
1156
1157# SecretAccessKey to use when connecting to AWS
1158#
1159# Optional
1160#
1161# SecretAccessKey = "123"
1162
1163# Endpoint of dynamodb when testing locally
1164#
1165# Optional
1166#
1167# Endpoint = "http://localhost:8080"
1168
1169
1170################################################################
1171# Sample rules
1172################################################################
1173# [backends]
1174# [backends.backend1]
1175# [backends.backend1.circuitbreaker]
1176# expression = "NetworkErrorRatio() > 0.5"
1177# [backends.backend1.servers.server1]
1178# url = "http://172.17.0.2:80"
1179# weight = 10
1180# [backends.backend1.servers.server2]
1181# url = "http://172.17.0.3:80"
1182# weight = 1
1183# [backends.backend2]
1184# [backends.backend2.LoadBalancer]
1185# method = "drr"
1186# [backends.backend2.servers.server1]
1187# url = "http://172.17.0.4:80"
1188# weight = 1
1189# [backends.backend2.servers.server2]
1190# url = "http://172.17.0.5:80"
1191# weight = 2
1192#
1193# [frontends]
1194# [frontends.frontend1]
1195# backend = "backend2"
1196# [frontends.frontend1.routes.test_1]
1197# rule = "Host: test.localhost, other.localhost"
1198# [frontends.frontend2]
1199# backend = "backend1"
1200# passHostHeader = true
1201# entrypoints = ["https"] # overrides defaultEntryPoints
1202# [frontends.frontend2.routes.test_1]
1203# rule = "Host:{subdomain:[a-z]+}.localhost"
1204# [frontends.frontend3]
1205# entrypoints = ["http", "https"] # overrides defaultEntryPoints
1206# backend = "backend2"
1207# rule = "Path: /test, /other"