# Traefik Traefik is an open-source Edge Router for [Docker](docker/docker.md), and [Kubernetes](kubernetes/kubernetes.md) that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them. --- ## Installation ### Docker TODO: WIP ### Kubernetes You can install Traefik via [Helm](tools/helm.md). ```sh helm repo add traefik https://traefik.github.io/charts helm repo update helm install traefik traefik/traefik ``` --- ## Dashboard and API WIP --- ## EntryPoints WIP ### HTTP Redirection WIP ```yaml entryPoints: web: address: :80 http: redirections: entryPoint: to: websecure scheme: https ``` ### HTTPS WIP ```yaml entryPoints: websecure: address: :443 ``` --- ## Routers **traefik.http.routers.router.entrypoints** Specifies the Entrypoint for the Router. Setting this to `traefik.http.routers.router.entrypoints: websecure` will expose the Container on the `websecure` entrypoint. *When using websecure, you should enable `traefik.http.routers.router.tls` as well. **traefik.http.routers.router.rule** Specify the Rules for the Router. *This is an example for an FQDN: Host(`subdomain.your-domain`)* **traefik.http.routers.router.tls** Will enable TLS protocol on the router. **traefik.http.routers.router.tls.certresolver** Specifies the Certificate Resolver on the Router. ### PathPrefix and StripPrefix WIP ```yml - "traefik.enable=true" - "traefik.http.routers.nginx-test.entrypoints=websecure" - "traefik.http.routers.nginx-test.tls=true" - "traefik.http.routers.nginx-test.rule=PathPrefix(`/nginx-test/`)" - "traefik.http.routers.nginx-test.middlewares=nginx-test" - "traefik.http.middlewares.nginx-test.stripprefix.prefixes=/nginx-test" ``` Add `/api` prefix to any requets to `myapidomain.com` Example: - Request -> `myapidomain.com` - Traefik translates this to `myapidomain.com/api` without requestee seeing it ```yml - "traefik.enable=true" - "traefik.http.routers.myapp-secure-api.tls=true" - "traefik.http.routers.myapp-secure-api.rule=Host(`myapidomain.com`)" - "traefik.http.routers.myapp-secure-api.middlewares=add-api" # Middleware - "traefik.http.middlewares.add-api.addPrefix.prefix=/api" ``` --- ## CertificatesResolvers WIP ### dnsChallenge DNS Providers such as `cloudflare`, `digitalocean`, `civo`, and more. To get a full list of supported providers, look up the [Traefik ACME Documentation](https://doc.traefik.io/traefik/https/acme/) . ```yaml certificatesResolvers: yourresolver: acme: email: "your-mail-address" dnsChallenge: provider: your-dns-provider resolvers: - "your-dns-resolver-ip-addr:53" ``` --- ## ServersTransport ### InsecureSkipVerify If you want to skip the TLS verification from **Traefik** to your **Servers**, you can add the following section to your `traefik.yml` config file. ```yaml serversTransport: insecureSkipVerify: true ``` --- ## TLS Settings Define TLS Settings in Traefik. ### defaultCertificates ```yaml tls: stores: default: defaultCertificate: certFile: /your-traefik-cert.crt keyFile: /your-traefik-key.key ``` ### options Define TLS Options like disabling insecure TLS1.0 and TLS 1.1. ```yaml tls: options: default: minVersion: VersionTLS12 ``` --- ## Providers WIP ### File WIP ```yaml providers: file: ``` ### Docker With `exposedByDefault: false`, Traefik won't automatically expose any containers by default. Setting `traefik.enable: true`, will expose the Container. ```yaml providers: docker: exposedByDefault: false ``` ### Kubernetes WIP --- ## Ingress WIP --- ## Log WIP ```yaml log: level: ERROR ``` --- ## Global WIP ```yaml global: checkNewVersion: true sendAnonymousUsage: false ```