3.8 KiB
Traefik
Traefik is an open-source Edge Router for Docker, and Kubernetes that makes publishing your services a fun and easy experience. It receives requests on behalf of your system and finds out which components are responsible for handling them.
Installation
Docker
TODO: WIP
Kubernetes
You can install Traefik via Helm.
helm repo add traefik https://traefik.github.io/charts
helm repo update
helm install traefik traefik/traefik
Dashboard and API
WIP
EntryPoints
WIP
HTTP Redirection
WIP
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
HTTPS
WIP
entryPoints:
websecure:
address: :443
Routers
traefik.http.routers.router.entrypoints
Specifies the Entrypoint for the Router. Setting this to traefik.http.routers.router.entrypoints: websecure will expose the Container on the websecure entrypoint.
*When using websecure, you should enable traefik.http.routers.router.tls as well.
traefik.http.routers.router.rule
Specify the Rules for the Router.
This is an example for an FQDN: Host(subdomain.your-domain)
traefik.http.routers.router.tls Will enable TLS protocol on the router.
traefik.http.routers.router.tls.certresolver Specifies the Certificate Resolver on the Router.
PathPrefix and StripPrefix
WIP
- "traefik.enable=true"
- "traefik.http.routers.nginx-test.entrypoints=websecure"
- "traefik.http.routers.nginx-test.tls=true"
- "traefik.http.routers.nginx-test.rule=PathPrefix(`/nginx-test/`)"
- "traefik.http.routers.nginx-test.middlewares=nginx-test"
- "traefik.http.middlewares.nginx-test.stripprefix.prefixes=/nginx-test"
Add /api prefix to any requets to myapidomain.com
Example:
- Request ->
myapidomain.com - Traefik translates this to
myapidomain.com/apiwithout requestee seeing it
- "traefik.enable=true"
- "traefik.http.routers.myapp-secure-api.tls=true"
- "traefik.http.routers.myapp-secure-api.rule=Host(`myapidomain.com`)"
- "traefik.http.routers.myapp-secure-api.middlewares=add-api"
# Middleware
- "traefik.http.middlewares.add-api.addPrefix.prefix=/api"
CertificatesResolvers
WIP
dnsChallenge
DNS Providers such as cloudflare, digitalocean, civo, and more. To get a full list of supported providers, look up the Traefik ACME Documentation .
certificatesResolvers:
yourresolver:
acme:
email: "your-mail-address"
dnsChallenge:
provider: your-dns-provider
resolvers:
- "your-dns-resolver-ip-addr:53"
ServersTransport
InsecureSkipVerify
If you want to skip the TLS verification from Traefik to your Servers, you can add the following section to your traefik.yml config file.
serversTransport:
insecureSkipVerify: true
TLS Settings
Define TLS Settings in Traefik.
defaultCertificates
tls:
stores:
default:
defaultCertificate:
certFile: /your-traefik-cert.crt
keyFile: /your-traefik-key.key
options
Define TLS Options like disabling insecure TLS1.0 and TLS 1.1.
tls:
options:
default:
minVersion: VersionTLS12
Providers
WIP
File
WIP
providers:
file:
Docker
With exposedByDefault: false, Traefik won't automatically expose any containers by default. Setting traefik.enable: true, will expose the Container.
providers:
docker:
exposedByDefault: false
Kubernetes
WIP
Ingress
WIP
Log
WIP
log:
level: ERROR
Global
WIP
global:
checkNewVersion: true
sendAnonymousUsage: false