Examples

You will find here some configuration examples of Træfɪk.

HTTP only

  1. defaultEntryPoints = ["http"]
  2. [entryPoints]
  3.   [entryPoints.http]
  4.   address = ":80"

HTTP + HTTPS (with SNI)

  1. defaultEntryPoints = ["http", "https"]
  2. [entryPoints]
  3.   [entryPoints.http]
  4.   address = ":80"
  5.   [entryPoints.https]
  6.   address = ":443"
  7.     [entryPoints.https.tls]
  8.       [[entryPoints.https.tls.certificates]]
  9.       CertFile = "integration/fixtures/https/snitest.com.cert"
  10.       KeyFile = "integration/fixtures/https/snitest.com.key"
  11.       [[entryPoints.https.tls.certificates]]
  12.       CertFile = "integration/fixtures/https/snitest.org.cert"
  13.       KeyFile = "integration/fixtures/https/snitest.org.key"

Note that we can either give path to certificate file or directly the file content itself (like in this TOML example).

HTTP redirect on HTTPS

  1. defaultEntryPoints = ["http", "https"]
  2. [entryPoints]
  3.   [entryPoints.http]
  4.   address = ":80"
  5.     [entryPoints.http.redirect]
  6.     entryPoint = "https"
  7.   [entryPoints.https]
  8.   address = ":443"
  9.     [entryPoints.https.tls]
  10.       [[entryPoints.https.tls.certificates]]
  11.       certFile = "tests/traefik.crt"
  12.       keyFile = "tests/traefik.key"

Let's Encrypt support

  1. [entryPoints]
  2.   [entryPoints.https]
  3.   address = ":443"
  4.     [entryPoints.https.tls]
  5.       # certs used as default certs
  6.       [[entryPoints.https.tls.certificates]]
  7.       certFile = "tests/traefik.crt"
  8.       keyFile = "tests/traefik.key"
  9. [acme]
  10. email = "[email protected]"
  11. storageFile = "acme.json"
  12. onDemand = true
  13. caServer = "http://172.18.0.1:4000/directory"
  14. entryPoint = "https"
  16. [[acme.domains]]
  17.   main = "local1.com"
  18.   sans = ["test1.local1.com", "test2.local1.com"]
  19. [[acme.domains]]
  20.   main = "local2.com"
  21.   sans = ["test1.local2.com", "test2x.local2.com"]
  22. [[acme.domains]]
  23.   main = "local3.com"
  24. [[acme.domains]]
  25.   main = "local4.com"

Override entrypoints in frontends

  1. [frontends]
  2.   [frontends.frontend1]
  3.   backend = "backend2"
  4.     [frontends.frontend1.routes.test_1]
  5.     rule = "Host:test.localhost"
  6.   [frontends.frontend2]
  7.   backend = "backend1"
  8.   passHostHeader = true
  9.   entrypoints = ["https"] # overrides defaultEntryPoints
  10.     [frontends.frontend2.routes.test_1]
  11.     rule = "Host:{subdomain:[a-z]+}.localhost"
  12.   [frontends.frontend3]
  13.   entrypoints = ["http", "https"] # overrides defaultEntryPoints
  14.   backend = "backend2"
  15.     rule = "Path:/test"

Enable Basic authentication in an entrypoint

With two user/pass:

  • test:test
  • test2:test2
    Passwords are encoded in MD5: you can use htpasswd to generate those ones.
  1. defaultEntryPoints = ["http"]
  2. [entryPoints]
  3.   [entryPoints.http]
  4.   address = ":80"
  5.   [entryPoints.http.auth.basic]
  6.   users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]

Pass Authenticated user to application via headers

Providing an authentication method as described above, it is possible to pass the user to the application via a configurable header value

  1. defaultEntryPoints = ["http"]
  2. [entryPoints]
  3.   [entryPoints.http]
  4.   address = ":80"
  5.   [entryPoints.http.auth]
  6.     headerField = "X-WebAuth-User"
  7.     [entryPoints.http.auth.basic]
  8.     users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]