Created
October 25, 2016 22:53
-
-
Save jdeathe/fd91cfc3841d2828988853376c8d12cb to your computer and use it in GitHub Desktop.
Traefik configuration example for load balanced containers with front-end https://app-1.local
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################ | |
| # Global configuration | |
| ################################################################ | |
| # Timeout in seconds. | |
| # Duration to give active requests a chance to finish during hot-reloads | |
| # | |
| # Optional | |
| # Default: 10 | |
| # | |
| graceTimeOut = 30 | |
| # Traefik logs file | |
| # If not defined, logs to stdout | |
| # | |
| # Optional | |
| # | |
| traefikLogsFile = "/var/log/traefik/traefik_log" | |
| # Access logs file | |
| # | |
| # Optional | |
| # | |
| accessLogsFile = "/var/log/traefik/access_log" | |
| # Log level | |
| # | |
| # Optional | |
| # Default: "ERROR" | |
| # | |
| logLevel = "ERROR" | |
| # Backends throttle duration: minimum duration between 2 events from providers | |
| # before applying a new configuration. It avoids unnecessary reloads if multiples events | |
| # are sent in a short amount of time. | |
| # | |
| # Optional | |
| # Default: "2s" | |
| # | |
| ProvidersThrottleDuration = 10 | |
| # If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. | |
| # If you encounter 'too many open files' errors, you can either change this value, or change `ulimit` value. | |
| # | |
| # Optional | |
| # Default: http.DefaultMaxIdleConnsPerHost | |
| # | |
| # MaxIdleConnsPerHost = 200 | |
| # If set to true invalid SSL certificates are accepted for backends. | |
| # Note: This disables detection of man-in-the-middle attacks so should only be used on secure backend networks. | |
| # Optional | |
| # Default: false | |
| # | |
| # InsecureSkipVerify = true | |
| [entryPoints] | |
| [entryPoints.http] | |
| address = ":80" | |
| [entryPoints.http.redirect] | |
| entryPoint = "https" | |
| [entryPoints.https] | |
| address = ":443" | |
| [entryPoints.https.tls] | |
| # MinVersion = "VersionTLS12" | |
| CipherSuites = ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"] | |
| [[entryPoints.https.tls.certificates]] | |
| CertFile = "/etc/pki/tls/certs/app-1.local.pem" | |
| KeyFile = "/etc/pki/tls/certs/app-1.local.pem" | |
| # Enable retry sending request if network error | |
| # | |
| # Optional | |
| # | |
| [retry] | |
| # Number of attempts | |
| # | |
| # Optional | |
| # Default: (number servers in backend) -1 | |
| # | |
| # attempts = 3 | |
| ################################################################ | |
| # Web configuration backend | |
| ################################################################ | |
| # Enable web configuration backend | |
| # | |
| # Optional | |
| # | |
| # [web] | |
| # Web administration port | |
| # | |
| # Required | |
| # | |
| # address = ":9090" | |
| # SSL certificate and key used | |
| # | |
| # Optional | |
| # | |
| # CertFile = "/etc/pki/tls/certs/app-1.local.pem" | |
| # KeyFile = "/etc/pki/tls/certs/app-1.local.pem" | |
| # | |
| # Set REST API to read-only mode | |
| # | |
| # Optional | |
| # ReadOnly = true | |
| # To enable basic auth on the webui | |
| # with 2 user/pass: test:test and test2:test2 | |
| # Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones | |
| # [web.auth.basic] | |
| # users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"] | |
| ################################################################ | |
| # File configuration backend | |
| ################################################################ | |
| # Enable file configuration backend | |
| # | |
| # Optional | |
| # | |
| [file] | |
| # Rules file | |
| # If defined, traefik will load rules from this file, | |
| # otherwise, it will load rules from current file (cf Sample rules below). | |
| # | |
| # Optional | |
| # | |
| filename = "rules.app-1.local.toml" | |
| # Enable watch file changes | |
| # | |
| # Optional | |
| # | |
| watch = true | |
| ################################################################ | |
| # Etcd configuration backend | |
| ################################################################ | |
| # Enable Etcd configuration backend | |
| # | |
| # Optional | |
| # | |
| # [etcd] | |
| # Etcd server endpoint | |
| # | |
| # Required | |
| # | |
| # endpoint = "127.0.0.1:2379" | |
| # Enable watch Etcd changes | |
| # | |
| # Optional | |
| # | |
| # watch = true | |
| # Prefix used for KV store. | |
| # | |
| # Optional | |
| # | |
| # prefix = "/traefik" | |
| # Override default configuration template. For advanced users :) | |
| # | |
| # Optional | |
| # | |
| # filename = "etcd.tmpl" | |
| # Enable etcd TLS connection | |
| # | |
| # Optional | |
| # | |
| # [etcd.tls] | |
| # ca = "/etc/ssl/ca.crt" | |
| # cert = "/etc/ssl/etcd.crt" | |
| # key = "/etc/ssl/etcd.key" | |
| # insecureskipverify = true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment