Migration Guide: From v1 to v2

如何从Traefik v1迁移到Traefik v2.

Traefik的版本2引入了许多重大更改,当它们从v1迁移到v2时,需要对其进行更新. 该页面的目的是概括所有这些更改,尤其是逐个功能举例说明配置在v1中的外观以及现在在v2中的外观.

迁移助手

我们创建了一个在迁移过程中提供帮助的工具: traefik-migration-tool

该工具可以:

  • Ingress转换为Traefik IngressRoute资源.
  • acme.json文件从v1转换为v2格式.
  • 将文件traefik.toml包含的静态配置迁移到Traefik v2文件.

Frontends and Backends Are Dead...
... Long Live Routers, Middlewares, and Services

在从v1过渡到v2的过程中,Traefik的许多内部零件和组件被重写和重组. 这样,诸如前端和后端之类的核心概念的组合已被路由器服务中间件的组合所取代.

通常,路由器代替前端,而服务承担后端的角色,每个路由器都引用服务. 但是,即使后端负责对传入的请求即时进行任何所需的修改,路由器也会将此责任推迟到另一个组件. 相反,现在为每种此类修改定义了专用的中间件. 然后,任何路由器都可以引用所需中间件的实例.

一个具有基本身份验证的前端和一个后端,将成为一个路由器,一项服务和一个基本身份验证中间件.

v1

labels:
  - "traefik.frontend.rule=Host:test.localhost;PathPrefix:/test"
  - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/rule-type: PathPrefix
spec:
  rules:
  - host: test.locahost
    http:
      paths:
      - path: /test
        backend:
          serviceName: server0
          servicePort: 80
      - path: /test
        backend:
          serviceName: server1
          servicePort: 80
[frontends]
  [frontends.frontend1]
    entryPoints = ["http"]
    backend = "backend1"

    [frontends.frontend1.routes]
      [frontends.frontend1.routes.route0]
        rule = "Host:test.localhost"
      [frontends.frontend1.routes.route0]
        rule = "PathPrefix:/test"

    [frontends.frontend1.auth]
      [frontends.frontend1.auth.basic]
        users = [
          "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
          "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
        ]

[backends]
  [backends.backend1]
    [backends.backend1.servers.server0]
      url = "http://10.10.10.1:80"
    [backends.backend1.servers.server1]
      url = "http://10.10.10.2:80"

    [backends.backend1.loadBalancer]
      method = "wrr"

v2

labels:
  - "traefik.http.routers.router0.rule=Host(`bar.com`) && PathPrefix(`/test`)"
  - "traefik.http.routers.router0.middlewares=auth"
  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
# The definitions below require the definitions for the Middleware and IngressRoute kinds.
# https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definition
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: basicauth
  namespace: foo

spec:
  basicAuth:
    users:
      - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
      - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutebar

spec:
  entryPoints:
    - http
  routes:
  - match: Host(`test.localhost`) && PathPrefix(`/test`)
    kind: Rule
    services:
    - name: server0
      port: 80
    - name: server1
      port: 80
    middlewares:
    - name: basicauth
      namespace: foo
[http.routers]
  [http.routers.router0]
    rule = "Host(`test.localhost`) && PathPrefix(`/test`)"
    middlewares = ["auth"]
    service = "my-service"

[http.services]
  [[http.services.my-service.loadBalancer.servers]]
    url = "http://10.10.10.1:80"
  [[http.services.my-service.loadBalancer.servers]]
    url = "http://10.10.10.2:80"

[http.middlewares]
  [http.middlewares.auth.basicAuth]
    users = [
      "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
      "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
    ]
http:
  routers:
    router0:
      rule: "Host(`test.localhost`) && PathPrefix(`/test`)"
      service: my-service
      middlewares:
        - auth

  services:
    my-service:
      loadBalancer:
        servers:
          - url: http://10.10.10.1:80
          - url: http://10.10.10.2:80

  middlewares:
    auth:
      basicAuth:
        users:
          - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
          - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"

TLS Configuration Is Now Dynamic, per Router.

以前在静态配置中将TLS参数指定为entryPoint字段. 对于Traefik v2,位于根目录的新动态TLS部分包含所有所需的TLS配置. 然后, 路由器的TLS字段可以指之一TLS配置在根中定义的,因此限定了TLS配置为路由器.

Web安全entryPoint上的TLS在Router-1上成为TLS选项

v1

# static configuration
[entryPoints]
  [entryPoints.web-secure]
    address = ":443"

    [entryPoints.web-secure.tls]
      minVersion = "VersionTLS12"
      cipherSuites = [
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
       ]
      [[entryPoints.web-secure.tls.certificates]]
        certFile = "path/to/my.cert"
        keyFile = "path/to/my.key"
--entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'

v2

# dynamic configuration
[http.routers]
  [http.routers.Router-1]
    rule = "Host(`bar.com`)"
    service = "service-id"
    # will terminate the TLS request
    [http.routers.Router-1.tls]
      options = "myTLSOptions"

[[tls.certificates]]
  certFile = "/path/to/domain.cert"
  keyFile = "/path/to/domain.key"

[tls.options]
  [tls.options.default]
    minVersion = "VersionTLS12"

  [tls.options.myTLSOptions]
    minVersion = "VersionTLS13"
    cipherSuites = [
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
        ]
http:
  routers:
    Router-1:
      rule: "Host(`bar.com`)"
      service: service-id
      # will terminate the TLS request
      tls:
        options: myTLSOptions

tls:
  certificates:
    - certFile: /path/to/domain.cert
      keyFile: /path/to/domain.key
  options:
    myTLSOptions:
      minVersion: VersionTLS13
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://docs.traefik.io/v2.0/providers/kubernetes-crd/#traefik-ingressroute-definition
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
  name: mytlsoption
  namespace: default

spec:
  minVersion: VersionTLS13
  cipherSuites:
    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutebar

spec:
  entryPoints:
    - web
  routes:
    - match: Host(`bar.com`)
      kind: Rule
      services:
        - name: whoami
          port: 80
  tls:
    options:
      name: mytlsoption
      namespace: default
labels:
  # myTLSOptions must be defined by another provider, in this instance in the File Provider.
  # see the cross provider section
  - "[email protected]"

HTTP to HTTPS Redirection Is Now Configured on Routers

先前在Traefik v1上,重定向是在入口点或前端上应用的. 在Traefik v2中,它被应用在路由器上 .

要应用重定向,必须配置重定向中间件之一RedirectRegexRedirectScheme并将其添加到路由器中间件列表中.

HTTP到HTTPS重定向

v1

# static configuration
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"

  [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
        certFile = "examples/traefik.crt"
        keyFile = "examples/traefik.key"
--entrypoints=Name:web Address::80 Redirect.EntryPoint:web-secure
--entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key'

v2

labels:
- traefik.http.routers.web.rule=Host(`foo.com`)
- traefik.http.routers.web.entrypoints=web
- [email protected]
- traefik.http.routers.web-secured.rule=Host(`foo.com`)
- traefik.http.routers.web-secured.entrypoints=web-secure
- traefik.http.routers.web-secured.tls=true
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: http-redirect-ingressRoute

spec:
  entryPoints:
    - web
  routes:
    - match: Host(`foo.com`)
      kind: Rule
      services:
        - name: whoami
          port: 80
      middlewares:
        - name: redirect

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: https-ingressRoute

spec:
  entryPoints:
    - web-secure
  routes:
    - match: Host(`foo`)
      kind: Rule
      services:
        - name: whoami
          port: 80
  tls: {}

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirect
spec:
  redirectScheme:
    scheme: https
## static configuration
# traefik.toml

[entryPoints.web]
  address = ":80"

[entryPoints.web-secure]
  address = ":443"

##---------------------##

## dynamic configuration
# dynamic-conf.toml

[http.routers]
  [http.routers.router0]
    rule = "Host(`foo.com`)"
    service = "my-service"
    entrypoints = ["web"]
    middlewares = ["redirect"]

[http.routers.router1]
    rule = "Host(`foo.com`)"
    service = "my-service"
    entrypoints = ["web-secure"]
    [http.routers.router1.tls]

[http.services]
  [[http.services.my-service.loadBalancer.servers]]
    url = "http://10.10.10.1:80"
  [[http.services.my-service.loadBalancer.servers]]
    url = "http://10.10.10.2:80"

[http.middlewares]
  [http.middlewares.redirect.redirectScheme]
    scheme = "https"

[[tls.certificates]]
  certFile = "/path/to/domain.cert"
  keyFile = "/path/to/domain.key"
## static configuration
# traefik.yml

entryPoints:
  web:
    address: ":80"

  web-secure:
    address: ":443"

##---------------------##

## dynamic configuration
# dynamic-conf.yml

http:
  routers:
    router0:
      rule: "Host(`foo.com`)"
      entryPoints:
        - web
      middlewares:
        - redirect
      service: my-service

    router1:
      rule: "Host(`foo.com`)"
      entryPoints:
        - web-secure
      service: my-service
      tls: {}

  services:
    my-service:
      loadBalancer:
        servers:
          - url: http://10.10.10.1:80
          - url: http://10.10.10.2:80

  middlewares:
    redirect:
      redirectScheme:
        scheme: https

tls:
  certificates:
    - certFile: /app/certs/server/server.pem
      keyFile: /app/certs/server/server.pem

Strip and Rewrite Path Prefixes

使用v2的新核心概念(在前面的"前端和后端已失效...长期存在的路由器,中间件和服务"一节中介绍的 ),在路由步骤之后,使用中间件配置了传入请求的URL路径前缀.使用路由器规则PathPrefix .

用例:到http://company.org/admin传入请求将转发到Web应用程序" admin",其中路径/admin被剥离,例如到http://<IP>:<port>/ . 在这种情况下,您必须:

  • 首先,使用至少与PathPrefix关键字匹配路径前缀的规则配置名为admin的路由器,
  • 然后,定义stripprefix类型的中间件,该中间件删除与路由器admin关联的前缀/admin admin .

转发到后端时剥离路径前缀

v1

labels:
  - "traefik.frontend.rule=Host:company.org;PathPrefixStrip:/admin"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name: traefik
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
spec:
  rules:
  - host: company.org
    http:
      paths:
      - path: /admin
        backend:
          serviceName: admin-svc
          servicePort: admin
[frontends.admin]
  [frontends.admin.routes.admin_1]
  rule = "Host:company.org;PathPrefixStrip:/admin"

v2

labels:
  - "traefik.http.routers.admin.rule=Host(`company.org`) && PathPrefix(`/admin`)"
  - "traefik.http.routers.admin.middlewares=admin-stripprefix"
  - "traefik.http.middlewares.admin-stripprefix.stripprefix.prefixes=/admin"
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: http-redirect-ingressRoute
  namespace: admin-web
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`company.org`) && PathPrefix(`/admin`)
      kind: Rule
      services:
        - name: admin-svc
          port: admin
      middlewares:
        - name: admin-stripprefix
---
kind: Middleware
metadata:
  name: admin-stripprefix
spec:
  stripPrefix:
    prefixes:
      - /admin
## Dynamic configuration
# dynamic-conf.toml

[http.routers.router1]
    rule = "Host(`company.org`) && PathPrefix(`/admin`)"
    service = "admin-svc"
    entrypoints = ["web"]
    middlewares = ["admin-stripprefix"]

[http.middlewares]
  [http.middlewares.admin-stripprefix.stripPrefix]
  prefixes = ["/admin"]

# ...
## Dynamic Configuration
# dynamic-conf.yml

# As YAML Configuration File
http:
  routers:
    admin:
      service: admin-svc
      middlewares:
        - "admin-stripprefix"
      rule: "Host(`company.org`) && PathPrefix(`/admin`)"

  middlewares:
    admin-stripprefix:
      stripPrefix:
        prefixes: 
        - "/admin"

# ...
其他路径转换又如何呢?

除了使用stripprefix中间件删除路径前缀stripprefix ,您还可以:

ACME (LetsEncrypt)

ACME现在是证书解析器(在certificateResolvers部分下),但仍处于静态配置中.

从提供商到特定证书解析器的ACME

v1

# static configuration
defaultEntryPoints = ["web-secure","web"]

[entryPoints.web]
address = ":80"
  [entryPoints.web.redirect]
  entryPoint = "webs"
[entryPoints.web-secure]
  address = ":443"
  [entryPoints.https.tls]

[acme]
  email = "[email protected]"
  storage = "acme.json"
  entryPoint = "web-secure"
  onHostRule = true
  [acme.httpChallenge]
    entryPoint = "web"
--defaultentrypoints=web-secure,web
--entryPoints=Name:web Address::80 Redirect.EntryPoint:web-secure
--entryPoints=Name:web-secure Address::443 TLS
[email protected]
--acme.storage=acme.json
--acme.entryPoint=web-secure
--acme.onHostRule=true
--acme.httpchallenge.entrypoint=http

v2

# static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"

[certificatesResolvers.sample.acme]
  email = "[email protected]"
  storage = "acme.json"
  [certificatesResolvers.sample.acme.httpChallenge]
    # used during the challenge
    entryPoint = "web"
entryPoints:
  web:
    address: ":80"

  web-secure:
    address: ":443"

certificatesResolvers:
  sample:
    acme:
      email: [email protected]
      storage: acme.json
      httpChallenge:
        # used during the challenge
        entryPoint: web
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
[email protected].org
--certificatesResolvers.sample.acme.storage=acme.json
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web

Traefik Logs

在v2中,所有日志配置均保留在静态部分,但在log部分下统一. 在根级别没有更多的日志配置.

简单的日志配置

v1

# static configuration
logLevel = "DEBUG"

[traefikLog]
  filePath = "/path/to/traefik.log"
  format   = "json"
--logLevel=DEBUG
--traefikLog.filePath=/path/to/traefik.log
--traefikLog.format=json

v2

# static configuration
[log]
  level = "DEBUG"
  filePath = "/path/to/log-file.log"
  format = "json"
# static configuration
log:
  level: DEBUG
  filePath: /path/to/log-file.log
  format: json
--log.level=DEBUG
--log.filePath=/path/to/traefik.log
--log.format=json

Tracing

Traefik v2保留了OpenTracing支持. v1的backend root选项不见了,您只需要设置跟踪配置即可 .

简单的Jaeger跟踪配置

v1

# static configuration
[tracing]
  backend = "jaeger"
  servicename = "tracing"
  [tracing.jaeger]
    samplingParam = 1.0
    samplingServerURL = "http://12.0.0.1:5778/sampling"
    samplingType = "const"
    localAgentHostPort = "12.0.0.1:6831"
--tracing.backend=jaeger
--tracing.servicename=tracing
--tracing.jaeger.localagenthostport=12.0.0.1:6831
--tracing.jaeger.samplingparam=1.0
--tracing.jaeger.samplingserverurl=http://12.0.0.1:5778/sampling
--tracing.jaeger.samplingtype=const

v2

# static configuration
[tracing]
  servicename = "tracing"
  [tracing.jaeger]
    samplingParam = 1.0
    samplingServerURL = "http://12.0.0.1:5778/sampling"
    samplingType = "const"
    localAgentHostPort = "12.0.0.1:6831"
# static configuration
tracing:
  servicename: tracing
  jaeger:
    samplingParam: 1
    samplingServerURL: 'http://12.0.0.1:5778/sampling'
    samplingType: const
    localAgentHostPort: '12.0.0.1:6831'
--tracing.servicename=tracing
--tracing.jaeger.localagenthostport=12.0.0.1:6831
--tracing.jaeger.samplingparam=1.0
--tracing.jaeger.samplingserverurl=http://12.0.0.1:5778/sampling
--tracing.jaeger.samplingtype=const

Metrics

v2保留了指标工具,并允许为入口点和/或服务配置指标. 对于基本配置, 指标配置保持不变.

简单的Prometheus指标配置

v1

# static configuration
[metrics.prometheus]
  buckets = [0.1,0.3,1.2,5.0]
  entryPoint = "traefik"
--metrics.prometheus.buckets=[0.1,0.3,1.2,5.0]
--metrics.prometheus.entrypoint=traefik

v2

# static configuration
[metrics.prometheus]
  buckets = [0.1,0.3,1.2,5.0]
  entryPoint = "metrics"
# static configuration
metrics:
  prometheus:
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5
    entryPoint: metrics
--metrics.prometheus.buckets=[0.1,0.3,1.2,5.0]
--metrics.prometheus.entrypoint=metrics

No More Root Level Key/Values

为了避免造成任何混乱,在根级别没有更多配置. 每个根项目都已移至相关部分或已删除.

从根到专用部分

v1

# static configuration
checkNewVersion = false
sendAnonymousUsage = true
logLevel = "DEBUG"
insecureSkipVerify = true
rootCAs = [ "/mycert.cert" ]
maxIdleConnsPerHost = 200
providersThrottleDuration = "2s"
AllowMinWeightZero = true
debug = true
defaultEntryPoints = ["web", "web-secure"]
keepTrailingSlash = false
--checknewversion=false
--sendanonymoususage=true
--loglevel=DEBUG
--insecureskipverify=true
--rootcas=/mycert.cert
--maxidleconnsperhost=200
--providersthrottleduration=2s
--allowminweightzero=true
--debug=true
--defaultentrypoints=web,web-secure
--keeptrailingslash=true

v2

# static configuration
[global]
  checkNewVersion = true
  sendAnonymousUsage = true

[log]
  level = "DEBUG"

[serversTransport]
  insecureSkipVerify = true
  rootCAs = [ "/mycert.cert" ]
  maxIdleConnsPerHost = 42

[providers]
  providersThrottleDuration = 42
# static configuration
global:
  checkNewVersion: true
  sendAnonymousUsage: true

log:
  level: DEBUG

serversTransport:
  insecureSkipVerify: true
  rootCAs:
    - /mycert.cert
  maxIdleConnsPerHost: 42

providers:
  providersThrottleDuration: 42
--global.checknewversion=true
--global.sendanonymoususage=true
--log.level=DEBUG
--serverstransport.insecureskipverify=true
--serverstransport.rootcas=/mycert.cert
--serverstransport.maxidleconnsperhost=42
--providers.providersthrottleduration=42

Dashboard

您需要激活API才能访问仪表板 . 由于默认情况下现在已保护仪表板访问,因此您可以:

带有k8s和专用路由器的仪表板

由于[email protected]不是Kubernetes服务,因此您必须使用文件提供程序或insecure API选项.

激活并访问仪表板

v1

## static configuration
# traefik.toml

[entryPoints.web-secure]
  address = ":443"
  [entryPoints.web-secure.tls]
  [entryPoints.web-secure.auth]
    [entryPoints.web-secure.auth.basic]
      users = [
        "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
      ]

[api]
  entryPoint = "web-secure"
--entryPoints='Name:web-secure Address::443 TLS Auth.Basic.Users:test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'
--api

v2

# dynamic configuration
labels:
  - "traefik.http.routers.api.rule=Host(`traefik.docker.localhost`)"
  - "traefik.http.routers.api.entrypoints=web-secured"
  - "[email protected]"
  - "traefik.http.routers.api.middlewares=myAuth"
  - "traefik.http.routers.api.tls"
  - "traefik.http.middlewares.myAuth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
## static configuration
# traefik.toml

[entryPoints.web-secure]
  address = ":443"

[api]

[providers.file]
  directory = "/path/to/dynamic/config"

##---------------------##

## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.toml

[http.routers.api]
  rule = "Host(`traefik.docker.localhost`)"
  entrypoints = ["web-secure"]
  service = "[email protected]"
  middlewares = ["myAuth"]
  [http.routers.api.tls]

[http.middlewares.myAuth.basicAuth]
  users = [
    "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  ]
## static configuration
# traefik.yaml

entryPoints:
  web-secure:
    address: ':443'

api: {}

providers:
  file:
    directory: /path/to/dynamic/config

##---------------------##

## dynamic configuration
# /path/to/dynamic/config/dynamic-conf.yaml

 http:
  routers:
    api:
      rule: Host(`traefik.docker.localhost`)
      entrypoints:
        - web-secure
      service: [email protected]
      middlewares:
        - myAuth
      tls: {}

  middlewares:
    myAuth:
      basicAuth:
        users:
          - 'test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/'

Providers

目前支持的提供商

  • Azure服务结构
  • BoltDB
  • Consul
  • 领事目录
  • Docker
  • DynamoDB
  • ECS
  • Etcd
  • Eureka
  • File
  • Kubernetes入口(无注释)
  • 在Kubernetes IngressRoute中
  • Marathon
  • Mesos
  • Rancher
  • Rest
  • Zookeeper

Some Tips You Should Know

  • 不能混合使用不同的静态配置源(文件,CLI标志等).
  • 现在,可以使用提供程序名称空间符号@<provider>在不同的提供程序之间引用配置元素. 例如,文件提供程序中名为myrouter的路由器可以使用以下符号引用Docker提供程序中定义的名为myservice的服务: [email protected] .
  • 中间件的应用顺序与其在路由器中的声明相同.
  • 如果您有任何疑问,请随时加入我们的社区论坛 .