EntryPoints

打开传入请求的连接

entryPoints

EntryPoints是Traefik的网络入口点. 它们定义了将接收数据包的端口,以及侦听TCP还是UDP.

Configuration Examples

仅端口80
## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"
## Static configuration
entryPoints:
  web:
   address: ":80"
## Static configuration
--entryPoints.web.address=:80

我们定义了一个称为webentrypoint ,它将侦听端口80 .

端口80和443
## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.websecure]
    address = ":443"
## Static configuration
entryPoints:
  web:
    address: ":80"

  websecure:
    address: ":443"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
  • 定义了两个入口点:一个称为web ,另一个称为websecure .
  • web侦听端口80websecure侦听端口443 .
端口1704上的UDP
## Static configuration
[entryPoints]
  [entryPoints.streaming]
    address = ":1704/udp"
## Static configuration
entryPoints:
  streaming:
    address: ":1704/udp"
## Static configuration
--entryPoints.streaming.address=:1704/udp

Configuration

General

EntryPoints是静态配置的一部分. 可以通过使用文件(TOML或YAML)或CLI参数来定义它们.

请参阅完整的参考以获取可用选项列表
## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888" # same as ":8888/tcp"
    [entryPoints.name.transport]
      [entryPoints.name.transport.lifeCycle]
        requestAcceptGraceTimeout = 42
        graceTimeOut = 42
      [entryPoints.name.transport.respondingTimeouts]
        readTimeout = 42
        writeTimeout = 42
        idleTimeout = 42
    [entryPoints.name.proxyProtocol]
      insecure = true
      trustedIPs = ["127.0.0.1", "192.168.0.1"]
    [entryPoints.name.forwardedHeaders]
      insecure = true
      trustedIPs = ["127.0.0.1", "192.168.0.1"]
## Static configuration
entryPoints:
  name:
    address: ":8888" # same as ":8888/tcp"
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42
        graceTimeOut: 42
      respondingTimeouts:
        readTimeout: 42
        writeTimeout: 42
        idleTimeout: 42
    proxyProtocol:
      insecure: true
      trustedIPs:
        - "127.0.0.1"
        - "192.168.0.1"
    forwardedHeaders:
      insecure: true
      trustedIPs:
        - "127.0.0.1"
        - "192.168.0.1"
## Static configuration
--entryPoints.name.address=:8888 # same as :8888/tcp
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.name.transport.lifeCycle.graceTimeOut=42
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
--entryPoints.name.transport.respondingTimeouts.idleTimeout=42
--entryPoints.name.proxyProtocol.insecure=true
--entryPoints.name.proxyProtocol.trustedIPs=127.0.0.1,192.168.0.1
--entryPoints.name.forwardedHeaders.insecure=true
--entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1

Address

地址定义了侦听传入连接和数据包的端口以及主机名(可选). 它还定义了要使用的协议(TCP或UDP). 如果未指定协议,则默认为TCP. 格式为:

[host]:port[/tcp|/udp]

如果同一端口同时需要TCP和UDP,则需要两个entryPoints定义,例如下面的示例.

端口3179上的TCP和UDP
## Static configuration
[entryPoints]
  [entryPoints.tcpep]
    address = ":3179"
  [entryPoints.udpep]
    address = ":3179/udp"
## Static configuration
entryPoints:
  tcpep:
   address: ":3179"
  udpep:
   address: ":3179/udp"
## Static configuration
--entryPoints.tcpep.address=:3179
--entryPoints.udpep.address=:3179/udp
仅侦听特定的IP地址
[entryPoints.specificIPv4]
  address = "192.168.2.7:8888"
[entryPoints.specificIPv6]
  address = "[2001:db8::1]:8888"
entryPoints:
  specificIPv4:
    address: "192.168.2.7:8888"
  specificIPv6:
    address: "[2001:db8::1]:8888"
entrypoints.specificIPv4.address=192.168.2.7:8888
entrypoints.specificIPv6.address=[2001:db8::1]:8888

可以在go的文档的net.Listen (和net.Dial )中找到有关如何指定address完整详细信息.

Forwarded Headers

您可以将Traefik配置为信任转发的标头信息( X-Forwarded-* ).

forwardedHeaders.trustedIPs

信任来自特定IP的转发头.

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
## Static configuration
entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      trustedIPs:
        - "127.0.0.1/32"
        - "192.168.1.7"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7
forwardedHeaders.insecure

不安全模式(始终信任转发的报头).

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
      insecure = true
## Static configuration
entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      insecure: true
## Static configuration
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure

Transport

respondingTimeouts

respondingTimeouts是请求到Traefik实例超时. 设置它们对UDP entryPoints无效.

transport.respondingTimeouts.readTimeout

可选,默认= 0s

readTimeout是读取整个请求(包括正文)的最大持续时间.

如果为零,则不存在超时.
可以以time.ParseDuration支持的格式或原始值(数字)提供. 如果未提供单位,则以秒为单位解析该值.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.respondingTimeouts]
        readTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      respondingTimeouts:
        readTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
transport.respondingTimeouts.writeTimeout

可选,默认= 0s

writeTimeout是超时写入响应之前的最大持续时间.

它涵盖了从请求标头读取结束到响应写入结束之间的时间. 如果为零,则不存在超时.
可以以time.ParseDuration支持的格式或原始值(数字)提供. 如果未提供单位,则以秒为单位解析该值.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.respondingTimeouts]
        writeTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      respondingTimeouts:
        writeTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
transport.respondingTimeouts.idleTimeout

可选,默认= 180s

idleTimeout是空闲(保持活动)连接在关闭自身之前将保持空闲的最大持续时间.

如果为零,则不存在超时.
可以以time.ParseDuration支持的格式或原始值(数字)提供. 如果未提供单位,则以秒为单位解析该值.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.respondingTimeouts]
        idleTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      respondingTimeouts:
        idleTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.idleTimeout=42

lifeCycle

在关闭阶段控制Traefik的行为.

lifeCycle.requestAcceptGraceTimeout

可选,默认= 0s

在启动graceTimeOut终止期限(由graceTimeOut选项定义)之前继续接受请求的持续时间. 此选项旨在给下游负载均衡器足够的时间以使Traefik停止旋转.

可以以time.ParseDuration支持的格式或原始值(数字)提供.

如果未提供单位,则以秒为单位解析该值. 零持续时间将禁用请求接受宽限期,即Traefik将立即进入宽限期.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.lifeCycle]
        requestAcceptGraceTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
lifeCycle.graceTimeOut

可选,默认= 10s

主动请求的持续时间有机会在Traefik停止之前完成.

可以以time.ParseDuration支持的格式或原始值(数字)提供.

如果未提供单位,则以秒为单位解析该值.

在此时间范围内,不接受任何新请求.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.lifeCycle]
        graceTimeOut = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      lifeCycle:
        graceTimeOut: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.graceTimeOut=42

ProxyProtocol

Traefik支持ProxyProtocol版本1和2.

如果为入口点启用了代理协议标头解析,则此入口点可以接受具有或不具有代理协议标头的连接.

如果传递了代理协议标头,则会自动确定版本.

proxyProtocol.trustedIPs

使用受信任的IP启用代理协议.

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
## Static configuration
entryPoints:
  web:
    address: ":80"
    proxyProtocol:
      trustedIPs:
        - "127.0.0.1/32"
        - "192.168.1.7"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7

仅受trustedIPs IP中的IP将导致远程客户端地址替换:在此处声明负载平衡器IP或CIDR范围.

proxyProtocol.insecure

不安全模式(仅测试环境).

在测试环境中,可以将Traefik配置为信任每个传入的连接. 这样做,将替换每个远程客户端地址(受trustedIPs无效)

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      insecure = true
## Static configuration
entryPoints:
  web:
    address: ":80"
    proxyProtocol:
      insecure: true
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure

在另一个负载均衡器后面排队Traefik

将Traefik排队在另一个负载均衡器后面时,请确保在两侧都配置代理协议. 否则可能会给您的系统带来安全风险(启用请求伪造).

HTTP Options

这整个部分专门介绍由入口点键入的选项,这些选项仅适用于HTTP路由.

Redirection

HTTPS重定向(80到443)
[entryPoints.web]
  address = ":80"

  [entryPoints.web.http]
    [entryPoints.web.http.redirections]
      [entryPoints.web.http.redirections.entryPoint]
        to = "websecure"
        scheme = "https"

[entryPoints.websecure]
  address = ":443"
entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entryPoint.to=websecure
--entrypoints.web.http.redirections.entryPoint.scheme=https
--entrypoints.websecure.address=:443

entryPoint

本节为启用(永久)将入口点(例如端口80 )上的所有传入请求重定向到另一个入口点(例如端口443 )或显式端口( :443 )的便利.

entryPoint.to

Required

目标元素可以是:

  • 入口点名称(例如: websecure
  • 一个端口( :443
[entryPoints.foo]
  # ...
  [entryPoints.foo.http.redirections]
    [entryPoints.foo.http.redirections.entryPoint]
      to = "websecure"
entryPoints:
  foo:
    # ...
    http:
      redirections:
        entryPoint:
          to: websecure
--entrypoints.foo.http.redirections.entryPoint.to=websecure
entryPoint.scheme

可选,默认=" https"

重定向目标方案.

[entryPoints.foo]
  # ...
  [entryPoints.foo.http.redirections]
    [entryPoints.foo.http.redirections.entryPoint]
      # ...
      scheme = "https"
entryPoints:
  foo:
    # ...
    http:
      redirections:
        entryPoint:
          # ...
          scheme: https
--entrypoints.foo.http.redirections.entryPoint.scheme=https
entryPoint.permanent

可选,默认= true

应用永久重定向.

[entryPoints.foo]
  # ...
  [entryPoints.foo.http.redirections]
    [entryPoints.foo.http.redirections.entryPoint]
      # ...
      permanent = true
entryPoints:
  foo:
    # ...
    http:
      redirections:
        entryPoint:
          # ...
          permanent: true
--entrypoints.foo.http.redirections.entrypoint.permanent=true
entryPoint.priority

可选,默认值= 1

生成路由器的优先级.

[entryPoints.foo]
  # ...
  [entryPoints.foo.http.redirections]
    [entryPoints.foo.http.redirections.entryPoint]
      # ...
      priority = 10
entryPoints:
  foo:
    # ...
    http:
      redirections:
        entryPoint:
          # ...
          priority: 10
--entrypoints.foo.http.redirections.entrypoint.priority=10

Middlewares

默认情况下,中间件列表在与命名入口点关联的每个路由器的中间件列表之前.

[entryPoints.websecure]
  address = ":443"

  [entryPoints.websecure.http]
    middlewares = ["[email protected]", "[email protected]"]
entryPoints:
  websecure:
    address: ':443'
    http:
      middlewares:
        - [email protected]
        - [email protected]
entrypoints.websecure.address=:443
[email protected],[email protected]

TLS

本节是关于应用于与命名入口点关联的所有路由器的默认TLS配置的.

如果TLS节(即其任何字段)是用户定义的,则默认配置根本不适用.

TLS部分与HTTP路由器上TLS部分相同.

[entryPoints.websecure]
  address = ":443"

    [entryPoints.websecure.http.tls]
      options = "foobar"
      certResolver = "leresolver"
      [[entryPoints.websecure.http.tls.domains]]
        main = "example.com"
        sans = ["foo.example.com", "bar.example.com"]
      [[entryPoints.websecure.http.tls.domains]]
        main = "test.com"
        sans = ["foo.test.com", "bar.test.com"]
entryPoints:
  websecure:
    address: ':443'
    http:
      tls:
        options: foobar
        certResolver: leresolver
        domains:
          - main: example.com
            sans:
              - foo.example.com
              - bar.example.com
          - main: test.com
            sans:
              - foo.test.com
              - bar.test.com
entrypoints.websecure.address=:443
entrypoints.websecure.http.tls.options=foobar
entrypoints.websecure.http.tls.certResolver=leresolver
entrypoints.websecure.http.tls.domains[0].main=example.com
entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
entrypoints.websecure.http.tls.domains[1].main=test.com
entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
让我们加密
[entryPoints.websecure]
  address = ":443"

    [entryPoints.websecure.http.tls]
      certResolver = "leresolver"
entryPoints:
  websecure:
    address: ':443'
    http:
      tls:
        certResolver: leresolver
entrypoints.websecure.address=:443
entrypoints.websecure.http.tls.certResolver=leresolver