EntryPoints

打开传入请求的连接

entryPoints

EntryPoints是Traefik的网络入口点. 它们定义了将接收请求的端口(无论是HTTP还是TCP).

Configuration Examples

仅端口80
## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"
## Static configuration
entryPoints:
  web:
   address: ":80"
## Static configuration
--entryPoints.web.address=:80

我们定义了一个称为webentrypoint ,它将侦听端口80 .

端口80和443
## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"
## Static configuration
entryPoints:
  web:
    address: ":80"

  web-secure:
    address: ":443"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.web-secure.address=:443
  • 定义了两个入口点:一个称为web ,另一个称为web-secure .
  • web在端口80上侦听,在端口443web-secure .

Configuration

General

EntryPoints是静态配置的一部分. 您可以使用toml文件,CLI参数或键值存储来定义它们.

请参阅完整的参考以获取可用选项列表
## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.lifeCycle]
        requestAcceptGraceTimeout = 42
        graceTimeOut = 42
      [entryPoints.name.transport.respondingTimeouts]
        readTimeout = 42
        writeTimeout = 42
        idleTimeout = 42
    [entryPoints.name.proxyProtocol]
      insecure = true
      trustedIPs = ["127.0.0.1", "192.168.0.1"]
    [entryPoints.name.forwardedHeaders]
      insecure = true
      trustedIPs = ["127.0.0.1", "192.168.0.1"]
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42
        graceTimeOut: 42
      respondingTimeouts:
        readTimeout: 42
        writeTimeout: 42
        idleTimeout: 42
    proxyProtocol:
      insecure: true
      trustedIPs:
        - "127.0.0.1"
        - "192.168.0.1"
    forwardedHeaders:
      insecure: true
      trustedIPs:
        - "127.0.0.1"
        - "192.168.0.1"
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.name.transport.lifeCycle.graceTimeOut=42
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
--entryPoints.name.transport.respondingTimeouts.idleTimeout=42
--entryPoints.name.proxyProtocol.insecure=true
--entryPoints.name.proxyProtocol.trustedIPs=127.0.0.1,192.168.0.1
--entryPoints.name.forwardedHeaders.insecure=true
--entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1

Forwarded Header

您可以将Traefik配置为信任转发的标头信息( X-Forwarded-* ).

forwardedHeaders.trustedIPs

信任来自特定IP的转发头.

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
## Static configuration
entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      trustedIPs:
        - "127.0.0.1/32"
        - "192.168.1.7"
## Static configuration
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7
forwardedHeaders.insecure

不安全模式(始终信任转发的报头).

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
      insecure = true
## Static configuration
entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      insecure: true
## Static configuration
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure

Transport

respondingTimeouts

respondingTimeouts是请求到Traefik实例超时.

transport.respondingTimeouts.readTimeout

可选,默认= 0s

readTimeout是读取整个请求(包括正文)的最大持续时间.

如果为零,则不存在超时.
可以以time.ParseDuration支持的格式或原始值(数字)提供. 如果未提供单位,则以秒为单位解析该值.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.respondingTimeouts]
        readTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      respondingTimeouts:
        readTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.readTimeout=42
transport.respondingTimeouts.writeTimeout

可选,默认= 0s

writeTimeout是超时写入响应之前的最大持续时间.

它涵盖了从请求标头读取结束到响应写入结束的时间. 如果为零,则不存在超时.
可以以time.ParseDuration支持的格式或原始值(数字)提供. 如果未提供单位,则以秒为单位解析该值.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.respondingTimeouts]
        writeTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      respondingTimeouts:
        writeTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.writeTimeout=42
transport.respondingTimeouts.idleTimeout

可选,默认= 180s

idleTimeout是空闲(保持活动)连接在关闭自身之前将保持空闲的最大持续时间.

如果为零,则不存在超时.
可以以time.ParseDuration支持的格式或原始值(数字)提供. 如果未提供单位,则以秒为单位解析该值.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.respondingTimeouts]
        idleTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      respondingTimeouts:
        idleTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.respondingTimeouts.idleTimeout=42

lifeCycle

在关闭阶段控制Traefik的行为.

lifeCycle.requestAcceptGraceTimeout

可选,默认= 0s

在启动graceTimeOut终止期限(由graceTimeOut选项定义)之前继续接受请求的持续时间. 此选项旨在为下游负载均衡器留出足够的时间使Traefik停止旋转.

可以以time.ParseDuration支持的格式或原始值(数字)提供.

如果未提供单位,则以秒为单位解析该值. 零持续时间将禁用请求接受宽限期,即Traefik将立即进入宽限期.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.lifeCycle]
        requestAcceptGraceTimeout = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
lifeCycle.graceTimeOut

可选,默认= 10s

主动请求的持续时间有机会在Traefik停止之前完成.

可以以time.ParseDuration支持的格式或原始值(数字)提供.

如果未提供单位,则以秒为单位解析该值.

在此时间范围内,不接受任何新请求.

## Static configuration
[entryPoints]
  [entryPoints.name]
    address = ":8888"
    [entryPoints.name.transport]
      [entryPoints.name.transport.lifeCycle]
        graceTimeOut = 42
## Static configuration
entryPoints:
  name:
    address: ":8888"
    transport:
      lifeCycle:
        graceTimeOut: 42
## Static configuration
--entryPoints.name.address=:8888
--entryPoints.name.transport.lifeCycle.graceTimeOut=42

ProxyProtocol

Traefik支持ProxyProtocol版本1和2.

如果为入口点启用了代理协议标头解析,则此入口点可以接受具有或不具有代理协议标头的连接.

如果传递了代理协议标头,则会自动确定版本.

proxyProtocol.trustedIPs

使用受信任的IP启用代理协议.

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
## Static configuration
entryPoints:
  web:
    address: ":80"
    proxyProtocol:
      trustedIPs:
        - "127.0.0.1/32"
        - "192.168.1.7"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7

仅受trustedIPs IP中的IP将导致远程客户端地址替换:在此处声明负载平衡器IP或CIDR范围.

proxyProtocol.insecure

不安全模式(仅测试环境).

在测试环境中,可以将Traefik配置为信任每个传入的连接. 这样做,将替换每个远程客户端地址(受trustedIPs将不起作用)

## Static configuration
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      insecure = true
## Static configuration
entryPoints:
  web:
    address: ":80"
    proxyProtocol:
      insecure: true
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure

在另一个负载均衡器后面排队Traefik

将Traefik排队在另一个负载均衡器后面时,请确保在两侧都配置代理协议. 否则可能会给您的系统带来安全风险(启用请求伪造).