traefik.toml

################################################################
# Global configuration
################################################################

# Enable debug mode
#
# Optional
# Default: false
#
debug = false

# Traefik logs file
# If not defined, logs to stdout
#
# Optional
#
# traefikLogsFile = "log/traefik.log"

# Access logs file
#
# Optional
#
# accessLogsFile = "log/access.log"

# Entrypoints to be used by frontends that do not specify any entrypoint.
# Each frontend can specify its own entrypoints.
#
# Optional
# Default: ["http"]
#
defaultEntryPoints = ["http", "https"]
# TODO defaultEntryPoints = ["http", "https"]

# Enable ACME (Let's Encrypt): automatic SSL
#
# Optional
#
[acme]

# Email address used for registration
#
# Required
#
email = "nick@tam.er" # Just set that as a CLI argument!

# File or key used for certificates storage.
# WARNING, if you use Traefik in Docker, you have 2 options:
#  - create a file on your host and mount it as a volume
#      storageFile = "acme.json"
#      $ docker run -v "/my/host/acme.json:acme.json" traefik
#  - mount the folder containing the file as a volume
#      storageFile = "/etc/traefik/acme/acme.json"
#      $ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
#
# Required
#
storage = "/etc/traefik/acme/acme.json" # or "traefik/acme/account" if using KV store

# Entrypoint to proxy acme challenge/apply certificates to.
# WARNING, must point to an entrypoint on port 443
#
# Required
#
entryPoint = "https"

# Use a DNS based acme challenge rather than external HTTPS access, e.g. for a firewalled server
# Select the provider that matches the DNS domain that will host the challenge TXT record,
# and provide environment variables with access keys to enable setting it:
#  - gandi: GANDI_API_KEY
#  - manual: none, but run traefik interactively & turn on acmeLogging to see instructions & press Enter
#  - ovh: OVH_ENDPOINT, OVH_APPLICATION_KEY, OVH_APPLICATION_SECRET, OVH_CONSUMER_KEY
#
# Optional
#
# dnsProvider = "digitalocean"

# By default, the dnsProvider will verify the TXT DNS challenge record before letting ACME verify
# If delayDontCheckDNS is greater than zero, avoid this & instead just wait so many seconds.
# Useful if internal networks block external DNS queries
#
# Optional
#
# delayDontCheckDNS = 0

# If true, display debug log messages from the acme client library
#
# Optional
#
acmeLogging = true


# Enable certificate generation on frontends Host rules. This will request a certificate from Let's Encrypt for each frontend with a Host rule.
# For example, a rule Host:test1.traefik.io,test2.traefik.io will request a certificate with main domain test1.traefik.io and SAN test2.traefik.io.
#
# Optional
#
OnHostRule = true

# CA server to use
# Uncomment the line to run on the staging let's encrypt server
# Leave comment to go to prod
#
# Optional
#
# caServer = "https://acme-staging.api.letsencrypt.org/directory"

# Domains list
# You can provide SANs (alternative domains) to each main domain
# All domains must have A/AAAA records pointing to Traefik
# WARNING, Take note that Let's Encrypt have rate limiting: https://letsencrypt.org/docs/rate-limits
# Each domain & SANs will lead to a certificate request.
#
# [[acme.domains]]
#   main = "local1.com"
#   sans = ["test1.local1.com", "test2.local1.com"]
# [[acme.domains]]
#   main = "local2.com"
#   sans = ["test1.local2.com", "test2x.local2.com"]
# [[acme.domains]]
#   main = "local3.com"
# [[acme.domains]]
#   main = "local4.com"


# Entrypoints definition
#
# To redirect an http entrypoint to an https entrypoint (with SNI support):
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
#     [acme]
#     # caServer = "https://acme-staging.api.letsencrypt.org/directory"
#     email = "letsencrypt@example.com"
#     storage = "acme.json"
#     entryPoint = "https"
#     onDemand = false
#     OnHostRule = true

# To redirect an entrypoint rewriting the URL:
# [entryPoints]
#   [entryPoints.http]
#   address = ":80"
#     [entryPoints.http.redirect]
#       regex = "^http://localhost/(.*)"
#       replacement = "http://mydomain/$1"
#

################################################################
# Web configuration backend
################################################################

# Enable web configuration backend
#
# Optional
#
[web]

# Web administration port
#
# Required
#

# SSL certificate and key used
#
# Optional
#
# CertFile = "traefik.crt"
# KeyFile = "traefik.key"
#
# Set REST API to read-only mode
#
# Optional
# ReadOnly = false
#
# Enable more detailed statistics
# [web.statistics]
#   RecentErrors = 10
#
# To enable Traefik to export internal metrics to Prometheus
# [web.metrics.prometheus]
#   Buckets=[0.1,0.3,1.2,5.0]
#

# To enable basic auth on the webui
# with 2 user/pass: test:test and test2:test2
# Passwords can be encoded in MD5, SHA1 and BCrypt: you can use htpasswd to generate those ones
# TODO: template this as well (or to be put in a CLI argument)
#   [web.auth.basic]
#     users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
# To enable digest auth on the webui
# with 2 user/realm/pass: test:traefik:test and test2:traefik:test2
# You can use htdigest to generate those ones
#   [web.auth.digest]
#     users = ["test:traefik:a2688e031edb4be6a3797f3882655c05 ", "test2:traefik:518845800f9e2bfb1f1f740ec24f074e"]


################################################################
# File configuration backend
################################################################

# Enable file configuration backend
#
# Optional
#
# [file]

# Rules file
# If defined, traefik will load rules from this file,
# otherwise, it will load rules from current file (cf Sample rules below).
#
# Optional
#
# filename = "rules.toml"

# Enable watch file changes
#
# Optional
#
# watch = true


################################################################
# Docker configuration backend
################################################################

# Enable Docker configuration backend
#
# Optional
#
[docker]

# Docker server endpoint. Can be a tcp or a unix socket endpoint.
#
# Required
#
endpoint = "unix:///var/run/docker.sock"

# Default domain used.
# Can be overridden by setting the "traefik.domain" label on a container.
#
# Required
#
# NDLR: To be set as a CLI argument

# Enable watch docker changes
#
# Optional
#
watch = true

# Expose containers by default in traefik
#
# Optional
# Default: true
#
exposedbydefault = false

# Enable docker TLS connection
#
# Optional
#
#  [docker.tls]
#  ca = "/etc/ssl/ca.crt"
#  cert = "/etc/ssl/docker.crt"
#  key = "/etc/ssl/docker.key"
#  insecureskipverify = true


################################################################
# Sample rules
################################################################
# [backends]
#   [backends.backend1]
#     [backends.backend1.circuitbreaker]
#       expression = "NetworkErrorRatio() > 0.5"
#     [backends.backend1.servers.server1]
#     url = "http://172.17.0.2:80"
#     weight = 10
#     [backends.backend1.servers.server2]
#     url = "http://172.17.0.3:80"
#     weight = 1
#   [backends.backend2]
#     [backends.backend2.LoadBalancer]
#       method = "drr"
#     [backends.backend2.servers.server1]
#     url = "http://172.17.0.4:80"
#     weight = 1
#     [backends.backend2.servers.server2]
#     url = "http://172.17.0.5:80"
#     weight = 2
#
# [frontends]
#   [frontends.frontend1]
#   backend = "backend2"
#     [frontends.frontend1.routes.test_1]
#     rule = "Host: test.localhost, other.localhost"
#   [frontends.frontend2]
#   backend = "backend1"
#   passHostHeader = true
#   entrypoints = ["https"] # overrides defaultEntryPoints
#     [frontends.frontend2.routes.test_1]
#     rule = "Host:{subdomain:[a-z]+}.localhost"
#   [frontends.frontend3]
#   entrypoints = ["http", "https"] # overrides defaultEntryPoints
#   backend = "backend2"
#     rule = "Path: /test, /other"