mirrors/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-09-20 21:31:14 +02:00
Code Issues Projects Releases Wiki Activity
traefik/docs/content/reference/install-configuration/configuration-options.md
Harold Ozouf fed86bd816
Refactor plugins system
2025-09-16 16:16:07 +02:00

483 lines
103 KiB
Markdown
Raw Blame History

<!--
CODE GENERATED AUTOMATICALLY
THIS FILE MUST NOT BE EDITED BY HAND
-->
# Install Configuration Options
## Configuration Options
| Field | Description | Default |
|:-------|:------------|:-------|
| <a id="accesslog" href="#accesslog" title="#accesslog">accesslog</a> | Access log settings. | false |
| <a id="accesslog-addinternals" href="#accesslog-addinternals" title="#accesslog-addinternals">accesslog.addinternals</a> | Enables access log for internal services (ping, dashboard, etc...). | false |
| <a id="accesslog-bufferingsize" href="#accesslog-bufferingsize" title="#accesslog-bufferingsize">accesslog.bufferingsize</a> | Number of access log lines to process in a buffered way. | 0 |
| <a id="accesslog-fields-defaultmode" href="#accesslog-fields-defaultmode" title="#accesslog-fields-defaultmode">accesslog.fields.defaultmode</a> | Default mode for fields: keep | drop | keep |
| <a id="accesslog-fields-headers-defaultmode" href="#accesslog-fields-headers-defaultmode" title="#accesslog-fields-headers-defaultmode">accesslog.fields.headers.defaultmode</a> | Default mode for fields: keep | drop | redact | drop |
| <a id="accesslog-fields-headers-names-name" href="#accesslog-fields-headers-names-name" title="#accesslog-fields-headers-names-name">accesslog.fields.headers.names._name_</a> | Override mode for headers | |
| <a id="accesslog-fields-names-name" href="#accesslog-fields-names-name" title="#accesslog-fields-names-name">accesslog.fields.names._name_</a> | Override mode for fields | |
| <a id="accesslog-filepath" href="#accesslog-filepath" title="#accesslog-filepath">accesslog.filepath</a> | Access log file path. Stdout is used when omitted or empty. | |
| <a id="accesslog-filters-minduration" href="#accesslog-filters-minduration" title="#accesslog-filters-minduration">accesslog.filters.minduration</a> | Keep access logs when request took longer than the specified duration. | 0 |
| <a id="accesslog-filters-retryattempts" href="#accesslog-filters-retryattempts" title="#accesslog-filters-retryattempts">accesslog.filters.retryattempts</a> | Keep access logs when at least one retry happened. | false |
| <a id="accesslog-filters-statuscodes" href="#accesslog-filters-statuscodes" title="#accesslog-filters-statuscodes">accesslog.filters.statuscodes</a> | Keep access logs with status codes in the specified range. | |
| <a id="accesslog-format" href="#accesslog-format" title="#accesslog-format">accesslog.format</a> | Access log format: json, common, or genericCLF | common |
| <a id="accesslog-otlp" href="#accesslog-otlp" title="#accesslog-otlp">accesslog.otlp</a> | Settings for OpenTelemetry. | false |
| <a id="accesslog-otlp-grpc" href="#accesslog-otlp-grpc" title="#accesslog-otlp-grpc">accesslog.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="accesslog-otlp-grpc-endpoint" href="#accesslog-otlp-grpc-endpoint" title="#accesslog-otlp-grpc-endpoint">accesslog.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="accesslog-otlp-grpc-headers-name" href="#accesslog-otlp-grpc-headers-name" title="#accesslog-otlp-grpc-headers-name">accesslog.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="accesslog-otlp-grpc-insecure" href="#accesslog-otlp-grpc-insecure" title="#accesslog-otlp-grpc-insecure">accesslog.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="accesslog-otlp-grpc-tls-ca" href="#accesslog-otlp-grpc-tls-ca" title="#accesslog-otlp-grpc-tls-ca">accesslog.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="accesslog-otlp-grpc-tls-cert" href="#accesslog-otlp-grpc-tls-cert" title="#accesslog-otlp-grpc-tls-cert">accesslog.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="accesslog-otlp-grpc-tls-insecureskipverify" href="#accesslog-otlp-grpc-tls-insecureskipverify" title="#accesslog-otlp-grpc-tls-insecureskipverify">accesslog.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="accesslog-otlp-grpc-tls-key" href="#accesslog-otlp-grpc-tls-key" title="#accesslog-otlp-grpc-tls-key">accesslog.otlp.grpc.tls.key</a> | TLS key | |
| <a id="accesslog-otlp-http" href="#accesslog-otlp-http" title="#accesslog-otlp-http">accesslog.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="accesslog-otlp-http-endpoint" href="#accesslog-otlp-http-endpoint" title="#accesslog-otlp-http-endpoint">accesslog.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="accesslog-otlp-http-headers-name" href="#accesslog-otlp-http-headers-name" title="#accesslog-otlp-http-headers-name">accesslog.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="accesslog-otlp-http-tls-ca" href="#accesslog-otlp-http-tls-ca" title="#accesslog-otlp-http-tls-ca">accesslog.otlp.http.tls.ca</a> | TLS CA | |
| <a id="accesslog-otlp-http-tls-cert" href="#accesslog-otlp-http-tls-cert" title="#accesslog-otlp-http-tls-cert">accesslog.otlp.http.tls.cert</a> | TLS cert | |
| <a id="accesslog-otlp-http-tls-insecureskipverify" href="#accesslog-otlp-http-tls-insecureskipverify" title="#accesslog-otlp-http-tls-insecureskipverify">accesslog.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="accesslog-otlp-http-tls-key" href="#accesslog-otlp-http-tls-key" title="#accesslog-otlp-http-tls-key">accesslog.otlp.http.tls.key</a> | TLS key | |
| <a id="accesslog-otlp-resourceattributes-name" href="#accesslog-otlp-resourceattributes-name" title="#accesslog-otlp-resourceattributes-name">accesslog.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="accesslog-otlp-servicename" href="#accesslog-otlp-servicename" title="#accesslog-otlp-servicename">accesslog.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| <a id="api" href="#api" title="#api">api</a> | Enable api/dashboard. | false |
| <a id="api-basepath" href="#api-basepath" title="#api-basepath">api.basepath</a> | Defines the base path where the API and Dashboard will be exposed. | / |
| <a id="api-dashboard" href="#api-dashboard" title="#api-dashboard">api.dashboard</a> | Activate dashboard. | true |
| <a id="api-debug" href="#api-debug" title="#api-debug">api.debug</a> | Enable additional endpoints for debugging and profiling. | false |
| <a id="api-disabledashboardad" href="#api-disabledashboardad" title="#api-disabledashboardad">api.disabledashboardad</a> | Disable ad in the dashboard. | false |
| <a id="api-insecure" href="#api-insecure" title="#api-insecure">api.insecure</a> | Activate API directly on the entryPoint named traefik. | false |
| <a id="certificatesresolvers-name" href="#certificatesresolvers-name" title="#certificatesresolvers-name">certificatesresolvers._name_</a> | Certificates resolvers configuration. | false |
| <a id="certificatesresolvers-name-acme-cacertificates" href="#certificatesresolvers-name-acme-cacertificates" title="#certificatesresolvers-name-acme-cacertificates">certificatesresolvers._name_.acme.cacertificates</a> | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| <a id="certificatesresolvers-name-acme-caserver" href="#certificatesresolvers-name-acme-caserver" title="#certificatesresolvers-name-acme-caserver">certificatesresolvers._name_.acme.caserver</a> | CA server to use. | https://acme-v02.api.letsencrypt.org/directory |
| <a id="certificatesresolvers-name-acme-caservername" href="#certificatesresolvers-name-acme-caservername" title="#certificatesresolvers-name-acme-caservername">certificatesresolvers._name_.acme.caservername</a> | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
| <a id="certificatesresolvers-name-acme-casystemcertpool" href="#certificatesresolvers-name-acme-casystemcertpool" title="#certificatesresolvers-name-acme-casystemcertpool">certificatesresolvers._name_.acme.casystemcertpool</a> | Define if the certificates pool must use a copy of the system cert pool. | false |
| <a id="certificatesresolvers-name-acme-certificatesduration" href="#certificatesresolvers-name-acme-certificatesduration" title="#certificatesresolvers-name-acme-certificatesduration">certificatesresolvers._name_.acme.certificatesduration</a> | Certificates' duration in hours. | 2160 |
| <a id="certificatesresolvers-name-acme-clientresponseheadertimeout" href="#certificatesresolvers-name-acme-clientresponseheadertimeout" title="#certificatesresolvers-name-acme-clientresponseheadertimeout">certificatesresolvers._name_.acme.clientresponseheadertimeout</a> | Timeout for receiving the response headers when communicating with the ACME server. | 30 |
| <a id="certificatesresolvers-name-acme-clienttimeout" href="#certificatesresolvers-name-acme-clienttimeout" title="#certificatesresolvers-name-acme-clienttimeout">certificatesresolvers._name_.acme.clienttimeout</a> | Timeout for a complete HTTP transaction with the ACME server. | 120 |
| <a id="certificatesresolvers-name-acme-dnschallenge" href="#certificatesresolvers-name-acme-dnschallenge" title="#certificatesresolvers-name-acme-dnschallenge">certificatesresolvers._name_.acme.dnschallenge</a> | Activate DNS-01 Challenge. | false |
| <a id="certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" href="#certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" title="#certificatesresolvers-name-acme-dnschallenge-delaybeforecheck">certificatesresolvers._name_.acme.dnschallenge.delaybeforecheck</a> | (Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. | 0 |
| <a id="certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" href="#certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" title="#certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck">certificatesresolvers._name_.acme.dnschallenge.disablepropagationcheck</a> | (Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] | false |
| <a id="certificatesresolvers-name-acme-dnschallenge-propagation" href="#certificatesresolvers-name-acme-dnschallenge-propagation" title="#certificatesresolvers-name-acme-dnschallenge-propagation">certificatesresolvers._name_.acme.dnschallenge.propagation</a> | DNS propagation checks configuration | false |
| <a id="certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" href="#certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" title="#certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.delaybeforechecks</a> | Defines the delay before checking the challenge TXT record propagation. | 0 |
| <a id="certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" href="#certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" title="#certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disableanschecks</a> | Disables the challenge TXT record propagation checks against authoritative nameservers. | false |
| <a id="certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" href="#certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" title="#certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disablechecks</a> | Disables the challenge TXT record propagation checks (not recommended). | false |
| <a id="certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" href="#certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" title="#certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns">certificatesresolvers._name_.acme.dnschallenge.propagation.requireallrns</a> | Requires the challenge TXT record to be propagated to all recursive nameservers. | false |
| <a id="certificatesresolvers-name-acme-dnschallenge-provider" href="#certificatesresolvers-name-acme-dnschallenge-provider" title="#certificatesresolvers-name-acme-dnschallenge-provider">certificatesresolvers._name_.acme.dnschallenge.provider</a> | Use a DNS-01 based challenge provider rather than HTTPS. | |
| <a id="certificatesresolvers-name-acme-dnschallenge-resolvers" href="#certificatesresolvers-name-acme-dnschallenge-resolvers" title="#certificatesresolvers-name-acme-dnschallenge-resolvers">certificatesresolvers._name_.acme.dnschallenge.resolvers</a> | Use following DNS servers to resolve the FQDN authority. | |
| <a id="certificatesresolvers-name-acme-eab-hmacencoded" href="#certificatesresolvers-name-acme-eab-hmacencoded" title="#certificatesresolvers-name-acme-eab-hmacencoded">certificatesresolvers._name_.acme.eab.hmacencoded</a> | Base64 encoded HMAC key from External CA. | |
| <a id="certificatesresolvers-name-acme-eab-kid" href="#certificatesresolvers-name-acme-eab-kid" title="#certificatesresolvers-name-acme-eab-kid">certificatesresolvers._name_.acme.eab.kid</a> | Key identifier from External CA. | |
| <a id="certificatesresolvers-name-acme-email" href="#certificatesresolvers-name-acme-email" title="#certificatesresolvers-name-acme-email">certificatesresolvers._name_.acme.email</a> | Email address used for registration. | |
| <a id="certificatesresolvers-name-acme-emailaddresses" href="#certificatesresolvers-name-acme-emailaddresses" title="#certificatesresolvers-name-acme-emailaddresses">certificatesresolvers._name_.acme.emailaddresses</a> | CSR email addresses to use. | |
| <a id="certificatesresolvers-name-acme-httpchallenge" href="#certificatesresolvers-name-acme-httpchallenge" title="#certificatesresolvers-name-acme-httpchallenge">certificatesresolvers._name_.acme.httpchallenge</a> | Activate HTTP-01 Challenge. | false |
| <a id="certificatesresolvers-name-acme-httpchallenge-delay" href="#certificatesresolvers-name-acme-httpchallenge-delay" title="#certificatesresolvers-name-acme-httpchallenge-delay">certificatesresolvers._name_.acme.httpchallenge.delay</a> | Delay between the creation of the challenge and the validation. | 0 |
| <a id="certificatesresolvers-name-acme-httpchallenge-entrypoint" href="#certificatesresolvers-name-acme-httpchallenge-entrypoint" title="#certificatesresolvers-name-acme-httpchallenge-entrypoint">certificatesresolvers._name_.acme.httpchallenge.entrypoint</a> | HTTP challenge EntryPoint | |
| <a id="certificatesresolvers-name-acme-keytype" href="#certificatesresolvers-name-acme-keytype" title="#certificatesresolvers-name-acme-keytype">certificatesresolvers._name_.acme.keytype</a> | KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. | RSA4096 |
| <a id="certificatesresolvers-name-acme-preferredchain" href="#certificatesresolvers-name-acme-preferredchain" title="#certificatesresolvers-name-acme-preferredchain">certificatesresolvers._name_.acme.preferredchain</a> | Preferred chain to use. | |
| <a id="certificatesresolvers-name-acme-profile" href="#certificatesresolvers-name-acme-profile" title="#certificatesresolvers-name-acme-profile">certificatesresolvers._name_.acme.profile</a> | Certificate profile to use. | |
| <a id="certificatesresolvers-name-acme-storage" href="#certificatesresolvers-name-acme-storage" title="#certificatesresolvers-name-acme-storage">certificatesresolvers._name_.acme.storage</a> | Storage to use. | acme.json |
| <a id="certificatesresolvers-name-acme-tlschallenge" href="#certificatesresolvers-name-acme-tlschallenge" title="#certificatesresolvers-name-acme-tlschallenge">certificatesresolvers._name_.acme.tlschallenge</a> | Activate TLS-ALPN-01 Challenge. | true |
| <a id="certificatesresolvers-name-tailscale" href="#certificatesresolvers-name-tailscale" title="#certificatesresolvers-name-tailscale">certificatesresolvers._name_.tailscale</a> | Enables Tailscale certificate resolution. | true |
| <a id="core-defaultrulesyntax" href="#core-defaultrulesyntax" title="#core-defaultrulesyntax">core.defaultrulesyntax</a> | Defines the rule parser default syntax (v2 or v3) | v3 |
| <a id="entrypoints-name" href="#entrypoints-name" title="#entrypoints-name">entrypoints._name_</a> | Entry points definition. | false |
| <a id="entrypoints-name-address" href="#entrypoints-name-address" title="#entrypoints-name-address">entrypoints._name_.address</a> | Entry point address. | |
| <a id="entrypoints-name-allowacmebypass" href="#entrypoints-name-allowacmebypass" title="#entrypoints-name-allowacmebypass">entrypoints._name_.allowacmebypass</a> | Enables handling of ACME TLS and HTTP challenges with custom routers. | false |
| <a id="entrypoints-name-asdefault" href="#entrypoints-name-asdefault" title="#entrypoints-name-asdefault">entrypoints._name_.asdefault</a> | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false |
| <a id="entrypoints-name-forwardedheaders-connection" href="#entrypoints-name-forwardedheaders-connection" title="#entrypoints-name-forwardedheaders-connection">entrypoints._name_.forwardedheaders.connection</a> | List of Connection headers that are allowed to pass through the middleware chain before being removed. | |
| <a id="entrypoints-name-forwardedheaders-insecure" href="#entrypoints-name-forwardedheaders-insecure" title="#entrypoints-name-forwardedheaders-insecure">entrypoints._name_.forwardedheaders.insecure</a> | Trust all forwarded headers. | false |
| <a id="entrypoints-name-forwardedheaders-trustedips" href="#entrypoints-name-forwardedheaders-trustedips" title="#entrypoints-name-forwardedheaders-trustedips">entrypoints._name_.forwardedheaders.trustedips</a> | Trust only forwarded headers from selected IPs. | |
| <a id="entrypoints-name-http" href="#entrypoints-name-http" title="#entrypoints-name-http">entrypoints._name_.http</a> | HTTP configuration. | |
| <a id="entrypoints-name-http-encodequerysemicolons" href="#entrypoints-name-http-encodequerysemicolons" title="#entrypoints-name-http-encodequerysemicolons">entrypoints._name_.http.encodequerysemicolons</a> | Defines whether request query semicolons should be URLEncoded. | false |
| <a id="entrypoints-name-http-maxheaderbytes" href="#entrypoints-name-http-maxheaderbytes" title="#entrypoints-name-http-maxheaderbytes">entrypoints._name_.http.maxheaderbytes</a> | Maximum size of request headers in bytes. | 1048576 |
| <a id="entrypoints-name-http-middlewares" href="#entrypoints-name-http-middlewares" title="#entrypoints-name-http-middlewares">entrypoints._name_.http.middlewares</a> | Default middlewares for the routers linked to the entry point. | |
| <a id="entrypoints-name-http-redirections-entrypoint-permanent" href="#entrypoints-name-http-redirections-entrypoint-permanent" title="#entrypoints-name-http-redirections-entrypoint-permanent">entrypoints._name_.http.redirections.entrypoint.permanent</a> | Applies a permanent redirection. | true |
| <a id="entrypoints-name-http-redirections-entrypoint-priority" href="#entrypoints-name-http-redirections-entrypoint-priority" title="#entrypoints-name-http-redirections-entrypoint-priority">entrypoints._name_.http.redirections.entrypoint.priority</a> | Priority of the generated router. | 9223372036854775806 |
| <a id="entrypoints-name-http-redirections-entrypoint-scheme" href="#entrypoints-name-http-redirections-entrypoint-scheme" title="#entrypoints-name-http-redirections-entrypoint-scheme">entrypoints._name_.http.redirections.entrypoint.scheme</a> | Scheme used for the redirection. | https |
| <a id="entrypoints-name-http-redirections-entrypoint-to" href="#entrypoints-name-http-redirections-entrypoint-to" title="#entrypoints-name-http-redirections-entrypoint-to">entrypoints._name_.http.redirections.entrypoint.to</a> | Targeted entry point of the redirection. | |
| <a id="entrypoints-name-http-sanitizepath" href="#entrypoints-name-http-sanitizepath" title="#entrypoints-name-http-sanitizepath">entrypoints._name_.http.sanitizepath</a> | Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences). | true |
| <a id="entrypoints-name-http-tls" href="#entrypoints-name-http-tls" title="#entrypoints-name-http-tls">entrypoints._name_.http.tls</a> | Default TLS configuration for the routers linked to the entry point. | false |
| <a id="entrypoints-name-http-tls-certresolver" href="#entrypoints-name-http-tls-certresolver" title="#entrypoints-name-http-tls-certresolver">entrypoints._name_.http.tls.certresolver</a> | Default certificate resolver for the routers linked to the entry point. | |
| <a id="entrypoints-name-http-tls-domains" href="#entrypoints-name-http-tls-domains" title="#entrypoints-name-http-tls-domains">entrypoints._name_.http.tls.domains</a> | Default TLS domains for the routers linked to the entry point. | |
| <a id="entrypoints-name-http-tls-domains0-main" href="#entrypoints-name-http-tls-domains0-main" title="#entrypoints-name-http-tls-domains0-main">entrypoints._name_.http.tls.domains[0].main</a> | Default subject name. | |
| <a id="entrypoints-name-http-tls-domains0-sans" href="#entrypoints-name-http-tls-domains0-sans" title="#entrypoints-name-http-tls-domains0-sans">entrypoints._name_.http.tls.domains[0].sans</a> | Subject alternative names. | |
| <a id="entrypoints-name-http-tls-options" href="#entrypoints-name-http-tls-options" title="#entrypoints-name-http-tls-options">entrypoints._name_.http.tls.options</a> | Default TLS options for the routers linked to the entry point. | |
| <a id="entrypoints-name-http2-maxconcurrentstreams" href="#entrypoints-name-http2-maxconcurrentstreams" title="#entrypoints-name-http2-maxconcurrentstreams">entrypoints._name_.http2.maxconcurrentstreams</a> | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 |
| <a id="entrypoints-name-http3" href="#entrypoints-name-http3" title="#entrypoints-name-http3">entrypoints._name_.http3</a> | HTTP/3 configuration. | false |
| <a id="entrypoints-name-http3-advertisedport" href="#entrypoints-name-http3-advertisedport" title="#entrypoints-name-http3-advertisedport">entrypoints._name_.http3.advertisedport</a> | UDP port to advertise, on which HTTP/3 is available. | 0 |
| <a id="entrypoints-name-observability-accesslogs" href="#entrypoints-name-observability-accesslogs" title="#entrypoints-name-observability-accesslogs">entrypoints._name_.observability.accesslogs</a> | Enables access-logs for this entryPoint. | true |
| <a id="entrypoints-name-observability-metrics" href="#entrypoints-name-observability-metrics" title="#entrypoints-name-observability-metrics">entrypoints._name_.observability.metrics</a> | Enables metrics for this entryPoint. | true |
| <a id="entrypoints-name-observability-traceverbosity" href="#entrypoints-name-observability-traceverbosity" title="#entrypoints-name-observability-traceverbosity">entrypoints._name_.observability.traceverbosity</a> | Defines the tracing verbosity level for this entryPoint. | minimal |
| <a id="entrypoints-name-observability-tracing" href="#entrypoints-name-observability-tracing" title="#entrypoints-name-observability-tracing">entrypoints._name_.observability.tracing</a> | Enables tracing for this entryPoint. | true |
| <a id="entrypoints-name-proxyprotocol" href="#entrypoints-name-proxyprotocol" title="#entrypoints-name-proxyprotocol">entrypoints._name_.proxyprotocol</a> | Proxy-Protocol configuration. | false |
| <a id="entrypoints-name-proxyprotocol-insecure" href="#entrypoints-name-proxyprotocol-insecure" title="#entrypoints-name-proxyprotocol-insecure">entrypoints._name_.proxyprotocol.insecure</a> | Trust all. | false |
| <a id="entrypoints-name-proxyprotocol-trustedips" href="#entrypoints-name-proxyprotocol-trustedips" title="#entrypoints-name-proxyprotocol-trustedips">entrypoints._name_.proxyprotocol.trustedips</a> | Trust only selected IPs. | |
| <a id="entrypoints-name-reuseport" href="#entrypoints-name-reuseport" title="#entrypoints-name-reuseport">entrypoints._name_.reuseport</a> | Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. | false |
| <a id="entrypoints-name-transport-keepalivemaxrequests" href="#entrypoints-name-transport-keepalivemaxrequests" title="#entrypoints-name-transport-keepalivemaxrequests">entrypoints._name_.transport.keepalivemaxrequests</a> | Maximum number of requests before closing a keep-alive connection. | 0 |
| <a id="entrypoints-name-transport-keepalivemaxtime" href="#entrypoints-name-transport-keepalivemaxtime" title="#entrypoints-name-transport-keepalivemaxtime">entrypoints._name_.transport.keepalivemaxtime</a> | Maximum duration before closing a keep-alive connection. | 0 |
| <a id="entrypoints-name-transport-lifecycle-gracetimeout" href="#entrypoints-name-transport-lifecycle-gracetimeout" title="#entrypoints-name-transport-lifecycle-gracetimeout">entrypoints._name_.transport.lifecycle.gracetimeout</a> | Duration to give active requests a chance to finish before Traefik stops. | 10 |
| <a id="entrypoints-name-transport-lifecycle-requestacceptgracetimeout" href="#entrypoints-name-transport-lifecycle-requestacceptgracetimeout" title="#entrypoints-name-transport-lifecycle-requestacceptgracetimeout">entrypoints._name_.transport.lifecycle.requestacceptgracetimeout</a> | Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. | 0 |
| <a id="entrypoints-name-transport-respondingtimeouts-idletimeout" href="#entrypoints-name-transport-respondingtimeouts-idletimeout" title="#entrypoints-name-transport-respondingtimeouts-idletimeout">entrypoints._name_.transport.respondingtimeouts.idletimeout</a> | IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. | 180 |
| <a id="entrypoints-name-transport-respondingtimeouts-readtimeout" href="#entrypoints-name-transport-respondingtimeouts-readtimeout" title="#entrypoints-name-transport-respondingtimeouts-readtimeout">entrypoints._name_.transport.respondingtimeouts.readtimeout</a> | ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. | 60 |
| <a id="entrypoints-name-transport-respondingtimeouts-writetimeout" href="#entrypoints-name-transport-respondingtimeouts-writetimeout" title="#entrypoints-name-transport-respondingtimeouts-writetimeout">entrypoints._name_.transport.respondingtimeouts.writetimeout</a> | WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. | 0 |
| <a id="entrypoints-name-udp-timeout" href="#entrypoints-name-udp-timeout" title="#entrypoints-name-udp-timeout">entrypoints._name_.udp.timeout</a> | Timeout defines how long to wait on an idle session before releasing the related resources. | 3 |
| <a id="experimental-abortonpluginfailure" href="#experimental-abortonpluginfailure" title="#experimental-abortonpluginfailure">experimental.abortonpluginfailure</a> | Defines whether all plugins must be loaded successfully for Traefik to start. | false |
| <a id="experimental-fastproxy" href="#experimental-fastproxy" title="#experimental-fastproxy">experimental.fastproxy</a> | Enables the FastProxy implementation. | false |
| <a id="experimental-fastproxy-debug" href="#experimental-fastproxy-debug" title="#experimental-fastproxy-debug">experimental.fastproxy.debug</a> | Enable debug mode for the FastProxy implementation. | false |
| <a id="experimental-kubernetesgateway" href="#experimental-kubernetesgateway" title="#experimental-kubernetesgateway">experimental.kubernetesgateway</a> | (Deprecated) Allow the Kubernetes gateway api provider usage. | false |
| <a id="experimental-kubernetesingressnginx" href="#experimental-kubernetesingressnginx" title="#experimental-kubernetesingressnginx">experimental.kubernetesingressnginx</a> | Allow the Kubernetes Ingress NGINX provider usage. | false |
| <a id="experimental-localplugins-name" href="#experimental-localplugins-name" title="#experimental-localplugins-name">experimental.localplugins._name_</a> | Local plugins configuration. | false |
| <a id="experimental-localplugins-name-modulename" href="#experimental-localplugins-name-modulename" title="#experimental-localplugins-name-modulename">experimental.localplugins._name_.modulename</a> | Plugin's module name. | |
| <a id="experimental-localplugins-name-settings" href="#experimental-localplugins-name-settings" title="#experimental-localplugins-name-settings">experimental.localplugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
| <a id="experimental-localplugins-name-settings-envs" href="#experimental-localplugins-name-settings-envs" title="#experimental-localplugins-name-settings-envs">experimental.localplugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
| <a id="experimental-localplugins-name-settings-mounts" href="#experimental-localplugins-name-settings-mounts" title="#experimental-localplugins-name-settings-mounts">experimental.localplugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
| <a id="experimental-localplugins-name-settings-useunsafe" href="#experimental-localplugins-name-settings-useunsafe" title="#experimental-localplugins-name-settings-useunsafe">experimental.localplugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
| <a id="experimental-otlplogs" href="#experimental-otlplogs" title="#experimental-otlplogs">experimental.otlplogs</a> | Enables the OpenTelemetry logs integration. | false |
| <a id="experimental-plugins-name-hash" href="#experimental-plugins-name-hash" title="#experimental-plugins-name-hash">experimental.plugins._name_.hash</a> | plugin's hash to validate' | |
| <a id="experimental-plugins-name-modulename" href="#experimental-plugins-name-modulename" title="#experimental-plugins-name-modulename">experimental.plugins._name_.modulename</a> | plugin's module name. | |
| <a id="experimental-plugins-name-settings" href="#experimental-plugins-name-settings" title="#experimental-plugins-name-settings">experimental.plugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
| <a id="experimental-plugins-name-settings-envs" href="#experimental-plugins-name-settings-envs" title="#experimental-plugins-name-settings-envs">experimental.plugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
| <a id="experimental-plugins-name-settings-mounts" href="#experimental-plugins-name-settings-mounts" title="#experimental-plugins-name-settings-mounts">experimental.plugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
| <a id="experimental-plugins-name-settings-useunsafe" href="#experimental-plugins-name-settings-useunsafe" title="#experimental-plugins-name-settings-useunsafe">experimental.plugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
| <a id="experimental-plugins-name-version" href="#experimental-plugins-name-version" title="#experimental-plugins-name-version">experimental.plugins._name_.version</a> | plugin's version. | |
| <a id="global-checknewversion" href="#global-checknewversion" title="#global-checknewversion">global.checknewversion</a> | Periodically check if a new version has been released. | true |
| <a id="global-sendanonymoususage" href="#global-sendanonymoususage" title="#global-sendanonymoususage">global.sendanonymoususage</a> | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false |
| <a id="hostresolver" href="#hostresolver" title="#hostresolver">hostresolver</a> | Enable CNAME Flattening. | false |
| <a id="hostresolver-cnameflattening" href="#hostresolver-cnameflattening" title="#hostresolver-cnameflattening">hostresolver.cnameflattening</a> | A flag to enable/disable CNAME flattening | false |
| <a id="hostresolver-resolvconfig" href="#hostresolver-resolvconfig" title="#hostresolver-resolvconfig">hostresolver.resolvconfig</a> | resolv.conf used for DNS resolving | /etc/resolv.conf |
| <a id="hostresolver-resolvdepth" href="#hostresolver-resolvdepth" title="#hostresolver-resolvdepth">hostresolver.resolvdepth</a> | The maximal depth of DNS recursive resolving | 5 |
| <a id="log" href="#log" title="#log">log</a> | Traefik log settings. | false |
| <a id="log-compress" href="#log-compress" title="#log-compress">log.compress</a> | Determines if the rotated log files should be compressed using gzip. | false |
| <a id="log-filepath" href="#log-filepath" title="#log-filepath">log.filepath</a> | Traefik log file path. Stdout is used when omitted or empty. | |
| <a id="log-format" href="#log-format" title="#log-format">log.format</a> | Traefik log format: json | common | common |
| <a id="log-level" href="#log-level" title="#log-level">log.level</a> | Log level set to traefik logs. | ERROR |
| <a id="log-maxage" href="#log-maxage" title="#log-maxage">log.maxage</a> | Maximum number of days to retain old log files based on the timestamp encoded in their filename. | 0 |
| <a id="log-maxbackups" href="#log-maxbackups" title="#log-maxbackups">log.maxbackups</a> | Maximum number of old log files to retain. | 0 |
| <a id="log-maxsize" href="#log-maxsize" title="#log-maxsize">log.maxsize</a> | Maximum size in megabytes of the log file before it gets rotated. | 0 |
| <a id="log-nocolor" href="#log-nocolor" title="#log-nocolor">log.nocolor</a> | When using the 'common' format, disables the colorized output. | false |
| <a id="log-otlp" href="#log-otlp" title="#log-otlp">log.otlp</a> | Settings for OpenTelemetry. | false |
| <a id="log-otlp-grpc" href="#log-otlp-grpc" title="#log-otlp-grpc">log.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="log-otlp-grpc-endpoint" href="#log-otlp-grpc-endpoint" title="#log-otlp-grpc-endpoint">log.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="log-otlp-grpc-headers-name" href="#log-otlp-grpc-headers-name" title="#log-otlp-grpc-headers-name">log.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="log-otlp-grpc-insecure" href="#log-otlp-grpc-insecure" title="#log-otlp-grpc-insecure">log.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="log-otlp-grpc-tls-ca" href="#log-otlp-grpc-tls-ca" title="#log-otlp-grpc-tls-ca">log.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="log-otlp-grpc-tls-cert" href="#log-otlp-grpc-tls-cert" title="#log-otlp-grpc-tls-cert">log.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="log-otlp-grpc-tls-insecureskipverify" href="#log-otlp-grpc-tls-insecureskipverify" title="#log-otlp-grpc-tls-insecureskipverify">log.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="log-otlp-grpc-tls-key" href="#log-otlp-grpc-tls-key" title="#log-otlp-grpc-tls-key">log.otlp.grpc.tls.key</a> | TLS key | |
| <a id="log-otlp-http" href="#log-otlp-http" title="#log-otlp-http">log.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="log-otlp-http-endpoint" href="#log-otlp-http-endpoint" title="#log-otlp-http-endpoint">log.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="log-otlp-http-headers-name" href="#log-otlp-http-headers-name" title="#log-otlp-http-headers-name">log.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="log-otlp-http-tls-ca" href="#log-otlp-http-tls-ca" title="#log-otlp-http-tls-ca">log.otlp.http.tls.ca</a> | TLS CA | |
| <a id="log-otlp-http-tls-cert" href="#log-otlp-http-tls-cert" title="#log-otlp-http-tls-cert">log.otlp.http.tls.cert</a> | TLS cert | |
| <a id="log-otlp-http-tls-insecureskipverify" href="#log-otlp-http-tls-insecureskipverify" title="#log-otlp-http-tls-insecureskipverify">log.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="log-otlp-http-tls-key" href="#log-otlp-http-tls-key" title="#log-otlp-http-tls-key">log.otlp.http.tls.key</a> | TLS key | |
| <a id="log-otlp-resourceattributes-name" href="#log-otlp-resourceattributes-name" title="#log-otlp-resourceattributes-name">log.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="log-otlp-servicename" href="#log-otlp-servicename" title="#log-otlp-servicename">log.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| <a id="metrics-addinternals" href="#metrics-addinternals" title="#metrics-addinternals">metrics.addinternals</a> | Enables metrics for internal services (ping, dashboard, etc...). | false |
| <a id="metrics-datadog" href="#metrics-datadog" title="#metrics-datadog">metrics.datadog</a> | Datadog metrics exporter type. | false |
| <a id="metrics-datadog-addentrypointslabels" href="#metrics-datadog-addentrypointslabels" title="#metrics-datadog-addentrypointslabels">metrics.datadog.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="metrics-datadog-address" href="#metrics-datadog-address" title="#metrics-datadog-address">metrics.datadog.address</a> | Datadog's address. | localhost:8125 |
| <a id="metrics-datadog-addrouterslabels" href="#metrics-datadog-addrouterslabels" title="#metrics-datadog-addrouterslabels">metrics.datadog.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="metrics-datadog-addserviceslabels" href="#metrics-datadog-addserviceslabels" title="#metrics-datadog-addserviceslabels">metrics.datadog.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="metrics-datadog-prefix" href="#metrics-datadog-prefix" title="#metrics-datadog-prefix">metrics.datadog.prefix</a> | Prefix to use for metrics collection. | traefik |
| <a id="metrics-datadog-pushinterval" href="#metrics-datadog-pushinterval" title="#metrics-datadog-pushinterval">metrics.datadog.pushinterval</a> | Datadog push interval. | 10 |
| <a id="metrics-influxdb2" href="#metrics-influxdb2" title="#metrics-influxdb2">metrics.influxdb2</a> | InfluxDB v2 metrics exporter type. | false |
| <a id="metrics-influxdb2-addentrypointslabels" href="#metrics-influxdb2-addentrypointslabels" title="#metrics-influxdb2-addentrypointslabels">metrics.influxdb2.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="metrics-influxdb2-additionallabels-name" href="#metrics-influxdb2-additionallabels-name" title="#metrics-influxdb2-additionallabels-name">metrics.influxdb2.additionallabels._name_</a> | Additional labels (influxdb tags) on all metrics | |
| <a id="metrics-influxdb2-address" href="#metrics-influxdb2-address" title="#metrics-influxdb2-address">metrics.influxdb2.address</a> | InfluxDB v2 address. | http://localhost:8086 |
| <a id="metrics-influxdb2-addrouterslabels" href="#metrics-influxdb2-addrouterslabels" title="#metrics-influxdb2-addrouterslabels">metrics.influxdb2.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="metrics-influxdb2-addserviceslabels" href="#metrics-influxdb2-addserviceslabels" title="#metrics-influxdb2-addserviceslabels">metrics.influxdb2.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="metrics-influxdb2-bucket" href="#metrics-influxdb2-bucket" title="#metrics-influxdb2-bucket">metrics.influxdb2.bucket</a> | InfluxDB v2 bucket ID. | |
| <a id="metrics-influxdb2-org" href="#metrics-influxdb2-org" title="#metrics-influxdb2-org">metrics.influxdb2.org</a> | InfluxDB v2 org ID. | |
| <a id="metrics-influxdb2-pushinterval" href="#metrics-influxdb2-pushinterval" title="#metrics-influxdb2-pushinterval">metrics.influxdb2.pushinterval</a> | InfluxDB v2 push interval. | 10 |
| <a id="metrics-influxdb2-token" href="#metrics-influxdb2-token" title="#metrics-influxdb2-token">metrics.influxdb2.token</a> | InfluxDB v2 access token. | |
| <a id="metrics-otlp" href="#metrics-otlp" title="#metrics-otlp">metrics.otlp</a> | OpenTelemetry metrics exporter type. | false |
| <a id="metrics-otlp-addentrypointslabels" href="#metrics-otlp-addentrypointslabels" title="#metrics-otlp-addentrypointslabels">metrics.otlp.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="metrics-otlp-addrouterslabels" href="#metrics-otlp-addrouterslabels" title="#metrics-otlp-addrouterslabels">metrics.otlp.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="metrics-otlp-addserviceslabels" href="#metrics-otlp-addserviceslabels" title="#metrics-otlp-addserviceslabels">metrics.otlp.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="metrics-otlp-explicitboundaries" href="#metrics-otlp-explicitboundaries" title="#metrics-otlp-explicitboundaries">metrics.otlp.explicitboundaries</a> | Boundaries for latency metrics. | 0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000 |
| <a id="metrics-otlp-grpc" href="#metrics-otlp-grpc" title="#metrics-otlp-grpc">metrics.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="metrics-otlp-grpc-endpoint" href="#metrics-otlp-grpc-endpoint" title="#metrics-otlp-grpc-endpoint">metrics.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="metrics-otlp-grpc-headers-name" href="#metrics-otlp-grpc-headers-name" title="#metrics-otlp-grpc-headers-name">metrics.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="metrics-otlp-grpc-insecure" href="#metrics-otlp-grpc-insecure" title="#metrics-otlp-grpc-insecure">metrics.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="metrics-otlp-grpc-tls-ca" href="#metrics-otlp-grpc-tls-ca" title="#metrics-otlp-grpc-tls-ca">metrics.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="metrics-otlp-grpc-tls-cert" href="#metrics-otlp-grpc-tls-cert" title="#metrics-otlp-grpc-tls-cert">metrics.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="metrics-otlp-grpc-tls-insecureskipverify" href="#metrics-otlp-grpc-tls-insecureskipverify" title="#metrics-otlp-grpc-tls-insecureskipverify">metrics.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="metrics-otlp-grpc-tls-key" href="#metrics-otlp-grpc-tls-key" title="#metrics-otlp-grpc-tls-key">metrics.otlp.grpc.tls.key</a> | TLS key | |
| <a id="metrics-otlp-http" href="#metrics-otlp-http" title="#metrics-otlp-http">metrics.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="metrics-otlp-http-endpoint" href="#metrics-otlp-http-endpoint" title="#metrics-otlp-http-endpoint">metrics.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="metrics-otlp-http-headers-name" href="#metrics-otlp-http-headers-name" title="#metrics-otlp-http-headers-name">metrics.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="metrics-otlp-http-tls-ca" href="#metrics-otlp-http-tls-ca" title="#metrics-otlp-http-tls-ca">metrics.otlp.http.tls.ca</a> | TLS CA | |
| <a id="metrics-otlp-http-tls-cert" href="#metrics-otlp-http-tls-cert" title="#metrics-otlp-http-tls-cert">metrics.otlp.http.tls.cert</a> | TLS cert | |
| <a id="metrics-otlp-http-tls-insecureskipverify" href="#metrics-otlp-http-tls-insecureskipverify" title="#metrics-otlp-http-tls-insecureskipverify">metrics.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="metrics-otlp-http-tls-key" href="#metrics-otlp-http-tls-key" title="#metrics-otlp-http-tls-key">metrics.otlp.http.tls.key</a> | TLS key | |
| <a id="metrics-otlp-pushinterval" href="#metrics-otlp-pushinterval" title="#metrics-otlp-pushinterval">metrics.otlp.pushinterval</a> | Period between calls to collect a checkpoint. | 10 |
| <a id="metrics-otlp-resourceattributes-name" href="#metrics-otlp-resourceattributes-name" title="#metrics-otlp-resourceattributes-name">metrics.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="metrics-otlp-servicename" href="#metrics-otlp-servicename" title="#metrics-otlp-servicename">metrics.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
| <a id="metrics-prometheus" href="#metrics-prometheus" title="#metrics-prometheus">metrics.prometheus</a> | Prometheus metrics exporter type. | false |
| <a id="metrics-prometheus-addentrypointslabels" href="#metrics-prometheus-addentrypointslabels" title="#metrics-prometheus-addentrypointslabels">metrics.prometheus.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="metrics-prometheus-addrouterslabels" href="#metrics-prometheus-addrouterslabels" title="#metrics-prometheus-addrouterslabels">metrics.prometheus.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="metrics-prometheus-addserviceslabels" href="#metrics-prometheus-addserviceslabels" title="#metrics-prometheus-addserviceslabels">metrics.prometheus.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="metrics-prometheus-buckets" href="#metrics-prometheus-buckets" title="#metrics-prometheus-buckets">metrics.prometheus.buckets</a> | Buckets for latency metrics. | 0.100000, 0.300000, 1.200000, 5.000000 |
| <a id="metrics-prometheus-entrypoint" href="#metrics-prometheus-entrypoint" title="#metrics-prometheus-entrypoint">metrics.prometheus.entrypoint</a> | EntryPoint | traefik |
| <a id="metrics-prometheus-headerlabels-name" href="#metrics-prometheus-headerlabels-name" title="#metrics-prometheus-headerlabels-name">metrics.prometheus.headerlabels._name_</a> | Defines the extra labels for the requests_total metrics, and for each of them, the request header containing the value for this label. | |
| <a id="metrics-prometheus-manualrouting" href="#metrics-prometheus-manualrouting" title="#metrics-prometheus-manualrouting">metrics.prometheus.manualrouting</a> | Manual routing | false |
| <a id="metrics-statsd" href="#metrics-statsd" title="#metrics-statsd">metrics.statsd</a> | StatsD metrics exporter type. | false |
| <a id="metrics-statsd-addentrypointslabels" href="#metrics-statsd-addentrypointslabels" title="#metrics-statsd-addentrypointslabels">metrics.statsd.addentrypointslabels</a> | Enable metrics on entry points. | true |
| <a id="metrics-statsd-address" href="#metrics-statsd-address" title="#metrics-statsd-address">metrics.statsd.address</a> | StatsD address. | localhost:8125 |
| <a id="metrics-statsd-addrouterslabels" href="#metrics-statsd-addrouterslabels" title="#metrics-statsd-addrouterslabels">metrics.statsd.addrouterslabels</a> | Enable metrics on routers. | false |
| <a id="metrics-statsd-addserviceslabels" href="#metrics-statsd-addserviceslabels" title="#metrics-statsd-addserviceslabels">metrics.statsd.addserviceslabels</a> | Enable metrics on services. | true |
| <a id="metrics-statsd-prefix" href="#metrics-statsd-prefix" title="#metrics-statsd-prefix">metrics.statsd.prefix</a> | Prefix to use for metrics collection. | traefik |
| <a id="metrics-statsd-pushinterval" href="#metrics-statsd-pushinterval" title="#metrics-statsd-pushinterval">metrics.statsd.pushinterval</a> | StatsD push interval. | 10 |
| <a id="ocsp" href="#ocsp" title="#ocsp">ocsp</a> | OCSP configuration. | false |
| <a id="ocsp-responderoverrides-name" href="#ocsp-responderoverrides-name" title="#ocsp-responderoverrides-name">ocsp.responderoverrides._name_</a> | Defines a map of OCSP responders to replace for querying OCSP servers. | |
| <a id="ping" href="#ping" title="#ping">ping</a> | Enable ping. | false |
| <a id="ping-entrypoint" href="#ping-entrypoint" title="#ping-entrypoint">ping.entrypoint</a> | EntryPoint | traefik |
| <a id="ping-manualrouting" href="#ping-manualrouting" title="#ping-manualrouting">ping.manualrouting</a> | Manual routing | false |
| <a id="ping-terminatingstatuscode" href="#ping-terminatingstatuscode" title="#ping-terminatingstatuscode">ping.terminatingstatuscode</a> | Terminating status code | 503 |
| <a id="providers-consul" href="#providers-consul" title="#providers-consul">providers.consul</a> | Enable Consul backend with default settings. | false |
| <a id="providers-consul-endpoints" href="#providers-consul-endpoints" title="#providers-consul-endpoints">providers.consul.endpoints</a> | KV store endpoints. | 127.0.0.1:8500 |
| <a id="providers-consul-namespaces" href="#providers-consul-namespaces" title="#providers-consul-namespaces">providers.consul.namespaces</a> | Sets the namespaces used to discover the configuration (Consul Enterprise only). | |
| <a id="providers-consul-rootkey" href="#providers-consul-rootkey" title="#providers-consul-rootkey">providers.consul.rootkey</a> | Root key used for KV store. | traefik |
| <a id="providers-consul-tls-ca" href="#providers-consul-tls-ca" title="#providers-consul-tls-ca">providers.consul.tls.ca</a> | TLS CA | |
| <a id="providers-consul-tls-cert" href="#providers-consul-tls-cert" title="#providers-consul-tls-cert">providers.consul.tls.cert</a> | TLS cert | |
| <a id="providers-consul-tls-insecureskipverify" href="#providers-consul-tls-insecureskipverify" title="#providers-consul-tls-insecureskipverify">providers.consul.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-consul-tls-key" href="#providers-consul-tls-key" title="#providers-consul-tls-key">providers.consul.tls.key</a> | TLS key | |
| <a id="providers-consul-token" href="#providers-consul-token" title="#providers-consul-token">providers.consul.token</a> | Per-request ACL token. | |
| <a id="providers-consulcatalog" href="#providers-consulcatalog" title="#providers-consulcatalog">providers.consulcatalog</a> | Enable ConsulCatalog backend with default settings. | false |
| <a id="providers-consulcatalog-cache" href="#providers-consulcatalog-cache" title="#providers-consulcatalog-cache">providers.consulcatalog.cache</a> | Use local agent caching for catalog reads. | false |
| <a id="providers-consulcatalog-connectaware" href="#providers-consulcatalog-connectaware" title="#providers-consulcatalog-connectaware">providers.consulcatalog.connectaware</a> | Enable Consul Connect support. | false |
| <a id="providers-consulcatalog-connectbydefault" href="#providers-consulcatalog-connectbydefault" title="#providers-consulcatalog-connectbydefault">providers.consulcatalog.connectbydefault</a> | Consider every service as Connect capable by default. | false |
| <a id="providers-consulcatalog-constraints" href="#providers-consulcatalog-constraints" title="#providers-consulcatalog-constraints">providers.consulcatalog.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="providers-consulcatalog-defaultrule" href="#providers-consulcatalog-defaultrule" title="#providers-consulcatalog-defaultrule">providers.consulcatalog.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="providers-consulcatalog-endpoint-address" href="#providers-consulcatalog-endpoint-address" title="#providers-consulcatalog-endpoint-address">providers.consulcatalog.endpoint.address</a> | The address of the Consul server | |
| <a id="providers-consulcatalog-endpoint-datacenter" href="#providers-consulcatalog-endpoint-datacenter" title="#providers-consulcatalog-endpoint-datacenter">providers.consulcatalog.endpoint.datacenter</a> | Data center to use. If not provided, the default agent data center is used | |
| <a id="providers-consulcatalog-endpoint-endpointwaittime" href="#providers-consulcatalog-endpoint-endpointwaittime" title="#providers-consulcatalog-endpoint-endpointwaittime">providers.consulcatalog.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| <a id="providers-consulcatalog-endpoint-httpauth-password" href="#providers-consulcatalog-endpoint-httpauth-password" title="#providers-consulcatalog-endpoint-httpauth-password">providers.consulcatalog.endpoint.httpauth.password</a> | Basic Auth password | |
| <a id="providers-consulcatalog-endpoint-httpauth-username" href="#providers-consulcatalog-endpoint-httpauth-username" title="#providers-consulcatalog-endpoint-httpauth-username">providers.consulcatalog.endpoint.httpauth.username</a> | Basic Auth username | |
| <a id="providers-consulcatalog-endpoint-scheme" href="#providers-consulcatalog-endpoint-scheme" title="#providers-consulcatalog-endpoint-scheme">providers.consulcatalog.endpoint.scheme</a> | The URI scheme for the Consul server | |
| <a id="providers-consulcatalog-endpoint-tls-ca" href="#providers-consulcatalog-endpoint-tls-ca" title="#providers-consulcatalog-endpoint-tls-ca">providers.consulcatalog.endpoint.tls.ca</a> | TLS CA | |
| <a id="providers-consulcatalog-endpoint-tls-cert" href="#providers-consulcatalog-endpoint-tls-cert" title="#providers-consulcatalog-endpoint-tls-cert">providers.consulcatalog.endpoint.tls.cert</a> | TLS cert | |
| <a id="providers-consulcatalog-endpoint-tls-insecureskipverify" href="#providers-consulcatalog-endpoint-tls-insecureskipverify" title="#providers-consulcatalog-endpoint-tls-insecureskipverify">providers.consulcatalog.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-consulcatalog-endpoint-tls-key" href="#providers-consulcatalog-endpoint-tls-key" title="#providers-consulcatalog-endpoint-tls-key">providers.consulcatalog.endpoint.tls.key</a> | TLS key | |
| <a id="providers-consulcatalog-endpoint-token" href="#providers-consulcatalog-endpoint-token" title="#providers-consulcatalog-endpoint-token">providers.consulcatalog.endpoint.token</a> | Token is used to provide a per-request ACL token which overrides the agent's default token | |
| <a id="providers-consulcatalog-exposedbydefault" href="#providers-consulcatalog-exposedbydefault" title="#providers-consulcatalog-exposedbydefault">providers.consulcatalog.exposedbydefault</a> | Expose containers by default. | true |
| <a id="providers-consulcatalog-namespaces" href="#providers-consulcatalog-namespaces" title="#providers-consulcatalog-namespaces">providers.consulcatalog.namespaces</a> | Sets the namespaces used to discover services (Consul Enterprise only). | |
| <a id="providers-consulcatalog-prefix" href="#providers-consulcatalog-prefix" title="#providers-consulcatalog-prefix">providers.consulcatalog.prefix</a> | Prefix for consul service tags. | traefik |
| <a id="providers-consulcatalog-refreshinterval" href="#providers-consulcatalog-refreshinterval" title="#providers-consulcatalog-refreshinterval">providers.consulcatalog.refreshinterval</a> | Interval for check Consul API. | 15 |
| <a id="providers-consulcatalog-requireconsistent" href="#providers-consulcatalog-requireconsistent" title="#providers-consulcatalog-requireconsistent">providers.consulcatalog.requireconsistent</a> | Forces the read to be fully consistent. | false |
| <a id="providers-consulcatalog-servicename" href="#providers-consulcatalog-servicename" title="#providers-consulcatalog-servicename">providers.consulcatalog.servicename</a> | Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). | traefik |
| <a id="providers-consulcatalog-stale" href="#providers-consulcatalog-stale" title="#providers-consulcatalog-stale">providers.consulcatalog.stale</a> | Use stale consistency for catalog reads. | false |
| <a id="providers-consulcatalog-strictchecks" href="#providers-consulcatalog-strictchecks" title="#providers-consulcatalog-strictchecks">providers.consulcatalog.strictchecks</a> | A list of service health statuses to allow taking traffic. | passing, warning |
| <a id="providers-consulcatalog-watch" href="#providers-consulcatalog-watch" title="#providers-consulcatalog-watch">providers.consulcatalog.watch</a> | Watch Consul API events. | false |
| <a id="providers-docker" href="#providers-docker" title="#providers-docker">providers.docker</a> | Enable Docker backend with default settings. | false |
| <a id="providers-docker-allowemptyservices" href="#providers-docker-allowemptyservices" title="#providers-docker-allowemptyservices">providers.docker.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| <a id="providers-docker-constraints" href="#providers-docker-constraints" title="#providers-docker-constraints">providers.docker.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="providers-docker-defaultrule" href="#providers-docker-defaultrule" title="#providers-docker-defaultrule">providers.docker.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="providers-docker-endpoint" href="#providers-docker-endpoint" title="#providers-docker-endpoint">providers.docker.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| <a id="providers-docker-exposedbydefault" href="#providers-docker-exposedbydefault" title="#providers-docker-exposedbydefault">providers.docker.exposedbydefault</a> | Expose containers by default. | true |
| <a id="providers-docker-httpclienttimeout" href="#providers-docker-httpclienttimeout" title="#providers-docker-httpclienttimeout">providers.docker.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
| <a id="providers-docker-network" href="#providers-docker-network" title="#providers-docker-network">providers.docker.network</a> | Default Docker network used. | |
| <a id="providers-docker-password" href="#providers-docker-password" title="#providers-docker-password">providers.docker.password</a> | Password for Basic HTTP authentication. | |
| <a id="providers-docker-tls-ca" href="#providers-docker-tls-ca" title="#providers-docker-tls-ca">providers.docker.tls.ca</a> | TLS CA | |
| <a id="providers-docker-tls-cert" href="#providers-docker-tls-cert" title="#providers-docker-tls-cert">providers.docker.tls.cert</a> | TLS cert | |
| <a id="providers-docker-tls-insecureskipverify" href="#providers-docker-tls-insecureskipverify" title="#providers-docker-tls-insecureskipverify">providers.docker.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-docker-tls-key" href="#providers-docker-tls-key" title="#providers-docker-tls-key">providers.docker.tls.key</a> | TLS key | |
| <a id="providers-docker-usebindportip" href="#providers-docker-usebindportip" title="#providers-docker-usebindportip">providers.docker.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
| <a id="providers-docker-username" href="#providers-docker-username" title="#providers-docker-username">providers.docker.username</a> | Username for Basic HTTP authentication. | |
| <a id="providers-docker-watch" href="#providers-docker-watch" title="#providers-docker-watch">providers.docker.watch</a> | Watch Docker events. | true |
| <a id="providers-ecs" href="#providers-ecs" title="#providers-ecs">providers.ecs</a> | Enable AWS ECS backend with default settings. | false |
| <a id="providers-ecs-accesskeyid" href="#providers-ecs-accesskeyid" title="#providers-ecs-accesskeyid">providers.ecs.accesskeyid</a> | AWS credentials access key ID to use for making requests. | |
| <a id="providers-ecs-autodiscoverclusters" href="#providers-ecs-autodiscoverclusters" title="#providers-ecs-autodiscoverclusters">providers.ecs.autodiscoverclusters</a> | Auto discover cluster. | false |
| <a id="providers-ecs-clusters" href="#providers-ecs-clusters" title="#providers-ecs-clusters">providers.ecs.clusters</a> | ECS Cluster names. | default |
| <a id="providers-ecs-constraints" href="#providers-ecs-constraints" title="#providers-ecs-constraints">providers.ecs.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="providers-ecs-defaultrule" href="#providers-ecs-defaultrule" title="#providers-ecs-defaultrule">providers.ecs.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="providers-ecs-ecsanywhere" href="#providers-ecs-ecsanywhere" title="#providers-ecs-ecsanywhere">providers.ecs.ecsanywhere</a> | Enable ECS Anywhere support. | false |
| <a id="providers-ecs-exposedbydefault" href="#providers-ecs-exposedbydefault" title="#providers-ecs-exposedbydefault">providers.ecs.exposedbydefault</a> | Expose services by default. | true |
| <a id="providers-ecs-healthytasksonly" href="#providers-ecs-healthytasksonly" title="#providers-ecs-healthytasksonly">providers.ecs.healthytasksonly</a> | Determines whether to discover only healthy tasks. | false |
| <a id="providers-ecs-refreshseconds" href="#providers-ecs-refreshseconds" title="#providers-ecs-refreshseconds">providers.ecs.refreshseconds</a> | Polling interval (in seconds). | 15 |
| <a id="providers-ecs-region" href="#providers-ecs-region" title="#providers-ecs-region">providers.ecs.region</a> | AWS region to use for requests. | |
| <a id="providers-ecs-secretaccesskey" href="#providers-ecs-secretaccesskey" title="#providers-ecs-secretaccesskey">providers.ecs.secretaccesskey</a> | AWS credentials access key to use for making requests. | |
| <a id="providers-etcd" href="#providers-etcd" title="#providers-etcd">providers.etcd</a> | Enable Etcd backend with default settings. | false |
| <a id="providers-etcd-endpoints" href="#providers-etcd-endpoints" title="#providers-etcd-endpoints">providers.etcd.endpoints</a> | KV store endpoints. | 127.0.0.1:2379 |
| <a id="providers-etcd-password" href="#providers-etcd-password" title="#providers-etcd-password">providers.etcd.password</a> | Password for authentication. | |
| <a id="providers-etcd-rootkey" href="#providers-etcd-rootkey" title="#providers-etcd-rootkey">providers.etcd.rootkey</a> | Root key used for KV store. | traefik |
| <a id="providers-etcd-tls-ca" href="#providers-etcd-tls-ca" title="#providers-etcd-tls-ca">providers.etcd.tls.ca</a> | TLS CA | |
| <a id="providers-etcd-tls-cert" href="#providers-etcd-tls-cert" title="#providers-etcd-tls-cert">providers.etcd.tls.cert</a> | TLS cert | |
| <a id="providers-etcd-tls-insecureskipverify" href="#providers-etcd-tls-insecureskipverify" title="#providers-etcd-tls-insecureskipverify">providers.etcd.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-etcd-tls-key" href="#providers-etcd-tls-key" title="#providers-etcd-tls-key">providers.etcd.tls.key</a> | TLS key | |
| <a id="providers-etcd-username" href="#providers-etcd-username" title="#providers-etcd-username">providers.etcd.username</a> | Username for authentication. | |
| <a id="providers-file-debugloggeneratedtemplate" href="#providers-file-debugloggeneratedtemplate" title="#providers-file-debugloggeneratedtemplate">providers.file.debugloggeneratedtemplate</a> | Enable debug logging of generated configuration template. | false |
| <a id="providers-file-directory" href="#providers-file-directory" title="#providers-file-directory">providers.file.directory</a> | Load dynamic configuration from one or more .yml or .toml files in a directory. | |
| <a id="providers-file-filename" href="#providers-file-filename" title="#providers-file-filename">providers.file.filename</a> | Load dynamic configuration from a file. | |
| <a id="providers-file-watch" href="#providers-file-watch" title="#providers-file-watch">providers.file.watch</a> | Watch provider. | true |
| <a id="providers-http" href="#providers-http" title="#providers-http">providers.http</a> | Enable HTTP backend with default settings. | false |
| <a id="providers-http-endpoint" href="#providers-http-endpoint" title="#providers-http-endpoint">providers.http.endpoint</a> | Load configuration from this endpoint. | |
| <a id="providers-http-headers-name" href="#providers-http-headers-name" title="#providers-http-headers-name">providers.http.headers._name_</a> | Define custom headers to be sent to the endpoint. | |
| <a id="providers-http-pollinterval" href="#providers-http-pollinterval" title="#providers-http-pollinterval">providers.http.pollinterval</a> | Polling interval for endpoint. | 5 |
| <a id="providers-http-polltimeout" href="#providers-http-polltimeout" title="#providers-http-polltimeout">providers.http.polltimeout</a> | Polling timeout for endpoint. | 5 |
| <a id="providers-http-tls-ca" href="#providers-http-tls-ca" title="#providers-http-tls-ca">providers.http.tls.ca</a> | TLS CA | |
| <a id="providers-http-tls-cert" href="#providers-http-tls-cert" title="#providers-http-tls-cert">providers.http.tls.cert</a> | TLS cert | |
| <a id="providers-http-tls-insecureskipverify" href="#providers-http-tls-insecureskipverify" title="#providers-http-tls-insecureskipverify">providers.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-http-tls-key" href="#providers-http-tls-key" title="#providers-http-tls-key">providers.http.tls.key</a> | TLS key | |
| <a id="providers-kubernetescrd" href="#providers-kubernetescrd" title="#providers-kubernetescrd">providers.kubernetescrd</a> | Enable Kubernetes backend with default settings. | false |
| <a id="providers-kubernetescrd-allowcrossnamespace" href="#providers-kubernetescrd-allowcrossnamespace" title="#providers-kubernetescrd-allowcrossnamespace">providers.kubernetescrd.allowcrossnamespace</a> | Allow cross namespace resource reference. | false |
| <a id="providers-kubernetescrd-allowemptyservices" href="#providers-kubernetescrd-allowemptyservices" title="#providers-kubernetescrd-allowemptyservices">providers.kubernetescrd.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
| <a id="providers-kubernetescrd-allowexternalnameservices" href="#providers-kubernetescrd-allowexternalnameservices" title="#providers-kubernetescrd-allowexternalnameservices">providers.kubernetescrd.allowexternalnameservices</a> | Allow ExternalName services. | false |
| <a id="providers-kubernetescrd-certauthfilepath" href="#providers-kubernetescrd-certauthfilepath" title="#providers-kubernetescrd-certauthfilepath">providers.kubernetescrd.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="providers-kubernetescrd-disableclusterscoperesources" href="#providers-kubernetescrd-disableclusterscoperesources" title="#providers-kubernetescrd-disableclusterscoperesources">providers.kubernetescrd.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| <a id="providers-kubernetescrd-endpoint" href="#providers-kubernetescrd-endpoint" title="#providers-kubernetescrd-endpoint">providers.kubernetescrd.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="providers-kubernetescrd-ingressclass" href="#providers-kubernetescrd-ingressclass" title="#providers-kubernetescrd-ingressclass">providers.kubernetescrd.ingressclass</a> | Value of kubernetes.io/ingress.class annotation to watch for. | |
| <a id="providers-kubernetescrd-labelselector" href="#providers-kubernetescrd-labelselector" title="#providers-kubernetescrd-labelselector">providers.kubernetescrd.labelselector</a> | Kubernetes label selector to use. | |
| <a id="providers-kubernetescrd-namespaces" href="#providers-kubernetescrd-namespaces" title="#providers-kubernetescrd-namespaces">providers.kubernetescrd.namespaces</a> | Kubernetes namespaces. | |
| <a id="providers-kubernetescrd-nativelbbydefault" href="#providers-kubernetescrd-nativelbbydefault" title="#providers-kubernetescrd-nativelbbydefault">providers.kubernetescrd.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| <a id="providers-kubernetescrd-throttleduration" href="#providers-kubernetescrd-throttleduration" title="#providers-kubernetescrd-throttleduration">providers.kubernetescrd.throttleduration</a> | Ingress refresh throttle duration | 0 |
| <a id="providers-kubernetescrd-token" href="#providers-kubernetescrd-token" title="#providers-kubernetescrd-token">providers.kubernetescrd.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="providers-kubernetesgateway" href="#providers-kubernetesgateway" title="#providers-kubernetesgateway">providers.kubernetesgateway</a> | Enable Kubernetes gateway api provider with default settings. | false |
| <a id="providers-kubernetesgateway-certauthfilepath" href="#providers-kubernetesgateway-certauthfilepath" title="#providers-kubernetesgateway-certauthfilepath">providers.kubernetesgateway.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="providers-kubernetesgateway-endpoint" href="#providers-kubernetesgateway-endpoint" title="#providers-kubernetesgateway-endpoint">providers.kubernetesgateway.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="providers-kubernetesgateway-experimentalchannel" href="#providers-kubernetesgateway-experimentalchannel" title="#providers-kubernetesgateway-experimentalchannel">providers.kubernetesgateway.experimentalchannel</a> | Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). | false |
| <a id="providers-kubernetesgateway-labelselector" href="#providers-kubernetesgateway-labelselector" title="#providers-kubernetesgateway-labelselector">providers.kubernetesgateway.labelselector</a> | Kubernetes label selector to select specific GatewayClasses. | |
| <a id="providers-kubernetesgateway-namespaces" href="#providers-kubernetesgateway-namespaces" title="#providers-kubernetesgateway-namespaces">providers.kubernetesgateway.namespaces</a> | Kubernetes namespaces. | |
| <a id="providers-kubernetesgateway-nativelbbydefault" href="#providers-kubernetesgateway-nativelbbydefault" title="#providers-kubernetesgateway-nativelbbydefault">providers.kubernetesgateway.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing by default. | false |
| <a id="providers-kubernetesgateway-statusaddress-hostname" href="#providers-kubernetesgateway-statusaddress-hostname" title="#providers-kubernetesgateway-statusaddress-hostname">providers.kubernetesgateway.statusaddress.hostname</a> | Hostname used for Kubernetes Gateway status address. | |
| <a id="providers-kubernetesgateway-statusaddress-ip" href="#providers-kubernetesgateway-statusaddress-ip" title="#providers-kubernetesgateway-statusaddress-ip">providers.kubernetesgateway.statusaddress.ip</a> | IP used to set Kubernetes Gateway status address. | |
| <a id="providers-kubernetesgateway-statusaddress-service" href="#providers-kubernetesgateway-statusaddress-service" title="#providers-kubernetesgateway-statusaddress-service">providers.kubernetesgateway.statusaddress.service</a> | Published Kubernetes Service to copy status addresses from. | |
| <a id="providers-kubernetesgateway-statusaddress-service-name" href="#providers-kubernetesgateway-statusaddress-service-name" title="#providers-kubernetesgateway-statusaddress-service-name">providers.kubernetesgateway.statusaddress.service.name</a> | Name of the Kubernetes service. | |
| <a id="providers-kubernetesgateway-statusaddress-service-namespace" href="#providers-kubernetesgateway-statusaddress-service-namespace" title="#providers-kubernetesgateway-statusaddress-service-namespace">providers.kubernetesgateway.statusaddress.service.namespace</a> | Namespace of the Kubernetes service. | |
| <a id="providers-kubernetesgateway-throttleduration" href="#providers-kubernetesgateway-throttleduration" title="#providers-kubernetesgateway-throttleduration">providers.kubernetesgateway.throttleduration</a> | Kubernetes refresh throttle duration | 0 |
| <a id="providers-kubernetesgateway-token" href="#providers-kubernetesgateway-token" title="#providers-kubernetesgateway-token">providers.kubernetesgateway.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="providers-kubernetesingress" href="#providers-kubernetesingress" title="#providers-kubernetesingress">providers.kubernetesingress</a> | Enable Kubernetes backend with default settings. | false |
| <a id="providers-kubernetesingress-allowemptyservices" href="#providers-kubernetesingress-allowemptyservices" title="#providers-kubernetesingress-allowemptyservices">providers.kubernetesingress.allowemptyservices</a> | Allow creation of services without endpoints. | false |
| <a id="providers-kubernetesingress-allowexternalnameservices" href="#providers-kubernetesingress-allowexternalnameservices" title="#providers-kubernetesingress-allowexternalnameservices">providers.kubernetesingress.allowexternalnameservices</a> | Allow ExternalName services. | false |
| <a id="providers-kubernetesingress-certauthfilepath" href="#providers-kubernetesingress-certauthfilepath" title="#providers-kubernetesingress-certauthfilepath">providers.kubernetesingress.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="providers-kubernetesingress-disableclusterscoperesources" href="#providers-kubernetesingress-disableclusterscoperesources" title="#providers-kubernetesingress-disableclusterscoperesources">providers.kubernetesingress.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
| <a id="providers-kubernetesingress-disableingressclasslookup" href="#providers-kubernetesingress-disableingressclasslookup" title="#providers-kubernetesingress-disableingressclasslookup">providers.kubernetesingress.disableingressclasslookup</a> | Disables the lookup of IngressClasses (Deprecated, please use DisableClusterScopeResources). | false |
| <a id="providers-kubernetesingress-endpoint" href="#providers-kubernetesingress-endpoint" title="#providers-kubernetesingress-endpoint">providers.kubernetesingress.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="providers-kubernetesingress-ingressclass" href="#providers-kubernetesingress-ingressclass" title="#providers-kubernetesingress-ingressclass">providers.kubernetesingress.ingressclass</a> | Value of kubernetes.io/ingress.class annotation or IngressClass name to watch for. | |
| <a id="providers-kubernetesingress-ingressendpoint-hostname" href="#providers-kubernetesingress-ingressendpoint-hostname" title="#providers-kubernetesingress-ingressendpoint-hostname">providers.kubernetesingress.ingressendpoint.hostname</a> | Hostname used for Kubernetes Ingress endpoints. | |
| <a id="providers-kubernetesingress-ingressendpoint-ip" href="#providers-kubernetesingress-ingressendpoint-ip" title="#providers-kubernetesingress-ingressendpoint-ip">providers.kubernetesingress.ingressendpoint.ip</a> | IP used for Kubernetes Ingress endpoints. | |
| <a id="providers-kubernetesingress-ingressendpoint-publishedservice" href="#providers-kubernetesingress-ingressendpoint-publishedservice" title="#providers-kubernetesingress-ingressendpoint-publishedservice">providers.kubernetesingress.ingressendpoint.publishedservice</a> | Published Kubernetes Service to copy status from. | |
| <a id="providers-kubernetesingress-labelselector" href="#providers-kubernetesingress-labelselector" title="#providers-kubernetesingress-labelselector">providers.kubernetesingress.labelselector</a> | Kubernetes Ingress label selector to use. | |
| <a id="providers-kubernetesingress-namespaces" href="#providers-kubernetesingress-namespaces" title="#providers-kubernetesingress-namespaces">providers.kubernetesingress.namespaces</a> | Kubernetes namespaces. | |
| <a id="providers-kubernetesingress-nativelbbydefault" href="#providers-kubernetesingress-nativelbbydefault" title="#providers-kubernetesingress-nativelbbydefault">providers.kubernetesingress.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
| <a id="providers-kubernetesingress-strictprefixmatching" href="#providers-kubernetesingress-strictprefixmatching" title="#providers-kubernetesingress-strictprefixmatching">providers.kubernetesingress.strictprefixmatching</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). | false |
| <a id="providers-kubernetesingress-throttleduration" href="#providers-kubernetesingress-throttleduration" title="#providers-kubernetesingress-throttleduration">providers.kubernetesingress.throttleduration</a> | Ingress refresh throttle duration | 0 |
| <a id="providers-kubernetesingress-token" href="#providers-kubernetesingress-token" title="#providers-kubernetesingress-token">providers.kubernetesingress.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="providers-kubernetesingressnginx" href="#providers-kubernetesingressnginx" title="#providers-kubernetesingressnginx">providers.kubernetesingressnginx</a> | Enable Kubernetes Ingress NGINX provider. | false |
| <a id="providers-kubernetesingressnginx-certauthfilepath" href="#providers-kubernetesingressnginx-certauthfilepath" title="#providers-kubernetesingressnginx-certauthfilepath">providers.kubernetesingressnginx.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
| <a id="providers-kubernetesingressnginx-controllerclass" href="#providers-kubernetesingressnginx-controllerclass" title="#providers-kubernetesingressnginx-controllerclass">providers.kubernetesingressnginx.controllerclass</a> | Ingress Class Controller value this controller satisfies. | k8s.io/ingress-nginx |
| <a id="providers-kubernetesingressnginx-defaultbackendservice" href="#providers-kubernetesingressnginx-defaultbackendservice" title="#providers-kubernetesingressnginx-defaultbackendservice">providers.kubernetesingressnginx.defaultbackendservice</a> | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | |
| <a id="providers-kubernetesingressnginx-disablesvcexternalname" href="#providers-kubernetesingressnginx-disablesvcexternalname" title="#providers-kubernetesingressnginx-disablesvcexternalname">providers.kubernetesingressnginx.disablesvcexternalname</a> | Disable support for Services of type ExternalName. | false |
| <a id="providers-kubernetesingressnginx-endpoint" href="#providers-kubernetesingressnginx-endpoint" title="#providers-kubernetesingressnginx-endpoint">providers.kubernetesingressnginx.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
| <a id="providers-kubernetesingressnginx-ingressclass" href="#providers-kubernetesingressnginx-ingressclass" title="#providers-kubernetesingressnginx-ingressclass">providers.kubernetesingressnginx.ingressclass</a> | Name of the ingress class this controller satisfies. | nginx |
| <a id="providers-kubernetesingressnginx-ingressclassbyname" href="#providers-kubernetesingressnginx-ingressclassbyname" title="#providers-kubernetesingressnginx-ingressclassbyname">providers.kubernetesingressnginx.ingressclassbyname</a> | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false |
| <a id="providers-kubernetesingressnginx-publishservice" href="#providers-kubernetesingressnginx-publishservice" title="#providers-kubernetesingressnginx-publishservice">providers.kubernetesingressnginx.publishservice</a> | Service fronting the Ingress controller. Takes the form 'namespace/name'. | |
| <a id="providers-kubernetesingressnginx-publishstatusaddress" href="#providers-kubernetesingressnginx-publishstatusaddress" title="#providers-kubernetesingressnginx-publishstatusaddress">providers.kubernetesingressnginx.publishstatusaddress</a> | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | |
| <a id="providers-kubernetesingressnginx-throttleduration" href="#providers-kubernetesingressnginx-throttleduration" title="#providers-kubernetesingressnginx-throttleduration">providers.kubernetesingressnginx.throttleduration</a> | Ingress refresh throttle duration. | 0 |
| <a id="providers-kubernetesingressnginx-token" href="#providers-kubernetesingressnginx-token" title="#providers-kubernetesingressnginx-token">providers.kubernetesingressnginx.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
| <a id="providers-kubernetesingressnginx-watchingresswithoutclass" href="#providers-kubernetesingressnginx-watchingresswithoutclass" title="#providers-kubernetesingressnginx-watchingresswithoutclass">providers.kubernetesingressnginx.watchingresswithoutclass</a> | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false |
| <a id="providers-kubernetesingressnginx-watchnamespace" href="#providers-kubernetesingressnginx-watchnamespace" title="#providers-kubernetesingressnginx-watchnamespace">providers.kubernetesingressnginx.watchnamespace</a> | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | |
| <a id="providers-kubernetesingressnginx-watchnamespaceselector" href="#providers-kubernetesingressnginx-watchnamespaceselector" title="#providers-kubernetesingressnginx-watchnamespaceselector">providers.kubernetesingressnginx.watchnamespaceselector</a> | Selector selects namespaces the controller watches for updates to Kubernetes objects. | |
| <a id="providers-nomad" href="#providers-nomad" title="#providers-nomad">providers.nomad</a> | Enable Nomad backend with default settings. | false |
| <a id="providers-nomad-allowemptyservices" href="#providers-nomad-allowemptyservices" title="#providers-nomad-allowemptyservices">providers.nomad.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
| <a id="providers-nomad-constraints" href="#providers-nomad-constraints" title="#providers-nomad-constraints">providers.nomad.constraints</a> | Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service. | |
| <a id="providers-nomad-defaultrule" href="#providers-nomad-defaultrule" title="#providers-nomad-defaultrule">providers.nomad.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="providers-nomad-endpoint-address" href="#providers-nomad-endpoint-address" title="#providers-nomad-endpoint-address">providers.nomad.endpoint.address</a> | The address of the Nomad server, including scheme and port. | http://127.0.0.1:4646 |
| <a id="providers-nomad-endpoint-endpointwaittime" href="#providers-nomad-endpoint-endpointwaittime" title="#providers-nomad-endpoint-endpointwaittime">providers.nomad.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
| <a id="providers-nomad-endpoint-region" href="#providers-nomad-endpoint-region" title="#providers-nomad-endpoint-region">providers.nomad.endpoint.region</a> | Nomad region to use. If not provided, the local agent region is used. | |
| <a id="providers-nomad-endpoint-tls-ca" href="#providers-nomad-endpoint-tls-ca" title="#providers-nomad-endpoint-tls-ca">providers.nomad.endpoint.tls.ca</a> | TLS CA | |
| <a id="providers-nomad-endpoint-tls-cert" href="#providers-nomad-endpoint-tls-cert" title="#providers-nomad-endpoint-tls-cert">providers.nomad.endpoint.tls.cert</a> | TLS cert | |
| <a id="providers-nomad-endpoint-tls-insecureskipverify" href="#providers-nomad-endpoint-tls-insecureskipverify" title="#providers-nomad-endpoint-tls-insecureskipverify">providers.nomad.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-nomad-endpoint-tls-key" href="#providers-nomad-endpoint-tls-key" title="#providers-nomad-endpoint-tls-key">providers.nomad.endpoint.tls.key</a> | TLS key | |
| <a id="providers-nomad-endpoint-token" href="#providers-nomad-endpoint-token" title="#providers-nomad-endpoint-token">providers.nomad.endpoint.token</a> | Token is used to provide a per-request ACL token. | |
| <a id="providers-nomad-exposedbydefault" href="#providers-nomad-exposedbydefault" title="#providers-nomad-exposedbydefault">providers.nomad.exposedbydefault</a> | Expose Nomad services by default. | true |
| <a id="providers-nomad-namespaces" href="#providers-nomad-namespaces" title="#providers-nomad-namespaces">providers.nomad.namespaces</a> | Sets the Nomad namespaces used to discover services. | |
| <a id="providers-nomad-prefix" href="#providers-nomad-prefix" title="#providers-nomad-prefix">providers.nomad.prefix</a> | Prefix for nomad service tags. | traefik |
| <a id="providers-nomad-refreshinterval" href="#providers-nomad-refreshinterval" title="#providers-nomad-refreshinterval">providers.nomad.refreshinterval</a> | Interval for polling Nomad API. | 15 |
| <a id="providers-nomad-stale" href="#providers-nomad-stale" title="#providers-nomad-stale">providers.nomad.stale</a> | Use stale consistency for catalog reads. | false |
| <a id="providers-nomad-throttleduration" href="#providers-nomad-throttleduration" title="#providers-nomad-throttleduration">providers.nomad.throttleduration</a> | Watch throttle duration. | 0 |
| <a id="providers-nomad-watch" href="#providers-nomad-watch" title="#providers-nomad-watch">providers.nomad.watch</a> | Watch Nomad Service events. | false |
| <a id="providers-plugin-name" href="#providers-plugin-name" title="#providers-plugin-name">providers.plugin._name_</a> | Plugins configuration. | |
| <a id="providers-providersthrottleduration" href="#providers-providersthrottleduration" title="#providers-providersthrottleduration">providers.providersthrottleduration</a> | Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. | 2 |
| <a id="providers-redis" href="#providers-redis" title="#providers-redis">providers.redis</a> | Enable Redis backend with default settings. | false |
| <a id="providers-redis-db" href="#providers-redis-db" title="#providers-redis-db">providers.redis.db</a> | Database to be selected after connecting to the server. | 0 |
| <a id="providers-redis-endpoints" href="#providers-redis-endpoints" title="#providers-redis-endpoints">providers.redis.endpoints</a> | KV store endpoints. | 127.0.0.1:6379 |
| <a id="providers-redis-password" href="#providers-redis-password" title="#providers-redis-password">providers.redis.password</a> | Password for authentication. | |
| <a id="providers-redis-rootkey" href="#providers-redis-rootkey" title="#providers-redis-rootkey">providers.redis.rootkey</a> | Root key used for KV store. | traefik |
| <a id="providers-redis-sentinel-latencystrategy" href="#providers-redis-sentinel-latencystrategy" title="#providers-redis-sentinel-latencystrategy">providers.redis.sentinel.latencystrategy</a> | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false |
| <a id="providers-redis-sentinel-mastername" href="#providers-redis-sentinel-mastername" title="#providers-redis-sentinel-mastername">providers.redis.sentinel.mastername</a> | Name of the master. | |
| <a id="providers-redis-sentinel-password" href="#providers-redis-sentinel-password" title="#providers-redis-sentinel-password">providers.redis.sentinel.password</a> | Password for Sentinel authentication. | |
| <a id="providers-redis-sentinel-randomstrategy" href="#providers-redis-sentinel-randomstrategy" title="#providers-redis-sentinel-randomstrategy">providers.redis.sentinel.randomstrategy</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false |
| <a id="providers-redis-sentinel-replicastrategy" href="#providers-redis-sentinel-replicastrategy" title="#providers-redis-sentinel-replicastrategy">providers.redis.sentinel.replicastrategy</a> | Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). | false |
| <a id="providers-redis-sentinel-usedisconnectedreplicas" href="#providers-redis-sentinel-usedisconnectedreplicas" title="#providers-redis-sentinel-usedisconnectedreplicas">providers.redis.sentinel.usedisconnectedreplicas</a> | Use replicas disconnected with master when cannot get connected replicas. | false |
| <a id="providers-redis-sentinel-username" href="#providers-redis-sentinel-username" title="#providers-redis-sentinel-username">providers.redis.sentinel.username</a> | Username for Sentinel authentication. | |
| <a id="providers-redis-tls-ca" href="#providers-redis-tls-ca" title="#providers-redis-tls-ca">providers.redis.tls.ca</a> | TLS CA | |
| <a id="providers-redis-tls-cert" href="#providers-redis-tls-cert" title="#providers-redis-tls-cert">providers.redis.tls.cert</a> | TLS cert | |
| <a id="providers-redis-tls-insecureskipverify" href="#providers-redis-tls-insecureskipverify" title="#providers-redis-tls-insecureskipverify">providers.redis.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-redis-tls-key" href="#providers-redis-tls-key" title="#providers-redis-tls-key">providers.redis.tls.key</a> | TLS key | |
| <a id="providers-redis-username" href="#providers-redis-username" title="#providers-redis-username">providers.redis.username</a> | Username for authentication. | |
| <a id="providers-rest" href="#providers-rest" title="#providers-rest">providers.rest</a> | Enable Rest backend with default settings. | false |
| <a id="providers-rest-insecure" href="#providers-rest-insecure" title="#providers-rest-insecure">providers.rest.insecure</a> | Activate REST Provider directly on the entryPoint named traefik. | false |
| <a id="providers-swarm" href="#providers-swarm" title="#providers-swarm">providers.swarm</a> | Enable Docker Swarm backend with default settings. | false |
| <a id="providers-swarm-allowemptyservices" href="#providers-swarm-allowemptyservices" title="#providers-swarm-allowemptyservices">providers.swarm.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
| <a id="providers-swarm-constraints" href="#providers-swarm-constraints" title="#providers-swarm-constraints">providers.swarm.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
| <a id="providers-swarm-defaultrule" href="#providers-swarm-defaultrule" title="#providers-swarm-defaultrule">providers.swarm.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
| <a id="providers-swarm-endpoint" href="#providers-swarm-endpoint" title="#providers-swarm-endpoint">providers.swarm.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
| <a id="providers-swarm-exposedbydefault" href="#providers-swarm-exposedbydefault" title="#providers-swarm-exposedbydefault">providers.swarm.exposedbydefault</a> | Expose containers by default. | true |
| <a id="providers-swarm-httpclienttimeout" href="#providers-swarm-httpclienttimeout" title="#providers-swarm-httpclienttimeout">providers.swarm.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
| <a id="providers-swarm-network" href="#providers-swarm-network" title="#providers-swarm-network">providers.swarm.network</a> | Default Docker network used. | |
| <a id="providers-swarm-password" href="#providers-swarm-password" title="#providers-swarm-password">providers.swarm.password</a> | Password for Basic HTTP authentication. | |
| <a id="providers-swarm-refreshseconds" href="#providers-swarm-refreshseconds" title="#providers-swarm-refreshseconds">providers.swarm.refreshseconds</a> | Polling interval for swarm mode. | 15 |
| <a id="providers-swarm-tls-ca" href="#providers-swarm-tls-ca" title="#providers-swarm-tls-ca">providers.swarm.tls.ca</a> | TLS CA | |
| <a id="providers-swarm-tls-cert" href="#providers-swarm-tls-cert" title="#providers-swarm-tls-cert">providers.swarm.tls.cert</a> | TLS cert | |
| <a id="providers-swarm-tls-insecureskipverify" href="#providers-swarm-tls-insecureskipverify" title="#providers-swarm-tls-insecureskipverify">providers.swarm.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="providers-swarm-tls-key" href="#providers-swarm-tls-key" title="#providers-swarm-tls-key">providers.swarm.tls.key</a> | TLS key | |
| <a id="providers-swarm-usebindportip" href="#providers-swarm-usebindportip" title="#providers-swarm-usebindportip">providers.swarm.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
| <a id="providers-swarm-username" href="#providers-swarm-username" title="#providers-swarm-username">providers.swarm.username</a> | Username for Basic HTTP authentication. | |
| <a id="providers-swarm-watch" href="#providers-swarm-watch" title="#providers-swarm-watch">providers.swarm.watch</a> | Watch Docker events. | true |
| <a id="providers-zookeeper" href="#providers-zookeeper" title="#providers-zookeeper">providers.zookeeper</a> | Enable ZooKeeper backend with default settings. | false |
| <a id="providers-zookeeper-endpoints" href="#providers-zookeeper-endpoints" title="#providers-zookeeper-endpoints">providers.zookeeper.endpoints</a> | KV store endpoints. | 127.0.0.1:2181 |
| <a id="providers-zookeeper-password" href="#providers-zookeeper-password" title="#providers-zookeeper-password">providers.zookeeper.password</a> | Password for authentication. | |
| <a id="providers-zookeeper-rootkey" href="#providers-zookeeper-rootkey" title="#providers-zookeeper-rootkey">providers.zookeeper.rootkey</a> | Root key used for KV store. | traefik |
| <a id="providers-zookeeper-username" href="#providers-zookeeper-username" title="#providers-zookeeper-username">providers.zookeeper.username</a> | Username for authentication. | |
| <a id="serverstransport-forwardingtimeouts-dialtimeout" href="#serverstransport-forwardingtimeouts-dialtimeout" title="#serverstransport-forwardingtimeouts-dialtimeout">serverstransport.forwardingtimeouts.dialtimeout</a> | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| <a id="serverstransport-forwardingtimeouts-idleconntimeout" href="#serverstransport-forwardingtimeouts-idleconntimeout" title="#serverstransport-forwardingtimeouts-idleconntimeout">serverstransport.forwardingtimeouts.idleconntimeout</a> | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself | 90 |
| <a id="serverstransport-forwardingtimeouts-responseheadertimeout" href="#serverstransport-forwardingtimeouts-responseheadertimeout" title="#serverstransport-forwardingtimeouts-responseheadertimeout">serverstransport.forwardingtimeouts.responseheadertimeout</a> | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. | 0 |
| <a id="serverstransport-insecureskipverify" href="#serverstransport-insecureskipverify" title="#serverstransport-insecureskipverify">serverstransport.insecureskipverify</a> | Disable SSL certificate verification. | false |
| <a id="serverstransport-maxidleconnsperhost" href="#serverstransport-maxidleconnsperhost" title="#serverstransport-maxidleconnsperhost">serverstransport.maxidleconnsperhost</a> | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used | 200 |
| <a id="serverstransport-rootcas" href="#serverstransport-rootcas" title="#serverstransport-rootcas">serverstransport.rootcas</a> | Add cert file for self-signed certificate. | |
| <a id="serverstransport-spiffe" href="#serverstransport-spiffe" title="#serverstransport-spiffe">serverstransport.spiffe</a> | Defines the SPIFFE configuration. | false |
| <a id="serverstransport-spiffe-ids" href="#serverstransport-spiffe-ids" title="#serverstransport-spiffe-ids">serverstransport.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| <a id="serverstransport-spiffe-trustdomain" href="#serverstransport-spiffe-trustdomain" title="#serverstransport-spiffe-trustdomain">serverstransport.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
| <a id="spiffe-workloadapiaddr" href="#spiffe-workloadapiaddr" title="#spiffe-workloadapiaddr">spiffe.workloadapiaddr</a> | Defines the workload API address. | |
| <a id="tcpserverstransport-dialkeepalive" href="#tcpserverstransport-dialkeepalive" title="#tcpserverstransport-dialkeepalive">tcpserverstransport.dialkeepalive</a> | Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled | 15 |
| <a id="tcpserverstransport-dialtimeout" href="#tcpserverstransport-dialtimeout" title="#tcpserverstransport-dialtimeout">tcpserverstransport.dialtimeout</a> | Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
| <a id="tcpserverstransport-terminationdelay" href="#tcpserverstransport-terminationdelay" title="#tcpserverstransport-terminationdelay">tcpserverstransport.terminationdelay</a> | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 0 |
| <a id="tcpserverstransport-tls" href="#tcpserverstransport-tls" title="#tcpserverstransport-tls">tcpserverstransport.tls</a> | Defines the TLS configuration. | false |
| <a id="tcpserverstransport-tls-insecureskipverify" href="#tcpserverstransport-tls-insecureskipverify" title="#tcpserverstransport-tls-insecureskipverify">tcpserverstransport.tls.insecureskipverify</a> | Disables SSL certificate verification. | false |
| <a id="tcpserverstransport-tls-rootcas" href="#tcpserverstransport-tls-rootcas" title="#tcpserverstransport-tls-rootcas">tcpserverstransport.tls.rootcas</a> | Defines a list of CA secret used to validate self-signed certificate | |
| <a id="tcpserverstransport-tls-spiffe" href="#tcpserverstransport-tls-spiffe" title="#tcpserverstransport-tls-spiffe">tcpserverstransport.tls.spiffe</a> | Defines the SPIFFE TLS configuration. | false |
| <a id="tcpserverstransport-tls-spiffe-ids" href="#tcpserverstransport-tls-spiffe-ids" title="#tcpserverstransport-tls-spiffe-ids">tcpserverstransport.tls.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
| <a id="tcpserverstransport-tls-spiffe-trustdomain" href="#tcpserverstransport-tls-spiffe-trustdomain" title="#tcpserverstransport-tls-spiffe-trustdomain">tcpserverstransport.tls.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
| <a id="tracing" href="#tracing" title="#tracing">tracing</a> | Tracing configuration. | false |
| <a id="tracing-addinternals" href="#tracing-addinternals" title="#tracing-addinternals">tracing.addinternals</a> | Enables tracing for internal services (ping, dashboard, etc...). | false |
| <a id="tracing-capturedrequestheaders" href="#tracing-capturedrequestheaders" title="#tracing-capturedrequestheaders">tracing.capturedrequestheaders</a> | Request headers to add as attributes for server and client spans. | |
| <a id="tracing-capturedresponseheaders" href="#tracing-capturedresponseheaders" title="#tracing-capturedresponseheaders">tracing.capturedresponseheaders</a> | Response headers to add as attributes for server and client spans. | |
| <a id="tracing-globalattributes-name" href="#tracing-globalattributes-name" title="#tracing-globalattributes-name">tracing.globalattributes._name_</a> | (Deprecated) Defines additional resource attributes (key:value). | |
| <a id="tracing-otlp" href="#tracing-otlp" title="#tracing-otlp">tracing.otlp</a> | Settings for OpenTelemetry. | false |
| <a id="tracing-otlp-grpc" href="#tracing-otlp-grpc" title="#tracing-otlp-grpc">tracing.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
| <a id="tracing-otlp-grpc-endpoint" href="#tracing-otlp-grpc-endpoint" title="#tracing-otlp-grpc-endpoint">tracing.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
| <a id="tracing-otlp-grpc-headers-name" href="#tracing-otlp-grpc-headers-name" title="#tracing-otlp-grpc-headers-name">tracing.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
| <a id="tracing-otlp-grpc-insecure" href="#tracing-otlp-grpc-insecure" title="#tracing-otlp-grpc-insecure">tracing.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
| <a id="tracing-otlp-grpc-tls-ca" href="#tracing-otlp-grpc-tls-ca" title="#tracing-otlp-grpc-tls-ca">tracing.otlp.grpc.tls.ca</a> | TLS CA | |
| <a id="tracing-otlp-grpc-tls-cert" href="#tracing-otlp-grpc-tls-cert" title="#tracing-otlp-grpc-tls-cert">tracing.otlp.grpc.tls.cert</a> | TLS cert | |
| <a id="tracing-otlp-grpc-tls-insecureskipverify" href="#tracing-otlp-grpc-tls-insecureskipverify" title="#tracing-otlp-grpc-tls-insecureskipverify">tracing.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="tracing-otlp-grpc-tls-key" href="#tracing-otlp-grpc-tls-key" title="#tracing-otlp-grpc-tls-key">tracing.otlp.grpc.tls.key</a> | TLS key | |
| <a id="tracing-otlp-http" href="#tracing-otlp-http" title="#tracing-otlp-http">tracing.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
| <a id="tracing-otlp-http-endpoint" href="#tracing-otlp-http-endpoint" title="#tracing-otlp-http-endpoint">tracing.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
| <a id="tracing-otlp-http-headers-name" href="#tracing-otlp-http-headers-name" title="#tracing-otlp-http-headers-name">tracing.otlp.http.headers._name_</a> | Headers sent with payload. | |
| <a id="tracing-otlp-http-tls-ca" href="#tracing-otlp-http-tls-ca" title="#tracing-otlp-http-tls-ca">tracing.otlp.http.tls.ca</a> | TLS CA | |
| <a id="tracing-otlp-http-tls-cert" href="#tracing-otlp-http-tls-cert" title="#tracing-otlp-http-tls-cert">tracing.otlp.http.tls.cert</a> | TLS cert | |
| <a id="tracing-otlp-http-tls-insecureskipverify" href="#tracing-otlp-http-tls-insecureskipverify" title="#tracing-otlp-http-tls-insecureskipverify">tracing.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
| <a id="tracing-otlp-http-tls-key" href="#tracing-otlp-http-tls-key" title="#tracing-otlp-http-tls-key">tracing.otlp.http.tls.key</a> | TLS key | |
| <a id="tracing-resourceattributes-name" href="#tracing-resourceattributes-name" title="#tracing-resourceattributes-name">tracing.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
| <a id="tracing-safequeryparams" href="#tracing-safequeryparams" title="#tracing-safequeryparams">tracing.safequeryparams</a> | Query params to not redact. | |
| <a id="tracing-samplerate" href="#tracing-samplerate" title="#tracing-samplerate">tracing.samplerate</a> | Sets the rate between 0.0 and 1.0 of requests to trace. | 1.000000 |
| <a id="tracing-servicename" href="#tracing-servicename" title="#tracing-servicename">tracing.servicename</a> | Defines the service name resource attribute. | traefik |
Reference in New Issue View Git Blame Copy Permalink