-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
traefik-v2-file-provider.json
1727 lines (1727 loc) · 72.7 KB
/
traefik-v2-file-provider.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://json.schemastore.org/traefik-v2-file-provider.json",
"additionalProperties": false,
"definitions": {
"httpRouter": {
"type": "object",
"description": "A router is in charge of connecting incoming requests to the services that can handle them. In the process, routers may use pieces of middleware to update the request, or act before forwarding the request to the service.",
"properties": {
"entryPoints": {
"type": "array",
"description": "If not specified, HTTP routers will accept requests from all defined entry points. If you want to limit the router scope to a set of entry points, set the entryPoints option.",
"items": {
"type": "string"
}
},
"rule": {
"type": "string",
"description": "Rules are a set of matchers configured with values, that determine if a particular request matches specific criteria. If the rule is verified, the router becomes active, calls middlewares, and then forwards the request to the service."
},
"priority": {
"type": "integer",
"description": "To avoid path overlap, routes are sorted, by default, in descending order using rules length. The priority is directly equal to the length of the rule, and so the longest length has the highest priority. A value of 0 for the priority is ignored: priority = 0 means that the default rules length sorting is used.",
"default": 0,
"minimum": 0
},
"middlewares": {
"type": "array",
"description": "You can attach a list of middlewares to each HTTP router. The middlewares will take effect only if the rule matches, and before forwarding the request to the service. Middlewares are applied in the same order as their declaration in router.",
"items": {
"type": "string"
}
},
"service": {
"type": "string",
"description": "Each request must eventually be handled by a service, which is why each router definition should include a service target, which is basically where the request will be passed along to. HTTP routers can only target HTTP services (not TCP services)."
},
"tls": {
"type": "object",
"description": "When a TLS section is specified, it instructs Traefik that the current router is dedicated to HTTPS requests only (and that the router should ignore HTTP (non TLS) requests). Traefik will terminate the SSL connections (meaning that it will send decrypted data to the services). If you need to define the same route for both HTTP and HTTPS requests, you will need to define two different routers: one with the tls section, one without.",
"properties": {
"options": {
"type": "string",
"description": "The options field enables fine-grained control of the TLS parameters. It refers to a TLS Options and will be applied only if a Host rule is defined."
},
"certResolver": {
"type": "string",
"description": "If certResolver is defined, Traefik will try to generate certificates based on routers Host & HostSNI rules."
},
"domains": {
"type": "array",
"description": "You can set SANs (alternative domains) for each main domain. Every domain must have A/AAAA records pointing to Traefik. Each domain & SAN will lead to a certificate request.",
"items": {
"type": "object",
"properties": {
"main": {
"type": "string",
"description": "Main defines the main domain name."
},
"sans": {
"type": "array",
"description": "SANs defines the subject alternative domain names.",
"items": {
"type": "string"
}
}
}
}
}
}
}
},
"additionalProperties": false,
"required": ["rule", "service"]
},
"httpLoadBalancerService": {
"type": "object",
"description": "The load balancers are able to load balance the requests between multiple instances of your programs.\n\nEach service has a load-balancer, even if there is only one server to forward traffic to.",
"properties": {
"servers": {
"type": "array",
"description": "Servers declare a single instance of your program.",
"minItems": 1,
"items": {
"type": "object",
"properties": {
"url": {
"type": "string",
"description": "The url option point to a specific instance. Paths in the servers' url have no effect. If you want the requests to be sent to a specific path on your servers, configure your routers to use a corresponding middleware (e.g. the AddPrefix or ReplacePath) middlewares."
}
},
"required": ["url"]
}
},
"sticky": {
"type": "object",
"description": "When sticky sessions are enabled, a cookie is set on the initial request and response to let the client know which server handles the first response. On subsequent requests, to keep the session alive with the same server, the client should resend the same cookie.",
"properties": {
"cookie": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "The default cookie name is an abbreviation of a sha1 (ex: _1d52e)."
},
"secure": {
"type": "boolean",
"default": false
},
"httpOnly": {
"type": "boolean",
"default": false
},
"sameSite": {
"type": "string",
"description": "Can be none, lax, strict or empty.",
"default": ""
}
}
}
}
},
"healthCheck": {
"type": "object",
"description": "Configure health check to remove unhealthy servers from the load balancing rotation. Traefik will consider your servers healthy as long as they return status codes between 2XX and 3XX to the health check requests (carried out every interval). Traefik keeps monitoring the health of unhealthy servers. If a server has recovered (returning 2xx -> 3xx responses again), it will be added back to the load balancer rotation pool.",
"properties": {
"method": {
"type": "string",
"description": "If defined, will apply this Method for the health check request."
},
"path": {
"type": "string",
"description": "path is appended to the server URL to set the health check endpoint."
},
"scheme": {
"type": "string",
"description": "If defined, will replace the server URL scheme for the health check endpoint"
},
"hostname": {
"type": "string",
"description": "If defined, will apply Host header hostname to the health check request."
},
"port": {
"type": "integer",
"description": "If defined, will replace the server URL port for the health check endpoint."
},
"interval": {
"type": "string",
"description": "Defines the frequency of the health check calls. Interval is to be given in a format understood by `time.ParseDuration`. The interval must be greater than the timeout. If configuration doesn't reflect this, the interval will be set to timeout + 1 second."
},
"timeout": {
"type": "string",
"description": "Defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy). Timeout is to be given in a format understood by `time.ParseDuration`."
},
"headers": {
"type": "object",
"description": "Defines custom headers to be sent to the health check endpoint.",
"additionalProperties": {
"type": "string"
}
},
"followRedirects": {
"type": "boolean",
"description": "Defines whether redirects should be followed during the health check calls (default: true).",
"default": true
}
}
},
"passHostHeader": {
"type": "boolean",
"description": "The passHostHeader allows to forward client Host header to server. By default, passHostHeader is true.",
"default": true
},
"responseForwarding": {
"type": "object",
"description": "Defines how Traefik forwards the response from the backend server to the client.",
"properties": {
"flushInterval": {
"type": "string",
"description": "Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100. A negative value means to flush immediately after each write to the client. The flushInterval is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately."
}
}
},
"serversTransport": {
"type": "string"
}
},
"additionalProperties": false,
"required": ["servers"]
},
"httpWeightedService": {
"type": "object",
"description": "The WRR is able to load balance the requests between multiple services based on weights.\n\nThis strategy is only available to load balance between services and not between servers.",
"properties": {
"services": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"weight": {
"type": "number"
}
}
}
},
"sticky": {
"type": "object",
"description": "When sticky sessions are enabled, a cookie is set on the initial request and response to let the client know which server handles the first response. On subsequent requests, to keep the session alive with the same server, the client should resend the same cookie.",
"properties": {
"cookie": {
"type": "object",
"properties": {
"name": {
"type": "string",
"description": "The default cookie name is an abbreviation of a sha1 (ex: _1d52e)."
},
"secure": {
"type": "boolean",
"default": false
},
"httpOnly": {
"type": "boolean",
"default": false
},
"sameSite": {
"type": "string",
"description": "Can be none, lax, strict or empty.",
"default": ""
}
}
}
}
},
"healthCheck": {
"type": "object"
}
},
"additionalProperties": false
},
"httpMirroringService": {
"type": "object",
"description": "The mirroring is able to mirror requests sent to a service to other services. Please note that by default the whole request is buffered in memory while it is being mirrored. See the maxBodySize option for how to modify this behaviour.",
"properties": {
"service": {
"type": "string"
},
"maxBodySize": {
"type": "integer",
"description": "maxBodySize is the maximum size allowed for the body of the request. If the body is larger, the request is not mirrored. Default value is -1, which means unlimited size.",
"default": -1
},
"mirrors": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"percent": {
"type": "number",
"minimum": 0,
"maximum": 100
}
}
}
},
"healthCheck": {
"type": "object"
}
},
"additionalProperties": false
},
"httpFailoverService": {
"type": "object",
"properties": {
"service": {
"type": "string"
},
"fallback": {
"type": "string"
},
"healthCheck": {
"type": "object"
}
},
"additionalProperties": false
},
"httpService": {
"type": "object",
"description": "The Services are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.",
"oneOf": [
{
"properties": {
"loadBalancer": {
"$ref": "#/definitions/httpLoadBalancerService"
}
},
"additionalProperties": false
},
{
"properties": {
"weighted": {
"$ref": "#/definitions/httpWeightedService"
}
},
"additionalProperties": false
},
{
"properties": {
"mirroring": {
"$ref": "#/definitions/httpMirroringService"
}
},
"additionalProperties": false
},
{
"properties": {
"failover": {
"$ref": "#/definitions/httpFailoverService"
}
},
"additionalProperties": false
}
]
},
"addPrefixMiddleware": {
"type": "object",
"description": "The AddPrefix middleware updates the URL Path of the request before forwarding it.",
"properties": {
"prefix": {
"type": "string",
"description": "prefix is the string to add before the current path in the requested URL. It should include the leading slash (/)."
}
},
"additionalProperties": false
},
"basicAuthMiddleware": {
"type": "object",
"description": "The BasicAuth middleware is a quick way to restrict access to your services to known users. If both users and usersFile are provided, the two are merged. The contents of usersFile have precedence over the values in users.",
"properties": {
"users": {
"type": "array",
"description": "The users option is an array of authorized users. Each user will be declared using the `name:hashed-password` format.",
"items": {
"type": "string"
}
},
"usersFile": {
"type": "string",
"description": "The usersFile option is the path to an external file that contains the authorized users for the middleware.\n\nThe file content is a list of `name:hashed-password`."
},
"realm": {
"type": "string",
"description": "You can customize the realm for the authentication with the realm option. The default value is traefik.",
"default": "traefik"
},
"headerField": {
"type": "string",
"description": "You can define a header field to store the authenticated user using the headerField option."
},
"removeHeader": {
"type": "boolean",
"description": "Set the removeHeader option to true to remove the authorization header before forwarding the request to your service. (Default value is false.)",
"default": false
}
}
},
"bufferingMiddleware": {
"type": "object",
"description": "The Buffering middleware gives you control on how you want to read the requests before sending them to services.\n\nWith Buffering, Traefik reads the entire request into memory (possibly buffering large requests into disk), and rejects requests that are over a specified limit.\n\nThis can help services deal with large data (multipart/form-data for example), and can minimize time spent sending data to a service.",
"properties": {
"maxRequestBodyBytes": {
"type": "integer",
"description": "With the maxRequestBodyBytes option, you can configure the maximum allowed body size for the request (in Bytes).\n\nIf the request exceeds the allowed size, it is not forwarded to the service and the client gets a 413 (Request Entity Too Large) response."
},
"memRequestBodyBytes": {
"type": "integer",
"description": "You can configure a threshold (in Bytes) from which the request will be buffered on disk instead of in memory with the memRequestBodyBytes option."
},
"maxResponseBodyBytes": {
"type": "integer",
"description": "With the maxResponseBodyBytes option, you can configure the maximum allowed response size from the service (in Bytes).\n\nIf the response exceeds the allowed size, it is not forwarded to the client. The client gets a 413 (Request Entity Too Large) response instead."
},
"memResponseBodyBytes": {
"type": "integer",
"description": "You can configure a threshold (in Bytes) from which the response will be buffered on disk instead of in memory with the memResponseBodyBytes option."
},
"retryExpression": {
"type": "string",
"description": "You can have the Buffering middleware replay the request with the help of the retryExpression option."
}
},
"additionalProperties": false
},
"chainMiddleware": {
"type": "object",
"description": "The Chain middleware enables you to define reusable combinations of other pieces of middleware. It makes reusing the same groups easier.",
"properties": {
"middlewares": {
"type": "array",
"minItems": 1,
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"circuitBreakerMiddleware": {
"type": "object",
"description": "The circuit breaker protects your system from stacking requests to unhealthy services (resulting in cascading failures).\n\nWhen your system is healthy, the circuit is closed (normal operations). When your system becomes unhealthy, the circuit becomes open and the requests are no longer forwarded (but handled by a fallback mechanism).\n\nTo assess if your system is healthy, the circuit breaker constantly monitors the services.",
"properties": {
"expression": {
"type": "string",
"description": "You can specify an expression that, once matched, will trigger the circuit breaker (and apply the fallback mechanism instead of calling your services)."
},
"checkPeriod": {
"type": "string",
"description": "The interval between successive checks of the circuit breaker condition (when in standby state)"
},
"fallbackDuration": {
"type": "string",
"description": "The duration for which the circuit breaker will wait before trying to recover (from a tripped state)."
},
"recoveryDuration": {
"type": "string",
"description": "The duration for which the circuit breaker will try to recover (as soon as it is in recovering state)."
}
},
"additionalProperties": false
},
"compressMiddleware": {
"type": "object",
"description": "The Compress middleware enables the gzip compression.",
"properties": {
"excludedContentTypes": {
"type": "array",
"description": "excludedContentTypes specifies a list of content types to compare the Content-Type header of the incoming requests to before compressing.\n\nThe requests with content types defined in excludedContentTypes are not compressed.\n\nContent types are compared in a case-insensitive, whitespace-ignored manner.",
"items": {
"type": "string"
}
},
"minResponseBodyBytes": {
"description": "specifies the minimum amount of bytes a response body must have to be compressed.",
"type": "integer"
}
},
"additionalProperties": false
},
"contentTypeMiddleware": {
"type": "object",
"description": "The Content-Type middleware - or rather its unique autoDetect option - specifies whether to let the Content-Type header, if it has not been set by the backend, be automatically set to a value derived from the contents of the response.\n\nAs a proxy, the default behavior should be to leave the header alone, regardless of what the backend did with it. However, the historic default was to always auto-detect and set the header if it was nil, and it is going to be kept that way in order to support users currently relying on it. This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.",
"properties": {
"autoDetect": {
"type": "boolean",
"description": "autoDetect specifies whether to let the Content-Type header, if it has not been set by the backend, be automatically set to a value derived from the contents of the response.",
"default": false
}
},
"additionalProperties": false
},
"digestAuthMiddleware": {
"type": "object",
"description": "The DigestAuth middleware is a quick way to restrict access to your services to known users. If both users and usersFile are provided, the two are merged. The contents of usersFile have precedence over the values in users.",
"properties": {
"users": {
"type": "array",
"description": "The users option is an array of authorized users. Each user will be declared using the `name:realm:encoded-password` format.",
"items": {
"type": "string"
}
},
"usersFile": {
"type": "string",
"description": "The usersFile option is the path to an external file that contains the authorized users for the middleware.\n\nThe file content is a list of `name:realm:encoded-password`."
},
"realm": {
"type": "string",
"description": "You can customize the realm for the authentication with the realm option. The default value is traefik.",
"default": "traefik"
},
"headerField": {
"type": "string",
"description": "You can customize the header field for the authenticated user using the headerField option."
},
"removeHeader": {
"type": "boolean",
"description": "Set the removeHeader option to true to remove the authorization header before forwarding the request to your service. (Default value is false.)",
"default": false
}
},
"additionalProperties": false
},
"errorsMiddleware": {
"type": "object",
"description": "The ErrorPage middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes. The error page itself is not hosted by Traefik.",
"properties": {
"status": {
"type": "array",
"description": "The status that will trigger the error page.\n\nThe status code ranges are inclusive (500-599 will trigger with every code between 500 and 599, 500 and 599 included). You can define either a status code like 500 or ranges with a syntax like 500-599.",
"items": {
"type": "string"
}
},
"service": {
"type": "string",
"description": "The service that will serve the new requested error page."
},
"query": {
"type": "string",
"description": "The URL for the error page (hosted by service). You can use {status} in the query, that will be replaced by the received status code."
}
},
"additionalProperties": false
},
"forwardAuthMiddleware": {
"type": "object",
"description": "The ForwardAuth middleware delegate the authentication to an external service. If the service response code is 2XX, access is granted and the original request is performed. Otherwise, the response from the authentication server is returned.",
"properties": {
"address": {
"type": "string",
"description": "The address option defines the authentication server address."
},
"tls": {
"type": "object",
"description": "The tls option is the TLS configuration from Traefik to the authentication server.",
"properties": {
"ca": {
"type": "string",
"description": "Certificate Authority used for the secured connection to the authentication server."
},
"caOptional": {
"type": "boolean",
"description": "Policy used for the secured connection with TLS Client Authentication to the authentication server. Requires tls.ca to be defined."
},
"cert": {
"type": "string",
"description": "Public certificate used for the secured connection to the authentication server."
},
"key": {
"type": "string",
"description": "Private certificate used for the secure connection to the authentication server."
},
"insecureSkipVerify": {
"type": "boolean",
"description": "If insecureSkipVerify is true, TLS for the connection to authentication server accepts any certificate presented by the server and any host name in that certificate."
}
},
"dependencies": {
"caOptional": ["ca"]
}
},
"trustForwardHeader": {
"type": "boolean",
"description": "Set the trustForwardHeader option to true to trust all the existing X-Forwarded-* headers."
},
"authResponseHeaders": {
"type": "array",
"description": "The authResponseHeaders option is the list of the headers to copy from the authentication server to the request.",
"items": {
"type": "string"
}
},
"authResponseHeadersRegex": {
"type": "string",
"description": "The authResponseHeadersRegex option is the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex."
},
"authRequestHeaders": {
"type": "array",
"description": "The authRequestHeaders option is the list of the headers to copy from the request to the authentication server.",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"headersMiddleware": {
"type": "object",
"description": "The Headers middleware can manage the requests/responses headers.",
"properties": {
"customRequestHeaders": {
"type": "object",
"description": "The customRequestHeaders option lists the Header names and values to apply to the request.",
"additionalProperties": {
"type": "string"
}
},
"customResponseHeaders": {
"type": "object",
"description": "The customResponseHeaders option lists the Header names and values to apply to the response.",
"additionalProperties": {
"type": "string"
}
},
"accessControlAllowCredentials": {
"type": "boolean",
"description": "The accessControlAllowCredentials indicates whether the request can include user credentials."
},
"accessControlAllowHeaders": {
"type": "array",
"description": "The accessControlAllowHeaders indicates which header field names can be used as part of the request.",
"items": {
"type": "string"
}
},
"accessControlAllowMethods": {
"type": "array",
"description": "The accessControlAllowMethods indicates which methods can be used during requests.",
"items": {
"type": "string"
}
},
"accessControlAllowOriginList": {
"type": "array",
"description": "The accessControlAllowOriginList indicates whether a resource can be shared by returning different values.\n\nA wildcard origin * can also be configured, and will match all requests. If this value is set by a backend server, it will be overwritten by Traefik\n\nThis value can contain a list of allowed origins.",
"items": {
"type": "string"
}
},
"accessControlAllowOriginListRegex": {
"type": "array",
"description": "The accessControlAllowOriginListRegex option is the counterpart of the accessControlAllowOriginList option with regular expressions instead of origin values.",
"items": {
"type": "string"
}
},
"accessControlExposeHeaders": {
"type": "array",
"description": "The accessControlExposeHeaders indicates which headers are safe to expose to the api of a CORS API specification.",
"items": {
"type": "string"
}
},
"accessControlMaxAge": {
"type": "integer",
"description": "The accessControlMaxAge indicates how long (in seconds) a preflight request can be cached."
},
"addVaryHeader": {
"type": "boolean",
"description": "The addVaryHeader is used in conjunction with accessControlAllowOriginList to determine whether the vary header should be added or modified to demonstrate that server responses can differ based on the value of the origin header."
},
"allowedHosts": {
"type": "array",
"description": "The allowedHosts option lists fully qualified domain names that are allowed.",
"items": {
"type": "string"
}
},
"hostsProxyHeaders": {
"type": "array",
"description": "The hostsProxyHeaders option is a set of header keys that may hold a proxied hostname value for the request.",
"items": {
"type": "string"
}
},
"sslRedirect": {
"type": "boolean",
"description": "The sslRedirect is set to true, then only allow https requests."
},
"sslTemporaryRedirect": {
"type": "boolean",
"description": "Set the sslTemporaryRedirect to true to force an SSL redirection using a 302 (instead of a 301)."
},
"sslHost": {
"type": "string",
"description": "The sslHost option is the host name that is used to redirect http requests to https."
},
"sslProxyHeaders": {
"type": "object",
"description": "The sslProxyHeaders option is set of header keys with associated values that would indicate a valid https request. Useful when using other proxies with header like: \"X-Forwarded-Proto\": \"https\".",
"additionalProperties": {
"type": "string"
}
},
"sslForceHost": {
"type": "boolean",
"description": "Set sslForceHost to true and set SSLHost to forced requests to use SSLHost even the ones that are already using SSL."
},
"stsSeconds": {
"type": "integer",
"description": "The stsSeconds is the max-age of the Strict-Transport-Security header. If set to 0, would NOT include the header."
},
"stsIncludeSubdomains": {
"type": "boolean",
"description": "The stsIncludeSubdomains is set to true, the includeSubDomains directive will be appended to the Strict-Transport-Security header."
},
"stsPreload": {
"type": "boolean",
"description": "Set stsPreload to true to have the preload flag appended to the Strict-Transport-Security header."
},
"forceSTSHeader": {
"type": "boolean",
"description": "Set forceSTSHeader to true, to add the STS header even when the connection is HTTP."
},
"frameDeny": {
"type": "boolean",
"description": "Set frameDeny to true to add the X-Frame-Options header with the value of DENY."
},
"customFrameOptionsValue": {
"type": "string",
"description": "The customFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value. This overrides the FrameDeny option."
},
"contentTypeNosniff": {
"type": "boolean",
"description": "Set contentTypeNosniff to true to add the X-Content-Type-Options header with the value nosniff."
},
"browserXssFilter": {
"type": "boolean",
"description": "Set browserXssFilter to true to add the X-XSS-Protection header with the value 1; mode=block."
},
"customBrowserXSSValue": {
"type": "string",
"description": "The customBrowserXssValue option allows the X-XSS-Protection header value to be set with a custom value. This overrides the BrowserXssFilter option."
},
"contentSecurityPolicy": {
"type": "string",
"description": "The contentSecurityPolicy option allows the Content-Security-Policy header value to be set with a custom value."
},
"publicKey": {
"type": "string",
"description": "The publicKey implements HPKP to prevent MITM attacks with forged certificates."
},
"referrerPolicy": {
"type": "string",
"description": "The referrerPolicy allows sites to control when browsers will pass the Referer header to other sites."
},
"featurePolicy": {
"type": "string",
"description": "The featurePolicy allows sites to control browser features."
},
"permissionsPolicy": {
"type": "string",
"description": "The permissionsPolicy allows sites to control browser features."
},
"isDevelopment": {
"type": "boolean",
"description": "Set isDevelopment to true when developing. The AllowedHosts, SSL, and STS options can cause some unwanted effects. Usually testing happens on http, not https, and on localhost, not your production domain.\nIf you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as false."
}
},
"additionalProperties": false
},
"ipStrategy": {
"type": "object",
"description": "The ipStrategy option defines parameters that set how Traefik will determine the client IP.",
"properties": {
"depth": {
"type": "integer",
"description": "The depth option tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right). If depth is greater than the total number of IPs in X-Forwarded-For, then the client IP will be empty. depth is ignored if its value is lesser than or equal to 0."
},
"excludedIPs": {
"type": "array",
"description": "excludedIPs tells Traefik to scan the X-Forwarded-For header and pick the first IP not in the list. If depth is specified, excludedIPs is ignored.",
"items": {
"type": "string"
}
}
},
"additionalProperties": false
},
"ipWhiteListMiddleware": {
"type": "object",
"description": "DEPRECATED: IPWhitelist accepts / refuses requests based on the client IP.",
"properties": {
"sourceRange": {
"type": "array",
"description": "The sourceRange option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).",
"items": {
"type": "string"
}
},
"ipStrategy": {
"$ref": "#/definitions/ipStrategy"
}
},
"additionalProperties": false
},
"ipAllowListMiddleware": {
"type": "object",
"description": "IPAllowList accepts / refuses requests based on the client IP.",
"properties": {
"sourceRange": {
"type": "array",
"description": "The sourceRange option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).",
"items": {
"type": "string"
}
},
"ipStrategy": {
"$ref": "#/definitions/ipStrategy"
}
},
"additionalProperties": false
},
"sourceCriterion": {
"type": "object",
"description": "SourceCriterion defines what criterion is used to group requests as originating from a common source. The precedence order is ipStrategy, then requestHeaderName, then requestHost. If none are set, the default is to use the requestHost.",
"properties": {
"ipStrategy": {
"$ref": "#/definitions/ipStrategy"
},
"requestHeaderName": {
"type": "string",
"description": "Requests having the same value for the given header are grouped as coming from the same source."
},
"requestHost": {
"type": "boolean",
"description": "Whether to consider the request host as the source."
}
},
"additionalProperties": false
},
"inFlightReqMiddleware": {
"type": "object",
"description": "To proactively prevent services from being overwhelmed with high load, a limit on the number of simultaneous in-flight requests can be applied.",
"properties": {
"amount": {
"type": "integer",
"description": "The amount option defines the maximum amount of allowed simultaneous in-flight request. The middleware will return an HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy)."
},
"sourceCriterion": {
"$ref": "#/definitions/sourceCriterion"
}
},
"additionalProperties": false
},
"passTLSClientCertMiddleware": {
"type": "object",
"description": "PassTLSClientCert adds in header the selected data from the passed client tls certificate.",
"properties": {
"pem": {
"type": "boolean",
"description": "The pem option sets the X-Forwarded-Tls-Client-Cert header with the escape certificate."
},
"info": {
"type": "object",
"description": "The info option select the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header. The value of the header will be an escaped concatenation of all the selected certificate details.",
"properties": {
"notAfter": {
"type": "boolean",
"description": "Set the notAfter option to true to add the Not After information from the Validity part."
},
"notBefore": {
"type": "boolean",
"description": "Set the notBefore option to true to add the Not Before information from the Validity part."
},
"sans": {
"type": "boolean",
"description": "Set the sans option to true to add the Subject Alternative Name information from the Subject Alternative Name part."
},
"subject": {
"type": "object",
"description": "The subject select the specific client certificate subject details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.",
"properties": {
"country": {
"type": "boolean",
"description": "Set the country option to true to add the country information into the subject."
},
"province": {
"type": "boolean",
"description": "Set the province option to true to add the province information into the subject."
},
"locality": {
"type": "boolean",
"description": "Set the locality option to true to add the locality information into the subject."
},
"organization": {
"type": "boolean",
"description": "Set the organization option to true to add the organization information into the subject."
},
"commonName": {
"type": "boolean",
"description": "Set the commonName option to true to add the commonName information into the subject."
},
"serialNumber": {
"type": "boolean",
"description": "Set the serialNumber option to true to add the serialNumber information into the subject."
},
"domainComponent": {
"type": "boolean",
"description": "Set the domainComponent option to true to add the domainComponent information into the subject."
}
}
},
"issuer": {
"type": "object",
"description": "The issuer select the specific client certificate issuer details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.",
"properties": {
"country": {
"type": "boolean",
"description": "Set the country option to true to add the country information into the issuer."
},
"province": {
"type": "boolean",
"description": "Set the province option to true to add the province information into the issuer."
},
"locality": {
"type": "boolean",
"description": "Set the locality option to true to add the locality information into the issuer."
},
"organization": {
"type": "boolean",
"description": "Set the organization option to true to add the organization information into the issuer."
},
"commonName": {
"type": "boolean",
"description": "Set the commonName option to true to add the commonName information into the issuer."
},
"serialNumber": {
"type": "boolean",
"description": "Set the serialNumber option to true to add the serialNumber information into the issuer."
},
"domainComponent": {
"type": "boolean",
"description": "Set the domainComponent option to true to add the domainComponent information into the issuer."
}
}
}
}
}
},
"additionalProperties": false
},
"pluginMiddleware": {
"type": "object",
"description": "Some plugins will need to be configured by adding a dynamic configuration.",
"additionalProperties": {
"type": "object"
}
},
"rateLimitMiddleware": {
"type": "object",
"description": "The RateLimit middleware ensures that services will receive a fair number of requests, and allows one to define what fair is.",
"properties": {
"average": {
"description": "average is the maximum rate, by default in requests by second, allowed for the given source.\n\nIt defaults to 0, which means no rate limiting.\n\nThe rate is actually defined by dividing average by period. So for a rate below 1 req/s, one needs to define a period larger than a second.",
"oneOf": [
{
"type": "string"
},
{
"type": "number"
}
]
},
"period": {
"oneOf": [
{
"type": "string"
},
{
"type": "number",
"default": 1
}
],
"description": "period, in combination with average, defines the actual maximum rate.\n\nIt defaults to 1 second."
},
"burst": {
"type": "number",
"description": "burst is the maximum number of requests allowed to go through in the same arbitrarily small period of time.\n\nIt defaults to 1.",
"default": 1
},
"sourceCriterion": {
"$ref": "#/definitions/sourceCriterion"
}
},
"additionalProperties": false
},
"redirectRegexMiddleware": {
"type": "object",
"description": "RegexRedirect redirect a request from an url to another with regex matching and replacement.",
"properties": {
"permanent": {
"type": "boolean",
"description": "Set the permanent option to true to apply a permanent redirection."
},
"regex": {
"type": "string",
"description": "The regex option is the regular expression to match and capture elements from the request URL."
},
"replacement": {
"type": "string",
"description": "The replacement option defines how to modify the URL to have the new target URL. Care should be taken when defining replacement expand variables: $1x is equivalent to ${1x}, not ${1}x (see Regexp.Expand), so use ${1} syntax."
}
},
"additionalProperties": false
},
"redirectSchemeMiddleware": {
"type": "object",
"description": "RedirectScheme redirect request from a scheme to another.",
"properties": {
"permanent": {
"type": "boolean",
"description": "Set the permanent option to true to apply a permanent redirection."
},
"scheme": {