入口点¶
打开传入请求的连接
EntryPoints 是 Traefik 的网络入口点。它们定义将接收请求的端口(无论是 HTTP 还是 TCP)。
配置示例¶
仅限 80 端口
[entryPoints]
[entryPoints.web]
address = ":80"entryPoints:
web:
address: ":80"--entryPoints.web.address=:80We define an entrypoint called web that will listen on port 80.
80 和 443
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"entryPoints:
web:
address: ":80"
web-secure:
address: ":443"--entryPoints.web.address=:80
--entryPoints.web-secure.address=:443- Two entrypoints are defined: one called
web, and the other calledweb-secure. weblistens on port80, andweb-secureon port443.
配置¶
一般¶
EntryPoints 是静态配置的一部分。 您可以使用 toml 文件,CLI 参数或键值存储来定义它们。
有关可用选项列表,请参阅完整参考:
[entryPoints]
[entryPoints.EntryPoint0]
address = ":8888"
[entryPoints.EntryPoint0.transport]
[entryPoints.EntryPoint0.transport.lifeCycle]
requestAcceptGraceTimeout = 42
graceTimeOut = 42
[entryPoints.EntryPoint0.transport.respondingTimeouts]
readTimeout = 42
writeTimeout = 42
idleTimeout = 42
[entryPoints.EntryPoint0.proxyProtocol]
insecure = true
trustedIPs = ["foobar", "foobar"]
[entryPoints.EntryPoint0.forwardedHeaders]
insecure = true
trustedIPs = ["foobar", "foobar"]entryPoints:
EntryPoint0:
address: ":8888"
transport:
lifeCycle:
requestAcceptGraceTimeout: 42
graceTimeOut: 42
respondingTimeouts:
readTimeout: 42
writeTimeout: 42
idleTimeout: 42
proxyProtocol:
insecure: true
trustedIPs:
- "foobar"
- "foobar"
forwardedHeaders:
insecure: true
trustedIPs:
- "foobar"
- "foobar"--entryPoints.EntryPoint0.address=:8888
--entryPoints.EntryPoint0.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.EntryPoint0.transport.lifeCycle.graceTimeOut=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.readTimeout=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.writeTimeout=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.idleTimeout=42
--entryPoints.EntryPoint0.proxyProtocol.insecure=true
--entryPoints.EntryPoint0.proxyProtocol.trustedIPs=foobar,foobar
--entryPoints.EntryPoint0.forwardedHeaders.insecure=true
--entryPoints.EntryPoint0.forwardedHeaders.trustedIPs=foobar,foobarProxyProtocol¶
Traefik 支持 ProxyProtocol.
使用可信 IP 启用代理协议
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]entryPoints:
web:
address: ":80"
proxyProtocol
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7IPs in trustedIPs only will lead to remote client address replacement: Declare load-balancer IPs or CIDR range here.
不安全模式 - 仅测试环境
In a test environments, you can configure Traefik to trust every incoming connection.
Doing so, every remote client address will be replaced (trustedIPs won't have any effect)
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.proxyProtocol]
insecure = trueentryPoints:
web:
address: ":80"
proxyProtocol:
insecure: true--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure将 Traefik 排在另一个负载均衡器后面
将Traefik排在另一个负载均衡器后面时,请确保双方都配置代理协议。不这样做可能会在您的系统中引入安全风险(启用请求伪造)。
Forwarded Header¶
您可以将 Traefik 配置为信任转发的 Header 信息(X-Forwarded-*)
信任来自特定 IP 的转发 Header
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
trustedIPs = ["127.0.0.1/32", "192.168.1.7"]entryPoints:
web:
address: ":80"
forwardedHeaders
trustedIPs:
- "127.0.0.1/32"
- "192.168.1.7"--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7不安全模式 - 始终信任转发 Header
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web.forwardedHeaders]
insecure = trueentryPoints:
web:
address: ":80"
forwardedHeaders:
insecure: true--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure