Skip to content

入口点

打开传入请求的连接

entryPoints

EntryPoints 是 Traefik 的网络入口点。它们定义将接收请求的端口(无论是 HTTP 还是 TCP)。

配置示例

仅限 80 端口
[entryPoints]
  [entryPoints.web]
    address = ":80"
entryPoints:
  web:
   address: ":80"
--entryPoints.web.address=:80

We define an entrypoint called web that will listen on port 80.

80 和 443
[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"
entryPoints:
  web:
    address: ":80"

  web-secure:
    address: ":443"
--entryPoints.web.address=:80
--entryPoints.web-secure.address=:443
  • Two entrypoints are defined: one called web, and the other called web-secure.
  • web listens on port 80, and web-secure on port 443.

配置

一般

EntryPoints 是静态配置的一部分。 您可以使用 toml 文件,CLI 参数或键值存储来定义它们。

有关可用选项列表,请参阅完整参考:

[entryPoints]

  [entryPoints.EntryPoint0]
    address = ":8888"
    [entryPoints.EntryPoint0.transport]
      [entryPoints.EntryPoint0.transport.lifeCycle]
        requestAcceptGraceTimeout = 42
        graceTimeOut = 42
      [entryPoints.EntryPoint0.transport.respondingTimeouts]
        readTimeout = 42
        writeTimeout = 42
        idleTimeout = 42
    [entryPoints.EntryPoint0.proxyProtocol]
      insecure = true
      trustedIPs = ["foobar", "foobar"]
    [entryPoints.EntryPoint0.forwardedHeaders]
      insecure = true
      trustedIPs = ["foobar", "foobar"]
entryPoints:
  EntryPoint0:
    address: ":8888"
    transport:
      lifeCycle:
        requestAcceptGraceTimeout: 42
        graceTimeOut: 42
      respondingTimeouts:
        readTimeout: 42
        writeTimeout: 42
        idleTimeout: 42
    proxyProtocol:
      insecure: true
      trustedIPs:
        - "foobar"
        - "foobar"
    forwardedHeaders:
      insecure: true
      trustedIPs:
        - "foobar"
        - "foobar"
--entryPoints.EntryPoint0.address=:8888
--entryPoints.EntryPoint0.transport.lifeCycle.requestAcceptGraceTimeout=42
--entryPoints.EntryPoint0.transport.lifeCycle.graceTimeOut=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.readTimeout=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.writeTimeout=42
--entryPoints.EntryPoint0.transport.respondingTimeouts.idleTimeout=42
--entryPoints.EntryPoint0.proxyProtocol.insecure=true
--entryPoints.EntryPoint0.proxyProtocol.trustedIPs=foobar,foobar
--entryPoints.EntryPoint0.forwardedHeaders.insecure=true
--entryPoints.EntryPoint0.forwardedHeaders.trustedIPs=foobar,foobar

ProxyProtocol

Traefik 支持 ProxyProtocol.

使用可信 IP 启用代理协议
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
entryPoints:
  web:
    address: ":80"
    proxyProtocol
      trustedIPs:
      - "127.0.0.1/32"
      - "192.168.1.7"
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7

IPs in trustedIPs only will lead to remote client address replacement: Declare load-balancer IPs or CIDR range here.

不安全模式 - 仅测试环境

In a test environments, you can configure Traefik to trust every incoming connection. Doing so, every remote client address will be replaced (trustedIPs won't have any effect)

[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.proxyProtocol]
      insecure = true
entryPoints:
  web:
    address: ":80"
    proxyProtocol:
      insecure: true
--entryPoints.web.address=:80
--entryPoints.web.proxyProtocol.insecure

将 Traefik 排在另一个负载均衡器后面

将Traefik排在另一个负载均衡器后面时,请确保双方都配置代理协议。不这样做可能会在您的系统中引入安全风险(启用请求伪造)。

Forwarded Header

您可以将 Traefik 配置为信任转发的 Header 信息(X-Forwarded-*

信任来自特定 IP 的转发 Header
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
      trustedIPs = ["127.0.0.1/32", "192.168.1.7"]
entryPoints:
  web:
    address: ":80"
    forwardedHeaders
      trustedIPs:
      - "127.0.0.1/32"
      - "192.168.1.7"
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7
不安全模式 - 始终信任转发 Header
[entryPoints]
  [entryPoints.web]
    address = ":80"

    [entryPoints.web.forwardedHeaders]
      insecure = true
entryPoints:
  web:
    address: ":80"
    forwardedHeaders:
      insecure: true
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure