我的书签
添加书签
移除书签Services
The Services are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
Declaring an HTTP Service with Two Servers — Using the
YAML
TOML
## Dynamic configuration[http.services][http.services.my-service.loadBalancer][[http.services.my-service.loadBalancer.servers]]url = "http://<private-ip-server-1>:<private-port-server-1>/"[[http.services.my-service.loadBalancer.servers]]url = "http://<private-ip-server-2>:<private-port-server-2>/"
Declaring a TCP Service with Two Servers — Using the File Provider
YAML
tcp:services:my-service:loadBalancer:servers:- address: "<private-ip-server-1>:<private-port-server-1>"- address: "<private-ip-server-2>:<private-port-server-2>"
TOML
## Dynamic configuration[tcp.services][tcp.services.my-service.loadBalancer][[tcp.services.my-service.loadBalancer.servers]]address = "<private-ip-server-1>:<private-port-server-1>"[[tcp.services.my-service.loadBalancer.servers]]address = "<private-ip-server-2>:<private-port-server-2>"
Declaring a UDP Service with Two Servers — Using the
YAML
udp:services:my-service:loadBalancer:servers:- address: "<private-ip-server-1>:<private-port-server-1>"- address: "<private-ip-server-2>:<private-port-server-2>"
TOML
## Dynamic configuration[udp.services][udp.services.my-service.loadBalancer][[udp.services.my-service.loadBalancer.servers]]address = "<private-ip-server-1>:<private-port-server-1>"[[udp.services.my-service.loadBalancer.servers]]address = "<private-ip-server-2>:<private-port-server-2>"
The load balancers are able to load balance the requests between multiple instances of your programs.
Each service has a load-balancer, even if there is only one server to forward traffic to.
Declaring a Service with Two Servers (with Load Balancing) — Using the File Provider
YAML
http:services:my-service:loadBalancer:servers:- url: "http://private-ip-server-1/"- url: "http://private-ip-server-2/"
TOML
## Dynamic configuration[http.services][http.services.my-service.loadBalancer][[http.services.my-service.loadBalancer.servers]]url = "http://private-ip-server-1/"[[http.services.my-service.loadBalancer.servers]]url = "http://private-ip-server-2/"
Servers
Servers declare a single instance of your program. The url option point to a specific instance.
Paths in the servers’ url have no effect. If you want the requests to be sent to a specific path on your servers, configure your routers to use a corresponding (e.g. the AddPrefix or ) middlewares.
A Service with One Server — Using the File Provider
YAML
## Dynamic configurationhttp:services:my-service:loadBalancer:servers:- url: "http://private-ip-server-1/"
TOML
## Dynamic configuration[http.services][http.services.my-service.loadBalancer][[http.services.my-service.loadBalancer.servers]]url = "http://private-ip-server-1/"
Load-balancing
For now, only round robin load balancing is supported:
Load Balancing — Using the File Provider
YAML
## Dynamic configurationhttp:services:my-service:loadBalancer:servers:- url: "http://private-ip-server-1/"- url: "http://private-ip-server-2/"
TOML
## Dynamic configuration[http.services][http.services.my-service.loadBalancer][[http.services.my-service.loadBalancer.servers]]url = "http://private-ip-server-1/"[[http.services.my-service.loadBalancer.servers]]url = "http://private-ip-server-2/"
Sticky sessions
When sticky sessions are enabled, a Set-Cookie header is set on the initial response to let the client know which server handles the first response. On subsequent requests, to keep the session alive with the same server, the client should send the cookie with the value set.
Stickiness on multiple levels
When chaining or mixing load-balancers (e.g. a load-balancer of servers is one of the “children” of a load-balancer of services), for stickiness to work all the way, the option needs to be specified at all required levels. Which means the client needs to send a cookie with as many key/value pairs as there are sticky levels.
Stickiness & Unhealthy Servers
If the server specified in the cookie becomes unhealthy, the request will be forwarded to a new server (and the cookie will keep track of the new server).
Cookie Name
The default cookie name is an abbreviation of a sha1 (ex: _1d52e).
Secure & HTTPOnly & SameSite flags
By default, the affinity cookie is created without those flags. One however can change that through configuration.
SameSite can be none, lax, strict or empty.
Adding Stickiness — Using the File Provider
YAML
## Dynamic configurationhttp:services:my-service:loadBalancer:sticky:cookie: {}
TOML
## Dynamic configuration[http.services][http.services.my-service][http.services.my-service.loadBalancer.sticky.cookie]
Adding Stickiness with custom Options — Using the
YAML
## Dynamic configurationhttp:services:my-service:loadBalancer:sticky:cookie:name: my_sticky_cookie_namesecure: truehttpOnly: true
TOML
## Dynamic configuration[http.services][http.services.my-service][http.services.my-service.loadBalancer.sticky.cookie]name = "my_sticky_cookie_name"secure = truehttpOnly = truesameSite = "none"
Setting Stickiness on all the required levels — Using the File Provider
YAML
## Dynamic configurationhttp:services:wrr1:weighted:sticky:cookie:name: lvl1services:- name: whoami1weight: 1- name: whoami2weight: 1whoami1:loadBalancer:sticky:cookie:name: lvl2servers:- url: http://127.0.0.1:8081- url: http://127.0.0.1:8082whoami2:loadBalancer:sticky:cookie:name: lvl2servers:- url: http://127.0.0.1:8083- url: http://127.0.0.1:8084
TOML
## Dynamic configuration[http.services][http.services.wrr1][http.services.wrr1.weighted.sticky.cookie]name = "lvl1"[[http.services.wrr1.weighted.services]]name = "whoami1"weight = 1[[http.services.wrr1.weighted.services]]name = "whoami2"weight = 1[http.services.whoami1][http.services.whoami1.loadBalancer][http.services.whoami1.loadBalancer.sticky.cookie]name = "lvl2"[[http.services.whoami1.loadBalancer.servers]]url = "http://127.0.0.1:8081"[[http.services.whoami1.loadBalancer.servers]]url = "http://127.0.0.1:8082"[http.services.whoami2][http.services.whoami2.loadBalancer][http.services.whoami2.loadBalancer.sticky.cookie]name = "lvl2"[[http.services.whoami2.loadBalancer.servers]]url = "http://127.0.0.1:8083"[[http.services.whoami2.loadBalancer.servers]]url = "http://127.0.0.1:8084"
To keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:
curl -b "lvl1=whoami1; lvl2=http://127.0.0.1:8081" http://localhost:8000
Health Check
Configure health check to remove unhealthy servers from the load balancing rotation. Traefik will consider your servers healthy as long as they return status codes between 2XX and 3XX to the health check requests (carried out every interval).
To propagate status changes (e.g. all servers of this service are down) upwards, HealthCheck must also be enabled on the parent(s) of this service.
Below are the available options for the health check mechanism:
path(required), defines the server URL path for the health check endpoint .scheme(optional), replaces the server URLschemefor the health check endpoint.hostname(optional), sets the value ofhostnamein theHostheader of the health check request.port(optional), replaces the server URLportfor the health check endpoint.interval(default: 30s), defines the frequency of the health check calls.timeout(default: 5s), defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.headers(optional), defines custom headers to be sent to the health check endpoint.followRedirects(default: true), defines whether redirects should be followed during the health check calls.method(default: GET), defines the HTTP method that will be used while connecting to the endpoint.
Interval & Timeout Format
Interval and timeout are to be given in a format understood by time.ParseDuration. The interval must be greater than the timeout. If configuration doesn’t reflect this, the interval will be set to timeout + 1 second.
Recovering Servers
Traefik keeps monitoring the health of unhealthy servers. If a server has recovered (returning 2xx -> 3xx responses again), it will be added back to the load balancer rotation pool.
Health check with Kubernetes
Kubernetes has an health check mechanism to remove unhealthy pods from Kubernetes services (cf ). As unhealthy pods have no Kubernetes endpoints, Traefik will not forward traffic to them. Therefore, Traefik health check is not available for kubernetesCRD and kubernetesIngress providers.
Custom Interval & Timeout — Using the File Provider
YAML
## Dynamic configurationhttp:services:Service-1:loadBalancer:healthCheck:path: /healthinterval: "10s"timeout: "3s"
TOML
## Dynamic configuration[http.services][http.services.Service-1][http.services.Service-1.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"
Custom Port — Using the
YAML
## Dynamic configurationhttp:services:Service-1:loadBalancer:healthCheck:path: /healthport: 8080
TOML
## Dynamic configuration[http.services][http.services.Service-1][http.services.Service-1.loadBalancer.healthCheck]path = "/health"port = 8080
Custom Scheme — Using the File Provider
YAML
## Dynamic configurationhttp:services:Service-1:loadBalancer:healthCheck:path: /healthscheme: http
TOML
## Dynamic configuration[http.services][http.services.Service-1][http.services.Service-1.loadBalancer.healthCheck]path = "/health"scheme = "http"
Additional HTTP Headers — Using the
YAML
## Dynamic configurationhttp:services:Service-1:loadBalancer:healthCheck:path: /healthheaders:My-Custom-Header: fooMy-Header: bar
TOML
## Dynamic configuration[http.services][http.services.Service-1][http.services.Service-1.loadBalancer.healthCheck]path = "/health"[http.services.Service-1.loadBalancer.healthCheck.headers]My-Custom-Header = "foo"My-Header = "bar"
Pass Host Header
The passHostHeader allows to forward client Host header to server.
By default, passHostHeader is true.
Don’t forward the host header — Using the
YAML
## Dynamic configurationhttp:services:Service01:loadBalancer:passHostHeader: false
TOML
## Dynamic configuration[http.services][http.services.Service01][http.services.Service01.loadBalancer]passHostHeader = false
ServersTransport
serversTransport allows to reference a configuration for the communication between Traefik and your servers.
Specify a transport — Using the File Provider
YAML
## Dynamic configurationhttp:services:Service01:loadBalancer:serversTransport: mytransport
## Dynamic configuration[http.services][http.services.Service01][http.services.Service01.loadBalancer]serversTransport = "mytransport"
Info
If no serversTransport is specified, the [[email protected]](https://doc.traefik.io/cdn-cgi/l/email-protection) will be used. The [[email protected]](https://doc.traefik.io/cdn-cgi/l/email-protection) serversTransport is created from the .
Response Forwarding
This section is about configuring how Traefik forwards the response from the backend server to the client.
Below are the available options for the Response Forwarding mechanism:
FlushIntervalspecifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100. A negative value means to flush immediately after each write to the client. The FlushInterval is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately.
Using a custom FlushInterval — Using the
YAML
## Dynamic configurationhttp:services:Service-1:loadBalancer:responseForwarding:flushInterval: 1s
TOML
ServersTransport
ServersTransport allows to configure the transport between Traefik and your servers.
ServerName
Optional
serverName configure the server name that will be used for SNI.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:serverName: "myhost"
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport]
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:serverName: "test"
Certificates
Optional
certificates is the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS.
File (YAML)
## Dynamic configurationhttp:mytransport:certificates:- certFile: foo.crtkeyFile: bar.crt
File (TOML)
## Dynamic configuration[[http.serversTransports.mytransport.certificates]]certFile = "foo.crt"keyFile = "bar.crt"
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:certificatesSecrets:- mycert---apiVersion: v1kind: Secretmetadata:name: mycertdata:tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
insecureSkipVerify
Optional
insecureSkipVerify controls whether the server’s certificate chain and host name is verified.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:insecureSkipVerify: true
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport]insecureSkipVerify = true
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:insecureSkipVerify: true
rootCAs
Optional
rootCAs defines the set of root certificate authorities (as file paths, or data bytes) to use when verifying server certificates.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:rootCAs:- foo.crt- bar.crt
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport]rootCAs = ["foo.crt", "bar.crt"]
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:rootCAsSecrets:- myca---apiVersion: v1kind: Secretmetadata:name: mycadata:ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
maxIdleConnsPerHost
Optional, Default=2
If non-zero, maxIdleConnsPerHost controls the maximum idle (keep-alive) connections to keep per-host.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:maxIdleConnsPerHost: 7
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport]maxIdleConnsPerHost = 7
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:maxIdleConnsPerHost: 7
disableHTTP2
Optional, Default=false
disableHTTP2 disables HTTP/2 for connections with servers.
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport]disableHTTP2 = true
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:disableHTTP2: true
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:disableHTTP2: true
peerCertURI
Optional, Default=false
peerCertURI defines the URI used to match against SAN URIs during the server’s certificate verification.
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport]peerCertURI = "foobar"
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:peerCertURI: foobar
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:peerCertURI: foobar
forwardingTimeouts
forwardingTimeouts are the timeouts applied when forwarding requests to the servers.
forwardingTimeouts.dialTimeout
Optional, Default=30s
dialTimeout is the maximum duration allowed for a connection to a backend server to be established. Zero means no timeout.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:forwardingTimeouts:dialTimeout: "1s"
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport.forwardingTimeouts]dialTimeout = "1s"
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:forwardingTimeouts:dialTimeout: "1s"
forwardingTimeouts.responseHeaderTimeout
Optional, Default=0s
responseHeaderTimeout, if non-zero, specifies the amount of time to wait for a server’s response headers after fully writing the request (including its body, if any). This time does not include the time to read the response body. Zero means no timeout.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:forwardingTimeouts:responseHeaderTimeout: "1s"
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport.forwardingTimeouts]responseHeaderTimeout = "1s"
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:forwardingTimeouts:responseHeaderTimeout: "1s"
forwardingTimeouts.idleConnTimeout
Optional, Default=90s
idleConnTimeout is the maximum amount of time an idle (keep-alive) connection will remain idle before closing itself. Zero means no limit.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:forwardingTimeouts:idleConnTimeout: "1s"
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport.forwardingTimeouts]idleConnTimeout = "1s"
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:forwardingTimeouts:idleConnTimeout: "1s"
forwardingTimeouts.readIdleTimeout
Optional, Default=0s
readIdleTimeout is the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection. Note that a ping response will be considered a received frame, so if there is no other traffic on the connection, the health check will be performed every readIdleTimeout interval. If zero, no health check is performed.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:forwardingTimeouts:readIdleTimeout: "1s"
File (TOML)
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:forwardingTimeouts:readIdleTimeout: "1s"
forwardingTimeouts.pingTimeout
Optional, Default=15s
pingTimeout is the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.
File (YAML)
## Dynamic configurationhttp:serversTransports:mytransport:forwardingTimeouts:pingTimeout: "1s"
File (TOML)
## Dynamic configuration[http.serversTransports.mytransport.forwardingTimeouts]pingTimeout = "1s"
Kubernetes
apiVersion: traefik.io/v1alpha1kind: ServersTransportmetadata:name: mytransportnamespace: defaultspec:forwardingTimeouts:pingTimeout: "1s"
Weighted Round Robin (service)
The WRR is able to load balance the requests between multiple services based on weights.
This strategy is only available to load balance between and not between servers.
Supported Providers
This strategy can be defined currently with the or IngressRoute providers.
YAML
## Dynamic configurationhttp:services:app:weighted:services:- name: appv1weight: 3- name: appv2weight: 1appv1:loadBalancer:servers:- url: "http://private-ip-server-1/"appv2:loadBalancer:servers:- url: "http://private-ip-server-2/"
## Dynamic configuration[http.services][http.services.app][[http.services.app.weighted.services]]name = "appv1"weight = 3[[http.services.app.weighted.services]]name = "appv2"weight = 1[http.services.appv1][http.services.appv1.loadBalancer][[http.services.appv1.loadBalancer.servers]]url = "http://private-ip-server-1/"[http.services.appv2][http.services.appv2.loadBalancer][[http.services.appv2.loadBalancer.servers]]url = "http://private-ip-server-2/"
Health Check
HealthCheck enables automatic self-healthcheck for this service, i.e. whenever one of its children is reported as down, this service becomes aware of it, and takes it into account (i.e. it ignores the down child) when running the load-balancing algorithm. In addition, if the parent of this service also has HealthCheck enabled, this service reports to its parent any status change.
All or nothing
If HealthCheck is enabled for a given service, but any of its descendants does not have it enabled, the creation of the service will fail.
HealthCheck on Weighted services can be defined currently only with the File provider.
YAML
## Dynamic configurationhttp:services:app:weighted:healthCheck: {}services:- name: appv1weight: 3- name: appv2weight: 1appv1:loadBalancer:healthCheck:path: /statusinterval: 10stimeout: 3sservers:- url: "http://private-ip-server-1/"appv2:loadBalancer:healthCheck:path: /statusinterval: 10stimeout: 3sservers:- url: "http://private-ip-server-2/"
TOML
## Dynamic configuration[http.services][http.services.app][http.services.app.weighted.healthCheck][[http.services.app.weighted.services]]name = "appv1"weight = 3[[http.services.app.weighted.services]]name = "appv2"weight = 1[http.services.appv1][http.services.appv1.loadBalancer][http.services.appv1.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"[[http.services.appv1.loadBalancer.servers]]url = "http://private-ip-server-1/"[http.services.appv2][http.services.appv2.loadBalancer][http.services.appv2.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"[[http.services.appv2.loadBalancer.servers]]url = "http://private-ip-server-2/"
The mirroring is able to mirror requests sent to a service to other services. Please note that by default the whole request is buffered in memory while it is being mirrored. See the maxBodySize option in the example below for how to modify this behaviour.
Supported Providers
This strategy can be defined currently with the File or providers.
YAML
## Dynamic configurationhttp:services:mirrored-api:mirroring:# maxBodySize is the maximum size allowed for the body of the request.# Default value is -1, which means unlimited size.maxBodySize: 1024mirrors:- name: appv2percent: 10appv1:loadBalancer:servers:- url: "http://private-ip-server-1/"appv2:loadBalancer:servers:- url: "http://private-ip-server-2/"
TOML
## Dynamic configuration[http.services][http.services.mirrored-api][http.services.mirrored-api.mirroring]service = "appv1"# maxBodySize is the maximum size in bytes allowed for the body of the request.# If the body is larger, the request is not mirrored.# Default value is -1, which means unlimited size.maxBodySize = 1024[[http.services.mirrored-api.mirroring.mirrors]]name = "appv2"percent = 10[http.services.appv1][http.services.appv1.loadBalancer][[http.services.appv1.loadBalancer.servers]]url = "http://private-ip-server-1/"[http.services.appv2][http.services.appv2.loadBalancer][[http.services.appv2.loadBalancer.servers]]url = "http://private-ip-server-2/"
Health Check
HealthCheck enables automatic self-healthcheck for this service, i.e. if the main handler of the service becomes unreachable, the information is propagated upwards to its parent.
All or nothing
If HealthCheck is enabled for a given service, but any of its descendants does not have it enabled, the creation of the service will fail.
HealthCheck on Mirroring services can be defined currently only with the provider.
YAML
## Dynamic configurationhttp:services:mirrored-api:mirroring:healthCheck: {}service: appv1mirrors:- name: appv2percent: 10appv1:loadBalancer:healthCheck:path: /statusinterval: 10stimeout: 3sservers:- url: "http://private-ip-server-1/"appv2:loadBalancer:servers:- url: "http://private-ip-server-2/"
TOML
## Dynamic configuration[http.services][http.services.mirrored-api][http.services.mirrored-api.mirroring][http.services.mirrored-api.mirroring.healthCheck]service = "appv1"[[http.services.mirrored-api.mirroring.mirrors]]name = "appv2"percent = 10[http.services.appv1][http.services.appv1.loadBalancer][http.services.appv1.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"[[http.services.appv1.loadBalancer.servers]]url = "http://private-ip-server-1/"[http.services.appv2][http.services.appv2.loadBalancer][http.services.appv1.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"[[http.services.appv2.loadBalancer.servers]]url = "http://private-ip-server-2/"
Failover (service)
A failover service job is to forward all requests to a fallback service when the main service becomes unreachable.
Relation to HealthCheck
The failover service relies on the HealthCheck system to get notified when its main service becomes unreachable, which means HealthCheck needs to be enabled and functional on the main service. However, HealthCheck does not need to be enabled on the failover service itself for it to be functional. It is only required in order to propagate upwards the information when the failover itself becomes down (i.e. both its main and its fallback are down too).
Supported Providers
This strategy can currently only be defined with the provider.
YAML
## Dynamic configurationhttp:services:app:failover:service: mainfallback: backupmain:loadBalancer:healthCheck:path: /statusinterval: 10stimeout: 3sservers:- url: "http://private-ip-server-1/"backup:loadBalancer:servers:- url: "http://private-ip-server-2/"
TOML
## Dynamic configuration[http.services][http.services.app][http.services.app.failover]service = "main"fallback = "backup"[http.services.main][http.services.main.loadBalancer][http.services.main.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"[[http.services.main.loadBalancer.servers]]url = "http://private-ip-server-1/"[http.services.backup][http.services.backup.loadBalancer][[http.services.backup.loadBalancer.servers]]url = "http://private-ip-server-2/"
Health Check
HealthCheck enables automatic self-healthcheck for this service, i.e. if the main and the fallback services become unreachable, the information is propagated upwards to its parent.
All or nothing
If HealthCheck is enabled for a given service, but any of its descendants does not have it enabled, the creation of the service will fail.
HealthCheck on a Failover service can currently only be defined with the provider.
YAML
## Dynamic configurationhttp:services:app:failover:healthCheck: {}service: mainfallback: backupmain:loadBalancer:healthCheck:path: /statusinterval: 10stimeout: 3sservers:- url: "http://private-ip-server-1/"backup:loadBalancer:healthCheck:path: /statusinterval: 10stimeout: 3sservers:- url: "http://private-ip-server-2/"
TOML
## Dynamic configuration[http.services][http.services.app][http.services.app.failover.healthCheck][http.services.app.failover]service = "main"fallback = "backup"[http.services.main][http.services.main.loadBalancer][http.services.main.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"[[http.services.main.loadBalancer.servers]]url = "http://private-ip-server-1/"[http.services.backup][http.services.backup.loadBalancer][http.services.backup.loadBalancer.healthCheck]path = "/health"interval = "10s"timeout = "3s"[[http.services.backup.loadBalancer.servers]]url = "http://private-ip-server-2/"
General
Each of the fields of the service section represents a kind of service. Which means, that for each specified service, one of the fields, and only one, has to be enabled to define what kind of service is created. Currently, the two available kinds are LoadBalancer, and Weighted.
The servers load balancer is in charge of balancing the requests between the servers of the same service.
Declaring a Service with Two Servers — Using the
YAML
## Dynamic configurationtcp:services:my-service:loadBalancer:servers:- address: "xx.xx.xx.xx:xx"- address: "xx.xx.xx.xx:xx"
TOML
## Dynamic configuration[tcp.services][tcp.services.my-service.loadBalancer][[tcp.services.my-service.loadBalancer.servers]]address = "xx.xx.xx.xx:xx"[[tcp.services.my-service.loadBalancer.servers]]address = "xx.xx.xx.xx:xx"
Servers
Servers declare a single instance of your program. The address option (IP:Port) point to a specific instance.
A Service with One Server — Using the
YAML
## Dynamic configurationtcp:services:my-service:loadBalancer:servers:- address: "xx.xx.xx.xx:xx"
TOML
## Dynamic configuration[tcp.services][tcp.services.my-service.loadBalancer][[tcp.services.my-service.loadBalancer.servers]]address = "xx.xx.xx.xx:xx"
PROXY Protocol
Traefik supports version 1 and 2 on TCP Services. It can be enabled by setting proxyProtocol on the load balancer.
Below are the available options for the PROXY protocol:
versionspecifies the version of the protocol to be used. Either1or2.
Version
Specifying a version is optional. By default the version 2 will be used.
A Service with Proxy Protocol v1 — Using the File Provider
YAML
## Dynamic configurationtcp:services:my-service:loadBalancer:proxyProtocol:version: 1
TOML
## Dynamic configuration[tcp.services][tcp.services.my-service.loadBalancer][tcp.services.my-service.loadBalancer.proxyProtocol]version = 1
Termination Delay
As a proxy between a client and a server, it can happen that either side (e.g. client side) decides to terminate its writing capability on the connection (i.e. issuance of a FIN packet). The proxy needs to propagate that intent to the other side, and so when that happens, it also does the same on its connection with the other side (e.g. backend side).
However, if for some reason (bad implementation, or malicious intent) the other side does not eventually do the same as well, the connection would stay half-open, which would lock resources for however long.
To that end, as soon as the proxy enters this termination sequence, it sets a deadline on fully terminating the connections on both sides.
The termination delay controls that deadline. It is a duration in milliseconds, defaulting to 100. A negative value means an infinite deadline (i.e. the connection is never fully terminated by the proxy itself).
A Service with a termination delay — Using the File Provider
YAML
## Dynamic configurationtcp:services:my-service:loadBalancer:terminationDelay: 200
TOML
## Dynamic configuration[tcp.services][tcp.services.my-service.loadBalancer][[tcp.services.my-service.loadBalancer]]terminationDelay = 200
Weighted Round Robin
The Weighted Round Robin (alias WRR) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights.
This strategy is only available to load balance between services and not between .
Supported Providers
This strategy can be defined currently with the File or providers.
YAML
## Dynamic configurationtcp:services:app:weighted:services:- name: appv1weight: 3- name: appv2weight: 1appv1:loadBalancer:servers:- address: "xxx.xxx.xxx.xxx:8080"appv2:loadBalancer:servers:- address: "xxx.xxx.xxx.xxx:8080"
TOML
## Dynamic configuration[tcp.services][tcp.services.app][[tcp.services.app.weighted.services]]name = "appv1"weight = 3[[tcp.services.app.weighted.services]]name = "appv2"weight = 1[tcp.services.appv1][tcp.services.appv1.loadBalancer][[tcp.services.appv1.loadBalancer.servers]]address = "private-ip-server-1:8080/"[tcp.services.appv2][tcp.services.appv2.loadBalancer][[tcp.services.appv2.loadBalancer.servers]]address = "private-ip-server-2:8080/"
General
Each of the fields of the service section represents a kind of service. Which means, that for each specified service, one of the fields, and only one, has to be enabled to define what kind of service is created. Currently, the two available kinds are LoadBalancer, and Weighted.
The servers load balancer is in charge of balancing the requests between the servers of the same service.
Declaring a Service with Two Servers — Using the
YAML
## Dynamic configurationudp:services:my-service:loadBalancer:servers:- address: "xx.xx.xx.xx:xx"- address: "xx.xx.xx.xx:xx"
TOML
## Dynamic configuration[udp.services][udp.services.my-service.loadBalancer][[udp.services.my-service.loadBalancer.servers]]address = "xx.xx.xx.xx:xx"[[udp.services.my-service.loadBalancer.servers]]address = "xx.xx.xx.xx:xx"
Servers
The Servers field defines all the servers that are part of this load-balancing group, i.e. each address (IP:Port) on which an instance of the service’s program is deployed.
A Service with One Server — Using the
YAML
## Dynamic configurationudp:services:my-service:loadBalancer:servers:- address: "xx.xx.xx.xx:xx"
TOML
## Dynamic configuration[udp.services][udp.services.my-service.loadBalancer][[udp.services.my-service.loadBalancer.servers]]address = "xx.xx.xx.xx:xx"
Weighted Round Robin
The Weighted Round Robin (alias WRR) load-balancer of services is in charge of balancing the requests between multiple services based on provided weights.
This strategy is only available to load balance between and not between servers.
This strategy can only be defined with .
YAML
## Dynamic configurationudp:services:app:weighted:services:- name: appv1weight: 3- name: appv2weight: 1appv1:loadBalancer:servers:- address: "xxx.xxx.xxx.xxx:8080"appv2:loadBalancer:servers:- address: "xxx.xxx.xxx.xxx:8080"
TOML
Using Traefik for Business Applications?
Traefik Enterprise simplifies the discovery, security, and deployment of APIs and microservices across any environment. See it in action in this short video walkthrough.
