FAQ

    Notably, a part of the configuration is static, and can be provided by a file on startup, whereas various providers, such as the file provider, contribute dynamically all along the traefik instance lifetime to its changes.

    In addition, the configuration englobes concepts such as the EntryPoint which can be seen as a listener on the Transport Layer (TCP), as apposed to the Router which is more about the Presentation (TLS) and Application layers (HTTP). And there can be as many routers as one wishes for a given EntryPoint.

    In other words, for a given Entrypoint, at any given time the traffic seen is not bound to be just about one protocol. It could be HTTP, or otherwise. Over TLS, or not. Not to mention that dynamic configuration changes potentially make that kind of traffic vary over time.

    Therefore, in this dynamic context, the static configuration of an entryPoint does not give any hint whatsoever about how the traffic going through that is going to be routed. Or whether it’s even going to be routed at all, i.e. whether there is a Router matching the kind of traffic going through it.

    Traefik returns a 404 response code in the following situations:

    • An HTTP request reaching an EntryPoint that has no HTTP Router
    • An HTTPS request reaching an EntryPoint that has no HTTPS Router
    • A request reaching an EntryPoint that has HTTP/HTTPS Routers that cannot be matched

    From Traefik’s point of view, every time a request cannot be matched with a router the correct response code is a 404 Not found.

    In this situation, the response code is not a 503 Service Unavailable because Traefik is not able to confirm that the lack of a matching router for a request is only temporary. Traefik’s routing configuration is dynamic and aggregated from different providers, hence it’s not possible to assume at any moment that a specific route should be handled or not.

    Extract from rfc7231#section-6.6.4.

    Traefik returns a 502 response code when an error happens while contacting the upstream service.

    Traefik returns a response code when a Router has been matched but there are no servers ready to handle the request.

    This situation is encountered when a service has been explicitly configured without servers, or when a service has healthcheck enabled and all servers are unhealthy.

    Sometimes, the 404 response code doesn’t play well with other parties or services (such as CDNs).

    In these situations, you may want Traefik to always reply with a 503 response code, instead of a 404 response code.

    To achieve this behavior, a simple catchall router, with the lowest possible priority and routing to a service without servers, can handle all the requests when no other router has been matched.

    Static configuration

    Dynamic configuration

    Dedicated service

    If there is a need for a response code other than a 503 and/or a custom message, the principle of the above example above (a catchall router) still stands, but the service should be adapted to fit such a need.

    With the file provider, a configuration update is only triggered when one of the configuration files is modified.

    Which is why, when a certificate is defined by path, and the actual contents of this certificate change, a configuration update is not triggered.

    To take into account the new certificate contents, the update of the dynamic configuration must be forced. One way to achieve that, is to trigger a file notification, for example, by using the touch command on the configuration file.

    For more details, please check out the forwarded header documentation.