• Overview
    • Clear Responsibilities
    • Example with a File Provider

    Overview

    What's Happening to the Requests?

    Let's zoom in on Traefik's architecture and talk about the components that enable the routes to be created.

    First, when you start Traefik, you define entrypoints (in their most basic forms, they are port numbers).Then, connected to these entrypoints, routers analyze the incoming requests to see if they match a set of rules.If they do, the router might transform the request using pieces of middleware before forwarding them to your services.

    Architecture

    Clear Responsibilities

    • Providers discover the services that live on your infrastructure (their IP, health, …)
    • Entrypoints listen for incoming traffic (ports, …)
    • Routers analyse the requests (host, path, headers, SSL, …)
    • Services forward the request to your services (load balancing, …)
    • Middlewares may update the request or make decisions based on the request (authentication, rate limiting, headers, …)

    Example with a File Provider

    Below is an example of a full configuration file for the file provider that forwards http://domain/whoami/ requests to a service reachable on http://private/whoami-service/.In the process, Traefik will make sure that the user is authenticated (using the BasicAuth middleware).

    Static configuration:

    1. [entryPoints]
    2.   [entryPoints.web]
    3.     # Listen on port 8081 for incoming requests
    4.     address = ":8081"
    6. [providers]
    7.   # Enable the file provider to define routers / middlewares / services in a file
    8.   [providers.file]
    9.     filename = "dynamic_conf.toml"
    1. entryPoints:
    2.   web:
    3.     # Listen on port 8081 for incoming requests
    4.     address: :8081
    6. providers:
    7.   # Enable the file provider to define routers / middlewares / services in a file
    8.   file:
    9.     filename: dynamic_conf.yml
    1. # Listen on port 8081 for incoming requests
    2. --entryPoints.web.address=:8081
    4. # Enable the file provider to define routers / middlewares / services in a file
    5. --providers.file.filename=dynamic_conf.toml

    Dynamic configuration:

    1. # http routing section
    2. [http]
    3.   [http.routers]
    4.      # Define a connection between requests and services
    5.      [http.routers.to-whoami]
    6.       rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
    7.       # If the rule matches, applies the middleware
    8.       middlewares = ["test-user"]
    9.       # If the rule matches, forward to the whoami service (declared below)
    10.       service = "whoami"
    12.   [http.middlewares]
    13.     # Define an authentication mechanism
    14.     [http.middlewares.test-user.basicAuth]
    15.       users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
    17.   [http.services]
    18.     # Define how to reach an existing service on our infrastructure
    19.     [http.services.whoami.loadBalancer]
    20.       [[http.services.whoami.loadBalancer.servers]]
    21.         url = "http://private/whoami-service"
    1. # http routing section
    2. http:
    3.   routers:
    4.     # Define a connection between requests and services
    5.     to-whoami:
    6.       rule: "Host(`domain`) && PathPrefix(`/whoami/`)"
    7.        # If the rule matches, applies the middleware
    8.       middlewares:
    9.       - test-user
    10.       # If the rule matches, forward to the whoami service (declared below)
    11.       service: whoami
    13.   middlewares:
    14.     # Define an authentication mechanism
    15.     test-user:
    16.       basicAuth:
    17.         users:
    18.         - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
    20.   services:
    21.     # Define how to reach an existing service on our infrastructure
    22.     whoami:
    23.       loadBalancer:
    24.         servers:
    25.         - url: http://private/whoami-service

    The File Provider

    In this example, we use the file provider.Even if it is one of the least magical way of configuring Traefik, it explicitly describes every available notion.

    HTTP / TCP

    In this example, we've defined routing rules for http requests only.Traefik also supports TCP requests. To add TCP routers and TCP services, declare them in a TCP section like in the following.Adding a TCP route for TLS requests on whoami.traefik.ioStatic configuration:

    1. [entryPoints]
    2.   [entryPoints.web]
    3.     # Listen on port 8081 for incoming requests
    4.     address = ":8081"
    6. [providers]
    7.   # Enable the file provider to define routers / middlewares / services in a file
    8.   [providers.file]
    9.     filename = "dynamic_conf.toml"
    1. entryPoints:
    2.   web:
    3.     # Listen on port 8081 for incoming requests
    4.     address: :8081
    5. providers:
    6.   # Enable the file provider to define routers / middlewares / services in a file
    7.   file:
    8.     filename: dynamic_conf.yml
    1. # Listen on port 8081 for incoming requests
    2. --entryPoints.web.address=":8081"
    4. # Enable the file provider to define routers / middlewares / services in a file
    5. --providers.file.filename=dynamic_conf.toml

    Dynamic configuration:

    1. # http routing section
    2. [http]
    3.   [http.routers]
    4.     # Define a connection between requests and services
    5.     [http.routers.to-whoami]
    6.       rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
    7.       # If the rule matches, applies the middleware
    8.       middlewares = ["test-user"]
    9.       # If the rule matches, forward to the whoami service (declared below)
    10.       service = "whoami"
    12.   [http.middlewares]
    13.      # Define an authentication mechanism
    14.      [http.middlewares.test-user.basicAuth]
    15.        users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"]
    17.   [http.services]
    18.      # Define how to reach an existing service on our infrastructure
    19.      [http.services.whoami.loadBalancer]
    20.        [[http.services.whoami.loadBalancer.servers]]
    21.          url = "http://private/whoami-service"
    23. [tcp]
    24.   [tcp.routers]
    25.     [tcp.routers.to-whoami-tcp]
    26.       rule = "HostSNI(`whoami-tcp.traefik.io`)"
    27.       service = "whoami-tcp"
    28.       [tcp.routers.to-whoami-tcp.tls]
    30.   [tcp.services]
    31.     [tcp.services.whoami-tcp.loadBalancer]
    32.       [[tcp.services.whoami-tcp.loadBalancer.servers]]
    33.         address = "xx.xx.xx.xx:xx"
    1. # http routing section
    2. http:
    4.   routers:
    5.     # Define a connection between requests and services
    6.     to-whoami:
    7.       rule: Host(`domain`) && PathPrefix(`/whoami/`)
    8.       # If the rule matches, applies the middleware
    9.       middlewares:
    10.       - test-user
    11.       # If the rule matches, forward to the whoami service (declared below)
    12.       service: whoami
    14.   middlewares:
    15.     # Define an authentication mechanism
    16.     test-user:
    17.       basicAuth:
    18.         users:
    19.         - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
    21.   services:
    22.     # Define how to reach an existing service on our infrastructure
    23.     whoami:
    24.       loadBalancer:
    25.         servers:
    26.         - url: http://private/whoami-service
    27. tcp:
    29.   routers:
    30.     to-whoami-tcp:
    31.       service: whoami-tcp
    32.       rule: HostSNI(`whoami-tcp.traefik.io`)
    34.   services:
    35.     whoami-tcp:
    36.       loadBalancer:
    37.         servers:
    38.         - address: xx.xx.xx.xx:xx