Traefik & Consul Catalog¶
One of the best feature of Traefik is to delegate the routing configuration to the application level. With Consul Catalog, Traefik can leverage tags attached to a service to generate routing rules.
Tags & sensitive data
We recommend to not use tags to store sensitive data (certificates, credentials, etc). Instead, we recommend to store sensitive data in a safer storage (secrets, file, etc).
Routing Configuration¶
tags
Tags are case-insensitive.
TLS Default Generated Certificates
To learn how to configure Traefik default generated certificate, refer to the TLS Certificates page.
General¶
Traefik creates, for each consul Catalog service, a corresponding service and router.
The Service automatically gets a server per instance in this consul Catalog service, and the router gets a default rule attached to it, based on the service name.
Routers¶
To update the configuration of the Router automatically attached to the service, add tags starting with traefik.routers.{name-of-your-choice}. and followed by the option you want to change.
For example, to change the rule, you could add the tag traefik.http.routers.my-service.rule=Host(`example.com`).
traefik.http.routers.<router_name>.rule
See rule for more information.
traefik.http.routers.myrouter.rule=Host(`example.com`)traefik.http.routers.<router_name>.ruleSyntax
Warning
RuleSyntax option is deprecated and will be removed in the next major version. Please do not use this field and rewrite the router rules to use the v3 syntax.
See ruleSyntax for more information.
traefik.http.routers.myrouter.ruleSyntax=v3traefik.http.routers.<router_name>.priority
See priority for more information.
- "traefik.tcp.routers.mytcprouter.priority=42"traefik.http.routers.<router_name>.entrypoints
See entry points for more information.
traefik.http.routers.myrouter.entrypoints=web,websecuretraefik.http.routers.<router_name>.middlewares
See middlewares overview for more information.
traefik.http.routers.myrouter.middlewares=auth,prefix,cbtraefik.http.routers.<router_name>.service
See service for more information.
traefik.http.routers.myrouter.service=myservicetraefik.http.routers.<router_name>.tls
See tls for more information.
traefik.http.routers.myrouter.tls=truetraefik.http.routers.<router_name>.tls.certresolver
See certResolver for more information.
traefik.http.routers.myrouter.tls.certresolver=myresolvertraefik.http.routers.<router_name>.tls.domains[n].main
See domains for more information.
traefik.http.routers.myrouter.tls.domains[0].main=example.orgtraefik.http.routers.<router_name>.tls.domains[n].sans
See domains for more information.
traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.orgtraefik.http.routers.<router_name>.tls.options
traefik.http.routers.myrouter.tls.options=foobartraefik.http.routers.<router_name>.observability.accesslogs
The accessLogs option controls whether the router will produce access-logs.
 "traefik.http.routers.myrouter.observability.accesslogs=true"traefik.http.routers.<router_name>.observability.metrics
The metrics option controls whether the router will produce metrics.
 "traefik.http.routers.myrouter.observability.metrics=true"traefik.http.routers.<router_name>.observability.tracing
The tracing option controls whether the router will produce traces.
 "traefik.http.routers.myrouter.observability.tracing=true"Services¶
To update the configuration of the Service automatically attached to the service,
add tags starting with traefik.http.services.{name-of-your-choice}., followed by the option you want to change.
For example, to change the passHostHeader behavior,
you'd add the tag traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false.
traefik.http.services.<service_name>.loadbalancer.server.port
Registers a port. Useful when the service exposes multiples ports.
traefik.http.services.myservice.loadbalancer.server.port=8080traefik.http.services.<service_name>.loadbalancer.server.scheme
Overrides the default scheme.
traefik.http.services.myservice.loadbalancer.server.scheme=httptraefik.http.services.<service_name>.loadbalancer.server.weight
Overrides the default weight.
traefik.http.services.myservice.loadbalancer.server.weight=42traefik.http.services.<service_name>.loadbalancer.serverstransport
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.
traefik.http.services.myservice.loadbalancer.serverstransport=foobar@filetraefik.http.services.<service_name>.loadbalancer.passhostheader
traefik.http.services.myservice.loadbalancer.passhostheader=truetraefik.http.services.<service_name>.loadbalancer.healthcheck.headers.<header_name>
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.headers.X-Foo=foobartraefik.http.services.<service_name>.loadbalancer.healthcheck.hostname
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.orgtraefik.http.services.<service_name>.loadbalancer.healthcheck.interval
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10traefik.http.services.<service_name>.loadbalancer.healthcheck.unhealthyinterval
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.unhealthyinterval=10traefik.http.services.<service_name>.loadbalancer.healthcheck.path
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.path=/footraefik.http.services.<service_name>.loadbalancer.healthcheck.method
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.method=foobartraefik.http.services.<service_name>.loadbalancer.healthcheck.status
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.status=42traefik.http.services.<service_name>.loadbalancer.healthcheck.port
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.port=42traefik.http.services.<service_name>.loadbalancer.healthcheck.scheme
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.scheme=httptraefik.http.services.<service_name>.loadbalancer.healthcheck.timeout
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.followredirects=truetraefik.http.services.<service_name>.loadbalancer.sticky.cookie
traefik.http.services.myservice.loadbalancer.sticky.cookie=truetraefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly
traefik.http.services.myservice.loadbalancer.sticky.cookie.httponly=truetraefik.http.services.<service_name>.loadbalancer.sticky.cookie.name
traefik.http.services.myservice.loadbalancer.sticky.cookie.name=foobartraefik.http.services.<service_name>.loadbalancer.sticky.cookie.path
traefik.http.services.myservice.loadbalancer.sticky.cookie.path=/foobartraefik.http.services.<service_name>.loadbalancer.sticky.cookie.secure
traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=truetraefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite
traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=nonetraefik.http.services.<service_name>.loadbalancer.sticky.cookie.maxage
traefik.http.services.myservice.loadbalancer.sticky.cookie.maxage=42traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval
traefik.http.services.myservice.loadbalancer.responseforwarding.flushinterval=10Middleware¶
You can declare pieces of middleware using tags starting with traefik.http.middlewares.{name-of-your-choice}., followed by the middleware type/options.
For example, to declare a middleware redirectscheme named my-redirect, you'd write traefik.http.middlewares.my-redirect.redirectscheme.scheme: https.
More information about available middlewares in the dedicated middlewares section.
Declaring and Referencing a Middleware
# ...
# Declaring a middleware
traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
# Referencing a middleware
traefik.http.routers.my-service.middlewares=my-redirectConflicts in Declaration
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
TCP¶
You can declare TCP Routers, Middlewares and/or Services using tags.
Declaring TCP Routers and Services
traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
traefik.tcp.routers.my-router.tls=true
traefik.tcp.services.my-service.loadbalancer.server.port=4123TCP and HTTP
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined). You can declare both a TCP Router/Service and an HTTP Router/Service for the same consul service (but you have to do so manually).
TCP Routers¶
traefik.tcp.routers.<router_name>.entrypoints
See entry points for more information.
traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2traefik.tcp.routers.<router_name>.rule
See rule for more information.
traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)traefik.tcp.routers.<router_name>.ruleSyntax
Warning
RuleSyntax option is deprecated and will be removed in the next major version. Please do not use this field and rewrite the router rules to use the v3 syntax.
configure the rule syntax to be used for parsing the rule on a per-router basis.
traefik.tcp.routers.mytcprouter.ruleSyntax=v3traefik.tcp.routers.<router_name>.priority
See priority for more information.
- "traefik.tcp.routers.mytcprouter.priority=42"traefik.tcp.routers.<router_name>.service
See service for more information.
traefik.tcp.routers.mytcprouter.service=myservicetraefik.tcp.routers.<router_name>.tls
See TLS for more information.
traefik.tcp.routers.mytcprouter.tls=truetraefik.tcp.routers.<router_name>.tls.certresolver
See certResolver for more information.
traefik.tcp.routers.mytcprouter.tls.certresolver=myresolvertraefik.tcp.routers.<router_name>.tls.domains[n].main
See TLS for more information.
traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.orgtraefik.tcp.routers.<router_name>.tls.domains[n].sans
See TLS for more information.
traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.orgtraefik.tcp.routers.<router_name>.tls.options
See TLS for more information.
traefik.tcp.routers.mytcprouter.tls.options=mysoptionstraefik.tcp.routers.<router_name>.tls.passthrough
See Passthrough for more information.
traefik.tcp.routers.mytcprouter.tls.passthrough=trueTCP Services¶
traefik.tcp.services.<service_name>.loadbalancer.server.port
Registers a port of the application.
traefik.tcp.services.mytcpservice.loadbalancer.server.port=423traefik.tcp.services.<service_name>.loadbalancer.server.tls
Determines whether to use TLS when dialing with the backend.
traefik.tcp.services.mytcpservice.loadbalancer.server.tls=truetraefik.tcp.services.<service_name>.loadbalancer.serverstransport
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.
traefik.tcp.services.mytcpservice.loadbalancer.serverstransport=foobar@fileTCP Middleware¶
You can declare pieces of middleware using tags starting with traefik.tcp.middlewares.{name-of-your-choice}., followed by the middleware type/options.
For example, to declare a middleware InFlightConn named test-inflightconn, you'd write traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10.
More information about available middlewares in the dedicated middlewares section.
Declaring and Referencing a Middleware
# ...
# Declaring a middleware
traefik.tcp.middlewares.test-inflightconn.amount=10
# Referencing a middleware
traefik.tcp.routers.my-service.middlewares=test-inflightconnConflicts in Declaration
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
UDP¶
You can declare UDP Routers and/or Services using tags.
Declaring UDP Routers and Services
traefik.udp.routers.my-router.entrypoints=udp
traefik.udp.services.my-service.loadbalancer.server.port=4123UDP and HTTP
If you declare a UDP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no UDP Router/Service is defined). You can declare both a UDP Router/Service and an HTTP Router/Service for the same consul service (but you have to do so manually).
UDP Routers¶
traefik.udp.routers.<router_name>.entrypoints
See entry points for more information.
traefik.udp.routers.myudprouter.entrypoints=ep1,ep2traefik.udp.routers.<router_name>.service
See service for more information.
traefik.udp.routers.myudprouter.service=myserviceUDP Services¶
traefik.udp.services.<service_name>.loadbalancer.server.port
Registers a port of the application.
traefik.udp.services.myudpservice.loadbalancer.server.port=423Specific Provider Options¶
traefik.enable¶
traefik.enable=trueYou can tell Traefik to consider (or not) the service by setting traefik.enable to true or false.
This option overrides the value of exposedByDefault.
traefik.consulcatalog.connect¶
traefik.consulcatalog.connect=trueYou can tell Traefik to consider (or not) the service as a Connect capable one by setting traefik.consulcatalog.connect to true or false.
This option overrides the value of connectByDefault.
traefik.consulcatalog.canary¶
traefik.consulcatalog.canary=trueWhen ConsulCatalog, in the context of a Nomad orchestrator, is a provider (of service registration) for Traefik, one might have the need to distinguish within Traefik between a Canary instance of a service, or a production one. For example if one does not want them to be part of the same load-balancer.
Therefore, this option, which is meant to be provided as one of the values of the canary_tags field in the Nomad service stanza,
allows Traefik to identify that the associated instance is a canary one.
Port Lookup¶
Traefik is capable of detecting the port to use, by following the default consul Catalog flow.
That means, if you just expose lets say port :1337 on the consul Catalog ui, traefik will pick up this port and use it.