cybercyst/traefik
1
0
Fork 0
mirror of https://github.com/traefik/traefik.git synced 2025-05-05 15:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
traefik/docs/content/reference/routing-configuration/other-providers/ecs.md
Sheddy b7170df2c3
New Routing Reference Documentation
2025-03-10 15:28:06 +01:00

18 KiB
Raw Blame History

title description
Traefik ECS Documentation AWS ECS is a provider for routing and load balancing in Traefik Proxy. Read the technical documentation to get started.

Traefik & ECS

One of the best feature of Traefik is to delegate the routing configuration to the application level. With ECS, Traefik can leverage labels attached to a container to generate routing rules.

!!! warning "Labels & sensitive data"

We recommend to *not* use labels to store sensitive data (certificates, credentials, etc).
Instead, we recommend to store sensitive data in a safer storage (secrets, file, etc).

Routing Configurationred

!!! info "labels"

Labels are case-insensitive.

!!! tip "TLS Default Generated Certificates"

To learn how to configure Traefik default generated certificate, refer to the [TLS Certificates](../http/tls/tls-certificates.md#acme-default-certificate) page.

General

Traefik creates, for each elastic service, a corresponding service and router.

The Service automatically gets a server per elastic container, and the router gets a default rule attached to it, based on the service name.

Routers

To update the configuration of the Router automatically attached to the service, add labels starting with traefik.routers.{name-of-your-choice}. and followed by the option you want to change.

For example, to change the rule, you could add the label traefik.http.routers.my-service.rule=Host(`example.com`).

!!! warning "The character @ is not authorized in the router name <router_name>."

??? info "traefik.http.routers.<router_name>.rule"

See [rule](../http/router/rules-and-priority.md#rules) for more information.

```yaml
traefik.http.routers.myrouter.rule=Host(`example.com`)
```

??? info "traefik.http.routers.<router_name>.ruleSyntax"

See [ruleSyntax](../http/router/rules-and-priority.md#rulesyntax) for more information.

```yaml
traefik.http.routers.myrouter.ruleSyntax=v3
```

??? info "traefik.http.routers.<router_name>.entrypoints"

See [entry points](../../install-configuration/entrypoints.md) for more information.

```yaml
traefik.http.routers.myrouter.entrypoints=web,websecure
```

??? info "traefik.http.routers.<router_name>.middlewares"

See [middlewares overview](../http/middlewares/overview.md) for more information.

```yaml
traefik.http.routers.myrouter.middlewares=auth,prefix,cb
```

??? info "traefik.http.routers.<router_name>.service"

See [service](../http/load-balancing/service.md) for more information.

```yaml
traefik.http.routers.myrouter.service=myservice
```

??? info "traefik.http.routers.<router_name>.tls"

See [tls](../http/tls/overview.md) for more information.

```yaml
traefik.http.routers.myrouter.tls=true
```

??? info "traefik.http.routers.<router_name>.tls.certresolver"

See [certResolver](../../install-configuration/tls/certificate-resolvers/overview.md) for more information.

```yaml
traefik.http.routers.myrouter.tls.certresolver=myresolver
```

??? info "traefik.http.routers.<router_name>.tls.domains[n].main"

See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information.

```yaml
traefik.http.routers.myrouter.tls.domains[0].main=example.org
```

??? info "traefik.http.routers.<router_name>.tls.domains[n].sans"

See [domains](../../install-configuration/tls/certificate-resolvers/acme.md#domain-definition) for more information.

```yaml
traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org
```

??? info "traefik.http.routers.<router_name>.tls.options"

```yaml
traefik.http.routers.myrouter.tls.options=foobar
```

??? info "traefik.http.routers.<router_name>.observability.accesslogs"

The accessLogs option controls whether the router will produce access-logs.

```yaml
 "traefik.http.routers.myrouter.observability.accesslogs=true"
```

??? info "traefik.http.routers.<router_name>.observability.metrics"

The metrics option controls whether the router will produce metrics.

```yaml
 "traefik.http.routers.myrouter.observability.metrics=true"
```

??? info "traefik.http.routers.<router_name>.observability.tracing"

The tracing option controls whether the router will produce traces.

```yaml
 "traefik.http.routers.myrouter.observability.tracing=true"
```

??? info "traefik.http.routers.<router_name>.priority"

See [priority](../http/router/rules-and-priority.md#priority-calculation) for more information.

```yaml
traefik.http.routers.myrouter.priority=42
```

Services

To update the configuration of the Service automatically attached to the service, add labels starting with traefik.http.services.{name-of-your-choice}., followed by the option you want to change.

For example, to change the passHostHeader behavior, you'd add the label traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false.

!!! warning "The character @ is not authorized in the service name <service_name>."

??? info "traefik.http.services.<service_name>.loadbalancer.server.port"

Registers a port.
Useful when the service exposes multiples ports.

```yaml
traefik.http.services.myservice.loadbalancer.server.port=8080
```

??? info "traefik.http.services.<service_name>.loadbalancer.server.scheme"

Overrides the default scheme.

```yaml
traefik.http.services.myservice.loadbalancer.server.scheme=http
```

??? info "traefik.http.services.<service_name>.loadbalancer.serverstransport"

Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.
See [serverstransport](../http/load-balancing/serverstransport.md) for more information.

```yaml
traefik.http.services.<service_name>.loadbalancer.serverstransport=foobar@file
```

??? info "traefik.http.services.<service_name>.loadbalancer.passhostheader"

```yaml
traefik.http.services.myservice.loadbalancer.passhostheader=true
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.headers.<header_name>"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.headers.X-Foo=foobar
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.hostname"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.interval"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.path"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.method"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.method=foobar
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.status"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.status=42
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.port"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.port=42
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.scheme"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.scheme=http
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.timeout"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10
```

??? info "traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects"

See [health check](../http/load-balancing/service.md#health-check) for more information.

```yaml
traefik.http.services.myservice.loadbalancer.healthcheck.followredirects=true
```

??? info "traefik.http.services.<service_name>.loadbalancer.sticky.cookie"

```yaml
traefik.http.services.myservice.loadbalancer.sticky.cookie=true
```

??? info "traefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly"

```yaml
traefik.http.services.myservice.loadbalancer.sticky.cookie.httponly=true
```

??? info "traefik.http.services.<service_name>.loadbalancer.sticky.cookie.name"

```yaml
traefik.http.services.myservice.loadbalancer.sticky.cookie.name=foobar
```

??? info "traefik.http.services.<service_name>.loadbalancer.sticky.cookie.path"

```yaml
 "traefik.http.services.myservice.loadbalancer.sticky.cookie.path=/foobar"
```

??? info "traefik.http.services.<service_name>.loadbalancer.sticky.cookie.secure"

```yaml
traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true
```

??? info "traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite"

```yaml
traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none
```

??? info "traefik.http.services.<service_name>.loadbalancer.sticky.cookie.maxage"

```yaml
traefik.http.services.myservice.loadbalancer.sticky.cookie.maxage=42
```

??? info "traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval"

`FlushInterval` specifies the flush interval to flush to the client while copying the response body.

```yaml
traefik.http.services.myservice.loadbalancer.responseforwarding.flushinterval=10
```

Middleware

You can declare pieces of middleware using labels starting with traefik.http.middlewares.{name-of-your-choice}., followed by the middleware type/options.

For example, to declare a middleware redirectscheme named my-redirect, you'd write traefik.http.middlewares.my-redirect.redirectscheme.scheme: https.

More information about available middlewares in the dedicated middlewares section.

!!! warning "The character @ is not authorized in the middleware name."

??? example "Declaring and Referencing a Middleware"

```yaml
# ...
# Declaring a middleware
traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
# Referencing a middleware
traefik.http.routers.my-service.middlewares=my-redirect
```

!!! warning "Conflicts in Declaration"

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

TCP

You can declare TCP Routers and/or Services using labels.

??? example "Declaring TCP Routers and Services"

```yaml
traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
traefik.tcp.routers.my-router.tls=true
traefik.tcp.services.my-service.loadbalancer.server.port=4123
```

!!! warning "TCP and HTTP"

If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
You can declare both a TCP Router/Service and an HTTP Router/Service for the same elastic service (but you have to do so manually).

TCP Routers

??? info "traefik.tcp.routers.<router_name>.entrypoints"

See [entry points](../../install-configuration/entrypoints.md) for more information.

```yaml
traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2
```

??? info "traefik.tcp.routers.<router_name>.rule"

See [entry points](../../install-configuration/entrypoints.md) for more information.

```yaml
traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)
```

??? info "traefik.tcp.routers.<router_name>.ruleSyntax"

configure the rule syntax to be used for parsing the rule on a per-router basis.

```yaml
traefik.tcp.routers.mytcprouter.ruleSyntax=v3
```

??? info "traefik.tcp.routers.<router_name>.service"

See [service](../tcp/service.md) for more information.

```yaml
traefik.tcp.routers.mytcprouter.service=myservice
```

??? info "traefik.tcp.routers.<router_name>.tls"

See [TLS](../tcp/tls.md) for more information.

```yaml
traefik.tcp.routers.mytcprouter.tls=true
```

??? info "traefik.tcp.routers.<router_name>.tls.certresolver"

See [certResolver](../tcp/tls.md#configuration-options) for more information.

```yaml
traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver
```

??? info "traefik.tcp.routers.<router_name>.tls.domains[n].main"

See [TLS](../tcp/tls.md) for more information.

```yaml
traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org
```

??? info "traefik.tcp.routers.<router_name>.tls.domains[n].sans"

See [TLS](../tcp/tls.md) for more information.

```yaml
traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org
```

??? info "traefik.tcp.routers.<router_name>.tls.options"

See [TLS](../tcp/tls.md) for more information.

```yaml
traefik.tcp.routers.mytcprouter.tls.options=mysoptions
```

??? info "traefik.tcp.routers.<router_name>.tls.passthrough"

See [Passthrough](../tcp/tls.md#passthrough) for more information.

```yaml
traefik.tcp.routers.mytcprouter.tls.passthrough=true
```

??? info "traefik.tcp.routers.<router_name>.priority"

See [priority](../tcp/router/rules-and-priority.md#priority) for more information.

```yaml
traefik.tcp.routers.mytcprouter.priority=42
```

TCP Services

??? info "traefik.tcp.services.<service_name>.loadbalancer.server.port"

Registers a port of the application.

```yaml
traefik.tcp.services.mytcpservice.loadbalancer.server.port=423
```

??? info "traefik.tcp.services.<service_name>.loadbalancer.server.tls"

Determines whether to use TLS when dialing with the backend.

```yaml
traefik.tcp.services.mytcpservice.loadbalancer.server.tls=true
```

??? info "traefik.http.services.<service_name>.loadbalancer.server.weight"

Overrides the default weight.

```yaml
traefik.http.services.myservice.loadbalancer.server.weight=42
```

??? info "traefik.tcp.services.<service_name>.loadbalancer.proxyprotocol.version"

See [PROXY protocol](../tcp/service.md#proxy-protocol) for more information.

```yaml
traefik.tcp.services.mytcpservice.loadbalancer.proxyprotocol.version=1
```

??? info "traefik.tcp.services.<service_name>.loadbalancer.serverstransport"

Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one.
See [serverstransport](../tcp/serverstransport.md) for more information.

```yaml
traefik.tcp.services.<service_name>.loadbalancer.serverstransport=foobar@file
```

UDP

You can declare UDP Routers and/or Services using tags.

??? example "Declaring UDP Routers and Services"

```yaml
traefik.udp.routers.my-router.entrypoints=udp
traefik.udp.services.my-service.loadbalancer.server.port=4123
```

!!! warning "UDP and HTTP"

If you declare a UDP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no UDP Router/Service is defined).
You can declare both a UDP Router/Service and an HTTP Router/Service for the same elastic service (but you have to do so manually).

TCP Middleware

You can declare pieces of middleware using tags starting with traefik.tcp.middlewares.{name-of-your-choice}., followed by the middleware type/options.

For example, to declare a middleware InFlightConn named test-inflightconn, you'd write traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10.

More information about available middlewares in the dedicated middlewares section.

??? example "Declaring and Referencing a Middleware"

```yaml
# ...
# Declaring a middleware
traefik.tcp.middlewares.test-inflightconn.amount=10
# Referencing a middleware
traefik.tcp.routers.my-service.middlewares=test-inflightconn
```

!!! warning "Conflicts in Declaration"

If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.

UDP Routers

??? info "traefik.udp.routers.<router_name>.entrypoints"

See [entry points](../../install-configuration/entrypoints.md) for more information.

```yaml
traefik.udp.routers.myudprouter.entrypoints=ep1,ep2
```

??? info "traefik.udp.routers.<router_name>.service"

See [service](../udp/service.md) for more information.

```yaml
traefik.udp.routers.myudprouter.service=myservice
```

UDP Services

??? info "traefik.udp.services.<service_name>.loadbalancer.server.port"

Registers a port of the application.

```yaml
traefik.udp.services.myudpservice.loadbalancer.server.port=423
```

Specific Provider Options

traefik.enable

traefik.enable=true

You can tell Traefik to consider (or not) the ECS service by setting traefik.enable to true or false.

This option overrides the value of exposedByDefault.