Traefik and Nomad Service Discovery
A story of Tags, Services & Nomads
Attach tags to your Nomad services and let Traefik do the rest!
Routing Configuration
tags
- tags are case insensitive.
- The complete list of tags can be found the reference page
General
Traefik creates, for each Nomad service, a corresponding Traefik service and router.
The Traefik service automatically gets a server per instance in this Nomad service, and the router gets a default rule attached to it, based on the Nomad service name.
Routers
To update the configuration of the Router automatically attached to the service, add tags starting with traefik.routers.{name-of-your-choice}.
and followed by the option you want to change.
For example, to change the rule, you could add the tag traefik.http.routers.my-service.rule=Host(`example.com`)
.
traefik.http.routers.<router_name>.rule
See rule for more information.
traefik.http.routers.myrouter.rule=Host(`example.com`)
traefik.http.routers.<router_name>.entrypoints
See entry points for more information.
traefik.http.routers.myrouter.entrypoints=web,websecure
traefik.http.routers.<router_name>.middlewares
See middlewares and middlewares overview for more information.
traefik.http.routers.myrouter.middlewares=auth,prefix,cb
traefik.http.routers.<router_name>.service
See rule for more information.
traefik.http.routers.myrouter.service=myservice
traefik.http.routers.<router_name>.tls
See tls for more information.
traefik.http.routers.myrouter.tls=true
traefik.http.routers.<router_name>.tls.certresolver
See certResolver for more information.
traefik.http.routers.myrouter.tls.certresolver=myresolver
traefik.http.routers.<router_name>.tls.domains[n].main
See domains for more information.
traefik.http.routers.myrouter.tls.domains[0].main=example.org
traefik.http.routers.<router_name>.tls.domains[n].sans
See domains for more information.
traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org
traefik.http.routers.<router_name>.tls.options
See options for more information.
traefik.http.routers.myrouter.tls.options=foobar
traefik.http.routers.<router_name>.priority
See priority for more information.
traefik.http.routers.myrouter.priority=42
Services
To update the configuration of the Service automatically attached to the service, add tags starting with traefik.http.services.{name-of-your-choice}.
, followed by the option you want to change.
For example, to change the passHostHeader
behavior, you’d add the tag traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false
.
traefik.http.services.<service_name>.loadbalancer.server.port
Registers a port. Useful when the service exposes multiples ports.
traefik.http.services.myservice.loadbalancer.server.port=8080
traefik.http.services.<service_name>.loadbalancer.server.scheme
Overrides the default scheme.
traefik.http.services.myservice.loadbalancer.server.scheme=http
traefik.http.services.<service_name>.loadbalancer.serverstransport
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.
traefik.http.services.myservice.loadbalancer.serverstransport=foobar@file
traefik.http.services.<service_name>.loadbalancer.passhostheader
See pass Host header for more information.
traefik.http.services.myservice.loadbalancer.passhostheader=true
traefik.http.services.<service_name>.loadbalancer.healthcheck.headers.<header_name>
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.headers.X-Foo=foobar
traefik.http.services.<service_name>.loadbalancer.healthcheck.hostname
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org
traefik.http.services.<service_name>.loadbalancer.healthcheck.interval
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
traefik.http.services.<service_name>.loadbalancer.healthcheck.path
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo
traefik.http.services.<service_name>.loadbalancer.healthcheck.status
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.status=42
traefik.http.services.<service_name>.loadbalancer.healthcheck.port
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.port=42
traefik.http.services.<service_name>.loadbalancer.healthcheck.scheme
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.scheme=http
traefik.http.services.<service_name>.loadbalancer.healthcheck.timeout
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10
traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects
See health check for more information.
traefik.http.services.myservice.loadbalancer.healthcheck.followredirects=true
traefik.http.services.<service_name>.loadbalancer.sticky.cookie
See sticky sessions for more information.
traefik.http.services.myservice.loadbalancer.sticky.cookie=true
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly
See sticky sessions for more information.
traefik.http.services.myservice.loadbalancer.sticky.cookie.httponly=true
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.name
See sticky sessions for more information.
traefik.http.services.myservice.loadbalancer.sticky.cookie.name=foobar
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.secure
See sticky sessions for more information.
traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite
See sticky sessions for more information.
traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none
traefik.http.services.<service_name>.loadbalancer.sticky.cookie.maxage
See sticky sessions for more information.
traefik.http.services.myservice.loadbalancer.sticky.cookie.maxage=42
traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval
See response forwarding for more information.
traefik.http.services.myservice.loadbalancer.responseforwarding.flushinterval=10
Middleware
You can declare pieces of middleware using tags starting with traefik.http.middlewares.{name-of-your-choice}.
, followed by the middleware type/options.
For example, to declare a middleware redirectscheme named my-redirect
, you’d write traefik.http.middlewares.my-redirect.redirectscheme.scheme: https
.
More information about available middlewares in the dedicated middlewares section.
Declaring and Referencing a Middleware
# ...
# Declaring a middleware
traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
# Referencing a middleware
traefik.http.routers.my-service.middlewares=my-redirect
Conflicts in Declaration
If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
TCP
You can declare TCP Routers and/or Services using tags.
Declaring TCP Routers and Services
traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
traefik.tcp.routers.my-router.tls=true
traefik.tcp.services.my-service.loadbalancer.server.port=4123
TCP and HTTP
If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined). You can declare both a TCP Router/Service and an HTTP Router/Service for the same Nomad service (but you have to do so manually).
TCP Routers
traefik.tcp.routers.<router_name>.entrypoints
See entry points for more information.
traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2
traefik.tcp.routers.<router_name>.rule
See rule for more information.
traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)
traefik.tcp.routers.<router_name>.service
See service for more information.
traefik.tcp.routers.mytcprouter.service=myservice
traefik.tcp.routers.<router_name>.tls
See TLS for more information.
traefik.tcp.routers.mytcprouter.tls=true
traefik.tcp.routers.<router_name>.tls.certresolver
See certResolver for more information.
traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver
traefik.tcp.routers.<router_name>.tls.domains[n].main
See domains for more information.
traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org
traefik.tcp.routers.<router_name>.tls.domains[n].sans
See domains for more information.
traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org
traefik.tcp.routers.<router_name>.tls.options
See options for more information.
traefik.tcp.routers.mytcprouter.tls.options=myoptions
traefik.tcp.routers.<router_name>.tls.passthrough
See TLS for more information.
traefik.tcp.routers.mytcprouter.tls.passthrough=true
TCP Services
traefik.tcp.services.<service_name>.loadbalancer.server.port
Registers a port of the application.
traefik.tcp.services.mytcpservice.loadbalancer.server.port=423
traefik.tcp.services.<service_name>.loadbalancer.server.tls
Determines whether to use TLS when dialing with the backend.
traefik.tcp.services.mytcpservice.loadbalancer.server.tls=true
traefik.tcp.services.<service_name>.loadbalancer.proxyprotocol.version
See PROXY protocol for more information.
traefik.tcp.services.mytcpservice.loadbalancer.proxyprotocol.version=1
traefik.tcp.services.<service_name>.loadbalancer.serverstransport
Allows to reference a ServersTransport resource that is defined either with the File provider or the Kubernetes CRD one. See serverstransport for more information.
traefik.tcp.services.myservice.loadbalancer.serverstransport=foobar@file
UDP
You can declare UDP Routers and/or Services using tags.
Declaring UDP Routers and Services
traefik.udp.routers.my-router.entrypoints=udp
traefik.udp.services.my-service.loadbalancer.server.port=4123
UDP and HTTP
If you declare a UDP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no UDP Router/Service is defined). You can declare both a UDP Router/Service and an HTTP Router/Service for the same Nomad service (but you have to do so manually).
UDP Routers
traefik.udp.routers.<router_name>.entrypoints
See entry points for more information.
traefik.udp.routers.myudprouter.entrypoints=ep1,ep2
traefik.udp.routers.<router_name>.service
See service for more information.
traefik.udp.routers.myudprouter.service=myservice
UDP Services
traefik.udp.services.<service_name>.loadbalancer.server.port
Registers a port of the application.
traefik.udp.services.myudpservice.loadbalancer.server.port=423
Specific Provider Options
traefik.enable
traefik.enable=true
You can tell Traefik to consider (or not) the service by setting traefik.enable
to true or false.
This option overrides the value of exposedByDefault
.
traefik.nomad.canary
traefik.nomad.canary=true
When Nomad orchestrator is a provider (of service registration) for Traefik, one might have the need to distinguish within Traefik between a Canary instance of a service, or a production one. For example if one does not want them to be part of the same load-balancer.
Therefore, this option, which is meant to be provided as one of the values of the canary_tags
field in the Nomad service stanza, allows Traefik to identify that the associated instance is a canary one.
Port Lookup
Traefik is capable of detecting the port to use, by following the default Nomad Service Discovery flow. That means, if you just expose lets say port :1337
on the Nomad job, traefik will pick up this port and use it.