Add examples of proxying ping #2102
Conversation
ldez
changed the title
ldez
added
area/documentation
status/2-needs-review
and removed
status/0-needs-triage
labels
docs/user-guide/examples.md
Outdated
| @@ -296,3 +296,76 @@ defaultEntryPoints = ["http"] | |||
| IdleTimeout = "360s" | |||
| ProvidersThrottleDuration = "5s" | |||
| ``` | |||
|
|
|||
| ## Securing Ping Health Check | |||
| The `/ping` health-check URL is enabled together with the web admin panel, enabled with the command-line `--web` or config file option `[web]`. Thus, if you have a regular path for `/foo` and an entrypoint on `:80`, you would access them as follows: | |||
There was a problem hiding this comment.
Could add an empty line between the before this line?
Could you put one sentence by line?
There was a problem hiding this comment.
Sure, updating now. Out of curiosity, why? I have never seen markdown done with a CRLF between each sentence.
There was a problem hiding this comment.
In Markdown, \n between two sentences is replaced by a simple (Expect in Github 😉 )
docs/user-guide/examples.md
Outdated
| * Admin panel: `http://hostname:8080/` | ||
| * Ping URL: `http://hostname:8080/ping` | ||
|
|
||
| However, for security reasons, you may want to be able to expose the `/ping` health-check URL to outside health-checkers, e.g. an Internet service or cloud load-balancer, _without_ exposing your admin panel's port. In many environments, the security staff may not _allow_ you to expose it. |
There was a problem hiding this comment.
Could you put one sentence by line?
docs/user-guide/examples.md
Outdated
| The above creates a new backend called `traefik`, lisenting on `http://localhost:8080`, i.e. the local admin port. We only expose the admin panel via the `frontend` named `traefikadmin`, and only expose the `/ping` Path. | ||
|
|
||
| ## Enable ping health check on dedicated port | ||
| If you do not want to or cannot expose the health-check on a regular entrypoint - e.g. your security rules do not allow it, or you have a conflicting path - then you can enable health-check on its own entrypoint. Use the following config: |
There was a problem hiding this comment.
Could add an empty line between the before this line?
Could you put one sentence by line?
docs/user-guide/examples.md
Outdated
|
|
||
| Note the unique port for `/ping`. | ||
|
|
||
| In the above example, it is _very_ important that you create a named dedicated entrypoint, and do **not** include it in `defaultEntryPoints`. Otherwise, you are likely to expose _all_ services via that entrypoint. |
There was a problem hiding this comment.
Could you put one sentence by line?
And could you add empty line at the end of this file?
docs/user-guide/examples.md
Outdated
| * Admin panel: `http://hostname:8080/` | ||
| * Ping URL: `http://hostname:8082/ping` | ||
|
|
||
| Note the unique port for `/ping`. |
There was a problem hiding this comment.
Could you replace unique by dedicated
deitch
force-pushed
the
ping-examples
branch
from
3d5dc7e
to
5483fdd
Compare
|
Updated. Back to you. |
There was a problem hiding this comment.
You can show the render here: https://deploy-preview-2102--traefik-docs.netlify.com/user-guide/examples/
docs/user-guide/examples.md
Outdated
| The above creates a new backend called `traefik`, lisenting on `http://localhost:8080`, i.e. the local admin port. | ||
| We only expose the admin panel via the `frontend` named `traefikadmin`, and only expose the `/ping` Path. | ||
|
|
||
| ## Enable ping health check on dedicated port |
deitch
force-pushed
the
ping-examples
branch
from
5483fdd
to
b7201c4
Compare
|
Uh oh, needs rebase... |
deitch
force-pushed
the
ping-examples
branch
from
b7201c4
to
ab1ee9a
Compare
|
Rebased |
|
@ldez are there any outstanding changes requested? I think we got them all? |
docs/user-guide/examples.md
Outdated
| ``` | ||
|
|
||
| The above creates a new backend called `traefik`, lisenting on `http://localhost:8080`, i.e. the local admin port. | ||
| We only expose the admin panel via the `frontend` named `traefikadmin`, and only expose the `/ping` Path. |
docs/user-guide/examples.md
Outdated
| * Admin panel: `http://hostname:8080/` | ||
| * Ping URL: `http://hostname:8082/ping` | ||
|
|
||
| Note the dedicated port for `/ping`. |
There was a problem hiding this comment.
Maybe adding the port number in the note?
docs/user-guide/examples.md
Outdated
|
|
||
| Note the dedicated port for `/ping`. | ||
|
|
||
| In the above example, it is _very_ important that you create a named dedicated entrypoint, and do **not** include it in `defaultEntryPoints`. |
There was a problem hiding this comment.
s/that you create a named dedicated entrypoint/to create a dedicated entrypoint/ ?
and do not include it in
defaultEntryPoints
I don't understand what cannot be included in the defaultEntryPoint. Can you develop?
docs/user-guide/examples.md
Outdated
| Note the dedicated port for `/ping`. | ||
|
|
||
| In the above example, it is _very_ important that you create a named dedicated entrypoint, and do **not** include it in `defaultEntryPoints`. | ||
| Otherwise, you are likely to expose _all_ services via that entrypoint. |
There was a problem hiding this comment.
Do you want to say that if you don't specify a rule on the frontend (rule = "Path:/ping") you can expose all the web admin paths through the ping entrypoint?
|
Thanks @nmengin ; updating now. |
deitch
force-pushed
the
ping-examples
branch
from
ab1ee9a
to
09f5dd3
Compare
|
Updated. |
traefiker
force-pushed
the
ping-examples
branch
from
09f5dd3
to
04bfdcc
Compare
via regular entrypoint and dedicated entrypoint.
Description
Add examples of how to expose
/pingon one of:This is distinct from running it on the normal admin port (default to
:8080) and allows you to expose/pingto other networks without exposing the admin port.As requested by @ldez .
Closes #2094