1# EntryPoints 2 3Opening Connections for Incoming Requests 4{: .subtitle } 5 6![entryPoints](../assets/img/entrypoints.png) 7 8EntryPoints are the network entry points into Traefik. 9They define the port which will receive the packets, 10and whether to listen for TCP or UDP. 11 12## Configuration Examples 13 14??? example "Port 80 only" 15 16 ```yaml tab="File (YAML)" 17 ## Static configuration 18 entryPoints: 19 web: 20 address: ":80" 21 ``` 22 23 ```toml tab="File (TOML)" 24 ## Static configuration 25 [entryPoints] 26 [entryPoints.web] 27 address = ":80" 28 ``` 29 30 ```bash tab="CLI" 31 ## Static configuration 32 --entryPoints.web.address=:80 33 ``` 34 35 We define an `entrypoint` called `web` that will listen on port `80`. 36 37??? example "Port 80 & 443" 38 39 ```yaml tab="File (YAML)" 40 ## Static configuration 41 entryPoints: 42 web: 43 address: ":80" 44 45 websecure: 46 address: ":443" 47 ``` 48 49 ```toml tab="File (TOML)" 50 ## Static configuration 51 [entryPoints] 52 [entryPoints.web] 53 address = ":80" 54 55 [entryPoints.websecure] 56 address = ":443" 57 ``` 58 59 ```bash tab="CLI" 60 ## Static configuration 61 --entryPoints.web.address=:80 62 --entryPoints.websecure.address=:443 63 ``` 64 65 - Two entrypoints are defined: one called `web`, and the other called `websecure`. 66 - `web` listens on port `80`, and `websecure` on port `443`. 67 68??? example "UDP on port 1704" 69 70 ```yaml tab="File (YAML)" 71 ## Static configuration 72 entryPoints: 73 streaming: 74 address: ":1704/udp" 75 ``` 76 77 ```toml tab="File (TOML)" 78 ## Static configuration 79 [entryPoints] 80 [entryPoints.streaming] 81 address = ":1704/udp" 82 ``` 83 84 ```bash tab="CLI" 85 ## Static configuration 86 --entryPoints.streaming.address=:1704/udp 87 ``` 88 89## Configuration 90 91### General 92 93EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration). 94They can be defined by using a file (YAML or TOML) or CLI arguments. 95 96??? info "See the complete reference for the list of available options" 97 98 ```yaml tab="File (YAML)" 99 ## Static configuration 100 entryPoints: 101 name: 102 address: ":8888" # same as ":8888/tcp" 103 http3: 104 advertisedPort: 8888 105 transport: 106 lifeCycle: 107 requestAcceptGraceTimeout: 42 108 graceTimeOut: 42 109 respondingTimeouts: 110 readTimeout: 42 111 writeTimeout: 42 112 idleTimeout: 42 113 proxyProtocol: 114 insecure: true 115 trustedIPs: 116 - "127.0.0.1" 117 - "192.168.0.1" 118 forwardedHeaders: 119 insecure: true 120 trustedIPs: 121 - "127.0.0.1" 122 - "192.168.0.1" 123 ``` 124 125 ```toml tab="File (TOML)" 126 ## Static configuration 127 [entryPoints] 128 [entryPoints.name] 129 address = ":8888" # same as ":8888/tcp" 130 [entryPoints.name.http3] 131 advertisedPort = 8888 132 [entryPoints.name.transport] 133 [entryPoints.name.transport.lifeCycle] 134 requestAcceptGraceTimeout = 42 135 graceTimeOut = 42 136 [entryPoints.name.transport.respondingTimeouts] 137 readTimeout = 42 138 writeTimeout = 42 139 idleTimeout = 42 140 [entryPoints.name.proxyProtocol] 141 insecure = true 142 trustedIPs = ["127.0.0.1", "192.168.0.1"] 143 [entryPoints.name.forwardedHeaders] 144 insecure = true 145 trustedIPs = ["127.0.0.1", "192.168.0.1"] 146 ``` 147 148 ```bash tab="CLI" 149 ## Static configuration 150 --entryPoints.name.address=:8888 # same as :8888/tcp 151 --entryPoints.name.http3.advertisedport=8888 152 --entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42 153 --entryPoints.name.transport.lifeCycle.graceTimeOut=42 154 --entryPoints.name.transport.respondingTimeouts.readTimeout=42 155 --entryPoints.name.transport.respondingTimeouts.writeTimeout=42 156 --entryPoints.name.transport.respondingTimeouts.idleTimeout=42 157 --entryPoints.name.proxyProtocol.insecure=true 158 --entryPoints.name.proxyProtocol.trustedIPs=127.0.0.1,192.168.0.1 159 --entryPoints.name.forwardedHeaders.insecure=true 160 --entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1 161 ``` 162 163### Address 164 165The address defines the port, and optionally the hostname, on which to listen for incoming connections and packets. 166It also defines the protocol to use (TCP or UDP). 167If no protocol is specified, the default is TCP. 168The format is: 169 170```bash 171[host]:port[/tcp|/udp] 172``` 173 174If both TCP and UDP are wanted for the same port, two entryPoints definitions are needed, such as in the example below. 175 176??? example "Both TCP and UDP on Port 3179" 177 178 ```yaml tab="File (YAML)" 179 ## Static configuration 180 entryPoints: 181 tcpep: 182 address: ":3179" 183 udpep: 184 address: ":3179/udp" 185 ``` 186 187 ```toml tab="File (TOML)" 188 ## Static configuration 189 [entryPoints] 190 [entryPoints.tcpep] 191 address = ":3179" 192 [entryPoints.udpep] 193 address = ":3179/udp" 194 ``` 195 196 ```bash tab="CLI" 197 ## Static configuration 198 --entryPoints.tcpep.address=:3179 199 --entryPoints.udpep.address=:3179/udp 200 ``` 201 202??? example "Listen on Specific IP Addresses Only" 203 204 ```yaml tab="File (yaml)" 205 entryPoints: 206 specificIPv4: 207 address: "192.168.2.7:8888" 208 specificIPv6: 209 address: "[2001:db8::1]:8888" 210 ``` 211 212 ```toml tab="File (TOML)" 213 [entryPoints.specificIPv4] 214 address = "192.168.2.7:8888" 215 [entryPoints.specificIPv6] 216 address = "[2001:db8::1]:8888" 217 ``` 218 219 ```bash tab="CLI" 220 --entrypoints.specificIPv4.address=192.168.2.7:8888 221 --entrypoints.specificIPv6.address=[2001:db8::1]:8888 222 ``` 223 224 Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go. 225 226### HTTP/3 227 228#### `http3` 229 230`http3` enables HTTP/3 protocol on the entryPoint. 231HTTP/3 requires a TCP entryPoint, as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. 232In most scenarios, this entryPoint is the same as the one used for TLS traffic. 233 234??? info "HTTP/3 uses UDP+TLS" 235 236 As HTTP/3 uses UDP, you can't have a TCP entryPoint with HTTP/3 on the same port as a UDP entryPoint. 237 Since HTTP/3 requires the use of TLS, only routers with TLS enabled will be usable with HTTP/3. 238 239!!! warning "Enabling Experimental HTTP/3" 240 241 As the HTTP/3 spec is still in draft, HTTP/3 support in Traefik is an experimental feature and needs to be activated 242 in the experimental section of the static configuration. 243 244 ```yaml tab="File (YAML)" 245 experimental: 246 http3: true 247 248 entryPoints: 249 name: 250 http3: {} 251 ``` 252 253 ```toml tab="File (TOML)" 254 [experimental] 255 http3 = true 256 257 [entryPoints.name.http3] 258 ``` 259 260 ```bash tab="CLI" 261 --experimental.http3=true --entrypoints.name.http3 262 ``` 263 264#### `advertisedPort` 265 266`http3.advertisedPort` defines which UDP port to advertise as the HTTP/3 authority. 267It defaults to the entryPoint's address port. 268It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening. 269 270!!! info "http3.advertisedPort" 271 272 ```yaml tab="File (YAML)" 273 experimental: 274 http3: true 275 276 entryPoints: 277 name: 278 http3: 279 advertisedPort: 443 280 ``` 281 282 ```toml tab="File (TOML)" 283 [experimental] 284 http3 = true 285 286 [entryPoints.name.http3] 287 advertisedPort = 443 288 ``` 289 290 ```bash tab="CLI" 291 --experimental.http3=true --entrypoints.name.http3.advertisedport=443 292 ``` 293 294### Forwarded Headers 295 296You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`). 297 298??? info "`forwardedHeaders.trustedIPs`" 299 300 Trusting Forwarded Headers from specific IPs. 301 302 ```yaml tab="File (YAML)" 303 ## Static configuration 304 entryPoints: 305 web: 306 address: ":80" 307 forwardedHeaders: 308 trustedIPs: 309 - "127.0.0.1/32" 310 - "192.168.1.7" 311 ``` 312 313 ```toml tab="File (TOML)" 314 ## Static configuration 315 [entryPoints] 316 [entryPoints.web] 317 address = ":80" 318 319 [entryPoints.web.forwardedHeaders] 320 trustedIPs = ["127.0.0.1/32", "192.168.1.7"] 321 ``` 322 323 ```bash tab="CLI" 324 ## Static configuration 325 --entryPoints.web.address=:80 326 --entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,192.168.1.7 327 ``` 328 329??? info "`forwardedHeaders.insecure`" 330 331 Insecure Mode (Always Trusting Forwarded Headers). 332 333 ```yaml tab="File (YAML)" 334 ## Static configuration 335 entryPoints: 336 web: 337 address: ":80" 338 forwardedHeaders: 339 insecure: true 340 ``` 341 342 ```toml tab="File (TOML)" 343 ## Static configuration 344 [entryPoints] 345 [entryPoints.web] 346 address = ":80" 347 348 [entryPoints.web.forwardedHeaders] 349 insecure = true 350 ``` 351 352 ```bash tab="CLI" 353 ## Static configuration 354 --entryPoints.web.address=:80 355 --entryPoints.web.forwardedHeaders.insecure 356 ``` 357 358### Transport 359 360#### `respondingTimeouts` 361 362`respondingTimeouts` are timeouts for incoming requests to the Traefik instance. 363Setting them has no effect for UDP entryPoints. 364 365??? info "`transport.respondingTimeouts.readTimeout`" 366 367 _Optional, Default=0s_ 368 369 `readTimeout` is the maximum duration for reading the entire request, including the body. 370 371 If zero, no timeout exists. 372 Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). 373 If no units are provided, the value is parsed assuming seconds. 374 375 ```yaml tab="File (YAML)" 376 ## Static configuration 377 entryPoints: 378 name: 379 address: ":8888" 380 transport: 381 respondingTimeouts: 382 readTimeout: 42 383 ``` 384 385 ```toml tab="File (TOML)" 386 ## Static configuration 387 [entryPoints] 388 [entryPoints.name] 389 address = ":8888" 390 [entryPoints.name.transport] 391 [entryPoints.name.transport.respondingTimeouts] 392 readTimeout = 42 393 ``` 394 395 ```bash tab="CLI" 396 ## Static configuration 397 --entryPoints.name.address=:8888 398 --entryPoints.name.transport.respondingTimeouts.readTimeout=42 399 ``` 400 401??? info "`transport.respondingTimeouts.writeTimeout`" 402 403 _Optional, Default=0s_ 404 405 `writeTimeout` is the maximum duration before timing out writes of the response. 406 407 It covers the time from the end of the request header read to the end of the response write. 408 If zero, no timeout exists. 409 Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). 410 If no units are provided, the value is parsed assuming seconds. 411 412 ```yaml tab="File (YAML)" 413 ## Static configuration 414 entryPoints: 415 name: 416 address: ":8888" 417 transport: 418 respondingTimeouts: 419 writeTimeout: 42 420 ``` 421 422 ```toml tab="File (TOML)" 423 ## Static configuration 424 [entryPoints] 425 [entryPoints.name] 426 address = ":8888" 427 [entryPoints.name.transport] 428 [entryPoints.name.transport.respondingTimeouts] 429 writeTimeout = 42 430 ``` 431 432 ```bash tab="CLI" 433 ## Static configuration 434 --entryPoints.name.address=:8888 435 --entryPoints.name.transport.respondingTimeouts.writeTimeout=42 436 ``` 437 438??? info "`transport.respondingTimeouts.idleTimeout`" 439 440 _Optional, Default=180s_ 441 442 `idleTimeout` is the maximum duration an idle (keep-alive) connection will remain idle before closing itself. 443 444 If zero, no timeout exists. 445 Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). 446 If no units are provided, the value is parsed assuming seconds. 447 448 ```yaml tab="File (YAML)" 449 ## Static configuration 450 entryPoints: 451 name: 452 address: ":8888" 453 transport: 454 respondingTimeouts: 455 idleTimeout: 42 456 ``` 457 458 ```toml tab="File (TOML)" 459 ## Static configuration 460 [entryPoints] 461 [entryPoints.name] 462 address = ":8888" 463 [entryPoints.name.transport] 464 [entryPoints.name.transport.respondingTimeouts] 465 idleTimeout = 42 466 ``` 467 468 ```bash tab="CLI" 469 ## Static configuration 470 --entryPoints.name.address=:8888 471 --entryPoints.name.transport.respondingTimeouts.idleTimeout=42 472 ``` 473 474#### `lifeCycle` 475 476Controls the behavior of Traefik during the shutdown phase. 477 478??? info "`lifeCycle.requestAcceptGraceTimeout`" 479 480 _Optional, Default=0s_ 481 482 Duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `graceTimeOut` option). 483 This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. 484 485 Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). 486 487 If no units are provided, the value is parsed assuming seconds. 488 The zero duration disables the request accepting grace period, i.e., Traefik will immediately proceed to the grace period. 489 490 ```yaml tab="File (YAML)" 491 ## Static configuration 492 entryPoints: 493 name: 494 address: ":8888" 495 transport: 496 lifeCycle: 497 requestAcceptGraceTimeout: 42 498 ``` 499 500 ```toml tab="File (TOML)" 501 ## Static configuration 502 [entryPoints] 503 [entryPoints.name] 504 address = ":8888" 505 [entryPoints.name.transport] 506 [entryPoints.name.transport.lifeCycle] 507 requestAcceptGraceTimeout = 42 508 ``` 509 510 ```bash tab="CLI" 511 ## Static configuration 512 --entryPoints.name.address=:8888 513 --entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42 514 ``` 515 516??? info "`lifeCycle.graceTimeOut`" 517 518 _Optional, Default=10s_ 519 520 Duration to give active requests a chance to finish before Traefik stops. 521 522 Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits). 523 524 If no units are provided, the value is parsed assuming seconds. 525 526 !!! warning "In this time frame no new requests are accepted." 527 528 ```yaml tab="File (YAML)" 529 ## Static configuration 530 entryPoints: 531 name: 532 address: ":8888" 533 transport: 534 lifeCycle: 535 graceTimeOut: 42 536 ``` 537 538 ```toml tab="File (TOML)" 539 ## Static configuration 540 [entryPoints] 541 [entryPoints.name] 542 address = ":8888" 543 [entryPoints.name.transport] 544 [entryPoints.name.transport.lifeCycle] 545 graceTimeOut = 42 546 ``` 547 548 ```bash tab="CLI" 549 ## Static configuration 550 --entryPoints.name.address=:8888 551 --entryPoints.name.transport.lifeCycle.graceTimeOut=42 552 ``` 553 554### ProxyProtocol 555 556Traefik supports [ProxyProtocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. 557 558If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. 559 560If the Proxy Protocol header is passed, then the version is determined automatically. 561 562??? info "`proxyProtocol.trustedIPs`" 563 564 Enabling Proxy Protocol with Trusted IPs. 565 566 ```yaml tab="File (YAML)" 567 ## Static configuration 568 entryPoints: 569 web: 570 address: ":80" 571 proxyProtocol: 572 trustedIPs: 573 - "127.0.0.1/32" 574 - "192.168.1.7" 575 ``` 576 577 ```toml tab="File (TOML)" 578 ## Static configuration 579 [entryPoints] 580 [entryPoints.web] 581 address = ":80" 582 583 [entryPoints.web.proxyProtocol] 584 trustedIPs = ["127.0.0.1/32", "192.168.1.7"] 585 ``` 586 587 ```bash tab="CLI" 588 --entryPoints.web.address=:80 589 --entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,192.168.1.7 590 ``` 591 592 IPs in `trustedIPs` only will lead to remote client address replacement: Declare load-balancer IPs or CIDR range here. 593 594??? info "`proxyProtocol.insecure`" 595 596 Insecure Mode (Testing Environment Only). 597 598 In a test environments, you can configure Traefik to trust every incoming connection. 599 Doing so, every remote client address will be replaced (`trustedIPs` won't have any effect) 600 601 ```yaml tab="File (YAML)" 602 ## Static configuration 603 entryPoints: 604 web: 605 address: ":80" 606 proxyProtocol: 607 insecure: true 608 ``` 609 610 ```toml tab="File (TOML)" 611 ## Static configuration 612 [entryPoints] 613 [entryPoints.web] 614 address = ":80" 615 616 [entryPoints.web.proxyProtocol] 617 insecure = true 618 ``` 619 620 ```bash tab="CLI" 621 --entryPoints.web.address=:80 622 --entryPoints.web.proxyProtocol.insecure 623 ``` 624 625!!! warning "Queuing Traefik behind Another Load Balancer" 626 627 When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides. 628 Not doing so could introduce a security risk in your system (enabling request forgery). 629 630## HTTP Options 631 632This whole section is dedicated to options, keyed by entry point, that will apply only to HTTP routing. 633 634### Redirection 635 636??? example "HTTPS redirection (80 to 443)" 637 638 ```yaml tab="File (YAML)" 639 entryPoints: 640 web: 641 address: :80 642 http: 643 redirections: 644 entryPoint: 645 to: websecure 646 scheme: https 647 648 websecure: 649 address: :443 650 ``` 651 652 ```toml tab="File (TOML)" 653 [entryPoints.web] 654 address = ":80" 655 656 [entryPoints.web.http] 657 [entryPoints.web.http.redirections] 658 [entryPoints.web.http.redirections.entryPoint] 659 to = "websecure" 660 scheme = "https" 661 662 [entryPoints.websecure] 663 address = ":443" 664 ``` 665 666 ```bash tab="CLI" 667 --entrypoints.web.address=:80 668 --entrypoints.web.http.redirections.entryPoint.to=websecure 669 --entrypoints.web.http.redirections.entryPoint.scheme=https 670 --entrypoints.websecure.address=:443 671 ``` 672 673#### `entryPoint` 674 675This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`) or an explicit port (`:443`). 676 677??? info "`entryPoint.to`" 678 679 _Required_ 680 681 The target element, it can be: 682 683 - an entry point name (ex: `websecure`) 684 - a port (`:443`) 685 686 ```yaml tab="File (YAML)" 687 entryPoints: 688 foo: 689 # ... 690 http: 691 redirections: 692 entryPoint: 693 to: websecure 694 ``` 695 696 ```toml tab="File (TOML)" 697 [entryPoints.foo] 698 # ... 699 [entryPoints.foo.http.redirections] 700 [entryPoints.foo.http.redirections.entryPoint] 701 to = "websecure" 702 ``` 703 704 ```bash tab="CLI" 705 --entrypoints.foo.http.redirections.entryPoint.to=websecure 706 ``` 707 708??? info "`entryPoint.scheme`" 709 710 _Optional, Default="https"_ 711 712 The redirection target scheme. 713 714 ```yaml tab="File (YAML)" 715 entryPoints: 716 foo: 717 # ... 718 http: 719 redirections: 720 entryPoint: 721 # ... 722 scheme: https 723 ``` 724 725 ```toml tab="File (TOML)" 726 [entryPoints.foo] 727 # ... 728 [entryPoints.foo.http.redirections] 729 [entryPoints.foo.http.redirections.entryPoint] 730 # ... 731 scheme = "https" 732 ``` 733 734 ```bash tab="CLI" 735 --entrypoints.foo.http.redirections.entryPoint.scheme=https 736 ``` 737 738??? info "`entryPoint.permanent`" 739 740 _Optional, Default=true_ 741 742 To apply a permanent redirection. 743 744 ```yaml tab="File (YAML)" 745 entryPoints: 746 foo: 747 # ... 748 http: 749 redirections: 750 entryPoint: 751 # ... 752 permanent: true 753 ``` 754 755 ```toml tab="File (TOML)" 756 [entryPoints.foo] 757 # ... 758 [entryPoints.foo.http.redirections] 759 [entryPoints.foo.http.redirections.entryPoint] 760 # ... 761 permanent = true 762 ``` 763 764 ```bash tab="CLI" 765 --entrypoints.foo.http.redirections.entrypoint.permanent=true 766 ``` 767 768??? info "`entryPoint.priority`" 769 770 _Optional, Default=1_ 771 772 Priority of the generated router. 773 774 ```yaml tab="File (YAML)" 775 entryPoints: 776 foo: 777 # ... 778 http: 779 redirections: 780 entryPoint: 781 # ... 782 priority: 10 783 ``` 784 785 ```toml tab="File (TOML)" 786 [entryPoints.foo] 787 # ... 788 [entryPoints.foo.http.redirections] 789 [entryPoints.foo.http.redirections.entryPoint] 790 # ... 791 priority = 10 792 ``` 793 794 ```bash tab="CLI" 795 --entrypoints.foo.http.redirections.entrypoint.priority=10 796 ``` 797 798### Middlewares 799 800The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. 801 802```yaml tab="File (YAML)" 803entryPoints: 804 websecure: 805 address: ':443' 806 http: 807 middlewares: 808 - auth@file 809 - strip@file 810``` 811 812```toml tab="File (TOML)" 813[entryPoints.websecure] 814 address = ":443" 815 816 [entryPoints.websecure.http] 817 middlewares = ["auth@file", "strip@file"] 818``` 819 820```bash tab="CLI" 821--entrypoints.websecure.address=:443 822--entrypoints.websecure.http.middlewares=auth@file,strip@file 823``` 824 825### TLS 826 827This section is about the default TLS configuration applied to all routers associated with the named entry point. 828 829If a TLS section (i.e. any of its fields) is user-defined, then the default configuration does not apply at all. 830 831The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls). 832 833```yaml tab="File (YAML)" 834entryPoints: 835 websecure: 836 address: ':443' 837 http: 838 tls: 839 options: foobar 840 certResolver: leresolver 841 domains: 842 - main: example.com 843 sans: 844 - foo.example.com 845 - bar.example.com 846 - main: test.com 847 sans: 848 - foo.test.com 849 - bar.test.com 850``` 851 852```toml tab="File (TOML)" 853[entryPoints.websecure] 854 address = ":443" 855 856 [entryPoints.websecure.http.tls] 857 options = "foobar" 858 certResolver = "leresolver" 859 [[entryPoints.websecure.http.tls.domains]] 860 main = "example.com" 861 sans = ["foo.example.com", "bar.example.com"] 862 [[entryPoints.websecure.http.tls.domains]] 863 main = "test.com" 864 sans = ["foo.test.com", "bar.test.com"] 865``` 866 867```bash tab="CLI" 868--entrypoints.websecure.address=:443 869--entrypoints.websecure.http.tls.options=foobar 870--entrypoints.websecure.http.tls.certResolver=leresolver 871--entrypoints.websecure.http.tls.domains[0].main=example.com 872--entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com 873--entrypoints.websecure.http.tls.domains[1].main=test.com 874--entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com 875``` 876 877??? example "Let's Encrypt" 878 879 ```yaml tab="File (YAML)" 880 entryPoints: 881 websecure: 882 address: ':443' 883 http: 884 tls: 885 certResolver: leresolver 886 ``` 887 888 ```toml tab="File (TOML)" 889 [entryPoints.websecure] 890 address = ":443" 891 892 [entryPoints.websecure.http.tls] 893 certResolver = "leresolver" 894 ``` 895 896 ```bash tab="CLI" 897 --entrypoints.websecure.address=:443 898 --entrypoints.websecure.http.tls.certResolver=leresolver 899 ``` 900 901## UDP Options 902 903This whole section is dedicated to options, keyed by entry point, that will apply only to UDP routing. 904 905### Timeout 906 907_Optional, Default=3s_ 908 909Timeout defines how long to wait on an idle session before releasing the related resources. 910The Timeout value must be greater than zero. 911 912```yaml tab="File (YAML)" 913entryPoints: 914 foo: 915 address: ':8000/udp' 916 udp: 917 timeout: 10s 918``` 919 920```toml tab="File (TOML)" 921[entryPoints.foo] 922 address = ":8000/udp" 923 924 [entryPoints.foo.udp] 925 timeout = "10s" 926``` 927 928```bash tab="CLI" 929entrypoints.foo.address=:8000/udp 930entrypoints.foo.udp.timeout=10s 931``` 932