What api.insecure do exactly?

Spinico · September 19, 2019, 2:12am

Enable the API in insecure mode, which means that the API will be available directly on the EntryPoint named "traefik". 
Note: If the EntryPoint named traefik is not configured, it will be automatically created on port 8080.

I tried to set its value to false to see if there was any effect, but none that I could see: I was still able to make request to the /api.

So what does it do exactly?

Thanks.

ldez · September 19, 2019, 7:31am

api.insecure: true

[entryPoints]
  [entryPoints.web]
    address = ":80"

[api]
  insecure = true

$ curl 'http://localhost:8080/api/entrypoints'
[{"address":":8080","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{},"name":"traefik"},{"address":":80","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{},"name":"web"}]

api.insecure: false

[entryPoints]
  [entryPoints.web]
    address = ":80"

[api]
  insecure = false

$ curl 'http://localhost:8080/api/entrypoints'
curl: (7) Failed to connect to localhost port 8080: Connection refused

seh · September 19, 2019, 1:04pm

@ldez, it looks like your second example needs to s/true/false/.

Spinico · September 19, 2019, 2:45pm

@Idez, which version of Traefik you used?

I'm currently testing with version Traefik version 2.0.0 on Windows and I am not seeing the effect of the api insecure setting, here's the simple configuration I used to test:

traefik.toml

[entrypoints]

  [entrypoints.web]
    address = ":80"  

[providers]

  [providers.file]
    filename = "routers.toml"  
    watch = true    
          
[api]
  insecure = false
  
[log]
  level = "debug"
  filepath = "traefik.log"
  format = "common"

[accesslog]
  filepath = "access.log"
  format = "common"

routers.toml

[http]

  [http.routers]

    [http.routers.dashboard]
      rule = "host(`localhost`)"
      entrypoints = ["web"]
      service = "api@internal"

The /api/entrypoints path can still be requested with success on "http://locahost/api/entrypoints".

[{"address":":80","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{},"name":"web"}]

ldez · September 19, 2019, 2:59pm

[api]
  insecure = true

That means that the API is exposed on the entry point traefik (port 8080)

[api]
  insecure = false

That means that the API is not exposed at all on entry point. So you need to create a router that use api@internal service to access to the API

If you are using api@internal, the option insecure don't change the behavior of the related router.

Spinico · September 19, 2019, 3:40pm

Thanks @Idez, that explains the behavior I get from my test configuration.

system · October 3, 2023, 11:37am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dashboard and API only work when api.insecure is true Traefik v2 (latest) dashboard-api	3	4158	April 13, 2020
Cannot access Dashboard Traefik v2 (latest) dashboard-api	4	2796	December 7, 2019
Disabling 'Traefik' Entrypoint Traefik v2 (latest) docker	4	4119	October 7, 2019
Dashboard not found in traefik binary install mode and api.insecure is true Traefik v2 (latest) dashboard-api	3	737	October 7, 2020
API dashboard is not showing overview in insecure mode Traefik v2 (latest) dashboard-api	9	103	February 15, 2024

What api.insecure do exactly?

Related Topics