What api.insecure do exactly?

From the documentation:

Enable the API in insecure mode, which means that the API will be available directly on the EntryPoint named "traefik". 
Note: If the EntryPoint named traefik is not configured, it will be automatically created on port 8080.

I tried to set its value to false to see if there was any effect, but none that I could see: I was still able to make request to the /api.

So what does it do exactly?

Thanks.

  • api.insecure: true
[entryPoints]
  [entryPoints.web]
    address = ":80"

[api]
  insecure = true
$ curl 'http://localhost:8080/api/entrypoints'
[{"address":":8080","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{},"name":"traefik"},{"address":":80","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{},"name":"web"}]
  • api.insecure: false
[entryPoints]
  [entryPoints.web]
    address = ":80"

[api]
  insecure = false
$ curl 'http://localhost:8080/api/entrypoints'
curl: (7) Failed to connect to localhost port 8080: Connection refused

@ldez, it looks like your second example needs to s/true/false/.

1 Like

@Idez, which version of Traefik you used?

I'm currently testing with version Traefik version 2.0.0 on Windows and I am not seeing the effect of the api insecure setting, here's the simple configuration I used to test:

traefik.toml

[entrypoints]

  [entrypoints.web]
    address = ":80"  

[providers]

  [providers.file]
    filename = "routers.toml"  
    watch = true    
          
[api]
  insecure = false
  
[log]
  level = "debug"
  filepath = "traefik.log"
  format = "common"

[accesslog]
  filepath = "access.log"
  format = "common"

routers.toml

[http]

  [http.routers]

    [http.routers.dashboard]
      rule = "host(`localhost`)"
      entrypoints = ["web"]
      service = "api@internal"	        	   

The /api/entrypoints path can still be requested with success on "http://locahost/api/entrypoints".

[{"address":":80","transport":{"lifeCycle":{"graceTimeOut":10000000000},"respondingTimeouts":{"idleTimeout":180000000000}},"forwardedHeaders":{},"name":"web"}]

[api]
  insecure = true

That means that the API is exposed on the entry point traefik (port 8080)

[api]
  insecure = false

That means that the API is not exposed at all on entry point. So you need to create a router that use api@internal service to access to the API


If you are using api@internal, the option insecure don't change the behavior of the related router.

Thanks @Idez, that explains the behavior I get from my test configuration.