2019-07-10 07:26:04 +00:00
package dynamic
2018-11-14 09:18:03 +00:00
import (
2024-09-24 16:04:05 +00:00
"fmt"
2024-01-29 09:58:05 +00:00
"net/http"
2020-01-08 10:44:04 +00:00
"time"
2019-07-01 09:30:05 +00:00
2020-08-17 16:04:03 +00:00
ptypes "github.com/traefik/paerser/types"
2023-02-03 14:24:05 +00:00
"github.com/traefik/traefik/v3/pkg/ip"
2018-11-14 09:18:03 +00:00
)
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2018-11-14 09:18:03 +00:00
// Middleware holds the Middleware configuration.
type Middleware struct {
2024-01-11 09:40:06 +00:00
AddPrefix * AddPrefix ` json:"addPrefix,omitempty" toml:"addPrefix,omitempty" yaml:"addPrefix,omitempty" export:"true" `
StripPrefix * StripPrefix ` json:"stripPrefix,omitempty" toml:"stripPrefix,omitempty" yaml:"stripPrefix,omitempty" export:"true" `
StripPrefixRegex * StripPrefixRegex ` json:"stripPrefixRegex,omitempty" toml:"stripPrefixRegex,omitempty" yaml:"stripPrefixRegex,omitempty" export:"true" `
ReplacePath * ReplacePath ` json:"replacePath,omitempty" toml:"replacePath,omitempty" yaml:"replacePath,omitempty" export:"true" `
ReplacePathRegex * ReplacePathRegex ` json:"replacePathRegex,omitempty" toml:"replacePathRegex,omitempty" yaml:"replacePathRegex,omitempty" export:"true" `
Chain * Chain ` json:"chain,omitempty" toml:"chain,omitempty" yaml:"chain,omitempty" export:"true" `
// Deprecated: please use IPAllowList instead.
IPWhiteList * IPWhiteList ` json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true" `
2022-10-26 15:16:05 +00:00
IPAllowList * IPAllowList ` json:"ipAllowList,omitempty" toml:"ipAllowList,omitempty" yaml:"ipAllowList,omitempty" export:"true" `
2020-12-03 14:52:05 +00:00
Headers * Headers ` json:"headers,omitempty" toml:"headers,omitempty" yaml:"headers,omitempty" export:"true" `
Errors * ErrorPage ` json:"errors,omitempty" toml:"errors,omitempty" yaml:"errors,omitempty" export:"true" `
RateLimit * RateLimit ` json:"rateLimit,omitempty" toml:"rateLimit,omitempty" yaml:"rateLimit,omitempty" export:"true" `
RedirectRegex * RedirectRegex ` json:"redirectRegex,omitempty" toml:"redirectRegex,omitempty" yaml:"redirectRegex,omitempty" export:"true" `
RedirectScheme * RedirectScheme ` json:"redirectScheme,omitempty" toml:"redirectScheme,omitempty" yaml:"redirectScheme,omitempty" export:"true" `
BasicAuth * BasicAuth ` json:"basicAuth,omitempty" toml:"basicAuth,omitempty" yaml:"basicAuth,omitempty" export:"true" `
DigestAuth * DigestAuth ` json:"digestAuth,omitempty" toml:"digestAuth,omitempty" yaml:"digestAuth,omitempty" export:"true" `
ForwardAuth * ForwardAuth ` json:"forwardAuth,omitempty" toml:"forwardAuth,omitempty" yaml:"forwardAuth,omitempty" export:"true" `
InFlightReq * InFlightReq ` json:"inFlightReq,omitempty" toml:"inFlightReq,omitempty" yaml:"inFlightReq,omitempty" export:"true" `
Buffering * Buffering ` json:"buffering,omitempty" toml:"buffering,omitempty" yaml:"buffering,omitempty" export:"true" `
CircuitBreaker * CircuitBreaker ` json:"circuitBreaker,omitempty" toml:"circuitBreaker,omitempty" yaml:"circuitBreaker,omitempty" export:"true" `
2022-03-22 10:04:08 +00:00
Compress * Compress ` json:"compress,omitempty" toml:"compress,omitempty" yaml:"compress,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true" `
2020-12-03 14:52:05 +00:00
PassTLSClientCert * PassTLSClientCert ` json:"passTLSClientCert,omitempty" toml:"passTLSClientCert,omitempty" yaml:"passTLSClientCert,omitempty" export:"true" `
Retry * Retry ` json:"retry,omitempty" toml:"retry,omitempty" yaml:"retry,omitempty" export:"true" `
2022-11-29 10:48:05 +00:00
ContentType * ContentType ` json:"contentType,omitempty" toml:"contentType,omitempty" yaml:"contentType,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true" `
2022-10-27 15:34:06 +00:00
GrpcWeb * GrpcWeb ` json:"grpcWeb,omitempty" toml:"grpcWeb,omitempty" yaml:"grpcWeb,omitempty" export:"true" `
2020-12-03 14:52:05 +00:00
Plugin map [ string ] PluginConf ` json:"plugin,omitempty" toml:"plugin,omitempty" yaml:"plugin,omitempty" export:"true" `
2024-04-05 15:18:03 +00:00
2024-08-12 09:34:04 +00:00
// Gateway API filter middlewares.
RequestHeaderModifier * HeaderModifier ` json:"requestHeaderModifier,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true" `
ResponseHeaderModifier * HeaderModifier ` json:"responseHeaderModifier,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true" `
RequestRedirect * RequestRedirect ` json:"requestRedirect,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true" `
URLRewrite * URLRewrite ` json:"URLRewrite,omitempty" toml:"-" yaml:"-" label:"-" file:"-" kv:"-" export:"true" `
2020-01-21 17:06:03 +00:00
}
// +k8s:deepcopy-gen=true
2022-10-27 15:34:06 +00:00
// GrpcWeb holds the gRPC web middleware configuration.
// This middleware converts a gRPC web request to an HTTP/2 gRPC request.
type GrpcWeb struct {
// AllowOrigins is a list of allowable origins.
// Can also be a wildcard origin "*".
AllowOrigins [ ] string ` json:"allowOrigins,omitempty" toml:"allowOrigins,omitempty" yaml:"allowOrigins,omitempty" `
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// ContentType holds the content-type middleware configuration.
2024-01-29 16:32:05 +00:00
// This middleware exists to enable the correct behavior until at least the default one can be changed in a future version.
type ContentType struct {
// AutoDetect specifies whether to let the `Content-Type` header, if it has not been set by the backend,
// be automatically set to a value derived from the contents of the response.
// Deprecated: AutoDetect option is deprecated, Content-Type middleware is only meant to be used to enable the content-type detection, please remove any usage of this option.
AutoDetect * bool ` json:"autoDetect,omitempty" toml:"autoDetect,omitempty" yaml:"autoDetect,omitempty" export:"true" `
}
2018-11-14 09:18:03 +00:00
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// AddPrefix holds the add prefix middleware configuration.
// This middleware updates the path of a request before forwarding it.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/addprefix/
2018-11-14 09:18:03 +00:00
type AddPrefix struct {
2022-06-24 10:40:08 +00:00
// Prefix is the string to add before the current path in the requested URL.
// It should include a leading slash (/).
2020-12-03 14:52:05 +00:00
Prefix string ` json:"prefix,omitempty" toml:"prefix,omitempty" yaml:"prefix,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// BasicAuth holds the basic auth middleware configuration.
// This middleware restricts access to your services to known users.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/
2018-11-14 09:18:03 +00:00
type BasicAuth struct {
2022-06-24 10:40:08 +00:00
// Users is an array of authorized users.
// Each user must be declared using the name:hashed-password format.
// Tip: Use htpasswd to generate the passwords.
Users Users ` json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false" `
// UsersFile is the path to an external file that contains the authorized users.
UsersFile string ` json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty" `
// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
// Default: traefik.
Realm string ` json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty" `
// RemoveHeader sets the removeHeader option to true to remove the authorization header before forwarding the request to your service.
// Default: false.
RemoveHeader bool ` json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true" `
// HeaderField defines a header field to store the authenticated user.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
2022-06-24 10:40:08 +00:00
HeaderField string ` json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// Buffering holds the buffering middleware configuration.
// This middleware retries or limits the size of requests that can be forwarded to backends.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#maxrequestbodybytes
2018-11-14 09:18:03 +00:00
type Buffering struct {
2022-06-24 10:40:08 +00:00
// MaxRequestBodyBytes defines the maximum allowed body size for the request (in bytes).
// If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a 413 (Request Entity Too Large) response.
// Default: 0 (no maximum).
MaxRequestBodyBytes int64 ` json:"maxRequestBodyBytes,omitempty" toml:"maxRequestBodyBytes,omitempty" yaml:"maxRequestBodyBytes,omitempty" export:"true" `
// MemRequestBodyBytes defines the threshold (in bytes) from which the request will be buffered on disk instead of in memory.
// Default: 1048576 (1Mi).
MemRequestBodyBytes int64 ` json:"memRequestBodyBytes,omitempty" toml:"memRequestBodyBytes,omitempty" yaml:"memRequestBodyBytes,omitempty" export:"true" `
// MaxResponseBodyBytes defines the maximum allowed response size from the service (in bytes).
// If the response exceeds the allowed size, it is not forwarded to the client. The client gets a 500 (Internal Server Error) response instead.
// Default: 0 (no maximum).
MaxResponseBodyBytes int64 ` json:"maxResponseBodyBytes,omitempty" toml:"maxResponseBodyBytes,omitempty" yaml:"maxResponseBodyBytes,omitempty" export:"true" `
// MemResponseBodyBytes defines the threshold (in bytes) from which the response will be buffered on disk instead of in memory.
// Default: 1048576 (1Mi).
MemResponseBodyBytes int64 ` json:"memResponseBodyBytes,omitempty" toml:"memResponseBodyBytes,omitempty" yaml:"memResponseBodyBytes,omitempty" export:"true" `
// RetryExpression defines the retry conditions.
// It is a logical combination of functions with operators AND (&&) and OR (||).
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/buffering/#retryexpression
2022-06-24 10:40:08 +00:00
RetryExpression string ` json:"retryExpression,omitempty" toml:"retryExpression,omitempty" yaml:"retryExpression,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// Chain holds the chain middleware configuration.
// This middleware enables to define reusable combinations of other pieces of middleware.
2018-11-14 09:18:03 +00:00
type Chain struct {
2022-06-24 10:40:08 +00:00
// Middlewares is the list of middleware names which composes the chain.
2020-12-03 14:52:05 +00:00
Middlewares [ ] string ` json:"middlewares,omitempty" toml:"middlewares,omitempty" yaml:"middlewares,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// CircuitBreaker holds the circuit breaker middleware configuration.
// This middleware protects the system from stacking requests to unhealthy services, resulting in cascading failures.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/circuitbreaker/
2018-11-14 09:18:03 +00:00
type CircuitBreaker struct {
2022-06-24 10:40:08 +00:00
// Expression defines the expression that, once matched, opens the circuit breaker and applies the fallback mechanism instead of calling the services.
2020-12-03 14:52:05 +00:00
Expression string ` json:"expression,omitempty" toml:"expression,omitempty" yaml:"expression,omitempty" export:"true" `
2022-04-05 10:30:08 +00:00
// CheckPeriod is the interval between successive checks of the circuit breaker condition (when in standby state).
CheckPeriod ptypes . Duration ` json:"checkPeriod,omitempty" toml:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty" export:"true" `
// FallbackDuration is the duration for which the circuit breaker will wait before trying to recover (from a tripped state).
FallbackDuration ptypes . Duration ` json:"fallbackDuration,omitempty" toml:"fallbackDuration,omitempty" yaml:"fallbackDuration,omitempty" export:"true" `
// RecoveryDuration is the duration for which the circuit breaker will try to recover (as soon as it is in recovering state).
RecoveryDuration ptypes . Duration ` json:"recoveryDuration,omitempty" toml:"recoveryDuration,omitempty" yaml:"recoveryDuration,omitempty" export:"true" `
2024-01-29 09:58:05 +00:00
// ResponseCode is the status code that the circuit breaker will return while it is in the open state.
ResponseCode int ` json:"responseCode,omitempty" toml:"responseCode,omitempty" yaml:"responseCode,omitempty" export:"true" `
2022-04-05 10:30:08 +00:00
}
// SetDefaults sets the default values on a RateLimit.
func ( c * CircuitBreaker ) SetDefaults ( ) {
c . CheckPeriod = ptypes . Duration ( 100 * time . Millisecond )
c . FallbackDuration = ptypes . Duration ( 10 * time . Second )
c . RecoveryDuration = ptypes . Duration ( 10 * time . Second )
2024-01-29 09:58:05 +00:00
c . ResponseCode = http . StatusServiceUnavailable
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// Compress holds the compress middleware configuration.
2024-08-07 14:20:04 +00:00
// This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
2019-10-31 10:36:05 +00:00
type Compress struct {
2022-06-24 10:40:08 +00:00
// ExcludedContentTypes defines the list of content types to compare the Content-Type header of the incoming requests and responses before compressing.
2022-11-15 09:56:08 +00:00
// `application/grpc` is always excluded.
2019-10-31 10:36:05 +00:00
ExcludedContentTypes [ ] string ` json:"excludedContentTypes,omitempty" toml:"excludedContentTypes,omitempty" yaml:"excludedContentTypes,omitempty" export:"true" `
2024-01-17 10:32:06 +00:00
// IncludedContentTypes defines the list of content types to compare the Content-Type header of the responses before compressing.
IncludedContentTypes [ ] string ` json:"includedContentTypes,omitempty" toml:"includedContentTypes,omitempty" yaml:"includedContentTypes,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// MinResponseBodyBytes defines the minimum amount of bytes a response body must have to be compressed.
// Default: 1024.
MinResponseBodyBytes int ` json:"minResponseBodyBytes,omitempty" toml:"minResponseBodyBytes,omitempty" yaml:"minResponseBodyBytes,omitempty" export:"true" `
2024-08-07 14:20:04 +00:00
// Encodings defines the list of supported compression algorithms.
Encodings [ ] string ` json:"encodings,omitempty" toml:"encodings,omitempty" yaml:"encodings,omitempty" export:"true" `
2024-06-06 14:42:04 +00:00
// DefaultEncoding specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`).
DefaultEncoding string ` json:"defaultEncoding,omitempty" toml:"defaultEncoding,omitempty" yaml:"defaultEncoding,omitempty" export:"true" `
2019-10-31 10:36:05 +00:00
}
2018-11-14 09:18:03 +00:00
2024-08-07 14:20:04 +00:00
func ( c * Compress ) SetDefaults ( ) {
c . Encodings = [ ] string { "zstd" , "br" , "gzip" }
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// DigestAuth holds the digest auth middleware configuration.
// This middleware restricts access to your services to known users.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/digestauth/
2018-11-14 09:18:03 +00:00
type DigestAuth struct {
2022-06-24 10:40:08 +00:00
// Users defines the authorized users.
// Each user should be declared using the name:realm:encoded-password format.
Users Users ` json:"users,omitempty" toml:"users,omitempty" yaml:"users,omitempty" loggable:"false" `
// UsersFile is the path to an external file that contains the authorized users for the middleware.
UsersFile string ` json:"usersFile,omitempty" toml:"usersFile,omitempty" yaml:"usersFile,omitempty" `
// RemoveHeader defines whether to remove the authorization header before forwarding the request to the backend.
RemoveHeader bool ` json:"removeHeader,omitempty" toml:"removeHeader,omitempty" yaml:"removeHeader,omitempty" export:"true" `
// Realm allows the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme.
// Default: traefik.
Realm string ` json:"realm,omitempty" toml:"realm,omitempty" yaml:"realm,omitempty" `
// HeaderField defines a header field to store the authenticated user.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/basicauth/#headerfield
2022-06-24 10:40:08 +00:00
HeaderField string ` json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// ErrorPage holds the custom error middleware configuration.
// This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
2018-11-14 09:18:03 +00:00
type ErrorPage struct {
2022-06-24 10:40:08 +00:00
// Status defines which status or range of statuses should result in an error page.
// It can be either a status code as a number (500),
// as multiple comma-separated numbers (500,502),
// as ranges by separating two codes with a dash (500-599),
// or a combination of the two (404,418,500-599).
Status [ ] string ` json:"status,omitempty" toml:"status,omitempty" yaml:"status,omitempty" export:"true" `
// Service defines the name of the service that will serve the error page.
Service string ` json:"service,omitempty" toml:"service,omitempty" yaml:"service,omitempty" export:"true" `
// Query defines the URL for the error page (hosted by service).
// The {status} variable can be used in order to insert the status code in the URL.
Query string ` json:"query,omitempty" toml:"query,omitempty" yaml:"query,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// ForwardAuth holds the forward auth middleware configuration.
// This middleware delegates the request authentication to a Service.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/
2018-11-14 09:18:03 +00:00
type ForwardAuth struct {
2022-06-24 10:40:08 +00:00
// Address defines the authentication server address.
Address string ` json:"address,omitempty" toml:"address,omitempty" yaml:"address,omitempty" `
// TLS defines the configuration used to secure the connection to the authentication server.
2024-01-29 16:32:05 +00:00
TLS * ClientTLS ` json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// TrustForwardHeader defines whether to trust (ie: forward) all X-Forwarded-* headers.
TrustForwardHeader bool ` json:"trustForwardHeader,omitempty" toml:"trustForwardHeader,omitempty" yaml:"trustForwardHeader,omitempty" export:"true" `
// AuthResponseHeaders defines the list of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers.
AuthResponseHeaders [ ] string ` json:"authResponseHeaders,omitempty" toml:"authResponseHeaders,omitempty" yaml:"authResponseHeaders,omitempty" export:"true" `
// AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/forwardauth/#authresponseheadersregex
2022-06-24 10:40:08 +00:00
AuthResponseHeadersRegex string ` json:"authResponseHeadersRegex,omitempty" toml:"authResponseHeadersRegex,omitempty" yaml:"authResponseHeadersRegex,omitempty" export:"true" `
// AuthRequestHeaders defines the list of the headers to copy from the request to the authentication server.
// If not set or empty then all request headers are passed.
AuthRequestHeaders [ ] string ` json:"authRequestHeaders,omitempty" toml:"authRequestHeaders,omitempty" yaml:"authRequestHeaders,omitempty" export:"true" `
2024-01-15 15:14:05 +00:00
// AddAuthCookiesToResponse defines the list of cookies to copy from the authentication server response to the response.
AddAuthCookiesToResponse [ ] string ` json:"addAuthCookiesToResponse,omitempty" toml:"addAuthCookiesToResponse,omitempty" yaml:"addAuthCookiesToResponse,omitempty" export:"true" `
2024-07-29 12:30:05 +00:00
// HeaderField defines a header field to store the authenticated user.
// More info: https://doc.traefik.io/traefik/v3.0/middlewares/http/forwardauth/#headerfield
HeaderField string ` json:"headerField,omitempty" toml:"headerField,omitempty" yaml:"headerField,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2024-01-29 16:32:05 +00:00
// ClientTLS holds TLS specific configurations as client
// CA, Cert and Key can be either path or file contents.
// TODO: remove this struct when CAOptional option will be removed.
type ClientTLS struct {
CA string ` description:"TLS CA" json:"ca,omitempty" toml:"ca,omitempty" yaml:"ca,omitempty" `
Cert string ` description:"TLS cert" json:"cert,omitempty" toml:"cert,omitempty" yaml:"cert,omitempty" `
Key string ` description:"TLS key" json:"key,omitempty" toml:"key,omitempty" yaml:"key,omitempty" loggable:"false" `
InsecureSkipVerify bool ` description:"TLS insecure skip verify" json:"insecureSkipVerify,omitempty" toml:"insecureSkipVerify,omitempty" yaml:"insecureSkipVerify,omitempty" export:"true" `
// Deprecated: TLS client authentication is a server side option (see https://github.com/golang/go/blob/740a490f71d026bb7d2d13cb8fa2d6d6e0572b70/src/crypto/tls/common.go#L634).
CAOptional * bool ` description:"TLS CA.Optional" json:"caOptional,omitempty" toml:"caOptional,omitempty" yaml:"caOptional,omitempty" export:"true" `
}
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// Headers holds the headers middleware configuration.
// This middleware manages the requests and responses headers.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/headers/#customrequestheaders
2018-11-14 09:18:03 +00:00
type Headers struct {
2022-06-24 10:40:08 +00:00
// CustomRequestHeaders defines the header names and values to apply to the request.
CustomRequestHeaders map [ string ] string ` json:"customRequestHeaders,omitempty" toml:"customRequestHeaders,omitempty" yaml:"customRequestHeaders,omitempty" export:"true" `
// CustomResponseHeaders defines the header names and values to apply to the response.
2020-12-03 14:52:05 +00:00
CustomResponseHeaders map [ string ] string ` json:"customResponseHeaders,omitempty" toml:"customResponseHeaders,omitempty" yaml:"customResponseHeaders,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
2022-06-24 10:40:08 +00:00
// AccessControlAllowCredentials defines whether the request can include user credentials.
2020-12-03 14:52:05 +00:00
AccessControlAllowCredentials bool ` json:"accessControlAllowCredentials,omitempty" toml:"accessControlAllowCredentials,omitempty" yaml:"accessControlAllowCredentials,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// AccessControlAllowHeaders defines the Access-Control-Request-Headers values sent in preflight response.
2020-12-03 14:52:05 +00:00
AccessControlAllowHeaders [ ] string ` json:"accessControlAllowHeaders,omitempty" toml:"accessControlAllowHeaders,omitempty" yaml:"accessControlAllowHeaders,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// AccessControlAllowMethods defines the Access-Control-Request-Method values sent in preflight response.
2020-12-03 14:52:05 +00:00
AccessControlAllowMethods [ ] string ` json:"accessControlAllowMethods,omitempty" toml:"accessControlAllowMethods,omitempty" yaml:"accessControlAllowMethods,omitempty" export:"true" `
2020-03-05 07:18:04 +00:00
// AccessControlAllowOriginList is a list of allowable origins. Can also be a wildcard origin "*".
AccessControlAllowOriginList [ ] string ` json:"accessControlAllowOriginList,omitempty" toml:"accessControlAllowOriginList,omitempty" yaml:"accessControlAllowOriginList,omitempty" `
2020-10-29 09:52:03 +00:00
// AccessControlAllowOriginListRegex is a list of allowable origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
AccessControlAllowOriginListRegex [ ] string ` json:"accessControlAllowOriginListRegex,omitempty" toml:"accessControlAllowOriginListRegex,omitempty" yaml:"accessControlAllowOriginListRegex,omitempty" `
2022-06-24 10:40:08 +00:00
// AccessControlExposeHeaders defines the Access-Control-Expose-Headers values sent in preflight response.
2020-12-03 14:52:05 +00:00
AccessControlExposeHeaders [ ] string ` json:"accessControlExposeHeaders,omitempty" toml:"accessControlExposeHeaders,omitempty" yaml:"accessControlExposeHeaders,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// AccessControlMaxAge defines the time that a preflight request may be cached.
2020-12-03 14:52:05 +00:00
AccessControlMaxAge int64 ` json:"accessControlMaxAge,omitempty" toml:"accessControlMaxAge,omitempty" yaml:"accessControlMaxAge,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// AddVaryHeader defines whether the Vary header is automatically added/updated when the AccessControlAllowOriginList is set.
2020-12-03 14:52:05 +00:00
AddVaryHeader bool ` json:"addVaryHeader,omitempty" toml:"addVaryHeader,omitempty" yaml:"addVaryHeader,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// AllowedHosts defines the fully qualified list of allowed domain names.
AllowedHosts [ ] string ` json:"allowedHosts,omitempty" toml:"allowedHosts,omitempty" yaml:"allowedHosts,omitempty" `
// HostsProxyHeaders defines the header keys that may hold a proxied hostname value for the request.
2021-05-28 06:50:09 +00:00
HostsProxyHeaders [ ] string ` json:"hostsProxyHeaders,omitempty" toml:"hostsProxyHeaders,omitempty" yaml:"hostsProxyHeaders,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// SSLProxyHeaders defines the header keys with associated values that would indicate a valid HTTPS request.
// It can be useful when using other proxies (example: "X-Forwarded-Proto": "https").
2021-05-28 06:50:09 +00:00
SSLProxyHeaders map [ string ] string ` json:"sslProxyHeaders,omitempty" toml:"sslProxyHeaders,omitempty" yaml:"sslProxyHeaders,omitempty" `
2022-06-24 10:40:08 +00:00
// STSSeconds defines the max-age of the Strict-Transport-Security header.
// If set to 0, the header is not set.
STSSeconds int64 ` json:"stsSeconds,omitempty" toml:"stsSeconds,omitempty" yaml:"stsSeconds,omitempty" export:"true" `
// STSIncludeSubdomains defines whether the includeSubDomains directive is appended to the Strict-Transport-Security header.
STSIncludeSubdomains bool ` json:"stsIncludeSubdomains,omitempty" toml:"stsIncludeSubdomains,omitempty" yaml:"stsIncludeSubdomains,omitempty" export:"true" `
// STSPreload defines whether the preload flag is appended to the Strict-Transport-Security header.
STSPreload bool ` json:"stsPreload,omitempty" toml:"stsPreload,omitempty" yaml:"stsPreload,omitempty" export:"true" `
// ForceSTSHeader defines whether to add the STS header even when the connection is HTTP.
ForceSTSHeader bool ` json:"forceSTSHeader,omitempty" toml:"forceSTSHeader,omitempty" yaml:"forceSTSHeader,omitempty" export:"true" `
// FrameDeny defines whether to add the X-Frame-Options header with the DENY value.
FrameDeny bool ` json:"frameDeny,omitempty" toml:"frameDeny,omitempty" yaml:"frameDeny,omitempty" export:"true" `
// CustomFrameOptionsValue defines the X-Frame-Options header value.
// This overrides the FrameDeny option.
2021-05-28 06:50:09 +00:00
CustomFrameOptionsValue string ` json:"customFrameOptionsValue,omitempty" toml:"customFrameOptionsValue,omitempty" yaml:"customFrameOptionsValue,omitempty" `
2022-06-24 10:40:08 +00:00
// ContentTypeNosniff defines whether to add the X-Content-Type-Options header with the nosniff value.
ContentTypeNosniff bool ` json:"contentTypeNosniff,omitempty" toml:"contentTypeNosniff,omitempty" yaml:"contentTypeNosniff,omitempty" export:"true" `
// BrowserXSSFilter defines whether to add the X-XSS-Protection header with the value 1; mode=block.
BrowserXSSFilter bool ` json:"browserXssFilter,omitempty" toml:"browserXssFilter,omitempty" yaml:"browserXssFilter,omitempty" export:"true" `
// CustomBrowserXSSValue defines the X-XSS-Protection header value.
// This overrides the BrowserXssFilter option.
CustomBrowserXSSValue string ` json:"customBrowserXSSValue,omitempty" toml:"customBrowserXSSValue,omitempty" yaml:"customBrowserXSSValue,omitempty" `
// ContentSecurityPolicy defines the Content-Security-Policy header value.
ContentSecurityPolicy string ` json:"contentSecurityPolicy,omitempty" toml:"contentSecurityPolicy,omitempty" yaml:"contentSecurityPolicy,omitempty" `
2024-06-07 07:24:04 +00:00
// ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only header value.
ContentSecurityPolicyReportOnly string ` json:"contentSecurityPolicyReportOnly,omitempty" toml:"contentSecurityPolicyReportOnly,omitempty" yaml:"contentSecurityPolicyReportOnly,omitempty" `
2022-06-24 10:40:08 +00:00
// PublicKey is the public key that implements HPKP to prevent MITM attacks with forged certificates.
PublicKey string ` json:"publicKey,omitempty" toml:"publicKey,omitempty" yaml:"publicKey,omitempty" `
// ReferrerPolicy defines the Referrer-Policy header value.
// This allows sites to control whether browsers forward the Referer header to other sites.
ReferrerPolicy string ` json:"referrerPolicy,omitempty" toml:"referrerPolicy,omitempty" yaml:"referrerPolicy,omitempty" export:"true" `
// PermissionsPolicy defines the Permissions-Policy header value.
// This allows sites to control browser features.
2021-06-21 13:16:13 +00:00
PermissionsPolicy string ` json:"permissionsPolicy,omitempty" toml:"permissionsPolicy,omitempty" yaml:"permissionsPolicy,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// IsDevelopment defines whether to mitigate the unwanted effects of the AllowedHosts, SSL, and STS options when developing.
// Usually testing takes place using HTTP, not HTTPS, and on localhost, not your production domain.
// If you would like your development environment to mimic production with complete Host blocking, SSL redirects,
// and STS headers, leave this as false.
IsDevelopment bool ` json:"isDevelopment,omitempty" toml:"isDevelopment,omitempty" yaml:"isDevelopment,omitempty" export:"true" `
2024-01-29 16:32:05 +00:00
// Deprecated: FeaturePolicy option is deprecated, please use PermissionsPolicy instead.
FeaturePolicy * string ` json:"featurePolicy,omitempty" toml:"featurePolicy,omitempty" yaml:"featurePolicy,omitempty" export:"true" `
// Deprecated: SSLRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.
SSLRedirect * bool ` json:"sslRedirect,omitempty" toml:"sslRedirect,omitempty" yaml:"sslRedirect,omitempty" export:"true" `
// Deprecated: SSLTemporaryRedirect option is deprecated, please use EntryPoint redirection or RedirectScheme instead.
SSLTemporaryRedirect * bool ` json:"sslTemporaryRedirect,omitempty" toml:"sslTemporaryRedirect,omitempty" yaml:"sslTemporaryRedirect,omitempty" export:"true" `
// Deprecated: SSLHost option is deprecated, please use RedirectRegex instead.
SSLHost * string ` json:"sslHost,omitempty" toml:"sslHost,omitempty" yaml:"sslHost,omitempty" `
// Deprecated: SSLForceHost option is deprecated, please use RedirectRegex instead.
SSLForceHost * bool ` json:"sslForceHost,omitempty" toml:"sslForceHost,omitempty" yaml:"sslForceHost,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2020-05-11 10:06:07 +00:00
// HasCustomHeadersDefined checks to see if any of the custom header elements have been set.
2018-11-14 09:18:03 +00:00
func ( h * Headers ) HasCustomHeadersDefined ( ) bool {
return h != nil && ( len ( h . CustomResponseHeaders ) != 0 ||
len ( h . CustomRequestHeaders ) != 0 )
}
2020-05-11 10:06:07 +00:00
// HasCorsHeadersDefined checks to see if any of the cors header elements have been set.
2019-04-02 08:40:04 +00:00
func ( h * Headers ) HasCorsHeadersDefined ( ) bool {
return h != nil && ( h . AccessControlAllowCredentials ||
len ( h . AccessControlAllowHeaders ) != 0 ||
len ( h . AccessControlAllowMethods ) != 0 ||
2020-03-05 07:18:04 +00:00
len ( h . AccessControlAllowOriginList ) != 0 ||
2020-10-29 09:52:03 +00:00
len ( h . AccessControlAllowOriginListRegex ) != 0 ||
2019-04-02 08:40:04 +00:00
len ( h . AccessControlExposeHeaders ) != 0 ||
h . AccessControlMaxAge != 0 ||
h . AddVaryHeader )
}
2020-05-11 10:06:07 +00:00
// HasSecureHeadersDefined checks to see if any of the secure header elements have been set.
2018-11-14 09:18:03 +00:00
func ( h * Headers ) HasSecureHeadersDefined ( ) bool {
return h != nil && ( len ( h . AllowedHosts ) != 0 ||
len ( h . HostsProxyHeaders ) != 0 ||
2024-01-29 16:32:05 +00:00
( h . SSLRedirect != nil && * h . SSLRedirect ) ||
( h . SSLTemporaryRedirect != nil && * h . SSLTemporaryRedirect ) ||
( h . SSLForceHost != nil && * h . SSLForceHost ) ||
( h . SSLHost != nil && * h . SSLHost != "" ) ||
2018-11-14 09:18:03 +00:00
len ( h . SSLProxyHeaders ) != 0 ||
h . STSSeconds != 0 ||
h . STSIncludeSubdomains ||
h . STSPreload ||
h . ForceSTSHeader ||
h . FrameDeny ||
h . CustomFrameOptionsValue != "" ||
h . ContentTypeNosniff ||
h . BrowserXSSFilter ||
h . CustomBrowserXSSValue != "" ||
h . ContentSecurityPolicy != "" ||
2024-06-07 07:24:04 +00:00
h . ContentSecurityPolicyReportOnly != "" ||
2018-11-14 09:18:03 +00:00
h . PublicKey != "" ||
h . ReferrerPolicy != "" ||
2024-01-29 16:32:05 +00:00
( h . FeaturePolicy != nil && * h . FeaturePolicy != "" ) ||
2021-06-21 13:16:13 +00:00
h . PermissionsPolicy != "" ||
2018-11-14 09:18:03 +00:00
h . IsDevelopment )
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// IPStrategy holds the IP strategy configuration used by Traefik to determine the client IP.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/#ipstrategy
2018-11-14 09:18:03 +00:00
type IPStrategy struct {
2022-06-24 10:40:08 +00:00
// Depth tells Traefik to use the X-Forwarded-For header and take the IP located at the depth position (starting from the right).
Depth int ` json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true" `
// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
2019-07-01 09:30:05 +00:00
ExcludedIPs [ ] string ` json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty" `
2024-09-24 16:04:05 +00:00
// IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
IPv6Subnet * int ` json:"ipv6Subnet,omitempty" toml:"ipv6Subnet,omitempty" yaml:"ipv6Subnet,omitempty" `
2019-08-26 10:20:06 +00:00
// TODO(mpl): I think we should make RemoteAddr an explicit field. For one thing, it would yield better documentation.
2018-11-14 09:18:03 +00:00
}
2019-08-26 10:20:06 +00:00
// Get an IP selection strategy.
// If nil return the RemoteAddr strategy
2021-06-07 15:46:14 +00:00
// else return a strategy based on the configuration using the X-Forwarded-For Header.
2020-05-11 10:06:07 +00:00
// Depth override the ExcludedIPs.
2018-11-14 09:18:03 +00:00
func ( s * IPStrategy ) Get ( ) ( ip . Strategy , error ) {
if s == nil {
return & ip . RemoteAddrStrategy { } , nil
}
if s . Depth > 0 {
2024-09-24 16:04:05 +00:00
if s . IPv6Subnet != nil && ( * s . IPv6Subnet <= 0 || * s . IPv6Subnet > 128 ) {
return nil , fmt . Errorf ( "invalid IPv6 subnet %d value, should be greater to 0 and lower or equal to 128" , * s . IPv6Subnet )
}
2018-11-14 09:18:03 +00:00
return & ip . DepthStrategy {
2024-09-24 16:04:05 +00:00
Depth : s . Depth ,
IPv6Subnet : s . IPv6Subnet ,
2018-11-14 09:18:03 +00:00
} , nil
}
if len ( s . ExcludedIPs ) > 0 {
checker , err := ip . NewChecker ( s . ExcludedIPs )
if err != nil {
return nil , err
}
2021-06-07 15:46:14 +00:00
return & ip . PoolStrategy {
2018-11-14 09:18:03 +00:00
Checker : checker ,
} , nil
}
2024-09-24 16:04:05 +00:00
if s . IPv6Subnet != nil && ( * s . IPv6Subnet <= 0 || * s . IPv6Subnet > 128 ) {
return nil , fmt . Errorf ( "invalid IPv6 subnet %d value, should be greater to 0 and lower or equal to 128" , * s . IPv6Subnet )
}
return & ip . RemoteAddrStrategy {
IPv6Subnet : s . IPv6Subnet ,
} , nil
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2024-01-11 09:40:06 +00:00
// IPWhiteList holds the IP whitelist middleware configuration.
2024-04-04 09:32:05 +00:00
// This middleware limits allowed requests based on the client IP.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipwhitelist/
2024-01-11 09:40:06 +00:00
// Deprecated: please use IPAllowList instead.
type IPWhiteList struct {
2024-04-04 09:32:05 +00:00
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation). Required.
2024-01-11 09:40:06 +00:00
SourceRange [ ] string ` json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty" `
IPStrategy * IPStrategy ` json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true" `
}
// +k8s:deepcopy-gen=true
2022-10-26 15:16:05 +00:00
// IPAllowList holds the IP allowlist middleware configuration.
2024-04-04 09:32:05 +00:00
// This middleware limits allowed requests based on the client IP.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/ipallowlist/
2022-10-26 15:16:05 +00:00
type IPAllowList struct {
2022-06-24 10:40:08 +00:00
// SourceRange defines the set of allowed IPs (or ranges of allowed IPs by using CIDR notation).
2019-07-01 09:30:05 +00:00
SourceRange [ ] string ` json:"sourceRange,omitempty" toml:"sourceRange,omitempty" yaml:"sourceRange,omitempty" `
2023-04-03 08:06:06 +00:00
IPStrategy * IPStrategy ` json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true" `
2024-01-09 19:26:05 +00:00
// RejectStatusCode defines the HTTP status code used for refused requests.
// If not set, the default is 403 (Forbidden).
RejectStatusCode int ` json:"rejectStatusCode,omitempty" toml:"rejectStatusCode,omitempty" yaml:"rejectStatusCode,omitempty" label:"allowEmpty" file:"allowEmpty" kv:"allowEmpty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// InFlightReq holds the in-flight request middleware configuration.
// This middleware limits the number of requests being processed and served concurrently.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/
2019-08-26 10:20:06 +00:00
type InFlightReq struct {
2022-06-24 10:40:08 +00:00
// Amount defines the maximum amount of allowed simultaneous in-flight request.
// The middleware responds with HTTP 429 Too Many Requests if there are already amount requests in progress (based on the same sourceCriterion strategy).
Amount int64 ` json:"amount,omitempty" toml:"amount,omitempty" yaml:"amount,omitempty" export:"true" `
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the requestHost.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/inflightreq/#sourcecriterion
2020-12-03 14:52:05 +00:00
SourceCriterion * SourceCriterion ` json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// PassTLSClientCert holds the pass TLS client cert middleware configuration.
// This middleware adds the selected data from the passed client TLS certificate to a header.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/passtlsclientcert/
2018-11-14 09:18:03 +00:00
type PassTLSClientCert struct {
2022-10-13 13:08:08 +00:00
// PEM sets the X-Forwarded-Tls-Client-Cert header with the certificate.
2022-06-24 10:40:08 +00:00
PEM bool ` json:"pem,omitempty" toml:"pem,omitempty" yaml:"pem,omitempty" export:"true" `
// Info selects the specific client certificate details you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
2020-12-03 14:52:05 +00:00
Info * TLSClientCertificateInfo ` json:"info,omitempty" toml:"info,omitempty" yaml:"info,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2019-08-26 10:20:06 +00:00
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If none are set, the default is to use the request's remote address field.
2020-04-29 16:32:05 +00:00
// All fields are mutually exclusive.
2019-08-26 10:20:06 +00:00
type SourceCriterion struct {
2022-06-24 10:40:08 +00:00
IPStrategy * IPStrategy ` json:"ipStrategy,omitempty" toml:"ipStrategy,omitempty" yaml:"ipStrategy,omitempty" export:"true" `
// RequestHeaderName defines the name of the header used to group incoming requests.
RequestHeaderName string ` json:"requestHeaderName,omitempty" toml:"requestHeaderName,omitempty" yaml:"requestHeaderName,omitempty" export:"true" `
// RequestHost defines whether to consider the request Host as the source.
RequestHost bool ` json:"requestHost,omitempty" toml:"requestHost,omitempty" yaml:"requestHost,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// RateLimit holds the rate limit configuration.
// This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
2018-11-14 09:18:03 +00:00
type RateLimit struct {
2020-01-08 10:44:04 +00:00
// Average is the maximum rate, by default in requests/s, allowed for the given source.
2019-08-26 10:20:06 +00:00
// It defaults to 0, which means no rate limiting.
2020-01-08 10:44:04 +00:00
// The rate is actually defined by dividing Average by Period. So for a rate below 1req/s,
// one needs to define a Period larger than a second.
2020-12-03 14:52:05 +00:00
Average int64 ` json:"average,omitempty" toml:"average,omitempty" yaml:"average,omitempty" export:"true" `
2020-03-23 12:08:04 +00:00
2020-01-08 10:44:04 +00:00
// Period, in combination with Average, defines the actual maximum rate, such as:
// r = Average / Period. It defaults to a second.
2020-12-03 14:52:05 +00:00
Period ptypes . Duration ` json:"period,omitempty" toml:"period,omitempty" yaml:"period,omitempty" export:"true" `
2020-03-23 12:08:04 +00:00
2019-08-26 10:20:06 +00:00
// Burst is the maximum number of requests allowed to arrive in the same arbitrarily small period of time.
// It defaults to 1.
2020-12-03 14:52:05 +00:00
Burst int64 ` json:"burst,omitempty" toml:"burst,omitempty" yaml:"burst,omitempty" export:"true" `
2020-03-23 12:08:04 +00:00
2022-06-24 10:40:08 +00:00
// SourceCriterion defines what criterion is used to group requests as originating from a common source.
// If several strategies are defined at the same time, an error will be raised.
// If none are set, the default is to use the request's remote address field (as an ipStrategy).
2020-12-03 14:52:05 +00:00
SourceCriterion * SourceCriterion ` json:"sourceCriterion,omitempty" toml:"sourceCriterion,omitempty" yaml:"sourceCriterion,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-08-26 10:20:06 +00:00
// SetDefaults sets the default values on a RateLimit.
2019-01-18 14:18:04 +00:00
func ( r * RateLimit ) SetDefaults ( ) {
2019-08-26 10:20:06 +00:00
r . Burst = 1
2020-08-17 16:04:03 +00:00
r . Period = ptypes . Duration ( time . Second )
2019-01-18 14:18:04 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// RedirectRegex holds the redirect regex middleware configuration.
// This middleware redirects a request using regex matching and replacement.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectregex/#regex
2019-01-22 07:30:04 +00:00
type RedirectRegex struct {
2022-06-24 10:40:08 +00:00
// Regex defines the regex used to match and capture elements from the request URL.
Regex string ` json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" `
// Replacement defines how to modify the URL to have the new target URL.
2019-07-01 09:30:05 +00:00
Replacement string ` json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty" `
2022-06-24 10:40:08 +00:00
// Permanent defines whether the redirection is permanent (301).
Permanent bool ` json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// RedirectScheme holds the redirect scheme middleware configuration.
// This middleware redirects requests from a scheme/port to another.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/redirectscheme/
2019-01-22 07:30:04 +00:00
type RedirectScheme struct {
2022-06-24 10:40:08 +00:00
// Scheme defines the scheme of the new URL.
Scheme string ` json:"scheme,omitempty" toml:"scheme,omitempty" yaml:"scheme,omitempty" export:"true" `
// Port defines the port of the new URL.
Port string ` json:"port,omitempty" toml:"port,omitempty" yaml:"port,omitempty" export:"true" `
// Permanent defines whether the redirection is permanent (301).
Permanent bool ` json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty" export:"true" `
2019-01-22 07:30:04 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// ReplacePath holds the replace path middleware configuration.
// This middleware replaces the path of the request URL and store the original path in an X-Replaced-Path header.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepath/
2018-11-14 09:18:03 +00:00
type ReplacePath struct {
2022-06-24 10:40:08 +00:00
// Path defines the path to use as replacement in the request URL.
2020-12-03 14:52:05 +00:00
Path string ` json:"path,omitempty" toml:"path,omitempty" yaml:"path,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// ReplacePathRegex holds the replace path regex middleware configuration.
// This middleware replaces the path of a URL using regex matching and replacement.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/replacepathregex/
2018-11-14 09:18:03 +00:00
type ReplacePathRegex struct {
2022-06-24 10:40:08 +00:00
// Regex defines the regular expression used to match and capture the path from the request URL.
Regex string ` json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true" `
// Replacement defines the replacement path format, which can include captured variables.
2020-12-03 14:52:05 +00:00
Replacement string ` json:"replacement,omitempty" toml:"replacement,omitempty" yaml:"replacement,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// Retry holds the retry middleware configuration.
// This middleware reissues requests a given number of times to a backend server if that server does not reply.
// As soon as the server answers, the middleware stops retrying, regardless of the response status.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/retry/
2018-11-14 09:18:03 +00:00
type Retry struct {
2022-06-24 10:40:08 +00:00
// Attempts defines how many times the request should be retried.
Attempts int ` json:"attempts,omitempty" toml:"attempts,omitempty" yaml:"attempts,omitempty" export:"true" `
// InitialInterval defines the first wait time in the exponential backoff series.
// The maximum interval is calculated as twice the initialInterval.
// If unspecified, requests will be retried immediately.
// The value of initialInterval should be provided in seconds or as a valid duration format,
// see https://pkg.go.dev/time#ParseDuration.
2020-12-03 14:52:05 +00:00
InitialInterval ptypes . Duration ` json:"initialInterval,omitempty" toml:"initialInterval,omitempty" yaml:"initialInterval,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// StripPrefix holds the strip prefix middleware configuration.
// This middleware removes the specified prefixes from the URL path.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefix/
2018-11-14 09:18:03 +00:00
type StripPrefix struct {
2022-06-24 10:40:08 +00:00
// Prefixes defines the prefixes to strip from the request URL.
Prefixes [ ] string ` json:"prefixes,omitempty" toml:"prefixes,omitempty" yaml:"prefixes,omitempty" export:"true" `
2024-01-29 16:32:05 +00:00
// Deprecated: ForceSlash option is deprecated, please remove any usage of this option.
// ForceSlash ensures that the resulting stripped path is not the empty string, by replacing it with / when necessary.
// Default: true.
ForceSlash * bool ` json:"forceSlash,omitempty" toml:"forceSlash,omitempty" yaml:"forceSlash,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2022-06-24 10:40:08 +00:00
// StripPrefixRegex holds the strip prefix regex middleware configuration.
// This middleware removes the matching prefixes from the URL path.
2024-10-02 14:24:04 +00:00
// More info: https://doc.traefik.io/traefik/v3.2/middlewares/http/stripprefixregex/
2018-11-14 09:18:03 +00:00
type StripPrefixRegex struct {
2022-06-24 10:40:08 +00:00
// Regex defines the regular expression to match the path prefix from the request URL.
2020-12-03 14:52:05 +00:00
Regex [ ] string ` json:"regex,omitempty" toml:"regex,omitempty" yaml:"regex,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2019-01-09 10:28:04 +00:00
// TLSClientCertificateInfo holds the client TLS certificate info configuration.
type TLSClientCertificateInfo struct {
2022-06-24 10:40:08 +00:00
// NotAfter defines whether to add the Not After information from the Validity part.
NotAfter bool ` json:"notAfter,omitempty" toml:"notAfter,omitempty" yaml:"notAfter,omitempty" export:"true" `
// NotBefore defines whether to add the Not Before information from the Validity part.
NotBefore bool ` json:"notBefore,omitempty" toml:"notBefore,omitempty" yaml:"notBefore,omitempty" export:"true" `
// Sans defines whether to add the Subject Alternative Name information from the Subject Alternative Name part.
Sans bool ` json:"sans,omitempty" toml:"sans,omitempty" yaml:"sans,omitempty" export:"true" `
// SerialNumber defines whether to add the client serialNumber information.
SerialNumber bool ` json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true" `
// Subject defines the client certificate subject details to add to the X-Forwarded-Tls-Client-Cert-Info header.
Subject * TLSClientCertificateSubjectDNInfo ` json:"subject,omitempty" toml:"subject,omitempty" yaml:"subject,omitempty" export:"true" `
// Issuer defines the client certificate issuer details to add to the X-Forwarded-Tls-Client-Cert-Info header.
Issuer * TLSClientCertificateIssuerDNInfo ` json:"issuer,omitempty" toml:"issuer,omitempty" yaml:"issuer,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2021-11-08 21:41:43 +00:00
// TLSClientCertificateIssuerDNInfo holds the client TLS certificate distinguished name info configuration.
2019-01-09 10:28:04 +00:00
// cf https://tools.ietf.org/html/rfc3739
2021-11-08 21:41:43 +00:00
type TLSClientCertificateIssuerDNInfo struct {
2022-06-24 10:40:08 +00:00
// Country defines whether to add the country information into the issuer.
Country bool ` json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true" `
// Province defines whether to add the province information into the issuer.
Province bool ` json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true" `
// Locality defines whether to add the locality information into the issuer.
Locality bool ` json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true" `
// Organization defines whether to add the organization information into the issuer.
Organization bool ` json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true" `
// CommonName defines whether to add the organizationalUnit information into the issuer.
CommonName bool ` json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true" `
// SerialNumber defines whether to add the serialNumber information into the issuer.
SerialNumber bool ` json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true" `
// DomainComponent defines whether to add the domainComponent information into the issuer.
2020-12-03 14:52:05 +00:00
DomainComponent bool ` json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true" `
2018-11-14 09:18:03 +00:00
}
2019-03-14 14:56:06 +00:00
// +k8s:deepcopy-gen=true
2021-11-08 21:41:43 +00:00
// TLSClientCertificateSubjectDNInfo holds the client TLS certificate distinguished name info configuration.
2021-07-28 15:42:09 +00:00
// cf https://tools.ietf.org/html/rfc3739
2021-11-08 21:41:43 +00:00
type TLSClientCertificateSubjectDNInfo struct {
2022-06-24 10:40:08 +00:00
// Country defines whether to add the country information into the subject.
Country bool ` json:"country,omitempty" toml:"country,omitempty" yaml:"country,omitempty" export:"true" `
// Province defines whether to add the province information into the subject.
Province bool ` json:"province,omitempty" toml:"province,omitempty" yaml:"province,omitempty" export:"true" `
// Locality defines whether to add the locality information into the subject.
Locality bool ` json:"locality,omitempty" toml:"locality,omitempty" yaml:"locality,omitempty" export:"true" `
// Organization defines whether to add the organization information into the subject.
Organization bool ` json:"organization,omitempty" toml:"organization,omitempty" yaml:"organization,omitempty" export:"true" `
// OrganizationalUnit defines whether to add the organizationalUnit information into the subject.
2021-07-28 15:42:09 +00:00
OrganizationalUnit bool ` json:"organizationalUnit,omitempty" toml:"organizationalUnit,omitempty" yaml:"organizationalUnit,omitempty" export:"true" `
2022-06-24 10:40:08 +00:00
// CommonName defines whether to add the organizationalUnit information into the subject.
CommonName bool ` json:"commonName,omitempty" toml:"commonName,omitempty" yaml:"commonName,omitempty" export:"true" `
// SerialNumber defines whether to add the serialNumber information into the subject.
SerialNumber bool ` json:"serialNumber,omitempty" toml:"serialNumber,omitempty" yaml:"serialNumber,omitempty" export:"true" `
// DomainComponent defines whether to add the domainComponent information into the subject.
DomainComponent bool ` json:"domainComponent,omitempty" toml:"domainComponent,omitempty" yaml:"domainComponent,omitempty" export:"true" `
2021-07-28 15:42:09 +00:00
}
// +k8s:deepcopy-gen=true
2020-05-11 10:06:07 +00:00
// Users holds a list of users.
2018-11-14 09:18:03 +00:00
type Users [ ] string
2024-04-05 15:18:03 +00:00
// +k8s:deepcopy-gen=true
2024-08-12 09:34:04 +00:00
// HeaderModifier holds the request/response header modifier configuration.
type HeaderModifier struct {
2024-04-05 15:18:03 +00:00
Set map [ string ] string ` json:"set,omitempty" `
Add map [ string ] string ` json:"add,omitempty" `
Remove [ ] string ` json:"remove,omitempty" `
}
2024-06-06 08:56:03 +00:00
// +k8s:deepcopy-gen=true
// RequestRedirect holds the request redirect middleware configuration.
type RequestRedirect struct {
2024-06-13 09:16:04 +00:00
Scheme * string ` json:"scheme,omitempty" `
Hostname * string ` json:"hostname,omitempty" `
Port * string ` json:"port,omitempty" `
Path * string ` json:"path,omitempty" `
PathPrefix * string ` json:"pathPrefix,omitempty" `
StatusCode int ` json:"statusCode,omitempty" `
2024-06-06 08:56:03 +00:00
}
2024-06-13 15:06:04 +00:00
// +k8s:deepcopy-gen=true
// URLRewrite holds the URL rewrite middleware configuration.
type URLRewrite struct {
Hostname * string ` json:"hostname,omitempty" `
Path * string ` json:"path,omitempty" `
PathPrefix * string ` json:"pathPrefix,omitempty" `
}